Skip to content

Log tool-call environment variable names instead of values#277

Merged
anticomputer merged 2 commits into
mainfrom
anticomputer/redact-secrets-in-logs
Jul 10, 2026
Merged

Log tool-call environment variable names instead of values#277
anticomputer merged 2 commits into
mainfrom
anticomputer/redact-secrets-in-logs

Conversation

@anticomputer

Copy link
Copy Markdown
Contributor

Problem

Debug logging in mcp_client_params printed the full tool-call environment dict, including values resolved from {{ env('...') }}. That environment routinely carries credentials such as GH_TOKEN, so at DEBUG level the secret values were written to the logs.

Reported at

logging.debug("Tool call environment: %s", env)
if args:

Fix

Log only the environment variable names, never the values. A small _env_names helper returns the sorted keys, applied at all three env log sites (stdio pre-swap, stdio post-swap, and streamable). The names are kept so debug output still shows which variables are configured.

This is log-only: the environment passed through to the MCP server is unchanged.

Scope

Env values only, as discussed. Command args logging is left as-is.

Validation

  • New test test_mcp_client_params_logs_env_names_not_secret_values asserts a resolved secret value never appears in the logs, the variable names still do, and the real env is still handed to the server. Verified it fails without the fix.
  • Full unit suite (544 passed) and CI-parity lint pass.

Debug logging in mcp_client_params printed the full tool-call environment,
which includes resolved credentials such as GH_TOKEN. Log only the variable
names so secrets are never written to logs, while keeping the names for
debuggability. The environment passed to the MCP server is unchanged.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 10, 2026 14:37

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens MCP toolbox debug logging by ensuring tool-call environment variables are logged safely (names only), preventing accidental secret leakage when environment values are resolved from {{ env('...') }} templates.

Changes:

  • Add _env_names() helper to log only environment variable keys (never values) in mcp_client_params.
  • Update debug log statements for stdio and streamable toolbox initialization/environment logging to use _env_names().
  • Add a regression test asserting secret values do not appear in debug logs while env names still do and resolved env is still passed through.
Show a summary per file
File Description
src/seclab_taskflow_agent/mcp_utils.py Replace env-value debug logging with env-name logging via _env_names() to avoid leaking credentials.
tests/test_mcp_utils.py Add test coverage to ensure secrets are not emitted in debug logs while functionality remains unchanged.

Review details

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 2/2 changed files
  • Comments generated: 1
  • Review effort level: Low

Comment thread src/seclab_taskflow_agent/mcp_utils.py Outdated
p-
p- previously approved these changes Jul 10, 2026
Check `env is None` so an empty dict yields `[]` rather than the dict,
honoring the list[str] | None return contract.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 10, 2026 14:41

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review details

  • Files reviewed: 2/2 changed files
  • Comments generated: 0 new
  • Review effort level: Low

@anticomputer anticomputer merged commit ddef201 into main Jul 10, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants