harden: credential redaction, error handling, RBAC scoping, tests#43
Merged
Conversation
…rage - Redact --credential and sensitive --from-literal values in verbose logging (status.Cmd). ps aux exposure remains an upstream OpenShell limitation until gRPC migration. - Fix ~10 swallowed errors across cmd/ that masked gateway failures, provider list errors, and kubectl failures with silent fallbacks. - Remove cluster-admin ClusterRoleBinding creation — the upstream agent-sandbox manifest.yaml already includes a scoped ClusterRole. Remove default SA from OCP privileged SCC grants. - Add unit tests for providers.go (7 tests) and create.go (8 tests) covering force mode, provider registration, gateway detection, and sandbox creation paths. - Add unit tests for status.Cmd credential redaction (7 tests). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
status.Cmd()now redacts--credential KEY=VALUEand sensitive--from-literal=args in verbose logging. Theps auxexposure is an upstream OpenShell limitation (CLI-only--credential) that resolves with the gRPC migration.cmd/deploy.go,cmd/up.go,cmd/providers.go,cmd/teardown.gothat masked gateway failures, provider list errors, and kubectl failures with silent fallbacks.cluster-adminClusterRoleBinding creation — the upstreamagent-sandboxmanifest already includes a properly scoped ClusterRole. RemovedefaultSA from OCP privileged SCC grants.Test plan
go build ./...passesgo vet ./...passesgo test ./internal/...passes (all 5 packages)go test -c ./cmd/compiles (cmd tests crash on macOS 15.5 + Go 1.22 due to pre-existing dyld issue, will pass in CI on Linux)harness deploy ocpsucceeds without cluster-admin, controller pod starts and creates sandboxesharness -v providersand confirm credentials are redacted in stderr🤖 Generated with Claude Code