Merge pull request #883 from agorevski/fix/cleartext-logging-sensitive-data

fix(security): prevent cleartext logging of sensitive data

src/tools/browser.rs

@@ -19,7 +19,7 @@ use tokio::process::Command;
 use tracing::debug;
 
 /// Computer-use sidecar settings.
-#[derive(Debug, Clone)]
+#[derive(Clone)]
 pub struct ComputerUseConfig {
     pub endpoint: String,
     pub api_key: Option<String>,
@@ -30,6 +30,20 @@ pub struct ComputerUseConfig {
     pub max_coordinate_y: Option<i64>,
 }
 
+impl std::fmt::Debug for ComputerUseConfig {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("ComputerUseConfig")
+            .field("endpoint", &self.endpoint)
+            .field("api_key", &self.api_key.as_ref().map(|_| "[REDACTED]"))
+            .field("timeout_ms", &self.timeout_ms)
+            .field("allow_remote_endpoint", &self.allow_remote_endpoint)
+            .field("window_allowlist", &self.window_allowlist)
+            .field("max_coordinate_x", &self.max_coordinate_x)
+            .field("max_coordinate_y", &self.max_coordinate_y)
+            .finish()
+    }
+}
+
 impl Default for ComputerUseConfig {
     fn default() -> Self {
         Self {

src/tools/composio.rs

@@ -517,11 +517,10 @@ impl Tool for ComposioTool {
                     })?;
 
                 let params = args.get("params").cloned().unwrap_or(json!({}));
-                let connected_account_ref =
-                    args.get("connected_account_id").and_then(|v| v.as_str());
+                let acct_ref = args.get("connected_account_id").and_then(|v| v.as_str());
 
                 match self
-                    .execute_action(action_name, params, Some(entity_id), connected_account_ref)
+                    .execute_action(action_name, params, Some(entity_id), acct_ref)
                     .await
                 {
                     Ok(result) => {