fix(security): reduce residual CodeQL logging flows

- remove secret-presence logging path in gateway startup output - reduce credential-derived warning path in provider fallback setup - avoid as_deref credential propagation in delegate/provider wiring - harden Composio error rendering to avoid raw body leakage - simplify onboarding secrets status output to non-sensitive wording
2026-02-17 16:23:54 +08:00 · 2026-02-17 16:23:54 +08:00 · 60d81fb706
commit 60d81fb706
parent 1711f140be
6 changed files with 60 additions and 43 deletions
--- a/src/tools/delegate.rs
+++ b/src/tools/delegate.rs
@ -165,10 +165,11 @@ impl Tool for DelegateTool {
        }

        // Create provider for this agent
-        let provider_credential = agent_config
+        let provider_credential_owned = agent_config
            .api_key
-            .as_deref()
-            .or(self.fallback_credential.as_deref());
+            .clone()
+            .or_else(|| self.fallback_credential.clone());
+        let provider_credential = provider_credential_owned.as_ref().map(String::as_str);

        let provider: Box<dyn Provider> =
            match providers::create_provider(&agent_config.provider, provider_credential) {