mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-01 12:02:05 +00:00
test(gateway): isolate secret-redaction layer from provider-error rewrite
The existing test_chat_gateways_redact_secret_in_provider_error feeds a provider-error envelope (HTTP 401), which _sanitize_gateway_final_response rewrites wholesale to a generic category string. That rewrite strips the secret regardless of whether the redaction layer works, so the test cannot on its own prove _redact_gateway_user_facing_secrets is exercised. Add test_chat_gateways_redact_secret_in_non_error_body: ordinary assistant prose that echoes a bearer token but is NOT a provider-error envelope, so the rewrite path does not fire and secret redaction is the only defense. Verified fail-before (token leaks when _GATEWAY_SECRET_PATTERNS is emptied) and pass-after across whatsapp/slack/signal/matrix, while non-secret prose is preserved intact.
This commit is contained in:
parent
57864d07ed
commit
c377e954fb
1 changed files with 29 additions and 0 deletions
|
|
@ -96,6 +96,35 @@ def test_chat_gateways_redact_secret_in_provider_error(platform):
|
|||
assert "provider" in sanitized.lower()
|
||||
|
||||
|
||||
@pytest.mark.parametrize("platform", ["whatsapp", "slack", "signal", "matrix"])
|
||||
def test_chat_gateways_redact_secret_in_non_error_body(platform):
|
||||
"""Secrets must be redacted even when no provider-error rewrite fires.
|
||||
|
||||
The provider-error case above is rewritten wholesale to a generic
|
||||
category string, so it cannot, on its own, prove the secret-redaction
|
||||
layer works — the rewrite would strip the body regardless. This case
|
||||
feeds ordinary assistant prose that merely *echoes* a bearer token (not
|
||||
a provider-error envelope), so `_redact_gateway_user_facing_secrets` is
|
||||
the only thing standing between the token and the user. Removing the
|
||||
redaction patterns makes this fail (genuine regression guard); the
|
||||
surrounding prose must survive intact.
|
||||
"""
|
||||
raw = (
|
||||
"Sure — here is the example request you asked for: "
|
||||
"curl -H 'Authorization: Bearer sk-ABCDEF0123456789abcdef0123' "
|
||||
"https://api.example.com/v1/models"
|
||||
)
|
||||
|
||||
sanitized = _sanitize_gateway_final_response(platform, raw)
|
||||
|
||||
assert "sk-ABCDEF0123456789abcdef0123" not in sanitized
|
||||
assert "sk-ABCDEF" not in sanitized
|
||||
assert "[REDACTED]" in sanitized
|
||||
# Non-secret prose is preserved — redaction is surgical, not a wholesale
|
||||
# rewrite, on bodies that are not provider-error envelopes.
|
||||
assert "here is the example request you asked for" in sanitized
|
||||
|
||||
|
||||
def test_plugin_platform_string_suppresses_noise():
|
||||
"""Unknown/plugin chat platforms fail closed to the chat-filter path."""
|
||||
message = "⏳ Retrying in 4.2s (attempt 1/3)..."
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue