Skip to content

fix: stop returning redaction mapping in model-visible tool output#7

Merged
sidmohan0 merged 1 commit into
feat/openclaw-2026.6-compatfrom
fix/redact-mapping-exposure
Jul 2, 2026
Merged

fix: stop returning redaction mapping in model-visible tool output#7
sidmohan0 merged 1 commit into
feat/openclaw-2026.6-compatfrom
fix/redact-mapping-exposure

Conversation

@sidmohan0

Copy link
Copy Markdown
Contributor

Summary

Stacked on #6 (touches the same tool registrations).

fogclaw_redact returned the full placeholder→original mapping in its content JSON, and fogclaw_preview did the same. That output persists in the session transcript, so the redaction could be trivially reversed by anything reading the transcript — partially defeating the tool's purpose.

  • fogclaw_redact now feeds the mapping into RedactionMapStore and returns redacted_text, entities_found, and the placeholders list only, with the tool description and output pointing agents at fogclaw_request_access for user-approved reveals.
  • fogclaw_preview drops the mapping field (dry-run stays side-effect free — it does not feed the store).
  • ARCHITECTURE.md and CHANGELOG updated.

Left as-is, noted in CHANGELOG follow-ups: fogclaw_scan/fogclaw_preview still return entity spans with matched text — unlike the mapping, that reveals nothing the caller didn't already supply.

Test plan

  • New red-first tests: redact output contains no mapping and no original value; preview output contains no mapping; full round-trip (redact → request_access → resolve approve) reveals the original through the backlog
  • 233 tests pass, tsc --noEmit clean

fogclaw_redact returned the full placeholder-to-original mapping in its
content JSON, and fogclaw_preview did the same. The mapping persists in
the session transcript, partially defeating redaction for those paths.
fogclaw_redact now feeds the mapping into RedactionMapStore and returns
only the placeholder list; originals are recoverable solely through the
access-request backlog (fogclaw_request_access -> user approval).
Adds a round-trip regression test: redact -> request_access -> approve
reveals the original, while the tool output never contains it.
@sidmohan0 sidmohan0 merged commit 9fd20b4 into feat/openclaw-2026.6-compat Jul 2, 2026
2 checks passed
@sidmohan0

Copy link
Copy Markdown
Contributor Author

Heads up: this merged into feat/openclaw-2026.6-compat about a minute after #6 had already merged that branch into main, so this fix never reached main. Re-landed as #8 (clean cherry-pick of the same commit onto main).

@sidmohan0 sidmohan0 deleted the fix/redact-mapping-exposure branch July 2, 2026 23:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant