fix(credentials): add claude_code_oauth_token + status_api_key to SECRET_FIELDS (#766, #765)

Both fields carry authentication material but were missing from SECRET_FIELDS, so the `config show` / dashboard config panels could surface them unredacted and they were not moved to encrypted storage by the credential migration path. Scopes the original PR back to just the credential-leak fix. The other bundled changes (bug-report template deletion, events timezone fix, Guardian model pinning, AgentLoop settings refactor, etc.) are dropped per review feedback — each deserves its own PR. Closes #765. Co-Authored-By: aboutttmalay <138196355+aboutttmalay@users.noreply.github.com>
2026-05-13 21:21:53 +00:00 · 2026-04-22 05:27:39 +05:30
parent c92ebe3e53
commit b13d4bb75b
2 changed files with 4 additions and 0 deletions
--- a/src/pocketpaw/credentials.py
+++ b/src/pocketpaw/credentials.py
@@ -57,6 +57,8 @@ SECRET_FIELDS: frozenset[str] = frozenset(
        "gchat_service_account_key",
        "sarvam_api_key",
        "litellm_api_key",
+        "claude_code_oauth_token",
+        "status_api_key",
    }
 )

--- a/tests/test_credentials.py
+++ b/tests/test_credentials.py
@@ -530,6 +530,8 @@ class TestSecretFieldsList:
            "gchat_service_account_key",
            "sarvam_api_key",
            "litellm_api_key",
+            "claude_code_oauth_token",
+            "status_api_key",
        }
        assert SECRET_FIELDS == expected