fix: avoid logging connection credentials in the UI#418
Open
DivyamTalwar wants to merge 1 commit into
Open
Conversation
Connection URI debug logs could include morphik:// values, parsed auth tokens, and connection-derived URLs. Keep event-level debug messages while removing the credential-bearing values. Constraint: Morphik connection URIs can carry bearer credentials. Rejected: Removing all UI debug logging | event-only messages preserve useful local diagnosis without printing secrets. Confidence: high Scope-risk: narrow Directive: Do not add URI or token values back to browser console output; log booleans or connection types only. Tested: npm install --package-lock=false; npx next lint --file contexts/morphik-context.tsx --file lib/connection-utils.ts --file lib/utils.ts; npx prettier --check contexts/morphik-context.tsx lib/connection-utils.ts lib/utils.ts; npx tsc --noEmit --pretty false; credential-bearing console value grep; git diff --check. Not-tested: npm run lint and npm run build still fail on pre-existing unrelated UI lint issues in components/ui/button.tsx and components/ui/sheet.tsx.
DivyamTalwar
marked this pull request as ready for review
July 3, 2026 20:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The UI had several debug logs that could print full Morphik connection URIs, parsed connection objects, extracted token prefixes, or connection-derived URLs. Because Morphik connection URIs can include bearer credentials, this PR keeps only event-level connection debug messages and removes credential-bearing values from the browser console.
Changes
MorphikProvider.connectionInfo,authToken, raw connection URIs, token prefixes, adjacent URI parsing exception objects, and the connection-derived API base URL in the utility path touched by this PR.hadHttpProtocolPrefix,hasConnection, and invalid-URL protocol/value booleans.Why this matters
Debug logging should not expose bearer credentials or values derived from bearer connection URIs. This reduces accidental credential exposure during local debugging and issue reproduction without changing connection parsing, storage, authorization header creation, or API URL construction behavior.
Tests
Commands run:
npm install --package-lock=falsefromee/ui-component— passed; installed local dependencies without creating a lockfile.npx next lint --file contexts/morphik-context.tsx --file lib/connection-utils.ts --file lib/utils.tsfromee/ui-component— passed.npx prettier --check contexts/morphik-context.tsx lib/connection-utils.ts lib/utils.tsfromee/ui-component— passed.npx tsc --noEmit --pretty falsefromee/ui-component— passed.if rg -n "console\\.(log|debug|info|warn|error)\\([^\\n]*,\\s*(connectionUri|authToken|connectionInfo|storedUri|stored|uri|token|fullToken|authPart|cleanUri|migratedUri|host|url|err)\\b|console\\.(log|debug|info|warn|error)\\([^\\n]*\\{[^\\n]*(connectionUri|authToken|connectionInfo|storedUri|stored|uri|token|fullToken|authPart|cleanUri|migratedUri|host|url|err)\\s*[,}]" ee/ui-component/contexts/morphik-context.tsx ee/ui-component/lib/connection-utils.ts ee/ui-component/lib/utils.ts -S; then echo "raw credential-related console argument remains"; exit 1; else echo "no raw credential-related console arguments found"; fi— passed.git diff --check origin/main...HEAD— passed.Also run:
npm run lintfromee/ui-component— failed on pre-existing unrelated issues incomponents/ui/button.tsxandcomponents/ui/sheet.tsx, plus existing warnings in chat/settings components.npm run buildfromee/ui-component— compiled successfully, then failed at the same existing lint gate unrelated to the touched files.Risk
Risk level: low
This is a logging-only change. It does not alter the connection URI parser, localStorage persistence behavior, generated authorization headers, or API base URL selection. Rollback is straightforward by restoring the previous console output, though that would reintroduce credential exposure risk.
The tradeoff is that malformed-URI and parsing failure logs now include less debugging context than before. In particular, raw invalid URL values and caught exception objects are no longer logged. Routine diagnosis still gets event-level messages, but deep debugging may require local reproduction or temporary local instrumentation rather than relying on browser logs that can be shared.
Issue
No existing issue.
Notes for maintainers
README examples were intentionally left unchanged because this PR only affects console redaction, not connection URI behavior.
This PR also does not change connection URI persistence or transport/protocol defaults. Those are broader behavior changes that should be reviewed separately from this logging-only hardening.