Aaron Weiker
ecfbfddc7c
PR Ready Gate / clear-labels (pull_request) Successful in 1s
CI / test (pull_request) Successful in 17s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 34s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m14s
CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m17s
Addresses security review finding: retry warnings were logging the full request URL which could inadvertently leak sensitive query parameters if future callers pass them. Added redactURL() helper that: - Strips query parameters from URLs before logging (replaces with [redacted]) - Returns [invalid URL] for unparseable URLs to avoid leaking any data - Preserves the base path for debugging context The error itself (lastErr) is kept as-is since APIError.Error() already truncates response bodies to 200 chars, and network errors don't contain user-controlled data.