fix(providers): redact logged base url

warren618 · warren618 · commit 4a1a4e7d1083 · 2026-05-17T23:32:57.000+08:00
diff --git a/agent/src/providers/llm.py b/agent/src/providers/llm.py
@@ -7,6 +7,7 @@
 import os
 from pathlib import Path
 from typing import Any, Dict, Optional
+from urllib.parse import urlsplit
 
 try:
     from dotenv import load_dotenv
@@ -124,6 +125,33 @@ def _redact_env_source(loaded: Path | None) -> str:
     return "<.env>"
 
 
+def _redact_base_url_for_log(raw: str | None) -> str:
+    """Return a diagnostic-safe base URL label for logs."""
+    if not raw or not raw.strip():
+        return "(unset)"
+
+    try:
+        parsed = urlsplit(raw.strip())
+    except ValueError:
+        return "<base-url>"
+
+    if not parsed.scheme or not parsed.hostname:
+        return "<base-url>"
+
+    host = parsed.hostname
+    if ":" in host and not host.startswith("["):
+        host = f"[{host}]"
+
+    try:
+        port = parsed.port
+    except ValueError:
+        port = None
+    if port is not None:
+        host = f"{host}:{port}"
+
+    return f"{parsed.scheme}://{host}"
+
+
 def _load_env_file(path: Path) -> None:
     """Load a single .env file into os.environ (setdefault, no override)."""
     if load_dotenv is not None:
@@ -159,7 +187,7 @@ def _ensure_dotenv() -> None:
         _redact_env_source(loaded),
         os.getenv("LANGCHAIN_PROVIDER", "(unset)"),
         os.getenv("LANGCHAIN_MODEL_NAME", "(unset)"),
-        os.getenv("OPENAI_BASE_URL") or os.getenv("OPENAI_API_BASE") or "(unset)",
+        _redact_base_url_for_log(os.getenv("OPENAI_BASE_URL") or os.getenv("OPENAI_API_BASE")),
     )
 
 
diff --git a/agent/tests/test_dotenv_observability.py b/agent/tests/test_dotenv_observability.py
@@ -71,6 +71,18 @@ def test_logs_none_when_no_env_found(tmp_path, fresh, monkeypatch, caplog):
     assert "none (no .env file found)" in msg
 
 
+def test_logs_redacted_base_url_without_credentials(tmp_path, fresh, monkeypatch, caplog):
+    monkeypatch.setattr(llm, "_ENV_CANDIDATES", [tmp_path / "does-not-exist.env"])
+    monkeypatch.setenv("OPENAI_BASE_URL", "https://sk-secret@example.com:8443/v1?api_key=sk-hidden")
+    with caplog.at_level(logging.INFO, logger=LOGGER):
+        llm._ensure_dotenv()
+    msg = "\n".join(r.getMessage() for r in caplog.records)
+    assert "base=https://example.com:8443" in msg
+    assert "sk-secret" not in msg
+    assert "sk-hidden" not in msg
+    assert "api_key" not in msg
+
+
 def test_latch_still_skips_second_call(tmp_path, fresh, monkeypatch, caplog):
     """Behavior preserved: still loads once per process (no log on re-entry)."""
     monkeypatch.setattr(llm, "_ENV_CANDIDATES", [tmp_path / "nope.env"])
