Skip to content

[codex] Mask setup generated secrets#271

Merged
Rabithua merged 2 commits into
developfrom
codex/mask-setup-secrets
Jun 30, 2026
Merged

[codex] Mask setup generated secrets#271
Rabithua merged 2 commits into
developfrom
codex/mask-setup-secrets

Conversation

@Rabithua

Copy link
Copy Markdown
Owner

Summary

  • Stop returning raw generated JWT/session/VAPID private secrets from the first-run setup response.
  • Keep the existing setup flow unchanged for normal deployments.
  • Split the oversized admin router into setup, storage utility, and user/admin route modules so the project quality gate can pass.

Root Cause

POST /v2/api/admin/setup generated security keys and then included the raw private values in the response payload.

Validation

  • bun test tests/setupSecurity.test.ts
  • bun run lint
  • bun run build

@Rabithua Rabithua marked this pull request as ready for review June 30, 2026 10:13
@Rabithua Rabithua merged commit 7bc09f6 into develop Jun 30, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant