fix: destination secret fields

[saikumarrs]

What are the changes introduced in this PR?

• Updated definitions of destinations that are in-violation of secrets configuration based on the following rules:
  • A field cannot be considered a secret if it is needed by at least one device mode integration as it'll be automatically exposed by the source configuration endpoint.
  • If a field is truly a secret, then it should not be part of includeKeys.
    • Userpilot, Refiner and AppsFlyer destinations.
• Updated validator to add the above custom rules for destination definition validation to prevent future violations.

What is the related Linear task?

https://linear.app/rudderstack/issue/INT-4282/review-all-the-integration-definition-configurations-for-secret-fields

Please explain the objectives of your changes below

DO NOT expose secret keys in source configuration response (via includeKeys).

Any changes to existing capabilities/behaviour, mention the reason & what are the changes ?

Improved the validator to add custom rules beyond the JSON schema validation for destination definition configuration file.

Any new dependencies introduced with this change?

No

Any new checks got introduced or modified in test suites. Please explain the changes.

Destination definitions are now thoroughly validated to not expose secrets.

---

Developer checklist

• My code follows the style guidelines of this project

• No breaking changes are being introduced.

• All related docs linked with the PR?

• All changes manually tested?

• Any documentation changes needed with this change?

• I have executed schemaGenerator tests and updated schema if needed

• Are sensitive fields marked as secret in definition config?

• My test cases and placeholders use only masked/sample values for sensitive fields

• Is the PR limited to 10 file changes & one task?

Reviewer checklist

• Is the type of change in the PR title appropriate as per the changes?

• Verified that there are no credentials or confidential data exposed with the changes.

Summary by CodeRabbit

• Chores

  • Added an npm "clean" script to remove installed dependencies.
  • Updated many destination configurations to adjust which keys are included or treated as secrets.

• Documentation

  • Clarified schema descriptions and comments for destination configuration fields sent to client SDKs.

• Tests

  • Added comprehensive validation tests for new destination configuration rules that enforce include/exclude and device/hybrid-mode requirements.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR updates many destination db-config.json files to remove or reduce secret/include keys and adds post-schema validation rules ensuring secretKeys are not exposed via includeKeys and that includeKeys are present when device/hybrid modes are supported; schema documentation and tests were updated accordingly.

Changes

Cohort / File(s)	Summary
Configuration Script package.json	Added "clean" NPM script (rm -rf node_modules).
Validator Logic src/validator/index.ts	Added custom validation ruleset and integration: (1) forbid secretKeys appearing in includeKeys unless explicitly excluded, (2) require includeKeys when any source supports device/hybrid mode; aggregated rule application and error reporting added.
Validator Tests test/validator/validator.test.ts	New comprehensive tests covering the two custom validation rules, multiple violation scenarios, and edge cases (undefined/null configs).
Schema Documentation src/schemas/destinations/db-config-schema.json	Updated descriptions/comments for includeKeys and excludeKeys to reference client SDKs, device/hybrid-mode requirements, and exclusion precedence.
Destination Configurations — secretKeys cleared/reduced src/configurations/destinations/active_campaign/..., am/..., appcenter/..., axeptio/..., bingads/..., braze/..., clevertap/..., commandbar/..., comscore/..., convertflow/..., criteo/..., customerio/..., dcm_floodlight/..., engage/..., gainsight_px/..., june/..., kissmetrics/..., kochava/..., leanplum/..., lemnisk/..., livechat/..., mouseflow/..., mp/..., pendo/..., podsights/..., posthog/..., qualaroo/..., qualtrics/..., quora_pixel/..., reddit_pixel/..., rollbar/..., satismeter/..., sentry/..., singular/..., snap_pixel/..., snapengage/..., spotifyPixel/..., tiktok_ads/..., xpixel/..., yandex_metrica/...	Cleared or reduced secretKeys arrays (removed specific entries such as apiKey, pixelId, tagId, etc.).
Destination Configurations — includeKeys trimmed src/configurations/destinations/af/..., awin/..., candu/..., canny/..., clickup/..., custify/..., facebook_offline_conversions/..., freshmarketer/..., freshsales/..., iterable/..., klaviyo_bulk_upload/..., mailjet/..., mailmodo/..., marketo_static_list/..., matomo/..., mautic/..., new_relic/..., pagerduty/..., persistiq/..., profitwell/..., refiner/..., rakuten/..., smartly/..., snapchat_custom_audience/..., stormly/..., user/..., userpilot/..., wootric/..., zapier/..., mailjet/..., mautic/...	Removed specific API keys/identifiers from includeKeys arrays (e.g., apiKey, clientId, mid, routingKey, password, etc.) to avoid exposing credentials.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer / CI
    participant Validator as validateDestinationDefinitions()
    participant Schema as JSON Schema Validator
    participant Rules as applyAdditionalRulesValidation()
    participant RuleA as Rule: secretKeys ∉ includeKeys
    participant RuleB as Rule: includeKeys required for device/hybrid

    Dev->>Validator: Provide destination configs
    Validator->>Schema: Validate with JSON schema
    Schema-->>Validator: Schema result (valid/invalid)
    alt Schema valid
        Validator->>Rules: Run additional rules
        Rules->>RuleA: Check secret vs include/exclude
        RuleA-->>Rules: Pass/Fail + details
        Rules->>RuleB: Check supportedConnectionModes vs includeKeys
        RuleB-->>Rules: Pass/Fail + details
        Rules-->>Validator: Aggregated rule results
        alt All pass
            Validator-->>Dev: Validation success
        else One or more fail
            Validator-->>Dev: Validation errors (aggregate)
        end
    else Schema invalid
        Schema-->>Dev: Schema validation errors
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Many homogeneous config edits reduce per-file reasoning, but the diff includes:
  • New validation logic in src/validator/index.ts (careful correctness/edge-case review required).
  • Comprehensive tests (test/validator/validator.test.ts) with mocks that should be validated against production behavior.
  • Schema wording changes affecting expected behavior in device/hybrid modes.
• Files/areas to focus review on:
  • src/validator/index.ts — rule logic, error messages, and integration point.
  • test/validator/validator.test.ts — ensure mocks accurately reflect runtime environment and cover edge cases.
  • Representative destination config files — spot-check a few to ensure removed keys are safe to remove and consistent with rules.
  • src/schemas/destinations/db-config-schema.json — ensure descriptions and $comment align with validator behavior.

Possibly related PRs

• fix: gcp credentials for snowflake destination is not secret #2194 — related destination secretKeys edits (Snowflake credential changes); similar scope on secret handling.
• fix: remove secret from includeKeys #2214 — removes secret fields from MP destination config; overlaps with the secretKeys/includeKeys concern enforced here.
• chore: disallow destination display name change #2228 — touches src/validator/index.ts; related to validator changes and stricter validation behavior.

Suggested reviewers

• lvrach
• cisse21
• debanjan97
• am6010
• ssbeefeater
• ItsSudip
• 1abhishekpandey
• krishna2020

"I nibbled through configs late at night,
I hid the keys from prying sight,
I taught the rules to guard the gate,
Now secrets sleep — secure and straight,
Hop, hop — validation done just right." 🐰🔐

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: destination secret fields' directly addresses the main objective of the PR: preventing exposure of secret fields in destination configurations.
Description check	✅ Passed	The PR description covers the key changes, objectives, and reasoning. However, several developer checklist items remain unchecked (breaking changes, docs, manual testing, schema tests, PR size limits), which are important for a complete submission.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/int-4282-review-all-the-integration-definition-configurations-for

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f0ddcb3 and d2448b2.

📒 Files selected for processing (1)

• test/validator/validator.test.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• test/validator/validator.test.ts

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (98354e6) to head (d2448b2).
⚠️ Report is 34 commits behind head on develop.

Additional details and impacted files

@@            Coverage Diff            @@
##           develop     #2249   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines           72       102   +30     
  Branches         8        21   +13     
=========================================
+ Hits            72       102   +30     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

test/validator/validator.test.ts (1)

1111-1132: Test only triggers one rule violation despite the describe block name.

The test is named "Multiple rule violations" but only triggers the secretKeys rule. The device/hybrid rule passes because supportedConnectionModes is undefined. Consider adding a test that actually triggers both rules simultaneously.

     describe('Multiple rule violations', () => {
-      it('should collect all validation errors', async () => {
+      it('should collect all validation errors when multiple rules fail', async () => {
         const invalidDestDef = {
           name: 'TEST',
           displayName: 'Test',
           config: {
             includeKeys: ['apiKey', 'password'],
             secretKeys: ['password', 'token'],
+            supportedConnectionModes: {
+              web: ['device'],
+            },
           },
         };

+        // This config violates the secretKeys rule (password in includeKeys)
+        // but satisfies the device/hybrid rule (includeKeys is defined)
         try {
           await validateDestinationDefinitions(invalidDestDef);
           fail('Expected validation to throw');
         } catch (error) {
           const errorMessage = error.message;
-          // Should fail because password is in includeKeys but not in excludeKeys
           expect(errorMessage).toContain('Secret keys must not be exposed to client-side');
           expect(errorMessage).toContain('password');
         }
       });
+
+      it('should report both rule violations when both fail', async () => {
+        const invalidDestDef = {
+          name: 'TEST',
+          displayName: 'Test',
+          config: {
+            includeKeys: [],  // Empty - violates device/hybrid rule
+            secretKeys: ['password'],
+            supportedConnectionModes: {
+              web: ['device'],
+            },
+          },
+        };
+
+        try {
+          await validateDestinationDefinitions(invalidDestDef);
+          fail('Expected validation to throw');
+        } catch (error) {
+          const errorMessage = error.message;
+          // Empty includeKeys means secretKeys rule passes, but device/hybrid rule fails
+          expect(errorMessage).toContain('includeKeys must be defined and non-empty');
+        }
+      });
     });

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 98354e6 and f0ddcb3.

📒 Files selected for processing (76)

• package.json (1 hunks)
• src/configurations/destinations/active_campaign/db-config.json (1 hunks)
• src/configurations/destinations/adj/db-config.json (1 hunks)
• src/configurations/destinations/af/db-config.json (0 hunks)
• src/configurations/destinations/am/db-config.json (1 hunks)
• src/configurations/destinations/appcenter/db-config.json (1 hunks)
• src/configurations/destinations/awin/db-config.json (0 hunks)
• src/configurations/destinations/axeptio/db-config.json (1 hunks)
• src/configurations/destinations/bingads/db-config.json (1 hunks)
• src/configurations/destinations/braze/db-config.json (1 hunks)
• src/configurations/destinations/bugsnag/db-config.json (1 hunks)
• src/configurations/destinations/candu/db-config.json (1 hunks)
• src/configurations/destinations/canny/db-config.json (0 hunks)
• src/configurations/destinations/clevertap/db-config.json (1 hunks)
• src/configurations/destinations/clickup/db-config.json (0 hunks)
• src/configurations/destinations/commandbar/db-config.json (1 hunks)
• src/configurations/destinations/comscore/db-config.json (1 hunks)
• src/configurations/destinations/convertflow/db-config.json (1 hunks)
• src/configurations/destinations/criteo/db-config.json (1 hunks)
• src/configurations/destinations/custify/db-config.json (0 hunks)
• src/configurations/destinations/customerio/db-config.json (1 hunks)
• src/configurations/destinations/dcm_floodlight/db-config.json (1 hunks)
• src/configurations/destinations/engage/db-config.json (1 hunks)
• src/configurations/destinations/facebook_offline_conversions/db-config.json (0 hunks)
• src/configurations/destinations/freshmarketer/db-config.json (0 hunks)
• src/configurations/destinations/freshsales/db-config.json (0 hunks)
• src/configurations/destinations/gainsight_px/db-config.json (1 hunks)
• src/configurations/destinations/iterable/db-config.json (1 hunks)
• src/configurations/destinations/june/db-config.json (1 hunks)
• src/configurations/destinations/kissmetrics/db-config.json (1 hunks)
• src/configurations/destinations/klaviyo_bulk_upload/db-config.json (0 hunks)
• src/configurations/destinations/kochava/db-config.json (1 hunks)
• src/configurations/destinations/leanplum/db-config.json (1 hunks)
• src/configurations/destinations/lemnisk/db-config.json (1 hunks)
• src/configurations/destinations/livechat/db-config.json (1 hunks)
• src/configurations/destinations/mailjet/db-config.json (0 hunks)
• src/configurations/destinations/mailmodo/db-config.json (0 hunks)
• src/configurations/destinations/marketo_static_list/db-config.json (0 hunks)
• src/configurations/destinations/matomo/db-config.json (1 hunks)
• src/configurations/destinations/mautic/db-config.json (0 hunks)
• src/configurations/destinations/mouseflow/db-config.json (1 hunks)
• src/configurations/destinations/mp/db-config.json (1 hunks)
• src/configurations/destinations/new_relic/db-config.json (0 hunks)
• src/configurations/destinations/pagerduty/db-config.json (0 hunks)
• src/configurations/destinations/pendo/db-config.json (1 hunks)
• src/configurations/destinations/persistiq/db-config.json (1 hunks)
• src/configurations/destinations/podsights/db-config.json (1 hunks)
• src/configurations/destinations/posthog/db-config.json (1 hunks)
• src/configurations/destinations/profitwell/db-config.json (1 hunks)
• src/configurations/destinations/qualaroo/db-config.json (1 hunks)
• src/configurations/destinations/qualtrics/db-config.json (1 hunks)
• src/configurations/destinations/quora_pixel/db-config.json (1 hunks)
• src/configurations/destinations/rakuten/db-config.json (1 hunks)
• src/configurations/destinations/reddit_pixel/db-config.json (1 hunks)
• src/configurations/destinations/refiner/db-config.json (0 hunks)
• src/configurations/destinations/rollbar/db-config.json (1 hunks)
• src/configurations/destinations/satismeter/db-config.json (1 hunks)
• src/configurations/destinations/sendinblue/db-config.json (1 hunks)
• src/configurations/destinations/sentry/db-config.json (1 hunks)
• src/configurations/destinations/singular/db-config.json (1 hunks)
• src/configurations/destinations/smartly/db-config.json (0 hunks)
• src/configurations/destinations/snap_pixel/db-config.json (1 hunks)
• src/configurations/destinations/snapchat_custom_audience/db-config.json (0 hunks)
• src/configurations/destinations/snapengage/db-config.json (1 hunks)
• src/configurations/destinations/spotifyPixel/db-config.json (1 hunks)
• src/configurations/destinations/stormly/db-config.json (1 hunks)
• src/configurations/destinations/tiktok_ads/db-config.json (1 hunks)
• src/configurations/destinations/user/db-config.json (0 hunks)
• src/configurations/destinations/userpilot/db-config.json (0 hunks)
• src/configurations/destinations/wootric/db-config.json (0 hunks)
• src/configurations/destinations/xpixel/db-config.json (1 hunks)
• src/configurations/destinations/yandex_metrica/db-config.json (1 hunks)
• src/configurations/destinations/zapier/db-config.json (0 hunks)
• src/schemas/destinations/db-config-schema.json (2 hunks)
• src/validator/index.ts (2 hunks)
• test/validator/validator.test.ts (1 hunks)

💤 Files with no reviewable changes (22)

• src/configurations/destinations/custify/db-config.json
• src/configurations/destinations/marketo_static_list/db-config.json
• src/configurations/destinations/freshmarketer/db-config.json
• src/configurations/destinations/refiner/db-config.json
• src/configurations/destinations/mailmodo/db-config.json
• src/configurations/destinations/pagerduty/db-config.json
• src/configurations/destinations/facebook_offline_conversions/db-config.json
• src/configurations/destinations/mautic/db-config.json
• src/configurations/destinations/userpilot/db-config.json
• src/configurations/destinations/klaviyo_bulk_upload/db-config.json
• src/configurations/destinations/smartly/db-config.json
• src/configurations/destinations/user/db-config.json
• src/configurations/destinations/canny/db-config.json
• src/configurations/destinations/freshsales/db-config.json
• src/configurations/destinations/awin/db-config.json
• src/configurations/destinations/zapier/db-config.json
• src/configurations/destinations/mailjet/db-config.json
• src/configurations/destinations/snapchat_custom_audience/db-config.json
• src/configurations/destinations/wootric/db-config.json
• src/configurations/destinations/clickup/db-config.json
• src/configurations/destinations/new_relic/db-config.json
• src/configurations/destinations/af/db-config.json

🧰 Additional context used

🧠 Learnings (9)

📓 Common learnings

Learnt from: shrouti1507
Repo: rudderlabs/rudder-integrations-config PR: 1732
File: test/data/validation/destinations/salesforce_oauth_sandbox.json:1-22
Timestamp: 2024-10-08T12:13:04.607Z
Learning: In the `rudder-integrations-config` repository, for closed testing destinations, identical test cases without consolidation are acceptable.

Learnt from: sandeepdsvs
Repo: rudderlabs/rudder-integrations-config PR: 1830
File: src/configurations/destinations/http/ui-config.json:476-477
Timestamp: 2024-12-05T16:06:11.176Z
Learning: The regex patterns in `src/configurations/destinations/http/ui-config.json` for the "Destination property" and "RudderStack property" fields correctly validate JSON paths and appropriately throw errors for invalid inputs.

📚 Learning: 2024-12-09T04:17:16.931Z

Learnt from: accoilmj
Repo: rudderlabs/rudder-integrations-config PR: 1807
File: src/configurations/destinations/accoil_analytics/schema.json:285-795
Timestamp: 2024-12-09T04:17:16.931Z
Learning: The file `src/configurations/destinations/accoil_analytics/schema.json` is autogenerated.

Applied to files:

• src/configurations/destinations/satismeter/db-config.json
• src/configurations/destinations/commandbar/db-config.json
• src/configurations/destinations/sendinblue/db-config.json
• src/configurations/destinations/singular/db-config.json
• src/configurations/destinations/customerio/db-config.json
• src/configurations/destinations/clevertap/db-config.json
• src/configurations/destinations/bingads/db-config.json
• src/configurations/destinations/mouseflow/db-config.json
• src/configurations/destinations/gainsight_px/db-config.json
• src/configurations/destinations/qualaroo/db-config.json
• src/configurations/destinations/yandex_metrica/db-config.json
• src/configurations/destinations/leanplum/db-config.json
• src/configurations/destinations/snapengage/db-config.json
• src/configurations/destinations/active_campaign/db-config.json
• src/configurations/destinations/livechat/db-config.json
• src/configurations/destinations/braze/db-config.json
• src/schemas/destinations/db-config-schema.json
• src/configurations/destinations/mp/db-config.json
• src/configurations/destinations/persistiq/db-config.json
• src/configurations/destinations/posthog/db-config.json
• src/configurations/destinations/criteo/db-config.json
• src/configurations/destinations/snap_pixel/db-config.json
• src/configurations/destinations/podsights/db-config.json
• src/configurations/destinations/profitwell/db-config.json
• src/configurations/destinations/iterable/db-config.json
• src/configurations/destinations/comscore/db-config.json
• src/configurations/destinations/candu/db-config.json
• src/configurations/destinations/pendo/db-config.json
• src/configurations/destinations/june/db-config.json
• src/configurations/destinations/stormly/db-config.json
• src/configurations/destinations/kissmetrics/db-config.json
• src/configurations/destinations/adj/db-config.json
• src/configurations/destinations/matomo/db-config.json
• src/configurations/destinations/quora_pixel/db-config.json
• src/configurations/destinations/lemnisk/db-config.json
• src/configurations/destinations/spotifyPixel/db-config.json
• src/configurations/destinations/kochava/db-config.json
• src/configurations/destinations/am/db-config.json
• src/configurations/destinations/convertflow/db-config.json

📚 Learning: 2024-12-09T04:17:28.675Z

Learnt from: accoilmj
Repo: rudderlabs/rudder-integrations-config PR: 1807
File: src/configurations/destinations/accoil_analytics/schema.json:148-284
Timestamp: 2024-12-09T04:17:28.675Z
Learning: The file `src/configurations/destinations/accoil_analytics/schema.json` is autogenerated. Avoid suggesting changes to autogenerated files.

Applied to files:

• src/configurations/destinations/satismeter/db-config.json
• src/configurations/destinations/commandbar/db-config.json
• src/configurations/destinations/sendinblue/db-config.json
• src/configurations/destinations/rakuten/db-config.json
• src/configurations/destinations/singular/db-config.json
• src/configurations/destinations/customerio/db-config.json
• src/configurations/destinations/clevertap/db-config.json
• src/configurations/destinations/bingads/db-config.json
• src/configurations/destinations/mouseflow/db-config.json
• src/configurations/destinations/gainsight_px/db-config.json
• src/configurations/destinations/tiktok_ads/db-config.json
• src/configurations/destinations/qualaroo/db-config.json
• src/configurations/destinations/yandex_metrica/db-config.json
• src/configurations/destinations/leanplum/db-config.json
• src/configurations/destinations/snapengage/db-config.json
• src/configurations/destinations/active_campaign/db-config.json
• src/configurations/destinations/livechat/db-config.json
• src/configurations/destinations/braze/db-config.json
• src/schemas/destinations/db-config-schema.json
• src/configurations/destinations/mp/db-config.json
• src/configurations/destinations/persistiq/db-config.json
• src/configurations/destinations/posthog/db-config.json
• src/configurations/destinations/criteo/db-config.json
• src/configurations/destinations/rollbar/db-config.json
• src/configurations/destinations/snap_pixel/db-config.json
• src/configurations/destinations/xpixel/db-config.json
• src/configurations/destinations/podsights/db-config.json
• src/configurations/destinations/profitwell/db-config.json
• src/configurations/destinations/dcm_floodlight/db-config.json
• src/configurations/destinations/iterable/db-config.json
• src/configurations/destinations/comscore/db-config.json
• src/configurations/destinations/candu/db-config.json
• src/configurations/destinations/pendo/db-config.json
• src/configurations/destinations/june/db-config.json
• src/configurations/destinations/stormly/db-config.json
• src/configurations/destinations/bugsnag/db-config.json
• src/configurations/destinations/kissmetrics/db-config.json
• src/configurations/destinations/adj/db-config.json
• src/configurations/destinations/matomo/db-config.json
• src/configurations/destinations/quora_pixel/db-config.json
• src/configurations/destinations/appcenter/db-config.json
• src/configurations/destinations/lemnisk/db-config.json
• src/configurations/destinations/spotifyPixel/db-config.json
• src/configurations/destinations/kochava/db-config.json
• src/configurations/destinations/am/db-config.json
• src/configurations/destinations/sentry/db-config.json
• src/configurations/destinations/convertflow/db-config.json
• src/configurations/destinations/engage/db-config.json

📚 Learning: 2024-12-09T04:17:05.013Z

Learnt from: accoilmj
Repo: rudderlabs/rudder-integrations-config PR: 1807
File: src/configurations/destinations/accoil_analytics/schema.json:11-147
Timestamp: 2024-12-09T04:17:05.013Z
Learning: The file `src/configurations/destinations/accoil_analytics/schema.json` is autogenerated and should not be manually modified.

Applied to files:

• src/configurations/destinations/satismeter/db-config.json
• src/configurations/destinations/commandbar/db-config.json
• src/configurations/destinations/sendinblue/db-config.json
• src/configurations/destinations/rakuten/db-config.json
• src/configurations/destinations/singular/db-config.json
• src/configurations/destinations/customerio/db-config.json
• src/configurations/destinations/clevertap/db-config.json
• src/configurations/destinations/bingads/db-config.json
• src/configurations/destinations/mouseflow/db-config.json
• src/configurations/destinations/gainsight_px/db-config.json
• src/configurations/destinations/qualaroo/db-config.json
• src/configurations/destinations/yandex_metrica/db-config.json
• src/configurations/destinations/leanplum/db-config.json
• src/configurations/destinations/snapengage/db-config.json
• src/configurations/destinations/active_campaign/db-config.json
• src/configurations/destinations/livechat/db-config.json
• src/configurations/destinations/braze/db-config.json
• src/schemas/destinations/db-config-schema.json
• src/configurations/destinations/mp/db-config.json
• src/configurations/destinations/persistiq/db-config.json
• src/configurations/destinations/posthog/db-config.json
• src/configurations/destinations/criteo/db-config.json
• src/configurations/destinations/snap_pixel/db-config.json
• src/configurations/destinations/podsights/db-config.json
• src/configurations/destinations/profitwell/db-config.json
• src/configurations/destinations/iterable/db-config.json
• src/configurations/destinations/comscore/db-config.json
• src/configurations/destinations/candu/db-config.json
• src/configurations/destinations/pendo/db-config.json
• src/configurations/destinations/june/db-config.json
• src/configurations/destinations/stormly/db-config.json
• src/configurations/destinations/kissmetrics/db-config.json
• src/configurations/destinations/adj/db-config.json
• src/configurations/destinations/matomo/db-config.json
• src/configurations/destinations/quora_pixel/db-config.json
• src/configurations/destinations/lemnisk/db-config.json
• src/configurations/destinations/spotifyPixel/db-config.json
• src/configurations/destinations/kochava/db-config.json
• src/configurations/destinations/am/db-config.json
• src/configurations/destinations/convertflow/db-config.json
• src/configurations/destinations/engage/db-config.json

📚 Learning: 2024-10-15T07:02:58.743Z

Learnt from: vamsikrishnakandi
Repo: rudderlabs/rudder-integrations-config PR: 1751
File: src/configurations/destinations/rs/ui-config.json:219-231
Timestamp: 2024-10-15T07:02:58.743Z
Learning: In `src/configurations/destinations/rs/ui-config.json`, the `sshPublicKey` field is populated by the web application, even though it is marked as required and read-only in the UI configuration.

Applied to files:

• src/configurations/destinations/satismeter/db-config.json
• src/configurations/destinations/commandbar/db-config.json
• src/configurations/destinations/singular/db-config.json
• src/configurations/destinations/mouseflow/db-config.json
• src/configurations/destinations/qualaroo/db-config.json
• src/configurations/destinations/snapengage/db-config.json
• src/configurations/destinations/braze/db-config.json
• src/configurations/destinations/june/db-config.json
• src/configurations/destinations/appcenter/db-config.json
• src/configurations/destinations/lemnisk/db-config.json
• src/configurations/destinations/engage/db-config.json

📚 Learning: 2024-10-08T05:19:11.373Z

Learnt from: saikumarrs
Repo: rudderlabs/rudder-integrations-config PR: 1691
File: src/configurations/destinations/ga4/schema.json:345-345
Timestamp: 2024-10-08T05:19:11.373Z
Learning: When reviewing changes to `src/configurations/destinations/ga4/schema.json`, ensure that added enum values like "iubenda" are correctly identified across all supported platforms before flagging an issue.

Applied to files:

• src/configurations/destinations/rakuten/db-config.json
• src/configurations/destinations/bingads/db-config.json
• src/configurations/destinations/yandex_metrica/db-config.json
• src/configurations/destinations/active_campaign/db-config.json
• src/schemas/destinations/db-config-schema.json
• src/configurations/destinations/mp/db-config.json
• src/configurations/destinations/persistiq/db-config.json
• src/configurations/destinations/comscore/db-config.json
• src/configurations/destinations/candu/db-config.json
• src/configurations/destinations/stormly/db-config.json
• src/configurations/destinations/kissmetrics/db-config.json
• src/configurations/destinations/adj/db-config.json
• test/validator/validator.test.ts
• src/configurations/destinations/matomo/db-config.json
• src/validator/index.ts
• src/configurations/destinations/convertflow/db-config.json

📚 Learning: 2025-05-23T09:56:13.947Z

Learnt from: ItsSudip
Repo: rudderlabs/rudder-integrations-config PR: 2031
File: src/configurations/destinations/zoho/db-config.json:5-5
Timestamp: 2025-05-23T09:56:13.947Z
Learning: In the Rudder Integrations Config repository, flags like `isAudienceSupported` in destination configurations (`db-config.json` files) don't require schema updates when they're used as internal feature flags rather than user-configurable inputs.

Applied to files:

• src/configurations/destinations/active_campaign/db-config.json
• src/schemas/destinations/db-config-schema.json
• src/configurations/destinations/mp/db-config.json
• src/configurations/destinations/comscore/db-config.json

📚 Learning: 2025-05-28T06:42:55.613Z

Learnt from: manish339k
Repo: rudderlabs/rudder-integrations-config PR: 2034
File: src/configurations/destinations/marketo_bulk_upload/schema.json:811-825
Timestamp: 2025-05-28T06:42:55.613Z
Learning: In Marketo bulk upload destination schema (src/configurations/destinations/marketo_bulk_upload/schema.json), the columnFieldsMapping items should NOT require "from" and "to" fields - they are intentionally optional in the schema design.

Applied to files:

• src/schemas/destinations/db-config-schema.json

📚 Learning: 2024-12-05T16:06:11.176Z

Learnt from: sandeepdsvs
Repo: rudderlabs/rudder-integrations-config PR: 1830
File: src/configurations/destinations/http/ui-config.json:476-477
Timestamp: 2024-12-05T16:06:11.176Z
Learning: The regex patterns in `src/configurations/destinations/http/ui-config.json` for the "Destination property" and "RudderStack property" fields correctly validate JSON paths and appropriately throw errors for invalid inputs.

Applied to files:

• test/validator/validator.test.ts
• src/validator/index.ts

🧬 Code graph analysis (1)

test/validator/validator.test.ts (1)

src/validator/index.ts (1)

• validateDestinationDefinitions (198-229)

🔇 Additional comments (63)

src/configurations/destinations/iterable/db-config.json (1)

175-175: Approved: No issues found.

The change correctly removes apiKey from secretKeys. The schema shows apiKey is required at the root level, and since web supports device mode, removing it from secretKeys aligns with the PR objective.

The remaining field registerDeviceOrBrowserApiKey should remain marked secret—it is not required by device-mode integrations. The schema defines it as an optional property with no conditional requirement when connectionMode.web equals "device". Only apiKey and dataCenter are required at the root level, and the device-mode condition only requires packageName (per the anyOf rule). The PR objective applies only to required fields, not optional ones.

src/configurations/destinations/satismeter/db-config.json (1)

51-51: Correct application of secret field exposure prevention.

The removal of writeKey from secretKeys is consistent with the PR objectives: writeKey is included in the device-mode integration's exposed keys, so marking it as secret violates the rule that secret fields cannot be required by device-mode integrations.

src/configurations/destinations/pendo/db-config.json (1)

36-36: Correct application of secret field exposure prevention.

The removal of apiKey from secretKeys is correct: apiKey is in the includeKeys exposed to device-mode, so it cannot be marked as secret per the PR rules.

src/configurations/destinations/tiktok_ads/db-config.json (1)

133-133: Correct selective secret field removal.

The removal of pixelCode from secretKeys while retaining accessToken is correct: pixelCode is in includeKeys and required for device-mode (web), while accessToken is not in includeKeys, so it properly remains marked as secret.

src/configurations/destinations/livechat/db-config.json (1)

49-49: Correct application of secret field exposure prevention.

The removal of licenseId from secretKeys is correct: licenseId is in includeKeys and required for device-mode integration, so it cannot be marked as secret.

src/configurations/destinations/active_campaign/db-config.json (1)

130-130: Correct selective secret field removal.

The removal of actid from secretKeys while retaining apiKey and eventKey is correct: actid is in includeKeys and required for device/hybrid-mode, while apiKey and eventKey are not in includeKeys, so they properly remain marked as secret.

src/configurations/destinations/reddit_pixel/db-config.json (1)

43-43: Correct application of secret field exposure prevention.

The removal of advertiserId from secretKeys is correct: advertiserId is in includeKeys and required for device-mode integration, so it cannot be marked as secret.

src/configurations/destinations/xpixel/db-config.json (1)

43-43: Correct application of secret field exposure prevention.

The removal of pixelId from secretKeys is correct: pixelId is in includeKeys and required for device-mode integration, so it cannot be marked as secret.

src/configurations/destinations/convertflow/db-config.json (1)

47-47: Correct application of secret field exposure prevention.

The removal of websiteId from secretKeys is correct: websiteId is in includeKeys and required for device-mode integration, so it cannot be marked as secret.

src/configurations/destinations/sentry/db-config.json (1)

61-61: ✓ Correct fix for secret exposure violation.

Removing dsn from secretKeys is correct since it's included in includeKeys and device-mode is supported, making it automatically exposed in source configuration responses anyway.

package.json (1)

21-21: ✓ Minor utility script addition.

The clean script is a convenience utility to remove node_modules. No functional impact on the PR objectives.

src/configurations/destinations/engage/db-config.json (1)

128-128: ✓ Correct fix for secret exposure violation.

Removing privateKey from secretKeys is appropriate since it's in includeKeys and device-mode is supported. Secrets exposed via includeKeys defeat the purpose of marking them secret.

src/configurations/destinations/quora_pixel/db-config.json (1)

43-43: ✓ Correct fix for secret exposure violation.

Removing pixelId from secretKeys is the right fix since it's in includeKeys with device-mode support, making it automatically exposed.

src/configurations/destinations/appcenter/db-config.json (1)

86-86: ✓ Correct fix for secret exposure violation.

Removing appSecret from secretKeys is appropriate since it's in includeKeys and device-mode is supported across multiple platforms.

src/configurations/destinations/bugsnag/db-config.json (1)

56-56: ✓ Correct fix for secret exposure violation.

Removing apiKey from secretKeys is the right approach since it's in includeKeys with device-mode support, making it exposed in source configurations.

src/configurations/destinations/gainsight_px/db-config.json (1)

131-131: ✓ Correct selective fix for partial secret exposure violation.

This change properly distinguishes between:

• productTagKey (removed from secretKeys because it's in includeKeys and exposed)
• apiKey (kept in secretKeys because it's NOT in includeKeys and remains hidden)

This selective approach correctly addresses only the actual violation.

src/configurations/destinations/adj/db-config.json (1)

141-141: ✓ Correct fix for secret exposure violation.

Removing appToken from secretKeys is appropriate since it's in includeKeys and device-mode is supported across multiple platforms (android, ios, flutter, unity).

src/configurations/destinations/singular/db-config.json (1)

130-130: ✓ Correct handling of device-mode-required credentials.

Removing apiKey and apiSecret from secretKeys while keeping them in includeKeys aligns with the PR objective: fields required by device-mode integrations (android, ios, reactnative, cordova) cannot be marked secret since device SDKs need direct access.

src/configurations/destinations/kochava/db-config.json (1)

129-129: ✓ Correct exposure of device-required credential.

Clearing secretKeys for apiKey is correct, as device modes (android, ios, flutter) require it. Keeping it in includeKeys ensures it's available via the source config endpoint.

src/configurations/destinations/posthog/db-config.json (1)

142-142: ✓ Correct handling of device-accessible credential.

teamApiKey is appropriately removed from secretKeys since web platform supports device mode and requires this credential. It remains in includeKeys for proper exposure.

src/configurations/destinations/yandex_metrica/db-config.json (1)

55-55: ✓ Appropriate de-secreting of device-only credential.

tagId correctly removed from secretKeys since web (the only supported source type) exclusively uses device mode and requires this field. Remains in includeKeys.

src/configurations/destinations/dcm_floodlight/db-config.json (1)

143-143: ✓ Correct de-secreting for device-mode support.

Removing advertiserId from secretKeys is correct since web platform supports device mode and needs this credential. Kept in includeKeys for proper exposure.

src/configurations/destinations/stormly/db-config.json (1)

7-7: ✓ Correct handling of cloud-only secret.

Removing apiKey from includeKeys while keeping it in secretKeys is correct. Since Stormly only supports cloud mode (no device/hybrid), apiKey is a true server-side secret and should not be exposed via includeKeys.

src/configurations/destinations/profitwell/db-config.json (1)

127-127: ✓ Correct differentiation between public and private credentials.

Removing publicApiKey from secretKeys is appropriate since web platform supports device mode and requires this credential. privateApiKey correctly remains secret as it's only used server-side.

src/configurations/destinations/clevertap/db-config.json (1)

138-138: ✓ Correct de-secreting of device-required credentials.

Clearing secretKeys is correct since multiple platforms support device mode (android, web, ios, reactnative) and require accountToken and passcode from defaultConfig. These fields remain in includeKeys for proper exposure.

src/configurations/destinations/bingads/db-config.json (1)

44-44: Changes correctly align with secret field constraints.

Removing tagID from secretKeys is correct because tagID is in includeKeys and device mode is supported. Secret fields cannot be exposed to client-side SDKs.

src/configurations/destinations/customerio/db-config.json (1)

144-144: Correct removal of apiKey from secretKeys.

apiKey is in includeKeys and device modes are supported for multiple source types (web, android, ios). Secret fields cannot be exposed to client-side SDKs, so this change is correct.

src/configurations/destinations/sendinblue/db-config.json (1)

132-132: Correct selective updating of secretKeys.

This change properly distinguishes between fields:

• Removed clientKey from secretKeys because it's in includeKeys (exposed to device SDK)
• Retained apiKey as secret because it's NOT in includeKeys (not exposed to client)

This correctly applies the rule that only truly secret (non-exposed) fields should be marked as secret.

src/configurations/destinations/qualaroo/db-config.json (1)

51-51: Correct emptying of secretKeys for exposed fields.

Both customerId and siteToken are in includeKeys and device mode is supported. These cannot be marked as secret since they're exposed to the client-side SDK.

src/configurations/destinations/podsights/db-config.json (1)

45-45: Correct removal of pixelId from secretKeys.

pixelId is in includeKeys and device mode is supported. Since it's exposed to the client-side SDK, it cannot be marked as secret.

src/configurations/destinations/snapengage/db-config.json (1)

45-45: Correct removal of widgetId from secretKeys.

widgetId is in includeKeys and device mode is supported. Since it's exposed to the client-side SDK, it cannot be marked as secret.

src/configurations/destinations/leanplum/db-config.json (1)

148-148: Correct removal of clientKey from secretKeys.

clientKey is in includeKeys and device/hybrid modes are supported for multiple source types. Since it's exposed to client-side SDKs, it cannot be marked as secret.

src/configurations/destinations/kissmetrics/db-config.json (1)

126-126: Correct removal of apiKey from secretKeys.

apiKey is in includeKeys and device mode is supported. Since it's exposed to the client-side SDK, it cannot be marked as secret.

src/configurations/destinations/persistiq/db-config.json (1)

7-7: Removal of apiKey from includeKeys is correct.

Since persistiq has no device-mode integrations and apiKey is marked as secret (line 107), removing it from includeKeys correctly enforces the rule that truly secret fields must not be included in includeKeys.

src/configurations/destinations/june/db-config.json (1)

119-119: Correct removal of apiKey from secretKeys.

Since June's web integration supports device mode (line 37) and apiKey is in includeKeys (line 8) and defaultConfig (line 50), it cannot be marked as secret per the rule that secret fields must not be required by device-mode integrations.

src/configurations/destinations/lemnisk/db-config.json (1)

134-134: Correct removal of sdkWriteKey from secretKeys.

Since sdkWriteKey is in includeKeys (line 8) and required by web's device mode configuration (line 66), it correctly cannot remain in secretKeys. The retained secret keys (apiKey, passKey, plWriteKey, diapiWriteKey) are used only in cloud/server-side configurations and appropriately remain secret.

src/configurations/destinations/spotifyPixel/db-config.json (1)

45-45: Correct removal of pixelId from secretKeys.

SpotifyPixel supports device mode only (line 26), and pixelId is required for all modes (in defaultConfig at line 30 and includeKeys at line 8). It correctly cannot be marked as secret.

src/configurations/destinations/comscore/db-config.json (1)

72-72: Correct removal of publisherId from secretKeys.

Comscore supports only device modes (android/device, ios/device, web/device), and publisherId is required for all modes (in defaultConfig at line 36 and includeKeys at line 7). It correctly cannot be marked as secret.

src/configurations/destinations/mouseflow/db-config.json (1)

41-41: Correct removal of websiteId from secretKeys.

Mouseflow supports device mode only (line 24), and websiteId is required for all modes (in defaultConfig at line 28 and includeKeys at line 8). It correctly cannot be marked as secret.

src/configurations/destinations/axeptio/db-config.json (1)

43-43: Correct removal of clientId from secretKeys.

Axeptio supports device mode only (line 25), and clientId is required for all modes (in defaultConfig at line 29 and includeKeys at line 8). It correctly cannot be marked as secret.

src/configurations/destinations/commandbar/db-config.json (1)

36-36: Correct removal of orgId from secretKeys.

CommandBar supports device mode only (line 24), and orgId is required for all modes (in defaultConfig at line 27 and includeKeys at line 8). It correctly cannot be marked as secret.

src/configurations/destinations/rollbar/db-config.json (1)

55-55: Correctly removes accessToken from secretKeys.

Since accessToken is included in includeKeys and the destination supports device mode (web), marking it as secret would violate the PR constraint that fields required by device-mode integrations cannot be marked secret. This change aligns with the PR's objective to prevent secret exposure in device-mode contexts.

src/configurations/destinations/mp/db-config.json (1)

186-186: Correctly refines secretKeys to exclude device-mode-exposed fields.

The removal of "token" from secretKeys is correct—token appears in includeKeys and is required by device mode (web). Retaining only gdprApiToken (which is properly excluded from includeKeys) maintains the PR's constraint that truly secret fields must not be in includeKeys.

src/configurations/destinations/qualtrics/db-config.json (1)

63-63: Correctly removes projectId from secretKeys for device-mode compliance.

projectId is in includeKeys and required by device-mode integrations (web, android, ios). Per the PR objective that fields required by device-mode integrations cannot be marked secret, emptying secretKeys is correct.

src/configurations/destinations/criteo/db-config.json (1)

49-49: Correctly removes accountId from secretKeys for device-mode compliance.

accountId is in includeKeys and required by device mode (web). Per the PR constraint, it cannot be marked as a secret.

src/configurations/destinations/snap_pixel/db-config.json (1)

49-49: Correctly removes pixelId from secretKeys for device-mode compliance.

pixelId is in includeKeys and required by device mode (web). Per the PR constraint, it cannot be marked as a secret.

src/configurations/destinations/am/db-config.json (1)

209-209: Correctly refines secretKeys to maintain device-mode compliance and secret separation.

Removing apiKey from secretKeys is correct—it is in includeKeys and required by device mode integrations (web, android, ios, reactnative, flutter). Retaining apiSecret (which is properly absent from includeKeys) upholds the PR constraint that truly secret fields must not be exposed.

src/configurations/destinations/braze/db-config.json (1)

176-176: Correctly refines secretKeys to maintain device-mode compliance and secret separation.

Removing appKey from secretKeys is correct—it is in includeKeys and required by multiple device-mode integrations. Retaining restApiKey (which is properly absent from includeKeys) maintains the constraint that truly secret fields are not exposed via device-mode endpoints.

src/configurations/destinations/candu/db-config.json (1)

7-7: Correctly removes apiKey from includeKeys for cloud-only destination.

Since Candu only supports cloud-mode connections (no device or hybrid modes), apiKey can remain marked as a secret. Removing it from includeKeys prevents secret exposure via the source configuration endpoint while keeping it available in defaultConfig for cloud-mode processing. This aligns with the PR objective.

src/configurations/destinations/rakuten/db-config.json (1)

8-8: LGTM!

Correctly removes mid from includeKeys since it's marked as a secret in secretKeys (line 108). This prevents the merchant ID from being exposed via the source configuration response.

src/configurations/destinations/matomo/db-config.json (1)

73-73: LGTM!

Correctly clears secretKeys since serverUrl and siteId are required for device-mode operation (line 40: "web": ["device"]). Per the PR objectives, fields required by device-mode integrations cannot be marked as secrets because they're automatically exposed via the source configuration endpoint.

src/validator/index.ts (6)

19-23: LGTM!

Clean and well-typed interface for validation rules with description for documentation and a validate function returning validation result with optional error message.

---

26-60: LGTM!

The secretKeys validation rule is well-implemented with proper guards for undefined/null/empty arrays. The logic correctly allows secrets in includeKeys only when they're also in excludeKeys (which takes precedence). The error message is actionable.

---

61-87: LGTM!

The device/hybrid mode validation rule correctly identifies when at least one source type supports device or hybrid mode and enforces that includeKeys must be defined and non-empty in those cases. This ensures configurations sent to client SDKs are explicit.

---

88-138: Commented rules for future enforcement are reasonable.

The TODO comments clearly indicate these rules will be enabled after cleaning up existing destination definitions. This approach allows incremental enforcement without breaking existing configurations.

---

140-153: LGTM!

The error aggregation approach is consistent with the schema validation pattern (both use JSON.stringify for error messages) and allows multiple rule violations to be reported in a single error.

---

225-227: LGTM!

Custom rules are correctly applied after schema validation, ensuring the config structure is valid before semantic validation runs. This layered approach is clean and maintainable.

src/schemas/destinations/db-config-schema.json (2)

298-307: LGTM!

The updated documentation for includeKeys clearly explains the device/hybrid mode requirement and aligns with the validation rule enforced in src/validator/index.ts.

---

309-318: LGTM!

The updated documentation for excludeKeys clarifies the filtering order (applied after includeKeys) and the behavior when keys overlap. This aligns with the validation logic in the secretKeys rule.

test/validator/validator.test.ts (4)

876-893: LGTM!

Minimal schema mock is appropriate for isolating custom validation rule testing from schema constraints. This allows the tests to focus on the custom rule logic.

---

895-1002: LGTM!

Comprehensive test coverage for the secretKeys rule including:

• Basic pass/fail scenarios
• excludeKeys override behavior (secret in both lists should pass)
• Edge cases with empty and undefined arrays
• Multiple secret exposure detection

---

1004-1109: LGTM!

Comprehensive test coverage for the device/hybrid mode rule including:

• Device mode and hybrid mode scenarios
• Missing vs empty includeKeys differentiation
• Cloud-only configurations (should pass without includeKeys)
• Undefined supportedConnectionModes handling
• Multiple source types with mixed modes

---

1134-1158: LGTM!

Edge case tests appropriately verify:

• Undefined config fails schema validation (config is required)
• Null config properties pass since Array.isArray(null) returns false, treating them as "not defined"

This documents the defensive behavior of the validation rules.

[devops-github-rudderstack]

This PR is considered to be stale. It has been open for 20 days with no further activity thus it is going to be closed in 7 days. To avoid such a case please consider removing the stale label manually or add a comment to the PR.

[devops-github-rudderstack]

This PR is considered to be stale. It has been open for 20 days with no further activity thus it is going to be closed in 7 days. To avoid such a case please consider removing the stale label manually or add a comment to the PR.