Skip to content

fix: avoid logging connection credentials in the UI#418

Open
DivyamTalwar wants to merge 1 commit into
morphik-org:mainfrom
DivyamTalwar:fix/ui-connection-credential-logs
Open

fix: avoid logging connection credentials in the UI#418
DivyamTalwar wants to merge 1 commit into
morphik-org:mainfrom
DivyamTalwar:fix/ui-connection-credential-logs

Conversation

@DivyamTalwar

Copy link
Copy Markdown

Summary

The UI had several debug logs that could print full Morphik connection URIs, parsed connection objects, extracted token prefixes, or connection-derived URLs. Because Morphik connection URIs can include bearer credentials, this PR keeps only event-level connection debug messages and removes credential-bearing values from the browser console.

Changes

  • Redact connection URI migration, storage cleanup, update, and invalid URL logs in MorphikProvider.
  • Avoid logging parsed connectionInfo, authToken, raw connection URIs, token prefixes, adjacent URI parsing exception objects, and the connection-derived API base URL in the utility path touched by this PR.
  • Keep only non-sensitive diagnostic signals: hadHttpProtocolPrefix, hasConnection, and invalid-URL protocol/value booleans.

Why this matters

Debug logging should not expose bearer credentials or values derived from bearer connection URIs. This reduces accidental credential exposure during local debugging and issue reproduction without changing connection parsing, storage, authorization header creation, or API URL construction behavior.

Tests

Commands run:

  • npm install --package-lock=false from ee/ui-component — passed; installed local dependencies without creating a lockfile.
  • npx next lint --file contexts/morphik-context.tsx --file lib/connection-utils.ts --file lib/utils.ts from ee/ui-component — passed.
  • npx prettier --check contexts/morphik-context.tsx lib/connection-utils.ts lib/utils.ts from ee/ui-component — passed.
  • npx tsc --noEmit --pretty false from ee/ui-component — passed.
  • if rg -n "console\\.(log|debug|info|warn|error)\\([^\\n]*,\\s*(connectionUri|authToken|connectionInfo|storedUri|stored|uri|token|fullToken|authPart|cleanUri|migratedUri|host|url|err)\\b|console\\.(log|debug|info|warn|error)\\([^\\n]*\\{[^\\n]*(connectionUri|authToken|connectionInfo|storedUri|stored|uri|token|fullToken|authPart|cleanUri|migratedUri|host|url|err)\\s*[,}]" ee/ui-component/contexts/morphik-context.tsx ee/ui-component/lib/connection-utils.ts ee/ui-component/lib/utils.ts -S; then echo "raw credential-related console argument remains"; exit 1; else echo "no raw credential-related console arguments found"; fi — passed.
  • git diff --check origin/main...HEAD — passed.

Also run:

  • npm run lint from ee/ui-component — failed on pre-existing unrelated issues in components/ui/button.tsx and components/ui/sheet.tsx, plus existing warnings in chat/settings components.
  • npm run build from ee/ui-component — compiled successfully, then failed at the same existing lint gate unrelated to the touched files.

Risk

Risk level: low

This is a logging-only change. It does not alter the connection URI parser, localStorage persistence behavior, generated authorization headers, or API base URL selection. Rollback is straightforward by restoring the previous console output, though that would reintroduce credential exposure risk.

The tradeoff is that malformed-URI and parsing failure logs now include less debugging context than before. In particular, raw invalid URL values and caught exception objects are no longer logged. Routine diagnosis still gets event-level messages, but deep debugging may require local reproduction or temporary local instrumentation rather than relying on browser logs that can be shared.

Issue

No existing issue.

Notes for maintainers

README examples were intentionally left unchanged because this PR only affects console redaction, not connection URI behavior.

This PR also does not change connection URI persistence or transport/protocol defaults. Those are broader behavior changes that should be reviewed separately from this logging-only hardening.

Connection URI debug logs could include morphik:// values, parsed auth tokens, and connection-derived URLs. Keep event-level debug messages while removing the credential-bearing values.

Constraint: Morphik connection URIs can carry bearer credentials.
Rejected: Removing all UI debug logging | event-only messages preserve useful local diagnosis without printing secrets.
Confidence: high
Scope-risk: narrow
Directive: Do not add URI or token values back to browser console output; log booleans or connection types only.
Tested: npm install --package-lock=false; npx next lint --file contexts/morphik-context.tsx --file lib/connection-utils.ts --file lib/utils.ts; npx prettier --check contexts/morphik-context.tsx lib/connection-utils.ts lib/utils.ts; npx tsc --noEmit --pretty false; credential-bearing console value grep; git diff --check.
Not-tested: npm run lint and npm run build still fail on pre-existing unrelated UI lint issues in components/ui/button.tsx and components/ui/sheet.tsx.
@DivyamTalwar
DivyamTalwar marked this pull request as ready for review July 3, 2026 20:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant