fix(security): keep orchestrator secrets off argv and logs (#1242)

Co-authored-by: src-opn <src-opn@users.noreply.github.com>
2026-04-25 17:15:34 +02:00 · 2026-03-30 17:23:14 -07:00
parent 1600702bbe
commit 41ff05cdb8
6 changed files with 272 additions and 93 deletions
--- a/apps/orchestrator/README.md
+++ b/apps/orchestrator/README.md
@@ -69,10 +69,10 @@ pnpm --filter openwork-orchestrator dev -- \

 When `OPENWORK_DEV_MODE=1` is set, orchestrator uses an isolated OpenCode dev state for config, auth, data, cache, and state. OpenWork's repo-level `pnpm dev` commands enable this automatically so local development does not reuse your personal OpenCode environment.

-The command prints pairing details (OpenWork server URL + token, OpenCode URL + auth) so remote OpenWork clients can connect.
+The command prints pairing URLs by default and withholds live credentials from stdout to avoid leaking them into shell history or collected logs. Use `--json` only when you explicitly need the raw pairing secrets in command output.

 Use `--detach` to keep services running and exit the dashboard. The detach summary includes the
-OpenWork URL, tokens, and the `opencode attach` command.
+OpenWork URL and a redacted `opencode attach` command, while keeping live credentials out of the detached summary.

 ## Sandbox mode (Docker / Apple container)