Skip to content

RSPEED-3297: remove dead rlsapi_v1 error redactor #1990

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tisnik merged 1 commit into from
Jun 25, 2026
+0 −41
Merged

RSPEED-3297: remove dead rlsapi_v1 error redactor #1990

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 0 additions & 21 deletions src/app/endpoints/rlsapi_v1.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@
"""

import functools
import re
import time
from datetime import UTC, datetime
from typing import Annotated, Any, Optional, cast
Expand Down Expand Up @@ -84,9 +83,6 @@ class TemplateRenderError(Exception):
OpenAIAPIStatusError,
)

_PRIVATE_ERROR_BLOCK_PATTERN = re.compile(r"\bPRIVATE\b[^\r\n,;)]*", re.IGNORECASE)
_SECRET_KEY_PATTERN = re.compile(r"\bsk-[A-Za-z0-9][A-Za-z0-9_-]*")


infer_responses: dict[int | str, dict[str, Any]] = {
200: RlsapiV1InferResponse.openapi_response(),
Expand All @@ -103,23 +99,6 @@ class TemplateRenderError(Exception):
}


def _redact_sensitive_error_text(error_text: str) -> str:
"""Redact sensitive substrings from backend error text before telemetry.

Backend exceptions can include provider request snippets or credentials in
their string representation. Splunk events need enough context to explain
the failure, but they must not contain private prompt blocks or API keys.

Args:
error_text: Raw exception string returned by ``str(error)``.

Returns:
Error text with known sensitive substrings replaced by placeholders.
"""
redacted_text = _PRIVATE_ERROR_BLOCK_PATTERN.sub("PRIVATE [REDACTED]", error_text)
return _SECRET_KEY_PATTERN.sub("sk-[REDACTED]", redacted_text)


def _build_instructions(systeminfo: RlsapiV1SystemInfo) -> str:
"""Build LLM instructions by rendering the system prompt as a Jinja2 template.

Expand Down
20 changes: 0 additions & 20 deletions tests/unit/app/endpoints/test_rlsapi_v1.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@
_build_instructions,
_compile_prompt_template,
_get_default_model_id,
_redact_sensitive_error_text,
_resolve_quota_subject,
infer_endpoint,
retrieve_simple_response,
Expand Down Expand Up @@ -246,25 +245,6 @@ def test_build_instructions_no_customization(mocker: MockerFixture) -> None:
assert result == constants.DEFAULT_SYSTEM_PROMPT


@pytest.mark.parametrize(
("error_text", "expected"),
[
(
"APIStatusError: PRIVATE prompt sk-backend-secret failed",
"APIStatusError: PRIVATE [REDACTED]",
),
(
"provider rejected token sk-proj-secret_key with status 401",
"provider rejected token sk-[REDACTED] with status 401",
),
],
ids=["private_block", "secret_key"],
)
def test_redact_sensitive_error_text(error_text: str, expected: str) -> None:
"""Test backend error text redaction removes prompt and key secrets."""
assert _redact_sensitive_error_text(error_text) == expected


# --- Test Jinja2 template rendering ---


Expand Down
Loading