fix(claw): show GitHub username and email fields in plain text#2124
Open
kilo-code-bot[bot] wants to merge 2 commits intomainfrom
Open
fix(claw): show GitHub username and email fields in plain text#2124kilo-code-bot[bot] wants to merge 2 commits intomainfrom
kilo-code-bot[bot] wants to merge 2 commits intomainfrom
Conversation
The GitHub username and email fields on the KiloClaw settings page were being masked with disc characters (via ChannelTokenInput) like the PAT field. Only the PAT is sensitive and should be hidden. Add an optional `secret` field to SecretFieldDefinition (defaults to true) and mark githubUsername and githubEmail as `secret: false` so they render as plain text inputs.
Contributor
Author
Code Review SummaryStatus: No Issues Found | Recommendation: Merge Files Reviewed (1 files)
Reviewed by gpt-5.4-20260305 · 183,620 tokens |
…e/email Move the non-secret field decision out of the shared catalog schema and into the UI component. Instead of adding a `secret` boolean to SecretFieldDefinition, use a local PLAIN_TEXT_FIELDS set in SecretEntrySection — matching how CustomSecretsSection already distinguishes plain text inputs from masked ones.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The GitHub username and email fields on the KiloClaw settings page were being masked with disc characters (via
ChannelTokenInput) identically to the Personal Access Token field. Only the PAT is sensitive — username and email should be visible in plain text.This uses a simple
PLAIN_TEXT_FIELDSset inSecretEntrySectionto render a plain<Input>for non-secret fields, following the same patternCustomSecretsSectionalready uses to distinguish plain text inputs (Config Path, Environment Variable Name) from masked ones (Value). No changes to the shared catalog types or schema needed.Changes:
apps/web/src/app/(app)/claw/components/SecretEntrySection.tsx— AddPLAIN_TEXT_FIELDSset forgithubUsernameandgithubEmail; conditionally render plain<Input>for those keys, keepChannelTokenInputfor everything elseVerification
kiloclaw-secret-catalogpackage typechecks cleanly (tsc --noEmit)PLAIN_TEXT_FIELDS.has(field.key)is type-safe (field.keyisstring, set isReadonlySet<string>)Visual Changes
Reviewer Notes
secretboolean toSecretFieldDefinitionSchemain the sharedkiloclaw-secret-catalogpackage. That's unnecessary since this is purely a UI concern — the catalog schema shouldn't need to know about presentation. The simplified approach keeps the decision local to the component, matching the existing pattern inCustomSecretsSection.data-1p-ignorefrom the plain text inputs since username and email aren't sensitive — 1Password autofill is fine for those.Built for Alex Gold by Kilo for Slack