🛡️ Sentinel: Fix sensitive data leakage in error responses

[AGI-Corporation]

This PR addresses a security vulnerability where sensitive information, specifically JWT tokens and license keys, was being included in error responses sent to the client.

🚨 Severity: MEDIUM

💡 Vulnerability: Exposure of Sensitive Data in Error Messages

🎯 Impact:

Invalid or expired JWT tokens and license keys were included in the params field of ActivepiecesError objects. These objects are serialized and sent to the client by the global error handler in the backend. While the tokens/keys might be invalid or expired, leaking them still provides unnecessary information to potential attackers and can lead to sensitive data being recorded in client-side logs or intercepted.

🔧 Fix:

• Modified packages/shared/src/lib/common/activepieces-error.ts to change the parameter types for INVALID_OR_EXPIRED_JWT_TOKEN and INVALID_LICENSE_KEY to Record<string, never>.
• Updated call sites in packages/server/api/src/app/ee/connection-keys/connection-key.service.ts and packages/server/api/src/app/ee/license-keys/license-keys-controller.ts to stop passing the sensitive data to the error constructor.

✅ Verification:

• Manual code inspection confirms no sensitive data is passed to these error types.
• Ran nx lint on the affected packages to ensure type safety.
• Documented the learning in .jules/sentinel.md.

---

PR created automatically by Jules for task 8744681762830886235 started by @AGI-Corporation

Summary by CodeRabbit

• Bug Fixes
  • Updated error handling to remove sensitive authentication and license information from client-facing error responses.

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 271aa6aa-b20e-4d25-9d25-73b9752f0b83

📥 Commits

Reviewing files that changed from the base of the PR and between f61e720 and 4530b50.

📒 Files selected for processing (4)

• .jules/sentinel.md
• packages/server/api/src/app/ee/connection-keys/connection-key.service.ts
• packages/server/api/src/app/ee/license-keys/license-keys-controller.ts
• packages/shared/src/lib/common/activepieces-error.ts

---

📝 Walkthrough

Walkthrough

This pull request addresses a security vulnerability where JWT tokens and license keys were being exposed in error parameters serialized and sent to clients. The fix removes sensitive data from error instantiations and updates type definitions to prevent future inclusion of sensitive information in error params.

Changes

Cohort / File(s)	Summary
Error Type Definitions packages/shared/src/lib/common/activepieces-error.ts	Updated InvalidJwtTokenErrorParams and InvalidLicenseKeyParams type definitions to use Record<string, never> instead of containing sensitive fields (token and key respectively), preventing sensitive data from being included in error parameters.
Error Instantiations packages/server/api/src/app/ee/connection-keys/connection-key.service.ts, packages/server/api/src/app/ee/license-keys/license-keys-controller.ts	Removed sensitive data (JWT tokens and license keys) from ActivepiecesError params, replacing with empty objects in connection key and license key validation error handlers.
Documentation .jules/sentinel.md	Added sentinel documentation recording the security issue of sensitive data exposure in error parameters and prevention approaches.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A token here, a key tucked there,
But errors should be light and bare!
No secrets in the params field,
The rabbit's wisdom: data sealed. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: fixing sensitive data leakage in error responses, which is the primary objective of the PR.
Description check	✅ Passed	The description provides thorough details about the vulnerability, severity, impact, fixes applied, and verification steps, though it partially deviates from the provided template structure.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sentinel/fix-sensitive-data-leak-in-errors-8744681762830886235

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR mitigates a sensitive-data exposure issue by ensuring credential-like values (JWT tokens, license keys) are no longer included in ActivepiecesError.params, which the server error handler serializes back to clients.

Changes:

• Updated shared error param typings for INVALID_OR_EXPIRED_JWT_TOKEN and INVALID_LICENSE_KEY to disallow passing sensitive fields.
• Removed token/key values from the corresponding ActivepiecesError throw sites in the server API.
• Added a Sentinel learning note documenting the root cause and prevention approach.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
packages/shared/src/lib/common/activepieces-error.ts	Tightens error param types for JWT/license key errors to prevent carrying sensitive values.
packages/server/api/src/app/ee/license-keys/license-keys-controller.ts	Stops including licenseKey in INVALID_LICENSE_KEY error params.
packages/server/api/src/app/ee/connection-keys/connection-key.service.ts	Stops including JWT token values in INVALID_OR_EXPIRED_JWT_TOKEN error params.
.jules/sentinel.md	Documents the incident and the preventative pattern for future changes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.