Parfii-bot fdb6939015 fix(provision/b4): exec.rs redacts args + truncates stderr ... MEDIUM info-disclosure: run_json_strict + run_void formatted error messages with full argv + full stderr. Today argv has no secrets (env-only per RULE 0.8) but: - Future refactor could pass --api-key inline → secret in logs - vultr-cli stderr echoes request URLs with query params → enumeration Fix: - redact_args() → "bin_name <N args>" (argv hidden) - truncate_stderr() → first 200 chars + "... (truncated)", UTF-8 safe - Docstring: // DO NOT pass secrets as CLI args — env-only per RULE 0.8 Tests: 11/11 (was 8, +3: redaction asserts no argv in error, stderr truncation + Cyrillic UTF-8 safety) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-04-23 05:30:33 +08:00
..
backends	feat(convergence/u3): kei-provision Rust crate — unify hetzner+vultr provisioners	2026-04-23 03:43:40 +08:00
b64.rs	feat(convergence/u3): kei-provision Rust crate — unify hetzner+vultr provisioners	2026-04-23 03:43:40 +08:00
backend.rs	feat(convergence/u3): kei-provision Rust crate — unify hetzner+vultr provisioners	2026-04-23 03:43:40 +08:00
exec.rs	fix(provision/b4): exec.rs redacts args + truncates stderr	2026-04-23 05:30:33 +08:00
lib.rs	feat(convergence/u3): kei-provision Rust crate — unify hetzner+vultr provisioners	2026-04-23 03:43:40 +08:00
main.rs	feat(convergence/u3): kei-provision Rust crate — unify hetzner+vultr provisioners	2026-04-23 03:43:40 +08:00