From 3763b6c48c72da5b9b09b07269c7e4dd6e240893 Mon Sep 17 00:00:00 2001
From: Utkarsh patrikar <137105846+utkarsh232005@users.noreply.github.com>
Date: Mon, 8 Jun 2026 19:15:14 +0530
Subject: [PATCH] Potential fix for code scanning alert no. 3: Clear-text
 logging of sensitive information

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/commands/auth.ts | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/commands/auth.ts b/src/commands/auth.ts
index 6621131..f3049a8 100644
--- a/src/commands/auth.ts
+++ b/src/commands/auth.ts
@@ -67,15 +67,12 @@ const parseCustomHeaders = (headers: string[]): Record<string, string> => {
 };
 
 /**
- * Masks secrets/API keys to avoid leaking them in plain text display.
+ * Returns a non-sensitive credential status for display.
  * @param provider The AI provider configuration.
- * @returns Masked representation.
+ * @returns '(set)' when a password exists, otherwise '(not set)'.
  */
 const getMaskedSecret = (provider: AIProviderConfig): string => {
-  const secret = provider.password;
-  if (!secret) return '(not set)';
-  if (secret.length <= 8) return '********';
-  return `${secret.substring(0, 4)}...${secret.substring(secret.length - 4)}`;
+  return provider.password ? '(set)' : '(not set)';
 };
 
 /**