Skip to content

fix: prevent HF token leakage into Nostr events and pipeline artifacts#64

Merged
kurt-croix merged 1 commit into
mainfrom
fix/hf-token-leak-prevention
Jul 8, 2026
Merged

fix: prevent HF token leakage into Nostr events and pipeline artifacts#64
kurt-croix merged 1 commit into
mainfrom
fix/hf-token-leak-prevention

Conversation

@kurt-croix

Copy link
Copy Markdown
Owner

Problem

Process Episodes workflow failing daily since push protection blocks transcript commits:

remote: - GITHUB PUSH PROTECTION
remote:   —— Hugging Face User Access Token ————————————————————
remote:     locations:
remote:       - commit: a2060916d259c3ec4f6228de54c28f614e3c58cd
remote:         path: .transcript-mapping.json:7

Root cause: livestream recording URL carries ?token=hf_... → flows unchanged through extractRecordingUrl → episode audio tag → saved into .transcript-mapping.json → push protection blocks commit. Worse, same token gets republished to Nostr relays on every episode update (real public leak).

Changes (this PR)

  • scripts/lib/conversion-utils.ts: add redactUrlSecrets() (strips token/hf_token/access_token/jwt query params + inline hf_... literals) and redactEventSecrets() (scrubs entire event). extractRecordingUrl() now redacts before returning.
  • scripts/transcribe-audio.ts: sanitize every result event via redactEventSecrets before writing mapping JSON.
  • .gitignore: ignore .episodes-to-transcribe.json, .transcript-mapping.json, .show-notes-mapping.json.
  • Untrack two currently-tracked mapping files.

Smoke-tested: HF token query stripped, inline literals [REDACTED], clean URLs untouched. tsc + ESLint clean on touched files.

Follow-up commit (needs workflow OAuth scope)

--- a/.github/workflows/process-episodes.yml
+++ b/.github/workflows/process-episodes.yml
@@ -102,7 +102,6 @@
           git config --local user.email "github-actions[bot]@users.noreply.github.com"
           git config --local user.name "github-actions[bot]"
           git add transcripts/
-          git add .transcript-mapping.json || true
           git diff --staged --quiet || git commit -m "chore: add episode transcripts"

Held back from this push — push token lacks workflow scope. Apply after gh auth refresh -s workflow.

Required operator actions (code cannot)

  1. Rotate the leaked Hugging Face token — it was published to Nostr relays via episode events. Revoke at https://huggingface.co/settings/tokens.
  2. Verify HF_TOKEN GitHub secret on kurt-croix/podstr belongs to kurt-croix, not auggie-lahey.
  3. Republish source livestream event(s) whose download/recording/streaming URL contains ?token=hf_... — repoint to kurt-croix HF space or token-free source. Otherwise the next run republishes the same leak.
  4. Optionally republish existing episode events with redacted audio URLs.

Vibed with MKStack

Livestream recording URLs can carry a Hugging Face access token in a
query param (e.g. ?token=hf_...). Previously this URL flowed unchanged
through extractRecordingUrl -> episode 'audio' tag -> .transcript-mapping.json,
which GitHub push protection blocks (failing the Process Episodes workflow),
and the same token was republished to Nostr relays on every episode update.

Changes:
- scripts/lib/conversion-utils.ts: add redactUrlSecrets() (strips token /
  hf_token / access_token / jwt query params + inline hf_... literals) and
  redactEventSecrets() (scrubs an entire NostrEvent). extractRecordingUrl()
  now redacts before returning and warns when it changed something.
- scripts/transcribe-audio.ts: sanitize every result event via
  redactEventSecrets before writing .transcript-mapping.json.
- .gitignore: ignore .episodes-to-transcribe.json, .transcript-mapping.json,
  .show-notes-mapping.json so they cannot sneak back in.
- Untrack the two currently-tracked mapping files.

Note: previously published episode events may still carry a token-bearing
audio URL on Nostr relays. Source livestream events should be republished
without the token, and any leaked HF token rotated.

Workflow yaml change (.github/workflows/process-episodes.yml: drop the
'git add .transcript-mapping.json || true' line from the Commit transcripts
step) is held back until the push token's OAuth workflow scope is granted;
will be applied in a follow-up commit.
@kurt-croix
kurt-croix merged commit 06d1d50 into main Jul 8, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant