From 63760a734e026cf3debaf624d3785ded81b13520 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 15 Apr 2026 05:15:52 +0000 Subject: [PATCH 1/2] log(envutil): add debug logging to env var parse fallbacks Add a debug logger to internal/envutil/envutil.go to surface misconfiguration earlier. The logger emits a debug message whenever an environment variable is set but cannot be used (invalid integer, unparseable duration, unrecognized boolean value), helping operators quickly identify why a configured value is being silently ignored. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- internal/envutil/envutil.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/internal/envutil/envutil.go b/internal/envutil/envutil.go index 263ac101..012eb158 100644 --- a/internal/envutil/envutil.go +++ b/internal/envutil/envutil.go @@ -5,8 +5,12 @@ import ( "strconv" "strings" "time" + + "github.com/github/gh-aw-mcpg/internal/logger" ) +var logEnvUtil = logger.New("envutil:envutil") + // GetEnvString returns the value of the environment variable specified by envKey. // If the environment variable is not set or is empty, it returns the defaultValue. func GetEnvString(envKey, defaultValue string) string { @@ -25,6 +29,7 @@ func GetEnvInt(envKey string, defaultValue int) int { if value, err := strconv.Atoi(envValue); err == nil && value > 0 { return value } + logEnvUtil.Printf("GetEnvInt: %s=%q is not a valid positive integer, using default=%d", envKey, envValue, defaultValue) } return defaultValue } @@ -37,6 +42,7 @@ func GetEnvDuration(envKey string, defaultValue time.Duration) time.Duration { if d, err := time.ParseDuration(envValue); err == nil && d > 0 { return d } + logEnvUtil.Printf("GetEnvDuration: %s=%q is not a valid positive duration, using default=%v", envKey, envValue, defaultValue) } return defaultValue } @@ -54,6 +60,7 @@ func GetEnvBool(envKey string, defaultValue bool) bool { case "0", "false", "no", "off": return false } + logEnvUtil.Printf("GetEnvBool: %s=%q is not a recognized boolean value, using default=%v", envKey, envValue, defaultValue) } return defaultValue } From 9def5d0ff6d95c59001fb34c0c2e9dcc72e23239 Mon Sep 17 00:00:00 2001 From: Landon Cox Date: Wed, 15 Apr 2026 10:02:28 -0700 Subject: [PATCH 2/2] fix: sanitize env values in debug logs and fix GetEnvDuration doc Address review feedback: 1. Sanitize raw env values using sanitize.TruncateSecret() in all 3 debug log lines (GetEnvInt, GetEnvDuration, GetEnvBool). Env vars could contain secrets, and debug logs are also written to the file logger, so full values should never be persisted. 2. Update GetEnvDuration doc comment to mention that zero/negative durations also fall back to defaultValue (matching the d > 0 condition in the code and the existing GetEnvInt doc pattern). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- internal/envutil/envutil.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/internal/envutil/envutil.go b/internal/envutil/envutil.go index 012eb158..609ba67a 100644 --- a/internal/envutil/envutil.go +++ b/internal/envutil/envutil.go @@ -7,6 +7,7 @@ import ( "time" "github.com/github/gh-aw-mcpg/internal/logger" + "github.com/github/gh-aw-mcpg/internal/logger/sanitize" ) var logEnvUtil = logger.New("envutil:envutil") @@ -29,20 +30,21 @@ func GetEnvInt(envKey string, defaultValue int) int { if value, err := strconv.Atoi(envValue); err == nil && value > 0 { return value } - logEnvUtil.Printf("GetEnvInt: %s=%q is not a valid positive integer, using default=%d", envKey, envValue, defaultValue) + logEnvUtil.Printf("GetEnvInt: %s=%q is not a valid positive integer, using default=%d", envKey, sanitize.TruncateSecret(envValue), defaultValue) } return defaultValue } // GetEnvDuration returns the time.Duration value of the environment variable specified by envKey. -// If the environment variable is not set, is empty, or cannot be parsed by time.ParseDuration, -// it returns the defaultValue. Accepts any string valid for time.ParseDuration (e.g. "2h", "30m", "90s"). +// If the environment variable is not set, is empty, cannot be parsed by time.ParseDuration, +// or is not positive (> 0), it returns the defaultValue. +// Accepts any string valid for time.ParseDuration (e.g. "2h", "30m", "90s"). func GetEnvDuration(envKey string, defaultValue time.Duration) time.Duration { if envValue := os.Getenv(envKey); envValue != "" { if d, err := time.ParseDuration(envValue); err == nil && d > 0 { return d } - logEnvUtil.Printf("GetEnvDuration: %s=%q is not a valid positive duration, using default=%v", envKey, envValue, defaultValue) + logEnvUtil.Printf("GetEnvDuration: %s=%q is not a valid positive duration, using default=%v", envKey, sanitize.TruncateSecret(envValue), defaultValue) } return defaultValue } @@ -60,7 +62,7 @@ func GetEnvBool(envKey string, defaultValue bool) bool { case "0", "false", "no", "off": return false } - logEnvUtil.Printf("GetEnvBool: %s=%q is not a recognized boolean value, using default=%v", envKey, envValue, defaultValue) + logEnvUtil.Printf("GetEnvBool: %s=%q is not a recognized boolean value, using default=%v", envKey, sanitize.TruncateSecret(envValue), defaultValue) } return defaultValue }