Polygraph runs AI agents across your repositories and streams their logs to the web UI. The first piece of that story is keeping secrets out of those logs.
Token protection
Section titled “Token protection”CLI sign-in uses an OAuth device flow with browser approval. The CLI stores short-lived access tokens and rotating refresh tokens locally, preferring secure credential storage when it is available.
Refresh tokens are single-use and rotate as they are used. If an old refresh token is presented again, Polygraph treats it as possible replay and invalidates the related credentials or session. The CLI may require you to sign in again. Server-side OAuth tokens and approval codes are stored as protected hashes, not plaintext.
polygraph auth logout revokes credentials remotely when possible and clears local credentials.
Secret redaction
Section titled “Secret redaction”Before any agent log leaves your machine, the CLI scans each line for values that look like secrets and replaces them with [REDACTED]. Redaction runs locally and covers both the main agent and child agents.
It masks:
- Private keys, bearer tokens, and prefixed provider tokens (
pypi-,hf_,vercel_, and similar). - Credentials inside connection URLs like
postgres://user:password@host. - Values of secret and connection environment variables (names containing
SECRET,TOKEN,_KEY,_URL, and similar). - Email addresses.
Redaction matches known secret shapes, so treat it as a safety net rather than a guarantee. Don't rely on it to catch a secret you paste into a prompt or print to stdout.