rename secrets.py to credential_store.py, enhance /status, add usage tracking

- Rename src/secrets.py → src/credential_store.py (avoid stdlib conflict) - Enhanced /status command: uptime, tokens, cost, context window usage - Session metadata now tracks input/output tokens, cost, duration - _safe_env() changed from allowlist to blocklist approach - Better Claude CLI error logging Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-13 17:54:59 +00:00
parent 0ecfa630eb
commit 85c72e4b3d
7 changed files with 155 additions and 39 deletions
--- a/tests/test_claude_session.py
+++ b/tests/test_claude_session.py
@@ -131,17 +131,18 @@ class TestSafeEnv:
        assert "CLAUDECODE" not in env

    def test_excludes_api_keys(self, monkeypatch):
-        monkeypatch.setenv("OPENAI_API_KEY", "sk-xxx")
-        monkeypatch.setenv("ANTHROPIC_API_KEY", "sk-ant-xxx")
+        monkeypatch.setenv("API_KEY", "sk-xxx")
+        monkeypatch.setenv("SECRET", "sk-ant-xxx")
        env = _safe_env()
-        assert "OPENAI_API_KEY" not in env
-        assert "ANTHROPIC_API_KEY" not in env
+        assert "API_KEY" not in env
+        assert "SECRET" not in env

-    def test_only_passthrough_keys(self, monkeypatch):
-        monkeypatch.setenv("RANDOM_SECRET", "bad")
+    def test_strips_all_blocked_keys(self, monkeypatch):
+        for key in claude_session._ENV_STRIP:
+            monkeypatch.setenv(key, "bad")
        env = _safe_env()
-        for key in env:
-            assert key in claude_session._ENV_PASSTHROUGH
+        for key in claude_session._ENV_STRIP:
+            assert key not in env


 # ---------------------------------------------------------------------------
--- a/tests/test_secrets.py
+++ b/tests/test_secrets.py
@@ -5,7 +5,7 @@ import pytest
 from unittest.mock import patch
 from pathlib import Path

-from src.secrets import (
+from src.credential_store import (
    SERVICE,
    REQUIRED_SECRETS,
    set_secret,
@@ -48,9 +48,9 @@ def mock_keyring():
    """Patch keyring globally for every test so the real keyring is never touched."""
    fake = FakeKeyring()
    with (
-        patch("src.secrets.keyring.get_password", side_effect=fake.get_password),
-        patch("src.secrets.keyring.set_password", side_effect=fake.set_password),
-        patch("src.secrets.keyring.delete_password", side_effect=fake.delete_password),
+        patch("src.credential_store.keyring.get_password", side_effect=fake.get_password),
+        patch("src.credential_store.keyring.set_password", side_effect=fake.set_password),
+        patch("src.credential_store.keyring.delete_password", side_effect=fake.delete_password),
    ):
        yield fake