apiVersion: jenkins.io/v1 kind: PipelineActivity metadata: annotations: lighthouse.jenkins-x.io/cloneURI: https://github.com/greencapitaltrade/jarvis.git lighthouse.jenkins-x.io/job: release pipeline.jenkins-x.io/traceID: 08db5b90d8bb62e100b26e1b016bfe6f creationTimestamp: "2026-07-03T14:19:32Z" generation: 6 labels: branch: main build: "72" context: release created-by-lighthouse: "true" event-GUID: 340e3f2a-76ea-11f1-951b-6b85b17f237b lighthouse.jenkins-x.io/baseSHA: f7335a5f108793630b477ceaf47eb8e29a4bba31 lighthouse.jenkins-x.io/branch: main lighthouse.jenkins-x.io/buildNum: "1783088372753" lighthouse.jenkins-x.io/context: release lighthouse.jenkins-x.io/id: capitaltrade-jarvis-main-release-qx4mk lighthouse.jenkins-x.io/job: release lighthouse.jenkins-x.io/lastCommitSHA: f7335a5f108793630b477ceaf47eb8e29a4bba31 lighthouse.jenkins-x.io/refs.org: greencapitaltrade lighthouse.jenkins-x.io/refs.repo: jarvis lighthouse.jenkins-x.io/type: postsubmit owner: greencapitaltrade podName: capitaltrade-jarvis-main-release-6zmkz-from-build-pack-pod provider: github repository: jarvis tekton.dev/pipeline: capitaltrade-jarvis-main-release managedFields: - apiVersion: jenkins.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:labels: f:branch: {} f:context: {} f:owner: {} f:provider: {} f:repository: {} f:spec: f:lastCommitMessage: {} f:lastCommitSHA: {} f:releaseNotesURL: {} f:version: {} manager: jx-changelog-0.10.22 operation: Update time: "2026-07-03T14:25:18Z" - apiVersion: jenkins.io/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:lighthouse.jenkins-x.io/cloneURI: {} f:lighthouse.jenkins-x.io/job: {} f:labels: .: {} f:build: {} f:created-by-lighthouse: {} f:event-GUID: {} f:lighthouse.jenkins-x.io/baseSHA: {} f:lighthouse.jenkins-x.io/branch: {} f:lighthouse.jenkins-x.io/buildNum: {} f:lighthouse.jenkins-x.io/context: {} f:lighthouse.jenkins-x.io/id: {} f:lighthouse.jenkins-x.io/job: {} f:lighthouse.jenkins-x.io/lastCommitSHA: {} f:lighthouse.jenkins-x.io/refs.org: {} f:lighthouse.jenkins-x.io/refs.repo: {} f:lighthouse.jenkins-x.io/type: {} f:podName: {} f:tekton.dev/pipeline: {} f:spec: .: {} f:baseSHA: {} f:batchPipelineActivity: {} f:build: {} f:completedTimestamp: {} f:context: {} f:gitBranch: {} f:gitOwner: {} f:gitRepository: {} f:gitUrl: {} f:message: {} f:pipeline: {} f:startedTimestamp: {} f:status: {} f:steps: {} manager: jx-build-controller operation: Update time: "2026-07-03T14:27:06Z" name: greencapitaltrade-jarvis-main-72 namespace: jx resourceVersion: "157941816" uid: 2c57dc4f-64c8-43ba-8e52-b0800d93b9cd spec: baseSHA: f7335a5f108793630b477ceaf47eb8e29a4bba31 batchPipelineActivity: {} build: "72" buildLogsUrl: s3://logs-gct-prod-20260425045301534100000007/jenkins-x/logs/greencapitaltrade/jarvis/main/72.log completedTimestamp: "2026-07-03T14:26:53Z" context: release gitBranch: main gitOwner: greencapitaltrade gitRepository: jarvis gitUrl: https://github.com/greencapitaltrade/jarvis.git lastCommitMessage: | fix(jarvis): sanitize engineer/fix agent output before posting to GitHub The engineer and ci-fix stages posted the model's raw stdout+stderr straight into public PR/issue bodies (PR "Engineer notes", the no-op analysis comment, the jarvis:main-broken issue, and the jarvis:ci-fixed comment) with no sanitize_for_github pass, unlike every other stage. The engineer worktree carries a copy of ~/.npmrc with the GitHub Packages token; the commit-time guard only blocks that token being committed, not the model echoing it back in prose (e.g. while "verifying" auth). sanitize_for_github() now also scrubs _authToken= assignments and every classic/fine-grained GitHub token prefix (ghp_/gho_/ghu_/ghs_/ghr_/ github_pat_) in addition to its existing thinking-block strip. All four GitHub-posting sites in stage-engineer.sh and stage-fix.sh now pipe agent_out through it before building the posted body. Adds tests/sanitize_for_github_secrets.bats: unit-tests the redaction directly (extracted from bin/lib.sh, not a hand-copied duplicate), asserts each posting site is wired up, and proves end-to-end that a fake token embedded in agent output never survives into a constructed PR body. Co-Authored-By: Claude Sonnet 5 lastCommitSHA: d4a44c2f3e9f6b1ba0bcff0f75f0768a058622bd message: 'Tasks Completed: 1 (Failed: 0, Cancelled 0), Skipped: 0' pipeline: greencapitaltrade/jarvis/main releaseNotesURL: https://github.com/greencapitaltrade/jarvis/releases/tag/v0.13.1 startedTimestamp: "2026-07-03T14:19:32Z" status: Succeeded steps: - kind: Stage stage: completedTimestamp: "2026-07-03T14:26:53Z" name: from build pack startedTimestamp: "2026-07-03T14:19:51Z" status: Succeeded steps: - completedTimestamp: "2026-07-03T14:19:52Z" name: Git Clone startedTimestamp: "2026-07-03T14:19:51Z" status: Succeeded - completedTimestamp: "2026-07-03T14:19:55Z" name: Next Version startedTimestamp: "2026-07-03T14:19:53Z" status: Succeeded - completedTimestamp: "2026-07-03T14:20:07Z" name: Jx Variables startedTimestamp: "2026-07-03T14:20:04Z" status: Succeeded - completedTimestamp: "2026-07-03T14:22:08Z" name: Build Test startedTimestamp: "2026-07-03T14:20:10Z" status: Succeeded - completedTimestamp: "2026-07-03T14:22:09Z" name: Check Registry startedTimestamp: "2026-07-03T14:22:09Z" status: Succeeded - completedTimestamp: "2026-07-03T14:24:56Z" name: Build Container Build startedTimestamp: "2026-07-03T14:22:09Z" status: Succeeded - completedTimestamp: "2026-07-03T14:25:18Z" name: Promote Changelog startedTimestamp: "2026-07-03T14:24:57Z" status: Succeeded - completedTimestamp: "2026-07-03T14:25:22Z" name: Promote Helm Release startedTimestamp: "2026-07-03T14:25:18Z" status: Succeeded - completedTimestamp: "2026-07-03T14:26:07Z" name: Promote Jx Promote startedTimestamp: "2026-07-03T14:25:22Z" status: Succeeded - completedTimestamp: "2026-07-03T14:26:53Z" name: Publish Org Kb startedTimestamp: "2026-07-03T14:26:08Z" status: Succeeded - kind: Promote promote: environment: production pullRequest: pullRequestURL: https://github.com/greencapitaltrade/mcu/pull/4590 startedTimestamp: "2026-07-03T14:26:04Z" status: Succeeded startedTimestamp: "2026-07-03T14:26:04Z" status: Succeeded version: 0.13.1 status: {}