From b5d054f259e52bbb0e1f64040efa1d31923b7389 Mon Sep 17 00:00:00 2001
From: vorotamoroz <vrtmrz@gmail.com>
Date: Sat, 25 Apr 2026 17:09:43 +0900
Subject: [PATCH] Fixed: Issue report generation now redacts
 `remoteConfigurations` connection strings and keeps only the scheme (e.g.
 `sls+https://`), so credentials are not exposed in reports.

Co-authored-by: Copilot <copilot@github.com>
---
 src/lib                                         |  2 +-
 .../features/SettingDialogue/PaneHatch.ts       | 17 +++++++++++++++++
 updates.md                                      |  1 +
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/lib b/src/lib
index 54408cd..5dc3b21 160000
--- a/src/lib
+++ b/src/lib
@@ -1 +1 @@
-Subproject commit 54408cd882b0f3534734ef9be17fdfd087a62c1d
+Subproject commit 5dc3b21d36882607291100e21b494efe396de072
diff --git a/src/modules/features/SettingDialogue/PaneHatch.ts b/src/modules/features/SettingDialogue/PaneHatch.ts
index 92b9326..ebfb377 100644
--- a/src/modules/features/SettingDialogue/PaneHatch.ts
+++ b/src/modules/features/SettingDialogue/PaneHatch.ts
@@ -137,6 +137,23 @@ export function paneHatch(this: ObsidianLiveSyncSettingTab, paneEl: HTMLElement,
                     pluginConfig.accessKey = REDACTED;
                     pluginConfig.secretKey = REDACTED;
                     const redact = (source: string) => `${REDACTED}(${source.length} letters)`;
+                    const toSchemeOnly = (uri: string) => {
+                        try {
+                            return `${new URL(uri).protocol}//`;
+                        } catch {
+                            const matched = uri.match(/^[A-Za-z][A-Za-z0-9+.-]*:\/\//);
+                            return matched?.[0] ?? REDACTED;
+                        }
+                    };
+                    pluginConfig.remoteConfigurations = Object.fromEntries(
+                        Object.entries(pluginConfig.remoteConfigurations || {}).map(([id, config]) => [
+                            id,
+                            {
+                                ...config,
+                                uri: toSchemeOnly(config.uri),
+                            },
+                        ])
+                    );
                     pluginConfig.region = redact(pluginConfig.region);
                     pluginConfig.bucket = redact(pluginConfig.bucket);
                     pluginConfig.pluginSyncExtendedSetting = {};
diff --git a/updates.md b/updates.md
index db215ed..39b918f 100644
--- a/updates.md
+++ b/updates.md
@@ -11,6 +11,7 @@ The head note of 0.25 is now in [updates_old.md](https://github.com/vrtmrz/obsid
 - Fixed a worker-side recursion issue that could raise `Maximum call stack size exceeded` during chunk splitting (related: #855).
 - Improved background worker crash cleanup so pending split/encryption tasks are released cleanly instead of being left in a waiting state (related: #855).
 - On start-up, the selected remote configuration is now applied to runtime connection fields as well, reducing intermittent authentication failures caused by stale runtime settings (related: #855).
+- Issue report generation now redacts `remoteConfigurations` connection strings and keeps only the scheme (e.g. `sls+https://`), so credentials are not exposed in reports.
 
 ## 0.25.57