fix(p1-11): redact CLI top-level exception text before stderr

[0xmariowu]

Summary

P1 fix for reports/autosearch-p0-fix-plan.md §11 — autosearch/cli/main.py _exit_query_failure() wrote raw exception text to stderr / JSON output. Secrets embedded in exception messages (API keys, tokens, signed URLs) leaked to terminal output and any logging consumers.

Changes

1. cli/main.py _exit_query_failure(): redact via autosearch.core.redact.redact() before writing to stderr or stdout (JSON path).
2. New unit test test_cli_query_top_level_exception_redacted.
3. New smoke test in test_first_use_flow.py for end-to-end redacted error path via subprocess.

Plan

docs/exec-plans/active/autosearch-0426-p0-fix-plan-execution.md § F013 (S1-S3).

Commits

• 5818a9f test scaffold (S1)
• aab43bb redact before stderr (S2)
• 0064b3b smoke test (S3)

Test plan

• pytest tests/unit/test_mcp_error_redaction.py tests/smoke/test_first_use_flow.py — 7 passed
• pytest tests/unit/ -m "not real_llm and not slow and not network" — 674 passed, 3 skipped
• ruff clean

🤖 Generated with Claude Code

[coderabbitai]

Warning

Rate limit exceeded

@0xmariowu has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 49 minutes and 39 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 49 minutes and 39 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: dfdfe0d6-b0fe-40d9-b60c-603da9231cdc

📥 Commits

Reviewing files that changed from the base of the PR and between 872de34 and 3b867ec.

📒 Files selected for processing (3)

• autosearch/cli/main.py
• tests/smoke/test_first_use_flow.py
• tests/unit/test_mcp_error_redaction.py

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Redacts top-level autosearch query failure messages before they are emitted to stderr or the JSON envelope, preventing secrets embedded in exception text from leaking to terminal output or log consumers.

Changes:

• Apply autosearch.core.redact.redact() inside _exit_query_failure() for both stderr and --json outputs.
• Add a unit test to exercise redaction for a top-level exception from the query pipeline.
• Add an end-to-end smoke test that forces a failing pipeline via sitecustomize.py and asserts redaction in subprocess stderr.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
autosearch/cli/main.py	Redacts query failure messages before emitting them in human and JSON error paths.
tests/unit/test_mcp_error_redaction.py	Adds unit coverage for redacting a top-level query exception message.
tests/smoke/test_first_use_flow.py	Adds subprocess smoke coverage to ensure secrets don’t leak on the CLI error path.