OptionsDescription audit: clean transport rendering + secret-safe connection info#2549
Merged
Conversation
Clean up how Endpoint and ITransport implementations render in
OptionsDescription so that `wolverine describe` output and the
CritterWatch diagnostic UI no longer show raw ToString() noise
or silently drop useful structure.
Transport + base changes:
- RabbitMQ, Kafka, SQS, SNS, Azure Service Bus, Redis, Pulsar,
SignalR, MQTT, NATS — attribute-decorated every public property
with [IgnoreDescription] (internal/runtime), [ChildDescription]
(structured nested config), [DescribeAsStringArray]
(AmazonSnsTopic.TopicSubscriptions), or
[DescribeAsConfigurationState] (nullable delegate hooks:
Redis DefaultConsumerNameSelector, SignalR AccessTokenProvider,
SQS/SNS CredentialSource).
- Envelope mappers, DeadLetterQueue, AzureServiceBusTopic, Pulsar
DeadLetterTopic/RetryLetterTopic, AmazonSnsSubscription all got
clean ToString() overrides so the default Text fallback is
human-readable.
Error handling:
- FailureRule.ToString() now returns "On {match} — attempt N: {slot};
then repeat: {source}" for the StringArray renderer.
- SendingFailurePolicies : IOptionsValueAsStringArray — renders its
Failures as a per-rule string array instead of a class-name blob.
Bumps JasperFx to 1.26.0, which brings [DescribeAsStringArray] /
IOptionsValueAsStringArray (1.25.0) and [DescribeAsConfigurationState]
(1.26.0), plus the Spectre.Console 0.55 transitive that required
two call-site fixups (Table.Alignment removal in BrokerResource,
AnsiConsole.Render → AnsiConsole.Write in HandlerGraph).
Follow-ups filed as separate issues:
- GH-2547 — secret-safe rendering for transport connection strings
- GH-2548 — RabbitMQ ConnectionFactory as a redacted child description
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…H-2548) Replaces the bare [IgnoreDescription] escape hatch for credential-bearing transport config with targeted secret-safe rendering so `wolverine describe` and the CritterWatch diagnostic UI can show connection info without leaking passwords or shared access keys. - GH-2547: Wolverine.Transports.ConnectionStringRedactor masks known secret keys (case-insensitive) in semicolon-delimited connection strings. * AzureServiceBusTransport exposes ConnectionSummary and ManagementConnectionSummary with SharedAccessKey masked as ****. * RedisTransport exposes ConnectionSummary via the existing StackExchange.Redis ConfigurationOptions.Password-masking helper. The raw ConnectionString / ManagementConnectionString properties remain [IgnoreDescription] so the secret never appears in the rendered output. - GH-2548: RabbitMqConnectionDescription is an IDescribeMyself wrapper exposing non-secret ConnectionFactory fields (HostName, Port, VirtualHost, UserName, heartbeat, SSL settings). RabbitMqTransport surfaces it as ConnectionDescription with [ChildDescription]; the raw ConnectionFactory remains [IgnoreDescription]. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced Apr 21, 2026
Closed
This was referenced May 2, 2026
This was referenced May 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Sweeps every
EndpointandITransportimplementation so thatwolverine describeoutput (and anything that consumes theOptionsDescriptiontree, e.g. CritterWatch) renders cleanly instead of leaking rawToString()class names, dumpingnullas"None"for nested objects, or silently skipping structured config as "generic enumerable."Two commits, each independently reviewable:
OptionsDescription audit across all transports— 40 files. Every transport's public properties now have one of[IgnoreDescription]/[ChildDescription]/[DescribeAsStringArray]/[DescribeAsConfigurationState], plusToString()overrides on mappers,DeadLetterQueue,AzureServiceBusTopic, the Pulsar dead/retry topic types, andAmazonSnsSubscription.FailureRulegets a readableToString()andSendingFailurePoliciesimplementsIOptionsValueAsStringArrayso failure policies render as one entry per rule.Render connection credentials safely in OptionsDescription (GH-2547, GH-2548)— 5 files.ConnectionStringRedactormasksSharedAccessKey=/password=in semicolon-delimited connection strings.AzureServiceBusTransportexposesConnectionSummary+ManagementConnectionSummary;RedisTransportexposesConnectionSummary.RabbitMqConnectionDescription : IDescribeMyselfwrapsConnectionFactorywith only the non-secret fields (host, port, vhost, user, heartbeat, SSL).RabbitMqTransport.ConnectionDescriptionsurfaces it as[ChildDescription].Bumps
JasperFxto 1.26.0, which bringsIOptionsValueAsStringArray+[DescribeAsStringArray](1.25.0) and[DescribeAsConfigurationState](1.26.0). The Spectre.Console 0.55 transitive required two small fixups:Table.Alignmentremoval inBrokerResource, andAnsiConsole.Render→AnsiConsole.WriteinHandlerGraph.ISystemDescribedPart.Closes GH-2547.
Closes GH-2548.
Test plan
dotnet build wolverine_slim.slnx— 0 errorsCoreTestsDescriptors suite in JasperFx — 22/22 pass × net8/net9/net10wolverine describeagainst a sample app with each transport configured; verify:ChildDescriptionblocks appear forBufferingLimits,CircuitBreakerOptions,ClientOptions,ConnectionDescription, etc.SendingFailurePoliciesrenders as one string per rule, not as a class nameCredentialSource,DefaultConsumerNameSelector,AccessTokenProvider) render as"Configured"or"Default"AmazonSnsTopic.TopicSubscriptionsrenders as a string arrayChildren/StringArrayvalues correctly (theOptionsDescriptionViewrecurses generically — no frontend changes needed)🤖 Generated with Claude Code