github nirvana-labs/nirvana-cli v0.44.1
on GitHub

11 hours ago

0.44.1 (2026-05-08)

Full Changelog: v0.44.0...v0.44.1

Chores

  • internal: codegen related update (e6fe32c)
  • internal: codegen related update (49f85d6)
  • redact api-key headers in debug logs (fe86419)

This pull request is managed by Stainless's GitHub App.

The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.

For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.

🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions

Greptile Summary

This is an automated patch release bumping the CLI to 0.44.1. The primary functional change is hardening the debug middleware to redact sensitive headers (api-key, x-api-key, cookie, set-cookie) before they are written to debug logs. The nirvana-go SDK dependency is also updated from v1.77.1 to v1.79.0.

  • Debug middleware hardening: sensitiveHeaders is populated with four header names; the existing redactRequest loop will now replace their values with <REDACTED> in request dumps.
  • SDK bump: nirvana-go moves from v1.77.1 to v1.79.0; go.sum hashes are updated accordingly.
  • Version bookkeeping: Version constant, CHANGELOG.md, and .release-please-manifest.json all reflect the new 0.44.1 tag.

Confidence Score: 4/5

Safe to merge; the only behavioral change is the debug-log redaction feature and an SDK version bump.

The request-side redaction works correctly for the three request headers (api-key, x-api-key, cookie). The set-cookie entry is inert because the response is logged without any redaction pass, so it does not achieve the apparent goal of hiding session cookies from debug output. This is a minor gap in an opt-in debug facility rather than a runtime correctness issue.

internal/debugmiddleware/debug_middleware.go — the response logging path has no redaction counterpart to the request path.

Important Files Changed
Filename Overview
internal/debugmiddleware/debug_middleware.go Adds api-key, x-api-key, cookie, and set-cookie to the sensitive headers redaction list; set-cookie will have no effect since redactRequest only applies to outgoing request headers, not responses
go.mod Bumps nirvana-go dependency from v1.77.1 to v1.79.0
pkg/cmd/version.go Version constant bumped from 0.44.0 to 0.44.1
CHANGELOG.md Adds changelog entry for 0.44.1 release
.release-please-manifest.json Release manifest version bumped from 0.44.0 to 0.44.1

Sequence Diagram

 
sequenceDiagram
    participant C as Caller
    participant M as RequestLogger Middleware
    participant R as redactRequest()
    participant N as Next (HTTP)
    participant L as Logger

    C->>M: HTTP Request
    M->>R: redactRequest(req)
    R->>R: Clone headers
    R->>R: Redact Authorization header
    R->>R: Redact sensitiveHeaders (api-key, x-api-key, cookie, set-cookie)
    R-->>M: redacted request clone
    M->>L: Printf(Request Content)
    M->>N: Forward original req
    N-->>M: HTTP Response
    M->>L: Printf(Response Content) - no redaction applied
Loading
Prompt To Fix All With AI 
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.
Check out latest releases or
releases around nirvana-labs/nirvana-cli v0.44.1

Don't miss a new nirvana-cli release

NewReleases is sending notifications on new releases.

Get notifications