--- title: 'Interactive Shell Privacy' description: 'How OpenSRE redacts secrets from your command history and LLM prompt/response logs, and the controls you have over persistence and cloud telemetry' --- ## Overview The OpenSRE interactive shell persists every line you type to a history file so up-arrow recall and `/history` work across sessions, and separately records each LLM prompt/response turn for local debugging and `/resume`. Incident prompts can include sensitive identifiers and tokens, so the shell: - redacts known token shapes before each entry is written to disk - supports disabling persistence entirely (memory-only mode) - caps how many entries are kept (oldest pruned) - offers a one-shot `/history clear` to wipe the file on demand The history file lives at `~/.opensre/interactive_history`. See [Prompt and response logging](#prompt-and-response-logging) below for the separate LLM turn log and its PostHog forwarding behavior. ## Defaults | Setting | Default | Effect | | --- | --- | --- | | Persistence | **on** | Lines you type are appended to the history file. | | Redaction | **on** | Known token shapes are replaced with `[REDACTED:]` before writing. | | Retention cap | **5000 entries** | Older entries are pruned when the cap is exceeded. | ## Redaction patterns The built-in pattern set targets token shapes that are unique enough to keep false positives on natural-language incident text very low. Each match is replaced with a labeled placeholder. | Kind | Examples | | --- | --- | | `aws_key` | `AKIA…`, `ASIA…` | | `aws_secret` | `aws_secret_access_key=…` | | `github_pat` | `ghp_…`, `github_pat_…` | | `anthropic_key` | `sk-ant-…` | | `openai_key` | `sk-…` | | `slack_token` | `xoxb-…`, `xoxp-…`, `xoxa-…` | | `stripe_key` | `sk_live_…`, `sk_test_…` | | `bearer` | `Bearer ` headers | | `jwt` | `eyJ…` three-segment tokens | | `password` | `--password=…`, `password=…` | | `private_key` | PEM-encoded private keys | Redaction applies only to **persistent history**. The line you typed is still passed to OpenSRE's normal pipeline as you typed it. ## Slash commands | Command | Effect | | --- | --- | | `/history` | Show all persisted entries. | | `/history clear` | Wipe the history file. Up-arrow recall resets on next launch. | | `/history off` | Pause persistence for this session. New entries are not written. | | `/history on` | Resume persistence for this session. | | `/history retention ` | Keep at most N entries on disk. Prunes immediately. | | `/privacy` | Show current persistence + redaction state, retention cap, and threat model. | ## Configuration Settings resolve from (highest wins): 1. Environment variables 2. The `interactive.history` block in `~/.opensre/config.yml` 3. Built-in defaults ### Environment variables | Variable | Default | Effect | | --- | --- | --- | | `OPENSRE_HISTORY_ENABLED` | `1` | Set to `0`/`false`/`off` to skip persistence entirely (in-memory only). | | `OPENSRE_HISTORY_REDACT` | `1` | Set to `0`/`false`/`off` to disable redaction (raw `FileHistory`). | | `OPENSRE_HISTORY_MAX_ENTRIES` | `5000` | Non-negative integer. `0` disables the cap (unlimited). | ### Config file ```yaml interactive: history: enabled: true redact: true max_entries: 5000 ``` ## Prompt and response logging Separately from typed-command history, the interactive shell records each LLM turn — the full prompt sent and the full response received — for chat and follow-up routes. This log is richer than command history (it includes model output, not just what you typed) and is used for two purposes: 1. **Local debugging / `/resume`**: appended as JSON Lines to `~/.opensre/prompt_log.jsonl`, and folded into the session file so `/resume` can restore conversation context. 2. **Product analytics**: forwarded to PostHog as an `$ai_generation` event (model, provider, latency, token counts, and the prompt/response text) so we can track usage and quality of the AI features. Investigation turns additionally include the model/provider/token usage of the investigation run and an `investigation_id` join key; failed turns carry structured error properties (`$ai_is_error`, `$ai_error`, `error_kind`). Turns handled entirely by terminal tools or slash commands report `$ai_model` / `$ai_provider` as `no_conversational_agent`; when a conversational reply was intended but the LLM provider failed (missing API key, model access, quota, auth), the event instead reports the attempted model (or `unknown`) plus an `ai_error_kind` bucket (`not_configured`, `quota`, `auth`, or `provider_error`). ### Defaults | Setting | Default | Effect | | --- | --- | --- | | Logging | **on** | Each LLM turn is recorded. | | Local JSONL file | **on** | Turns are appended to `~/.opensre/prompt_log.jsonl`. | | PostHog forwarding | **on** | Turns are also sent as a PostHog `$ai_generation` event. | | Redaction | **on** | Known token shapes (same patterns as command history) are stripped from the prompt and response before either sink. | ### Environment variables | Variable | Default | Effect | | --- | --- | --- | | `OPENSRE_PROMPT_LOG_DISABLED` | `0` | Set to `1` to disable prompt/response logging entirely (both local file and PostHog). | | `OPENSRE_PROMPT_LOG_LOCAL_DISABLED` | `0` | Set to `1` to skip the local JSONL file while leaving PostHog forwarding (if enabled) unaffected. | | `OPENSRE_PROMPT_LOG_REDACT` | `1` | Set to `0` to log/send raw prompt and response text without redaction. | | `OPENSRE_PROMPT_LOG_PATH` | `~/.opensre/prompt_log.jsonl` | Override the local JSONL file path. | PostHog forwarding for this event additionally honors the global telemetry opt-outs: set **`OPENSRE_NO_TELEMETRY=1`**, `OPENSRE_ANALYTICS_DISABLED=1`, or `DO_NOT_TRACK=1` to stop all PostHog traffic (including `$ai_generation`) without touching the local JSONL file. See [Environment Variables](/configuration/environment-variables#telemetry-monitoring). ### Config file ```yaml interactive: prompt_log: posthog_enabled: true redact: true max_chars: 32000 path: ~/.opensre/prompt_log.jsonl ``` Redaction here uses the same built-in pattern set as command history (see [Redaction patterns](#redaction-patterns) above) — it catches known secret shapes, not arbitrary sensitive content. Raw incident details, hostnames, or business context in a prompt are not redacted; only credential-shaped substring patterns are. ## Threat model The history file is **plain text on local disk** at `~/.opensre/interactive_history`, with the user's default file permissions. Built-in redaction targets common token shapes only — it is not a substitute for proper secret handling. Treat the file as confidential and be aware: - A determined attacker with read access to your home directory can still read pre-existing entries written before redaction was enabled. - Redaction cannot detect tokens that look like normal text (for example a natural-language password). Don't paste secrets you wouldn't be comfortable seeing in a system log. - Custom redaction patterns are not yet supported in v1. If you need to redact internal token shapes, use `/history off` for that session and run `/history clear` afterwards. The prompt/response log carries the same caveat, plus one more: with PostHog forwarding on (the default), redacted prompt/response text leaves your machine. If you discuss confidential systems or data in the interactive shell, set `OPENSRE_NO_TELEMETRY=1` (or `OPENSRE_PROMPT_LOG_DISABLED=1` to also stop the local file) rather than relying on redaction alone. For the strongest posture: set `OPENSRE_HISTORY_ENABLED=0` and `OPENSRE_NO_TELEMETRY=1`, accept the loss of cross-session up-arrow recall and `/resume` context, and rely on the in-memory ring instead.