fix(invoke): adjust redaction regex to allow words following bearer

package.json

@@ -147,6 +147,7 @@
     "eslint-plugin-security": "^4.0.0",
     "husky": "^9.1.7",
     "ink-testing-library": "^4.0.0",
+    "jose": "^6.2.3",
     "lint-staged": "^16.2.7",
     "node-pty": "^1.1.0",
     "prettier": "^3.7.4",

src/cli/commands/invoke/__tests__/redact-sensitive-text.test.ts

@@ -1,17 +1,34 @@
 import { redactSensitiveText } from '../command.js';
-import { describe, expect, it } from 'vitest';
+import { SignJWT } from 'jose';
+import { beforeAll, describe, expect, it } from 'vitest';
+
+const TEST_SIGNING_SECRET = new TextEncoder().encode('redaction-unit-test-signing-secret-0123456789');
+
+async function makeJwt(claims: Record<string, unknown> = { sub: '1234567890', aud: 'client-abc' }): Promise<string> {
+  return new SignJWT(claims)
+    .setProtectedHeader({ alg: 'HS256', typ: 'JWT' })
+    .setIssuedAt()
+    .setExpirationTime('1h')
+    .sign(TEST_SIGNING_SECRET);
+}
 
 describe('redactSensitiveText', () => {
+  let jwt: string;
+
+  beforeAll(async () => {
+    jwt = await makeJwt();
+  });
+
   it('redacts Bearer tokens', () => {
-    expect(redactSensitiveText('Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.payload.sig')).toBe(
-      'Authorization: Bearer [REDACTED]'
-    );
+    expect(redactSensitiveText(`Authorization: Bearer ${jwt}`)).toBe('Authorization: Bearer [REDACTED]');
   });
 
   it('redacts Bearer tokens in JSON', () => {
-    expect(redactSensitiveText('{"header":"Bearer eyJhbGciOiJSUzI1NiJ9.payload.sig"}')).toBe(
-      '{"header":"Bearer [REDACTED]"}'
-    );
+    expect(redactSensitiveText(`{"header":"Bearer ${jwt}"}`)).toBe('{"header":"Bearer [REDACTED]"}');
+  });
+
+  it('redacts a JWT by shape even without a "bearer"/key prefix', () => {
+    expect(redactSensitiveText(`agent response: ${jwt}`)).toBe('agent response: [REDACTED]');
   });
 
   it('redacts client_secret in key=value form', () => {
@@ -38,13 +55,24 @@ describe('redactSensitiveText', () => {
     expect(redactSensitiveText('client-secret=mysecret')).toBe('client-secret=[REDACTED]');
   });
 
+  it('handles multiple sensitive values in one string', () => {
+    expect(redactSensitiveText(`Bearer ${jwt} and client_secret=xyz789`)).toBe(
+      'Bearer [REDACTED] and client_secret=[REDACTED]'
+    );
+  });
+
   it('does not modify text without sensitive content', () => {
     const input = 'Agent responded successfully with 200 OK';
     expect(redactSensitiveText(input)).toBe(input);
   });
 
-  it('handles multiple sensitive values in one string', () => {
-    const input = 'Bearer abc123 and client_secret=xyz789';
-    expect(redactSensitiveText(input)).toBe('Bearer [REDACTED] and client_secret=[REDACTED]');
+  it('does not redact the literal word "token" after "bearer"', () => {
+    const input = "Agent 'E2eJwt123' is configured for CUSTOM_JWT but no bearer token is available.";
+    expect(redactSensitiveText(input)).toBe(input);
+  });
+
+  it('does not redact prose like "Invalid Bearer Token"', () => {
+    const input = 'Invalid Bearer Token';
+    expect(redactSensitiveText(input)).toBe(input);
   });
 });

src/cli/commands/invoke/command.tsx

@@ -82,10 +82,16 @@
 }
 
 export function redactSensitiveText(value: string): string {
-  return value
-    .replace(/(bearer\s+)[a-z0-9\-._~+/]+=*/gi, '$1[REDACTED]')
-    .replace(/(client[_-]?secret["']?\s*[:=]\s*["']?)([^"',\s}]+)/gi, '$1[REDACTED]')
-    .replace(/((?:access[_-]?)?token["']?\s*[:=]\s*["']?)([^"',\s}]+)/gi, '$1[REDACTED]');
+  return (
+    value
+      // AgentCore inbound bearer tokens are always CUSTOM_JWT/OIDC JWTs, and a JWT always begins
+      // with `eyJ` (base64url of `{"`, the start of its header/payload JSON). Matching by shape
+      // redacts the token wherever it appears and never touches prose like "bearer token".
+      // See https://stackoverflow.com/a/74181595 (why JWTs start with `eyJ`).
+      .replace(/eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g, '[REDACTED]')
+      .replace(/(client[_-]?secret["']?\s*[:=]\s*["']?)([^"',\s}]+)/gi, '$1[REDACTED]')
+      .replace(/((?:access[_-]?)?token["']?\s*[:=]\s*["']?)([^"',\s}]+)/gi, '$1[REDACTED]')
+  );
 }
 
 function printInvokeResult(result: InvokeResult, options: InvokeOptions): void {