Skip to main content

Overview

The OpenSRE interactive shell persists every line you type to a history file so up-arrow recall and /history work across sessions, and separately records each LLM prompt/response turn for local debugging and /resume. Incident prompts can include sensitive identifiers and tokens, so the shell:
  • redacts known token shapes before each entry is written to disk
  • supports disabling persistence entirely (memory-only mode)
  • caps how many entries are kept (oldest pruned)
  • offers a one-shot /history clear to wipe the file on demand
The history file lives at ~/.opensre/interactive_history. See Prompt and response logging below for the separate LLM turn log and its PostHog forwarding behavior.

Defaults

SettingDefaultEffect
PersistenceonLines you type are appended to the history file.
RedactiononKnown token shapes are replaced with [REDACTED:<kind>] before writing.
Retention cap5000 entriesOlder entries are pruned when the cap is exceeded.

Redaction patterns

The built-in pattern set targets token shapes that are unique enough to keep false positives on natural-language incident text very low. Each match is replaced with a labeled placeholder.
KindExamples
aws_keyAKIA…, ASIA…
aws_secretaws_secret_access_key=…
github_patghp_…, github_pat_…
anthropic_keysk-ant-…
openai_keysk-…
slack_tokenxoxb-…, xoxp-…, xoxa-…
stripe_keysk_live_…, sk_test_…
bearerBearer <opaque> headers
jwteyJ… three-segment tokens
password--password=…, password=…
private_keyPEM-encoded private keys
Redaction applies only to persistent history. The line you typed is still passed to OpenSRE’s normal pipeline as you typed it.

Slash commands

CommandEffect
/historyShow all persisted entries.
/history clearWipe the history file. Up-arrow recall resets on next launch.
/history offPause persistence for this session. New entries are not written.
/history onResume persistence for this session.
/history retention <N>Keep at most N entries on disk. Prunes immediately.
/privacyShow current persistence + redaction state, retention cap, and threat model.

Configuration

Settings resolve from (highest wins):
  1. Environment variables
  2. The interactive.history block in ~/.opensre/config.yml
  3. Built-in defaults

Environment variables

VariableDefaultEffect
OPENSRE_HISTORY_ENABLED1Set to 0/false/off to skip persistence entirely (in-memory only).
OPENSRE_HISTORY_REDACT1Set to 0/false/off to disable redaction (raw FileHistory).
OPENSRE_HISTORY_MAX_ENTRIES5000Non-negative integer. 0 disables the cap (unlimited).

Config file

interactive:
  history:
    enabled: true
    redact: true
    max_entries: 5000

Prompt and response logging

Separately from typed-command history, the interactive shell records each LLM turn — the full prompt sent and the full response received — for chat and follow-up routes. This log is richer than command history (it includes model output, not just what you typed) and is used for two purposes:
  1. Local debugging / /resume: appended as JSON Lines to ~/.opensre/prompt_log.jsonl, and folded into the session file so /resume can restore conversation context.
  2. Product analytics: forwarded to PostHog as an $ai_generation event (model, provider, latency, token counts, and the prompt/response text) so we can track usage and quality of the AI features.

Defaults

SettingDefaultEffect
LoggingonEach LLM turn is recorded.
Local JSONL fileonTurns are appended to ~/.opensre/prompt_log.jsonl.
PostHog forwardingonTurns are also sent as a PostHog $ai_generation event.
RedactiononKnown token shapes (same patterns as command history) are stripped from the prompt and response before either sink.

Environment variables

VariableDefaultEffect
OPENSRE_PROMPT_LOG_DISABLED0Set to 1 to disable prompt/response logging entirely (both local file and PostHog).
OPENSRE_PROMPT_LOG_LOCAL_DISABLED0Set to 1 to skip the local JSONL file while leaving PostHog forwarding (if enabled) unaffected.
OPENSRE_PROMPT_LOG_REDACT1Set to 0 to log/send raw, unredacted prompt and response text.
OPENSRE_PROMPT_LOG_PATH~/.opensre/prompt_log.jsonlOverride the local JSONL file path.
PostHog forwarding for this event additionally honors the global telemetry opt-outs: set OPENSRE_NO_TELEMETRY=1, OPENSRE_ANALYTICS_DISABLED=1, or DO_NOT_TRACK=1 to stop all PostHog traffic (including $ai_generation) without touching the local JSONL file. See Environment Variables.

Config file

interactive:
  prompt_log:
    posthog_enabled: true
    redact: true
    max_chars: 32000
    path: ~/.opensre/prompt_log.jsonl
Redaction here uses the same built-in pattern set as command history (see Redaction patterns above) — it catches known secret shapes, not arbitrary sensitive content. Raw incident details, hostnames, or business context in a prompt are not redacted; only credential-shaped substrings are.

Threat model

The history file is plain text on local disk at ~/.opensre/interactive_history, with the user’s default file permissions. Built-in redaction targets common token shapes only — it is not a substitute for proper secret handling. Treat the file as confidential and be aware:
  • A determined attacker with read access to your home directory can still read pre-existing entries written before redaction was enabled.
  • Redaction cannot detect tokens that look like normal text (for example a natural-language password). Don’t paste secrets you wouldn’t be comfortable seeing in a system log.
  • Custom redaction patterns are not yet supported in v1. If you need to redact internal token shapes, use /history off for that session and run /history clear afterwards.
The prompt/response log carries the same caveat, plus one more: with PostHog forwarding on (the default), redacted prompt/response text leaves your machine. If you discuss confidential systems or data in the interactive shell, set OPENSRE_NO_TELEMETRY=1 (or OPENSRE_PROMPT_LOG_DISABLED=1 to also stop the local file) rather than relying on redaction alone. For the strongest posture: set OPENSRE_HISTORY_ENABLED=0 and OPENSRE_NO_TELEMETRY=1, accept the loss of cross-session up-arrow recall and /resume context, and rely on the in-memory ring instead.