Description

When a user runs the agglayer-node, the logs may include the full WebSocket connection URL — including an embedded secret or token as the last path segment. This becomes a security/privacy risk when users share logs to support team for troubleshooting and help or even to community channel like discord for other developers to help resolve issue, unaware that the secret is being exposed.

Example

Logs currently show something like: {"message":"Starting BlockClock with provider: wss://websocket-url/secret-key"}

This can leak sensitive credentials unintentionally.

Expected Behavior

Sensitive tokens in URLs should be redacted in logs. For example: {"message":"Starting BlockClock with provider: wss://websocket-url/xxxx..."}

Recommendation

Use a sanitizer (e.g., sanitize_ws_url) before printing any WebSocket URLs to the console or log. Ensure this is applied consistently across all modules that output connection details.

Impact

• Leaks secrets in public/shared logs
• Users may unknowingly compromise their node setup
• Affects troubleshooting and security hygiene

Additional Context

This can be mitigated by adopting a standard log-sanitizing wrapper or utility for sensitive data.