Validation - OpenLinear

import { sanitizePayload, isForbiddenField } from 'openlinear/validation';

Forbidden Fields

The following fields are blocked from sync:

const FORBIDDEN_SYNC_FIELDS = [
  'prompt',
  'logs',
  'toolLogs',
  'executionLogs',
  'repoPath',
  'accessToken',
  'apiKey',
  'passwordHash',
  'jwt',
  'client',
  'timeoutId',
  'rawOutput',
  'diff',
  'fileContents',
  'env',
  'environment',
  'processEnv',
] as const;

Functions

`isForbiddenField(field)`

Returns true if the field name is in FORBIDDEN_SYNC_FIELDS.

import { isForbiddenField } from 'openlinear/validation';

isForbiddenField('accessToken'); // true
isForbiddenField('taskId');      // false

`sanitizePayload(payload)`

Strips all forbidden fields and returns the cleaned result with a list of what was removed.

import { sanitizePayload } from 'openlinear/validation';

const { sanitized, removed } = sanitizePayload({
  taskId: 'tsk_123',
  status: 'completed',
  accessToken: 'ghp_...',
  logs: '[tool output...]',
});

// sanitized → { taskId: 'tsk_123', status: 'completed' }
// removed   → ['accessToken', 'logs']

Trust Boundary

Category	Examples	Synced?
Safe metadata	`taskId`, `status`, `durationMs`, `branch`, `prUrl`	Yes
Local-only paths	`repoPath`, `env`, `environment`	No — stripped
Credentials	`accessToken`, `apiKey`, `passwordHash`, `jwt`	No — stripped
Raw agent output	`prompt`, `logs`, `toolLogs`, `diff`, `rawOutput`	No — stripped

Any payload passing through sanitizePayload or safeValidateExecutionMetadataSync has forbidden fields removed before reaching the network.

npm Package

​Forbidden Fields

​Functions

​isForbiddenField(field)

​sanitizePayload(payload)

​Trust Boundary

Forbidden Fields

Functions

`isForbiddenField(field)`

`sanitizePayload(payload)`

Trust Boundary