feat: sanitize rollouts before phase 1 (#17938)

codex-rs/core/src/memories/phase1.rs

@@ -477,9 +477,10 @@ mod job {
                 }
             })
             .collect::<Vec<_>>();
-        serde_json::to_string(&filtered).map_err(|err| {
+        let serialized = serde_json::to_string(&filtered).map_err(|err| {
             CodexErr::InvalidRequest(format!("failed to serialize rollout memory: {err}"))
-        })
+        })?;
+        Ok(redact_secrets(serialized))
     }
 
     fn sanitize_response_item_for_memories(item: &ResponseItem) -> Option<ResponseItem> {

codex-rs/core/src/memories/phase1_tests.rs

@@ -3,6 +3,8 @@ use super::JobResult;
 use super::aggregate_stats;
 use super::job::serialize_filtered_rollout_response_items;
 use codex_protocol::models::ContentItem;
+use codex_protocol::models::FunctionCallOutputBody;
+use codex_protocol::models::FunctionCallOutputPayload;
 use codex_protocol::models::ResponseItem;
 use codex_protocol::protocol::RolloutItem;
 use codex_protocol::protocol::TokenUsage;
@@ -72,6 +74,25 @@ fn serializes_memory_rollout_with_agents_removed_but_environment_kept() {
     );
 }
 
+#[test]
+fn serializes_memory_rollout_redacts_secrets_before_prompt_upload() {
+    let serialized = serialize_filtered_rollout_response_items(&[RolloutItem::ResponseItem(
+        ResponseItem::FunctionCallOutput {
+            call_id: "call_123".to_string(),
+            output: FunctionCallOutputPayload {
+                body: FunctionCallOutputBody::Text(
+                    r#"{"token":"sk-abcdefghijklmnopqrstuvwxyz123456"}"#.to_string(),
+                ),
+                success: Some(true),
+            },
+        },
+    )])
+    .expect("serialize");
+
+    assert!(!serialized.contains("sk-abcdefghijklmnopqrstuvwxyz123456"));
+    assert!(serialized.contains("[REDACTED_SECRET]"));
+}
+
 #[test]
 fn count_outcomes_sums_token_usage_across_all_jobs() {
     let counts = aggregate_stats(vec![