Applies to:
- Plan -
- Deployment -
Summary
A bug in Braintrust’s Claude Agent SDK instrumentation could record API keys passed throughquery({ options: { apiKey } }) in Braintrust trace metadata.
See GitHub security advisory GHSA-h8xp-g5cq-35xw for the complete impact statement, affected versions, technical details, and workarounds.
Frequently asked questions
Is my application affected?
Your application is affected only when all of these conditions apply:- It uses the
braintrustJavaScript package v0.4.0 through v3.23.0. - It instruments the Anthropic Claude Agent SDK with
wrapClaudeAgentSDK()or Braintrust auto-instrumentation. - It passes an API key directly through
options.apiKeywhen callingquery().
Were keys supplied through environment variables affected?
No. Keys supplied throughprocess.env.ANTHROPIC_API_KEY were not captured. Values supplied through options.env were also not captured because the instrumentation did not include the env option in span metadata.
How do I check for affected traces?
Run this query in the SQL sandbox for each project that contains Claude Agent SDK traces. Replace<PROJECT_ID> with the project’s ID. The query identifies affected spans without returning API key values.
contains_api_key is true confirms that a key was stored. Do not select metadata.apiKey or share raw affected span metadata in tickets, chat messages, or screenshots.
What should I do if the query returns affected traces?
- Upgrade the
braintrustJavaScript package to v3.23.1 or later and redeploy your application. - Revoke and replace every API key that may have been recorded.
- Update your application to use the replacement credentials.