feat(http): send X-Privacy-Mode header on all API requests

timothedelion · timothedelion · commit 1eea05e42c3c · 2026-04-03T11:27:47.000+02:00
Ensures all GitGuardian API calls from the MCP server use privacy mode,
so secrets are obfuscated in responses.

Issue: APPAI-110
diff --git a/packages/gg_api_core/src/gg_api_core/client.py b/packages/gg_api_core/src/gg_api_core/client.py
@@ -501,6 +501,7 @@ async def _request(self, method: str, endpoint: str, **kwargs) -> Any:
             "Authorization": f"Token {self._oauth_token}",
             "Content-Type": "application/json",
             "User-Agent": self._user_agent,
+            "X-Privacy-Mode": "true",
         }
         logger.debug("Using token for authorization")
 
@@ -736,6 +737,7 @@ async def _request_list(self, endpoint: str, **kwargs) -> ListResponse:
             "Authorization": f"Token {self._oauth_token}",
             "Content-Type": "application/json",
             "User-Agent": self._user_agent,
+            "X-Privacy-Mode": "true",
         }
         headers.update(kwargs.pop("headers", {}))
 

Original file line number	Diff line number	Diff line change
`@@ -501,6 +501,7 @@ async def _request(self, method: str, endpoint: str, **kwargs) -> Any:`
`501`	`501`	`"Authorization": f"Token {self._oauth_token}",`
`502`	`502`	`"Content-Type": "application/json",`
`503`	`503`	`"User-Agent": self._user_agent,`
	`504`	`+ "X-Privacy-Mode": "true",`
`504`	`505`	`}`
`505`	`506`	`logger.debug("Using token for authorization")`
`506`	`507`
`@@ -736,6 +737,7 @@ async def _request_list(self, endpoint: str, **kwargs) -> ListResponse:`
`736`	`737`	`"Authorization": f"Token {self._oauth_token}",`
`737`	`738`	`"Content-Type": "application/json",`
`738`	`739`	`"User-Agent": self._user_agent,`
	`740`	`+ "X-Privacy-Mode": "true",`
`739`	`741`	`}`
`740`	`742`	`headers.update(kwargs.pop("headers", {}))`
`741`	`743`