Add username log censor setting

Co-Authored-By: Paperclip <noreply@paperclip.ing>

packages/adapter-utils/src/log-redaction.ts

@@ -1,19 +1,29 @@
 import type { TranscriptEntry } from "./types.js";
 
-export const REDACTED_HOME_PATH_USER = "[]";
+export const REDACTED_HOME_PATH_USER = "*";
+
+export interface HomePathRedactionOptions {
+  enabled?: boolean;
+}
+
+function maskHomePathUserSegment(value: string) {
+  const trimmed = value.trim();
+  if (!trimmed) return REDACTED_HOME_PATH_USER;
+  return `${trimmed[0]}${"*".repeat(Math.max(1, Array.from(trimmed).length - 1))}`;
+}
 
 const HOME_PATH_PATTERNS = [
   {
-    regex: /\/Users\/[^/\\\s]+/g,
+    regex: /\/Users\/([^/\\\s]+)/g,
-    replace: `/Users/${REDACTED_HOME_PATH_USER}`,
+    replace: (_match: string, user: string) => `/Users/${maskHomePathUserSegment(user)}`,
   },
   {
-    regex: /\/home\/[^/\\\s]+/g,
+    regex: /\/home\/([^/\\\s]+)/g,
-    replace: `/home/${REDACTED_HOME_PATH_USER}`,
+    replace: (_match: string, user: string) => `/home/${maskHomePathUserSegment(user)}`,
   },
   {
-    regex: /([A-Za-z]:\\Users\\)[^\\/\s]+/g,
+    regex: /([A-Za-z]:\\Users\\)([^\\/\s]+)/g,
-    replace: `$1${REDACTED_HOME_PATH_USER}`,
+    replace: (_match: string, prefix: string, user: string) => `${prefix}${maskHomePathUserSegment(user)}`,
   },
 ] as const;
 
@@ -23,7 +33,8 @@ function isPlainObject(value: unknown): value is Record<string, unknown> {
   return proto === Object.prototype || proto === null;
 }
 
-export function redactHomePathUserSegments(text: string): string {
+export function redactHomePathUserSegments(text: string, opts?: HomePathRedactionOptions): string {
+  if (opts?.enabled === false) return text;
   let result = text;
   for (const pattern of HOME_PATH_PATTERNS) {
     result = result.replace(pattern.regex, pattern.replace);
@@ -31,12 +42,12 @@ export function redactHomePathUserSegments(text: string): string {
   return result;
 }
 
-export function redactHomePathUserSegmentsInValue<T>(value: T): T {
+export function redactHomePathUserSegmentsInValue<T>(value: T, opts?: HomePathRedactionOptions): T {
   if (typeof value === "string") {
-    return redactHomePathUserSegments(value) as T;
+    return redactHomePathUserSegments(value, opts) as T;
   }
   if (Array.isArray(value)) {
-    return value.map((entry) => redactHomePathUserSegmentsInValue(entry)) as T;
+    return value.map((entry) => redactHomePathUserSegmentsInValue(entry, opts)) as T;
   }
   if (!isPlainObject(value)) {
     return value;
@@ -44,12 +55,12 @@ export function redactHomePathUserSegmentsInValue<T>(value: T): T {
 
   const redacted: Record<string, unknown> = {};
   for (const [key, entry] of Object.entries(value)) {
-    redacted[key] = redactHomePathUserSegmentsInValue(entry);
+    redacted[key] = redactHomePathUserSegmentsInValue(entry, opts);
   }
   return redacted as T;
 }
 
-export function redactTranscriptEntryPaths(entry: TranscriptEntry): TranscriptEntry {
+export function redactTranscriptEntryPaths(entry: TranscriptEntry, opts?: HomePathRedactionOptions): TranscriptEntry {
   switch (entry.kind) {
     case "assistant":
     case "thinking":
@@ -57,23 +68,27 @@ export function redactTranscriptEntryPaths(entry: TranscriptEntry): TranscriptEn
     case "stderr":
     case "system":
     case "stdout":
-      return { ...entry, text: redactHomePathUserSegments(entry.text) };
+      return { ...entry, text: redactHomePathUserSegments(entry.text, opts) };
     case "tool_call":
-      return { ...entry, name: redactHomePathUserSegments(entry.name), input: redactHomePathUserSegmentsInValue(entry.input) };
+      return {
+        ...entry,
+        name: redactHomePathUserSegments(entry.name, opts),
+        input: redactHomePathUserSegmentsInValue(entry.input, opts),
+      };
     case "tool_result":
-      return { ...entry, content: redactHomePathUserSegments(entry.content) };
+      return { ...entry, content: redactHomePathUserSegments(entry.content, opts) };
     case "init":
       return {
         ...entry,
-        model: redactHomePathUserSegments(entry.model),
+        model: redactHomePathUserSegments(entry.model, opts),
-        sessionId: redactHomePathUserSegments(entry.sessionId),
+        sessionId: redactHomePathUserSegments(entry.sessionId, opts),
       };
     case "result":
       return {
         ...entry,
-        text: redactHomePathUserSegments(entry.text),
+        text: redactHomePathUserSegments(entry.text, opts),
-        subtype: redactHomePathUserSegments(entry.subtype),
+        subtype: redactHomePathUserSegments(entry.subtype, opts),
-        errors: entry.errors.map((error) => redactHomePathUserSegments(error)),
+        errors: entry.errors.map((error) => redactHomePathUserSegments(error, opts)),
       };
     default:
       return entry;

packages/adapters/codex-local/src/ui/parse-stdout.ts

@@ -1,8 +1,4 @@
-import {
+import { type TranscriptEntry } from "@paperclipai/adapter-utils";
-  redactHomePathUserSegments,
-  redactHomePathUserSegmentsInValue,
-  type TranscriptEntry,
-} from "@paperclipai/adapter-utils";
 
 function safeJsonParse(text: string): unknown {
   try {
@@ -43,12 +39,12 @@ function errorText(value: unknown): string {
 }
 
 function stringifyUnknown(value: unknown): string {
-  if (typeof value === "string") return redactHomePathUserSegments(value);
+  if (typeof value === "string") return value;
   if (value === null || value === undefined) return "";
   try {
-    return JSON.stringify(redactHomePathUserSegmentsInValue(value), null, 2);
+    return JSON.stringify(value, null, 2);
   } catch {
-    return redactHomePathUserSegments(String(value));
+    return String(value);
   }
 }
 
@@ -61,8 +57,8 @@ function parseCommandExecutionItem(
   const command = asString(item.command);
   const status = asString(item.status);
   const exitCode = typeof item.exit_code === "number" && Number.isFinite(item.exit_code) ? item.exit_code : null;
-  const safeCommand = redactHomePathUserSegments(command);
+  const safeCommand = command;
-  const output = redactHomePathUserSegments(asString(item.aggregated_output)).replace(/\s+$/, "");
+  const output = asString(item.aggregated_output).replace(/\s+$/, "");
 
   if (phase === "started") {
     return [{
@@ -109,7 +105,7 @@ function parseFileChangeItem(item: Record<string, unknown>, ts: string): Transcr
     .filter((change): change is Record<string, unknown> => Boolean(change))
     .map((change) => {
       const kind = asString(change.kind, "update");
-      const path = redactHomePathUserSegments(asString(change.path, "unknown"));
+      const path = asString(change.path, "unknown");
       return `${kind} ${path}`;
     });
 
@@ -131,13 +127,13 @@ function parseCodexItem(
 
   if (itemType === "agent_message") {
     const text = asString(item.text);
-    if (text) return [{ kind: "assistant", ts, text: redactHomePathUserSegments(text) }];
+    if (text) return [{ kind: "assistant", ts, text }];
     return [];
   }
 
   if (itemType === "reasoning") {
     const text = asString(item.text);
-    if (text) return [{ kind: "thinking", ts, text: redactHomePathUserSegments(text) }];
+    if (text) return [{ kind: "thinking", ts, text }];
     return [{ kind: "system", ts, text: phase === "started" ? "reasoning started" : "reasoning completed" }];
   }
 
@@ -153,9 +149,9 @@ function parseCodexItem(
     return [{
       kind: "tool_call",
       ts,
-      name: redactHomePathUserSegments(asString(item.name, "unknown")),
+      name: asString(item.name, "unknown"),
       toolUseId: asString(item.id),
-      input: redactHomePathUserSegmentsInValue(item.input ?? {}),
+      input: item.input ?? {},
     }];
   }
 
@@ -167,12 +163,12 @@ function parseCodexItem(
       asString(item.result) ||
       stringifyUnknown(item.content ?? item.output ?? item.result);
     const isError = item.is_error === true || asString(item.status) === "error";
-    return [{ kind: "tool_result", ts, toolUseId, content: redactHomePathUserSegments(content), isError }];
+    return [{ kind: "tool_result", ts, toolUseId, content, isError }];
   }
 
   if (itemType === "error" && phase === "completed") {
     const text = errorText(item.message ?? item.error ?? item);
-    return [{ kind: "stderr", ts, text: redactHomePathUserSegments(text || "error") }];
+    return [{ kind: "stderr", ts, text: text || "error" }];
   }
 
   const id = asString(item.id);
@@ -181,14 +177,14 @@ function parseCodexItem(
   return [{
     kind: "system",
     ts,
-    text: redactHomePathUserSegments(`item ${phase}: ${itemType || "unknown"}${meta ? ` (${meta})` : ""}`),
+    text: `item ${phase}: ${itemType || "unknown"}${meta ? ` (${meta})` : ""}`,
   }];
 }
 
 export function parseCodexStdoutLine(line: string, ts: string): TranscriptEntry[] {
   const parsed = asRecord(safeJsonParse(line));
   if (!parsed) {
-    return [{ kind: "stdout", ts, text: redactHomePathUserSegments(line) }];
+    return [{ kind: "stdout", ts, text: line }];
   }
 
   const type = asString(parsed.type);
@@ -198,8 +194,8 @@ export function parseCodexStdoutLine(line: string, ts: string): TranscriptEntry[
     return [{
       kind: "init",
       ts,
-      model: redactHomePathUserSegments(asString(parsed.model, "codex")),
+      model: asString(parsed.model, "codex"),
-      sessionId: redactHomePathUserSegments(threadId),
+      sessionId: threadId,
     }];
   }
 
@@ -221,15 +217,15 @@ export function parseCodexStdoutLine(line: string, ts: string): TranscriptEntry[
     return [{
       kind: "result",
       ts,
-      text: redactHomePathUserSegments(asString(parsed.result)),
+      text: asString(parsed.result),
       inputTokens,
       outputTokens,
       cachedTokens,
       costUsd: asNumber(parsed.total_cost_usd),
-      subtype: redactHomePathUserSegments(asString(parsed.subtype)),
+      subtype: asString(parsed.subtype),
       isError: parsed.is_error === true,
       errors: Array.isArray(parsed.errors)
-        ? parsed.errors.map(errorText).map(redactHomePathUserSegments).filter(Boolean)
+        ? parsed.errors.map(errorText).filter(Boolean)
         : [],
     }];
   }
@@ -243,21 +239,21 @@ export function parseCodexStdoutLine(line: string, ts: string): TranscriptEntry[
     return [{
       kind: "result",
       ts,
-      text: redactHomePathUserSegments(asString(parsed.result)),
+      text: asString(parsed.result),
       inputTokens,
       outputTokens,
       cachedTokens,
       costUsd: asNumber(parsed.total_cost_usd),
-      subtype: redactHomePathUserSegments(asString(parsed.subtype, "turn.failed")),
+      subtype: asString(parsed.subtype, "turn.failed"),
       isError: true,
-      errors: message ? [redactHomePathUserSegments(message)] : [],
+      errors: message ? [message] : [],
     }];
   }
 
   if (type === "error") {
     const message = errorText(parsed.message ?? parsed.error ?? parsed);
-    return [{ kind: "stderr", ts, text: redactHomePathUserSegments(message || line) }];
+    return [{ kind: "stderr", ts, text: message || line }];
   }
 
-  return [{ kind: "stdout", ts, text: redactHomePathUserSegments(line) }];
+  return [{ kind: "stdout", ts, text: line }];
 }

packages/db/src/migrations/0039_curly_maria_hill.sql

@@ -0,0 +1 @@
+ALTER TABLE "instance_settings" ADD COLUMN "general" jsonb DEFAULT '{}'::jsonb NOT NULL;

packages/db/src/migrations/meta/_journal.json

@@ -274,6 +274,13 @@
       "when": 1773931592563,
       "tag": "0038_careless_iron_monger",
       "breakpoints": true
+    },
+    {
+      "idx": 39,
+      "version": "7",
+      "when": 1774011294562,
+      "tag": "0039_curly_maria_hill",
+      "breakpoints": true
     }
   ]
 }

packages/db/src/schema/instance_settings.ts

@@ -5,6 +5,7 @@ export const instanceSettings = pgTable(
   {
     id: uuid("id").primaryKey().defaultRandom(),
     singletonKey: text("singleton_key").notNull().default("default"),
+    general: jsonb("general").$type<Record<string, unknown>>().notNull().default({}),
     experimental: jsonb("experimental").$type<Record<string, unknown>>().notNull().default({}),
     createdAt: timestamp("created_at", { withTimezone: true }).notNull().defaultNow(),
     updatedAt: timestamp("updated_at", { withTimezone: true }).notNull().defaultNow(),

packages/shared/src/index.ts

@@ -121,6 +121,7 @@ export {
 export type {
   Company,
   InstanceExperimentalSettings,
+  InstanceGeneralSettings,
   InstanceSettings,
   Agent,
   AgentAccessState,
@@ -248,6 +249,9 @@ export type {
 } from "./types/index.js";
 
 export {
+  instanceGeneralSettingsSchema,
+  patchInstanceGeneralSettingsSchema,
+  type PatchInstanceGeneralSettings,
   instanceExperimentalSettingsSchema,
   patchInstanceExperimentalSettingsSchema,
   type PatchInstanceExperimentalSettings,

packages/shared/src/types/index.ts

@@ -1,5 +1,5 @@
 export type { Company } from "./company.js";
-export type { InstanceExperimentalSettings, InstanceSettings } from "./instance.js";
+export type { InstanceExperimentalSettings, InstanceGeneralSettings, InstanceSettings } from "./instance.js";
 export type {
   Agent,
   AgentAccessState,

packages/shared/src/types/instance.ts

@@ -1,9 +1,14 @@
+export interface InstanceGeneralSettings {
+  censorUsernameInLogs: boolean;
+}
+
 export interface InstanceExperimentalSettings {
   enableIsolatedWorkspaces: boolean;
 }
 
 export interface InstanceSettings {
   id: string;
+  general: InstanceGeneralSettings;
   experimental: InstanceExperimentalSettings;
   createdAt: Date;
   updatedAt: Date;

packages/shared/src/validators/index.ts

@@ -1,4 +1,8 @@
 export {
+  instanceGeneralSettingsSchema,
+  patchInstanceGeneralSettingsSchema,
+  type InstanceGeneralSettings,
+  type PatchInstanceGeneralSettings,
   instanceExperimentalSettingsSchema,
   patchInstanceExperimentalSettingsSchema,
   type InstanceExperimentalSettings,

packages/shared/src/validators/instance.ts

@@ -1,10 +1,18 @@
 import { z } from "zod";
 
+export const instanceGeneralSettingsSchema = z.object({
+  censorUsernameInLogs: z.boolean().default(false),
+}).strict();
+
+export const patchInstanceGeneralSettingsSchema = instanceGeneralSettingsSchema.partial();
+
 export const instanceExperimentalSettingsSchema = z.object({
   enableIsolatedWorkspaces: z.boolean().default(false),
 }).strict();
 
 export const patchInstanceExperimentalSettingsSchema = instanceExperimentalSettingsSchema.partial();
 
+export type InstanceGeneralSettings = z.infer<typeof instanceGeneralSettingsSchema>;
+export type PatchInstanceGeneralSettings = z.infer<typeof patchInstanceGeneralSettingsSchema>;
 export type InstanceExperimentalSettings = z.infer<typeof instanceExperimentalSettingsSchema>;
 export type PatchInstanceExperimentalSettings = z.infer<typeof patchInstanceExperimentalSettingsSchema>;

server/src/__tests__/codex-local-adapter.test.ts

@@ -117,7 +117,7 @@ describe("codex_local ui stdout parser", () => {
       {
         kind: "system",
         ts,
-        text: "file changes: update /Users/[]/project/ui/src/pages/AgentDetail.tsx",
+        text: "file changes: update /Users/paperclipuser/project/ui/src/pages/AgentDetail.tsx",
       },
     ]);
   });

server/src/__tests__/instance-settings-routes.test.ts

@@ -5,7 +5,9 @@ import { errorHandler } from "../middleware/index.js";
 import { instanceSettingsRoutes } from "../routes/instance-settings.js";
 
 const mockInstanceSettingsService = vi.hoisted(() => ({
+  getGeneral: vi.fn(),
   getExperimental: vi.fn(),
+  updateGeneral: vi.fn(),
   updateExperimental: vi.fn(),
   listCompanyIds: vi.fn(),
 }));
@@ -31,9 +33,18 @@ function createApp(actor: any) {
 describe("instance settings routes", () => {
   beforeEach(() => {
     vi.clearAllMocks();
+    mockInstanceSettingsService.getGeneral.mockResolvedValue({
+      censorUsernameInLogs: false,
+    });
     mockInstanceSettingsService.getExperimental.mockResolvedValue({
       enableIsolatedWorkspaces: false,
     });
+    mockInstanceSettingsService.updateGeneral.mockResolvedValue({
+      id: "instance-settings-1",
+      general: {
+        censorUsernameInLogs: true,
+      },
+    });
     mockInstanceSettingsService.updateExperimental.mockResolvedValue({
       id: "instance-settings-1",
       experimental: {
@@ -66,6 +77,29 @@ describe("instance settings routes", () => {
     expect(mockLogActivity).toHaveBeenCalledTimes(2);
   });
 
+  it("allows local board users to read and update general settings", async () => {
+    const app = createApp({
+      type: "board",
+      userId: "local-board",
+      source: "local_implicit",
+      isInstanceAdmin: true,
+    });
+
+    const getRes = await request(app).get("/api/instance/settings/general");
+    expect(getRes.status).toBe(200);
+    expect(getRes.body).toEqual({ censorUsernameInLogs: false });
+
+    const patchRes = await request(app)
+      .patch("/api/instance/settings/general")
+      .send({ censorUsernameInLogs: true });
+
+    expect(patchRes.status).toBe(200);
+    expect(mockInstanceSettingsService.updateGeneral).toHaveBeenCalledWith({
+      censorUsernameInLogs: true,
+    });
+    expect(mockLogActivity).toHaveBeenCalledTimes(2);
+  });
+
   it("rejects non-admin board users", async () => {
     const app = createApp({
       type: "board",
@@ -75,10 +109,10 @@ describe("instance settings routes", () => {
       companyIds: ["company-1"],
     });
 
-    const res = await request(app).get("/api/instance/settings/experimental");
+    const res = await request(app).get("/api/instance/settings/general");
 
     expect(res.status).toBe(403);
-    expect(mockInstanceSettingsService.getExperimental).not.toHaveBeenCalled();
+    expect(mockInstanceSettingsService.getGeneral).not.toHaveBeenCalled();
   });
 
   it("rejects agent callers", async () => {
@@ -90,10 +124,10 @@ describe("instance settings routes", () => {
     });
 
     const res = await request(app)
-      .patch("/api/instance/settings/experimental")
+      .patch("/api/instance/settings/general")
-      .send({ enableIsolatedWorkspaces: true });
+      .send({ censorUsernameInLogs: true });
 
     expect(res.status).toBe(403);
-    expect(mockInstanceSettingsService.updateExperimental).not.toHaveBeenCalled();
+    expect(mockInstanceSettingsService.updateGeneral).not.toHaveBeenCalled();
   });
 });

server/src/__tests__/log-redaction.test.ts

@@ -1,6 +1,6 @@
 import { describe, expect, it } from "vitest";
 import {
-  CURRENT_USER_REDACTION_TOKEN,
+  maskUserNameForLogs,
   redactCurrentUserText,
   redactCurrentUserValue,
 } from "../log-redaction.js";
@@ -8,6 +8,7 @@ import {
 describe("log redaction", () => {
   it("redacts the active username inside home-directory paths", () => {
     const userName = "paperclipuser";
+    const maskedUserName = maskUserNameForLogs(userName);
     const input = [
       `cwd=/Users/${userName}/paperclip`,
       `home=/home/${userName}/workspace`,
@@ -19,14 +20,15 @@ describe("log redaction", () => {
       homeDirs: [`/Users/${userName}`, `/home/${userName}`, `C:\\Users\\${userName}`],
     });
 
-    expect(result).toContain(`cwd=/Users/${CURRENT_USER_REDACTION_TOKEN}/paperclip`);
+    expect(result).toContain(`cwd=/Users/${maskedUserName}/paperclip`);
-    expect(result).toContain(`home=/home/${CURRENT_USER_REDACTION_TOKEN}/workspace`);
+    expect(result).toContain(`home=/home/${maskedUserName}/workspace`);
-    expect(result).toContain(`win=C:\\Users\\${CURRENT_USER_REDACTION_TOKEN}\\paperclip`);
+    expect(result).toContain(`win=C:\\Users\\${maskedUserName}\\paperclip`);
     expect(result).not.toContain(userName);
   });
 
   it("redacts standalone username mentions without mangling larger tokens", () => {
     const userName = "paperclipuser";
+    const maskedUserName = maskUserNameForLogs(userName);
     const result = redactCurrentUserText(
       `user ${userName} said ${userName}/project should stay but apaperclipuserz should not change`,
       {
@@ -36,12 +38,13 @@ describe("log redaction", () => {
     );
 
     expect(result).toBe(
-      `user ${CURRENT_USER_REDACTION_TOKEN} said ${CURRENT_USER_REDACTION_TOKEN}/project should stay but apaperclipuserz should not change`,
+      `user ${maskedUserName} said ${maskedUserName}/project should stay but apaperclipuserz should not change`,
     );
   });
 
   it("recursively redacts nested event payloads", () => {
     const userName = "paperclipuser";
+    const maskedUserName = maskUserNameForLogs(userName);
     const result = redactCurrentUserValue({
       cwd: `/Users/${userName}/paperclip`,
       prompt: `open /Users/${userName}/paperclip/ui`,
@@ -55,12 +58,17 @@ describe("log redaction", () => {
     });
 
     expect(result).toEqual({
-      cwd: `/Users/${CURRENT_USER_REDACTION_TOKEN}/paperclip`,
+      cwd: `/Users/${maskedUserName}/paperclip`,
-      prompt: `open /Users/${CURRENT_USER_REDACTION_TOKEN}/paperclip/ui`,
+      prompt: `open /Users/${maskedUserName}/paperclip/ui`,
       nested: {
-        author: CURRENT_USER_REDACTION_TOKEN,
+        author: maskedUserName,
       },
-      values: [CURRENT_USER_REDACTION_TOKEN, `/home/${CURRENT_USER_REDACTION_TOKEN}/project`],
+      values: [maskedUserName, `/home/${maskedUserName}/project`],
     });
   });
+
+  it("skips redaction when disabled", () => {
+    const input = "cwd=/Users/paperclipuser/paperclip";
+    expect(redactCurrentUserText(input, { enabled: false })).toBe(input);
+  });
 });

server/src/log-redaction.ts

@@ -1,8 +1,9 @@
 import os from "node:os";
 
-export const CURRENT_USER_REDACTION_TOKEN = "[]";
+export const CURRENT_USER_REDACTION_TOKEN = "*";
 
-interface CurrentUserRedactionOptions {
+export interface CurrentUserRedactionOptions {
+  enabled?: boolean;
   replacement?: string;
   userNames?: string[];
   homeDirs?: string[];
@@ -39,6 +40,12 @@ function replaceLastPathSegment(pathValue: string, replacement: string) {
   return `${normalized.slice(0, lastSeparator + 1)}${replacement}`;
 }
 
+export function maskUserNameForLogs(value: string, fallback = CURRENT_USER_REDACTION_TOKEN) {
+  const trimmed = value.trim();
+  if (!trimmed) return fallback;
+  return `${trimmed[0]}${"*".repeat(Math.max(1, Array.from(trimmed).length - 1))}`;
+}
+
 function defaultUserNames() {
   const candidates = [
     process.env.USER,
@@ -99,21 +106,22 @@ function resolveCurrentUserCandidates(opts?: CurrentUserRedactionOptions) {
 
 export function redactCurrentUserText(input: string, opts?: CurrentUserRedactionOptions) {
   if (!input) return input;
+  if (opts?.enabled === false) return input;
 
   const { userNames, homeDirs, replacement } = resolveCurrentUserCandidates(opts);
   let result = input;
 
   for (const homeDir of [...homeDirs].sort((a, b) => b.length - a.length)) {
     const lastSegment = splitPathSegments(homeDir).pop() ?? "";
-    const replacementDir = userNames.includes(lastSegment)
+    const replacementDir = lastSegment
-      ? replaceLastPathSegment(homeDir, replacement)
+      ? replaceLastPathSegment(homeDir, maskUserNameForLogs(lastSegment, replacement))
       : replacement;
     result = result.split(homeDir).join(replacementDir);
   }
 
   for (const userName of [...userNames].sort((a, b) => b.length - a.length)) {
     const pattern = new RegExp(`(?<![A-Za-z0-9._-])${escapeRegExp(userName)}(?![A-Za-z0-9._-])`, "g");
-    result = result.replace(pattern, replacement);
+    result = result.replace(pattern, maskUserNameForLogs(userName, replacement));
   }
 
   return result;

server/src/routes/agents.ts

@@ -36,6 +36,7 @@ import { assertBoard, assertCompanyAccess, getActorInfo } from "./authz.js";
 import { findServerAdapter, listAdapterModels } from "../adapters/index.js";
 import { redactEventPayload } from "../redaction.js";
 import { redactCurrentUserValue } from "../log-redaction.js";
+import { instanceSettingsService } from "../services/instance-settings.js";
 import { runClaudeLogin } from "@paperclipai/adapter-claude-local/server";
 import {
   DEFAULT_CODEX_LOCAL_BYPASS_APPROVALS_AND_SANDBOX,
@@ -64,8 +65,15 @@ export function agentRoutes(db: Db) {
   const issueApprovalsSvc = issueApprovalService(db);
   const secretsSvc = secretService(db);
   const workspaceOperations = workspaceOperationService(db);
+  const instanceSettings = instanceSettingsService(db);
   const strictSecretsMode = process.env.PAPERCLIP_SECRETS_STRICT_MODE === "true";
 
+  async function getCurrentUserRedactionOptions() {
+    return {
+      enabled: (await instanceSettings.getGeneral()).censorUsernameInLogs,
+    };
+  }
+
   function canCreateAgents(agent: { role: string; permissions: Record<string, unknown> | null | undefined }) {
     if (!agent.permissions || typeof agent.permissions !== "object") return false;
     return Boolean((agent.permissions as Record<string, unknown>).canCreateAgents);
@@ -1597,7 +1605,7 @@ export function agentRoutes(db: Db) {
       return;
     }
     assertCompanyAccess(req, run.companyId);
-    res.json(redactCurrentUserValue(run));
+    res.json(redactCurrentUserValue(run, await getCurrentUserRedactionOptions()));
   });
 
   router.post("/heartbeat-runs/:runId/cancel", async (req, res) => {
@@ -1632,11 +1640,12 @@ export function agentRoutes(db: Db) {
     const afterSeq = Number(req.query.afterSeq ?? 0);
     const limit = Number(req.query.limit ?? 200);
     const events = await heartbeat.listEvents(runId, Number.isFinite(afterSeq) ? afterSeq : 0, Number.isFinite(limit) ? limit : 200);
+    const currentUserRedactionOptions = await getCurrentUserRedactionOptions();
     const redactedEvents = events.map((event) =>
       redactCurrentUserValue({
         ...event,
         payload: redactEventPayload(event.payload),
-      }),
+      }, currentUserRedactionOptions),
     );
     res.json(redactedEvents);
   });
@@ -1672,7 +1681,7 @@ export function agentRoutes(db: Db) {
     const context = asRecord(run.contextSnapshot);
     const executionWorkspaceId = asNonEmptyString(context?.executionWorkspaceId);
     const operations = await workspaceOperations.listForRun(runId, executionWorkspaceId);
-    res.json(redactCurrentUserValue(operations));
+    res.json(redactCurrentUserValue(operations, await getCurrentUserRedactionOptions()));
   });
 
   router.get("/workspace-operations/:operationId/log", async (req, res) => {
@@ -1768,7 +1777,7 @@ export function agentRoutes(db: Db) {
     }
 
     res.json({
-      ...redactCurrentUserValue(run),
+      ...redactCurrentUserValue(run, await getCurrentUserRedactionOptions()),
       agentId: agent.id,
       agentName: agent.name,
       adapterType: agent.adapterType,

server/src/routes/instance-settings.ts

@@ -1,6 +1,6 @@
 import { Router, type Request } from "express";
 import type { Db } from "@paperclipai/db";
-import { patchInstanceExperimentalSettingsSchema } from "@paperclipai/shared";
+import { patchInstanceExperimentalSettingsSchema, patchInstanceGeneralSettingsSchema } from "@paperclipai/shared";
 import { forbidden } from "../errors.js";
 import { validate } from "../middleware/validate.js";
 import { instanceSettingsService, logActivity } from "../services/index.js";
@@ -20,6 +20,41 @@ export function instanceSettingsRoutes(db: Db) {
   const router = Router();
   const svc = instanceSettingsService(db);
 
+  router.get("/instance/settings/general", async (req, res) => {
+    assertCanManageInstanceSettings(req);
+    res.json(await svc.getGeneral());
+  });
+
+  router.patch(
+    "/instance/settings/general",
+    validate(patchInstanceGeneralSettingsSchema),
+    async (req, res) => {
+      assertCanManageInstanceSettings(req);
+      const updated = await svc.updateGeneral(req.body);
+      const actor = getActorInfo(req);
+      const companyIds = await svc.listCompanyIds();
+      await Promise.all(
+        companyIds.map((companyId) =>
+          logActivity(db, {
+            companyId,
+            actorType: actor.actorType,
+            actorId: actor.actorId,
+            agentId: actor.agentId,
+            runId: actor.runId,
+            action: "instance.settings.general_updated",
+            entityType: "instance_settings",
+            entityId: updated.id,
+            details: {
+              general: updated.general,
+              changedKeys: Object.keys(req.body).sort(),
+            },
+          }),
+        ),
+      );
+      res.json(updated.general);
+    },
+  );
+
   router.get("/instance/settings/experimental", async (req, res) => {
     assertCanManageInstanceSettings(req);
     res.json(await svc.getExperimental());

server/src/services/activity-log.ts

@@ -8,6 +8,7 @@ import { redactCurrentUserValue } from "../log-redaction.js";
 import { sanitizeRecord } from "../redaction.js";
 import { logger } from "../middleware/logger.js";
 import type { PluginEventBus } from "./plugin-event-bus.js";
+import { instanceSettingsService } from "./instance-settings.js";
 
 const PLUGIN_EVENT_SET: ReadonlySet<string> = new Set(PLUGIN_EVENT_TYPES);
 
@@ -34,8 +35,13 @@ export interface LogActivityInput {
 }
 
 export async function logActivity(db: Db, input: LogActivityInput) {
+  const currentUserRedactionOptions = {
+    enabled: (await instanceSettingsService(db).getGeneral()).censorUsernameInLogs,
+  };
   const sanitizedDetails = input.details ? sanitizeRecord(input.details) : null;
-  const redactedDetails = sanitizedDetails ? redactCurrentUserValue(sanitizedDetails) : null;
+  const redactedDetails = sanitizedDetails
+    ? redactCurrentUserValue(sanitizedDetails, currentUserRedactionOptions)
+    : null;
   await db.insert(activityLog).values({
     companyId: input.companyId,
     actorType: input.actorType,

server/src/services/approvals.ts

@@ -6,22 +6,24 @@ import { redactCurrentUserText } from "../log-redaction.js";
 import { agentService } from "./agents.js";
 import { budgetService } from "./budgets.js";
 import { notifyHireApproved } from "./hire-hook.js";
-
+import { instanceSettingsService } from "./instance-settings.js";
-function redactApprovalComment<T extends { body: string }>(comment: T): T {
-  return {
-    ...comment,
-    body: redactCurrentUserText(comment.body),
-  };
-}
 
 export function approvalService(db: Db) {
   const agentsSvc = agentService(db);
   const budgets = budgetService(db);
+  const instanceSettings = instanceSettingsService(db);
   const canResolveStatuses = new Set(["pending", "revision_requested"]);
   const resolvableStatuses = Array.from(canResolveStatuses);
   type ApprovalRecord = typeof approvals.$inferSelect;
   type ResolutionResult = { approval: ApprovalRecord; applied: boolean };
 
+  function redactApprovalComment<T extends { body: string }>(comment: T, censorUsernameInLogs: boolean): T {
+    return {
+      ...comment,
+      body: redactCurrentUserText(comment.body, { enabled: censorUsernameInLogs }),
+    };
+  }
+
   async function getExistingApproval(id: string) {
     const existing = await db
       .select()
@@ -230,6 +232,7 @@ export function approvalService(db: Db) {
 
     listComments: async (approvalId: string) => {
       const existing = await getExistingApproval(approvalId);
+      const { censorUsernameInLogs } = await instanceSettings.getGeneral();
       return db
         .select()
         .from(approvalComments)
@@ -240,7 +243,7 @@ export function approvalService(db: Db) {
           ),
         )
         .orderBy(asc(approvalComments.createdAt))
-        .then((comments) => comments.map(redactApprovalComment));
+        .then((comments) => comments.map((comment) => redactApprovalComment(comment, censorUsernameInLogs)));
     },
 
     addComment: async (
@@ -249,7 +252,10 @@ export function approvalService(db: Db) {
       actor: { agentId?: string; userId?: string },
     ) => {
       const existing = await getExistingApproval(approvalId);
-      const redactedBody = redactCurrentUserText(body);
+      const currentUserRedactionOptions = {
+        enabled: (await instanceSettings.getGeneral()).censorUsernameInLogs,
+      };
+      const redactedBody = redactCurrentUserText(body, currentUserRedactionOptions);
       return db
         .insert(approvalComments)
         .values({
@@ -260,7 +266,7 @@ export function approvalService(db: Db) {
           body: redactedBody,
         })
         .returning()
-        .then((rows) => redactApprovalComment(rows[0]));
+        .then((rows) => redactApprovalComment(rows[0], currentUserRedactionOptions.enabled));
     },
   };
 }

server/src/services/heartbeat.ts

@@ -720,6 +720,9 @@ function resolveNextSessionState(input: {
 
 export function heartbeatService(db: Db) {
   const instanceSettings = instanceSettingsService(db);
+  const getCurrentUserRedactionOptions = async () => ({
+    enabled: (await instanceSettings.getGeneral()).censorUsernameInLogs,
+  });
 
   const runLogStore = getRunLogStore();
   const secretsSvc = secretService(db);
@@ -1318,8 +1321,13 @@ export function heartbeatService(db: Db) {
       payload?: Record<string, unknown>;
     },
   ) {
-    const sanitizedMessage = event.message ? redactCurrentUserText(event.message) : event.message;
+    const currentUserRedactionOptions = await getCurrentUserRedactionOptions();
-    const sanitizedPayload = event.payload ? redactCurrentUserValue(event.payload) : event.payload;
+    const sanitizedMessage = event.message
+      ? redactCurrentUserText(event.message, currentUserRedactionOptions)
+      : event.message;
+    const sanitizedPayload = event.payload
+      ? redactCurrentUserValue(event.payload, currentUserRedactionOptions)
+      : event.payload;
 
     await db.insert(heartbeatRunEvents).values({
       companyId: run.companyId,
@@ -2252,8 +2260,9 @@ export function heartbeatService(db: Db) {
         })
         .where(eq(heartbeatRuns.id, runId));
 
+      const currentUserRedactionOptions = await getCurrentUserRedactionOptions();
       const onLog = async (stream: "stdout" | "stderr", chunk: string) => {
-        const sanitizedChunk = redactCurrentUserText(chunk);
+        const sanitizedChunk = redactCurrentUserText(chunk, currentUserRedactionOptions);
         if (stream === "stdout") stdoutExcerpt = appendExcerpt(stdoutExcerpt, sanitizedChunk);
         if (stream === "stderr") stderrExcerpt = appendExcerpt(stderrExcerpt, sanitizedChunk);
         const ts = new Date().toISOString();
@@ -2503,6 +2512,7 @@ export function heartbeatService(db: Db) {
             ? null
             : redactCurrentUserText(
                 adapterResult.errorMessage ?? (outcome === "timed_out" ? "Timed out" : "Adapter failed"),
+                currentUserRedactionOptions,
               ),
         errorCode:
           outcome === "timed_out"
@@ -2570,7 +2580,10 @@ export function heartbeatService(db: Db) {
       }
       await finalizeAgentStatus(agent.id, outcome);
     } catch (err) {
-      const message = redactCurrentUserText(err instanceof Error ? err.message : "Unknown adapter failure");
+      const message = redactCurrentUserText(
+        err instanceof Error ? err.message : "Unknown adapter failure",
+        await getCurrentUserRedactionOptions(),
+      );
       logger.error({ err, runId }, "heartbeat execution failed");
 
       let logSummary: { bytes: number; sha256?: string; compressed: boolean } | null = null;
@@ -3608,7 +3621,7 @@ export function heartbeatService(db: Db) {
         store: run.logStore,
         logRef: run.logRef,
         ...result,
-        content: redactCurrentUserText(result.content),
+        content: redactCurrentUserText(result.content, await getCurrentUserRedactionOptions()),
       };
     },
 

server/src/services/instance-settings.ts

@@ -1,8 +1,11 @@
 import type { Db } from "@paperclipai/db";
 import { companies, instanceSettings } from "@paperclipai/db";
 import {
+  instanceGeneralSettingsSchema,
+  type InstanceGeneralSettings,
   instanceExperimentalSettingsSchema,
   type InstanceExperimentalSettings,
+  type PatchInstanceGeneralSettings,
   type InstanceSettings,
   type PatchInstanceExperimentalSettings,
 } from "@paperclipai/shared";
@@ -10,6 +13,18 @@ import { eq } from "drizzle-orm";
 
 const DEFAULT_SINGLETON_KEY = "default";
 
+function normalizeGeneralSettings(raw: unknown): InstanceGeneralSettings {
+  const parsed = instanceGeneralSettingsSchema.safeParse(raw ?? {});
+  if (parsed.success) {
+    return {
+      censorUsernameInLogs: parsed.data.censorUsernameInLogs ?? false,
+    };
+  }
+  return {
+    censorUsernameInLogs: false,
+  };
+}
+
 function normalizeExperimentalSettings(raw: unknown): InstanceExperimentalSettings {
   const parsed = instanceExperimentalSettingsSchema.safeParse(raw ?? {});
   if (parsed.success) {
@@ -25,6 +40,7 @@ function normalizeExperimentalSettings(raw: unknown): InstanceExperimentalSettin
 function toInstanceSettings(row: typeof instanceSettings.$inferSelect): InstanceSettings {
   return {
     id: row.id,
+    general: normalizeGeneralSettings(row.general),
     experimental: normalizeExperimentalSettings(row.experimental),
     createdAt: row.createdAt,
     updatedAt: row.updatedAt,
@@ -45,6 +61,7 @@ export function instanceSettingsService(db: Db) {
       .insert(instanceSettings)
       .values({
         singletonKey: DEFAULT_SINGLETON_KEY,
+        general: {},
         experimental: {},
         createdAt: now,
         updatedAt: now,
@@ -63,11 +80,34 @@ export function instanceSettingsService(db: Db) {
   return {
     get: async (): Promise<InstanceSettings> => toInstanceSettings(await getOrCreateRow()),
 
+    getGeneral: async (): Promise<InstanceGeneralSettings> => {
+      const row = await getOrCreateRow();
+      return normalizeGeneralSettings(row.general);
+    },
+
     getExperimental: async (): Promise<InstanceExperimentalSettings> => {
       const row = await getOrCreateRow();
       return normalizeExperimentalSettings(row.experimental);
     },
 
+    updateGeneral: async (patch: PatchInstanceGeneralSettings): Promise<InstanceSettings> => {
+      const current = await getOrCreateRow();
+      const nextGeneral = normalizeGeneralSettings({
+        ...normalizeGeneralSettings(current.general),
+        ...patch,
+      });
+      const now = new Date();
+      const [updated] = await db
+        .update(instanceSettings)
+        .set({
+          general: { ...nextGeneral },
+          updatedAt: now,
+        })
+        .where(eq(instanceSettings.id, current.id))
+        .returning();
+      return toInstanceSettings(updated ?? current);
+    },
+
     updateExperimental: async (patch: PatchInstanceExperimentalSettings): Promise<InstanceSettings> => {
       const current = await getOrCreateRow();
       const nextExperimental = normalizeExperimentalSettings({

server/src/services/issues.ts

@@ -97,13 +97,6 @@ type IssueUserContextInput = {
   updatedAt: Date | string;
 };
 
-function redactIssueComment<T extends { body: string }>(comment: T): T {
-  return {
-    ...comment,
-    body: redactCurrentUserText(comment.body),
-  };
-}
-
 function sameRunLock(checkoutRunId: string | null, actorRunId: string | null) {
   if (actorRunId) return checkoutRunId === actorRunId;
   return checkoutRunId == null;
@@ -320,6 +313,13 @@ function withActiveRuns(
 export function issueService(db: Db) {
   const instanceSettings = instanceSettingsService(db);
 
+  function redactIssueComment<T extends { body: string }>(comment: T, censorUsernameInLogs: boolean): T {
+    return {
+      ...comment,
+      body: redactCurrentUserText(comment.body, { enabled: censorUsernameInLogs }),
+    };
+  }
+
   async function assertAssignableAgent(companyId: string, agentId: string) {
     const assignee = await db
       .select({
@@ -1215,7 +1215,8 @@ export function issueService(db: Db) {
         );
 
       const comments = limit ? await query.limit(limit) : await query;
-      return comments.map(redactIssueComment);
+      const { censorUsernameInLogs } = await instanceSettings.getGeneral();
+      return comments.map((comment) => redactIssueComment(comment, censorUsernameInLogs));
     },
 
     getCommentCursor: async (issueId: string) => {
@@ -1247,14 +1248,15 @@ export function issueService(db: Db) {
     },
 
     getComment: (commentId: string) =>
-      db
+      instanceSettings.getGeneral().then(({ censorUsernameInLogs }) =>
+        db
         .select()
         .from(issueComments)
         .where(eq(issueComments.id, commentId))
         .then((rows) => {
           const comment = rows[0] ?? null;
-          return comment ? redactIssueComment(comment) : null;
+          return comment ? redactIssueComment(comment, censorUsernameInLogs) : null;
-        }),
+        })),
 
     addComment: async (issueId: string, body: string, actor: { agentId?: string; userId?: string }) => {
       const issue = await db
@@ -1265,7 +1267,10 @@ export function issueService(db: Db) {
 
       if (!issue) throw notFound("Issue not found");
 
-      const redactedBody = redactCurrentUserText(body);
+      const currentUserRedactionOptions = {
+        enabled: (await instanceSettings.getGeneral()).censorUsernameInLogs,
+      };
+      const redactedBody = redactCurrentUserText(body, currentUserRedactionOptions);
       const [comment] = await db
         .insert(issueComments)
         .values({
@@ -1283,7 +1288,7 @@ export function issueService(db: Db) {
         .set({ updatedAt: new Date() })
         .where(eq(issues.id, issueId));
 
-      return redactIssueComment(comment);
+      return redactIssueComment(comment, currentUserRedactionOptions.enabled);
     },
 
     createAttachment: async (input: {

server/src/services/workspace-operations.ts

@@ -5,6 +5,7 @@ import type { WorkspaceOperation, WorkspaceOperationPhase, WorkspaceOperationSta
 import { asc, desc, eq, inArray, isNull, or, and } from "drizzle-orm";
 import { notFound } from "../errors.js";
 import { redactCurrentUserText, redactCurrentUserValue } from "../log-redaction.js";
+import { instanceSettingsService } from "./instance-settings.js";
 import { getWorkspaceOperationLogStore } from "./workspace-operation-log-store.js";
 
 type WorkspaceOperationRow = typeof workspaceOperations.$inferSelect;
@@ -69,6 +70,7 @@ export interface WorkspaceOperationRecorder {
 }
 
 export function workspaceOperationService(db: Db) {
+  const instanceSettings = instanceSettingsService(db);
   const logStore = getWorkspaceOperationLogStore();
 
   async function getById(id: string) {
@@ -105,6 +107,9 @@ export function workspaceOperationService(db: Db) {
         },
 
         async recordOperation(recordInput) {
+          const currentUserRedactionOptions = {
+            enabled: (await instanceSettings.getGeneral()).censorUsernameInLogs,
+          };
           const startedAt = new Date();
           const id = randomUUID();
           const handle = await logStore.begin({
@@ -116,7 +121,7 @@ export function workspaceOperationService(db: Db) {
           let stderrExcerpt = "";
           const append = async (stream: "stdout" | "stderr" | "system", chunk: string | null | undefined) => {
             if (!chunk) return;
-            const sanitizedChunk = redactCurrentUserText(chunk);
+            const sanitizedChunk = redactCurrentUserText(chunk, currentUserRedactionOptions);
             if (stream === "stdout") stdoutExcerpt = appendExcerpt(stdoutExcerpt, sanitizedChunk);
             if (stream === "stderr") stderrExcerpt = appendExcerpt(stderrExcerpt, sanitizedChunk);
             await logStore.append(handle, {
@@ -137,7 +142,10 @@ export function workspaceOperationService(db: Db) {
             status: "running",
             logStore: handle.store,
             logRef: handle.logRef,
-            metadata: redactCurrentUserValue(recordInput.metadata ?? null) as Record<string, unknown> | null,
+            metadata: redactCurrentUserValue(
+              recordInput.metadata ?? null,
+              currentUserRedactionOptions,
+            ) as Record<string, unknown> | null,
             startedAt,
           });
           createdIds.push(id);
@@ -162,6 +170,7 @@ export function workspaceOperationService(db: Db) {
                 logCompressed: finalized.compressed,
                 metadata: redactCurrentUserValue(
                   combineMetadata(recordInput.metadata, result.metadata),
+                  currentUserRedactionOptions,
                 ) as Record<string, unknown> | null,
                 finishedAt,
                 updatedAt: finishedAt,
@@ -241,7 +250,9 @@ export function workspaceOperationService(db: Db) {
         store: operation.logStore,
         logRef: operation.logRef,
         ...result,
-        content: redactCurrentUserText(result.content),
+        content: redactCurrentUserText(result.content, {
+          enabled: (await instanceSettings.getGeneral()).censorUsernameInLogs,
+        }),
       };
     },
   };

ui/src/App.tsx

@@ -23,6 +23,7 @@ import { Activity } from "./pages/Activity";
 import { Inbox } from "./pages/Inbox";
 import { CompanySettings } from "./pages/CompanySettings";
 import { DesignGuide } from "./pages/DesignGuide";
+import { InstanceGeneralSettings } from "./pages/InstanceGeneralSettings";
 import { InstanceSettings } from "./pages/InstanceSettings";
 import { InstanceExperimentalSettings } from "./pages/InstanceExperimentalSettings";
 import { PluginManager } from "./pages/PluginManager";
@@ -171,7 +172,7 @@ function InboxRootRedirect() {
 
 function LegacySettingsRedirect() {
   const location = useLocation();
-  return <Navigate to={`/instance/settings/heartbeats${location.search}${location.hash}`} replace />;
+  return <Navigate to={`/instance/settings/general${location.search}${location.hash}`} replace />;
 }
 
 function OnboardingRoutePage() {
@@ -296,9 +297,10 @@ export function App() {
         <Route element={<CloudAccessGate />}>
           <Route index element={<CompanyRootRedirect />} />
           <Route path="onboarding" element={<OnboardingRoutePage />} />
-          <Route path="instance" element={<Navigate to="/instance/settings/heartbeats" replace />} />
+          <Route path="instance" element={<Navigate to="/instance/settings/general" replace />} />
           <Route path="instance/settings" element={<Layout />}>
-            <Route index element={<Navigate to="heartbeats" replace />} />
+            <Route index element={<Navigate to="general" replace />} />
+            <Route path="general" element={<InstanceGeneralSettings />} />
             <Route path="heartbeats" element={<InstanceSettings />} />
             <Route path="experimental" element={<InstanceExperimentalSettings />} />
             <Route path="plugins" element={<PluginManager />} />

ui/src/adapters/transcript.ts

@@ -2,6 +2,7 @@ import { redactHomePathUserSegments, redactTranscriptEntryPaths } from "@papercl
 import type { TranscriptEntry, StdoutLineParser } from "./types";
 
 export type RunLogChunk = { ts: string; stream: "stdout" | "stderr" | "system"; chunk: string };
+type TranscriptBuildOptions = { censorUsernameInLogs?: boolean };
 
 export function appendTranscriptEntry(entries: TranscriptEntry[], entry: TranscriptEntry) {
   if ((entry.kind === "thinking" || entry.kind === "assistant") && entry.delta) {
@@ -21,17 +22,22 @@ export function appendTranscriptEntries(entries: TranscriptEntry[], incoming: Tr
   }
 }
 
-export function buildTranscript(chunks: RunLogChunk[], parser: StdoutLineParser): TranscriptEntry[] {
+export function buildTranscript(
+  chunks: RunLogChunk[],
+  parser: StdoutLineParser,
+  opts?: TranscriptBuildOptions,
+): TranscriptEntry[] {
   const entries: TranscriptEntry[] = [];
   let stdoutBuffer = "";
+  const redactionOptions = { enabled: opts?.censorUsernameInLogs ?? true };
 
   for (const chunk of chunks) {
     if (chunk.stream === "stderr") {
-      entries.push({ kind: "stderr", ts: chunk.ts, text: redactHomePathUserSegments(chunk.chunk) });
+      entries.push({ kind: "stderr", ts: chunk.ts, text: redactHomePathUserSegments(chunk.chunk, redactionOptions) });
       continue;
     }
     if (chunk.stream === "system") {
-      entries.push({ kind: "system", ts: chunk.ts, text: redactHomePathUserSegments(chunk.chunk) });
+      entries.push({ kind: "system", ts: chunk.ts, text: redactHomePathUserSegments(chunk.chunk, redactionOptions) });
       continue;
     }
 
@@ -41,14 +47,14 @@ export function buildTranscript(chunks: RunLogChunk[], parser: StdoutLineParser)
     for (const line of lines) {
       const trimmed = line.trim();
       if (!trimmed) continue;
-      appendTranscriptEntries(entries, parser(trimmed, chunk.ts).map(redactTranscriptEntryPaths));
+      appendTranscriptEntries(entries, parser(trimmed, chunk.ts).map((entry) => redactTranscriptEntryPaths(entry, redactionOptions)));
     }
   }
 
   const trailing = stdoutBuffer.trim();
   if (trailing) {
     const ts = chunks.length > 0 ? chunks[chunks.length - 1]!.ts : new Date().toISOString();
-    appendTranscriptEntries(entries, parser(trailing, ts).map(redactTranscriptEntryPaths));
+    appendTranscriptEntries(entries, parser(trailing, ts).map((entry) => redactTranscriptEntryPaths(entry, redactionOptions)));
   }
 
   return entries;

ui/src/api/instanceSettings.ts

@@ -1,10 +1,16 @@
 import type {
   InstanceExperimentalSettings,
+  InstanceGeneralSettings,
+  PatchInstanceGeneralSettings,
   PatchInstanceExperimentalSettings,
 } from "@paperclipai/shared";
 import { api } from "./client";
 
 export const instanceSettingsApi = {
+  getGeneral: () =>
+    api.get<InstanceGeneralSettings>("/instance/settings/general"),
+  updateGeneral: (patch: PatchInstanceGeneralSettings) =>
+    api.patch<InstanceGeneralSettings>("/instance/settings/general", patch),
   getExperimental: () =>
     api.get<InstanceExperimentalSettings>("/instance/settings/experimental"),
   updateExperimental: (patch: PatchInstanceExperimentalSettings) =>

ui/src/components/InstanceSidebar.tsx

@@ -1,5 +1,5 @@
 import { useQuery } from "@tanstack/react-query";
-import { Clock3, FlaskConical, Puzzle, Settings } from "lucide-react";
+import { Clock3, FlaskConical, Puzzle, Settings, SlidersHorizontal } from "lucide-react";
 import { NavLink } from "@/lib/router";
 import { pluginsApi } from "@/api/plugins";
 import { queryKeys } from "@/lib/queryKeys";
@@ -22,6 +22,7 @@ export function InstanceSidebar() {
 
       <nav className="flex-1 min-h-0 overflow-y-auto scrollbar-auto-hide flex flex-col gap-4 px-3 py-2">
         <div className="flex flex-col gap-0.5">
+          <SidebarNavItem to="/instance/settings/general" label="General" icon={SlidersHorizontal} end />
           <SidebarNavItem to="/instance/settings/heartbeats" label="Heartbeats" icon={Clock3} end />
           <SidebarNavItem to="/instance/settings/experimental" label="Experimental" icon={FlaskConical} />
           <SidebarNavItem to="/instance/settings/plugins" label="Plugins" icon={Puzzle} />

ui/src/components/transcript/useLiveRunTranscripts.ts

@@ -1,7 +1,10 @@
 import { useEffect, useMemo, useRef, useState } from "react";
+import { useQuery } from "@tanstack/react-query";
 import type { LiveEvent } from "@paperclipai/shared";
+import { instanceSettingsApi } from "../../api/instanceSettings";
 import { heartbeatsApi, type LiveRunForIssue } from "../../api/heartbeats";
 import { buildTranscript, getUIAdapter, type RunLogChunk, type TranscriptEntry } from "../../adapters";
+import { queryKeys } from "../../lib/queryKeys";
 
 const LOG_POLL_INTERVAL_MS = 2000;
 const LOG_READ_LIMIT_BYTES = 256_000;
@@ -65,6 +68,10 @@ export function useLiveRunTranscripts({
   const seenChunkKeysRef = useRef(new Set<string>());
   const pendingLogRowsByRunRef = useRef(new Map<string, string>());
   const logOffsetByRunRef = useRef(new Map<string, number>());
+  const { data: generalSettings } = useQuery({
+    queryKey: queryKeys.instance.generalSettings,
+    queryFn: () => instanceSettingsApi.getGeneral(),
+  });
 
   const runById = useMemo(() => new Map(runs.map((run) => [run.id, run])), [runs]);
   const activeRunIds = useMemo(
@@ -267,12 +274,18 @@ export function useLiveRunTranscripts({
 
   const transcriptByRun = useMemo(() => {
     const next = new Map<string, TranscriptEntry[]>();
+    const censorUsernameInLogs = generalSettings?.censorUsernameInLogs === true;
     for (const run of runs) {
       const adapter = getUIAdapter(run.adapterType);
-      next.set(run.id, buildTranscript(chunksByRun.get(run.id) ?? [], adapter.parseStdoutLine));
+      next.set(
+        run.id,
+        buildTranscript(chunksByRun.get(run.id) ?? [], adapter.parseStdoutLine, {
+          censorUsernameInLogs,
+        }),
+      );
     }
     return next;
-  }, [chunksByRun, runs]);
+  }, [chunksByRun, generalSettings?.censorUsernameInLogs, runs]);
 
   return {
     transcriptByRun,

ui/src/lib/instance-settings.test.ts

@@ -6,6 +6,9 @@ import {
 
 describe("normalizeRememberedInstanceSettingsPath", () => {
   it("keeps known instance settings pages", () => {
+    expect(normalizeRememberedInstanceSettingsPath("/instance/settings/general")).toBe(
+      "/instance/settings/general",
+    );
     expect(normalizeRememberedInstanceSettingsPath("/instance/settings/experimental")).toBe(
       "/instance/settings/experimental",
     );

ui/src/lib/instance-settings.ts

@@ -1,4 +1,4 @@
-export const DEFAULT_INSTANCE_SETTINGS_PATH = "/instance/settings/heartbeats";
+export const DEFAULT_INSTANCE_SETTINGS_PATH = "/instance/settings/general";
 
 export function normalizeRememberedInstanceSettingsPath(rawPath: string | null): string {
   if (!rawPath) return DEFAULT_INSTANCE_SETTINGS_PATH;
@@ -9,6 +9,7 @@ export function normalizeRememberedInstanceSettingsPath(rawPath: string | null):
   const hash = match?.[3] ?? "";
 
   if (
+    pathname === "/instance/settings/general" ||
     pathname === "/instance/settings/heartbeats" ||
     pathname === "/instance/settings/plugins" ||
     pathname === "/instance/settings/experimental"

ui/src/lib/queryKeys.ts

@@ -68,6 +68,7 @@ export const queryKeys = {
     session: ["auth", "session"] as const,
   },
   instance: {
+    generalSettings: ["instance", "general-settings"] as const,
     schedulerHeartbeats: ["instance", "scheduler-heartbeats"] as const,
     experimentalSettings: ["instance", "experimental-settings"] as const,
   },

ui/src/pages/AgentDetail.tsx

@@ -10,6 +10,7 @@ import {
 } from "../api/agents";
 import { budgetsApi } from "../api/budgets";
 import { heartbeatsApi } from "../api/heartbeats";
+import { instanceSettingsApi } from "../api/instanceSettings";
 import { ApiError } from "../api/client";
 import { ChartCard, RunActivityChart, PriorityChart, IssueStatusChart, SuccessRateChart } from "../components/ActivityCharts";
 import { activityApi } from "../api/activity";
@@ -95,13 +96,21 @@ const SECRET_ENV_KEY_RE =
   /(api[-_]?key|access[-_]?token|auth(?:_?token)?|authorization|bearer|secret|passwd|password|credential|jwt|private[-_]?key|cookie|connectionstring)/i;
 const JWT_VALUE_RE = /^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+(?:\.[A-Za-z0-9_-]+)?$/;
 
+function redactPathText(value: string, censorUsernameInLogs: boolean) {
+  return redactHomePathUserSegments(value, { enabled: censorUsernameInLogs });
+}
+
+function redactPathValue<T>(value: T, censorUsernameInLogs: boolean): T {
+  return redactHomePathUserSegmentsInValue(value, { enabled: censorUsernameInLogs });
+}
+
 function shouldRedactSecretValue(key: string, value: unknown): boolean {
   if (SECRET_ENV_KEY_RE.test(key)) return true;
   if (typeof value !== "string") return false;
   return JWT_VALUE_RE.test(value);
 }
 
-function redactEnvValue(key: string, value: unknown): string {
+function redactEnvValue(key: string, value: unknown, censorUsernameInLogs: boolean): string {
   if (
     typeof value === "object" &&
     value !== null &&
@@ -112,15 +121,15 @@ function redactEnvValue(key: string, value: unknown): string {
   }
   if (shouldRedactSecretValue(key, value)) return REDACTED_ENV_VALUE;
   if (value === null || value === undefined) return "";
-  if (typeof value === "string") return redactHomePathUserSegments(value);
+  if (typeof value === "string") return redactPathText(value, censorUsernameInLogs);
   try {
-    return JSON.stringify(redactHomePathUserSegmentsInValue(value));
+    return JSON.stringify(redactPathValue(value, censorUsernameInLogs));
   } catch {
-    return redactHomePathUserSegments(String(value));
+    return redactPathText(String(value), censorUsernameInLogs);
   }
 }
 
-function formatEnvForDisplay(envValue: unknown): string {
+function formatEnvForDisplay(envValue: unknown, censorUsernameInLogs: boolean): string {
   const env = asRecord(envValue);
   if (!env) return "<unable-to-parse>";
 
@@ -129,7 +138,7 @@ function formatEnvForDisplay(envValue: unknown): string {
 
   return keys
     .sort()
-    .map((key) => `${key}=${redactEnvValue(key, env[key])}`)
+    .map((key) => `${key}=${redactEnvValue(key, env[key], censorUsernameInLogs)}`)
     .join("\n");
 }
 
@@ -311,7 +320,13 @@ function WorkspaceOperationStatusBadge({ status }: { status: WorkspaceOperation[
   );
 }
 
-function WorkspaceOperationLogViewer({ operation }: { operation: WorkspaceOperation }) {
+function WorkspaceOperationLogViewer({
+  operation,
+  censorUsernameInLogs,
+}: {
+  operation: WorkspaceOperation;
+  censorUsernameInLogs: boolean;
+}) {
   const [open, setOpen] = useState(false);
   const { data: logData, isLoading, error } = useQuery({
     queryKey: ["workspace-operation-log", operation.id],
@@ -364,7 +379,7 @@ function WorkspaceOperationLogViewer({ operation }: { operation: WorkspaceOperat
                   >
                     [{chunk.stream}]
                   </span>
-                  <span className="whitespace-pre-wrap break-all">{redactHomePathUserSegments(chunk.chunk)}</span>
+                  <span className="whitespace-pre-wrap break-all">{redactPathText(chunk.chunk, censorUsernameInLogs)}</span>
                 </div>
               ))}
             </div>
@@ -375,7 +390,13 @@ function WorkspaceOperationLogViewer({ operation }: { operation: WorkspaceOperat
   );
 }
 
-function WorkspaceOperationsSection({ operations }: { operations: WorkspaceOperation[] }) {
+function WorkspaceOperationsSection({
+  operations,
+  censorUsernameInLogs,
+}: {
+  operations: WorkspaceOperation[];
+  censorUsernameInLogs: boolean;
+}) {
   if (operations.length === 0) return null;
 
   return (
@@ -440,7 +461,7 @@ function WorkspaceOperationsSection({ operations }: { operations: WorkspaceOpera
                 <div>
                   <div className="mb-1 text-xs text-red-700 dark:text-red-300">stderr excerpt</div>
                   <pre className="rounded-md bg-red-50 p-2 text-xs whitespace-pre-wrap break-all text-red-800 dark:bg-neutral-950 dark:text-red-100">
-                    {redactHomePathUserSegments(operation.stderrExcerpt)}
+                    {redactPathText(operation.stderrExcerpt, censorUsernameInLogs)}
                   </pre>
                 </div>
               )}
@@ -448,11 +469,16 @@ function WorkspaceOperationsSection({ operations }: { operations: WorkspaceOpera
                 <div>
                   <div className="mb-1 text-xs text-muted-foreground">stdout excerpt</div>
                   <pre className="rounded-md bg-neutral-100 p-2 text-xs whitespace-pre-wrap break-all dark:bg-neutral-950">
-                    {redactHomePathUserSegments(operation.stdoutExcerpt)}
+                    {redactPathText(operation.stdoutExcerpt, censorUsernameInLogs)}
                   </pre>
                 </div>
               )}
-              {operation.logRef && <WorkspaceOperationLogViewer operation={operation} />}
+              {operation.logRef && (
+                <WorkspaceOperationLogViewer
+                  operation={operation}
+                  censorUsernameInLogs={censorUsernameInLogs}
+                />
+              )}
             </div>
           );
         })}
@@ -2472,13 +2498,21 @@ function LogViewer({ run, adapterType }: { run: HeartbeatRun; adapterType: strin
     };
   }, [isLive, run.companyId, run.id, run.agentId]);
 
+  const censorUsernameInLogs = useQuery({
+    queryKey: queryKeys.instance.generalSettings,
+    queryFn: () => instanceSettingsApi.getGeneral(),
+  }).data?.censorUsernameInLogs === true;
+
   const adapterInvokePayload = useMemo(() => {
     const evt = events.find((e) => e.eventType === "adapter.invoke");
-    return redactHomePathUserSegmentsInValue(asRecord(evt?.payload ?? null));
+    return redactPathValue(asRecord(evt?.payload ?? null), censorUsernameInLogs);
-  }, [events]);
+  }, [censorUsernameInLogs, events]);
 
   const adapter = useMemo(() => getUIAdapter(adapterType), [adapterType]);
-  const transcript = useMemo(() => buildTranscript(logLines, adapter.parseStdoutLine), [logLines, adapter]);
+  const transcript = useMemo(
+    () => buildTranscript(logLines, adapter.parseStdoutLine, { censorUsernameInLogs }),
+    [adapter, censorUsernameInLogs, logLines],
+  );
 
   useEffect(() => {
     setTranscriptMode("nice");
@@ -2506,7 +2540,10 @@ function LogViewer({ run, adapterType }: { run: HeartbeatRun; adapterType: strin
 
   return (
     <div className="space-y-3">
-      <WorkspaceOperationsSection operations={workspaceOperations} />
+      <WorkspaceOperationsSection
+        operations={workspaceOperations}
+        censorUsernameInLogs={censorUsernameInLogs}
+      />
       {adapterInvokePayload && (
         <div className="rounded-lg border border-border bg-background/60 p-3 space-y-2">
           <div className="text-xs font-medium text-muted-foreground">Invocation</div>
@@ -2548,8 +2585,8 @@ function LogViewer({ run, adapterType }: { run: HeartbeatRun; adapterType: strin
               <div className="text-xs text-muted-foreground mb-1">Prompt</div>
               <pre className="bg-neutral-100 dark:bg-neutral-950 rounded-md p-2 text-xs overflow-x-auto whitespace-pre-wrap">
                 {typeof adapterInvokePayload.prompt === "string"
-                  ? redactHomePathUserSegments(adapterInvokePayload.prompt)
+                  ? redactPathText(adapterInvokePayload.prompt, censorUsernameInLogs)
-                  : JSON.stringify(redactHomePathUserSegmentsInValue(adapterInvokePayload.prompt), null, 2)}
+                  : JSON.stringify(redactPathValue(adapterInvokePayload.prompt, censorUsernameInLogs), null, 2)}
               </pre>
             </div>
           )}
@@ -2557,7 +2594,7 @@ function LogViewer({ run, adapterType }: { run: HeartbeatRun; adapterType: strin
             <div>
               <div className="text-xs text-muted-foreground mb-1">Context</div>
               <pre className="bg-neutral-100 dark:bg-neutral-950 rounded-md p-2 text-xs overflow-x-auto whitespace-pre-wrap">
-                {JSON.stringify(redactHomePathUserSegmentsInValue(adapterInvokePayload.context), null, 2)}
+                {JSON.stringify(redactPathValue(adapterInvokePayload.context, censorUsernameInLogs), null, 2)}
               </pre>
             </div>
           )}
@@ -2565,7 +2602,7 @@ function LogViewer({ run, adapterType }: { run: HeartbeatRun; adapterType: strin
             <div>
               <div className="text-xs text-muted-foreground mb-1">Environment</div>
               <pre className="bg-neutral-100 dark:bg-neutral-950 rounded-md p-2 text-xs overflow-x-auto whitespace-pre-wrap font-mono">
-                {formatEnvForDisplay(adapterInvokePayload.env)}
+                {formatEnvForDisplay(adapterInvokePayload.env, censorUsernameInLogs)}
               </pre>
             </div>
           )}
@@ -2641,14 +2678,14 @@ function LogViewer({ run, adapterType }: { run: HeartbeatRun; adapterType: strin
           {run.error && (
             <div className="text-xs text-red-600 dark:text-red-200">
               <span className="text-red-700 dark:text-red-300">Error: </span>
-              {redactHomePathUserSegments(run.error)}
+              {redactPathText(run.error, censorUsernameInLogs)}
             </div>
           )}
           {run.stderrExcerpt && run.stderrExcerpt.trim() && (
             <div>
               <div className="text-xs text-red-700 dark:text-red-300 mb-1">stderr excerpt</div>
               <pre className="bg-red-50 dark:bg-neutral-950 rounded-md p-2 text-xs overflow-x-auto whitespace-pre-wrap text-red-800 dark:text-red-100">
-                {redactHomePathUserSegments(run.stderrExcerpt)}
+                {redactPathText(run.stderrExcerpt, censorUsernameInLogs)}
               </pre>
             </div>
           )}
@@ -2656,7 +2693,7 @@ function LogViewer({ run, adapterType }: { run: HeartbeatRun; adapterType: strin
             <div>
               <div className="text-xs text-red-700 dark:text-red-300 mb-1">adapter result JSON</div>
               <pre className="bg-red-50 dark:bg-neutral-950 rounded-md p-2 text-xs overflow-x-auto whitespace-pre-wrap text-red-800 dark:text-red-100">
-                {JSON.stringify(redactHomePathUserSegmentsInValue(run.resultJson), null, 2)}
+                {JSON.stringify(redactPathValue(run.resultJson, censorUsernameInLogs), null, 2)}
               </pre>
             </div>
           )}
@@ -2664,7 +2701,7 @@ function LogViewer({ run, adapterType }: { run: HeartbeatRun; adapterType: strin
             <div>
               <div className="text-xs text-red-700 dark:text-red-300 mb-1">stdout excerpt</div>
               <pre className="bg-red-50 dark:bg-neutral-950 rounded-md p-2 text-xs overflow-x-auto whitespace-pre-wrap text-red-800 dark:text-red-100">
-                {redactHomePathUserSegments(run.stdoutExcerpt)}
+                {redactPathText(run.stdoutExcerpt, censorUsernameInLogs)}
               </pre>
             </div>
           )}
@@ -2691,9 +2728,9 @@ function LogViewer({ run, adapterType }: { run: HeartbeatRun; adapterType: strin
                   </span>
                   <span className={cn("break-all", color)}>
                     {evt.message
-                      ? redactHomePathUserSegments(evt.message)
+                      ? redactPathText(evt.message, censorUsernameInLogs)
                       : evt.payload
-                        ? JSON.stringify(redactHomePathUserSegmentsInValue(evt.payload))
+                        ? JSON.stringify(redactPathValue(evt.payload, censorUsernameInLogs))
                         : ""}
                   </span>
                 </div>

ui/src/pages/InstanceGeneralSettings.tsx

@@ -0,0 +1,101 @@
+import { useEffect, useState } from "react";
+import { useMutation, useQuery, useQueryClient } from "@tanstack/react-query";
+import { SlidersHorizontal } from "lucide-react";
+import { instanceSettingsApi } from "@/api/instanceSettings";
+import { useBreadcrumbs } from "../context/BreadcrumbContext";
+import { queryKeys } from "../lib/queryKeys";
+import { cn } from "../lib/utils";
+
+export function InstanceGeneralSettings() {
+  const { setBreadcrumbs } = useBreadcrumbs();
+  const queryClient = useQueryClient();
+  const [actionError, setActionError] = useState<string | null>(null);
+
+  useEffect(() => {
+    setBreadcrumbs([
+      { label: "Instance Settings" },
+      { label: "General" },
+    ]);
+  }, [setBreadcrumbs]);
+
+  const generalQuery = useQuery({
+    queryKey: queryKeys.instance.generalSettings,
+    queryFn: () => instanceSettingsApi.getGeneral(),
+  });
+
+  const toggleMutation = useMutation({
+    mutationFn: async (enabled: boolean) =>
+      instanceSettingsApi.updateGeneral({ censorUsernameInLogs: enabled }),
+    onSuccess: async () => {
+      setActionError(null);
+      await queryClient.invalidateQueries({ queryKey: queryKeys.instance.generalSettings });
+    },
+    onError: (error) => {
+      setActionError(error instanceof Error ? error.message : "Failed to update general settings.");
+    },
+  });
+
+  if (generalQuery.isLoading) {
+    return <div className="text-sm text-muted-foreground">Loading general settings...</div>;
+  }
+
+  if (generalQuery.error) {
+    return (
+      <div className="text-sm text-destructive">
+        {generalQuery.error instanceof Error
+          ? generalQuery.error.message
+          : "Failed to load general settings."}
+      </div>
+    );
+  }
+
+  const censorUsernameInLogs = generalQuery.data?.censorUsernameInLogs === true;
+
+  return (
+    <div className="max-w-4xl space-y-6">
+      <div className="space-y-2">
+        <div className="flex items-center gap-2">
+          <SlidersHorizontal className="h-5 w-5 text-muted-foreground" />
+          <h1 className="text-lg font-semibold">General</h1>
+        </div>
+        <p className="text-sm text-muted-foreground">
+          Configure instance-wide defaults that affect how operator-visible logs are displayed.
+        </p>
+      </div>
+
+      {actionError && (
+        <div className="rounded-md border border-destructive/40 bg-destructive/5 px-3 py-2 text-sm text-destructive">
+          {actionError}
+        </div>
+      )}
+
+      <section className="rounded-xl border border-border bg-card p-5">
+        <div className="flex items-start justify-between gap-4">
+          <div className="space-y-1.5">
+            <h2 className="text-sm font-semibold">Censor username in logs</h2>
+            <p className="max-w-2xl text-sm text-muted-foreground">
+              Hide the username segment in home-directory paths and similar log output. This is off by default.
+            </p>
+          </div>
+          <button
+            type="button"
+            aria-label="Toggle username log censoring"
+            disabled={toggleMutation.isPending}
+            className={cn(
+              "relative inline-flex h-6 w-11 items-center rounded-full transition-colors disabled:cursor-not-allowed disabled:opacity-60",
+              censorUsernameInLogs ? "bg-green-600" : "bg-muted",
+            )}
+            onClick={() => toggleMutation.mutate(!censorUsernameInLogs)}
+          >
+            <span
+              className={cn(
+                "inline-block h-4.5 w-4.5 rounded-full bg-white transition-transform",
+                censorUsernameInLogs ? "translate-x-6" : "translate-x-0.5",
+              )}
+            />
+          </button>
+        </div>
+      </section>
+    </div>
+  );
+}