Last reviewed against v0.9.0
source:
app_http_magellan.go, app_db_magellan.go, frontend/src/components/AI/ Attached context
Tool-output attachment, visible pills, secret redaction. HTTP request always; HTTP response opt-in.
Magellan only sees what you select. Every chat turn shows a pill row of attached context above the message:
- Terminal output
- HTTP request snapshot
- HTTP response (opt-in per send)
- DB query / result
- DB Health snapshot
- Document body
Pills are visible before send so you know exactly what’s leaving your machine.
Redaction
Secret redaction strips before send:
- Obvious passwords
- Tokens
- OAuth client-secrets
- AWS secret-access-keys
Secret env-var values are listed by key only — the value never goes out.
HTTP context — request vs response
- Request — automatic; the URL, method, headers, and body shape attach
- Response — opt-in per send; the response body is a PII boundary