[codex] Redact agent awareness relay diagnostics#3410
Conversation
Co-authored-by: codex <codex@users.noreply.github.com>
|
Important Review skippedAuto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
github-actions
Bot
added
vouch:trusted
![macroscopeapp[bot]](https://avatars.githubusercontent.com/in/900172?s=60&v=4){kind=small}
ApprovabilityVerdict: Approved Security improvement that redacts sensitive data (URL credentials, error details) from log attributes. Changes are well-tested, self-contained to logging behavior, and don't affect core business logic. You can customize Macroscope's approvability policy. Learn more. |
juliusmarminge
merged commit e445dc2
into
codex/redact-dpop-request-target
Co-authored-by: codex <codex@users.noreply.github.com>
Co-authored-by: codex <codex@users.noreply.github.com>
Co-authored-by: codex <codex@users.noreply.github.com>
Co-authored-by: codex <codex@users.noreply.github.com>
Co-authored-by: codex <codex@users.noreply.github.com>
Co-authored-by: codex <codex@users.noreply.github.com>
Co-authored-by: codex <codex@users.noreply.github.com>
Co-authored-by: codex <codex@users.noreply.github.com>
Co-authored-by: codex <codex@users.noreply.github.com>
Co-authored-by: codex <codex@users.noreply.github.com>
1 participant
Issue
Agent-awareness diagnostics exposed the complete configured relay URL, including any embedded credentials, path, query, and fragment. Publish failures also rendered the complete Effect cause into log attributes, which could serialize nested response bodies, defects, and other sensitive details.
Root cause
The relay service passed configuration and
Cause.prettyoutput directly to the logger instead of projecting them into bounded structural diagnostics.Fix
catchCauseat this boundary because the background publisher intentionally handles typed failures, defects, and interruptions together; the change does not construct or replace any cause.This PR is stacked on #3403, which introduces the shared URL diagnostic helper.
Validation
vp test apps/server/src/relay/AgentAwarenessRelay.test.ts(13 tests)vp checkvp run typecheckFocused regression tests use sentinel credentials, path, query, fragment, nested failure detail, and defect detail to verify none reach the projected log attributes.
Note
Low Risk
Logging-only change in the relay publisher; behavior and error handling boundaries are unchanged aside from what gets written to logs.
Overview
Agent-awareness relay logging no longer emits full relay URLs or serialized Effect causes.
Relay URL logging now goes through
relayUrlLogAttributes, which uses sharedgetUrlDiagnosticsso logs only record whether a URL is configured, input length, protocol, and hostname—credentials, path, query, and fragment are omitted from startup and reconciliation info logs.Publish failure logging replaces
Cause.pretty(cause)withrelayPublishCauseLogAttributes, which records reason/failure/defect/interruption counts and deduplicated_tagvalues from typed failures, without embedding nested error bodies or defect messages.Regression tests assert sentinel secrets and private failure/defect strings never appear in the projected attribute payloads.
Reviewed by Cursor Bugbot for commit dd68a77. Bugbot is set up for automated code reviews on this repo. Configure here.
Note
Redact relay URL and cause details in
AgentAwarenessRelaylogsrelayUrlLogAttributesto replace raw relay URL strings in logs with safe attributes: configured flag, input length, protocol, and hostname.relayPublishCauseLogAttributesto replaceCause.prettystrings with structured summaries: reason counts by type and aggregated failure tags.AgentAwarenessRelay.makefor startup, enablement, andpublishThreaderror logging.Macroscope summarized dd68a77.