Skip to content

chore: 149 - Avoid logging secrets or private local paths unnecessarily#260

Open
Exohayvan wants to merge 1 commit into
mainfrom
ai/roadmap-step-1-149-20260716-181312
Open

chore: 149 - Avoid logging secrets or private local paths unnecessarily#260
Exohayvan wants to merge 1 commit into
mainfrom
ai/roadmap-step-1-149-20260716-181312

Conversation

@Exohayvan

Copy link
Copy Markdown
Contributor

Roadmap step

phase-1/step-149: Step 149 - Avoid logging secrets or private local paths unnecessarily

Objective

Complete the selected roadmap step using only the programmatically selected step details.

Selected step

# Step 149 - Avoid logging secrets or private local paths unnecessarily

## Source Checklist Item
- [ ] Avoid logging secrets or private local paths unnecessarily.

## Goal
Ensure Phase 1 audit logs are useful for validation and debugging without exposing credentials, private filesystem layout, API keys, node-local configuration, or unnecessary personal machine details. Logs should preserve AetherMesh accountability signals such as creator node ID, manifests, validation receipts, lineage, and contribution attribution, but only in intentionally safe forms.

## Implementation Checklist
- [ ] Define a small log-safety policy for audit events covering secrets, tokens, private keys, absolute local paths, home directories, environment variables, and raw request payloads.
- [ ] Add a centralized sanitization helper used before writing audit log entries.
- [ ] Redact known sensitive keys by name, including token, secret, password, privateKey, apiKey, seed, credential, and authorization.
- [ ] Replace private absolute paths with safe labels or relative project paths when the path is not required for validation.
- [ ] Allow safe identifiers needed for attribution, such as creator node ID, work IDs, manifest hashes, validation receipt IDs, lineage IDs, and contribution IDs.
- [ ] Make audit event schemas prefer hashes, IDs, and short summaries over raw local content.

## Required Tests Or Verification
- [ ] Add tests showing secrets are redacted from audit log output.
- [ ] Add tests showing private absolute local paths are not emitted unnecessarily.
- [ ] Add tests showing creator node ID, manifest references, validation receipts, lineage, and contribution attribution remain present when relevant.
- [ ] Manually inspect a sample audit log and confirm it is useful without leaking private local details.

## Risks
- [ ] Over-redaction could make validation receipts or lineage harder to debug.
- [ ] Under-redaction could leak local secrets into persistent logs.
- [ ] Inconsistent logging call sites could bypass sanitization.

## Done When
- [ ] Audit logs consistently pass through sanitization.
- [ ] Tests prove secrets and unnecessary private paths are excluded.
- [ ] Required attribution and validation fields remain available for local-first verification.

Changes

6c8fd8f chore: complete phase-1 step-149
 docs/local-audit-event-schema.md         | 10 +++++-
 src/aethermesh_core/local_audit_event.py | 60 +++++++++++++++++++++++++++++++-
 tests/test_local_audit_event.py          | 53 ++++++++++++++++++++++++++++
 3 files changed, 121 insertions(+), 2 deletions(-)

Validation

  • PYTHONDONTWRITEBYTECODE=1 python3 scripts/full_test.py --mode fast --base origin/main --keep-going

Safety notes

  • Roadmap selection was performed by the Python loop, not by the AI agent.
  • No force push used.
  • No hard reset used.
  • Local automation paths are intentionally omitted.

@Exohayvan Exohayvan added area:audit-logging Area: generated triage label for audit logging. priority:P2 Priority P2: high-impact near-term work. risk:high Risk: changes critical working behavior or release/runtime paths. system:runtime System: local node runtime/service lifecycle. type:maintenance Type: maintenance, cleanup, refactor, or dependency work. labels Jul 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:audit-logging Area: generated triage label for audit logging. priority:P2 Priority P2: high-impact near-term work. risk:high Risk: changes critical working behavior or release/runtime paths. system:runtime System: local node runtime/service lifecycle. type:maintenance Type: maintenance, cleanup, refactor, or dependency work.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant