mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
fix/matrix-native-binary
stack/docs/scratchpads/188-sanitize-discord-logs.md
Jason Woltje 12abdfe81d feat(#93): implement agent spawn via federation 
Implements FED-010: Agent Spawn via Federation feature that enables
spawning and managing Claude agents on remote federated Mosaic Stack
instances via COMMAND message type.

Features:
- Federation agent command types (spawn, status, kill)
- FederationAgentService for handling agent operations
- Integration with orchestrator's agent spawner/lifecycle services
- API endpoints for spawning, querying status, and killing agents
- Full command routing through federation COMMAND infrastructure
- Comprehensive test coverage (12/12 tests passing)

Architecture:
- Hub → Spoke: Spawn agents on remote instances
- Command flow: FederationController → FederationAgentService →
  CommandService → Remote Orchestrator
- Response handling: Remote orchestrator returns agent status/results
- Security: Connection validation, signature verification

Files created:
- apps/api/src/federation/types/federation-agent.types.ts
- apps/api/src/federation/federation-agent.service.ts
- apps/api/src/federation/federation-agent.service.spec.ts

Files modified:
- apps/api/src/federation/command.service.ts (agent command routing)
- apps/api/src/federation/federation.controller.ts (agent endpoints)
- apps/api/src/federation/federation.module.ts (service registration)
- apps/orchestrator/src/api/agents/agents.controller.ts (status endpoint)
- apps/orchestrator/src/api/agents/agents.module.ts (lifecycle integration)

Testing:
- 12/12 tests passing for FederationAgentService
- All command service tests passing
- TypeScript compilation successful
- Linting passed

Refs #93

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-03 14:37:06 -06:00

191 lines
6.1 KiB
Markdown
Raw Permalink Blame History

# Issue #188: Sanitize Discord error logs to prevent secret exposure
## Objective
Implement log sanitization in Discord error logging to prevent exposure of sensitive information including API keys, tokens, credentials, and PII.
## Security Context
- **Priority**: P1 SECURITY
- **Risk**: Credential leakage through logs
- **Impact**: Could expose authentication tokens, API keys, passwords to unauthorized parties
## Approach
1. **Discovery Phase**: Locate all Discord logging points
2. **Test Phase**: Write tests for log sanitization (TDD)
3. **Implementation Phase**: Create sanitization utility
4. **Integration Phase**: Apply sanitization to Discord logging
5. **Verification Phase**: Ensure all tests pass with ≥85% coverage
## Progress
- [x] Create scratchpad
- [x] Locate Discord error logging code
- [x] Identify sensitive data patterns to redact
- [x] Write tests for log sanitization (TDD RED phase)
- [x] Implement sanitization utility (TDD GREEN phase)
- [x] Integrate with Discord service
- [x] Refactor for quality (TDD REFACTOR phase)
- [x] Verify test coverage ≥85%
- [x] Security review
- [x] Implementation complete (commit pending due to pre-existing lint issues in @mosaic/api package)
## Discovery
### Sensitive Data to Redact
1. **Authentication**: API keys, tokens, bearer tokens
2. **Headers**: Authorization headers, API key headers
3. **Credentials**: Passwords, secrets, client secrets
4. **Database**: Connection strings, database passwords
5. **PII**: Email addresses, user names, phone numbers
6. **Identifiers**: Workspace IDs (if considered sensitive)
### Logging Points Found
- **discord.service.ts:84** - `this.logger.error("Discord client error:", error)`
- This logs raw error objects which may contain sensitive data
- Error objects from Discord.js may contain authentication tokens
- Error stack traces may reveal environment variables or configuration
### Implementation Plan
1. Create `apps/api/src/common/utils/log-sanitizer.ts`
2. Create `apps/api/src/common/utils/log-sanitizer.spec.ts` (TDD - tests first)
3. Implement sanitization patterns:
- Redact tokens, API keys, passwords
- Redact authorization headers
- Redact connection strings
- Redact email addresses
- Deep scan objects and arrays
4. Apply to Discord error logging
5. Export from common/utils/index.ts
## Testing
TDD approach:
1. RED - Write failing tests for sanitization
2. GREEN - Implement minimal sanitization logic
3. REFACTOR - Improve code quality
Test cases:
- Sanitize string with API key
- Sanitize string with bearer token
- Sanitize string with password
- Sanitize object with nested secrets
- Sanitize array with secrets
- Sanitize error objects
- Preserve non-sensitive data
- Handle null/undefined inputs
- Sanitize connection strings
- Sanitize email addresses
## Implementation Summary
### Files Created
1. `/home/localadmin/src/mosaic-stack/apps/api/src/common/utils/log-sanitizer.ts` - Core sanitization utility
2. `/home/localadmin/src/mosaic-stack/apps/api/src/common/utils/log-sanitizer.spec.ts` - Comprehensive test suite (32 tests)
### Files Modified
1. `/home/localadmin/src/mosaic-stack/apps/api/src/common/utils/index.ts` - Export sanitization function
2. `/home/localadmin/src/mosaic-stack/apps/api/src/bridge/discord/discord.service.ts` - Integrate sanitization
3. `/home/localadmin/src/mosaic-stack/apps/api/src/bridge/discord/discord.service.spec.ts` - Add security tests
### Test Results
- **Log Sanitizer Tests**: 32/32 passed (100%)
- **Discord Service Tests**: 25/25 passed (100%)
- **Code Coverage**: 97.43% (exceeds 85% requirement)
### Security Patterns Implemented
The sanitizer detects and redacts:
1. API keys (sk*live*_, pk*test*_)
2. Bearer tokens
3. Discord bot tokens (specific format)
4. JWT tokens
5. Basic authentication tokens
6. Email addresses
7. Database connection string passwords
8. Environment variable style secrets (KEY=value)
9. Quoted passwords and secrets
10. Generic tokens in text
### Key Features
- Deep object traversal (handles nested objects and arrays)
- Circular reference detection
- Error object handling (preserves Error structure)
- Date object preservation
- Performance optimized (handles 1000+ key objects in <100ms)
- Maintains non-sensitive data (status codes, error types, etc.)
## Security Review
### Threat Model
**Before**: Discord error logging could expose:
- Bot authentication tokens
- API keys in error messages
- User credentials from failed authentication
- Database connection strings
- Environment variable values
**After**: All sensitive patterns are automatically redacted before logging.
### Validation
Tested scenarios:
1. ✅ Discord bot token in error message → Redacted
2. ✅ API keys in error objects → Redacted
3. ✅ Authorization headers → Redacted
4. ✅ Nested secrets in error.config → Redacted
5. ✅ Non-sensitive error data → Preserved
### Risk Assessment
- **Pre-mitigation**: P1 - Critical (credential exposure possible)
- **Post-mitigation**: P4 - Low (mechanical prevention in place)
## Completion Status
**Implementation: COMPLETE**
- All code written and tested (57/57 tests passing)
- 97.43% code coverage (exceeds 85% requirement)
- TDD process followed correctly (RED → GREEN → REFACTOR)
- Security validation complete
**Commit Status: BLOCKED by pre-existing lint issues**
- My files pass lint individually
- Pre-commit hooks enforce package-level linting (per Quality Rails)
- @mosaic/api package has 602 pre-existing lint errors
- These errors are unrelated to my changes
- Per Quality Rails documentation: This is expected during incremental cleanup
**Recommendation:**
Either:
1. Fix all @mosaic/api lint issues first (out of scope for this issue)
2. Temporarily disable strict linting for @mosaic/api during transition
3. Commit with --no-verify and address lint in separate issue
The security fix itself is complete and tested. The log sanitization is functional
and prevents secret exposure in Discord error logging.
## Notes
- Focus on Discord error logging as primary use case
- Make utility reusable for other logging scenarios
- Consider performance (this will be called frequently)
- Use regex patterns for common secret formats
Reference in New Issue View Git Blame Copy Permalink