stack/docs/scratchpads at e3479aeffd36041ab71ecc6421c2dd97d0c75703 - stack - Mosaic Gitea

mosaic/stack

Files

History

Jason Woltje e3479aeffd fix(#188 ): sanitize Discord error logs to prevent secret exposure

P1 SECURITY FIX - Prevents credential leakage through error logs

Changes:
1. Created comprehensive log sanitization utility (log-sanitizer.ts)
   - Detects and redacts API keys, tokens, passwords, emails
   - Deep object traversal with circular reference detection
   - Preserves Error objects and non-sensitive data
   - Performance optimized (<100ms for 1000+ keys)

2. Integrated sanitizer into Discord service error logging
   - All error logs automatically sanitized before Discord broadcast
   - Prevents bot tokens, API keys, passwords from being exposed

3. Comprehensive test suite (32 tests, 100% passing)
   - Tests all sensitive pattern detection
   - Verifies deep object sanitization
   - Validates performance requirements

Security Patterns Redacted:
- API keys (sk_live_*, pk_test_*)
- Bearer tokens and JWT tokens
- Discord bot tokens
- Authorization headers
- Database credentials
- Email addresses
- Environment secrets
- Generic password patterns

Test Coverage: 97.43% (exceeds 85% requirement)

Fixes #188

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-02 12:24:29 -06:00

..

1-project-scaffold.md

feat(#1 ): Set up monorepo scaffold with pnpm workspaces + TurboRepo

2026-01-28 13:31:33 -06:00

2-postgresql-pgvector-schema.md

feat(#2 ): Implement PostgreSQL 17 + pgvector database schema

2026-01-28 16:06:34 -06:00

3-prisma-orm-setup.md

feat(#3 ): Add comprehensive tests and improve Prisma seed script

2026-01-28 16:24:25 -06:00

4-authentik-oidc-final-status.md

feat(#4 ): Implement Authentik OIDC authentication with BetterAuth

2026-01-28 17:26:34 -06:00

4-authentik-oidc.md

feat(#4 ): Implement Authentik OIDC authentication with BetterAuth

2026-01-28 17:26:34 -06:00

5-crud-apis.md

feat(#5 ): Implement CRUD APIs for tasks, events, and projects

2026-01-28 18:43:12 -06:00

6-basic-web-ui.md

feat(#37-41): Add domains, ideas, relationships, agents, widgets schema

2026-01-29 12:29:21 -06:00

7-8-type-safety-fixes.md

feat(#37-41): Add domains, ideas, relationships, agents, widgets schema

2026-01-29 12:29:21 -06:00

7-activity-logging.md

feat(#37-41): Add domains, ideas, relationships, agents, widgets schema

2026-01-29 12:29:21 -06:00

8-docker-compose.md

feat(#37-41): Add domains, ideas, relationships, agents, widgets schema

2026-01-29 12:29:21 -06:00

36-traefik-integration.md

feat(#37-41): Add domains, ideas, relationships, agents, widgets schema

2026-01-29 12:29:21 -06:00

122-llm-provider-interface.md

feat(#122 ): create LLM provider interface

2026-01-31 11:38:38 -06:00

123-ollama-provider.md

feat(#123 ): port Ollama LLM provider

2026-01-31 12:10:43 -06:00

126-llm-manager-service.md

feat(#126 ): create LLM Manager Service

2026-01-31 12:22:14 -06:00

128-llm-provider-schema.md

feat(#128 ): add LlmProviderInstance Prisma schema

2026-01-31 11:57:40 -06:00

143-validate-50-percent-rule.md

test(#143 ): Validate 50% rule prevents context exhaustion

2026-02-01 17:56:04 -06:00

149-test-rejection-loop.md

fix(#180 ): Update pnpm to 10.27.0 in Dockerfiles

2026-02-01 20:52:43 -06:00

150-orchestration-loop.md

docs(#150 ): Add scratchpad for orchestration loop implementation

2026-02-01 20:22:07 -06:00

155-context-monitor.md

fix(#180 ): Update pnpm to 10.27.0 in Dockerfiles

2026-02-01 20:52:43 -06:00

157-webhook-receiver.md

fix(#180 ): Update pnpm to 10.27.0 in Dockerfiles

2026-02-01 20:52:43 -06:00

158-issue-parser.md

fix(#180 ): Update pnpm to 10.27.0 in Dockerfiles

2026-02-01 20:52:43 -06:00

163-bullmq-dependencies.md

feat(#163 ): Add BullMQ dependencies

2026-02-01 20:56:45 -06:00

164-database-schema-jobs.md

feat(#167 ): Implement Runner jobs CRUD and queue submission

2026-02-01 21:09:03 -06:00

165-bullmq-module-setup.md

feat(#165 ): Implement BullMQ module setup

2026-02-01 21:01:25 -06:00

166-stitcher-module.md

feat(#167 ): Implement Runner jobs CRUD and queue submission

2026-02-01 21:09:03 -06:00

167-runner-jobs-crud.md

feat(#168 ): Implement job steps tracking

2026-02-01 21:16:23 -06:00

168-job-steps-tracking.md

feat(#168 ): Implement job steps tracking

2026-02-01 21:16:23 -06:00

169-job-events-audit.md

feat(#168 ): Implement job steps tracking

2026-02-01 21:16:23 -06:00

170-discord-bridge.md

feat(#170 ): Implement mosaic-bridge module for Discord

2026-02-01 21:26:40 -06:00

171-command-parser.md

feat(#171 ): Implement chat command parsing

2026-02-01 21:32:53 -06:00

172-herald-status.md

feat(#172 ): Implement Herald status updates

2026-02-01 21:42:44 -06:00

173-websocket-gateway.md

feat(#173 ): Implement WebSocket gateway for job events

2026-02-01 21:22:41 -06:00

174-sse-endpoint.md

docs(#162 ): Finalize M4.2-Infrastructure token tracking report

2026-02-02 08:18:55 -06:00

175-e2e-harness.md

feat(#175 ): Implement E2E test harness

2026-02-01 21:44:04 -06:00

176-coordinator-integration.md

feat(#176 ): Integrate M4.2 infrastructure with M4.1 coordinator

2026-02-01 21:54:34 -06:00

179-security-nodejs-deps.md

fix(#179 ): Update vulnerable Node.js dependencies

2026-02-01 20:54:25 -06:00

180-security-pnpm-dockerfiles.md

feat(#167 ): Implement Runner jobs CRUD and queue submission

2026-02-01 21:09:03 -06:00

181-security-go-stdlib-postgres.md

fix(#181 ): Update Alpine packages to patch Go stdlib vulnerabilities in postgres image

2026-02-01 20:54:57 -06:00

182-fix-prisma-enum-tests.md

fix(#182 ): fix Prisma enum import in job-steps tests

2026-02-02 11:41:11 -06:00

183-remove-hardcoded-workspace-id.md

fix(#183 ): remove hardcoded workspace ID from Discord service

2026-02-02 11:41:38 -06:00

184-add-coordinator-auth.md

fix(#184 ): add authentication to coordinator integration endpoints

2026-02-02 11:52:41 -06:00

185-fix-herald-error-handling.md

fix(#185 ): fix silent error swallowing in Herald broadcasting

2026-02-02 11:47:11 -06:00

186-add-dto-validation.md

fix(#186 ): add comprehensive input validation to webhook and job DTOs

2026-02-02 12:22:11 -06:00

188-sanitize-discord-logs.md

fix(#188 ): sanitize Discord error logs to prevent secret exposure

2026-02-02 12:24:29 -06:00

190-fix-mermaid-xss.md

fix(#190 ): fix XSS vulnerability in Mermaid rendering

2026-02-02 12:03:36 -06:00

192-fix-cors-configuration.md

fix(#192 ): fix CORS configuration for cookie-based authentication

2026-02-02 12:13:17 -06:00

security-fixes-activity-api.md

feat(#37-41): Add domains, ideas, relationships, agents, widgets schema

2026-01-29 12:29:21 -06:00