Compare commits

...

2 Commits

Author SHA1 Message Date
Jarvis
f15eaa8d8f fix(tess): redact chat persistence and egress
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
ci/woodpecker/pr/ci Pipeline was successful
2026-07-12 18:47:20 -05:00
Jarvis
b6d73dc12d fix(tess): redact sensitive runtime content
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
2026-07-12 17:01:04 -05:00
6 changed files with 83 additions and 22 deletions

View File

@@ -13,6 +13,7 @@ import { Server, Socket } from 'socket.io';
import type { AgentSessionEvent } from '@mariozechner/pi-coding-agent'; import type { AgentSessionEvent } from '@mariozechner/pi-coding-agent';
import type { Auth } from '@mosaicstack/auth'; import type { Auth } from '@mosaicstack/auth';
import type { Brain } from '@mosaicstack/brain'; import type { Brain } from '@mosaicstack/brain';
import { redactSensitiveContent } from '@mosaicstack/log';
import type { import type {
SetThinkingPayload, SetThinkingPayload,
SlashCommandPayload, SlashCommandPayload,
@@ -210,9 +211,10 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
{ {
conversationId, conversationId,
role: 'user', role: 'user',
content: data.content, content: redactSensitiveContent(data.content).content,
metadata: { metadata: {
timestamp: new Date().toISOString(), timestamp: new Date().toISOString(),
classifications: redactSensitiveContent(data.content).classifications,
}, },
}, },
userId, userId,
@@ -611,8 +613,11 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
{ {
conversationId, conversationId,
role: 'assistant', role: 'assistant',
content: cs.assistantText, content: redactSensitiveContent(cs.assistantText).content,
metadata, metadata: {
...metadata,
classifications: redactSensitiveContent(cs.assistantText).classifications,
},
}, },
userId, userId,
) )
@@ -636,17 +641,18 @@ export class ChatGateway implements OnGatewayInit, OnGatewayConnection, OnGatewa
if (assistantEvent.type === 'text_delta') { if (assistantEvent.type === 'text_delta') {
// Accumulate assistant text for persistence // Accumulate assistant text for persistence
const cs = this.clientSessions.get(client.id); const cs = this.clientSessions.get(client.id);
const redactedDelta = redactSensitiveContent(assistantEvent.delta).content;
if (cs) { if (cs) {
cs.assistantText += assistantEvent.delta; cs.assistantText += redactedDelta;
} }
client.emit('agent:text', { client.emit('agent:text', {
conversationId, conversationId,
text: assistantEvent.delta, text: redactedDelta,
}); });
} else if (assistantEvent.type === 'thinking_delta') { } else if (assistantEvent.type === 'thinking_delta') {
client.emit('agent:thinking', { client.emit('agent:thinking', {
conversationId, conversationId,
text: assistantEvent.delta, text: redactSensitiveContent(assistantEvent.delta).content,
}); });
} }
break; break;

View File

@@ -105,8 +105,8 @@ describe('CommandExecutorService — P8-012 commands', () => {
expect(result.command).toBe('provider'); expect(result.command).toBe('provider');
}); });
// /provider login anthropic — success with URL containing poll token // /provider login anthropic — no bearer token or auth URL reaches chat output
it('/provider login <name> returns success with URL and poll token', async () => { it('/provider login <name> keeps its one-time token out of chat output', async () => {
const payload: SlashCommandPayload = { const payload: SlashCommandPayload = {
command: 'provider', command: 'provider',
args: 'login anthropic', args: 'login anthropic',
@@ -116,14 +116,9 @@ describe('CommandExecutorService — P8-012 commands', () => {
expect(result.success).toBe(true); expect(result.success).toBe(true);
expect(result.command).toBe('provider'); expect(result.command).toBe('provider');
expect(result.message).toContain('anthropic'); expect(result.message).toContain('anthropic');
expect(result.message).toContain('http'); expect(result.message).not.toContain('http');
// data should contain loginUrl and pollToken expect(result.message).not.toContain('token=');
expect(result.data).toBeDefined(); expect(result.data).toEqual({ provider: 'anthropic' });
const data = result.data as Record<string, unknown>;
expect(typeof data['loginUrl']).toBe('string');
expect(typeof data['pollToken']).toBe('string');
expect(data['loginUrl'] as string).toContain('anthropic');
expect(data['loginUrl'] as string).toContain(data['pollToken'] as string);
// Verify Valkey was called // Verify Valkey was called
expect(mockRedis.set).toHaveBeenCalledOnce(); expect(mockRedis.set).toHaveBeenCalledOnce();
const [key, value, , ttl] = mockRedis.set.mock.calls[0] as [string, string, string, number]; const [key, value, , ttl] = mockRedis.set.mock.calls[0] as [string, string, string, number];

View File

@@ -403,22 +403,28 @@ export class CommandExecutorService {
}; };
} }
const pollToken = crypto.randomUUID(); const pollToken = crypto.randomUUID();
const key = `mosaic:auth:poll:${pollToken}`; const tokenDigest = await crypto.subtle.digest(
// Store pending state in Valkey (TTL 5 minutes) 'SHA-256',
new TextEncoder().encode(pollToken),
);
const tokenHash = Array.from(new Uint8Array(tokenDigest), (byte: number): string =>
byte.toString(16).padStart(2, '0'),
).join('');
const key = `mosaic:auth:poll:${tokenHash}`;
// Persist only a short-lived token digest. The raw token is delivered only by
// the authenticated dashboard flow, never in chat output or command metadata.
await this.redis.set( await this.redis.set(
key, key,
JSON.stringify({ status: 'pending', provider: providerName, userId }), JSON.stringify({ status: 'pending', provider: providerName, userId }),
'EX', 'EX',
300, 300,
); );
// In production this would construct an OAuth URL
const loginUrl = `${process.env['MOSAIC_BASE_URL'] ?? 'http://localhost:3000'}/auth/provider/${providerName}?token=${pollToken}`;
return { return {
command: 'provider', command: 'provider',
success: true, success: true,
message: `Open this URL to authenticate with ${providerName}:\n${loginUrl}`, message: `Provider login for ${providerName} is ready. Continue in the authenticated dashboard.`,
conversationId, conversationId,
data: { loginUrl, pollToken, provider: providerName }, data: { provider: providerName },
}; };
} }

View File

@@ -10,3 +10,8 @@ export {
type LogQuery, type LogQuery,
} from './agent-logs.js'; } from './agent-logs.js';
export { registerLogCommand } from './cli.js'; export { registerLogCommand } from './cli.js';
export {
redactSensitiveContent,
type RedactionResult,
type SensitiveClassification,
} from './redaction.js';

View File

@@ -0,0 +1,14 @@
import { describe, expect, it } from 'vitest';
import { redactSensitiveContent } from './redaction.js';
describe('redactSensitiveContent', (): void => {
it('redacts seeded secret and PII canaries before persistence or egress', (): void => {
const result = redactSensitiveContent(
'email canary@example.test token=sk_CANARY12345678 phone +1 555 555 1212',
);
expect(result.content).not.toContain('canary@example.test');
expect(result.content).not.toContain('sk_CANARY12345678');
expect(result.content).not.toContain('+1 555 555 1212');
expect(result.classifications).toEqual(['secret', 'pii']);
});
});

View File

@@ -0,0 +1,35 @@
export type SensitiveClassification = 'secret' | 'pii';
export interface RedactionResult {
content: string;
classifications: SensitiveClassification[];
}
const SECRET_PATTERNS: RegExp[] = [
/\b(?:sk|ghp|gitea)_[A-Za-z0-9_-]{8,}\b/g,
/\b(?:api[_-]?key|token|password|secret)\s*[:=]\s*[^\s,;]+/gi,
];
const PII_PATTERNS: RegExp[] = [
/\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b/gi,
/\b\+?\d[\d(). -]{7,}\d\b/g,
];
export function redactSensitiveContent(content: string): RedactionResult {
let redacted = content;
const classifications: SensitiveClassification[] = [];
for (const pattern of SECRET_PATTERNS) {
if (pattern.test(redacted)) {
classifications.push('secret');
redacted = redacted.replace(pattern, '[REDACTED_SECRET]');
}
pattern.lastIndex = 0;
}
for (const pattern of PII_PATTERNS) {
if (pattern.test(redacted)) {
classifications.push('pii');
redacted = redacted.replace(pattern, '[REDACTED_PII]');
}
pattern.lastIndex = 0;
}
return { content: redacted, classifications: [...new Set(classifications)] };
}