feat(tess): add safe runtime observability #726
Reference in New Issue
Block a user
Delete Branch "feat/tess-observability-terra"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Refs #707
Task: TESS-M1-OBS-001
Adds metadata-only durable runtime/provider/tool audit records with correlation and latency/error codes, liveness/readiness, and credential-safe provider operational status. Resource identifiers are hashed before durable audit persistence.
Verification: pnpm typecheck, pnpm lint, pnpm format:check, pnpm test.
VERIFIED APPROVE reviewer-of-record [W-jarvis:reviewer] head
adfa5c0697Evidence:
adfa5c0697512853cafc7c442ec08b125a1f3e30.ci/woodpecker/pr/cipipeline 1720 success.RuntimeProviderServicestill awaits the requested audit record before provider lookup/capability/provider invocation, and the regression test verifies provider send is not called when audit persistence rejects.createRuntimeAuditLogEntry(): explicit allowlist only, content fixed toruntime.provider.audit, no message bodies, tool args/output, credentials, or approval refs. Provider resource IDs are always SHA-256 hashed before persistence/log emission, with canary tests proving raw resource secret material is absent.policy_denied, provider failures recordprovider_errorwithout provider error detail.provider_unavailable, no endpoints/credentials/request content/error detail are returned, and/health/readyreturns only readiness status.git diff --checkclean; no credential material or secret values in the PR diff beyond explicit canary test strings.adfa5c0697to53f5414131VERIFIED APPROVE reviewer-of-record [W-jarvis:reviewer] head
53f5414131Evidence:
53f541413182a25a0edfd2758911a89eba16fe7c.adfa5c0697512853cafc7c442ec08b125a1f3e30discarded after head move; this is a fresh ROR on the new head.ci/woodpecker/pr/cipipeline 1723 success.@mosaicstack/logbarrel exports: redaction (redactSensitiveContent,RedactionResult,SensitiveClassification) and runtime audit (createRuntimeAuditLogEntry,RuntimeAuditEvent,RuntimeAuditErrorCode,RuntimeAuditOperation,RuntimeAuditOutcome).provider_unavailable, readiness returns only status, and no endpoint/credential/request content/provider error detail is exposed.git diff --checkclean; no credential material in diff beyond canary test strings.