Skip to content

fix(logs): redact RPC payload from PII-leaking attestor logs#76

Merged
LaithAlebrahim merged 1 commit into
mainfrom
fix-pii
Apr 30, 2026
Merged

fix(logs): redact RPC payload from PII-leaking attestor logs#76
LaithAlebrahim merged 1 commit into
mainfrom
fix-pii

Conversation

@LaithAlebrahim
Copy link
Copy Markdown
Contributor

@LaithAlebrahim LaithAlebrahim commented Apr 30, 2026
edited by coderabbitai Bot
Loading

Description

Testing (ignore for documentation update)

Type of change

  • Bug fix
  • New feature
  • Breaking change
  • Documentation update

Checklist:

Additional Notes:

Summary by CodeRabbit

  • Chores
    • Improved logging output clarity by streamlining verbose information and focusing on essential details
    • Optimized debug logging to report only necessary metrics and structured fields instead of full data payloads
    • Enhanced log structure to provide more targeted and actionable information for monitoring

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 30, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 30, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Both files have logging adjustments: one refactors RPC request logging to use structured fields instead of full payloads, the other reduces HTTP transcript logging to report only byte lengths instead of full base64 content.

Changes

Cohort / File(s) Summary
RPC Request Logging
src/external-rpc/handle-incoming-msg.ts		 Refactored logging for incoming RPC messages: warning for missing request ID now includes only request type; info log restructured to report reqId, type, and optional module and channel fields instead of full request object.
HTTP Transcript Logging
src/providers/http/index.ts		 Changed debug logging to report only byte lengths of base64-encoded client/server transcripts instead of full encoded content; uses consistent message label 'http transcript captured'.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Hop and twitch, the logs now shine so bright,
No base64 dreams to cloud the night,
Just the fields we need in structured delight,
Cleaner tracking makes everything right!
Thump!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'fix(logs): redact RPC payload from PII-leaking attestor logs' accurately describes the main changes in the PR, which involve redacting sensitive request payloads from logs to prevent PII leakage.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix-pii

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 0/1 reviews remaining, refill in 60 minutes.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (2)
src/external-rpc/handle-incoming-msg.ts (1)

64-76: ⚡ Quick win

The missing-ID warning is unreachable with the current guard order.

if(!reqId || !reqType) return prevents Line 74 from ever executing, so the warning never fires. Split the checks so missing IDs are still logged.

Proposed diff 
-	if(!reqId || !reqType) {
+	if(!reqType) {
 		return
 	}
@@
 	if(!reqId) {
 		logger.warn({ type: req.type }, 'Window RPC request missing ID')
 		return
 	}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/external-rpc/handle-incoming-msg.ts` around lines 64 - 76, The early
return "if(!reqId || !reqType) return" makes the logger.warn for missing IDs
unreachable; change the guard order so you first check reqType (return if
missing), then call RPC_MSG_BRIDGE.dispatch(req), then ignore response messages
(if req.isResponse return), and only after that check if(!reqId) and call
logger.warn({ type: req.type }, 'Window RPC request missing ID') before
returning — update the checks around reqId/reqType and the dispatch/isResponse
logic in handle-incoming-msg.ts accordingly.
src/providers/http/index.ts (1)

439-445: ⚡ Quick win

Avoid base64-encoding full transcripts just to log sizes.

This still materializes full transcript content in memory (encodeBase64(...)) before logging only length. Compute byte counts directly from chunks to reduce sensitive-data handling and memory overhead.

Proposed diff 
-			const clientTranscript = encodeBase64(concatenateUint8Arrays(clientMsgs))
-			const serverTranscript = encodeBase64(concatenateUint8Arrays(serverMsgs))
+			const requestBytes = clientMsgs.reduce((n, chunk) => n + chunk.length, 0)
+			const responseBytes = serverMsgs.reduce((n, chunk) => n + chunk.length, 0)

 			logger.debug({
-				requestBytes: clientTranscript.length,
-				responseBytes: serverTranscript.length,
+				requestBytes,
+				responseBytes,
 			}, 'http transcript captured')
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/providers/http/index.ts` around lines 439 - 445, The code builds full
base64 transcripts via
encodeBase64(concatenateUint8Arrays(clientMsgs/serverMsgs)) only to log lengths,
which materializes sensitive data and wastes memory; instead compute total byte
counts by summing the byteLength (or .length for raw Uint8Array chunks) of each
element in clientMsgs and serverMsgs and pass those totals to logger.debug as
requestBytes/responseBytes, removing the encodeBase64 and concatenateUint8Arrays
calls in this logging path (change references around
clientTranscript/serverTranscript to use the computed totals and keep
logger.debug usage the same).
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/external-rpc/handle-incoming-msg.ts`:
- Around line 64-76: The early return "if(!reqId || !reqType) return" makes the
logger.warn for missing IDs unreachable; change the guard order so you first
check reqType (return if missing), then call RPC_MSG_BRIDGE.dispatch(req), then
ignore response messages (if req.isResponse return), and only after that check
if(!reqId) and call logger.warn({ type: req.type }, 'Window RPC request missing
ID') before returning — update the checks around reqId/reqType and the
dispatch/isResponse logic in handle-incoming-msg.ts accordingly.

In `@src/providers/http/index.ts`:
- Around line 439-445: The code builds full base64 transcripts via
encodeBase64(concatenateUint8Arrays(clientMsgs/serverMsgs)) only to log lengths,
which materializes sensitive data and wastes memory; instead compute total byte
counts by summing the byteLength (or .length for raw Uint8Array chunks) of each
element in clientMsgs and serverMsgs and pass those totals to logger.debug as
requestBytes/responseBytes, removing the encodeBase64 and concatenateUint8Arrays
calls in this logging path (change references around
clientTranscript/serverTranscript to use the computed totals and keep
logger.debug usage the same).
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0866e7b9-0f9f-4a8d-aaab-a9df9005c533

📥 Commits

Reviewing files that changed from the base of the PR and between 23a0579 and fa4c254.

📒 Files selected for processing (2)
  • src/external-rpc/handle-incoming-msg.ts
  • src/providers/http/index.ts

@promptless
Copy link
Copy Markdown

promptless Bot commented Apr 30, 2026

Promptless prepared a documentation update related to this change.

Triggered by PR #76

Added a changelog entry documenting the security enhancement that sanitizes attestor logs to prevent PII leakage by logging only request metadata (ID, type, module, channel) and transcript byte lengths instead of full RPC payloads and HTTP transcript contents.

Review: Add changelog entry for attestor-core PII log redaction

@LaithAlebrahim LaithAlebrahim merged commit f32cbd6 into main Apr 30, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Scratch-net Scratch-net Scratch-net approved these changes

+1 more reviewer

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LaithAlebrahim @CLAassistant @Scratch-net