update task documentation#2
Conversation
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f9c548b6ee
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if os.IsNotExist(err) { | ||
| return result, nil | ||
| } |
There was a problem hiding this comment.
VerifyFile currently returns a passing result when os.Open fails with os.IsNotExist, so both futrix-audit-verify and VerifyBundle can report success even when audit-log.jsonl is absent. This makes the audit-chain proof optional in practice (e.g., a bundle with no audit file still passes), which undermines the primary integrity check and can let incomplete evidence be accepted.
Useful? React with 👍 / 👎.
| value, ok := row[col] | ||
| if !ok { | ||
| return false, fmt.Sprintf("masked column %q missing from row", col), nil |
There was a problem hiding this comment.
verifyMaskedQuery only checks top-level keys via row[col], but MaskRows can emit dotted paths (for nested fields) in maskedColumns and mask values in nested objects. With a valid masked row like { "user": { "email": "masked:..." } } and maskedColumns=["user.email"], verification fails as “missing from row,” causing false negatives for legitimate nested exports.
Useful? React with 👍 / 👎.
1 participant
Background
Solution
Affected Files
.gitignoreCONTRIBUTING.mdLICENSENOTICEREADME.mdSECURITY.mdcmd/futrix-audit-verify/main.gocmd/futrix-evidence-verify/main.godocs/agent-protocol.mddocs/assets/futrix-security-package-flow.svgdocs/assurance-matrix.mddocs/audit-chain.md