Implement log filter middleware to redact sensitive information from agent I/O before it reaches logs or the knowledge base.
Deliverables:
security/log_filter.py — Middleware with 7+ regex patterns for PII/secret redaction
specs/security.yaml — SDD spec with patterns and apply points
Patterns (from plan.html):
- Bearer tokens
- API keys
- Passwords
- Email addresses
- Database connection URLs (postgresql, mongodb, redis)
- JWT tokens
Apply points:
- Log outputs
- Intermediate sub-agent outputs
- KB inserts
Constraints:
- Plugs into deepagent middleware as a tool-call wrapper
- All tool args and results pass through filter before logging/KB insertion
- Zero false positives on legitimate code content
Closes #(this)
Implement log filter middleware to redact sensitive information from agent I/O before it reaches logs or the knowledge base.
Deliverables:
security/log_filter.py— Middleware with 7+ regex patterns for PII/secret redactionspecs/security.yaml— SDD spec with patterns and apply pointsPatterns (from plan.html):
Apply points:
Constraints:
Closes #(this)