Skip to content

M7: Security Filter — PII/secret redaction middleware #5

Description

@admin-init

Implement log filter middleware to redact sensitive information from agent I/O before it reaches logs or the knowledge base.

Deliverables:

  1. security/log_filter.py — Middleware with 7+ regex patterns for PII/secret redaction
  2. specs/security.yaml — SDD spec with patterns and apply points

Patterns (from plan.html):

  • Bearer tokens
  • API keys
  • Passwords
  • Email addresses
  • Database connection URLs (postgresql, mongodb, redis)
  • JWT tokens

Apply points:

  • Log outputs
  • Intermediate sub-agent outputs
  • KB inserts

Constraints:

  • Plugs into deepagent middleware as a tool-call wrapper
  • All tool args and results pass through filter before logging/KB insertion
  • Zero false positives on legitimate code content

Closes #(this)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions