Skip to content

Add evidence redaction and log integrity#10

Merged
haasonsaas merged 1 commit into
mainfrom
codex/security-redaction-integrity
May 26, 2026
Merged

Add evidence redaction and log integrity#10
haasonsaas merged 1 commit into
mainfrom
codex/security-redaction-integrity

Conversation

@haasonsaas
Copy link
Copy Markdown
Contributor

@haasonsaas haasonsaas commented May 26, 2026

Summary

  • redact common token/password/API-key shapes before evidence events are written to JSONL
  • add per-event sequence numbers plus SHA-256 previous-hash/event-hash chaining
  • surface log-integrity verification in proof JSON, Markdown, and HTML artifacts
  • add regression tests for redaction, tamper detection, and proof-level integrity

Test plan

  • git diff --check
  • cargo test --test security_evidence -- --nocapture
  • cargo fmt -- --check
  • cargo clippy --all-targets --all-features -- -D warnings
  • cargo test
  • cargo build --release
  • cargo test --test e2e_tmux -- --ignored --nocapture

Smoke coverage

  • tmux-backed end-to-end run generated proof artifacts with Log integrity: verified
  • HTML proof artifact includes the verified log-integrity badge/metadata
  • process hygiene checked after tmux smoke; no lingering tmux sessions

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 26, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedsha2@​0.10.910010093100100

View full report

haasonsaas
haasonsaas commented May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@haasonsaas haasonsaas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review pass completed on the current PR head.

What I checked:

  • Evidence writes now redact common secret-like values before JSONL persistence, including send keys, exec argv, policy command text, observations, and git snapshots.
  • Event sequencing and previous-hash/event-hash chaining are computed while holding the append lock, so concurrent appenders cannot race the chain.
  • Proof bundles surface log-integrity status in JSON, Markdown, and HTML, and the tmux smoke artifacts show Log integrity: verified.
  • Regression coverage includes redaction, tamper detection, proof integrity, full cargo integration coverage, and the ignored tmux black-box harness.

Residual caveat: redaction is intentionally heuristic for common agent secret shapes, not a full DLP engine. That is documented by the wording in README and should be expanded later with configurable redaction policy.

Verification run:

  • git diff --check
  • cargo test --test security_evidence -- --nocapture
  • cargo fmt -- --check
  • cargo clippy --all-targets --all-features -- -D warnings
  • cargo test
  • cargo build --release
  • cargo test --test e2e_tmux -- --ignored --nocapture
  • gh pr checks 10 --repo evalops/agent-pty

No blocking findings.

@haasonsaas haasonsaas merged commit 0b97c80 into main May 26, 2026
3 checks passed
@haasonsaas haasonsaas deleted the codex/security-redaction-integrity branch May 26, 2026 07:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@haasonsaas