fix(memory): redact source tag debug identifiers

[senamakel]

Summary

• Redacts memory source identifiers before writing the source-tag seeding debug log.
• Keeps the existing path_scope boolean in the log so scoped tag debugging still works.
• Follows up on the CodeRabbit privacy note from merged PR fix(memory): group selector ingests by source scope #3264.

Problem

• PR fix(memory): group selector ingests by source scope #3264 fixed selector-based memory source identity, but its new debug log could print raw source_id / source_scope values.
• Some source identifiers can contain PII, such as Gmail email addresses, so debug output should not emit them unredacted.

Solution

• Wrap meta.source_id and source_scope with the existing memory redact() helper before logging.
• Leave tag seeding behavior unchanged; only the debug output values are sanitized.

Submission Checklist

If a section does not apply to this change, mark the item as N/A with a one-line reason. Do not delete items.

• Tests added or updated (happy path + at least one failure / edge case) per Testing Strategy — N/A: log redaction only; existing scoped compose regression was rerun.
• Diff coverage ≥ 80% — changed lines (Vitest + cargo-llvm-cov merged via diff-cover) meet the gate enforced by .github/workflows/pr-ci.yml. Run pnpm test:coverage and pnpm test:rust locally; PRs below 80% on changed lines will not merge.
• Coverage matrix updated — N/A: logging-only privacy fix.
• All affected feature IDs from the matrix are listed in the PR description under ## Related — N/A: no matrix feature row changed.
• No new external network dependencies introduced (mock backend used per Testing Strategy)
• Manual smoke checklist updated if this touches release-cut surfaces (docs/RELEASE-MANUAL-SMOKE.md) — N/A: no release-cut/manual smoke surface changed.
• Linked issue closed via Closes #NNN in the ## Related section — N/A: follow-up to PR review, no standalone issue.

Impact

• Security/privacy: reduces PII leakage risk in memory debug logs.
• Runtime behavior: no ingestion, tag, graph, archive, or migration behavior change.
• Compatibility: backwards compatible; only log argument formatting changed.

Related

• Closes: N/A
• Follow-up PR(s)/TODOs: Follows fix(memory): group selector ingests by source scope #3264

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Keep this section for AI-authored PRs. For human-only PRs, mark each field N/A.

Linear Issue

• Key: N/A
• URL: N/A

Commit & Branch

• Branch: fix/memory-redact-source-debug-log
• Commit SHA: 60bed918

Validation Run

• pnpm --filter openhuman-app format:check — passed via pre-push hook
• pnpm typecheck — passed via pre-push hook (pnpm compile)
• Focused tests: GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml --lib openhuman::memory_store::content::compose::tests::compose_persists_path_scope_and_seeds_scoped_source_tag -- --nocapture
• Rust fmt/check (if changed): git diff --check; Rust fmt/check passed via pre-push hook
• Tauri fmt/check (if changed): passed via pre-push hook

Validation Blocked

• command: N/A
• error: N/A
• impact: N/A

Behavior Changes

• Intended behavior change: debug log source identifiers are redacted before emission.
• User-visible effect: none.

Parity Contract

• Legacy behavior preserved: source tag seeding and path_scope fallback behavior are unchanged.
• Guard/fallback/dispatch parity checks: existing compose regression test still passes.

Duplicate / Superseded PR Handling

• Duplicate PR(s): N/A
• Canonical PR: this PR
• Resolution (closed/superseded/updated): N/A

Summary by CodeRabbit

• Bug Fixes
  • Improved security by redacting sensitive identifiers from debug logs to prevent exposure of sensitive data in log output.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 71a3366f-5346-4e2f-883a-fea4562a9250

📥 Commits

Reviewing files that changed from the base of the PR and between 5f60b54 and 60bed91.

📒 Files selected for processing (1)

• src/openhuman/memory_store/content/compose.rs

---

📝 Walkthrough

Walkthrough

This PR updates debug logging in build_front_matter to redact source identifiers before output. The change applies redact(...) to both meta.source_id and source_scope in a debug log statement reporting seeded Obsidian tags.

Changes

Logging Redaction

Layer / File(s)	Summary
Redact source tags in debug output src/openhuman/memory_store/content/compose.rs	Debug log for seeded source/<slug> tags now redacts meta.source_id and source_scope before logging instead of outputting raw identifiers.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A rabbit hops through logs so bright,
Redacting secrets left and right,
No source IDs revealed in sight,
Privacy guarded, oh what a delight! 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: redacting source tag debug identifiers in memory logs.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[senamakel]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.