PRD: LOG_FULL egress logging credential redaction #264

Merged

didericis merged 2 commits from fix-log-full-credential-redaction into main

2026-06-25 00:47:06 -04:00

Author	SHA1	Message	Date
didericis-codex	e7dacf7d86	fix: satisfy pyright for log redaction tests test / integration (pull_request) Successful in 29s Details prd-number / assign-numbers (push) Successful in 1m6s Details Update Quality Badges / update-badges (push) Successful in 1m40s Details test / unit (pull_request) Successful in 52s Details lint / lint (push) Successful in 2m20s Details test / unit (push) Successful in 50s Details test / integration (push) Successful in 27s Details	2026-06-25 00:32:42 -04:00
didericis-claude	9b929d0684	fix(egress): strip injected Authorization and redact bodies in LOG_FULL path _log_request and _log_response wrote headers and bodies to stderr verbatim. _log_request also included the sidecar-injected upstream Authorization value, exposing live bearer tokens on every allowed request under LOG_FULL. Apply redact_tokens to all header values and bodies in both log functions; exclude the authorization header from _log_request entirely since its value is always a live sidecar-injected credential by the time _log_request runs. Closes #257	2026-06-25 00:32:42 -04:00