fix(honcho): scrub private runtime log payloads #375

Merged

pdurlej merged 1 commit from codex/domain/honcho-log-privacy into main

2026-05-18 23:18:31 +02:00

codex commented

2026-05-18 19:03:05 +02:00

Collaborator

Canary status: missing - security-sensitive Honcho log privacy guard; require full review/checks before merge

Canary Context Pack

Product story

During the 2026-05-18 Gemma/Ollama soak, Honcho logs exposed raw memory/tool-result content during a timeout path. The temporary runtime mitigation was HONCHO_LOG_LEVEL=WARNING, but the platform needs a durable boundary so future Honcho deploys cannot regress into raw private payload logging.

What changed

Routes honcho-api and honcho-deriver stdout/stderr through scripts/honcho/honcho_log_sanitize_exec.py before output reaches Docker logs.
Sets the Honcho compose log-level default to WARNING while keeping the sanitizer as the actual privacy boundary.
Adds scripts/honcho/check_honcho_log_privacy.py for synthetic marker/log checks.
Adds tests proving JSON/private payload fields and secret-shaped values are redacted while metadata survives.
Documents verification and rollback in the Honcho Gemma/Ollama runbook and closeout plan.

Why it changed

Config-only mitigation is fragile. The entrypoint wrapper provides a platform-owned guard even when the upstream app or provider client emits raw prompt/memory/tool payloads.

Files touched

compose/apps/compose.yaml
scripts/honcho/honcho_log_sanitize_exec.py
scripts/honcho/check_honcho_log_privacy.py
tests/test_honcho_log_privacy.py
runbooks/honcho-ollama-gemma-switch.md
state/cutover/honcho-closeout-plan.md

Relevant context

Issue #371: Honcho raw memory/tool-result content in runtime logs.
Honcho closeout plan H3: durable log privacy PR; config-only is not enough.
Current LLM switch keeps embeddings on OpenAI; this PR does not alter provider or embedding config.

Runtime evidence

No production mutation was performed by this PR. Runtime evidence before this fork remained green: Honcho API/Deriver healthy, 0 unhealthy containers, and no deploy-runner pickup regression. This PR should be deployed through the normal control-plane smoke path after merge.

Known constraints

The platform repo does not contain Honcho application source. The durable control available here is the compose entrypoint boundary plus metadata-only verification tooling.

Explicit out-of-scope

Changing Honcho provider/model behavior.
Switching embeddings or #357 work.
Closing #359.
Running production apply/recreate before merge.
Quoting raw prompts, messages, memory, email, transcript, or tool output in evidence.

Requested decision

Approve and merge the platform-side log privacy guard. After merge, run sequential Honcho no-op applies/smokes and then close #371 only if the runtime log privacy checker passes.

Merge blockers

Sanitizer breaks Honcho startup or signal handling.
Checker produces likely false positives on normal redacted logs.
Review finds a simpler source-level Honcho fix already available in this repo.

Spec sources read

Issue #371 body - acceptance criteria and incident context.
state/cutover/honcho-closeout-plan.md - H3 closeout requirements.
runbooks/honcho-ollama-gemma-switch.md - deploy/verification/rollback contract.
compose/apps/compose.yaml - Honcho entrypoints and log-level configuration.

Validation

python3 -m py_compile scripts/honcho/honcho_log_sanitize_exec.py scripts/honcho/check_honcho_log_privacy.py - pass.
python3 -m pytest tests/test_honcho_log_privacy.py -q - 4 passed.
Pure-worktree compose contract parse with PyYAML - pass.
Synthetic sanitizer/checker pipeline with private markers - pass.

Refs #371

Canary status: missing - security-sensitive Honcho log privacy guard; require full review/checks before merge ## Canary Context Pack ### Product story During the 2026-05-18 Gemma/Ollama soak, Honcho logs exposed raw memory/tool-result content during a timeout path. The temporary runtime mitigation was `HONCHO_LOG_LEVEL=WARNING`, but the platform needs a durable boundary so future Honcho deploys cannot regress into raw private payload logging. ### What changed - Routes `honcho-api` and `honcho-deriver` stdout/stderr through `scripts/honcho/honcho_log_sanitize_exec.py` before output reaches Docker logs. - Sets the Honcho compose log-level default to `WARNING` while keeping the sanitizer as the actual privacy boundary. - Adds `scripts/honcho/check_honcho_log_privacy.py` for synthetic marker/log checks. - Adds tests proving JSON/private payload fields and secret-shaped values are redacted while metadata survives. - Documents verification and rollback in the Honcho Gemma/Ollama runbook and closeout plan. ### Why it changed Config-only mitigation is fragile. The entrypoint wrapper provides a platform-owned guard even when the upstream app or provider client emits raw prompt/memory/tool payloads. ### Files touched - `compose/apps/compose.yaml` - `scripts/honcho/honcho_log_sanitize_exec.py` - `scripts/honcho/check_honcho_log_privacy.py` - `tests/test_honcho_log_privacy.py` - `runbooks/honcho-ollama-gemma-switch.md` - `state/cutover/honcho-closeout-plan.md` ### Relevant context - Issue #371: Honcho raw memory/tool-result content in runtime logs. - Honcho closeout plan H3: durable log privacy PR; config-only is not enough. - Current LLM switch keeps embeddings on OpenAI; this PR does not alter provider or embedding config. ### Runtime evidence No production mutation was performed by this PR. Runtime evidence before this fork remained green: Honcho API/Deriver healthy, 0 unhealthy containers, and no deploy-runner pickup regression. This PR should be deployed through the normal control-plane smoke path after merge. ### Known constraints The platform repo does not contain Honcho application source. The durable control available here is the compose entrypoint boundary plus metadata-only verification tooling. ### Explicit out-of-scope - Changing Honcho provider/model behavior. - Switching embeddings or #357 work. - Closing #359. - Running production apply/recreate before merge. - Quoting raw prompts, messages, memory, email, transcript, or tool output in evidence. ### Requested decision Approve and merge the platform-side log privacy guard. After merge, run sequential Honcho no-op applies/smokes and then close #371 only if the runtime log privacy checker passes. ### Merge blockers - Sanitizer breaks Honcho startup or signal handling. - Checker produces likely false positives on normal redacted logs. - Review finds a simpler source-level Honcho fix already available in this repo. ## Spec sources read - Issue #371 body - acceptance criteria and incident context. - `state/cutover/honcho-closeout-plan.md` - H3 closeout requirements. - `runbooks/honcho-ollama-gemma-switch.md` - deploy/verification/rollback contract. - `compose/apps/compose.yaml` - Honcho entrypoints and log-level configuration. ## Validation - `python3 -m py_compile scripts/honcho/honcho_log_sanitize_exec.py scripts/honcho/check_honcho_log_privacy.py` - pass. - `python3 -m pytest tests/test_honcho_log_privacy.py -q` - 4 passed. - Pure-worktree compose contract parse with PyYAML - pass. - Synthetic sanitizer/checker pipeline with private markers - pass. Refs #371

codex added 1 commit

2026-05-18 19:03:05 +02:00

fix(honcho): scrub private runtime log payloads

base-is-main / guard (pull_request) Successful in 1s

Details

canary-required / collect-diff (pull_request) Successful in 4s

Details

patchwarden-pr-sanity / collect-diff (pull_request) Successful in 4s

Details

platformctl plan / auto-apply scope (pull_request) Successful in 21s

Details

python-ci / Python 3.11 (pull_request) Successful in 38s