Avoid sensitive user context in WTA logs#261
Merged
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adjusts WTA delegate logging in tools/wta to avoid emitting the current working directory (cwd) at default log levels, moving that path to the existing trace-gated delegate.content channel to reduce PII exposure in shipped (info) logs.
Changes:
- In
run_delegate, removecwdfrom theinfo!log and include it only in thedelegate.contenttrace!log. - In
delegate_with_context, removecwdfrom thedebug!log (leavingcwdonly in thedelegate.contenttrace!log alongside the command line).
run_delegate logged cwd at info! level. cwd is a filesystem path carrying the Windows username and folder names, so it is personal data, yet info is the shipped release default. Move cwd onto the existing trace-only delegate.content channel so nothing personal lands in wta-delegate.log at the default filter; the info line keeps only prompt_chars and the agent command name. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
vanzue
force-pushed
the
dev/vanzue/log-cwd-trace-only
branch
from
27e904d to
9fa16d7
Compare
Addresses Copilot review on PR #261: the delegate path was not the only default-level cwd leak. run_delegate's acp_load_session, app.rs dispatch_resume / dispatch_resume_in_agent_pane (agents_view) and the inbound load_session handler, plus master's new_session, all emitted the full cwd path at info!/warn! — which the shipped info filter writes. Each default-level line now logs has_cwd (a bool) instead of the path; the full cwd moves to a sibling trace! on the matching *.content target (delegate.content / acp_load_session.content / agents_view.content / master.content), consistent with the repo convention that user/agent content only lands at trace. debug!-level cwd logs (coordinator_log, acp_log_built_prompt) are left as-is since debug is dev-only and never the shipped default. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Full sweep of info/warn/error logs for personal data (the previous commits only covered cwd). Three classes addressed: Tier 1 (user content / arbitrary files): master forwards fs/read|write_text_file and the on-disk session title at info!. The agent-controlled file path and the title (often derived from the user's prompt) now log only length/op at info; the full value moves to the trace-only master.content / session_hook.content channel. Tier 2 (fixed tool/runtime paths whose only PII is the Windows username): hooks-installer config/plugin/marketplace/bundle paths, the master-pipe discovery file, and the agent-pane origin record. New crate::logging::redact_user_path() rewrites the %LOCALAPPDATA%/%APPDATA%/%USERPROFILE% prefix to a placeholder, so these stay debuggable at info/warn without leaking the username. Tier 3 (captured subprocess output): the plugin-CLI stdout/stderr/args move to the agent_hooks.content trace; only exe + exit status stay at default. wtcli stdout/stderr were reviewed and left as-is (tool diagnostics: pane GUIDs / protocol errors, no user content). Out of scope: debug!-level logs (dev-only) and Tier 4 agent command lines (user-configured, not runtime PII). cargo build + logging unit tests pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
vanzue
force-pushed
the
dev/vanzue/log-cwd-trace-only
branch
from
90d04ee to
ef54b3d
Compare
vanzue
changed the title
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Avoid replacing cwd paths with diagnostic has_cwd fields or trace-only cwd logs. Keep the operational log events but omit cwd entirely from logging.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Remove redact_user_path and stop logging fixed runtime/tool paths at default levels. Keep the operational log messages without path/source/staged/old/new fields.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Use chars().count() for the title_len field so non-ASCII session titles are not reported as byte lengths.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Stop moving sensitive paths, command lines, titles, and plugin CLI output into trace-only content logs. Keep the operational log events without those extra fields.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated no new comments.
Comments suppressed due to low confidence (1)
tools/wta/src/agent_hooks_installer.rs:2160
- Even with
argsmoved onto the trace-onlyagent_hooks.contenttarget here,run_plugin_cli_with_envstill returns an error whose Display string includesargs.join(" ")(lines 2165-2172). Callers logerr = %eatwarn!(e.g. Gemini install/update), and some args include filesystem paths (likebundle_path), so failures can still leak user-specific paths at default log levels. Consider removing args from the error message and relying on the existing trace logs for detailed arguments/output.
Ok(())
}
/// Lower-cased substring search across the captured stdout+stderr for
/// any of `needles`. Returns true on the first hit. Lower-casing both
/// sides keeps the match case-insensitive without per-CLI normalization
Hook installation and upgrade flows rely on concrete filesystem paths for troubleshooting stale marketplace and staging issues, so keep those path fields in agent_hooks logs.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Return tools/wta/src/agent_hooks_installer.rs to origin/main so this PR does not change hook installer diagnostics.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Log the fixed discovery filename and pipe name around master pipe discovery file operations without including the user-specific filesystem path.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Log safe SessionEvent summaries instead of full debug payloads so SessionStarted cwd/title do not appear in helper/master logs. Also strip user prompt template paths from prompt-source diagnostics and remove startup-probe cwd details.\n\nCo-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This reverts commit e28ebb8.
haonanttt
approved these changes
Jun 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Audit and fix WTA logs that emitted sensitive user context at default/user-facing diagnostic levels where it was not useful. Debug/probe diagnostics are intentionally out of scope.
Findings & fixes
Default-level cwd / workspace context.
run_delegate,acp_load_session(boot-time + inbound),agents_viewresume dispatch, andmasternew_sessionno longer record cwd atinfo!/warn!.Default-level user content / arbitrary files.
masterforwardsfs/read_text_file/fs/write_text_fileand terminal creation requests without logging the file path, command, or command args. Session-title upgrade logs keep only a character count, not the title text.Master pipe discovery diagnostics. The full discovery-file path is not logged, but logs include stable non-user hints:
discovery_file="master-pipe.txt"andpipe_name.Hook installer left unchanged.
agent_hooks_installer.rsis restored toorigin/mainbecause hook install/upgrade diagnostics rely on concrete paths for stale marketplace and WindowsApps staging issues.Out of scope
err/errorDisplay fields — diagnostic and essential; not reliably sensitive user context.Verification
cargo build --manifest-path tools/wta/Cargo.tomlpasses.Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com