Circuit-Forge/turnstone
5
0
Fork 0
Code Issues 11 Pull requests 1 Projects Releases 6 Packages Wiki Activity Actions

feat: log bundle export with PII sanitization option #51

New issue
Closed
opened 2026-05-26 23:05:28 -07:00 by pyr0ball · 1 comment
pyr0ball commented 2026-05-26 23:05:28 -07:00
Owner
Copy link

The Bundles view currently exports raw log entries. For enterprise or support contexts, operators need to share bundles with third parties (vendors, support teams) with sensitive fields redacted.

Features:

  • REDACT_FIELDS config: list of regex patterns to scrub from MESSAGE field before export (e.g. IP addresses, hostnames, usernames)
  • Per-bundle redaction flag: export UI checkbox "Sanitize PII before export"
  • Preview mode: show first 5 entries with redaction applied before committing the export
  • Audit trail: exported bundle metadata logged with redaction flag and timestamp

Default redaction patterns (opt-in):

  • IPv4 addresses
  • Hostnames matching a configurable domain suffix
  • Username fields in auth log entries

Acceptance criteria:

  • Exported JSONL with redaction enabled has no raw IP addresses matching the configured patterns
  • Preview mode works in UI before download
  • Redaction config can be disabled (empty list) for full-fidelity exports
The Bundles view currently exports raw log entries. For enterprise or support contexts, operators need to share bundles with third parties (vendors, support teams) with sensitive fields redacted. **Features:** - `REDACT_FIELDS` config: list of regex patterns to scrub from `MESSAGE` field before export (e.g. IP addresses, hostnames, usernames) - Per-bundle redaction flag: export UI checkbox "Sanitize PII before export" - Preview mode: show first 5 entries with redaction applied before committing the export - Audit trail: exported bundle metadata logged with redaction flag and timestamp **Default redaction patterns (opt-in):** - IPv4 addresses - Hostnames matching a configurable domain suffix - Username fields in auth log entries **Acceptance criteria:** - Exported JSONL with redaction enabled has no raw IP addresses matching the configured patterns - Preview mode works in UI before download - Redaction config can be disabled (empty list) for full-fidelity exports
pyr0ball added this to the beta milestone 2026-05-26 23:05:28 -07:00
pyr0ball added the
ux
enhancement
security
compliance
 labels 2026-05-26 23:05:28 -07:00
pyr0ball commented 2026-05-29 09:25:48 -07:00
Author
Owner
Copy link

Implemented:

  • _redact_text() in incidents.py with 5 compiled regex patterns (IPv4, email, user=, host=, password=)
  • build_bundle(sanitize=False) — opt-in redaction applied per log entry text
  • sent_bundles SQLite table (schema in pipeline.py, auto-created on startup)
  • record_sent_bundle() called on every bundle GET and every bundle send
  • list_sent_bundles() exposed at GET /api/sent-bundles
  • POST /api/incidents/{id}/send?sanitize=true passes flag through
  • GET /api/incidents/{id}/bundle?sanitize=true records export + applies redaction
  • BundlesView: Received / Sent tabs; Sent tab shows sanitized badge, 5-entry preview, re-download button
  • IncidentsView: "Sanitize PII" checkbox next to Send Bundle button
  • 372 tests passing, frontend build clean

Compliance note: GDPR anonymization disclaimer is in docs/compliance/checklist.md — anonymized bundles cannot be selectively deleted post-export.

Implemented: - `_redact_text()` in `incidents.py` with 5 compiled regex patterns (IPv4, email, user=, host=, password=) - `build_bundle(sanitize=False)` — opt-in redaction applied per log entry text - `sent_bundles` SQLite table (schema in `pipeline.py`, auto-created on startup) - `record_sent_bundle()` called on every bundle GET and every bundle send - `list_sent_bundles()` exposed at `GET /api/sent-bundles` - `POST /api/incidents/{id}/send?sanitize=true` passes flag through - `GET /api/incidents/{id}/bundle?sanitize=true` records export + applies redaction - BundlesView: Received / Sent tabs; Sent tab shows sanitized badge, 5-entry preview, re-download button - IncidentsView: "Sanitize PII" checkbox next to Send Bundle button - 372 tests passing, frontend build clean Compliance note: GDPR anonymization disclaimer is in `docs/compliance/checklist.md` — anonymized bundles cannot be selectively deleted post-export.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/42-50-postgres-multitenant
feat/32-domain-view
feat/15-hybrid-rag
feat/41-hybrid-bert-shim
feat/60-incidents-db
feat/pipeline-cleanup
feat/29-multi-agent-diagnose
feat/ssh-remote-glean
feat/live-watch
feat/llm-reasoning
feat/frictionless-capture
v0.7.0
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
compliance

   
demo

   
deployment

   
docs

   
enhancement

   
parser

   
patterns

   
performance

   
security

   
ux
No labels
compliance
demo
deployment
docs
enhancement
parser
patterns
performance
security
ux
Milestone
Clear milestone
No items
No milestone
beta
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Circuit-Forge/turnstone#51
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?