a149c5748f
Integrates log-policy enforcement as a Tier-1 quality gate in CI and installs the panic hook for SecretString redaction in backtraces. Changes: - Add log-policy-check to quality-matrix in pdftract-ci.yaml - Install panic_hook in main.rs for crash dump redaction - Create verification note at notes/pdftract-3990k.md Existing implementations verified: - secrecy crate (v0.10) in workspace dependencies - SecretString used consistently for credentials - redact_headers_for_log() in mcp/http.rs strips auth headers - check-log-policy.sh CI gate scans for forbidden patterns - CONTRIBUTING.md documents NEVER-log secrets policy - Fuzz test (tests/log_secret_fuzz.rs) with 10,000 case coverage Acceptance criteria: - secrecy crate added ✅ PASS (already in workspace) - SecretString used for credentials ✅ PASS - CI gate runs on every PR ✅ PASS - Fuzz-test confirms no credential leaks ✅ PASS - Auth headers stripped from logging ✅ PASS - Panic hook redacts SecretString ✅ PASS - CONTRIBUTING.md section ✅ PASS Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| argo-workflows | ||
| scripts | ||