a149c5748f
Integrates log-policy enforcement as a Tier-1 quality gate in CI and installs the panic hook for SecretString redaction in backtraces. Changes: - Add log-policy-check to quality-matrix in pdftract-ci.yaml - Install panic_hook in main.rs for crash dump redaction - Create verification note at notes/pdftract-3990k.md Existing implementations verified: - secrecy crate (v0.10) in workspace dependencies - SecretString used consistently for credentials - redact_headers_for_log() in mcp/http.rs strips auth headers - check-log-policy.sh CI gate scans for forbidden patterns - CONTRIBUTING.md documents NEVER-log secrets policy - Fuzz test (tests/log_secret_fuzz.rs) with 10,000 case coverage Acceptance criteria: - secrecy crate added ✅ PASS (already in workspace) - SecretString used for credentials ✅ PASS - CI gate runs on every PR ✅ PASS - Fuzz-test confirms no credential leaks ✅ PASS - Auth headers stripped from logging ✅ PASS - Panic hook redacts SecretString ✅ PASS - CONTRIBUTING.md section ✅ PASS Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| benches | ||
| src | ||
| tests | ||
| build.rs | ||
| Cargo.toml | ||
| header | ||
| pdftract-cli.cdx.json | ||