Skip to content

SECURITY-169-API-36: redact committed sensitive docs and local paths#2917

Merged
fermatmind merged 1 commit into
mainfrom
codex/security-169-api-36-redact-committed-sensitive-docs-and-local-paths
Jul 10, 2026
Merged

SECURITY-169-API-36: redact committed sensitive docs and local paths#2917
fermatmind merged 1 commit into
mainfrom
codex/security-169-api-36-redact-committed-sensitive-docs-and-local-paths

Conversation

@fermatmind

@fermatmind fermatmind commented Jul 10, 2026

Copy link
Copy Markdown
Owner

What changed

  • Removed duplicate guest-token response aliases and kept the canonical fm_token field.
  • Redacted committed private result identifiers, operator-local paths, production order/search evidence, credential placement, hashes, and queue identifiers from scoped audit artifacts.
  • Added an exact-path runtime-freeze regression proving the guest-token response hardening is non-MBTI.
  • Updated focused contracts, Big Five checksums, and PR-train metadata.

Why

Committed audit evidence and generated contracts must preserve reusable validation structure without retaining private identifiers, environment paths, credential metadata, or production operational state.

Validation

  • Focused remediation tests: 17 passed, 2878 assertions.
  • Runtime-freeze focused regression: 2 passed, 4 assertions.
  • Full Big Five GitHub-equivalent gate: 1186 passed, 150161 assertions.
  • bash backend/scripts/ci_verify_mbti.sh passed.
  • php artisan route:list --no-ansi: 233 routes.
  • Fresh SQLite migration passed.
  • Pint, JSON/YAML parsing, SHA256SUMS verification, sensitive-evidence scans, scope validation 19/25, and git diff --check passed.

Deferred items

  • The full SeoIntelGscSidecarRuntimeEnvBoundaryTest class has a pre-existing date-dependent stale-report fixture fixed at 2026-06-17. All methods covering modified generated/live/sidecar contracts pass; changing report-date policy is outside this PR scope.
  • No CMS/search write, production import, staging wait, manual deploy, or production deploy was executed.

@fermatmind fermatmind force-pushed the codex/security-169-api-36-redact-committed-sensitive-docs-and-local-paths branch from 53d11c0 to 97657db Compare July 10, 2026 21:12
@fermatmind fermatmind merged commit 9fe8968 into main Jul 10, 2026
15 checks passed
@fermatmind fermatmind deleted the codex/security-169-api-36-redact-committed-sensitive-docs-and-local-paths branch July 10, 2026 21:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant