chore: move decrypt_with_key logs from debug to trace

[AnthonyRonning]

Moves the verbose decrypt_with_key entry/exit logs from debug to trace level to reduce log noise.

Also updates PCRs.

---

Summary by CodeRabbit

• Chores
  • Adjusted internal logging configuration for enhanced diagnostics.
  • Added new PCR history records to audit logs for development and production environments.

[coderabbitai]

Walkthrough

This PR appends new PCR history entries to both development and production history files, each containing PCR0, PCR1, PCR2, timestamp, and signature fields. Concurrently, logging verbosity in the decrypt_with_key function is reduced by downgrading debug logs to trace level.

Changes

Cohort / File(s)	Summary
PCR History Records pcrDevHistory.json, pcrProdHistory.json	New PCR entries appended to both development and production history arrays, each containing PCR measurements, timestamp, and cryptographic signature.
Logging Adjustments src/encrypt.rs	Function entry and exit logs in decrypt_with_key downgraded from debug to trace level, reducing logging verbosity without altering functionality.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Start on documents feature #43: Appends new PCR entries to the same pcrDevHistory.json and pcrProdHistory.json history files.
• Revert llama33 to tinfoil primary #96: Adds new PCR record entries to both pcrDevHistory.json and pcrProdHistory.json files following the same pattern.
• Jwt hs256 #40: Extends PCR history files by appending new PCR measurements and signatures.

Poem

🐰 Hop hop, new entries we've traced,
PCR history logs find their place,
Traces whisper soft, not debug's loud call,
Records stack higher, securing all!
🔐✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the primary change in src/encrypt.rs. However, the PR also includes unrelated changes to pcrDevHistory.json and pcrProdHistory.json (PCR updates) that are not mentioned in the title.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/move-decrypt-logs-to-trace

Important

Action Needed: IP Allowlist Update

If your organization protects your Git platform with IP whitelisting, please add the new CodeRabbit IP address to your allowlist:

• ✨ 136.113.208.247/32 (new)
• 34.170.211.100/32
• 35.222.179.152/32

Failure to add the new IP will result in interrupted reviews.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 1 additional flag.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR reduces log verbosity by changing decrypt_with_key entry/exit logs from debug! to trace! in src/encrypt.rs, which should lower default debug-level noise while preserving deep troubleshooting capability.

It also updates the dev/prod PCR JSON artifacts (pcrDev*.json, pcrProd*.json) by changing current PCR values and appending new signed history entries, consistent with a new build/measurement.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk.
• Changes are limited to lowering log level for two statements in decrypt_with_key and updating PCR JSON artifacts; no control flow or cryptographic behavior was modified.
• No files require special attention

Important Files Changed

Filename	Overview
src/encrypt.rs	Changed decrypt_with_key entry/exit logs from debug! to trace! to reduce log noise.
pcrDev.json	Updated dev PCR0/PCR2 values to new hashes.
pcrDevHistory.json	Appended new dev PCR measurement record with timestamp and signature.
pcrProd.json	Updated prod PCR0/PCR2 values to new hashes.
pcrProdHistory.json	Appended new prod PCR measurement record with timestamp and signature.

Sequence Diagram

sequenceDiagram
    participant Caller as App code
    participant Encrypt as src/encrypt.rs
    participant Trace as tracing subscriber

    Caller->>Encrypt: decrypt_with_key(key, bytes)
    Encrypt->>Trace: trace!("Entering decrypt_with_key")
    alt bytes.len() < 12
        Encrypt->>Trace: error!("Decrypt failed: Input too short...")
        Encrypt-->>Caller: Err(BadData)
    else
        Encrypt->>Encrypt: Aes256Gcm::new_from_slice(key)
        alt cipher init fails
            Encrypt->>Trace: error!("Failed to create cipher from key...")
            Encrypt-->>Caller: Err(FailedToDecrypt)
        else
            Encrypt->>Encrypt: cipher.decrypt(nonce, ciphertext)
            alt decrypt fails
                Encrypt->>Trace: error!("AES-GCM decryption failed...")
                Encrypt-->>Caller: Err(FailedToDecrypt)
            else
                Encrypt->>Trace: trace!("Exiting decrypt_with_key")
                Encrypt-->>Caller: Ok(plaintext)
            end
        end
    end

Loading