github · lpcox · Mar 16, 2026 · Mar 16, 2026 · Mar 16, 2026 · Mar 16, 2026
diff --git a/internal/difc/labels.go b/internal/difc/labels.go
@@ -167,18 +167,19 @@ func NewSecrecyLabelWithTags(tags []Tag) *SecrecyLabel {
 	return &SecrecyLabel{Label: newLabelWithTags(tags)}
 }
 
+// getLabel returns the underlying Label, or nil if the receiver or its underlying Label is nil.
+func (l *SecrecyLabel) getLabel() *Label {
+	if l == nil {
+		return nil
+	}
+	return l.Label
+}
+
 // CanFlowTo checks if this secrecy label can flow to target
 // Secrecy semantics: l ⊆ target (this has no tags that target doesn't have)
 // Data can only flow to contexts with equal or more secrecy tags
 func (l *SecrecyLabel) CanFlowTo(target *SecrecyLabel) bool {
-	var srcLabel, targetLabel *Label
-	if l != nil {
-		srcLabel = l.Label
-	}
-	if target != nil {
-		targetLabel = target.Label
-	}
-	ok, _ := checkFlowHelper(srcLabel, targetLabel, true, "Secrecy")
+	ok, _ := checkFlowHelper(l.getLabel(), target.getLabel(), true, "Secrecy")
 	return ok
 }
 
@@ -273,19 +274,12 @@ func checkFlowHelper(srcLabel *Label, targetLabel *Label, checkSubset bool, labe
 
 // CheckFlow checks if this secrecy label can flow to target and returns violation details if not
 func (l *SecrecyLabel) CheckFlow(target *SecrecyLabel) (bool, []Tag) {
-	var srcLabel, targetLabel *Label
-	if l != nil {
-		srcLabel = l.Label
-	}
-	if target != nil {
-		targetLabel = target.Label
-	}
-	return checkFlowHelper(srcLabel, targetLabel, true, "Secrecy")
+	return checkFlowHelper(l.getLabel(), target.getLabel(), true, "Secrecy")
 }
 
 // Clone creates a copy of the secrecy label
 func (l *SecrecyLabel) Clone() *SecrecyLabel {
-	if l == nil || l.Label == nil {
+	if l.getLabel() == nil {
 		return NewSecrecyLabel()
 	}
 	return &SecrecyLabel{Label: l.Label.Clone()}
@@ -308,37 +302,31 @@ func NewIntegrityLabelWithTags(tags []Tag) *IntegrityLabel {
 	return &IntegrityLabel{Label: newLabelWithTags(tags)}
 }
 
+// getLabel returns the underlying Label, or nil if the receiver is nil.
+func (l *IntegrityLabel) getLabel() *Label {
+	if l == nil {
+		return nil
+	}
+	return l.Label
+}
+
 // CanFlowTo checks if this integrity label can flow to target
 // Integrity semantics: l ⊇ target (this has all tags that target has)
 // For writes: agent must have >= integrity than endpoint
 // For reads: endpoint must have >= integrity than agent
 func (l *IntegrityLabel) CanFlowTo(target *IntegrityLabel) bool {
-	var srcLabel, targetLabel *Label
-	if l != nil {
-		srcLabel = l.Label
-	}
-	if target != nil {
-		targetLabel = target.Label
-	}
-	ok, _ := checkFlowHelper(srcLabel, targetLabel, false, "Integrity")
+	ok, _ := checkFlowHelper(l.getLabel(), target.getLabel(), false, "Integrity")
 	return ok
 }
 
 // CheckFlow checks if this integrity label can flow to target and returns violation details if not
 func (l *IntegrityLabel) CheckFlow(target *IntegrityLabel) (bool, []Tag) {
-	var srcLabel, targetLabel *Label
-	if l != nil {
-		srcLabel = l.Label
-	}
-	if target != nil {
-		targetLabel = target.Label
-	}
-	return checkFlowHelper(srcLabel, targetLabel, false, "Integrity")
+	return checkFlowHelper(l.getLabel(), target.getLabel(), false, "Integrity")
 }
 
 // Clone creates a copy of the integrity label
 func (l *IntegrityLabel) Clone() *IntegrityLabel {
-	if l == nil || l.Label == nil {
+	if l.getLabel() == nil {
 		return NewIntegrityLabel()
 	}
 	return &IntegrityLabel{Label: l.Label.Clone()}

diff --git a/internal/logger/rpc_logger.go b/internal/logger/rpc_logger.go
@@ -59,41 +59,32 @@ type RPCMessageInfo struct {
 	Error       string              // Error message if any (for responses)
 }
 
-// logRPCMessageToAll is a helper that logs RPC messages to text, markdown, and JSONL logs.
-// It uses the withGlobalLogger helper from global_helpers.go to handle mutex locking and nil-checking.
-func logRPCMessageToAll(direction RPCMessageDirection, messageType RPCMessageType, serverID, method string, payload []byte, err error, agentSecrecy, agentIntegrity []string) {
-	// Create info for text log (with larger payload preview)
-	infoText := &RPCMessageInfo{
+// newRPCMessageInfo constructs an RPCMessageInfo with the given parameters, truncating
+// the payload preview to maxPayload characters.
+func newRPCMessageInfo(direction RPCMessageDirection, messageType RPCMessageType, serverID, method string, payload []byte, err error, maxPayload int) *RPCMessageInfo {
+	info := &RPCMessageInfo{
 		Direction:   direction,
 		MessageType: messageType,
 		ServerID:    serverID,
 		Method:      method,
 		PayloadSize: len(payload),
-		Payload:     truncateAndSanitize(string(payload), MaxPayloadPreviewLengthText),
+		Payload:     truncateAndSanitize(string(payload), maxPayload),
 	}
-
 	if err != nil {
-		infoText.Error = err.Error()
+		info.Error = err.Error()
 	}
+	return info
+}
 
-	// Log to text file
+// logRPCMessageToAll is a helper that logs RPC messages to text, markdown, and JSONL logs.
+// It uses the withGlobalLogger helper from global_helpers.go to handle mutex locking and nil-checking.
+func logRPCMessageToAll(direction RPCMessageDirection, messageType RPCMessageType, serverID, method string, payload []byte, err error, agentSecrecy, agentIntegrity []string) {
+	// Log to text file (with larger payload preview)
+	infoText := newRPCMessageInfo(direction, messageType, serverID, method, payload, err, MaxPayloadPreviewLengthText)
 	LogDebug("rpc", "%s", formatRPCMessage(infoText))
 
-	// Create info for markdown log (with shorter payload preview)
-	infoMarkdown := &RPCMessageInfo{
-		Direction:   direction,
-		MessageType: messageType,
-		ServerID:    serverID,
-		Method:      method,
-		PayloadSize: len(payload),
-		Payload:     truncateAndSanitize(string(payload), MaxPayloadPreviewLengthMarkdown),
-	}
-
-	if err != nil {
-		infoMarkdown.Error = err.Error()
-	}
-
-	// Log to markdown file using withGlobalLogger helper
+	// Log to markdown file (with shorter payload preview)
+	infoMarkdown := newRPCMessageInfo(direction, messageType, serverID, method, payload, err, MaxPayloadPreviewLengthMarkdown)
 	withGlobalLogger(&globalMarkdownMu, &globalMarkdownLogger, func(logger *MarkdownLogger) {
 		logger.Log(LogLevelDebug, "rpc", "%s", formatRPCMessageMarkdown(infoMarkdown))
 	})