Skip to content

feat: leakage verification harness + v4 observability docs (#52)#87

Merged
itscooleric merged 3 commits intodevfrom
feat/leakage-harness-52
Mar 17, 2026
Merged

feat: leakage verification harness + v4 observability docs (#52)#87
itscooleric merged 3 commits intodevfrom
feat/leakage-harness-52

Conversation

@itscooleric
Copy link
Copy Markdown
Owner

@itscooleric itscooleric commented Mar 17, 2026

Summary

Leakage test harness

Verifies AI agents don't send gitignored secrets to their API endpoints:

  • tests/leakage/setup-fixture.sh — synthetic repo with unique markers in .env, credentials.json, *.pem, secrets/, node_modules/
  • tests/leakage/check-leakage.py — scans intercept/egress/conversation logs for marker strings
  • tests/leakage/run-test.sh — end-to-end: create fixture → run Claude → check logs
  • Exits 0 (clean) or 1 (leaked) for CI integration

Observability docs

docs/observability.md — comprehensive documentation of the full v4 stack:

  • Session logging + conversation harvesting
  • Token/cost tracking with pricing table
  • Egress audit (connection-level)
  • Intercepting proxy (full MITM, request/response)
  • Leakage verification
  • Firewall allowlist
  • MITM certificate trust
  • Secret redaction patterns

Closes #52this closes out all v4: Agent Observability tickets!

v4 final status

# Title Status
#41 Structured session logging
#42 Session transcript capture
#43 Token/cost tracking
#44 Log retention/rotation
#50 Intercepting proxy
#51 Outbound request audit
#52 Leakage verification ✅ This PR

Test plan

  • CI checks pass
  • Full leakage test with CLIDE_INTERCEPT=1 on edge
  • Docs review

🤖 Generated with Claude Code

itscooleric and others added 3 commits March 17, 2026 00:16
@itscooleric @claude
feat: ignore-file leakage verification harness + v4 docs (#52)
2ba18c6 
Test harness to verify AI agents don't leak gitignored secrets:
- setup-fixture.sh: creates synthetic repo with unique markers in
  .env, credentials.json, *.pem, secrets/, node_modules/
- check-leakage.py: scans intercept/egress/conversation logs for
  marker strings — exits 0 (clean) or 1 (leaked)
- run-test.sh: full end-to-end test runner

Also adds docs/observability.md documenting the full v4 stack:
session logging, token tracking, egress audit, intercept proxy,
leakage testing, firewall, MITM cert trust, secret redaction.

Closes #52

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@itscooleric @claude
fix: shellcheck SC2188 — add true before redirection
779f3d8 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@itscooleric @claude
fix: propagate proxy env to ttyd + install mitmproxy CA cert
464f69f 
- Start intercept proxy in entrypoint.sh (not just claude-entrypoint)
  so web terminal sessions also route through the proxy
- Install mitmproxy CA cert system-wide + set NODE_EXTRA_CA_CERTS
  so Node.js (Claude Code) trusts the MITM HTTPS interception
- Wait 2s for mitmproxy to generate its CA before proceeding

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@itscooleric itscooleric merged commit d946e31 into dev Mar 17, 2026
4 checks passed
@itscooleric itscooleric deleted the feat/leakage-harness-52 branch March 17, 2026 01:27
@itscooleric itscooleric mentioned this pull request Mar 17, 2026
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@itscooleric