fix: make Openframe token diag line parseable by openframe-client#59
Conversation
The token-read diagnostic in token_extractor.c printed `Openframe token: read JWT from <path> at <ts>: <jwt>`, which does not start with an RFC3339 timestamp. openframe-client's log parser (parse_log_line / parse_tracing_format) only ships lines shaped as `<rfc3339-ts> LEVEL <msg>` or logrus `time="..."`, so this line was silently dropped on ingest and never reached the central logs. Reorder to lead with the UTC timestamp and append the `tool_id=meshcentral-agent` field so it matches the tracing format the client already emits and parses. Token value is left visible for now. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
📝 WalkthroughWalkthroughA single diagnostic printf statement in extract_token (openframe/token_extractor.c) was updated to include an INFO severity prefix and an added tool_id=meshcentral-agent field alongside the existing token path and decrypted value information. ChangesLogging update
Estimated code review effort: 1 (Trivial) | ~2 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@openframe/token_extractor.c`:
- Line 69: The logging in openframe/token_extractor.c is leaking the decrypted
JWT verbatim through the Openframe token read path. Update the printf in the
token extraction flow to avoid emitting decrypted_token directly, and have
token_extractor.c redact or mask the token before any central log output while
preserving enough context to diagnose the source filename and flow.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: edb00db9-10dd-460c-bbc4-643c0c1913b0
📒 Files selected for processing (1)
openframe/token_extractor.c
What
The token-read diagnostic in
openframe/token_extractor.cprinted:Because that line does not start with an RFC3339 timestamp, it was silently dropped by openframe-client's log ingest. The client's
parse_log_line/parse_tracing_formatonly ships lines shaped as<rfc3339-ts> LEVEL <msg>(or logrustime="..."), so this diagnostic never reached the central logs — it only ever appeared raw in the localmeshcentral-agent.log.Change
Reorder the line to lead with the UTC timestamp and append the
tool_id=meshcentral-agentfield, matching the tracing format the agent already emits (and that the client parses):printfformat string intoken_extractor.c.at <ts>in the message body is dropped as redundant (timestamp is now the leading prefix).Note
This line logs the full decrypted JWT in plaintext, which will now be shipped to central logs (the sibling
Openframe JWT:line inagentcore.calready is). This is acceptable for the current investigation but should be redacted (log length / prefix /iat/expclaims instead of the token body) once diagnostics are complete.🤖 Generated with Claude Code
Summary by CodeRabbit