Skip to content

fix: make Openframe token diag line parseable by openframe-client#59

Merged
mikhailm-coder merged 1 commit into
masterfrom
fix/openframe-token-log-format
Jul 2, 2026
Merged

fix: make Openframe token diag line parseable by openframe-client#59
mikhailm-coder merged 1 commit into
masterfrom
fix/openframe-token-log-format

Conversation

@mikhailm-coder

@mikhailm-coder mikhailm-coder commented Jul 2, 2026

Copy link
Copy Markdown

What

The token-read diagnostic in openframe/token_extractor.c printed:

Openframe token: read JWT from <path> at <ts>: <jwt>

Because that line does not start with an RFC3339 timestamp, it was silently dropped by openframe-client's log ingest. The client's parse_log_line / parse_tracing_format only ships lines shaped as <rfc3339-ts> LEVEL <msg> (or logrus time="..."), so this diagnostic never reached the central logs — it only ever appeared raw in the local meshcentral-agent.log.

Change

Reorder the line to lead with the UTC timestamp and append the tool_id=meshcentral-agent field, matching the tracing format the agent already emits (and that the client parses):

<ts> INFO Openframe token: read JWT from <path>: <jwt> tool_id=meshcentral-agent
  • One-line change to the printf format string in token_extractor.c.
  • The at <ts> in the message body is dropped as redundant (timestamp is now the leading prefix).
  • Token value is intentionally left visible for now, per current diagnostic needs.

Note

This line logs the full decrypted JWT in plaintext, which will now be shipped to central logs (the sibling Openframe JWT: line in agentcore.c already is). This is acceptable for the current investigation but should be redacted (log length / prefix / iat/exp claims instead of the token body) once diagnostics are complete.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Bug Fixes
    • Improved diagnostic output when reading and decrypting a token, making it easier to identify the source and status of the event.
    • Added clearer context to token-related messages to support troubleshooting.

The token-read diagnostic in token_extractor.c printed
`Openframe token: read JWT from <path> at <ts>: <jwt>`, which does not
start with an RFC3339 timestamp. openframe-client's log parser
(parse_log_line / parse_tracing_format) only ships lines shaped as
`<rfc3339-ts> LEVEL <msg>` or logrus `time="..."`, so this line was
silently dropped on ingest and never reached the central logs.

Reorder to lead with the UTC timestamp and append the
`tool_id=meshcentral-agent` field so it matches the tracing format the
client already emits and parses. Token value is left visible for now.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

A single diagnostic printf statement in extract_token (openframe/token_extractor.c) was updated to include an INFO severity prefix and an added tool_id=meshcentral-agent field alongside the existing token path and decrypted value information.

Changes

Logging update

Layer / File(s) Summary
Update JWT decrypt log message
openframe/token_extractor.c
Success log message for decrypted JWT now includes INFO prefix and appends tool_id=meshcentral-agent field.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Possibly related PRs

Suggested reviewers: denys-gif

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: making the Openframe token diagnostic parseable by openframe-client.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/openframe-token-log-format

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@openframe/token_extractor.c`:
- Line 69: The logging in openframe/token_extractor.c is leaking the decrypted
JWT verbatim through the Openframe token read path. Update the printf in the
token extraction flow to avoid emitting decrypted_token directly, and have
token_extractor.c redact or mask the token before any central log output while
preserving enough context to diagnose the source filename and flow.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: edb00db9-10dd-460c-bbc4-643c0c1913b0

📥 Commits

Reviewing files that changed from the base of the PR and between 5c1150b and 53dbff9.

📒 Files selected for processing (1)
  • openframe/token_extractor.c

Comment thread openframe/token_extractor.c
@mikhailm-coder mikhailm-coder merged commit 0da37a6 into master Jul 2, 2026
4 checks passed
@mikhailm-coder mikhailm-coder deleted the fix/openframe-token-log-format branch July 2, 2026 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants