Skip to content

chore: adjust logging and telemetry setup MCP-410#993

Merged
gagik merged 14 commits into
mainfrom
gagik/logging-fixes
Mar 26, 2026
Merged

chore: adjust logging and telemetry setup MCP-410#993
gagik merged 14 commits into
mainfrom
gagik/logging-fixes

Conversation

@gagik
Copy link
Copy Markdown
Collaborator

@gagik gagik commented Mar 20, 2026
edited
Loading

Makes logging more strict.

commit 0c87e61
Remove noRedaction from telemetry error logs

Telemetry send-failure log messages interpolate error.message which
can contain sensitive fragments like URLs or tokens from network/API
errors. Removing noRedaction: true ensures these messages go through
the standard redaction pipeline.

commit d267c70

Apply redaction to log attributes in addition to messages

LoggerBase.log() previously only redacted the message field, leaving
attributes (key=value pairs) unredacted in console and disk loggers.
This could expose sensitive data passed as log attributes.

commit 24221ce

Redact error messages in tool results returned to MCP clients

ToolBase.handleError() now passes error messages through mongodb-redact
with the session keychain before including them in CallToolResult. This
prevents driver/API error messages from leaking sensitive fragments like
hostnames, auth details, or connection URIs to MCP clients.

commit 6581369

Replace raw exception text with generic message on /metrics errors

The monitoring server's /metrics endpoint was returning the full
exception message in 500 responses, potentially leaking internal
details about the Prometheus registry or server state.

@gagik gagik changed the title chore: adjust logging and telemetry setup chore: adjust logging and telemetry setup MCP-410 Mar 20, 2026
@coveralls
Copy link
Copy Markdown
Collaborator

coveralls commented Mar 24, 2026
edited
Loading

Pull Request Test Coverage Report for Build 23495353136

Details

  • 47 of 69 (68.12%) changed or added relevant lines in 9 files are covered.
  • 1 unchanged line in 1 file lost coverage.
  • Overall coverage increased (+0.03%) to 81.299%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/common/config/configOverrides.ts 9 13 69.23%
src/transports/streamableHttp.ts 4 10 40.0%
src/common/config/parseUserConfig.ts 3 15 20.0%
Files with Coverage Reduction New Missed Lines %
src/transports/streamableHttp.ts 1 81.6%
Totals Coverage Status
Change from base Build 23490161757: 0.03%
Covered Lines: 10058
Relevant Lines: 12241
💛 - Coveralls

gagik added 6 commits March 24, 2026 11:00
@gagik
Apply redaction to log attributes in addition to messages
d267c70 
LoggerBase.log() previously only redacted the message field, leaving
attributes (key=value pairs) unredacted in console and disk loggers.
This could expose sensitive data passed as log attributes.
@gagik
Make keychains session-specific and register config override secrets
de25a4b 
Keychain now supports a parent-child hierarchy. Each session creates a child keychain via Keychain.root.createChild(), ensuring session-specific secrets are scoped while remaining visible to shared loggers via upward propagation. Config override secrets are now registered on the session keychain in createServer(), fixing the gap where overrides bypassed keychain registration entirely.
@gagik
Remove noRedaction from telemetry error logs
0c87e61 
Telemetry send-failure log messages interpolate error.message which
can contain sensitive fragments like URLs or tokens from network/API
errors. Removing noRedaction: true ensures these messages go through
the standard redaction pipeline.
@gagik
Redact error messages in tool results returned to MCP clients
24221ce 
ToolBase.handleError() now passes error messages through mongodb-redact
with the session keychain before including them in CallToolResult. This
prevents driver/API error messages from leaking sensitive fragments like
hostnames, auth details, or connection URIs to MCP clients.
@gagik
Replace raw exception text with generic message on /metrics errors
6581369 
The monitoring server's /metrics endpoint was returning the full
exception message in 500 responses, potentially leaking internal
details about the Prometheus registry or server state.
@gagik
chore: remove circular dependency
25dca1b
@gagik gagik marked this pull request as ready for review March 24, 2026 13:36
@gagik gagik requested a review from a team as a code owner March 24, 2026 13:36
Copilot AI review requested due to automatic review settings March 24, 2026 13:36
Copilot AI reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens logging/telemetry safety by expanding redaction coverage (including attributes and tool error messages) and by reducing error-detail exposure over HTTP and telemetry.

Changes:

  • Introduces parent/child Keychain behavior and wires session-level keychains into transport/session creation.
  • Expands redaction to logger attributes and to ToolBase error responses; reduces telemetry/log payload verbosity.
  • Makes HTTP error responses less verbose and introduces a ConfigOverrideError type to selectively expose safe override errors.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
tests/unit/tools/atlas/streams/streamsToolBase.test.ts Updates session mock to include a Keychain.
tests/unit/toolBase.test.ts Updates session mock to include a Keychain.
tests/unit/logger.test.ts Adds coverage for redaction inside logger attributes.
tests/unit/common/keychain.test.ts Adds tests for parent/child keychain behavior.
src/transports/streamableHttp.ts Reduces error detail in HTTP responses; adjusts metrics endpoint error handling.
src/transports/base.ts Creates a session keychain and registers config secrets at session creation time; passes keychain to Session/McpLogger.
src/tools/tool.ts Redacts tool error messages before returning them to callers.
src/telemetry/telemetry.ts Avoids logging full event payloads and removes unredacted failure logs.
src/server.ts Removes error message propagation into telemetry properties.
src/lib.ts Re-exports registerConfigSecrets and ConfigOverrideError.
src/index.ts Removes noRedaction from shutdown error logging.
src/common/logging/loggerBase.ts Adds redaction for log attributes values.
src/common/keychain.ts Implements keychain parent/child hierarchy with upward propagation and chain aggregation.
src/common/config/parseUserConfig.ts Exports registerConfigSecrets; moves matchingConfigKey logic here.
src/common/config/configUtils.ts Removes matchingConfigKey implementation (moved elsewhere).
src/common/config/configOverrides.ts Introduces ConfigOverrideError and uses it for override-related failures.

Comment thread src/common/config/configOverrides.ts Outdated
Comment thread src/common/config/parseUserConfig.ts
Comment thread src/transports/streamableHttp.ts Outdated
gagik
gagik commented Mar 24, 2026
View reviewed changes
Comment thread src/tools/atlas/read/listProjects.ts
orgId,
},
query: {
itemsPerPage: 500,
Copy link
Copy Markdown
Collaborator Author

@gagik gagik Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure why this became necessary...?

Copy link
Copy Markdown
Collaborator Author

@gagik gagik Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

apparently the limit we had was just falling back to default, we should fix it generally but this is bumping it to a higher number so is a temporary bandaid

cveticm
cveticm approved these changes Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@cveticm cveticm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM % one suggestion
Thanks for breaking PR description down by commits, very handy for reviewing

Comment thread src/server.ts
event.properties.runtime_duration_ms = Date.now() - this.startTime;
if (error) {
event.properties.result = "failure";
event.properties.reason = error.message;
Copy link
Copy Markdown
Collaborator

@cveticm cveticm Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we sanitise this error instead of removing it? assume seeing the reason for failure could be useful but perhaps not?

Copy link
Copy Markdown
Collaborator Author

@gagik gagik Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could change this to be error.name instead, it'll be a lot more vague but yeah better than nothing

Copy link
Copy Markdown
Collaborator Author

@gagik gagik Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

going to add it as error_type because we might want to block reason being sent in the future

@gagik gagik merged commit c5eedb4 into main Mar 26, 2026
18 checks passed
@gagik gagik deleted the gagik/logging-fixes branch March 26, 2026 17:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cveticm cveticm cveticm approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@gagik @coveralls @cveticm