fix: redact persisted manifests from job details by homerquan · Pull Request #12 · MirrorNeuronLab/MirrorNeuron

homerquan · 2026-05-18T18:29:15Z

The runtime began persisting full unredacted manifests into job records and returning the persisted job map in Monitor.job_details/2, which exposed sensitive manifest contents (metadata, node configs, tool bindings, initial inputs) to API callers.
The change prevents accidental information disclosure via the monitor/grpc GetJob surface while preserving job metadata required for operator workflows.

Add a helper public_job/1 that removes the embedded "manifest" key from persisted job maps using Map.drop/2.
Update Monitor.job_details/2 to return public_job(job) instead of the raw persisted job, preserving manifest_ref and other metadata.
Add an end-to-end regression test test "job details does not expose persisted embedded manifests" to tests/e2e/monitor_test.exs which persists a job with a synthetic secret-containing manifest and asserts the manifest is not returned while manifest_ref and summary remain available.
Keep other monitor behavior unchanged (summaries, agents, recent events, sandboxes) so operator-visible data is preserved.

Ran mix format on the modified files successfully (lib/mirror_neuron/monitor.ex and tests/e2e/monitor_test.exs).
Performed a syntax check using elixir to parse the modified files successfully.
Attempted to run mix deps.get / mix test but it was blocked by the environment (Hex metadata download failed with HTTP 403), so full automated test execution could not complete in this environment.

fix: redact manifests from job details

bfb914b

homerquan added aardvark codex labels May 18, 2026 — with ChatGPT Codex Connector

homerquan merged commit 26c3fac into main May 18, 2026
1 check failed

Provide feedback