QuickApps version
latest
Area
Orchestrator / agent loop, Toolsets (REST / DIAL deployment / MCP / internal)
What is the current state?
A number of (mostly DEBUG-level) statements log complete objects: chat-completion payloads, message context, tool-call arguments, tool and LLM responses, and unfiltered URLs. Sites span the core agent loop and the tooling packages.
Why is this debt?
DEBUG is commonly enabled while investigating live issues, and full-payload records then flow into aggregated logs. Structure-level summaries (roles, counts, sizes, tool names, statuses) serve the same debugging purpose with a much smaller footprint, and the upcoming OTLP export (#433) and JSON mode (#438) make lean records more valuable.
Proposed remediation
Per the approved content policy (#434): replace payload dumps with structure summaries, log URLs without query strings, and route any remaining payload debugging through an explicit opt-in switch with truncation. Sweep by area: core agent loop, then tooling packages.
Alternatives considered
Redacting known-sensitive keys on top of full dumps — allowlisting structure is simpler and more robust than denylisting content.
Additional information
Depends on #434.
QuickApps version
latest
Area
Orchestrator / agent loop, Toolsets (REST / DIAL deployment / MCP / internal)
What is the current state?
A number of (mostly DEBUG-level) statements log complete objects: chat-completion payloads, message context, tool-call arguments, tool and LLM responses, and unfiltered URLs. Sites span the core agent loop and the tooling packages.
Why is this debt?
DEBUG is commonly enabled while investigating live issues, and full-payload records then flow into aggregated logs. Structure-level summaries (roles, counts, sizes, tool names, statuses) serve the same debugging purpose with a much smaller footprint, and the upcoming OTLP export (#433) and JSON mode (#438) make lean records more valuable.
Proposed remediation
Per the approved content policy (#434): replace payload dumps with structure summaries, log URLs without query strings, and route any remaining payload debugging through an explicit opt-in switch with truncation. Sweep by area: core agent loop, then tooling packages.
Alternatives considered
Redacting known-sensitive keys on top of full dumps — allowlisting structure is simpler and more robust than denylisting content.
Additional information
Depends on #434.