Differentiate between human and LLM debugging
This commit is contained in:
23
AGENTS.md
23
AGENTS.md
@@ -6,9 +6,10 @@ Banks2FF is a Rust CLI tool that synchronizes bank transactions from GoCardless
|
|||||||
|
|
||||||
## 🚨 CRITICAL: Financial Data Security
|
## 🚨 CRITICAL: Financial Data Security
|
||||||
|
|
||||||
### **ABSOLUTE REQUIREMENT: Financial Data Masking**
|
### **Financial Data Masking Requirements**
|
||||||
|
|
||||||
**NEVER** expose, log, or display raw financial information including:
|
**FOR LLM/AI INTERACTIONS ONLY**: When interacting with coding agents, LLMs, or AI assistants:
|
||||||
|
- **NEVER** expose, log, or display raw financial information including:
|
||||||
- Transaction amounts
|
- Transaction amounts
|
||||||
- Account balances
|
- Account balances
|
||||||
- IBANs or account numbers
|
- IBANs or account numbers
|
||||||
@@ -16,15 +17,29 @@ Banks2FF is a Rust CLI tool that synchronizes bank transactions from GoCardless
|
|||||||
- Personal identifiers
|
- Personal identifiers
|
||||||
- API keys or tokens
|
- API keys or tokens
|
||||||
|
|
||||||
### **Compliance Protocol for Debugging**
|
**FOR DEBUG LOGGING**: When using `RUST_LOG=debug`:
|
||||||
|
- **STRUCTURED LOGGING** shows HTTP requests, responses, and errors
|
||||||
|
- **NO SENSITIVE DATA** is logged (financial amounts, personal info, tokens)
|
||||||
|
- **REQUEST TRACING** includes method, URL, status codes, and error details
|
||||||
|
|
||||||
When debugging financial data issues:
|
### **Compliance Protocol for AI Agent Debugging**
|
||||||
|
|
||||||
|
When debugging financial data issues with AI agents:
|
||||||
|
|
||||||
1. **Create Anonymized Test Scripts**: Write small, focused scripts that extract only the necessary data structure information
|
1. **Create Anonymized Test Scripts**: Write small, focused scripts that extract only the necessary data structure information
|
||||||
2. **Use Mock Data**: Replace real financial values with placeholder data
|
2. **Use Mock Data**: Replace real financial values with placeholder data
|
||||||
3. **Validate Structure, Not Values**: Focus on data structure integrity, not actual financial content
|
3. **Validate Structure, Not Values**: Focus on data structure integrity, not actual financial content
|
||||||
4. **Sanitize All Outputs**: Ensure any debugging output masks sensitive information
|
4. **Sanitize All Outputs**: Ensure any debugging output masks sensitive information
|
||||||
|
|
||||||
|
### **Debug Logging**
|
||||||
|
|
||||||
|
The application uses structured logging with the `tracing` crate:
|
||||||
|
|
||||||
|
- **Normal operation**: Uses INFO level logging for key operations
|
||||||
|
- **Debug mode**: Set `RUST_LOG=debug` to see detailed HTTP request/response logging
|
||||||
|
- **No sensitive data**: Financial amounts and personal information are never logged
|
||||||
|
- **Request tracing**: HTTP method, URL, status codes, and error responses are logged
|
||||||
|
|
||||||
```rust
|
```rust
|
||||||
// ✅ GOOD: Structure validation with mock data
|
// ✅ GOOD: Structure validation with mock data
|
||||||
fn validate_transaction_structure() {
|
fn validate_transaction_structure() {
|
||||||
|
|||||||
Reference in New Issue
Block a user