jjkiers/banks2ff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases Activity

Differentiate between human and LLM debugging

Browse Source
This commit is contained in:
Jacob Kiers
2025-11-21 15:14:52 +01:00
parent 9a5c6d0f68
commit 45c0788a4b
1 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
AGENTS.md
View File

@@ -6,9 +6,10 @@ Banks2FF is a Rust CLI tool that synchronizes bank transactions from GoCardless
## 🚨 CRITICAL: Financial Data Security
### **ABSOLUTE REQUIREMENT: Financial Data Masking**
### **Financial Data Masking Requirements**
**NEVER** expose, log, or display raw financial information including:
**FOR LLM/AI INTERACTIONS ONLY**: When interacting with coding agents, LLMs, or AI assistants:
- **NEVER** expose, log, or display raw financial information including:
- Transaction amounts
- Account balances
- IBANs or account numbers
@@ -16,15 +17,29 @@ Banks2FF is a Rust CLI tool that synchronizes bank transactions from GoCardless
- Personal identifiers
- API keys or tokens
### **Compliance Protocol for Debugging**
**FOR DEBUG LOGGING**: When using `RUST_LOG=debug`:
- **STRUCTURED LOGGING** shows HTTP requests, responses, and errors
- **NO SENSITIVE DATA** is logged (financial amounts, personal info, tokens)
- **REQUEST TRACING** includes method, URL, status codes, and error details
When debugging financial data issues:
### **Compliance Protocol for AI Agent Debugging**
When debugging financial data issues with AI agents:
1. **Create Anonymized Test Scripts**: Write small, focused scripts that extract only the necessary data structure information
2. **Use Mock Data**: Replace real financial values with placeholder data
3. **Validate Structure, Not Values**: Focus on data structure integrity, not actual financial content
4. **Sanitize All Outputs**: Ensure any debugging output masks sensitive information
### **Debug Logging**
The application uses structured logging with the `tracing` crate:
- **Normal operation**: Uses INFO level logging for key operations
- **Debug mode**: Set `RUST_LOG=debug` to see detailed HTTP request/response logging
- **No sensitive data**: Financial amounts and personal information are never logged
- **Request tracing**: HTTP method, URL, status codes, and error responses are logged
```rust
// ✅ GOOD: Structure validation with mock data
fn validate_transaction_structure() {