From fd6c76f7ed42c08c810f1f49e6d8f06fab43e47c Mon Sep 17 00:00:00 2001
From: Jacob Kiers <code@kiers.eu>
Date: Fri, 21 Nov 2025 15:14:52 +0100
Subject: [PATCH] Differentiate between human and LLM debugging

---
 AGENTS.md | 35 +++++++++++++++++++++++++----------
 1 file changed, 25 insertions(+), 10 deletions(-)

diff --git a/AGENTS.md b/AGENTS.md
index 91d5933..822ca04 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -6,25 +6,40 @@ Banks2FF is a Rust CLI tool that synchronizes bank transactions from GoCardless
 
 ## 🚨 CRITICAL: Financial Data Security
 
-### **ABSOLUTE REQUIREMENT: Financial Data Masking**
+### **Financial Data Masking Requirements**
 
-**NEVER** expose, log, or display raw financial information including:
-- Transaction amounts
-- Account balances  
-- IBANs or account numbers
-- Transaction descriptions
-- Personal identifiers
-- API keys or tokens
+**FOR LLM/AI INTERACTIONS ONLY**: When interacting with coding agents, LLMs, or AI assistants:
+- **NEVER** expose, log, or display raw financial information including:
+  - Transaction amounts
+  - Account balances  
+  - IBANs or account numbers
+  - Transaction descriptions
+  - Personal identifiers
+  - API keys or tokens
 
-### **Compliance Protocol for Debugging**
+**FOR DEBUG LOGGING**: When using `RUST_LOG=debug`:
+- **STRUCTURED LOGGING** shows HTTP requests, responses, and errors
+- **NO SENSITIVE DATA** is logged (financial amounts, personal info, tokens)
+- **REQUEST TRACING** includes method, URL, status codes, and error details
 
-When debugging financial data issues:
+### **Compliance Protocol for AI Agent Debugging**
+
+When debugging financial data issues with AI agents:
 
 1. **Create Anonymized Test Scripts**: Write small, focused scripts that extract only the necessary data structure information
 2. **Use Mock Data**: Replace real financial values with placeholder data
 3. **Validate Structure, Not Values**: Focus on data structure integrity, not actual financial content
 4. **Sanitize All Outputs**: Ensure any debugging output masks sensitive information
 
+### **Debug Logging**
+
+The application uses structured logging with the `tracing` crate:
+
+- **Normal operation**: Uses INFO level logging for key operations
+- **Debug mode**: Set `RUST_LOG=debug` to see detailed HTTP request/response logging
+- **No sensitive data**: Financial amounts and personal information are never logged
+- **Request tracing**: HTTP method, URL, status codes, and error responses are logged
+
 ```rust
 // ✅ GOOD: Structure validation with mock data
 fn validate_transaction_structure() {