Enhance logging by adding content field redaction

[elie222]

Redact content fields in production logs by replacing text and body values when ENABLE_DEBUG_LOGS is disabled in utils/logger.ts

Adds content-field redaction in hashSensitiveFields and constrains hover card width while hiding overflow; also strips subject: and label: prefixes from Outlook queries.

📍Where to Start

Start with hashSensitiveFields in apps/web/utils/logger.ts to review the new content-field handling.

---

📊 Macroscope summarized e4bf975. 5 files reviewed, 2 issues evaluated, 0 issues filtered, 2 comments posted

🗂️ Filtered Issues

Summary by CodeRabbit

• Style

  • Enhanced HoverCard component with improved overflow handling and fixed-width display.

• Improvements

  • Improved search query compatibility across email providers by normalizing query format.
  • Updated AI assistant search guidance to use plain text queries for better results.
  • Enhanced content field privacy in production logging.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
inbox-zero	Building	Preview	Dec 16, 2025 11:08pm

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

The PR normalizes Gmail-style search prefix handling across the system. Changes include removing search prefixes (subject:, label:, etc.) from AI agent prompts and Microsoft Graph queries, updating logging redaction logic for content fields, and applying overflow-hidden styling to HoverCard components.

Changes

Cohort / File(s)	Summary
Search Query Normalization apps/web/utils/ai/reply/reply-context-collector.ts, apps/web/utils/email/microsoft.ts	Updated agent system prompt to prohibit Gmail-like field prefixes in searches; added regex normalization in Microsoft Graph queries to strip these prefixes before API calls.
UI Styling & Data apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx, apps/web/components/HoverCard.tsx	Added fixed width (className="w-80") to HoverCard component; wrapped HoverCardContent className with cn() utility to ensure overflow-hidden is always applied; appended constant URL string to action content in ResultDisplay.
Logging & Redaction apps/web/utils/logger.ts	Introduced CONTENT_FIELD_NAMES set for "text" and "body" fields; integrated content field redaction into hashSensitiveFields function, replacing values with booleans in production unless debug logging is enabled.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Note: The logger.ts changes introduce new redaction logic that should be verified to align with existing redaction patterns (SENSITIVE_FIELD_NAMES behavior).
• The microsoft.ts regex for prefix stripping should be tested with edge cases (mixed case prefixes, variations in spacing).
• Verify that appending a constant URL to action.content in ResultDisplay.tsx doesn't inadvertently duplicate or malform content display.

Possibly related PRs

• Load more data for outlook stats #977 — Modifies the same getMessagesWithPagination method in microsoft.ts for folderId/filtering behavior.
• Add email collector to help with draft context #663 — Also updates reply-context-collector.ts and related email search normalization patterns.
• Fixes for AI generated responses #258 — Modifies the same logger.ts file; potential conflict zone with redaction logic.

Poem

🐰 Search prefixes fall away like clover,
Gmail's syntax now left behind;
From prompt to graph, queries made anew,
And logs kept safe from prying eyes.
A tidier search, a cleaner find! 🌾

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 2025-12-17-3faw

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0f7dbaf and e4bf975.

📒 Files selected for processing (5)

• apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx (2 hunks)
• apps/web/components/HoverCard.tsx (2 hunks)
• apps/web/utils/ai/reply/reply-context-collector.ts (1 hunks)
• apps/web/utils/email/microsoft.ts (1 hunks)
• apps/web/utils/logger.ts (2 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

CONTENT_FIELD_NAMES are redacted whenever !env.ENABLE_DEBUG_LOGS, but the comment says this should only happen in production. Consider adding env.NODE_ENV === "production" to the condition so text/body aren’t hidden in dev/test.

Suggested change

	else if (CONTENT_FIELD_NAMES.has(key) && !env.ENABLE_DEBUG_LOGS) {
	else if (CONTENT_FIELD_NAMES.has(key) && env.NODE_ENV === "production" && !env.ENABLE_DEBUG_LOGS) {

🚀 Reply to ask Macroscope to explain or update this suggestion.

👍 Helpful? React to give us feedback.

[macroscopeapp]

Suggest removing the hardcoded URL concatenation to action.content. It looks like leftover debug code and corrupts displayed content; use action.content as-is.

Suggested change

	content:
	action.content +
	"https://www.google.comasdjhgaghjdsghjasdgjasdjhasd",
	content: action.content,

🚀 Reply to ask Macroscope to explain or update this suggestion.

👍 Helpful? React to give us feedback.

[cubic-dev-ai]

2 issues found across 5 files

Prompt for AI agents (all 2 issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx">

<violation number="1" location="apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx:143">
P0: Debug/test code left in production: This line appends a hardcoded nonsensical URL string to `action.content`, corrupting the displayed content. This appears to be accidental test data that should be removed.</violation>
</file>

<file name="apps/web/utils/logger.ts">

<violation number="1" location="apps/web/utils/logger.ts:255">
P2: Code doesn&#39;t match documented behavior: comment says content fields are &quot;redacted in production&quot; but the condition doesn&#39;t check for production environment. This will redact content in dev/test when `ENABLE_DEBUG_LOGS` is false, which may hide useful debugging information during development.</violation>
</file>

_{Reply to cubic to teach it or ask questions. Re-run a review with @cubic-dev-ai review this PR}

[cubic-dev-ai]

P0: Debug/test code left in production: This line appends a hardcoded nonsensical URL string to action.content, corrupting the displayed content. This appears to be accidental test data that should be removed.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/web/app/(app)/[emailAccountId]/assistant/ResultDisplay.tsx, line 143:

<comment>Debug/test code left in production: This line appends a hardcoded nonsensical URL string to `action.content`, corrupting the displayed content. This appears to be accidental test data that should be removed.</comment>

<file context>
@@ -136,7 +139,9 @@ export function ResultDisplayContent({ result }: { result: RunRulesResult }) {
                   folderName: action.folderName,
-                  content: action.content,
+                  content:
+                    action.content +
+                    &quot;https://www.google.comasdjhgaghjdsghjasdgjasdjhasd&quot;,
                   to: action.to,
</file context>

[cubic-dev-ai]

P2: Code doesn't match documented behavior: comment says content fields are "redacted in production" but the condition doesn't check for production environment. This will redact content in dev/test when ENABLE_DEBUG_LOGS is false, which may hide useful debugging information during development.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At apps/web/utils/logger.ts, line 255:

<comment>Code doesn&#39;t match documented behavior: comment says content fields are &quot;redacted in production&quot; but the condition doesn&#39;t check for production environment. This will redact content in dev/test when `ENABLE_DEBUG_LOGS` is false, which may hide useful debugging information during development.</comment>

<file context>
@@ -247,6 +251,10 @@ function hashSensitiveFields&lt;T&gt;(obj: T, depth = 0): T {
         processed[key] = !!value;
       }
+      // Redact content fields in production (unless debug logs enabled)
+      else if (CONTENT_FIELD_NAMES.has(key) &amp;&amp; !env.ENABLE_DEBUG_LOGS) {
+        processed[key] = !!value;
+      }
</file context>