feat: option to redact query param variables in access logs

[SkArchon]

Motivation

Right now we print the entire raw query params, however in certain cases, especially when sending queries over GET, sensitive values can be logged. As we currently log the raw query in the access logs by default. This adds an option to ignore certain query parameters. In the case there are skip list entries and we cannot parse the query params, we will reset the query to "" for logging.

access_logs:
  router:
    ignore_query_params_list:
      - "variables"

Summary by CodeRabbit

• New Features

  • Access logs can now omit configured query parameters. Configure via access_logs.router.ignore_query_params_list. Applies to router and subgraph logs for GET and POST requests; when parsing fails the query field is cleared to avoid partial data.

• Tests

  • Added tests covering default behavior, ignored parameters, and POST requests with extra query params to validate logging outcomes.

Checklist

• I have discussed my proposed changes in an issue and have received approval to proceed.
• I have followed the coding standards of the project.
• Tests or benchmarks have been added or updated.
• Documentation has been updated on https://github.com/wundergraph/cosmo-docs.
• I have read the Contributors Guide.

[coderabbitai]

Walkthrough

Adds configurable ignore list for query parameters to access logs; wires the option through config, schema, fixtures, router core, and request-logger internals; and adds tests exercising ignored params for GET and POST GraphQL requests.

Changes

Cohort / File(s)	Change summary
Tests for structured logging router-tests/structured_logging_test.go	Adds tests that validate ignored query params behavior (GET and POST GraphQL requests); imports net/url and parses logged query to assert ignored keys are omitted.
Test environment config router-tests/testenv/testenv.go	Adds Config.IgnoreQueryParamsList []string and wires it into the access logs config passed to the router.
Router core wiring router/core/graph_server.go, router/core/router.go, router/core/supervisor_instance.go	Adds IgnoreQueryParamsList []string to AccessLogsConfig and passes it into the request logger via requestlogger.WithIgnoreQueryParamsList(...); initializes from cfg.AccessLogs.Router.IgnoreQueryParamsList.
Request logger internals router/internal/requestlogger/requestlogger.go, router/internal/requestlogger/subgraphlogger.go	Introduces WithIgnoreQueryParamsList option and ignoreQueryParamsList field on the access logger; getRequestFields signature updated to accept a *zap.Logger; parses request query, removes configured keys, re-encodes remaining params, logs parse errors and clears query on failure; updates call sites.
Configuration types and schema router/pkg/config/config.go, router/pkg/config/config.schema.json	Adds IgnoreQueryParamsList []string to AccessLogsRouterConfig and ignore_query_params_list array to JSON schema (default ["variables"]).
Config fixtures and testdata router/pkg/config/fixtures/full.yaml, router/pkg/config/testdata/config_defaults.json, router/pkg/config/testdata/config_full.json	Adds ignore_query_params_list / IgnoreQueryParamsList entries (e.g., ["variables"], and ["variables","anothervalue"]) to sample and test config files; default value set to ["variables"] in defaults JSON.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• fix: enforce parser limits #2068 — Also modifies options passed in graph_server.buildGraphMux; related due to changing request-mux/logger construction and option wiring.

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch milinda/eng-6915-option-to-redact-variables-query-parameter-in-access-logs

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Router-nonroot image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-eb5535c4452bfb96b2c483239f5c03ec723d4f83-nonroot

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

router/core/router.go (1)

164-169: Document the new field for clarity

Consider adding a short comment describing matching semantics (e.g., exact/case-sensitive) and behavior when parsing fails, to align with requestlogger behavior.

 type (
   // Router is the main application instance.
   Router struct {
@@
 	AccessLogsConfig struct {
-		Attributes            []config.CustomAttribute
-		Logger                *zap.Logger
-		SubgraphEnabled       bool
-		SubgraphAttributes    []config.CustomAttribute
-		IgnoreQueryParamsList []string
+		Attributes         []config.CustomAttribute
+		Logger             *zap.Logger
+		SubgraphEnabled    bool
+		SubgraphAttributes []config.CustomAttribute
+		// IgnoreQueryParamsList lists query parameter names that must be excluded
+		// from the access log's "query" field. Matching is exact (case-sensitive).
+		// If query parsing fails, the logger clears the query to avoid leaking data.
+		IgnoreQueryParamsList []string
 	}

router/pkg/config/config.go (1)

894-896: Config surface looks good; consider deduping values post-load

The field and tags look correct. Optionally, dedupe values after config load to avoid redundant work downstream.

You could add a post-processing step in LoadConfig (near other post-processing) like:

// After unmarshalling and existing post-processing:
cfg.Config.AccessLogs.Router.IgnoreQueryParamsList =
	unique.SliceElements(cfg.Config.AccessLogs.Router.IgnoreQueryParamsList)

router/pkg/config/config.schema.json (1)

695-704: Tighten schema and clarify semantics

• Add uniqueItems to avoid duplicates.
• Clarify that matching is exact/case-sensitive to set expectations.

-            "ignore_query_params_list": {
-              "type": "array",
-              "description": "List of query params to be ignored from being logged in the query field.",
-              "items": {
-                "type": "string"
-              }
-            }
+            "ignore_query_params_list": {
+              "type": "array",
+              "description": "List of query parameter names to exclude from the logged 'query' field. Matching is exact (case-sensitive).",
+              "items": {
+                "type": "string"
+              },
+              "uniqueItems": true
+            }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between de123ba and 02906c3.

📒 Files selected for processing (12)

• router-tests/structured_logging_test.go (2 hunks)
• router-tests/testenv/testenv.go (2 hunks)
• router/core/graph_server.go (1 hunks)
• router/core/router.go (1 hunks)
• router/core/supervisor_instance.go (1 hunks)
• router/internal/requestlogger/requestlogger.go (5 hunks)
• router/internal/requestlogger/subgraphlogger.go (2 hunks)
• router/pkg/config/config.go (1 hunks)
• router/pkg/config/config.schema.json (1 hunks)
• router/pkg/config/fixtures/full.yaml (1 hunks)
• router/pkg/config/testdata/config_defaults.json (1 hunks)
• router/pkg/config/testdata/config_full.json (1 hunks)

👮 Files not reviewed due to content moderation or server errors (7)

• router-tests/testenv/testenv.go
• router/core/supervisor_instance.go
• router/internal/requestlogger/subgraphlogger.go
• router/pkg/config/testdata/config_defaults.json
• router/core/graph_server.go
• router-tests/structured_logging_test.go
• router/internal/requestlogger/requestlogger.go

🧰 Additional context used

🧬 Code Graph Analysis (4)

router/core/router.go (1)

router/pkg/config/config.go (1)

• CustomAttribute (43-47)

router/core/graph_server.go (1)

router/internal/requestlogger/requestlogger.go (1)

• WithIgnoreQueryParamsList (113-117)

router-tests/structured_logging_test.go (2)

router-tests/testenv/testenv.go (4)

• Run (104-121)
• Config (281-337)
• Environment (1722-1758)
• GraphQLRequest (1890-1898)

router/core/operation_processor.go (1)

• GraphQLRequest (181-186)

router/internal/requestlogger/subgraphlogger.go (1)

router/internal/expr/expr.go (1)

• Request (65-74)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: integration_test (./events)
• GitHub Check: integration_test (./. ./fuzzquery ./lifecycle ./modules)
• GitHub Check: integration_test (./telemetry)
• GitHub Check: build_test
• GitHub Check: Analyze (go)

🔇 Additional comments (2)

router/pkg/config/fixtures/full.yaml (1)

87-88: LGTM: example config shows intended usage

The sample ignore_query_params_list under access_logs.router is correct and clear.

router/pkg/config/testdata/config_full.json (1)

418-421: LGTM: test fixture updated correctly

IgnoreQueryParamsList is added under AccessLogs.Router with a representative value.

[StarpTech]

LGTM

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

router/pkg/config/testdata/config_full.json (1)

418-422: Use realistic example values to aid future readers/tests.

For a “full” config fixture, consider replacing "anothervalue" with "operationName" so examples match common GraphQL query params and align with tests/docs.

Apply this diff:

       "IgnoreQueryParamsList": [
         "variables",
-        "anothervalue"
+        "operationName"
       ]

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 13a3b6c and 5fd20c1.

📒 Files selected for processing (6)

• router/core/graph_server.go (1 hunks)
• router/pkg/config/config.go (1 hunks)
• router/pkg/config/config.schema.json (1 hunks)
• router/pkg/config/fixtures/full.yaml (1 hunks)
• router/pkg/config/testdata/config_defaults.json (1 hunks)
• router/pkg/config/testdata/config_full.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (5)

• router/pkg/config/config.schema.json
• router/core/graph_server.go
• router/pkg/config/config.go
• router/pkg/config/fixtures/full.yaml
• router/pkg/config/testdata/config_defaults.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: build_test
• GitHub Check: integration_test (./. ./fuzzquery ./lifecycle ./modules)
• GitHub Check: build_test
• GitHub Check: integration_test (./telemetry)
• GitHub Check: integration_test (./events)
• GitHub Check: Analyze (go)

🔇 Additional comments (1)

router/pkg/config/testdata/config_full.json (1)

418-422: Field placement is correct here; AI summary is off.

The new IgnoreQueryParamsList is added under AccessLogs.Router (not Headers.All). Placement and casing look consistent with surrounding keys in this JSON fixture.