feat: add debug logging for final messages #4682
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dosubot
bot
added
the
size:S
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Hey - 我发现了 1 个问题,并给出了一些高层次的反馈:
- 建议增加保护或脱敏逻辑,这样在 DEBUG 级别记录完整
messages时,不会在日志中意外泄露敏感或用户相关数据,尤其是在共享或生产环境中。 - 目前的调试输出会记录每条消息的完整内容,可能会非常大;建议对过长内容进行截断,或限制日志中消息的数量,以避免产生过多日志量并带来潜在的性能影响。
给 AI 代理的提示词
Please address the comments from this code review:
## Overall Comments
- Consider adding a guard or masking logic so that DEBUG logging of full `messages` cannot inadvertently leak sensitive or user-specific data into logs, especially in shared or production environments.
- The current debug dump logs the full content of every message, which could be very large; consider truncating long contents or limiting the number of messages logged to avoid excessive log volume and potential performance impact.
## Individual Comments
### Comment 1
<location> `astrbot/core/agent/runners/tool_loop_agent_runner.py:119-126` </location>
<code_context>
+ # ========== DEBUG: dump final messages sent to LLM ==========
+ # 打印最终发给 LLM 的完整 messages 列表
+ if logger.isEnabledFor(logging.DEBUG):
+ logger.debug("===== [LLM Request Messages] =====")
+ for idx, msg in enumerate(messages):
+ role = msg.role if hasattr(msg, "role") else msg.get("role", "?")
+ content = (
+ msg.content if hasattr(msg, "content") else msg.get("content", "")
+ )
+ logger.debug(f" [{idx}] {role}: {content}")
+ logger.debug("===== [End LLM Request Messages] =====")
+ # =============================================================
</code_context>
<issue_to_address>
**🚨 issue (security):** Dumping full LLM messages to logs can leak sensitive user data and credentials.
Even at DEBUG level, logging full prompts and tool messages can expose user data, secrets, or identifiers, especially in centralized logging systems. Please either redact sensitive fields, restrict logs to metadata (e.g., role, length, tool name), or guard this behind an explicit, clearly unsafe flag (e.g., `unsafe_debug`/`log_prompts`) that is disabled in non-local environments.
</issue_to_address>帮我变得更有用!请对每条评论点 👍 或 👎,我会根据你的反馈改进后续的评审质量。
Original comment in English
Hey - I've found 1 issue, and left some high level feedback:
- Consider adding a guard or masking logic so that DEBUG logging of full
messagescannot inadvertently leak sensitive or user-specific data into logs, especially in shared or production environments. - The current debug dump logs the full content of every message, which could be very large; consider truncating long contents or limiting the number of messages logged to avoid excessive log volume and potential performance impact.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Consider adding a guard or masking logic so that DEBUG logging of full `messages` cannot inadvertently leak sensitive or user-specific data into logs, especially in shared or production environments.
- The current debug dump logs the full content of every message, which could be very large; consider truncating long contents or limiting the number of messages logged to avoid excessive log volume and potential performance impact.
## Individual Comments
### Comment 1
<location> `astrbot/core/agent/runners/tool_loop_agent_runner.py:119-126` </location>
<code_context>
+ # ========== DEBUG: dump final messages sent to LLM ==========
+ # 打印最终发给 LLM 的完整 messages 列表
+ if logger.isEnabledFor(logging.DEBUG):
+ logger.debug("===== [LLM Request Messages] =====")
+ for idx, msg in enumerate(messages):
+ role = msg.role if hasattr(msg, "role") else msg.get("role", "?")
+ content = (
+ msg.content if hasattr(msg, "content") else msg.get("content", "")
+ )
+ logger.debug(f" [{idx}] {role}: {content}")
+ logger.debug("===== [End LLM Request Messages] =====")
+ # =============================================================
</code_context>
<issue_to_address>
**🚨 issue (security):** Dumping full LLM messages to logs can leak sensitive user data and credentials.
Even at DEBUG level, logging full prompts and tool messages can expose user data, secrets, or identifiers, especially in centralized logging systems. Please either redact sensitive fields, restrict logs to metadata (e.g., role, length, tool name), or guard this behind an explicit, clearly unsafe flag (e.g., `unsafe_debug`/`log_prompts`) that is disabled in non-local environments.
</issue_to_address>Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
Comment on lines
+119
to
+126
| if logger.isEnabledFor(logging.DEBUG): | ||
| logger.debug("===== [LLM Request Messages] =====") | ||
| for idx, msg in enumerate(messages): | ||
| role = msg.role if hasattr(msg, "role") else msg.get("role", "?") | ||
| content = ( | ||
| msg.content if hasattr(msg, "content") else msg.get("content", "") | ||
| ) | ||
| logger.debug(f" [{idx}] {role}: {content}") |
Contributor
There was a problem hiding this comment.
🚨 issue (security): 将完整的 LLM 消息写入日志可能会泄露敏感用户数据和凭据。
即使是在 DEBUG 级别,记录完整的提示词和工具消息也可能暴露用户数据、密钥或标识符,尤其是在集中式日志系统中。请对敏感字段进行脱敏处理,只记录元数据(例如角色、长度、工具名),或者将这类日志放在一个明确标记为不安全的开关(例如 unsafe_debug/log_prompts)后面,并确保在非本地环境中默认关闭。
Original comment in English
🚨 issue (security): Dumping full LLM messages to logs can leak sensitive user data and credentials.
Even at DEBUG level, logging full prompts and tool messages can expose user data, secrets, or identifiers, especially in centralized logging systems. Please either redact sensitive fields, restrict logs to metadata (e.g., role, length, tool name), or guard this behind an explicit, clearly unsafe flag (e.g., unsafe_debug/log_prompts) that is disabled in non-local environments.
dosubot
bot
added
the
area:core
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation / 动机
添加调试功能:在 DEBUG 日志级别下,打印发送给 LLM 的完整 messages 列表,便于开发者排查 LLM 请求相关问题。
Modifications / 改动点
修改
astrbot/core/agent/runners/tool_loop_agent_runner.py:import logging导入This is NOT a breaking change. / 这不是一个破坏性变更。
Screenshots or Test Results / 运行截图或测试结果
Checklist / 检查清单
logging是 Python 标准库,无需额外安装)