feat: Obfuscate potential PII in logs#1219
Conversation
Update vault storage error handling to log instead of throw to prevent breaking SDK flows when storage quota or security errors occur. Update test expectations to match corrected error message.
jaissica12
force-pushed
the
feat/SDKE-889-logger-obfuscate-data-v2
branch
from
6c5f222 to
12d4648
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
alexs-mparticle
left a comment
alexs-mparticle
left a comment
There was a problem hiding this comment.
vault.ts: Remove the try/catch from store() — let errors propagate to callers.
The vault should be a dumb wrapper around the Storage API. Right now there's a conflict:
vault.tscatches the error internally and logs viaconsole.error- Callers in
batchUploader.tsandidentity-utils.tswrap.store()in their own try/catch withLogger.error()
Since the vault swallows the error, the callers' try/catches are dead code — the error never reaches them.
Suggestion: remove the try/catch (and the console.error) from BaseVault.store() entirely. Let the raw setItem error propagate so callers can handle it with proper Logger calls as they're already set up to do.
alexs-mparticle
left a comment
alexs-mparticle
left a comment
There was a problem hiding this comment.
Nit: Inconsistent Logger access in batchUploader.ts
The new error handling code accesses the logger three different ways in the same file:
const { Logger } = this.mpInstance;→Logger.error(...)(inqueueEvent)this.mpInstance.Logger.error(...)(inprepareAndUpload)logger.error(...)via parameter (inuploadBatches)
They all resolve to the same instance logger, so this is just a style nit — but it'd be cleaner to pick one approach consistently within the new code.
PR SummaryMedium Risk Overview Applies this to event/batch logging in Simplifies storage vaults by removing injected logger support and all internal verbose/error logging/try-catch in Written by Cursor Bugbot for commit 3b5cf5a. This will update automatically on new commits. Configure here. |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
src/batchUploader.ts
Outdated
| try { | ||
| this.eventVault.store(this.eventsQueuedForProcessing); | ||
| } catch (error) { | ||
| this.mpInstance.Logger.error('Failed to store events to offline storage. Events will remain in memory queue.'); |
There was a problem hiding this comment.
Let's remove this try/catch block and error. it's unnecessary.
There was a problem hiding this comment.
Yeah, that makes sense. Removed
src/batchUploader.ts
Outdated
| try { | ||
| this.eventVault.store([]); | ||
| } catch (error) { | ||
| this.mpInstance.Logger.error('Failed to clear events from offline storage.'); |
There was a problem hiding this comment.
I think we can remove these try catches as well
src/batchUploader.ts
Outdated
| // Clear batch queue since everything should be in Offline Storage | ||
| this.batchesQueuedForProcessing = []; | ||
| } catch (error) { | ||
| this.mpInstance.Logger.error('Failed to store batches to offline storage. Batches will remain in memory queue.'); |
There was a problem hiding this comment.
Remove this try/catch
src/foregroundTimeTracker.ts
Outdated
| try { | ||
| this.timerVault.store(Math.round(this.totalTime)); | ||
| } catch (error) { | ||
| // Time tracking persistence is not critical for SDK functionality |
There was a problem hiding this comment.
Remove try/catch block
src/identity-utils.ts
Outdated
| try { | ||
| idCache.store(cache); | ||
| } catch (error) { | ||
| // Silently fail - identity caching is an optimization, not critical for functionality |
|
2 participants
Background
The Logger currently outputs raw batch and event payloads at various log levels (error, warning, verbose). These payloads can include Personally Identifiable Information (PII)—data that can identify or be reasonably linked to an individual, such as email addresses, phone numbers, names, user IDs, IP addresses, or other user-level identifiers.
What Has Changed
obfuscateDatamethod to be used when logging payloadsobfuscateDatamethod when passing in payloads that may contain PIImatched_identitiespayload for obfuscation, while allowing the rest of the identity payload to be visible for debuggingScreenshots/Video
Checklist
Additional Notes
Reference Issue (For employees only. Ignore if you are an outside contributor)
Note
Medium Risk
Changes logging behavior for event/batch/identity payloads and adds new storage error handling paths; while intended to be safe, it touches batching/upload and identity flows where regressions could impact observability or offline persistence.
Overview
Reduces the chance of leaking PII via logs by introducing
utils.obfuscateData/obfuscateDevDataand using them when verbose-logging event payloads, batch uploads, Rokt placement attributes/queued payloads, and (in production mode)matched_identitiesin Identity API responses.Hardens persistence writes by removing Vault-internal logging, simplifying
Vaultconstructors (no injected logger), and wrapping non-criticalstore()calls (events/batches offline queues, identity cache, foreground time tracker) intry/catchso storage failures don’t break SDK execution; also updates tests accordingly and documents the new PII logging guideline inAGENTS.md.Written by Cursor Bugbot for commit 642471a. This will update automatically on new commits. Configure here.