fix(security): Keep short agent token prefixes in logs

Restore the existing short token-prefix logging behavior for agent auth failures while keeping the optional bearer-path rate-limit fix. Update tests and docs so the replacement branch reflects the intended logging policy. Co-Authored-By: Claude <noreply@anthropic.com>
2026-03-07 23:43:32 +05:30
parent fb8a932923
commit 46bc9a02c6
4 changed files with 20 additions and 8 deletions
--- a/docs/reference/security.md
+++ b/docs/reference/security.md
@@ -72,7 +72,7 @@ This boundary helps LLM-based agents distinguish trusted instructions from untru

 ## Agent token logging

-On authentication failure, logs include request context only. Token values and token prefixes are not written to logs.
+On authentication failure, logs include request context and may include a short token prefix for debugging. Full tokens are not written to logs.

 ## Cross-tenant isolation