60 lines
1.7 KiB
Bash
Executable File
60 lines
1.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# bms-logging.sh — Action logging for BMS skill
|
|
# Centralized logging of user-initiated actions for audit/review
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
|
|
# Log directory (can be overridden)
|
|
BMS_LOG_DIR="${BMS_LOG_DIR:-$HOME/.bms-actions}"
|
|
|
|
# Ensure log directory exists
|
|
mkdir -p "$BMS_LOG_DIR"
|
|
|
|
# Current log file (by date, UTC)
|
|
BMS_LOG_FILE="$BMS_LOG_DIR/$(date -u +%Y-%m-%d).jsonl"
|
|
|
|
# Sanitize arguments: strip any sensitive values from a JSON object
|
|
# Usage: sanitized=$(sanitize_args '{"password":"secret","token":"abc"}')
|
|
sanitize_args() {
|
|
local input="$1"
|
|
# Remove known sensitive keys; preserve structure
|
|
jq 'del(.["BMS_PASSWORD"], .["BMS_MFA_CODE"], .["BMS_CLIENT_SECRET"], .["access_token"], .["refresh_token"], .["token"], .["Authorization"])' 2>/dev/null <<<"$input" || echo "$input"
|
|
}
|
|
|
|
# Log an action
|
|
# Arguments: command, args_json, result_json, status (success|error)
|
|
log_action() {
|
|
local command="$1"
|
|
local args_json="${2:-{}}"
|
|
local result_json="${3:-{}}"
|
|
local status="${4:-success}"
|
|
|
|
local timestamp
|
|
timestamp=$(date -u +%Y-%m-%dT%H:%M:%SZ)
|
|
|
|
# Sanitize args and result
|
|
local safe_args safe_result
|
|
safe_args=$(sanitize_args "$args_json")
|
|
safe_result=$(sanitize_args "$result_json")
|
|
|
|
# Build log entry as single JSON line
|
|
local entry
|
|
entry=$(jq -n \
|
|
--arg ts "$timestamp" \
|
|
--arg cmd "$command" \
|
|
--argjson args "$safe_args" \
|
|
--argjson result "$safe_result" \
|
|
--arg stat "$status" \
|
|
'{timestamp: $ts, command: $cmd, args: $args, result: $result, status: $stat}')
|
|
|
|
# Append atomically
|
|
echo "$entry" >> "$BMS_LOG_FILE"
|
|
}
|
|
|
|
# Get current log file path
|
|
get_log_path() {
|
|
echo "$BMS_LOG_FILE"
|
|
}
|