Problem
security/log_filter.py implements LogFilter with 7 regex patterns for PII/secret redaction. It is fully tested (20 tests) but not wired as middleware into any agent or pipeline.
Per plan.html Section 9 (Supporting Systems) and AGENTS.md, the SecurityFilter should intercept tool call args/results to redact secrets.
Required Changes
Create a SecurityFilterMiddleware class that wraps LogFilter as a deepagents AgentMiddleware:
class SecurityFilterMiddleware(AgentMiddleware):
def wrap_tool_call(self, request, handler):
# Filter tool call args for secrets
# Filter tool call results for secrets
response = handler(request)
return filtered_responseWire it into orchestrator.py alongside MonitorMiddleware, OutputCleanerMiddleware, and CostTrackingMiddleware.
Files to Create/Change
- New:
src/uni_dev/middleware/security_filter.py — SecurityFilterMiddleware wrapping LogFilter
- Change:
src/uni_dev/middleware/__init__.py — export SecurityFilterMiddleware
- Change:
src/uni_dev/orchestrator.py — add to middleware list
- New:
tests/test_security_filter_middleware.py — tests for the middleware wrapper
Acceptance Criteria
Problem
security/log_filter.pyimplementsLogFilterwith 7 regex patterns for PII/secret redaction. It is fully tested (20 tests) but not wired as middleware into any agent or pipeline.Per
plan.htmlSection 9 (Supporting Systems) and AGENTS.md, the SecurityFilter should intercept tool call args/results to redact secrets.Required Changes
Create a
SecurityFilterMiddlewareclass that wrapsLogFilteras a deepagentsAgentMiddleware:Wire it into
orchestrator.pyalongside MonitorMiddleware, OutputCleanerMiddleware, and CostTrackingMiddleware.Files to Create/Change
src/uni_dev/middleware/security_filter.py— SecurityFilterMiddleware wrapping LogFiltersrc/uni_dev/middleware/__init__.py— export SecurityFilterMiddlewaresrc/uni_dev/orchestrator.py— add to middleware listtests/test_security_filter_middleware.py— tests for the middleware wrapperAcceptance Criteria
pytestpassesuvx ruff check src/passes