fix(guardrails): resolve audit and cache review issues

SantiagoDePolonia · SantiagoDePolonia · commit 072a120d26a4 · 2026-04-05T19:38:35.000+02:00
diff --git a/internal/auditlog/entry_capture.go b/internal/auditlog/entry_capture.go
@@ -93,13 +93,11 @@ func CaptureInternalJSONExchange(
 		return
 	}
 
-	if req := internalJSONAuditRequest(ctx, method, path, requestIDForEntry(entry), requestBody); req != nil {
+	if req := internalJSONAuditRequest(ctx, method, path, requestIDForEntry(entry), requestBody, cfg.LogBodies); req != nil {
 		PopulateRequestData(entry, req, cfg)
 	}
-	headers, body, truncated, ok := internalJSONAuditResponse(responseBody, responseErr, requestIDForEntry(entry))
-	if ok {
-		PopulateResponseData(entry, headers, body, truncated, cfg)
-	}
+	headers, body, truncated := internalJSONAuditResponse(responseBody, responseErr, requestIDForEntry(entry), cfg.LogBodies)
+	PopulateResponseData(entry, headers, body, truncated, cfg)
 }
 
 func ensureLogData(entry *LogEntry) *LogData {
@@ -116,40 +114,47 @@ func requestIDForEntry(entry *LogEntry) string {
 	return strings.TrimSpace(entry.RequestID)
 }
 
-func internalJSONAuditRequest(ctx context.Context, method, path, requestID string, bodyValue any) *http.Request {
-	if bodyValue == nil {
-		return nil
-	}
-	body, err := json.Marshal(bodyValue)
-	if err != nil {
-		return nil
-	}
-
+func internalJSONAuditRequest(ctx context.Context, method, path, requestID string, bodyValue any, logBodies bool) *http.Request {
 	headers := internalJSONAuditHeaders(ctx, requestID)
-	capturedBody, bodyTooBig := boundedAuditBody(body, false)
-	snapshot := core.NewRequestSnapshot(
-		method,
-		path,
-		nil,
-		nil,
-		headers,
-		headers.Get("Content-Type"),
-		capturedBody,
-		bodyTooBig,
-		requestID,
-		nil,
-		core.UserPathFromContext(ctx),
-	)
-	reqCtx := core.WithRequestSnapshot(ctx, snapshot)
 	req := &http.Request{
 		Method: method,
 		URL:    &url.URL{Path: path},
 		Header: headers,
 	}
+	reqCtx := ctx
+	if logBodies && bodyValue != nil {
+		if body, err := json.Marshal(bodyValue); err == nil {
+			capturedBody, bodyTooBig := boundedAuditBody(body, false)
+			snapshot := core.NewRequestSnapshot(
+				method,
+				path,
+				nil,
+				nil,
+				headers,
+				headers.Get("Content-Type"),
+				capturedBody,
+				bodyTooBig,
+				requestID,
+				nil,
+				core.UserPathFromContext(ctx),
+			)
+			reqCtx = core.WithRequestSnapshot(ctx, snapshot)
+		}
+	}
 	return req.WithContext(reqCtx)
 }
 
-func internalJSONAuditResponse(bodyValue any, responseErr error, requestID string) (http.Header, []byte, bool, bool) {
+func internalJSONAuditResponse(bodyValue any, responseErr error, requestID string, logBodies bool) (http.Header, []byte, bool) {
+	headers := make(http.Header)
+	headers.Set("Content-Type", "application/json")
+	if requestID != "" {
+		headers.Set("X-Request-ID", requestID)
+	}
+
+	if !logBodies {
+		return headers, nil, false
+	}
+
 	var (
 		body []byte
 		err  error
@@ -165,19 +170,13 @@ func internalJSONAuditResponse(bodyValue any, responseErr error, requestID strin
 			body, err = json.Marshal(core.NewProviderError("", http.StatusInternalServerError, responseErr.Error(), responseErr).ToJSON())
 		}
 	default:
-		return nil, nil, false, false
+		return headers, nil, false
 	}
 	if err != nil {
-		return nil, nil, false, false
-	}
-
-	headers := make(http.Header)
-	headers.Set("Content-Type", "application/json")
-	if requestID != "" {
-		headers.Set("X-Request-ID", requestID)
+		return headers, nil, false
 	}
 	capturedBody, truncated := boundedAuditBody(body, true)
-	return headers, capturedBody, truncated, true
+	return headers, capturedBody, truncated
 }
 
 func internalJSONAuditHeaders(ctx context.Context, requestID string) http.Header {
diff --git a/internal/auditlog/entry_capture_test.go b/internal/auditlog/entry_capture_test.go
@@ -0,0 +1,84 @@
+package auditlog
+
+import (
+	"context"
+	"net/http"
+	"testing"
+
+	"gomodel/internal/core"
+)
+
+func TestCaptureInternalJSONExchange_PreservesHeadersWithoutBodies(t *testing.T) {
+	entry := &LogEntry{
+		RequestID: "req_123",
+		Data:      &LogData{},
+	}
+	ctx := core.WithRequestSnapshot(context.Background(), core.NewRequestSnapshot(
+		"POST",
+		"/v1/chat/completions",
+		nil,
+		nil,
+		map[string][]string{
+			"Traceparent": {`00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-00`},
+		},
+		"application/json",
+		nil,
+		false,
+		"req_123",
+		nil,
+		"/team/alpha",
+	))
+
+	CaptureInternalJSONExchange(entry, ctx, "POST", "/v1/chat/completions", nil, nil, nil, Config{
+		LogHeaders: true,
+		LogBodies:  false,
+	})
+
+	if entry.Data == nil {
+		t.Fatal("Data = nil, want populated log data")
+	}
+	if got := entry.Data.RequestHeaders[http.CanonicalHeaderKey("X-Request-ID")]; got != "req_123" {
+		t.Fatalf("RequestHeaders[X-Request-ID] = %q, want req_123", got)
+	}
+	if got := entry.Data.RequestHeaders[http.CanonicalHeaderKey(core.UserPathHeader)]; got != "/team/alpha" {
+		t.Fatalf("RequestHeaders[%s] = %q, want /team/alpha", core.UserPathHeader, got)
+	}
+	if got := entry.Data.RequestHeaders["Traceparent"]; got == "" {
+		t.Fatal("RequestHeaders[Traceparent] = empty, want propagated trace header")
+	}
+	if got := entry.Data.ResponseHeaders[http.CanonicalHeaderKey("X-Request-ID")]; got != "req_123" {
+		t.Fatalf("ResponseHeaders[X-Request-ID] = %q, want req_123", got)
+	}
+	if entry.Data.RequestBody != nil || entry.Data.ResponseBody != nil {
+		t.Fatal("expected no bodies when body logging is disabled")
+	}
+}
+
+func TestCaptureInternalJSONExchange_PreservesHeadersWhenBodyMarshalFails(t *testing.T) {
+	entry := &LogEntry{
+		RequestID: "req_456",
+		Data:      &LogData{},
+	}
+	ctx := core.WithEffectiveUserPath(context.Background(), "/team/beta")
+
+	CaptureInternalJSONExchange(entry, ctx, "POST", "/v1/chat/completions", func() {}, func() {}, nil, Config{
+		LogHeaders: true,
+		LogBodies:  true,
+	})
+
+	if entry.Data == nil {
+		t.Fatal("Data = nil, want populated log data")
+	}
+	if got := entry.Data.RequestHeaders[http.CanonicalHeaderKey("X-Request-ID")]; got != "req_456" {
+		t.Fatalf("RequestHeaders[X-Request-ID] = %q, want req_456", got)
+	}
+	if got := entry.Data.RequestHeaders[http.CanonicalHeaderKey(core.UserPathHeader)]; got != "/team/beta" {
+		t.Fatalf("RequestHeaders[%s] = %q, want /team/beta", core.UserPathHeader, got)
+	}
+	if got := entry.Data.ResponseHeaders[http.CanonicalHeaderKey("X-Request-ID")]; got != "req_456" {
+		t.Fatalf("ResponseHeaders[X-Request-ID] = %q, want req_456", got)
+	}
+	if entry.Data.RequestBody != nil || entry.Data.ResponseBody != nil {
+		t.Fatal("expected marshal failures to skip bodies while preserving headers")
+	}
+}
diff --git a/internal/guardrails/llm_based_altering_test.go b/internal/guardrails/llm_based_altering_test.go
@@ -152,11 +152,13 @@ func TestLLMBasedAltering_Process_UsesInternalGuardrailOriginAndUserPath(t *test
 }
 
 func TestLLMBasedAltering_Process_SkipsPrefix(t *testing.T) {
+	called := false
 	g, err := NewLLMBasedAlteringGuardrail("privacy", LLMBasedAlteringConfig{
 		Model:             "gpt-4o-mini",
 		SkipContentPrefix: "### safe",
 	}, mockChatCompletionExecutor{
 		chatFn: func(_ context.Context, _ *core.ChatRequest) (*core.ChatResponse, error) {
+			called = true
 			return nil, fmt.Errorf("should not be called")
 		},
 	})
@@ -172,6 +174,9 @@ func TestLLMBasedAltering_Process_SkipsPrefix(t *testing.T) {
 	if got[0].Content != msgs[0].Content {
 		t.Fatalf("Content = %q, want unchanged", got[0].Content)
 	}
+	if called {
+		t.Fatal("expected skip prefix to bypass auxiliary executor")
+	}
 }
 
 func TestLLMBasedAltering_Process_FailsOpenOnProviderError(t *testing.T) {
diff --git a/internal/guardrails/provider.go b/internal/guardrails/provider.go
@@ -1149,9 +1149,33 @@ func patchResponsesInputMap(original map[string]any, patched core.ResponsesInput
 	for key, value := range updated {
 		cloned[key] = value
 	}
+	if patched.Type == "function_call_output" {
+		cloned["output"] = restoreResponsesInputOutputValue(original["output"], patched.Output)
+	}
 	return cloned, nil
 }
 
+func restoreResponsesInputOutputValue(original any, rewritten string) any {
+	if _, ok := original.(string); ok {
+		return rewritten
+	}
+	if strings.TrimSpace(rewritten) == "" {
+		if original == nil {
+			return nil
+		}
+		return original
+	}
+
+	var decoded any
+	if err := json.Unmarshal([]byte(rewritten), &decoded); err == nil {
+		return decoded
+	}
+	if original == nil {
+		return nil
+	}
+	return original
+}
+
 func responsesInputElementAsMap(element core.ResponsesInputElement) (map[string]any, error) {
 	value, err := responsesInputElementAsAny(element)
 	if err != nil {
diff --git a/internal/guardrails/provider_test.go b/internal/guardrails/provider_test.go
@@ -2253,6 +2253,82 @@ func TestApplyMessagesToResponses_PreservesSystemRoleInputItems(t *testing.T) {
 	}
 }
 
+func TestApplyMessagesToResponses_PreservesTypedFunctionCallOutputMapEnvelope(t *testing.T) {
+	req := &core.ResponsesRequest{
+		Model: "gpt-4",
+		Input: []map[string]any{
+			{
+				"type":    "function_call_output",
+				"call_id": "call_123",
+				"output": map[string]any{
+					"patient": "John Smith",
+					"score":   float64(1),
+				},
+			},
+		},
+	}
+	msgs := []Message{{
+		Role:       "tool",
+		ToolCallID: "call_123",
+		Content:    `{"patient":"[|---|](PERSON_1)","score":1}`,
+	}}
+
+	result, err := applyMessagesToResponses(req, msgs)
+	if err != nil {
+		t.Fatalf("applyMessagesToResponses() error = %v", err)
+	}
+
+	input, ok := result.Input.([]map[string]any)
+	if !ok || len(input) != 1 {
+		t.Fatalf("Input = %#v, want []map[string]any len=1", result.Input)
+	}
+	output, ok := input[0]["output"].(map[string]any)
+	if !ok {
+		t.Fatalf("output = %#v, want map[string]any", input[0]["output"])
+	}
+	if output["patient"] != "[|---|](PERSON_1)" {
+		t.Fatalf("patient = %#v, want rewritten redaction", output["patient"])
+	}
+	if output["score"] != float64(1) {
+		t.Fatalf("score = %#v, want 1", output["score"])
+	}
+}
+
+func TestApplyMessagesToResponses_PreservesStringFunctionCallOutputMapEnvelope(t *testing.T) {
+	req := &core.ResponsesRequest{
+		Model: "gpt-4",
+		Input: []map[string]any{
+			{
+				"type":    "function_call_output",
+				"call_id": "call_123",
+				"output":  `{"patient":"John Smith"}`,
+			},
+		},
+	}
+	msgs := []Message{{
+		Role:       "tool",
+		ToolCallID: "call_123",
+		Content:    `{"patient":"[|---|](PERSON_1)"}`,
+	}}
+
+	result, err := applyMessagesToResponses(req, msgs)
+	if err != nil {
+		t.Fatalf("applyMessagesToResponses() error = %v", err)
+	}
+
+	input, ok := result.Input.([]map[string]any)
+	if !ok || len(input) != 1 {
+		t.Fatalf("Input = %#v, want []map[string]any len=1", result.Input)
+	}
+	output, ok := input[0]["output"].(string)
+	if !ok {
+		t.Fatalf("output = %#v, want string", input[0]["output"])
+	}
+	if output != `{"patient":"[|---|](PERSON_1)"}` {
+		t.Fatalf("Output = %q, want rewritten JSON string preserved as string", output)
+	}
+}
+
 func TestApplyMessagesToResponses_PreservesArrayEnvelopeForAnyInput(t *testing.T) {
 	req := &core.ResponsesRequest{
 		Model: "gpt-4",
diff --git a/internal/responsecache/responsecache.go b/internal/responsecache/responsecache.go
@@ -242,9 +242,9 @@ func internalRequestHeaders(ctx context.Context) http.Header {
 func internalCacheType(headerValue string) string {
 	headerValue = strings.TrimSpace(headerValue)
 	switch headerValue {
-	case "HIT (exact)":
+	case CacheHeaderExact:
 		return CacheTypeExact
-	case "HIT (semantic)":
+	case CacheHeaderSemantic:
 		return CacheTypeSemantic
 	default:
 		return ""
diff --git a/internal/responsecache/semantic.go b/internal/responsecache/semantic.go
@@ -387,17 +387,17 @@ func extractTextFromContent(content any) string {
 // (e.g. "/v1/chat/completions") and isolates entries across distinct endpoints.
 func computeParamsHash(body []byte, endpointPath string, plan *core.ExecutionPlan, guardrailsHash, embedderIdentity string) string {
 	var req struct {
-		Model             string              `json:"model"`
-		Temperature       *float64            `json:"temperature"`
-		TopP              *float64            `json:"top_p"`
-		MaxTokens         *int                `json:"max_tokens"`
-		MaxOutputTokens   *int                `json:"max_output_tokens"`
-		Tools             []map[string]any    `json:"tools"`
-		ResponseFormat    any                 `json:"response_format"`
-		Stream            bool                `json:"stream,omitempty"`
-		StreamOptions     *core.StreamOptions `json:"stream_options"`
-		Reasoning         json.RawMessage     `json:"reasoning"`
-		Instructions      string              `json:"instructions"`
+		Model           string              `json:"model"`
+		Temperature     *float64            `json:"temperature"`
+		TopP            *float64            `json:"top_p"`
+		MaxTokens       *int                `json:"max_tokens"`
+		MaxOutputTokens *int                `json:"max_output_tokens"`
+		Tools           []map[string]any    `json:"tools"`
+		ResponseFormat  any                 `json:"response_format"`
+		Stream          bool                `json:"stream,omitempty"`
+		StreamOptions   *core.StreamOptions `json:"stream_options"`
+		Reasoning       json.RawMessage     `json:"reasoning"`
+		Instructions    string              `json:"instructions"`
 	}
 	_ = json.Unmarshal(body, &req)
 
@@ -576,9 +576,11 @@ func WithGuardrailsHash(ctx context.Context, hash string) context.Context {
 
 // CacheTypeHeader values for X-Cache-Type.
 const (
-	CacheTypeExact    = "exact"
-	CacheTypeSemantic = "semantic"
-	CacheTypeBoth     = "both"
+	CacheTypeExact      = "exact"
+	CacheTypeSemantic   = "semantic"
+	CacheTypeBoth       = "both"
+	CacheHeaderExact    = "HIT (exact)"
+	CacheHeaderSemantic = "HIT (semantic)"
 )
 
 // ShouldSkipExactCache reports whether the X-Cache-Type header requests semantic-only mode.
diff --git a/internal/responsecache/stream_cache.go b/internal/responsecache/stream_cache.go
