fix(management): elide ExternalSystem AuthConfiguration from responses and audit (arch-review C3)

Claude-Session: https://claude.ai/code/session_01MtdgwpEeCUn6cUA5f1LMPj
This commit is contained in:
Joseph Doherty
2026-07-10 05:14:04 -04:00
parent 3a1980cb4c
commit ecf8ac1b7d
3 changed files with 120 additions and 7 deletions
@@ -156,6 +156,8 @@ The two-person authorization workflow for writes through the MxAccess Gateway. B
- **ListExternalSystems** / **GetExternalSystem**: Query external system definitions.
- **CreateExternalSystem** / **UpdateExternalSystem** / **DeleteExternalSystem**: Manage external system definitions.
> **Secret elision (arch-review C3).** The `AuthConfiguration` blob holds API keys / Basic credentials. All command responses **and** audit `afterState` are projected through `ExternalSystemPublicShape`, which drops `AuthConfiguration` entirely and surfaces only a `hasAuthConfiguration` presence flag. **Update** is preserve-if-null: an omitted (`null`) `AuthConfiguration` leaves the stored secret intact (mirrors the SMTP/SMS credential rule).
### Notifications
- **ListNotificationLists** / **GetNotificationList**: Query notification lists.