fix(management): elide ExternalSystem AuthConfiguration from responses and audit (arch-review C3)
Claude-Session: https://claude.ai/code/session_01MtdgwpEeCUn6cUA5f1LMPj
This commit is contained in:
@@ -156,6 +156,8 @@ The two-person authorization workflow for writes through the MxAccess Gateway. B
|
||||
- **ListExternalSystems** / **GetExternalSystem**: Query external system definitions.
|
||||
- **CreateExternalSystem** / **UpdateExternalSystem** / **DeleteExternalSystem**: Manage external system definitions.
|
||||
|
||||
> **Secret elision (arch-review C3).** The `AuthConfiguration` blob holds API keys / Basic credentials. All command responses **and** audit `afterState` are projected through `ExternalSystemPublicShape`, which drops `AuthConfiguration` entirely and surfaces only a `hasAuthConfiguration` presence flag. **Update** is preserve-if-null: an omitted (`null`) `AuthConfiguration` leaves the stored secret intact (mirrors the SMTP/SMS credential rule).
|
||||
|
||||
### Notifications
|
||||
|
||||
- **ListNotificationLists** / **GetNotificationList**: Query notification lists.
|
||||
|
||||
Reference in New Issue
Block a user