Do not log secrets
Request bodies, Authorization headers, API keys, and private prompts should not appear in default logs.
ProxAI is a local compatibility proxy. That makes it useful for debugging, but it also means local files can contain provider configuration, request metadata, captured payloads, and diagnostics.
| Artifact | Privacy expectation | Commit? |
|---|---|---|
config.toml | Local runtime config; may contain provider URLs, API key references, route choices, or local-only settings. | No |
config.example.toml | Tracked example and documentation source; must stay sanitized and generic. | Yes |
captures/ | Request/response phase payloads for debugging; can contain private prompts and tool data. | No |
logs/ | Local diagnostics; should stay compact and body-safe, but still may reveal operational context. | No |
| Generated site output | Static docs build artifacts. | No unless intentionally configured otherwise |
Request bodies, Authorization headers, API keys, and private prompts should not appear in default logs.
Enable the smallest useful phase: inbound_request, provider_request, upstream_response, or outbound_response.
If privacy behavior is uncertain, inspect implementation and tests before documenting or sharing assumptions.
Prefer symptoms, status codes, phase names, error types, redacted headers, and trimmed payload structure over full private captures.
Goal: Avoid capturing more data than needed.
Verify: You know which phase is most likely to explain the issue.
Goal: Limit the private data surface.
Verify: The capture answers the question without needing the full request lifecycle.
Goal: Preserve useful structure while removing private content.
Verify: A maintainer can understand the boundary failure without seeing private data.
| Usually useful | Avoid or redact |
|---|---|
| ProxAI version, OS, command shape without secrets | API keys, bearer tokens, full environment dumps |
| Inbound protocol and request path | Full prompts or private file snippets |
| Provider protocol and route name/pattern when sanitized | Private provider account details or internal URLs |
Error type, HTTP status, preserved safe headers such as Retry-After | Full upstream error bodies if they contain prompts or account data |
| Minimal JSON shape with placeholder values | Complete captures unless explicitly reviewed and sanitized |
For exact local paths and ignored artifacts, see Environment and Files. For phase names, see Capture Phases.