Skip to main content
4. Future Consideration

Selective Log Redaction Overrides for Specific Payloads and Fields

Related products:Agent Studio
  • January 26, 2026
  • 2 replies
  • 22 views
2613196
Forum|alt.badge.img+3

Summary

Moveworks currently applies global log‑redaction rules that often remove sensitive data from all payloads uniformly. While this protects customer information, it can make troubleshooting, debugging, and rule development extremely difficult when certain payloads must be visible temporarily or permanently.

This request proposes a controlled mechanism to disable or override log redaction for specific payloads and specific key/value fields, using an extension to the existing redaction DSL.
 

Problem Statement

Today, log redaction is fairly extreme, and not easily refined at the project level (that I can tell)

  • Redaction is applied globally
  • Redaction cannot be disabled for specific data objects
  • Redaction cannot selectively reveal individual fields
  • Debugging issues in pipelines, transformations, audits and DSL logic becomes challenging without visibility into certain parts of the payload

As a result, teams often struggle to analyze issues effectively without temporarily weakening overall log safety.

Proposed Solution: Redaction Override rule

Extend the existing Moveworks redaction rule to support a new structure that allows per‑payload and per‑field exceptions.

{
  "show": {
    "info": [
      "data.anotherPayload.Name.First"
    ],
    "debug": [
      "data.myPayload"
    ]
  },
  "redact": [
    "data.sensitive",
    "data.userPayload.user_choice"
  ]
}

How it would work

  1. show list

    • Any paths listed under "show" are preserved in full.
    • Full objects (e.g., data.myPayload) can be whitelisted.
    • Individual fields (e.g., .Name.First) can also be whitelisted.
  2. show info/debug 
    • Info or Debug settings mean that item will log in production mode or debug mode.
    • For logging info mode there would be a simple log entry that shows just that payload, this might be similar to accessed_variables in the logs.

  3. redact list

    • Specific objects or fields can still be forcibly redacted even if part of a visible payload.

  4. Final redaction behavior

    • Redaction system evaluates "show" rules first (explicit allowlist).
    • "redact" takes precedence for any subfields explicitly listed.
    • Any data not mentioned falls back to existing platform defaults.
    • at the kick off a plugin - the redaction rule would show in the logs on the info entry.

Benefits

For Developers

  • Can fully inspect problematic payloads during debugging
  • Reduces friction and time to resolution
  • No need to disable global redaction settings

For Security & Compliance

  • Overrides are explicit, documented, and controlled
  • Redaction remains applied everywhere except where explicitly allowed
  • Still enables field-level protection for sensitive subfield data

For Platform Consistency

  • Builds on the existing redaction DSL
  • Maintains an opt‑in model rather than broad “disable redaction” switches
  • Minimizes implementation complexity while maximizing flexibility
When humans and AI unite, creativity flows and innovation accelerates.

2 replies

Ajay Merchia
Forum|alt.badge.img+2
  • Ajay Merchia
  • Community Manager
  • January 31, 2026
Updated idea status 1. New4. Future Consideration
Ajay Merchia
Forum|alt.badge.img+2
  • Ajay Merchia
  • Community Manager
  • January 31, 2026

Thanks for the detailed proposal. Agent Studio does have redaction controls today (Standard and Strict modes at the launch configuration level), but you're right that these are global policies rather than selective per-field control.

Your proposal for DSL-based selective redaction is interesting. To understand the use case better:

  1. What specific payloads are you trying to debug where redaction is blocking you? Are these internal transformation steps, API responses, or something else?
  2. What fields commonly get redacted that you need visibility into? Understanding the patterns would help us think through the right level of granularity.
  3. How do you envision using the info vs debug modes in practice? Would debug mode be something you toggle on temporarily, or is this more about having different logging levels for different parts of your plugin?

The tradeoff here is between debugging visibility and data protection - curious how you're thinking about managing that balance (e.g., who would have access to configure these overrides, what guardrails would make sense).

Learn more: Log Redaction documentation

cc: @dhorvath (governance/security ownership)

Terms & ConditionsCookie settingsAccessibility statement