mem dump fix

2026-02-08 18:18:46 -06:00 · 2025-12-15 00:41:48 -05:00
parent a39752eb40
commit cc4cf6c36e
2 changed files with 22 additions and 6 deletions
--- a/backend-services/utils/memory_dump_util.py
+++ b/backend-services/utils/memory_dump_util.py
@@ -207,13 +207,16 @@ def dump_memory_to_file(path: str | None = None) -> str:
    ts = datetime.now(UTC).strftime('%Y%m%dT%H%M%SZ')
    dump_path = os.path.join(dump_dir, f'{stem}-{ts}.bin')
    raw_data = database.db.dump_data()
-    sanitized_data = _sanitize_for_dump(_to_jsonable(raw_data))
+    # Do NOT sanitize here: the dump is encrypted and must be restorable.
+    # Sanitizing would replace secrets (e.g., password hashes) with placeholders
+    # and corrupt the restored state. Keep full data and rely on encryption.
+    jsonable_data = _to_jsonable(raw_data)
    payload = {
        'version': 1,
        'created_at': datetime.now(UTC).isoformat().replace('+00:00', 'Z'),
-        'sanitized': True,
-        'note': 'Sensitive fields (passwords, tokens, secrets) have been redacted',
-        'data': sanitized_data,
+        'sanitized': False,
+        'note': 'Contains sensitive data; encrypted at rest with MEM_ENCRYPTION_KEY',
+        'data': jsonable_data,
    }
    plaintext = json.dumps(payload, separators=(',', ':'), default=_json_default).encode('utf-8')
    key = os.getenv('MEM_ENCRYPTION_KEY', '')
--- a/backend-services/utils/security_settings_util.py
+++ b/backend-services/utils/security_settings_util.py
@@ -114,11 +114,24 @@ async def load_settings() -> dict[str, Any]:
        if file_obj:
            try:
                to_set = _merge_settings(file_obj)
-                coll.update_one({'type': 'security_settings'}, {'$set': to_set})
+                coll.update_one({'type': 'security_settings'}, {'$set': to_set}, upsert=True)
                doc = to_set
            except Exception:
                doc = file_obj
-    settings = _merge_settings(doc or {})
+    
+    # If still no doc, initialize with defaults (including env vars)
+    if not doc:
+        settings = _merge_settings({})
+        try:
+            coll.insert_one(settings)
+            logger.info('Initialized security settings from environment variables and defaults')
+        except Exception as e:
+            logger.warning(f'Failed to persist initial security settings: {e}')
+        _CACHE.update(settings)
+        _save_to_file(settings)
+        return settings
+    
+    settings = _merge_settings(doc)
    _CACHE.update(settings)
    return settings