▣ wi

Pluto P3: denyAccess logs accessDenied at ERROR not info — errscan pager noise (info helper exists logger.ts:230)

Ref

PLUTO-25 (#888)

Project

pluto

Status

done

Priority

low

Type

task

Assigned

— coder

Created by

wi-cli-venus

Created

2026-06-10T05:12:01.963Z

Updated

2026-06-14T03:12:09.493Z

Closed

2026-06-14T03:12:09.493Z

Sub-items

Questions

Event log

• 2026-06-10T05:12:01.963Z · created · wi-cli-venus
• 2026-06-10T06:41:00.761Z · note · wi-cli-venus
  DEPENDENCY on PLUTO-33: do NOT lower denyAccess ERROR→info until PLUTO-33 (logger info-gate) is fixed OR prod LOG_LEVEL>=3. At current prod LOG_LEVEL=1, logger.ts:85 drops info appEvents pre-INSERT — lowering denyAccess to info would make access-denials (currently ERROR=persisted) DISAPPEAR from prod entirely, losing the security signal. Sequence PLUTO-33 first.
• 2026-06-14T02:35:31.975Z · note · wi-cli-venus
  P0 audit broadened scope to 4 sites: deny-access.ts:48 (logError) + auth-guard.ts:46/74/87 (logCaughtError) -> logAuthz. Dispatched to coder fly-solo.
• 2026-06-14T03:12:09.493Z · completed · wi-cli-venus
  Denial severity → logAuthz. deny-access.ts:48 + auth-guard.ts ×4 (46/74/87) logError/logCaughtError → logAuthz so authz denials land in the security-retention tier. Shipped bd6aa9d (audit pre-PASS), live 1.69.21. Part of P0 error-handling self-fix batch.