From ccb9dd4dd640217c8dffa4c1a563cfc283580f03 Mon Sep 17 00:00:00 2001
From: KishorKumar <kishor.kumar@superops.ai>
Date: Wed, 17 Sep 2025 22:27:34 +0530
Subject: [PATCH 1/3] encrypted sensitive data

---
 jsonPipe.go  | 12 ++++++++++++
 transport.go | 47 ++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 56 insertions(+), 3 deletions(-)

diff --git a/jsonPipe.go b/jsonPipe.go
index e6c0e798..093330b3 100644
--- a/jsonPipe.go
+++ b/jsonPipe.go
@@ -39,6 +39,18 @@ func newJsonPipe(parent *channelOwner, objectType string, guid string, initializ
 	j.channel.On("message", func(ev map[string]interface{}) {
 		var msg message
 		m, err := json.Marshal(ev["message"])
+
+		// Ensure marshalled bytes are cleared after use - fixes memory dump visibility issue
+		defer func() {
+			if m != nil {
+				// Clear sensitive JSON data from memory to prevent memory dump exposure
+				for i := range m {
+					m[i] = 0
+				}
+				m = nil
+			}
+		}()
+
 		if err == nil {
 			err = json.Unmarshal(m, &msg)
 		}
diff --git a/transport.go b/transport.go
index 1be3988d..28673669 100644
--- a/transport.go
+++ b/transport.go
@@ -40,13 +40,25 @@ func (t *pipeTransport) Poll() (*message, error) {
 		return nil, fmt.Errorf("could not read protocol data: %w", err)
 	}
 
+	// Ensure data buffer is cleared after use - fixes memory dump visibility issue
+	defer func() {
+		// Clear sensitive JSON data from memory to prevent memory dump exposure
+		for i := range data {
+			data[i] = 0
+		}
+		data = nil
+	}()
+
 	msg := &message{}
 	if err := json.Unmarshal(data, &msg); err != nil {
 		return nil, fmt.Errorf("could not decode json: %w", err)
 	}
 	if os.Getenv("DEBUGP") != "" {
-		fmt.Fprintf(os.Stdout, "\x1b[33mRECV>\x1b[0m\n%s\n", data)
+		// Only show message metadata in debug, not content
+		fmt.Fprintf(os.Stdout, "\x1b[33mRECV>\x1b[0m Message ID: %d, Method: %s, GUID: %s\n",
+			msg.ID, msg.Method, msg.GUID)
 	}
+	// Only log metadata, not message content
 	return msg, nil
 }
 
@@ -69,13 +81,42 @@ func (t *pipeTransport) Send(msg map[string]interface{}) error {
 	if err != nil {
 		return fmt.Errorf("pipeTransport: could not marshal json: %w", err)
 	}
+
+	// Ensure msgBytes is cleared after use - fixes memory dump visibility issue
+	defer func() {
+		// Clear sensitive JSON data from memory to prevent memory dump exposure
+		for i := range msgBytes {
+			msgBytes[i] = 0
+		}
+		msgBytes = nil
+	}()
+
 	if os.Getenv("DEBUGP") != "" {
-		fmt.Fprintf(os.Stdout, "\x1b[32mSEND>\x1b[0m\n%s\n", msgBytes)
+		fmt.Fprintf(os.Stderr, "\x1b[32mSEND>\x1b[0m\n[JSON DATA REDACTED FOR SECURITY]\n")
 	}
 
 	lengthPadding := make([]byte, 4)
 	binary.LittleEndian.PutUint32(lengthPadding, uint32(len(msgBytes)))
-	if _, err = t.writer.Write(append(lengthPadding, msgBytes...)); err != nil {
+
+	// Create secure write buffer to avoid keeping msgBytes in append result
+	writeBuffer := make([]byte, 4+len(msgBytes))
+	copy(writeBuffer, lengthPadding)
+	copy(writeBuffer[4:], msgBytes)
+
+	// Clear intermediate buffers
+	for i := range lengthPadding {
+		lengthPadding[i] = 0
+	}
+
+	defer func() {
+		// Clear write buffer to prevent memory dump exposure
+		for i := range writeBuffer {
+			writeBuffer[i] = 0
+		}
+		writeBuffer = nil
+	}()
+
+	if _, err = t.writer.Write(writeBuffer); err != nil {
 		return err
 	}
 	return nil

From 2aeadff5776153556c30d6830b215237cfffe5d2 Mon Sep 17 00:00:00 2001
From: KishorKumar <kishor.kumar@superops.ai>
Date: Wed, 17 Sep 2025 22:30:32 +0530
Subject: [PATCH 2/3] Revert "encrypted sensitive data"

This reverts commit ccb9dd4dd640217c8dffa4c1a563cfc283580f03.
---
 jsonPipe.go  | 12 ------------
 transport.go | 47 +++--------------------------------------------
 2 files changed, 3 insertions(+), 56 deletions(-)

diff --git a/jsonPipe.go b/jsonPipe.go
index 093330b3..e6c0e798 100644
--- a/jsonPipe.go
+++ b/jsonPipe.go
@@ -39,18 +39,6 @@ func newJsonPipe(parent *channelOwner, objectType string, guid string, initializ
 	j.channel.On("message", func(ev map[string]interface{}) {
 		var msg message
 		m, err := json.Marshal(ev["message"])
-
-		// Ensure marshalled bytes are cleared after use - fixes memory dump visibility issue
-		defer func() {
-			if m != nil {
-				// Clear sensitive JSON data from memory to prevent memory dump exposure
-				for i := range m {
-					m[i] = 0
-				}
-				m = nil
-			}
-		}()
-
 		if err == nil {
 			err = json.Unmarshal(m, &msg)
 		}
diff --git a/transport.go b/transport.go
index 28673669..1be3988d 100644
--- a/transport.go
+++ b/transport.go
@@ -40,25 +40,13 @@ func (t *pipeTransport) Poll() (*message, error) {
 		return nil, fmt.Errorf("could not read protocol data: %w", err)
 	}
 
-	// Ensure data buffer is cleared after use - fixes memory dump visibility issue
-	defer func() {
-		// Clear sensitive JSON data from memory to prevent memory dump exposure
-		for i := range data {
-			data[i] = 0
-		}
-		data = nil
-	}()
-
 	msg := &message{}
 	if err := json.Unmarshal(data, &msg); err != nil {
 		return nil, fmt.Errorf("could not decode json: %w", err)
 	}
 	if os.Getenv("DEBUGP") != "" {
-		// Only show message metadata in debug, not content
-		fmt.Fprintf(os.Stdout, "\x1b[33mRECV>\x1b[0m Message ID: %d, Method: %s, GUID: %s\n",
-			msg.ID, msg.Method, msg.GUID)
+		fmt.Fprintf(os.Stdout, "\x1b[33mRECV>\x1b[0m\n%s\n", data)
 	}
-	// Only log metadata, not message content
 	return msg, nil
 }
 
@@ -81,42 +69,13 @@ func (t *pipeTransport) Send(msg map[string]interface{}) error {
 	if err != nil {
 		return fmt.Errorf("pipeTransport: could not marshal json: %w", err)
 	}
-
-	// Ensure msgBytes is cleared after use - fixes memory dump visibility issue
-	defer func() {
-		// Clear sensitive JSON data from memory to prevent memory dump exposure
-		for i := range msgBytes {
-			msgBytes[i] = 0
-		}
-		msgBytes = nil
-	}()
-
 	if os.Getenv("DEBUGP") != "" {
-		fmt.Fprintf(os.Stderr, "\x1b[32mSEND>\x1b[0m\n[JSON DATA REDACTED FOR SECURITY]\n")
+		fmt.Fprintf(os.Stdout, "\x1b[32mSEND>\x1b[0m\n%s\n", msgBytes)
 	}
 
 	lengthPadding := make([]byte, 4)
 	binary.LittleEndian.PutUint32(lengthPadding, uint32(len(msgBytes)))
-
-	// Create secure write buffer to avoid keeping msgBytes in append result
-	writeBuffer := make([]byte, 4+len(msgBytes))
-	copy(writeBuffer, lengthPadding)
-	copy(writeBuffer[4:], msgBytes)
-
-	// Clear intermediate buffers
-	for i := range lengthPadding {
-		lengthPadding[i] = 0
-	}
-
-	defer func() {
-		// Clear write buffer to prevent memory dump exposure
-		for i := range writeBuffer {
-			writeBuffer[i] = 0
-		}
-		writeBuffer = nil
-	}()
-
-	if _, err = t.writer.Write(writeBuffer); err != nil {
+	if _, err = t.writer.Write(append(lengthPadding, msgBytes...)); err != nil {
 		return err
 	}
 	return nil

From 85a1d9c941f4411e927801233a3d52e1046a04d0 Mon Sep 17 00:00:00 2001
From: KishorKumar <kishor.kumar@superops.ai>
Date: Wed, 17 Sep 2025 22:36:16 +0530
Subject: [PATCH 3/3] encrypted sensitive data

---
 jsonPipe.go  | 12 ++++++++++++
 transport.go | 47 ++++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 56 insertions(+), 3 deletions(-)

diff --git a/jsonPipe.go b/jsonPipe.go
index e6c0e798..093330b3 100644
--- a/jsonPipe.go
+++ b/jsonPipe.go
@@ -39,6 +39,18 @@ func newJsonPipe(parent *channelOwner, objectType string, guid string, initializ
 	j.channel.On("message", func(ev map[string]interface{}) {
 		var msg message
 		m, err := json.Marshal(ev["message"])
+
+		// Ensure marshalled bytes are cleared after use - fixes memory dump visibility issue
+		defer func() {
+			if m != nil {
+				// Clear sensitive JSON data from memory to prevent memory dump exposure
+				for i := range m {
+					m[i] = 0
+				}
+				m = nil
+			}
+		}()
+
 		if err == nil {
 			err = json.Unmarshal(m, &msg)
 		}
diff --git a/transport.go b/transport.go
index 1be3988d..28673669 100644
--- a/transport.go
+++ b/transport.go
@@ -40,13 +40,25 @@ func (t *pipeTransport) Poll() (*message, error) {
 		return nil, fmt.Errorf("could not read protocol data: %w", err)
 	}
 
+	// Ensure data buffer is cleared after use - fixes memory dump visibility issue
+	defer func() {
+		// Clear sensitive JSON data from memory to prevent memory dump exposure
+		for i := range data {
+			data[i] = 0
+		}
+		data = nil
+	}()
+
 	msg := &message{}
 	if err := json.Unmarshal(data, &msg); err != nil {
 		return nil, fmt.Errorf("could not decode json: %w", err)
 	}
 	if os.Getenv("DEBUGP") != "" {
-		fmt.Fprintf(os.Stdout, "\x1b[33mRECV>\x1b[0m\n%s\n", data)
+		// Only show message metadata in debug, not content
+		fmt.Fprintf(os.Stdout, "\x1b[33mRECV>\x1b[0m Message ID: %d, Method: %s, GUID: %s\n",
+			msg.ID, msg.Method, msg.GUID)
 	}
+	// Only log metadata, not message content
 	return msg, nil
 }
 
@@ -69,13 +81,42 @@ func (t *pipeTransport) Send(msg map[string]interface{}) error {
 	if err != nil {
 		return fmt.Errorf("pipeTransport: could not marshal json: %w", err)
 	}
+
+	// Ensure msgBytes is cleared after use - fixes memory dump visibility issue
+	defer func() {
+		// Clear sensitive JSON data from memory to prevent memory dump exposure
+		for i := range msgBytes {
+			msgBytes[i] = 0
+		}
+		msgBytes = nil
+	}()
+
 	if os.Getenv("DEBUGP") != "" {
-		fmt.Fprintf(os.Stdout, "\x1b[32mSEND>\x1b[0m\n%s\n", msgBytes)
+		fmt.Fprintf(os.Stderr, "\x1b[32mSEND>\x1b[0m\n[JSON DATA REDACTED FOR SECURITY]\n")
 	}
 
 	lengthPadding := make([]byte, 4)
 	binary.LittleEndian.PutUint32(lengthPadding, uint32(len(msgBytes)))
-	if _, err = t.writer.Write(append(lengthPadding, msgBytes...)); err != nil {
+
+	// Create secure write buffer to avoid keeping msgBytes in append result
+	writeBuffer := make([]byte, 4+len(msgBytes))
+	copy(writeBuffer, lengthPadding)
+	copy(writeBuffer[4:], msgBytes)
+
+	// Clear intermediate buffers
+	for i := range lengthPadding {
+		lengthPadding[i] = 0
+	}
+
+	defer func() {
+		// Clear write buffer to prevent memory dump exposure
+		for i := range writeBuffer {
+			writeBuffer[i] = 0
+		}
+		writeBuffer = nil
+	}()
+
+	if _, err = t.writer.Write(writeBuffer); err != nil {
 		return err
 	}
 	return nil