Problem
Currently, personal user data such as names, phone numbers, email addresses, and passwords may be traced by Langfuse in the robodev-r2d2/rag-template project. This poses a potential data security and privacy risk, as such information should not be traced or stored in logs.
Investigation
- Check if there are already packages or Langfuse configuration options (e.g., via Helm chart) that facilitate data filtering or anonymization.
- Investigate the repo structure to identify:
- Where Langfuse tracing is implemented (code locations).
- Where users can provide personal data that should be excluded from tracing (input sources, forms, API endpoints).
- Assess whether Langfuse can be configured to filter or redact sensitive fields automatically, potentially by adjusting the Helm chart or related deployment/configuration files.
Tasks
- Research Langfuse documentation and Helm chart options for data filtering/anonymization features.
- Audit the repo for all locations where Langfuse is used, and where user data is ingested or traced.
- Propose and implement a solution to ensure personal data is not traced (e.g., code changes, configuration updates, use of additional packages).
- Document the approach, findings, and changes.
Acceptance Criteria
- No personal user data (names, phone numbers, emails, passwords, etc.) is traced or logged by Langfuse.
- Repo is updated with configuration/code to enforce this.
- Documentation provided for future maintainers.
No related issues found for this topic in open issues.
Problem
Currently, personal user data such as names, phone numbers, email addresses, and passwords may be traced by Langfuse in the robodev-r2d2/rag-template project. This poses a potential data security and privacy risk, as such information should not be traced or stored in logs.
Investigation
Tasks
Acceptance Criteria
No related issues found for this topic in open issues.