fix: remove sensitive information from outgoingLogger logs

[ricardogarim]

Proposed changes (including videos or screenshots)

As part of SUP-931 and VLN-163, we are removing sensitive information from outgoingLogger.debug logs while keeping entity IDs visible for debugging purposes.

During this change, we identified that the roomLeft event is currently reporting the user as { user: IUser } instead of the expected direct user object and a fix was implemented (CORE-1557).

Issue(s)

• SUP-931
• VLN-163
• CORE-1557

Steps to test or reproduce

Further comments

Summary by CodeRabbit

• Bug Fixes
  • Removed sensitive data from outgoing debug logs.
  • Aligned the room-left event payload format with other outgoing events.
  • Improved event debug output to include consistent identifiers (message, room, user) for better traceability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[dionisio-bot]

Looks like this PR is ready to merge! 🎉
If you have any trouble, please check the PR guidelines

[changeset-bot]

🦋 Changeset detected

Latest commit: 199f063

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 41 packages

Name	Type
@rocket.chat/meteor	Patch
@rocket.chat/core-typings	Patch
@rocket.chat/rest-typings	Patch
@rocket.chat/uikit-playground	Patch
@rocket.chat/api-client	Patch
@rocket.chat/apps	Patch
@rocket.chat/core-services	Patch
@rocket.chat/cron	Patch
@rocket.chat/ddp-client	Patch
@rocket.chat/freeswitch	Patch
@rocket.chat/fuselage-ui-kit	Patch
@rocket.chat/gazzodown	Patch
@rocket.chat/http-router	Patch
@rocket.chat/livechat	Patch
@rocket.chat/model-typings	Patch
@rocket.chat/ui-avatar	Patch
@rocket.chat/ui-client	Patch
@rocket.chat/ui-contexts	Patch
@rocket.chat/web-ui-registration	Patch
@rocket.chat/account-service	Patch
@rocket.chat/authorization-service	Patch
@rocket.chat/ddp-streamer	Patch
@rocket.chat/omnichannel-transcript	Patch
@rocket.chat/presence-service	Patch
@rocket.chat/queue-worker	Patch
@rocket.chat/stream-hub-service	Patch
@rocket.chat/federation-matrix	Patch
@rocket.chat/license	Patch
@rocket.chat/media-calls	Patch
@rocket.chat/omnichannel-services	Patch
@rocket.chat/pdf-worker	Patch
@rocket.chat/presence	Patch
rocketchat-services	Patch
@rocket.chat/models	Patch
@rocket.chat/network-broker	Patch
@rocket.chat/omni-core-ee	Patch
@rocket.chat/mock-providers	Patch
@rocket.chat/ui-video-conf	Patch
@rocket.chat/ui-voip	Patch
@rocket.chat/instance-status	Patch
@rocket.chat/omni-core	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Walkthrough

Splits roomJoined/roomLeft argument handling and normalizes roomLeft user payload; changes debug logging to emit only explicit identifiers (messageId, roomId, userId) instead of full event objects to remove sensitive message content from outgoing debug logs.

Changes

Cohort / File(s)	Summary
Patch Release Documentation .changeset/tricky-trees-tan.md, .changeset/thick-wasps-turn.md	Adds two changeset entries documenting a patch release for @rocket.chat/meteor that notes fixes removing sensitive data from outgoing debug logs and aligning roomLeft payload format.
Webhook Event Argument Handling apps/meteor/app/integrations/server/lib/triggerHandler.ts	Separates handling for roomJoined and roomLeft; extracts user for roomLeft from nested payload ((args[1] as { user: IUser })?.user); replaces debug logging of the full argObject with logging of messageId, roomId, and userId only.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Verify that all occurrences of outgoing debug logs no longer include full message content.
• Confirm roomLeft user extraction handles edge cases (missing nested user, legacy payload shapes).
• Check downstream consumers/integrations that consume roomLeft payloads for compatibility.

Suggested labels

stat: ready to merge, stat: QA assured

Suggested reviewers

• ggazzo
• pierre-lehnen-rc
• rodrigok

Poem

🐰 I hopped through code at break of dawn,

I tucked away the secrets gone,
Now logs show IDs, not what they said,
Safe trails for messages tucked in bed,
A quiet burrow — secure and calm.

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main objective of the PR: removing sensitive information from outgoingLogger logs, which is the primary focus of the changes.
Linked Issues check	✅ Passed	The changes address all three linked issues: removes sensitive data from logs (SUP-931, VLN-163) by logging only entity IDs instead of full objects, and fixes the roomLeft event user payload format (CORE-1557).
Out of Scope Changes check	✅ Passed	All changes are directly scoped to the linked issues: modifications to triggerHandler.ts target the vulnerability fixes, and changeset entries properly document the patch releases.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/outgoing-logger

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e5d2518 and 199f063.

📒 Files selected for processing (2)

• .changeset/thick-wasps-turn.md (1 hunks)
• .changeset/tricky-trees-tan.md (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• .changeset/thick-wasps-turn.md

🚧 Files skipped from review as they are similar to previous changes (1)

• .changeset/tricky-trees-tan.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: 📦 Build Packages
• GitHub Check: CodeQL-Build
• GitHub Check: CodeQL-Build

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📦 Docker Image Size Report

📈 Changes

Service	Current	Baseline	Change	Percent
sum of all images	1.2GiB	1.2GiB	+12MiB
rocketchat	360MiB	349MiB	+12MiB
omnichannel-transcript-service	132MiB	132MiB	-448B
queue-worker-service	132MiB	132MiB	-3.0KiB
ddp-streamer-service	126MiB	126MiB	-183B
account-service	113MiB	113MiB	-738B
stream-hub-service	111MiB	111MiB	-250B
presence-service	111MiB	111MiB	-304B
authorization-service	111MiB	111MiB	+337B

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/15 22:28", "11/16 01:28", "11/17 23:50", "11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 23:01", "12/02 21:57", "12/03 21:00", "12/04 18:17", "12/05 21:56", "12/08 20:15", "12/09 22:17", "12/10 16:35", "12/10 17:40 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]
  line "queue-worker-service" [0.14, 0.14, 0.14, 0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13]
  line "rocketchat" [0.36, 0.36, 0.35, 0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.35]
  line "stream-hub-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11]

Loading

Statistics (last 17 days):

• 📊 Average: 1.5GiB
• ⬇️ Minimum: 1.2GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 1.2GiB

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-37729
• Baseline: develop
• Timestamp: 2025-12-10 17:40:13 UTC
• Historical data points: 17

---

Updated: Wed, 10 Dec 2025 17:40:13 GMT

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 67.79%. Comparing base (d0be8ad) to head (199f063).
⚠️ Report is 33 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #37729      +/-   ##
===========================================
+ Coverage    67.78%   67.79%   +0.01%     
===========================================
  Files         3449     3454       +5     
  Lines       113987   114065      +78     
  Branches     20956    21002      +46     
===========================================
+ Hits         77262    77335      +73     
  Misses       34610    34610              
- Partials      2115     2120       +5     

Flag	Coverage Δ
e2e	57.27% <ø> (+0.04%)	⬆️
e2e-api	42.33% <ø> (+0.14%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.