v5.8.5 — Audit log justification data minimisation (Ssd3)

Three related SkillSpector Ssd3 findings (98%/99%/99%) addressed in scripts/checkpermission.py.

Network-AI v5.8.5 — Audit log justification data minimisation (Ssd3)

Security

Three related SkillSpector Ssd3 findings (98%/99%/99%) addressed in scripts/check_permission.py.

Justification truncation before audit log write (Ssd3, 99%) Justification strings are now truncated to 200 characters before being written to audit_log.jsonl. Content beyond that limit is dropped and a [truncated] suffix is appended. The full in-memory string is still used for score_justification() scoring. A named constant _JUSTIFICATION_MAX_LOG_LEN = 200 controls the limit.

Justification redacted from audit summary JSON output (Ssd3, 99%) --audit-summary --json previously included raw log entries in the recent array, creating a secondary retrieval path for earlier justification text. The justification key is now stripped from each entry's details dict in JSON output via an inline _redact_entry() helper. Human-readable (non-JSON) output is unaffected.

Header comment updated (Ssd3, 98%) The script header now describes truncation and summary redaction rather than saying justifications are logged verbatim. SKILL.md privacy.audit_log.pii_warning updated to match.

Files changed

scripts/check_permission.py, SKILL.md, CHANGELOG.md, package.json, skill.json, openapi.yaml, README.md, and all version-bearing doc files.