SOP-DEV-daily-session-export-v1.0¶
1. Purpose¶
Define governance rules for the daily automated session export pipeline: who reviews outputs, what the auto-approve policy is, and what escalation fires when the scrub misses a secret or the pipeline fails.
What the pipeline does: Runs daily at 5:00 AM PST. Exports Claude agent session transcripts, scrubs originals in place (removes credentials, PII per the scrub ruleset), generates clean copies, commits to git, and opens a PR for review. The script lives at /Users/rhartley/.ecomonetize/scripts/daily-session-export-and-scrub.sh.
Why this SOP must exist: An automated pipeline that commits and PRs session transcripts creates two governance questions: (1) who has authority to approve those PRs, and (2) what happens when the scrub fails to catch a credential. Without answers, both become informal — the pipeline runs but accountability is undefined.
2. Pipeline Schedule and Ownership¶
| Element | Value |
|---|---|
| Schedule | Daily, 5:00 AM PST |
| Pipeline owner | chief.staff (operational accountability) |
| Script maintenance owner | code.platform |
| PR review authority | See Section 3 |
| Scrub audit log | /Claude/operations/logs/credential-scrub-audit.md |
3. PR Review and Auto-Approve Policy¶
Daily session export PRs follow a tiered review policy based on scrub confidence:
| Condition | Action |
|---|---|
| Scrub confidence: HIGH (no flagged patterns in output, audit log clean) | Auto-approve. chief.staff may spot-check weekly but is not required to review daily. |
| Scrub confidence: MEDIUM (minor flags in audit log — patterns matched but assessed non-sensitive by scrub ruleset) | chief.staff reviews before merge. Merge window: before next day's 5:00 AM run. |
| Scrub confidence: LOW or FAIL (scrub flagged potential credential or PII, or pipeline errored) | Do NOT auto-approve. chief.staff holds merge, notifies COO, triggers Section 5 escalation. |
Scrub confidence level is written to the PR description by the pipeline. If the PR description contains no confidence level (pipeline error), treat as LOW.
PR merge authority: chief.staff may merge HIGH-confidence PRs autonomously. COO approval required for MEDIUM-confidence merges where chief.staff is uncertain. CEO notification required for LOW/FAIL cases.
4. What the Scrub Covers¶
The scrub ruleset (maintained by code.platform, version-controlled in the script) removes:
- API key patterns (Anthropic
sk-ant-api, OpenRoutersk-or-v1, OpenAIsk-proj-, GitHubghp_, etc.) - Airtable PAT patterns (
pat[A-Za-z0-9]{10,}\.) - Email addresses outside the approved set (info@ecomonetize.com is retained; external addresses are redacted)
- IP addresses not in the approved internal range
- Any value matching 1Password item names in a known-sensitive list
What the scrub does NOT cover: Indirect credential exposure (e.g., an agent describing a credential's purpose without including its value). Indirect exposure is a LOW-severity finding and triggers a human review, not an automatic hold.
5. Escalation¶
Scrub failure (credential found in clean output)¶
- Pipeline flags LOW/FAIL confidence in PR description
- chief.staff holds PR merge immediately
- chief.staff files Section 6E Incident (SEV2 — potential credential exposure)
- code.platform notified to patch scrub ruleset within 24 hours
- If the exposed credential is active: SOP-OPS-credential-management-v1.0 Section 7 emergency rotation triggered
- COO notified; CEO notified if credential confirmed active at time of export
Pipeline failure (no PR opened by 6:00 AM PST)¶
- chief.staff detects at morning enforcement sweep (8:30 AM PST)
- chief.staff files Section 6E Incident (SEV3 — workflow failure)
- code.platform diagnoses and restores within the business day
- If pipeline missed more than one consecutive run: COO notified, manual export run for the gap days
Scrub ruleset drift (new credential format not covered)¶
- security.ops or any agent who notices a gap files a note to code.platform session dir
- code.platform patches the ruleset in the same session if possible, next session if not
- SOP-OPS-credential-management-v1.0 Section 6 quarterly audit includes a scrub-ruleset review
6. Scrub Audit Log¶
/Claude/operations/logs/credential-scrub-audit.md is the per-run audit trail. Each run appends:
{YYYY-MM-DD} | Confidence: {HIGH/MEDIUM/LOW/FAIL} | Sessions exported: {N} | Flags: {count} | PR: {#} | Merged: {auto/manual/held}
chief.staff reviews the audit log weekly as part of Monday enforcement sweep. Patterns (repeated MEDIUM, scrub ruleset gaps) are surfaced in the next CEO Daily Summary if actionable.
7. Scope Limits¶
This SOP governs the daily automated export pipeline only. It does not govern:
- Manual session exports (those are ad-hoc and subject to chief.staff discretion)
- The scrub ruleset content (code.platform owns that via the script)
- Long-term session transcript retention policy (TBD — separate SOP needed)
Change Log¶
| Version | Date | Change |
|---|---|---|
| v1.0 | 2026-04-21 | Initial draft — sop.manager. Authored per iOS recovery dispatch commitment (Eva, 2026-04-20). |
Owner: chief.staff Executive sponsor: coo Drafted by: sop.manager Status: Draft — pending COO review + approval Version: v1.0