Skip to content

Releases: cainky/logtap

v0.4.1: Security Hardening

03 Feb 08:03
@cainky cainky
v0.4.1
a9d5aed

Choose a tag to compare

View all tags
v0.4.1: Security Hardening Latest
Latest

Security Hardening Release

This release focuses on comprehensive security improvements for path traversal prevention.

Security Improvements

  • Comprehensive path traversal prevention - Multi-layer defense with realpath + commonpath containment checking
  • Symlink escape protection - All paths resolved to canonical form before containment check
  • Input validation hardening - Reject NUL bytes, control characters, and malicious path patterns
  • Single authoritative validator - All file access goes through resolve_safe_path()
  • Security documentation - Added SECURITY.md documenting threat model and mitigations
  • Security test suite - 30+ tests proving path traversal attacks are blocked

Full Changelog

See commit history for full details.

Assets 2
Loading

v0.4.0 - GPU Cloud Pivot

02 Feb 19:11
@cainky cainky
v0.4.0
e0bd436

Choose a tag to compare

View all tags
v0.4.0 - GPU Cloud Pivot

tail -f for GPU clouds

This release pivots logtap from a generic log access tool to a specialized training log streamer for ML engineers running jobs on remote GPUs.

New Features

  • logtap collect - Start a collector server that accepts ingested log streams
  • logtap ingest - Pipe training output to the collector: python train.py | logtap ingest run1
  • logtap runs - List active runs on a collector
  • Updated logtap tail - Now supports runs mode with:
    • --mode auto|runs|files - Auto-detects server capabilities
    • --since <cursor> - Resume from a specific point (survives disconnects!)
    • --tag key=value - Filter by tags for multi-node training
    • --output pretty|plain|jsonl - Scriptable output formats

Architecture

  • Append-only file storage with in-memory tail cache per run
  • SSE streaming with gap detection for reconnect handling
  • Server-assigned cursors for reliable resume
  • Tag support for distributed training (node, rank, etc.)

Example Usage

On GPU instance:

logtap collect --api-key secret
python train.py 2>&1 | logtap ingest run1 --tag node=gpu1

From laptop:

logtap tail run1 --follow
# Connection drops... reconnects seamlessly

Breaking Changes

None - all existing commands (serve, query, tail, files) continue to work unchanged.

Loading

v0.3.0

02 Feb 18:26
@cainky cainky
v0.3.0
143fbdc

Choose a tag to compare

View all tags
v0.3.0

Security

  • Added ReDoS protection using google-re2 instead of Python's re module

Improvements

  • Added comprehensive chaos test suite (303 tests)
  • Fixed JSON parser crash on non-dict JSON
  • Fixed encoding errors on non-UTF-8 files
  • Migrated from poetry to uv for package management
Loading

logtap v0.2.2

08 Jan 20:43
@cainky cainky
v0.2.2
d5c0ec4

Choose a tag to compare

View all tags
logtap v0.2.2

logtap v0.2.2

Security patch release.

Security Fixes

  • Workflow Permissions: Added explicit permissions: contents: read to all GitHub Actions workflows
    • Fixes CodeQL alerts for CWE-275 (Improper Privilege Management)
    • Follows principle of least privilege for GITHUB_TOKEN
    • Affects: tests.yml, publish.yml

Previous Security Fixes (v0.2.1)

  • starlette 0.50.0 - Fixes DoS vulnerabilities (CVE-2024-47874, CVE-2025-54121)
  • httpx 0.28.1 - Updated HTTP client
  • fastapi 0.128.0 - Latest with security patches

Installation

pip install logtap

Links

Full Changelog: v0.2.1...v0.2.2

Loading

logtap v0.2.1

08 Jan 20:24
@cainky cainky
v0.2.1
8a54b86

Choose a tag to compare

View all tags
logtap v0.2.1

logtap v0.2.1

A CLI-first log access tool for Unix systems. Remote log file access without SSH.

The simplest way to access log files remotely. No database. No complex setup.

Security Fixes

This release includes critical security updates for all dependencies:

  • starlette 0.50.0 - Fixes DoS vulnerabilities in multipart form parsing (CVE-2024-47874, CVE-2025-54121)
  • httpx 0.28.1 - Updated HTTP client with security fixes
  • fastapi 0.128.0 - Latest FastAPI with security patches
  • All transitive dependencies updated to patched versions

Features

  • Remote Log Access - Query log files via REST API without SSH
  • Beautiful CLI - Colored output with rich formatting
  • Regex Search - Powerful filtering with regex patterns
  • Real-time Streaming - Follow logs like tail -f (WebSocket & SSE)
  • Log Format Parsers - Auto-detect syslog, JSON, nginx, Apache formats
  • Severity Filtering - Filter by log level (DEBUG, INFO, WARNING, ERROR, etc.)
  • Multi-file Queries - Query multiple log files in one request
  • Parsed Log Endpoint - Get structured log data with extracted fields
  • Secure - Optional API key authentication with timing-safe comparison
  • Docker Ready - One-command deployment

Installation

pip install logtap

Or with Docker:

docker run -d -p 8000:8000 -v /var/log:/var/log:ro cainky/logtap

Quick Start

# Start the server (on machine with logs)
logtap serve

# Query logs (from anywhere)
logtap query syslog --term "error"

# Regex search
logtap query auth.log --regex "Failed password.*root"

# Stream logs in real-time  
logtap tail syslog --follow

# List available log files
logtap files

API Endpoints

Endpoint Description
GET /logs Query log files with filtering
GET /logs/multi Query multiple files at once
GET /logs/parsed Get structured parsed log data
GET /logs/stream WebSocket real-time streaming
GET /logs/sse Server-Sent Events streaming
GET /files List available log files
GET /health Health check

Requirements

  • Python 3.10+
  • Linux/macOS (Windows support experimental)

Links

Full Changelog: https://github.com/cainky/logtap/commits/v0.2.1

Loading