From 33937ab115374f2d1e7f2c7447665515cff856c3 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Tue, 3 Feb 2026 16:23:14 +0100
Subject: [PATCH] feat(bot): add signature verification logging

- Added info-level logging to provide details about signature verification, including secret length and partial hashes for expected and received signatures.
- Helps in debugging signature mismatches without exposing full sensitive data.
---
 systems/x86_64-linux/mx/nextcloud-claude-bot/bot.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/systems/x86_64-linux/mx/nextcloud-claude-bot/bot.py b/systems/x86_64-linux/mx/nextcloud-claude-bot/bot.py
index 044da45..54d9622 100644
--- a/systems/x86_64-linux/mx/nextcloud-claude-bot/bot.py
+++ b/systems/x86_64-linux/mx/nextcloud-claude-bot/bot.py
@@ -61,17 +61,19 @@ def verify_signature(body: bytes, signature: str) -> bool:
     if not BOT_SECRET:
         log.warning("No bot secret configured, skipping signature verification")
         return True
-    
+
     expected = hmac.new(
         BOT_SECRET.encode(),
         body,
         hashlib.sha256
     ).hexdigest()
-    
+
     # Nextcloud sends: sha256=<hex>
     if signature.startswith("sha256="):
         signature = signature[7:]
-    
+
+    log.info(f"Signature verification: secret_len={len(BOT_SECRET)}, expected={expected[:16]}..., received={signature[:16]}...")
+
     return hmac.compare_digest(expected, signature)