@bridge_gpt/mcp-server 0.2.2 → 0.2.4

package/build/conductor/redaction.js

@@ -0,0 +1,112 @@
+/**
+ * Secret redaction for conductor event payloads.
+ *
+ * Every value stored in the `events.data_json` column passes through
+ * {@link redactSecrets} so credential-shaped material never lands in the local
+ * ledger (and therefore never leaks back through poll/wait reads). Redaction is
+ * pattern-based and conservative: it replaces recognizable secret values with
+ * `[REDACTED]` while preserving the surrounding structure and non-secret text.
+ */
+const REDACTED = "[REDACTED]";
+/** Standalone secret-shaped patterns, applied in order (PEM/multiline first). */
+const STANDALONE_PATTERNS = [
+    // PEM private-key blocks (any key type), including the body.
+    {
+        pattern: /-----BEGIN [A-Z0-9 ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z0-9 ]*PRIVATE KEY-----/g,
+        replacement: REDACTED,
+    },
+    // JWT-like tokens: three base64url segments separated by dots.
+    {
+        pattern: /eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g,
+        replacement: REDACTED,
+    },
+    // Bearer tokens — keep the scheme word, drop the credential.
+    { pattern: /\bBearer\s+[A-Za-z0-9._-]+/gi, replacement: `Bearer ${REDACTED}` },
+    // AWS access key IDs (AKIA/ASIA + 16 base32 chars).
+    { pattern: /\b(?:AKIA|ASIA)[0-9A-Z]{16}\b/g, replacement: REDACTED },
+    // GitHub tokens (ghp_/gho_/ghu_/ghs_/ghr_ + body). Short floor (>= 6) so
+    // test-style fakes are redacted too; real tokens are 36+.
+    { pattern: /\bgh[pousr]_[A-Za-z0-9]{6,}\b/g, replacement: REDACTED },
+    // OpenAI / Anthropic style keys (sk-..., sk-ant-..., sk-proj-...). The floor
+    // is intentionally short (>= 6 body chars) so short test-style keys are also
+    // redacted; real keys are far longer.
+    { pattern: /\bsk-(?:ant-|proj-)?[A-Za-z0-9_-]{6,}\b/g, replacement: REDACTED },
+];
+/** Secret-bearing key names used by assignment-style redaction. */
+const ASSIGNMENT_KEYS = "api[_-]?key|apikey|secret|token|password|passwd|pwd|authorization|auth";
+/** `key: "value"` / `key = "value"` — preserve the key + quotes, redact the value. */
+const ASSIGNMENT_QUOTED = new RegExp(`\\b(${ASSIGNMENT_KEYS})(\\s*[:=]\\s*)("|')[^"']*("|')`, "gi");
+/** `key=value` / `key: value` (unquoted) — preserve the key, redact the value. */
+const ASSIGNMENT_UNQUOTED = new RegExp(`\\b(${ASSIGNMENT_KEYS})(\\s*[:=]\\s*)([^\\s"',;}{]+)`, "gi");
+/**
+ * Redact known secret-shaped patterns from a single string. Non-secret text is
+ * preserved; recognized secret values become `[REDACTED]`.
+ */
+export function redactSecretString(value) {
+    let out = value;
+    for (const { pattern, replacement } of STANDALONE_PATTERNS) {
+        out = out.replace(pattern, replacement);
+    }
+    out = out.replace(ASSIGNMENT_QUOTED, (_m, key, sep, q) => `${key}${sep}${q}${REDACTED}${q}`);
+    out = out.replace(ASSIGNMENT_UNQUOTED, (_m, key, sep) => `${key}${sep}${REDACTED}`);
+    return out;
+}
+/**
+ * Secret-bearing object KEY names. Value-shape redaction alone is blind to
+ * structured secrets like `{ password: "plainvalue" }` or `{ api_key: "..." }`
+ * whose values have no recognizable shape, so {@link redactSecrets} also redacts
+ * a string value whenever its KEY looks credential-bearing. Matching normalizes
+ * case + `_`/`-` separators and compares whole/suffix words, so `access_token`
+ * and `clientSecret` match while the plural metric `tokens` and `author` do not.
+ */
+const SECRET_KEY_WORDS = [
+    "password",
+    "passwd",
+    "pwd",
+    "secret",
+    "token",
+    "apikey",
+    "authorization",
+    "auth",
+];
+/** True when an object key looks credential-bearing. */
+export function isSecretKey(key) {
+    const norm = key.toLowerCase().replace(/[_-]/g, "");
+    return SECRET_KEY_WORDS.some((word) => norm === word || norm.endsWith(word));
+}
+/**
+ * Recursively redact secrets in a JSON-like value while preserving array/object
+ * shape. A string value is redacted when EITHER its content is secret-shaped
+ * ({@link redactSecretString}) OR its object key is credential-bearing
+ * ({@link isSecretKey}) — the latter catches structured secrets with otherwise
+ * unrecognizable values. `undefined` is normalized deterministically: object
+ * properties whose value is `undefined` are omitted, and `undefined` array
+ * elements become `null` (matching `JSON.stringify` semantics) so serialized
+ * output is stable.
+ */
+export function redactSecrets(value) {
+    if (typeof value === "string") {
+        return redactSecretString(value);
+    }
+    if (Array.isArray(value)) {
+        return value.map((item) => (item === undefined ? null : redactSecrets(item)));
+    }
+    if (value !== null && typeof value === "object") {
+        const out = {};
+        for (const [key, val] of Object.entries(value)) {
+            if (val === undefined)
+                continue;
+            // Key-name redaction: a string under a credential-bearing key is replaced
+            // wholesale, regardless of whether its value matches a known secret shape.
+            if (typeof val === "string" && isSecretKey(key)) {
+                out[key] = REDACTED;
+            }
+            else {
+                out[key] = redactSecrets(val);
+            }
+        }
+        return out;
+    }
+    // number | boolean | null | bigint | symbol | function — return primitives as-is.
+    return value;
+}