@glubean/redaction 0.5.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/compiler.d.ts +9 -0
- package/dist/compiler.d.ts.map +1 -1
- package/dist/compiler.js +64 -3
- package/dist/compiler.js.map +1 -1
- package/dist/engine.d.ts +43 -0
- package/dist/engine.d.ts.map +1 -1
- package/dist/engine.js +78 -0
- package/dist/engine.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/package.json +4 -1
package/dist/compiler.d.ts
CHANGED
|
@@ -44,4 +44,13 @@ export declare function compileScopes(options: CompilerOptions): CompiledScope[]
|
|
|
44
44
|
* Each scope gets its own engine with its own plugin pipeline.
|
|
45
45
|
*/
|
|
46
46
|
export declare function createScopeEngine(scope: CompiledScope, replacementFormat: "simple" | "labeled" | "partial", maxDepth?: number): RedactionEngine;
|
|
47
|
+
export declare function redactValue(value: unknown, options: {
|
|
48
|
+
globalRules: GlobalRules;
|
|
49
|
+
/** Extra sensitive keys (e.g. union of `BUILTIN_SCOPES` keys). */
|
|
50
|
+
sensitiveKeys?: string[];
|
|
51
|
+
/** Include the built-in sensitive-key baseline. Default: true. */
|
|
52
|
+
useBuiltInSensitiveKeys?: boolean;
|
|
53
|
+
replacementFormat?: "simple" | "labeled" | "partial";
|
|
54
|
+
maxDepth?: number;
|
|
55
|
+
}): unknown;
|
|
47
56
|
//# sourceMappingURL=compiler.d.ts.map
|
package/dist/compiler.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"compiler.d.ts","sourceRoot":"","sources":["../src/compiler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,WAAW,EAEX,gBAAgB,EAGhB,yBAAyB,EACzB,UAAU,EACX,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAM9C,uDAAuD;AACvD,MAAM,WAAW,aAAa;IAC5B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,UAAU,CAAC;CACpB;AAED,wBAAwB;AACxB,MAAM,WAAW,eAAe;IAC9B,4DAA4D;IAC5D,aAAa,EAAE,yBAAyB,EAAE,CAAC;IAC3C,0CAA0C;IAC1C,YAAY,CAAC,EAAE,yBAAyB,EAAE,CAAC;IAC3C,uCAAuC;IACvC,cAAc,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACpC,kCAAkC;IAClC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAC9C,6BAA6B;IAC7B,WAAW,EAAE,WAAW,CAAC;IACzB,0BAA0B;IAC1B,iBAAiB,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;IACpD,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;
|
|
1
|
+
{"version":3,"file":"compiler.d.ts","sourceRoot":"","sources":["../src/compiler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,aAAa,EACb,WAAW,EAEX,gBAAgB,EAGhB,yBAAyB,EACzB,UAAU,EACX,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAM9C,uDAAuD;AACvD,MAAM,WAAW,aAAa;IAC5B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,UAAU,CAAC;CACpB;AAED,wBAAwB;AACxB,MAAM,WAAW,eAAe;IAC9B,4DAA4D;IAC5D,aAAa,EAAE,yBAAyB,EAAE,CAAC;IAC3C,0CAA0C;IAC1C,YAAY,CAAC,EAAE,yBAAyB,EAAE,CAAC;IAC3C,uCAAuC;IACvC,cAAc,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACpC,kCAAkC;IAClC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAC9C,6BAA6B;IAC7B,WAAW,EAAE,WAAW,CAAC;IACzB,0BAA0B;IAC1B,iBAAiB,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;IACpD,6CAA6C;IAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAgHD;;GAEG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,eAAe,GAAG,aAAa,EAAE,CA4DvE;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,aAAa,EACpB,iBAAiB,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,EACnD,QAAQ,CAAC,EAAE,MAAM,GAChB,eAAe,CAMjB;AAyCD,wBAAgB,WAAW,CACzB,KAAK,EAAE,OAAO,EACd,OAAO,EAAE;IACP,WAAW,EAAE,WAAW,CAAC;IACzB,kEAAkE;IAClE,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,kEAAkE;IAClE,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAClC,iBAAiB,CAAC,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GACA,OAAO,CAsBT"}
|
package/dist/compiler.js
CHANGED
|
@@ -66,7 +66,7 @@ function makeAccessors(target) {
|
|
|
66
66
|
* 2. Pattern plugins (scope-specific + global patterns)
|
|
67
67
|
* 3. Custom patterns from global rules
|
|
68
68
|
*/
|
|
69
|
-
function buildScopePlugins(scopeRules, globalRules) {
|
|
69
|
+
function buildScopePlugins(scopeRules, globalRules, useBuiltInKeys = false) {
|
|
70
70
|
const plugins = [];
|
|
71
71
|
// Merge sensitive keys: scope-specific + global
|
|
72
72
|
const allKeys = new Set();
|
|
@@ -76,9 +76,12 @@ function buildScopePlugins(scopeRules, globalRules) {
|
|
|
76
76
|
}
|
|
77
77
|
for (const k of globalRules.sensitiveKeys)
|
|
78
78
|
allKeys.add(k.toLowerCase());
|
|
79
|
-
|
|
79
|
+
// Per-event scopes carry their own key list (useBuiltInKeys=false), so the
|
|
80
|
+
// built-in baseline only applies when a caller opts in (e.g. redactValue
|
|
81
|
+
// over a non-event payload, where there is no scope to supply keys).
|
|
82
|
+
if (useBuiltInKeys || allKeys.size > 0) {
|
|
80
83
|
plugins.push(sensitiveKeysPlugin({
|
|
81
|
-
useBuiltIn:
|
|
84
|
+
useBuiltIn: useBuiltInKeys,
|
|
82
85
|
additional: [...allKeys],
|
|
83
86
|
excluded: [],
|
|
84
87
|
}));
|
|
@@ -175,4 +178,62 @@ export function createScopeEngine(scope, replacementFormat, maxDepth) {
|
|
|
175
178
|
maxDepth,
|
|
176
179
|
});
|
|
177
180
|
}
|
|
181
|
+
/**
|
|
182
|
+
* Deep-redact an arbitrary JSON value using GLOBAL rules only (no event scope).
|
|
183
|
+
*
|
|
184
|
+
* Unlike `redactEvent` — which targets specific payload fields of a *known*
|
|
185
|
+
* event type via compiled scopes — this walks the entire value tree applying
|
|
186
|
+
* the global sensitive-keys + pattern plugins. Use it for non-event payloads
|
|
187
|
+
* that may carry secrets at any path, e.g. the contract/flow metadata
|
|
188
|
+
* projection uploaded to Cloud (examples, default headers, gRPC metadata,
|
|
189
|
+
* `extensions`/`meta` blobs).
|
|
190
|
+
*
|
|
191
|
+
* The plugin pipeline is built by the same `buildScopePlugins` path the
|
|
192
|
+
* per-scope engines use, so global rules remain the single source of truth
|
|
193
|
+
* for what counts as sensitive.
|
|
194
|
+
*
|
|
195
|
+
* Because there is NO event scope to supply key-based rules, this path opts
|
|
196
|
+
* into the built-in sensitive-key baseline by default
|
|
197
|
+
* (`useBuiltInSensitiveKeys: true`) — without it, a payload like
|
|
198
|
+
* `{ authorization: "sk_live_…" }` whose value matches no value-pattern would
|
|
199
|
+
* pass through unredacted. Pass `sensitiveKeys` to add scope-level keys
|
|
200
|
+
* (e.g. the union of `BUILTIN_SCOPES` keys) so a non-event payload is redacted
|
|
201
|
+
* at least as strongly as events are.
|
|
202
|
+
*
|
|
203
|
+
* Returns a redacted deep clone; the input is never mutated. When the
|
|
204
|
+
* resolved rules contribute no plugins the input is returned unchanged.
|
|
205
|
+
*
|
|
206
|
+
* `maxDepth` bounds recursion (default mirrors the engine's own default of
|
|
207
|
+
* 10). Callers redacting deeply-nested structures — JSON Schemas, recursive
|
|
208
|
+
* flow branch trees — should pass a generous value so legitimate structure
|
|
209
|
+
* isn't truncated to a `[REDACTED: too deep]` sentinel.
|
|
210
|
+
*/
|
|
211
|
+
/**
|
|
212
|
+
* JSON-Schema property-dependency keywords. A sensitive PROPERTY NAME under one
|
|
213
|
+
* of these (`dependentRequired: { password: ["mfaCode"] }`) carries a
|
|
214
|
+
* structural list of property names, NOT secret values — so its array is
|
|
215
|
+
* preserved while every other sensitive-key array (multi-value
|
|
216
|
+
* header/cookie/api-key secrets) is element-masked. Lower-cased.
|
|
217
|
+
*/
|
|
218
|
+
const STRUCTURAL_ARRAY_PARENT_KEYS = new Set(["dependentrequired", "dependencies"]);
|
|
219
|
+
export function redactValue(value, options) {
|
|
220
|
+
const plugins = buildScopePlugins({ sensitiveKeys: options.sensitiveKeys ?? [], patterns: [] }, options.globalRules, options.useBuiltInSensitiveKeys ?? true);
|
|
221
|
+
if (plugins.length === 0)
|
|
222
|
+
return value;
|
|
223
|
+
const engine = new RedactionEngine({
|
|
224
|
+
plugins,
|
|
225
|
+
replacementFormat: options.replacementFormat ?? "partial",
|
|
226
|
+
maxDepth: options.maxDepth,
|
|
227
|
+
// Preserve JSON-Schema structure: a sensitive key over a schema node
|
|
228
|
+
// (e.g. `properties.password`) is recursed into, not flattened to a
|
|
229
|
+
// redaction string. Scalar secrets under sensitive keys are still masked.
|
|
230
|
+
sensitiveKeyRecurse: true,
|
|
231
|
+
// A sensitive key's array value carries scalar secrets (multi-value
|
|
232
|
+
// header/cookie/api-key) and is element-masked by default — EXCEPT under a
|
|
233
|
+
// JSON-Schema property-dependency keyword, where the array is a structural
|
|
234
|
+
// property-name list. See RedactionEngineOptions.structuralArrayParentKeys.
|
|
235
|
+
structuralArrayParentKeys: STRUCTURAL_ARRAY_PARENT_KEYS,
|
|
236
|
+
});
|
|
237
|
+
return engine.redact(value).value;
|
|
238
|
+
}
|
|
178
239
|
//# sourceMappingURL=compiler.js.map
|
package/dist/compiler.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"compiler.js","sourceRoot":"","sources":["../src/compiler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAYH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AA2BxD;;;;;GAKG;AACH,SAAS,aAAa,CAAC,MAAc;IAInC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO;YACL,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK;YACrB,GAAG,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;gBACpB,uDAAuD;gBACvD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBAChE,MAAM,QAAQ,GAAG,KAAgC,CAAC;oBAClD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACxC,KAAK,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;oBAC7B,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEhC,OAAO;QACL,GAAG,CAAC,KAAK;YACP,IAAI,OAAO,GAAY,KAAK,CAAC;YAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,OAAO,IAAI,IAAI,IAAI,OAAO,OAAO,KAAK,QAAQ;oBAAE,OAAO,SAAS,CAAC;gBACrE,OAAO,GAAI,OAAmC,CAAC,IAAI,CAAC,CAAC;YACvD,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,GAAG,CAAC,KAAK,EAAE,KAAK;YACd,IAAI,OAAO,GAA4B,KAAK,CAAC;YAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/B,IAAI,IAAI,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;oBAAE,OAAO;gBACrD,OAAO,GAAG,IAA+B,CAAC;YAC5C,CAAC;YACD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;QAC3C,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,iBAAiB,CACxB,UAAkC,EAClC,WAAwB;
|
|
1
|
+
{"version":3,"file":"compiler.js","sourceRoot":"","sources":["../src/compiler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAYH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AA2BxD;;;;;GAKG;AACH,SAAS,aAAa,CAAC,MAAc;IAInC,IAAI,MAAM,KAAK,OAAO,EAAE,CAAC;QACvB,OAAO;YACL,GAAG,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK;YACrB,GAAG,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,EAAE;gBACpB,uDAAuD;gBACvD,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBAChE,MAAM,QAAQ,GAAG,KAAgC,CAAC;oBAClD,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACxC,KAAK,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;oBAC7B,CAAC;gBACH,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEhC,OAAO;QACL,GAAG,CAAC,KAAK;YACP,IAAI,OAAO,GAAY,KAAK,CAAC;YAC7B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,OAAO,IAAI,IAAI,IAAI,OAAO,OAAO,KAAK,QAAQ;oBAAE,OAAO,SAAS,CAAC;gBACrE,OAAO,GAAI,OAAmC,CAAC,IAAI,CAAC,CAAC;YACvD,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,GAAG,CAAC,KAAK,EAAE,KAAK;YACd,IAAI,OAAO,GAA4B,KAAK,CAAC;YAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/B,IAAI,IAAI,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;oBAAE,OAAO;gBACrD,OAAO,GAAG,IAA+B,CAAC;YAC5C,CAAC;YACD,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC;QAC3C,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,iBAAiB,CACxB,UAAkC,EAClC,WAAwB,EACxB,cAAc,GAAG,KAAK;IAEtB,MAAM,OAAO,GAAsB,EAAE,CAAC;IAEtC,gDAAgD;IAChD,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,IAAI,UAAU,EAAE,aAAa,EAAE,CAAC;QAC9B,KAAK,MAAM,CAAC,IAAI,UAAU,CAAC,aAAa;YAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IACzE,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,aAAa;QAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;IAExE,2EAA2E;IAC3E,yEAAyE;IACzE,qEAAqE;IACrE,IAAI,cAAc,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACvC,OAAO,CAAC,IAAI,CACV,mBAAmB,CAAC;YAClB,UAAU,EAAE,cAAc;YAC1B,UAAU,EAAE,CAAC,GAAG,OAAO,CAAC;YACxB,QAAQ,EAAE,EAAE;SACb,CAAC,CACH,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;IAC1C,IAAI,UAAU,EAAE,QAAQ,EAAE,CAAC;QACzB,KAAK,MAAM,CAAC,IAAI,UAAU,CAAC,QAAQ;YAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,WAAW,CAAC,QAAQ;QAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAE7D,2CAA2C;IAC3C,MAAM,cAAc,GAAG,oBAAoB,CAAC,eAAe,CAAC,CAAC;IAC7D,OAAO,CAAC,IAAI,CAAC,GAAG,cAAc,CAAC,CAAC;IAEhC,wCAAwC;IACxC,KAAK,MAAM,MAAM,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;QAChD,IAAI,CAAC;YACH,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YAC9B,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC;aAChD,CAAC,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;QACvB,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,OAAwB;IACpD,+BAA+B;IAC/B,MAAM,eAAe,GAAG;QACtB,GAAG,OAAO,CAAC,aAAa;QACxB,GAAG,CAAC,OAAO,CAAC,YAAY,IAAI,EAAE,CAAC;KAChC,CAAC;IAEF,yBAAyB;IACzB,MAAM,QAAQ,GAAqC,EAAE,GAAG,gBAAgB,EAAE,CAAC;IAC3E,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;QAC3B,KAAK,MAAM,CAAC,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YACvC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,IAAI,IAAI,eAAe,EAAE,CAAC;QACnC,uBAAuB;QACvB,MAAM,QAAQ,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAClD,MAAM,OAAO,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QAC1C,MAAM,KAAK,GAAe;YACxB,aAAa,EAAE;gBACb,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,aAAa,IAAI,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,aAAa,IAAI,EAAE,CAAC;aAC1C;YACD,QAAQ,EAAE;gBACR,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,QAAQ,IAAI,EAAE,CAAC;gBAC/B,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,QAAQ,IAAI,EAAE,CAAC;aACrC;SACF,CAAC;QAEF,kBAAkB;QAClB,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CACb,oBAAoB,IAAI,CAAC,EAAE,iCAAiC,IAAI,CAAC,OAAO,GAAG,CAC5E,CAAC;QACJ,CAAC;QAED,kCAAkC;QAClC,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC;QAE9D,wBAAwB;QACxB,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAE7C,QAAQ,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,OAAO;YACP,GAAG,EAAE,SAAS,CAAC,GAAG;YAClB,GAAG,EAAE,SAAS,CAAC,GAAG;YAClB,OAAO;YACP,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAAoB,EACpB,iBAAmD,EACnD,QAAiB;IAEjB,OAAO,IAAI,eAAe,CAAC;QACzB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,iBAAiB;QACjB,QAAQ;KACT,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH;;;;;;GAMG;AACH,MAAM,4BAA4B,GAAG,IAAI,GAAG,CAAC,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAC,CAAC;AAEpF,MAAM,UAAU,WAAW,CACzB,KAAc,EACd,OAQC;IAED,MAAM,OAAO,GAAG,iBAAiB,CAC/B,EAAE,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,EAC5D,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,uBAAuB,IAAI,IAAI,CACxC,CAAC;IACF,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,OAAO;QACP,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,IAAI,SAAS;QACzD,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,qEAAqE;QACrE,oEAAoE;QACpE,0EAA0E;QAC1E,mBAAmB,EAAE,IAAI;QACzB,oEAAoE;QACpE,2EAA2E;QAC3E,2EAA2E;QAC3E,4EAA4E;QAC5E,yBAAyB,EAAE,4BAA4B;KACxD,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC;AACpC,CAAC"}
|
package/dist/engine.d.ts
CHANGED
|
@@ -16,6 +16,38 @@ export interface RedactionEngineOptions {
|
|
|
16
16
|
replacementFormat: "simple" | "labeled" | "partial";
|
|
17
17
|
/** Max object nesting depth before truncation. Default: 10. */
|
|
18
18
|
maxDepth?: number;
|
|
19
|
+
/**
|
|
20
|
+
* When true, a SENSITIVE KEY whose value is an object/array is RECURSED
|
|
21
|
+
* into (structure preserved, scalar leaves still redacted) rather than
|
|
22
|
+
* replaced wholesale with a redaction string. Default false (the event
|
|
23
|
+
* path nukes the whole subtree, which is correct for event payloads).
|
|
24
|
+
*
|
|
25
|
+
* Set for deep-redacting JSON-Schema-bearing payloads (the contract/flow
|
|
26
|
+
* projection): a schema node like `properties.password = { type: "string" }`
|
|
27
|
+
* must keep its shape — nuking it to "[REDACTED]" would corrupt the
|
|
28
|
+
* projection canonical-hash/OpenAPI consumers depend on. Scalar secrets
|
|
29
|
+
* under a sensitive key (e.g. `authorization: "Bearer …"`) are still masked.
|
|
30
|
+
*/
|
|
31
|
+
sensitiveKeyRecurse?: boolean;
|
|
32
|
+
/**
|
|
33
|
+
* Lower-cased PARENT keys under which a sensitive key's ARRAY value is
|
|
34
|
+
* STRUCTURE, not secret values, and must be preserved (recursed) rather than
|
|
35
|
+
* element-masked.
|
|
36
|
+
*
|
|
37
|
+
* In `sensitiveKeyRecurse` mode the secure default is to mask the scalar
|
|
38
|
+
* elements of ANY array directly under a sensitive key — a multi-value
|
|
39
|
+
* header/cookie/api-key (`authorization`/`set-cookie`/`x-api-key`: [...])
|
|
40
|
+
* carries secret values whose elements, visited under "0"/"1", no plugin
|
|
41
|
+
* sees as sensitive, so they would otherwise leak. The ONLY legitimate
|
|
42
|
+
* structural array directly under a sensitive PROPERTY NAME is a JSON-Schema
|
|
43
|
+
* property-dependency keyword (`dependentRequired` / `dependencies`, e.g.
|
|
44
|
+
* `dependentRequired: { password: ["mfaCode"] }` — a list of property names).
|
|
45
|
+
* Those parents are listed here so the schema isn't mangled; everything else
|
|
46
|
+
* errs toward masking (a leaked secret is worse than an over-masked display
|
|
47
|
+
* array). Ignored when `sensitiveKeyRecurse` is false. Default: empty (mask
|
|
48
|
+
* every sensitive-key array).
|
|
49
|
+
*/
|
|
50
|
+
structuralArrayParentKeys?: Set<string>;
|
|
19
51
|
}
|
|
20
52
|
/**
|
|
21
53
|
* Generic partial mask: show first 3 and last 3 characters for long values,
|
|
@@ -32,6 +64,8 @@ export declare class RedactionEngine {
|
|
|
32
64
|
private readonly plugins;
|
|
33
65
|
private readonly replacementFormat;
|
|
34
66
|
private readonly maxDepth;
|
|
67
|
+
private readonly sensitiveKeyRecurse;
|
|
68
|
+
private readonly structuralArrayParentKeys;
|
|
35
69
|
constructor(options: RedactionEngineOptions);
|
|
36
70
|
/**
|
|
37
71
|
* Redact a value. Recursively walks objects and arrays.
|
|
@@ -42,6 +76,15 @@ export declare class RedactionEngine {
|
|
|
42
76
|
redact(value: unknown, ctx?: ScopeContext): RedactionResult;
|
|
43
77
|
private walkValue;
|
|
44
78
|
private walkObject;
|
|
79
|
+
/**
|
|
80
|
+
* Mask an ARRAY found directly under a sensitive key (recurse-mode only).
|
|
81
|
+
* The array's scalar elements carry the parent key's sensitivity (a
|
|
82
|
+
* multi-value header/cookie) and are masked element-wise, preserving array
|
|
83
|
+
* shape. Nested arrays recurse the same way; OBJECT elements go back through
|
|
84
|
+
* the normal walk so their structure (and any nested sensitive keys) is
|
|
85
|
+
* handled by the standard rules. See the call site (codex 0.6 P1).
|
|
86
|
+
*/
|
|
87
|
+
private maskSensitiveArray;
|
|
45
88
|
private walkString;
|
|
46
89
|
}
|
|
47
90
|
//# sourceMappingURL=engine.d.ts.map
|
package/dist/engine.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAEV,eAAe,EACf,eAAe,EACf,YAAY,EACb,MAAM,YAAY,CAAC;AAEpB,2DAA2D;AAC3D,MAAM,WAAW,sBAAsB;IACrC,gDAAgD;IAChD,OAAO,EAAE,eAAe,EAAE,CAAC;IAC3B,0BAA0B;IAC1B,iBAAiB,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;IACpD,+DAA+D;IAC/D,QAAQ,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"engine.d.ts","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAEV,eAAe,EACf,eAAe,EACf,YAAY,EACb,MAAM,YAAY,CAAC;AAEpB,2DAA2D;AAC3D,MAAM,WAAW,sBAAsB;IACrC,gDAAgD;IAChD,OAAO,EAAE,eAAe,EAAE,CAAC;IAC3B,0BAA0B;IAC1B,iBAAiB,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;IACpD,+DAA+D;IAC/D,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;;;;;;;;OAWG;IACH,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B;;;;;;;;;;;;;;;;;OAiBG;IACH,yBAAyB,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;CACzC;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAKxD;AAED;;;;;GAKG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAoB;IAC5C,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAmC;IACrE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAU;IAC9C,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CAAc;gBAE5C,OAAO,EAAE,sBAAsB;IAQ3C;;;;;OAKG;IACH,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,GAAG,CAAC,EAAE,YAAY,GAAG,eAAe;IAa3D,OAAO,CAAC,SAAS;IAiDjB,OAAO,CAAC,UAAU;IAoGlB;;;;;;;OAOG;IACH,OAAO,CAAC,kBAAkB;IAoC1B,OAAO,CAAC,UAAU;CA4CnB"}
|
package/dist/engine.js
CHANGED
|
@@ -29,10 +29,14 @@ export class RedactionEngine {
|
|
|
29
29
|
plugins;
|
|
30
30
|
replacementFormat;
|
|
31
31
|
maxDepth;
|
|
32
|
+
sensitiveKeyRecurse;
|
|
33
|
+
structuralArrayParentKeys;
|
|
32
34
|
constructor(options) {
|
|
33
35
|
this.plugins = options.plugins;
|
|
34
36
|
this.replacementFormat = options.replacementFormat;
|
|
35
37
|
this.maxDepth = options.maxDepth ?? 10;
|
|
38
|
+
this.sensitiveKeyRecurse = options.sensitiveKeyRecurse ?? false;
|
|
39
|
+
this.structuralArrayParentKeys = options.structuralArrayParentKeys ?? new Set();
|
|
36
40
|
}
|
|
37
41
|
/**
|
|
38
42
|
* Redact a value. Recursively walks objects and arrays.
|
|
@@ -97,6 +101,42 @@ export class RedactionEngine {
|
|
|
97
101
|
}
|
|
98
102
|
}
|
|
99
103
|
if (keySensitive) {
|
|
104
|
+
// Recurse-mode: a sensitive key over a container keeps its structure
|
|
105
|
+
// so JSON-Schema nodes aren't flattened to a redaction string.
|
|
106
|
+
//
|
|
107
|
+
// OBJECT vs ARRAY split (codex 0.6 P1/P2): an OBJECT under a sensitive
|
|
108
|
+
// key is schema structure — recurse, and (by the documented boundary)
|
|
109
|
+
// inner scalars under NON-sensitive sub-keys are left alone.
|
|
110
|
+
//
|
|
111
|
+
// An ARRAY is ambiguous: it is values-OF-the-secret for a multi-value
|
|
112
|
+
// HTTP header/cookie/api-key (`authorization: ["dev-token"]`,
|
|
113
|
+
// `set-cookie: ["sid=abc"]`, `x-api-key: ["dev-key"]`) — whose
|
|
114
|
+
// elements, visited under "0"/"1", no plugin sees as sensitive, so
|
|
115
|
+
// plain recursion would LEAK them (P1) — but it is STRUCTURE for a
|
|
116
|
+
// JSON-Schema property-dependency keyword keyed by a sensitive property
|
|
117
|
+
// name (`dependentRequired: { password: ["mfaCode"] }`), where masking
|
|
118
|
+
// the elements would corrupt the schema (P2). We cannot tell these
|
|
119
|
+
// apart by shape, so the secure default is to MASK the elements, and
|
|
120
|
+
// only PRESERVE when the parent key is a known structural keyword
|
|
121
|
+
// (`structuralArrayParentKeys`) — a leaked secret is worse than an
|
|
122
|
+
// over-masked display array.
|
|
123
|
+
const isContainer = value !== null && typeof value === "object";
|
|
124
|
+
if (this.sensitiveKeyRecurse && isContainer) {
|
|
125
|
+
const parentKey = (path[path.length - 1] ?? "").toLowerCase();
|
|
126
|
+
if (Array.isArray(value) && !this.structuralArrayParentKeys.has(parentKey)) {
|
|
127
|
+
const r = this.maskSensitiveArray(value, scope, keyPath, details, depth + 1, keyPluginName);
|
|
128
|
+
result[key] = r.value;
|
|
129
|
+
if (r.didRedact)
|
|
130
|
+
didRedact = true;
|
|
131
|
+
}
|
|
132
|
+
else {
|
|
133
|
+
const redacted = this.walkValue(value, scope, keyPath, details, depth + 1);
|
|
134
|
+
result[key] = redacted.value;
|
|
135
|
+
if (redacted.didRedact)
|
|
136
|
+
didRedact = true;
|
|
137
|
+
}
|
|
138
|
+
continue;
|
|
139
|
+
}
|
|
100
140
|
if (this.replacementFormat === "partial") {
|
|
101
141
|
const str = value === null || value === undefined ? "" : String(value);
|
|
102
142
|
result[key] = genericPartialMask(str);
|
|
@@ -120,6 +160,44 @@ export class RedactionEngine {
|
|
|
120
160
|
}
|
|
121
161
|
return { value: result, didRedact };
|
|
122
162
|
}
|
|
163
|
+
/**
|
|
164
|
+
* Mask an ARRAY found directly under a sensitive key (recurse-mode only).
|
|
165
|
+
* The array's scalar elements carry the parent key's sensitivity (a
|
|
166
|
+
* multi-value header/cookie) and are masked element-wise, preserving array
|
|
167
|
+
* shape. Nested arrays recurse the same way; OBJECT elements go back through
|
|
168
|
+
* the normal walk so their structure (and any nested sensitive keys) is
|
|
169
|
+
* handled by the standard rules. See the call site (codex 0.6 P1).
|
|
170
|
+
*/
|
|
171
|
+
maskSensitiveArray(arr, scope, path, details, depth, pluginName) {
|
|
172
|
+
let didRedact = false;
|
|
173
|
+
const value = arr.map((el, i) => {
|
|
174
|
+
const elPath = [...path, String(i)];
|
|
175
|
+
if (Array.isArray(el)) {
|
|
176
|
+
const r = this.maskSensitiveArray(el, scope, elPath, details, depth + 1, pluginName);
|
|
177
|
+
if (r.didRedact)
|
|
178
|
+
didRedact = true;
|
|
179
|
+
return r.value;
|
|
180
|
+
}
|
|
181
|
+
if (el !== null && typeof el === "object") {
|
|
182
|
+
// Object element — preserve structure via the normal walk.
|
|
183
|
+
const r = this.walkValue(el, scope, elPath, details, depth + 1);
|
|
184
|
+
if (r.didRedact)
|
|
185
|
+
didRedact = true;
|
|
186
|
+
return r.value;
|
|
187
|
+
}
|
|
188
|
+
// Scalar element — inherits the sensitive key, mask it.
|
|
189
|
+
didRedact = true;
|
|
190
|
+
details.push({
|
|
191
|
+
path: elPath.join("."),
|
|
192
|
+
plugin: pluginName,
|
|
193
|
+
original: typeof el === "string" ? el : undefined,
|
|
194
|
+
});
|
|
195
|
+
return this.replacementFormat === "partial"
|
|
196
|
+
? genericPartialMask(el === null || el === undefined ? "" : String(el))
|
|
197
|
+
: "[REDACTED]";
|
|
198
|
+
});
|
|
199
|
+
return { value, didRedact };
|
|
200
|
+
}
|
|
123
201
|
walkString(str, scope, path, details) {
|
|
124
202
|
let result = str;
|
|
125
203
|
let didRedact = false;
|
package/dist/engine.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"engine.js","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;
|
|
1
|
+
{"version":3,"file":"engine.js","sourceRoot":"","sources":["../src/engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAmDH;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC;IACzB,IAAI,GAAG,IAAI,CAAC;QAAE,OAAO,MAAM,CAAC;IAC5B,IAAI,GAAG,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,OAAO,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACrD,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,eAAe;IACT,OAAO,CAAoB;IAC3B,iBAAiB,CAAmC;IACpD,QAAQ,CAAS;IACjB,mBAAmB,CAAU;IAC7B,yBAAyB,CAAc;IAExD,YAAY,OAA+B;QACzC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,CAAC;QACnD,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;QACvC,IAAI,CAAC,mBAAmB,GAAG,OAAO,CAAC,mBAAmB,IAAI,KAAK,CAAC;QAChE,IAAI,CAAC,yBAAyB,GAAG,OAAO,CAAC,yBAAyB,IAAI,IAAI,GAAG,EAAE,CAAC;IAClF,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAc,EAAE,GAAkB;QACvC,MAAM,QAAQ,GAAG,GAAG,EAAE,EAAE,IAAI,EAAE,CAAC;QAC/B,MAAM,OAAO,GAA+B,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QAC/D,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE,MAAM,CAAC,SAAS;YAC1B,OAAO;SACR,CAAC;IACJ,CAAC;IAED,yEAAyE;IAEjE,SAAS,CACf,KAAc,EACd,KAAa,EACb,IAAc,EACd,OAAmC,EACnC,KAAa;QAEb,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,OAAO,EAAE,KAAK,EAAE,sBAAsB,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;QAC5D,CAAC;QAED,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1C,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;QACrC,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YACzB,IAAI,SAAS,GAAG,KAAK,CAAC;YACtB,MAAM,aAAa,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;gBAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAC3B,IAAI,EACJ,KAAK,EACL,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,EACpB,OAAO,EACP,KAAK,GAAG,CAAC,CACV,CAAC;gBACF,IAAI,MAAM,CAAC,SAAS;oBAAE,SAAS,GAAG,IAAI,CAAC;gBACvC,OAAO,MAAM,CAAC,KAAK,CAAC;YACtB,CAAC,CAAC,CAAC;YACH,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,CAAC;QAC7C,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,UAAU,CACpB,KAAgC,EAChC,KAAK,EACL,IAAI,EACJ,OAAO,EACP,KAAK,CACN,CAAC;QACJ,CAAC;QAED,yCAAyC;QACzC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IACrC,CAAC;IAEO,UAAU,CAChB,GAA4B,EAC5B,KAAa,EACb,IAAc,EACd,OAAmC,EACnC,KAAa;QAEb,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,MAAM,MAAM,GAA4B,EAAE,CAAC;QAE3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC;YAC/B,MAAM,GAAG,GAAqB,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;YAE5D,oDAAoD;YACpD,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClC,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;oBAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;oBAC5C,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;wBACjB,YAAY,GAAG,IAAI,CAAC;wBACpB,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC;wBAC5B,MAAM;oBACR,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,YAAY,EAAE,CAAC;gBACjB,qEAAqE;gBACrE,+DAA+D;gBAC/D,EAAE;gBACF,uEAAuE;gBACvE,sEAAsE;gBACtE,6DAA6D;gBAC7D,EAAE;gBACF,sEAAsE;gBACtE,8DAA8D;gBAC9D,+DAA+D;gBAC/D,mEAAmE;gBACnE,mEAAmE;gBACnE,wEAAwE;gBACxE,uEAAuE;gBACvE,mEAAmE;gBACnE,qEAAqE;gBACrE,kEAAkE;gBAClE,mEAAmE;gBACnE,6BAA6B;gBAC7B,MAAM,WAAW,GAAG,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,CAAC;gBAChE,IAAI,IAAI,CAAC,mBAAmB,IAAI,WAAW,EAAE,CAAC;oBAC5C,MAAM,SAAS,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;oBAC9D,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;wBAC3E,MAAM,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAC/B,KAAK,EACL,KAAK,EACL,OAAO,EACP,OAAO,EACP,KAAK,GAAG,CAAC,EACT,aAAa,CACd,CAAC;wBACF,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC;wBACtB,IAAI,CAAC,CAAC,SAAS;4BAAE,SAAS,GAAG,IAAI,CAAC;oBACpC,CAAC;yBAAM,CAAC;wBACN,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;wBAC3E,MAAM,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC;wBAC7B,IAAI,QAAQ,CAAC,SAAS;4BAAE,SAAS,GAAG,IAAI,CAAC;oBAC3C,CAAC;oBACD,SAAS;gBACX,CAAC;gBACD,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;oBACzC,MAAM,GAAG,GACP,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;oBAC7D,MAAM,CAAC,GAAG,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;gBACxC,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;gBAC7B,CAAC;gBACD,SAAS,GAAG,IAAI,CAAC;gBACjB,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;oBACvB,MAAM,EAAE,aAAa;oBACrB,QAAQ,EAAE,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;iBACxD,CAAC,CAAC;gBACH,SAAS;YACX,CAAC;YAED,qBAAqB;YACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAC7B,KAAK,EACL,KAAK,EACL,OAAO,EACP,OAAO,EACP,KAAK,GAAG,CAAC,CACV,CAAC;YACF,MAAM,CAAC,GAAG,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC;YAC7B,IAAI,QAAQ,CAAC,SAAS;gBAAE,SAAS,GAAG,IAAI,CAAC;QAC3C,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IACtC,CAAC;IAED;;;;;;;OAOG;IACK,kBAAkB,CACxB,GAAc,EACd,KAAa,EACb,IAAc,EACd,OAAmC,EACnC,KAAa,EACb,UAAkB;QAElB,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE;YAC9B,MAAM,MAAM,GAAG,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YACpC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;gBACtB,MAAM,CAAC,GAAG,IAAI,CAAC,kBAAkB,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,GAAG,CAAC,EAAE,UAAU,CAAC,CAAC;gBACrF,IAAI,CAAC,CAAC,SAAS;oBAAE,SAAS,GAAG,IAAI,CAAC;gBAClC,OAAO,CAAC,CAAC,KAAK,CAAC;YACjB,CAAC;YACD,IAAI,EAAE,KAAK,IAAI,IAAI,OAAO,EAAE,KAAK,QAAQ,EAAE,CAAC;gBAC1C,2DAA2D;gBAC3D,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;gBAChE,IAAI,CAAC,CAAC,SAAS;oBAAE,SAAS,GAAG,IAAI,CAAC;gBAClC,OAAO,CAAC,CAAC,KAAK,CAAC;YACjB,CAAC;YACD,wDAAwD;YACxD,SAAS,GAAG,IAAI,CAAC;YACjB,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;gBACtB,MAAM,EAAE,UAAU;gBAClB,QAAQ,EAAE,OAAO,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS;aAClD,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,iBAAiB,KAAK,SAAS;gBACzC,CAAC,CAAC,kBAAkB,CAAC,EAAE,KAAK,IAAI,IAAI,EAAE,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACvE,CAAC,CAAC,YAAY,CAAC;QACnB,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IAC9B,CAAC;IAEO,UAAU,CAChB,GAAW,EACX,KAAa,EACb,IAAc,EACd,OAAmC;QAEnC,IAAI,MAAM,GAAG,GAAG,CAAC;QACjB,IAAI,SAAS,GAAG,KAAK,CAAC;QACtB,MAAM,GAAG,GAAqB;YAC5B,KAAK;YACL,IAAI;YACJ,GAAG,EAAE,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;SAClD,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,IAAI,CAAC,MAAM,CAAC,UAAU;gBAAE,SAAS;YAEjC,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;YAC7C,IAAI,CAAC,KAAK;gBAAE,SAAS;YAErB,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACvB,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,qBAAqB;gBAE1C,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;oBACzC,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,IAAI,kBAAkB,CAAC;oBACxD,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC3D,CAAC;qBAAM,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE,CAAC;oBAChD,MAAM,GAAG,GAAG,aAAa,MAAM,CAAC,IAAI,GAAG,CAAC;oBACxC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBACtC,CAAC;qBAAM,CAAC;oBACN,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;gBAC/C,CAAC;gBAED,SAAS,GAAG,IAAI,CAAC;gBACjB,OAAO,CAAC,IAAI,CAAC;oBACX,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;oBACpB,MAAM,EAAE,MAAM,CAAC,IAAI;oBACnB,QAAQ,EAAE,GAAG;iBACd,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;IACtC,CAAC;CACF"}
|
package/dist/index.d.ts
CHANGED
|
@@ -27,7 +27,7 @@ export type { CompiledScope, CustomPattern, GlobalRules, HandlerContext, Redacti
|
|
|
27
27
|
export { genericPartialMask, RedactionEngine } from "./engine.js";
|
|
28
28
|
export type { RedactionEngineOptions } from "./engine.js";
|
|
29
29
|
export { BUILTIN_HANDLERS, headersHandler, jsonHandler, rawStringHandler, urlQueryHandler, } from "./handlers.js";
|
|
30
|
-
export { compileScopes, createScopeEngine } from "./compiler.js";
|
|
30
|
+
export { compileScopes, createScopeEngine, redactValue } from "./compiler.js";
|
|
31
31
|
export type { CompilerOptions, ScopeOverride } from "./compiler.js";
|
|
32
32
|
export { redactEvent } from "./adapter.js";
|
|
33
33
|
export type { RedactableEvent } from "./adapter.js";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAGH,YAAY,EACV,aAAa,EACb,aAAa,EACb,WAAW,EACX,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,eAAe,EACf,cAAc,EACd,yBAAyB,EACzB,YAAY,EACZ,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAClE,YAAY,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAG1D,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,eAAe,GAChB,MAAM,eAAe,CAAC;AAGvB,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAGH,YAAY,EACV,aAAa,EACb,aAAa,EACb,WAAW,EACX,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,gBAAgB,EAChB,eAAe,EACf,eAAe,EACf,cAAc,EACd,yBAAyB,EACzB,YAAY,EACZ,UAAU,GACX,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAClE,YAAY,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAG1D,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,eAAe,GAChB,MAAM,eAAe,CAAC;AAGvB,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC9E,YAAY,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGpE,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,YAAY,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAGpD,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,eAAe,GAChB,MAAM,eAAe,CAAC;AAGvB,OAAO,EACL,aAAa,EACb,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,eAAe,EACf,SAAS,EACT,mBAAmB,GACpB,MAAM,kBAAkB,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -28,7 +28,7 @@ export { genericPartialMask, RedactionEngine } from "./engine.js";
|
|
|
28
28
|
// Handlers
|
|
29
29
|
export { BUILTIN_HANDLERS, headersHandler, jsonHandler, rawStringHandler, urlQueryHandler, } from "./handlers.js";
|
|
30
30
|
// Compiler
|
|
31
|
-
export { compileScopes, createScopeEngine } from "./compiler.js";
|
|
31
|
+
export { compileScopes, createScopeEngine, redactValue } from "./compiler.js";
|
|
32
32
|
// Adapter
|
|
33
33
|
export { redactEvent } from "./adapter.js";
|
|
34
34
|
// Defaults
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAmBH,SAAS;AACT,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAGlE,WAAW;AACX,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,eAAe,GAChB,MAAM,eAAe,CAAC;AAEvB,WAAW;AACX,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAmBH,SAAS;AACT,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAGlE,WAAW;AACX,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,WAAW,EACX,gBAAgB,EAChB,eAAe,GAChB,MAAM,eAAe,CAAC;AAEvB,WAAW;AACX,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG9E,UAAU;AACV,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAG3C,WAAW;AACX,OAAO,EACL,cAAc,EACd,cAAc,EACd,oBAAoB,EACpB,eAAe,GAChB,MAAM,eAAe,CAAC;AAEvB,UAAU;AACV,OAAO,EACL,aAAa,EACb,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,WAAW,EACX,kBAAkB,EAClB,aAAa,EACb,eAAe,EACf,SAAS,EACT,mBAAmB,GACpB,MAAM,kBAAkB,CAAC"}
|