@hasna/logs 0.3.29 → 0.3.31

package/dist/cli/index.js

@@ -8,7 +8,7 @@ import {
   runJob,
   structuredLogToEntry,
   validateStructuredLogReferences
-} from "../index-89jb7jg9.js";
+} from "../index-a0gz0zzc.js";
 import {
   PACKAGE_VERSION,
   createPage,
@@ -30,7 +30,7 @@ import {
   searchTestReports,
   summarizeLogs,
   validateUniversalEventInput
-} from "../index-dbhpykkz.js";
+} from "../index-he072p17.js";
 import {
   getStorageStatus,
   storagePull,

package/dist/{index-89jb7jg9.js → index-a0gz0zzc.js}

@@ -8,7 +8,7 @@ import {
   redactValue,
   saveSnapshot,
   touchPage
-} from "./index-dbhpykkz.js";
+} from "./index-he072p17.js";
 import {
   getEventStoreDataDir
 } from "./index-t3x838zw.js";

package/dist/{index-dbhpykkz.js → index-he072p17.js}

@@ -237,7 +237,7 @@ async function fireAlert(db, rule, count) {
 }
 
 // src/lib/ingest.ts
-import { randomBytes } from "crypto";
+import { createHash, randomBytes } from "crypto";
 
 // src/lib/event-bus.ts
 class LogEventBus {
@@ -511,6 +511,23 @@ var REDACTED = "[REDACTED]";
 var SENSITIVE_KEY = /(?:authorization|cookie|set-cookie|credentials?\b|api[_-]?key|token|secret|password|passwd|pwd|private[_-]?key|access[_-]?token|refresh[_-]?token|session[_-]?secret|client[_-]?(?:secret|credentials?))/i;
 var SENSITIVE_FLAG = /^(?:authorization|auth|credentials?|api[-_]?key|token|secret|password|passwd|pwd|private[-_]?key|access[-_]?token|refresh[-_]?token|session[-_]?secret|client[-_]?(?:secret|credentials?))$/i;
 var SENSITIVE_FLAG_NAME = /(?:authorization|credentials?\b|api[-_]?key|token|secret|password|passwd|pwd|private[-_]?key|access[-_]?token|refresh[-_]?token|session[-_]?secret|client[-_]?(?:secret|credentials?))/i;
+var LOG_ENTRY_REDACTABLE_TOP_LEVEL_FIELDS = [
+  "id",
+  "source_event_id",
+  "service",
+  "machine_id",
+  "repo_id",
+  "app_id",
+  "process_id",
+  "run_id",
+  "trace_id",
+  "span_id",
+  "parent_span_id",
+  "session_id",
+  "release_id",
+  "environment",
+  "agent"
+];
 var STRING_PATTERNS = [
   {
     label: "openlogs_canary",
@@ -586,6 +603,14 @@ var STRING_PATTERNS = [
 function redactLogEntry(entry) {
   const reports = [];
   const next = { ...entry };
+  for (const field of LOG_ENTRY_REDACTABLE_TOP_LEVEL_FIELDS) {
+    const value = entry[field];
+    if (typeof value !== "string")
+      continue;
+    const result = redactString(value, field);
+    next[field] = result.value;
+    reports.push(result.report);
+  }
   if (typeof entry.message === "string") {
     const result = redactString(entry.message, "message");
     next.message = result.value;
@@ -633,6 +658,12 @@ function redactString(input, path = "$") {
     if (matched)
       fields.push(`${path}:${label}`);
   }
+  const cookieResult = redactCookieHeaderText(output);
+  if (cookieResult.replacements > 0) {
+    output = cookieResult.value;
+    fields.push(`${path}:cookie_header`);
+    replacements += cookieResult.replacements;
+  }
   return {
     value: output,
     report: { applied: replacements > 0, fields, replacements }
@@ -701,6 +732,191 @@ function redactionMetadata(report) {
 function emptyReport() {
   return { applied: false, fields: [], replacements: 0 };
 }
+function redactCookieHeaderText(input) {
+  const ranges = [];
+  const keyPattern = /set-cookie|cookie/gi;
+  let match = keyPattern.exec(input);
+  while (match) {
+    const keyStart = match.index;
+    const keyEnd = keyStart + match[0].length;
+    if (hasCookieKeyBoundary(input, keyStart, keyEnd)) {
+      const quotedKey = parseQuotedKeyContext(input, keyStart, keyEnd);
+      if (quotedKey) {
+        const afterKey = skipHorizontalWhitespace(input, quotedKey.afterKey);
+        if (input[afterKey] === ":") {
+          collectCookieMapValueRanges(input, afterKey + 1, ranges);
+          match = keyPattern.exec(input);
+          continue;
+        }
+        if (input[afterKey] === ",") {
+          const value = parseQuotedString(input, skipHorizontalWhitespace(input, afterKey + 1));
+          if (value)
+            ranges.push(quotedStringRange(value));
+          match = keyPattern.exec(input);
+          continue;
+        }
+      }
+      collectPlainCookieHeaderRange(input, keyEnd, ranges);
+    }
+    match = keyPattern.exec(input);
+  }
+  return applyReplacementRanges(input, ranges);
+}
+function hasCookieKeyBoundary(input, start, end) {
+  return !isCookieKeyCharacter(input[start - 1]) && !isCookieKeyCharacter(input[end]);
+}
+function isCookieKeyCharacter(value) {
+  return value !== undefined && /[A-Za-z0-9_-]/.test(value);
+}
+function parseQuotedKeyContext(input, start, end) {
+  const before = readQuoteBefore(input, start);
+  const after = readQuoteAt(input, end);
+  if (!before || !after)
+    return null;
+  if (before.quote !== after.quote || before.escaped !== after.escaped) {
+    return null;
+  }
+  return { afterKey: end + after.length };
+}
+function collectCookieMapValueRanges(input, start, ranges) {
+  const valueStart = skipHorizontalWhitespace(input, start);
+  if (input[valueStart] === "[") {
+    collectQuotedArrayValueRanges(input, valueStart, ranges);
+    return;
+  }
+  const value = parseQuotedString(input, valueStart);
+  if (value)
+    ranges.push(quotedStringRange(value));
+}
+function collectQuotedArrayValueRanges(input, start, ranges) {
+  let index = start + 1;
+  while (index < input.length) {
+    index = skipHorizontalWhitespace(input, index);
+    if (input[index] === "]" || isLineBreak(input[index]))
+      return;
+    const value = parseQuotedString(input, index);
+    if (value) {
+      ranges.push(quotedStringRange(value));
+      index = value.end;
+      continue;
+    }
+    index += 1;
+  }
+}
+function collectPlainCookieHeaderRange(input, start, ranges) {
+  let index = skipHorizontalWhitespace(input, start);
+  if (input[index] !== ":" && input[index] !== "=")
+    return;
+  index = skipHorizontalWhitespace(input, index + 1);
+  const end = findLineEnd(input, index);
+  if (end > index)
+    ranges.push({ start: index, end });
+}
+function parseQuotedString(input, start) {
+  const open = readQuoteAt(input, start);
+  if (!open)
+    return null;
+  const contentStart = start + open.length;
+  const closeStart = findClosingQuote(input, contentStart, open);
+  if (closeStart === null)
+    return null;
+  return {
+    contentStart,
+    contentEnd: closeStart,
+    end: closeStart + open.length
+  };
+}
+function quotedStringRange(value) {
+  return { start: value.contentStart, end: value.contentEnd };
+}
+function findClosingQuote(input, start, token) {
+  let index = start;
+  while (index < input.length) {
+    if (isLineBreak(input[index]))
+      return null;
+    if (token.escaped) {
+      if (input[index] === "\\" && input[index + 1] === token.quote) {
+        const slashCount = countContiguousBackslashesEndingAt(input, index);
+        if (slashCount === 1)
+          return index;
+        index += 2;
+        continue;
+      }
+      index += 1;
+      continue;
+    }
+    if (input[index] === "\\") {
+      index += 2;
+      continue;
+    }
+    if (input[index] === token.quote)
+      return index;
+    index += 1;
+  }
+  return null;
+}
+function readQuoteBefore(input, index) {
+  const escapedQuote = input.slice(index - 2, index);
+  if (escapedQuote === "\\\"" || escapedQuote === "\\'") {
+    return { quote: escapedQuote[1], escaped: true, length: 2 };
+  }
+  const quote = input[index - 1];
+  return quote === '"' || quote === "'" ? { quote, escaped: false, length: 1 } : null;
+}
+function readQuoteAt(input, index) {
+  const escapedQuote = input.slice(index, index + 2);
+  if (escapedQuote === "\\\"" || escapedQuote === "\\'") {
+    return { quote: escapedQuote[1], escaped: true, length: 2 };
+  }
+  const quote = input[index];
+  return quote === '"' || quote === "'" ? { quote, escaped: false, length: 1 } : null;
+}
+function skipHorizontalWhitespace(input, start) {
+  let index = start;
+  while (input[index] === " " || input[index] === "\t")
+    index += 1;
+  return index;
+}
+function findLineEnd(input, start) {
+  let index = start;
+  while (index < input.length && !isLineBreak(input[index]))
+    index += 1;
+  return index;
+}
+function isLineBreak(value) {
+  return value === `
+` || value === "\r";
+}
+function countContiguousBackslashesEndingAt(input, index) {
+  let count = 0;
+  let cursor = index;
+  while (cursor >= 0 && input[cursor] === "\\") {
+    count += 1;
+    cursor -= 1;
+  }
+  return count;
+}
+function applyReplacementRanges(input, ranges) {
+  const sorted = ranges.filter((range) => range.end > range.start).sort((a, b) => a.start - b.start);
+  const deduped = [];
+  let lastEnd = -1;
+  for (const range of sorted) {
+    if (range.start < lastEnd)
+      continue;
+    deduped.push(range);
+    lastEnd = range.end;
+  }
+  let value = input;
+  let replacements = 0;
+  for (let index = deduped.length - 1;index >= 0; index -= 1) {
+    const range = deduped[index];
+    if (value.slice(range.start, range.end) === REDACTED)
+      continue;
+    value = `${value.slice(0, range.start)}${REDACTED}${value.slice(range.end)}`;
+    replacements += 1;
+  }
+  return { value, replacements };
+}
 function isSensitiveFlag(value) {
   const normalized = value.trim().replace(/^-+/, "");
   if (!normalized || normalized.includes("="))
@@ -732,7 +948,8 @@ function ingestLog(db, entry) {
   return withEventStoreLock(db, () => ingestLogLocked(db, entry));
 }
 function ingestLogLocked(db, entry) {
-  const eventId = entry.id ?? createEventId();
+  const eventIdRedaction = typeof entry.id === "string" ? redactString(entry.id, "id") : null;
+  const eventId = entry.id ? eventIdRedaction?.report.applied ? createRedactedEventId(entry.id) : entry.id : createEventId();
   const existing = db.prepare("SELECT * FROM logs WHERE id = ?").get(eventId);
   if (existing)
     return existing;
@@ -750,6 +967,14 @@ function ingestLogLocked(db, entry) {
   };
   const redacted = redactLogEntry(normalized);
   const safeEntry = redacted.value;
+  if (eventIdRedaction?.report.applied) {
+    const report = mergeRedactionReports(eventIdRedaction.report, redacted.report);
+    safeEntry.metadata = {
+      ...safeEntry.metadata ?? {},
+      redaction: redactionMetadata(report)
+    };
+  }
+  const safeSourceEventId = safeEntry.source_event_id ?? null;
   const identity = extractIdentity(safeEntry);
   const envelope = createLogEnvelope(safeEntry, eventId, eventTime, ingestTime, identity);
   const write = appendRawEvent(db, envelope);
@@ -778,7 +1003,7 @@ function ingestLogLocked(db, entry) {
     indexRawEvent(db, {
       event_id: eventId,
       schema_version: envelope.schema_version,
-      source_event_id: sourceEventId,
+      source_event_id: safeSourceEventId,
       event_type: envelope.type,
       event_time: eventTime,
       ingest_time: ingestTime,
@@ -918,6 +1143,10 @@ function stringMetadata(metadata, key) {
 function createEventId() {
   return randomBytes(16).toString("hex");
 }
+function createRedactedEventId(value) {
+  const digest = createHash("sha256").update(value).digest("hex").slice(0, 32);
+  return `log_redacted_${digest}`;
+}
 
 // src/lib/package-meta.ts
 import { existsSync, readFileSync } from "fs";
@@ -1302,7 +1531,7 @@ function clampNonNegativeInt2(value, fallback) {
 }
 
 // src/lib/universal-ingest.ts
-import { createHash, randomBytes as randomBytes2 } from "crypto";
+import { createHash as createHash2, randomBytes as randomBytes2 } from "crypto";
 var UNIVERSAL_EVENT_TYPES = [
   "log",
   "exception",
@@ -1822,7 +2051,7 @@ function normalizeIsoTime(value, field) {
 function deterministicSourceEventId(source, sourceEventId) {
   if (!sourceEventId)
     return;
-  const digest = createHash("sha256").update(source).update("\x00").update(sourceEventId).digest("hex").slice(0, 32);
+  const digest = createHash2("sha256").update(source).update("\x00").update(sourceEventId).digest("hex").slice(0, 32);
   return `evt_src_${digest}`;
 }
 function compactObject(value) {

package/dist/mcp/index.js

@@ -93,7 +93,7 @@ import {
   searchTestReports,
   summarizeLogs,
   validateUniversalEventInput
-} from "../index-dbhpykkz.js";
+} from "../index-he072p17.js";
 import {
   getStoragePg,
   getStorageStatus,

package/dist/server/index.js

@@ -8,7 +8,7 @@ import {
   startScheduler,
   structuredLogPayloadToEntries,
   validateStructuredLogReferences
-} from "../index-89jb7jg9.js";
+} from "../index-a0gz0zzc.js";
 import {
   countLogs
 } from "../index-gcd14q2f.js";
@@ -50,7 +50,7 @@ import {
   updateAlertRule,
   updateProject,
   validateUniversalEventInput
-} from "../index-dbhpykkz.js";
+} from "../index-he072p17.js";
 import {
   getDb,
   getIssue,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/logs",
-  "version": "0.3.29",
+  "version": "0.3.31",
   "description": "Log aggregation + browser script + headless page scanner + performance monitoring for AI agents",
   "type": "module",
   "main": "./dist/index.js",