@hasna/logs 0.3.30 → 0.3.32

package/dist/cli/index.js

@@ -8,7 +8,7 @@ import {
   runJob,
   structuredLogToEntry,
   validateStructuredLogReferences
-} from "../index-k9w7zfsv.js";
+} from "../index-a0gz0zzc.js";
 import {
   PACKAGE_VERSION,
   createPage,
@@ -30,7 +30,7 @@ import {
   searchTestReports,
   summarizeLogs,
   validateUniversalEventInput
-} from "../index-mx0f61s2.js";
+} from "../index-he072p17.js";
 import {
   getStorageStatus,
   storagePull,

package/dist/{index-k9w7zfsv.js → index-a0gz0zzc.js}

@@ -8,7 +8,7 @@ import {
   redactValue,
   saveSnapshot,
   touchPage
-} from "./index-mx0f61s2.js";
+} from "./index-he072p17.js";
 import {
   getEventStoreDataDir
 } from "./index-t3x838zw.js";

package/dist/{index-mx0f61s2.js → index-he072p17.js}

@@ -658,6 +658,12 @@ function redactString(input, path = "$") {
     if (matched)
       fields.push(`${path}:${label}`);
   }
+  const cookieResult = redactCookieHeaderText(output);
+  if (cookieResult.replacements > 0) {
+    output = cookieResult.value;
+    fields.push(`${path}:cookie_header`);
+    replacements += cookieResult.replacements;
+  }
   return {
     value: output,
     report: { applied: replacements > 0, fields, replacements }
@@ -726,6 +732,191 @@ function redactionMetadata(report) {
 function emptyReport() {
   return { applied: false, fields: [], replacements: 0 };
 }
+function redactCookieHeaderText(input) {
+  const ranges = [];
+  const keyPattern = /set-cookie|cookie/gi;
+  let match = keyPattern.exec(input);
+  while (match) {
+    const keyStart = match.index;
+    const keyEnd = keyStart + match[0].length;
+    if (hasCookieKeyBoundary(input, keyStart, keyEnd)) {
+      const quotedKey = parseQuotedKeyContext(input, keyStart, keyEnd);
+      if (quotedKey) {
+        const afterKey = skipHorizontalWhitespace(input, quotedKey.afterKey);
+        if (input[afterKey] === ":") {
+          collectCookieMapValueRanges(input, afterKey + 1, ranges);
+          match = keyPattern.exec(input);
+          continue;
+        }
+        if (input[afterKey] === ",") {
+          const value = parseQuotedString(input, skipHorizontalWhitespace(input, afterKey + 1));
+          if (value)
+            ranges.push(quotedStringRange(value));
+          match = keyPattern.exec(input);
+          continue;
+        }
+      }
+      collectPlainCookieHeaderRange(input, keyEnd, ranges);
+    }
+    match = keyPattern.exec(input);
+  }
+  return applyReplacementRanges(input, ranges);
+}
+function hasCookieKeyBoundary(input, start, end) {
+  return !isCookieKeyCharacter(input[start - 1]) && !isCookieKeyCharacter(input[end]);
+}
+function isCookieKeyCharacter(value) {
+  return value !== undefined && /[A-Za-z0-9_-]/.test(value);
+}
+function parseQuotedKeyContext(input, start, end) {
+  const before = readQuoteBefore(input, start);
+  const after = readQuoteAt(input, end);
+  if (!before || !after)
+    return null;
+  if (before.quote !== after.quote || before.escaped !== after.escaped) {
+    return null;
+  }
+  return { afterKey: end + after.length };
+}
+function collectCookieMapValueRanges(input, start, ranges) {
+  const valueStart = skipHorizontalWhitespace(input, start);
+  if (input[valueStart] === "[") {
+    collectQuotedArrayValueRanges(input, valueStart, ranges);
+    return;
+  }
+  const value = parseQuotedString(input, valueStart);
+  if (value)
+    ranges.push(quotedStringRange(value));
+}
+function collectQuotedArrayValueRanges(input, start, ranges) {
+  let index = start + 1;
+  while (index < input.length) {
+    index = skipHorizontalWhitespace(input, index);
+    if (input[index] === "]" || isLineBreak(input[index]))
+      return;
+    const value = parseQuotedString(input, index);
+    if (value) {
+      ranges.push(quotedStringRange(value));
+      index = value.end;
+      continue;
+    }
+    index += 1;
+  }
+}
+function collectPlainCookieHeaderRange(input, start, ranges) {
+  let index = skipHorizontalWhitespace(input, start);
+  if (input[index] !== ":" && input[index] !== "=")
+    return;
+  index = skipHorizontalWhitespace(input, index + 1);
+  const end = findLineEnd(input, index);
+  if (end > index)
+    ranges.push({ start: index, end });
+}
+function parseQuotedString(input, start) {
+  const open = readQuoteAt(input, start);
+  if (!open)
+    return null;
+  const contentStart = start + open.length;
+  const closeStart = findClosingQuote(input, contentStart, open);
+  if (closeStart === null)
+    return null;
+  return {
+    contentStart,
+    contentEnd: closeStart,
+    end: closeStart + open.length
+  };
+}
+function quotedStringRange(value) {
+  return { start: value.contentStart, end: value.contentEnd };
+}
+function findClosingQuote(input, start, token) {
+  let index = start;
+  while (index < input.length) {
+    if (isLineBreak(input[index]))
+      return null;
+    if (token.escaped) {
+      if (input[index] === "\\" && input[index + 1] === token.quote) {
+        const slashCount = countContiguousBackslashesEndingAt(input, index);
+        if (slashCount === 1)
+          return index;
+        index += 2;
+        continue;
+      }
+      index += 1;
+      continue;
+    }
+    if (input[index] === "\\") {
+      index += 2;
+      continue;
+    }
+    if (input[index] === token.quote)
+      return index;
+    index += 1;
+  }
+  return null;
+}
+function readQuoteBefore(input, index) {
+  const escapedQuote = input.slice(index - 2, index);
+  if (escapedQuote === "\\\"" || escapedQuote === "\\'") {
+    return { quote: escapedQuote[1], escaped: true, length: 2 };
+  }
+  const quote = input[index - 1];
+  return quote === '"' || quote === "'" ? { quote, escaped: false, length: 1 } : null;
+}
+function readQuoteAt(input, index) {
+  const escapedQuote = input.slice(index, index + 2);
+  if (escapedQuote === "\\\"" || escapedQuote === "\\'") {
+    return { quote: escapedQuote[1], escaped: true, length: 2 };
+  }
+  const quote = input[index];
+  return quote === '"' || quote === "'" ? { quote, escaped: false, length: 1 } : null;
+}
+function skipHorizontalWhitespace(input, start) {
+  let index = start;
+  while (input[index] === " " || input[index] === "\t")
+    index += 1;
+  return index;
+}
+function findLineEnd(input, start) {
+  let index = start;
+  while (index < input.length && !isLineBreak(input[index]))
+    index += 1;
+  return index;
+}
+function isLineBreak(value) {
+  return value === `
+` || value === "\r";
+}
+function countContiguousBackslashesEndingAt(input, index) {
+  let count = 0;
+  let cursor = index;
+  while (cursor >= 0 && input[cursor] === "\\") {
+    count += 1;
+    cursor -= 1;
+  }
+  return count;
+}
+function applyReplacementRanges(input, ranges) {
+  const sorted = ranges.filter((range) => range.end > range.start).sort((a, b) => a.start - b.start);
+  const deduped = [];
+  let lastEnd = -1;
+  for (const range of sorted) {
+    if (range.start < lastEnd)
+      continue;
+    deduped.push(range);
+    lastEnd = range.end;
+  }
+  let value = input;
+  let replacements = 0;
+  for (let index = deduped.length - 1;index >= 0; index -= 1) {
+    const range = deduped[index];
+    if (value.slice(range.start, range.end) === REDACTED)
+      continue;
+    value = `${value.slice(0, range.start)}${REDACTED}${value.slice(range.end)}`;
+    replacements += 1;
+  }
+  return { value, replacements };
+}
 function isSensitiveFlag(value) {
   const normalized = value.trim().replace(/^-+/, "");
   if (!normalized || normalized.includes("="))

package/dist/mcp/index.js

@@ -93,7 +93,7 @@ import {
   searchTestReports,
   summarizeLogs,
   validateUniversalEventInput
-} from "../index-mx0f61s2.js";
+} from "../index-he072p17.js";
 import {
   getStoragePg,
   getStorageStatus,

package/dist/server/index.js

@@ -8,7 +8,7 @@ import {
   startScheduler,
   structuredLogPayloadToEntries,
   validateStructuredLogReferences
-} from "../index-k9w7zfsv.js";
+} from "../index-a0gz0zzc.js";
 import {
   countLogs
 } from "../index-gcd14q2f.js";
@@ -50,7 +50,7 @@ import {
   updateAlertRule,
   updateProject,
   validateUniversalEventInput
-} from "../index-mx0f61s2.js";
+} from "../index-he072p17.js";
 import {
   getDb,
   getIssue,
@@ -2148,12 +2148,12 @@ function isLocalOpenModeEnabled() {
 }
 function isTrustedLocalRequest(c) {
   const url = new URL(c.req.url);
-  const host = forwardedHost(c.req.header("x-forwarded-host")) ?? hostWithoutPort(c.req.header("host")) ?? url.hostname;
-  return isLocalHost(host) && isLocalOrigin(c.req.header("origin"));
-}
-function forwardedHost(value) {
-  const first = value?.split(",")[0]?.trim();
-  return first ? hostWithoutPort(first) : null;
+  const hosts = [
+    hostWithoutPort(c.req.header("host")),
+    url.hostname,
+    ...forwardedHosts(c.req.header("x-forwarded-host"))
+  ].filter((host) => Boolean(host));
+  return hosts.length > 0 && hosts.every((host) => isLocalHost(host)) && isLocalOrigin(c.req.header("origin"));
 }
 function hostWithoutPort(value) {
   if (!value)
@@ -2162,6 +2162,9 @@ function hostWithoutPort(value) {
     return value.slice(1, value.indexOf("]"));
   return value.split(":")[0] || null;
 }
+function forwardedHosts(value) {
+  return value?.split(",").map((host) => hostWithoutPort(host.trim())).filter((host) => Boolean(host)) ?? [];
+}
 function isLocalOrigin(origin) {
   if (!origin)
     return true;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/logs",
-  "version": "0.3.30",
+  "version": "0.3.32",
   "description": "Log aggregation + browser script + headless page scanner + performance monitoring for AI agents",
   "type": "module",
   "main": "./dist/index.js",