@hasna/logs 0.3.31 → 0.3.33

package/dist/cli/index.js

@@ -8,7 +8,7 @@ import {
   runJob,
   structuredLogToEntry,
   validateStructuredLogReferences
-} from "../index-a0gz0zzc.js";
+} from "../index-yt124maw.js";
 import {
   PACKAGE_VERSION,
   createPage,
@@ -30,7 +30,7 @@ import {
   searchTestReports,
   summarizeLogs,
   validateUniversalEventInput
-} from "../index-he072p17.js";
+} from "../index-8tv6f2r9.js";
 import {
   getStorageStatus,
   storagePull,

package/dist/{index-he072p17.js → index-8tv6f2r9.js}

@@ -511,6 +511,8 @@ var REDACTED = "[REDACTED]";
 var SENSITIVE_KEY = /(?:authorization|cookie|set-cookie|credentials?\b|api[_-]?key|token|secret|password|passwd|pwd|private[_-]?key|access[_-]?token|refresh[_-]?token|session[_-]?secret|client[_-]?(?:secret|credentials?))/i;
 var SENSITIVE_FLAG = /^(?:authorization|auth|credentials?|api[-_]?key|token|secret|password|passwd|pwd|private[-_]?key|access[-_]?token|refresh[-_]?token|session[-_]?secret|client[-_]?(?:secret|credentials?))$/i;
 var SENSITIVE_FLAG_NAME = /(?:authorization|credentials?\b|api[-_]?key|token|secret|password|passwd|pwd|private[-_]?key|access[-_]?token|refresh[-_]?token|session[-_]?secret|client[-_]?(?:secret|credentials?))/i;
+var SENSITIVE_PAIR_NAME_KEYS = new Set(["name", "key", "header"]);
+var SENSITIVE_PAIR_VALUE_KEYS = new Set(["value", "values"]);
 var LOG_ENTRY_REDACTABLE_TOP_LEVEL_FIELDS = [
   "id",
   "source_event_id",
@@ -700,8 +702,15 @@ function redactValue(input, path = "$", depth = 0) {
   }
   const values = {};
   const reports = [];
-  for (const [key, value] of Object.entries(input)) {
+  const record = input;
+  const pairName = sensitivePairName(record);
+  for (const [key, value] of Object.entries(record)) {
     const childPath = `${path}.${key}`;
+    if (shouldRedactSensitivePairValue(pairName, key, value)) {
+      values[key] = REDACTED;
+      reports.push({ applied: true, fields: [childPath], replacements: 1 });
+      continue;
+    }
     if (shouldRedactSensitiveKeyValue(key, value)) {
       values[key] = REDACTED;
       reports.push({ applied: true, fields: [childPath], replacements: 1 });
@@ -930,6 +939,30 @@ function shouldRedactSensitiveKeyValue(key, value) {
     return false;
   return !isKnownNonSecretCredentialMode(key, value);
 }
+function shouldRedactSensitivePairValue(pairName, key, value) {
+  if (!pairName || value === null || value === undefined)
+    return false;
+  if (!SENSITIVE_PAIR_VALUE_KEYS.has(key.toLowerCase()))
+    return false;
+  return !isKnownNonSecretCredentialMode(pairName, value);
+}
+function sensitivePairName(record) {
+  for (const [key, value] of Object.entries(record)) {
+    if (!SENSITIVE_PAIR_NAME_KEYS.has(key.toLowerCase()))
+      continue;
+    if (typeof value !== "string")
+      continue;
+    if (isSensitiveNameValuePairName(value))
+      return value;
+  }
+  return null;
+}
+function isSensitiveNameValuePairName(value) {
+  const normalized = value.trim();
+  if (!normalized)
+    return false;
+  return isSensitiveFlag(normalized) || SENSITIVE_KEY.test(normalized.replace(/-/g, "_"));
+}
 function isKnownNonSecretCredentialMode(key, value) {
   return key.toLowerCase() === "credentials" && typeof value === "string" && isKnownFetchCredentialMode(value);
 }

package/dist/{index-a0gz0zzc.js → index-yt124maw.js}

@@ -8,7 +8,7 @@ import {
   redactValue,
   saveSnapshot,
   touchPage
-} from "./index-he072p17.js";
+} from "./index-8tv6f2r9.js";
 import {
   getEventStoreDataDir
 } from "./index-t3x838zw.js";

package/dist/mcp/index.js

@@ -93,7 +93,7 @@ import {
   searchTestReports,
   summarizeLogs,
   validateUniversalEventInput
-} from "../index-he072p17.js";
+} from "../index-8tv6f2r9.js";
 import {
   getStoragePg,
   getStorageStatus,

package/dist/server/index.js

@@ -8,7 +8,7 @@ import {
   startScheduler,
   structuredLogPayloadToEntries,
   validateStructuredLogReferences
-} from "../index-a0gz0zzc.js";
+} from "../index-yt124maw.js";
 import {
   countLogs
 } from "../index-gcd14q2f.js";
@@ -50,7 +50,7 @@ import {
   updateAlertRule,
   updateProject,
   validateUniversalEventInput
-} from "../index-he072p17.js";
+} from "../index-8tv6f2r9.js";
 import {
   getDb,
   getIssue,
@@ -2148,12 +2148,12 @@ function isLocalOpenModeEnabled() {
 }
 function isTrustedLocalRequest(c) {
   const url = new URL(c.req.url);
-  const host = forwardedHost(c.req.header("x-forwarded-host")) ?? hostWithoutPort(c.req.header("host")) ?? url.hostname;
-  return isLocalHost(host) && isLocalOrigin(c.req.header("origin"));
-}
-function forwardedHost(value) {
-  const first = value?.split(",")[0]?.trim();
-  return first ? hostWithoutPort(first) : null;
+  const hosts = [
+    hostWithoutPort(c.req.header("host")),
+    url.hostname,
+    ...forwardedHosts(c.req.header("x-forwarded-host"))
+  ].filter((host) => Boolean(host));
+  return hosts.length > 0 && hosts.every((host) => isLocalHost(host)) && isLocalOrigin(c.req.header("origin"));
 }
 function hostWithoutPort(value) {
   if (!value)
@@ -2162,6 +2162,9 @@ function hostWithoutPort(value) {
     return value.slice(1, value.indexOf("]"));
   return value.split(":")[0] || null;
 }
+function forwardedHosts(value) {
+  return value?.split(",").map((host) => hostWithoutPort(host.trim())).filter((host) => Boolean(host)) ?? [];
+}
 function isLocalOrigin(origin) {
   if (!origin)
     return true;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/logs",
-  "version": "0.3.31",
+  "version": "0.3.33",
   "description": "Log aggregation + browser script + headless page scanner + performance monitoring for AI agents",
   "type": "module",
   "main": "./dist/index.js",