@heroku/js-blanket 0.0.0 → 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/README.md +4 -1
  2. package/dist/.tsbuildinfo +1 -0
  3. package/dist/cjs/.tsbuildinfo +1 -0
  4. package/dist/cjs/adapters/logging/generic.js +23 -0
  5. package/dist/cjs/adapters/logging/generic.js.map +1 -0
  6. package/dist/cjs/adapters/logging/generic.test.js +432 -0
  7. package/dist/cjs/adapters/logging/generic.test.js.map +1 -0
  8. package/dist/cjs/core/patterns.js +17 -0
  9. package/dist/cjs/core/patterns.js.map +1 -0
  10. package/dist/cjs/core/presets.js +116 -0
  11. package/dist/cjs/core/presets.js.map +1 -0
  12. package/dist/cjs/core/scrubber.js +260 -0
  13. package/dist/cjs/core/scrubber.js.map +1 -0
  14. package/dist/cjs/core/scrubber.test.js +392 -0
  15. package/dist/cjs/core/scrubber.test.js.map +1 -0
  16. package/dist/cjs/core/types.js +3 -0
  17. package/dist/cjs/core/types.js.map +1 -0
  18. package/dist/cjs/core/types.test.js +326 -0
  19. package/dist/cjs/core/types.test.js.map +1 -0
  20. package/dist/cjs/index.js +16 -0
  21. package/dist/cjs/index.js.map +1 -0
  22. package/dist/cjs/index.test.js +31 -0
  23. package/dist/cjs/index.test.js.map +1 -0
  24. package/dist/cjs/package.json +1 -0
  25. package/dist/esm/.tsbuildinfo +1 -0
  26. package/{src/adapters/logging/generic.ts → dist/esm/adapters/logging/generic.d.ts} +1 -4
  27. package/dist/esm/adapters/logging/generic.js +20 -0
  28. package/dist/esm/adapters/logging/generic.js.map +1 -0
  29. package/dist/esm/adapters/logging/generic.test.d.ts +7 -0
  30. package/dist/esm/adapters/logging/generic.test.js +430 -0
  31. package/dist/esm/adapters/logging/generic.test.js.map +1 -0
  32. package/dist/esm/core/patterns.d.ts +4 -0
  33. package/dist/esm/core/patterns.js +14 -0
  34. package/dist/esm/core/patterns.js.map +1 -0
  35. package/dist/esm/core/presets.d.ts +64 -0
  36. package/{src/core/presets.ts → dist/esm/core/presets.js} +46 -55
  37. package/dist/esm/core/presets.js.map +1 -0
  38. package/dist/esm/core/scrubber.d.ts +131 -0
  39. package/dist/esm/core/scrubber.js +256 -0
  40. package/dist/esm/core/scrubber.js.map +1 -0
  41. package/dist/esm/core/scrubber.test.d.ts +1 -0
  42. package/dist/esm/core/scrubber.test.js +390 -0
  43. package/dist/esm/core/scrubber.test.js.map +1 -0
  44. package/dist/esm/core/types.d.ts +169 -0
  45. package/dist/esm/core/types.js +2 -0
  46. package/dist/esm/core/types.js.map +1 -0
  47. package/dist/esm/core/types.test.d.ts +9 -0
  48. package/dist/esm/core/types.test.js +324 -0
  49. package/dist/esm/core/types.test.js.map +1 -0
  50. package/{src/index.ts → dist/esm/index.d.ts} +0 -3
  51. package/dist/esm/index.js +7 -0
  52. package/dist/esm/index.js.map +1 -0
  53. package/dist/esm/index.test.d.ts +1 -0
  54. package/dist/esm/index.test.js +29 -0
  55. package/dist/esm/index.test.js.map +1 -0
  56. package/package.json +45 -47
  57. package/.c8rc.json +0 -11
  58. package/.editorconfig +0 -11
  59. package/.github/PULL_REQUEST_TEMPLATE.md +0 -41
  60. package/.github/copilot-instructions.md +0 -117
  61. package/.github/workflows/ci.yml +0 -25
  62. package/.husky/pre-commit +0 -1
  63. package/.lintstagedrc.json +0 -4
  64. package/.tool-versions +0 -1
  65. package/CODEOWNERS +0 -8
  66. package/CODE_OF_CONDUCT.md +0 -111
  67. package/CONTRIBUTING.md +0 -123
  68. package/SECURITY.md +0 -8
  69. package/docs/examples/logging-integration.md +0 -736
  70. package/eslint.config.mjs +0 -108
  71. package/prettier.config.mjs +0 -10
  72. package/scripts/test-setup.mjs +0 -24
  73. package/src/adapters/logging/generic.test.ts +0 -531
  74. package/src/core/patterns.ts +0 -22
  75. package/src/core/scrubber.test.ts +0 -465
  76. package/src/core/scrubber.ts +0 -284
  77. package/src/core/types.test.ts +0 -516
  78. package/src/core/types.ts +0 -176
  79. package/src/index.test.ts +0 -41
  80. package/tsconfig.cjs.json +0 -12
  81. package/tsconfig.esm.json +0 -12
  82. package/tsconfig.json +0 -32
  83. package/tsconfig.test.json +0 -9
package/dist/cjs/core/scrubber.js ADDED
@@ -0,0 +1,260 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.Scrubber = void 0;
4
+ /**
5
+ * Core Scrubber - Deep object traversal with PII scrubbing
6
+ *
7
+ * A high-performance, immutable scrubbing engine that removes sensitive data from structured objects.
8
+ * Supports three scrubbing modes:
9
+ * - **Field-based**: Scrubs values based on field names (e.g., 'password', 'apiToken')
10
+ * - **Path-based**: Scrubs values at specific paths (e.g., 'user.email', 'request.headers.authorization')
11
+ * - **Pattern-based**: Scrubs content matching regex patterns (e.g., SSN, credit cards)
12
+ *
13
+ * ### Design Principles
14
+ * - **Immutable**: All operations create new objects, never mutate inputs
15
+ * - **Type-safe**: Preserves TypeScript types through generic constraints
16
+ * - **Circular-safe**: Handles circular references without crashing
17
+ * - **Performance**: <1ms p95 for logging, <10ms p95 for exception handling (544k+ ops/sec)
18
+ *
19
+ * ### Pattern Adoption
20
+ * Patterns adopted from `@heroku/oauth-provider-adapters-for-mcp/src/logging/redaction.ts`:
21
+ * - Deep recursive traversal with circular reference detection
22
+ * - Immutable cloning strategy with fallback for complex objects
23
+ * - Nested path resolution (e.g., 'user.profile.email')
24
+ * - General array path handling (e.g., 'users[0].password')
25
+ * - Type-safe generics preserving input types
26
+ *
27
+ * Enhanced with:
28
+ * - Field-based matching supporting both strings and regular expressions
29
+ * - Pattern-based content scrubbing for SSN, credit cards, etc.
30
+ * - Dual scrubbing: both field/path matching AND content pattern replacement
31
+ *
32
+ * @example Basic Usage
33
+ * ```typescript
34
+ * const scrubber = new Scrubber({
35
+ * fields: ['password', 'apiToken'],
36
+ * replacement: '[REDACTED]'
37
+ * });
38
+ *
39
+ * const result = scrubber.scrub({
40
+ * user: { name: 'John', password: 'secret123' }
41
+ * });
42
+ * // Result: { user: { name: 'John', password: '[REDACTED]' } }
43
+ * ```
44
+ *
45
+ * @example Advanced Usage with All Modes
46
+ * ```typescript
47
+ * const scrubber = new Scrubber({
48
+ * fields: ['password', /api[-_]?key/i], // Regex matches api_key, api-key, apikey
49
+ * paths: ['user.email', 'request.headers.authorization'],
50
+ * patterns: [/\b\d{3}-\d{2}-\d{4}\b/g], // SSN pattern
51
+ * replacement: '[SCRUBBED]'
52
+ * });
53
+ *
54
+ * const result = scrubber.scrub({
55
+ * user: { name: 'John', email: 'john@example.com', password: 'secret' },
56
+ * request: { headers: { authorization: 'Bearer token123' } },
57
+ * message: 'User SSN is 123-45-6789'
58
+ * });
59
+ * ```
60
+ */
61
+ class Scrubber {
62
+ config;
63
+ circularRefs = new WeakSet();
64
+ pathSet;
65
+ /**
66
+ * Creates a new Scrubber instance with the specified configuration
67
+ *
68
+ * @param config - Scrubbing configuration
69
+ * @param config.fields - Field names to scrub (strings or regex patterns)
70
+ * @param config.paths - Dot-notation paths to scrub (e.g., 'user.email', 'items[0].password')
71
+ * @param config.patterns - Regex patterns for content scrubbing (must include global flag for multiple matches)
72
+ * @param config.replacement - Replacement string for scrubbed values (default: '[SCRUBBED]')
73
+ * @param config.recursive - Whether to recursively scrub nested objects (default: true)
74
+ *
75
+ * @example
76
+ * ```typescript
77
+ * const scrubber = new Scrubber({
78
+ * fields: ['password', /api[-_]?key/i],
79
+ * paths: ['user.email'],
80
+ * patterns: [/\b\d{3}-\d{2}-\d{4}\b/g],
81
+ * replacement: '[REDACTED]'
82
+ * });
83
+ * ```
84
+ */
85
+ constructor(config) {
86
+ this.config = {
87
+ fields: config.fields || [],
88
+ paths: config.paths || [],
89
+ patterns: config.patterns || [],
90
+ replacement: config.replacement || '[SCRUBBED]',
91
+ recursive: config.recursive !== undefined ? config.recursive : true,
92
+ };
93
+ // Pre-compute path set for O(1) lookups
94
+ this.pathSet = new Set(this.config.paths);
95
+ }
96
+ /**
97
+ * Scrubs sensitive data from an object
98
+ *
99
+ * This is the main entry point for the scrubbing engine. It performs three types of scrubbing:
100
+ * 1. **Field-based**: Replaces values of fields matching configured field names/patterns
101
+ * 2. **Path-based**: Replaces values at specific dot-notation paths
102
+ * 3. **Pattern-based**: Replaces content within string values matching regex patterns
103
+ *
104
+ * The operation is immutable - the input object is not modified. A deep clone is created
105
+ * and scrubbed values are replaced in the clone.
106
+ *
107
+ * ### Performance Characteristics
108
+ * - Small objects (typical logs): ~0.003ms p95
109
+ * - Medium objects (typical errors): ~0.034ms p95
110
+ * - Large objects (10KB+): ~1.2ms p95
111
+ * - Throughput: 54,000+ events/sec
112
+ *
113
+ * @template T - The type of the input object (preserved in output)
114
+ * @param obj - The object to scrub
115
+ * @returns A result object containing the scrubbed data, whether scrubbing occurred, and which paths were scrubbed
116
+ *
117
+ * @example Basic scrubbing
118
+ * ```typescript
119
+ * const scrubber = new Scrubber({ fields: ['password'] });
120
+ * const result = scrubber.scrub({ user: 'john', password: 'secret' });
121
+ * // result.data === { user: 'john', password: '[SCRUBBED]' }
122
+ * // result.scrubbed === true
123
+ * // result.scrubbedPaths === ['password']
124
+ * ```
125
+ *
126
+ * @example Type preservation
127
+ * ```typescript
128
+ * interface User { name: string; email: string; password: string; }
129
+ * const scrubber = new Scrubber({ fields: ['password', 'email'] });
130
+ * const user: User = { name: 'John', email: 'john@example.com', password: 'secret' };
131
+ * const result = scrubber.scrub(user);
132
+ * // result.data is still typed as User
133
+ * ```
134
+ */
135
+ scrub(obj) {
136
+ const scrubbedPaths = [];
137
+ const cloned = this.deepClone(obj);
138
+ // Reset circular refs tracker for each scrub operation
139
+ this.circularRefs = new WeakSet();
140
+ const scrubbed = this.scrubObject(cloned, '', scrubbedPaths);
141
+ return {
142
+ data: scrubbed,
143
+ scrubbed: scrubbedPaths.length > 0,
144
+ scrubbedPaths,
145
+ };
146
+ }
147
+ scrubObject(obj, path, paths) {
148
+ // Handle circular references
149
+ if (obj && typeof obj === 'object') {
150
+ if (this.circularRefs.has(obj)) {
151
+ return '[Circular Reference]';
152
+ }
153
+ this.circularRefs.add(obj);
154
+ }
155
+ // Handle primitives
156
+ if (obj === null || typeof obj !== 'object') {
157
+ return this.scrubValue(obj, path, paths);
158
+ }
159
+ // Handle arrays
160
+ if (Array.isArray(obj)) {
161
+ return obj.map((item, index) => {
162
+ const indexStr = index.toString();
163
+ const arrayPath = path ? `${path}[${index}]` : indexStr;
164
+ // Check if this specific array index path should be scrubbed
165
+ if (this.pathSet.has(indexStr) || this.pathSet.has(arrayPath)) {
166
+ paths.push(arrayPath);
167
+ return this.config.replacement;
168
+ }
169
+ // Recursively scrub array items
170
+ return this.scrubObject(item, arrayPath, paths);
171
+ });
172
+ }
173
+ // Handle objects - create new object (immutable approach)
174
+ const result = {};
175
+ for (const [key, value] of Object.entries(obj)) {
176
+ const keyPath = path ? `${path}.${key}` : key;
177
+ // Check if this specific path should be scrubbed
178
+ if (this.pathSet.has(key) || this.pathSet.has(keyPath)) {
179
+ result[key] = this.config.replacement;
180
+ paths.push(keyPath);
181
+ continue;
182
+ }
183
+ // Check if key matches sensitive field pattern
184
+ if (this.isSensitiveField(key)) {
185
+ result[key] = this.config.replacement;
186
+ paths.push(keyPath);
187
+ continue;
188
+ }
189
+ // Recursively scrub value
190
+ result[key] = this.config.recursive
191
+ ? this.scrubObject(value, keyPath, paths)
192
+ : this.scrubValue(value, keyPath, paths);
193
+ }
194
+ return result;
195
+ }
196
+ scrubValue(value, path, paths) {
197
+ if (typeof value !== 'string') {
198
+ return value;
199
+ }
200
+ let scrubbed = value;
201
+ let didScrub = false;
202
+ // Check against patterns (SSN, credit cards, etc.)
203
+ for (const pattern of this.config.patterns) {
204
+ if (pattern.test(scrubbed)) {
205
+ scrubbed = scrubbed.replace(pattern, this.config.replacement);
206
+ didScrub = true;
207
+ }
208
+ }
209
+ if (didScrub) {
210
+ paths.push(path);
211
+ }
212
+ return scrubbed;
213
+ }
214
+ /**
215
+ * Check if a field name matches any configured sensitive field patterns
216
+ */
217
+ isSensitiveField(key) {
218
+ return this.config.fields.some((field) => {
219
+ if (field instanceof RegExp) {
220
+ return field.test(key);
221
+ }
222
+ return key.toLowerCase().includes(field.toLowerCase());
223
+ });
224
+ }
225
+ deepClone(obj) {
226
+ try {
227
+ // Fast path for JSON-serializable objects
228
+ return JSON.parse(JSON.stringify(obj));
229
+ }
230
+ catch {
231
+ // Fallback for objects with circular references
232
+ const seen = new WeakMap();
233
+ function clone(value) {
234
+ if (value === null || typeof value !== 'object') {
235
+ return value;
236
+ }
237
+ if (seen.has(value)) {
238
+ return seen.get(value);
239
+ }
240
+ if (Array.isArray(value)) {
241
+ const arr = [];
242
+ seen.set(value, arr);
243
+ value.forEach((item, i) => {
244
+ arr[i] = clone(item);
245
+ });
246
+ return arr;
247
+ }
248
+ const obj = {};
249
+ seen.set(value, obj);
250
+ Object.keys(value).forEach((key) => {
251
+ obj[key] = clone(value[key]);
252
+ });
253
+ return obj;
254
+ }
255
+ return clone(obj);
256
+ }
257
+ }
258
+ }
259
+ exports.Scrubber = Scrubber;
260
+ //# sourceMappingURL=scrubber.js.map
package/dist/cjs/core/scrubber.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scrubber.js","sourceRoot":"","sources":["../../../src/core/scrubber.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwDG;AACH,MAAa,QAAQ;IACX,MAAM,CAAwB;IAC9B,YAAY,GAAG,IAAI,OAAO,EAAE,CAAC;IAC7B,OAAO,CAAc;IAE7B;;;;;;;;;;;;;;;;;;;OAmBG;IACH,YAAY,MAAmB;QAC7B,IAAI,CAAC,MAAM,GAAG;YACZ,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;YAC3B,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,EAAE;YACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE;YAC/B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,YAAY;YAC/C,SAAS,EAAE,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;SACpE,CAAC;QAEF,wCAAwC;QACxC,IAAI,CAAC,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5C,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACH,KAAK,CAAI,GAAM;QACb,MAAM,aAAa,GAAa,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAEnC,uDAAuD;QACvD,IAAI,CAAC,YAAY,GAAG,IAAI,OAAO,EAAE,CAAC;QAElC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,EAAE,EAAE,aAAa,CAAC,CAAC;QAE7D,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC;YAClC,aAAa;SACd,CAAC;IACJ,CAAC;IAEO,WAAW,CAAC,GAAQ,EAAE,IAAY,EAAE,KAAe;QACzD,6BAA6B;QAC7B,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC;QAED,oBAAoB;QACpB,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;QAC3C,CAAC;QAED,gBAAgB;QAChB,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;gBAC7B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;gBAClC,MAAM,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,KAAK,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC;gBAExD,6DAA6D;gBAC7D,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC9D,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBACtB,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;gBACjC,CAAC;gBAED,gCAAgC;gBAChC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;YAClD,CAAC,CAAC,CAAC;QACL,CAAC;QAED,0DAA0D;QAC1D,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;YAE9C,iDAAiD;YACjD,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvD,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;gBACtC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACpB,SAAS;YACX,CAAC;YAED,+CAA+C;YAC/C,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC/B,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;gBACtC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACpB,SAAS;YACX,CAAC;YAED,0BAA0B;YAC1B,MAAM,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,SAAS;gBACjC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC;gBACzC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAC7C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,UAAU,CAAC,KAAU,EAAE,IAAY,EAAE,KAAe;QAC1D,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,QAAQ,GAAG,KAAK,CAAC;QAErB,mDAAmD;QACnD,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC3C,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3B,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;gBAC9D,QAAQ,GAAG,IAAI,CAAC;YAClB,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnB,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,GAAW;QAClC,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;YACvC,IAAI,KAAK,YAAY,MAAM,EAAE,CAAC;gBAC5B,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzB,CAAC;YACD,OAAO,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,SAAS,CAAI,GAAM;QACzB,IAAI,CAAC;YACH,0CAA0C;YAC1C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,gDAAgD;YAChD,MAAM,IAAI,GAAG,IAAI,OAAO,EAAE,CAAC;YAE3B,SAAS,KAAK,CAAC,KAAU;gBACvB,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;oBAChD,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;oBACpB,OAAO,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;gBACzB,CAAC;gBAED,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBACzB,MAAM,GAAG,GAAU,EAAE,CAAC;oBACtB,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;oBACrB,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE;wBACxB,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC;oBACvB,CAAC,CAAC,CAAC;oBACH,OAAO,GAAG,CAAC;gBACb,CAAC;gBAED,MAAM,GAAG,GAAQ,EAAE,CAAC;gBACpB,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBACrB,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;oBACjC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC/B,CAAC,CAAC,CAAC;gBACH,OAAO,GAAG,CAAC;YACb,CAAC;YAED,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;CACF;AAhOD,4BAgOC"}
package/dist/cjs/core/scrubber.test.js ADDED
@@ -0,0 +1,392 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ const mocha_1 = require("mocha");
4
+ const chai_1 = require("chai");
5
+ const scrubber_js_1 = require("./scrubber.js");
6
+ (0, mocha_1.describe)('Scrubber', () => {
7
+ (0, mocha_1.describe)('Field-based scrubbing', () => {
8
+ (0, mocha_1.it)('scrubs sensitive fields at any depth', () => {
9
+ const scrubber = new scrubber_js_1.Scrubber({
10
+ fields: ['access_token'],
11
+ });
12
+ const input = {
13
+ user: {
14
+ profile: {
15
+ settings: {
16
+ auth: { access_token: 'secret123' },
17
+ },
18
+ },
19
+ },
20
+ };
21
+ const { data } = scrubber.scrub(input);
22
+ (0, chai_1.expect)(data.user.profile.settings.auth.access_token).to.equal('[SCRUBBED]');
23
+ });
24
+ (0, mocha_1.it)('handles case-insensitive field matching', () => {
25
+ const scrubber = new scrubber_js_1.Scrubber({
26
+ fields: ['password'],
27
+ });
28
+ const input = {
29
+ Password: 'secret1',
30
+ PASSWORD: 'secret2',
31
+ password: 'secret3',
32
+ };
33
+ const { data } = scrubber.scrub(input);
34
+ (0, chai_1.expect)(data.Password).to.equal('[SCRUBBED]');
35
+ (0, chai_1.expect)(data.PASSWORD).to.equal('[SCRUBBED]');
36
+ (0, chai_1.expect)(data.password).to.equal('[SCRUBBED]');
37
+ });
38
+ (0, mocha_1.it)('supports regex field patterns', () => {
39
+ const scrubber = new scrubber_js_1.Scrubber({
40
+ fields: [/api[-_]?key/i], // Matches api_key, api-key, apikey (case insensitive)
41
+ });
42
+ const input = {
43
+ user_api_key: 'secret',
44
+ API_KEY_V2: 'secret',
45
+ myApiKeyHere: 'secret',
46
+ };
47
+ const { data } = scrubber.scrub(input);
48
+ (0, chai_1.expect)(data.user_api_key).to.equal('[SCRUBBED]');
49
+ (0, chai_1.expect)(data.API_KEY_V2).to.equal('[SCRUBBED]');
50
+ (0, chai_1.expect)(data.myApiKeyHere).to.equal('[SCRUBBED]');
51
+ });
52
+ });
53
+ (0, mocha_1.describe)('Path-based scrubbing', () => {
54
+ (0, mocha_1.it)('scrubs specific paths only', () => {
55
+ const scrubber = new scrubber_js_1.Scrubber({
56
+ paths: ['user.profile.email'],
57
+ });
58
+ const input = {
59
+ user: {
60
+ profile: { email: 'bob@example.com', name: 'Bob' },
61
+ settings: { email: 'notifications@example.com' },
62
+ },
63
+ };
64
+ const { data } = scrubber.scrub(input);
65
+ (0, chai_1.expect)(data.user.profile.email).to.equal('[SCRUBBED]');
66
+ (0, chai_1.expect)(data.user.settings.email).to.equal('notifications@example.com');
67
+ });
68
+ (0, mocha_1.it)('scrubs array items by index', () => {
69
+ const scrubber = new scrubber_js_1.Scrubber({
70
+ paths: ['users[0].password'],
71
+ });
72
+ const input = {
73
+ users: [
74
+ { name: 'bob', password: 'secret1' },
75
+ { name: 'alice', password: 'secret2' },
76
+ ],
77
+ };
78
+ const { data } = scrubber.scrub(input);
79
+ (0, chai_1.expect)(data.users?.[0]?.password).to.equal('[SCRUBBED]');
80
+ (0, chai_1.expect)(data.users?.[1]?.password).to.equal('secret2');
81
+ });
82
+ });
83
+ (0, mocha_1.describe)('Pattern-based scrubbing', () => {
84
+ (0, mocha_1.it)('scrubs SSN patterns in strings', () => {
85
+ const scrubber = new scrubber_js_1.Scrubber({
86
+ patterns: [/\b\d{3}-\d{2}-\d{4}\b/g],
87
+ });
88
+ const input = { message: 'User SSN is 123-45-6789' };
89
+ const { data } = scrubber.scrub(input);
90
+ (0, chai_1.expect)(data.message).to.contain('[SCRUBBED]');
91
+ (0, chai_1.expect)(data.message).not.to.contain('123-45-6789');
92
+ });
93
+ (0, mocha_1.it)('scrubs email patterns in strings', () => {
94
+ const scrubber = new scrubber_js_1.Scrubber({
95
+ patterns: [/\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g],
96
+ });
97
+ const input = { log: 'Auth failed for user@example.com' };
98
+ const { data } = scrubber.scrub(input);
99
+ (0, chai_1.expect)(data.log).to.contain('[SCRUBBED]');
100
+ (0, chai_1.expect)(data.log).not.to.contain('user@example.com');
101
+ });
102
+ (0, mocha_1.it)('scrubs multiple patterns in same string', () => {
103
+ const scrubber = new scrubber_js_1.Scrubber({
104
+ patterns: [
105
+ /\b\d{3}-\d{2}-\d{4}\b/g, // SSN
106
+ /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g, // Email
107
+ ],
108
+ });
109
+ const input = {
110
+ log: 'User bob@example.com has SSN 123-45-6789',
111
+ };
112
+ const { data } = scrubber.scrub(input);
113
+ (0, chai_1.expect)(data.log).not.to.contain('bob@example.com');
114
+ (0, chai_1.expect)(data.log).not.to.contain('123-45-6789');
115
+ });
116
+ });
117
+ (0, mocha_1.describe)('Array handling', () => {
118
+ (0, mocha_1.it)('scrubs fields across all array items', () => {
119
+ const scrubber = new scrubber_js_1.Scrubber({
120
+ fields: ['password'],
121
+ });
122
+ const users = [
123
+ { name: 'bob', password: 'secret' },
124
+ { name: 'alice', password: 'hidden' },
125
+ ];
126
+ const { data } = scrubber.scrub(users);
127
+ (0, chai_1.expect)(data[0]?.password).to.equal('[SCRUBBED]');
128
+ (0, chai_1.expect)(data[1]?.password).to.equal('[SCRUBBED]');
129
+ (0, chai_1.expect)(data[0]?.name).to.equal('bob');
130
+ (0, chai_1.expect)(data[1]?.name).to.equal('alice');
131
+ });
132
+ (0, mocha_1.it)('handles nested arrays', () => {
133
+ const scrubber = new scrubber_js_1.Scrubber({
134
+ fields: ['api_key'],
135
+ });
136
+ const input = {
137
+ teams: [
138
+ {
139
+ members: [
140
+ { name: 'bob', api_key: 'secret1' },
141
+ { name: 'alice', api_key: 'secret2' },
142
+ ],
143
+ },
144
+ ],
145
+ };
146
+ const { data } = scrubber.scrub(input);
147
+ (0, chai_1.expect)(data.teams?.[0]?.members?.[0]?.api_key).to.equal('[SCRUBBED]');
148
+ (0, chai_1.expect)(data.teams?.[0]?.members?.[1]?.api_key).to.equal('[SCRUBBED]');
149
+ });
150
+ });
151
+ (0, mocha_1.describe)('Circular reference handling', () => {
152
+ (0, mocha_1.it)('handles circular references without crashing', () => {
153
+ const scrubber = new scrubber_js_1.Scrubber({ fields: [] });
154
+ const input = { name: 'test' };
155
+ input.self = input;
156
+ const { data } = scrubber.scrub(input);
157
+ (0, chai_1.expect)(data.self).to.equal('[Circular Reference]');
158
+ });
159
+ (0, mocha_1.it)('scrubs fields before detecting circular references', () => {
160
+ const scrubber = new scrubber_js_1.Scrubber({ fields: ['password'] });
161
+ const input = { name: 'test', password: 'secret' };
162
+ input.self = input;
163
+ const { data } = scrubber.scrub(input);
164
+ (0, chai_1.expect)(data.password).to.equal('[SCRUBBED]');
165
+ (0, chai_1.expect)(data.self).to.equal('[Circular Reference]');
166
+ });
167
+ (0, mocha_1.it)('handles nested circular references', () => {
168
+ const scrubber = new scrubber_js_1.Scrubber({ fields: [] });
169
+ const input = { name: 'test', nested: { level: 1 } };
170
+ input.self = input;
171
+ input.nested.parent = input;
172
+ const { data } = scrubber.scrub(input);
173
+ (0, chai_1.expect)(data.self).to.equal('[Circular Reference]');
174
+ (0, chai_1.expect)(data.nested.parent).to.equal('[Circular Reference]');
175
+ });
176
+ });
177
+ (0, mocha_1.describe)('Combined modes', () => {
178
+ (0, mocha_1.it)('applies field + path + pattern scrubbing together', () => {
179
+ const scrubber = new scrubber_js_1.Scrubber({
180
+ fields: ['api_key'],
181
+ paths: ['user.email'],
182
+ patterns: [/\b\d{3}-\d{2}-\d{4}\b/g],
183
+ });
184
+ const input = {
185
+ user: {
186
+ email: 'bob@example.com', // Path-based
187
+ api_key: 'secret-key-123', // Field-based
188
+ },
189
+ log: 'SSN: 123-45-6789', // Pattern-based
190
+ nested: {
191
+ service: {
192
+ api_key: 'another-secret', // Field-based (any depth)
193
+ },
194
+ },
195
+ };
196
+ const { data, scrubbedPaths } = scrubber.scrub(input);
197
+ (0, chai_1.expect)(data.user?.email).to.equal('[SCRUBBED]');
198
+ (0, chai_1.expect)(data.user?.api_key).to.equal('[SCRUBBED]');
199
+ (0, chai_1.expect)(data.log).not.to.contain('123-45-6789');
200
+ (0, chai_1.expect)(data.nested?.service?.api_key).to.equal('[SCRUBBED]');
201
+ (0, chai_1.expect)(scrubbedPaths.length).to.be.greaterThan(0);
202
+ });
203
+ });
204
+ (0, mocha_1.describe)('Scrub result metadata', () => {
205
+ (0, mocha_1.it)('tracks scrubbed paths', () => {
206
+ const scrubber = new scrubber_js_1.Scrubber({
207
+ fields: ['password'],
208
+ paths: ['user.email'],
209
+ });
210
+ const input = {
211
+ user: { email: 'test@example.com', password: 'secret' },
212
+ };
213
+ const result = scrubber.scrub(input);
214
+ (0, chai_1.expect)(result.scrubbed).to.be.true;
215
+ (0, chai_1.expect)(result.scrubbedPaths).to.include.members([
216
+ 'user.email',
217
+ 'user.password',
218
+ ]);
219
+ });
220
+ (0, mocha_1.it)('reports scrubbed=false when nothing was scrubbed', () => {
221
+ const scrubber = new scrubber_js_1.Scrubber({
222
+ fields: ['password'],
223
+ });
224
+ const input = { name: 'Bob', age: 30 };
225
+ const result = scrubber.scrub(input);
226
+ (0, chai_1.expect)(result.scrubbed).to.be.false;
227
+ (0, chai_1.expect)(result.scrubbedPaths).to.have.length(0);
228
+ });
229
+ });
230
+ (0, mocha_1.describe)('Immutability', () => {
231
+ (0, mocha_1.it)('does not mutate original object', () => {
232
+ const scrubber = new scrubber_js_1.Scrubber({
233
+ fields: ['password'],
234
+ });
235
+ const input = { user: { password: 'secret', name: 'Bob' } };
236
+ const original = JSON.stringify(input);
237
+ scrubber.scrub(input);
238
+ (0, chai_1.expect)(JSON.stringify(input)).to.equal(original);
239
+ (0, chai_1.expect)(input.user.password).to.equal('secret');
240
+ });
241
+ });
242
+ (0, mocha_1.describe)('Custom replacement text', () => {
243
+ (0, mocha_1.it)('uses custom replacement string', () => {
244
+ const scrubber = new scrubber_js_1.Scrubber({
245
+ fields: ['password'],
246
+ replacement: '***REDACTED***',
247
+ });
248
+ const input = { password: 'secret' };
249
+ const { data } = scrubber.scrub(input);
250
+ (0, chai_1.expect)(data.password).to.equal('***REDACTED***');
251
+ });
252
+ });
253
+ (0, mocha_1.describe)('Edge cases', () => {
254
+ (0, mocha_1.it)('handles null values', () => {
255
+ const scrubber = new scrubber_js_1.Scrubber({ fields: ['password'] });
256
+ const input = { user: null };
257
+ const { data } = scrubber.scrub(input);
258
+ (0, chai_1.expect)(data.user).to.be.null;
259
+ });
260
+ (0, mocha_1.it)('handles undefined values', () => {
261
+ const scrubber = new scrubber_js_1.Scrubber({ fields: ['password'] });
262
+ const input = { user: undefined };
263
+ const { data } = scrubber.scrub(input);
264
+ (0, chai_1.expect)(data.user).to.be.undefined;
265
+ });
266
+ (0, mocha_1.it)('handles empty objects', () => {
267
+ const scrubber = new scrubber_js_1.Scrubber({ fields: ['password'] });
268
+ const input = {};
269
+ const { data } = scrubber.scrub(input);
270
+ (0, chai_1.expect)(data).to.deep.equal({});
271
+ });
272
+ (0, mocha_1.it)('handles empty arrays', () => {
273
+ const scrubber = new scrubber_js_1.Scrubber({ fields: ['password'] });
274
+ const input = [];
275
+ const { data } = scrubber.scrub(input);
276
+ (0, chai_1.expect)(data).to.deep.equal([]);
277
+ });
278
+ (0, mocha_1.it)('handles primitive values', () => {
279
+ const scrubber = new scrubber_js_1.Scrubber({ fields: ['password'] });
280
+ (0, chai_1.expect)(scrubber.scrub('test').data).to.equal('test');
281
+ (0, chai_1.expect)(scrubber.scrub(123).data).to.equal(123);
282
+ (0, chai_1.expect)(scrubber.scrub(true).data).to.equal(true);
283
+ });
284
+ (0, mocha_1.it)('scrubs entire array element by index path', () => {
285
+ // Tests lines 76-78: scrubbing entire array element, not just a field
286
+ const scrubber = new scrubber_js_1.Scrubber({
287
+ paths: ['users[0]', 'items[1]'], // Scrub specific array elements by full path
288
+ });
289
+ const input = {
290
+ users: [
291
+ { name: 'bob', email: 'bob@example.com' }, // Should be scrubbed entirely
292
+ { name: 'alice', email: 'alice@example.com' }, // Not scrubbed
293
+ ],
294
+ items: [
295
+ { id: 1, value: 'keep' }, // Not scrubbed
296
+ { id: 2, value: 'scrub' }, // Should be scrubbed entirely
297
+ ],
298
+ };
299
+ const { data } = scrubber.scrub(input);
300
+ (0, chai_1.expect)(data.users?.[0]).to.equal('[SCRUBBED]');
301
+ (0, chai_1.expect)(data.users?.[1]?.name).to.equal('alice'); // Not scrubbed
302
+ (0, chai_1.expect)(data.items?.[0]?.value).to.equal('keep'); // Not scrubbed
303
+ (0, chai_1.expect)(data.items?.[1]).to.equal('[SCRUBBED]'); // Entire element scrubbed
304
+ });
305
+ (0, mocha_1.it)('scrubs array index across all arrays', () => {
306
+ // Tests that index-only paths (e.g., '0') scrub that index in ALL arrays
307
+ const scrubber = new scrubber_js_1.Scrubber({
308
+ paths: ['1'], // Scrub index 1 of ANY array
309
+ });
310
+ const input = {
311
+ users: [
312
+ { name: 'bob' }, // Index 0 - not scrubbed
313
+ { name: 'alice' }, // Index 1 - scrubbed
314
+ { name: 'charlie' }, // Index 2 - not scrubbed
315
+ ],
316
+ teams: [
317
+ { id: 'team-a' }, // Index 0 - not scrubbed
318
+ { id: 'team-b' }, // Index 1 - scrubbed
319
+ ],
320
+ };
321
+ const { data } = scrubber.scrub(input);
322
+ (0, chai_1.expect)(data.users?.[0]?.name).to.equal('bob');
323
+ (0, chai_1.expect)(data.users?.[1]).to.equal('[SCRUBBED]'); // Scrubbed by index
324
+ (0, chai_1.expect)(data.users?.[2]?.name).to.equal('charlie');
325
+ (0, chai_1.expect)(data.teams?.[0]?.id).to.equal('team-a');
326
+ (0, chai_1.expect)(data.teams?.[1]).to.equal('[SCRUBBED]'); // Scrubbed by index
327
+ });
328
+ (0, mocha_1.it)('handles deeply nested objects (10+ levels)', () => {
329
+ // Validates discovery doc requirement: "Scrubs nested objects 10+ levels deep"
330
+ const scrubber = new scrubber_js_1.Scrubber({
331
+ fields: ['secret'],
332
+ });
333
+ // Build a 15-level deep object
334
+ const input = { level: 1 };
335
+ let current = input;
336
+ for (let i = 2; i <= 15; i++) {
337
+ current.nested = { level: i };
338
+ current = current.nested;
339
+ }
340
+ // Add secret at the deepest level
341
+ current.secret = 'deep-secret';
342
+ current.public = 'visible';
343
+ const { data } = scrubber.scrub(input);
344
+ // Navigate to the deepest level
345
+ let deepest = data;
346
+ for (let i = 1; i < 15; i++) {
347
+ (0, chai_1.expect)(deepest.level).to.equal(i);
348
+ deepest = deepest.nested;
349
+ }
350
+ // Verify scrubbing worked at 15 levels deep
351
+ (0, chai_1.expect)(deepest.level).to.equal(15);
352
+ (0, chai_1.expect)(deepest.secret).to.equal('[SCRUBBED]');
353
+ (0, chai_1.expect)(deepest.public).to.equal('visible');
354
+ });
355
+ (0, mocha_1.it)('handles circular references in deep clone fallback (arrays)', () => {
356
+ // Tests lines 166-172: circular reference deep clone for arrays
357
+ const scrubber = new scrubber_js_1.Scrubber({
358
+ fields: ['password'],
359
+ });
360
+ // Create an object with circular references that will trigger the fallback clone
361
+ const parent = { name: 'parent', password: 'secret' };
362
+ const child1 = { name: 'child1', items: [] };
363
+ const child2 = { name: 'child2', password: 'hidden' };
364
+ // Create circular reference in an array
365
+ child1.items = [child2, parent]; // Array contains parent
366
+ parent.children = [child1]; // Parent contains array with circular ref
367
+ const { data } = scrubber.scrub(parent);
368
+ // Verify scrubbing happened
369
+ (0, chai_1.expect)(data.password).to.equal('[SCRUBBED]');
370
+ (0, chai_1.expect)(data.children?.[0]?.name).to.equal('child1');
371
+ // Verify circular reference was handled in the array
372
+ (0, chai_1.expect)(data.children?.[0]?.items?.[1]).to.equal('[Circular Reference]');
373
+ });
374
+ (0, mocha_1.it)('handles arrays with circular self-reference', () => {
375
+ // Additional test for circular array deep cloning
376
+ const scrubber = new scrubber_js_1.Scrubber({
377
+ fields: ['token'],
378
+ });
379
+ const obj = {
380
+ token: 'secret-token',
381
+ list: [{ name: 'item1' }],
382
+ };
383
+ // Array references the parent object
384
+ obj.list.push(obj);
385
+ const { data } = scrubber.scrub(obj);
386
+ (0, chai_1.expect)(data.token).to.equal('[SCRUBBED]');
387
+ (0, chai_1.expect)(data.list?.[0]?.name).to.equal('item1');
388
+ (0, chai_1.expect)(data.list?.[1]).to.equal('[Circular Reference]');
389
+ });
390
+ });
391
+ });
392
+ //# sourceMappingURL=scrubber.test.js.map