npm - @laphilosophia/api-tape - Versions diffs - 1.4.0 → 1.5.0 - Mend

@laphilosophia/api-tape 1.4.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -11,6 +11,7 @@ API Tape is a zero-config CLI tool that acts as a transparent HTTP proxy. It rec
 - **Hybrid Mode** — Replays cached tapes, falls back to upstream on cache miss
 - **Tape Management Commands** — List, inspect, clear, and prune tapes from CLI
 - **Header Redaction** — Mask sensitive response headers before writing tapes
+- **JSON Body Redaction** — Redact selected JSON paths before persisting response bodies
 - **Runtime Metrics** — Periodic and shutdown stats for replay hit/miss, upstream calls, and latency
 - **Zero Config** — Works out of the box with sensible defaults
 - **Binary Safe** — Handles images, compressed responses, and any content type
@@ -18,6 +19,8 @@ API Tape is a zero-config CLI tool that acts as a transparent HTTP proxy. It rec
 - **Versioned Tape Schema** — Each tape includes `schemaVersion` for compatibility checks
 - **Match Strategies** — `exact` and `normalized` matching for better replay hit rates
+---
 ## Installation
 ```bash
@@ -30,6 +33,8 @@ Or use it directly with npx:
 npx api-tape --target "https://api.example.com" --mode record
 ```
+---
 ## Quick Start
 ### Step 1: Record API Responses
@@ -72,6 +77,8 @@ tape --target "https://jsonplaceholder.typicode.com" --mode hybrid --record-on-m
 - If tape is missing → upstream request is proxied.
 - With `--record-on-miss true`, miss responses are automatically saved as new tapes.
+---
 ## CLI Options
 ### Serve command
@@ -86,6 +93,9 @@ Both legacy mode (`tape --target ...`) and explicit serve command (`tape serve -
 | `-d, --dir <path>`            | Directory to save tapes                                        | `./tapes` |
 | `--record-on-miss <boolean>`  | In hybrid mode, save upstream response when tape is missing    | `true`    |
 | `--redact-header <headers>`   | Comma-separated response header names to redact in saved tapes | —         |
+| `--redact-json-path <paths>`  | Comma-separated JSON paths to redact in JSON response bodies   | —         |
+| `--stats-interval <seconds>`  | Emit runtime metrics every N seconds (`0` disables)            | `0`       |
+| `--stats-json`                | Emit metrics as JSON lines                                     | `false`   |
 | `--match-strategy <strategy>` | Tape matching strategy: `exact` or `normalized`                | `exact`   |
 ### Runtime stats
@@ -102,6 +112,16 @@ tape serve --target "https://jsonplaceholder.typicode.com" --stats-interval 10 -
 On shutdown, API Tape always prints a final summary (`FINAL_STATS`).
+### Redaction options
+```bash
+tape serve --target "https://api.example.com" --mode record \
+  --redact-header authorization,cookie \
+  --redact-json-path user.profile.email,token
+```
+`--redact-json-path` applies only when response `content-type` is JSON.
 ### Match strategy
 - `exact` (default): hashes `METHOD|URL` as-is.
@@ -116,6 +136,8 @@ tape tape clear --yes --dir ./tapes
 tape tape prune --older-than 30 --dir ./tapes
 ```
+---
 ## Tape Format
 Each tape is a JSON file named with an MD5 hash of `METHOD|URL`:
@@ -137,6 +159,8 @@ Each tape is a JSON file named with an MD5 hash of `METHOD|URL`:
 The body is base64-encoded for binary safety.
+---
 ## Development
 ```bash
@@ -144,10 +168,14 @@ npm run build
 npm test
 ```
+---
 ## CI
 A GitHub Actions workflow runs `npm test` on both Linux and Windows for pushes and pull requests.
+---
 ## Use Cases
 - **Offline Development** — Work without internet or VPN
@@ -155,6 +183,8 @@ A GitHub Actions workflow runs `npm test` on both Linux and Windows for pushes a
 - **Demo Environments** — Reproducible API responses for presentations
 - **Rate Limit Bypass** — Develop against recorded responses
+---
 ## License
 MIT © [Erdem Arslan](https://github.com/laphilosophia)

package/dist/index.js CHANGED Viewed

@@ -112,27 +112,89 @@ var redactHeaders = (headers, redactedHeaders) => {
   });
   return nextHeaders;
 };
+var readHeaderValue = (headerValue) => {
+  if (Array.isArray(headerValue)) {
+    return headerValue.join(",");
+  }
+  return headerValue || "";
+};
+var redactJsonAtPath = (target, pathExpression) => {
+  const segments = pathExpression.split(".").map((segment) => segment.trim()).filter(Boolean);
+  if (segments.length === 0 || target === null || typeof target !== "object") {
+    return false;
+  }
+  let cursor = target;
+  for (let index = 0; index < segments.length - 1; index += 1) {
+    const key = segments[index];
+    if (cursor === null || typeof cursor !== "object" || !(key in cursor)) {
+      return false;
+    }
+    cursor = cursor[key];
+  }
+  const leaf = segments[segments.length - 1];
+  if (cursor !== null && typeof cursor === "object" && leaf in cursor) {
+    cursor[leaf] = "[REDACTED]";
+    return true;
+  }
+  return false;
+};
+var redactJsonBody = (bodyBuffer, contentTypeHeader, redactedJsonPaths) => {
+  if (redactedJsonPaths.length === 0) {
+    return { bodyBuffer, appliedJsonPaths: [] };
+  }
+  const contentType = readHeaderValue(contentTypeHeader).toLowerCase();
+  if (!contentType.includes("application/json")) {
+    return { bodyBuffer, appliedJsonPaths: [] };
+  }
+  try {
+    const parsed = JSON.parse(bodyBuffer.toString("utf8"));
+    const appliedJsonPaths = redactedJsonPaths.filter(
+      (jsonPath) => redactJsonAtPath(parsed, jsonPath)
+    );
+    if (appliedJsonPaths.length === 0) {
+      return { bodyBuffer, appliedJsonPaths: [] };
+    }
+    return {
+      bodyBuffer: Buffer.from(JSON.stringify(parsed)),
+      appliedJsonPaths
+    };
+  } catch {
+    return { bodyBuffer, appliedJsonPaths: [] };
+  }
+};
 var ensureSchemaCompatibility = (record, tapePath) => {
   const schemaVersion = record.schemaVersion ?? 0;
   if (![0, CURRENT_SCHEMA_VERSION].includes(schemaVersion)) {
     throw new Error(`Unsupported tape schema version at ${tapePath}: ${schemaVersion}`);
   }
 };
-var createTapeRecord = (req, proxyRes, bodyBuffer, redactedHeaders, matchStrategy) => ({
-  schemaVersion: CURRENT_SCHEMA_VERSION,
-  meta: {
-    url: req.url,
-    method: req.method,
-    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-    matchStrategy
-  },
-  statusCode: proxyRes.statusCode || 200,
-  headers: redactHeaders(
+var createTapeRecord = (req, proxyRes, bodyBuffer, redactedHeaders, redactedJsonPaths, matchStrategy) => {
+  const tapeHeaders = redactHeaders(
     proxyRes.headers,
     redactedHeaders
-  ),
-  body: bodyBuffer.toString("base64")
-});
+  );
+  const { bodyBuffer: redactedBodyBuffer, appliedJsonPaths } = redactJsonBody(
+    bodyBuffer,
+    proxyRes.headers["content-type"],
+    redactedJsonPaths
+  );
+  return {
+    schemaVersion: CURRENT_SCHEMA_VERSION,
+    meta: {
+      url: req.url,
+      method: req.method,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      matchStrategy,
+      redactionsApplied: {
+        headers: redactedHeaders,
+        jsonPaths: appliedJsonPaths
+      }
+    },
+    statusCode: proxyRes.statusCode || 200,
+    headers: tapeHeaders,
+    body: redactedBodyBuffer.toString("base64")
+  };
+};
 var buildMetricsSnapshot = (metrics) => ({
   totalRequests: metrics.totalRequests,
   replayHits: metrics.replayHits,
@@ -159,6 +221,7 @@ var runServe = (opts) => {
   const tapesDir = import_path.default.resolve(opts.dir);
   const recordOnMiss = opts.recordOnMiss;
   const redactedHeaders = parseCsv(opts.redactHeader);
+  const redactedJsonPaths = parseCsv(opts.redactJsonPath);
   const statsIntervalSec = parseNonNegativeInt(opts.statsInterval, "stats-interval");
   const statsJson = opts.statsJson;
   const matchStrategy = opts.matchStrategy;
@@ -273,7 +336,14 @@ var runServe = (opts) => {
       const bodyBuffer = Buffer.concat(bodyChunks);
       const shouldRecord = recordByRequest.get(req) ?? true;
       if (shouldRecord) {
-        const tapeData = createTapeRecord(req, proxyRes, bodyBuffer, redactedHeaders, matchStrategy);
+        const tapeData = createTapeRecord(
+          req,
+          proxyRes,
+          bodyBuffer,
+          redactedHeaders,
+          redactedJsonPaths,
+          matchStrategy
+        );
         const tapeKey = getTapeKey(req, matchStrategy);
         const tapePath = import_path.default.join(tapesDir, `${tapeKey}.json`);
         import_fs_extra.default.writeJsonSync(tapePath, tapeData, { spaces: 2 });
@@ -321,6 +391,9 @@ var runServe = (opts) => {
   if (redactedHeaders.length > 0) {
     console.log(`   ${import_chalk2.default.dim("Redact Headers:")} ${redactedHeaders.join(", ")}`);
   }
+  if (redactedJsonPaths.length > 0) {
+    console.log(`   ${import_chalk2.default.dim("Redact JSON Paths:")} ${redactedJsonPaths.join(", ")}`);
+  }
   if (statsIntervalSec > 0) {
     console.log(`   ${import_chalk2.default.dim("Stats Every:")} ${statsIntervalSec}s`);
   }
@@ -405,19 +478,23 @@ var addServeOptions = (command) => command.requiredOption("-t, --target <url>",
   "--redact-header <headers>",
   "Comma-separated response header names to redact before saving",
   ""
+).option(
+  "--redact-json-path <paths>",
+  "Comma-separated JSON paths to redact in JSON response bodies",
+  ""
 ).option("--stats-interval <seconds>", "Emit runtime stats every N seconds (0 disables)", "0").option("--stats-json", "Emit stats in JSON format", false).option("--match-strategy <strategy>", "Tape matching strategy: exact or normalized", "exact");
 var run = () => {
   const argv = process.argv;
   const hasSubCommand = argv.length > 2 && ["serve", "tape"].includes(argv[2]);
   if (!hasSubCommand) {
-    const legacy = addServeOptions(new import_commander.Command()).name("api-tape").description("Record and Replay HTTP API responses for offline development.").version("1.3.0").action((options) => {
+    const legacy = addServeOptions(new import_commander.Command()).name("api-tape").description("Record and Replay HTTP API responses for offline development.").version("1.5.0").action((options) => {
       runServe(options);
     });
     legacy.parse(argv);
     return;
   }
   const program = new import_commander.Command();
-  program.name("api-tape").description("Record and Replay HTTP API responses for offline development.").version("1.3.0");
+  program.name("api-tape").description("Record and Replay HTTP API responses for offline development.").version("1.5.0");
   addServeOptions(program.command("serve").description("Run API Tape proxy server")).action(
     (options) => {
       runServe(options);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@laphilosophia/api-tape",
-  "version": "1.4.0",
+  "version": "1.5.0",
   "description": "Record and Replay HTTP API responses for offline development",
   "main": "dist/index.js",
   "bin": {
@@ -16,7 +16,7 @@
   "scripts": {
     "build": "tsup src/index.ts --format cjs --clean",
     "prepublishOnly": "npm run build",
-    "test": "npm run build && node --test test/**/*.test.cjs"
+    "test": "npm run build && node --test"
   },
   "keywords": [
     "api",