@output.ai/http 0.0.1

package/README.md

@@ -0,0 +1,26 @@
+# @output.ai/http
+
+TypeScript HTTP client that wraps [ky](https://github.com/sindresorhus/ky) with Flow SDK tracing hooks.
+
+## Installation
+
+```bash
+npm install @output.ai/http
+```
+
+## Quick Start
+
+```typescript
+import { httpClient } from '@output.ai/http';
+
+const client = httpClient({
+  prefixUrl: 'https://api.example.com'
+});
+
+const response = await client.get('users/1');
+const userData = await response.json();
+```
+
+## Environment Variables
+
+- `LOG_HTTP_VERBOSE=true` - Enables detailed request/response logging including headers and body

package/dist/config.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Configuration for HTTP client behavior
+ */
+export declare const config: {
+    /**
+     * Whether to log verbose HTTP information (headers and bodies)
+     * Controlled by LOG_HTTP_VERBOSE environment variable
+     */
+    logVerbose: boolean;
+};

package/dist/config.js

@@ -0,0 +1,10 @@
+/**
+ * Configuration for HTTP client behavior
+ */
+export const config = {
+    /**
+     * Whether to log verbose HTTP information (headers and bodies)
+     * Controlled by LOG_HTTP_VERBOSE environment variable
+     */
+    logVerbose: ['1', 'true'].includes(process.env.TRACING_HTTP_VERBOSE)
+};

package/dist/hooks/index.d.ts

@@ -0,0 +1,3 @@
+export { traceRequest } from './trace-request.js';
+export { traceResponse } from './trace-response.js';
+export { traceError } from './trace-error.js';

package/dist/hooks/index.js

@@ -0,0 +1,3 @@
+export { traceRequest } from './trace-request.js';
+export { traceResponse } from './trace-response.js';
+export { traceError } from './trace-error.js';

package/dist/hooks/trace-error.d.ts

@@ -0,0 +1,5 @@
+import type { BeforeErrorHook } from 'ky';
+/**
+ * Traces HTTP errors for observability using Flow SDK tracing
+ */
+export declare const traceError: BeforeErrorHook;

package/dist/hooks/trace-error.js

@@ -0,0 +1,34 @@
+import { HTTPError } from 'ky';
+import { trace } from '@output.ai/trace';
+import { redactHeaders } from '../utils/index.js';
+/**
+ * Traces HTTP errors for observability using Flow SDK tracing
+ */
+export const traceError = async (error) => {
+    const request = error.request;
+    const response = error.response;
+    const requestHeaders = Object.fromEntries(request.headers.entries());
+    trace({
+        lib: 'flow-http',
+        event: 'http.error',
+        input: {
+            method: request.method,
+            url: request.url,
+            requestHeaders: redactHeaders(requestHeaders)
+        },
+        output: {
+            error: error instanceof HTTPError && response ? {
+                name: error.name,
+                message: error.message,
+                status: response.status,
+                statusText: response.statusText,
+                headers: redactHeaders(Object.fromEntries(response.headers.entries()))
+            } : {
+                name: error.name,
+                message: error.message,
+                type: 'network'
+            }
+        }
+    });
+    return error;
+};

package/dist/hooks/trace-request.d.ts

@@ -0,0 +1,6 @@
+import type { BeforeRequestHook } from 'ky';
+/**
+ * Traces HTTP request for observability using Flow SDK tracing
+ * Respects LOG_HTTP_VERBOSE environment variable for detailed logging
+ */
+export declare const traceRequest: BeforeRequestHook;

package/dist/hooks/trace-request.js

@@ -0,0 +1,42 @@
+import { trace } from '@output.ai/trace';
+import { redactHeaders } from '../utils/index.js';
+import { config } from '../config.js';
+/**
+ * Safely parses request body as JSON, falling back to string if parsing fails
+ */
+async function safeParseBody(request) {
+    if (!request.body) {
+        return null;
+    }
+    const cloned = request.clone();
+    const body = await cloned.text();
+    if (!body) {
+        return null;
+    }
+    try {
+        return JSON.parse(body);
+    }
+    catch {
+        return body;
+    }
+}
+/**
+ * Traces HTTP request for observability using Flow SDK tracing
+ * Respects LOG_HTTP_VERBOSE environment variable for detailed logging
+ */
+export const traceRequest = async (request) => {
+    const traceData = {
+        method: request.method,
+        url: request.url
+    };
+    if (config.logVerbose) {
+        const headers = Object.fromEntries(request.headers.entries());
+        traceData.headers = redactHeaders(headers);
+        traceData.body = await safeParseBody(request);
+    }
+    trace({
+        lib: 'flow-http',
+        event: 'http.request',
+        input: traceData
+    });
+};

package/dist/hooks/trace-response.d.ts

@@ -0,0 +1,6 @@
+import type { AfterResponseHook } from 'ky';
+/**
+ * Traces HTTP response for observability using Flow SDK tracing
+ * Respects LOG_HTTP_VERBOSE environment variable for detailed logging
+ */
+export declare const traceResponse: AfterResponseHook;

package/dist/hooks/trace-response.js

@@ -0,0 +1,45 @@
+import { trace } from '@output.ai/trace';
+import { redactHeaders } from '../utils/index.js';
+import { config } from '../config.js';
+/**
+ * Safely parses response body based on content type
+ */
+async function safeParseResponseBody(response) {
+    const cloned = response.clone();
+    const contentType = response.headers.get('content-type') || '';
+    const body = contentType.includes('application/json') ?
+        await cloned.json() :
+        await cloned.text();
+    if (body !== null && body !== undefined && body !== '') {
+        return body;
+    }
+    return null;
+}
+/**
+ * Traces HTTP response for observability using Flow SDK tracing
+ * Respects LOG_HTTP_VERBOSE environment variable for detailed logging
+ */
+export const traceResponse = async (request, options, response) => {
+    const inputData = {
+        method: request.method,
+        url: request.url
+    };
+    const outputData = {
+        status: response.status,
+        statusText: response.statusText
+    };
+    if (config.logVerbose) {
+        const requestHeaders = Object.fromEntries(request.headers.entries());
+        const responseHeaders = Object.fromEntries(response.headers.entries());
+        inputData.requestHeaders = redactHeaders(requestHeaders);
+        outputData.headers = redactHeaders(responseHeaders);
+        outputData.body = await safeParseResponseBody(response);
+    }
+    trace({
+        lib: 'flow-http',
+        event: 'http.response',
+        input: inputData,
+        output: outputData
+    });
+    return response;
+};

package/dist/index.d.ts

@@ -0,0 +1,24 @@
+import type { Options } from 'ky';
+/**
+ * Creates an HTTP client with Flow SDK tracing
+ *
+ * @param options - ky options to extend the base client with
+ * @returns Extended ky instance with Flow SDK hooks
+ *
+ * @example
+ * ```typescript
+ * import { httpClient } from '@output.ai/http';
+ *
+ * const client = httpClient({
+ *   prefixUrl: 'https://api.example.com',
+ *   timeout: 30000,
+ *   retry: { limit: 3 }
+ * });
+ *
+ * const response = await client.get('users/1');
+ * const data = await response.json();
+ * ```
+ */
+export declare function httpClient(options?: Options): import("ky").KyInstance;
+export { HTTPError, TimeoutError } from 'ky';
+export type { Options as HttpClientOptions } from 'ky';

package/dist/index.integration.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/index.integration.test.js

@@ -0,0 +1,117 @@
+import { describe, it, expect } from 'vitest';
+import { httpClient } from './index.js';
+describe('HTTP Client Authentication Integration', () => {
+    const httpBinClient = httpClient({
+        prefixUrl: 'https://httpbin.org',
+        timeout: 5000
+    });
+    const clientsClient = httpBinClient.extend({
+        headers: {
+            'X-API-Key': 'demo-api-key-12345'
+        }
+    });
+    const contractsClient = httpBinClient.extend({
+        headers: {
+            Authorization: `Basic ${Buffer.from('demo-user:demo-pass').toString('base64')}`
+        }
+    });
+    describe('Authentication Headers', () => {
+        it('should include API key for clients endpoints', async () => {
+            const response = await clientsClient.get('anything/clients');
+            const data = await response.json();
+            expect(data.headers['X-Api-Key']).toBe('demo-api-key-12345');
+            expect(data.url).toContain('/anything/clients');
+            expect(data.method).toBe('GET');
+        }, 10000);
+        it('should include Basic auth for contracts endpoints', async () => {
+            const response = await contractsClient.get('anything/contracts');
+            const data = await response.json();
+            expect(data.headers['Authorization']).toMatch(/^Basic /);
+            expect(data.headers['Authorization']).toBe(`Basic ${Buffer.from('demo-user:demo-pass').toString('base64')}`);
+            expect(data.url).toContain('/anything/contracts');
+        }, 10000);
+        it('should remove auth headers when overridden with undefined', async () => {
+            const response = await clientsClient.get('anything/clients/export', {
+                headers: { 'X-API-Key': undefined }
+            });
+            const data = await response.json();
+            expect(data.headers['X-Api-Key']).toBeUndefined();
+            expect(data.url).toContain('/anything/clients/export');
+        }, 10000);
+        it('should properly handle POST with JSON data and authentication', async () => {
+            const testData = { name: 'Test Client', email: 'test@example.com' };
+            const response = await clientsClient.post('anything/clients', { json: testData });
+            const data = await response.json();
+            expect(data.headers['X-Api-Key']).toBe('demo-api-key-12345');
+            expect(data.json).toEqual(testData);
+            expect(data.method).toBe('POST');
+        }, 10000);
+    });
+    describe('URL Path Construction', () => {
+        it('should correctly build URLs with chained prefixUrl', async () => {
+            const response = await clientsClient.get('anything/clients/details');
+            const data = await response.json();
+            expect(data.url).toContain('/anything/clients/details');
+        }, 10000);
+        it('should handle root path correctly', async () => {
+            const response = await contractsClient.get('anything/contracts');
+            const data = await response.json();
+            expect(data.url).toMatch(/\/anything\/contracts\/?$/);
+        }, 10000);
+        it('should handle POST to specific endpoints', async () => {
+            const testContract = { clientId: '123', title: 'Test Contract', value: 5000 };
+            const response = await contractsClient.post('anything/contracts/create', { json: testContract });
+            const data = await response.json();
+            expect(data.url).toContain('/anything/contracts/create');
+            expect(data.method).toBe('POST');
+            expect(data.json).toEqual(testContract);
+        }, 10000);
+    });
+    describe('Authentication Override Patterns', () => {
+        it('should allow per-request header overrides', async () => {
+            const response = await clientsClient.get('anything/clients/public', {
+                headers: {
+                    'X-API-Key': 'different-key-456'
+                }
+            });
+            const data = await response.json();
+            expect(data.headers['X-Api-Key']).toBe('different-key-456');
+        }, 10000);
+        it('should support multiple authentication methods', async () => {
+            const response = await contractsClient.get('anything/contracts/special', {
+                headers: {
+                    'X-Special-Token': 'special-value',
+                    'X-Client-ID': 'client-123'
+                }
+            });
+            const data = await response.json();
+            expect(data.headers['Authorization']).toMatch(/^Basic /);
+            expect(data.headers['X-Special-Token']).toBe('special-value');
+            expect(data.headers['X-Client-Id']).toBe('client-123');
+        }, 10000);
+    });
+    describe('Real API Client Pattern', () => {
+        it('should demonstrate the complete authentication pattern', async () => {
+            const clientsResponse = await clientsClient.get('anything/clients');
+            const clientsData = await clientsResponse.json();
+            expect(clientsData.headers['X-Api-Key']).toBe('demo-api-key-12345');
+            const createResponse = await clientsClient.post('anything/clients', {
+                json: { name: 'Test Client', email: 'test@example.com' }
+            });
+            const createData = await createResponse.json();
+            expect(createData.headers['X-Api-Key']).toBe('demo-api-key-12345');
+            const exportResponse = await clientsClient.get('anything/clients/export', { headers: { 'X-API-Key': undefined } });
+            const exportData = await exportResponse.json();
+            expect(exportData.headers['X-Api-Key']).toBeUndefined();
+            const contractsResponse = await contractsClient.get('anything/contracts');
+            const contractsResponseData = await contractsResponse.json();
+            expect(contractsResponseData.headers['Authorization']).toMatch(/^Basic /);
+            const contractCreateResponse = await contractsClient.post('anything/contracts', {
+                json: { clientId: '123', title: 'Service Agreement', value: 10000 }
+            });
+            const contractCreateData = await contractCreateResponse.json();
+            expect(contractCreateData.headers['Authorization']).toMatch(/^Basic /);
+            console.log('✅ All authentication patterns working correctly');
+        }, 15000);
+    });
+});

package/dist/index.js

@@ -0,0 +1,40 @@
+import ky from 'ky';
+import { traceRequest, traceResponse, traceError } from './hooks/index.js';
+// Create base HTTP client with standard Flow SDK tracing hooks
+const baseHttpClient = ky.create({
+    hooks: {
+        beforeRequest: [
+            traceRequest
+        ],
+        afterResponse: [
+            traceResponse
+        ],
+        beforeError: [
+            traceError
+        ]
+    }
+});
+/**
+ * Creates an HTTP client with Flow SDK tracing
+ *
+ * @param options - ky options to extend the base client with
+ * @returns Extended ky instance with Flow SDK hooks
+ *
+ * @example
+ * ```typescript
+ * import { httpClient } from '@output.ai/http';
+ *
+ * const client = httpClient({
+ *   prefixUrl: 'https://api.example.com',
+ *   timeout: 30000,
+ *   retry: { limit: 3 }
+ * });
+ *
+ * const response = await client.get('users/1');
+ * const data = await response.json();
+ * ```
+ */
+export function httpClient(options = {}) {
+    return baseHttpClient.extend(options);
+}
+export { HTTPError, TimeoutError } from 'ky';

package/dist/index.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/index.spec.js

@@ -0,0 +1,237 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import { httpClient, HTTPError, TimeoutError } from './index.js';
+import { trace } from '@output.ai/trace';
+import { config } from './config.js';
+vi.mock('@output.ai/trace', () => ({
+    trace: vi.fn()
+}));
+vi.mock('./config.js', () => ({
+    config: {
+        logVerbose: false
+    }
+}));
+// Mock ky at the module level to intercept at the source
+vi.mock('ky', () => {
+    const createMockResponse = () => new Response(JSON.stringify({ success: true }), {
+        status: 200,
+        headers: { 'content-type': 'application/json' }
+    });
+    class MockKy {
+        hooks = {};
+        options = {};
+        constructor(options = {}) {
+            this.hooks = options.hooks || {};
+            this.options = options;
+        }
+        async runHooks(hookType, ...args) {
+            const hooks = this.hooks[hookType] || [];
+            for (const hook of hooks) {
+                await hook(...args);
+            }
+        }
+        async get(url, options = {}) {
+            return this.makeRequest('GET', url, options);
+        }
+        async post(url, options = {}) {
+            return this.makeRequest('POST', url, options);
+        }
+        async put(url, options = {}) {
+            return this.makeRequest('PUT', url, options);
+        }
+        async patch(url, options = {}) {
+            return this.makeRequest('PATCH', url, options);
+        }
+        async delete(url, options = {}) {
+            return this.makeRequest('DELETE', url, options);
+        }
+        async makeRequest(method, url, options = {}) {
+            // Construct full URL like ky would
+            const fullUrl = this.options.prefixUrl ? `${this.options.prefixUrl}/${url}` : `https://example.com/${url}`;
+            const request = new Request(fullUrl, { method });
+            // Run beforeRequest hooks
+            await this.runHooks('beforeRequest', request);
+            const response = createMockResponse();
+            // Run afterResponse hooks
+            await this.runHooks('afterResponse', request, options, response);
+            return response;
+        }
+        extend(options = {}) {
+            const mergedOptions = { ...this.options, ...options };
+            const mergedHooks = { ...this.hooks };
+            if (options.hooks) {
+                Object.entries(options.hooks).forEach(([hookType, hookArray]) => {
+                    mergedHooks[hookType] = [
+                        ...(this.hooks[hookType] || []),
+                        ...(Array.isArray(hookArray) ? hookArray : [])
+                    ];
+                });
+            }
+            mergedOptions.hooks = mergedHooks;
+            return new MockKy(mergedOptions);
+        }
+        create(options = {}) {
+            return new MockKy(options);
+        }
+    }
+    return {
+        default: new MockKy(),
+        create: (options) => new MockKy(options),
+        HTTPError: class HTTPError extends Error {
+            constructor(message) {
+                super(message);
+                this.name = 'HTTPError';
+            }
+        },
+        TimeoutError: class TimeoutError extends Error {
+            constructor(message) {
+                super(message);
+                this.name = 'TimeoutError';
+            }
+        }
+    };
+});
+const mockedTrace = trace;
+const mockedConfig = vi.mocked(config);
+describe('HTTP Client', () => {
+    beforeEach(() => {
+        mockedTrace.mockClear();
+    });
+    describe('httpClient function', () => {
+        it('should create an HTTP client with default options', () => {
+            const client = httpClient();
+            expect(client).toBeDefined();
+            expect(typeof client.get).toBe('function');
+            expect(typeof client.post).toBe('function');
+            expect(typeof client.put).toBe('function');
+            expect(typeof client.patch).toBe('function');
+            expect(typeof client.delete).toBe('function');
+        });
+        it('should create an HTTP client with custom options', () => {
+            const client = httpClient({
+                prefixUrl: 'https://api.example.com',
+                timeout: 5000
+            });
+            expect(client).toBeDefined();
+        });
+        it('should allow method chaining with extend', () => {
+            const client = httpClient();
+            const extendedClient = client.extend({
+                headers: { 'X-Custom': 'test' }
+            });
+            expect(extendedClient).toBeDefined();
+        });
+    });
+    describe('HTTP Client Interface', () => {
+        it('should have all HTTP methods', () => {
+            const client = httpClient();
+            expect(typeof client.get).toBe('function');
+            expect(typeof client.post).toBe('function');
+            expect(typeof client.put).toBe('function');
+            expect(typeof client.patch).toBe('function');
+            expect(typeof client.delete).toBe('function');
+        });
+    });
+    describe('Error Exports', () => {
+        it('should export HTTPError', () => {
+            expect(HTTPError).toBeDefined();
+            expect(typeof HTTPError).toBe('function');
+        });
+        it('should export TimeoutError', () => {
+            expect(TimeoutError).toBeDefined();
+            expect(typeof TimeoutError).toBe('function');
+        });
+    });
+    describe('Tracing Configuration', () => {
+        it('should not trace headers or bodies by default', async () => {
+            mockedConfig.logVerbose = false;
+            const client = httpClient({
+                prefixUrl: 'https://api.example.com'
+            });
+            await client.get('users/1');
+            expect(mockedTrace).toHaveBeenCalled();
+            const traceCall = mockedTrace.mock.calls.find(call => call[0].event === 'http.request');
+            expect(traceCall).toBeDefined();
+            if (traceCall) {
+                expect(traceCall[0].input.headers).toBeUndefined();
+                expect(traceCall[0].input.body).toBeUndefined();
+            }
+        });
+        it('should trace headers and bodies when verbose logging is enabled', async () => {
+            mockedConfig.logVerbose = true;
+            const client = httpClient({
+                prefixUrl: 'https://api.example.com'
+            });
+            await client.post('users', { json: { name: 'test', email: 'test@example.com' } });
+            expect(mockedTrace).toHaveBeenCalled();
+            const requestTraceCall = mockedTrace.mock.calls.find(call => call[0].event === 'http.request');
+            expect(requestTraceCall).toBeDefined();
+            if (requestTraceCall) {
+                expect(requestTraceCall[0].input.headers).toBeDefined();
+                expect(requestTraceCall[0].input.body).toBeDefined();
+            }
+        });
+    });
+    describe('Hook Preservation', () => {
+        it('should preserve original hooks when extending client with custom hooks', async () => {
+            const customBeforeRequestCalled = vi.fn();
+            const customAfterResponseCalled = vi.fn();
+            const customBeforeErrorCalled = vi.fn();
+            const client = httpClient({
+                prefixUrl: 'https://api.example.com'
+            });
+            const extendedClient = client.extend({
+                hooks: {
+                    beforeRequest: [
+                        async (request) => {
+                            customBeforeRequestCalled();
+                            return request;
+                        }
+                    ],
+                    afterResponse: [
+                        async (request, options, response) => {
+                            customAfterResponseCalled();
+                            return response;
+                        }
+                    ],
+                    beforeError: [
+                        async (error) => {
+                            customBeforeErrorCalled();
+                            return error;
+                        }
+                    ]
+                }
+            });
+            await extendedClient.get('users/1');
+            expect(customBeforeRequestCalled).toHaveBeenCalled();
+            expect(customAfterResponseCalled).toHaveBeenCalled();
+            expect(mockedTrace).toHaveBeenCalled();
+            const requestTraceCall = mockedTrace.mock.calls.find(call => call[0].event === 'http.request');
+            const responseTraceCall = mockedTrace.mock.calls.find(call => call[0].event === 'http.response');
+            expect(requestTraceCall).toBeDefined();
+            expect(responseTraceCall).toBeDefined();
+        });
+    });
+    describe('Mocking Verification', () => {
+        it('should use mocked responses and not make real HTTP requests', async () => {
+            const client = httpClient({
+                prefixUrl: 'https://api.example.com'
+            });
+            // Test GET request
+            const getResponse = await client.get('users/1');
+            const getData = await getResponse.json();
+            expect(getData).toEqual({ success: true });
+            // Test POST request
+            const postResponse = await client.post('users', { json: { name: 'test' } });
+            const postData = await postResponse.json();
+            expect(postData).toEqual({ success: true });
+            // Verify no actual network delay (should be very fast)
+            const startTime = Date.now();
+            await client.get('test');
+            const duration = Date.now() - startTime;
+            expect(duration).toBeLessThan(50); // Mocked calls should be nearly instantaneous
+            // Verify that responses come from mocks, not real HTTP
+            expect(getData.success).toBe(true);
+            expect(postData.success).toBe(true);
+        });
+    });
+});

package/dist/utils/index.d.ts

@@ -0,0 +1 @@
+export { redactHeaders } from './redact-headers.js';

package/dist/utils/index.js

@@ -0,0 +1 @@
+export { redactHeaders } from './redact-headers.js';

package/dist/utils/redact-headers.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Redacts sensitive headers for safe logging
+ * @param headers - Headers object to redact
+ * @returns Object with sensitive headers redacted
+ */
+export declare function redactHeaders(headers: Record<string, string> | Headers): Record<string, string>;

package/dist/utils/redact-headers.js

@@ -0,0 +1,27 @@
+/**
+ * Sensitive header patterns for redaction (case-insensitive)
+ */
+const SENSITIVE_HEADER_PATTERNS = [
+    /authorization/i,
+    /token/i,
+    /api-?key/i,
+    /apikey/i,
+    /secret/i,
+    /password/i,
+    /key/i,
+    /cookie/i
+];
+/**
+ * Redacts sensitive headers for safe logging
+ * @param headers - Headers object to redact
+ * @returns Object with sensitive headers redacted
+ */
+export function redactHeaders(headers) {
+    const result = {};
+    const entries = headers instanceof Headers ? headers.entries() : Object.entries(headers);
+    for (const [key, value] of entries) {
+        const isSensitive = SENSITIVE_HEADER_PATTERNS.some(pattern => pattern.test(key));
+        result[key] = isSensitive ? '[REDACTED]' : value;
+    }
+    return result;
+}

package/dist/utils/redact-headers.spec.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/utils/redact-headers.spec.js

@@ -0,0 +1,245 @@
+import { describe, it, expect } from 'vitest';
+import { redactHeaders } from './redact-headers.js';
+describe('redactHeaders', () => {
+    describe('with Record<string, string> input', () => {
+        it('should redact sensitive headers (case insensitive)', () => {
+            const headers = {
+                Authorization: 'Bearer token123',
+                'X-API-Key': 'secret-key',
+                apikey: 'another-secret',
+                'X-Auth-Token': 'auth-token',
+                'Secret-Header': 'top-secret',
+                Password: 'password123',
+                'Private-Key': 'private-key-data',
+                Cookie: 'session=abc123',
+                'Content-Type': 'application/json',
+                'User-Agent': 'test-agent'
+            };
+            const result = redactHeaders(headers);
+            expect(result).toEqual({
+                Authorization: '[REDACTED]',
+                'X-API-Key': '[REDACTED]',
+                apikey: '[REDACTED]',
+                'X-Auth-Token': '[REDACTED]',
+                'Secret-Header': '[REDACTED]',
+                Password: '[REDACTED]',
+                'Private-Key': '[REDACTED]',
+                Cookie: '[REDACTED]',
+                'Content-Type': 'application/json',
+                'User-Agent': 'test-agent'
+            });
+        });
+        it('should handle mixed case header names', () => {
+            const headers = {
+                AUTHORIZATION: 'Bearer token',
+                'x-api-key': 'secret',
+                'Api-Key': 'another-secret',
+                'TOKEN-HEADER': 'token-value',
+                'content-type': 'application/json'
+            };
+            const result = redactHeaders(headers);
+            expect(result).toEqual({
+                AUTHORIZATION: '[REDACTED]',
+                'x-api-key': '[REDACTED]',
+                'Api-Key': '[REDACTED]',
+                'TOKEN-HEADER': '[REDACTED]',
+                'content-type': 'application/json'
+            });
+        });
+        it('should not redact non-sensitive headers', () => {
+            const headers = {
+                'Content-Type': 'application/json',
+                Accept: 'application/json',
+                'User-Agent': 'test-agent',
+                'X-Custom-Header': 'custom-value',
+                'Cache-Control': 'no-cache'
+            };
+            const result = redactHeaders(headers);
+            expect(result).toEqual(headers);
+        });
+        it('should handle empty headers object', () => {
+            const headers = {};
+            const result = redactHeaders(headers);
+            expect(result).toEqual({});
+        });
+        it('should handle headers with empty values', () => {
+            const headers = {
+                Authorization: '',
+                'Content-Type': 'application/json',
+                'X-API-Key': ''
+            };
+            const result = redactHeaders(headers);
+            expect(result).toEqual({
+                Authorization: '[REDACTED]',
+                'Content-Type': 'application/json',
+                'X-API-Key': '[REDACTED]'
+            });
+        });
+    });
+    describe('with Headers object input', () => {
+        it('should redact sensitive headers from Headers object', () => {
+            const headers = new Headers();
+            headers.set('Authorization', 'Bearer token123');
+            headers.set('X-API-Key', 'secret-key');
+            headers.set('Content-Type', 'application/json');
+            headers.set('User-Agent', 'test-agent');
+            const result = redactHeaders(headers);
+            expect(result).toEqual({
+                authorization: '[REDACTED]',
+                'x-api-key': '[REDACTED]',
+                'content-type': 'application/json',
+                'user-agent': 'test-agent'
+            });
+        });
+        it('should handle empty Headers object', () => {
+            const headers = new Headers();
+            const result = redactHeaders(headers);
+            expect(result).toEqual({});
+        });
+        it('should preserve header name casing from Headers object', () => {
+            const headers = new Headers();
+            headers.set('authorization', 'Bearer token');
+            headers.set('X-Custom-Header', 'value');
+            const result = redactHeaders(headers);
+            expect(result).toEqual({
+                authorization: '[REDACTED]',
+                'x-custom-header': 'value'
+            });
+        });
+    });
+    describe('sensitive header patterns', () => {
+        it('should redact headers containing "authorization"', () => {
+            const headers = {
+                Authorization: 'Bearer token',
+                'X-Authorization': 'token',
+                'Custom-Authorization-Header': 'value'
+            };
+            const result = redactHeaders(headers);
+            Object.keys(result).forEach(key => {
+                if (key.toLowerCase().includes('authorization')) {
+                    expect(result[key]).toBe('[REDACTED]');
+                }
+            });
+        });
+        it('should redact headers containing "token"', () => {
+            const headers = {
+                'X-Auth-Token': 'token123',
+                'Access-Token': 'access123',
+                'Refresh-Token': 'refresh123',
+                'Token-Header': 'token-value'
+            };
+            const result = redactHeaders(headers);
+            Object.keys(result).forEach(key => {
+                expect(result[key]).toBe('[REDACTED]');
+            });
+        });
+        it('should redact headers containing "api-key" or "apikey"', () => {
+            const headers = {
+                'X-API-Key': 'key123',
+                'X-Api-Key': 'key456',
+                apikey: 'key789',
+                'Custom-ApiKey': 'custom-key'
+            };
+            const result = redactHeaders(headers);
+            Object.keys(result).forEach(key => {
+                expect(result[key]).toBe('[REDACTED]');
+            });
+        });
+        it('should redact headers containing "secret"', () => {
+            const headers = {
+                'X-Secret': 'secret123',
+                'Client-Secret': 'client-secret',
+                'Secret-Key': 'secret-key'
+            };
+            const result = redactHeaders(headers);
+            Object.keys(result).forEach(key => {
+                expect(result[key]).toBe('[REDACTED]');
+            });
+        });
+        it('should redact headers containing "password"', () => {
+            const headers = {
+                Password: 'pass123',
+                'X-Password': 'secret-pass',
+                'User-Password': 'user-pass'
+            };
+            const result = redactHeaders(headers);
+            Object.keys(result).forEach(key => {
+                expect(result[key]).toBe('[REDACTED]');
+            });
+        });
+        it('should redact headers containing "key"', () => {
+            const headers = {
+                'Private-Key': 'private123',
+                'Public-Key': 'public123',
+                'Encryption-Key': 'encrypt123',
+                'Symmetric-Key': 'sym123'
+            };
+            const result = redactHeaders(headers);
+            Object.keys(result).forEach(key => {
+                expect(result[key]).toBe('[REDACTED]');
+            });
+        });
+        it('should redact headers containing "cookie"', () => {
+            const headers = {
+                Cookie: 'session=abc123',
+                'Set-Cookie': 'token=xyz789',
+                'X-Cookie-Data': 'cookie-info'
+            };
+            const result = redactHeaders(headers);
+            Object.keys(result).forEach(key => {
+                expect(result[key]).toBe('[REDACTED]');
+            });
+        });
+    });
+    describe('edge cases', () => {
+        it('should handle headers with special characters in values', () => {
+            const headers = {
+                Authorization: 'Bearer !@#$%^&*()_+-=[]{}|;:,.<>?',
+                'Content-Type': 'application/json; charset=utf-8'
+            };
+            const result = redactHeaders(headers);
+            expect(result).toEqual({
+                Authorization: '[REDACTED]',
+                'Content-Type': 'application/json; charset=utf-8'
+            });
+        });
+        it('should handle headers with unicode characters', () => {
+            const headers = {
+                'X-API-Key': '🔑secret-key🔐',
+                'X-Custom': 'héllo wörld'
+            };
+            const result = redactHeaders(headers);
+            expect(result).toEqual({
+                'X-API-Key': '[REDACTED]',
+                'X-Custom': 'héllo wörld'
+            });
+        });
+        it('should handle very long header values', () => {
+            const longValue = 'a'.repeat(10000);
+            const headers = {
+                Authorization: `Bearer ${longValue}`,
+                'X-Long-Header': longValue
+            };
+            const result = redactHeaders(headers);
+            expect(result).toEqual({
+                Authorization: '[REDACTED]',
+                'X-Long-Header': longValue
+            });
+        });
+        it('should match partial words in header names (current behavior)', () => {
+            const headers = {
+                Keyboard: 'qwerty', // contains "key" - will be redacted
+                Secretary: 'admin', // contains "secret" - will be redacted
+                Tokens: 'abc123', // contains "token" - will be redacted
+                'Content-Length': '123' // doesn't contain sensitive patterns - will not be redacted
+            };
+            const result = redactHeaders(headers);
+            expect(result).toEqual({
+                Keyboard: '[REDACTED]',
+                Secretary: '[REDACTED]',
+                Tokens: '[REDACTED]',
+                'Content-Length': '123'
+            });
+        });
+    });
+});

package/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "@output.ai/http",
+  "version": "0.0.1",
+  "description": "Framework abstraction to make HTTP calls with tracing",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.js",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "rm -rf ./dist && tsc"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/growthxai/flow-sdk"
+  },
+  "dependencies": {
+    "@output.ai/trace": "0.0.1",
+    "ky": "~1.9.1"
+  }
+}