@zintrust/trace 0.4.76 → 0.4.77

package/src/utils/redact.ts

@@ -2,7 +2,55 @@
  * Redaction helpers for @zintrust/trace watchers.
  */
 
-const REDACTED = '[REDACTED]';
+const REDACTED = '****';
+
+const isArrayValue = (value: unknown): value is unknown[] => Array.isArray(value);
+
+const isObjectValue = (value: unknown): value is Record<string, unknown> => {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+};
+
+const normalizeFields = (fields: string[]): Set<string> => {
+  const normalized = new Set<string>();
+
+  for (const field of fields) {
+    if (typeof field !== 'string') continue;
+    const key = field.trim().toLowerCase();
+    if (key !== '') normalized.add(key);
+  }
+
+  return normalized;
+};
+
+const redactUnknownValue = (
+  value: unknown,
+  fields: Set<string>,
+  seen: WeakSet<object>
+): unknown => {
+  if (isArrayValue(value)) {
+    return value.map((item) => redactUnknownValue(item, fields, seen));
+  }
+
+  if (!isObjectValue(value)) {
+    return value;
+  }
+
+  if (seen.has(value)) {
+    return '[Circular]';
+  }
+
+  seen.add(value);
+  const out: Record<string, unknown> = {};
+
+  for (const [key, entryValue] of Object.entries(value)) {
+    out[key] = fields.has(key.toLowerCase())
+      ? REDACTED
+      : redactUnknownValue(entryValue, fields, seen);
+  }
+
+  seen.delete(value);
+  return out;
+};
 
 const redactQuerySegment = (segment: string, fields: Set<string>): string => {
   const separatorIndex = segment.indexOf('=');
@@ -19,7 +67,7 @@ export const redactHeaders = (
   headers: Record<string, string>,
   fields: string[]
 ): Record<string, string> => {
-  const lower = new Set(fields.map((f) => f.toLowerCase()));
+  const lower = normalizeFields(fields);
   const out: Record<string, string> = {};
   for (const [k, v] of Object.entries(headers)) {
     out[k] = lower.has(k.toLowerCase()) ? REDACTED : v;
@@ -27,20 +75,20 @@ export const redactHeaders = (
   return out;
 };
 
+export const redactUnknown = (value: unknown, fields: string[]): unknown => {
+  return redactUnknownValue(value, normalizeFields(fields), new WeakSet<object>());
+};
+
 export const redactObject = (
   obj: Record<string, unknown>,
   fields: string[]
 ): Record<string, unknown> => {
-  const lower = new Set(fields.map((f) => f.toLowerCase()));
-  const out: Record<string, unknown> = {};
-  for (const [k, v] of Object.entries(obj)) {
-    out[k] = lower.has(k.toLowerCase()) ? REDACTED : v;
-  }
-  return out;
+  const redacted = redactUnknown(obj, fields);
+  return isObjectValue(redacted) ? redacted : {};
 };
 
 export const redactString = (value: string, fields: string[]): string => {
-  const lower = new Set(fields.map((f) => f.toLowerCase()));
+  const lower = normalizeFields(fields);
   if (value === '') return value;
 
   let output = '';

package/src/watchers/CommandWatcher.ts

@@ -45,7 +45,7 @@ export const CommandWatcher: ITraceWatcher & { emit: typeof emit } = Object.free
   register({ storage, config }: ITraceWatcherConfig): () => void {
     if (config.watchers.command === false) return () => undefined;
     _storage = storage;
-    _redactKeys = config.redaction?.body ?? [];
+    _redactKeys = [...(config.redaction?.keys ?? []), ...(config.redaction?.body ?? [])];
     _ignoreRoutes = config.ignoreRoutes;
     return () => {
       _storage = null;

package/src/watchers/HttpClientWatcher.ts

@@ -46,7 +46,7 @@ export const HttpClientWatcher: ITraceWatcher & { emit: typeof emit } = Object.f
   register({ storage, config }: ITraceWatcherConfig): () => void {
     if (config.watchers.clientRequest === false) return () => undefined;
     _storage = storage;
-    _redactHeaderNames = config.redaction?.headers ?? [];
+    _redactHeaderNames = [...(config.redaction?.keys ?? []), ...(config.redaction?.headers ?? [])];
     _ignoreRoutes = config.ignoreRoutes;
     return () => {
       _storage = null;

package/src/watchers/HttpWatcher.ts

@@ -7,7 +7,7 @@ import { TraceContext } from '../context';
 import type { ITraceConfig, ITraceWatcher, ITraceWatcherConfig, RequestContent } from '../types';
 import { EntryType } from '../types';
 import { AuthTag } from '../utils/authTag';
-import { redactHeaders, redactObject } from '../utils/redact';
+import { redactHeaders, redactObject, redactUnknown } from '../utils/redact';
 import { RequestFilter } from '../utils/requestFilter';
 
 const normalizeHeaders = (headers: IRequest['headers']): Record<string, string> => {
@@ -22,15 +22,112 @@ const normalizeHeaders = (headers: IRequest['headers']): Record<string, string>
   );
 };
 
+const normalizeHeaderValue = (value: string | string[]): string => {
+  return Array.isArray(value) ? value.join(', ') : value;
+};
+
+type ResponseCapture = {
+  headers: Record<string, string>;
+  body?: unknown;
+  restore(): void;
+};
+
+type RawResponseWithLifecycle = ReturnType<IResponse['getRaw']> & {
+  once?: (event: 'finish' | 'close', listener: () => void) => unknown;
+  off?: (event: 'finish' | 'close', listener: () => void) => unknown;
+};
+
+const registerCompletionHandler = (response: IResponse, onComplete: () => void): (() => void) => {
+  const raw = response.getRaw() as RawResponseWithLifecycle;
+  if (typeof raw.once !== 'function') return () => undefined;
+
+  let completed = false;
+
+  const cleanup = (): void => {
+    if (typeof raw.off === 'function') {
+      raw.off('finish', markCompleted);
+      raw.off('close', markCompleted);
+    }
+  };
+
+  const markCompleted = (): void => {
+    if (completed) return;
+    completed = true;
+    cleanup();
+    onComplete();
+  };
+
+  raw.once('finish', markCompleted);
+  raw.once('close', markCompleted);
+
+  return cleanup;
+};
+
+const captureResponse = (response: IResponse, config: ITraceConfig): ResponseCapture => {
+  const headers: Record<string, string> = {};
+  const redactFields = [...config.redaction.keys, ...config.redaction.body];
+
+  const originalSetHeader = response.setHeader;
+  const originalJson = response.json;
+  const originalText = response.text;
+  const originalHtml = response.html;
+  const originalSend = response.send;
+
+  const capture: ResponseCapture = {
+    headers,
+    body: undefined,
+    restore(): void {
+      response.setHeader = originalSetHeader;
+      response.json = originalJson;
+      response.text = originalText;
+      response.html = originalHtml;
+      response.send = originalSend;
+    },
+  };
+
+  response.setHeader = function setHeader(name: string, value: string | string[]): IResponse {
+    headers[name] = normalizeHeaderValue(value);
+    return originalSetHeader.call(this, name, value);
+  };
+
+  response.json = function json(data: unknown): void {
+    capture.body = redactUnknown(data, redactFields);
+    originalJson.call(this, data);
+  };
+
+  response.text = function text(value: string): void {
+    capture.body = value;
+    originalText.call(this, value);
+  };
+
+  response.html = function html(value: string): void {
+    capture.body = value;
+    originalHtml.call(this, value);
+  };
+
+  response.send = function send(data: string | Buffer): void {
+    capture.body = typeof data === 'string' ? data : `[binary ${data.length} bytes]`;
+    originalSend.call(this, data);
+  };
+
+  return capture;
+};
+
 const buildEntry = (
   req: IRequest,
   res: IResponse,
   start: number,
-  config: ITraceConfig
+  config: ITraceConfig,
+  responseCapture: ResponseCapture
 ): RequestContent => {
-  const headers = redactHeaders(normalizeHeaders(req.headers), config.redaction.headers);
+  const headers = redactHeaders(normalizeHeaders(req.headers), [
+    ...config.redaction.keys,
+    ...config.redaction.headers,
+  ]);
 
-  const payload = req.body ? redactObject(req.body, config.redaction.body) : {};
+  const payload = req.body
+    ? redactObject(req.body, [...config.redaction.keys, ...config.redaction.body])
+    : {};
 
   return {
     method: req.getMethod(),
@@ -38,7 +135,11 @@ const buildEntry = (
     headers,
     payload,
     responseStatus: res.getStatus(),
-    responseHeaders: {},
+    responseHeaders: redactHeaders(responseCapture.headers, [
+      ...config.redaction.keys,
+      ...config.redaction.headers,
+    ]),
+    responseBody: responseCapture.body,
     duration: Date.now() - start,
     memory: TraceContext.getMemory(),
     middleware: [],
@@ -68,24 +169,34 @@ export const HttpWatcher: ITraceWatcher = Object.freeze({
 
       const start = TraceContext.now();
       const batchId = TraceContext.getBatchId();
+      const responseCapture = captureResponse(response, config);
+      let didPersist = false;
 
-      await next();
+      const persistEntry = (): void => {
+        if (didPersist) return;
+        didPersist = true;
 
-      const content = buildEntry(request, response, start, config);
-      const tags = AuthTag.append([]);
-      if (content.responseStatus >= 500) tags.push('failed');
-
-      storage
-        .writeEntry({
-          uuid: crypto.randomUUID(),
-          batchId,
-          type: EntryType.REQUEST,
-          content,
-          tags,
-          isLatest: true,
-          createdAt: TraceContext.now(),
-        })
-        .catch(() => undefined); // fire-and-forget
+        const content = buildEntry(request, response, start, config, responseCapture);
+        const tags = AuthTag.append([]);
+        if (content.responseStatus >= 500) tags.push('failed');
+
+        responseCapture.restore();
+
+        storage
+          .writeEntry({
+            uuid: crypto.randomUUID(),
+            batchId,
+            type: EntryType.REQUEST,
+            content,
+            tags,
+            isLatest: true,
+            createdAt: TraceContext.now(),
+          })
+          .catch(() => undefined); // fire-and-forget
+      };
+
+      registerCompletionHandler(response, persistEntry);
+      await next();
     };
 
     registerMiddleware(middleware);

package/src/watchers/LogWatcher.ts

@@ -8,7 +8,7 @@ import { EntryType } from '../types';
 import { AuthTag } from '../utils/authTag';
 import { RequestFilter } from '../utils/requestFilter';
 
-type LoggerSink = (level: string, message: string, context?: Record<string, unknown>) => void;
+// type LoggerSink = (level: string, message: string, context?: Record<string, unknown>) => void;
 
 const LEVEL_PRIORITY: Record<string, number> = {
   debug: 0,
@@ -24,37 +24,37 @@ export const LogWatcher: ITraceWatcher = Object.freeze({
 
     const minPriority = LEVEL_PRIORITY[config.logMinLevel] ?? 1;
 
-    const loggerWithSink = Logger as typeof Logger & {
-      addSink?: (fn: LoggerSink) => () => void;
-    };
+    const loggerWithSink = Logger;
 
     if (typeof loggerWithSink.addSink !== 'function') {
       return () => undefined;
     }
 
-    const unsubscribe = loggerWithSink.addSink((level, message, context) => {
-      if ((LEVEL_PRIORITY[level] ?? 0) < minPriority) return;
-      if (RequestFilter.shouldIgnoreCurrentRequest(config.ignoreRoutes)) return;
-
-      const content: LogContent = {
-        level,
-        message,
-        context: context ?? undefined,
-        hostname: TraceContext.getHostname(),
-      };
-
-      storage
-        .writeEntry({
-          uuid: crypto.randomUUID(),
-          batchId: TraceContext.getBatchId(),
-          type: EntryType.LOG,
-          content,
-          tags: AuthTag.append([]),
-          isLatest: true,
-          createdAt: TraceContext.now(),
-        })
-        .catch(() => undefined);
-    });
+    const unsubscribe = loggerWithSink.addSink(
+      (level: string, message: string, context?: Record<string, unknown>) => {
+        if ((LEVEL_PRIORITY[level] ?? 0) < minPriority) return;
+        if (RequestFilter.shouldIgnoreCurrentRequest(config.ignoreRoutes)) return;
+
+        const content: LogContent = {
+          level,
+          message,
+          context: context ?? undefined,
+          hostname: TraceContext.getHostname(),
+        };
+
+        storage
+          .writeEntry({
+            uuid: crypto.randomUUID(),
+            batchId: TraceContext.getBatchId(),
+            type: EntryType.LOG,
+            content,
+            tags: AuthTag.append([]),
+            isLatest: true,
+            createdAt: TraceContext.now(),
+          })
+          .catch(() => undefined);
+      }
+    );
 
     return unsubscribe;
   },