har-o-scope 0.1.0

package/dist/lib/normalizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"normalizer.d.ts","sourceRoot":"","sources":["../../src/lib/normalizer.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,KAAK,EAAE,GAAG,EAAS,MAAM,YAAY,CAAA;AAC5C,OAAO,KAAK,EAAE,eAAe,EAAmC,MAAM,YAAY,CAAA;AAElF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA;AAiIjD,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,eAAe,EAAE,CAAA;IAC1B,QAAQ,EAAE,eAAe,EAAE,CAAA;CAC5B;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,GAAG,GAAG,eAAe,CA4DtD;AAID,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,GAAG,CAyB3C"}

package/dist/lib/normalizer.js

@@ -0,0 +1,201 @@
+import { HarError, HAR_ERRORS, createWarning } from './errors.js';
+// ── Resource type detection ─────────────────────────────────────
+const MIME_TO_RESOURCE = [
+    [/^text\/html/i, 'document'],
+    [/javascript/i, 'script'],
+    [/^text\/css/i, 'stylesheet'],
+    [/^image\//i, 'image'],
+    [/^font\/|\/woff|\/woff2|\/ttf|\/otf/i, 'font'],
+    [/^audio\/|^video\//i, 'media'],
+    [/^text\/event-stream/i, 'fetch'],
+];
+function detectResourceType(entry) {
+    const url = entry.request?.url ?? '';
+    const mimeType = entry.response?.content?.mimeType ?? '';
+    // WebSocket detection
+    if (url.startsWith('wss://') || url.startsWith('ws://'))
+        return 'websocket';
+    if (entry.response?.status === 101)
+        return 'websocket';
+    // XHR/Fetch via _resourceType hint (Chrome DevTools export)
+    const resourceHint = entry._resourceType;
+    if (resourceHint) {
+        const lower = resourceHint.toLowerCase();
+        if (lower === 'xhr')
+            return 'xhr';
+        if (lower === 'fetch')
+            return 'fetch';
+        if (lower === 'websocket')
+            return 'websocket';
+        if (lower === 'document')
+            return 'document';
+        if (lower === 'script')
+            return 'script';
+        if (lower === 'stylesheet')
+            return 'stylesheet';
+        if (lower === 'image')
+            return 'image';
+        if (lower === 'font')
+            return 'font';
+        if (lower === 'media')
+            return 'media';
+    }
+    // MIME-based detection
+    for (const [pattern, type] of MIME_TO_RESOURCE) {
+        if (pattern.test(mimeType))
+            return type;
+    }
+    // URL extension fallback
+    const pathname = safeUrlPathname(url);
+    if (/\.(js|mjs|cjs)$/i.test(pathname))
+        return 'script';
+    if (/\.css$/i.test(pathname))
+        return 'stylesheet';
+    if (/\.(png|jpg|jpeg|gif|svg|webp|ico|avif)$/i.test(pathname))
+        return 'image';
+    if (/\.(woff2?|ttf|otf|eot)$/i.test(pathname))
+        return 'font';
+    if (/\.(mp[34]|webm|ogg|wav|flac)$/i.test(pathname))
+        return 'media';
+    // Default for API-like calls
+    if (mimeType.includes('json') || mimeType.includes('xml'))
+        return 'xhr';
+    return 'other';
+}
+function safeUrlPathname(url) {
+    try {
+        return new URL(url).pathname;
+    }
+    catch {
+        // Handle malformed URLs by extracting path manually
+        const pathStart = url.indexOf('/', url.indexOf('//') + 2);
+        const queryStart = url.indexOf('?');
+        if (pathStart === -1)
+            return '';
+        return queryStart === -1 ? url.slice(pathStart) : url.slice(pathStart, queryStart);
+    }
+}
+// ── Timing normalization ────────────────────────────────────────
+function clampTiming(value) {
+    if (value === undefined || value < 0)
+        return 0;
+    return value;
+}
+function normalizeTimings(entry) {
+    const t = entry.timings;
+    if (!t) {
+        return { blocked: 0, dns: 0, connect: 0, ssl: 0, send: 0, wait: 0, receive: 0, total: 0 };
+    }
+    const blocked = clampTiming(t.blocked);
+    const dns = clampTiming(t.dns);
+    const connect = clampTiming(t.connect);
+    const ssl = clampTiming(t.ssl);
+    const send = clampTiming(t.send);
+    const wait = clampTiming(t.wait);
+    const receive = clampTiming(t.receive);
+    const total = blocked + dns + connect + ssl + send + wait + receive;
+    return { blocked, dns, connect, ssl, send, wait, receive, total };
+}
+// ── Long-poll detection ─────────────────────────────────────────
+function detectLongPoll(entry, timings) {
+    // SSE (Server-Sent Events)
+    const mimeType = entry.response?.content?.mimeType ?? '';
+    if (mimeType === 'text/event-stream')
+        return true;
+    // High wait time with small response body
+    if (timings.wait > 25000) {
+        const bodySize = entry.response?.content?.size ?? 0;
+        if (bodySize < 1024)
+            return true;
+    }
+    return false;
+}
+// ── Transfer size resolution ────────────────────────────────────
+function resolveTransferSize(entry) {
+    // Chrome DevTools _transferSize extension field
+    const chromeTransfer = entry._transferSize;
+    if (typeof chromeTransfer === 'number' && chromeTransfer > 0)
+        return chromeTransfer;
+    // Standard HAR response.bodySize
+    const bodySize = entry.response?.bodySize;
+    if (typeof bodySize === 'number' && bodySize > 0)
+        return bodySize;
+    // Fallback to content.size
+    const contentSize = entry.response?.content?.size;
+    if (typeof contentSize === 'number' && contentSize > 0)
+        return contentSize;
+    return 0;
+}
+export function normalizeHar(har) {
+    const warnings = [];
+    if (!har?.log?.entries || !Array.isArray(har.log.entries)) {
+        throw new HarError({
+            code: HAR_ERRORS.HAR002,
+            message: 'Invalid HAR: missing log.entries array',
+            help: 'Ensure the HAR file has a valid { log: { entries: [...] } } structure.',
+        });
+    }
+    if (har.log.entries.length === 0) {
+        throw new HarError({
+            code: HAR_ERRORS.HAR003,
+            message: 'HAR file contains no entries',
+            help: 'The HAR file has an empty entries array. Capture some network traffic and re-export.',
+        });
+    }
+    // Parse all start times, find the earliest
+    const startTimes = [];
+    for (const entry of har.log.entries) {
+        const ms = new Date(entry.startedDateTime).getTime();
+        if (isNaN(ms)) {
+            warnings.push(createWarning(HAR_ERRORS.HAR002, `Invalid startedDateTime: ${entry.startedDateTime}`, 'This entry has an unparseable timestamp and will use time 0.'));
+            startTimes.push(0);
+        }
+        else {
+            startTimes.push(ms);
+        }
+    }
+    const baseTime = Math.min(...startTimes.filter((t) => t > 0)) || 0;
+    const entries = har.log.entries.map((entry, i) => {
+        const timings = normalizeTimings(entry);
+        const resourceType = detectResourceType(entry);
+        const isWebSocket = resourceType === 'websocket';
+        const isLongPoll = !isWebSocket && detectLongPoll(entry, timings);
+        return {
+            entry,
+            startTimeMs: startTimes[i] > 0 ? startTimes[i] - baseTime : 0,
+            totalDuration: timings.total,
+            transferSizeResolved: resolveTransferSize(entry),
+            contentSize: Math.max(0, entry.response?.content?.size ?? 0),
+            timings,
+            resourceType,
+            isLongPoll,
+            isWebSocket,
+            httpVersion: entry.request?.httpVersion ?? 'unknown',
+        };
+    });
+    return { entries, warnings };
+}
+// ── HAR parsing (JSON string -> Har object) ─────────────────────
+export function parseHar(input) {
+    let parsed;
+    try {
+        parsed = JSON.parse(input);
+    }
+    catch (e) {
+        throw new HarError({
+            code: HAR_ERRORS.HAR001,
+            message: `Invalid JSON: ${e instanceof Error ? e.message : 'parse error'}`,
+            help: 'The input is not valid JSON. Ensure the file is a properly formatted HAR export.',
+        });
+    }
+    if (typeof parsed !== 'object' ||
+        parsed === null ||
+        !('log' in parsed)) {
+        throw new HarError({
+            code: HAR_ERRORS.HAR002,
+            message: 'Not a HAR file: missing top-level "log" property',
+            help: 'A valid HAR file must have a { "log": { ... } } structure. Check that you exported from the Network tab correctly.',
+        });
+    }
+    return parsed;
+}

package/dist/lib/rule-engine.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Rule engine: evaluates YAML-defined rules against NormalizedEntry arrays.
+ *
+ * Adapted from the reference engine (yaml_base RuleEngine.ts).
+ * Generalized: DisplayEntry -> NormalizedEntry, stripped SF-specific imports.
+ */
+import type { NormalizedEntry, Finding } from './types.js';
+import type { IssueRulesFile, YamlRule, ConditionGroup, SharedConditionsFile, FiltersFile } from './schema.js';
+export declare function resolveComposition(rule: YamlRule, sharedConditions?: SharedConditionsFile): ConditionGroup | undefined;
+export declare function evaluateRules(rulesFile: IssueRulesFile, entries: NormalizedEntry[], sharedConditions?: SharedConditionsFile, filtersFile?: FiltersFile): Finding[];
+export declare function getRootCauseWeights(rulesFile: IssueRulesFile): Map<string, Record<string, number>>;
+//# sourceMappingURL=rule-engine.d.ts.map

package/dist/lib/rule-engine.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rule-engine.d.ts","sourceRoot":"","sources":["../../src/lib/rule-engine.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,OAAO,EAAgC,MAAM,YAAY,CAAA;AACxF,OAAO,KAAK,EACV,cAAc,EACd,QAAQ,EACR,cAAc,EAEd,oBAAoB,EACpB,WAAW,EACZ,MAAM,aAAa,CAAA;AAWpB,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,QAAQ,EACd,gBAAgB,CAAC,EAAE,oBAAoB,GACtC,cAAc,GAAG,SAAS,CAgB5B;AAuHD,wBAAgB,aAAa,CAC3B,SAAS,EAAE,cAAc,EACzB,OAAO,EAAE,eAAe,EAAE,EAC1B,gBAAgB,CAAC,EAAE,oBAAoB,EACvC,WAAW,CAAC,EAAE,WAAW,GACxB,OAAO,EAAE,CAOX;AAID,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,cAAc,GACxB,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAYrC"}

package/dist/lib/rule-engine.js

@@ -0,0 +1,122 @@
+import { evaluateCondition, evaluateFieldCondition, computeSeverity, computeImpact, interpolate, } from './evaluate.js';
+// ── Composition resolution ──────────────────────────────────────
+export function resolveComposition(rule, sharedConditions) {
+    if (!rule.inherits || !sharedConditions)
+        return rule.condition;
+    const inherited = [];
+    for (const name of rule.inherits) {
+        const cond = sharedConditions.conditions[name];
+        if (!cond)
+            continue;
+        if (rule.overrides?.[name]) {
+            inherited.push(rule.overrides[name]);
+        }
+        else {
+            inherited.push(cond);
+        }
+    }
+    const existing = rule.condition?.match_all ?? [];
+    return { match_all: [...inherited, ...existing] };
+}
+function matchesExcludeFilter(entry, excludeNames, filtersFile) {
+    if (!excludeNames || !filtersFile)
+        return false;
+    for (const name of excludeNames) {
+        const filter = filtersFile.filters[name];
+        if (filter && evaluateFieldCondition(entry, filter))
+            return true;
+    }
+    return false;
+}
+// ── Single rule evaluation ──────────────────────────────────────
+function evaluateRule(ruleId, rule, entries, sharedConditions, filtersFile) {
+    if (rule.type === 'aggregate') {
+        return evaluateAggregateRule(ruleId, rule, entries);
+    }
+    if (rule.prerequisite) {
+        const prereqMet = entries.some((e) => evaluateFieldCondition(e, rule.prerequisite.any_entry_matches));
+        if (!prereqMet)
+            return null;
+    }
+    const resolvedCondition = resolveComposition(rule, sharedConditions) ?? rule.condition;
+    const affectedIndices = [];
+    if (resolvedCondition) {
+        for (let i = 0; i < entries.length; i++) {
+            if (matchesExcludeFilter(entries[i], rule.exclude, filtersFile))
+                continue;
+            if (evaluateCondition(entries[i], resolvedCondition)) {
+                affectedIndices.push(i);
+            }
+        }
+    }
+    const minCount = rule.min_count ?? 1;
+    if (affectedIndices.length < minCount)
+        return null;
+    const severity = computeSeverity(rule.severity, rule.severity_escalation, affectedIndices.length, entries.length);
+    const impact = computeImpact(entries, affectedIndices, rule.impact);
+    const count = affectedIndices.length;
+    const vars = {
+        count,
+        total: entries.length,
+        impact: Math.round(impact),
+        s: count !== 1 ? 's' : '',
+    };
+    return {
+        ruleId,
+        category: rule.category,
+        severity,
+        title: interpolate(rule.title, vars),
+        description: interpolate(rule.description, vars),
+        recommendation: interpolate(rule.recommendation, vars),
+        affectedEntries: affectedIndices,
+        impact,
+    };
+}
+function evaluateAggregateRule(ruleId, rule, entries) {
+    if (rule.aggregate_condition?.min_entries !== undefined) {
+        if (entries.length < rule.aggregate_condition.min_entries)
+            return null;
+    }
+    const severity = computeSeverity(rule.severity, rule.severity_escalation, entries.length, entries.length);
+    const vars = {
+        count: entries.length,
+        total: entries.length,
+        impact: 0,
+        s: entries.length !== 1 ? 's' : '',
+    };
+    return {
+        ruleId,
+        category: rule.category,
+        severity,
+        title: interpolate(rule.title, vars),
+        description: interpolate(rule.description, vars),
+        recommendation: interpolate(rule.recommendation, vars),
+        affectedEntries: [],
+        impact: 0,
+    };
+}
+// ── Main evaluation ─────────────────────────────────────────────
+export function evaluateRules(rulesFile, entries, sharedConditions, filtersFile) {
+    const findings = [];
+    for (const [ruleId, rule] of Object.entries(rulesFile.rules)) {
+        const finding = evaluateRule(ruleId, rule, entries, sharedConditions, filtersFile);
+        if (finding)
+            findings.push(finding);
+    }
+    return findings;
+}
+// ── Root cause weight extraction ────────────────────────────────
+export function getRootCauseWeights(rulesFile) {
+    const weights = new Map();
+    for (const [ruleId, rule] of Object.entries(rulesFile.rules)) {
+        if (rule.root_cause_weight) {
+            const w = {};
+            for (const [k, v] of Object.entries(rule.root_cause_weight)) {
+                if (v !== undefined)
+                    w[k] = v;
+            }
+            weights.set(ruleId, w);
+        }
+    }
+    return weights;
+}

package/dist/lib/sanitizer.d.ts

@@ -0,0 +1,10 @@
+/**
+ * HAR sanitizer: aggressive + selective modes.
+ *
+ * Operates on raw HAR objects. Produces a deep-cloned sanitized copy.
+ * Never mutates the input. Library returns raw data, sanitize() is explicit.
+ */
+import type { Har } from 'har-format';
+import type { SanitizeOptions } from './types.js';
+export declare function sanitize(har: Har, options?: SanitizeOptions): Har;
+//# sourceMappingURL=sanitizer.d.ts.map

package/dist/lib/sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizer.d.ts","sourceRoot":"","sources":["../../src/lib/sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,KAAK,EAAE,GAAG,EAAiB,MAAM,YAAY,CAAA;AACpD,OAAO,KAAK,EAAE,eAAe,EAAoB,MAAM,YAAY,CAAA;AA6JnE,wBAAgB,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,GAAG,CAejE"}

package/dist/lib/sanitizer.js

@@ -0,0 +1,129 @@
+// ── Sensitive patterns ──────────────────────────────────────────
+const SENSITIVE_HEADERS = new Set([
+    'authorization',
+    'cookie',
+    'set-cookie',
+    'x-csrf-token',
+    'x-xsrf-token',
+    'proxy-authorization',
+]);
+const SENSITIVE_QUERY_NAMES = new Set([
+    'token',
+    'key',
+    'secret',
+    'password',
+    'pwd',
+    'jwt',
+    'session',
+    'auth',
+    'api_key',
+    'apikey',
+    'access_token',
+    'refresh_token',
+    'client_secret',
+]);
+// JWT pattern: three base64url segments separated by dots
+const JWT_PATTERN = /^eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/;
+// High-entropy string heuristic: 20+ chars of base64-like content
+const HIGH_ENTROPY_PATTERN = /^[A-Za-z0-9+/=_-]{20,}$/;
+const REDACTED = '[REDACTED]';
+// ── Sanitization functions ──────────────────────────────────────
+function sanitizeHeaders(headers, categories) {
+    return headers.map((h) => {
+        const name = h.name.toLowerCase();
+        if (categories.has('auth-headers') && SENSITIVE_HEADERS.has(name)) {
+            return { name: h.name, value: REDACTED };
+        }
+        if (categories.has('cookies') && (name === 'cookie' || name === 'set-cookie')) {
+            return { name: h.name, value: REDACTED };
+        }
+        if (categories.has('response-cookies') && name === 'set-cookie') {
+            return { name: h.name, value: REDACTED };
+        }
+        if (categories.has('jwt-signatures') && JWT_PATTERN.test(h.value)) {
+            // Preserve header and payload, redact signature
+            const parts = h.value.split('.');
+            return { name: h.name, value: `${parts[0]}.${parts[1]}.[SIGNATURE_REDACTED]` };
+        }
+        if (categories.has('high-entropy') && HIGH_ENTROPY_PATTERN.test(h.value) && h.value.length > 40) {
+            return { name: h.name, value: REDACTED };
+        }
+        return { ...h };
+    });
+}
+function sanitizeUrl(url, categories) {
+    if (!categories.has('query-params'))
+        return url;
+    try {
+        const parsed = new URL(url);
+        const params = new URLSearchParams(parsed.search);
+        let changed = false;
+        for (const [key] of params) {
+            if (SENSITIVE_QUERY_NAMES.has(key.toLowerCase())) {
+                params.set(key, REDACTED);
+                changed = true;
+            }
+        }
+        if (changed) {
+            parsed.search = params.toString();
+            return parsed.toString();
+        }
+        return url;
+    }
+    catch {
+        return url;
+    }
+}
+function sanitizeCookies(cookies) {
+    if (!cookies)
+        return undefined;
+    return cookies.map((c) => ({ ...c, value: REDACTED }));
+}
+function sanitizeEntry(entry, categories) {
+    const sanitized = JSON.parse(JSON.stringify(entry));
+    // URL sanitization
+    if (sanitized.request) {
+        sanitized.request.url = sanitizeUrl(sanitized.request.url, categories);
+        if (sanitized.request.headers) {
+            sanitized.request.headers = sanitizeHeaders(sanitized.request.headers, categories);
+        }
+        if (categories.has('query-params') && sanitized.request.queryString) {
+            sanitized.request.queryString = sanitized.request.queryString.map((q) => {
+                if (SENSITIVE_QUERY_NAMES.has(q.name.toLowerCase())) {
+                    return { ...q, value: REDACTED };
+                }
+                return q;
+            });
+        }
+        if (categories.has('cookies') && sanitized.request.cookies) {
+            sanitized.request.cookies = sanitizeCookies(sanitized.request.cookies);
+        }
+    }
+    if (sanitized.response) {
+        if (sanitized.response.headers) {
+            sanitized.response.headers = sanitizeHeaders(sanitized.response.headers, categories);
+        }
+        if (categories.has('response-cookies') && sanitized.response.cookies) {
+            sanitized.response.cookies = sanitizeCookies(sanitized.response.cookies);
+        }
+    }
+    return sanitized;
+}
+// ── Main sanitize ───────────────────────────────────────────────
+const ALL_CATEGORIES = [
+    'cookies',
+    'auth-headers',
+    'query-params',
+    'response-cookies',
+    'jwt-signatures',
+    'high-entropy',
+];
+export function sanitize(har, options) {
+    const mode = options?.mode ?? 'aggressive';
+    const categories = new Set(mode === 'aggressive' ? ALL_CATEGORIES : (options?.categories ?? ALL_CATEGORIES));
+    const sanitized = JSON.parse(JSON.stringify(har));
+    if (sanitized.log?.entries) {
+        sanitized.log.entries = sanitized.log.entries.map((entry) => sanitizeEntry(entry, categories));
+    }
+    return sanitized;
+}

package/dist/lib/schema.d.ts

@@ -0,0 +1,85 @@
+/**
+ * TypeScript types for the YAML rule schema.
+ * Defines the contract for rule files, shared conditions, and filters.
+ */
+import type { IssueSeverity, IssueCategory } from './types.js';
+export interface FieldCondition {
+    field: string;
+    field_fallback?: string;
+    equals?: unknown;
+    not_equals?: unknown;
+    in?: unknown[];
+    not_in?: unknown[];
+    gt?: number;
+    gte?: number;
+    lt?: number;
+    lte?: number;
+    matches?: string;
+    not_matches?: string;
+}
+export interface ResponseHeaderSpec {
+    name: string;
+    value_matches?: string;
+    value_gt?: number;
+    value_lt?: number;
+}
+export interface ResponseHeaderCondition {
+    has_response_header?: ResponseHeaderSpec;
+    no_response_header?: Omit<ResponseHeaderSpec, 'value_gt' | 'value_lt'>;
+}
+export interface ConditionGroup {
+    match_all?: ConditionNode[];
+    match_any?: ConditionNode[];
+}
+export type ConditionNode = FieldCondition | ResponseHeaderCondition | ConditionGroup;
+export interface SeverityEscalation {
+    warning_threshold?: number;
+    critical_threshold?: number;
+    warning_ratio?: number;
+    critical_ratio?: number;
+}
+export interface ImpactSpec {
+    field?: string;
+    fields?: string[];
+    baseline?: number;
+    value?: number;
+}
+export interface RootCauseWeight {
+    server?: number;
+    network?: number;
+    client?: number;
+}
+export interface PrerequisiteSpec {
+    any_entry_matches: FieldCondition;
+}
+export interface AggregateCondition {
+    min_entries?: number;
+}
+export interface YamlRule {
+    category: IssueCategory | string;
+    severity: IssueSeverity;
+    severity_escalation?: SeverityEscalation;
+    title: string;
+    description: string;
+    recommendation: string;
+    condition?: ConditionGroup;
+    min_count?: number;
+    type?: 'per_entry' | 'aggregate';
+    aggregate_condition?: AggregateCondition;
+    prerequisite?: PrerequisiteSpec;
+    impact?: ImpactSpec;
+    root_cause_weight?: RootCauseWeight;
+    inherits?: string[];
+    exclude?: string[];
+    overrides?: Record<string, FieldCondition>;
+}
+export interface IssueRulesFile {
+    rules: Record<string, YamlRule>;
+}
+export interface SharedConditionsFile {
+    conditions: Record<string, FieldCondition>;
+}
+export interface FiltersFile {
+    filters: Record<string, FieldCondition>;
+}
+//# sourceMappingURL=schema.d.ts.map

package/dist/lib/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/lib/schema.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAA;AAI9D,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAA;IACb,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,MAAM,CAAC,EAAE,OAAO,CAAA;IAChB,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,EAAE,CAAC,EAAE,OAAO,EAAE,CAAA;IACd,MAAM,CAAC,EAAE,OAAO,EAAE,CAAA;IAClB,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,EAAE,CAAC,EAAE,MAAM,CAAA;IACX,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAA;IACZ,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,uBAAuB;IACtC,mBAAmB,CAAC,EAAE,kBAAkB,CAAA;IACxC,kBAAkB,CAAC,EAAE,IAAI,CAAC,kBAAkB,EAAE,UAAU,GAAG,UAAU,CAAC,CAAA;CACvE;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,aAAa,EAAE,CAAA;IAC3B,SAAS,CAAC,EAAE,aAAa,EAAE,CAAA;CAC5B;AAED,MAAM,MAAM,aAAa,GAAG,cAAc,GAAG,uBAAuB,GAAG,cAAc,CAAA;AAIrF,MAAM,WAAW,kBAAkB;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAA;IAC1B,kBAAkB,CAAC,EAAE,MAAM,CAAA;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAID,MAAM,WAAW,UAAU;IACzB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAA;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAID,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,cAAc,CAAA;CAClC;AAID,MAAM,WAAW,kBAAkB;IACjC,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAID,MAAM,WAAW,QAAQ;IACvB,QAAQ,EAAE,aAAa,GAAG,MAAM,CAAA;IAChC,QAAQ,EAAE,aAAa,CAAA;IACvB,mBAAmB,CAAC,EAAE,kBAAkB,CAAA;IACxC,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,EAAE,MAAM,CAAA;IACnB,cAAc,EAAE,MAAM,CAAA;IACtB,SAAS,CAAC,EAAE,cAAc,CAAA;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,IAAI,CAAC,EAAE,WAAW,GAAG,WAAW,CAAA;IAChC,mBAAmB,CAAC,EAAE,kBAAkB,CAAA;IACxC,YAAY,CAAC,EAAE,gBAAgB,CAAA;IAC/B,MAAM,CAAC,EAAE,UAAU,CAAA;IACnB,iBAAiB,CAAC,EAAE,eAAe,CAAA;IACnC,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAA;IACnB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAA;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;CAC3C;AAID,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAA;CAChC;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;CAC3C;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAA;CACxC"}

package/dist/lib/schema.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/trace-sanitizer.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Trace sanitizer: sanitizes output for verbose/trace/error messages.
+ * Public exports used by CLI --verbose, browser RuleTestRunner, and error formatting.
+ *
+ * Three functions:
+ *   sanitizeTrace(text) - general-purpose, catches headers + URLs + tokens
+ *   sanitizeUrl(url) - strips query params, preserves path
+ *   sanitizeHeaderValue(name, value) - redacts value for sensitive headers
+ */
+/**
+ * Strip query parameters from a URL. Preserves path and fragment.
+ * Handles malformed URLs gracefully (returns input unchanged if unparseable).
+ */
+export declare function sanitizeUrl(url: string): string;
+/**
+ * Redact the value of sensitive headers. Non-sensitive headers pass through.
+ * Case-insensitive header name matching.
+ */
+export declare function sanitizeHeaderValue(name: string, value: string): string;
+/**
+ * General-purpose trace sanitizer. Catches:
+ * - Header values (Authorization: Bearer xxx -> Authorization: [REDACTED])
+ * - URL query params (https://example.com?token=abc -> https://example.com)
+ * - Bearer tokens
+ * - JWT-like strings
+ *
+ * Handles multiline input. Returns empty string for null/undefined input.
+ */
+export declare function sanitizeTrace(text: string): string;
+//# sourceMappingURL=trace-sanitizer.d.ts.map

package/dist/lib/trace-sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"trace-sanitizer.d.ts","sourceRoot":"","sources":["../../src/lib/trace-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAiBH;;;GAGG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAgB/C;AAID;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAKvE;AAUD;;;;;;;;GAQG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAkBlD"}