heroku 10.15.2-beta.0 → 10.16.0-beta.0

package/lib/global_telemetry.d.ts

@@ -57,4 +57,5 @@ export declare function reportCmdNotFound(config: any): {
 };
 export declare function sendTelemetry(currentTelemetry: any): Promise<void>;
 export declare function sendToHoneycomb(data: Telemetry | CLIError): Promise<void>;
+export declare function sendToSentry(data: CLIError): Promise<void>;
 export {};

package/lib/global_telemetry.js

@@ -1,9 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.sendToHoneycomb = exports.sendTelemetry = exports.reportCmdNotFound = exports.computeDuration = exports.setupTelemetry = exports.initializeInstrumentation = exports.processor = void 0;
+exports.sendToSentry = exports.sendToHoneycomb = exports.sendTelemetry = exports.reportCmdNotFound = exports.computeDuration = exports.setupTelemetry = exports.initializeInstrumentation = exports.processor = void 0;
 const command_1 = require("@heroku-cli/command");
 const core_1 = require("@oclif/core");
 const api_1 = require("@opentelemetry/api");
+const Sentry = require("@sentry/node");
+const opentelemetry_1 = require("@sentry/opentelemetry");
+const presets_1 = require("./lib/data-scrubber/presets");
+const scrubber_1 = require("./lib/data-scrubber/scrubber");
+const patterns_1 = require("./lib/data-scrubber/patterns");
 const { Resource } = require('@opentelemetry/resources');
 const { SemanticResourceAttributes } = require('@opentelemetry/semantic-conventions');
 const { registerInstrumentations } = require('@opentelemetry/instrumentation');
@@ -24,6 +29,20 @@ const debug = require('debug')('global_telemetry');
 registerInstrumentations({
     instrumentations: [],
 });
+const scrubber = new scrubber_1.Scrubber({
+    fields: [...presets_1.HEROKU_FIELDS, ...presets_1.GDPR_FIELDS, ...presets_1.PCI_FIELDS],
+    patterns: [...patterns_1.PII_PATTERNS],
+});
+const sentryClient = Sentry.init({
+    dsn: 'https://76530569188e7ee2961373f37951d916@o4508609692368896.ingest.us.sentry.io/4508767754846208',
+    environment: isDev ? 'development' : 'production',
+    release: version,
+    tracesSampleRate: 1,
+    beforeSend(event) {
+        return scrubber.scrub(event).data;
+    },
+    skipOpenTelemetrySetup: true, // needed since we have our own OTEL setup
+});
 const resource = Resource
     .default()
     .merge(new Resource({
@@ -32,6 +51,7 @@ const resource = Resource
 }));
 const provider = new NodeTracerProvider({
     resource,
+    sampler: sentryClient ? new opentelemetry_1.SentrySampler(sentryClient) : undefined,
 });
 const headers = { Authorization: `Bearer ${process.env.IS_HEROKU_TEST_ENV !== 'true' ? getToken() : ''}` };
 const exporter = new OTLPTraceExporter({
@@ -42,7 +62,11 @@ const exporter = new OTLPTraceExporter({
 exports.processor = new BatchSpanProcessor(exporter);
 provider.addSpanProcessor(exports.processor);
 function initializeInstrumentation() {
-    provider.register();
+    provider.register({
+        propagator: new opentelemetry_1.SentryPropagator(),
+        contextManager: new Sentry.SentryContextManager(),
+    });
+    // provider.register()
 }
 exports.initializeInstrumentation = initializeInstrumentation;
 function setupTelemetry(config, opts) {
@@ -105,7 +129,15 @@ async function sendTelemetry(currentTelemetry) {
         return;
     }
     const telemetry = currentTelemetry;
-    await sendToHoneycomb(telemetry);
+    if (telemetry instanceof Error) {
+        await Promise.all([
+            sendToHoneycomb(telemetry),
+            sendToSentry(telemetry),
+        ]);
+    }
+    else {
+        await sendToHoneycomb(telemetry);
+    }
 }
 exports.sendTelemetry = sendTelemetry;
 async function sendToHoneycomb(data) {
@@ -133,10 +165,21 @@ async function sendToHoneycomb(data) {
             span.setAttribute('heroku_client.lifecycle_hook.command_not_found', data.lifecycleHookCompletion.command_not_found);
         }
         span.end();
-        exports.processor.forceFlush();
+        await exports.processor.forceFlush();
     }
     catch (_a) {
         debug('could not send telemetry');
     }
 }
 exports.sendToHoneycomb = sendToHoneycomb;
+async function sendToSentry(data) {
+    try {
+        Sentry.captureException(data);
+        // ensures all events are sent to Sentry before exiting.
+        await Sentry.flush();
+    }
+    catch (_a) {
+        debug('Could not send error report');
+    }
+}
+exports.sendToSentry = sendToSentry;

package/lib/lib/data-scrubber/patterns.d.ts

@@ -0,0 +1,4 @@
+/**
+ * Regex patterns for detecting PII in string content
+ */
+export declare const PII_PATTERNS: RegExp[];

package/lib/lib/data-scrubber/patterns.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PII_PATTERNS = void 0;
+/**
+ * Regex patterns for detecting PII in string content
+ */
+exports.PII_PATTERNS = [
+    // Social Security Numbers (US)
+    /\b\d{3}-\d{2}-\d{4}\b/g,
+    // Email addresses
+    /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g,
+    // Phone numbers (US format)
+    /\b\d{3}[-.]?\d{3}[-.]?\d{4}\b/g,
+    // JWT tokens
+    /\beyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g,
+];

package/lib/lib/data-scrubber/presets.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Heroku-specific sensitive field patterns
+ *
+ * Consolidated list of field names and patterns that contain sensitive data in Heroku applications.
+ *
+ * Use this preset to ensure consistent PII handling across Heroku services.
+ *
+ * @example
+ * ```typescript
+ * import { HEROKU_FIELDS } from '@heroku/js-blanket/core/presets';
+ * import { Scrubber } from '@heroku/js-blanket';
+ *
+ * const scrubber = new Scrubber({ fields: HEROKU_FIELDS });
+ * const result = scrubber.scrub(data);
+ * ```
+ */
+export declare const HEROKU_FIELDS: (string | RegExp)[];
+/**
+ * GDPR-relevant PII field patterns
+ *
+ * Field names that typically contain personally identifiable information (PII)
+ * regulated by GDPR (General Data Protection Regulation).
+ *
+ * Use this preset when handling EU user data to ensure compliance with GDPR requirements.
+ *
+ * @see {@link https://gdpr.eu/what-is-gdpr/|GDPR Official Documentation}
+ *
+ * @example
+ * ```typescript
+ * import { GDPR_FIELDS, HEROKU_FIELDS } from '@heroku/js-blanket/core/presets';
+ * import { Scrubber } from '@heroku/js-blanket';
+ *
+ * // Combine multiple presets
+ * const scrubber = new Scrubber({
+ *   fields: [...HEROKU_FIELDS, ...GDPR_FIELDS]
+ * });
+ * ```
+ */
+export declare const GDPR_FIELDS: string[];
+/**
+ * PCI-DSS relevant field patterns
+ *
+ * Field names that typically contain payment card information regulated by
+ * PCI-DSS (Payment Card Industry Data Security Standard).
+ *
+ * Use this preset when handling payment card data to help maintain PCI-DSS compliance.
+ *
+ * **Important**: This preset helps reduce exposure of sensitive payment data in logs and
+ * error reports, but is not a substitute for full PCI-DSS compliance measures.
+ *
+ * @see {@link https://www.pcisecuritystandards.org/|PCI Security Standards Council}
+ *
+ * @example
+ * ```typescript
+ * import { PCI_FIELDS } from '@heroku/js-blanket/core/presets';
+ * import { Scrubber } from '@heroku/js-blanket';
+ *
+ * const scrubber = new Scrubber({
+ *   fields: PCI_FIELDS,
+ *   patterns: [/\d{4}-\d{4}-\d{4}-\d{4}/g]  // Also scrub card numbers in text
+ * });
+ * ```
+ */
+export declare const PCI_FIELDS: string[];

package/lib/lib/data-scrubber/presets.js

@@ -0,0 +1,115 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PCI_FIELDS = exports.GDPR_FIELDS = exports.HEROKU_FIELDS = void 0;
+/**
+ * Heroku-specific sensitive field patterns
+ *
+ * Consolidated list of field names and patterns that contain sensitive data in Heroku applications.
+ *
+ * Use this preset to ensure consistent PII handling across Heroku services.
+ *
+ * @example
+ * ```typescript
+ * import { HEROKU_FIELDS } from '@heroku/js-blanket/core/presets';
+ * import { Scrubber } from '@heroku/js-blanket';
+ *
+ * const scrubber = new Scrubber({ fields: HEROKU_FIELDS });
+ * const result = scrubber.scrub(data);
+ * ```
+ */
+exports.HEROKU_FIELDS = [
+    // Authentication & Sessions
+    'access_token',
+    /api[-_]?key/i,
+    'authenticity_token',
+    'heroku_oauth_token',
+    'heroku_session_nonce',
+    'heroku_user_session',
+    'oauth_token',
+    'sudo_oauth_token',
+    'super_user_session_secret',
+    'user_session_secret',
+    'postgres_session_nonce',
+    // Passwords & Secrets
+    'password',
+    'passwd',
+    'old_secret',
+    'secret',
+    'secret_token',
+    'confirm_password',
+    'password_confirmation',
+    /client[-_]?secret/i,
+    // Tokens
+    'token',
+    'bouncer.token',
+    'bouncer.refresh_token',
+    // Headers (case-insensitive)
+    /authorization/i,
+    /cookie/i,
+    /x-refresh-token/i,
+    // SSO & Sessions
+    'www-sso-session',
+    // Payment
+    'payment_method',
+    // Infrastructure
+    'logplexUrl',
+];
+/**
+ * GDPR-relevant PII field patterns
+ *
+ * Field names that typically contain personally identifiable information (PII)
+ * regulated by GDPR (General Data Protection Regulation).
+ *
+ * Use this preset when handling EU user data to ensure compliance with GDPR requirements.
+ *
+ * @see {@link https://gdpr.eu/what-is-gdpr/|GDPR Official Documentation}
+ *
+ * @example
+ * ```typescript
+ * import { GDPR_FIELDS, HEROKU_FIELDS } from '@heroku/js-blanket/core/presets';
+ * import { Scrubber } from '@heroku/js-blanket';
+ *
+ * // Combine multiple presets
+ * const scrubber = new Scrubber({
+ *   fields: [...HEROKU_FIELDS, ...GDPR_FIELDS]
+ * });
+ * ```
+ */
+exports.GDPR_FIELDS = [
+    'email',
+    'phone',
+    'address',
+    'postal_code',
+    'ssn',
+    'tax_id',
+];
+/**
+ * PCI-DSS relevant field patterns
+ *
+ * Field names that typically contain payment card information regulated by
+ * PCI-DSS (Payment Card Industry Data Security Standard).
+ *
+ * Use this preset when handling payment card data to help maintain PCI-DSS compliance.
+ *
+ * **Important**: This preset helps reduce exposure of sensitive payment data in logs and
+ * error reports, but is not a substitute for full PCI-DSS compliance measures.
+ *
+ * @see {@link https://www.pcisecuritystandards.org/|PCI Security Standards Council}
+ *
+ * @example
+ * ```typescript
+ * import { PCI_FIELDS } from '@heroku/js-blanket/core/presets';
+ * import { Scrubber } from '@heroku/js-blanket';
+ *
+ * const scrubber = new Scrubber({
+ *   fields: PCI_FIELDS,
+ *   patterns: [/\d{4}-\d{4}-\d{4}-\d{4}/g]  // Also scrub card numbers in text
+ * });
+ * ```
+ */
+exports.PCI_FIELDS = [
+    'card_number',
+    'cvv',
+    'credit_card',
+    'payment_method',
+];

package/lib/lib/data-scrubber/scrubber.d.ts

@@ -0,0 +1,131 @@
+import { ScrubConfig, ScrubResult } from './types';
+/**
+ * Core Scrubber - Deep object traversal with PII scrubbing
+ *
+ * A high-performance, immutable scrubbing engine that removes sensitive data from structured objects.
+ * Supports three scrubbing modes:
+ * - **Field-based**: Scrubs values based on field names (e.g., 'password', 'apiToken')
+ * - **Path-based**: Scrubs values at specific paths (e.g., 'user.email', 'request.headers.authorization')
+ * - **Pattern-based**: Scrubs content matching regex patterns (e.g., SSN, credit cards)
+ *
+ * ### Design Principles
+ * - **Immutable**: All operations create new objects, never mutate inputs
+ * - **Type-safe**: Preserves TypeScript types through generic constraints
+ * - **Circular-safe**: Handles circular references without crashing
+ * - **Performance**: <1ms p95 for logging, <10ms p95 for exception handling (544k+ ops/sec)
+ *
+ * ### Pattern Adoption
+ * Patterns adopted from `@heroku/oauth-provider-adapters-for-mcp/src/logging/redaction.ts`:
+ * - Deep recursive traversal with circular reference detection
+ * - Immutable cloning strategy with fallback for complex objects
+ * - Nested path resolution (e.g., 'user.profile.email')
+ * - General array path handling (e.g., 'users[0].password')
+ * - Type-safe generics preserving input types
+ *
+ * Enhanced with:
+ * - Field-based matching supporting both strings and regular expressions
+ * - Pattern-based content scrubbing for SSN, credit cards, etc.
+ * - Dual scrubbing: both field/path matching AND content pattern replacement
+ *
+ * @example Basic Usage
+ * ```typescript
+ * const scrubber = new Scrubber({
+ *   fields: ['password', 'apiToken'],
+ *   replacement: '[REDACTED]'
+ * });
+ *
+ * const result = scrubber.scrub({
+ *   user: { name: 'John', password: 'secret123' }
+ * });
+ * // Result: { user: { name: 'John', password: '[REDACTED]' } }
+ * ```
+ *
+ * @example Advanced Usage with All Modes
+ * ```typescript
+ * const scrubber = new Scrubber({
+ *   fields: ['password', /api[-_]?key/i],  // Regex matches api_key, api-key, apikey
+ *   paths: ['user.email', 'request.headers.authorization'],
+ *   patterns: [/\b\d{3}-\d{2}-\d{4}\b/g],  // SSN pattern
+ *   replacement: '[SCRUBBED]'
+ * });
+ *
+ * const result = scrubber.scrub({
+ *   user: { name: 'John', email: 'john@example.com', password: 'secret' },
+ *   request: { headers: { authorization: 'Bearer token123' } },
+ *   message: 'User SSN is 123-45-6789'
+ * });
+ * ```
+ */
+export declare class Scrubber {
+    private config;
+    private circularRefs;
+    private pathSet;
+    /**
+     * Creates a new Scrubber instance with the specified configuration
+     *
+     * @param config - Scrubbing configuration
+     * @param config.fields - Field names to scrub (strings or regex patterns)
+     * @param config.paths - Dot-notation paths to scrub (e.g., 'user.email', 'items[0].password')
+     * @param config.patterns - Regex patterns for content scrubbing (must include global flag for multiple matches)
+     * @param config.replacement - Replacement string for scrubbed values (default: '[SCRUBBED]')
+     * @param config.recursive - Whether to recursively scrub nested objects (default: true)
+     *
+     * @example
+     * ```typescript
+     * const scrubber = new Scrubber({
+     *   fields: ['password', /api[-_]?key/i],
+     *   paths: ['user.email'],
+     *   patterns: [/\b\d{3}-\d{2}-\d{4}\b/g],
+     *   replacement: '[REDACTED]'
+     * });
+     * ```
+     */
+    constructor(config: ScrubConfig);
+    /**
+     * Scrubs sensitive data from an object
+     *
+     * This is the main entry point for the scrubbing engine. It performs three types of scrubbing:
+     * 1. **Field-based**: Replaces values of fields matching configured field names/patterns
+     * 2. **Path-based**: Replaces values at specific dot-notation paths
+     * 3. **Pattern-based**: Replaces content within string values matching regex patterns
+     *
+     * The operation is immutable - the input object is not modified. A deep clone is created
+     * and scrubbed values are replaced in the clone.
+     *
+     * ### Performance Characteristics
+     * - Small objects (typical logs): ~0.003ms p95
+     * - Medium objects (typical errors): ~0.034ms p95
+     * - Large objects (10KB+): ~1.2ms p95
+     * - Throughput: 54,000+ events/sec
+     *
+     * @template T - The type of the input object (preserved in output)
+     * @param obj - The object to scrub
+     * @returns A result object containing the scrubbed data, whether scrubbing occurred, and which paths were scrubbed
+     *
+     * @example Basic scrubbing
+     * ```typescript
+     * const scrubber = new Scrubber({ fields: ['password'] });
+     * const result = scrubber.scrub({ user: 'john', password: 'secret' });
+     * // result.data === { user: 'john', password: '[SCRUBBED]' }
+     * // result.scrubbed === true
+     * // result.scrubbedPaths === ['password']
+     * ```
+     *
+     * @example Type preservation
+     * ```typescript
+     * interface User { name: string; email: string; password: string; }
+     * const scrubber = new Scrubber({ fields: ['password', 'email'] });
+     * const user: User = { name: 'John', email: 'john@example.com', password: 'secret' };
+     * const result = scrubber.scrub(user);
+     * // result.data is still typed as User
+     * ```
+     */
+    scrub<T>(obj: T): ScrubResult<T>;
+    private scrubObject;
+    private scrubValue;
+    /**
+     * Check if a field name matches any configured sensitive field patterns
+     */
+    private isSensitiveField;
+    private deepClone;
+}

package/lib/lib/data-scrubber/scrubber.js

@@ -0,0 +1,258 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Scrubber = void 0;
+/**
+ * Core Scrubber - Deep object traversal with PII scrubbing
+ *
+ * A high-performance, immutable scrubbing engine that removes sensitive data from structured objects.
+ * Supports three scrubbing modes:
+ * - **Field-based**: Scrubs values based on field names (e.g., 'password', 'apiToken')
+ * - **Path-based**: Scrubs values at specific paths (e.g., 'user.email', 'request.headers.authorization')
+ * - **Pattern-based**: Scrubs content matching regex patterns (e.g., SSN, credit cards)
+ *
+ * ### Design Principles
+ * - **Immutable**: All operations create new objects, never mutate inputs
+ * - **Type-safe**: Preserves TypeScript types through generic constraints
+ * - **Circular-safe**: Handles circular references without crashing
+ * - **Performance**: <1ms p95 for logging, <10ms p95 for exception handling (544k+ ops/sec)
+ *
+ * ### Pattern Adoption
+ * Patterns adopted from `@heroku/oauth-provider-adapters-for-mcp/src/logging/redaction.ts`:
+ * - Deep recursive traversal with circular reference detection
+ * - Immutable cloning strategy with fallback for complex objects
+ * - Nested path resolution (e.g., 'user.profile.email')
+ * - General array path handling (e.g., 'users[0].password')
+ * - Type-safe generics preserving input types
+ *
+ * Enhanced with:
+ * - Field-based matching supporting both strings and regular expressions
+ * - Pattern-based content scrubbing for SSN, credit cards, etc.
+ * - Dual scrubbing: both field/path matching AND content pattern replacement
+ *
+ * @example Basic Usage
+ * ```typescript
+ * const scrubber = new Scrubber({
+ *   fields: ['password', 'apiToken'],
+ *   replacement: '[REDACTED]'
+ * });
+ *
+ * const result = scrubber.scrub({
+ *   user: { name: 'John', password: 'secret123' }
+ * });
+ * // Result: { user: { name: 'John', password: '[REDACTED]' } }
+ * ```
+ *
+ * @example Advanced Usage with All Modes
+ * ```typescript
+ * const scrubber = new Scrubber({
+ *   fields: ['password', /api[-_]?key/i],  // Regex matches api_key, api-key, apikey
+ *   paths: ['user.email', 'request.headers.authorization'],
+ *   patterns: [/\b\d{3}-\d{2}-\d{4}\b/g],  // SSN pattern
+ *   replacement: '[SCRUBBED]'
+ * });
+ *
+ * const result = scrubber.scrub({
+ *   user: { name: 'John', email: 'john@example.com', password: 'secret' },
+ *   request: { headers: { authorization: 'Bearer token123' } },
+ *   message: 'User SSN is 123-45-6789'
+ * });
+ * ```
+ */
+class Scrubber {
+    /**
+     * Creates a new Scrubber instance with the specified configuration
+     *
+     * @param config - Scrubbing configuration
+     * @param config.fields - Field names to scrub (strings or regex patterns)
+     * @param config.paths - Dot-notation paths to scrub (e.g., 'user.email', 'items[0].password')
+     * @param config.patterns - Regex patterns for content scrubbing (must include global flag for multiple matches)
+     * @param config.replacement - Replacement string for scrubbed values (default: '[SCRUBBED]')
+     * @param config.recursive - Whether to recursively scrub nested objects (default: true)
+     *
+     * @example
+     * ```typescript
+     * const scrubber = new Scrubber({
+     *   fields: ['password', /api[-_]?key/i],
+     *   paths: ['user.email'],
+     *   patterns: [/\b\d{3}-\d{2}-\d{4}\b/g],
+     *   replacement: '[REDACTED]'
+     * });
+     * ```
+     */
+    constructor(config) {
+        this.circularRefs = new WeakSet();
+        this.config = {
+            fields: config.fields || [],
+            paths: config.paths || [],
+            patterns: config.patterns || [],
+            replacement: config.replacement || '[SCRUBBED]',
+            recursive: config.recursive !== undefined ? config.recursive : true,
+        };
+        // Pre-compute path set for O(1) lookups
+        this.pathSet = new Set(this.config.paths);
+    }
+    /**
+     * Scrubs sensitive data from an object
+     *
+     * This is the main entry point for the scrubbing engine. It performs three types of scrubbing:
+     * 1. **Field-based**: Replaces values of fields matching configured field names/patterns
+     * 2. **Path-based**: Replaces values at specific dot-notation paths
+     * 3. **Pattern-based**: Replaces content within string values matching regex patterns
+     *
+     * The operation is immutable - the input object is not modified. A deep clone is created
+     * and scrubbed values are replaced in the clone.
+     *
+     * ### Performance Characteristics
+     * - Small objects (typical logs): ~0.003ms p95
+     * - Medium objects (typical errors): ~0.034ms p95
+     * - Large objects (10KB+): ~1.2ms p95
+     * - Throughput: 54,000+ events/sec
+     *
+     * @template T - The type of the input object (preserved in output)
+     * @param obj - The object to scrub
+     * @returns A result object containing the scrubbed data, whether scrubbing occurred, and which paths were scrubbed
+     *
+     * @example Basic scrubbing
+     * ```typescript
+     * const scrubber = new Scrubber({ fields: ['password'] });
+     * const result = scrubber.scrub({ user: 'john', password: 'secret' });
+     * // result.data === { user: 'john', password: '[SCRUBBED]' }
+     * // result.scrubbed === true
+     * // result.scrubbedPaths === ['password']
+     * ```
+     *
+     * @example Type preservation
+     * ```typescript
+     * interface User { name: string; email: string; password: string; }
+     * const scrubber = new Scrubber({ fields: ['password', 'email'] });
+     * const user: User = { name: 'John', email: 'john@example.com', password: 'secret' };
+     * const result = scrubber.scrub(user);
+     * // result.data is still typed as User
+     * ```
+     */
+    scrub(obj) {
+        const scrubbedPaths = [];
+        const cloned = this.deepClone(obj);
+        // Reset circular refs tracker for each scrub operation
+        this.circularRefs = new WeakSet();
+        const scrubbed = this.scrubObject(cloned, '', scrubbedPaths);
+        return {
+            data: scrubbed,
+            scrubbed: scrubbedPaths.length > 0,
+            scrubbedPaths,
+        };
+    }
+    scrubObject(obj, path, paths) {
+        // Handle circular references
+        if (obj && typeof obj === 'object') {
+            if (this.circularRefs.has(obj)) {
+                return '[Circular Reference]';
+            }
+            this.circularRefs.add(obj);
+        }
+        // Handle primitives
+        if (obj === null || typeof obj !== 'object') {
+            return this.scrubValue(obj, path, paths);
+        }
+        // Handle arrays
+        if (Array.isArray(obj)) {
+            return obj.map((item, index) => {
+                const indexStr = index.toString();
+                const arrayPath = path ? `${path}[${index}]` : indexStr;
+                // Check if this specific array index path should be scrubbed
+                if (this.pathSet.has(indexStr) || this.pathSet.has(arrayPath)) {
+                    paths.push(arrayPath);
+                    return this.config.replacement;
+                }
+                // Recursively scrub array items
+                return this.scrubObject(item, arrayPath, paths);
+            });
+        }
+        // Handle objects - create new object (immutable approach)
+        const result = {};
+        for (const [key, value] of Object.entries(obj)) {
+            const keyPath = path ? `${path}.${key}` : key;
+            // Check if this specific path should be scrubbed
+            if (this.pathSet.has(key) || this.pathSet.has(keyPath)) {
+                result[key] = this.config.replacement;
+                paths.push(keyPath);
+                continue;
+            }
+            // Check if key matches sensitive field pattern
+            if (this.isSensitiveField(key)) {
+                result[key] = this.config.replacement;
+                paths.push(keyPath);
+                continue;
+            }
+            // Recursively scrub value
+            result[key] = this.config.recursive ?
+                this.scrubObject(value, keyPath, paths) :
+                this.scrubValue(value, keyPath, paths);
+        }
+        return result;
+    }
+    scrubValue(value, path, paths) {
+        if (typeof value !== 'string') {
+            return value;
+        }
+        let scrubbed = value;
+        let didScrub = false;
+        // Check against patterns (SSN, credit cards, etc.)
+        for (const pattern of this.config.patterns) {
+            if (pattern.test(scrubbed)) {
+                scrubbed = scrubbed.replace(pattern, this.config.replacement);
+                didScrub = true;
+            }
+        }
+        if (didScrub) {
+            paths.push(path);
+        }
+        return scrubbed;
+    }
+    /**
+     * Check if a field name matches any configured sensitive field patterns
+     */
+    isSensitiveField(key) {
+        return this.config.fields.some(field => {
+            if (field instanceof RegExp) {
+                return field.test(key);
+            }
+            return key.toLowerCase().includes(field.toLowerCase());
+        });
+    }
+    deepClone(obj) {
+        try {
+            // Fast path for JSON-serializable objects
+            return JSON.parse(JSON.stringify(obj));
+        }
+        catch (_a) {
+            // Fallback for objects with circular references
+            const seen = new WeakMap();
+            // eslint-disable-next-line no-inner-declarations
+            function clone(value) {
+                if (value === null || typeof value !== 'object') {
+                    return value;
+                }
+                if (seen.has(value)) {
+                    return seen.get(value);
+                }
+                if (Array.isArray(value)) {
+                    const arr = [];
+                    seen.set(value, arr);
+                    value.forEach((item, i) => {
+                        arr[i] = clone(item);
+                    });
+                    return arr;
+                }
+                const obj = {};
+                seen.set(value, obj);
+                Object.keys(value).forEach(key => {
+                    obj[key] = clone(value[key]);
+                });
+                return obj;
+            }
+            return clone(obj);
+        }
+    }
+}
+exports.Scrubber = Scrubber;

package/lib/lib/data-scrubber/types.d.ts

@@ -0,0 +1,169 @@
+/**
+ * Configuration for the Scrubber
+ *
+ * Defines how the scrubber should identify and replace sensitive data.
+ * Supports three complementary scrubbing strategies:
+ *
+ * 1. **Field-based scrubbing** (`fields`): Matches field names at any depth in the object tree
+ * 2. **Path-based scrubbing** (`paths`): Matches specific dot-notation paths
+ * 3. **Pattern-based scrubbing** (`patterns`): Matches regex patterns in string content
+ *
+ * All three strategies can be used together for comprehensive data scrubbing.
+ *
+ * @example Field-based configuration
+ * ```typescript
+ * const config: ScrubConfig = {
+ *   fields: ['password', 'apiToken', /api[-_]?key/i], // Strings and regex patterns
+ *   replacement: '[REDACTED]'
+ * };
+ * ```
+ *
+ * @example Path-based configuration
+ * ```typescript
+ * const config: ScrubConfig = {
+ *   paths: [
+ *     'user.email',
+ *     'request.headers.authorization',
+ *     'items[0].password'  // Array index notation
+ *   ]
+ * };
+ * ```
+ *
+ * @example Pattern-based configuration
+ * ```typescript
+ * const config: ScrubConfig = {
+ *   patterns: [
+ *     /\b\d{3}-\d{2}-\d{4}\b/g,           // SSN
+ *     /\d{4}-\d{4}-\d{4}-\d{4}/g,        // Credit card
+ *     /[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}/g  // Email
+ *   ]
+ * };
+ * ```
+ */
+export interface ScrubConfig {
+    /**
+     * Field-based scrubbing: matches field names at any depth
+     *
+     * Supports both exact string matches and regular expressions for flexible matching.
+     * String matches are case-insensitive and use substring matching.
+     *
+     * @example
+     * ```typescript
+     * fields: [
+     *   'password',           // Matches 'password', 'Password', 'old_password', etc.
+     *   'apiToken',           // Matches 'apiToken', 'api_token', etc.
+     *   /api[-_]?key/i,       // Regex: matches 'api_key', 'api-key', 'apikey' (case insensitive)
+     *   /^secret$/            // Exact match: only 'secret', not 'my_secret'
+     * ]
+     * ```
+     */
+    fields?: (string | RegExp)[];
+    /**
+     * Path-based scrubbing: matches specific dot-notation paths
+     *
+     * Use dot notation to target specific fields in nested objects.
+     * Supports array index notation (e.g., `items[0].password`).
+     *
+     * @example
+     * ```typescript
+     * paths: [
+     *   'user.email',                        // Scrubs obj.user.email
+     *   'request.headers.authorization',     // Nested path
+     *   'items[0].secret',                   // Array index notation
+     *   'users[0]'                           // Scrubs entire array element
+     * ]
+     * ```
+     */
+    paths?: string[];
+    /**
+     * Pattern-based scrubbing: regex patterns for content scrubbing
+     *
+     * Scans string values and replaces content matching the patterns.
+     * Use the global flag (`/pattern/g`) to replace all matches in a string.
+     *
+     * **Note**: Patterns are applied to string values only, not to field names or paths.
+     *
+     * @example
+     * ```typescript
+     * patterns: [
+     *   /\b\d{3}-\d{2}-\d{4}\b/g,      // Social Security Number
+     *   /\d{4}-\d{4}-\d{4}-\d{4}/g,    // Credit Card
+     *   /Bearer\s+[A-Za-z0-9._-]+/g    // Bearer tokens
+     * ]
+     * ```
+     */
+    patterns?: RegExp[];
+    /**
+     * Replacement string for scrubbed values
+     *
+     * @default '[SCRUBBED]'
+     *
+     * @example
+     * ```typescript
+     * replacement: '[REDACTED]'     // Custom replacement text
+     * replacement: '***'            // Simple masking
+     * replacement: ''               // Empty string (removes content)
+     * ```
+     */
+    replacement?: string;
+    /**
+     * Whether to recursively scrub nested objects
+     *
+     * When `true`, the scrubber traverses the entire object tree.
+     * When `false`, only top-level fields are scrubbed.
+     *
+     * @default true
+     *
+     * @example
+     * ```typescript
+     * recursive: false  // Only scrub top-level fields
+     * ```
+     */
+    recursive?: boolean;
+}
+/**
+ * Result of a scrub operation
+ *
+ * Contains the scrubbed data along with metadata about what was scrubbed.
+ *
+ * @template T - The type of the scrubbed data (same as input type)
+ *
+ * @example
+ * ```typescript
+ * const scrubber = new Scrubber({ fields: ['password'] });
+ * const result = scrubber.scrub({ user: 'john', password: 'secret' });
+ *
+ * console.log(result.data);           // { user: 'john', password: '[SCRUBBED]' }
+ * console.log(result.scrubbed);       // true
+ * console.log(result.scrubbedPaths);  // ['password']
+ * ```
+ */
+export interface ScrubResult<T> {
+    /**
+     * The scrubbed data with sensitive values replaced
+     *
+     * This is a deep clone of the input with scrubbed values replaced.
+     * The original input is never mutated.
+     */
+    data: T;
+    /**
+     * Whether any scrubbing occurred
+     *
+     * `true` if at least one value was scrubbed, `false` if no sensitive data was found.
+     *
+     * Useful for logging or metrics to track scrubbing activity.
+     */
+    scrubbed: boolean;
+    /**
+     * Array of paths that were scrubbed
+     *
+     * Contains dot-notation paths for all fields that were scrubbed.
+     * Useful for debugging, auditing, or understanding what data was redacted.
+     *
+     * @example
+     * ```typescript
+     * ['password', 'user.email', 'request.headers.authorization']
+     * ```
+     */
+    scrubbedPaths: string[];
+}

package/lib/lib/data-scrubber/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/lib/pg/psql.d.ts

@@ -1,8 +1,8 @@
 /// <reference types="node" />
 /// <reference types="node" />
 import { SpawnOptions } from 'child_process';
-import { ConnectionDetailsWithAttachment } from '@heroku/heroku-cli-util';
-export declare function fetchVersion(db: ConnectionDetailsWithAttachment): Promise<string | undefined>;
+import { ConnectionDetails } from '@heroku/heroku-cli-util';
+export declare function fetchVersion(db: ConnectionDetails): Promise<string | undefined>;
 export declare function psqlFileOptions(file: string, dbEnv: NodeJS.ProcessEnv): {
     dbEnv: NodeJS.ProcessEnv;
     psqlArgs: string[];
@@ -13,5 +13,5 @@ export declare function psqlInteractiveOptions(prompt: string, dbEnv: NodeJS.Pro
     psqlArgs: string[];
     childProcessOptions: SpawnOptions;
 };
-export declare function execFile(db: ConnectionDetailsWithAttachment, file: string): Promise<string>;
-export declare function interactive(db: ConnectionDetailsWithAttachment): Promise<string>;
+export declare function execFile(db: ConnectionDetails, file: string): Promise<string>;
+export declare function interactive(db: ConnectionDetails): Promise<string>;

package/oclif.manifest.json

@@ -15015,5 +15015,5 @@
       ]
     }
   },
-  "version": "10.15.2-beta.0"
+  "version": "10.16.0-beta.0"
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "heroku",
   "description": "CLI to interact with Heroku",
-  "version": "10.15.2-beta.0",
+  "version": "10.16.0-beta.0",
   "author": "Heroku",
   "bin": "./bin/run",
   "bugs": "https://github.com/heroku/cli/issues",
@@ -9,11 +9,11 @@
     "@heroku-cli/color": "2.0.1",
     "@heroku-cli/command": "^11.8.0",
     "@heroku-cli/notifications": "^1.2.4",
-    "@heroku-cli/plugin-ps-exec": "2.6.2",
+    "@heroku-cli/plugin-ps-exec": "2.6.4",
     "@heroku-cli/schema": "^1.0.25",
     "@heroku/buildpack-registry": "^1.0.1",
     "@heroku/eventsource": "^1.0.7",
-    "@heroku/heroku-cli-util": "^9.1.3",
+    "@heroku/heroku-cli-util": "^9.2.0",
     "@heroku/http-call": "^5.5.0",
     "@heroku/mcp-server": "1.0.7-alpha.1",
     "@heroku/plugin-ai": "^1.0.1",
@@ -35,6 +35,8 @@
     "@opentelemetry/sdk-trace-base": "^1.15.1",
     "@opentelemetry/sdk-trace-node": "^1.15.1",
     "@opentelemetry/semantic-conventions": "^1.24.1",
+    "@sentry/node": "^10.27.0",
+    "@sentry/opentelemetry": "^10.27.0",
     "@types/js-yaml": "^3.12.5",
     "ansi-escapes": "3.2.0",
     "async-file": "^2.0.2",
@@ -61,7 +63,7 @@
     "printf": "0.6.1",
     "psl": "^1.9.0",
     "redis-parser": "^3.0.0",
-    "semver": "7.6.1",
+    "semver": "^7.7.3",
     "shell-escape": "^0.2.0",
     "shell-quote": "^1.8.1",
     "smooth-progress": "^1.1.0",
@@ -397,5 +399,5 @@
     "version": "oclif readme --multi && git add README.md ../../docs"
   },
   "types": "lib/index.d.ts",
-  "gitHead": "ed1c1a07c328d6b18d1feee24c3ff6ebf0153187"
+  "gitHead": "5491b546df92d9877b65266e323ada98a85406f3"
 }