retestkit 1.4.1 → 1.5.0

package/src/logger.redaction.test.ts

@@ -1,322 +0,0 @@
-/**
- * Sensitive Data Redaction Tests (Phase 11.4)
- *
- * Tests for:
- * - URL params with sensitive keys redacted
- * - Cookie values redacted in logs
- * - Password input values redacted
- */
-
-import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
-import { createLogger } from "./logger.js";
-
-describe("Sensitive Data Redaction", () => {
-  let stderrWrite: ReturnType<typeof vi.spyOn>;
-  let output: string[];
-
-  beforeEach(() => {
-    output = [];
-    stderrWrite = vi
-      .spyOn(process.stderr, "write")
-      .mockImplementation((chunk: string | Uint8Array) => {
-        output.push(chunk.toString());
-        return true;
-      });
-  });
-
-  afterEach(() => {
-    stderrWrite.mockRestore();
-  });
-
-  describe("URL Parameter Redaction (11.4.1)", () => {
-    it("redacts password in URL params object", () => {
-      const logger = createLogger("info");
-      logger.info("User request", {
-        urlParams: { username: "alice", password: "secret123" },
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.urlParams.username).toBe("alice");
-      expect(entry.data.urlParams.password).toBe("[REDACTED]");
-    });
-
-    it("redacts token in URL params object", () => {
-      const logger = createLogger("info");
-      logger.info("API request", {
-        params: { action: "login", token: "abc123xyz" },
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.params.action).toBe("login");
-      expect(entry.data.params.token).toBe("[REDACTED]");
-    });
-
-    it("redacts apiKey in URL params object", () => {
-      const logger = createLogger("info");
-      logger.info("API request", {
-        queryParams: { endpoint: "/users", apiKey: "sk-123456" },
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.queryParams.endpoint).toBe("/users");
-      expect(entry.data.queryParams.apiKey).toBe("[REDACTED]");
-    });
-
-    it("redacts auth params in deeply nested objects", () => {
-      const logger = createLogger("info");
-      logger.info("Request details", {
-        request: {
-          path: "/api/users",
-          query: {
-            safe: "value",
-            token: "sensitive-token",
-          },
-        },
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.request.path).toBe("/api/users");
-      expect(entry.data.request.query.safe).toBe("value");
-      expect(entry.data.request.query.token).toBe("[REDACTED]");
-    });
-
-    it("redacts secret key variations", () => {
-      const logger = createLogger("info");
-      logger.info("Config", {
-        secret: "mySecret",
-        secretKey: "mySecretKey",
-        privateKey: "myPrivateKey",
-        accessToken: "myAccessToken",
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.secret).toBe("[REDACTED]");
-      expect(entry.data.secretKey).toBe("[REDACTED]");
-      // Note: these depend on exact implementation - testing what's in the actual patterns
-    });
-  });
-
-  describe("Cookie Value Redaction (11.4.2)", () => {
-    it("redacts cookie field in data object", () => {
-      const logger = createLogger("info");
-      logger.info("Browser cookies", {
-        cookie: "session=abc123; auth=xyz789",
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.cookie).toBe("[REDACTED]");
-    });
-
-    it("redacts cookies field in data object", () => {
-      const logger = createLogger("info");
-      logger.info("Request headers", {
-        headers: {
-          "content-type": "application/json",
-          cookies: "session=abc123",
-        },
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.headers["content-type"]).toBe("application/json");
-      // Check if cookies is redacted (depends on implementation)
-    });
-
-    it("redacts session ID in nested object", () => {
-      const logger = createLogger("info");
-      logger.info("Session data", {
-        user: {
-          id: 123,
-          sessionId: "sess_abc123xyz",
-        },
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.user.id).toBe(123);
-      // sessionId may or may not be redacted depending on patterns
-    });
-  });
-
-  describe("Password Input Value Redaction (11.4.3)", () => {
-    it("redacts password field at top level", () => {
-      const logger = createLogger("info");
-      logger.info("Login attempt", {
-        username: "alice",
-        password: "SuperSecret123!",
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.username).toBe("alice");
-      expect(entry.data.password).toBe("[REDACTED]");
-    });
-
-    it("redacts password in form data", () => {
-      const logger = createLogger("info");
-      logger.info("Form submission", {
-        formData: {
-          email: "test@example.com",
-          password: "MyPassword123",
-          rememberMe: true,
-        },
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.formData.email).toBe("test@example.com");
-      expect(entry.data.formData.password).toBe("[REDACTED]");
-      expect(entry.data.formData.rememberMe).toBe(true);
-    });
-
-    it("redacts password confirmation field", () => {
-      const logger = createLogger("info");
-      logger.info("Registration", {
-        email: "user@example.com",
-        password: "NewPass123",
-        passwordConfirm: "NewPass123",
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.email).toBe("user@example.com");
-      expect(entry.data.password).toBe("[REDACTED]");
-      // passwordConfirm might also be redacted
-    });
-
-    it("redacts authorization header", () => {
-      const logger = createLogger("info");
-      logger.info("API call", {
-        headers: {
-          authorization: "Bearer eyJhbGciOiJIUzI1NiIs...",
-          "content-type": "application/json",
-        },
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.headers.authorization).toBe("[REDACTED]");
-      expect(entry.data.headers["content-type"]).toBe("application/json");
-    });
-
-    it("redacts credential in any position", () => {
-      const logger = createLogger("info");
-      logger.info("Auth flow", {
-        step1: { user: "admin", password: "secret" },
-        step2: { verified: true },
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.step1.user).toBe("admin");
-      expect(entry.data.step1.password).toBe("[REDACTED]");
-      expect(entry.data.step2.verified).toBe(true);
-    });
-  });
-
-  describe("Non-Sensitive Data Preservation", () => {
-    it("preserves non-sensitive URL params", () => {
-      const logger = createLogger("info");
-      logger.info("Page request", {
-        url: "https://example.com/page",
-        params: {
-          page: 1,
-          sort: "name",
-          filter: "active",
-        },
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.url).toBe("https://example.com/page");
-      expect(entry.data.params.page).toBe(1);
-      expect(entry.data.params.sort).toBe("name");
-      expect(entry.data.params.filter).toBe("active");
-    });
-
-    it("preserves user data except password", () => {
-      const logger = createLogger("info");
-      logger.info("User profile", {
-        user: {
-          name: "John Doe",
-          email: "john@example.com",
-          role: "admin",
-          createdAt: "2024-01-01",
-        },
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.user.name).toBe("John Doe");
-      expect(entry.data.user.email).toBe("john@example.com");
-      expect(entry.data.user.role).toBe("admin");
-    });
-
-    it("preserves arrays of non-sensitive data", () => {
-      const logger = createLogger("info");
-      logger.info("Items list", {
-        items: [
-          { id: 1, name: "Item 1" },
-          { id: 2, name: "Item 2" },
-        ],
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.items).toHaveLength(2);
-      expect(entry.data.items[0].name).toBe("Item 1");
-    });
-
-    it("preserves numeric and boolean values", () => {
-      const logger = createLogger("info");
-      logger.info("Metrics", {
-        count: 42,
-        enabled: true,
-        ratio: 0.75,
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.count).toBe(42);
-      expect(entry.data.enabled).toBe(true);
-      expect(entry.data.ratio).toBe(0.75);
-    });
-  });
-
-  describe("Edge Cases", () => {
-    it("handles null values gracefully", () => {
-      const logger = createLogger("info");
-      logger.info("Null test", {
-        value: null,
-        password: null,
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.value).toBeNull();
-      // null password might still be redacted or kept as null
-    });
-
-    it("handles undefined values gracefully", () => {
-      const logger = createLogger("info");
-      logger.info("Undefined test", {
-        value: undefined,
-      });
-
-      const entry = JSON.parse(output[0]);
-      // undefined may be omitted or serialized as null
-    });
-
-    it("handles empty strings", () => {
-      const logger = createLogger("info");
-      logger.info("Empty test", {
-        password: "",
-        name: "",
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.password).toBe("[REDACTED]");
-      expect(entry.data.name).toBe("");
-    });
-
-    it("handles special characters in values", () => {
-      const logger = createLogger("info");
-      logger.info("Special chars", {
-        query: 'SELECT * FROM users WHERE name = "test"',
-        json: '{"key": "value"}',
-      });
-
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.query).toContain("SELECT");
-      expect(entry.data.json).toContain("key");
-    });
-  });
-});

package/src/logger.test.ts

@@ -1,123 +0,0 @@
-import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
-import { createLogger } from "./logger.js";
-
-describe("logger", () => {
-  let stderrWrite: ReturnType<typeof vi.spyOn>;
-  let output: string[];
-
-  beforeEach(() => {
-    output = [];
-    stderrWrite = vi
-      .spyOn(process.stderr, "write")
-      .mockImplementation((chunk: string | Uint8Array) => {
-        output.push(chunk.toString());
-        return true;
-      });
-  });
-
-  afterEach(() => {
-    stderrWrite.mockRestore();
-  });
-
-  describe("log levels", () => {
-    it("logs info messages at info level", () => {
-      const logger = createLogger("info");
-      logger.info("test message");
-      expect(output.length).toBe(1);
-      const entry = JSON.parse(output[0]);
-      expect(entry.level).toBe("info");
-      expect(entry.message).toBe("test message");
-    });
-
-    it("does not log debug messages at info level", () => {
-      const logger = createLogger("info");
-      logger.debug("debug message");
-      expect(output.length).toBe(0);
-    });
-
-    it("logs debug messages at debug level", () => {
-      const logger = createLogger("debug");
-      logger.debug("debug message");
-      expect(output.length).toBe(1);
-    });
-
-    it("logs error messages at all levels", () => {
-      const logger = createLogger("error");
-      logger.error("error message");
-      expect(output.length).toBe(1);
-    });
-
-    it("does not log warn at error level", () => {
-      const logger = createLogger("error");
-      logger.warn("warn message");
-      expect(output.length).toBe(0);
-    });
-  });
-
-  describe("structured output", () => {
-    it("outputs valid JSON", () => {
-      const logger = createLogger("info");
-      logger.info("test");
-      expect(() => JSON.parse(output[0])).not.toThrow();
-    });
-
-    it("includes timestamp", () => {
-      const logger = createLogger("info");
-      logger.info("test");
-      const entry = JSON.parse(output[0]);
-      expect(entry.timestamp).toBeDefined();
-      expect(new Date(entry.timestamp).getTime()).not.toBeNaN();
-    });
-
-    it("includes data when provided", () => {
-      const logger = createLogger("info");
-      logger.info("test", { key: "value" });
-      const entry = JSON.parse(output[0]);
-      expect(entry.data).toEqual({ key: "value" });
-    });
-  });
-
-  describe("secret redaction", () => {
-    it("redacts password field", () => {
-      const logger = createLogger("info");
-      logger.info("test", { password: "secret123" });
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.password).toBe("[REDACTED]");
-    });
-
-    it("redacts token field", () => {
-      const logger = createLogger("info");
-      logger.info("test", { token: "abc123" });
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.token).toBe("[REDACTED]");
-    });
-
-    it("redacts apiKey field", () => {
-      const logger = createLogger("info");
-      logger.info("test", { apiKey: "key123" });
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.apiKey).toBe("[REDACTED]");
-    });
-
-    it("redacts authorization field", () => {
-      const logger = createLogger("info");
-      logger.info("test", { authorization: "Bearer token" });
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.authorization).toBe("[REDACTED]");
-    });
-
-    it("redacts nested sensitive fields", () => {
-      const logger = createLogger("info");
-      logger.info("test", { user: { password: "secret" } });
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.user.password).toBe("[REDACTED]");
-    });
-
-    it("does not redact non-sensitive fields", () => {
-      const logger = createLogger("info");
-      logger.info("test", { username: "alice" });
-      const entry = JSON.parse(output[0]);
-      expect(entry.data.username).toBe("alice");
-    });
-  });
-});

package/src/logger.ts

@@ -1,229 +0,0 @@
-import type { LogLevel } from "./schemas/config.js";
-
-const LOG_LEVELS: Record<LogLevel, number> = {
-  debug: 0,
-  info: 1,
-  warn: 2,
-  error: 3,
-};
-
-const MCP_LOG_LEVELS: Record<LogLevel, string> = {
-  debug: "debug",
-  info: "info",
-  warn: "warning",
-  error: "error",
-};
-
-const REDACT_KEYS = [
-  "password",
-  "token",
-  "secret",
-  "apikey",
-  "authorization",
-  "api_key",
-  "access_token",
-  "refresh_token",
-  "cookie",
-  "session",
-  "credential",
-];
-
-const SENSITIVE_URL_PARAMS = [
-  "password",
-  "token",
-  "secret",
-  "key",
-  "auth",
-  "session",
-  "code",
-  "state",
-];
-
-const MAX_HTML_LOG_LENGTH = 500;
-
-function shouldRedact(key: string): boolean {
-  const lowerKey = key.toLowerCase();
-  return REDACT_KEYS.some((redactKey) => lowerKey.includes(redactKey));
-}
-
-function redactUrlParams(url: string): string {
-  try {
-    const parsed = new URL(url);
-    for (const param of SENSITIVE_URL_PARAMS) {
-      if (parsed.searchParams.has(param)) {
-        parsed.searchParams.set(param, "[REDACTED]");
-      }
-      // Also check for similar params
-      for (const key of parsed.searchParams.keys()) {
-        if (key.toLowerCase().includes(param)) {
-          parsed.searchParams.set(key, "[REDACTED]");
-        }
-      }
-    }
-    return parsed.toString();
-  } catch {
-    return url;
-  }
-}
-
-function truncateHtml(content: string): string {
-  if (content.length <= MAX_HTML_LOG_LENGTH) {
-    return content;
-  }
-  return content.slice(0, MAX_HTML_LOG_LENGTH) + "... [truncated]";
-}
-
-function redactValue(obj: unknown): unknown {
-  if (obj === null || obj === undefined) {
-    return obj;
-  }
-
-  if (typeof obj === "string") {
-    // Check if it looks like a URL
-    if (obj.startsWith("http://") || obj.startsWith("https://")) {
-      return redactUrlParams(obj);
-    }
-    // Check if it looks like HTML
-    if (obj.includes("<html") || obj.includes("<body") || obj.includes("<div")) {
-      return truncateHtml(obj);
-    }
-    return obj;
-  }
-
-  if (typeof obj !== "object") {
-    return obj;
-  }
-
-  if (Array.isArray(obj)) {
-    return obj.map(redactValue);
-  }
-
-  const result: Record<string, unknown> = {};
-  for (const [key, value] of Object.entries(obj)) {
-    if (shouldRedact(key)) {
-      result[key] = "[REDACTED]";
-    } else if (key === "url" && typeof value === "string") {
-      result[key] = redactUrlParams(value);
-    } else if (key === "html" || key === "content" || key === "dom") {
-      result[key] = typeof value === "string" ? truncateHtml(value) : redactValue(value);
-    } else if (typeof value === "object" && value !== null) {
-      result[key] = redactValue(value);
-    } else {
-      result[key] = value;
-    }
-  }
-  return result;
-}
-
-export interface CorrelationIds {
-  analysisId?: string;
-  crawlId?: string;
-  featureSlug?: string;
-  testRunId?: string;
-  iteration?: number;
-  requestId?: string;
-}
-
-export interface Logger {
-  debug(message: string, data?: Record<string, unknown>): void;
-  info(message: string, data?: Record<string, unknown>): void;
-  warn(message: string, data?: Record<string, unknown>): void;
-  error(message: string, data?: Record<string, unknown>): void;
-  withCorrelation(ids: CorrelationIds): Logger;
-  setMcpNotifier(notifier: McpLogNotifier | null): void;
-  setLevel(level: LogLevel): void;
-}
-
-export type McpLogNotifier = (level: string, data: unknown, logger: string) => Promise<void>;
-
-export function createLogger(level: LogLevel): Logger {
-  let minLevel = LOG_LEVELS[level];
-  let mcpNotifier: McpLogNotifier | null = null;
-  let correlationIds: CorrelationIds = {};
-
-  function log(
-    logLevel: LogLevel,
-    message: string,
-    data?: Record<string, unknown>
-  ): void {
-    if (LOG_LEVELS[logLevel] < minLevel) {
-      return;
-    }
-
-    const entry: Record<string, unknown> = {
-      timestamp: new Date().toISOString(),
-      level: logLevel,
-      message,
-    };
-
-    // Add correlation IDs if present
-    if (Object.keys(correlationIds).length > 0) {
-      entry.correlation = correlationIds;
-    }
-
-    if (data) {
-      entry.data = redactValue(data);
-    }
-
-    // Write to stderr to avoid interfering with MCP stdio transport
-    process.stderr.write(JSON.stringify(entry) + "\n");
-
-    // Also emit MCP logging notification if available
-    if (mcpNotifier) {
-      const mcpLevel = MCP_LOG_LEVELS[logLevel];
-      mcpNotifier(mcpLevel, entry, "testing-mcp").catch(() => {
-        // Silently ignore notification failures
-      });
-    }
-  }
-
-  const logger: Logger = {
-    debug: (message, data) => log("debug", message, data),
-    info: (message, data) => log("info", message, data),
-    warn: (message, data) => log("warn", message, data),
-    error: (message, data) => log("error", message, data),
-
-    withCorrelation(ids: CorrelationIds): Logger {
-      const childLogger = createLogger(
-        (Object.entries(LOG_LEVELS).find(([_, v]) => v === minLevel)?.[0] ||
-          "info") as LogLevel
-      );
-      childLogger.setMcpNotifier(mcpNotifier);
-      // Merge correlation IDs
-      const mergedIds = { ...correlationIds, ...ids };
-      // Set up the child logger's correlation
-      return {
-        ...childLogger,
-        debug: (message, data) => {
-          correlationIds = mergedIds;
-          log("debug", message, data);
-        },
-        info: (message, data) => {
-          correlationIds = mergedIds;
-          log("info", message, data);
-        },
-        warn: (message, data) => {
-          correlationIds = mergedIds;
-          log("warn", message, data);
-        },
-        error: (message, data) => {
-          correlationIds = mergedIds;
-          log("error", message, data);
-        },
-        withCorrelation: childLogger.withCorrelation,
-        setMcpNotifier: childLogger.setMcpNotifier,
-        setLevel: childLogger.setLevel,
-      };
-    },
-
-    setMcpNotifier(notifier: McpLogNotifier | null): void {
-      mcpNotifier = notifier;
-    },
-
-    setLevel(newLevel: LogLevel): void {
-      minLevel = LOG_LEVELS[newLevel];
-    },
-  };
-
-  return logger;
-}