threadlog 0.1.0

package/dist/codex/promptPreview.js

@@ -0,0 +1,133 @@
+import { createReadStream } from "node:fs";
+import { createInterface } from "node:readline";
+const TITLE_WORD_LIMIT = 10;
+const ELLIPSIS = "...";
+const CONTEXT_SEGMENT_PATTERNS = [
+    /# AGENTS\.md instructions for [^\n]*\n\s*<INSTRUCTIONS>.*?<\/INSTRUCTIONS>/gis,
+    /<([a-z0-9_ -]*(?:context|instructions)[a-z0-9_ -]*)>.*?<\/\1>/gis,
+];
+export async function readCodexPromptPreviewTitle(filePath) {
+    const reader = createInterface({
+        input: createReadStream(filePath, { encoding: "utf8" }),
+        crlfDelay: Infinity,
+    });
+    let fallbackText = null;
+    for await (const rawLine of reader) {
+        const line = rawLine.trim();
+        if (!line) {
+            continue;
+        }
+        const parsed = safeParseRecord(line);
+        if (!parsed) {
+            continue;
+        }
+        const primaryUserMessage = extractPrimaryUserMessage(parsed);
+        if (primaryUserMessage) {
+            return truncateForThreadTitle(primaryUserMessage);
+        }
+        if (!fallbackText) {
+            fallbackText = extractFallbackText(parsed);
+        }
+    }
+    return truncateForThreadTitle(fallbackText);
+}
+export function truncateForThreadTitle(sourceText) {
+    const normalized = sourceText?.replace(/\s+/g, " ").trim() ?? "";
+    if (!normalized) {
+        return null;
+    }
+    const words = normalized.split(" ").filter((word) => word.trim().length > 0);
+    if (words.length === 0) {
+        return null;
+    }
+    return `${words.slice(0, TITLE_WORD_LIMIT).join(" ")}${ELLIPSIS}`;
+}
+function extractPrimaryUserMessage(event) {
+    const payload = asRecord(event.payload);
+    const eventType = asString(event.type);
+    const payloadType = asString(payload?.type);
+    if (eventType === "event_msg" && payloadType === "user_message") {
+        return cleanMessageText(firstNonBlank(asString(payload?.message), asString(event.message), asString(payload?.text), asString(event.text)));
+    }
+    if (eventType === "response_item" && payloadType === "message" && normalizeRole(payload?.role) === "user") {
+        return cleanMessageText(firstNonBlank(extractText(payload?.content), asString(payload?.message), asString(payload?.text), extractText(payload?.text_elements)));
+    }
+    return null;
+}
+function cleanMessageText(rawText) {
+    const input = rawText?.trim() ?? "";
+    if (!input) {
+        return null;
+    }
+    let remaining = input;
+    for (const pattern of CONTEXT_SEGMENT_PATTERNS) {
+        remaining = remaining.replace(pattern, "\n\n");
+    }
+    const compact = remaining.replace(/\n{3,}/g, "\n\n").trim();
+    return compact || null;
+}
+function extractFallbackText(event) {
+    const payload = asRecord(event.payload);
+    return firstNonBlank(asString(event.message), asString(event.text), extractText(event.content), asString(payload?.message), asString(payload?.text), extractText(payload?.content), extractText(payload?.summary));
+}
+function extractText(value) {
+    if (typeof value === "string") {
+        const text = value.trim();
+        return text.length > 0 ? text : null;
+    }
+    if (Array.isArray(value)) {
+        const joined = value
+            .map((item) => extractText(item))
+            .filter((text) => Boolean(text))
+            .join("\n")
+            .trim();
+        return joined || null;
+    }
+    if (!value || typeof value !== "object") {
+        return null;
+    }
+    const obj = value;
+    const joined = ["text", "input_text", "output_text", "message", "summary_text", "content"]
+        .map((key) => extractText(obj[key]))
+        .filter((text) => Boolean(text))
+        .join("\n")
+        .trim();
+    return joined || null;
+}
+function normalizeRole(value) {
+    if (typeof value !== "string") {
+        return null;
+    }
+    const normalized = value.trim().toLowerCase();
+    return normalized.length > 0 ? normalized : null;
+}
+function safeParseRecord(line) {
+    try {
+        const parsed = JSON.parse(line);
+        return asRecord(parsed);
+    }
+    catch {
+        return null;
+    }
+}
+function asRecord(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return null;
+    }
+    return value;
+}
+function asString(value) {
+    if (typeof value !== "string") {
+        return null;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : null;
+}
+function firstNonBlank(...values) {
+    for (const value of values) {
+        if (value && value.trim().length > 0) {
+            return value.trim();
+        }
+    }
+    return null;
+}

package/dist/commands/login.js

@@ -0,0 +1,26 @@
+import { password } from "@inquirer/prompts";
+import { defaultAppOrigin, defaultApiOrigin, loadConfig, saveConfig, } from "../config/config.js";
+import { saveCredentials } from "../config/credentials.js";
+export async function runLoginCommand(options) {
+    const existing = await loadConfig();
+    const token = await resolveToken(options.token);
+    await saveConfig({
+        apiOrigin: options.apiOrigin?.trim() || existing.apiOrigin || defaultApiOrigin(),
+        appOrigin: options.appOrigin?.trim() || existing.appOrigin || defaultAppOrigin(),
+    });
+    await saveCredentials({ token });
+    process.stdout.write("Login complete. Credentials saved to the system keyring.\n");
+}
+async function resolveToken(flagToken) {
+    if (flagToken && flagToken.trim()) {
+        return flagToken.trim();
+    }
+    const promptedToken = await password({
+        message: "Threadlog personal access token",
+        mask: "*",
+        validate(input) {
+            return input.trim().length > 0 || "Token is required";
+        },
+    });
+    return promptedToken.trim();
+}

package/dist/commands/logout.js

@@ -0,0 +1,9 @@
+import { clearCredentials } from "../config/credentials.js";
+export async function runLogoutCommand() {
+    const removed = await clearCredentials();
+    if (removed) {
+        process.stdout.write("Logged out. Stored token removed from the system keyring.\n");
+        return;
+    }
+    process.stdout.write("No stored token found.\n");
+}

package/dist/commands/shareClaude.js

@@ -0,0 +1,4 @@
+import { runShareSourceCommand } from "./shareSource.js";
+export async function runShareClaudeCommand(options) {
+    await runShareSourceCommand("claude", options);
+}

package/dist/commands/shareCodex.js

@@ -0,0 +1,4 @@
+import { runShareSourceCommand } from "./shareSource.js";
+export async function runShareCodexCommand(options) {
+    await runShareSourceCommand("codex", options);
+}

package/dist/commands/shareSource.js

@@ -0,0 +1,68 @@
+import { select } from "@inquirer/prompts";
+import path from "node:path";
+import { sourceAdapterById } from "../agents/registry.js";
+import { loadConfig } from "../config/config.js";
+import { loadCredentials } from "../config/credentials.js";
+import { formatBytes, formatIsoDate } from "../lib/format.js";
+import { buildUploadArtifact } from "../upload/artifact.js";
+import { UploadRequestError, createUploadClient } from "../upload/client.js";
+export async function runShareSourceCommand(source, options) {
+    const adapter = sourceAdapterById(source);
+    const config = await loadConfig();
+    const credentials = await loadCredentials();
+    if (!credentials) {
+        throw new Error("You are not logged in. Run 'threadlog login' first.");
+    }
+    const mainFilePath = options.file
+        ? await adapter.resolveExplicitFilePath(options.file)
+        : await pickSourceSessionPath(adapter);
+    const uploadInput = await adapter.buildUploadInput(mainFilePath);
+    const artifact = buildUploadArtifact(uploadInput.artifact);
+    const uploadClient = createUploadClient({
+        apiOrigin: config.apiOrigin,
+        token: credentials.token,
+    });
+    const uploadResult = await runUploadWithFriendlyErrors(async () => uploadClient.createAndUploadArtifact({
+        artifact,
+        source,
+        title: uploadInput.title,
+        capturedAt: uploadInput.capturedAt,
+    }));
+    process.stdout.write(`${resolveThreadUrl(uploadResult.threadUrl, config.appOrigin)}\n`);
+}
+async function runUploadWithFriendlyErrors(run) {
+    try {
+        return await run();
+    }
+    catch (error) {
+        if (error instanceof UploadRequestError && error.code === "quota_exceeded") {
+            throw new Error(`${error.message} Open app settings and upgrade your organization plan: /settings/org`);
+        }
+        throw error;
+    }
+}
+function resolveThreadUrl(threadUrl, appOrigin) {
+    return new URL(threadUrl, `${appOrigin.replace(/\/$/, "")}/`).toString();
+}
+async function pickSourceSessionPath(adapter) {
+    const candidates = await adapter.discoverSessions({ maxResults: 30 });
+    if (candidates.length === 0) {
+        throw new Error(`No ${adapter.label} session files found.`);
+    }
+    if (!process.stdin.isTTY || !process.stdout.isTTY) {
+        throw new Error("No interactive terminal detected. Use --file <path>.");
+    }
+    return select({
+        message: `Select a ${adapter.label} session file`,
+        choices: candidates.map((candidate) => {
+            const dateText = new Date(candidate.mtimeMs).toISOString();
+            const fallbackName = path.basename(candidate.mainFilePath);
+            return {
+                value: candidate.mainFilePath,
+                name: `${dateText}  ${formatBytes(candidate.sizeBytes)}  ${candidate.displayName || fallbackName}`,
+                description: `modified ${formatIsoDate(dateText)}  ${candidate.description}`,
+            };
+        }),
+        pageSize: 15,
+    });
+}

package/dist/config/config.js

@@ -0,0 +1,151 @@
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+const DEPLOYMENT_ENV_NAME = "THREADLOG_DEPLOYMENT";
+const ORIGIN_DEFAULTS = {
+    local: {
+        apiOrigin: "http://localhost:8080",
+        appOrigin: "http://localhost:3000",
+    },
+    prod: {
+        apiOrigin: "https://api.threadlog.dev",
+        appOrigin: "https://app.threadlog.dev",
+    },
+};
+export function deploymentTarget() {
+    const raw = process.env[DEPLOYMENT_ENV_NAME]?.trim().toLowerCase();
+    if (!raw) {
+        return "prod";
+    }
+    if (raw === "local" || raw === "prod") {
+        return raw;
+    }
+    throw new Error(`${DEPLOYMENT_ENV_NAME} must be one of: local, prod`);
+}
+export function defaultApiOrigin() {
+    return requiredEnvOrigin("THREADLOG_API_ORIGIN")
+        ?? ORIGIN_DEFAULTS[deploymentTarget()].apiOrigin;
+}
+export function defaultAppOrigin() {
+    return requiredEnvOrigin("THREADLOG_APP_ORIGIN")
+        ?? ORIGIN_DEFAULTS[deploymentTarget()].appOrigin;
+}
+export function configDir() {
+    const overridden = process.env.THREADLOG_CONFIG_DIR?.trim();
+    if (overridden) {
+        return path.resolve(overridden);
+    }
+    return path.join(os.homedir(), ".threadlog");
+}
+export function configFilePath() {
+    return path.join(configDir(), "config.json");
+}
+export async function loadConfig() {
+    const defaults = {
+        apiOrigin: defaultApiOrigin(),
+        appOrigin: defaultAppOrigin(),
+    };
+    const file = configFilePath();
+    const raw = await readFileIfExists(file);
+    if (!raw) {
+        return defaults;
+    }
+    const parsed = parseConfig(raw, file);
+    return {
+        apiOrigin: readStoredOrigin(file, parsed.apiOrigin, "apiOrigin") ?? defaults.apiOrigin,
+        appOrigin: readStoredOrigin(file, parsed.appOrigin, "appOrigin") ?? defaults.appOrigin,
+    };
+}
+export async function saveConfig(next) {
+    const file = configFilePath();
+    await mkdir(path.dirname(file), { recursive: true });
+    const normalized = {
+        apiOrigin: requiredOrigin(next.apiOrigin, "apiOrigin"),
+        appOrigin: requiredOrigin(next.appOrigin, "appOrigin"),
+    };
+    const payload = JSON.stringify(normalized, null, 2);
+    await writeFile(file, `${payload}\n`, {
+        encoding: "utf8",
+        mode: 0o600,
+    });
+}
+function parseConfig(raw, filePath) {
+    try {
+        const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+            throw new Error(`${filePath} must contain a JSON object`);
+        }
+        return parsed;
+    }
+    catch (error) {
+        if (error instanceof Error && error.message.includes(filePath)) {
+            throw error;
+        }
+        throw new Error(`${filePath} must contain valid JSON`);
+    }
+}
+function normalizeOrigin(raw) {
+    if (typeof raw !== "string") {
+        return null;
+    }
+    const trimmed = raw.trim();
+    if (trimmed.length === 0) {
+        return null;
+    }
+    try {
+        const url = new URL(trimmed);
+        if (url.protocol !== "http:" && url.protocol !== "https:") {
+            return null;
+        }
+        if (url.pathname !== "" && url.pathname !== "/") {
+            return null;
+        }
+        if (url.search !== "" || url.hash !== "") {
+            return null;
+        }
+        return url.origin;
+    }
+    catch {
+        return null;
+    }
+}
+function requiredOrigin(raw, fieldName) {
+    const normalized = normalizeOrigin(raw);
+    if (!normalized) {
+        throw new Error(`${fieldName} must be a valid absolute http(s) URL origin`);
+    }
+    return normalized;
+}
+function requiredEnvOrigin(envName) {
+    const raw = process.env[envName];
+    if (raw === undefined) {
+        return null;
+    }
+    if (raw.trim().length === 0) {
+        throw new Error(`${envName} must not be blank when set`);
+    }
+    return requiredOrigin(raw, envName);
+}
+function readStoredOrigin(filePath, value, fieldName) {
+    if (value === undefined) {
+        return null;
+    }
+    if (typeof value !== "string") {
+        throw new Error(`${filePath}: ${fieldName} must be a string`);
+    }
+    if (value.trim().length === 0) {
+        throw new Error(`${filePath}: ${fieldName} must not be blank`);
+    }
+    return requiredOrigin(value, `${filePath}: ${fieldName}`);
+}
+async function readFileIfExists(filePath) {
+    try {
+        return await readFile(filePath, "utf8");
+    }
+    catch (error) {
+        if (error.code === "ENOENT") {
+            return null;
+        }
+        throw error;
+    }
+}

package/dist/config/credentials.js

@@ -0,0 +1,180 @@
+import { spawn } from "node:child_process";
+const KEYRING_REQUIRED_MESSAGE = "A system keyring is required for persisted login on this machine.";
+const KEYRING_GUIDANCE = "macOS requires the Keychain via 'security'; Linux requires Secret Service via 'secret-tool'.";
+const KEYRING_SERVICE = "threadlog";
+const KEYRING_ACCOUNT = "personal-access-token";
+const KEYRING_LABEL = "Threadlog CLI token";
+const MACOS_NOT_FOUND_EXIT_CODE = 44;
+let commandRunner = runCommand;
+let platformOverride = null;
+export async function saveCredentials(next) {
+    const token = next.token.trim();
+    if (!token) {
+        throw new Error("token must not be empty");
+    }
+    const store = resolveSecureStore({ required: true });
+    if (!store) {
+        throw keyringUnavailableError();
+    }
+    await store.save(token);
+}
+export async function loadCredentials() {
+    const store = resolveSecureStore({ required: false });
+    if (!store) {
+        return null;
+    }
+    const storedToken = await store.load();
+    if (storedToken) {
+        return { token: storedToken };
+    }
+    return null;
+}
+export async function clearCredentials() {
+    const store = resolveSecureStore({ required: false });
+    if (!store) {
+        return false;
+    }
+    return await store.clear();
+}
+export function installCredentialTestHooks(options) {
+    if (options.commandRunner) {
+        commandRunner = options.commandRunner;
+    }
+    if (options.platform) {
+        platformOverride = options.platform;
+    }
+}
+export function resetCredentialTestHooks() {
+    commandRunner = runCommand;
+    platformOverride = null;
+}
+function currentPlatform() {
+    return platformOverride ?? process.platform;
+}
+function resolveSecureStore(options) {
+    const platform = currentPlatform();
+    if (platform === "darwin") {
+        return createMacOsSecureStore();
+    }
+    if (platform === "linux") {
+        return createLinuxSecureStore();
+    }
+    if (!options.required) {
+        return null;
+    }
+    throw keyringUnavailableError();
+}
+function createMacOsSecureStore() {
+    return {
+        async load() {
+            const result = await runKeyringCommand("security", ["find-generic-password", "-a", KEYRING_ACCOUNT, "-s", KEYRING_SERVICE, "-w"], { notFoundExitCodes: [MACOS_NOT_FOUND_EXIT_CODE] });
+            if (result === null) {
+                return null;
+            }
+            const token = trimTrailingNewline(result.stdout);
+            return token.length > 0 ? token : null;
+        },
+        async save(token) {
+            await runKeyringCommand("security", [
+                "add-generic-password",
+                "-U",
+                "-a",
+                KEYRING_ACCOUNT,
+                "-s",
+                KEYRING_SERVICE,
+                "-l",
+                KEYRING_LABEL,
+                "-w",
+                token,
+            ]);
+        },
+        async clear() {
+            const result = await runKeyringCommand("security", ["delete-generic-password", "-a", KEYRING_ACCOUNT, "-s", KEYRING_SERVICE], { notFoundExitCodes: [MACOS_NOT_FOUND_EXIT_CODE] });
+            return result !== null;
+        },
+    };
+}
+function createLinuxSecureStore() {
+    const attributes = ["service", KEYRING_SERVICE, "account", KEYRING_ACCOUNT];
+    const loadToken = async () => {
+        const result = await runKeyringCommand("secret-tool", ["lookup", ...attributes], { notFoundExitCodes: [1] });
+        if (result === null) {
+            return null;
+        }
+        const token = trimTrailingNewline(result.stdout);
+        return token.length > 0 ? token : null;
+    };
+    return {
+        load: loadToken,
+        async save(token) {
+            await runKeyringCommand("secret-tool", ["store", `--label=${KEYRING_LABEL}`, ...attributes], { input: token });
+        },
+        async clear() {
+            const existing = await loadToken();
+            if (!existing) {
+                return false;
+            }
+            await runKeyringCommand("secret-tool", ["clear", ...attributes]);
+            return true;
+        },
+    };
+}
+async function runKeyringCommand(command, args, options = {}) {
+    try {
+        const result = await commandRunner(command, args, { input: options.input });
+        if (result.exitCode === 0) {
+            return result;
+        }
+        if (options.notFoundExitCodes?.includes(result.exitCode)) {
+            return null;
+        }
+        throw keyringAccessError(result.stderr || result.stdout || `${command} exited with status ${result.exitCode}`);
+    }
+    catch (error) {
+        if (isCommandUnavailable(error)) {
+            throw keyringUnavailableError();
+        }
+        throw error;
+    }
+}
+async function runCommand(command, args, options = {}) {
+    return await new Promise((resolve, reject) => {
+        const child = spawn(command, args, {
+            stdio: "pipe",
+        });
+        let stdout = "";
+        let stderr = "";
+        child.stdout.setEncoding("utf8");
+        child.stdout.on("data", (chunk) => {
+            stdout += chunk;
+        });
+        child.stderr.setEncoding("utf8");
+        child.stderr.on("data", (chunk) => {
+            stderr += chunk;
+        });
+        child.on("error", reject);
+        child.on("close", (exitCode) => {
+            resolve({
+                exitCode: exitCode ?? 1,
+                stdout,
+                stderr,
+            });
+        });
+        child.stdin.end(options.input);
+    });
+}
+function trimTrailingNewline(value) {
+    return value.replace(/\r?\n$/, "");
+}
+function keyringUnavailableError() {
+    return new Error(`${KEYRING_REQUIRED_MESSAGE} ${KEYRING_GUIDANCE}`);
+}
+function keyringAccessError(detail) {
+    return new Error(`Failed to access the system keyring: ${detail.trim()}`);
+}
+function isCommandUnavailable(error) {
+    return typeof error === "object"
+        && error !== null
+        && "code" in error
+        && error.code === "ENOENT";
+}

package/dist/index.js

@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import { runLoginCommand } from "./commands/login.js";
+import { runLogoutCommand } from "./commands/logout.js";
+import { runShareClaudeCommand } from "./commands/shareClaude.js";
+import { runShareCodexCommand } from "./commands/shareCodex.js";
+export async function run(argv) {
+    const program = new Command();
+    program
+        .name("threadlog")
+        .description("Threadlog CLI")
+        .showHelpAfterError();
+    program
+        .command("login")
+        .description("Store a personal access token for CLI uploads")
+        .option("--token <token>", "Personal access token (PAT)")
+        .option("--api-origin <origin>", "API base URL (default: prod=https://api.threadlog.dev, local=http://localhost:8080)")
+        .option("--app-origin <origin>", "App base URL for printed thread links (default: prod=https://app.threadlog.dev, local=http://localhost:3000)")
+        .action(async (options) => {
+        await runLoginCommand({
+            token: options.token,
+            apiOrigin: options.apiOrigin,
+            appOrigin: options.appOrigin,
+        });
+    });
+    program
+        .command("logout")
+        .description("Remove stored credentials")
+        .action(async () => {
+        await runLogoutCommand();
+    });
+    const share = program
+        .command("share")
+        .description("Share local agent sessions to Threadlog");
+    share
+        .command("codex")
+        .description("Discover and upload a local Codex rollout")
+        .option("--file <path>", "Explicit rollout JSONL file path")
+        .action(async (options) => {
+        await runShareCodexCommand({ file: options.file });
+    });
+    share
+        .command("claude")
+        .description("Discover and upload a local Claude session")
+        .option("--file <path>", "Explicit Claude session JSONL file path")
+        .action(async (options) => {
+        await runShareClaudeCommand({ file: options.file });
+    });
+    await program.parseAsync(argv);
+}
+async function main() {
+    try {
+        await run(process.argv);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        process.stderr.write(`threadlog: ${message}\n`);
+        if (process.env.THREADLOG_DEBUG === "1" && error instanceof Error && error.stack) {
+            process.stderr.write(`${error.stack}\n`);
+        }
+        process.exitCode = 1;
+    }
+}
+await main();

package/dist/lib/format.js

@@ -0,0 +1,23 @@
+export function formatBytes(sizeBytes) {
+    if (sizeBytes < 1024) {
+        return `${sizeBytes} B`;
+    }
+    const units = ["KB", "MB", "GB", "TB"];
+    let value = sizeBytes / 1024;
+    let unitIndex = 0;
+    while (value >= 1024 && unitIndex < units.length - 1) {
+        value /= 1024;
+        unitIndex += 1;
+    }
+    return `${value.toFixed(1)} ${units[unitIndex]}`;
+}
+export function formatIsoDate(raw) {
+    if (!raw) {
+        return "n/a";
+    }
+    const date = new Date(raw);
+    if (Number.isNaN(date.getTime())) {
+        return raw;
+    }
+    return date.toISOString();
+}

package/dist/redaction/redact.js

@@ -0,0 +1,19 @@
+const BEARER_PATTERN = /Bearer\s+[A-Za-z0-9._~+\/-]+=*/gi;
+const JWT_PATTERN = /\b[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\.[A-Za-z0-9_-]{8,}\b/g;
+const SECRET_ASSIGNMENT_PATTERN = /\b([A-Z0-9_]*(?:API_KEY|TOKEN|SECRET)[A-Z0-9_]*)\b\s*([:=])\s*(["'])?([^"'\s,}\]]+)(\3)?/g;
+const PEM_PRIVATE_KEY_PATTERN = /-----BEGIN(?: [A-Z0-9-]+)? PRIVATE KEY-----[\s\S]*?-----END(?: [A-Z0-9-]+)? PRIVATE KEY-----/g;
+export function redactSensitiveText(input) {
+    if (!input) {
+        return input;
+    }
+    return input
+        .replace(PEM_PRIVATE_KEY_PATTERN, "[REDACTED_PRIVATE_KEY]")
+        .replace(BEARER_PATTERN, "Bearer [REDACTED_TOKEN]")
+        .replace(JWT_PATTERN, "[REDACTED_JWT]")
+        .replace(SECRET_ASSIGNMENT_PATTERN, (_match, key, sep, quote) => {
+        if (quote) {
+            return `${key}${sep}${quote}[REDACTED_SECRET]${quote}`;
+        }
+        return `${key}${sep}[REDACTED_SECRET]`;
+    });
+}