Skip to content

πŸ”Š fix: Preserve Log Metadata on Console for Warn/Error Levels #12737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
danny-avila merged 14 commits into from
Apr 20, 2026
+531 βˆ’38
Merged

πŸ”Š fix: Preserve Log Metadata on Console for Warn/Error Levels #12737

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
59371be
πŸ”Š fix: Preserve Log Metadata on Console for Warn/Error Levels
danny-avila Apr 18, 2026
68c31b6
πŸ” fix: Also Redact Sensitive Patterns on Warn Console Lines
danny-avila Apr 18, 2026
e288f7f
πŸ” fix: Redact Sensitive Tokens Embedded in JSON Metadata
danny-avila Apr 18, 2026
c09d293
πŸ” fix: Redact Metadata in debugTraverse for Warn and Error
danny-avila Apr 18, 2026
fdb6b36
πŸ” fix: Anchor Secret Regexes at Word Boundaries to Prevent Over-Redac…
danny-avila Apr 18, 2026
1e43d63
πŸ” fix: Redact Before Colorize To Survive ANSI Word-Boundary Interference
danny-avila Apr 18, 2026
bccbf11
🧹 fix: Prefer Structured Metadata Over Consumed Splat Args in Traversal
danny-avila Apr 18, 2026
b34628d
🧹 fix: Skip Consumed Splat Primitives in Warn/Error Debug Traversal
danny-avila Apr 18, 2026
6bf9548
🧹 fix: Skip Numeric Splat Keys When Extracting Log Metadata
danny-avila Apr 18, 2026
c29c18e
🧹 fix: Preserve Unconsumed Primitive Splat Args in Debug Traversal
danny-avila Apr 18, 2026
9ea1152
🧹 fix: Traverse Filtered Metadata, Not Raw Metadata, In debugTraverse
danny-avila Apr 18, 2026
d63742a
🧹 refactor: Split Warn/Error From Debug-Level Traversal in Parsers
danny-avila Apr 18, 2026
58c2dc8
🧹 fix: Preserve Scalar Metadata When One Value Is Circular
danny-avila Apr 18, 2026
75d7ebd
🧹 fix: Address Audit Findings (JSDoc, Case-Insensitive Api-Key, Tests)
danny-avila Apr 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
218 changes: 218 additions & 0 deletions api/config/__tests__/parsers.spec.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,218 @@
jest.unmock('winston');

const { formatConsoleMeta, redactMessage, redactFormat, debugTraverse } =
jest.requireActual('../parsers');
const SPLAT_SYMBOL = Symbol.for('splat');

describe('formatConsoleMeta', () => {
it('returns empty string when there is no user metadata', () => {
expect(
formatConsoleMeta({
level: 'error',
message: 'oops',
timestamp: '2026-04-18 02:25:22',
}),
).toBe('');
});

it('serializes user-supplied metadata keys', () => {
const meta = formatConsoleMeta({
level: 'error',
message: '[agents:summarize] Summarization LLM call failed',
timestamp: '2026-04-18 02:25:22',
provider: 'azureOpenAI',
model: 'gpt-5.4-mini',
messagesToRefineCount: 42,
});

expect(meta).toContain('"provider":"azureOpenAI"');
expect(meta).toContain('"model":"gpt-5.4-mini"');
expect(meta).toContain('"messagesToRefineCount":42');
});

it('ignores reserved winston keys and underscore-prefixed internals', () => {
const meta = formatConsoleMeta({
level: 'error',
message: 'boom',
timestamp: 'ts',
splat: [1, 2],
_internal: 'skip',
userField: 'keep',
});

expect(meta).toBe('{"userField":"keep"}');
});

it('drops empty, null, undefined, function, and symbol values', () => {
const meta = formatConsoleMeta({
level: 'warn',
message: 'noise',
timestamp: 'ts',
empty: '',
nullish: null,
undef: undefined,
fn: () => 1,
sym: Symbol('x'),
kept: 'yes',
});

expect(meta).toBe('{"kept":"yes"}');
});

it('truncates very long string values to avoid console spam', () => {
const longString = 'x'.repeat(5000);
const meta = formatConsoleMeta({
level: 'error',
message: 'long',
timestamp: 'ts',
errorStack: longString,
});

expect(meta.length).toBeLessThan(longString.length);
expect(meta).toContain('...');
});

it('gracefully handles circular objects', () => {
const circular = {};
circular.self = circular;
const meta = formatConsoleMeta({
level: 'error',
message: 'circular',
timestamp: 'ts',
circular,
});

expect(meta).toBe('');
});

it('redacts sensitive patterns inside string metadata values', () => {
const meta = formatConsoleMeta({
level: 'error',
message: 'leak test',
timestamp: 'ts',
openaiKey: 'sk-abc123def456',
auth: 'Bearer eyJhbGciOi...tokenvalue',
google: 'https://example.com/?key=AIzaSyXX',
});

expect(meta).not.toContain('sk-abc123def456');
expect(meta).not.toContain('eyJhbGciOi...tokenvalue');
expect(meta).not.toContain('AIzaSyXX');
expect(meta).toContain('sk-[REDACTED]');
expect(meta).toContain('Bearer [REDACTED]');
expect(meta).toContain('key=[REDACTED]');
});

it('redacts multiple occurrences of the same pattern in one value', () => {
const meta = formatConsoleMeta({
level: 'error',
message: 'two keys',
timestamp: 'ts',
combined: 'first sk-aaa and then sk-bbb',
});

expect(meta).not.toContain('sk-aaa');
expect(meta).not.toContain('sk-bbb');
expect(meta.match(/sk-\[REDACTED\]/g)?.length).toBe(2);
});
});

describe('redactMessage', () => {
it('redacts sk- keys that are not at line start (inside JSON-like text)', () => {
const input = '{"apiKey":"sk-abc123"}';
expect(redactMessage(input)).toBe('{"apiKey":"sk-[REDACTED]"}');
});

it('redacts all sk- occurrences in a single pass', () => {
const input = 'sk-one sk-two sk-three';
expect(redactMessage(input)).toBe('sk-[REDACTED] sk-[REDACTED] sk-[REDACTED]');
});

it('trims redacted output when trimLength is provided', () => {
const input = 'Bearer supersecretvalue';
expect(redactMessage(input, 10)).toBe('Bearer [RE...');
});

it('returns empty string for falsy input', () => {
expect(redactMessage('')).toBe('');
expect(redactMessage(undefined)).toBe('');
});

it('does not redact ordinary words that contain "sk-" inside them', () => {
expect(redactMessage('task-runner failed')).toBe('task-runner failed');
expect(redactMessage('mask-value computed')).toBe('mask-value computed');
expect(redactMessage('desk-lamp is on')).toBe('desk-lamp is on');
});

it('does not redact words that contain "key=" inside them', () => {
expect(redactMessage('monkey=10 bananas')).toBe('monkey=10 bananas');
});

it('still redacts standalone sk- keys at word boundaries', () => {
expect(redactMessage('token: sk-abc123def')).toBe('token: sk-[REDACTED]');
expect(redactMessage('"sk-abc123def"')).toBe('"sk-[REDACTED]"');
});
});

describe('redactFormat', () => {
const runFormat = (info) => redactFormat().transform(info) || info;

it('redacts info.message for error level before any colorize step runs', () => {
const info = runFormat({ level: 'error', message: 'Bearer secretvalue' });
expect(info.message).toBe('Bearer [REDACTED]');
});

it('redacts info.message for warn level too (avoids ANSI boundary issues later)', () => {
const info = runFormat({ level: 'warn', message: 'apiKey=sk-abc123def' });
expect(info.message).toContain('sk-[REDACTED]');
});

it('leaves info.message untouched for info and debug levels', () => {
const infoInfo = runFormat({ level: 'info', message: 'Bearer looksSensitive' });
expect(infoInfo.message).toBe('Bearer looksSensitive');

const infoDebug = runFormat({ level: 'debug', message: 'Bearer looksSensitive' });
expect(infoDebug.message).toBe('Bearer looksSensitive');
});
});

describe('debugTraverse', () => {
const runFormatter = (info) => {
const transformed = debugTraverse.transform(info);
const MESSAGE = Symbol.for('message');
if (transformed && typeof transformed === 'object') {
return transformed[MESSAGE] ?? String(transformed);
}
return String(transformed);
};

const buildInfo = (level, meta) => {
const info = {
level,
message: 'test',
timestamp: 'ts',
...meta,
};
info[SPLAT_SYMBOL] = [meta];
return info;
};

it('redacts sensitive strings in metadata for error level', () => {
const out = runFormatter(buildInfo('error', { auth: 'Bearer eyJabc123', openai: 'sk-abc123' }));
expect(out).not.toContain('eyJabc123');
expect(out).not.toContain('sk-abc123');
expect(out).toContain('Bearer [REDACTED]');
expect(out).toContain('sk-[REDACTED]');
});

it('redacts sensitive strings in metadata for warn level', () => {
const out = runFormatter(buildInfo('warn', { header: 'Bearer supersecrettoken' }));
expect(out).not.toContain('supersecrettoken');
expect(out).toContain('Bearer [REDACTED]');
});

it('preserves debug-level metadata unmodified (existing behavior)', () => {
const out = runFormatter(buildInfo('debug', { someField: 'not-sensitive' }));
expect(out).toContain('not-sensitive');
});
});
Loading
Loading