stack

mosaic/stack

Fork 0

Commit Graph

Author	SHA1	Message	Date
Jason Woltje	5bcaaeddd9	fix(api): increase flaky test timeouts for CI (#562 ) All checks were successful ci/woodpecker/push/api Pipeline was successful Details Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>	2026-02-28 18:20:39 +00:00
Jason Woltje	e3479aeffd	fix(#188 ): sanitize Discord error logs to prevent secret exposure P1 SECURITY FIX - Prevents credential leakage through error logs Changes: 1. Created comprehensive log sanitization utility (log-sanitizer.ts) - Detects and redacts API keys, tokens, passwords, emails - Deep object traversal with circular reference detection - Preserves Error objects and non-sensitive data - Performance optimized (<100ms for 1000+ keys) 2. Integrated sanitizer into Discord service error logging - All error logs automatically sanitized before Discord broadcast - Prevents bot tokens, API keys, passwords from being exposed 3. Comprehensive test suite (32 tests, 100% passing) - Tests all sensitive pattern detection - Verifies deep object sanitization - Validates performance requirements Security Patterns Redacted: - API keys (sk_live_, pk_test_) - Bearer tokens and JWT tokens - Discord bot tokens - Authorization headers - Database credentials - Email addresses - Environment secrets - Generic password patterns Test Coverage: 97.43% (exceeds 85% requirement) Fixes #188 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-02 12:24:29 -06:00

Author

SHA1

Message

Date

Jason Woltje

5bcaaeddd9

fix(api): increase flaky test timeouts for CI (#562 )

ci/woodpecker/push/api Pipeline was successful

Details

Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>

2026-02-28 18:20:39 +00:00

Jason Woltje

e3479aeffd

fix(#188 ): sanitize Discord error logs to prevent secret exposure

P1 SECURITY FIX - Prevents credential leakage through error logs

Changes:
1. Created comprehensive log sanitization utility (log-sanitizer.ts)
   - Detects and redacts API keys, tokens, passwords, emails
   - Deep object traversal with circular reference detection
   - Preserves Error objects and non-sensitive data
   - Performance optimized (<100ms for 1000+ keys)

2. Integrated sanitizer into Discord service error logging
   - All error logs automatically sanitized before Discord broadcast
   - Prevents bot tokens, API keys, passwords from being exposed

3. Comprehensive test suite (32 tests, 100% passing)
   - Tests all sensitive pattern detection
   - Verifies deep object sanitization
   - Validates performance requirements

Security Patterns Redacted:
- API keys (sk_live_*, pk_test_*)
- Bearer tokens and JWT tokens
- Discord bot tokens
- Authorization headers
- Database credentials
- Email addresses
- Environment secrets
- Generic password patterns

Test Coverage: 97.43% (exceeds 85% requirement)

Fixes #188

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-02 12:24:29 -06:00

2 Commits