fix(#188): sanitize Discord error logs to prevent secret exposure
P1 SECURITY FIX - Prevents credential leakage through error logs
Changes:
1. Created comprehensive log sanitization utility (log-sanitizer.ts)
- Detects and redacts API keys, tokens, passwords, emails
- Deep object traversal with circular reference detection
- Preserves Error objects and non-sensitive data
- Performance optimized (<100ms for 1000+ keys)
2. Integrated sanitizer into Discord service error logging
- All error logs automatically sanitized before Discord broadcast
- Prevents bot tokens, API keys, passwords from being exposed
3. Comprehensive test suite (32 tests, 100% passing)
- Tests all sensitive pattern detection
- Verifies deep object sanitization
- Validates performance requirements
Security Patterns Redacted:
- API keys (sk_live_*, pk_test_*)
- Bearer tokens and JWT tokens
- Discord bot tokens
- Authorization headers
- Database credentials
- Email addresses
- Environment secrets
- Generic password patterns
Test Coverage: 97.43% (exceeds 85% requirement)
Fixes #188
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
e3479aeffd