Expand the log-redaction test matrix beyond Stellar G-addresses (seeds, muxed accounts, emails, nested payloads)

[greatest0fallt1me]

Description

src/__test__/logRedact.test.ts only asserts that G... Stellar public keys are masked by src/utils/logRedact.ts, plus a couple of nesting and debug-flag cases. Because the redactor is the last line of defense before secrets reach stdout (it is invoked by src/services/horizonListener.ts and src/routes/webhook.ts), its branch coverage matters. This issue broadens the test matrix so regressions in the masking rules are caught, and is a good companion to the security hardening of logRedact.

Requirements and context

• Add tests for redactLogValue and redactLogArgs (not just redactLogString) covering arrays of mixed types, deeply nested plain objects, circular references (the redactor guards these with a WeakSet), and Error objects whose message and stack contain a Stellar address.
• Assert that the LOG_REDACTION_DEBUG bypass via isLogRedactionDebugEnabled returns inputs verbatim, including the '1' and 'true' truthy variants already handled in the source.
• Assert non-string, non-object primitives (numbers, booleans, null, undefined) pass through unchanged.
• If issue "Harden secret handling" merges first, extend these tests to the new S.../M.../email patterns; otherwise scope to the current G... behavior and the structural traversal branches.
• Non-functional: tests must not mutate global process.env without restoring it, and must be deterministic.

Acceptance criteria

• redactLogValue and redactLogArgs are covered for arrays, nested objects, and circular references.
• Error message and stack redaction is asserted.
• The LOG_REDACTION_DEBUG bypass is asserted for '1' and 'true'.
• Primitive pass-through (number/boolean/null/undefined) is asserted.
• process.env is restored after each test that toggles the debug flag.
• docs/utils.md references the redactor's tested behaviors.

Suggested execution

1. Fork the repo and create a branch — git checkout -b testing/logredact-matrix.
2. Implement changes — no production-code change required; extend the existing test file only.
3. Write/extend tests — Vitest + Supertest; extend src/__test__/logRedact.test.ts following its current structure.
4. Test and commit —

npm run lint
npm run typecheck
npm test
npm run test:coverage
npm run build

Example commit message

test(logredact): broaden redaction coverage for nested and edge inputs

Guidelines

CI enforces a 95% coverage threshold (vitest.config.ts, via npm run test:coverage) — aim to push logRedact.ts branch coverage toward 100%. Update docs/utils.md. Timeframe: 96 hours.

[Menjay7]

Hi! I came across this issue and would love to work on it. I have experience with similar tasks and I'm confident I can investigate, implement a clean solution, and thoroughly test it before submitting a PR. If the issue is still open, I would appreciate it if you could assign it to me. Thank you!

[Swayymalcolm99]

Hi maintainer! I have experience expanding redaction test matrices, including adding cases for seed phrases, muxed accounts, email addresses, and deeply nested payload structures to ensure the redaction logic handles all sensitive data patterns consistently.

[grantfox-oss]

🦊 GrantFox — @Swayymalcolm99 has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #236)
2. Your PR will be reviewed by the Creditra maintainers

Good luck! Track your progress on GrantFox.