Skip to content

feat(privacy): hardened recursive PII redaction and structured JSON r…#641

Merged
1nonlypiece merged 2 commits into
Disciplr-Org:mainfrom
retkatmun:feature/privacy-logger-hardening
Jun 25, 2026
Merged

feat(privacy): hardened recursive PII redaction and structured JSON r…#641
1nonlypiece merged 2 commits into
Disciplr-Org:mainfrom
retkatmun:feature/privacy-logger-hardening

Conversation

@retkatmun

Copy link
Copy Markdown
Contributor

…equest logging

  • Rewrite src/middleware/privacy-logger.ts with SENSITIVE_KEYS, PII_PATTERNS, redact, maskIp, and privacyLogger emitting a flat LogLine shape
  • Redaction marker changed to [REDACTED]; covers email/JWT value patterns
  • Emit single console.log JSON line on res.finish with exact schema: timestamp, level, event, service, method, url, status, durationMs, ip, body, query, headers
  • Redacts authorization, x-api-key, x-auth-token, cookie headers
  • Error path emits safe 3-key fallback; never surfaces raw PII
  • Add src/tests/privacy-logger.redaction.test.ts: 41 tests + snapshot
  • Update docs/privacy-logging.md

Closes #619

…equest logging

- Rewrite src/middleware/privacy-logger.ts with SENSITIVE_KEYS, PII_PATTERNS,
  redact<T>, maskIp, and privacyLogger emitting a flat LogLine shape
- Redaction marker changed to [REDACTED]; covers email/JWT value patterns
- Emit single console.log JSON line on res.finish with exact schema:
  timestamp, level, event, service, method, url, status, durationMs, ip, body, query, headers
- Redacts authorization, x-api-key, x-auth-token, cookie headers
- Error path emits safe 3-key fallback; never surfaces raw PII
- Add src/tests/privacy-logger.redaction.test.ts: 41 tests + snapshot
- Update docs/privacy-logging.md

Closes Disciplr-Org#619
@1nonlypiece

Copy link
Copy Markdown
Contributor

this is genuinely a nicer redactor than what we had — the recursive walk and the structured JSON output are the right direction. the snag is timing: #633 (the property-based redaction tests) merged just ahead of this and it pins the current contract — ***REDACTED*** as the marker, [Circular] for cycles, maskIp returning x.x.x.x, and the privacy.request_logged pino line. your version changes those ([REDACTED], different circular + ip handling, a console.log http.request line), so that suite goes red as-is. could you rebase on current main and either align the markers/middleware shape to what those tests expect, or update them deliberately if you think the new contract is better and just call out why? then i'll get it straight in. happy to talk it through on discord https://discord.gg/xvNAvMJf — solid work, just need the two to agree.

@1nonlypiece 1nonlypiece left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for circling back and rebasing this — reconciling the recursive redaction with the existing tests is exactly what it needed. reads well now, merged.

@1nonlypiece 1nonlypiece merged commit 9ac3e85 into Disciplr-Org:main Jun 25, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Harden privacy-logger middleware with recursive PII redaction and structured JSON output (privacy-logger spec)

2 participants