fix(diagnostics): harden capture redaction and discord metadata fetch (#71303)

2026-05-12 07:30:43 +00:00 · 2026-04-24 17:51:12 -07:00
parent 25a02825a5
commit 718dffd2f2
6 changed files with 111 additions and 63 deletions
--- a/src/proxy-capture/runtime.test.ts
+++ b/src/proxy-capture/runtime.test.ts
@@ -1,5 +1,9 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { finalizeDebugProxyCapture, initializeDebugProxyCapture } from "./runtime.js";
+import {
+  captureHttpExchange,
+  finalizeDebugProxyCapture,
+  initializeDebugProxyCapture,
+} from "./runtime.js";

 const storeState = vi.hoisted(() => {
  const events: Record<string, unknown>[] = [];
@@ -82,4 +86,42 @@ describe("debug proxy runtime", () => {
    expect(events.some((event) => event.kind === "request")).toBe(true);
    expect(events.some((event) => event.kind === "response")).toBe(true);
  });
+
+  it("redacts sensitive request and response headers before persistence", async () => {
+    initializeDebugProxyCapture("test");
+    captureHttpExchange({
+      url: "https://discord.com/api/v10/gateway/bot",
+      method: "GET",
+      requestHeaders: {
+        Authorization: "Bot discord-token",
+        Cookie: "sid=session-token",
+        "x-api-key": "provider-key",
+        "content-type": "application/json",
+        "x-safe": "visible",
+      },
+      response: new Response("{}", {
+        status: 200,
+        headers: {
+          "content-type": "application/json",
+          "set-cookie": "sid=response-token",
+        },
+      }),
+    });
+    await new Promise((resolve) => setImmediate(resolve));
+    finalizeDebugProxyCapture();
+
+    const request = storeState.events.find((event) => event.kind === "request");
+    expect(JSON.parse(String(request?.headersJson))).toMatchObject({
+      Authorization: "[REDACTED]",
+      Cookie: "[REDACTED]",
+      "x-api-key": "[REDACTED]",
+      "content-type": "application/json",
+      "x-safe": "visible",
+    });
+    const response = storeState.events.find((event) => event.kind === "response");
+    expect(JSON.parse(String(response?.headersJson))).toMatchObject({
+      "content-type": "application/json",
+      "set-cookie": "[REDACTED]",
+    });
+  });
 });