Description
Strengthen src/redact.test.ts to assert secrets are redacted within deeply nested objects, arrays, and Error stack traces, while public Stellar keys and contract IDs are NOT over-redacted.
Requirements and context
- Cover nested/array/Error-stack redaction and round-trip through the pino logger.
- Assert no false positives on Stellar public keys (
G...) and contractMetadata IDs.
- Acceptance: deterministic tests; coverage on
redact.ts >= 95%; explicit cases for each secret pattern.
Suggested execution
- Fork the repo and create a branch:
git checkout -b test/redact-regression
- Implement changes:
src/redact.ts- Tests:
src/redact.test.ts
- Docs:
docs/backend
- Include TSDoc/NatSpec-style doc comments
- Validate security assumptions (input validation, auth, signature verification, secret redaction, idempotency)
Test and commit
- Run tests:
npm test (coverage: npm run test:ci)
- Cover edge cases
- Include test output and security notes in the PR
Example commit message
test(security): expand redaction regression coverage
Guidelines
- Minimum 95% line coverage on new/changed code
- No secrets in repo; use
.env + deployment secrets only
- Clear documentation
- Timeframe: 96 hours from assignment
Description
Strengthen
src/redact.test.tsto assert secrets are redacted within deeply nested objects, arrays, and Error stack traces, while public Stellar keys and contract IDs are NOT over-redacted.Requirements and context
G...) andcontractMetadataIDs.redact.ts>= 95%; explicit cases for each secret pattern.Suggested execution
git checkout -b test/redact-regressionsrc/redact.tssrc/redact.test.tsdocs/backendTest and commit
npm test(coverage:npm run test:ci)Example commit message
Guidelines
.env+ deployment secrets only