more redact (#29)

ctate · web-flow · commit d322cf2ba9b2 · 2025-10-11T10:40:43.000-05:00
* more redact

* format
diff --git a/lib/sandbox/creation.ts b/lib/sandbox/creation.ts
@@ -77,18 +77,6 @@ export async function createSandbox(config: SandboxConfig, logger: TaskLogger):
       resources: { vcpus: config.resources?.vcpus || 4 },
     }
 
-    await logger.info(
-      `Sandbox config: ${JSON.stringify(
-        {
-          ...sandboxConfig,
-          token: '[REDACTED]',
-          source: { ...sandboxConfig.source, url: '[REDACTED]' },
-        },
-        null,
-        2,
-      )}`,
-    )
-
     // Call progress callback before sandbox creation
     if (config.onProgress) {
       await config.onProgress(25, 'Validating configuration...')
@@ -132,7 +120,7 @@ export async function createSandbox(config: SandboxConfig, logger: TaskLogger):
       await logger.error(`Sandbox creation failed: ${errorMessage}`)
       if (errorResponse) {
         await logger.error(`HTTP Status: ${errorResponse.status}`)
-        await logger.error(`Response: ${JSON.stringify(errorResponse.data)}`)
+        await logger.error(`Response: ${redactSensitiveInfo(JSON.stringify(errorResponse.data))}`)
       }
       throw error
     }
diff --git a/lib/utils/logging.ts b/lib/utils/logging.ts
@@ -22,6 +22,12 @@ export function redactSensitiveInfo(message: string): string {
     /Bearer\s+([a-zA-Z0-9_-]{20,})/gi,
     // Generic tokens
     /TOKEN[=\s]*["']?([a-zA-Z0-9_-]{20,})/gi,
+    // Vercel Team IDs (team_xxxx or alphanumeric strings after VERCEL_TEAM_ID)
+    /VERCEL_TEAM_ID[=\s:]*["']?([a-zA-Z0-9_-]{8,})/gi,
+    // Vercel Project IDs (prj_xxxx or alphanumeric strings after VERCEL_PROJECT_ID)
+    /VERCEL_PROJECT_ID[=\s:]*["']?([a-zA-Z0-9_-]{8,})/gi,
+    // Vercel tokens (any alphanumeric strings after VERCEL_TOKEN)
+    /VERCEL_TOKEN[=\s:]*["']?([a-zA-Z0-9_-]{20,})/gi,
   ]
 
   // Apply redaction patterns
@@ -47,9 +53,14 @@ export function redactSensitiveInfo(message: string): string {
     })
   })
 
+  // Redact JSON field patterns (for teamId, projectId in JSON objects)
+  redacted = redacted.replace(/"(teamId|projectId)"[\s:]*"([^"]+)"/gi, (match, fieldName) => {
+    return `"${fieldName}": "[REDACTED]"`
+  })
+
   // Redact environment variable assignments with sensitive values
   redacted = redacted.replace(
-    /([A-Z_]*(?:KEY|TOKEN|SECRET|PASSWORD)[A-Z_]*)[=\s]*["']?([a-zA-Z0-9_-]{8,})["']?/gi,
+    /([A-Z_]*(?:KEY|TOKEN|SECRET|PASSWORD|TEAM_ID|PROJECT_ID)[A-Z_]*)[=\s:]*["']?([a-zA-Z0-9_-]{8,})["']?/gi,
     (match, varName, value) => {
       const redactedValue =
         value.length > 8
