fix(logging): route breadcrumbs through plugin pipeline and add URL masking

Breadcrumbs sent to BreadcrumbSink (Bugsnag) were bypassing the
TraceLogPlugin pipeline, allowing PII to reach Bugsnag unmasked.
Apply plugins to breadcrumb messages and metadata before sink dispatch.

Also add URL/URI masking to PiiMaskingPlugin to strip query params and
fragments that may contain sensitive data (OAuth tokens, payment links).

Signed-off-by: Brandon McAnsh <git@bmcreations.dev>

Author: bmc08gt

libs/logging/src/main/kotlin/com/getcode/utils/Logging.kt

@@ -187,14 +187,15 @@ fun trace(
         TraceType.User -> tree.d(logMessage)
     }
 
-    val breadcrumb = if (tag != null) {
-        "$tagBlock $message"
-    } else {
-        message
-    }
-
-    TraceManager.sinks().forEach { sink ->
-        sink.record(breadcrumb, metadataMap, type)
+    val rawBreadcrumb = if (tag != null) "$tagBlock $message" else message
+    val sinks = TraceManager.sinks()
+    if (sinks.isNotEmpty()) {
+        val (maskedBreadcrumb, maskedMetadata) = applyPluginsForBreadcrumb(
+            rawBreadcrumb, metadataMap, TraceManager.plugins
+        )
+        sinks.forEach { sink ->
+            sink.record(maskedBreadcrumb, maskedMetadata, type)
+        }
     }
 
     error?.let(ErrorUtils::handleError)
@@ -305,4 +306,20 @@ private fun metadata(block: MetadataBuilder.() -> Unit): Map<String, Any> {
     val builder = MetadataBuilder()
     builder.block()
     return builder.build()
+}
+
+private fun applyPluginsForBreadcrumb(
+    message: String,
+    metadata: Map<String, Any>,
+    plugins: List<TraceLogPlugin>,
+): Pair<String, Map<String, Any>> {
+    val maskedMessage = plugins.fold(message) { acc, plugin ->
+        plugin.process(acc) ?: acc
+    }
+    val maskedMetadata = metadata.mapValues { (_, value) ->
+        plugins.fold(value.toString()) { acc, plugin ->
+            plugin.process(acc) ?: acc
+        }
+    }
+    return maskedMessage to maskedMetadata
 }

libs/logging/src/main/kotlin/com/getcode/utils/PiiMaskingPlugin.kt

@@ -1,5 +1,7 @@
 package com.getcode.utils
 
+import java.net.URI
+
 class PiiMaskingPlugin : TraceLogPlugin {
     companion object {
         // E.164 (+1234567890) and parenthesized area code ((123) 456-7890)
@@ -13,11 +15,31 @@ class PiiMaskingPlugin : TraceLogPlugin {
 
         // JWT tokens: three base64url segments separated by dots
         private val JWT_REGEX = Regex("""eyJ[a-zA-Z0-9_-]+\.eyJ[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+""")
+
+        // URLs with a scheme (scheme://...) up to next whitespace
+        private val URL_REGEX = Regex("""[a-zA-Z][a-zA-Z0-9+\-.]*://\S+""")
+    }
+
+    private fun maskUrl(raw: String): String {
+        val stripped = try {
+            val uri = URI(raw)
+            val base = buildString {
+                append(uri.scheme)
+                append("://")
+                if (uri.authority != null) append(uri.authority)
+                if (uri.path != null) append(uri.path)
+            }
+            base
+        } catch (_: Exception) {
+            raw.substringBefore('?').substringBefore('#')
+        }
+        return "[URL:$stripped]"
     }
 
     override fun process(line: String): String? {
         var result = line
         result = JWT_REGEX.replace(result, "[JWT]")
+        result = URL_REGEX.replace(result) { maskUrl(it.value) }
         result = EMAIL_REGEX.replace(result, "[EMAIL]")
         result = SOLANA_KEY_REGEX.replace(result) { match ->
             val key = match.value

libs/logging/src/test/kotlin/com/getcode/utils/PiiMaskingPluginTest.kt

@@ -187,4 +187,63 @@ class PiiMaskingPluginTest {
         assertTrue(result.contains("[KEY:7EcD...FLtV]"))
         assertTrue(result.contains("[KEY:9WzD...AWWM]"))
     }
+
+    // --- URL masking ---
+
+    @Test
+    fun `masks https URL with query params`() {
+        val line = "Opening https://pay.coinbase.com/buy?appId=abc123&token=secret"
+        val result = plugin.process(line)
+        assertNotNull(result)
+        assertEquals("Opening [URL:https://pay.coinbase.com/buy]", result)
+    }
+
+    @Test
+    fun `masks URL with fragment`() {
+        val line = "Visit https://example.com/page#section"
+        val result = plugin.process(line)
+        assertNotNull(result)
+        assertEquals("Visit [URL:https://example.com/page]", result)
+    }
+
+    @Test
+    fun `preserves URL without query params`() {
+        val line = "Loaded https://example.com/path"
+        val result = plugin.process(line)
+        assertNotNull(result)
+        assertEquals("Loaded [URL:https://example.com/path]", result)
+    }
+
+    @Test
+    fun `masks deeplink-style URL with query params`() {
+        val line = "Handling myapp://callback?code=authcode123&state=xyz"
+        val result = plugin.process(line)
+        assertNotNull(result)
+        assertEquals("Handling [URL:myapp://callback]", result)
+    }
+
+    @Test
+    fun `does not mask non-URL strings`() {
+        val line = "No URLs here, just plain text"
+        val result = plugin.process(line)
+        assertEquals(line, result)
+    }
+
+    @Test
+    fun `masks multiple URLs in one line`() {
+        val line = "from https://a.com/x?k=v to https://b.com/y?t=1"
+        val result = plugin.process(line)
+        assertNotNull(result)
+        assertEquals("from [URL:https://a.com/x] to [URL:https://b.com/y]", result)
+    }
+
+    @Test
+    fun `URL masking runs before Solana key masking`() {
+        // A URL with a base58-like query param should be masked as a URL, not a key
+        val line = "https://pay.coinbase.com/buy?dest=7EcDhSYGxXyscszYEp35KHN8vvw3svAuLKTzXwCFLtV"
+        val result = plugin.process(line)
+        assertNotNull(result)
+        assertTrue(result.startsWith("[URL:"))
+        assertTrue(!result.contains("[KEY:"))
+    }
 }

libs/logging/src/test/kotlin/com/getcode/utils/TraceManagerTest.kt

@@ -141,4 +141,54 @@ class TraceManagerTest {
         assertNotNull(TraceManager.getLogFile())
         assertTrue(TraceManager.plugins.any { it is PiiMaskingPlugin })
     }
+
+    @Test
+    fun `breadcrumbs are masked through plugin pipeline`() {
+        val context = RuntimeEnvironment.getApplication()
+        TraceManager.initialize(context)
+
+        val recorded = mutableListOf<Pair<String, Map<String, Any>>>()
+        val sink = object : BreadcrumbSink {
+            override fun record(message: String, metadata: Map<String, Any>, type: TraceType) {
+                recorded.add(message to metadata)
+            }
+        }
+        TraceManager.addSink(sink)
+
+        trace(
+            message = "Login by alice@example.com",
+            metadata = {
+                "token" to "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIn0.sig_here"
+            }
+        )
+
+        assertEquals(1, recorded.size)
+        val (msg, meta) = recorded.first()
+        assertTrue(msg.contains("[EMAIL]"), "Email in message should be masked")
+        assertTrue(!msg.contains("alice@example.com"), "Raw email should not appear")
+        assertTrue(meta["token"].toString().contains("[JWT]"), "JWT in metadata should be masked")
+    }
+
+    @Test
+    fun `breadcrumb plugin null return keeps message`() {
+        val context = RuntimeEnvironment.getApplication()
+        TraceManager.initialize(context)
+
+        // A plugin that returns null (drop signal) should not suppress breadcrumbs
+        val dropPlugin = TraceLogPlugin { null }
+        TraceManager.addPlugin(dropPlugin)
+
+        val recorded = mutableListOf<String>()
+        val sink = object : BreadcrumbSink {
+            override fun record(message: String, metadata: Map<String, Any>, type: TraceType) {
+                recorded.add(message)
+            }
+        }
+        TraceManager.addSink(sink)
+
+        trace(message = "should survive")
+
+        assertEquals(1, recorded.size)
+        assertTrue(recorded.first().contains("should survive"))
+    }
 }