Goal
Ensure logs and debug output never expose payment proof headers by accident.
Scope
- Find the smallest existing place to add a redaction helper or tests for redacting sensitive headers.
- Cover
payment, payment-response, and authorization style header names case-insensitively.
- Preserve non-sensitive headers used for debugging.
- Avoid changing request handling behavior.
Acceptance criteria
- Sensitive payment/auth headers are redacted in the tested helper/output.
- Header matching is case-insensitive.
- Non-sensitive headers remain visible.
npm test --workspace @query402/api targeted to the new/updated test passes.npm run typecheck --workspace @query402/api passes.
Notes
Keep this small and test-driven. If no helper exists, introduce a tiny local utility rather than a broad logging redesign.
Goal
Ensure logs and debug output never expose payment proof headers by accident.
Scope
payment,payment-response, andauthorizationstyle header names case-insensitively.Acceptance criteria
npm test --workspace @query402/apitargeted to the new/updated test passes.npm run typecheck --workspace @query402/apipasses.Notes
Keep this small and test-driven. If no helper exists, introduce a tiny local utility rather than a broad logging redesign.