Externalize audit pipeline services

2026-06-07 23:06:31 +02:00
parent 470fb0f348
commit a45b92ea0a
42 changed files with 3141 additions and 247 deletions
--- a/tests/audit-generation-persistence-source.test.ts
+++ b/tests/audit-generation-persistence-source.test.ts
@@ -285,6 +285,29 @@ test("sanitizer masks env-backed secret values in persistence", () => {
  );
 });

+test("persistence sanitizer handles external service secrets with regex metacharacters", () => {
+  for (const secretKey of ["SCREENSHOTONE_API_KEY", "JINA_API_KEY"]) {
+    assert.equal(
+      hasPattern(auditGenerationSource, new RegExp(`["']${secretKey}["']`)),
+      true,
+      `Persistence sanitizer should redact ${secretKey}.`,
+    );
+  }
+
+  assert.equal(
+    auditGenerationSource.includes(
+      'return value.replace(/[.*+?^${}()|[\\]\\\\]/g, "\\\\$&");',
+    ),
+    true,
+    "escapeRegExp should escape regex metacharacters with the canonical character class.",
+  );
+  assert.equal(
+    auditGenerationSource.includes("/[.*+?^${}()|[\\\\]\\\\]/g"),
+    false,
+    "escapeRegExp should not keep the malformed bracket/backslash character class.",
+  );
+});
+
 test("finishAuditGenerationRun updates run status/counters/currentStep", () => {
  const finishSource = extractExportSource("finishAuditGenerationRun");