Module: VectorMCP::LogFilter

Defined in:

lib/vector_mcp/log_filter.rb

Overview

Filters sensitive data from values before they are written to logs. Redacts known sensitive keys in hashes and token patterns in strings.

Constant Summary

SENSITIVE_KEYS =

%w[
  authorization x-api-key api_key apikey token jwt_token
  password secret cookie set-cookie x-jwt-token
].freeze

FILTERED =

"[FILTERED]"

TOKEN_PATTERN =

Bearer/Basic token pattern: “Bearer <token>” or “Basic <token>”

/\b(Bearer|Basic|API-Key)\s+\S+/i

Class Method Summary

• .filter_hash(hash) ⇒ Hash

  Deep-redacts sensitive keys from a hash.

• .filter_string(str) ⇒ String

  Redacts Bearer/Basic/API-Key token patterns in a string.

Class Method Details

.filter_hash(hash) ⇒ Hash

Deep-redacts sensitive keys from a hash.

Parameters:

• hash (Hash) —

  the hash to filter

Returns:

• (Hash) —

  a copy with sensitive values replaced by “[FILTERED]”

# File 'lib/vector_mcp/log_filter.rb', line 22

def filter_hash(hash)
  return hash unless hash.is_a?(Hash)

  hash.each_with_object({}) do |(key, value), filtered|
    str_key = key.to_s.downcase
    filtered[key] = if SENSITIVE_KEYS.include?(str_key)
                      FILTERED
                    elsif value.is_a?(Hash)
                      filter_hash(value)
                    elsif value.is_a?(String)
                      filter_string(value)
                    else
                      value
                    end
  end
end

.filter_string(str) ⇒ String

Redacts Bearer/Basic/API-Key token patterns in a string.

Parameters:

• str (String) —

  the string to filter

Returns:

• (String) —

  the filtered string

# File 'lib/vector_mcp/log_filter.rb', line 42

def filter_string(str)
  return str unless str.is_a?(String)

  str.gsub(TOKEN_PATTERN, '\1 [FILTERED]')
end