/** * Shared log redaction — single source for the MCP server (api/mcp.ts) (mirror of the * #63 single-source discipline for tool defs). GDPR-first: guest PII (name / email / * phone / address) and secrets (Stripe keys, JWTs, tokens) must NEVER reach logs in * clear text — not in params, not in error messages. * * Three layers, because key-name matching alone bit us: * 1. Key-based, NORMALIZED — lowercase + strip non-alphanumerics so camelCase * (`guestName`) AND snake_case (`guest_name`) both match. The original bug: * `"guestname".includes("guest_name") === false` → guest names logged in clear text. * 2. Value-based — redact secret/PII patterns in string values regardless of key name * (a secret in an unexpectedly-named field, or inside an error message). * 3. Deep — recurse into nested objects/arrays (the original sanitizer was top-level only). */ /** Redact a params object before logging: key-based + value-based + deep. */ export declare function sanitizeParams(params: Record): Record; /** Redact an error message before logging (value-based patterns: secrets, JWTs, emails). */ export declare function redactMessage(msg: string | undefined | null): string | undefined;