feat(logging): add DEFAULT_PATTERNS for common secret redaction

[galligan]

Exports DEFAULT_PATTERNS constant with regex patterns for common
secrets: Bearer tokens, API keys, GitHub PATs (ghp/gho/ghs/ghr),
and private keys. Used with createRedactor for safe logging.

Closes #49

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

[galligan]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• chore(outfitter): sync templates on pack #108
• chore(changesets): ignore app package #107
• fix(errors): avoid TaggedError extends warnings #106
• chore(release): align package versions to 0.1.0 #105
• docs: add README and CHANGELOG for testing, kit, outfitter #95
• feat(templates): add daemon project template #94
• feat(templates): add MCP server project template #93
• feat(templates): add CLI project template #92
• fix(cli): implement confirmDestructive prompts #104
• fix(cli): implement createCLI and command builder #103
• feat(kit): add @outfitter/kit meta-package #91
• docs(daemon): add README and CHANGELOG #90
• fix(daemon): fix locking module bugs (GREEN phase) #89
• test(daemon): add locking module tests (RED phase) #88
• feat(daemon): add errors, platform, and locking module stubs #87
• feat(outfitter): add doctor command for environment validation #86
• feat(outfitter): add init command with project scaffolding #85
• feat(daemon): add IPC communication and health checks #84
• feat(daemon): add types and lifecycle management #83
• feat(index): add FTS5 full-text search implementation #82
• feat(index): add types for FTS5 full-text search #81
• feat(testing): add MCP and CLI test harnesses #80
• feat(testing): add test fixture utilities #79
• feat(mcp): add MCP server implementation with typed handlers #78
• feat(mcp): add types and interfaces for MCP server #77
• feat(ui): add Shape discriminated union and render() #76
• feat(ui): add createTokens semantic color layer #75
• feat(state): add pagination helpers #74
• feat(logging): add DEFAULT_PATTERNS for common secret redaction #73 👈 (View in Graphite)
• feat(ui): add formatRelative() for human-readable timestamps #72
• feat(state): add encodeCursor/decodeCursor for pagination #71
• feat(types): add hashId() for deterministic short identifiers #70
• feat(contracts): add Logger.child() and fix AssertionError category #69
• feat(config): centralize environment variable access with Zod validation #42
• fix(logging): enable redaction by default when global rules exist #41
• docs(ui): add README, CHANGELOG, and TSDoc comments #39
• docs(state): add README, CHANGELOG, and TSDoc comments #38
• docs(file-ops): add README, CHANGELOG, and TSDoc comments #37
• docs(logging): add README, CHANGELOG, and TSDoc comments #36
• docs(config): add README, CHANGELOG, and TSDoc comments #35
• fix(cli): enforce cursor TTL #114
• fix(tests): remove placeholder tests #113
• chore(gitattributes): prefer ours for bun lockfiles #115
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[greptile-apps]

Greptile Summary

• Adds DEFAULT_PATTERNS export with regex patterns for common secrets (Bearer tokens, API keys, GitHub PATs, PEM private keys) to enhance automatic log redaction
• Introduces child() method to LoggerInstance interface for more ergonomic creation of contextual loggers
• Extends redaction to cover log messages in addition to existing metadata redaction, improving security coverage

Important Files Changed

Filename	Overview
packages/logging/src/index.ts	Major enhancement adding DEFAULT_PATTERNS export, child() method to logger interface, and message redaction capabilities
packages/logging/src/__tests__/redaction-patterns.test.ts	New comprehensive test suite validating DEFAULT_PATTERNS redaction across all secret types and edge cases

Confidence score: 4/5

• This PR is safe to merge with good security improvements and comprehensive test coverage
• Score reflects well-tested functionality but complexity in redaction logic and interface changes that could affect existing consumers
• Pay close attention to the logger interface changes in packages/logging/src/index.ts to ensure backward compatibility

Sequence Diagram

sequenceDiagram
    participant User
    participant LoggerInstance
    participant processMetadata
    participant applyPatterns
    participant DEFAULT_PATTERNS
    participant Sink
    participant Formatter
    
    User->>LoggerInstance: "info(message, metadata)"
    LoggerInstance->>LoggerInstance: "shouldLog(level, minLevel)"
    LoggerInstance->>processMetadata: "processMetadata(metadata, redactionConfig)"
    processMetadata->>processMetadata: "redactValue(value, keys, patterns, replacement)"
    processMetadata->>applyPatterns: "applyPatterns(value, patterns, replacement)"
    applyPatterns->>DEFAULT_PATTERNS: "pattern.replace(value, replacement)"
    DEFAULT_PATTERNS-->>applyPatterns: "redacted value"
    applyPatterns-->>processMetadata: "redacted value"
    processMetadata-->>LoggerInstance: "processed metadata"
    LoggerInstance->>applyPatterns: "applyPatterns(message, patterns, replacement)"
    applyPatterns->>DEFAULT_PATTERNS: "pattern.replace(message, replacement)"
    DEFAULT_PATTERNS-->>applyPatterns: "redacted message"
    applyPatterns-->>LoggerInstance: "redacted message"
    LoggerInstance->>LoggerInstance: "create LogRecord"
    LoggerInstance->>Sink: "write(record, formatted)"
    Sink->>Formatter: "format(record)"
    Formatter-->>Sink: "formatted string"
    Sink->>Sink: "output to destination"

Loading

[galligan]

Restacked after downstack update (formatRelative test stabilization); no additional changes in this PR.

[galligan]

Resubmitted after restack. This PR includes Logger.child in logging, which resolves the contracts compatibility note from PR #69.