Files
promptfoo--promptfoo/docs/agents/logging.md
T
wehub-resource-sync 0d3cb498a3
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Waiting to run
Test and Publish Multi-arch Docker Image / test (push) Waiting to run
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Blocked by required conditions
Validate Renovate Config / Validate Renovate Configuration (push) Waiting to run
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:24:08 +08:00

73 lines
2.2 KiB
Markdown

# Logging Guidelines
## The Rule
Always use the logger with an object as the second parameter:
```typescript
logger.debug('[Component] Message', { headers, body, config });
```
The object is **auto-sanitized** - sensitive fields are automatically redacted.
## Why This Matters
- **Security**: Prevents accidental exposure of secrets in logs
- **Consistency**: Structured logs are easier to search and analyze
- **Safety**: Red team test content may contain harmful/sensitive data
## Correct Usage
```typescript
import logger from './logger';
// Good - context object is auto-sanitized
logger.debug('[Provider]: Making API request', {
url: 'https://api.example.com',
method: 'POST',
headers: { Authorization: 'Bearer secret-token' },
body: { apiKey: 'secret-key', data: 'value' },
});
// Output: Authorization and apiKey are [REDACTED]
logger.error('Request failed', {
headers: response.headers,
body: errorResponse,
});
```
## Anti-Pattern
```typescript
// WRONG - exposes secrets, bypasses sanitization
logger.debug(`Config: ${JSON.stringify(config)}`);
logger.debug(`Calling ${url} with headers: ${JSON.stringify(headers)}`);
```
## Manual Sanitization
For non-logging contexts:
```typescript
import { sanitizeObject } from './util/sanitizer';
const sanitizedConfig = sanitizeObject(providerConfig, {
context: 'provider config',
});
```
## What Gets Sanitized
Field names containing (case-insensitive, works with `-`, `_`, camelCase):
| Category | Fields |
| ------------ | -------------------------------------------------------------------------- |
| Passwords | `password`, `passwd`, `pwd`, `passphrase` |
| API Keys | `apiKey`, `api_key`, `token`, `accessToken`, `refreshToken`, `bearerToken` |
| Secrets | `secret`, `clientSecret`, `webhookSecret` |
| Headers | `authorization`, `cookie`, `x-api-key`, `x-auth-token` |
| Certificates | `privateKey`, `certificatePassword`, `keystorePassword` |
| Signatures | `signature`, `sig`, `signingKey` |
See `src/util/sanitizer.ts` for the complete list.