TenantAtlas/apps/platform/tests/Unit/AuditContextSanitizerTest.php

<?php

declare(strict_types=1);

use App\Support\Audit\AuditContextSanitizer;

it('does not redact dot-separated flow identifiers', function (): void {
    expect(AuditContextSanitizer::sanitize('provider.connection.check'))
        ->toBe('provider.connection.check');
});

it('redacts jwt-like strings', function (): void {
    $jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.'
        .'eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.'
        .'SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c';

    expect(AuditContextSanitizer::sanitize($jwt))
        ->toBe('[REDACTED]');
});

it('keeps safe configuration language visible', function (): void {
    expect(AuditContextSanitizer::sanitize([
        'passwordMinimumLength' => 12,
        'password' => 'super-secret',
    ]))
        ->toBe([
            'passwordMinimumLength' => 12,
            'password' => '[REDACTED]',
        ]);
});