Enhance request logging to conditionally include detected secret types based on confi...

diff --git a/src/services/logger.ts b/src/services/logger.ts
index 0c7e0faf55bd49baa0510b79d1f781c9701ef990..7cf66b66f062100c52f9870130a2a21e93a37712 100644 (file)
--- a/src/services/logger.ts
+++ b/src/services/logger.ts
@@ -292,12 +292,17 @@ export interface RequestLogData {
 
 export function logRequest(data: RequestLogData, userAgent: string | null): void {
   try {
+    const config = getConfig();
     const logger = getLogger();
 
     // Safety: Never log content if secrets were detected
     // Even if log_content is true, secrets are never logged
     const shouldLogContent = data.maskedContent && !data.secretsDetected;
 
+    // Only log secret types if configured to do so
+    const shouldLogSecretTypes =
+      config.secrets_detection.log_detected_types && data.secretsTypes?.length;
+
     logger.log({
       timestamp: data.timestamp,
       mode: data.mode,
@@ -315,7 +320,7 @@ export function logRequest(data: RequestLogData, userAgent: string | null): void
       detected_language: data.detectedLanguage ?? null,
       masked_content: shouldLogContent ? (data.maskedContent ?? null) : null,
       secrets_detected: data.secretsDetected !== undefined ? (data.secretsDetected ? 1 : 0) : null,
-      secrets_types: data.secretsTypes?.join(",") ?? null,
+      secrets_types: shouldLogSecretTypes ? data.secretsTypes!.join(",") : null,
     });
   } catch (error) {
     console.error("Failed to log request:", error);