Files
agentic-dev/packages/core-audit/src/pseudonymize.ts
Danijel Martinek 846b4c2511 feat(core-audit): pseudonymize helper (sha256 + AUDIT_PSEUDONYM_SALT)
Adds `pseudonymize(actorId)` in core-audit — SHA-256 of salt+":"+actorId
truncated to 16 hex chars, prefixed "erased-". Salt from
AUDIT_PSEUDONYM_SALT env (fallback dev label). 6 unit tests: deterministic,
salt-change-differs, fallback-no-throw.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-11 16:22:30 +02:00

23 lines
811 B
TypeScript

import { createHash } from "node:crypto";
/**
* Produces a stable, irreversible token for a GDPR-erased actorId.
*
* Format: `erased-<first-16-hex-chars-of-sha256(salt:actorId)>`
*
* The salt is read from `AUDIT_PSEUDONYM_SALT` env at call time so that
* production binding can pre-validate the var at boot (see `bindAudit`)
* while tests can override it per-test via `process.env`.
*
* Fallback salt is intentionally weak and labelled so that any token
* produced with it is recognisable as a dev/test artefact.
*/
export function pseudonymize(actorId: string): string {
const salt =
process.env["AUDIT_PSEUDONYM_SALT"] ?? "dev-fallback-salt-replace-in-prod";
const hash = createHash("sha256")
.update(`${salt}:${actorId}`)
.digest("hex");
return `erased-${hash.slice(0, 16)}`;
}