From 45986f77153f29b472a42c41ff5b425f82fdba24 Mon Sep 17 00:00:00 2001 From: gonzaloriestra <14979109+gonzaloriestra@users.noreply.github.com> Date: Sun, 24 May 2026 00:25:49 +0000 Subject: [PATCH 1/2] [Performance] Optimize header sanitization guard The `sanitizedHeadersOutput` function was identified as a bottleneck in network request logging because header sanitization logic executed even when debug logging was inactive. This change adds an early return guard that returns an empty string if verbose logging is not enabled and the CLI is not running in a unit test environment. Additionally, the sensitive headers keyword array has been moved to a module-level constant to avoid repeated allocations. --- packages/cli-kit/src/private/node/api/headers.ts | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/packages/cli-kit/src/private/node/api/headers.ts b/packages/cli-kit/src/private/node/api/headers.ts index 77c434e2b3..158f00b8c8 100644 --- a/packages/cli-kit/src/private/node/api/headers.ts +++ b/packages/cli-kit/src/private/node/api/headers.ts @@ -1,5 +1,5 @@ import {CLI_KIT_VERSION} from '../../../public/common/version.js' -import {firstPartyDev} from '../../../public/node/context/local.js' +import {firstPartyDev, isUnitTest, isVerbose} from '../../../public/node/context/local.js' import {AbortError} from '../../../public/node/error.js' import https from 'https' @@ -26,16 +26,21 @@ export class GraphQLClientError extends RequestClientError { } } +const SENSITIVE_HEADERS = ['token', 'authorization', 'subject_token', 'cookie'] + /** * Removes the sensitive data from the headers and outputs them as a string. * @param headers - HTTP headers. * @returns A sanitized version of the headers as a string. */ export function sanitizedHeadersOutput(headers: Record): string { + if (!isVerbose() && !isUnitTest()) { + return '' + } + const sanitized: Record = {} - const keywords = ['token', 'authorization', 'subject_token', 'cookie'] Object.keys(headers).forEach((header) => { - if (keywords.find((keyword) => header.toLowerCase().includes(keyword)) === undefined) { + if (SENSITIVE_HEADERS.find((keyword) => header.toLowerCase().includes(keyword)) === undefined) { sanitized[header] = headers[header]! } }) From ba114ad3d0ba9bfffd227621ea965eb95c46e8ac Mon Sep 17 00:00:00 2001 From: gonzaloriestra <14979109+gonzaloriestra@users.noreply.github.com> Date: Sun, 24 May 2026 00:29:30 +0000 Subject: [PATCH 2/2] [Performance] Optimize header sanitization guard The `sanitizedHeadersOutput` function was identified as a bottleneck in network request logging because header sanitization logic executed even when debug logging was inactive. This change adds an early return guard that returns an empty string if verbose logging is not enabled and the CLI is not running in a unit test environment. Additionally, the sensitive headers keyword array has been moved to a module-level constant to avoid repeated allocations.