test: added some hardening/regression coverage

[ioncache]

Overview

Adds a test-only hardening slice that documents current sanitizer behavior for edge cases before future matcher or traversal changes.

Details

• Adds the hardening regression test plan for this PR’s scope.
• Covers Unicode sensitive values for both string and object replacement.
• Adds object traversal regression coverage for deeper nesting, repeated sensitive keys, and larger arrays.
• Documents current handling for nested non-plain objects and symbol-keyed properties.
• Validated with yarn test, yarn test:coverage, yarn lint, yarn format:check, and workspace diagnostics.

Related Tickets and/or Pull Requests

N/A

Summary by CodeRabbit

• Documentation

  • Added a regression testing plan with verification steps and updated unit-test guidance to require Arrange/Act/Assert comments for non-trivial tests and restrict Revert comments to explicit cleanup.

• Tests

  • Expanded sanitization tests: Unicode masking for strings, repeated sensitive keys across nesting and arrays, large-array boundaries, deeply nested structures, symbol-keyed property omission, and preservation of non-plain object instances.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 560e214d-53d2-4249-81c7-155052c2bb43

📥 Commits

Reviewing files that changed from the base of the PR and between 9086a71 and 49efe4f.

📒 Files selected for processing (1)

• test/replacers.test.ts

---

📝 Walkthrough

Walkthrough

Adds a test plan document, updates unit-test comment guidance, and expands tests in test/replacers.test.ts for string and object replacers covering Unicode masking, nested/array masking, large-array boundaries, symbol-key handling, and runtime-type preservation.

Changes

Replacer Regression Test Coverage

Layer / File(s)	Summary
Regression test plan documentation docs/plans/005-hardening-regression-tests.md	New plan document describes the regression coverage strategy for replacer functions, including scope (recursion, repeated keys, arrays, symbols, non-plain objects, Unicode), decision points (preserve v1 behaviour, assert observable outcomes, avoid API changes), relevant files, and verification commands.
Unit-test comment guideline updates .github/instructions/unit-tests.instructions.md	Replaces AAAR with AAA guidance, defines // Arrange, // Act, and // Assert for non-trivial tests, restricts // Revert to cases with explicit cleanup, and updates checklist items accordingly.
stringReplacer Unicode masking tests test/replacers.test.ts	Adds a test ensuring Unicode-containing credential-like values are masked with DEFAULT_PATTERN_MASK, while unrelated Unicode strings (e.g., username) remain unchanged.
objectReplacer masking edge cases test/replacers.test.ts	Adds tests for repeated sensitive keys across nesting and arrays, masking in deeply nested objects, large-array masking with first/last element checks, and masking Unicode-valued sensitive object fields while preserving other fields; includes minor tail adjustments to existing removal/options tests.
objectReplacer runtime behaviour and cloning test/replacers.test.ts	Adds tests verifying nested non-plain instances (class, Map, Set) are preserved by reference while sensitive fields are masked, and that symbol-keyed properties are excluded from sanitized clones.

Sequence Diagram(s)

(omitted — changes are documentation and test additions without a new multi-component runtime flow)

Estimated Code Review Effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly Related PRs

• ioncache/data-sanitization#282: Related expansions to test/replacers.test.ts covering objectReplacer and non-plain object edge cases.

Poem

🐰 I hop through tests with a curious twitch,

masking Unicode secrets without a hitch.
Deep nests and big arrays I gently comb,
symbols tucked away, clones find their home.
A little hop — regression safe, tests roam.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'test: added some hardening/regression coverage' is vague and uses non-descriptive language ('some', 'coverage') that doesn't convey meaningful detail about what was actually added.	Consider a more specific title such as 'test: add edge-case regression coverage for sanitization edge cases' or 'test: add hardening tests for Unicode values and nested object traversal' to better describe the actual changes.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch test/hardening-regression-coverage

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	100% (🎯 100%)	107 / 107
🔵	Statements	100% (🎯 100%)	109 / 109
🔵	Functions	100% (🎯 100%)	14 / 14
🔵	Branches	100% (🎯 100%)	72 / 72

File Coverage

No changed files found.

Generated in workflow #142 for commit 49efe4f by the Vitest Coverage Report Action

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@test/replacers.test.ts`:
- Around line 134-147: Add the missing "Revert" step comment to each new it()
test block that currently ends without a Revert comment so tests follow the AAAR
convention; for example, in the test titled "should mask unicode sensitive
values" (which uses stringReplacer and DEFAULT_PATTERN_MASK) append a line "//
Revert: no cleanup required" at the end of that it() block, and do the same for
all other it() blocks in the same file that lack a Revert step (replace with
actual cleanup steps where necessary).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: eba2be05-9885-46bc-8a3c-99394b3172cd

📥 Commits

Reviewing files that changed from the base of the PR and between 04e084f and 20f1426.

📒 Files selected for processing (2)

• docs/plans/005-hardening-regression-tests.md
• test/replacers.test.ts