feat(utils): add token redaction utility for safe logging

[marklearst]

Add redactToken() function to safely mask Figma Personal Access Tokens for logging and debugging purposes without exposing sensitive credentials.

Features:

• Preserves first 5 and last 3 characters for identification
• Masks middle portion with '...' pattern
• Handles null/undefined/empty tokens with configurable placeholder
• Fully masks tokens that are too short to redact meaningfully
• Configurable via options: visibleStart, visibleEnd, emptyPlaceholder

Usage:
import { redactToken } from '@figma-vars/hooks/utils';

console.log(redactToken('figd_abc123xyz789def456')); // Output: 'figd_***...***456'

console.log(redactToken(null)); // Output: '[no token]'

Changes:

• src/utils/redactToken.ts: New utility with RedactTokenOptions interface
• src/utils/index.ts: Export redactToken and RedactTokenOptions
• tests/utils/redactToken.test.ts: 14 tests covering all branches

Test coverage: 100%

Refs: Codex Audit Item #17

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.90%. Comparing base (c96a36e) to head (1d6c303).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #13      +/-   ##
==========================================
+ Coverage   90.47%   90.90%   +0.43%     
==========================================
  Files          34       35       +1     
  Lines         903      935      +32     
  Branches      246      263      +17     
==========================================
+ Hits          817      850      +33     
+ Misses         85       84       -1     
  Partials        1        1              

Flag	Coverage Δ
unittests	90.90% <100.00%> (+0.43%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

This PR adds a new redactToken() utility function to safely mask Figma Personal Access Tokens for logging and debugging purposes, preventing accidental exposure of sensitive credentials in logs.

Key changes:

• New utility function with configurable visible start/end characters and placeholder text
• Comprehensive test suite with 14 test cases covering various scenarios
• Exports added to the utils barrel file for external consumption

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.

File	Description
src/utils/redactToken.ts	Implements the core redaction logic with RedactTokenOptions interface for customization
src/utils/index.ts	Exports redactToken function and RedactTokenOptions type from utils barrel
tests/utils/redactToken.test.ts	Comprehensive test suite covering basic redaction, null/undefined handling, short tokens, custom options, and edge cases

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

There's a critical bug when visibleEnd is 0. The expression slice(-0) is equivalent to slice(0), which returns the entire string from the beginning, effectively exposing the full token instead of hiding it. This defeats the security purpose of the function.

To fix this, add a conditional check: if visibleEnd is 0, use an empty string for end. Similarly, ensure visibleStart works correctly when 0 (it already does, since slice(0, 0) returns an empty string).

Suggested change

	const end = token.slice(-visibleEnd)
	const end = visibleEnd === 0 ? '' : token.slice(-visibleEnd)

[Copilot]

The function doesn't validate that visibleStart and visibleEnd are non-negative numbers. Negative values could lead to unexpected behavior with string slicing. For example, passing visibleStart: -5 would cause slice(0, -5) which removes the last 5 characters instead of showing the first -5 characters.

Consider adding validation to ensure both values are non-negative, or document the expected behavior when negative values are provided.

Suggested change

	const {
	visibleStart = 5,
	visibleEnd = 3,
	emptyPlaceholder = '[no token]',
	} = options ?? {}
	const emptyPlaceholder = options?.emptyPlaceholder ?? '[no token]'
	let visibleStart = options?.visibleStart
	if (typeof visibleStart !== 'number' || !Number.isFinite(visibleStart) || visibleStart < 0) {
	visibleStart = 5
	} else {
	visibleStart = Math.floor(visibleStart)
	}
	let visibleEnd = options?.visibleEnd
	if (typeof visibleEnd !== 'number' || !Number.isFinite(visibleEnd) || visibleEnd < 0) {
	visibleEnd = 3
	} else {
	visibleEnd = Math.floor(visibleEnd)
	}

[Copilot]

Test coverage is missing for the critical edge case where visibleEnd is set to 0. This would expose the entire token due to how slice(-0) behaves in JavaScript. Add a test case like:

expect(redactToken('abcdefghij', { visibleEnd: 0 })).toBe('abcde***...***')

Also add tests for:

• visibleStart: 0 (should work correctly but needs verification)
• Negative values for both options to document/verify expected behavior
• Both options set to 0 simultaneously

[Copilot]

The interface documentation should specify that visibleStart and visibleEnd must be non-negative integers. Currently, there's no indication of valid ranges or constraints, which could lead to misuse. Consider adding a note in the JSDoc comments for both properties.

Suggested change

	* Number of characters to show at the start of the token.
	* @defaultValue 5
	*/
	visibleStart?: number
	/**
	* Number of characters to show at the end of the token.
	* Number of characters to show at the start of the token.
	* Must be a non-negative integer.
	* @defaultValue 5
	*/
	visibleStart?: number
	/**
	* Number of characters to show at the end of the token.
	* Must be a non-negative integer.

[Copilot]

The JSDoc comment on lines 1-25 appears to document the redactToken function, but it's placed above the RedactTokenOptions interface. This is unconventional and could confuse documentation generators.

The JSDoc comment should be moved to directly above the function declaration (line 44), and the interface should have its own separate JSDoc comment explaining what it represents. This follows the pattern seen in other files like src/utils/swrKeys.ts where interfaces have their own documentation.