fix(reactotron-mcp): redact multiSet / multiMerge AsyncStorage payloads

The reactotron-react-native asyncStorage plugin emits multiSet and
multiMerge as `{ pairs: [[key, value], ...] }` — an object with a
`pairs` field holding 2-tuple arrays. The redactor's existing branches
matched `{ key, value }` (setItem) and `{ "0": k, "1": v }` (a synthetic
shape no plugin actually produces), so neither fired here:

- The top-level object had neither `key` nor `"0"`, so the function
  returned the wrapper unchanged with no recursion into `pairs`.
- Even if recursion had happened, the generic Array branch would have
  mapped over each tuple's two strings and returned them as-is.

Result: bare key/value pairs leaked verbatim. The fourth pair in the
example test happened to redact only because its value was a JSON-shaped
string that fell into redactStringValue.

Add explicit handling for both shapes (`{ pairs: [...] }` wrapper and
`[key, value]` 2-tuple) and drop the dead `{0,1}` branch — JSON.stringify
of `[k, v]` produces `["k","v"]`, never `{"0":"k","1":"v"}`, and no
client code path produces it.

Tests pivoted to use the actual wire format. Verified the new tests
fail against the unfixed code (6 failures, all in the multiSet block)
before applying the fix.

Reported by joshuayoes in PR review.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: silasjmatson

lib/reactotron-mcp/src/redaction.ts

@@ -432,10 +432,10 @@ function storageKeyIsSensitive(storageKey: string, sensitiveKeysLower: Set<strin
 }
 
 /**
- * Redact AsyncStorage mutation data. Storage payloads use positional keys
- * ("0" = storage key, "1" = value) that the generic redactor can't match.
- * This function splits storage keys on common separators and redacts the value
- * when any segment matches sensitiveKeys.
+ * Redact AsyncStorage mutation payloads. The storage key carries the
+ * sensitive name (not any payload field), so this branches by wire shape
+ * (`{ key, value }`, `{ pairs: [[k, v], ...] }`) and tests the key against
+ * sensitiveKeys before redacting the corresponding value.
  */
 export function redactAsyncStorageData(data: unknown, rules: McpRedactionRules): unknown {
   if (data === null || data === undefined) return data
@@ -448,29 +448,25 @@ function redactAsyncStorageWithParsed(data: unknown, parsed: ParsedRules): unkno
 }
 
 function redactAsyncStorageItem(data: unknown, ctx: RedactionContext): unknown {
-  // multiSet / multiGet / multiRemove: array of pairs [{0: key, 1: value}, ...]
-  if (Array.isArray(data)) {
-    return data.map((item) => redactAsyncStorageItem(item, ctx))
+  const sensitiveKeysLower = ctx.parsed.sensitiveKeysLower
+
+  // [key, value] tuple from a multiSet/multiMerge `pairs` entry.
+  if (Array.isArray(data) && data.length === 2 && typeof data[0] === "string") {
+    const [key, value] = data as [string, unknown]
+    if (storageKeyIsSensitive(key, sensitiveKeysLower)) return [key, REDACTED]
+    if (typeof value === "string") return [key, redactStringValue(value, ctx)]
+    return data
   }
 
   if (typeof data === "object" && data !== null) {
     const obj = data as Record<string, unknown>
-    const sensitiveKeysLower = ctx.parsed.sensitiveKeysLower
 
-    // Pair shape: { 0: "auth:password", 1: "hunter2" }
-    if ("0" in obj && typeof obj["0"] === "string") {
-      const storageKey = obj["0"]
-      if (storageKeyIsSensitive(storageKey, sensitiveKeysLower) && "1" in obj) {
-        return { ...obj, "1": REDACTED }
-      }
-      // Even if the key isn't sensitive, the value might contain JSON with sensitive keys
-      if ("1" in obj && typeof obj["1"] === "string") {
-        return { ...obj, "1": redactStringValue(obj["1"], ctx) }
-      }
-      return obj
+    // multiSet / multiMerge: { pairs: [[key, value], ...] }
+    if (Array.isArray(obj.pairs)) {
+      return { ...obj, pairs: obj.pairs.map((p) => redactAsyncStorageItem(p, ctx)) }
     }
 
-    // setItem / mergeItem: { key: "auth:password", value: "hunter2" }
+    // setItem / mergeItem: { key, value }
     if ("key" in obj && typeof obj.key === "string") {
       const result = { ...obj }
       if (storageKeyIsSensitive(obj.key, sensitiveKeysLower) && "value" in obj) {

lib/reactotron-mcp/test/redaction.test.ts

@@ -667,66 +667,80 @@ describe("redactAsyncStorageData()", () => {
     valuePatterns: ["Bearer\\s+[A-Za-z0-9\\-._~+/]+=*"],
   }
 
-  test("redacts values when storage key contains a sensitive segment (colon separator)", () => {
-    const data = [
-      { "0": "auth:password", "1": "hunter2" },
-      { "0": "auth:api_key", "1": "leaked-api-key" },
-      { "0": "settings:theme", "1": "dark" },
-    ]
-    const result = redactAsyncStorageData(data, rules) as any[]
-    expect(result[0]["1"]).toBe(REDACTED)
-    expect(result[1]["1"]).toBe(REDACTED)
-    expect(result[2]["1"]).toBe("dark")
-  })
-
-  test("redacts values when storage key uses dot separator", () => {
-    const data = [{ "0": "user.accessToken", "1": "secret-token" }]
-    const result = redactAsyncStorageData(data, rules) as any[]
-    expect(result[0]["1"]).toBe(REDACTED)
-  })
-
-  test("redacts values when storage key contains sensitive key as substring", () => {
-    const data = [
-      { "0": "auth_password", "1": "hunter2" },
-      { "0": "persist:api_key", "1": "leaked" },
-      { "0": "myAccessToken", "1": "secret" },
-    ]
-    const result = redactAsyncStorageData(data, rules) as any[]
-    expect(result[0]["1"]).toBe(REDACTED)
-    expect(result[1]["1"]).toBe(REDACTED)
-    expect(result[2]["1"]).toBe(REDACTED)
-  })
-
-  test("redacts values when storage key uses slash separator", () => {
-    const data = [{ "0": "auth/password", "1": "hunter2" }]
-    const result = redactAsyncStorageData(data, rules) as any[]
-    expect(result[0]["1"]).toBe(REDACTED)
-  })
-
-  test("applies JSON string redaction to values when storage key is not sensitive", () => {
-    const jsonValue = JSON.stringify({ password: "hunter2", api_key: "leaked", note: "Bearer abcdef1234567890ABCDEFGH" })
-    const data = [{ "0": "auth:session_data", "1": jsonValue }]
-    const result = redactAsyncStorageData(data, rules) as any[]
-    // Storage key "auth:session_data" doesn't match sensitiveKeys, but JSON contents do
-    const parsed = JSON.parse(result[0]["1"])
-    expect(parsed.password).toBe(REDACTED)
-    expect(parsed.api_key).toBe(REDACTED)
-    expect(parsed.note).toBe(REDACTED) // Bearer pattern match
-  })
-
-  test("redacts JSON string values when storage key is not sensitive", () => {
-    const jsonValue = JSON.stringify({ password: "hunter2", name: "alice" })
-    const data = [{ "0": "cached:data", "1": jsonValue }]
-    const result = redactAsyncStorageData(data, rules) as any[]
-    const parsed = JSON.parse(result[0]["1"])
-    expect(parsed.password).toBe(REDACTED)
-    expect(parsed.name).toBe("alice")
-  })
-
-  test("handles key-value shape with 'key' and 'value' fields", () => {
-    const data = { key: "auth:password", value: "hunter2" }
-    const result = redactAsyncStorageData(data, rules) as any
-    expect(result.value).toBe(REDACTED)
+  describe("setItem / mergeItem", () => {
+    test("redacts value when storage key carries a sensitive segment", () => {
+      const data = { key: "auth:password", value: "hunter2" }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.value).toBe(REDACTED)
+    })
+
+    test("redacts JSON string values when storage key is not sensitive", () => {
+      const jsonValue = JSON.stringify({ password: "hunter2", name: "alice" })
+      const data = { key: "cached:data", value: jsonValue }
+      const result = redactAsyncStorageData(data, rules) as any
+      const parsed = JSON.parse(result.value)
+      expect(parsed.password).toBe(REDACTED)
+      expect(parsed.name).toBe("alice")
+    })
+  })
+
+  describe("multiSet / multiMerge", () => {
+    test("redacts values when storage key carries a sensitive segment (colon)", () => {
+      const data = {
+        pairs: [
+          ["auth:password", "hunter2"],
+          ["auth:api_key", "leaked-api-key"],
+          ["settings:theme", "dark"],
+        ],
+      }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.pairs[0]).toEqual(["auth:password", REDACTED])
+      expect(result.pairs[1]).toEqual(["auth:api_key", REDACTED])
+      expect(result.pairs[2]).toEqual(["settings:theme", "dark"])
+    })
+
+    test("redacts when storage key uses dot separator", () => {
+      const data = { pairs: [["user.accessToken", "secret-token"]] }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.pairs[0][1]).toBe(REDACTED)
+    })
+
+    test("redacts when storage key uses slash separator", () => {
+      const data = { pairs: [["auth/password", "hunter2"]] }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.pairs[0][1]).toBe(REDACTED)
+    })
+
+    test("redacts when storage key contains sensitive key as substring", () => {
+      const data = {
+        pairs: [
+          ["auth_password", "hunter2"],
+          ["persist:api_key", "leaked"],
+          ["myAccessToken", "secret"],
+        ],
+      }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.pairs[0][1]).toBe(REDACTED)
+      expect(result.pairs[1][1]).toBe(REDACTED)
+      expect(result.pairs[2][1]).toBe(REDACTED)
+    })
+
+    test("applies JSON-string redaction to non-sensitive pair values", () => {
+      const jsonValue = JSON.stringify({ password: "hunter2", api_key: "leaked", note: "Bearer abcdef1234567890ABCDEFGH" })
+      const data = { pairs: [["auth:session_data", jsonValue]] }
+      const result = redactAsyncStorageData(data, rules) as any
+      const parsed = JSON.parse(result.pairs[0][1])
+      expect(parsed.password).toBe(REDACTED)
+      expect(parsed.api_key).toBe(REDACTED)
+      expect(parsed.note).toBe(REDACTED) // Bearer pattern match
+    })
+
+    test("preserves non-pair fields on the wrapper", () => {
+      const data = { pairs: [["auth:password", "hunter2"]], extra: "preserved" }
+      const result = redactAsyncStorageData(data, rules) as any
+      expect(result.extra).toBe("preserved")
+      expect(result.pairs[0][1]).toBe(REDACTED)
+    })
   })
 
   test("handles null and undefined", () => {
@@ -736,9 +750,9 @@ describe("redactAsyncStorageData()", () => {
 
   test("returns data unchanged when no sensitiveKeys configured", () => {
     const emptyRules: McpRedactionRules = { sensitiveKeys: [], valuePatterns: [] }
-    const data = [{ "0": "auth:password", "1": "hunter2" }]
-    const result = redactAsyncStorageData(data, emptyRules) as any[]
-    expect(result[0]["1"]).toBe("hunter2")
+    const data = { pairs: [["auth:password", "hunter2"]] }
+    const result = redactAsyncStorageData(data, emptyRules) as any
+    expect(result.pairs[0][1]).toBe("hunter2")
   })
 })
 
@@ -797,9 +811,9 @@ describe("createRedactor()", () => {
 
   test("redactAsyncStorage applies storage-key heuristic", () => {
     const redactor = createRedactor(mockServer([]), DEFAULT_SERVER_CONFIG)
-    const data = [{ "0": "auth:password", "1": "hunter2" }]
-    const result = redactor.redactAsyncStorage(data) as any[]
-    expect(result[0]["1"]).toBe(REDACTED)
+    const data = { pairs: [["auth:password", "hunter2"]] }
+    const result = redactor.redactAsyncStorage(data) as any
+    expect(result.pairs[0][1]).toBe(REDACTED)
   })
 
   test("returns data unchanged when client has fully disabled redaction", () => {