feat: add /utils subpath export with diffSanitizedFields and buildSanitizedWarning

[ioncache]

Summary

Applications using data-sanitization in log middleware commonly need two utilities beyond the core sanitizeData call:

• diffSanitizedFields(original, sanitized) — recursively diffs two parsed log objects and returns dot-notation paths for any keys whose values changed, indicating which fields were sanitized
• buildSanitizedWarning(originalStr, sanitizedStr) — builds a structured warning log entry (suitable for pino, winston, etc.) identifying which fields were sanitized, for prepending to the sanitized log line

These are currently only available to applications that inline them. Exporting them from a data-sanitization/utils subpath makes them reusable across projects without duplicating the logic.

Proposed API

import { diffSanitizedFields, buildSanitizedWarning } from 'data-sanitization/utils'

// Returns dot-notation paths of fields that changed after sanitization
diffSanitizedFields(
  { user: { email: 'a@b.com' }, msg: 'hi' },
  { user: { email: '**********' }, msg: 'hi' }
)
// => ['user.email']

// Returns a structured warning log line, or null if either string is not parseable JSON
buildSanitizedWarning(
  '{"level":30,"time":1,"pid":1,"hostname":"x","email":"a@b.com","msg":"hi"}',
  '{"level":30,"time":1,"pid":1,"hostname":"x","email":"**********","msg":"hi"}'
)
// => '{"level":40,"time":1,"pid":1,"hostname":"x","msg":"sensitive data found in log entry","fields":["email"]}'

Notes

• These are additive exports — no changes to the existing sanitizeData API
• The data-sanitization/utils subpath requires a new entry in the exports field of package.json
• Tracked in docs/ROADMAP.md under "Ecosystem Expansion"
• The data-sanitization-log-providers companion package (see separate issue) will import from this subpath