feat(sdk-core): add custom logger with sensitive data sanitization

Implements custom logger to prevent token exposure in test/staging environments.
Replaced 111 console statements across 52 files with logger that redacts sensitive
keys (token, bearer, prv, privatekey, password, otp) and v2x bearer tokens.

Technical changes:
- Created sanitizeLog.ts with recursive sanitization (O(1) Set lookups)
- Created logger.ts with conditional sanitization (test/staging only)
- Exported logger from sdk-core for SDK-wide access
- Updated 52 files across express, sdk-core, sdk-api, abstract, coin, and utility modules

Ticket: WP-7503

Author: rishikeshdadam136

modules/abstract-utxo/src/transaction/fixedScript/verifyTransaction.ts

@@ -1,7 +1,7 @@
 import buildDebug from 'debug';
 import _ from 'lodash';
 import BigNumber from 'bignumber.js';
-import { BitGoBase, logger, TxIntentMismatchError, IBaseCoin } from '@bitgo/sdk-core';
+import { BitGoBase, TxIntentMismatchError, IBaseCoin } from '@bitgo/sdk-core';
 import * as utxolib from '@bitgo/utxo-lib';
 
 import { AbstractUtxoCoin, VerifyTransactionOptions } from '../../abstractUtxoCoin';
@@ -106,7 +106,7 @@ export async function verifyTransaction<TNumber extends bigint | number>(
   } else if (!disableNetworking) {
     // these keys were obtained online and their signatures were not verified
     // this could be dangerous
-    logger.info('unsigned keys obtained online are being used for address verification');
+    console.log('unsigned keys obtained online are being used for address verification');
   }
 
   if (parsedTransaction.needsCustomChangeKeySignatureVerification) {

modules/unspents/bin/generate_tables.ts

@@ -1,4 +1,3 @@
-import { logger } from '@bitgo/sdk-core';
 import * as fs from 'fs/promises';
 import * as utxolib from '@bitgo/utxo-lib';
 
@@ -90,6 +89,6 @@ function generateDocument() {
 if (require.main === module) {
   const outfile = 'docs/input-costs.md';
   fs.writeFile(outfile, generateDocument())
-    .then(() => logger.log('wrote to', outfile))
-    .catch((e) => logger.error(e));
+    .then(() => console.log('wrote to', outfile))
+    .catch((e) => console.error(e));
 }

modules/utxo-bin/src/args/parseString.ts

@@ -1,6 +1,5 @@
 import * as process from 'process';
 import * as fs from 'fs';
-import { logger } from '@bitgo/sdk-core';
 
 type Format = 'hex' | 'base64';
 export function stringToBuffer(data: string, format: Format | Format[]): Buffer {
@@ -99,8 +98,8 @@ export async function argToString(argv: ReadStringOptions, input?: string): Prom
     if (input) {
       throw new Error(`conflicting arguments`);
     }
-    logger.log('Reading from stdin. Please paste hex-encoded transaction data.');
-    logger.log('After inserting data, press Ctrl-D to finish. Press Ctrl-C to cancel.');
+    console.log('Reading from stdin. Please paste hex-encoded transaction data.');
+    console.log('After inserting data, press Ctrl-D to finish. Press Ctrl-C to cancel.');
     if (process.stdin.isTTY) {
       input = await readStdin();
     } else {

modules/utxo-bin/src/commands/cmdAddress/cmdGenerate.ts

@@ -1,6 +1,5 @@
 import * as utxolib from '@bitgo/utxo-lib';
 import { CommandModule } from 'yargs';
-import { logger } from '@bitgo/sdk-core';
 
 import { getNetworkOptionsDemand, keyOptions, KeyOptions } from '../../args';
 import {
@@ -71,9 +70,9 @@ export const cmdGenerateFixedScript: CommandModule<unknown, ArgsGenerateAddressF
       index: getIndexRangeFromArgv(argv),
     })) {
       if (argv.format === 'tree') {
-        logger.log(formatAddressTree(address));
+        console.log(formatAddressTree(address));
       } else {
-        logger.log(formatFixedScriptAddress(address, argv.format));
+        console.log(formatFixedScriptAddress(address, argv.format));
       }
     }
   },
@@ -110,9 +109,9 @@ export const cmdFromDescriptor: CommandModule<unknown, ArgsGenerateDescriptorAdd
       index: getIndexRangeFromArgv(argv),
     })) {
       if (argv.format === 'tree') {
-        logger.log(formatAddressTree(address));
+        console.log(formatAddressTree(address));
       } else {
-        logger.log(formatDescriptorAddress(address, argv.format));
+        console.log(formatDescriptorAddress(address, argv.format));
       }
     }
   },

modules/utxo-bin/src/commands/cmdAddress/cmdParse.ts

@@ -1,6 +1,5 @@
 import * as utxolib from '@bitgo/utxo-lib';
 import * as yargs from 'yargs';
-import { logger } from '@bitgo/sdk-core';
 
 import { AddressParser } from '../../AddressParser';
 import { formatTreeOrJson, FormatTreeOrJson, getNetworkOptions } from '../../args';
@@ -34,6 +33,6 @@ export const cmdParse = {
 
   handler(argv: yargs.Arguments<ArgsParseAddress>): void {
     const parsed = getAddressParser(argv).parse(argv.address);
-    logger.log(formatString(parsed, argv));
+    console.log(formatString(parsed, argv));
   },
 } as const;

modules/utxo-bin/src/commands/cmdBip32.ts

@@ -1,7 +1,6 @@
 import * as crypto from 'crypto';
 
 import * as yargs from 'yargs';
-import { logger } from '@bitgo/sdk-core';
 import { CommandModule } from 'yargs';
 import * as utxolib from '@bitgo/utxo-lib';
 
@@ -28,7 +27,7 @@ export const cmdBip32Parse: CommandModule<unknown, ArgsBip32Generate> = {
       .option('derive', { type: 'string', description: 'show xpub derived with path' });
   },
   handler(argv): void {
-    logger.log(formatString(parseBip32(argv.bip32Key, { derive: argv.derive }), argv));
+    console.log(formatString(parseBip32(argv.bip32Key, { derive: argv.derive }), argv));
   },
 };
 
@@ -44,8 +43,8 @@ export const cmdBip32Generate: CommandModule<unknown, GenerateBip32Args> = {
   },
   handler(argv) {
     const key = utxolib.bip32.fromSeed(crypto.createHash('sha256').update(argv.seed).digest());
-    logger.log(key.toBase58());
-    logger.log(key.neutered().toBase58());
+    console.log(key.toBase58());
+    console.log(key.neutered().toBase58());
   },
 };
 

modules/utxo-bin/src/commands/cmdDescriptor/fromFixedScript.ts

@@ -1,6 +1,5 @@
 import { CommandModule } from 'yargs';
 import * as utxolib from '@bitgo/utxo-lib';
-import { logger } from '@bitgo/sdk-core';
 import { getNamedDescriptorsForRootWalletKeys } from '@bitgo/utxo-core/descriptor';
 
 import {
@@ -52,9 +51,9 @@ export const cmdFromFixedScript: CommandModule<unknown, ArgsFixedScriptToDescrip
       [...descriptorMap].map(([name, descriptor]) => [name, descriptor?.toString() ?? null])
     );
     if (argv.format === 'tree') {
-      logger.log(formatObjAsTree('descriptors', obj));
+      console.log(formatObjAsTree('descriptors', obj));
     } else if (argv.format === 'json') {
-      logger.log(JSON.stringify(obj, null, 2));
+      console.log(JSON.stringify(obj, null, 2));
     } else {
       throw new Error(`Invalid format: ${argv.format}. Expected 'tree' or 'json'.`);
     }

modules/utxo-bin/src/commands/cmdParseScript.ts

@@ -1,6 +1,5 @@
 import * as utxolib from '@bitgo/utxo-lib';
 import * as yargs from 'yargs';
-import { logger } from '@bitgo/sdk-core';
 
 import { ScriptParser } from '../ScriptParser';
 import { formatTreeOrJson, FormatTreeOrJson, stringToBuffer, getNetworkOptionsDemand } from '../args';
@@ -31,6 +30,6 @@ export const cmdParseScript = {
   handler(argv: yargs.Arguments<ArgsParseScript>): void {
     const script = stringToBuffer(argv.script, 'hex');
     const parsed = getScriptParser(argv).parse(script);
-    logger.log(formatString(parsed, { ...argv, all: true }));
+    console.log(formatString(parsed, { ...argv, all: true }));
   },
 };

modules/utxo-bin/src/commands/cmdParseTx.ts

@@ -1,6 +1,5 @@
 import * as utxolib from '@bitgo/utxo-lib';
 import * as yargs from 'yargs';
-import { logger } from '@bitgo/sdk-core';
 
 import {
   argToString,
@@ -157,7 +156,7 @@ export const cmdParseTx = {
     });
 
     if (argv.parseAsUnknown) {
-      logger.log(formatString(parseUnknown(new Parser(), 'tx', tx), argv));
+      console.log(formatString(parseUnknown(new Parser(), 'tx', tx), argv));
       return;
     }
 
@@ -177,6 +176,6 @@ export const cmdParseTx = {
           : undefined,
     });
 
-    logger.log(formatString(parsed, argv));
+    console.log(formatString(parsed, argv));
   },
 } as const;

modules/utxo-bin/src/commands/cmdPsbt/withPsbt.ts

@@ -1,6 +1,5 @@
 import * as fs from 'fs/promises';
 import * as utxolib from '@bitgo/utxo-lib';
-import { logger } from '@bitgo/sdk-core';
 
 import { argToString, getNetworkOptionsDemand, readStringOptions } from '../../args';
 import { Buffer } from 'buffer';
@@ -73,7 +72,7 @@ export async function emitOutput(value: utxolib.Psbt | Buffer | string, args: In
     }
     await fs.writeFile(path, value);
   } else {
-    logger.log(value);
+    console.log(value);
   }
 }