5a480a3c2a
Some checks failed
Reachability Corpus Validation / validate-corpus (push) Waiting to run
Reachability Corpus Validation / validate-ground-truths (push) Waiting to run
Reachability Corpus Validation / determinism-check (push) Blocked by required conditions
Scanner Analyzers / Discover Analyzers (push) Waiting to run
Scanner Analyzers / Build Analyzers (push) Blocked by required conditions
Scanner Analyzers / Test Language Analyzers (push) Blocked by required conditions
Scanner Analyzers / Validate Test Fixtures (push) Waiting to run
Scanner Analyzers / Verify Deterministic Output (push) Blocked by required conditions
Signals CI & Image / signals-ci (push) Waiting to run
Signals Reachability Scoring & Events / reachability-smoke (push) Waiting to run
Signals Reachability Scoring & Events / sign-and-upload (push) Blocked by required conditions
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Export Center CI / export-ci (push) Has been cancelled
Findings Ledger CI / build-test (push) Has been cancelled
Findings Ledger CI / migration-validation (push) Has been cancelled
Findings Ledger CI / generate-manifest (push) Has been cancelled
Lighthouse CI / Lighthouse Audit (push) Has been cancelled
Lighthouse CI / Axe Accessibility Audit (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
- Introduced `all-edge-reasons.json` to test edge resolution reasons in .NET. - Added `all-visibility-levels.json` to validate method visibility levels in .NET. - Created `dotnet-aspnetcore-minimal.json` for a minimal ASP.NET Core application. - Included `go-gin-api.json` for a Go Gin API application structure. - Added `java-spring-boot.json` for the Spring PetClinic application in Java. - Introduced `legacy-no-schema.json` for legacy application structure without schema. - Created `node-express-api.json` for an Express.js API application structure.
2.3 KiB
2.3 KiB
Logging Standards (DOCS-OBS-50-003)
Last updated: 2025-12-15
Goals
- Deterministic, structured logs for all services.
- Keep tenant safety and redaction guarantees while enabling search, correlation, and offline analysis.
Log shape (JSON)
Required fields:
timestamp(UTC ISO-8601)tenant,workload(service name),env,region,versionlevel(debug|info|warn|error|fatal)category(logger/category name),operation(verb/action)trace_id,span_id,correlation_id(if external)message(concise, no secrets)status(ok|error|fault|throttle)error.code,error.message(redacted),retryable(bool) when status != ok
Optional but recommended:
resource(subject id/purl/path when safe),http.method,http.status_code,duration_ms,host,pid,thread.
Offline Kit / air-gap import fields
When emitting logs for Offline Kit import/activation flows, keep field names stable:
- Required scope key:
tenant_id - Common keys:
bundle_type,bundle_digest,bundle_path,manifest_version,manifest_created_at - Force activation keys:
force_activate,force_activate_reason - Outcome keys:
result,reason_code,reason_message - Quarantine keys:
quarantine_id,quarantine_path
Redaction rules
- Never log Authorization headers, tokens, passwords, private keys, full request/response bodies.
- Redact to
"[redacted]"and addredaction.reason(secret|pii|policy). - Hash low-cardinality identifiers when needed (
sha256hex) and markhashed=true.
Determinism & offline posture
- Stable key ordering not required, but field set must be consistent per log type.
- No external enrichment; rely on bundled metadata (service map, tenant labels).
- All times UTC; newline-delimited JSON (NDJSON); LF line endings.
Sampling & rate limits
- Info logs rate-limited per component (default 100/s); warn/error/fatal never sampled.
- Structured audit logs (
category=audit) are never sampled and must includeactor,action,target,result.
Validation checklist
- Required fields present and non-empty.
- No secrets/PII; redaction markers recorded.
- Correlation fields (
trace_id,span_id) set when spans exist. - Log level matches outcome (errors use warn/error/fatal only).