stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
394b57f6bf8f5e663a5213e465ac0bb42c15bca6
git.stella-ops.org/docs/observability/logging.md
master 5a480a3c2a
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Findings Ledger CI / build-test (push) Has been cancelled
Details
Findings Ledger CI / migration-validation (push) Has been cancelled
Details
Findings Ledger CI / generate-manifest (push) Has been cancelled
Details
Lighthouse CI / Lighthouse Audit (push) Has been cancelled
Details
Lighthouse CI / Axe Accessibility Audit (push) Has been cancelled
Details
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Details
Reachability Corpus Validation / validate-corpus (push) Has been cancelled
Details
Reachability Corpus Validation / validate-ground-truths (push) Has been cancelled
Details
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
Signals Reachability Scoring & Events / reachability-smoke (push) Has been cancelled
Details
Reachability Corpus Validation / determinism-check (push) Has been cancelled
Details
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Details
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
Details
Signals Reachability Scoring & Events / sign-and-upload (push) Has been cancelled
Details
Add call graph fixtures for various languages and scenarios 
- Introduced `all-edge-reasons.json` to test edge resolution reasons in .NET.
- Added `all-visibility-levels.json` to validate method visibility levels in .NET.
- Created `dotnet-aspnetcore-minimal.json` for a minimal ASP.NET Core application.
- Included `go-gin-api.json` for a Go Gin API application structure.
- Added `java-spring-boot.json` for the Spring PetClinic application in Java.
- Introduced `legacy-no-schema.json` for legacy application structure without schema.
- Created `node-express-api.json` for an Express.js API application structure.
2025-12-16 10:44:24 +02:00

50 lines
2.3 KiB
Markdown
Raw Blame History

# Logging Standards (DOCS-OBS-50-003)
Last updated: 2025-12-15
## Goals
- Deterministic, structured logs for all services.
- Keep tenant safety and redaction guarantees while enabling search, correlation, and offline analysis.
## Log shape (JSON)
Required fields:
- `timestamp` (UTC ISO-8601)
- `tenant`, `workload` (service name), `env`, `region`, `version`
- `level` (`debug|info|warn|error|fatal`)
- `category` (logger/category name), `operation` (verb/action)
- `trace_id`, `span_id`, `correlation_id` (if external)
- `message` (concise, no secrets)
- `status` (`ok|error|fault|throttle`)
- `error.code`, `error.message` (redacted), `retryable` (bool) when status != ok
Optional but recommended:
- `resource` (subject id/purl/path when safe), `http.method`, `http.status_code`, `duration_ms`, `host`, `pid`, `thread`.
## Offline Kit / air-gap import fields
When emitting logs for Offline Kit import/activation flows, keep field names stable:
- Required scope key: `tenant_id`
- Common keys: `bundle_type`, `bundle_digest`, `bundle_path`, `manifest_version`, `manifest_created_at`
- Force activation keys: `force_activate`, `force_activate_reason`
- Outcome keys: `result`, `reason_code`, `reason_message`
- Quarantine keys: `quarantine_id`, `quarantine_path`
## Redaction rules
- Never log Authorization headers, tokens, passwords, private keys, full request/response bodies.
- Redact to `"[redacted]"` and add `redaction.reason` (`secret|pii|policy`).
- Hash low-cardinality identifiers when needed (`sha256` hex) and mark `hashed=true`.
## Determinism & offline posture
- Stable key ordering not required, but field set must be consistent per log type.
- No external enrichment; rely on bundled metadata (service map, tenant labels).
- All times UTC; newline-delimited JSON (NDJSON); LF line endings.
## Sampling & rate limits
- Info logs rate-limited per component (default 100/s); warn/error/fatal never sampled.
- Structured audit logs (`category=audit`) are never sampled and must include `actor`, `action`, `target`, `result`.
## Validation checklist
- [ ] Required fields present and non-empty.
- [ ] No secrets/PII; redaction markers recorded.
- [ ] Correlation fields (`trace_id`, `span_id`) set when spans exist.
- [ ] Log level matches outcome (errors use warn/error/fatal only).
Reference in New Issue View Git Blame Copy Permalink