-
Notifications
You must be signed in to change notification settings - Fork 0
Open
Labels
enhancementNew feature or requestNew feature or requestgood first issueGood for newcomersGood for newcomers
Description
Issue 3: Add Structured Logging for Detection Results
Labels: enhancement, logging, observability, good-first-issue
Problem Statement
Detection results are currently logged inconsistently using console.log(). This makes it difficult to:
- Parse logs programmatically
- Integrate with SIEM systems
- Debug false positives/negatives
- Analyze patterns over time
Structured JSON logging would enable better observability and downstream analysis.
Proposed Approach
- Install Winston (or similar structured logging library)
- Create
backend/src/utils/detectionLogger.js - Define standard log format:
{ timestamp: "2026-02-23T02:00:00.000Z", level: "info", requestId: "req_abc123", userId: "user_xyz", detection: { detected: true, riskScore: 85, policies: [ { name: "cross-step-exfiltration", matched: true, confidence: 0.92 } ] }, action: "blocked", processingTimeMs: 23 }
- Add log rotation (daily, 30-day retention)
- Replace all
console.log()calls in detection path - Add tests to verify log structure
Acceptance Criteria
- All detection results logged to
logs/detections.login JSON format - Logs include: timestamp, requestId, userId, riskScore, action, processingTime
- Log rotation works (daily files, max 30 days)
- No
console.log()remains in detection code paths - Demo mode shows example detections in logs
- Documentation added for log format
Estimated Complexity
6-10 hours
Files to Modify
backend/src/utils/detectionLogger.js(create)backend/src/policies/*.js(replace console.log calls)backend/src/middleware/proxy.js(integrate logger)package.json(add winston dependency)docs/LOGGING.md(create)
Dependencies
npm install winston winston-daily-rotate-fileTechnical Notes
Use winston.format.json() for structured output. Ensure sensitive data (PII, API keys) is not logged in plaintext.
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
enhancementNew feature or requestNew feature or requestgood first issueGood for newcomersGood for newcomers