Add structured logging for detection results #62
Description
Issue 3: Add Structured Logging for Detection Results
Labels: enhancement, logging, observability, good-first-issue
Problem Statement
Detection results are currently logged inconsistently using console.log(). This makes it difficult to:
- Parse logs programmatically
- Integrate with SIEM systems
- Debug false positives/negatives
- Analyze patterns over time
Structured JSON logging would enable better observability and downstream analysis.
Proposed Approach
- Install Winston (or similar structured logging library)
- Create
backend/src/utils/detectionLogger.js - Define standard log format:
{ timestamp: "2026-02-23T02:00:00.000Z", level: "info", requestId: "req_abc123", userId: "user_xyz", detection: { detected: true, riskScore: 85, policies: [ { name: "cross-step-exfiltration", matched: true, confidence: 0.92 } ] }, action: "blocked", processingTimeMs: 23 }
- Add log rotation (daily, 30-day retention)
- Replace all
console.log()calls in detection path - Add tests to verify log structure
Acceptance Criteria
- All detection results logged to
logs/detections.login JSON format - Logs include: timestamp, requestId, userId, riskScore, action, processingTime
- Log rotation works (daily files, max 30 days)
- No
console.log()remains in detection code paths - Demo mode shows example detections in logs
- Documentation added for log format
Estimated Complexity
6-10 hours
Files to Modify
backend/src/utils/detectionLogger.js(create)backend/src/policies/*.js(replace console.log calls)backend/src/middleware/proxy.js(integrate logger)package.json(add winston dependency)docs/LOGGING.md(create)
Dependencies
npm install winston winston-daily-rotate-fileTechnical Notes
Use winston.format.json() for structured output. Ensure sensitive data (PII, API keys) is not logged in plaintext.