fix: add style attribute support and logging for public notes

  - Allow style attribute in HTML sanitization for text/background colors
  - Add [PUBLIC API] logging for public note views and not-found attempts
  - Add [PUBLIC_NOTES] logging for public note updates

Author: rui-typelets

src/routes/public-notes/crud.ts

@@ -52,6 +52,7 @@ function sanitizeHtml(html: string): string {
       "href", "src", "alt", "title", "class", "id",
       "target", "rel", "width", "height",
       "colspan", "rowspan",
+      "style", // For text color/background color support
     ],
     // Only allow safe URL protocols (blocks javascript:, data:, vbscript:, etc.)
     ALLOWED_URI_REGEXP: /^(?:https?|mailto|tel):/i,
@@ -254,9 +255,20 @@ crudRouter.openapi(getPublicNoteRoute, async (c) => {
   logger.databaseQuery("select", "public_notes", Date.now() - selectStart);
 
   if (!publicNote) {
+    logger.info("[PUBLIC API] Public note not found", {
+      type: "public_api_event",
+      event_type: "public_note_not_found",
+      slug,
+    });
     throw new HTTPException(404, { message: "Public note not found" });
   }
 
+  logger.info("[PUBLIC API] Public note viewed", {
+    type: "public_api_event",
+    event_type: "public_note_viewed",
+    slug,
+  });
+
   return c.json(publicNote, 200);
 });
 
@@ -343,6 +355,14 @@ crudRouter.openapi(updatePublicNoteRoute, async (c) => {
     .returning();
   logger.databaseQuery("update", "public_notes", Date.now() - updateStart, userId);
 
+  logger.info("[PUBLIC_NOTES] Public note updated", {
+    type: "public_note_event",
+    event_type: "public_note_updated",
+    "user.id": userId,
+    publicNoteId: existingPublicNote.id,
+    slug,
+  });
+
   return c.json(updatedPublicNote, 200);
 });