debug: structured tool/HTTP logging, request IDs, config dump
check-and-test / check-and-test (pull_request) Has been cancelled
check-and-test / check-and-test (pull_request) Has been cancelled
Closes #13. Today GITEA_DEBUG=true only flips the zap level to debug, dumps a contextless `Text Result:` blob per tool call, and enables the gitea SDK's own debug stream (which doesn't merge with our log file). That is not enough to diagnose a misbehaving tool call in production. This change introduces: - A `pkg/middleware.ToolLogging` ToolHandlerMiddleware that logs each tool invocation on entry and exit with structured fields: tool name, redacted args, request_id, token source, duration_ms, and status. The request_id is stashed in the context so downstream layers can correlate. - A `loggingRoundTripper` in `pkg/gitea` that wraps the shared HTTP transport and emits one structured line per upstream Gitea API call (method, token-stripped URL, status, duration_ms, bytes). This replaces — and is far more useful than — `gitea.SetDebugMode()`. - An effective-config dump at startup (`logEffectiveConfig`) when debug+config scope is on, so "did my env var get picked up?" becomes answerable from the log file. - Token source tracking. CLI flag / GITEA_ACCESS_TOKEN / GITEA_ACCESS_TOKEN_FILE / per-request Authorization header are now distinguished in logs as flag/env/env-file/header. - A baseline redactor in `pkg/debug` that masks args / query params whose keys look like secrets (token, password, secret, api_key, authorization, …). This is the placeholder for issue #5's shared redactor; once that lands, callers here should defer to it. - `GITEA_DEBUG_SCOPES` env var to scope debug output to any subset of `tools,http,config`. Default (unset) is "everything". Test coverage was added for the redactor, scope flag, request-id helpers, preview truncation (multibyte-safe), and the middleware's context wiring + error propagation. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
+27
-1
@@ -61,6 +61,7 @@ func init() {
|
||||
fmt.Fprintf(w, " GITEA_ACCESS_TOKEN\tProvide access token\n")
|
||||
fmt.Fprintf(w, " GITEA_ACCESS_TOKEN_FILE\tPath to a file containing the access token (e.g. a Docker secret)\n")
|
||||
fmt.Fprintf(w, " GITEA_DEBUG\tSet to 'true' for debug mode\n")
|
||||
fmt.Fprintf(w, " GITEA_DEBUG_SCOPES\tComma-separated debug scopes: tools, http, config (default: all)\n")
|
||||
fmt.Fprintf(w, " GITEA_HOST\tOverride Gitea host URL\n")
|
||||
fmt.Fprintf(w, " GITEA_INSECURE\tSet to 'true' to ignore TLS errors\n")
|
||||
fmt.Fprintf(w, " GITEA_READONLY\tSet to 'true' for read-only mode\n")
|
||||
@@ -79,8 +80,14 @@ func init() {
|
||||
flagPkg.Port = port
|
||||
|
||||
flagPkg.Token = token
|
||||
if flagPkg.Token != "" {
|
||||
flagPkg.TokenSource = "flag"
|
||||
}
|
||||
if flagPkg.Token == "" {
|
||||
flagPkg.Token = os.Getenv("GITEA_ACCESS_TOKEN")
|
||||
if v := os.Getenv("GITEA_ACCESS_TOKEN"); v != "" {
|
||||
flagPkg.Token = v
|
||||
flagPkg.TokenSource = "env"
|
||||
}
|
||||
}
|
||||
if flagPkg.Token == "" {
|
||||
if tokenFile := os.Getenv("GITEA_ACCESS_TOKEN_FILE"); tokenFile != "" {
|
||||
@@ -90,6 +97,9 @@ func init() {
|
||||
os.Exit(1)
|
||||
}
|
||||
flagPkg.Token = strings.TrimRight(string(data), "\r\n")
|
||||
if flagPkg.Token != "" {
|
||||
flagPkg.TokenSource = "env-file"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -115,6 +125,22 @@ func init() {
|
||||
flagPkg.Debug = true
|
||||
}
|
||||
|
||||
// GITEA_DEBUG_SCOPES restricts what categories of debug output are
|
||||
// emitted. Empty (the default) means "everything". Known scopes:
|
||||
// "tools" (per-tool-call entry/exit), "http" (upstream Gitea API
|
||||
// requests), "config" (effective config dump at startup).
|
||||
if scopes := os.Getenv("GITEA_DEBUG_SCOPES"); scopes != "" {
|
||||
set := map[string]struct{}{}
|
||||
for s := range strings.SplitSeq(scopes, ",") {
|
||||
if s = strings.TrimSpace(s); s != "" {
|
||||
set[s] = struct{}{}
|
||||
}
|
||||
}
|
||||
if len(set) > 0 {
|
||||
flagPkg.DebugScopes = set
|
||||
}
|
||||
}
|
||||
|
||||
// Set insecure mode based on environment variable
|
||||
if os.Getenv("GITEA_INSECURE") == "true" {
|
||||
flagPkg.Insecure = true
|
||||
|
||||
Reference in New Issue
Block a user