feat: structured auth logging for log-based analytics #86

New issue

Closed

opened 2026-04-16 13:06:43 -07:00 by pyr0ball · 0 comments

pyr0ball commented 2026-04-16 13:06:43 -07:00

Owner

Copy link

Summary

Add structured auth-type logging to API endpoints so traffic can be analysed by log parsing rather than relying entirely on web analytics.

What Snipe did (reference implementation)

def _auth_label(user_id: str) -> str:
    """Classify user_id → local/anon/guest/authed — no PII."""
    if user_id == "local": return "local"
    if user_id == "anonymous": return "anon"
    if user_id.startswith("guest:"): return "guest"
    return "authed"

Add logging.basicConfig(level=logging.INFO, format="%(levelname)s:%(name)s: %(message)s") so app-level logs appear in docker logs alongside the Uvicorn access log.

Endpoints to instrument

• Session bootstrap: log auth= + tier= on every call; log UUID on new guest creation.
• Primary action endpoints (scan/add item/recipe search/etc.): expand existing log lines with auth=, tier=, and key request params.

Expected log output

INFO:api.main: session new_guest user_id=<uuid>
INFO:api.main: session auth=authed tier=paid
INFO:api.main: scan auth=guest tier=free barcode='012345678901'

Why

Structured key=value log lines are grep/awk-friendly. Enables understanding of anon vs authenticated usage split without client-side tracking.

Reference

Circuit-Forge/snipe@873b9a1 — working implementation.

## Summary Add structured auth-type logging to API endpoints so traffic can be analysed by log parsing rather than relying entirely on web analytics. ## What Snipe did (reference implementation) ```python def _auth_label(user_id: str) -> str: """Classify user_id → local/anon/guest/authed — no PII.""" if user_id == "local": return "local" if user_id == "anonymous": return "anon" if user_id.startswith("guest:"): return "guest" return "authed" ``` Add `logging.basicConfig(level=logging.INFO, format="%(levelname)s:%(name)s: %(message)s")` so app-level logs appear in `docker logs` alongside the Uvicorn access log. ## Endpoints to instrument - **Session bootstrap**: log `auth=` + `tier=` on every call; log UUID on new guest creation. - **Primary action endpoints** (scan/add item/recipe search/etc.): expand existing log lines with `auth=`, `tier=`, and key request params. ## Expected log output ``` INFO:api.main: session new_guest user_id=<uuid> INFO:api.main: session auth=authed tier=paid INFO:api.main: scan auth=guest tier=free barcode='012345678901' ``` ## Why Structured key=value log lines are grep/awk-friendly. Enables understanding of anon vs authenticated usage split without client-side tracking. ## Reference Circuit-Forge/snipe@873b9a1 — working implementation.

pyr0ball closed this issue 2026-04-17 16:59:23 -07:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix/recipe-enrichment-and-bugfixes

fix/a11y-audit

feature/community

feature/meal-planner

feature/orch-auto-lifecycle

feature/shared-task-scheduler

v0.5.1

v0.3.0

v0.5.0

v0.2.0

Labels

Clear labels   

accessibility

  

backlog

  

beta-feedback

  

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

feature-request

  

help wanted

Need some help

  

invalid

Something is wrong

  

needs-design

  

needs-triage

  

question

More information is needed

  

wontfix

This won't be fixed

No labels

accessibility

backlog

beta-feedback

bug

duplicate

enhancement

feature-request

help wanted

invalid

needs-design

needs-triage

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Circuit-Forge/kiwi#86

No description provided.