nightshift: logging-audit — Structured Logging Analysis
Summary
Severity: Medium | ** Zero structured logging across codebase**
Findings
| Pattern |
Count |
Files |
log.Logger (stdlib) |
1 |
internal/logging/logger.go |
| Structured logging (zap/slog) |
0 |
- |
fmt.Print* debugging |
11 |
workflow.go, cli.go |
Details
Finding 1: Basic stdlib logging only
- File:
internal/logging/logger.go
- Issue: Uses
log.Logger from stdlib — no structured logging
- Impact: No JSON output, no log levels, no structured fields for querying
Finding 2: fmt.Sprint* for output
- Files:
internal/app/workflow.go, internal/app/cli.go
- Issue: Uses
fmt.Sprintf for building command strings
- Impact: Not a security issue but makes parsing difficult
Recommendations
- Consider migrating to structured logging (zap or slog)
- Add log levels (DEBUG, INFO, WARN, ERROR)
- Add structured fields:
trace_id, user_id, operation
- Add JSON output option for log aggregation
Code Reference
// Current: basic stdlib logging
std: log.New(os.Stdout, "", 0),
// Recommended: structured with zap
logger, _ := zap.NewProduction()
defer logger.Sync()
Generated by nightshift v3
nightshift: logging-audit — Structured Logging Analysis
Summary
Severity: Medium | ** Zero structured logging across codebase**
Findings
log.Logger(stdlib)internal/logging/logger.gofmt.Print*debuggingworkflow.go,cli.goDetails
Finding 1: Basic stdlib logging only
internal/logging/logger.golog.Loggerfrom stdlib — no structured loggingFinding 2: fmt.Sprint* for output
internal/app/workflow.go,internal/app/cli.gofmt.Sprintffor building command stringsRecommendations
trace_id,user_id,operationCode Reference
Generated by nightshift v3