Skip to main content

Module logging

ai_memory

Module logging 

Source
Expand description

Operational logging facility (PR-5 of issue #487).

Routes the binary’s existing tracing::info! / tracing::warn! / tracing::error! call sites through a rotating, on-disk file appender so operators can ingest server logs into Splunk, Datadog, Loki, etc.

Default-OFF. Without a [logging] block in config.toml the daemon keeps the legacy tracing-subscriber::fmt setup that writes to stderr. Enabling file logging is opt-in:

[logging]
enabled = true
path = "~/.local/state/ai-memory/logs/"
max_size_mb = 100
max_files = 30
retention_days = 90
structured = false
level = "info"

See docs/security/audit-trail.md for the SIEM ingestion guide.

Constants§

DEFAULT_LOG_DIRECTIVE
Default tracing EnvFilter directive applied when RUST_LOG is unset — INFO-level for the substrate’s own crate only. One spelling for every fallback-filter construction site (pm-v3.1 gate, #1558 wave 4).
URL_PASSWORD_MASK
Mask substituted for the userinfo password portion of a URL by redact_url_password / redact_urls_in_message. The username and host stay readable so operators can still correlate the log line with the deployment; only the secret is destroyed.

Functions§

build_appender
Build the rolling file appender with the rotation policy from cfg. Defaults to daily rotation with max_files retained on disk.
init_file_logging
Initialise the file logging facility. Returns a WorkerGuard that the caller MUST keep alive for the lifetime of the process — when dropped it flushes the in-memory buffer to disk. Returns None when logging is disabled.
redact_url_password
#1579 A3 (SECURITY) — redact the userinfo password portion of a single URL: postgres://user:hunter2@host:5432/db becomes postgres://user:****@host:5432/db.
redact_urls_in_message
#1579 A3 (SECURITY) — companion to redact_url_password for free-text diagnostics that may EMBED a URL (e.g. a wrapped sqlx::Error::Configuration("invalid url postgres://…") whose Display interpolates the connection target). Scans the message for scheme:// runs and masks the userinfo password inside each one; every other byte passes through unchanged.
resolve_log_dir
Resolve the configured log directory honouring the user-mandated precedence ladder: CLI > env (AI_MEMORY_LOG_DIR) > [logging] path in config > platform default. The cfg-only entry point is kept for callers that don’t have a CLI override; subcommand wiring uses resolve_log_dir_with_override directly.
resolve_log_dir_with_override
Strict version: returns the log_paths::ResolvedDir so callers can surface the resolution layer in error messages, and propagates the world-writable-refusal error.