Skip to content

[log] feat(config): add debug logging to guard policy validation and parsing#2168

Draft
github-actions[bot] wants to merge 1 commit intomainfrom
log/guard-policy-debug-logging-807ecee8cd137078
Draft

[log] feat(config): add debug logging to guard policy validation and parsing#2168
github-actions[bot] wants to merge 1 commit intomainfrom
log/guard-policy-debug-logging-807ecee8cd137078

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 19, 2026

Summary

Adds logGuardPolicy debug log calls to four key functions in internal/config/guard_policy.go that previously had no logging, improving troubleshootability when guard policy configuration issues arise.

Changes

File: internal/config/guard_policy.go

Added 7 targeted debug log calls (reusing existing logGuardPolicy = logger.New("config:guard_policy")):

ValidateGuardPolicy

  • Logs when policy is nil (clarifies the error path)
  • Logs when delegating to write-sink validation, including acceptCount
  • Logs when delegating to allow-only normalization

ValidateWriteSinkPolicy

  • Logs acceptCount on entry for visibility into policy size
  • Logs wildcard detection (["*"]) as a distinct valid path

ParseServerGuardPolicy

  • Logs serverID and keyCount on entry to trace which server's policy is being parsed

ParsePolicyMap

  • Logs detected format (hasAllowOnly, hasWriteSink) after key detection, distinguishing modern vs legacy policy map format

Why This Matters

These functions are the critical path for guard policy configuration parsing and validation. When a misconfigured policy causes startup failures, these log calls (enabled via DEBUG=config:guard_policy or DEBUG=*) will immediately surface:

  • Which server's policy triggered the error
  • Which policy type was detected
  • Which validation branch was taken

Testing

  • Single file modified: internal/config/guard_policy.go
  • No test files modified
  • Reuses existing logGuardPolicy logger — no new imports
  • Logger arguments are all simple values (no side effects)
  • No duplicate logging with existing calls

Generated by Go Logger Enhancement ·

@github-actions
feat(config): add debug logging to guard policy validation and parsing
d57de5c 
Add logGuardPolicy debug calls to ValidateGuardPolicy, ValidateWriteSinkPolicy,
ParseServerGuardPolicy, and ParsePolicyMap to improve troubleshootability
when guard policy configuration issues occur.

- ValidateGuardPolicy: logs nil policy, write-sink delegation with accept count,
  and allow-only normalization delegation
- ValidateWriteSinkPolicy: logs accept count and wildcard detection
- ParseServerGuardPolicy: logs serverID and key count on entry
- ParsePolicyMap: logs detected policy format (allow-only/write-sink/legacy)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions bot added automation enhancement New feature or request labels Mar 19, 2026
@github-actions github-actions bot mentioned this pull request Mar 20, 2026
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automation enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants