Skip to content

Persist auth-flow events to glean-server.log#31

Open
swarup-padhi-glean wants to merge 1 commit into
swarup/plugin-version-loggingfrom
swarup/plugin-auth-logging
Open

Persist auth-flow events to glean-server.log#31
swarup-padhi-glean wants to merge 1 commit into
swarup/plugin-version-loggingfrom
swarup/plugin-auth-logging

Conversation

@swarup-padhi-glean

Copy link
Copy Markdown
Contributor

Stacked on #29 (plugin-version-logging). Review/merge that first; this PR's diff is auth-only against it.

Why

The OAuth sign-in lifecycle was stderr-only[auth] … console.error calls in remote-client.ts / auth-provider.ts / token-store.ts. start.sh does not redirect stderr into glean-server.log, so the persisted log could never show whether sign-in started, the token exchange succeeded or failed, or credentials were invalidated. A failed login was indistinguishable from one that was never attempted — exactly the blind spot that made a recent problematic session impossible to diagnose from logs.

What

  • Extract logLine into a shared src/log.ts so every module logs through one sink. The path is resolved per-call and the log dir is created lazily on first write, so importing log.ts has no filesystem side effects (safe to pull into any unit under test).
  • Route the auth milestones through it, tagged with the chat session id where available:
    setup.sign-in-started, setup.complete, auth.code-exchange-start, auth.code-exchange-complete, auth.code-exchange-failed, auth.fresh-dcr, auth.invalidate, auth.persist-failed, auth.clear-failed.
  • The verbose [fetch] request logging and the callback-listening line stay on stderr (high-volume / benign).
  • Adds tests/log.test.ts for the extracted module.

Verification

Notes

Per-line session-id tagging on all events (not just auth) is a broader observability change left for a follow-up — this PR scopes to the auth flow as requested.

The OAuth sign-in lifecycle was stderr-only (`[auth] …` console.error
in remote-client / auth-provider / token-store), and start.sh does not
redirect stderr to glean-server.log — so the log could not show whether
sign-in started, the token exchange succeeded/failed, or credentials
were invalidated. A failed login looked identical to "never attempted."

Extract logLine into a shared src/log.ts (lazy dir init — importing it
has no filesystem side effects) and route the auth milestones through
it, tagged with the chat session id where available:
  setup.sign-in-started, setup.complete, auth.code-exchange-start,
  auth.code-exchange-complete, auth.code-exchange-failed, auth.fresh-dcr,
  auth.invalidate, auth.persist-failed, auth.clear-failed.

The verbose [fetch] request logging and the callback-listening line stay
on stderr (high volume / benign). Adds tests/log.test.ts for the
extracted module.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant