Skip to main content
hc
Submit
rulesSource-backedReview first Safety Privacy

Structured Logging Review Rules

Source-backed rules for reviewing application logging changes, covering structured machine-readable events, consistent levels, correlation and trace context, actionable messages, log volume and cost, and keeping secrets and personal data out of logs.

by jaso0n0818·added 2026-06-19·
Claude Code
HarnessClaude Code
Review first review before installing

Open the source and read safety notes before installing.

Safety notes

  • Logging in a hot path or inside a tight loop can dominate latency and overwhelm the log pipeline, turning observability into a performance and availability problem.
  • High-cardinality fields and large payloads can explode log index size and cost, and can trip ingestion limits that drop later, more important logs.
  • Removing or downgrading logs that incident responders rely on can make a future outage much harder to diagnose, so changes to error and audit logs deserve extra scrutiny.

Privacy notes

  • Logs frequently capture access tokens, passwords, API keys, session ids, full request and response bodies, emails, and other personal data when developers log whole objects.
  • Do not paste raw log lines containing secrets or personal data into public PR comments; redact them and prefer synthetic examples.
  • Be careful with logging frameworks that serialize entire objects, since they can silently copy sensitive fields into logs and downstream log stores.

Prerequisites

  • A pull request or diff that adds, edits, or removes log statements, or that changes the logging library, format, levels, or configuration.
  • Knowledge of the logging stack in use, since structured output, level semantics, and context propagation differ between libraries and runtimes.
  • Awareness of where logs are shipped and retained, since volume, cost, and privacy exposure depend on the downstream log platform.
  • Permission to block merge when a change logs secrets or personal data, floods a hot path, or removes context needed to debug incidents.

Schema details

Install type
copy
Troubleshooting
Yes
Collection metadata
Estimated setup
20 minutes
Difficulty
intermediate
Full copyable content
You are reviewing a change to application logging.

Rules:
1. Emit logs as structured, machine-readable events with stable field names,
   not ad-hoc string concatenation that is hard to query.
2. Use log levels consistently: error for actionable failures, warn for
   recoverable problems, info for milestones, and debug for detail.
3. Attach correlation and trace context (request, trace, and span ids) so a
   single flow can be followed across services.
4. Write actionable messages that say what happened and what to do, and avoid
   logging the same condition repeatedly in a hot path.
5. Control volume and cost; do not log large payloads, per-iteration spam, or
   high-cardinality fields that explode index size.
6. Never log secrets, credentials, tokens, full request bodies, or personal
   data; redact or omit sensitive fields at the source.

About this resource

Purpose

Use these rules when a change touches application logging. The goal is to keep logs useful, queryable, and affordable for debugging real incidents, while keeping secrets and personal data out of them, instead of logging everything as unstructured text.

This is a review policy, not a logging-library tutorial. It tells reviewers what must be true about a log change's structure, levels, context, volume, and privacy before the change is safe to merge.

Review Inputs

Collect enough context to know what is logged and where it goes.

  1. Change surface. Which statements are added, edited, or removed, and whether they sit on a hot path, in a loop, or in error handling.
  2. Level intent. Whether each statement's level matches its severity and whether the change shifts levels in a way that hides or floods signal.
  3. Context. Whether correlation, trace, and span identifiers are present so logs can be tied to a request and to traces.
  4. Payload. What fields and objects are serialized, and whether any can contain secrets, credentials, or personal data.
  5. Destination. Where logs are shipped and retained, since that governs volume, cost, and privacy exposure.

If the change cannot say which statements are on hot paths and what fields they serialize, require that context before reviewing wording.

Structure And Format Rules

  • Emit logs as structured events with stable, documented field names rather than interpolated free-text strings.
  • Keep one event per logical occurrence; do not split a single condition across several unrelated log lines.
  • Use consistent field names and types across the codebase so queries and dashboards stay reliable.
  • Treat logs as an event stream the application writes to standard output, and leave routing and storage to the platform.
  • Avoid embedding large blobs, stack-trace duplication, or serialized whole objects where a few stable fields would do.

Level And Signal Rules

  • Reserve error for conditions that need action, and do not log expected control-flow as errors.
  • Use warn for recoverable or degraded conditions, info for meaningful milestones, and debug for verbose detail.
  • Do not log the same condition on every iteration of a hot loop; sample, aggregate, or rate-limit instead.
  • Make sure changing a level does not silently remove a signal incident responders depend on.
  • Keep noisy third-party logs from drowning the application's own signal.

Context And Correlation Rules

  • Attach request, trace, and span identifiers so a flow can be followed across services and matched to traces.
  • Propagate correlation context through async work, queues, and background jobs, not just the initial request.
  • Include enough stable context (operation, outcome, duration) to make a log line actionable on its own.
  • Avoid logging unbounded user input as a field name or as a high-cardinality value that fragments indexes.
  • Keep timestamps and time zones consistent and machine-parseable.

Volume, Cost, And Privacy Rules

Logs are not free, and they can leak.

  • Control volume: avoid per-iteration logging, large payloads, and duplicate lines that inflate ingestion and cost.
  • Watch cardinality: user ids, request bodies, and unbounded values as indexed fields can explode storage.
  • Never log secrets, tokens, passwords, full authorization headers, or raw request bodies; redact at the source.
  • Treat personal data in logs as regulated; minimize, mask, or omit it and honor retention limits.
  • Prefer explicit, allow-listed fields over serializing whole objects that may carry sensitive data.

Merge Blockers

Block merge until resolved when:

  • a log statement serializes secrets, credentials, tokens, full request bodies, or personal data;
  • logging is added to a hot path or tight loop without sampling or rate limits;
  • levels are misused so failures are hidden or normal flow is logged as errors;
  • a change removes or downgrades error or audit logs that incident response relies on, without justification;
  • high-cardinality or large-payload fields are logged in a way that will explode index size and cost;
  • logs lack the correlation or trace context needed to follow a request across services.

Review Checklist

  • {"task": "Structured events", "description": "Logs are machine-readable with stable field names, not interpolated strings"}
  • {"task": "Levels correct", "description": "Error, warn, info, and debug are used consistently for the right severities"}
  • {"task": "Context present", "description": "Correlation, trace, and span identifiers tie logs to requests and traces"}
  • {"task": "Volume controlled", "description": "No hot-path spam, large payloads, or high-cardinality fields that explode cost"}
  • {"task": "Actionable", "description": "Messages state what happened and what to do, and audit/error logs are preserved"}
  • {"task": "Privacy safe", "description": "No secrets, credentials, full bodies, or personal data are logged"}

AI Review Rules

AI assistants can help review logging, but they should show their evidence.

  • Ask the assistant to flag any statement that serializes a whole object or request body before judging the change.
  • Require it to identify hot-path or loop logging and propose sampling or rate limits.
  • Have the assistant check that levels match severity rather than only that the code compiles.
  • Do not let the assistant assume context propagation works; require the correlation fields to be shown.
  • Re-run review after changes to log levels, fields, or the logging configuration.

Troubleshooting

  • Logs are hard to query: move from interpolated strings to structured fields with stable names.
  • A loop floods the log pipeline: sample, aggregate, or rate-limit and drop the level to debug.
  • A log leaked a token: redact at the source, switch from whole-object serialization to allow-listed fields, and scrub the artifact.
  • Logs cost too much: cut large payloads and high-cardinality fields and review retention.
  • An incident was hard to trace: add correlation and trace ids and propagate them through async work.

Duplicate And History Check

Checked existing rules, hooks, statuslines, guides, collections, skills, open PRs, and closed PRs for structured logging, log levels, observability, correlation ids, log volume and cost, and logging of sensitive data.

Adjacent content includes general observability and privacy rules, but no entry is a portable pre-merge review policy specifically for application logging changes. This entry is distinct because it decides what must be true about a log change's structure, levels, context, volume, and privacy before it can merge.

No prior closed PR for this rule was found during the duplicate/history check.

Log Level Reference

The level semantics below follow common logging guidance and drive how each statement should be classified during review.

Level Use for Reviewer action
error Actionable failures needing attention Ensure it is a real failure, not expected control flow
warn Recoverable or degraded conditions Confirm it is not noise and is worth alerting on
info Meaningful milestones and outcomes Keep it sparse and stable for dashboards
debug Verbose diagnostic detail Off by default in production; never log secrets

Treating logs as a structured event stream, with consistent levels and correlation context, keeps them queryable for incidents while controlling volume and protecting sensitive data.

Sources

#logging#observability#structured-logging#privacy#reliability#code-review

Source citations

Add this badge to your README

Show that Structured Logging Review Rules is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/rules/structured-logging-review-rules.svg)](https://heyclau.de/entry/rules/structured-logging-review-rules)

How it compares

Structured Logging Review Rules side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field
Structured Logging Review Rules

Source-backed rules for reviewing application logging changes, covering structured machine-readable events, consistent levels, correlation and trace context, actionable messages, log volume and cost, and keeping secrets and personal data out of logs.

Open dossier
Third-Party API Resilience Review Rules

Source-backed rules for reviewing code that calls third-party or remote APIs, covering timeouts, bounded retries with backoff and jitter, idempotency, circuit breaking, rate-limit handling, graceful degradation, and privacy-safe failure logging.

Open dossier
AI-Generated Frontend Accessibility Review Rules

Source-backed rules for reviewing AI-generated frontend UI changes for accessibility before merge, with semantic HTML, keyboard paths, focus management, labels, automated scan limits, manual checks, and privacy-safe evidence.

Open dossier
AI-Generated Regex Safety Review Rules

Source-backed rules for reviewing AI-generated regular expressions before merge, covering catastrophic backtracking and ReDoS risk, input bounds, anchor and escaping correctness, validation versus parsing, safe engines, and privacy-safe test evidence.

Open dossier
Trust
Install riskReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
Brand
Categoryrulesrulesrulesrules
Sourcesource-backedsource-backedsource-backedsource-backed
Authorjaso0n0818jaso0n0818MkDev11jaso0n0818
Added2026-06-192026-06-192026-06-042026-06-19
Platforms
Claude Code
Claude Code
Claude Code
Claude Code
Source repo
Safety notesLogging in a hot path or inside a tight loop can dominate latency and overwhelm the log pipeline, turning observability into a performance and availability problem. High-cardinality fields and large payloads can explode log index size and cost, and can trip ingestion limits that drop later, more important logs. Removing or downgrading logs that incident responders rely on can make a future outage much harder to diagnose, so changes to error and audit logs deserve extra scrutiny.A remote call with no timeout can hang a request thread or worker indefinitely when the dependency is slow, cascading into resource exhaustion across the service. Unbounded or un-jittered retries can turn a brief dependency blip into a retry storm that overloads the dependency and the caller, a self-inflicted denial of service. Retrying a non-idempotent write without an idempotency key can duplicate charges, orders, emails, or records when the first attempt actually succeeded but the response was lost.AI-generated UI can silently replace semantic controls with divs, remove labels, hide focus indicators, break keyboard order, change error messaging, or add motion that affects users. Automated scans catch important classes of issues but do not prove that custom widgets, focus restoration, reading order, copy meaning, or assistive-technology behavior are correct. Browser automation and accessibility checks should run against local, preview, or staging environments with test accounts so forms, payments, messages, and destructive actions are not triggered in production.A vulnerable regular expression on untrusted input can hang a request thread or worker through catastrophic backtracking, causing a regular-expression denial of service that takes down availability. AI assistants often produce plausible-looking patterns with nested quantifiers or broad `.*` spans that pass simple cases but degrade to exponential time on crafted input. Running an unfamiliar pattern against large or adversarial input without a length bound or timeout can stall the reviewing process itself, so test in a sandbox with bounded input.
Privacy notesLogs frequently capture access tokens, passwords, API keys, session ids, full request and response bodies, emails, and other personal data when developers log whole objects. Do not paste raw log lines containing secrets or personal data into public PR comments; redact them and prefer synthetic examples. Be careful with logging frameworks that serialize entire objects, since they can silently copy sensitive fields into logs and downstream log stores.Request and response payloads for third-party APIs often carry access tokens, API keys, signed URLs, customer identifiers, and personal data. Do not log full request bodies, authorization headers, or raw error responses, and do not paste them into public PR comments; redact secrets and personal data first. Use synthetic accounts and test credentials when demonstrating failure handling, especially for payment, messaging, auth, or health integrations.Accessibility evidence can include screenshots, DOM text, accessible names, form values, labels, user content, network traces, browser storage, cookies, and test account data. Do not paste raw screenshots, traces, accessibility trees, DOM snapshots, customer names, private routes, or production form data into public PR comments without redaction. Use synthetic content and test accounts for accessibility examples, especially when reviewing auth, billing, dashboards, healthcare, education, or support flows.Regex test cases and match captures can contain emails, tokens, credentials, identifiers, or other personal data when the pattern targets real-world formats. Do not paste production log lines, real secrets, or customer identifiers into public PR comments as regex test evidence; use synthetic samples. Be careful with patterns that capture and log matched groups, since they can copy sensitive substrings into logs or error messages.
Prerequisites
  • A pull request or diff that adds, edits, or removes log statements, or that changes the logging library, format, levels, or configuration.
  • Knowledge of the logging stack in use, since structured output, level semantics, and context propagation differ between libraries and runtimes.
  • Awareness of where logs are shipped and retained, since volume, cost, and privacy exposure depend on the downstream log platform.
  • Permission to block merge when a change logs secrets or personal data, floods a hot path, or removes context needed to debug incidents.
  • A pull request or diff that adds or changes a call to a third-party, external, or remote service through HTTP, an SDK, a webhook, or a queued job.
  • Knowledge of the client library and runtime in use, since timeout, retry, and connection-pool defaults differ between HTTP clients and SDKs.
  • Awareness of whether the call is a read or a write, since write retries need idempotency while read retries mainly need bounds.
  • Permission to block merge when a remote call has no timeout, unbounded retries, a non-idempotent retried write, or credential leakage in logs.
  • A frontend pull request, patch, generated component, route, story, or visual diff with enough context to identify changed user flows.
  • Access to the project's accessibility target, component library conventions, design tokens, browser test command, and review environment.
  • A local, preview, or staging URL where keyboard checks and automated accessibility scans can run without touching production data.
  • Permission to block merge when generated UI removes accessibility semantics or when verification evidence is incomplete.
  • A pull request, diff, or snippet containing an AI-generated or AI-edited regular expression with enough context to know where it runs.
  • Knowledge of the regex engine and language in use, since backtracking behavior, supported syntax, and timeout options differ between engines.
  • A safe place to run the pattern against test input, such as a local script or sandbox, without sending real user data anywhere.
  • Permission to block merge when a pattern has unbounded backtracking risk on untrusted input or matches a wider set than intended.
Install
Config
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.