Summary
Logs use console.log/warn/error directly with inconsistent prefixes, no structured format, and potential PII exposure.
Source
Code Reviewer + Adversarial Assessment
Locations
impl/mvp/src/holons/root.ts - 30+ console.log callsimpl/mvp/src/holons/adk/openrouter-llm.ts - 5+ console callsimpl/mvp/src/config.ts:18- Throughout tools/*.ts
Problems
- No filtering by log level
- No structured logging (JSON format)
- No log rotation or file output support
- Line prefixes inconsistent:
[root] vs [openrouter-llm] vs missing
- Error logs may contain PII (task descriptions, prompts)
Impact
- Debugging difficulty in production
- No log aggregation support (ELK, CloudWatch)
- Potential PII exposure in logs
- Can't filter noise from signal
Severity
Medium | Likelihood: Medium
Recommended Fix
// src/logging.ts
import pino from 'pino';
export const logger = pino({
level: process.env.LOG_LEVEL || 'info',
formatters: {
level: (label) => ({ level: label }),
},
redact: ['*.apiKey', '*.password', '*.token', 'prompt'],
});
// Usage
logger.info({ taskId, phase: 'PLAN', iteration }, 'Starting decomposition');
logger.error({ taskId, error: err.message }, 'Task failed');Benefits:
- Structured JSON output
- Level filtering
- PII redaction
- Correlation IDs
- Easy integration with log aggregators
Generated by HCA Architecture Assessment
Summary
Logs use
console.log/warn/errordirectly with inconsistent prefixes, no structured format, and potential PII exposure.Source
Code Reviewer + Adversarial Assessment
Locations
impl/mvp/src/holons/root.ts- 30+ console.log callsimpl/mvp/src/holons/adk/openrouter-llm.ts- 5+ console callsimpl/mvp/src/config.ts:18Problems
[root]vs[openrouter-llm]vs missingImpact
Severity
Medium | Likelihood: Medium
Recommended Fix
Benefits:
Generated by HCA Architecture Assessment