feat: structured logging audit — request IDs, log levels, and console.error migration

Add request ID middleware (X-Request-Id header), LOG_LEVEL env var filtering,
request duration tracking for slow/failed requests, and migrate all 34 server
files from raw console.error to structured logger with userId/requestId context.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: InfantLab

app/server/api/entries/[id].delete.ts

@@ -2,6 +2,9 @@ import { defineEventHandler, getRouterParam, createError } from "h3";
 import { db } from "~/server/db";
 import { entries } from "~/server/db/schema";
 import { eq, and } from "drizzle-orm";
+import { createLogger } from "~/server/utils/logger";
+
+const logger = createLogger("api:entries:delete");
 
 export default defineEventHandler(async (event) => {
   try {
@@ -49,7 +52,7 @@ export default defineEventHandler(async (event) => {
 
     return { success: true, id };
   } catch (error: unknown) {
-    console.error("Failed to delete entry:", error);
+    logger.error("Failed to delete entry", error, { entryId: id });
 
     if (error && typeof error === "object" && "statusCode" in error) {
       throw error;

app/server/api/newsletter/subscribe.post.ts

@@ -1,6 +1,9 @@
 import { eq } from "drizzle-orm";
 import { db } from "~/server/db";
 import { newsletterSubscribers } from "~/server/db/schema";
+import { createLogger } from "~/server/utils/logger";
+
+const logger = createLogger("api:newsletter");
 
 /**
  * POST /api/newsletter/subscribe
@@ -84,7 +87,7 @@ export default defineEventHandler(async (event) => {
       message: "Thanks for subscribing!",
     };
   } catch (error) {
-    console.error("Newsletter subscription error:", error);
+    logger.error("Newsletter subscription error", error, { email });
     throw createError({
       statusCode: 500,
       message: "Something went wrong. Please try again.",

app/server/api/v1/auth/keys.get.ts

@@ -8,6 +8,9 @@
 
 import { success, apiError } from "~/server/utils/response";
 import { listApiKeys } from "~/server/utils/api-key";
+import { createLogger } from "~/server/utils/logger";
+
+const logger = createLogger("api:v1:auth:keys:list");
 
 export default defineEventHandler(async (event) => {
   const auth = event.context['auth']!;
@@ -34,7 +37,7 @@ export default defineEventHandler(async (event) => {
     // Return success response
     return success(event, keys);
   } catch (error) {
-    console.error("Error listing API keys:", error);
+    logger.error("Error listing API keys", error instanceof Error ? error : new Error(String(error)), { userId: event.context.user?.id, requestId: event.context.requestId });
     throw createError(
       apiError(
         event,

app/server/api/v1/auth/keys.post.ts

@@ -9,8 +9,11 @@
 import { z } from "zod";
 import { created, apiError, validationError } from "~/server/utils/response";
 import { createApiKey } from "~/server/utils/api-key";
+import { createLogger } from "~/server/utils/logger";
 import type { Permission } from "~/types/api";
 
+const logger = createLogger("api:v1:auth:keys:create");
+
 // Validation schema for API key creation
 const createKeySchema = z.object({
   name: z.string().min(1).max(100),
@@ -88,7 +91,7 @@ export default defineEventHandler(async (event) => {
         "Save this API key now. You won't be able to see it again. If you lose it, you'll need to generate a new one.",
     });
   } catch (error: unknown) {
-    console.error("Error creating API key:", error);
+    logger.error("Error creating API key", error instanceof Error ? error : new Error(String(error)), { userId: event.context.user?.id, requestId: event.context.requestId });
 
     // Surface useful detail for common failures
     const message =

app/server/api/v1/auth/keys/[id].delete.ts

@@ -8,6 +8,9 @@
 
 import { success, apiError } from "~/server/utils/response";
 import { revokeApiKey } from "~/server/utils/api-key";
+import { createLogger } from "~/server/utils/logger";
+
+const logger = createLogger("api:v1:auth:keys:delete");
 
 export default defineEventHandler(async (event) => {
   const auth = event.context['auth']!;
@@ -42,7 +45,7 @@ export default defineEventHandler(async (event) => {
     // Return success response
     return success(event, { id: keyId }, { revoked: true });
   } catch (error) {
-    console.error("Error revoking API key:", error);
+    logger.error("Error revoking API key", error instanceof Error ? error : new Error(String(error)), { userId: event.context.user?.id, requestId: event.context.requestId });
     throw createError(
       apiError(
         event,

app/server/api/v1/entries/[id].delete.ts

@@ -10,6 +10,9 @@ import { requirePermission } from "~/server/utils/permissions";
 import { success, apiError } from "~/server/utils/response";
 import { deleteEntry } from "~/server/services/entries";
 import { triggerWebhooks } from "~/server/services/webhooks";
+import { createLogger } from "~/server/utils/logger";
+
+const logger = createLogger("api:v1:entries:delete");
 
 export default defineEventHandler(async (event) => {
   // Require entries:write permission
@@ -41,7 +44,7 @@ export default defineEventHandler(async (event) => {
     triggerWebhooks(userId, "entry.deleted", {
       id: entryId,
     }).catch((error) => {
-      console.error("Error triggering webhooks:", error);
+      logger.error("Error triggering webhooks", error instanceof Error ? error : new Error(String(error)), { userId: event.context.user?.id, requestId: event.context.requestId });
     });
 
     // Return success response
@@ -52,7 +55,7 @@ export default defineEventHandler(async (event) => {
       throw error;
     }
 
-    console.error("Error deleting entry:", error);
+    logger.error("Error deleting entry", error instanceof Error ? error : new Error(String(error)), { userId: event.context.user?.id, requestId: event.context.requestId });
     throw createError(
       apiError(
         event,

app/server/api/v1/entries/[id].get.ts

@@ -10,6 +10,9 @@ import { requirePermission } from "~/server/utils/permissions";
 import { success, apiError, notFound } from "~/server/utils/response";
 import { getEntryById } from "~/server/services/entries";
 import { computeContentHash } from "~/server/utils/contentHash";
+import { createLogger } from "~/server/utils/logger";
+
+const logger = createLogger("api:v1:entries:get");
 
 export default defineEventHandler(async (event) => {
   // Require entries:read permission
@@ -46,7 +49,7 @@ export default defineEventHandler(async (event) => {
       throw error;
     }
 
-    console.error("Error fetching entry:", error);
+    logger.error("Error fetching entry", error instanceof Error ? error : new Error(String(error)), { userId: event.context.user?.id, requestId: event.context.requestId });
     throw createError(
       apiError(
         event,

app/server/api/v1/entries/[id].patch.ts

@@ -11,6 +11,9 @@ import { requirePermission } from "~/server/utils/permissions";
 import { success, apiError, notFound, validationError } from "~/server/utils/response";
 import { updateEntry } from "~/server/services/entries";
 import { triggerWebhooks } from "~/server/services/webhooks";
+import { createLogger } from "~/server/utils/logger";
+
+const logger = createLogger("api:v1:entries:update");
 
 // Schema for partial updates (all fields optional except what's not updatable)
 const updateSchema = z.object({
@@ -79,7 +82,7 @@ export default defineEventHandler(async (event) => {
       timestamp: entry.timestamp,
       updates,
     }).catch((error) => {
-      console.error("Error triggering webhooks:", error);
+      logger.error("Error triggering webhooks", error instanceof Error ? error : new Error(String(error)), { userId: event.context.user?.id, requestId: event.context.requestId });
     });
 
     // Return success response
@@ -90,7 +93,7 @@ export default defineEventHandler(async (event) => {
       throw error;
     }
 
-    console.error("Error updating entry:", error);
+    logger.error("Error updating entry", error instanceof Error ? error : new Error(String(error)), { userId: event.context.user?.id, requestId: event.context.requestId });
     throw createError(
       apiError(
         event,

app/server/api/v1/entries/bulk.post.ts

@@ -14,8 +14,11 @@ import {
   bulkUpdateEntries,
   bulkDeleteEntries,
 } from "~/server/services/entries";
+import { createLogger } from "~/server/utils/logger";
 import type { NewEntry } from "~/server/db/schema";
 
+const logger = createLogger("api:v1:entries:bulk");
+
 // Schema for entry data (same as POST /entries)
 const entryDataSchema = z.object({
   type: z.string().min(1),
@@ -210,7 +213,7 @@ export default defineEventHandler(async (event) => {
       results,
     });
   } catch (error) {
-    console.error("Error performing bulk operations:", error);
+    logger.error("Error performing bulk operations", error instanceof Error ? error : new Error(String(error)), { userId: event.context.user?.id, requestId: event.context.requestId });
     throw createError(
       apiError(
         event,

app/server/api/v1/entries/index.get.ts

@@ -11,8 +11,11 @@ import { requirePermission } from "~/server/utils/permissions";
 import { paginated, apiError, validationError } from "~/server/utils/response";
 import { getEntries } from "~/server/services/entries";
 import { computeContentHash } from "~/server/utils/contentHash";
+import { createLogger } from "~/server/utils/logger";
 import type { EntryQueryParams } from "~/types/api";
 
+const logger = createLogger("api:v1:entries:list");
+
 // Query parameter validation schema
 const querySchema = z.object({
   // Date filters
@@ -89,7 +92,7 @@ export default defineEventHandler(async (event) => {
       queryParams.offset ?? 0,
     );
   } catch (error) {
-    console.error("Error fetching entries:", error);
+    logger.error("Error fetching entries", error instanceof Error ? error : new Error(String(error)), { userId: event.context.user?.id, requestId: event.context.requestId });
     throw createError(
       apiError(
         event,