fix: logs noise

[RambokDev]

Summary by CodeRabbit

• New Features

  • Added configurable LOG_LEVEL with default set to info.
  • Integrated Mailpit service for local email testing.

• Improvements

  • Improved admin settings page error handling and redirects.
  • Wider structured logging and level-filtered request logging for clearer diagnostics.

• Chores

  • Updated dev tooling versions and package manager.
  • Expanded ignore paths and workspace build configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds LOG_LEVEL-driven pino configuration, replaces ad-hoc console logging with module-scoped structured loggers, gates middleware API logging by severity, downgrades/adjusts several log levels, and updates development infra (mailpit) plus workspace/package metadata.

Changes

Logging Infrastructure & Module Adoption

Layer / File(s)	Summary
Logger configuration with LOG_LEVEL support .env.example, src/lib/logger.ts, package.json	Introduces LOG_LEVEL documented in .env.example, computes a default level from NODE_ENV, and applies it to pino; records pnpm and postcss package metadata updates.
Request middleware with severity-based logging src/middleware/loggingMiddleware.ts	Middleware parses LOG_LEVEL and conditionally logs API requests by severity (status pings = debug, other /api = info), skipping logs below the configured threshold.
Structured logging adoption across business modules src/lib/auth/auth.ts, src/features/storages/dispatch.ts, src/features/upload/public/upload.action.ts, src/components/wrappers/dashboard/projects/button-delete-project/delete-project.action.ts, src/lib/tasks/cleaning/index.ts, src/lib/tasks/index.ts	Replaces console.* with module-scoped logger.child(...) calls and structured log.debug/log.error usage; several info logs were downgraded to debug.
Page and API route logging integration app/(customer)/dashboard/(admin)/admin/settings/page.tsx, app/api/agent/[agentId]/status/route.ts	Settings page uses a child logger and adds an explicit notFound() guard when required data is missing; agent status route log reduced from info to debug.
Infrastructure and workspace updates docker-compose.yml, .gitignore, pnpm-workspace.yaml	Adds Mailpit service for SMTP/web UI, normalizes db healthcheck formatting, extends .gitignore with AI-tooling and /docs, and adds allowBuilds entries to pnpm-workspace.yaml.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Portabase/portabase#238: Overlapping changes to agent status route logging verbosity.
• Portabase/portabase#236: Related pino logger refactor and LOG_LEVEL configuration.

Poem

🐰 I hopped through logs, swapped console for pino bright,
child loggers snug, and levels set just right.
Mailpit hums, healthchecks neat and trim,
Quiet debug nights — the app’s logging hymn. 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: logs noise' accurately captures the main objective of this PR, which implements logging level management to reduce noise in production environments.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/log-noise

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 6

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@app/`(customer)/dashboard/(admin)/admin/settings/page.tsx:
- Line 20: The current log.debug call is emitting the full settings object
(log.debug({settings}, "Settings loaded")), which may leak sensitive
configuration; update the call to avoid serializing the full settings and
instead log only minimal metadata (e.g., settings id, name, or a boolean
presence flag). Locate the log.debug usage and replace the payload with a
minimal object such as {settingsId: settings?.id, hasSettings: !!settings} or
simply log a message with hasSettings boolean, ensuring functions/variables
referenced remain log.debug and settings so the change is localized.

In `@docker-compose.yml`:
- Line 36: The docker-compose service is using the floating image tag
"axllent/mailpit:latest"; update the image reference in docker-compose.yml to a
pinned, immutable tag or digest (e.g., replace "axllent/mailpit:latest" with a
specific version like "axllent/mailpit:<version>" or a sha256 digest) to ensure
reproducible environments and consistent behavior across machines; locate the
line containing the image declaration "axllent/mailpit:latest" and change it,
and update any docs or environment notes that reference using the latest tag.
- Line 15: The YAML lint failure is due to extra spaces inside the inline list
for the healthcheck/test entry; edit the `test` value (the inline list
containing "CMD-SHELL" and "pg_isready -U devuser -d devdb") to remove the
spaces inside the square brackets so it becomes a compact inline list (e.g.,
["CMD-SHELL","pg_isready -U devuser -d devdb"]) to satisfy YAMLlint.

In `@src/lib/logger.ts`:
- Around line 4-5: Replace the unsafe cast of LOG_LEVEL to pino.Level by
validating process.env.LOG_LEVEL at startup: create a constant array of valid
levels ["fatal","error","warn","info","debug","trace"], compute const levelStr =
process.env.LOG_LEVEL ?? defaultLevel, check if levelStr is in that array, and
if so set const level = levelStr as pino.Level; otherwise log/throw a clear
startup error and fall back to defaultLevel (matching the pattern used in
loggingMiddleware.ts) so invalid values are rejected or handled before passing
to pino.

In `@src/middleware/loggingMiddleware.ts`:
- Line 18: Replace the console.log call in loggingMiddleware.ts with the
project's pino logger: import the shared "logger" symbol at the top of the file,
then change the line that calls console.log(`[API] Received ${request.method}
request : ${request.url} at ${new Date()}`) to use logger.info (or appropriate
level) with structured fields, e.g. logger.info({ method: request.method, url:
request.url, time: new Date() }, 'API request received'); ensure you remove the
console.log reference and export/usage of the middleware remains unchanged.
- Around line 3-8: The LOG_LEVELS/LogLevel parsing in loggingMiddleware.ts
duplicates logic already in src/lib/logger.ts; remove the local constants
(LOG_LEVELS, LogLevel, raw, _idx, LEVEL_INDEX) and import the shared helper
(e.g., getConfiguredLevelIndex or similar exported function) from logger.ts,
then replace uses of LEVEL_INDEX with the imported helper's result so the
middleware relies on the single source of truth for log-level parsing.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: c5a8c2b6-5a8f-46c0-9e76-8858ff8c7abd

📥 Commits

Reviewing files that changed from the base of the PR and between ddce51d and 18df92e.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (15)

• .env.example
• .gitignore
• app/(customer)/dashboard/(admin)/admin/settings/page.tsx
• app/(landing)/page.tsx
• app/api/agent/[agentId]/status/route.ts
• docker-compose.yml
• package.json
• src/components/wrappers/dashboard/projects/button-delete-project/delete-project.action.ts
• src/features/storages/dispatch.ts
• src/features/upload/public/upload.action.ts
• src/lib/auth/auth.ts
• src/lib/logger.ts
• src/lib/tasks/cleaning/index.ts
• src/lib/tasks/index.ts
• src/middleware/loggingMiddleware.ts

💤 Files with no reviewable changes (1)

• app/(landing)/page.tsx

📜 Review details

🧰 Additional context used

🪛 YAMLlint (1.38.0)

docker-compose.yml

[error] 15-15: too many spaces inside brackets

(brackets)

---

[error] 15-15: too many spaces inside brackets

(brackets)

🔇 Additional comments (19)

.gitignore (1)

58-61: LGTM!

.env.example (1)

4-9: LGTM!

src/lib/auth/auth.ts (4)

25-27: LGTM!

---

443-443: LGTM!

---

474-480: LGTM!

---

787-787: LGTM!

src/features/storages/dispatch.ts (2)

14-16: LGTM!

---

109-109: LGTM!

src/features/upload/public/upload.action.ts (3)

3-3: LGTM!

Also applies to: 14-14

---

32-37: LGTM!

---

73-73: LGTM!

src/components/wrappers/dashboard/projects/button-delete-project/delete-project.action.ts (2)

4-4: LGTM!

Also applies to: 8-8, 12-13

---

57-57: LGTM!

package.json (2)

131-131: ⚡ Quick win

Postcss version pinning confirmed.

The pinning of postcss to 8.5.10 (exact version) is valid—this version exists on npm. Ensure this explicit pinning aligns with your project's reproducibility requirements.

---

139-139: ⚡ Quick win

pnpm@11.1.2 version verified.

The upgrade from pnpm@10.33.0 to pnpm@11.1.2 is legitimate. The version exists as a stable release (published 2026-05-14), and the integrity hash is correct and matches the official npm distribution.

src/lib/tasks/cleaning/index.ts (1)

17-17: LGTM!

Also applies to: 27-27

src/lib/tasks/index.ts (1)

25-25: LGTM!

app/(customer)/dashboard/(admin)/admin/settings/page.tsx (1)

4-12: LGTM!

Also applies to: 39-39, 51-52

app/api/agent/[agentId]/status/route.ts (1)

34-34: LGTM!

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pnpm-workspace.yaml`:
- Around line 1-14: Remove the legacy pnpm v10 keys `ignoredBuiltDependencies`
and `onlyBuiltDependencies` from pnpm-workspace.yaml since pnpm v11 no longer
supports them; keep the `allowBuilds` mapping as the source of truth (e.g.,
`allowBuilds.node-pty: true`) and delete the legacy entries that conflict (such
as any `ignoredBuiltDependencies: node-pty` or `onlyBuiltDependencies` blocks)
so the workspace config is not carrying dead/ignored keys.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: cc6afb59-7ff9-4010-9f7c-01c7ea4442d3

📥 Commits

Reviewing files that changed from the base of the PR and between 18df92e and b752d94.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• pnpm-workspace.yaml

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-and-test

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Line 139: package.json currently pins "packageManager" to pnpm@11.1.2 which
introduces breaking changes; update CI/dev environments to Node.js 22+, run the
pnpm-v10-to-v11 codemod to migrate configuration, move settings like
hoist-pattern/node-linker from .npmrc into pnpm-workspace.yaml or global
config.yaml (leave auth/registry in .npmrc), rename environment variables and
workflow references from npm_config_* to pnpm_config_, update CLI usages (remove
any use of pnpm server, replace pnpm install -g with pnpm add -g, and audit code
relying on pnpm link/global store behavior), and account for the new
minimum-release-age (24h) in dependency resolution; test CI and local dev after
these changes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9b3e6fac-98dc-4c93-bd52-21f4087abe74

📥 Commits

Reviewing files that changed from the base of the PR and between b752d94 and a5fe522.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• package.json

📜 Review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-and-test

🔇 Additional comments (1)

package.json (1)

19-20: LGTM!