Context
The frontend currently uses raw console.* throughout. This was not the original intent; preference is a logger abstraction, not raw console.
All claims in this issue were verified against the current codebase, not asserted from memory:
grep console\.(log|error|warn|info|debug) web/src/: 76 occurrences across 21 filesglob web/src/**/logger*: no resultsgrep '"loglevel"' web/package.json: no matchgrep -R /api/health routes/: no match
Reference implementation
BoxVault (G:\Projects\BoxVault) already runs the intended pattern. Verified by reading:
frontend/src/utils/Logger.js (full file, in-repo)backend/app/controllers/health/info.js (full file, in-repo)frontend/package.json (dep line)- BoxVault's
app config YAML (the frontend_logging section is defined there, not hardcoded in JS)
Frontend side:
- Dep:
"loglevel": "^1.9.2"
- Wrapper:
frontend/src/utils/Logger.js — exports a log object with 6 categories (app, auth, api, file, component, error), each with methods trace/debug/info/warn/error.
- Call signature:
log.auth.info("message", { optional: "metadata" }) — two args, message is a plain string, metadata is an optional object.
- Auto-prefix:
[CATEGORY] (uppercase) prepended to every message.
- Lazy config: fetches
/api/health on first log call. Response includes frontend_logging: { enabled, level, categories: { app, auth, api, file, component } }. Calls issued before the fetch resolves are promise-buffered, not dropped.
- Silencing:
enabled: false in config → logger.setLevel("silent") → all categories silenced.
- Fallback: on
/api/health failure (network error, non-2xx, etc.), Logger uses a hardcoded dev config (all categories at debug) so dev ergonomics never depend on the backend being reachable.
Backend side:
/api/health endpoint returns { status, timestamp, version, environment, supported_languages, default_language, frontend_logging, services } — a full health check, not just the logging config.- Config source: a
frontend_logging section in BoxVault's app YAML config file (per-category level strings). The backend reads this via its config loader and exposes the resolved values through the health endpoint. Changing a category's level is a YAML edit + restart, no code change required.
- The endpoint also performs DB connectivity checks, storage/disk-usage checks, OIDC issuer pings, and optional SMTP disk-alert emails — these are BoxVault-specific and out of scope for armor's initial port.
Proposed scope
Frontend
Backend
Validation
Out of scope
- Backend logger changes — winston is already in place via
config/logger.js; not touched.
- Translation of log messages — dev-facing strings, not user-facing; separate discussion (and BoxVault does not translate its log messages either).
- BoxVault's full health-check (disk, OIDC probes, SMTP alerts) — open a follow-up issue if we want those.
References
- BoxVault Logger:
G:\Projects\BoxVault\frontend\src\utils\Logger.js
- BoxVault health endpoint:
G:\Projects\BoxVault\backend\app\controllers\health\info.js
- BoxVault frontend
package.json (for loglevel version pin)
- Current armor frontend console call sites:
grep -rn 'console\.\(log\|error\|warn\|info\|debug\)' web/src/ (76 / 21 files at time of filing)
Context
The frontend currently uses raw
console.*throughout. This was not the original intent; preference is a logger abstraction, not rawconsole.All claims in this issue were verified against the current codebase, not asserted from memory:
grep console\.(log|error|warn|info|debug) web/src/: 76 occurrences across 21 filesglob web/src/**/logger*: no resultsgrep '"loglevel"' web/package.json: no matchgrep -R /api/health routes/: no matchReference implementation
BoxVault (
G:\Projects\BoxVault) already runs the intended pattern. Verified by reading:frontend/src/utils/Logger.js(full file, in-repo)backend/app/controllers/health/info.js(full file, in-repo)frontend/package.json(dep line)appconfig YAML (thefrontend_loggingsection is defined there, not hardcoded in JS)Frontend side:
"loglevel": "^1.9.2"frontend/src/utils/Logger.js— exports alogobject with 6 categories (app,auth,api,file,component,error), each with methodstrace/debug/info/warn/error.log.auth.info("message", { optional: "metadata" })— two args, message is a plain string, metadata is an optional object.[CATEGORY](uppercase) prepended to every message./api/healthon first log call. Response includesfrontend_logging: { enabled, level, categories: { app, auth, api, file, component } }. Calls issued before the fetch resolves are promise-buffered, not dropped.enabled: falsein config →logger.setLevel("silent")→ all categories silenced./api/healthfailure (network error, non-2xx, etc.), Logger uses a hardcoded dev config (all categories atdebug) so dev ergonomics never depend on the backend being reachable.Backend side:
/api/healthendpoint returns{ status, timestamp, version, environment, supported_languages, default_language, frontend_logging, services }— a full health check, not just the logging config.frontend_loggingsection in BoxVault'sappYAML config file (per-category level strings). The backend reads this via its config loader and exposes the resolved values through the health endpoint. Changing a category's level is a YAML edit + restart, no code change required.Proposed scope
Frontend
"loglevel": "^1.9.2"toweb/package.jsondependenciesweb/src/utils/Logger.jsfrom the BoxVault reference — no shape changes (keep same 6 categories + method names for consistency across repos)console.*calls across the 21 frontend files with the appropriatelog.<category>.<level>()callno-consoleto the frontend ESLint config with an exception only forweb/src/utils/Logger.js(or wherever internal fallbacks are allowed)Backend
/api/healthendpoint to armor that returns at minimum{ status, timestamp, version, environment, frontend_logging: { enabled, level, categories } }. Defer BoxVault's full scope (disk checks, OIDC probes, SMTP alerting) to a follow-up issue unless explicitly requested.frontend_loggingsection topackaging/config/production-config.yamland the config template, matching BoxVault's per-category structureconfigLoader.getFrontendLoggingConfig()method; expose the resolved config via the health endpoint handlerValidation
no-consolerule activefrontend_logging.enabled: falsein config → no frontend log output at runtime; set an individual category toerror→ only errors visible for that category/api/healthfailure path: Logger falls back to dev defaults silently, app still functionsOut of scope
config/logger.js; not touched.References
G:\Projects\BoxVault\frontend\src\utils\Logger.jsG:\Projects\BoxVault\backend\app\controllers\health\info.jspackage.json(forloglevelversion pin)grep -rn 'console\.\(log\|error\|warn\|info\|debug\)' web/src/(76 / 21 files at time of filing)