From a2c5a1222a319923069f3ec1bec768e58528ddda Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sun, 19 Apr 2026 05:18:29 +0000
Subject: [PATCH] Add debug logging to cmd/proxy.go

Adds 5 new logProxyCmd debug log calls to improve troubleshooting of
the proxy subcommand:

- Log proxy server creation parameters (guard path, policy presence,
  DIFC mode, trusted bot/user counts) before proxy.New
- Log successful proxy server creation
- Log HTTP server creation with TLS state
- Log when TLS configuration is applied to the HTTP server
- Log TLS trust environment setup (CA cert path and env vars being set)
- Log successful TLS trust environment configuration

These debug logs are controlled by DEBUG=cmd:proxy and write to both
stderr (colorized, with time diffs) and the gateway log file.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 internal/cmd/proxy.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/internal/cmd/proxy.go b/internal/cmd/proxy.go
index 016a38c6..72782765 100644
--- a/internal/cmd/proxy.go
+++ b/internal/cmd/proxy.go
@@ -203,6 +203,8 @@ func runProxy(cmd *cobra.Command, args []string) error {
 	logProxyCmd.Printf("Resolved GitHub API URL: %s, explicit flag=%v", apiURL, proxyAPIURL != "")
 
 	// Create the proxy server
+	logProxyCmd.Printf("Creating proxy server: guard=%s, hasPolicy=%v, mode=%s, trustedBots=%d, trustedUsers=%d",
+		proxyGuardWasm, proxyPolicy != "", proxyDIFCMode, len(proxyTrustedBots), len(proxyTrustedUsers))
 	proxySrv, err := proxy.New(ctx, proxy.Config{
 		WasmPath:     proxyGuardWasm,
 		Policy:       proxyPolicy,
@@ -215,6 +217,7 @@ func runProxy(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return fmt.Errorf("failed to create proxy server: %w", err)
 	}
+	logProxyCmd.Printf("Proxy server created successfully")
 
 	// Generate TLS certificates if requested
 	var tlsCfg *proxy.TLSConfig
@@ -235,11 +238,13 @@ func runProxy(cmd *cobra.Command, args []string) error {
 	}
 
 	// Create the HTTP server
+	logProxyCmd.Printf("Creating HTTP server: addr=%s, tls=%v", proxyListen, tlsCfg != nil)
 	httpServer := &http.Server{
 		Addr:    proxyListen,
 		Handler: proxySrv.Handler(),
 	}
 	if tlsCfg != nil {
+		logProxyCmd.Printf("Applying TLS configuration to HTTP server")
 		httpServer.TLSConfig = tlsCfg.Config
 	}
 
@@ -318,10 +323,12 @@ func configureTLSTrustEnvironment(caCertPath string) error {
 		return fmt.Errorf("invalid TLS CA cert path contains newline")
 	}
 
+	logProxyCmd.Printf("Configuring TLS trust environment: caCertPath=%s, envVars=%v", caCertPath, tlsTrustEnvKeys)
 	for _, key := range tlsTrustEnvKeys {
 		if err := os.Setenv(key, caCertPath); err != nil {
 			return fmt.Errorf("failed to set %s: %w", key, err)
 		}
 	}
+	logProxyCmd.Printf("TLS trust environment configured successfully: %d env vars set", len(tlsTrustEnvKeys))
 	return nil
 }