SLG-0004: OSLogHandler

Author: kukushechkin

Package.swift

@@ -8,6 +8,7 @@ let package = Package(
         .library(name: "Logging", targets: ["Logging"]),
         .library(name: "LoggingAttributes", targets: ["LoggingAttributes"]),
         .library(name: "InMemoryLogging", targets: ["InMemoryLogging"]),
+        .library(name: "OSLogHandler", targets: ["OSLogHandler"]),
     ],
     traits: [
         .trait(name: "MaxLogLevelDebug", description: "Debug and above available (compiles out trace)"),
@@ -40,6 +41,10 @@ let package = Package(
             name: "InMemoryLogging",
             dependencies: ["Logging"]
         ),
+        .target(
+            name: "OSLogHandler",
+            dependencies: ["Logging", "LoggingAttributes"]
+        ),
         .testTarget(
             name: "LoggingTests",
             dependencies: ["Logging"]
@@ -52,6 +57,10 @@ let package = Package(
             name: "InMemoryLoggingTests",
             dependencies: ["InMemoryLogging", "Logging"]
         ),
+        .testTarget(
+            name: "OSLogHandlerTests",
+            dependencies: ["OSLogHandler", "Logging", "LoggingAttributes"]
+        ),
     ]
 )
 

Package@swift-6.1.swift

@@ -8,6 +8,7 @@ let package = Package(
         .library(name: "Logging", targets: ["Logging"]),
         .library(name: "LoggingAttributes", targets: ["LoggingAttributes"]),
         .library(name: "InMemoryLogging", targets: ["InMemoryLogging"]),
+        .library(name: "OSLogHandler", targets: ["OSLogHandler"]),
     ],
     traits: [
         .trait(name: "MaxLogLevelDebug", description: "Debug and above available (compiles out trace)"),
@@ -40,6 +41,10 @@ let package = Package(
             name: "InMemoryLogging",
             dependencies: ["Logging"]
         ),
+        .target(
+            name: "OSLogHandler",
+            dependencies: ["Logging", "LoggingAttributes"]
+        ),
         .testTarget(
             name: "LoggingTests",
             dependencies: ["Logging"]
@@ -52,6 +57,10 @@ let package = Package(
             name: "InMemoryLoggingTests",
             dependencies: ["InMemoryLogging", "Logging"]
         ),
+        .testTarget(
+            name: "OSLogHandlerTests",
+            dependencies: ["OSLogHandler", "Logging", "LoggingAttributes"]
+        ),
     ]
 )
 

Sources/OSLogHandler/OSLogHandler.docc/OSLogHandler.md

@@ -0,0 +1,75 @@
+# ``OSLogHandler``
+
+A sensitivity-aware log handler that uses Apple's unified logging system (os.Logger).
+
+## Overview
+
+`OSLogHandler` integrates swift-log with Apple's unified logging system, providing native OSLog privacy support for
+metadata values. The handler automatically redacts sensitive metadata in production logs while maintaining full
+visibility during development.
+
+## Output Format
+
+The handler formats log messages with metadata followed by a suffix indicating which keys contain sensitive values:
+
+### Production Logs
+
+In production environments (Console.app, non-debug builds), sensitive metadata is completely redacted:
+
+```
+Login successful action=password timestamp=2025-01-21 <private> (key user.id is marked private)
+```
+
+The `<private>` marker replaces all sensitive metadata. The suffix tells you which keys were redacted.
+
+### Debug Builds
+
+In debug builds, all values are visible for troubleshooting:
+
+```
+Login successful action=password timestamp=2025-01-21 user.id=12345 (key user.id is marked private)
+```
+
+### Multiple Sensitive Keys
+
+When multiple keys are marked sensitive, the suffix uses plural form:
+
+```
+User action action=login <private> (keys session.token, user.id are marked private)
+```
+
+In debug: `User action action=login session.token=secret user.id=12345 (keys session.token, user.id are marked private)`
+
+## Usage
+
+Create an `OSLogHandler` with your app's subsystem and category:
+
+```swift
+import Logging
+import LoggingAttributes
+import OSLogHandler
+
+let handler = OSLogHandler(subsystem: "com.example.myapp", category: "authentication")
+let logger = Logger(label: "auth") { _ in handler }
+
+let userId = "12345"
+logger.info("Login successful", attributedMetadata: [
+    "user.id": "\(userId, sensitivity: .sensitive)",
+    "action": "\("password", sensitivity: .public)",
+])
+```
+
+## Sensitivity Behavior
+
+- **`.sensitive` metadata**: Redacted as `<private>` in production logs via OSLog's native privacy annotations
+- **`.public` metadata**: Always visible
+- **Plain metadata**: Treated as `.public` by default
+
+The `(keys ... are marked private)` suffix makes it easy to identify which data is sensitive at a glance, even when
+values are redacted in production.
+
+## Topics
+
+### Creating a Handler
+
+- ``OSLogHandler/init(subsystem:category:)``

Sources/OSLogHandler/OSLogHandler.swift

@@ -0,0 +1,171 @@
+//===----------------------------------------------------------------------===//
+//
+// This source file is part of the Swift Logging API open source project
+//
+// Copyright (c) 2018-2025 Apple Inc. and the Swift Logging API project authors
+// Licensed under Apache License v2.0
+//
+// See LICENSE.txt for license information
+// See CONTRIBUTORS.txt for the list of Swift Logging API project authors
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+//===----------------------------------------------------------------------===//
+
+#if canImport(os)
+public import Logging
+import LoggingAttributes
+import os
+
+/// A redaction-aware log handler that uses Apple's unified logging system (os.Logger).
+///
+/// This handler leverages OSLog's native privacy support to automatically redact
+/// metadata values marked with `.sensitive` when viewing logs outside of
+/// development environments.
+///
+/// ## Features
+///
+/// - **Native Privacy Support**: Uses OSLog's `privacy: .private` and `privacy: .public` annotations
+/// - **System Integration**: Logs appear in Console.app and can be viewed with `log` command
+/// - **Performance**: Zero-cost when logging is disabled at the system level
+/// - **Subsystem Organization**: Groups logs by subsystem and category for better filtering
+///
+/// ## Usage
+///
+/// ```swift
+/// let handler = OSLogHandler(subsystem: "com.example.myapp", category: "network")
+/// let logger = Logger(label: "network") { _ in handler }
+///
+/// let userId = "12345"
+/// logger.info("User logged in", metadata: [
+///     "user.id": "\(userId, sensitivity: .sensitive)",
+///     "action": "\(\"login\", sensitivity: .public)"
+/// ])
+/// ```
+///
+/// ## Redaction Behavior
+///
+/// - `.sensitive` metadata -> OSLog `privacy: .private` (redacted as `<private>` in logs)
+/// - `.public` metadata -> OSLog `privacy: .public` (always visible)
+/// - Plain metadata -> Treated as `.public` by default
+@available(macOS 11.0, iOS 14.0, tvOS 14.0, watchOS 7.0, *)
+public struct OSLogHandler: LogHandler {
+    private var osLogger: os.Logger
+
+    public var metadata: Logging.Logger.Metadata = [:]
+    public var metadataProvider: Logging.Logger.MetadataProvider?
+    public var logLevel: Logging.Logger.Level = .info
+
+    /// Controls whether to append a suffix listing redacted keys.
+    public var showRedactedKeysList: Bool = true
+
+    /// Creates an OSLog handler with the specified subsystem and category.
+    public init(subsystem: String, category: String) {
+        self.osLogger = os.Logger(subsystem: subsystem, category: category)
+    }
+
+    public func log(event: LogEvent) {
+        var merged = self.metadata
+
+        if let provider = self.metadataProvider {
+            let provided = provider.get()
+            merged.merge(provided, uniquingKeysWith: { _, rhs in rhs })
+        }
+
+        if let eventMetadata = event.metadata {
+            merged.merge(eventMetadata, uniquingKeysWith: { _, rhs in rhs })
+        }
+
+        if let error = event.error {
+            if merged["error.message"] == nil {
+                merged["error.message"] = "\(error)"
+            }
+            if merged["error.type"] == nil {
+                merged["error.type"] = "\(String(reflecting: type(of: error)))"
+            }
+        }
+
+        if merged.isEmpty {
+            self.osLogger.log(level: self.mapLogLevel(event.level), "\(event.message.description)")
+        } else if merged.contains(where: { $0.value.attributes.sensitivity == .sensitive }) {
+            self.logToOSLogWithRedaction(level: event.level, message: event.message, metadata: merged)
+        } else {
+            let metadataString = merged.sorted(by: { $0.key < $1.key })
+                .map { "\($0.key)=\($0.value)" }
+                .joined(separator: " ")
+            self.osLogger.log(
+                level: self.mapLogLevel(event.level),
+                "\(event.message.description) \(metadataString, privacy: .public)"
+            )
+        }
+    }
+
+    public subscript(metadataKey key: String) -> Logging.Logger.Metadata.Value? {
+        get { self.metadata[key] }
+        set { self.metadata[key] = newValue }
+    }
+
+    // MARK: - Private Helpers
+
+    private func logToOSLogWithRedaction(
+        level: Logging.Logger.Level,
+        message: Logging.Logger.Message,
+        metadata: Logging.Logger.Metadata
+    ) {
+        let osLogType = self.mapLogLevel(level)
+
+        let publicMetadata = metadata.filter { $0.value.attributes.sensitivity != .sensitive }
+        let redactedMetadata = metadata.filter { $0.value.attributes.sensitivity == .sensitive }
+
+        let redactedKeysSuffix = self.showRedactedKeysList ? self.formatRedactedKeysSuffix(redactedMetadata) : ""
+
+        let publicString = self.formatMetadataValues(publicMetadata)
+        let redactedString = self.formatMetadataValues(redactedMetadata)
+
+        switch (!publicString.isEmpty, !redactedString.isEmpty) {
+        case (true, true):
+            self.osLogger.log(
+                level: osLogType,
+                "\(message.description) \(publicString, privacy: .public) \(redactedString, privacy: .private)\(redactedKeysSuffix, privacy: .public)"
+            )
+        case (true, false):
+            self.osLogger.log(level: osLogType, "\(message.description) \(publicString, privacy: .public)")
+        case (false, true):
+            self.osLogger.log(
+                level: osLogType,
+                "\(message.description) \(redactedString, privacy: .private)\(redactedKeysSuffix, privacy: .public)"
+            )
+        case (false, false):
+            self.osLogger.log(level: osLogType, "\(message.description)")
+        }
+    }
+
+    private func mapLogLevel(_ level: Logging.Logger.Level) -> OSLogType {
+        switch level {
+        case .trace: return .debug
+        case .debug: return .debug
+        case .info: return .info
+        case .notice: return .default
+        case .warning: return .error
+        case .error: return .error
+        case .critical: return .fault
+        }
+    }
+
+    private func formatMetadataValues(_ metadata: Logging.Logger.Metadata) -> String {
+        metadata
+            .sorted(by: { $0.key < $1.key })
+            .map { "\($0.key)=\($0.value)" }
+            .joined(separator: " ")
+    }
+
+    private func formatRedactedKeysSuffix(_ metadata: Logging.Logger.Metadata) -> String {
+        if metadata.isEmpty { return "" }
+        let keys = metadata.keys.sorted().joined(separator: ", ")
+        let keyWord = metadata.count == 1 ? "key" : "keys"
+        let isWord = metadata.count == 1 ? "is" : "are"
+        return " (\(keyWord) \(keys) \(isWord) marked private)"
+    }
+}
+
+#endif