Skip to content

Persistent structured audit log (.crane-audit.log) #297

Description

@stillalearner

Title

feat(audit): always-on persistent structured log file

Output: what changes

Today — all log output goes to stderr only. When the terminal closes, it's gone.

After this issue — every crane invocation also writes a JSON Lines log file:

$ crane export -n my-app -e ./export
... (normal console output) ...

$ cat .crane-audit.log
{"ts":"2026-04-18T14:32:01.123Z","level":"info","cmd":"export","msg":"Starting export","namespace":"my-app"}
{"ts":"2026-04-18T14:32:01.456Z","level":"info","cmd":"export","msg":"Discovered 127 API resource types"}
{"ts":"2026-04-18T14:32:02.789Z","level":"warn","cmd":"export","msg":"Cannot list resource","kind":"ConfigMap","error":"Forbidden"}
{"ts":"2026-04-18T14:32:12.345Z","level":"info","cmd":"export","msg":"Export complete","exported":47,"failed":2,"duration":"11.2s"}

The file captures all log levels (including Debug) regardless of console verbosity. Support engineers get full detail without needing --debug.

Description

Context

Console logs are ephemeral. Support cases require log replay. The audit log is a logrus Hook attached in GetLogger() that writes every log entry as a JSON Lines file. It is always active — --audit-log exists only to override the default path.

User outcome

  • Every run produces a persistent, grep-able, jq-parseable log file.
  • No existing command code needs changes — the hook captures automatically.

Scope

  • Implement logrus file hook in internal/audit/audit_logger.go.
  • Attach hook in GetLogger() (always-on).
  • Add --audit-log flag for path override (default: .crane-audit.log).

Acceptance criteria

  • Every crane export/transform/apply run creates .crane-audit.log (or custom path via --audit-log).
  • Log file is JSON Lines format — one JSON object per line.
  • File captures all log levels including Debug even when console is at Info.
  • Append mode — successive runs in the same directory append, not overwrite.
  • go test ./... passes.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Todo

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions