starknet_transaction_prover: per-request structured log with request-id

[avi-starkware]

Adds RequestLogLayer that emits one event="http_request" log line per
request with request_id, method, path, status, and latency_ms. The id is
accepted from x-request-id or generated as a 128-bit random hex string,
and is echoed back on the response so callers can quote it. No request
body bytes are inspected (transaction calldata is private user data).

Co-Authored-By: Claude Opus 4.7 (1M context) noreply@anthropic.com

[cursor]

PR Summary

Medium Risk
Changes the public HTTP edge and OHTTP envelope handling; privacy depends on keeping this ID out of inner/content correlation, and mis-layering in future PRs could weaken unlinkability.

Overview
Adds envelope-level HTTP observability to starknet_transaction_prover: a new outermost tower RequestLogLayer logs one structured line per request (event="http_request", request_id, method, path, status, latency_ms), accepts or mints x-request-id (UUID v4 after validation), echoes it on the response, and never reads bodies. Incoming IDs are capped and restricted to safe printable ASCII; logged paths are truncated.

The shared prover_http_middleware! stack is updated so RequestLogLayer sits above HealthLayer on both HTTP and HTTPS paths, with docs noting this ID is outer-envelope only and must not be propagated into decapsulated/OHTTP content logs (inner correlation left to a follow-up). Workspace uuid dependency is wired in; unit tests cover echo, generation, and hostile IDs.

Several root-level HTML design notes document middleware deduplication options and OHTTP request-id privacy tradeoffs (explanatory, not runtime behavior).

^{Reviewed by Cursor Bugbot for commit fd81285. Bugbot is set up for automated code reviews on this repo. Configure here.}

[reviewable-StarkWare]

This change is 

[avi-starkware]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• starknet_transaction_prover: document observability surface in README #14203
• starknet_transaction_prover: origin-level breadcrumbs for validation errors #14172
• starknet_transaction_prover: /health returns 503 when service is saturated #14171
• starknet_transaction_prover: bump prover_panics_total on panic hook fire #14170
• starknet_transaction_prover: HTTP request count + latency + in-flight metrics #14169
• starknet_transaction_prover: proving-job duration + outcome metrics #14168
• starknet_transaction_prover: Prometheus /metrics endpoint with build_info #14167
• starknet_transaction_prover: global panic hook + graceful SIGTERM shutdown #14166
• starknet_transaction_prover,tower_ohttp: OHTTP-unlinkable request-id for decapsulated content #14222
• starknet_transaction_prover: per-request structured log with request-id #14165 👈 (View in Graphite)
• starknet_transaction_prover: unify HTTP middleware stack via macro #14286
• main-v0.14.3

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

Artifacts upload workflows:

• Started at 2026-05-27T10:01:06Z
• Started at 2026-05-27T10:35:51Z
• Started at 2026-05-27T12:55:58Z
• Started at 2026-05-27T13:11:23Z
• Started at 2026-05-27T14:04:00Z
• Started at 2026-05-27T14:20:14Z
• Started at 2026-05-31T10:23:13Z
• Started at 2026-05-31T10:23:36Z
• Started at 2026-06-01T08:17:40Z

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit fd81285. Configure here.}

[cursor]

Four HTML design documents accidentally committed to repo root

Medium Severity

Four HTML files (middleware_stack_alternatives.html, request_id_pr757_fix.html, request_id_scope.html, request_id_tradeoff.html) are committed to the repository root. These are richly-styled design analysis documents with embedded SVG diagrams that were clearly used as working notes during development. The repository has no other HTML files anywhere, and these reference internal PRs and architectural alternatives — they're development artifacts, not production code.

Additional Locations (2)

• request_id_pr757_fix.html#L1-L250
• request_id_tradeoff.html#L1-L186

 

^{Reviewed by Cursor Bugbot for commit fd81285. Configure here.}