Principle:Promptfoo Promptfoo Application Logging
| Knowledge Sources | |
|---|---|
| Domains | Logging, Observability |
| Last Updated | 2026-02-14 07:45 GMT |
Overview
Principle governing structured, multi-target logging with automatic sanitization of sensitive data across both Node.js and browser environments.
Description
Application Logging defines how the promptfoo codebase records diagnostic, informational, and error messages. The principle mandates that all log output passes through a centralized logger with four severity levels (error, warn, info, debug), that sensitive data (API keys, tokens, passwords, authorization headers) is automatically sanitized before output, and that the same API surface is available in both server (Node.js/Winston) and browser (console) environments via module aliasing. Debug and error logs are additionally persisted to rotating files for post-hoc analysis.
Usage
Apply this principle whenever adding diagnostic output to any module. Always use the structured context pattern (passing objects to the logger) rather than string interpolation to ensure automatic sanitization.
Theoretical Basis
The logging architecture follows the Adapter Pattern: a common interface (logger.error/warn/info/debug) with environment-specific implementations (Winston for Node.js, console for browser). The sanitization layer implements a Decorator Pattern that wraps all output through a field-level redaction filter.
Design decisions:
- Four-level hierarchy (error < warn < info < debug) follows syslog severity convention
- Context objects over string interpolation enables structured log aggregation and automated sensitive data detection
- Module aliasing (Vite resolves logger.ts to logger.browser.ts for browser builds) avoids runtime environment checks