PR #2: Structured Logging System (#392)

Implements structured logging with verbosity control to separate results from diagnostics. The logger outputs to stderr keeping stdout clean for results and provides three verbosity levels for flexible output control.

Default mode shows clean results only with no progress messages. Verbose mode adds progress messages and statistics for monitoring scan operations. Debug mode includes elapsed time prefixes for performance analysis.

Commands now support --verbose and --debug flags for controlling output detail. Warning and Error messages are always shown regardless of verbosity level. Timing tracking is included for performance measurement.

All tests pass with 97.2% coverage for the logger package. Binary builds successfully and passes linting with zero issues.

Part of the output standardization feature.

Author: shivasurya

python-dsl/codepathfinder/matchers.py

@@ -106,17 +106,25 @@ def to_ir(self) -> dict:
 
         # Add positional argument constraints
         if self.match_position:
-            ir["positionalArgs"] = {
-                str(pos): self._make_constraint(value)
-                for pos, value in self.match_position.items()
-            }
+            positional_args = {}
+            for pos, value in self.match_position.items():
+                constraint = self._make_constraint(value)
+                # Propagate wildcard flag from pattern to argument constraints
+                if self.wildcard:
+                    constraint["wildcard"] = True
+                positional_args[str(pos)] = constraint
+            ir["positionalArgs"] = positional_args
 
         # Add keyword argument constraints
         if self.match_name:
-            ir["keywordArgs"] = {
-                name: self._make_constraint(value)
-                for name, value in self.match_name.items()
-            }
+            keyword_args = {}
+            for name, value in self.match_name.items():
+                constraint = self._make_constraint(value)
+                # Propagate wildcard flag from pattern to argument constraints
+                if self.wildcard:
+                    constraint["wildcard"] = True
+                keyword_args[name] = constraint
+            ir["keywordArgs"] = keyword_args
 
         return ir
 

sourcecode-parser/cmd/analyze.go

@@ -6,6 +6,7 @@ import (
 
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/output"
 	"github.com/spf13/cobra"
 )
 
@@ -24,7 +25,7 @@ var analyzeCmd = &cobra.Command{
 		codeGraph := graph.Initialize(projectInput)
 
 		fmt.Println("Building call graph and analyzing security patterns...")
-		cg, registry, patternRegistry, err := callgraph.InitializeCallGraph(codeGraph, projectInput)
+		cg, registry, patternRegistry, err := callgraph.InitializeCallGraph(codeGraph, projectInput, output.NewLogger(output.VerbosityDefault))
 		if err != nil {
 			fmt.Println("Error building call graph:", err)
 			return

sourcecode-parser/cmd/ci.go

@@ -3,7 +3,6 @@ package cmd
 import (
 	"encoding/json"
 	"fmt"
-	"log"
 	"os"
 
 	sarif "github.com/owenrumney/go-sarif/v2/sarif"
@@ -12,6 +11,7 @@ import (
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/builder"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/registry"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/output"
 	"github.com/spf13/cobra"
 )
 
@@ -35,6 +35,17 @@ Examples:
 		rulesPath, _ := cmd.Flags().GetString("rules")
 		projectPath, _ := cmd.Flags().GetString("project")
 		outputFormat, _ := cmd.Flags().GetString("output")
+		verbose, _ := cmd.Flags().GetBool("verbose")
+		debug, _ := cmd.Flags().GetBool("debug")
+
+		// Setup logger with appropriate verbosity
+		verbosity := output.VerbosityDefault
+		if debug {
+			verbosity = output.VerbosityDebug
+		} else if verbose {
+			verbosity = output.VerbosityVerbose
+		}
+		logger := output.NewLogger(verbosity)
 
 		if rulesPath == "" {
 			return fmt.Errorf("--rules flag is required")
@@ -49,47 +60,47 @@ Examples:
 		}
 
 		// Build code graph (AST)
-		log.Printf("Building code graph from %s...\n", projectPath)
+		logger.Progress("Building code graph from %s...", projectPath)
 		codeGraph := graph.Initialize(projectPath)
 		if len(codeGraph.Nodes) == 0 {
 			return fmt.Errorf("no source files found in project")
 		}
-		log.Printf("Code graph built: %d nodes\n", len(codeGraph.Nodes))
+		logger.Statistic("Code graph built: %d nodes", len(codeGraph.Nodes))
 
 		// Build module registry
-		log.Printf("Building module registry...\n")
+		logger.Progress("Building module registry...")
 		moduleRegistry, err := registry.BuildModuleRegistry(projectPath)
 		if err != nil {
-			log.Printf("Warning: failed to build module registry: %v\n", err)
+			logger.Warning("failed to build module registry: %v", err)
 			moduleRegistry = core.NewModuleRegistry()
 		}
 
 		// Build callgraph
-		log.Printf("Building callgraph...\n")
-		cg, err := builder.BuildCallGraph(codeGraph, moduleRegistry, projectPath)
+		logger.Progress("Building callgraph...")
+		cg, err := builder.BuildCallGraph(codeGraph, moduleRegistry, projectPath, logger)
 		if err != nil {
 			return fmt.Errorf("failed to build callgraph: %w", err)
 		}
-		log.Printf("Callgraph built: %d functions, %d call sites\n",
+		logger.Statistic("Callgraph built: %d functions, %d call sites",
 			len(cg.Functions), countTotalCallSites(cg))
 
 		// Load Python DSL rules
-		log.Printf("Loading rules from %s...\n", rulesPath)
+		logger.Progress("Loading rules from %s...", rulesPath)
 		loader := dsl.NewRuleLoader(rulesPath)
 		rules, err := loader.LoadRules()
 		if err != nil {
 			return fmt.Errorf("failed to load rules: %w", err)
 		}
-		log.Printf("Loaded %d rules\n", len(rules))
+		logger.Statistic("Loaded %d rules", len(rules))
 
 		// Execute rules against callgraph
-		log.Printf("Running security scan...\n")
+		logger.Progress("Running security scan...")
 		allDetections := make(map[string][]dsl.DataflowDetection)
 		totalDetections := 0
 		for _, rule := range rules {
 			detections, err := loader.ExecuteRule(&rule, cg)
 			if err != nil {
-				log.Printf("Error executing rule %s: %v\n", rule.Rule.ID, err)
+				logger.Error("executing rule %s: %v", rule.Rule.ID, err)
 				continue
 			}
 
@@ -99,8 +110,8 @@ Examples:
 			}
 		}
 
-		log.Printf("Scan complete. Found %d vulnerabilities.\n", totalDetections)
-		log.Printf("Generating %s output...\n", outputFormat)
+		logger.Statistic("Scan complete. Found %d vulnerabilities", totalDetections)
+		logger.Progress("Generating %s output...", outputFormat)
 
 		// Generate output
 		if outputFormat == "sarif" {
@@ -270,6 +281,8 @@ func init() {
 	ciCmd.Flags().StringP("rules", "r", "", "Path to Python DSL rules file or directory (required)")
 	ciCmd.Flags().StringP("project", "p", "", "Path to project directory to scan (required)")
 	ciCmd.Flags().StringP("output", "o", "sarif", "Output format: sarif or json (default: sarif)")
+	ciCmd.Flags().BoolP("verbose", "v", false, "Show progress and statistics")
+	ciCmd.Flags().Bool("debug", false, "Show debug diagnostics with timestamps")
 	ciCmd.MarkFlagRequired("rules")
 	ciCmd.MarkFlagRequired("project")
 }

sourcecode-parser/cmd/query.go

@@ -9,6 +9,7 @@ import (
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/builder"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/registry"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/output"
 	"github.com/spf13/cobra"
 )
 
@@ -55,7 +56,7 @@ Examples:
 
 		// Build callgraph
 		log.Printf("Building callgraph...\n")
-		cg, err := builder.BuildCallGraph(codeGraph, moduleRegistry, projectPath)
+		cg, err := builder.BuildCallGraph(codeGraph, moduleRegistry, projectPath, output.NewLogger(output.VerbosityDefault))
 		if err != nil {
 			return fmt.Errorf("failed to build callgraph: %w", err)
 		}

sourcecode-parser/cmd/resolution_report.go

@@ -7,6 +7,7 @@ import (
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/output"
 	"github.com/spf13/cobra"
 )
 
@@ -34,7 +35,7 @@ improvements to the resolution logic.`,
 		codeGraph := graph.Initialize(projectInput)
 
 		fmt.Println("Building call graph...")
-		cg, registry, _, err := callgraph.InitializeCallGraph(codeGraph, projectInput)
+		cg, registry, _, err := callgraph.InitializeCallGraph(codeGraph, projectInput, output.NewLogger(output.VerbosityDefault))
 		if err != nil {
 			fmt.Printf("Error building call graph: %v\n", err)
 			return

sourcecode-parser/cmd/scan.go

@@ -2,7 +2,6 @@ package cmd
 
 import (
 	"fmt"
-	"log"
 	"os"
 	"path/filepath"
 
@@ -11,6 +10,7 @@ import (
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/builder"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/registry"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/output"
 	"github.com/spf13/cobra"
 )
 
@@ -31,6 +31,17 @@ Examples:
 	RunE: func(cmd *cobra.Command, args []string) error {
 		rulesPath, _ := cmd.Flags().GetString("rules")
 		projectPath, _ := cmd.Flags().GetString("project")
+		verbose, _ := cmd.Flags().GetBool("verbose")
+		debug, _ := cmd.Flags().GetBool("debug")
+
+		// Setup logger with appropriate verbosity
+		verbosity := output.VerbosityDefault
+		if debug {
+			verbosity = output.VerbosityDebug
+		} else if verbose {
+			verbosity = output.VerbosityVerbose
+		}
+		logger := output.NewLogger(verbosity)
 
 		if rulesPath == "" {
 			return fmt.Errorf("--rules flag is required")
@@ -48,47 +59,47 @@ Examples:
 		projectPath = absProjectPath
 
 		// Step 1: Build code graph (AST)
-		log.Printf("Building code graph from %s...\n", projectPath)
+		logger.Progress("Building code graph from %s...", projectPath)
 		codeGraph := graph.Initialize(projectPath)
 		if len(codeGraph.Nodes) == 0 {
 			return fmt.Errorf("no source files found in project")
 		}
-		log.Printf("Code graph built: %d nodes\n", len(codeGraph.Nodes))
+		logger.Statistic("Code graph built: %d nodes", len(codeGraph.Nodes))
 
 		// Step 2: Build module registry
-		log.Printf("Building module registry...\n")
+		logger.Progress("Building module registry...")
 		moduleRegistry, err := registry.BuildModuleRegistry(projectPath)
 		if err != nil {
-			log.Printf("Warning: failed to build module registry: %v\n", err)
+			logger.Warning("failed to build module registry: %v", err)
 			// Create empty registry as fallback
 			moduleRegistry = core.NewModuleRegistry()
 		}
 
 		// Step 3: Build callgraph
-		log.Printf("Building callgraph...\n")
-		cg, err := builder.BuildCallGraph(codeGraph, moduleRegistry, projectPath)
+		logger.Progress("Building callgraph...")
+		cg, err := builder.BuildCallGraph(codeGraph, moduleRegistry, projectPath, logger)
 		if err != nil {
 			return fmt.Errorf("failed to build callgraph: %w", err)
 		}
-		log.Printf("Callgraph built: %d functions, %d call sites\n",
+		logger.Statistic("Callgraph built: %d functions, %d call sites",
 			len(cg.Functions), countTotalCallSites(cg))
 
 		// Step 4: Load Python DSL rules
-		log.Printf("Loading rules from %s...\n", rulesPath)
+		logger.Progress("Loading rules from %s...", rulesPath)
 		loader := dsl.NewRuleLoader(rulesPath)
 		rules, err := loader.LoadRules()
 		if err != nil {
 			return fmt.Errorf("failed to load rules: %w", err)
 		}
-		log.Printf("Loaded %d rules\n", len(rules))
+		logger.Statistic("Loaded %d rules", len(rules))
 
 		// Step 5: Execute rules against callgraph
-		log.Printf("\n=== Running Security Scan ===\n")
+		logger.Progress("\n=== Running Security Scan ===")
 		totalDetections := 0
 		for _, rule := range rules {
 			detections, err := loader.ExecuteRule(&rule, cg)
 			if err != nil {
-				log.Printf("Error executing rule %s: %v\n", rule.Rule.ID, err)
+				logger.Error("executing rule %s: %v", rule.Rule.ID, err)
 				continue
 			}
 
@@ -99,8 +110,8 @@ Examples:
 		}
 
 		// Step 6: Print summary
-		log.Printf("\n=== Scan Complete ===\n")
-		log.Printf("Total vulnerabilities found: %d\n", totalDetections)
+		logger.Progress("\n=== Scan Complete ===")
+		logger.Statistic("Total vulnerabilities found: %d", totalDetections)
 
 		if totalDetections > 0 {
 			os.Exit(1) // Exit with error code if vulnerabilities found
@@ -143,6 +154,8 @@ func init() {
 	rootCmd.AddCommand(scanCmd)
 	scanCmd.Flags().StringP("rules", "r", "", "Path to Python DSL rules file or directory (required)")
 	scanCmd.Flags().StringP("project", "p", "", "Path to project directory to scan (required)")
+	scanCmd.Flags().BoolP("verbose", "v", false, "Show progress and statistics")
+	scanCmd.Flags().Bool("debug", false, "Show debug diagnostics with timestamps")
 	scanCmd.MarkFlagRequired("rules")
 	scanCmd.MarkFlagRequired("project")
 }

sourcecode-parser/graph/callgraph/benchmark_test.go

@@ -8,6 +8,7 @@ import (
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/core"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/registry"
 	"github.com/shivasurya/code-pathfinder/sourcecode-parser/graph/callgraph/resolution"
+	"github.com/shivasurya/code-pathfinder/sourcecode-parser/output"
 )
 
 // Benchmark project paths
@@ -238,7 +239,7 @@ func BenchmarkInitializeCallGraph_Small(b *testing.B) {
 	for i := 0; i < b.N; i++ {
 		// Include full pipeline: graph initialization + call graph initialization
 		codeGraph := graph.Initialize(smallProjectPath)
-		callGraph, registry, patternRegistry, err := InitializeCallGraph(codeGraph, smallProjectPath)
+		callGraph, registry, patternRegistry, err := InitializeCallGraph(codeGraph, smallProjectPath, output.NewLogger(output.VerbosityDefault))
 		if err != nil {
 			b.Fatalf("Failed to initialize call graph: %v", err)
 		}
@@ -265,7 +266,7 @@ func BenchmarkInitializeCallGraph_Medium(b *testing.B) {
 
 	for i := 0; i < b.N; i++ {
 		codeGraph := graph.Initialize(mediumProjectPath)
-		callGraph, registry, patternRegistry, err := InitializeCallGraph(codeGraph, mediumProjectPath)
+		callGraph, registry, patternRegistry, err := InitializeCallGraph(codeGraph, mediumProjectPath, output.NewLogger(output.VerbosityDefault))
 		if err != nil {
 			b.Fatalf("Failed to initialize call graph: %v", err)
 		}
@@ -287,7 +288,7 @@ func BenchmarkInitializeCallGraph_Medium(b *testing.B) {
 func BenchmarkPatternMatching_Small(b *testing.B) {
 	// Pre-build call graph and pattern registry
 	codeGraph := graph.Initialize(smallProjectPath)
-	callGraph, registry, patternRegistry, err := InitializeCallGraph(codeGraph, smallProjectPath)
+	callGraph, registry, patternRegistry, err := InitializeCallGraph(codeGraph, smallProjectPath, output.NewLogger(output.VerbosityDefault))
 	if err != nil {
 		b.Fatalf("Failed to initialize call graph: %v", err)
 	}
@@ -310,7 +311,7 @@ func BenchmarkPatternMatching_Small(b *testing.B) {
 func BenchmarkPatternMatching_Medium(b *testing.B) {
 	// Pre-build call graph and pattern registry
 	codeGraph := graph.Initialize(mediumProjectPath)
-	callGraph, registry, patternRegistry, err := InitializeCallGraph(codeGraph, mediumProjectPath)
+	callGraph, registry, patternRegistry, err := InitializeCallGraph(codeGraph, mediumProjectPath, output.NewLogger(output.VerbosityDefault))
 	if err != nil {
 		b.Fatalf("Failed to initialize call graph: %v", err)
 	}