fix(api-service): replace zap with logrus for unified logging

[JacksonMei]

Summary

• Replace zap with logrus + lumberjack for logging, matching faas-apiserver pattern
• Unify all standard "log" imports to logrus across service/controller layers so all logs write to file
• Add request/response body truncation (2KB) to prevent log disk bloat (~50MB/min in prod)
• Tune log rotation: MaxBackups=10, MaxAge=7d, Compress=true (was MaxBackups=30, MaxAge=0, Compress=false)
• Remove go.uber.org/zap and go.uber.org/multierr dependencies

Motivation

Production logs were growing at ~50MB/min due to full request/response body logging (especially MCP traffic). Additionally, service/controller layers used mixed logging libraries (standard log, logrus, zap) with only zap writing to log files — meaning most application logs were lost to stderr.

Changes

File	Change
middleware/logging.go	zap → logrus + lumberjack, add 2KB body truncation
main.go	Remove zap init, use logrus global config
service/redis.go	"log" → logrus
service/cleanup_service.go	"log" → logrus
service/env_instance.go	"log" → logrus
controller/mcp_proxy.go	"log" → logrus
go.mod	Remove zap/multierr deps

Test plan

• go build ./... passes
• go vet ./... passes
• Existing tests pass (cleanup_service, metrics)
• Deploy to staging and verify log output format and rotation

🤖 Generated with Claude Code

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses critical logging issues by standardizing the logging infrastructure. Previously, the system suffered from mixed logging libraries and significant log disk bloat due to full request/response body logging. The changes unify logging under logrus with lumberjack for rotation, introduce body truncation to control log size, and ensure all application logs are properly persisted, leading to improved log manageability and reduced storage consumption.

Highlights

• Unified Logging Library: Replaced the zap logging library with logrus and lumberjack across the service, aligning with the faas-apiserver logging pattern.
• Standard Log Unification: Converted all standard "log" package imports to logrus in service and controller layers to ensure all application logs are written to files.
• Log Body Truncation: Implemented request and response body truncation (2KB limit) within the logging middleware to prevent excessive log disk usage.
• Log Rotation Tuning: Adjusted lumberjack log rotation settings to MaxBackups=10, MaxAge=7d, and Compress=true for more efficient log management.
• Dependency Removal: Removed go.uber.org/zap and go.uber.org/multierr dependencies from the project.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• controller/mcp_proxy.go
  • Replaced standard "log" import with logrus.
• go.mod
  • Removed go.uber.org/zap and go.uber.org/multierr dependencies.
• main.go
  • Removed zap logger initialization.
  • Configured logrus as the global logger.
• middleware/logging.go
  • Replaced zap with logrus and lumberjack for logging.
  • Added 2KB body truncation for request and response logs.
• service/cleanup_service.go
  • Replaced standard "log" import with logrus.
• service/env_instance.go
  • Replaced standard "log" import with logrus.
• service/redis.go
  • Replaced standard "log" import with logrus.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request replaces the zap logging library with logrus to unify logging across the service, improving consistency and introducing valuable features like request/response body truncation and tuned log rotation for better log volume management. However, a critical security finding has been identified: the logging middleware continues to log unfiltered request and response bodies, which may contain sensitive information such as environment variables and secrets. Further improvements include enhancing the structure of latency logs for better analysis and ensuring the string truncation logic is safe for multi-byte UTF-8 characters to prevent potential log corruption.

[gemini-code-assist]

The logging middleware captures and logs the entire request and response bodies (truncated to 2KB). These bodies can contain sensitive information such as authentication tokens, passwords, or PII. Specifically, the CreateEnvInstanceRequest includes environment_variables, which are often used to store secrets. Logging these secrets to a file increases the risk of exposure if the log files are compromised. It is recommended to implement a sanitization or redaction mechanism to remove sensitive fields from the request and response bodies before logging, or avoid logging the bodies entirely in production environments.

[gemini-code-assist]

Logging latency as a string (latency.String()) is less flexible for analysis and filtering in log management systems compared to a numeric type. Logrus can handle time.Duration fields natively, typically logging them as an integer (nanoseconds). This allows for easier querying, sorting, and calculations on the latency value.

Suggested change

	"latency": latency.String(),
	"latency": latency,

[gemini-code-assist]

The current implementation of truncateString can corrupt multi-byte UTF-8 characters by slicing a string at an arbitrary byte index. This can lead to invalid characters in the logs, making them hard to read or process. A safer approach is to ensure the truncation happens at a rune boundary.

	if len(s) > maxLen {
		// To avoid cutting a multi-byte character in half, find the last valid start of a UTF-8 rune.
		end := maxLen
		for end > 0 && (s[end]&0xC0) == 0x80 { // is a continuation byte
			end--
		}
		return s[:end] + "...(truncated)"
	}

[puzhen-ryan]

lgtm