project-nomos · meidad · May 26, 2026 · May 26, 2026
diff --git a/package.json b/package.json
@@ -84,6 +84,8 @@
     "marked": "^15.0.12",
     "marked-terminal": "^7.3.0",
     "nodemailer": "^8.0.5",
+    "pino": "^10.3.1",
+    "pino-pretty": "^13.1.3",
     "playwright": "^1.50.0",
     "postgres": "^3.4.7",
     "react": "^19.2.4",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/settings/src/app/api/admin/wiki/route.ts b/settings/src/app/api/admin/wiki/route.ts
@@ -19,8 +19,6 @@ export async function POST() {
   try {
     // Trigger wiki compilation via daemon gRPC command
     const { exec } = await import("node:child_process");
-    const { promisify } = await import("node:util");
-    const execAsync = promisify(exec);
 
     // Use the notify-daemon pattern to trigger compilation
     const path = await import("node:path");

diff --git a/settings/src/app/api/google/oauth/start/route.ts b/settings/src/app/api/google/oauth/start/route.ts
@@ -27,18 +27,12 @@ export async function POST() {
     // DB not available
   }
   const env = await readConfig(
-    [
-      "GOOGLE_OAUTH_CLIENT_ID",
-      "GOOGLE_OAUTH_CLIENT_SECRET",
-      "GWS_SERVICES",
-      "GOOGLE_CLOUD_PROJECT",
-    ],
+    ["GOOGLE_OAUTH_CLIENT_ID", "GOOGLE_OAUTH_CLIENT_SECRET", "GOOGLE_CLOUD_PROJECT"],
     sql,
   );
 
   const clientId = env.GOOGLE_OAUTH_CLIENT_ID;
   const clientSecret = env.GOOGLE_OAUTH_CLIENT_SECRET;
-  const gwsServices = env.GWS_SERVICES;
   const gcpProjectId = env.GOOGLE_CLOUD_PROJECT;
 
   if (!clientId || !clientSecret) {
@@ -53,14 +47,12 @@ export async function POST() {
 
   // Write a valid client_secret.json (with project_id) for the CLI flow.
   // Same helper /api/env uses on save, so the two paths can't drift.
-  const { writeGwsClientSecret, gwsClientSecretPath } =
-    await import("@/lib/sync-gws-client-secret");
+  const { writeGwsClientSecret } = await import("@/lib/sync-gws-client-secret");
   writeGwsClientSecret({
     clientId,
     clientSecret,
     projectId: gcpProjectId ?? "",
   });
-  const clientSecretPath = gwsClientSecretPath();
 
   // Build args for gws auth login with explicit scopes.
   // Using --scopes ensures Gmail/Calendar are included even if the gws CLI

diff --git a/src/cate/integration.ts b/src/cate/integration.ts
@@ -12,6 +12,9 @@ import type { PolicyConfig } from "@project-nomos/cate-sdk/types";
 import { NomosKeystore } from "./nomos-keystore.ts";
 import { NomosTransport } from "./nomos-transport.ts";
 import { getDb } from "../db/client.ts";
+import { createLogger } from "../lib/logger.ts";
+
+const log = createLogger("cate-integration");
 
 const AGENT_KEY_ID = "nomos-agent";
 const USER_KEY_ID = "nomos-user";
@@ -43,14 +46,14 @@ export async function initCATEIntegration(options?: {
   let agentKey = await keystore.getKey(AGENT_KEY_ID);
   if (!agentKey) {
     agentKey = await keystore.generateKey(AGENT_KEY_ID);
-    console.log("[cate] Generated new agent key pair");
+    log.info("Generated new agent key pair");
   }
 
   // Create or load user key (for VC issuance)
   let userKey = await keystore.getKey(USER_KEY_ID);
   if (!userKey) {
     userKey = await keystore.generateKey(USER_KEY_ID);
-    console.log("[cate] Generated new user key pair");
+    log.info("Generated new user key pair");
   }
 
   const agentDid = createDIDKey(agentKey.publicKey);
@@ -102,18 +105,23 @@ export async function initCATEIntegration(options?: {
     identity: { did: agentDid, keystore },
     policy: policyConfig,
     onMessage: async (envelope, context) => {
-      console.log(
-        `[cate] Received envelope from ${context.senderDid} (${context.trustTier}, ${context.policyAction})`,
+      log.info(
+        {
+          senderDid: context.senderDid,
+          trustTier: context.trustTier,
+          policyAction: context.policyAction,
+        },
+        "Received envelope",
       );
       await options?.onMessage?.(envelope);
     },
     onError: (error) => {
-      console.error(`[cate] Error: ${error.message}`);
+      log.error({ err: error }, "Error");
     },
   });
 
   await server.listen({ transport });
-  console.log(`[cate] Server started on port ${port} (DID: ${agentDid})`);
+  log.info({ port, agentDid }, "Server started");
 
   return { server, agentDid, agentCard, keystore, transport };
 }
@@ -168,5 +176,5 @@ async function loadPolicyConfig(): Promise<PolicyConfig> {
  */
 export async function stopCATEIntegration(integration: CATEIntegration): Promise<void> {
   await integration.server.close();
-  console.log("[cate] Server stopped");
+  log.info("Server stopped");
 }
diff --git a/src/cate/nomos-transport.ts b/src/cate/nomos-transport.ts
@@ -13,6 +13,9 @@ import {
   type TransportOptions,
   type TransportEvents,
 } from "@project-nomos/cate-sdk/transport";
+import { createLogger } from "../lib/logger.ts";
+
+const log = createLogger("cate-transport");
 
 export class NomosTransport extends Transport {
   private server?: { close: () => void };
@@ -62,7 +65,7 @@ export class NomosTransport extends Transport {
 
     await new Promise<void>((resolve) => {
       server.listen(this.port, () => {
-        console.log(`[cate] Transport listening on port ${this.port}`);
+        log.info({ port: this.port }, "Transport listening");
         resolve();
       });
     });

diff --git a/src/config/file-sync.ts b/src/config/file-sync.ts
@@ -14,6 +14,9 @@ import fs from "node:fs";
 import path from "node:path";
 import { createHash } from "node:crypto";
 import { getKysely } from "../db/client.ts";
+import { createLogger } from "../lib/logger.ts";
+
+const log = createLogger("file-sync");
 
 // ── Paths ──
 
@@ -42,11 +45,9 @@ async function syncOne(file: ManagedFile): Promise<string | null> {
 
   // Check disk (first path that exists wins)
   let diskContent: string | null = null;
-  let diskPath: string | null = null;
   for (const p of file.diskPaths) {
     if (fs.existsSync(p)) {
       diskContent = fs.readFileSync(p, "utf-8");
-      diskPath = p;
       break;
     }
   }
@@ -85,7 +86,7 @@ async function syncOne(file: ManagedFile): Promise<string | null> {
     const dir = path.dirname(restorePath);
     fs.mkdirSync(dir, { recursive: true });
     fs.writeFileSync(restorePath, row.content, "utf-8");
-    console.log(`[file-sync] Restored ${file.dbPath} -> ${restorePath}`);
+    log.info({ dbPath: file.dbPath, restorePath }, "Restored");
     return row.content;
   }
 
@@ -112,10 +113,7 @@ export async function syncFileToDb(dbPath: string, content: string): Promise<voi
       )
       .execute();
   } catch (err) {
-    console.warn(
-      `[file-sync] Failed to sync ${dbPath} to DB:`,
-      err instanceof Error ? err.message : err,
-    );
+    log.warn({ dbPath, err: err instanceof Error ? err.message : err }, "Failed to sync to DB");
   }
 }
 
@@ -246,9 +244,9 @@ export async function syncAllFiles(): Promise<void> {
   restored += restoredPersonal;
 
   if (synced > 0 || restored > 0) {
-    console.log(
-      `[file-sync] Synced ${synced} file(s) to DB` +
-        (restored > 0 ? `, restored ${restored} from DB` : ""),
+    log.info(
+      { synced, restored },
+      `Synced ${synced} file(s) to DB` + (restored > 0 ? `, restored ${restored} from DB` : ""),
     );
   }
 }
diff --git a/src/cron/scheduler.ts b/src/cron/scheduler.ts
@@ -1,5 +1,8 @@
 import { CronExpressionParser } from "cron-parser";
 import type { CronJob } from "./types.ts";
+import { createLogger } from "../lib/logger.ts";
+
+const log = createLogger("cron-scheduler");
 
 export type CronCallback = (job: CronJob) => Promise<void>;
 
@@ -98,7 +101,7 @@ export class CronScheduler {
 
       this.timers.set(job.id, timer);
     } catch (error) {
-      console.error(`Failed to schedule job ${job.id}:`, error);
+      log.error({ err: error, jobId: job.id }, "Failed to schedule job");
     }
   }
 
@@ -130,7 +133,7 @@ export class CronScheduler {
     try {
       await this.callback(job);
     } catch (error) {
-      console.error(`Error executing cron job ${job.id}:`, error);
+      log.error({ err: error, jobId: job.id }, "Error executing cron job");
     }
   }
 }