feat(admin-ui): Migrate Auth Server module to unified logger (#2870)

[faisalsiddique4400]

feat(admin-ui): Migrate Auth Server module to unified logger (#2870)

Summary

This PR migrates the Auth Server plugin to the new unified logging infrastructure by replacing existing devLogger usage with the new audience-based logger API.

The migration preserves existing behavior by mapping all development-only logging to logger.<level>('dev', ...), which remains gated by isDevelopment. This aligns the Auth Server module with the broader logging modernization effort while maintaining consistent runtime behavior.

---

Fix Summary

• Replaced devLogger.<level>(...) usage throughout the Auth Server plugin
• Migrated logging calls to:

  logger.<level>('dev', ...)

• Preserved development-only logging behavior
• Adopted the new unified logging API across Auth Server components and utilities
• Integrated shared logging infrastructure:
  • app/utils/logger.ts
  • app/utils/types/LoggerTypes.ts
  • app/utils/types/index.ts
• Improved consistency with the application-wide logging strategy
• Maintained existing runtime and debugging behavior

---

Verification

tsc --noEmit
npm run check:all

passes successfully.

• Verified TypeScript compilation completes with zero errors
• Verified Auth Server module functionality remains unchanged
• Verified development logs continue to appear only in development environments
• Verified no regressions in Auth Server workflows
• Verified compatibility while devLogger.ts remains available during migration

---

🔗 Ticket

Closes: #2870

Summary by CodeRabbit

Release Notes

• Refactor
  • Consolidated and enhanced the internal logging infrastructure across all application modules to improve error tracking consistency and provide better support for different deployment environments. This comprehensive upgrade enables environment-aware logging capabilities while maintaining uniform error reporting and handling practices throughout the entire codebase, ensuring more reliable diagnostics across all components.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR introduces a unified shared logger utility and systematically migrates all devLogger usage across the auth-server plugin to the new logger with explicit environment targeting, maintaining behavior-equivalent logging patterns while consolidating duplication.

Changes

Unified logger migration

Layer / File(s)	Summary
Logger infrastructure: types and implementation admin-ui/app/utils/logger.ts, admin-ui/app/utils/types/LoggerTypes.ts, admin-ui/app/utils/types/index.ts	New logger object provides log, warn, error, debug methods that route calls based on LogEnv ('dev', 'prod', 'both') parameter and isDevelopment flag. Exported types LogArg and LogEnv define the logging contract. Barrel export updated to expose LoggerTypes.
Auth Server Properties and related components admin-ui/plugins/auth-server/components/AuthServerProperties/components/AuthServerPropertiesPage.tsx, admin-ui/plugins/auth-server/components/AuthServerProperties/hooks/useAuthServerScripts.ts, admin-ui/plugins/auth-server/components/Authentication/Acrs/AcrsEditPage.tsx	Error logging in form submission and audit failure paths switched from devLogger to logger.error('dev', ...).
Agama flows and project management admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/AgamaFlows.tsx, admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/AgamaProjectConfigModal.tsx	Error logging for project upload, ZIP parsing, file reading, SHA256 computation, deployment, and config import/export operations updated to use shared logger.
ACR alias and default ACR handling admin-ui/plugins/auth-server/components/Authentication/Aliases/Aliases.tsx, admin-ui/plugins/auth-server/components/Authentication/DefaultAcr/DefaultAcr.tsx	ACR update and delete error logging, plus audit and config update failures, migrated to shared logger.
Config API properties and utilities admin-ui/plugins/auth-server/components/ConfigApiProperties/components/ConfigApiPropertiesForm.tsx, admin-ui/plugins/auth-server/components/ConfigApiProperties/components/ConfigApiPropertiesPage.tsx, admin-ui/plugins/auth-server/components/ConfigApiProperties/utils/valueUtils.ts	Form submission, audit failure, and patch-operation error logging switched to shared logger.
JSON viewer, JWK, and logging configuration admin-ui/plugins/auth-server/components/JsonViewer/components/JsonViewerDialog.tsx, admin-ui/plugins/auth-server/components/Keys/hooks/useJwkApi.ts, admin-ui/plugins/auth-server/components/Logging/components/LoggingPage.tsx, admin-ui/plugins/auth-server/components/Logging/hooks/useLoggingApi.ts	Clipboard copy, JWK fetch, and logging config submission error logging migrated to shared logger.
OIDC Client pages and UMA operations admin-ui/plugins/auth-server/components/OidcClients/components/ClientAddPage.tsx, admin-ui/plugins/auth-server/components/OidcClients/components/ClientEditPage.tsx, admin-ui/plugins/auth-server/components/OidcClients/components/ClientListPage.tsx, admin-ui/plugins/auth-server/components/OidcClients/components/ClientCibaParUmaPanel.tsx	Client creation, update, deletion, and UMA resource deletion error logging updated to shared logger.
OIDC Client hooks and utilities admin-ui/plugins/auth-server/components/OidcClients/helper/utils.ts, admin-ui/plugins/auth-server/components/OidcClients/hooks/useClientTokens.ts, admin-ui/plugins/auth-server/components/OidcClients/hooks/useClientUmaResources.ts, admin-ui/plugins/auth-server/components/OidcClients/hooks/useCreateClient.ts, admin-ui/plugins/auth-server/components/OidcClients/hooks/useDeleteClient.ts, admin-ui/plugins/auth-server/components/OidcClients/hooks/useUpdateClient.ts	Token revocation, UMA deletion, client mutation audit failures, and CSV download errors switched to shared logger.
OIDC Clients test mocking admin-ui/plugins/auth-server/components/OidcClients/__tests__/hooks/useClientUmaResources.test.ts	Jest mock updated to target logger.error instead of devLogger.error.
Scope pages and hooks admin-ui/plugins/auth-server/components/Scopes/components/ScopeAddPage.tsx, admin-ui/plugins/auth-server/components/Scopes/components/ScopeEditPage.tsx, admin-ui/plugins/auth-server/components/Scopes/components/ScopeListPage.tsx, admin-ui/plugins/auth-server/components/Scopes/hooks/useScopeMutations.ts	Scope creation, edit, deletion, and mutation audit/JSON parsing error logging migrated to shared logger.
Session pages and hooks admin-ui/plugins/auth-server/components/Sessions/components/SessionListPage.tsx, admin-ui/plugins/auth-server/components/Sessions/hooks/useSessionMutations.ts	Session deletion/revocation, audit, and query invalidation error logging switched to shared logger.
SSA pages, utilities, and hooks admin-ui/plugins/auth-server/components/Ssa/components/SsaAddPage.tsx, admin-ui/plugins/auth-server/components/Ssa/components/SsaListPage.tsx, admin-ui/plugins/auth-server/components/Ssa/helper/utils.ts, admin-ui/plugins/auth-server/components/Ssa/hooks/useSsaApi.ts, admin-ui/plugins/auth-server/components/Ssa/hooks/useSsaMutations.ts	SSA page submissions, JWT fetches, downloads, deletions, and revocation audit/query failures updated to use shared logger.
Services and utilities admin-ui/plugins/auth-server/services/jsonPropertiesService.ts, admin-ui/plugins/auth-server/utils/sessionExpiredRedirect.ts	JSON properties fetch/patch and session logout error logging migrated to shared logger.
Test setup admin-ui/plugins/auth-server/__tests__/api/setup.ts	Test module error and availability logging updated to use shared logger.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related issues

• feat(admin-ui): Migrate Home/Core module to unified logger #2868: Both PRs introduce the new app/utils/logger and LoggerTypes and migrate devLogger usage across the admin-ui codebase.

Possibly related PRs

• GluuFederation/flex#2562: Overlaps with SSA JWT and deletion error paths in SsaListPage.tsx.
• GluuFederation/flex#2859: Modifies the same redirectSessionExpired function's error-reporting behavior.
• GluuFederation/flex#2730: Directly overlaps with Scopes components (pages and hooks) error-handling migration.

Suggested labels

kind-enhancement

Suggested reviewers

• duttarnab
• moabu

Poem

🐰 A logger hops through many a file,
From dev to shared—a cleaner style!
No more duplication, just one shared way,
Environment-aware, come what may.
One logger rings, a thousand files sing! 🎵

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and concisely describes the main change: migrating the Auth Server module to a unified logger, which matches the primary objective.
Linked Issues check	✅ Passed	The PR successfully implements all primary objectives: replaces devLogger with logger('dev', ...) throughout Auth Server plugin [#2870], adds shared logging infrastructure files [#2870], maintains behavior gating on isDevelopment [#2870], and passes TypeScript compilation [#2870].
Out of Scope Changes check	✅ Passed	All changes are scoped to migrating Auth Server logging from devLogger to logger with environment tagging; no unrelated modifications or features beyond the stated objectives were introduced.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch admin-ui-issue-2870

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed for 'Gluu Admin UI'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[faisalsiddique4400]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 6

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@admin-ui/app/utils/logger.ts`:
- Line 37: Update the JSDoc example for logger.error to correctly state that the
'prod' environment outputs to the production console only (not "prod + dev
console"); change the comment on the example line using logger.error so it
reflects the emit logic (see emit handling around 'emit' and logger.error) and
accurately reads that 'prod' targets production console only.

In
`@admin-ui/plugins/auth-server/components/OidcClients/components/ClientCibaParUmaPanel.tsx`:
- Around line 155-159: The fire-and-forget catch in ClientCibaParUmaPanel.tsx
duplicates logging because deleteUmaResource already logs failures; remove the
duplicate logger.error from the .catch handler (or replace the .catch body with
an empty swallow) so the promise is still fire-and-forget but not re-logged;
locate the call using deleteUmaResource(String(selectedUMA.id)) and the
logger.error('dev', 'UMA resource deletion failed:', error) invocation and
remove or clear that logger call, leaving the inline comment if you want to keep
the explanation.

In `@admin-ui/plugins/auth-server/components/Ssa/hooks/useSsaApi.ts`:
- Line 94: In useSsaApi.ts update the logger call in the SSA creation error path
to use the dev-only audience: replace logger.error('both', 'Failed to create
SSA: ' + (error instanceof Error ? error.message : String(error))) with a call
that passes 'dev' as the first argument so the message remains gated to
development logging; locate this inside the create SSA error handling in the
useSsaApi hook and change the audience token from 'both' to 'dev'.
- Line 65: Change the logger audience from 'both' to 'dev' in the error call
inside useSsaApi (the logger.error(...) line) so the SSA fetch failure remains
development-only; locate the logger.error call in
admin-ui/plugins/auth-server/components/Ssa/hooks/useSsaApi.ts and replace the
first argument 'both' with 'dev' to preserve the original isDevelopment-gated
logging behavior.
- Line 123: In useSsaApi.ts update the logger call inside the SSA fetch error
handling (the logger.error(...) invocation in the useSsaApi hook) to use the
'dev' audience instead of 'both' so the message remains development-only; locate
the logger.error('both', 'Failed to fetch SSA JWT: ' + ...) line and change the
first argument to 'dev' preserving the rest of the message and error formatting.

In `@admin-ui/plugins/auth-server/services/jsonPropertiesService.ts`:
- Line 37: The error logs in jsonPropertiesService.ts currently call
logger.error('both', ...) which expands audience from dev-only to both
environments; change both occurrences to logger.error('dev', ...) so detailed
backend error messages remain dev-only (search for the logger.error('both',
'Failed to fetch auth server JSON properties: ' + resolveApiErrorMessage(e as
Error)) and the second similar call and replace the 'both' audience with 'dev').

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 225da67a-8eaf-479e-8299-42c90108c8d6

📥 Commits

Reviewing files that changed from the base of the PR and between e2f257a and 821d530.

📒 Files selected for processing (42)

• admin-ui/app/utils/logger.ts
• admin-ui/app/utils/types/LoggerTypes.ts
• admin-ui/app/utils/types/index.ts
• admin-ui/plugins/auth-server/__tests__/api/setup.ts
• admin-ui/plugins/auth-server/components/AuthServerProperties/components/AuthServerPropertiesPage.tsx
• admin-ui/plugins/auth-server/components/AuthServerProperties/hooks/useAuthServerScripts.ts
• admin-ui/plugins/auth-server/components/Authentication/Acrs/AcrsEditPage.tsx
• admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/AgamaFlows.tsx
• admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/AgamaProjectConfigModal.tsx
• admin-ui/plugins/auth-server/components/Authentication/Aliases/Aliases.tsx
• admin-ui/plugins/auth-server/components/Authentication/DefaultAcr/DefaultAcr.tsx
• admin-ui/plugins/auth-server/components/ConfigApiProperties/components/ConfigApiPropertiesForm.tsx
• admin-ui/plugins/auth-server/components/ConfigApiProperties/components/ConfigApiPropertiesPage.tsx
• admin-ui/plugins/auth-server/components/ConfigApiProperties/utils/valueUtils.ts
• admin-ui/plugins/auth-server/components/JsonViewer/components/JsonViewerDialog.tsx
• admin-ui/plugins/auth-server/components/Keys/hooks/useJwkApi.ts
• admin-ui/plugins/auth-server/components/Logging/components/LoggingPage.tsx
• admin-ui/plugins/auth-server/components/Logging/hooks/useLoggingApi.ts
• admin-ui/plugins/auth-server/components/OidcClients/__tests__/hooks/useClientUmaResources.test.ts
• admin-ui/plugins/auth-server/components/OidcClients/components/ClientAddPage.tsx
• admin-ui/plugins/auth-server/components/OidcClients/components/ClientCibaParUmaPanel.tsx
• admin-ui/plugins/auth-server/components/OidcClients/components/ClientEditPage.tsx
• admin-ui/plugins/auth-server/components/OidcClients/components/ClientListPage.tsx
• admin-ui/plugins/auth-server/components/OidcClients/helper/utils.ts
• admin-ui/plugins/auth-server/components/OidcClients/hooks/useClientTokens.ts
• admin-ui/plugins/auth-server/components/OidcClients/hooks/useClientUmaResources.ts
• admin-ui/plugins/auth-server/components/OidcClients/hooks/useCreateClient.ts
• admin-ui/plugins/auth-server/components/OidcClients/hooks/useDeleteClient.ts
• admin-ui/plugins/auth-server/components/OidcClients/hooks/useUpdateClient.ts
• admin-ui/plugins/auth-server/components/Scopes/components/ScopeAddPage.tsx
• admin-ui/plugins/auth-server/components/Scopes/components/ScopeEditPage.tsx
• admin-ui/plugins/auth-server/components/Scopes/components/ScopeListPage.tsx
• admin-ui/plugins/auth-server/components/Scopes/hooks/useScopeMutations.ts
• admin-ui/plugins/auth-server/components/Sessions/components/SessionListPage.tsx
• admin-ui/plugins/auth-server/components/Sessions/hooks/useSessionMutations.ts
• admin-ui/plugins/auth-server/components/Ssa/components/SsaAddPage.tsx
• admin-ui/plugins/auth-server/components/Ssa/components/SsaListPage.tsx
• admin-ui/plugins/auth-server/components/Ssa/helper/utils.ts
• admin-ui/plugins/auth-server/components/Ssa/hooks/useSsaApi.ts
• admin-ui/plugins/auth-server/components/Ssa/hooks/useSsaMutations.ts
• admin-ui/plugins/auth-server/services/jsonPropertiesService.ts
• admin-ui/plugins/auth-server/utils/sessionExpiredRedirect.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Correct the JSDoc example comment for 'prod' environment.

The comment states // prod + dev console, but according to the emit logic (lines 23-25), 'prod' logs are suppressed in development and only appear in production. The comment should reflect that 'prod' targets the production console only, not both.

📝 Suggested correction

-  logger.error('prod', 'Cedarling init failed:', message) // prod + dev console
+  logger.error('prod', 'Cedarling init failed:', message) // production only

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	* logger.error('prod', 'Cedarling init failed:', message) // prod + dev console
	* logger.error('prod', 'Cedarling init failed:', message) // production only

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@admin-ui/app/utils/logger.ts` at line 37, Update the JSDoc example for
logger.error to correctly state that the 'prod' environment outputs to the
production console only (not "prod + dev console"); change the comment on the
example line using logger.error so it reflects the emit logic (see emit handling
around 'emit' and logger.error) and accurately reads that 'prod' targets
production console only.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial | ⚡ Quick win

Remove duplicate UMA deletion logging in the fire-and-forget catch.

The inline comment says deleteUmaResource already logs failures, but this catch logs again. That creates duplicate dev logs and conflicting intent.

Proposed adjustment

-    // deleteUmaResource already logs the failure; swallow the re-thrown rejection
-    // here (fire-and-forget) so it doesn't surface as an unhandled promise.
-    deleteUmaResource(String(selectedUMA.id)).catch((error) => {
-      logger.error('dev', 'UMA resource deletion failed:', error)
-    })
+    // deleteUmaResource already logs the failure; swallow the re-thrown rejection
+    // here (fire-and-forget) so it doesn't surface as an unhandled promise.
+    deleteUmaResource(String(selectedUMA.id)).catch(() => undefined)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// deleteUmaResource already logs the failure; swallow the re-thrown rejection
	// here (fire-and-forget) so it doesn't surface as an unhandled promise.
	deleteUmaResource(String(selectedUMA.id)).catch((error) => {
	logger.error('dev', 'UMA resource deletion failed:', error)
	})
	// deleteUmaResource already logs the failure; swallow the re-thrown rejection
	// here (fire-and-forget) so it doesn't surface as an unhandled promise.
	deleteUmaResource(String(selectedUMA.id)).catch(() => undefined)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@admin-ui/plugins/auth-server/components/OidcClients/components/ClientCibaParUmaPanel.tsx`
around lines 155 - 159, The fire-and-forget catch in ClientCibaParUmaPanel.tsx
duplicates logging because deleteUmaResource already logs failures; remove the
duplicate logger.error from the .catch handler (or replace the .catch body with
an empty swallow) so the promise is still fire-and-forget but not re-logged;
locate the call using deleteUmaResource(String(selectedUMA.id)) and the
logger.error('dev', 'UMA resource deletion failed:', error) invocation and
remove or clear that logger call, leaving the inline comment if you want to keep
the explanation.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Change 'both' to 'dev' to preserve dev-only logging behavior.

This logger call uses 'both' as the audience, which logs in both development and production environments. However, the PR objectives state that "Development-only logging is preserved by mapping previous calls to logger.('dev', ...), which remains gated by isDevelopment, maintaining existing runtime and debugging behavior." The original devLogger was gated by isDevelopment and only logged in development.

Using 'both' changes the logging behavior from dev-only to production, contradicting the stated objective of preserving behavior.

🔧 Proposed fix

-    logger.error('both', 'Failed to fetch SSAs: ' + (error instanceof Error ? error.message : String(error)))
+    logger.error('dev', 'Failed to fetch SSAs: ' + (error instanceof Error ? error.message : String(error)))

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	logger.error('both', 'Failed to fetch SSAs: ' + (error instanceof Error ? error.message : String(error)))
	logger.error('dev', 'Failed to fetch SSAs: ' + (error instanceof Error ? error.message : String(error)))

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@admin-ui/plugins/auth-server/components/Ssa/hooks/useSsaApi.ts` at line 65,
Change the logger audience from 'both' to 'dev' in the error call inside
useSsaApi (the logger.error(...) line) so the SSA fetch failure remains
development-only; locate the logger.error call in
admin-ui/plugins/auth-server/components/Ssa/hooks/useSsaApi.ts and replace the
first argument 'both' with 'dev' to preserve the original isDevelopment-gated
logging behavior.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Change 'both' to 'dev' to preserve dev-only logging behavior.

This logger call uses 'both' as the audience, which expands logging to production. The PR objectives require mapping devLogger calls to logger.('dev', ...) to maintain the existing isDevelopment-gated dev-only behavior.

🔧 Proposed fix

-    logger.error('both', 'Failed to create SSA: ' + (error instanceof Error ? error.message : String(error)))
+    logger.error('dev', 'Failed to create SSA: ' + (error instanceof Error ? error.message : String(error)))

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	logger.error('both', 'Failed to create SSA: ' + (error instanceof Error ? error.message : String(error)))
	logger.error('dev', 'Failed to create SSA: ' + (error instanceof Error ? error.message : String(error)))

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@admin-ui/plugins/auth-server/components/Ssa/hooks/useSsaApi.ts` at line 94,
In useSsaApi.ts update the logger call in the SSA creation error path to use the
dev-only audience: replace logger.error('both', 'Failed to create SSA: ' +
(error instanceof Error ? error.message : String(error))) with a call that
passes 'dev' as the first argument so the message remains gated to development
logging; locate this inside the create SSA error handling in the useSsaApi hook
and change the audience token from 'both' to 'dev'.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Change 'both' to 'dev' to preserve dev-only logging behavior.

This logger call uses 'both' as the audience, which logs in production. The PR objectives state that the migration should preserve behavior by using logger.('dev', ...) to maintain isDevelopment gating.

🔧 Proposed fix

-    logger.error('both', 'Failed to fetch SSA JWT: ' + (error instanceof Error ? error.message : String(error)))
+    logger.error('dev', 'Failed to fetch SSA JWT: ' + (error instanceof Error ? error.message : String(error)))

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	logger.error('both', 'Failed to fetch SSA JWT: ' + (error instanceof Error ? error.message : String(error)))
	logger.error('dev', 'Failed to fetch SSA JWT: ' + (error instanceof Error ? error.message : String(error)))

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@admin-ui/plugins/auth-server/components/Ssa/hooks/useSsaApi.ts` at line 123,
In useSsaApi.ts update the logger call inside the SSA fetch error handling (the
logger.error(...) invocation in the useSsaApi hook) to use the 'dev' audience
instead of 'both' so the message remains development-only; locate the
logger.error('both', 'Failed to fetch SSA JWT: ' + ...) line and change the
first argument to 'dev' preserving the rest of the message and error formatting.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Preserve dev-only audience in migrated error logs.

At Line 37 and Line 70, logger.error('both', ...) broadens logging scope versus prior devLogger behavior. This changes runtime behavior and may leak detailed backend error text to production logs. Use 'dev' here (or explicitly document/approve this policy change in PR scope).

Suggested patch

-    logger.error('both', 'Failed to fetch auth server JSON properties: ' + resolveApiErrorMessage(e as Error))
+    logger.error('dev', 'Failed to fetch auth server JSON properties: ' + resolveApiErrorMessage(e as Error))
...
-    logger.error('both', 'Failed to patch auth server JSON properties: ' + resolveApiErrorMessage(e as Error))
+    logger.error('dev', 'Failed to patch auth server JSON properties: ' + resolveApiErrorMessage(e as Error))

Also applies to: 70-70

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@admin-ui/plugins/auth-server/services/jsonPropertiesService.ts` at line 37,
The error logs in jsonPropertiesService.ts currently call logger.error('both',
...) which expands audience from dev-only to both environments; change both
occurrences to logger.error('dev', ...) so detailed backend error messages
remain dev-only (search for the logger.error('both', 'Failed to fetch auth
server JSON properties: ' + resolveApiErrorMessage(e as Error)) and the second
similar call and replace the 'both' audience with 'dev').