# Specification - Full Logging Implementation

## Overview
Implement a centralized, structured logging system for the Jomblo Online Shop to improve observability, debugging, and audit trails. The system will use **Pino** as the core logging engine with **pino-postgres** for database persistence, optimized for the Next.js environment.

## Functional Requirements
- **Logging Framework:** Integrate `pino` for high-performance, structured (JSON) logging.
- **Persistence:** Use `pino-postgres` to stream logs into a dedicated `system_logs` table in the PostgreSQL database.
- **Log Levels:** Focus on `WARN` and `ERROR` levels for persistent storage, with `INFO` available for console output in development.
- **Automatic Metadata Injection:**
    - **Request Correlation:** Automatically include a `requestId` for all logs using **AsyncLocalStorage** to ensure correlation without manual argument passing.
    - **User Context:** Include `userId` (UUID) only. Emails and other PII are strictly excluded from logs to minimize liability.
- **Security & Privacy:**
    - Implement automatic redaction for sensitive keys (e.g., `password`, `token`, `secret`, `creditCard`).
    - Use a global redaction configuration in Pino to ensure a "fail-safe" approach.

## Technical Details
- **Library:** `pino`, `pino-postgres`
- **Context Management:** `AsyncLocalStorage` (Node.js builtin) for request-scoped metadata.
- **Output Format:** JSON
- **Database Table:** `system_logs` (Columns: `id`, `level`, `time`, `msg`, `pid`, `hostname`, `requestId`, `userId`, `payload`)

## Acceptance Criteria
1.  All system errors are captured and logged with `ERROR` level.
2.  Logs are successfully written to the PostgreSQL database via `pino-postgres`.
3.  Each log entry includes a unique `requestId` automatically via `AsyncLocalStorage`.
4.  **Redaction Fail-safe:** Unit tests MUST verify that passing a raw `password` field to the logger results in the string `[REDACTED]` being written, regardless of developer implementation.
5.  Unit tests verify that the logger correctly handles different levels and metadata.

## Out of Scope
- Integration with external log management services (Sentry, Datadog, etc.).
- Log rotation logic (handled by database maintenance).
- Real-time log dashboard UI (direct SQL queries or DB tools will be used initially).