ronniegeraghty/logging-conventions
.agents/skills/logging-conventions/SKILL.md
slog usage, no third-party logging
$ install --global
skillsauthnpx skillsauth add ronniegeraghty/hyoka logging-conventionsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 5:47 PM6.4s1 file scanned
SKILL.md
- name:
- logging-conventions
- description:
- slog usage, no third-party logging
- domain:
- quality
- confidence:
- high
- source:
- hyoka/internal/logging/logging.go, all internal packages
Context
Hyoka uses Go's standard log/slog package (available since Go 1.21). No third-party logging libraries are used. Logging follows a simple hierarchy: diagnostic logs go to slog, user-facing output goes to stdout/stderr.
slog Basics
import "log/slog"
// Debug: development/troubleshooting info
slog.Debug("Session started", "session_id", sessID, "model", model)
// Info: important events users might care about
slog.Info("Evaluation complete", "prompt_id", id, "duration_s", elapsed)
// Warn: recoverable issues (grader timeout, build skipped)
slog.Warn("Grader timeout", "grader_name", name, "duration_s", 30)
// Error: problems that don't stop evaluation (reviewer model unavailable)
slog.Error("Failed to load skill", "path", p, "error", err)
Initialization
slog is typically initialized in main() or in the logging package:
// main.go or logging.go
package main
import (
"log/slog"
"os"
)
func init() {
// Default: JSON output to stderr
handler := slog.NewJSONHandler(os.Stderr, nil)
slog.SetDefault(slog.New(handler))
}
Log Levels
Control verbosity with --log-level flag:
go run ./hyoka run --prompt-id ... --log-level debug # Very verbose
go run ./hyoka run --prompt-id ... --log-level info # Important events
go run ./hyoka run --prompt-id ... --log-level warn # Warnings only
Mapping (from least to most verbose):
- ERROR — Errors only
- WARN — Warnings + errors
- INFO — Important events + warnings + errors
- DEBUG — Development diagnostics + everything else
Structured Attributes
Always use key-value pairs, not formatted strings:
✓ Correct:
slog.Info("Evaluation started",
"prompt_id", promptID,
"config", configName,
"model", model,
)
✗ Incorrect:
slog.Info(fmt.Sprintf("Evaluation %s with config %s using model %s",
promptID, configName, model))
Structured attributes enable filtering and aggregation in log analysis tools.
Logging Pattern: Errors
Always log at the point where you can provide context:
// Load config
cfg, err := loadConfig(cfgPath)
if err != nil {
// Log with context
slog.Error("Failed to load config",
"path", cfgPath,
"error", err,
)
return err
}
// Process config (no logging here — error means we already logged above)
if err := processConfig(cfg); err != nil {
slog.Error("Failed to process config",
"config_name", cfg.Name,
"error", err,
)
return err
}
Logging Pattern: Lifecycle Events
Use Info for important milestones:
func (e *Engine) Run(ctx context.Context, prompt *Prompt, cfg *Config) (*Result, error) {
slog.Info("Evaluation starting",
"prompt_id", prompt.ID,
"config", cfg.Name,
)
defer func(start time.Time) {
duration := time.Since(start)
slog.Info("Evaluation complete",
"prompt_id", prompt.ID,
"duration_s", duration.Seconds(),
)
}(time.Now())
// ... evaluation logic
}
Logging Pattern: Debug Traces
Use Debug for developer troubleshooting:
// generation phase
slog.Debug("Copilot session created",
"session_id", sess.ID(),
"model", cfg.Generator.Model,
)
slog.Debug("Action captured",
"type", action.Type,
"tool", action.Tool,
"duration_ms", action.DurationMs,
)
// review phase
slog.Debug("Review panel score",
"reviewer_model", model,
"score", score,
)
Log File Output
When --log-file is specified, slog output is both written to the file and echoed to stderr:
go run ./hyoka run ... --log-file hyoka-debug.log
The file captures full debug output; users see warnings and errors in console.
slog Configuration (if needed)
For custom output formatting:
import (
"log/slog"
"os"
)
// Text format (instead of JSON)
handler := slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
Level: slog.LevelDebug,
})
slog.SetDefault(slog.New(handler))
// Or with pretty-printing
handler := slog.NewTextHandler(os.Stderr, &slog.HandlerOptions{
Level: slog.LevelDebug,
AddSource: true, // Include file:line
})
Anti-Patterns
- Logging errors AND returning them with same context (return once, log once)
- Using
log.Printforfmt.Printffor diagnostic output (use slog) - Logging user output (progress, results) — write to stdout directly
- String formatting in log arguments (use structured attributes)
- Logging secrets or sensitive data
slog.Error()for non-critical issues (useslog.Warn())
Related Code Locations
- slog setup:
hyoka/internal/logging/logging.go - CLI log-level flag:
hyoka/cmd/root.go - Example logging patterns:
hyoka/internal/eval/engine.go
Related Skills
ronniegeraghty/sdk-version-check
development
VerifiedTrustedCommunity
Identifies Azure SDK packages in generated code and checks whether they are the latest available versions. Use during code review to catch outdated dependencies.
1SKILL.mdUpdated Apr 16, 2026
ronniegeraghty/reviewer-build
development
VerifiedTrustedCommunity
Sets up build environments for generated Azure SDK code samples and attempts to compile/build without modifying generated files. Use during review to verify code compiles correctly.
1SKILL.mdUpdated Apr 16, 2026
ronniegeraghty/skills/reviewer/java-sdk-validation
development
VerifiedTrustedCommunity
# Java SDK Validation Skill You are a **Java Azure SDK validation reviewer** for generated code samples. Your job is to check whether generated Java code follows modern Azure SDK for Java conventions and flag violations of common anti-patterns that LLMs frequently produce. ## Rules 1. **NEVER modify generated code.** You are evaluating, not fixing. 2. Report all findings honestly — pass or fail with specific evidence. 3. Check every rule below. A single violation in a category means that cate
1SKILL.mdUpdated Apr 16, 2026
ronniegeraghty/code-review-comments
development
VerifiedTrustedCommunity
Reads generated Azure SDK code files and adds inline review comments without changing any actual code. Use during code review to annotate quality issues, best practices, and suggestions.
1SKILL.mdUpdated Apr 16, 2026