OnTime logs must be safe by default. Release builds must not write tokens, authorization headers, request bodies, response bodies, personal schedule payloads, or full alarm launch payloads to device logs.
- Use
AppLoggerfor new diagnostics. AppLoggeronly emits logs in debug builds.- Pass structured maps through
AppLogger.redactValueorAppLogger.redactMapbefore including them in messages. - Do not log request bodies, response bodies, OAuth values, FCM tokens, authorization headers, refresh tokens, schedule names, notes, or alarm payloads.
- If a token-related event needs diagnostics, log that the event happened and
optionally include a redacted token length through
AppLogger.redactToken. main()disables FlutterdebugPrintin non-debug builds to prevent older debug diagnostics from leaking in release.
- Dio request and response logs may include method, redacted URL, status code, redacted headers, redacted query parameters, and body runtime type.
- Dio logs must not include serialized request bodies or response data.
- Add new sensitive header or parameter names to
AppLoggerredaction before logging them.
- Android native alarm diagnostics must use
NativeLog, which emits only in debug builds. - iOS native alarm diagnostics must be wrapped in
#if DEBUG. - Never log full
Intentextras, AlarmKit encoded payloads, schedule titles, notification bodies, or launch URLs in release builds.
Redaction behavior is covered by test/core/logging/app_logger_test.dart.
When adding a new sensitive key pattern, add or update a redaction test.