feat: add cfg-gated diagnostic logs to vault

[Lacastar2000]

Closes #495

Pull Request

Summary

What Changed?

• Feature

• Bug Fix

• Documentation

• Refactor

• Performance Improvement

• Security Enhancement

• Database Migration

• Infrastructure / DevOps

• Test Coverage

Describe the change:

Replace this text with a brief explanation of the implementation and its purpose.

---

Related Issues

Closes #

Fixes #

Related to #

---

Motivation

Describe the business or technical motivation behind this change.

---

Implementation Details

Backend

• New API endpoint(s)

• Existing API modified

• Middleware updated

• Database migration added

• Background job added/updated

• Security monitoring updated

• Soroban integration updated

• OpenAPI specification regenerated

Details:

Describe important implementation details here.

Data Model Changes

Describe any updates to:

• Vaults

• Transactions

• Analytics

• Audit Logs

• Jobs

• Security Metrics

Example:

Added `validatedBy` field to milestone records.

---

API Changes

New Endpoints

Method | Endpoint | Description -- | -- | -- POST | /api/example | Example endpoint

Breaking Changes

• No breaking changes

• Breaking changes included

If breaking changes exist, describe them:

Example:
Renamed field `creatorId` to `creator`.

---

Security Impact

Security Review

• No security impact

• Authentication updated

• Authorization updated

• Rate limiting updated

• Abuse monitoring updated

• Audit logging added

• Sensitive data handling updated

Security notes:

Explain any security implications.

---

Database Changes

Migration Included

• Yes

• No

Migration file(s):

db/migrations/YYYYMMDDHHMMSS_description.cjs

Rollback tested:

• Yes

• No

Commands executed:

npm run migrate:latest
npm run migrate:rollback
npm run migrate:status

---

Background Jobs

Job Queue Changes

• No changes

• New job type

• Retry logic updated

• Dead-letter handling updated

• Scheduler updated

Job types affected:

notification.send
deadline.check
oracle.call
analytics.recompute

---

Soroban / Stellar Impact

• Not applicable

• Contract interaction updated

• New lifecycle method added

• Submission flow updated

• Configuration validation updated

Details:

Describe Soroban-related changes.

---

Testing

Automated Tests

• Unit Tests

• Integration Tests

• API Tests

• Migration Tests

• Security Tests

Commands run:

npm test
npm run lint
npm run openapi:validate

Manual Verification

Describe manual testing performed.

Example:
Created vault with milestones.
Validated milestone as assigned verifier.
Confirmed audit log entry creation.
Verified security health metrics endpoint.

---

OpenAPI Documentation

• Not required

• Specification regenerated

• Documentation updated

Commands:

npm run openapi:generate
npm run openapi:validate

---

Deployment Notes

Environment Variables

New variables:

VARIABLE_NAME=value

Modified variables:

VARIABLE_NAME=new_value

Operational Considerations

• No special deployment requirements

• Requires migration before deployment

• Requires configuration changes

• Requires scheduler restart

• Requires Soroban configuration update

Notes:

Add deployment instructions here.

---

Screenshots / API Responses (Optional)

Example Request

POST /api/vaults

Example Response

{
  "id": "vault_123",
  "status": "active"
}

---

Checklist

Code Quality

• Code follows project conventions

• TypeScript types added/updated

• No unnecessary dependencies introduced

• Lint passes

• Tests pass

Documentation

• README updated (if needed)

• OpenAPI spec updated (if needed)

• Environment variables documented

• Migration documentation updated

Security

• Authorization enforced

• Audit logging included where required

• Sensitive information not logged

• Input validation implemented

Release Readiness

• Ready for review

• Ready for merge

• Requires additional discussion

---

Reviewer Notes

Areas requiring focused review:
- Authorization checks
- Vault lifecycle transitions
- Soroban transaction handling
- Rate limiting logic
- Audit log generation

[drips-wave]

@Lacastar2000 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits