feat(logging): tracing diagnostics with --log-format/--log-level (#51)

[hyperpolymath]

Resolves #51 (V-L3-I1) — replace println! with tracing; add --log-format=json|pretty + --log-level; RUST_LOG fallback.

What changed

• tracing + tracing-subscriber (env-filter, json) deps.
• Global flags --log-format=pretty|json and --log-level (precedence --log-level > RUST_LOG > info), accepted before or after the subcommand.
• Subscriber writes to stderr, so the stdout data contract is preserved: JSON reports (status/gc/validate/doctor/version --json), the human-readable status/gc/validate bodies, the octad table, and the version string remain on stdout verbatim. Only genuine diagnostics (schema parse, file-write progress, "checking drift", "created manifest") became tracing events.
• JSON log schema documented: docs/logging.adoc + machine-readable docs/logging.schema.json.

Acceptance

• tracing wired
• JSON output validates against a documented schema (docs/logging.schema.json; asserted in tests)
• env-var fallback RUST_LOG (with documented --log-level override)

Tests

New tests/logging_test.rs (6, all green): stdout-purity for version --json and octad, JSON-line schema validity, --log-level filtering, --log-level overriding RUST_LOG, default-level info.

Full suite: 107 lib + 9 integration + 6 new logging = green. The single red is the pre-existing failing-by-design provenance_fork_test introduced by #104 and fixed by the open PR #109 (vsm#31) — it is on main, untouched by this branch, and unrelated to logging.

🤖 Generated with Claude Code

[github-actions]

🔍 Hypatia Security Scan

Findings: 21 issues detected

Severity	Count
🔴 Critical	2
🟠 High	8
🟡 Medium	11

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Required file missing",
    "type": "missing",
    "file": "SECURITY.md",
    "action": "create",
    "rule_module": "root_hygiene",
    "severity": "high"
  },
  {
    "reason": "Issue in quality.yml",
    "type": "missing_workflow",
    "file": "quality.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in security-policy.yml",
    "type": "missing_workflow",
    "file": "security-policy.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Action actions/checkout@v4 needs attention",
    "type": "unpinned_action",
    "file": "rust-ci.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action Swatinem/rust-cache@v2 needs attention",
    "type": "unpinned_action",
    "file": "rust-ci.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action actions/checkout@v4 needs attention",
    "type": "unpinned_action",
    "file": "rust-ci.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action dtolnay/rust-toolchain@master needs attention",
    "type": "unpinned_action",
    "file": "rust-ci.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Action Swatinem/rust-cache@v2 needs attention",
    "type": "unpinned_action",
    "file": "rust-ci.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Required file missing (condition: public_repo)",
    "type": "missing_requirement",
    "file": "SECURITY.md",
    "action": "create",
    "rule_module": "cicd_rules",
    "severity": "high"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence