feat(http): add http.client.log for logging outgoing HTTP requests

[reinkrul]

Summary

Adds a configurable log level for outgoing HTTP requests/responses made by the node, mirroring the existing http.log (which logs incoming/server-side traffic). Reuses the existing http.LogLevel enum and defaults to nothing (no change in behavior unless explicitly enabled).

New config option http.client.log:

Level	Behavior
nothing (default)	No client logging
metadata	Logs request method, URI, response status
metadata-and-body	Above + request/response bodies (loggable content types only)

At debug verbosity, request headers are also logged.

How it works

• Wired up in http.configureClient() via a client.RequestLogger hook on the http/client package (same injection pattern as client.StrictMode).
• The logging decision is read at request time, not when the client is created. This matters because the HTTP engine is configured last, while other engines (e.g. auth's OpenID4VCI client) build their HTTP clients earlier. A construction-time check would miss those clients entirely. getTransport now always installs a thin loggingTransport indirection that consults RequestLogger per request.
• Body logging reuses the existing isLoggableContentType filter (JSON-family content types), so binary payloads aren't dumped.

Notes

• Body content-type filter only logs application/json, application/did+json, application/vc+json, application/x-www-form-urlencoded.
• A non-2xx response is logged as a normal request + response with the error status — not as a transport failure. The HTTP client request failed line only appears for connection-level errors (refused/TLS/timeout/strict-mode rejection).

Out of scope (flagged, not changed)

The server-side request logger checks logger.Level >= logrus.DebugLevel on a *logrus.Entry (http/requestlogger.go). Entry.Level is always 0 (panic level), so that "log headers at debug" path is effectively dead. The new client logger uses the correct logger.Logger.Level. Server-side left untouched to keep this diff tight; worth a follow-up.

Tests

• clientlogger_test.go — metadata-only, metadata-and-body, non-loggable content type, debug headers, transport error.
• client_test.go — regression: client created before RequestLogger is set still logs.
• engine_test.go — configureClient wiring per level.

Assisted by AI

[qltysh]

0 new issues

Tool	Category	Rule	Count

[qltysh]

Coverage Impact

⬆️ Merging this pull request will increase total coverage on master by 0.03%.

Modified Files with Diff Coverage (5)

Rating	File	% Diff	Uncovered Line #s
	http/engine.go	100.0%
	http/cmd/cmd.go	100.0%
	http/config.go	100.0%
	http/client/client.go	100.0%
	http/clientlogger.go	91.5%	58-59, 84-85
	Total	94.0%

🤖 Increase coverage with AI coding...

In the `feature/http-client-logging` branch, add test coverage for this new code:

- `http/clientlogger.go` -- Lines 58-59 and 84-85

🚦 See full report on Qlty Cloud »

🛟 Help

• Diff Coverage: Coverage for added or modified lines of code (excludes deleted files). Learn more.

• Total Coverage: Coverage for the whole repository, calculated as the sum of all File Coverage. Learn more.

• File Coverage: Covered Lines divided by Covered Lines plus Missed Lines. (Excludes non-executable lines including blank lines and comments.)

  • Indirect Changes: Changes to File Coverage for files that were not modified in this PR. Learn more.