2026-04-02 04:48:32 +00:00
3 changed files with 28 additions and 0 deletions
--- a/docs/pkg/cli/output.md
+++ b/docs/pkg/cli/output.md
@ -280,4 +280,5 @@ cli.LogInfo("server started", "port", 8080)
 cli.LogWarn("slow query", "duration", "3.2s")
 cli.LogError("connection failed", "err", err)
 cli.LogSecurity("login attempt", "user", "admin")
+cli.LogSecurityf("login attempt from %s", username)
 ```
--- a/pkg/cli/log.go
+++ b/pkg/cli/log.go
@ -1,6 +1,8 @@
 package cli

 import (
+	"fmt"
+
 	"forge.lthn.ai/core/go-log"
 )

@ -31,3 +33,10 @@ func LogError(msg string, keyvals ...any) { log.Error(msg, keyvals...) }
 //
 //	cli.LogSecurity("login attempt", "user", "admin")
 func LogSecurity(msg string, keyvals ...any) { log.Security(msg, keyvals...) }
+
+// LogSecurityf logs a formatted security-sensitive message.
+//
+//	cli.LogSecurityf("login attempt from %s", username)
+func LogSecurityf(format string, args ...any) {
+	log.Security(fmt.Sprintf(format, args...))
+}
--- a/pkg/cli/log_test.go
+++ b/pkg/cli/log_test.go
@ -28,3 +28,21 @@ func TestLogSecurity_Good(t *testing.T) {
 		t.Fatalf("expected structured key/value output, got %q", out)
 	}
 }
+
+func TestLogSecurityf_Good(t *testing.T) {
+	var buf bytes.Buffer
+	original := log.Default()
+	t.Cleanup(func() {
+		log.SetDefault(original)
+	})
+
+	logger := log.New(log.Options{Level: log.LevelDebug, Output: &buf})
+	log.SetDefault(logger)
+
+	LogSecurityf("login attempt from %s", "admin")
+
+	out := buf.String()
+	if !strings.Contains(out, "login attempt from admin") {
+		t.Fatalf("expected formatted security log message, got %q", out)
+	}
+}