Introduce PII marker for logging sensitive data

Introduce a utility class `LoggingMarkers` providing an SLF4J marker for tagging log entries with Personally Identifiable Information (PII). Update `BeanOutputConverter` to use the `PII_MARKER` in error logs for invalid JSON conversions. Enhance tests to verify PII marker usage in logging.

Signed-off-by: Konstantin Pavlov <{ID}+{username}@users.noreply.github.com>

Author: Konstantin Pavlov

spring-ai-core/src/main/java/org/springframework/ai/converter/BeanOutputConverter.java

@@ -41,6 +41,8 @@
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.lang.NonNull;
 
+import static org.springframework.ai.util.LoggingMarkers.PII_MARKER;
+
 /**
  * An implementation of {@link StructuredOutputConverter} that transforms the LLM output
  * to a specific object type using JSON schema. This converter works by generating a JSON
@@ -180,7 +182,8 @@ public T convert(@NonNull String text) {
 			return (T) this.objectMapper.readValue(text, this.objectMapper.constructType(this.type));
 		}
 		catch (JsonProcessingException e) {
-			logger.error("Could not parse the given text to the desired target type:" + text + " into " + this.type);
+			logger.error(PII_MARKER,
+					"Could not parse the given text to the desired target type:" + text + " into " + this.type);
 			throw new RuntimeException(e);
 		}
 	}

spring-ai-core/src/main/java/org/springframework/ai/util/LoggingMarkers.java

@@ -0,0 +1,25 @@
+package org.springframework.ai.util;
+
+import org.slf4j.Marker;
+import org.slf4j.MarkerFactory;
+
+/**
+ * Utility class that provides predefined SLF4J {@link Marker} instances used in logging
+ * operations within the application. <br>
+ * This class is not intended to be instantiated.
+ */
+public class LoggingMarkers {
+
+	/**
+	 * Marker instance representing Personally Identifiable Information (PII) used in
+	 * logging operations to classify or tag log entries for sensitive data. This can be
+	 * utilized to allow selective filtering, handling, or analysis of log messages
+	 * containing PII.
+	 */
+	public static final Marker PII_MARKER = MarkerFactory.getMarker("PII");
+
+	private LoggingMarkers() {
+		// Prevent instantiation of this utility class
+	}
+
+}

spring-ai-core/src/test/java/org/springframework/ai/converter/BeanOutputConverterTest.java

@@ -16,25 +16,32 @@
 
 package org.springframework.ai.converter;
 
-import java.time.LocalDate;
-import java.util.ArrayList;
-import java.util.List;
-
+import ch.qos.logback.classic.Logger;
+import ch.qos.logback.classic.spi.ILoggingEvent;
+import ch.qos.logback.core.read.ListAppender;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonPropertyDescription;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
-
+import org.slf4j.LoggerFactory;
 import org.springframework.core.ParameterizedTypeReference;
 
+import java.time.LocalDate;
+import java.util.ArrayList;
+import java.util.List;
+
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.springframework.ai.util.LoggingMarkers.PII_MARKER;
 
 /**
  * @author Sebastian Ullrich
@@ -45,9 +52,21 @@
 @ExtendWith(MockitoExtension.class)
 class BeanOutputConverterTest {
 
+	private ListAppender<ILoggingEvent> logAppender;
+
 	@Mock
 	private ObjectMapper objectMapperMock;
 
+	@BeforeEach
+	void beforeEach() {
+
+		var logger = (Logger) LoggerFactory.getLogger(BeanOutputConverter.class);
+
+		logAppender = new ListAppender<>();
+		logAppender.start();
+		logger.addAppender(logAppender);
+	}
+
 	@Test
 	void shouldHavePreConfiguredDefaultObjectMapper() {
 		var converter = new BeanOutputConverter<>(new ParameterizedTypeReference<TestClass>() {
@@ -135,6 +154,16 @@ void convertClassType() {
 			assertThat(testClass.getSomeString()).isEqualTo("some value");
 		}
 
+		@Test
+		void failToConvertInvalidJson() {
+			var converter = new BeanOutputConverter<>(TestClass.class);
+			assertThatThrownBy(() -> converter.convert("{invalid json")).hasCauseInstanceOf(JsonParseException.class);
+			final var loggingEvent = logAppender.list.getFirst();
+			assertThat(loggingEvent.getMessage()).isEqualTo(
+					"Could not parse the given text to the desired target type:{invalid json into " + TestClass.class);
+			assertThat(loggingEvent.getMarkerList()).contains(PII_MARKER);
+		}
+
 		@Test
 		void convertClassWithDateType() {
 			var converter = new BeanOutputConverter<>(TestClassWithDateProperty.class);

spring-ai-docs/src/main/antora/modules/ROOT/pages/contribution-guidelines.adoc

@@ -30,6 +30,7 @@ you'll need to develop a low-level client API class. This often involves utilizi
 Ensure your client conforms to the link:https://docs.spring.io/spring-ai/reference/api/generic-model.html[Generic Model API].
 Use existing request and response classes if your model's inputs and outputs are supported.
 If not, create new classes for the Generic Model API and establish a new Java package.
+Be careful with logging Personally Identifiable Information (PII), mark it with https://github.com/spring-projects/spring-ai/tree/main/spring-ai-core/src/main/java/org/springframework/ai/util/LoggingMarkers.java[`PII_MARKER`] Slf4j marker.
 
 . *Implement Auto-Configuration and a Spring Boot Starter*: This step involves creating the
 necessary auto-configuration and Spring Boot Starter to easily instantiate the new model with