Introduce PII marker for logging sensitive data

Introduce a utility class `LoggingMarkers` providing an SLF4J marker for tagging log entries with Personally Identifiable Information (PII). Update `BeanOutputConverter` to use the `PII_MARKER` in error logs for invalid JSON conversions. Enhance tests to verify PII marker usage in logging.

 - Set Java version dynamically and configure Kotlin compiler

 - Updated Maven configurations to dynamically reference the Java version using `${java.version}`. Added Kotlin compiler settings, including `jvmTarget` alignment with Java version and enabling `javaParameters`. This ensures consistency and better compatibility across builds.

 - Fix log assertion in BeanOutputConverterTest to use Java 17

 - Updated the test to assert log size explicitly before accessing the first log entry. This ensures the test is more robust and avoids potential issues with accessing logs unexpectedly.

 - Use placeholders in logger.error to prevent string concatenation.

 - Replaced string concatenation with a placeholder in the logger.error call to improve performance and maintain consistency with logging best practices. This helps avoid unnecessary overhead when logging is disabled.

 - Update logging markers and improve data classification

 - Replaced `PII_MARKER` with `SENSITIVE_DATA_MARKER`. Introduced `RESTRICTED_DATA_MARKER`, `REGULATED_DATA_MARKER` and `PUBLIC_DATA_MARKER`

 - Updated associated logging logic and tests to reflect these changes.

 - Fix punctuation in Javadoc comments for LoggingMarkers.

 - Added missing periods to improve consistency and clarity in the Javadoc comments. This change ensures proper formatting and adheres to standard writing conventions.

Signed-off-by: Konstantin Pavlov <{ID}+{username}@users.noreply.github.com>

Author: Konstantin Pavlov

pom.xml

@@ -168,8 +168,9 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 		<java.version>17</java.version>
-		<maven.compiler.source>17</maven.compiler.source>
-		<maven.compiler.target>17</maven.compiler.target>
+		<maven.compiler.source>${java.version}</maven.compiler.source>
+		<maven.compiler.target>${java.version}</maven.compiler.target>
+		<kotlin.compiler.jvmTarget>${java.version}</kotlin.compiler.jvmTarget>
 
 		<!-- production dependencies -->
 		<spring-boot.version>3.3.6</spring-boot.version>
@@ -344,6 +345,10 @@
 				<groupId>org.jetbrains.kotlin</groupId>
 				<artifactId>kotlin-maven-plugin</artifactId>
 				<version>${kotlin.version}</version>
+				<configuration>
+					<jvmTarget>${java.version}</jvmTarget>
+					<javaParameters>true</javaParameters>
+				</configuration>
 				<executions>
 					<execution>
 						<id>compile</id>

spring-ai-core/src/main/java/org/springframework/ai/converter/BeanOutputConverter.java

@@ -41,6 +41,8 @@
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.lang.NonNull;
 
+import static org.springframework.ai.util.LoggingMarkers.SENSITIVE_DATA_MARKER;
+
 /**
  * An implementation of {@link StructuredOutputConverter} that transforms the LLM output
  * to a specific object type using JSON schema. This converter works by generating a JSON
@@ -143,7 +145,7 @@ private void generateSchema() {
 			this.jsonSchema = objectWriter.writeValueAsString(jsonNode);
 		}
 		catch (JsonProcessingException e) {
-			logger.error("Could not pretty print json schema for jsonNode: " + jsonNode);
+			logger.error("Could not pretty print json schema for jsonNode: {}", jsonNode);
 			throw new RuntimeException("Could not pretty print json schema for " + this.type, e);
 		}
 	}
@@ -180,7 +182,8 @@ public T convert(@NonNull String text) {
 			return (T) this.objectMapper.readValue(text, this.objectMapper.constructType(this.type));
 		}
 		catch (JsonProcessingException e) {
-			logger.error("Could not parse the given text to the desired target type:" + text + " into " + this.type);
+			logger.error(SENSITIVE_DATA_MARKER,
+					"Could not parse the given text to the desired target type: \"{}\" into {}", text, this.type);
 			throw new RuntimeException(e);
 		}
 	}

spring-ai-core/src/main/java/org/springframework/ai/util/LoggingMarkers.java

@@ -0,0 +1,87 @@
+/*
+ * Copyright 2025-2025 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.ai.util;
+
+import org.slf4j.Marker;
+import org.slf4j.MarkerFactory;
+
+/**
+ * Utility class that provides predefined SLF4J {@link Marker} instances used in logging
+ * operations within the application. <br>
+ * This class is not intended to be instantiated, but is open for extension.
+ *
+ * @author Konstantin Pavlov
+ */
+public class LoggingMarkers {
+
+	/**
+	 * Marker used to identify log statements associated with <strong>sensitive
+	 * data</strong>, such as:
+	 * <ul>
+	 * <li>Internal business information</li>
+	 * <li>Employee data</li>
+	 * <li>Customer non-regulated data</li>
+	 * <li>Business processes and logic</li>
+	 * <li>etc.</li>
+	 * </ul>
+	 * Typically, logging this information should be avoided.
+	 */
+	public static final Marker SENSITIVE_DATA_MARKER = MarkerFactory.getMarker("SENSITIVE");
+
+	/**
+	 * Marker used to identify log statements associated with <strong>restricted
+	 * data</strong>, such as:
+	 * <ul>
+	 * <li>Authentication credentials</li>
+	 * <li>Keys and secrets</li>
+	 * <li>Core intellectual property</li>
+	 * <li>Critical security configs</li>
+	 * <li>Trade secrets</li>
+	 * <li>etc.</li>
+	 * </ul>
+	 * Logging of such information is usually prohibited in any circumstances.
+	 */
+	public static final Marker RESTRICTED_DATA_MARKER = MarkerFactory.getMarker("RESTRICTED");
+
+	/**
+	 * Marker used to identify log statements associated with <strong>regulated
+	 * data</strong>, such as:
+	 * <ul>
+	 * <li>PCI (credit card data)</li>
+	 * <li>PHI (health information)</li>
+	 * <li>PII (personally identifiable info)</li>
+	 * <li>Financial records</li>
+	 * <li>Compliance-controlled data</li>
+	 * <li>etc.</li>
+	 * </ul>
+	 * Logging of such information should be avoided.
+	 */
+	public static final Marker REGULATED_DATA_MARKER = MarkerFactory.getMarker("REGULATED");
+
+	/**
+	 * Marker used to identify log statements associated with <strong>public
+	 * data</strong>, such as:
+	 * <ul>
+	 * <li>Public documentation</li>
+	 * <li>Marketing materials</li>
+	 * <li>etc.</li>
+	 * </ul>
+	 * There are no restriction for logging such information.
+	 */
+	public static final Marker PUBLIC_DATA_MARKER = MarkerFactory.getMarker("PUBLIC");
+
+}

spring-ai-core/src/test/java/org/springframework/ai/converter/BeanOutputConverterTest.java

@@ -16,38 +16,58 @@
 
 package org.springframework.ai.converter;
 
-import java.time.LocalDate;
-import java.util.ArrayList;
-import java.util.List;
-
+import ch.qos.logback.classic.Logger;
+import ch.qos.logback.classic.spi.ILoggingEvent;
+import ch.qos.logback.core.read.ListAppender;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonPropertyDescription;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
+import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
-
+import org.slf4j.LoggerFactory;
 import org.springframework.core.ParameterizedTypeReference;
 
+import java.time.LocalDate;
+import java.util.ArrayList;
+import java.util.List;
+
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.springframework.ai.util.LoggingMarkers.SENSITIVE_DATA_MARKER;
 
 /**
  * @author Sebastian Ullrich
  * @author Kirk Lund
  * @author Christian Tzolov
  * @author Soby Chacko
+ * @author Konstantin Pavlov
  */
 @ExtendWith(MockitoExtension.class)
 class BeanOutputConverterTest {
 
+	private ListAppender<ILoggingEvent> logAppender;
+
 	@Mock
 	private ObjectMapper objectMapperMock;
 
+	@BeforeEach
+	void beforeEach() {
+
+		var logger = (Logger) LoggerFactory.getLogger(BeanOutputConverter.class);
+
+		logAppender = new ListAppender<>();
+		logAppender.start();
+		logger.addAppender(logAppender);
+	}
+
 	@Test
 	void shouldHavePreConfiguredDefaultObjectMapper() {
 		var converter = new BeanOutputConverter<>(new ParameterizedTypeReference<TestClass>() {
@@ -135,6 +155,19 @@ void convertClassType() {
 			assertThat(testClass.getSomeString()).isEqualTo("some value");
 		}
 
+		@Test
+		void failToConvertInvalidJson() {
+			var converter = new BeanOutputConverter<>(TestClass.class);
+			assertThatThrownBy(() -> converter.convert("{invalid json")).hasCauseInstanceOf(JsonParseException.class);
+			assertThat(logAppender.list).hasSize(1);
+			final var loggingEvent = logAppender.list.get(0);
+			assertThat(loggingEvent.getFormattedMessage())
+				.isEqualTo("Could not parse the given text to the desired target type: \"{invalid json\" into "
+						+ TestClass.class);
+
+			assertThat(loggingEvent.getMarkerList()).contains(SENSITIVE_DATA_MARKER);
+		}
+
 		@Test
 		void convertClassWithDateType() {
 			var converter = new BeanOutputConverter<>(TestClassWithDateProperty.class);

spring-ai-docs/src/main/antora/modules/ROOT/pages/contribution-guidelines.adoc

@@ -30,6 +30,7 @@ you'll need to develop a low-level client API class. This often involves utilizi
 Ensure your client conforms to the link:https://docs.spring.io/spring-ai/reference/api/generic-model.html[Generic Model API].
 Use existing request and response classes if your model's inputs and outputs are supported.
 If not, create new classes for the Generic Model API and establish a new Java package.
+When logging Personally Identifiable Information (PII), mark it with https://github.com/spring-projects/spring-ai/tree/main/spring-ai-core/src/main/java/org/springframework/ai/util/LoggingMarkers.java[`PII_MARKER`] Slf4j marker.
 
 . *Implement Auto-Configuration and a Spring Boot Starter*: This step involves creating the
 necessary auto-configuration and Spring Boot Starter to easily instantiate the new model with