feat(libs/Logging): add logging library, integrate datadog, replace it in webapp

Author: aweiss-dev

.github/copilot-instructions.md

@@ -11,6 +11,8 @@ apps/
 │   └── app-config/   # Webapp configuration
 └── server/           # Node.js/Express backend API
     └── src/          # Server source code
+libraries/            # Shared libraries
+└── Logger/           # Unified logging library
 docs/                 # Project documentation
 package.json          # Root dependencies (use yarn commands)
 ```
@@ -44,32 +46,25 @@ Use these exact formats:
 
 ALWAYS verify these items in EVERY PR:
 
-✓ Input validation and sanitization
-✓ API response validation and error handling
-✓ No dangerouslySetInnerHTML without sanitization
-✓ No hardcoded secrets, tokens, or API keys
-✓ Safe URL handling and redirect validation
-✓ Proper authentication and authorization
+✓ Input validation and sanitization ✓ API response validation and error handling ✓ No dangerouslySetInnerHTML without sanitization ✓ No hardcoded secrets, tokens, or API keys ✓ Safe URL handling and redirect validation ✓ Proper authentication and authorization
 
 ## ACCESSIBILITY CHECKLIST
 
 For UI changes in apps/webapp/src/:
 
-✓ Keyboard navigation (Tab, Enter, Space, Escape, Arrow keys)
-✓ Focus management (visible focus, proper trapping in modals)
-✓ ARIA labels and roles (icon buttons need action-focused labels)
-✓ Form accessibility (labels tied to inputs, error descriptions)
-✓ Screen reader support (aria-live for dynamic content)
+✓ Keyboard navigation (Tab, Enter, Space, Escape, Arrow keys) ✓ Focus management (visible focus, proper trapping in modals) ✓ ARIA labels and roles (icon buttons need action-focused labels) ✓ Form accessibility (labels tied to inputs, error descriptions) ✓ Screen reader support (aria-live for dynamic content)
 
 ## REVIEW SCOPE
 
 REVIEW these files:
+
 - Security: All code changes (especially APIs and user input)
-- Accessibility: apps/webapp/src/**/*
-- TypeScript: apps/**/*.{ts,tsx}
-- React: apps/webapp/src/**/*.{tsx,jsx}
+- Accessibility: apps/webapp/src/\*_/_
+- TypeScript: apps/\*_/_.{ts,tsx}
+- React: apps/webapp/src/\*_/_.{tsx,jsx}
 
 DO NOT REVIEW:
+
 - Code formatting (handled by prettier/eslint)
 - Import ordering (automated)
 - Trivial naming preferences
@@ -81,29 +76,34 @@ DO NOT REVIEW:
 
 ## SPECIALIZED INSTRUCTION FILES
 
-- Security: .github/instructions/security.instructions.md (apps/**/*)
-- Accessibility: .github/instructions/accessibility.instructions.md (apps/webapp/src/**/*)
-- React: .github/instructions/react.instructions.md (apps/webapp/src/**/*.{tsx,jsx})
-- TypeScript: .github/instructions/typescript.instructions.md (apps/**/*.{ts,tsx})
+- Security: .github/instructions/security.instructions.md (apps/\*_/_)
+- Accessibility: .github/instructions/accessibility.instructions.md (apps/webapp/src/\*_/_)
+- React: .github/instructions/react.instructions.md (apps/webapp/src/\*_/_.{tsx,jsx})
+- TypeScript: .github/instructions/typescript.instructions.md (apps/\*_/_.{ts,tsx})
 
 ## Pull Request Review Process
 
 ### When Reviewing PRs
+
 **Your Approach:**
+
 1. Review only the code changes shown in the diff
 2. Focus on security, accessibility, and critical functionality
 3. Use clear severity levels in comments
 4. Provide specific, actionable feedback with code examples when helpful
 
 ### Comment Guidelines
+
 **Format each comment with:**
+
 - Severity level: **[Blocker]**, **[Important]**, or **[Suggestion]**
 - File location and line numbers
 - Clear explanation of the issue
 - Specific fix suggestion when appropriate
 
 **Example:**
-```
+
+````
 **[Blocker]** - Security vulnerability in authentication.ts:45
 
 The password validation logic allows empty strings. This could allow unauthorized access.
@@ -113,7 +113,8 @@ The password validation logic allows empty strings. This could allow unauthorize
 if (!password || password.trim().length === 0) {
   throw new Error('Password cannot be empty');
 }
-```
+````
+
 ```
 
 ### Security Review Checklist
@@ -151,3 +152,4 @@ When new dependencies are added:
 - Any **[Blocker]** issues exist
 - Critical security vulnerabilities are found
 - Essential accessibility features are missing
+```

.github/dependabot.yml

@@ -63,6 +63,21 @@ updates:
       - dependency-name: 'typescript'
       - dependency-name: '@types/node'
 
+  # Logger library dependencies
+  - package-ecosystem: npm
+    directory: '/libraries/Logger'
+    schedule:
+      interval: weekly
+      day: sunday
+      time: '16:00'
+      timezone: 'Europe/Berlin'
+    open-pull-requests-limit: 99
+    labels:
+      - 'type: chore 🧹'
+    ignore:
+      - dependency-name: 'typescript'
+      - dependency-name: '@types/node'
+
   # Github actions
   - package-ecosystem: 'github-actions'
     directory: '/'

.github/labeler.yml

@@ -39,6 +39,9 @@
     - 'apps/server/.*'
 
 # Libraries
+'lib: logger':
+  files:
+    - 'libraries/Logger/.*'
 
 # Components
 'comp: calling':

.github/workflows/release-libraries.yml

@@ -0,0 +1,121 @@
+name: Release Libraries
+
+on:
+  push:
+    branches: [main, dev]
+    paths:
+      - 'libraries/**'
+  workflow_dispatch:
+    inputs:
+      force_publish:
+        description: 'Force publish?'
+        required: true
+        default: false
+        type: boolean
+
+permissions:
+  id-token: write # Required for NPM Trusted Publishing
+  contents: write # Required for creating tags and releases
+
+jobs:
+  release_libraries:
+    runs-on: ubuntu-latest
+    env:
+      COMMITTER: ${{ github.triggering_actor || github.actor }}
+      COMMIT_URL: ${{ github.event.head_commit.url || format('{0}/{1}', github.server_url, github.repository) }}
+      FORCE_PUBLISH: ${{ github.event.inputs.force_publish || false }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set environment variables
+        run: |
+          echo "BRANCH_NAME=$(git branch --show-current)" >> $GITHUB_ENV
+          echo "TAG=$(git tag --points-at ${{github.sha}})" >> $GITHUB_ENV
+          echo "COMMIT_MESSAGE=$(git log --format=%B -n 1 ${{github.sha}} | head -n 1)" >> $GITHUB_ENV
+
+      - name: Set TITLE
+        env:
+          PR_TITLE: ${{github.event.pull_request.title || env.COMMIT_MESSAGE}}
+        run: echo "TITLE=$PR_TITLE" >> $GITHUB_ENV
+
+      - name: Print environment variables
+        run: |
+          echo -e "BRANCH_NAME = ${BRANCH_NAME}"
+          echo -e "TAG = ${TAG}"
+          echo -e "TITLE = ${TITLE}"
+          echo -e "COMMIT_MESSAGE = ${COMMIT_MESSAGE}"
+          echo -e "COMMIT_URL = ${COMMIT_URL}"
+          echo -e "COMMITTER = ${COMMITTER}"
+          echo -e "FORCE_PUBLISH = ${FORCE_PUBLISH}"
+
+      - name: Validate branch
+        if: github.event_name == 'workflow_dispatch' && env.FORCE_PUBLISH == 'true'
+        run: |
+          echo "Validating branch (${BRANCH_NAME})..."
+
+          # Only allow manual publish from main
+          if [[ "${BRANCH_NAME}" != "main" ]]; then
+            echo "Error: Manual publish is only allowed from 'main' branch (got '${BRANCH_NAME}')."
+            exit 1
+          fi
+
+          echo "Branch validation passed ✅"
+
+      - name: Skip CI
+        if: |
+          contains(env.TITLE || env.COMMIT_MESSAGE, '[skip ci]') ||
+          contains(env.TITLE || env.COMMIT_MESSAGE, '[ci skip]')
+        uses: andymckay/cancel-action@0.4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version-file: '.nvmrc'
+          cache: 'yarn'
+          registry-url: 'https://registry.npmjs.org'
+
+      - name: Install JS dependencies
+        run: yarn --immutable
+
+      - name: Build libraries
+        run: yarn nx run-many -t build --projects=libraries/*
+
+      - name: Test libraries
+        run: yarn nx run-many -t test --projects=libraries/*
+
+      - name: Configure git user
+        run: |
+          git config --global user.name "${GITHUB_ACTOR}"
+          git config --global user.email "${GITHUB_ACTOR_ID}+${GITHUB_ACTOR}@users.noreply.github.com"
+
+      # Automatic release on main (push / merge)
+      - name: Release libraries (Trusted Publishing)
+        if: |
+          env.BRANCH_NAME == 'main' &&
+          github.event_name != 'workflow_dispatch'
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: yarn release:libs
+
+      # Manual force publish on main via "Run workflow" button
+      - name: Manual force publish libraries (Trusted Publishing)
+        if: |
+          env.BRANCH_NAME == 'main' &&
+          github.event_name == 'workflow_dispatch' &&
+          env.FORCE_PUBLISH == 'true'
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+        run: yarn release:libs
+
+      - name: Notify CI error
+        if: failure() && github.event_name != 'pull_request'
+        uses: wireapp/github-action-wire-messenger@v2.0.0
+        with:
+          email: ${{secrets.WIRE_EMAIL}}
+          password: ${{secrets.WIRE_PASSWORD}}
+          conversation: 'b2cc7120-4154-4be4-b0c0-45a8c361c4d1'
+          text: '🔴 Library release failed! ${{env.COMMITTER}} on "${{env.BRANCH_NAME}}" branch with [${{env.TITLE}}](${{env.COMMIT_URL}})'

.gitignore

@@ -3,6 +3,7 @@
 .DS_Store
 .idea
 .vscode
+/plans
 /config
 /coverage
 /keys

.prettierignore

@@ -1,5 +1,6 @@
 apps/webapp/src/i18n/
 .vscode/
+/charts
 /config
 /docs/auth-coverage
 /docs/coverage

README.md

@@ -153,6 +153,38 @@ Once translations are uploaded on Crowdin, our (and external) translators can tr
 1. Approve translation on Crowdin
 1. Run `yarn translate:download`
 
+## Documentation
+
+- [Adding New Projects](./docs/adding-new-projects.md) - Guide for adding libraries or applications to the monorepo
+- [Architecture Decision Records (ADRs)](./docs/ADRs/intro.md) - Historical context for architectural decisions
+  - [Nx Monorepo Migration](./docs/ADRs/2025-12-29-nx-monorepo-migration.md)
+  - [Unified Logging Library](./docs/ADRs/2025-12-29-unified-logging-library.md)
+- [Coding Standards](./docs/coding-standards.md)
+- [Accessibility Practices](./docs/accessibility-practices.md)
+- [Tech Radar](./docs/tech-radar.md)
+
+## Releases
+
+### Library Releases (Automated via GitHub Actions)
+
+Libraries are published automatically when merged to `main` via the [Release Libraries workflow](./.github/workflows/release-libraries.yml):
+
+```bash
+# Manual release commands (for local testing)
+yarn release:libs              # Interactive release
+yarn release:libs:version      # Version only
+yarn release:libs:publish      # Publish only
+yarn release:libs:dry-run      # Preview changes
+```
+
+### Application Releases
+
+```bash
+yarn release:staging           # Release to staging
+yarn release:production        # Release to production
+yarn release:custom            # Custom release
+```
+
 ## Contributing
 
 Contributions are welcome! Feel free to check our [issues page](https://github.com/wireapp/wire-webapp/issues).

apps/server/eslint.config.ts

@@ -0,0 +1,21 @@
+/*
+ * Wire
+ * Server ESLint configuration (ESLint 9+)
+ */
+
+import path from 'path';
+import {createBaseConfig} from '../../eslint.config.base';
+import type {Linter} from 'eslint';
+
+const __dirname = path.dirname(new URL(import.meta.url).pathname);
+const projectRoot = __dirname;
+
+const config: Linter.Config[] = [
+  ...createBaseConfig({
+    projectRoot: path.join(__dirname, '../..'), // workspace root
+    tsconfigPath: path.join(projectRoot, 'tsconfig.json'),
+    additionalIgnores: ['apps/server/bin/', 'apps/server/dist/', 'apps/server/node_modules/'],
+  }),
+];
+
+export default config;

apps/server/project.json

@@ -51,6 +51,12 @@
         }
       }
     },
+    "lint": {
+      "executor": "nx:run-commands",
+      "options": {
+        "command": "eslint --quiet --config {projectRoot}/eslint.config.ts --ext .js,.ts {projectRoot}"
+      }
+    },
     "type-check": {
       "executor": "nx:run-commands",
       "options": {