docs: document LOG_LEVEL as a backend env variable (#258)

.env.example

@@ -52,6 +52,10 @@ JWT_PREVIOUS_KEYS=
 # TCP port for the Express backend (default: 4000)
 PORT=4000
 
+# Winston log level for the backend (default: info)
+# Allowed values: error | warn | info | http | debug
+LOG_LEVEL=info
+
 # Maximum JSON request body size accepted by the API (default: 10kb)
 BODY_LIMIT=10kb
 
@@ -107,7 +111,7 @@ BACKEND_URL=http://backend:4000
 ANALYTICS_API_KEY=
 
 # Python log level: DEBUG | INFO | WARNING | ERROR | CRITICAL (default: INFO)
-LOG_LEVEL=INFO
+# Reuses LOG_LEVEL defined in the backend section above; set to INFO for Python stdlib levels.
 
 # ── Anomaly detection ─────────────────────────────────────────────────────────
 # Mint count above which an issuer is flagged as anomalous (default: 50)

README.md

@@ -330,6 +330,7 @@ Copy `.env.example` to `.env` and fill in the required values. The backend valid
 | `ISSUER_SECRET_KEY` | yes | — | Signs mint/revoke transactions (starts with `S`) |
 | `JWT_SECRET` | yes | — | Signs JWTs; rotate to invalidate all sessions |
 | `PORT` | no | `4000` | Backend listen port |
+| `LOG_LEVEL` | no | `info` | Winston log level: `error`, `warn`, `info`, `http`, `debug` |
 | `RATE_LIMIT_SEP10` | no | `10` | Max SEP-10 requests per IP per minute |
 | `RATE_LIMIT_VERIFY` | no | `60` | Max verify requests per IP per minute |
 | `AUDIT_LOG_PATH` | no | `./audit.log` | Path to append-only NDJSON audit log |

docs/configuration.md

@@ -276,6 +276,7 @@ When an anomaly is detected the service POSTs a JSON payload to `ALERT_WEBHOOK_U
 | `ISSUER_SECRET_KEY` | yes | runtime | valid Stellar secret key format |
 | `JWT_SECRET` | yes | Zod (backend) | non-empty string |
 | `PORT` | no | Zod (backend) | positive integer, default 4000 |
+| `LOG_LEVEL` | no | runtime | Winston log level for the backend: `error` \| `warn` \| `info` \| `http` \| `debug`, default `info` |
 | `ALLOWED_ORIGINS` | no | Zod (backend) | comma-separated URLs, default `http://localhost:3000` |
 | `SOROBAN_FEE` | no | Zod (backend) | positive integer (stroops), default 100 |
 | `SOROBAN_TIP` | no | Zod (backend) | non-negative integer (stroops), default 0 |
@@ -287,7 +288,7 @@ When an anomaly is detected the service POSTs a JSON payload to `ALERT_WEBHOOK_U
 | `AUDIT_LOG_PATH` | no | runtime | writable path, default `./audit.log` |
 | `ANALYTICS_PORT` | no | runtime | positive integer, default 8001 |
 | `BACKEND_URL` | no | runtime | valid URL, default set by Compose |
-| `LOG_LEVEL` | no | runtime | Python logging level, default `INFO` |
+| `LOG_LEVEL` | no | runtime | Python logging level, default `INFO` (reuses the same variable; Python uses `DEBUG`/`INFO`/`WARNING`/`ERROR`/`CRITICAL`) |
 | `ANOMALY_THRESHOLD` | no | runtime | positive integer, default 50 |
 | `ANOMALY_SCHEDULE_MINUTES` | no | runtime | positive integer, default 15 |
 | `ALERT_WEBHOOK_URL` | no | runtime | valid HTTPS URL; alerts disabled if unset |