LowFile-scopePython Plug & play

Make verbose logging conditional

Guard expensive debug log formatting behind level checks or lazy formatting.

Why this matters

Avoids overhead in hot paths when debug logs are disabled.

Side-by-side examples engineers can pattern-match during review.

Avoid

logger.debug('state: %s', json.dumps(state))

Prefer

if logger.isEnabledFor(logging.DEBUG):
    logger.debug('state: %s', json.dumps(state))

Bad

logger.debug(f'big {expensive()}')

Good

if logger.isEnabledFor(logging.DEBUG): logger.debug('x')

From the same buckets as this rule.

Critical
Check consent and role-based authorization before returning ePHI
Handlers must verify the requester’s role and a valid consent/relationship (e.g., care team assignment) before disclosing ePHI; include Purpose-Of-Use in the decision and audit the outcome.
compliance-hipaasecurity-hardening+2
Critical
Mask PAN and exclude SAD from logs
Never emit Primary Account Number (PAN) or Sensitive Authentication Data (SAD: CVV/CVC, full track data, PIN) to application or audit logs. Per PCI DSS 4.0 Req. 3 and 10, always mask PAN as first6last4 and fully redact SAD before logging.
compliance-pci-dssobservability-logging+1
High
Add comprehensive error logging
Log failures with operation name, key identifiers, and exception; prefer structured logging (fields).
error-handlingobservability-logging