FlineDev
diff --git a/‎Sources/HandySwift/HandySwift.docc/Essentials/New Types.md‎
Lines changed: 26 additions & 5 deletions b/‎Sources/HandySwift/HandySwift.docc/Essentials/New Types.md‎
Lines changed: 26 additions & 5 deletions
diff --git a/‎Sources/HandySwift/Types/LogRequestPlugin.swift‎
Lines changed: 148 additions & 0 deletions b/‎Sources/HandySwift/Types/LogRequestPlugin.swift‎
Lines changed: 148 additions & 0 deletions
diff --git a/‎Sources/HandySwift/Types/LogResponsePlugin.swift‎
Lines changed: 155 additions & 0 deletions b/‎Sources/HandySwift/Types/LogResponsePlugin.swift‎
Lines changed: 155 additions & 0 deletions
@@ -123,13 +123,32 @@ let client = RESTClient(
 let user: User = try await client.fetchAndDecode(method: .get, path: "users/me")
 ```
 
-When debugging API issues, add print plugins with the `debugOnly: true` parameter:
+When debugging API issues, choose the appropriate logging plugins based on your platform:
+
+#### For iOS/macOS/tvOS/watchOS Apps (Recommended)
+
+Use OSLog-based plugins for structured, searchable logging:
+
+```swift
+let client = RESTClient(
+    baseURL: URL(string: "https://api.example.com")!,
+    requestPlugins: [LogRequestPlugin(debugOnly: true)],   // Structured request logging
+    responsePlugins: [LogResponsePlugin(debugOnly: true)], // Structured response logging
+    errorBodyToMessage: { try JSONDecoder().decode(YourAPIErrorType.self, from: $0).message }
+)
+```
+
+These plugins use the modern OSLog framework for structured logging that integrates with Console.app and Instruments for advanced debugging.
+
+#### For Server-Side Swift (Vapor/Linux)
+
+Use print-based plugins for console output where OSLog is not available:
 
 ```swift
 let client = RESTClient(
     baseURL: URL(string: "https://api.example.com")!,
-    requestPlugins: [PrintRequestPlugin(debugOnly: true)],   // Debug requests
-    responsePlugins: [PrintResponsePlugin(debugOnly: true)], // Debug responses
+    requestPlugins: [PrintRequestPlugin(debugOnly: true)],   // Console request logging
+    responsePlugins: [PrintResponsePlugin(debugOnly: true)], // Console response logging
     errorBodyToMessage: { try JSONDecoder().decode(YourAPIErrorType.self, from: $0).message }
 )
 ```
@@ -156,8 +175,10 @@ These plugins are particularly helpful when adopting new APIs, providing detaile
 ### Networking & Debugging
 
 - ``RESTClient``
-- ``PrintRequestPlugin``
-- ``PrintResponsePlugin``
+- ``LogRequestPlugin`` (for iOS/macOS/tvOS/watchOS apps)
+- ``LogResponsePlugin`` (for iOS/macOS/tvOS/watchOS apps)
+- ``PrintRequestPlugin`` (for server-side Swift/Vapor)
+- ``PrintResponsePlugin`` (for server-side Swift/Vapor)
 
 ### Other
 
 
@@ -0,0 +1,148 @@
+#if canImport(OSLog)
+   import Foundation
+   import OSLog
+
+   #if canImport(FoundationNetworking)
+      import FoundationNetworking
+   #endif
+
+   /// A plugin for debugging HTTP requests using OSLog structured logging.
+   ///
+   /// This plugin logs comprehensive request information including URL, HTTP method, headers, and body content
+   /// using the modern OSLog framework for structured, searchable logging in apps.
+   /// It's designed as a debugging tool and should only be used temporarily during development.
+   ///
+   /// ## Usage
+   ///
+   /// Add to your RESTClient for debugging:
+   ///
+   /// ```swift
+   /// let client = RESTClient(
+   ///     baseURL: URL(string: "https://api.example.com")!,
+   ///     requestPlugins: [LogRequestPlugin()],  // debugOnly: true, redactAuthHeaders: true by default
+   ///     errorBodyToMessage: { _ in "Error" }
+   /// )
+   /// ```
+   ///
+   /// Both `debugOnly` and `redactAuthHeaders` default to `true` for security. You can disable these built-in protections if needed:
+   ///
+   /// ```swift
+   /// // Default behavior (recommended)
+   /// LogRequestPlugin()  // debugOnly: true, redactAuthHeaders: true
+   ///
+   /// // Disable debugOnly to log in production (discouraged)
+   /// LogRequestPlugin(debugOnly: false)
+   ///
+   /// // Disable redactAuthHeaders for debugging auth issues (use carefully)
+   /// LogRequestPlugin(redactAuthHeaders: false)
+   /// ```
+   ///
+   /// ## Log Output
+   ///
+   /// Logs are sent to the unified logging system with subsystem "RESTClient" and category "requests".
+   /// Use Console.app or Instruments to view structured logs with searchable metadata.
+   ///
+   /// Example log entry:
+   /// ```
+   /// [RESTClient] Sending POST request to 'https://api.example.com/v1/users'
+   /// Headers: Authorization=[redacted], Content-Type=application/json
+   /// Body: {"name": "John Doe", "email": "john@example.com"}
+   /// ```
+   ///
+   /// - Note: By default, logging only occurs in DEBUG builds and authentication headers are redacted for security.
+   /// - Important: The plugin is safe to leave in your code with default settings thanks to `debugOnly` protection.
+   /// - Important: For server-side Swift (Vapor), use ``PrintRequestPlugin`` instead as OSLog is not available on Linux.
+   @available(iOS 16, macOS 13, tvOS 16, watchOS 9, *)
+   public struct LogRequestPlugin: RESTClient.RequestPlugin {
+      /// Whether logging should only occur in DEBUG builds.
+      ///
+      /// When `true` (default), requests are only logged in DEBUG builds.
+      /// When `false`, requests are logged in both DEBUG and release builds (not recommended for production).
+      public let debugOnly: Bool
+
+      /// Whether to redact authentication headers in output.
+      ///
+      /// When `true` (default), authentication headers are replaced with "[redacted]" for security.
+      /// When `false`, the full header value is shown (use carefully for debugging auth issues).
+      public let redactAuthHeaders: Bool
+
+      /// The logger instance used for structured logging.
+      private let logger = Logger(subsystem: "RESTClient", category: "requests")
+
+      /// Creates a new log request plugin.
+      ///
+      /// - Parameters:
+      ///   - debugOnly: Whether logging should only occur in DEBUG builds. Defaults to `true`.
+      ///   - redactAuthHeaders: Whether to redact authentication headers. Defaults to `true`.
+      public init(debugOnly: Bool = true, redactAuthHeaders: Bool = true) {
+         self.debugOnly = debugOnly
+         self.redactAuthHeaders = redactAuthHeaders
+      }
+
+      /// Applies the plugin to the request, logging request details if conditions are met.
+      ///
+      /// This method is called automatically by RESTClient before sending the request.
+      ///
+      /// - Parameter request: The URLRequest to potentially log and pass through unchanged.
+      public func apply(to request: inout URLRequest) {
+         if self.debugOnly {
+            #if DEBUG
+               self.logRequest(request)
+            #endif
+         } else {
+            self.logRequest(request)
+         }
+      }
+
+      /// Logs detailed request information using OSLog.
+      ///
+      /// - Parameter request: The URLRequest to log details for.
+      private func logRequest(_ request: URLRequest) {
+         let method = request.httpMethod ?? "UNKNOWN"
+         let url = request.url?.absoluteString ?? "Unknown URL"
+
+         // Format headers for logging
+         let headers = (request.allHTTPHeaderFields ?? [:])
+            .sorted { $0.key < $1.key }
+            .map { "\($0.key)=\(self.shouldRedactHeader($0.key) ? "[redacted]" : $0.value)" }
+            .joined(separator: ", ")
+
+         // Format body for logging
+         var bodyString = "No body"
+         if let bodyData = request.httpBody,
+            let body = String(data: bodyData, encoding: .utf8)
+         {
+            bodyString = body
+         }
+
+         // Log with structured data
+         self.logger.info(
+            "[RESTClient] Sending \(method, privacy: .public) request to '\(url, privacy: .public)'"
+         )
+         self.logger.debug("Headers: \(headers, privacy: .private)")
+         self.logger.debug("Body: \(bodyString, privacy: .private)")
+      }
+
+      /// Determines whether a header should be redacted for security.
+      ///
+      /// - Parameter headerName: The header name to check.
+      /// - Returns: `true` if the header should be redacted when `redactAuthHeaders` is enabled.
+      private func shouldRedactHeader(_ headerName: String) -> Bool {
+         guard self.redactAuthHeaders else { return false }
+
+         let lowercasedName = headerName.lowercased()
+
+         // Exact header name matches
+         let exactMatches = [
+            "authorization", "cookie", "set-cookie", "x-api-key", "x-auth-token",
+            "x-access-token", "bearer", "apikey", "api-key", "access-token",
+            "refresh-token", "jwt", "session-token", "csrf-token", "x-csrf-token", "x-session-id",
+         ]
+
+         // Substring patterns that indicate sensitive content
+         let sensitivePatterns = ["password", "secret", "token"]
+
+         return exactMatches.contains(lowercasedName) || sensitivePatterns.contains { lowercasedName.contains($0) }
+      }
+   }
+#endif
@@ -0,0 +1,155 @@
+#if canImport(OSLog)
+   import Foundation
+   import OSLog
+
+   #if canImport(FoundationNetworking)
+      import FoundationNetworking
+   #endif
+
+   /// A plugin for debugging HTTP responses using OSLog structured logging.
+   ///
+   /// This plugin logs comprehensive response information including status code, headers, and body content
+   /// using the modern OSLog framework for structured, searchable logging in apps.
+   /// It's designed as a debugging tool and should only be used temporarily during development.
+   ///
+   /// ## Usage
+   ///
+   /// Add to your RESTClient for debugging:
+   ///
+   /// ```swift
+   /// let client = RESTClient(
+   ///     baseURL: URL(string: "https://api.example.com")!,
+   ///     responsePlugins: [LogResponsePlugin()],  // debugOnly: true, redactAuthHeaders: true by default
+   ///     errorBodyToMessage: { _ in "Error" }
+   /// )
+   /// ```
+   ///
+   /// Both `debugOnly` and `redactAuthHeaders` default to `true` for security. You can disable these built-in protections if needed:
+   ///
+   /// ```swift
+   /// // Default behavior (recommended)
+   /// LogResponsePlugin()  // debugOnly: true, redactAuthHeaders: true
+   ///
+   /// // Disable debugOnly to log in production (discouraged)
+   /// LogResponsePlugin(debugOnly: false)
+   ///
+   /// // Disable redactAuthHeaders for debugging auth issues (use carefully)
+   /// LogResponsePlugin(redactAuthHeaders: false)
+   /// ```
+   ///
+   /// ## Log Output
+   ///
+   /// Logs are sent to the unified logging system with subsystem "RESTClient" and category "responses".
+   /// Use Console.app or Instruments to view structured logs with searchable metadata.
+   ///
+   /// Example log entry:
+   /// ```
+   /// [RESTClient] Response 200 from 'https://api.example.com/v1/users/123'
+   /// Headers: Content-Type=application/json, Set-Cookie=[redacted]
+   /// Body: {"id": 123, "name": "John Doe", "email": "john@example.com"}
+   /// ```
+   ///
+   /// - Note: By default, logging only occurs in DEBUG builds and authentication headers are redacted for security.
+   /// - Important: The plugin is safe to leave in your code with default settings thanks to `debugOnly` protection.
+   /// - Important: For server-side Swift (Vapor), use ``PrintResponsePlugin`` instead as OSLog is not available on Linux.
+   @available(iOS 16, macOS 13, tvOS 16, watchOS 9, *)
+   public struct LogResponsePlugin: RESTClient.ResponsePlugin {
+      /// Whether logging should only occur in DEBUG builds.
+      ///
+      /// When `true` (default), responses are only logged in DEBUG builds.
+      /// When `false`, responses are logged in both DEBUG and release builds (not recommended for production).
+      public let debugOnly: Bool
+
+      /// Whether to redact authentication headers in output.
+      ///
+      /// When `true` (default), authentication headers like Authorization and Set-Cookie are replaced with "[redacted]" for security.
+      /// When `false`, the full header value is shown (use carefully for debugging auth issues).
+      public let redactAuthHeaders: Bool
+
+      /// The logger instance used for structured logging.
+      private let logger = Logger(subsystem: "RESTClient", category: "responses")
+
+      /// Creates a new log response plugin.
+      ///
+      /// - Parameters:
+      ///   - debugOnly: Whether logging should only occur in DEBUG builds. Defaults to `true`.
+      ///   - redactAuthHeaders: Whether to redact authentication headers. Defaults to `true`.
+      public init(debugOnly: Bool = true, redactAuthHeaders: Bool = true) {
+         self.debugOnly = debugOnly
+         self.redactAuthHeaders = redactAuthHeaders
+      }
+
+      /// Applies the plugin to the response, logging response details if conditions are met.
+      ///
+      /// This method is called automatically by RESTClient after receiving the response.
+      /// The response and data are passed through unchanged.
+      ///
+      /// - Parameters:
+      ///   - response: The HTTPURLResponse to potentially log.
+      ///   - data: The response body data to potentially log.
+      /// - Throws: Does not throw errors, but passes through any errors from the response processing.
+      public func apply(to response: inout HTTPURLResponse, data: inout Data) throws {
+         if self.debugOnly {
+            #if DEBUG
+               self.logResponse(response, data: data)
+            #endif
+         } else {
+            self.logResponse(response, data: data)
+         }
+      }
+
+      /// Logs detailed response information using OSLog.
+      ///
+      /// - Parameters:
+      ///   - response: The HTTPURLResponse to log details for.
+      ///   - data: The response body data to log.
+      private func logResponse(_ response: HTTPURLResponse, data: Data) {
+         let statusCode = response.statusCode
+         let url = response.url?.absoluteString ?? "Unknown URL"
+
+         // Format headers for logging
+         let headers = response.allHeaderFields
+            .compactMapValues { "\($0)" }
+            .sorted { "\($0.key)" < "\($1.key)" }
+            .map { "\($0.key)=\(self.shouldRedactHeader("\($0.key)") ? "[redacted]" : $0.value)" }
+            .joined(separator: ", ")
+
+         // Format body for logging
+         var bodyString = "No body"
+         if !data.isEmpty,
+            let body = String(data: data, encoding: .utf8)
+         {
+            bodyString = body
+         }
+
+         // Log with structured data
+         self.logger.info(
+            "[RESTClient] Response \(statusCode, privacy: .public) from '\(url, privacy: .public)'"
+         )
+         self.logger.debug("Headers: \(headers, privacy: .private)")
+         self.logger.debug("Body: \(bodyString, privacy: .private)")
+      }
+
+      /// Determines whether a header should be redacted for security.
+      ///
+      /// - Parameter headerName: The header name to check.
+      /// - Returns: `true` if the header should be redacted when `redactAuthHeaders` is enabled.
+      private func shouldRedactHeader(_ headerName: String) -> Bool {
+         guard self.redactAuthHeaders else { return false }
+
+         let lowercasedName = headerName.lowercased()
+
+         // Exact header name matches
+         let exactMatches = [
+            "authorization", "cookie", "set-cookie", "x-api-key", "x-auth-token",
+            "x-access-token", "bearer", "apikey", "api-key", "access-token",
+            "refresh-token", "jwt", "session-token", "csrf-token", "x-csrf-token", "x-session-id",
+         ]
+
+         // Substring patterns that indicate sensitive content
+         let sensitivePatterns = ["password", "secret", "token"]
+
+         return exactMatches.contains(lowercasedName) || sensitivePatterns.contains { lowercasedName.contains($0) }
+      }
+   }
+#endif