[BACKEND] Add request IDs and structured JSON logging across API and workers

[utksh1]

Problem

SecuScan needs a production-grade improvement in this area: Observability..

Scope

Generate or accept X-Request-ID, attach it to logs/audit/task records, and produce structured logs suitable for ingestion.

Acceptance Criteria

• The implementation is focused and does not introduce unrelated UI, docs, lockfile, or formatting churn.
• Security-sensitive behavior has explicit negative tests where applicable.
• Existing tests continue to pass, and new tests cover the main success and failure paths.
• Documentation or configuration examples are updated when operator behavior changes.

Verification

Tests should verify request IDs propagate from API request to background task and audit log.

Difficulty

Hard, useful issue intended for experienced contributors.

[Rakshak05]

Hi there! I would like to work on this. Can you please assign it to me under GSSoC'26 contributor!?

[Aish-kul16]

Hi @utksh1 , I’d like to work on this issue.

I plan to:

• Review the existing logging setup
• Add request ID middleware
• Implement structured JSON logs
• Propagate request IDs across workers/background tasks
• Add tests and documentation updates

Please assign this issue to me if it’s available. Thank you.

[Avnithakur731-a]

Hi @utksh1 👋

I’ve carefully reviewed this issue and explored the related implementation areas in the codebase. The problem statement is clear to me, and I already have an approach in mind for implementing a clean, scalable, and maintainable solution while preserving the existing architecture and coding standards.

I’m actively contributing under GSSoC 2026 and would genuinely love to work on this issue. I can start immediately and will ensure:

• clean and well-documented code
• proper testing and edge-case handling
• regular progress updates
• adherence to project guidelines

Please consider assigning this issue to me. Thank you!

[Aish-kul16]

Hi @utksh1,

I've submitted a PR implementing request ID propagation and structured JSON logging across API requests, audit logging, and background workflows.

The implementation includes:

• X-Request-ID generation/acceptance
• Request-scoped context propagation
• Structured JSON logging
• Request ID propagation to background tasks/workers
• Audit log request ID tracking
• Integration tests covering success and failure paths

#595

Looking forward to your review. Thank you!