feat: add env-aware client log policy and const lint fixes

userfront/lib/core/services/logger_service.dart

@@ -1,8 +1,10 @@
 import 'dart:convert';
 import 'package:flutter/foundation.dart';
+import 'package:flutter_dotenv/flutter_dotenv.dart';
 import 'package:logging/logging.dart' as std_log;
 import 'package:logger/logger.dart' as pretty_log;
 import 'auth_proxy_service.dart';
+import 'log_policy.dart';
 
 /// Global Logger Service for Baron SSO Frontend
 class LoggerService {
@@ -10,8 +12,20 @@ class LoggerService {
   factory LoggerService() => _instance;
 
   late final pretty_log.Logger _prettyLogger;
+  late final String _appEnv;
+  late final String _productionDebugFlag;
 
   LoggerService._internal() {
+    _appEnv = _envOrDefault('APP_ENV', 'dev');
+    _productionDebugFlag = _envOrDefault(
+      'CLIENT_LOG_DEBUG',
+      _envOrDefault('USERFRONT_DEBUG_LOG', ''),
+    );
+    final debugEnabled = LogPolicy.debugEnabled(
+      appEnv: _appEnv,
+      productionDebugFlag: _productionDebugFlag,
+    );
+
     // 1. Initialize Pretty Logger for Dev
     _prettyLogger = pretty_log.Logger(
       printer: pretty_log.PrettyPrinter(
@@ -25,9 +39,9 @@ class LoggerService {
     );
 
     // 2. Configure Standard Logger (logging package)
-    std_log.Logger.root.level = kReleaseMode
-        ? std_log.Level.WARNING
-        : std_log.Level.ALL;
+    std_log.Logger.root.level = debugEnabled
+        ? std_log.Level.ALL
+        : std_log.Level.WARNING;
 
     std_log.Logger.root.onRecord.listen((record) {
       if (kReleaseMode) {
@@ -40,6 +54,17 @@ class LoggerService {
     });
   }
 
+  static String _envOrDefault(String key, String fallback) {
+    if (!dotenv.isInitialized) {
+      return fallback;
+    }
+    final value = dotenv.env[key];
+    if (value == null || value.trim().isEmpty) {
+      return fallback;
+    }
+    return value;
+  }
+
   /// Initialize the logger. Call this in main.dart
   static void init() {
     // Accessing the instance triggers the constructor
@@ -64,10 +89,11 @@ class LoggerService {
   }
 
   void _logJson(std_log.LogRecord record) {
+    final sanitizedMessage = LogPolicy.sanitizeMessage(record.message);
     final logData = {
       'time': record.time.toUtc().toIso8601String(), // Use UTC for consistency
       'level': record.level.name,
-      'msg': record.message,
+      'msg': sanitizedMessage,
       'svc': 'baron-userfront',
       if (record.error != null) 'error': record.error.toString(),
       if (record.stackTrace != null) 'stack': record.stackTrace.toString(),
@@ -77,10 +103,14 @@ class LoggerService {
     debugPrint(jsonEncode(logData));
 
     // 2. Relay to Backend (Docker Terminal)
-    if (record.level >= std_log.Level.WARNING) {
+    if (LogPolicy.shouldRelayClientLog(
+      level: record.level.name,
+      appEnv: _appEnv,
+      productionDebugFlag: _productionDebugFlag,
+    )) {
       AuthProxyService.sendLog(
         record.level.name,
-        record.message,
+        sanitizedMessage,
         data: {
           'client_time': record.time.toUtc().toIso8601String(),
           'logger': record.loggerName,