feat(logs): add admin aggregated logs endpoint (#12)

* feat(logs): add admin aggregated GET /logs endpoint

When admin calls GET /logs without X-App-ID, iterates all registered
apps from KV, queries each app's DO in parallel, and returns combined
log entries with app_id field on each entry.

Preserves existing single-app behavior when X-App-ID header is provided
(for both API key and admin auth paths).

Per-app limit is calculated as max(10, ceil(globalLimit / numApps)) to
avoid overloading any single DO. Results are merged, sorted by timestamp
DESC, and truncated to the global limit.

Also exports AggregatedLogEntry type (LogEntry + app_id) from types.ts
for consumers that need to type-check aggregated responses.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(logs): add integration tests for admin aggregated logs

Tests cover:
- GET /logs with admin key and no X-App-ID returns combined entries
  from all registered apps, each with an app_id field
- Level filter (e.g., ?level=ERROR) is forwarded to each app's DO
- Global limit (e.g., ?limit=2) caps the total results returned
- GET /logs with admin key AND X-App-ID falls through to single-app
  path, returning raw DO response without app_id field

Adds beforeAll setup that creates two apps (agg-app-1, agg-app-2)
and writes distinct log levels to each so assertions can verify
cross-app aggregation.

Co-Authored-By: Claude <noreply@anthropic.com>

* test(aggregated-logs): add filter and auth tests for admin all-logs endpoint

Extend the "Admin aggregated logs" integration test suite with 7 new tests
that cover scenarios not already tested in Phase 1:

Auth edge cases:
- No auth (missing both X-Admin-Key and X-App-ID) returns 400
- Invalid admin key returns 401

Aggregated filter scenarios (new nested describe with isolated app fixtures):
- since=far-future timestamp returns empty array (filter applied per-app)
- until=far-past timestamp returns empty array
- search filter returns matching entries across multiple apps
- context.* filter returns entries with matching JSON context field
- request_id filter returns exactly the one matching entry with correct app_id

Each test verifies that app_id field is present on aggregated results and
that filters are correctly propagated to per-app DO queries.

Co-Authored-By: Claude <noreply@anthropic.com>

* refactor(logs): simplify aggregated logs limit parsing and remove unused test variables

Replace verbose has/get/parseInt pattern with Number() + nullish fallback for
the globalLimit parameter. Remove dead-code queryString conditional since
perAppParams always contains at least the limit key. Remove unused
filterApiKey1/filterApiKey2 variables from test setup -- the filter tests
authenticate exclusively via admin key.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* use string comparison for sort

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 3 people

src/index.ts

@@ -1,7 +1,7 @@
 import { Hono } from 'hono'
 import { cors } from 'hono/cors'
 import { Ok, Err, ErrorCode } from './result'
-import type { Env, LogInput, LogBatchInput } from './types'
+import type { Env, LogInput, LogBatchInput, LogEntry, AggregatedLogEntry } from './types'
 import * as registry from './services/registry'
 import { requireApiKey, requireAdminKey, requireApiKeyOrAdmin } from './middleware/auth'
 import { dashboard } from './dashboard/index'
@@ -14,7 +14,7 @@ export { AppLogsDO } from './durable-objects/app-logs-do'
 export { LogsRPC } from './rpc'
 
 // Re-export types for consumers
-export type { LogInput, LogEntry, LogLevel, QueryFilters, DailyStats } from './types'
+export type { LogInput, LogEntry, AggregatedLogEntry, LogLevel, QueryFilters, DailyStats } from './types'
 
 type Variables = {
   appId: string
@@ -37,7 +37,7 @@ app.get('/', (c) => {
       endpoints: {
         'GET /dashboard': 'Web UI for browsing logs (requires admin key)',
         'POST /logs': 'Write log entries (requires API key)',
-        'GET /logs': 'Query log entries (requires API key)',
+        'GET /logs': 'Query log entries (requires API key or admin)',
         'GET /health/:app_id': 'Get health check history (public)',
         'GET /stats/:app_id': 'Get daily stats (requires API key or admin)',
         'POST /apps/:app_id/prune': 'Delete old logs (requires API key)',
@@ -98,16 +98,72 @@ app.post('/logs', requireApiKey, async (c) => {
   }
 })
 
-// GET /logs - Query logs (requires API key)
-app.get('/logs', requireApiKey, async (c) => {
-  const appId = c.get('appId')
-  const stub = getAppDO(c.env, appId)
+// GET /logs - Query logs (requires API key or admin)
+// When admin auth is used without X-App-ID, returns aggregated logs from all registered apps.
+// When X-App-ID is provided (admin or API key auth), returns single-app logs as before.
+app.get('/logs', requireApiKeyOrAdmin, async (c) => {
+  // API key auth: appId is set by middleware after validation
+  // Admin auth with X-App-ID header: use that app directly
+  const appId = c.get('appId') || c.req.header('X-App-ID')
+
+  // Single-app query (API key auth or admin with explicit X-App-ID)
+  if (appId) {
+    const stub = getAppDO(c.env, appId)
+    const url = new URL(c.req.url)
+
+    const res = await stub.fetch(new Request(`http://do/logs${url.search}`, {
+      method: 'GET',
+    }))
+    return c.json(await res.json())
+  }
+
+  // Admin aggregated query: no appId means admin auth without X-App-ID
+  if (!c.env.LOGS_KV) {
+    return c.json(Err({ code: ErrorCode.INTERNAL_ERROR, message: 'KV namespace not configured' }), 500)
+  }
+
+  const appsResult = await registry.listApps(c.env.LOGS_KV)
+  if (!appsResult.ok) {
+    return c.json(appsResult, 500)
+  }
+
+  const appIds = appsResult.data
+  if (appIds.length === 0) {
+    return c.json(Ok([] as AggregatedLogEntry[]))
+  }
+
   const url = new URL(c.req.url)
+  const globalLimit = Number(url.searchParams.get('limit')) || 100
+  const perAppLimit = Math.max(10, Math.ceil(globalLimit / appIds.length))
+
+  // Build per-app query string with overridden limit; offset is omitted (not meaningful in aggregated mode)
+  const perAppParams = new URLSearchParams(url.search)
+  perAppParams.set('limit', String(perAppLimit))
+  perAppParams.delete('offset')
+  const queryString = `?${perAppParams.toString()}`
+
+  const results = await Promise.all(
+    appIds.map(async (id) => {
+      try {
+        const stub = getAppDO(c.env, id)
+        const res = await stub.fetch(new Request(`http://do/logs${queryString}`, { method: 'GET' }))
+        const json = await res.json() as { ok: boolean; data: LogEntry[] }
+        if (json.ok && Array.isArray(json.data)) {
+          return json.data.map((entry): AggregatedLogEntry => ({ ...entry, app_id: id }))
+        }
+        return [] as AggregatedLogEntry[]
+      } catch {
+        // Skip apps that fail to respond rather than failing the entire request
+        return [] as AggregatedLogEntry[]
+      }
+    })
+  )
 
-  const res = await stub.fetch(new Request(`http://do/logs${url.search}`, {
-    method: 'GET',
-  }))
-  return c.json(await res.json())
+  const merged = results.flat()
+  merged.sort((a, b) => (a.timestamp < b.timestamp ? 1 : -1))
+  const truncated = merged.slice(0, globalLimit)
+
+  return c.json(Ok(truncated))
 })
 
 // GET /health/:app_id - Get health check history

src/types.ts

@@ -109,6 +109,13 @@ export interface DailyStats {
   error: number
 }
 
+/**
+ * A log entry with an app_id field, returned by admin aggregated queries
+ */
+export interface AggregatedLogEntry extends LogEntry {
+  app_id: string
+}
+
 /**
  * Prune request
  */