▣ wi

Sub-item of #897 Pluto: logger info-gate drops isCritical events before force-sync + prod LOG_LEVEL=1 = security-observability hole. logger.ts:83-85 early-returns (skips appEvents INSERT) for level=info when logLevel<3, BEFORE the isCritical force-sync block (:119-124, auth/authz+forceSync = must-persist). Prod LOG_LEVEL empty→parseInt=1<3, so ALL info events (incl. info-level auth/authz security signals that pluto-commons retains >=365d) are NOT persisted in prod. Two-part fix: (a) code — exempt isCritical (auth/authz/forceSync) from the info-gate so security events always persist; (b) ops — decide prod LOG_LEVEL>=3 (Elazar/Vercel env, also unlocks PLUTO-24 nav-event queryability). Found via PLUTO-24. Needs audit severity-confirm (how many live security events are info-level vs ERROR per PLUTO-25) before Elazar escalation. logger.ts = coder lane. · pluto