Remove duplicate log calls where global structured logger already covers the event (#2522)

Every significant event in 23+ files was being logged twice: once via a
package-level `logXxx.Printf()` debug logger (stderr, `DEBUG=`
controlled) and once via the global `logger.LogInfo/Warn/Error()`
structured logger (always written to files). This created ~40 duplicate
log call-pairs with no policy to guide which to use.

## Changes

Removed 24 redundant local `logXxx.Printf()` calls across 6 files,
keeping only the global structured call where both logged the same
event:

- **`internal/server/auth.go`** — Remove 3 `logAuth.Printf` calls for
auth failed/success events already covered by
`logger.LogErrorMd`/`LogInfo`
- **`internal/launcher/launcher.go`** — Remove 9 `logLauncher.Printf`
calls for `GetOrLaunch`/`GetOrLaunchForSession` events already covered
by adjacent
`logger.LogDebugWithServer`/`LogInfoWithServer`/`LogErrorWithServer`
- **`internal/mcp/schema.go`** — Remove 4 `logSchema.Printf` calls for
schema normalization outcomes already covered by `logger.LogWarn`
- **`internal/mcp/connection.go`** — Remove 4 `logConn.Printf` calls for
connection lifecycle events already covered by
`logger.LogInfo`/`LogInfoWithServer`
- **`internal/server/handlers.go`** — Remove 2
`logHandlers.Print/Printf` calls for `/close` endpoint events already
covered by `logger.LogInfo`/`LogWarn`
- **`internal/server/routed.go`** — Remove local `log :=
logger.New(logNamespace)` and `log.Printf` inside `rejectIfShutdown`
closure; `logger.LogWarn` already covers the shutdown rejection

**Before:**
```go
logAuth.Printf("Authentication failed: invalid API key")
logger.LogErrorMd("auth", "Authentication failed: invalid API key, remote=%s, path=%s", r.RemoteAddr, r.URL.Path)
```

**After:**
```go
logger.LogErrorMd("auth", "Authentication failed: invalid API key, remote=%s, path=%s", r.RemoteAddr, r.URL.Path)
```

All debug-only `logXxx.Printf` calls with no global logger counterpart
are preserved — they continue to serve development tracing via
`DEBUG=namespace:*`.

> [!WARNING]
>
> <details>
> <summary>Firewall rules blocked me from connecting to one or more
addresses (expand for details)</summary>
>
> #### I tried to connect to the following addresses, but was blocked by
firewall rules:
>
> - `example.com`
> - Triggering command: `/tmp/go-build1349128381/b329/launcher.test
/tmp/go-build1349128381/b329/launcher.test
-test.testlogfile=/tmp/go-build1349128381/b329/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -test.v=true _.a 166736/b151/`
(dns block)
> - Triggering command: `/tmp/go-build3953803593/b333/launcher.test
/tmp/go-build3953803593/b333/launcher.test
-test.testlogfile=/tmp/go-build3953803593/b333/testlog.txt
-test.paniconexit0 -test.timeout=10m0s --no�� g_.a
64/pkg/tool/linu-trimpath ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet go
ternal/fips140/d-unsafeptr=false x_amd64/cgo
ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --no�� KRDG6iSQG x_amd64/cgo
ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --local
k/gh-aw-mcpg/gh--V=full 86_64/as
ache/go/1.25.8/x64/pkg/tool/linu-buildtags` (dns block)
> - `invalid-host-that-does-not-exist-12345.com`
> - Triggering command: `/tmp/go-build1349128381/b314/config.test
/tmp/go-build1349128381/b314/config.test
-test.testlogfile=/tmp/go-build1349128381/b314/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -test.v=true mt-go@v0.1.7/for-n1
mt-go@v0.1.7/par--format=format:%H %ct %D
64/pkg/tool/linu--end-of-options -p github.com/model-o -lang=go1.25
64/pkg/tool/linu-trimpath ter-�� _.a 166736/b151/
de/node/bin/bash-lang=go1.25 -o /dev/null /tmp/cctRuc9T.s
/usr/libexec/gcc/tmp/go-build1349128381/b175/vet.cfg` (dns block)
> - Triggering command: `/tmp/go-build3953803593/b318/config.test
/tmp/go-build3953803593/b318/config.test
-test.testlogfile=/tmp/go-build3953803593/b318/testlog.txt
-test.paniconexit0 -test.timeout=10m0s push��
aw-mcpg/internal/launcher/connection_pool.go .cfg util.test go --local
64/pkg/tool/linu/tmp/go-build1106856649/b085/vet.cfg util.test 3491��
5762130/b248/_pkg_.a --scope docker-compose
--property=Memor/opt/hostedtoolcache/go/1.25.8/x64/pkg/tool/linux_amd64/vet
b/gh-aw-mcpg/int/tmp/go-build1106856649/b235/vet.cfg
--property=MemoryHigh=170M docker-compose` (dns block)
> - `nonexistent.local`
> - Triggering command: `/tmp/go-build1349128381/b329/launcher.test
/tmp/go-build1349128381/b329/launcher.test
-test.testlogfile=/tmp/go-build1349128381/b329/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -test.v=true _.a 166736/b151/`
(dns block)
> - Triggering command: `/tmp/go-build3953803593/b333/launcher.test
/tmp/go-build3953803593/b333/launcher.test
-test.testlogfile=/tmp/go-build3953803593/b333/testlog.txt
-test.paniconexit0 -test.timeout=10m0s --no�� g_.a
64/pkg/tool/linu-trimpath ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet go
ternal/fips140/d-unsafeptr=false x_amd64/cgo
ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --no�� KRDG6iSQG x_amd64/cgo
ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --local
k/gh-aw-mcpg/gh--V=full 86_64/as
ache/go/1.25.8/x64/pkg/tool/linu-buildtags` (dns block)
> - `slow.example.com`
> - Triggering command: `/tmp/go-build1349128381/b329/launcher.test
/tmp/go-build1349128381/b329/launcher.test
-test.testlogfile=/tmp/go-build1349128381/b329/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -test.v=true _.a 166736/b151/`
(dns block)
> - Triggering command: `/tmp/go-build3953803593/b333/launcher.test
/tmp/go-build3953803593/b333/launcher.test
-test.testlogfile=/tmp/go-build3953803593/b333/testlog.txt
-test.paniconexit0 -test.timeout=10m0s --no�� g_.a
64/pkg/tool/linu-trimpath ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet go
ternal/fips140/d-unsafeptr=false x_amd64/cgo
ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --no�� KRDG6iSQG x_amd64/cgo
ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet --local
k/gh-aw-mcpg/gh--V=full 86_64/as
ache/go/1.25.8/x64/pkg/tool/linu-buildtags` (dns block)
> - `this-host-does-not-exist-12345.com`
> - Triggering command: `/tmp/go-build1349128381/b338/mcp.test
/tmp/go-build1349128381/b338/mcp.test
-test.testlogfile=/tmp/go-build1349128381/b338/testlog.txt
-test.paniconexit0 -test.timeout=10m0s -test.v=true assword=$GITHUB_-s
assword=$GITHUB_-w ache/go/1.25.8/x-buildmode=exe --gdwarf-5 --64 -o
ache/go/1.25.8/x-extld=gcc -E 166736/b193/_pkg_.a -m64 x_amd64/vet
/tmp/go-build417bash g/x/net/http/htt/usr/bin/runc
-fno-stack-prote--version x_amd64/vet` (dns block)
> - Triggering command: `/tmp/go-build3953803593/b342/mcp.test
/tmp/go-build3953803593/b342/mcp.test
-test.testlogfile=/tmp/go-build3953803593/b342/testlog.txt
-test.paniconexit0 -test.timeout=10m0s --no�� --noprofile u/13/cc1 .cfg
--local 64/src/runtime/c-V=full cal/bin/bash
ache/go/1.25.8/x64/pkg/tool/linux_amd64/vet` (dns block)
>
> If you need me to access, download, or install something from one of
these locations, you can either:
>
> - Configure [Actions setup
steps](https://gh.io/copilot/actions-setup-steps) to set up my
environment, which run before the firewall is enabled
> - Add the appropriate URLs or hosts to the custom allowlist in this
repository's [Copilot coding agent
settings](https://github.com/github/gh-aw-mcpg/settings/copilot/coding_agent)
(admins only)
>
> </details>

<!-- START COPILOT CODING AGENT TIPS -->
---

💬 Send tasks to Copilot coding agent from
[Slack](https://gh.io/cca-slack-docs) and
[Teams](https://gh.io/cca-teams-docs) to turn conversations into code.
Copilot posts an update in your thread when it's finished.

Author: lpcox

internal/launcher/launcher.go

@@ -64,14 +64,12 @@ func New(ctx context.Context, cfg *config.Config) *Launcher {
 // GetOrLaunch returns an existing connection or launches a new one
 func GetOrLaunch(l *Launcher, serverID string) (*mcp.Connection, error) {
 	logger.LogDebugWithServer(serverID, "backend", "GetOrLaunch called for server: %s", serverID)
-	logLauncher.Printf("GetOrLaunch called: serverID=%s", serverID)
 
 	// Check if already exists
 	l.mu.RLock()
 	if conn, ok := l.connections[serverID]; ok {
 		l.mu.RUnlock()
 		logger.LogDebugWithServer(serverID, "backend", "Reusing existing backend connection: %s", serverID)
-		logLauncher.Printf("Reusing existing connection: serverID=%s", serverID)
 		return conn, nil
 	}
 	l.mu.RUnlock()
@@ -85,15 +83,13 @@ func GetOrLaunch(l *Launcher, serverID string) (*mcp.Connection, error) {
 	// Double-check after acquiring write lock
 	if conn, ok := l.connections[serverID]; ok {
 		logger.LogDebugWithServer(serverID, "backend", "Backend connection created by another goroutine: %s", serverID)
-		logLauncher.Printf("Connection created by another goroutine: serverID=%s", serverID)
 		return conn, nil
 	}
 
 	// Get server config
 	serverCfg, ok := l.config.Servers[serverID]
 	if !ok {
 		logger.LogErrorWithServer(serverID, "backend", "Backend server not found in config: %s", serverID)
-		logLauncher.Printf("Server not found in config: serverID=%s", serverID)
 		return nil, fmt.Errorf("server '%s' not found in config", serverID)
 	}
 	logLauncher.Printf("Retrieved server config: serverID=%s, type=%s", serverID, serverCfg.Type)
@@ -103,7 +99,6 @@ func GetOrLaunch(l *Launcher, serverID string) (*mcp.Connection, error) {
 		logger.LogInfoWithServer(serverID, "backend", "Configuring HTTP MCP backend: %s, url=%s", serverID, serverCfg.URL)
 		log.Printf("[LAUNCHER] Configuring HTTP MCP backend: %s", serverID)
 		log.Printf("[LAUNCHER] URL: %s", serverCfg.URL)
-		logLauncher.Printf("HTTP backend: serverID=%s, url=%s", serverID, serverCfg.URL)
 
 		// Create an HTTP connection
 		conn, err := mcp.NewHTTPConnection(l.ctx, serverID, serverCfg.URL, serverCfg.Headers)
@@ -116,7 +111,6 @@ func GetOrLaunch(l *Launcher, serverID string) (*mcp.Connection, error) {
 
 		logger.LogInfoWithServer(serverID, "backend", "Successfully configured HTTP MCP backend: %s", serverID)
 		log.Printf("[LAUNCHER] Successfully configured HTTP backend: %s", serverID)
-		logLauncher.Printf("HTTP connection configured: serverID=%s", serverID)
 
 		l.connections[serverID] = conn
 		return conn, nil
@@ -135,7 +129,6 @@ func GetOrLaunch(l *Launcher, serverID string) (*mcp.Connection, error) {
 // This is used for stateful stdio backends that require persistent connections
 func GetOrLaunchForSession(l *Launcher, serverID, sessionID string) (*mcp.Connection, error) {
 	logger.LogDebugWithServer(serverID, "backend", "GetOrLaunchForSession called: server=%s, session=%s", serverID, sessionID)
-	logLauncher.Printf("GetOrLaunchForSession called: serverID=%s, sessionID=%s", serverID, sessionID)
 
 	// Get server config first to determine backend type
 	l.mu.RLock()
@@ -157,7 +150,6 @@ func GetOrLaunchForSession(l *Launcher, serverID, sessionID string) (*mcp.Connec
 	// For stdio backends, check the session pool first
 	if conn, exists := l.sessionPool.Get(serverID, sessionID); exists {
 		logger.LogDebugWithServer(serverID, "backend", "Reusing session connection: server=%s, session=%s", serverID, sessionID)
-		logLauncher.Printf("Reusing session connection: serverID=%s, sessionID=%s", serverID, sessionID)
 		return conn, nil
 	}
 
@@ -171,7 +163,6 @@ func GetOrLaunchForSession(l *Launcher, serverID, sessionID string) (*mcp.Connec
 	// Double-check after acquiring lock
 	if conn, exists := l.sessionPool.Get(serverID, sessionID); exists {
 		logger.LogDebugWithServer(serverID, "backend", "Session connection created by another goroutine: server=%s, session=%s", serverID, sessionID)
-		logLauncher.Printf("Session connection created by another goroutine: serverID=%s, sessionID=%s", serverID, sessionID)
 		return conn, nil
 	}
 

internal/mcp/connection.go

@@ -76,7 +76,6 @@ type Connection struct {
 // NewConnection creates a new MCP connection using the official SDK
 func NewConnection(ctx context.Context, serverID, command string, args []string, env map[string]string) (*Connection, error) {
 	logger.LogInfo("backend", "Creating new MCP backend connection, command=%s, args=%v", command, sanitize.SanitizeArgs(args))
-	logConn.Printf("Creating new MCP connection: command=%s, args=%v", command, sanitize.SanitizeArgs(args))
 	ctx, cancel := context.WithCancel(ctx)
 
 	// Create MCP client with logger
@@ -117,7 +116,6 @@ func NewConnection(ctx context.Context, serverID, command string, args []string,
 			line := scanner.Text()
 			sanitizedLine := sanitize.SanitizeString(line)
 			logger.LogInfoWithServer(serverID, "backend", "[stderr] %s", sanitizedLine)
-			logConn.Printf("[%s stderr] %s", serverID, sanitizedLine)
 		}
 	}()
 
@@ -171,7 +169,6 @@ func NewConnection(ctx context.Context, serverID, command string, args []string,
 	}
 
 	logger.LogInfoMd("backend", "Successfully connected to MCP backend server, command=%s", command)
-	logConn.Printf("Successfully connected to MCP server: command=%s", command)
 
 	conn := &Connection{
 		client:   client,
@@ -200,7 +197,6 @@ func NewConnection(ctx context.Context, serverID, command string, args []string,
 // This ensures compatibility with all types of HTTP MCP servers.
 func NewHTTPConnection(ctx context.Context, serverID, url string, headers map[string]string) (*Connection, error) {
 	logger.LogInfo("backend", "Creating HTTP MCP connection with transport fallback, url=%s", url)
-	logConn.Printf("Creating HTTP MCP connection: url=%s", url)
 	ctx, cancel := context.WithCancel(ctx)
 
 	// Create an HTTP client with appropriate timeouts

internal/mcp/schema.go

@@ -17,7 +17,6 @@ func NormalizeInputSchema(schema map[string]interface{}, toolName string) map[st
 	// If backend didn't provide a schema, use a default empty object schema
 	// This allows the tool to be registered and clients will see it accepts any parameters
 	if schema == nil {
-		logSchema.Printf("Tool %s has nil schema, applying default empty object schema", toolName)
 		logger.LogWarn("backend", "Tool schema normalized: %s - backend provided no inputSchema, using default empty object schema", toolName)
 		return map[string]interface{}{
 			"type":       "object",
@@ -43,11 +42,9 @@ func NormalizeInputSchema(schema map[string]interface{}, toolName string) map[st
 				normalized[k] = v
 			}
 			normalized["type"] = "object"
-			logSchema.Printf("Tool %s schema normalized: added object type", toolName)
 			return normalized
 		}
 		// Schema without type and without properties - assume it's an empty object schema
-		logSchema.Printf("Tool %s has no type and no properties, using empty object schema", toolName)
 		logger.LogWarn("backend", "Tool schema normalized: %s - schema missing type, assuming empty object schema", toolName)
 		return map[string]interface{}{
 			"type":       "object",
@@ -80,7 +77,6 @@ func NormalizeInputSchema(schema map[string]interface{}, toolName string) map[st
 		}
 		normalized["properties"] = map[string]interface{}{}
 
-		logSchema.Printf("Tool %s schema normalized: added empty properties field", toolName)
 		return normalized
 	}
 

internal/server/auth.go

@@ -45,7 +45,6 @@ func authMiddleware(apiKey string, next http.HandlerFunc) http.HandlerFunc {
 		authHeader := r.Header.Get("Authorization")
 
 		if authHeader == "" {
-			logAuth.Printf("Authentication failed: missing Authorization header")
 			// Spec 7.1: Missing token returns 401
 			logger.LogErrorMd("auth", "Authentication failed: missing Authorization header, remote=%s, path=%s", r.RemoteAddr, r.URL.Path)
 			logRuntimeError("authentication_failed", "missing_auth_header", r, nil)
@@ -55,14 +54,12 @@ func authMiddleware(apiKey string, next http.HandlerFunc) http.HandlerFunc {
 
 		// Spec 7.1: Authorization header must contain API key directly (not Bearer scheme)
 		if authHeader != apiKey {
-			logAuth.Printf("Authentication failed: invalid API key")
 			logger.LogErrorMd("auth", "Authentication failed: invalid API key, remote=%s, path=%s", r.RemoteAddr, r.URL.Path)
 			logRuntimeError("authentication_failed", "invalid_api_key", r, nil)
 			http.Error(w, "Unauthorized: invalid API key", http.StatusUnauthorized)
 			return
 		}
 
-		logAuth.Printf("Authentication successful")
 		logger.LogInfo("auth", "Authentication successful, remote=%s, path=%s", r.RemoteAddr, r.URL.Path)
 		// Token is valid, proceed to handler
 		next(w, r)

internal/server/handlers.go

@@ -35,7 +35,6 @@ func handleOAuthDiscovery() http.Handler {
 func handleClose(unifiedServer *UnifiedServer) http.Handler {
 	logHandlers.Print("Creating close handler")
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		logHandlers.Printf("Close request received: remote=%s, method=%s, path=%s", r.RemoteAddr, r.Method, r.URL.Path)
 		log.Printf("[%s] %s %s", r.RemoteAddr, r.Method, r.URL.Path)
 		logger.LogInfo("shutdown", "Close endpoint called, remote=%s", r.RemoteAddr)
 
@@ -48,7 +47,6 @@ func handleClose(unifiedServer *UnifiedServer) http.Handler {
 
 		// Check if already closed (idempotency - spec 5.1.3)
 		if unifiedServer.IsShutdown() {
-			logHandlers.Print("Gateway already shutdown, returning 410 Gone")
 			logger.LogWarn("shutdown", "Close endpoint called but gateway already closed, remote=%s", r.RemoteAddr)
 			writeJSONResponse(w, http.StatusGone, map[string]interface{}{
 				"error": "Gateway has already been closed",

internal/server/routed.go

@@ -20,10 +20,8 @@ var logRouted = logger.New("server:routed")
 // Per spec 5.1.3: "Immediately reject any new RPC requests to /mcp/{server-name} endpoints with HTTP 503"
 // The logNamespace parameter is used to create a logger for debug output specific to the call site.
 func rejectIfShutdown(unifiedServer *UnifiedServer, next http.Handler, logNamespace string) http.Handler {
-	log := logger.New(logNamespace)
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if unifiedServer.IsShutdown() {
-			log.Printf("Rejecting request during shutdown: remote=%s, method=%s, path=%s", r.RemoteAddr, r.Method, r.URL.Path)
 			logger.LogWarn("shutdown", "Request rejected during shutdown, remote=%s, path=%s", r.RemoteAddr, r.URL.Path)
 			writeJSONResponse(w, http.StatusServiceUnavailable, json.RawMessage(shutdownErrorJSON))
 			return