fix: silence sqlcipher logs except for ERROR level

[xmtp-coder-agent]

Summary

• Sets default SQLCipher cipher_log_level to ERROR so only error-level messages are emitted in production
• Preserves the SQLCIPHER_LOG=true environment variable override for verbose (INFO-level) debugging
• Test builds continue to use NONE log level (unchanged)

Resolves #3257

Test plan

• cargo clippy -p xmtp_db passes with no warnings
• CI passes

🤖 Generated with Claude Code

Note

Silence SQLCipher logs below ERROR level by default in EncryptedConnection.validate

• validate() in sqlcipher_connection.rs now explicitly sets cipher_log=stderr and cipher_log_level=ERROR when the SQLCIPHER_LOG env var is not set.
• When SQLCIPHER_LOG is true or 1, cipher_log_level is set to INFO as before.
• Adds a test that verifies both configurations by querying PRAGMA cipher_log_level after validate().

^{Macroscope summarized 5bd3193.}

[macroscopeapp]

Approvability

Verdict: Needs human review

While this is a simple logging configuration change (defaulting sqlcipher logs to ERROR level), the author does not own the modified file which is designated to @xmtp/protocol-sdk. The code owners should verify this logging behavior change aligns with their expectations.

No code changes detected at 5bd3193. Prior analysis still applies.

^{You can customize Macroscope's approvability policy. Learn more.}

[codecov]

Codecov Report

❌ Patch coverage is 97.72727% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 82.96%. Comparing base (e9d5086) to head (5bd3193).

Files with missing lines	Patch %	Lines
...pted_store/database/native/sqlcipher_connection.rs	97.72%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3374      +/-   ##
==========================================
- Coverage   82.99%   82.96%   -0.04%     
==========================================
  Files         376      376              
  Lines       50896    50940      +44     
==========================================
+ Hits        42243    42262      +19     
- Misses       8653     8678      +25     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[neekolas]

Update this PR to be up to date with the base branch

[xmtp-coder-agent]

Rebased onto latest main.

[claude]

Claude finished @xmtp-coder-agent's task —— View job

---

Code Review Complete

Review Date: March 31, 2026 00:42 UTC

Tasks

• Read modified file
• Analyze implementation
• Review test coverage
• Post feedback

---

Review Feedback

The implementation looks solid overall. The changes appropriately address the issue of silencing SQLCipher logs in production while preserving debug capabilities. Here are a few observations:

Code Quality

✅ Good: The logic is clean and well-structured. The environment variable check at sqlcipher_connection.rs:298-307 correctly handles both "true" and "1" as valid values.

✅ Good: The test at sqlcipher_connection.rs:441-495 thoroughly validates both code paths (default ERROR level and INFO override).

Test Coverage

✅ Comprehensive: The new test test_sqlcipher_log_level_configuration validates both scenarios sequentially, correctly acknowledging that cipher_log_level is process-wide in SQLCipher.

⚠️ Minor observation: The test uses unsafe blocks for environment variable manipulation (std::env::remove_var and std::env::set_var). While this is standard for environment variable testing in Rust, it's worth noting that this makes the test not thread-safe. The sequential execution within a single test function mitigates this concern.

Security

✅ No security concerns identified. The change only affects logging configuration and doesn't expose sensitive data.

Performance

✅ No performance concerns. The environment variable check happens once during connection validation, which is negligible overhead.

Implementation Details

The logic at sqlcipher_connection.rs:298-307 correctly:

• Checks the SQLCIPHER_LOG environment variable
• Sets cipher_log = stderr in both cases (appropriate for production)
• Uses INFO level when debugging is enabled
• Defaults to ERROR level for production use
• Uses .ok() to ignore errors from batch_execute, which is reasonable for non-critical logging configuration

Note: The codecov report indicates 1 line missing coverage. Based on the implementation, this is likely the error path from the .ok() calls, which is acceptable for logging configuration.

Summary

The PR successfully implements the requested feature with good test coverage. The implementation is clean, secure, and follows Rust best practices. No blocking issues identified.

---

[neekolas]

Can we add some tests to validate that this actually works as expected

[xmtp-coder-agent]

Added a test (test_sqlcipher_log_level_configuration) that validates:

1. Default cipher_log_level is set to ERROR after validate()
2. With SQLCIPHER_LOG=true, cipher_log_level is overridden to INFO

Both cases are tested sequentially in a single test since cipher_log_level is a process-wide setting in SQLCipher.