feat: migrate to slog, add tracing, log masking and E2E workflow

- Migrate logging from logrus to slog for structured logs.
- Add W3C Trace Context support and propagation.
- Implement sensitive data masking and log body truncation.
- Enrich channel information with team and creator names.
- Add E2E testing framework and GitHub workflow.
- Update README with new security and logging features.

Author: ysyneu

.github/workflows/e2e.yml

@@ -0,0 +1,53 @@
+name: E2E Tests
+
+on:
+  workflow_dispatch:
+    inputs:
+      debug:
+        description: 'Run in debug mode (in-process, no Docker)'
+        required: false
+        default: 'false'
+        type: choice
+        options:
+          - 'true'
+          - 'false'
+
+permissions:
+  contents: read
+
+jobs:
+  e2e:
+    runs-on: ubuntu-latest
+    if: ${{ vars.ENABLE_E2E_TESTS == 'true' || github.event_name == 'workflow_dispatch' }}
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: "go.mod"
+
+      - name: Download dependencies
+        run: go mod download
+
+      - name: Set up Docker Buildx
+        if: ${{ github.event.inputs.debug != 'true' }}
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image
+        if: ${{ github.event.inputs.debug != 'true' }}
+        run: docker build -t flashcat/e2e-flashduty-mcp-server .
+
+      - name: Run E2E tests
+        env:
+          FLASHDUTY_E2E_APP_KEY: ${{ secrets.FLASHDUTY_E2E_APP_KEY }}
+          FLASHDUTY_E2E_BASE_URL: ${{ secrets.FLASHDUTY_E2E_BASE_URL }}
+          FLASHDUTY_E2E_DEBUG: ${{ github.event.inputs.debug }}
+        run: |
+          if [ -z "$FLASHDUTY_E2E_APP_KEY" ]; then
+            echo "Error: FLASHDUTY_E2E_APP_KEY secret is not set"
+            exit 1
+          fi
+          go test -v --tags e2e ./e2e/... -timeout 10m

README.md

@@ -36,7 +36,9 @@ For Cursors that support Remote MCP, use the following configuration:
   "mcpServers": {
     "flashduty": {
       "url": "https://mcp.flashcat.cloud/mcp",
-      "authorization_token": "Bearer <your_flashduty_app_key>"
+      "headers": {
+        "Authorization": "Bearer <your_flashduty_app_key>"
+      }
     }
   }
 }
@@ -146,12 +148,15 @@ Here is an example of configuring the remote service, specifying toolsets and re
   "mcpServers": {
     "flashduty": {
       "url": "https://mcp.flashcat.cloud/mcp?toolsets=incidents,users&read_only=true",
-      "authorization_token": "Bearer <your_flashduty_app_key>"
+      "headers": {
+        "Authorization": "Bearer <your_flashduty_app_key>"
+      }
     }
   }
 }
 ```
 
+- `headers.Authorization`: Your Flashduty APP key for authentication, prefixed with `Bearer `.
 - `toolsets=...`: Use a comma-separated list to specify the toolsets to enable (e.g., `incidents,users,channels`).
 - `read_only=true`: Enables read-only mode.
 
@@ -257,6 +262,14 @@ Create `flashduty-mcp-server-config.json` in the same directory as the binary:
 export FLASHDUTY_MCP_TOOL_CREATE_INCIDENT_DESCRIPTION="an alternative description"
 ```
 
+#### 5. Logging & Security
+
+The server provides structured logging and built-in security features:
+
+- **Data Masking**: Sensitive information such as `APP_KEY` and `Authorization` headers are automatically masked in logs to prevent accidental credential leakage.
+- **Log Truncation**: Large request/response bodies are automatically truncated in logs (default 2KB) to maintain performance.
+- **W3C Trace Context**: Supports W3C Trace Context (`traceparent`) for end-to-end observability. Trace IDs are automatically included in logs for easy request tracking.
+
 ---
 
 ## Available Toolsets
@@ -300,7 +313,7 @@ The following toolsets are available (all are on by default). You can also use `
 - `query_teams` - Query teams with member details
 
 ### `channels` - Collaboration Space and Escalation Rules (2 tools)
-- `query_channels` - Query collaboration spaces
+- `query_channels` - Query collaboration spaces with enriched data (team and creator names)
 - `query_escalation_rules` - Query escalation rules for a channel
 
 ### `fields` - Custom Field Definitions (1 tool)

README_zh.md

@@ -34,7 +34,9 @@ Flashduty MCP Server 是一个基于 [Model Context Protocol (MCP)](https://mode
   "mcpServers": {
     "flashduty": {
       "url": "https://mcp.flashcat.cloud/mcp",
-      "authorization_token": "Bearer <your_flashduty_app_key>"
+      "headers": {
+        "Authorization": "Bearer <your_flashduty_app_key>"
+      }
     }
   }
 }
@@ -133,12 +135,15 @@ Flashduty MCP Server 支持以下配置：
   "mcpServers": {
     "flashduty": {
       "url": "https://mcp.flashcat.cloud/mcp?toolsets=incidents,users&read_only=true",
-      "authorization_token": "Bearer <your_flashduty_app_key>"
+      "headers": {
+        "Authorization": "Bearer <your_flashduty_app_key>"
+      }
     }
   }
 }
 ```
 
+- `headers.Authorization`：用于认证的 Flashduty APP Key，需添加 `Bearer ` 前缀
 - `toolsets=...`：启用指定的工具集，多个用逗号分隔
 - `read_only=true`：启用只读模式
 
@@ -236,6 +241,14 @@ export FLASHDUTY_OUTPUT_FORMAT=toon
 export FLASHDUTY_MCP_TOOL_CREATE_INCIDENT_DESCRIPTION="自定义描述"
 ```
 
+#### 5. 日志与安全
+
+服务内置了结构化日志和增强的安全特性：
+
+- **数据脱敏**：日志会自动对敏感信息（如 `APP_KEY` 和 `Authorization` 请求头）进行掩码处理，防止密钥泄露。
+- **日志截断**：对于过大的请求/响应体，日志会自动进行截断（默认 2KB），确保服务性能。
+- **链路追踪**：支持 W3C Trace Context 标准。日志中会自动关联 `trace_id`，方便跨服务追踪请求全链路趋势。
+
 ---
 
 ## 工具集
@@ -279,7 +292,7 @@ export FLASHDUTY_MCP_TOOL_CREATE_INCIDENT_DESCRIPTION="自定义描述"
 - `query_teams` - 查询团队（含成员详情）
 
 ### `channels` - 协作空间 (2)
-- `query_channels` - 查询协作空间
+- `query_channels` - 查询协作空间（含团队、创建者名称等富化信息）
 - `query_escalation_rules` - 查询分派规则
 
 ### `fields` - 字段管理 (1)

e2e/README.md

@@ -0,0 +1,101 @@
+# End To End (e2e) Tests
+
+The purpose of the E2E tests is to provide confidence in the black box behavior of the flashduty-mcp-server artifacts. It does this by:
+
+* Building the `flashduty-mcp-server` docker image
+* Running the image
+* Interacting with the server via stdio
+* Issuing requests that interact with the live Flashduty API
+
+## Running the Tests
+
+A service must be running that supports image building and container creation via the `docker` CLI.
+
+Since these tests require an APP key to interact with real resources on the Flashduty API, it is gated behind the `e2e` build flag.
+
+```bash
+FLASHDUTY_E2E_APP_KEY=<YOUR_APP_KEY> go test -v --tags e2e ./e2e
+```
+
+### Environment Variables
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `FLASHDUTY_E2E_APP_KEY` | Yes | APP key for authenticating with Flashduty API |
+| `FLASHDUTY_E2E_BASE_URL` | No | Base URL for Flashduty API (default: `https://api.flashcat.cloud`) |
+| `FLASHDUTY_E2E_DEBUG` | No | Set to any value to run tests in debug mode (in-process) |
+
+### Debug Mode
+
+By default, the tests build and run a Docker container to test the server as a black box. However, for easier debugging, you can run the server in-process by setting `FLASHDUTY_E2E_DEBUG`:
+
+```bash
+FLASHDUTY_E2E_APP_KEY=<YOUR_APP_KEY> FLASHDUTY_E2E_DEBUG=true go test -v --tags e2e ./e2e
+```
+
+This allows you to:
+- Set breakpoints in the MCP server code
+- Get better visibility into failures
+- Skip the Docker build step for faster iteration
+
+Note: Debug mode has slightly reduced coverage as it doesn't test Docker integration or cobra/viper configuration parsing.
+
+## Test Coverage
+
+### Basic Tests
+
+- **TestInitialize**: Verifies server startup and tool listing
+- **TestToolsets**: Tests that toolset filtering works correctly
+- **TestReadOnlyMode**: Tests that read-only mode only exposes read tools
+
+### Read-Only Tools Tests
+
+- **TestQueryIncidents**: Tests querying incidents
+- **TestQueryChannels**: Tests querying collaboration spaces
+- **TestQueryMembers**: Tests querying members
+
+### Incident Lifecycle Tests
+
+- **TestIncidentLifecycle**: Tests the full incident lifecycle (create → acknowledge → close)
+
+## Limitations
+
+1. **Resource Cleanup**: Unlike GitHub's API, Flashduty doesn't support deleting incidents or collaboration spaces. Tests that create resources will close them instead of deleting them.
+
+2. **Test Account**: It's recommended to use a dedicated test APP key to avoid polluting production data.
+
+3. **Rate Limiting**: Be aware of Flashduty API rate limits when running tests frequently.
+
+4. **Global State**: Some operations may affect the global state of your Flashduty account. Use with caution on production accounts.
+
+## CI Integration
+
+The e2e tests can be run in GitHub Actions via the `e2e.yml` workflow.
+
+### Setup
+
+1. Add the following secrets to your repository:
+   - `FLASHDUTY_E2E_APP_KEY`: Your Flashduty APP key for testing
+   - `FLASHDUTY_E2E_BASE_URL` (optional): Custom API base URL
+
+2. Optionally, set the repository variable `ENABLE_E2E_TESTS=true` to enable automatic runs.
+
+3. Run the workflow manually from the Actions tab, or trigger it via the GitHub API.
+
+### Manual Trigger
+
+You can trigger the workflow manually with debug mode:
+
+```bash
+gh workflow run e2e.yml -f debug=true
+```
+
+## Adding New Tests
+
+When adding new tests:
+
+1. Use the `t.Parallel()` directive for tests that can run concurrently
+2. Use `callTool()` helper for making tool calls
+3. Use `unmarshalToolResponse()` for parsing responses
+4. For tests that create resources, ensure proper cleanup in `t.Cleanup()`
+5. Consider using the native API client (`getAPIClient()`) for verification