Add structured logging system with color-coded output and file logging

- Add comprehensive logging system with color-coded log levels
- Wrap all command executions with run_cmd() to capture output
- Add file logging with timestamps (default: openvpn-install.log)
- Suppress interactive prompts in auto-install mode
- Show log file location hint on errors
- Add E2E output validation to catch raw echo leaks

test/Dockerfile.server

@@ -35,7 +35,8 @@ RUN chmod +x /opt/openvpn-install.sh
 
 # Copy test scripts
 COPY test/server-entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
+COPY test/validate-output.sh /opt/test/validate-output.sh
+RUN chmod +x /entrypoint.sh /opt/test/validate-output.sh
 
 WORKDIR /opt
 

test/server-entrypoint.sh

@@ -14,6 +14,7 @@ echo "TUN device ready"
 
 # Set up environment for auto-install
 export AUTO_INSTALL=y
+export FORCE_COLOR=1
 export APPROVE_INSTALL=y
 export APPROVE_IP=y
 export IPV6_SUPPORT=n
@@ -34,11 +35,23 @@ chmod +x /tmp/openvpn-install.sh
 
 echo "Running OpenVPN install script..."
 # Run in subshell because the script calls 'exit 0' after generating client config
+# Capture output to validate logging format, while still displaying it
 # Use || true to prevent set -e from exiting on failure, then check exit code
-(bash -x /tmp/openvpn-install.sh) && INSTALL_EXIT_CODE=0 || INSTALL_EXIT_CODE=$?
+INSTALL_OUTPUT="/tmp/install-output.log"
+(bash /tmp/openvpn-install.sh) 2>&1 | tee "$INSTALL_OUTPUT" && INSTALL_EXIT_CODE=${PIPESTATUS[0]} || INSTALL_EXIT_CODE=${PIPESTATUS[0]}
 
 echo "=== Installation complete (exit code: $INSTALL_EXIT_CODE) ==="
 
+# Validate that all output uses proper logging format (ANSI color codes)
+echo "Validating output format..."
+if /opt/test/validate-output.sh "$INSTALL_OUTPUT"; then
+	echo "PASS: All script output uses proper log formatting"
+else
+	echo "FAIL: Script output contains unformatted lines"
+	echo "This indicates echo statements that should use log_* functions"
+	exit 1
+fi
+
 if [ "$INSTALL_EXIT_CODE" -ne 0 ]; then
 	echo "ERROR: Install script failed with exit code $INSTALL_EXIT_CODE"
 	exit 1

test/validate-output.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+# Validates that script output only contains properly formatted log messages
+# All output from openvpn-install.sh should use logging functions
+#
+# Usage: ./validate-output.sh <output_file>
+#        Or pipe: some_command | ./validate-output.sh
+
+set -euo pipefail
+
+INPUT_FILE="${1:-/dev/stdin}"
+
+# Valid output patterns:
+# - Lines starting with ANSI escape codes (colored output)
+# - Lines starting with our log prefixes (non-TTY mode)
+# - Lines starting with > (command echo from run_cmd)
+# - Empty lines
+
+# ANSI escape code pattern
+ANSI_PATTERN=$'^\033\\['
+
+# Log prefix patterns (for non-TTY mode where colors are disabled)
+# These match: [INFO], [WARN], [ERROR], [OK], [DEBUG], or > (command line)
+LOG_PREFIXES='^(\[INFO\]|\[WARN\]|\[ERROR\]|\[OK\]|\[DEBUG\]|> )'
+
+# Count issues
+INVALID_LINES=0
+TOTAL_LINES=0
+LINE_NUM=0
+
+echo "Validating script output for unformatted lines..."
+echo ""
+
+while IFS= read -r line || [[ -n "$line" ]]; do
+	LINE_NUM=$((LINE_NUM + 1))
+
+	# Skip empty lines
+	if [[ -z "$line" ]]; then
+		continue
+	fi
+
+	TOTAL_LINES=$((TOTAL_LINES + 1))
+
+	# Check if line starts with ANSI escape code (colored output from log functions)
+	if [[ "$line" =~ $ANSI_PATTERN ]]; then
+		continue
+	fi
+
+	# Check if line starts with our log prefixes (non-TTY mode)
+	if [[ "$line" =~ $LOG_PREFIXES ]]; then
+		continue
+	fi
+
+	# If we get here, the line doesn't match expected patterns - it's raw output
+	INVALID_LINES=$((INVALID_LINES + 1))
+	# Truncate long lines for display
+	if [[ ${#line} -gt 100 ]]; then
+		DISPLAY_LINE="${line:0:100}..."
+	else
+		DISPLAY_LINE="$line"
+	fi
+	echo "  [LEAK] Line $LINE_NUM: $DISPLAY_LINE"
+
+done <"$INPUT_FILE"
+
+echo ""
+echo "----------------------------------------"
+echo "Total lines checked: $TOTAL_LINES"
+echo "Invalid lines found: $INVALID_LINES"
+
+if [[ $INVALID_LINES -gt 0 ]]; then
+	echo ""
+	echo "ERROR: Found $INVALID_LINES line(s) without proper log formatting."
+	echo ""
+	echo "All user-visible output should use log_* functions:"
+	echo "  - log_info 'message'    -> [INFO] message"
+	echo "  - log_warn 'message'    -> [WARN] message"
+	echo "  - log_error 'message'   -> [ERROR] message"
+	echo "  - log_success 'message' -> [OK] message"
+	echo "  - run_cmd 'desc' cmd    -> > cmd"
+	echo ""
+	echo "Raw echo statements or command output should not leak to stdout."
+	exit 1
+fi
+
+echo ""
+echo "All output is properly formatted!"
+exit 0