
`log/slog` (introduced in Go 1.21) is the standard structured logging package. It replaces ad-hoc `log.Printf` calls with key-value pairs that log aggregators can index and query.

<ExamplePair>
<ExampleProse>

`slog.Info`, `slog.Error`, `slog.Debug`, and `slog.Warn` are the four level functions. Each accepts a message and alternating key-value pairs. The default handler writes human-readable text to stderr.

</ExampleProse>
<ExampleCode>

```go
package main

import (
    "log/slog"
    "os"
)

func main() {
    slog.Info("server starting", "port", 8080, "env", "production")
    slog.Debug("cache miss", "key", "user:42")  // filtered if level > Debug
    slog.Warn("rate limit approaching", "remaining", 10)
    slog.Error("database unreachable", "host", "db.internal", "err", os.ErrDeadlineExceeded)
}
```

</ExampleCode>
</ExamplePair>

<ExamplePair>
<ExampleProse>

Switch to a JSON handler for production. Use `slog.With` to create a child logger with pre-attached fields - every log line emitted from that logger includes those fields automatically.

</ExampleProse>
<ExampleCode>

```go
package main

import (
    "log/slog"
    "os"
)

func main() {
    // JSON handler for structured output (log aggregators expect this)
    logger := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{
        Level: slog.LevelInfo,
    }))
    slog.SetDefault(logger)

    // Attach request-scoped fields once; every subsequent log includes them
    reqLogger := logger.With("request_id", "abc-123", "user_id", 42)
    reqLogger.Info("request received", "method", "GET", "path", "/api/users")
    reqLogger.Info("request complete", "status", 200, "duration_ms", 14)
}
```

</ExampleCode>
</ExamplePair>

<InProduction>
Use `log/slog` for all new code - it is the stdlib answer to zerolog and zap for most workloads. Structured logs (JSON) are required for log aggregators like Datadog, CloudWatch Logs, and Grafana Loki; a `log.Printf` string line is effectively unsearchable at scale. Use `slog.With` to attach request-scoped fields (trace ID, user ID, tenant ID) at the handler entry point so every log line in a request includes them without threading the logger through every function call. Set the minimum level via `slog.HandlerOptions.Level` - debug logs in production are a compliance risk (they may contain PII or secrets) and a throughput risk (log volume can exceed ingestion limits under load). For high-throughput services where slog's allocation overhead is measurable, zerolog or zap remain valid choices, but profile first. Never log sensitive fields (passwords, tokens, full credit card numbers) at any level; redact at the point of construction.
</InProduction>


log/slog (Go 1.21) provides structured logging with JSON output for production and human-readable text output for development - attach request-scoped fields with slog.With.

Logging


`http.Get` and `http.Post` are convenience functions backed by the package-level `http.DefaultClient`. For production use, create an explicit `http.Client` with a timeout so slow servers cannot hold goroutines open forever.

<ExamplePair>
<ExampleProse>

`http.Get` makes a GET request and returns a `*http.Response`. Always read the full body and close it - even if you discard the content - to allow connection reuse by the underlying transport.

</ExampleProse>
<ExampleCode>

```go
package main

import (
    "fmt"
    "io"
    "net/http"
)

func main() {
    resp, err := http.Get("https://httpbin.org/get")
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()

    body, err := io.ReadAll(resp.Body)
    if err != nil {
        panic(err)
    }
    fmt.Printf("status: %s\n", resp.Status)
    fmt.Printf("body: %s\n", body)
}
```

</ExampleCode>
</ExamplePair>

<ExamplePair>
<ExampleProse>

`http.NewRequestWithContext` creates a request tied to a context. Pass the context from the caller so that timeouts and cancellations propagate correctly through the full call chain.

</ExampleProse>
<ExampleCode>

```go
package main

import (
    "context"
    "fmt"
    "io"
    "net/http"
    "time"
)

func main() {
    client := &http.Client{Timeout: 5 * time.Second}

    ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
    defer cancel()

    req, err := http.NewRequestWithContext(ctx, http.MethodGet, "https://httpbin.org/delay/1", nil)
    if err != nil {
        panic(err)
    }
    req.Header.Set("Accept", "application/json")
    req.Header.Set("Authorization", "Bearer my-token")

    resp, err := client.Do(req)
    if err != nil {
        fmt.Println("request failed:", err)
        return
    }
    defer resp.Body.Close()

    body, _ := io.ReadAll(resp.Body)
    fmt.Printf("status: %d, body length: %d\n", resp.StatusCode, len(body))
}
```

</ExampleCode>
</ExamplePair>

<InProduction>
Always set a `Timeout` on `http.Client` - the zero value has no timeout and will hold a goroutine and a TCP connection open forever on a slow or unresponsive server. This has caused countless production incidents where a downstream service degradation cascaded into goroutine exhaustion in the caller. Always read and close `resp.Body` even when you do not need the content: failing to drain the body prevents the underlying TCP connection from returning to the pool, forcing a new connection for every request. Use `http.NewRequestWithContext` and pass a context derived from the incoming request so that if the upstream caller cancels (client disconnects, gateway times out), the outbound call also cancels. For services making many outbound calls, configure the `http.Transport` directly: increase `MaxIdleConnsPerHost` to match your concurrency, and set `DisableKeepAlives: false` (the default) to reuse connections. Closing the transport is rarely correct - share one client across the lifetime of the service.
</InProduction>


Always set Timeout on http.Client - the zero-value client has no timeout and holds goroutines open indefinitely when a downstream server is slow or unresponsive.

HTTP Client


`os.Getenv` returns the value of an environment variable or an empty string if the variable is not set. `os.LookupEnv` returns a second boolean that tells you which case you have.

<ExamplePair>
<ExampleProse>

`os.Getenv` is the quick read. `os.LookupEnv` returns `(value, ok)` - use it when an empty string is a valid value and you need to distinguish it from an absent variable.

</ExampleProse>
<ExampleCode>

```go
package main

import (
    "fmt"
    "os"
)

func main() {
    // Simple read - empty string if not set
    home := os.Getenv("HOME")
    fmt.Println("HOME:", home)

    // Distinguish "not set" from "set to empty"
    val, ok := os.LookupEnv("MY_API_KEY")
    if !ok {
        fmt.Println("MY_API_KEY is not set")
    } else {
        fmt.Printf("MY_API_KEY = %q\n", val)
    }
}
```

</ExampleCode>
</ExamplePair>

<ExamplePair>
<ExampleProse>

`os.Environ` returns all environment variables as a `[]string` in `KEY=VALUE` form. `os.Setenv` and `os.Unsetenv` mutate the process environment - changes are visible to child processes spawned after the call.

</ExampleProse>
<ExampleCode>

```go
package main

import (
    "fmt"
    "os"
    "strings"
)

func main() {
    os.Setenv("APP_ENV", "production")
    defer os.Unsetenv("APP_ENV")

    // os.Environ returns all KEY=VALUE pairs
    for _, entry := range os.Environ() {
        if strings.HasPrefix(entry, "APP_") {
            fmt.Println(entry)
        }
    }

    // os.Expand substitutes ${VAR} references
    template := "running in ${APP_ENV} mode"
    fmt.Println(os.ExpandEnv(template))
}
```

</ExampleCode>
</ExamplePair>

<InProduction>
Use `os.LookupEnv` instead of `os.Getenv` when you need to distinguish "not set" from "set to empty string" - a blank `DATABASE_URL` and a missing `DATABASE_URL` are different failure modes. Parse and validate all required environment variables at startup and fail fast with a descriptive error: discovering a missing variable on the first request is worse than crashing on boot. A common pattern is a `config.Load()` function called in `main` that reads every required var with `LookupEnv`, collects all missing names into a slice, and returns a single error listing them all. Libraries like `kelseyhightower/envconfig` or `caarlos0/env` automate this: they populate a struct from env vars and validate required fields in one call. For secrets (database passwords, API keys), prefer a secrets manager (AWS Secrets Manager, HashiCorp Vault) that injects values as env vars at container start rather than baking them into images or config files.
</InProduction>


os.Getenv reads env vars; os.LookupEnv distinguishes "not set" from "set to empty string" - critical for required config validation at startup.