Merge pull request 'wallet search fix' (#195 ) from chain-190 into main

Reviewed-on: #195
wallet search fix
2025-12-26 13:09:42 +00:00 · 2025-12-26 14:09:16 +01:00 · 2025-12-26 11:26:52 +00:00 · 2025-12-26 12:26:28 +01:00
43 changed files with 1462 additions and 244 deletions
--- a/api/gateway/chain/internal/keymanager/vault/manager.go
+++ b/api/gateway/chain/internal/keymanager/vault/manager.go
@@ -45,22 +45,22 @@ func New(logger mlogger.Logger, cfg Config) (*Manager, error) {
 	}
 	address := strings.TrimSpace(cfg.Address)
 	if address == "" {
-		logger.Error("vault address missing")
+		logger.Error("Vault address missing")
 		return nil, merrors.InvalidArgument("vault key manager: address is required")
 	}
 	tokenEnv := strings.TrimSpace(cfg.TokenEnv)
 	if tokenEnv == "" {
-		logger.Error("vault token env missing")
+		logger.Error("Vault token env missing")
 		return nil, merrors.InvalidArgument("vault key manager: token_env is required")
 	}
 	token := strings.TrimSpace(os.Getenv(tokenEnv))
 	if token == "" {
-		logger.Error("vault token missing; expected Vault Agent to export token", zap.String("env", tokenEnv))
+		logger.Error("Vault token missing; expected Vault Agent to export token", zap.String("env", tokenEnv))
 		return nil, merrors.InvalidArgument("vault key manager: token env " + tokenEnv + " is not set (expected Vault Agent sink to populate it)")
 	}
 	mountPath := strings.Trim(strings.TrimSpace(cfg.MountPath), "/")
 	if mountPath == "" {
-		logger.Error("vault mount path missing")
+		logger.Error("Vault mount path missing")
 		return nil, merrors.InvalidArgument("vault key manager: mount_path is required")
 	}
 	keyPrefix := strings.Trim(strings.TrimSpace(cfg.KeyPrefix), "/")
@@ -73,7 +73,7 @@ func New(logger mlogger.Logger, cfg Config) (*Manager, error) {

 	client, err := api.NewClient(clientCfg)
 	if err != nil {
-		logger.Error("failed to create vault client", zap.Error(err))
+		logger.Error("Failed to create vault client", zap.Error(err))
 		return nil, merrors.Internal("vault key manager: failed to create client: " + err.Error())
 	}
 	client.SetToken(token)
@@ -94,17 +94,17 @@ func New(logger mlogger.Logger, cfg Config) (*Manager, error) {
 // CreateManagedWalletKey creates a new managed wallet key and stores it in Vault.
 func (m *Manager) CreateManagedWalletKey(ctx context.Context, walletRef string, network string) (*keymanager.ManagedWalletKey, error) {
 	if strings.TrimSpace(walletRef) == "" {
-		m.logger.Warn("walletRef missing for managed key creation", zap.String("network", network))
+		m.logger.Warn("WalletRef missing for managed key creation", zap.String("network", network))
 		return nil, merrors.InvalidArgument("vault key manager: walletRef is required")
 	}
 	if strings.TrimSpace(network) == "" {
-		m.logger.Warn("network missing for managed key creation", zap.String("wallet_ref", walletRef))
+		m.logger.Warn("Network missing for managed key creation", zap.String("wallet_ref", walletRef))
 		return nil, merrors.InvalidArgument("vault key manager: network is required")
 	}

 	privateKey, err := ecdsa.GenerateKey(secp256k1.S256(), rand.Reader)
 	if err != nil {
-		m.logger.Warn("failed to generate managed wallet key", zap.String("wallet_ref", walletRef), zap.String("network", network), zap.Error(err))
+		m.logger.Warn("Failed to generate managed wallet key", zap.String("wallet_ref", walletRef), zap.String("network", network), zap.Error(err))
 		return nil, merrors.Internal("vault key manager: failed to generate key: " + err.Error())
 	}
 	privateKeyBytes := crypto.FromECDSA(privateKey)
@@ -115,7 +115,7 @@ func (m *Manager) CreateManagedWalletKey(ctx context.Context, walletRef string,

 	err = m.persistKey(ctx, walletRef, network, privateKeyBytes, publicKeyBytes, address)
 	if err != nil {
-		m.logger.Warn("failed to persist managed wallet key", zap.String("wallet_ref", walletRef), zap.String("network", network), zap.Error(err))
+		m.logger.Warn("Failed to persist managed wallet key", zap.String("wallet_ref", walletRef), zap.String("network", network), zap.Error(err))
 		zeroBytes(privateKeyBytes)
 		zeroBytes(publicKeyBytes)
 		return nil, err
@@ -123,7 +123,7 @@ func (m *Manager) CreateManagedWalletKey(ctx context.Context, walletRef string,
 	zeroBytes(privateKeyBytes)
 	zeroBytes(publicKeyBytes)

-	m.logger.Info("managed wallet key created",
+	m.logger.Info("Managed wallet key created",
 		zap.String("wallet_ref", walletRef),
 		zap.String("network", network),
 		zap.String("address", strings.ToLower(address)),
@@ -158,43 +158,43 @@ func (m *Manager) buildKeyID(network, walletRef string) string {
 // SignTransaction loads the key material from Vault and signs the transaction.
 func (m *Manager) SignTransaction(ctx context.Context, keyID string, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error) {
 	if strings.TrimSpace(keyID) == "" {
-		m.logger.Warn("signing failed: empty key id")
+		m.logger.Warn("Signing failed: empty key id")
 		return nil, merrors.InvalidArgument("vault key manager: keyID is required")
 	}
 	if tx == nil {
-		m.logger.Warn("signing failed: nil transaction", zap.String("key_id", keyID))
+		m.logger.Warn("Signing failed: nil transaction", zap.String("key_id", keyID))
 		return nil, merrors.InvalidArgument("vault key manager: transaction is nil")
 	}
 	if chainID == nil {
-		m.logger.Warn("signing failed: nil chain id", zap.String("key_id", keyID))
+		m.logger.Warn("Signing failed: nil chain id", zap.String("key_id", keyID))
 		return nil, merrors.InvalidArgument("vault key manager: chainID is nil")
 	}

 	material, err := m.loadKey(ctx, keyID)
 	if err != nil {
-		m.logger.Warn("failed to load key material", zap.String("key_id", keyID), zap.Error(err))
+		m.logger.Warn("Failed to load key material", zap.String("key_id", keyID), zap.Error(err))
 		return nil, err
 	}

 	keyBytes, err := hex.DecodeString(material.PrivateKey)
 	if err != nil {
-		m.logger.Warn("invalid key material", zap.String("key_id", keyID), zap.Error(err))
+		m.logger.Warn("Invalid key material", zap.String("key_id", keyID), zap.Error(err))
 		return nil, merrors.Internal("vault key manager: invalid key material: " + err.Error())
 	}
 	defer zeroBytes(keyBytes)

 	privateKey, err := crypto.ToECDSA(keyBytes)
 	if err != nil {
-		m.logger.Warn("failed to construct private key", zap.String("key_id", keyID), zap.Error(err))
+		m.logger.Warn("Failed to construct private key", zap.String("key_id", keyID), zap.Error(err))
 		return nil, merrors.Internal("vault key manager: failed to construct private key: " + err.Error())
 	}

 	signed, err := types.SignTx(tx, types.LatestSignerForChainID(chainID), privateKey)
 	if err != nil {
-		m.logger.Warn("failed to sign transaction", zap.String("key_id", keyID), zap.Error(err))
+		m.logger.Warn("Failed to sign transaction", zap.String("key_id", keyID), zap.Error(err))
 		return nil, merrors.Internal("vault key manager: failed to sign transaction: " + err.Error())
 	}
-	m.logger.Info("transaction signed with managed key",
+	m.logger.Info("Transaction signed with managed key",
 		zap.String("key_id", keyID),
 		zap.String("network", material.Network),
 		zap.String("tx_hash", signed.Hash().Hex()),
@@ -213,23 +213,23 @@ func (m *Manager) loadKey(ctx context.Context, keyID string) (*keyMaterial, erro
 	secretPath := strings.Trim(strings.TrimPrefix(keyID, "/"), "/")
 	secret, err := m.store.Get(ctx, secretPath)
 	if err != nil {
-		m.logger.Warn("failed to read secret", zap.String("path", secretPath), zap.Error(err))
+		m.logger.Warn("Failed to read secret", zap.String("path", secretPath), zap.Error(err))
 		return nil, merrors.Internal("vault key manager: failed to read secret at " + secretPath + ": " + err.Error())
 	}
 	if secret == nil || secret.Data == nil {
-		m.logger.Warn("secret not found", zap.String("path", secretPath))
+		m.logger.Warn("Secret not found", zap.String("path", secretPath))
 		return nil, merrors.NoData("vault key manager: secret " + secretPath + " not found")
 	}

 	getString := func(key string) (string, error) {
 		val, ok := secret.Data[key]
 		if !ok {
-			m.logger.Warn("secret missing field", zap.String("path", secretPath), zap.String("field", key))
+			m.logger.Warn("Secret missing field", zap.String("path", secretPath), zap.String("field", key))
 			return "", merrors.Internal("vault key manager: secret " + secretPath + " missing " + key)
 		}
 		str, ok := val.(string)
 		if !ok || strings.TrimSpace(str) == "" {
-			m.logger.Warn("secret field invalid", zap.String("path", secretPath), zap.String("field", key))
+			m.logger.Warn("Secret field invalid", zap.String("path", secretPath), zap.String("field", key))
 			return "", merrors.Internal("vault key manager: secret " + secretPath + " invalid " + key)
 		}
 		return str, nil
--- a/api/gateway/chain/internal/server/internal/serverimp.go
+++ b/api/gateway/chain/internal/server/internal/serverimp.go
@@ -123,12 +123,12 @@ func (i *Imp) Start() error {
 	cl := i.logger.Named("config")
 	networkConfigs, err := resolveNetworkConfigs(cl.Named("network"), cfg.Chains)
 	if err != nil {
-		i.logger.Error("invalid chain network configuration", zap.Error(err))
+		i.logger.Error("Invalid chain network configuration", zap.Error(err))
 		return err
 	}
 	rpcClients, err := rpcclient.Prepare(context.Background(), i.logger.Named("rpc"), networkConfigs)
 	if err != nil {
-		i.logger.Error("failed to prepare rpc clients", zap.Error(err))
+		i.logger.Error("Failed to prepare rpc clients", zap.Error(err))
 		return err
 	}
 	i.rpcClients = rpcClients
@@ -166,7 +166,7 @@ func (i *Imp) Start() error {
 func (i *Imp) loadConfig() (*config, error) {
 	data, err := os.ReadFile(i.file)
 	if err != nil {
-		i.logger.Error("could not read configuration file", zap.String("config_file", i.file), zap.Error(err))
+		i.logger.Error("Could not read configuration file", zap.String("config_file", i.file), zap.Error(err))
 		return nil, err
 	}

@@ -174,7 +174,7 @@ func (i *Imp) loadConfig() (*config, error) {
 		Config: &grpcapp.Config{},
 	}
 	if err := yaml.Unmarshal(data, cfg); err != nil {
-		i.logger.Error("failed to parse configuration", zap.Error(err))
+		i.logger.Error("Failed to parse configuration", zap.Error(err))
 		return nil, err
 	}

@@ -198,7 +198,7 @@ func resolveNetworkConfigs(logger mlogger.Logger, chains []chainConfig) ([]gatew
 	result := make([]gatewayshared.Network, 0, len(chains))
 	for _, chain := range chains {
 		if strings.TrimSpace(chain.Name) == "" {
-			logger.Warn("skipping unnamed chain configuration")
+			logger.Warn("Skipping unnamed chain configuration")
 			continue
 		}
 		rpcURL := strings.TrimSpace(os.Getenv(chain.RPCURLEnv))
@@ -210,7 +210,7 @@ func resolveNetworkConfigs(logger mlogger.Logger, chains []chainConfig) ([]gatew
 		for _, token := range chain.Tokens {
 			symbol := strings.TrimSpace(token.Symbol)
 			if symbol == "" {
-				logger.Warn("skipping token with empty symbol", zap.String("chain", chain.Name))
+				logger.Warn("Skipping token with empty symbol", zap.String("chain", chain.Name))
 				continue
 			}
 			addr := strings.TrimSpace(token.Contract)
@@ -220,9 +220,9 @@ func resolveNetworkConfigs(logger mlogger.Logger, chains []chainConfig) ([]gatew
 			}
 			if addr == "" {
 				if env != "" {
-					logger.Warn("token contract not configured", zap.String("token", symbol), zap.String("env", env), zap.String("chain", chain.Name))
+					logger.Warn("Token contract not configured", zap.String("token", symbol), zap.String("env", env), zap.String("chain", chain.Name))
 				} else {
-					logger.Warn("token contract not configured", zap.String("token", symbol), zap.String("chain", chain.Name))
+					logger.Warn("Token contract not configured", zap.String("token", symbol), zap.String("chain", chain.Name))
 				}
 				continue
 			}
@@ -234,7 +234,7 @@ func resolveNetworkConfigs(logger mlogger.Logger, chains []chainConfig) ([]gatew

 		gasPolicy, err := buildGasTopUpPolicy(chain.Name, chain.GasTopUpPolicy)
 		if err != nil {
-			logger.Error("invalid gas top-up policy", zap.String("chain", chain.Name), zap.Error(err))
+			logger.Error("Invalid gas top-up policy", zap.String("chain", chain.Name), zap.Error(err))
 			return nil, err
 		}

@@ -322,13 +322,13 @@ func resolveServiceWallet(logger mlogger.Logger, cfg serviceWalletConfig) gatewa

 	if address == "" {
 		if cfg.AddressEnv != "" {
-			logger.Warn("service wallet address not configured", zap.String("env", cfg.AddressEnv))
+			logger.Warn("Service wallet address not configured", zap.String("env", cfg.AddressEnv))
 		} else {
-			logger.Warn("service wallet address not configured", zap.String("chain", cfg.Chain))
+			logger.Warn("Service wallet address not configured", zap.String("chain", cfg.Chain))
 		}
 	}
 	if privateKey == "" {
-		logger.Warn("service wallet private key not configured", zap.String("env", cfg.PrivateKeyEnv))
+		logger.Warn("Service wallet private key not configured", zap.String("env", cfg.PrivateKeyEnv))
 	}

 	return gatewayshared.ServiceWallet{
@@ -342,7 +342,7 @@ func resolveKeyManager(logger mlogger.Logger, cfg keymanager.Config) (keymanager
 	driver := strings.ToLower(strings.TrimSpace(string(cfg.Driver)))
 	if driver == "" {
 		err := merrors.InvalidArgument("key management driver is not configured")
-		logger.Error("key management driver missing")
+		logger.Error("Key management driver missing")
 		return nil, err
 	}

@@ -351,19 +351,19 @@ func resolveKeyManager(logger mlogger.Logger, cfg keymanager.Config) (keymanager
 		settings := vaultmanager.Config{}
 		if len(cfg.Settings) > 0 {
 			if err := mapstructure.Decode(cfg.Settings, &settings); err != nil {
-				logger.Error("failed to decode vault key manager settings", zap.Error(err), zap.Any("settings", cfg.Settings))
+				logger.Error("Failed to decode vault key manager settings", zap.Error(err), zap.Any("settings", cfg.Settings))
 				return nil, merrors.InvalidArgument("invalid vault key manager settings: " + err.Error())
 			}
 		}
 		manager, err := vaultmanager.New(logger, settings)
 		if err != nil {
-			logger.Error("failed to initialise vault key manager", zap.Error(err))
+			logger.Error("Failed to initialise vault key manager", zap.Error(err))
 			return nil, err
 		}
 		return manager, nil
 	default:
 		err := merrors.InvalidArgument("unsupported key management driver: " + driver)
-		logger.Error("unsupported key management driver", zap.String("driver", driver))
+		logger.Error("Unsupported key management driver", zap.String("driver", driver))
 		return nil, err
 	}
 }
--- a/api/gateway/chain/internal/service/gateway/commands/transfer/fee.go
+++ b/api/gateway/chain/internal/service/gateway/commands/transfer/fee.go
@@ -34,12 +34,12 @@ func (c *estimateTransferFeeCommand) Execute(ctx context.Context, req *chainv1.E

 	sourceWalletRef := strings.TrimSpace(req.GetSourceWalletRef())
 	if sourceWalletRef == "" {
-		c.deps.Logger.Warn("source wallet ref missing")
+		c.deps.Logger.Warn("Source wallet ref missing")
 		return gsresponse.InvalidArgument[chainv1.EstimateTransferFeeResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("source_wallet_ref is required"))
 	}
 	amount := req.GetAmount()
 	if amount == nil || strings.TrimSpace(amount.GetAmount()) == "" || strings.TrimSpace(amount.GetCurrency()) == "" {
-		c.deps.Logger.Warn("amount missing or incomplete")
+		c.deps.Logger.Warn("Amount missing or incomplete")
 		return gsresponse.InvalidArgument[chainv1.EstimateTransferFeeResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("amount is required"))
 	}

--- a/api/gateway/chain/internal/service/gateway/commands/transfer/gas_topup.go
+++ b/api/gateway/chain/internal/service/gateway/commands/transfer/gas_topup.go
@@ -29,22 +29,22 @@ func NewComputeGasTopUp(deps Deps) *computeGasTopUpCommand {

 func (c *computeGasTopUpCommand) Execute(ctx context.Context, req *chainv1.ComputeGasTopUpRequest) gsresponse.Responder[chainv1.ComputeGasTopUpResponse] {
 	if err := c.deps.EnsureRepository(ctx); err != nil {
-		c.deps.Logger.Warn("repository unavailable", zap.Error(err))
+		c.deps.Logger.Warn("Repository unavailable", zap.Error(err))
 		return gsresponse.Unavailable[chainv1.ComputeGasTopUpResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	if req == nil {
-		c.deps.Logger.Warn("nil request")
+		c.deps.Logger.Warn("Nil request")
 		return gsresponse.InvalidArgument[chainv1.ComputeGasTopUpResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("request is required"))
 	}

 	walletRef := strings.TrimSpace(req.GetWalletRef())
 	if walletRef == "" {
-		c.deps.Logger.Warn("wallet ref missing")
+		c.deps.Logger.Warn("Wallet ref missing")
 		return gsresponse.InvalidArgument[chainv1.ComputeGasTopUpResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("wallet_ref is required"))
 	}
 	estimatedFee := req.GetEstimatedTotalFee()
 	if estimatedFee == nil || strings.TrimSpace(estimatedFee.GetAmount()) == "" || strings.TrimSpace(estimatedFee.GetCurrency()) == "" {
-		c.deps.Logger.Warn("estimated fee missing")
+		c.deps.Logger.Warn("Estimated fee missing")
 		return gsresponse.InvalidArgument[chainv1.ComputeGasTopUpResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("estimated_total_fee is required"))
 	}

@@ -71,37 +71,37 @@ func NewEnsureGasTopUp(deps Deps) *ensureGasTopUpCommand {

 func (c *ensureGasTopUpCommand) Execute(ctx context.Context, req *chainv1.EnsureGasTopUpRequest) gsresponse.Responder[chainv1.EnsureGasTopUpResponse] {
 	if err := c.deps.EnsureRepository(ctx); err != nil {
-		c.deps.Logger.Warn("repository unavailable", zap.Error(err))
+		c.deps.Logger.Warn("Repository unavailable", zap.Error(err))
 		return gsresponse.Unavailable[chainv1.EnsureGasTopUpResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	if req == nil {
-		c.deps.Logger.Warn("nil request")
+		c.deps.Logger.Warn("Nil request")
 		return gsresponse.InvalidArgument[chainv1.EnsureGasTopUpResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("request is required"))
 	}

 	idempotencyKey := strings.TrimSpace(req.GetIdempotencyKey())
 	if idempotencyKey == "" {
-		c.deps.Logger.Warn("idempotency key missing")
+		c.deps.Logger.Warn("Idempotency key missing")
 		return gsresponse.InvalidArgument[chainv1.EnsureGasTopUpResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("idempotency_key is required"))
 	}
 	organizationRef := strings.TrimSpace(req.GetOrganizationRef())
 	if organizationRef == "" {
-		c.deps.Logger.Warn("organization ref missing")
+		c.deps.Logger.Warn("Organization ref missing")
 		return gsresponse.InvalidArgument[chainv1.EnsureGasTopUpResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("organization_ref is required"))
 	}
 	sourceWalletRef := strings.TrimSpace(req.GetSourceWalletRef())
 	if sourceWalletRef == "" {
-		c.deps.Logger.Warn("source wallet ref missing")
+		c.deps.Logger.Warn("Source wallet ref missing")
 		return gsresponse.InvalidArgument[chainv1.EnsureGasTopUpResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("source_wallet_ref is required"))
 	}
 	targetWalletRef := strings.TrimSpace(req.GetTargetWalletRef())
 	if targetWalletRef == "" {
-		c.deps.Logger.Warn("target wallet ref missing")
+		c.deps.Logger.Warn("Target wallet ref missing")
 		return gsresponse.InvalidArgument[chainv1.EnsureGasTopUpResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("target_wallet_ref is required"))
 	}
 	estimatedFee := req.GetEstimatedTotalFee()
 	if estimatedFee == nil || strings.TrimSpace(estimatedFee.GetAmount()) == "" || strings.TrimSpace(estimatedFee.GetCurrency()) == "" {
-		c.deps.Logger.Warn("estimated fee missing")
+		c.deps.Logger.Warn("Estimated fee missing")
 		return gsresponse.InvalidArgument[chainv1.EnsureGasTopUpResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("estimated_total_fee is required"))
 	}

@@ -268,7 +268,7 @@ func logDecision(logger mlogger.Logger, walletRef string, estimatedFee *moneyv1.
 			zap.String("operation_type", decision.OperationType),
 		)
 	}
-	logger.Info("gas top-up decision", fields...)
+	logger.Info("Gas top-up decision", fields...)
 }

 func amountString(m *moneyv1.Money) string {
--- a/api/gateway/chain/internal/service/gateway/commands/transfer/get.go
+++ b/api/gateway/chain/internal/service/gateway/commands/transfer/get.go
@@ -22,25 +22,25 @@ func NewGetTransfer(deps Deps) *getTransferCommand {

 func (c *getTransferCommand) Execute(ctx context.Context, req *chainv1.GetTransferRequest) gsresponse.Responder[chainv1.GetTransferResponse] {
 	if err := c.deps.EnsureRepository(ctx); err != nil {
-		c.deps.Logger.Warn("repository unavailable", zap.Error(err))
+		c.deps.Logger.Warn("Repository unavailable", zap.Error(err))
 		return gsresponse.Unavailable[chainv1.GetTransferResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	if req == nil {
-		c.deps.Logger.Warn("nil request")
+		c.deps.Logger.Warn("Nil request")
 		return gsresponse.InvalidArgument[chainv1.GetTransferResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("nil request"))
 	}
 	transferRef := strings.TrimSpace(req.GetTransferRef())
 	if transferRef == "" {
-		c.deps.Logger.Warn("transfer_ref missing")
+		c.deps.Logger.Warn("Transfer_ref missing")
 		return gsresponse.InvalidArgument[chainv1.GetTransferResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("transfer_ref is required"))
 	}
 	transfer, err := c.deps.Storage.Transfers().Get(ctx, transferRef)
 	if err != nil {
 		if errors.Is(err, merrors.ErrNoData) {
-			c.deps.Logger.Warn("not found", zap.String("transfer_ref", transferRef))
+			c.deps.Logger.Warn("Not found", zap.String("transfer_ref", transferRef))
 			return gsresponse.NotFound[chainv1.GetTransferResponse](c.deps.Logger, mservice.ChainGateway, err)
 		}
-		c.deps.Logger.Warn("storage get failed", zap.Error(err), zap.String("transfer_ref", transferRef))
+		c.deps.Logger.Warn("Storage get failed", zap.Error(err), zap.String("transfer_ref", transferRef))
 		return gsresponse.Auto[chainv1.GetTransferResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	return gsresponse.Success(&chainv1.GetTransferResponse{Transfer: toProtoTransfer(transfer)})
--- a/api/gateway/chain/internal/service/gateway/commands/transfer/list.go
+++ b/api/gateway/chain/internal/service/gateway/commands/transfer/list.go
@@ -23,7 +23,7 @@ func NewListTransfers(deps Deps) *listTransfersCommand {

 func (c *listTransfersCommand) Execute(ctx context.Context, req *chainv1.ListTransfersRequest) gsresponse.Responder[chainv1.ListTransfersResponse] {
 	if err := c.deps.EnsureRepository(ctx); err != nil {
-		c.deps.Logger.Warn("repository unavailable", zap.Error(err))
+		c.deps.Logger.Warn("Repository unavailable", zap.Error(err))
 		return gsresponse.Unavailable[chainv1.ListTransfersResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	filter := model.TransferFilter{}
@@ -41,7 +41,7 @@ func (c *listTransfersCommand) Execute(ctx context.Context, req *chainv1.ListTra

 	result, err := c.deps.Storage.Transfers().List(ctx, filter)
 	if err != nil {
-		c.deps.Logger.Warn("storage list failed", zap.Error(err))
+		c.deps.Logger.Warn("Storage list failed", zap.Error(err))
 		return gsresponse.Auto[chainv1.ListTransfersResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}

--- a/api/gateway/chain/internal/service/gateway/commands/transfer/submit.go
+++ b/api/gateway/chain/internal/service/gateway/commands/transfer/submit.go
@@ -29,7 +29,7 @@ func (c *submitTransferCommand) Execute(ctx context.Context, req *chainv1.Submit
 		return gsresponse.Unavailable[chainv1.SubmitTransferResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	if req == nil {
-		c.deps.Logger.Warn("nil request")
+		c.deps.Logger.Warn("Nil request")
 		return gsresponse.InvalidArgument[chainv1.SubmitTransferResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("nil request"))
 	}

@@ -40,7 +40,7 @@ func (c *submitTransferCommand) Execute(ctx context.Context, req *chainv1.Submit
 	}
 	organizationRef := strings.TrimSpace(req.GetOrganizationRef())
 	if organizationRef == "" {
-		c.deps.Logger.Warn("mMssing organization ref")
+		c.deps.Logger.Warn("Missing organization ref")
 		return gsresponse.InvalidArgument[chainv1.SubmitTransferResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("organization_ref is required"))
 	}
 	sourceWalletRef := strings.TrimSpace(req.GetSourceWalletRef())
--- a/api/gateway/chain/internal/service/gateway/commands/wallet/balance.go
+++ b/api/gateway/chain/internal/service/gateway/commands/wallet/balance.go
@@ -29,41 +29,41 @@ func NewGetWalletBalance(deps Deps) *getWalletBalanceCommand {

 func (c *getWalletBalanceCommand) Execute(ctx context.Context, req *chainv1.GetWalletBalanceRequest) gsresponse.Responder[chainv1.GetWalletBalanceResponse] {
 	if err := c.deps.EnsureRepository(ctx); err != nil {
-		c.deps.Logger.Warn("repository unavailable", zap.Error(err))
+		c.deps.Logger.Warn("Repository unavailable", zap.Error(err))
 		return gsresponse.Unavailable[chainv1.GetWalletBalanceResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	if req == nil {
-		c.deps.Logger.Warn("nil request")
+		c.deps.Logger.Warn("Nil request")
 		return gsresponse.InvalidArgument[chainv1.GetWalletBalanceResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("nil request"))
 	}
 	walletRef := strings.TrimSpace(req.GetWalletRef())
 	if walletRef == "" {
-		c.deps.Logger.Warn("wallet_ref missing")
+		c.deps.Logger.Warn("Wallet_ref missing")
 		return gsresponse.InvalidArgument[chainv1.GetWalletBalanceResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("wallet_ref is required"))
 	}
 	wallet, err := c.deps.Storage.Wallets().Get(ctx, walletRef)
 	if err != nil {
 		if errors.Is(err, merrors.ErrNoData) {
-			c.deps.Logger.Warn("not found", zap.String("wallet_ref", walletRef))
+			c.deps.Logger.Warn("Not found", zap.String("wallet_ref", walletRef))
 			return gsresponse.NotFound[chainv1.GetWalletBalanceResponse](c.deps.Logger, mservice.ChainGateway, err)
 		}
-		c.deps.Logger.Warn("storage get failed", zap.Error(err), zap.String("wallet_ref", walletRef))
+		c.deps.Logger.Warn("Storage get failed", zap.Error(err), zap.String("wallet_ref", walletRef))
 		return gsresponse.Auto[chainv1.GetWalletBalanceResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}

 	tokenBalance, nativeBalance, chainErr := OnChainWalletBalances(ctx, c.deps, wallet)
 	if chainErr != nil {
-		c.deps.Logger.Warn("on-chain balance fetch failed, attempting cached balance", zap.Error(chainErr), zap.String("wallet_ref", walletRef))
+		c.deps.Logger.Warn("On-chain balance fetch failed, attempting cached balance", zap.Error(chainErr), zap.String("wallet_ref", walletRef))
 		stored, err := c.deps.Storage.Wallets().GetBalance(ctx, walletRef)
 		if err != nil {
 			if errors.Is(err, merrors.ErrNoData) {
-				c.deps.Logger.Warn("cached balance not found", zap.String("wallet_ref", walletRef))
+				c.deps.Logger.Warn("Cached balance not found", zap.String("wallet_ref", walletRef))
 				return gsresponse.Auto[chainv1.GetWalletBalanceResponse](c.deps.Logger, mservice.ChainGateway, chainErr)
 			}
 			return gsresponse.Auto[chainv1.GetWalletBalanceResponse](c.deps.Logger, mservice.ChainGateway, err)
 		}
 		if c.isCachedBalanceStale(stored) {
-			c.deps.Logger.Warn("cached balance is stale",
+			c.deps.Logger.Info("Cached balance is stale",
 				zap.String("wallet_ref", walletRef),
 				zap.Time("calculated_at", stored.CalculatedAt),
 				zap.Duration("ttl", c.cacheTTL()),
@@ -116,7 +116,7 @@ func (c *getWalletBalanceCommand) persistCachedBalance(ctx context.Context, wall
 	record.PendingInbound = zeroMoney(currency)
 	record.PendingOutbound = zeroMoney(currency)
 	if err := c.deps.Storage.Wallets().SaveBalance(ctx, record); err != nil {
-		c.deps.Logger.Warn("failed to cache wallet balance", zap.String("wallet_ref", walletRef), zap.Error(err))
+		c.deps.Logger.Warn("Failed to cache wallet balance", zap.String("wallet_ref", walletRef), zap.Error(err))
 	}
 }

--- a/api/gateway/chain/internal/service/gateway/commands/wallet/create.go
+++ b/api/gateway/chain/internal/service/gateway/commands/wallet/create.go
@@ -25,59 +25,59 @@ func NewCreateManagedWallet(deps Deps) *createManagedWalletCommand {

 func (c *createManagedWalletCommand) Execute(ctx context.Context, req *chainv1.CreateManagedWalletRequest) gsresponse.Responder[chainv1.CreateManagedWalletResponse] {
 	if err := c.deps.EnsureRepository(ctx); err != nil {
-		c.deps.Logger.Warn("repository unavailable", zap.Error(err))
+		c.deps.Logger.Warn("Repository unavailable", zap.Error(err))
 		return gsresponse.Unavailable[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	if req == nil {
-		c.deps.Logger.Warn("nil request")
+		c.deps.Logger.Warn("Nil request")
 		return gsresponse.InvalidArgument[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("nil request"))
 	}

 	idempotencyKey := strings.TrimSpace(req.GetIdempotencyKey())
 	if idempotencyKey == "" {
-		c.deps.Logger.Warn("missing idempotency key")
+		c.deps.Logger.Warn("Missing idempotency key")
 		return gsresponse.InvalidArgument[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("idempotency_key is required"))
 	}
 	organizationRef := strings.TrimSpace(req.GetOrganizationRef())
 	if organizationRef == "" {
-		c.deps.Logger.Warn("missing organization ref")
+		c.deps.Logger.Warn("Missing organization ref")
 		return gsresponse.InvalidArgument[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("organization_ref is required"))
 	}
 	ownerRef := strings.TrimSpace(req.GetOwnerRef())
 	if ownerRef == "" {
-		c.deps.Logger.Warn("missing owner ref")
+		c.deps.Logger.Warn("Missing owner ref")
 		return gsresponse.InvalidArgument[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("owner_ref is required"))
 	}

 	asset := req.GetAsset()
 	if asset == nil {
-		c.deps.Logger.Warn("missing asset")
+		c.deps.Logger.Warn("Missing asset")
 		return gsresponse.InvalidArgument[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("asset is required"))
 	}

 	chainKey, _ := shared.ChainKeyFromEnum(asset.GetChain())
 	if chainKey == "" {
-		c.deps.Logger.Warn("unsupported chain", zap.Any("chain", asset.GetChain()))
+		c.deps.Logger.Warn("Unsupported chain", zap.Any("chain", asset.GetChain()))
 		return gsresponse.InvalidArgument[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("unsupported chain"))
 	}
 	networkCfg, ok := c.deps.Networks.Network(chainKey)
 	if !ok {
-		c.deps.Logger.Warn("unsupported chain in config", zap.String("chain", chainKey))
+		c.deps.Logger.Warn("Unsupported chain in config", zap.String("chain", chainKey))
 		return gsresponse.InvalidArgument[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("unsupported chain"))
 	}
 	if c.deps.Drivers == nil {
-		c.deps.Logger.Warn("chain drivers missing", zap.String("chain", chainKey))
+		c.deps.Logger.Warn("Chain drivers missing", zap.String("chain", chainKey))
 		return gsresponse.Internal[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.Internal("chain drivers not configured"))
 	}
 	chainDriver, err := c.deps.Drivers.Driver(chainKey)
 	if err != nil {
-		c.deps.Logger.Warn("unsupported chain driver", zap.String("chain", chainKey), zap.Error(err))
+		c.deps.Logger.Warn("Unsupported chain driver", zap.String("chain", chainKey), zap.Error(err))
 		return gsresponse.InvalidArgument[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("unsupported chain"))
 	}

 	tokenSymbol := strings.ToUpper(strings.TrimSpace(asset.GetTokenSymbol()))
 	if tokenSymbol == "" {
-		c.deps.Logger.Warn("missing token symbol")
+		c.deps.Logger.Warn("Missing token symbol")
 		return gsresponse.InvalidArgument[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("asset.token_symbol is required"))
 	}
 	contractAddress := strings.ToLower(strings.TrimSpace(asset.GetContractAddress()))
@@ -85,7 +85,7 @@ func (c *createManagedWalletCommand) Execute(ctx context.Context, req *chainv1.C
 		if !strings.EqualFold(tokenSymbol, networkCfg.NativeToken) {
 			contractAddress = shared.ResolveContractAddress(networkCfg.TokenConfigs, tokenSymbol)
 			if contractAddress == "" {
-				c.deps.Logger.Warn("unsupported token", zap.String("token", tokenSymbol), zap.String("chain", chainKey))
+				c.deps.Logger.Warn("Unsupported token", zap.String("token", tokenSymbol), zap.String("chain", chainKey))
 				return gsresponse.InvalidArgument[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("unsupported token for chain"))
 			}
 		}
@@ -93,22 +93,22 @@ func (c *createManagedWalletCommand) Execute(ctx context.Context, req *chainv1.C

 	walletRef := shared.GenerateWalletRef()
 	if c.deps.KeyManager == nil {
-		c.deps.Logger.Warn("key manager missing")
+		c.deps.Logger.Warn("Key manager missing")
 		return gsresponse.Internal[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.Internal("key manager not configured"))
 	}

 	keyInfo, err := c.deps.KeyManager.CreateManagedWalletKey(ctx, walletRef, chainKey)
 	if err != nil {
-		c.deps.Logger.Warn("key manager error", zap.Error(err))
+		c.deps.Logger.Warn("Key manager error", zap.Error(err))
 		return gsresponse.Auto[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	if keyInfo == nil || strings.TrimSpace(keyInfo.Address) == "" {
-		c.deps.Logger.Warn("key manager returned empty address")
+		c.deps.Logger.Warn("Key manager returned empty address")
 		return gsresponse.Internal[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.Internal("key manager returned empty address"))
 	}
 	depositAddress, err := chainDriver.FormatAddress(keyInfo.Address)
 	if err != nil {
-		c.deps.Logger.Warn("invalid derived deposit address", zap.String("wallet_ref", walletRef), zap.Error(err))
+		c.deps.Logger.Warn("Invalid derived deposit address", zap.String("wallet_ref", walletRef), zap.Error(err))
 		return gsresponse.InvalidArgument[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}

@@ -156,10 +156,10 @@ func (c *createManagedWalletCommand) Execute(ctx context.Context, req *chainv1.C
 	created, err := c.deps.Storage.Wallets().Create(ctx, wallet)
 	if err != nil {
 		if errors.Is(err, merrors.ErrDataConflict) {
-			c.deps.Logger.Debug("wallet already exists", zap.String("wallet_ref", walletRef), zap.String("idempotency_key", idempotencyKey))
+			c.deps.Logger.Debug("Wallet already exists", zap.String("wallet_ref", walletRef), zap.String("idempotency_key", idempotencyKey))
 			return gsresponse.Success(&chainv1.CreateManagedWalletResponse{Wallet: toProtoManagedWallet(created)})
 		}
-		c.deps.Logger.Warn("storage create failed", zap.Error(err), zap.String("wallet_ref", walletRef))
+		c.deps.Logger.Warn("Storage create failed", zap.Error(err), zap.String("wallet_ref", walletRef))
 		return gsresponse.Auto[chainv1.CreateManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}

--- a/api/gateway/chain/internal/service/gateway/commands/wallet/get.go
+++ b/api/gateway/chain/internal/service/gateway/commands/wallet/get.go
@@ -22,25 +22,25 @@ func NewGetManagedWallet(deps Deps) *getManagedWalletCommand {

 func (c *getManagedWalletCommand) Execute(ctx context.Context, req *chainv1.GetManagedWalletRequest) gsresponse.Responder[chainv1.GetManagedWalletResponse] {
 	if err := c.deps.EnsureRepository(ctx); err != nil {
-		c.deps.Logger.Warn("repository unavailable", zap.Error(err))
+		c.deps.Logger.Warn("Repository unavailable", zap.Error(err))
 		return gsresponse.Unavailable[chainv1.GetManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	if req == nil {
-		c.deps.Logger.Warn("nil request")
+		c.deps.Logger.Warn("Nil request")
 		return gsresponse.InvalidArgument[chainv1.GetManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("nil request"))
 	}
 	walletRef := strings.TrimSpace(req.GetWalletRef())
 	if walletRef == "" {
-		c.deps.Logger.Warn("wallet_ref missing")
+		c.deps.Logger.Warn("Wallet_ref missing")
 		return gsresponse.InvalidArgument[chainv1.GetManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, merrors.InvalidArgument("wallet_ref is required"))
 	}
 	wallet, err := c.deps.Storage.Wallets().Get(ctx, walletRef)
 	if err != nil {
 		if errors.Is(err, merrors.ErrNoData) {
-			c.deps.Logger.Warn("not found", zap.String("wallet_ref", walletRef))
+			c.deps.Logger.Warn("Not found", zap.String("wallet_ref", walletRef))
 			return gsresponse.NotFound[chainv1.GetManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, err)
 		}
-		c.deps.Logger.Warn("storage get failed", zap.Error(err), zap.String("wallet_ref", walletRef))
+		c.deps.Logger.Warn("Storage get failed", zap.Error(err), zap.String("wallet_ref", walletRef))
 		return gsresponse.Auto[chainv1.GetManagedWalletResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	return gsresponse.Success(&chainv1.GetManagedWalletResponse{Wallet: toProtoManagedWallet(wallet)})
--- a/api/gateway/chain/internal/service/gateway/commands/wallet/list.go
+++ b/api/gateway/chain/internal/service/gateway/commands/wallet/list.go
@@ -23,7 +23,7 @@ func NewListManagedWallets(deps Deps) *listManagedWalletsCommand {

 func (c *listManagedWalletsCommand) Execute(ctx context.Context, req *chainv1.ListManagedWalletsRequest) gsresponse.Responder[chainv1.ListManagedWalletsResponse] {
 	if err := c.deps.EnsureRepository(ctx); err != nil {
-		c.deps.Logger.Warn("repository unavailable", zap.Error(err))
+		c.deps.Logger.Warn("Repository unavailable", zap.Error(err))
 		return gsresponse.Unavailable[chainv1.ListManagedWalletsResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}
 	filter := model.ManagedWalletFilter{}
@@ -42,7 +42,7 @@ func (c *listManagedWalletsCommand) Execute(ctx context.Context, req *chainv1.Li

 	result, err := c.deps.Storage.Wallets().List(ctx, filter)
 	if err != nil {
-		c.deps.Logger.Warn("storage list failed", zap.Error(err))
+		c.deps.Logger.Warn("Storage list failed", zap.Error(err))
 		return gsresponse.Auto[chainv1.ListManagedWalletsResponse](c.deps.Logger, mservice.ChainGateway, err)
 	}

--- a/api/gateway/chain/internal/service/gateway/driver/arbitrum/driver.go
+++ b/api/gateway/chain/internal/service/gateway/driver/arbitrum/driver.go
@@ -27,25 +27,25 @@ func (d *Driver) Name() string {
 }

 func (d *Driver) FormatAddress(address string) (string, error) {
-	d.logger.Debug("format address", zap.String("address", address))
+	d.logger.Debug("Format address", zap.String("address", address))
 	normalized, err := evm.NormalizeAddress(address)
 	if err != nil {
-		d.logger.Warn("format address failed", zap.String("address", address), zap.Error(err))
+		d.logger.Warn("Format address failed", zap.String("address", address), zap.Error(err))
 	}
 	return normalized, err
 }

 func (d *Driver) NormalizeAddress(address string) (string, error) {
-	d.logger.Debug("normalize address", zap.String("address", address))
+	d.logger.Debug("Normalize address", zap.String("address", address))
 	normalized, err := evm.NormalizeAddress(address)
 	if err != nil {
-		d.logger.Warn("normalize address failed", zap.String("address", address), zap.Error(err))
+		d.logger.Warn("Normalize address failed", zap.String("address", address), zap.Error(err))
 	}
 	return normalized, err
 }

 func (d *Driver) Balance(ctx context.Context, deps driver.Deps, network shared.Network, wallet *model.ManagedWallet) (*moneyv1.Money, error) {
-	d.logger.Debug("balance request",
+	d.logger.Debug("Balance request",
 		zap.String("wallet_ref", wallet.WalletRef),
 		zap.String("network", network.Name),
 	)
@@ -53,13 +53,13 @@ func (d *Driver) Balance(ctx context.Context, deps driver.Deps, network shared.N
 	driverDeps.Logger = d.logger
 	result, err := evm.Balance(ctx, driverDeps, network, wallet, wallet.DepositAddress)
 	if err != nil {
-		d.logger.Warn("balance failed",
+		d.logger.Warn("Balance failed",
 			zap.String("wallet_ref", wallet.WalletRef),
 			zap.String("network", network.Name),
 			zap.Error(err),
 		)
 	} else if result != nil {
-		d.logger.Debug("balance result",
+		d.logger.Debug("Balance result",
 			zap.String("wallet_ref", wallet.WalletRef),
 			zap.String("network", network.Name),
 			zap.String("amount", result.Amount),
@@ -70,7 +70,7 @@ func (d *Driver) Balance(ctx context.Context, deps driver.Deps, network shared.N
 }

 func (d *Driver) NativeBalance(ctx context.Context, deps driver.Deps, network shared.Network, wallet *model.ManagedWallet) (*moneyv1.Money, error) {
-	d.logger.Debug("native balance request",
+	d.logger.Debug("Native balance request",
 		zap.String("wallet_ref", wallet.WalletRef),
 		zap.String("network", network.Name),
 	)
@@ -78,13 +78,13 @@ func (d *Driver) NativeBalance(ctx context.Context, deps driver.Deps, network sh
 	driverDeps.Logger = d.logger
 	result, err := evm.NativeBalance(ctx, driverDeps, network, wallet, wallet.DepositAddress)
 	if err != nil {
-		d.logger.Warn("native balance failed",
+		d.logger.Warn("Native balance failed",
 			zap.String("wallet_ref", wallet.WalletRef),
 			zap.String("network", network.Name),
 			zap.Error(err),
 		)
 	} else if result != nil {
-		d.logger.Debug("native balance result",
+		d.logger.Debug("Native balance result",
 			zap.String("wallet_ref", wallet.WalletRef),
 			zap.String("network", network.Name),
 			zap.String("amount", result.Amount),
@@ -121,7 +121,7 @@ func (d *Driver) EstimateFee(ctx context.Context, deps driver.Deps, network shar
 }

 func (d *Driver) SubmitTransfer(ctx context.Context, deps driver.Deps, network shared.Network, transfer *model.Transfer, source *model.ManagedWallet, destination string) (string, error) {
-	d.logger.Debug("submit transfer request",
+	d.logger.Debug("Submit transfer request",
 		zap.String("transfer_ref", transfer.TransferRef),
 		zap.String("network", network.Name),
 		zap.String("destination", destination),
@@ -130,13 +130,13 @@ func (d *Driver) SubmitTransfer(ctx context.Context, deps driver.Deps, network s
 	driverDeps.Logger = d.logger
 	txHash, err := evm.SubmitTransfer(ctx, driverDeps, network, transfer, source, source.DepositAddress, destination)
 	if err != nil {
-		d.logger.Warn("submit transfer failed",
+		d.logger.Warn("Submit transfer failed",
 			zap.String("transfer_ref", transfer.TransferRef),
 			zap.String("network", network.Name),
 			zap.Error(err),
 		)
 	} else {
-		d.logger.Debug("submit transfer result",
+		d.logger.Debug("Submit transfer result",
 			zap.String("transfer_ref", transfer.TransferRef),
 			zap.String("network", network.Name),
 			zap.String("tx_hash", txHash),
@@ -146,7 +146,7 @@ func (d *Driver) SubmitTransfer(ctx context.Context, deps driver.Deps, network s
 }

 func (d *Driver) AwaitConfirmation(ctx context.Context, deps driver.Deps, network shared.Network, txHash string) (*types.Receipt, error) {
-	d.logger.Debug("await confirmation",
+	d.logger.Debug("Await confirmation",
 		zap.String("tx_hash", txHash),
 		zap.String("network", network.Name),
 	)
@@ -154,13 +154,13 @@ func (d *Driver) AwaitConfirmation(ctx context.Context, deps driver.Deps, networ
 	driverDeps.Logger = d.logger
 	receipt, err := evm.AwaitConfirmation(ctx, driverDeps, network, txHash)
 	if err != nil {
-		d.logger.Warn("await confirmation failed",
+		d.logger.Warn("Await confirmation failed",
 			zap.String("tx_hash", txHash),
 			zap.String("network", network.Name),
 			zap.Error(err),
 		)
 	} else if receipt != nil {
-		d.logger.Debug("await confirmation result",
+		d.logger.Debug("Await confirmation result",
 			zap.String("tx_hash", txHash),
 			zap.String("network", network.Name),
 			zap.Uint64("block_number", receipt.BlockNumber.Uint64()),
--- a/api/gateway/chain/internal/service/gateway/driver/ethereum/driver.go
+++ b/api/gateway/chain/internal/service/gateway/driver/ethereum/driver.go
@@ -27,25 +27,25 @@ func (d *Driver) Name() string {
 }

 func (d *Driver) FormatAddress(address string) (string, error) {
-	d.logger.Debug("format address", zap.String("address", address))
+	d.logger.Debug("Format address", zap.String("address", address))
 	normalized, err := evm.NormalizeAddress(address)
 	if err != nil {
-		d.logger.Warn("format address failed", zap.String("address", address), zap.Error(err))
+		d.logger.Warn("Format address failed", zap.String("address", address), zap.Error(err))
 	}
 	return normalized, err
 }

 func (d *Driver) NormalizeAddress(address string) (string, error) {
-	d.logger.Debug("normalize address", zap.String("address", address))
+	d.logger.Debug("Normalize address", zap.String("address", address))
 	normalized, err := evm.NormalizeAddress(address)
 	if err != nil {
-		d.logger.Warn("normalize address failed", zap.String("address", address), zap.Error(err))
+		d.logger.Warn("Normalize address failed", zap.String("address", address), zap.Error(err))
 	}
 	return normalized, err
 }

 func (d *Driver) Balance(ctx context.Context, deps driver.Deps, network shared.Network, wallet *model.ManagedWallet) (*moneyv1.Money, error) {
-	d.logger.Debug("balance request",
+	d.logger.Debug("Balance request",
 		zap.String("wallet_ref", wallet.WalletRef),
 		zap.String("network", network.Name),
 	)
@@ -53,13 +53,13 @@ func (d *Driver) Balance(ctx context.Context, deps driver.Deps, network shared.N
 	driverDeps.Logger = d.logger
 	result, err := evm.Balance(ctx, driverDeps, network, wallet, wallet.DepositAddress)
 	if err != nil {
-		d.logger.Warn("balance failed",
+		d.logger.Warn("Balance failed",
 			zap.String("wallet_ref", wallet.WalletRef),
 			zap.String("network", network.Name),
 			zap.Error(err),
 		)
 	} else if result != nil {
-		d.logger.Debug("balance result",
+		d.logger.Debug("Balance result",
 			zap.String("wallet_ref", wallet.WalletRef),
 			zap.String("network", network.Name),
 			zap.String("amount", result.Amount),
@@ -70,7 +70,7 @@ func (d *Driver) Balance(ctx context.Context, deps driver.Deps, network shared.N
 }

 func (d *Driver) NativeBalance(ctx context.Context, deps driver.Deps, network shared.Network, wallet *model.ManagedWallet) (*moneyv1.Money, error) {
-	d.logger.Debug("native balance request",
+	d.logger.Debug("Native balance request",
 		zap.String("wallet_ref", wallet.WalletRef),
 		zap.String("network", network.Name),
 	)
@@ -78,13 +78,13 @@ func (d *Driver) NativeBalance(ctx context.Context, deps driver.Deps, network sh
 	driverDeps.Logger = d.logger
 	result, err := evm.NativeBalance(ctx, driverDeps, network, wallet, wallet.DepositAddress)
 	if err != nil {
-		d.logger.Warn("native balance failed",
+		d.logger.Warn("Native balance failed",
 			zap.String("wallet_ref", wallet.WalletRef),
 			zap.String("network", network.Name),
 			zap.Error(err),
 		)
 	} else if result != nil {
-		d.logger.Debug("native balance result",
+		d.logger.Debug("Native balance result",
 			zap.String("wallet_ref", wallet.WalletRef),
 			zap.String("network", network.Name),
 			zap.String("amount", result.Amount),
@@ -121,7 +121,7 @@ func (d *Driver) EstimateFee(ctx context.Context, deps driver.Deps, network shar
 }

 func (d *Driver) SubmitTransfer(ctx context.Context, deps driver.Deps, network shared.Network, transfer *model.Transfer, source *model.ManagedWallet, destination string) (string, error) {
-	d.logger.Debug("submit transfer request",
+	d.logger.Debug("Submit transfer request",
 		zap.String("transfer_ref", transfer.TransferRef),
 		zap.String("network", network.Name),
 		zap.String("destination", destination),
@@ -130,13 +130,13 @@ func (d *Driver) SubmitTransfer(ctx context.Context, deps driver.Deps, network s
 	driverDeps.Logger = d.logger
 	txHash, err := evm.SubmitTransfer(ctx, driverDeps, network, transfer, source, source.DepositAddress, destination)
 	if err != nil {
-		d.logger.Warn("submit transfer failed",
+		d.logger.Warn("Submit transfer failed",
 			zap.String("transfer_ref", transfer.TransferRef),
 			zap.String("network", network.Name),
 			zap.Error(err),
 		)
 	} else {
-		d.logger.Debug("submit transfer result",
+		d.logger.Debug("Submit transfer result",
 			zap.String("transfer_ref", transfer.TransferRef),
 			zap.String("network", network.Name),
 			zap.String("tx_hash", txHash),
@@ -146,7 +146,7 @@ func (d *Driver) SubmitTransfer(ctx context.Context, deps driver.Deps, network s
 }

 func (d *Driver) AwaitConfirmation(ctx context.Context, deps driver.Deps, network shared.Network, txHash string) (*types.Receipt, error) {
-	d.logger.Debug("await confirmation",
+	d.logger.Debug("Await confirmation",
 		zap.String("tx_hash", txHash),
 		zap.String("network", network.Name),
 	)
@@ -154,13 +154,13 @@ func (d *Driver) AwaitConfirmation(ctx context.Context, deps driver.Deps, networ
 	driverDeps.Logger = d.logger
 	receipt, err := evm.AwaitConfirmation(ctx, driverDeps, network, txHash)
 	if err != nil {
-		d.logger.Warn("await confirmation failed",
+		d.logger.Warn("Await confirmation failed",
 			zap.String("tx_hash", txHash),
 			zap.String("network", network.Name),
 			zap.Error(err),
 		)
 	} else if receipt != nil {
-		d.logger.Debug("await confirmation result",
+		d.logger.Debug("Await confirmation result",
 			zap.String("tx_hash", txHash),
 			zap.String("network", network.Name),
 			zap.Uint64("block_number", receipt.BlockNumber.Uint64()),
--- a/api/gateway/chain/internal/service/gateway/driver/tron/driver.go
+++ b/api/gateway/chain/internal/service/gateway/driver/tron/driver.go
@@ -41,7 +41,7 @@ func (d *Driver) NormalizeAddress(address string) (string, error) {
 	d.logger.Debug("Normalize address", zap.String("address", address))
 	normalized, err := normalizeAddress(address)
 	if err != nil {
-		d.logger.Warn("normalize address failed", zap.String("address", address), zap.Error(err))
+		d.logger.Warn("Normalize address failed", zap.String("address", address), zap.Error(err))
 	}
 	return normalized, err
 }
@@ -68,7 +68,7 @@ func (d *Driver) Balance(ctx context.Context, deps driver.Deps, network shared.N
 			zap.String("network", network.Name),
 		)
 	} else if result != nil {
-		d.logger.Debug("balance result",
+		d.logger.Debug("Balance result",
 			zap.String("wallet_ref", wallet.WalletRef),
 			zap.String("network", network.Name),
 			zap.String("amount", result.Amount),
@@ -100,7 +100,7 @@ func (d *Driver) NativeBalance(ctx context.Context, deps driver.Deps, network sh
 			zap.String("network", network.Name),
 		)
 	} else if result != nil {
-		d.logger.Debug("native balance result",
+		d.logger.Debug("Native balance result",
 			zap.String("wallet_ref", wallet.WalletRef),
 			zap.String("network", network.Name),
 			zap.String("amount", result.Amount),
@@ -196,7 +196,7 @@ func (d *Driver) SubmitTransfer(ctx context.Context, deps driver.Deps, network s
 	driverDeps.Logger = d.logger
 	txHash, err := evm.SubmitTransfer(ctx, driverDeps, network, transfer, source, rpcFrom, rpcTo)
 	if err != nil {
-		d.logger.Warn("submit transfer failed", zap.Error(err),
+		d.logger.Warn("Submit transfer failed", zap.Error(err),
 			zap.String("transfer_ref", transfer.TransferRef),
 			zap.String("network", network.Name),
 		)
--- a/api/gateway/chain/internal/service/gateway/drivers/registry.go
+++ b/api/gateway/chain/internal/service/gateway/drivers/registry.go
@@ -32,7 +32,7 @@ func NewRegistry(logger mlogger.Logger, networks []shared.Network) (*Registry, e
 		}
 		chainDriver, err := resolveDriver(logger, name)
 		if err != nil {
-			logger.Error("unsupported chain driver", zap.String("network", name), zap.Error(err))
+			logger.Error("Unsupported chain driver", zap.String("network", name), zap.Error(err))
 			return nil, err
 		}
 		result.byNetwork[name] = chainDriver
@@ -40,7 +40,7 @@ func NewRegistry(logger mlogger.Logger, networks []shared.Network) (*Registry, e
 	if len(result.byNetwork) == 0 {
 		return nil, merrors.InvalidArgument("driver registry: no supported networks configured")
 	}
-	logger.Info("chain drivers configured", zap.Int("count", len(result.byNetwork)))
+	logger.Info("Chain drivers configured", zap.Int("count", len(result.byNetwork)))
 	return result, nil
 }

--- a/api/gateway/chain/internal/service/gateway/executor.go
+++ b/api/gateway/chain/internal/service/gateway/executor.go
@@ -47,32 +47,32 @@ type onChainExecutor struct {

 func (o *onChainExecutor) SubmitTransfer(ctx context.Context, transfer *model.Transfer, source *model.ManagedWallet, destinationAddress string, network shared.Network) (string, error) {
 	if o.keyManager == nil {
-		o.logger.Warn("key manager not configured")
+		o.logger.Warn("Key manager not configured")
 		return "", executorInternal("key manager is not configured", nil)
 	}
 	rpcURL := strings.TrimSpace(network.RPCURL)
 	if rpcURL == "" {
-		o.logger.Warn("network rpc url missing", zap.String("network", network.Name))
+		o.logger.Warn("Network rpc url missing", zap.String("network", network.Name))
 		return "", executorInvalid("network rpc url is not configured")
 	}
 	if source == nil || transfer == nil {
-		o.logger.Warn("transfer context missing")
+		o.logger.Warn("Transfer context missing")
 		return "", executorInvalid("transfer context missing")
 	}
 	if strings.TrimSpace(source.KeyReference) == "" {
-		o.logger.Warn("source wallet missing key reference", zap.String("wallet_ref", source.WalletRef))
+		o.logger.Warn("Source wallet missing key reference", zap.String("wallet_ref", source.WalletRef))
 		return "", executorInvalid("source wallet missing key reference")
 	}
 	if strings.TrimSpace(source.DepositAddress) == "" {
-		o.logger.Warn("source wallet missing deposit address", zap.String("wallet_ref", source.WalletRef))
+		o.logger.Warn("Source wallet missing deposit address", zap.String("wallet_ref", source.WalletRef))
 		return "", executorInvalid("source wallet missing deposit address")
 	}
 	if !common.IsHexAddress(destinationAddress) {
-		o.logger.Warn("invalid destination address", zap.String("transfer_ref", transfer.TransferRef), zap.String("address", destinationAddress))
+		o.logger.Warn("Invalid destination address", zap.String("transfer_ref", transfer.TransferRef), zap.String("address", destinationAddress))
 		return "", executorInvalid("invalid destination address " + destinationAddress)
 	}

-	o.logger.Info("submitting transfer",
+	o.logger.Info("Submitting transfer",
 		zap.String("transfer_ref", transfer.TransferRef),
 		zap.String("source_wallet_ref", source.WalletRef),
 		zap.String("network", network.Name),
@@ -162,7 +162,7 @@ func (o *onChainExecutor) SubmitTransfer(ctx context.Context, transfer *model.Tr

 	input, err := erc20ABI.Pack("transfer", destination, amountInt)
 	if err != nil {
-		o.logger.Warn("failed to encode transfer call",
+		o.logger.Warn("Failed to encode transfer call",
 			zap.String("transfer_ref", transfer.TransferRef),
 			zap.Error(err),
 		)
--- a/api/gateway/chain/internal/service/gateway/rpcclient/clients.go
+++ b/api/gateway/chain/internal/service/gateway/rpcclient/clients.go
@@ -49,14 +49,14 @@ func Prepare(ctx context.Context, logger mlogger.Logger, networks []shared.Netwo
 		if rpcURL == "" {
 			result.Close()
 			err := merrors.InvalidArgument(fmt.Sprintf("rpc url not configured for network %s", name))
-			clientLogger.Warn("rpc url missing", zap.String("network", name))
+			clientLogger.Warn("Rpc url missing", zap.String("network", name))
 			return nil, err
 		}

 		fields := []zap.Field{
 			zap.String("network", name),
 		}
-		clientLogger.Info("initialising rpc client", fields...)
+		clientLogger.Info("Initialising rpc client", fields...)

 		dialCtx, cancel := context.WithTimeout(ctx, 15*time.Second)
 		httpClient := &http.Client{
--- a/api/gateway/chain/internal/service/gateway/transfer_execution.go
+++ b/api/gateway/chain/internal/service/gateway/transfer_execution.go
@@ -41,7 +41,7 @@ func (s *Service) executeTransfer(ctx context.Context, transferRef, sourceWallet
 	}

 	if _, err := s.storage.Transfers().UpdateStatus(ctx, transferRef, model.TransferStatusSigning, "", ""); err != nil {
-		s.logger.Warn("failed to update transfer status to signing", zap.String("transfer_ref", transferRef), zap.Error(err))
+		s.logger.Warn("Failed to update transfer status to signing", zap.String("transfer_ref", transferRef), zap.Error(err))
 	}

 	driverDeps := s.driverDeps()
@@ -81,7 +81,7 @@ func (s *Service) executeTransfer(ctx context.Context, transferRef, sourceWallet
 	}

 	if _, err := s.storage.Transfers().UpdateStatus(ctx, transferRef, model.TransferStatusSubmitted, "", txHash); err != nil {
-		s.logger.Warn("failed to update transfer status to submitted", zap.String("transfer_ref", transferRef), zap.Error(err))
+		s.logger.Warn("Failed to update transfer status to submitted", zap.String("transfer_ref", transferRef), zap.Error(err))
 	}

 	receiptCtx, cancel := context.WithTimeout(ctx, 10*time.Minute)
@@ -89,20 +89,20 @@ func (s *Service) executeTransfer(ctx context.Context, transferRef, sourceWallet
 	receipt, err := chainDriver.AwaitConfirmation(receiptCtx, driverDeps, network, txHash)
 	if err != nil {
 		if !errors.Is(err, context.DeadlineExceeded) && !errors.Is(err, context.Canceled) {
-			s.logger.Warn("failed to await transfer confirmation", zap.String("transfer_ref", transferRef), zap.Error(err))
+			s.logger.Warn("Failed to await transfer confirmation", zap.String("transfer_ref", transferRef), zap.Error(err))
 		}
 		return err
 	}

 	if receipt != nil && receipt.Status == types.ReceiptStatusSuccessful {
 		if _, err := s.storage.Transfers().UpdateStatus(ctx, transferRef, model.TransferStatusConfirmed, "", txHash); err != nil {
-			s.logger.Warn("failed to update transfer status to confirmed", zap.String("transfer_ref", transferRef), zap.Error(err))
+			s.logger.Warn("Failed to update transfer status to confirmed", zap.String("transfer_ref", transferRef), zap.Error(err))
 		}
 		return nil
 	}

 	if _, err := s.storage.Transfers().UpdateStatus(ctx, transferRef, model.TransferStatusFailed, "transaction reverted", txHash); err != nil {
-		s.logger.Warn("failed to update transfer status to failed", zap.String("transfer_ref", transferRef), zap.Error(err))
+		s.logger.Warn("Failed to update transfer status to failed", zap.String("transfer_ref", transferRef), zap.Error(err))
 	}
 	return nil
 }
--- a/api/gateway/chain/storage/mongo/repository.go
+++ b/api/gateway/chain/storage/mongo/repository.go
@@ -44,23 +44,23 @@ func New(logger mlogger.Logger, conn *db.MongoConnection) (*Store, error) {
 	defer cancel()

 	if err := result.Ping(ctx); err != nil {
-		result.logger.Error("mongo ping failed during repository initialisation", zap.Error(err))
+		result.logger.Error("Mongo ping failed during repository initialisation", zap.Error(err))
 		return nil, err
 	}

 	walletsStore, err := store.NewWallets(result.logger, result.db)
 	if err != nil {
-		result.logger.Error("failed to initialise wallets store", zap.Error(err))
+		result.logger.Error("Failed to initialise wallets store", zap.Error(err))
 		return nil, err
 	}
 	transfersStore, err := store.NewTransfers(result.logger, result.db)
 	if err != nil {
-		result.logger.Error("failed to initialise transfers store", zap.Error(err))
+		result.logger.Error("Failed to initialise transfers store", zap.Error(err))
 		return nil, err
 	}
 	depositsStore, err := store.NewDeposits(result.logger, result.db)
 	if err != nil {
-		result.logger.Error("failed to initialise deposits store", zap.Error(err))
+		result.logger.Error("Failed to initialise deposits store", zap.Error(err))
 		return nil, err
 	}

--- a/api/gateway/chain/storage/mongo/store/deposits.go
+++ b/api/gateway/chain/storage/mongo/store/deposits.go
@@ -48,13 +48,13 @@ func NewDeposits(logger mlogger.Logger, db *mongo.Database) (*Deposits, error) {
 	}
 	for _, def := range indexes {
 		if err := repo.CreateIndex(def); err != nil {
-			logger.Error("failed to ensure deposit index", zap.Error(err), zap.String("collection", repo.Collection()))
+			logger.Error("Failed to ensure deposit index", zap.Error(err), zap.String("collection", repo.Collection()))
 			return nil, err
 		}
 	}

 	childLogger := logger.Named("deposits")
-	childLogger.Debug("deposits store initialised")
+	childLogger.Debug("Deposits store initialised")

 	return &Deposits{logger: childLogger, repo: repo}, nil
 }
--- a/api/gateway/chain/storage/mongo/store/transfers.go
+++ b/api/gateway/chain/storage/mongo/store/transfers.go
@@ -53,13 +53,13 @@ func NewTransfers(logger mlogger.Logger, db *mongo.Database) (*Transfers, error)
 	}
 	for _, def := range indexes {
 		if err := repo.CreateIndex(def); err != nil {
-			logger.Error("failed to ensure transfer index", zap.Error(err), zap.String("collection", repo.Collection()))
+			logger.Error("Failed to ensure transfer index", zap.Error(err), zap.String("collection", repo.Collection()))
 			return nil, err
 		}
 	}

 	childLogger := logger.Named("transfers")
-	childLogger.Debug("transfers store initialised")
+	childLogger.Debug("Transfers store initialised")

 	return &Transfers{
 		logger: childLogger,
@@ -89,12 +89,12 @@ func (t *Transfers) Create(ctx context.Context, transfer *model.Transfer) (*mode
 	}
 	if err := t.repo.Insert(ctx, transfer, repository.Filter("idempotencyKey", transfer.IdempotencyKey)); err != nil {
 		if errors.Is(err, merrors.ErrDataConflict) {
-			t.logger.Debug("transfer already exists", zap.String("transfer_ref", transfer.TransferRef), zap.String("idempotency_key", transfer.IdempotencyKey))
+			t.logger.Debug("Transfer already exists", zap.String("transfer_ref", transfer.TransferRef), zap.String("idempotency_key", transfer.IdempotencyKey))
 			return transfer, nil
 		}
 		return nil, err
 	}
-	t.logger.Debug("transfer created", zap.String("transfer_ref", transfer.TransferRef))
+	t.logger.Debug("Transfer created", zap.String("transfer_ref", transfer.TransferRef))
 	return transfer, nil
 }

@@ -126,7 +126,7 @@ func (t *Transfers) List(ctx context.Context, filter model.TransferFilter) (*mod
 		if oid, err := primitive.ObjectIDFromHex(cursor); err == nil {
 			query = query.Comparison(repository.IDField(), builder.Gt, oid)
 		} else {
-			t.logger.Warn("ignoring invalid transfer cursor", zap.String("cursor", cursor), zap.Error(err))
+			t.logger.Warn("Ignoring invalid transfer cursor", zap.String("cursor", cursor), zap.Error(err))
 		}
 	}

--- a/api/gateway/chain/storage/mongo/store/wallets.go
+++ b/api/gateway/chain/storage/mongo/store/wallets.go
@@ -56,7 +56,7 @@ func NewWallets(logger mlogger.Logger, db *mongo.Database) (*Wallets, error) {
 	}
 	for _, def := range walletIndexes {
 		if err := walletRepo.CreateIndex(def); err != nil {
-			logger.Error("failed to ensure wallet index", zap.String("collection", walletRepo.Collection()), zap.Error(err))
+			logger.Error("Failed to ensure wallet index", zap.String("collection", walletRepo.Collection()), zap.Error(err))
 			return nil, err
 		}
 	}
@@ -70,13 +70,13 @@ func NewWallets(logger mlogger.Logger, db *mongo.Database) (*Wallets, error) {
 	}
 	for _, def := range balanceIndexes {
 		if err := balanceRepo.CreateIndex(def); err != nil {
-			logger.Error("failed to ensure wallet balance index", zap.String("collection", balanceRepo.Collection()), zap.Error(err))
+			logger.Error("Failed to ensure wallet balance index", zap.String("collection", balanceRepo.Collection()), zap.Error(err))
 			return nil, err
 		}
 	}

 	childLogger := logger.Named("wallets")
-	childLogger.Debug("wallet stores initialised")
+	childLogger.Debug("Wallet stores initialised")

 	return &Wallets{
 		logger:      childLogger,
@@ -117,13 +117,13 @@ func (w *Wallets) Create(ctx context.Context, wallet *model.ManagedWallet) (*mod
 	}
 	if err := w.walletRepo.Insert(ctx, wallet, repository.Filter("idempotencyKey", wallet.IdempotencyKey)); err != nil {
 		if errors.Is(err, merrors.ErrDataConflict) {
-			w.logger.Debug("wallet already exists", fields...)
+			w.logger.Debug("Wallet already exists", fields...)
 			return wallet, nil
 		}
-		w.logger.Warn("wallet create failed", append(fields, zap.Error(err))...)
+		w.logger.Warn("Wallet create failed", append(fields, zap.Error(err))...)
 		return nil, err
 	}
-	w.logger.Debug("wallet created", fields...)
+	w.logger.Debug("Wallet created", fields...)
 	return wallet, nil
 }

@@ -136,11 +136,11 @@ func (w *Wallets) Get(ctx context.Context, walletID string) (*model.ManagedWalle
 		zap.String("wallet_id", walletID),
 	}
 	wallet := &model.ManagedWallet{}
-	if err := w.balanceRepo.FindOneByFilter(ctx, repository.Filter("walletRef", walletID), wallet); err != nil {
+	if err := w.walletRepo.FindOneByFilter(ctx, repository.Filter("walletRef", walletID), wallet); err != nil {
 		if errors.Is(err, merrors.ErrNoData) {
-			w.logger.Debug("wallet not found", fields...)
+			w.logger.Debug("Wallet not found", fields...)
 		} else {
-			w.logger.Warn("wallet lookup failed", append(fields, zap.Error(err))...)
+			w.logger.Warn("Wallet lookup failed", append(fields, zap.Error(err))...)
 		}
 		return nil, err
 	}
@@ -175,7 +175,7 @@ func (w *Wallets) List(ctx context.Context, filter model.ManagedWalletFilter) (*
 			query = query.Comparison(repository.IDField(), builder.Gt, oid)
 			fields = append(fields, zap.String("cursor", cursor))
 		} else {
-			w.logger.Warn("ignoring invalid wallet cursor", zap.String("cursor", cursor), zap.Error(err))
+			w.logger.Warn("Ignoring invalid wallet cursor", zap.String("cursor", cursor), zap.Error(err))
 		}
 	}

@@ -196,7 +196,7 @@ func (w *Wallets) List(ctx context.Context, filter model.ManagedWalletFilter) (*

 	listErr := w.walletRepo.FindManyByFilter(ctx, query, decoder)
 	if listErr != nil && !errors.Is(listErr, merrors.ErrNoData) {
-		w.logger.Warn("wallet list failed", append(fields, zap.Error(listErr))...)
+		w.logger.Warn("Wallet list failed", append(fields, zap.Error(listErr))...)
 		return nil, listErr
 	}

@@ -217,9 +217,9 @@ func (w *Wallets) List(ctx context.Context, filter model.ManagedWalletFilter) (*
 		zap.String("next_cursor", result.NextCursor),
 	)
 	if errors.Is(listErr, merrors.ErrNoData) {
-		w.logger.Debug("wallet list empty", fields...)
+		w.logger.Debug("Wallet list empty", fields...)
 	} else {
-		w.logger.Debug("wallet list fetched", fields...)
+		w.logger.Debug("Wallet list fetched", fields...)
 	}
 	return result, nil
 }
@@ -246,20 +246,20 @@ func (w *Wallets) SaveBalance(ctx context.Context, balance *model.WalletBalance)
 		existing.PendingOutbound = balance.PendingOutbound
 		existing.CalculatedAt = balance.CalculatedAt
 		if err := w.balanceRepo.Update(ctx, existing); err != nil {
-			w.logger.Warn("wallet balance update failed", append(fields, zap.Error(err))...)
+			w.logger.Warn("Wallet balance update failed", append(fields, zap.Error(err))...)
 			return err
 		}
-		w.logger.Debug("wallet balance updated", fields...)
+		w.logger.Debug("Wallet balance updated", fields...)
 		return nil
 	case errors.Is(err, merrors.ErrNoData):
 		if err := w.balanceRepo.Insert(ctx, balance, repository.Filter("walletRef", balance.WalletRef)); err != nil {
-			w.logger.Warn("wallet balance create failed", append(fields, zap.Error(err))...)
+			w.logger.Warn("Wallet balance create failed", append(fields, zap.Error(err))...)
 			return err
 		}
-		w.logger.Debug("wallet balance created", fields...)
+		w.logger.Debug("Wallet balance created", fields...)
 		return nil
 	default:
-		w.logger.Warn("wallet balance lookup failed", append(fields, zap.Error(err))...)
+		w.logger.Warn("Wallet balance lookup failed", append(fields, zap.Error(err))...)
 		return err
 	}
 }
@@ -273,13 +273,13 @@ func (w *Wallets) GetBalance(ctx context.Context, walletID string) (*model.Walle
 	balance := &model.WalletBalance{}
 	if err := w.balanceRepo.FindOneByFilter(ctx, repository.Filter("walletRef", walletID), balance); err != nil {
 		if errors.Is(err, merrors.ErrNoData) {
-			w.logger.Debug("wallet balance not found", fields...)
+			w.logger.Debug("Wallet balance not found", fields...)
 		} else {
-			w.logger.Warn("wallet balance lookup failed", append(fields, zap.Error(err))...)
+			w.logger.Warn("Wallet balance lookup failed", append(fields, zap.Error(err))...)
 		}
 		return nil, err
 	}
-	w.logger.Debug("wallet balance fetched", fields...)
+	w.logger.Debug("Wallet balance fetched", fields...)
 	return balance, nil
 }

--- a/api/gateway/mntx/internal/server/internal/serverimp.go
+++ b/api/gateway/mntx/internal/server/internal/serverimp.go
@@ -95,22 +95,49 @@ func (i *Imp) Shutdown() {
 }

 func (i *Imp) Start() error {
+	i.logger.Info("Starting Monetix gateway", zap.String("config_file", i.file), zap.Bool("debug", i.debug))
+
 	cfg, err := i.loadConfig()
 	if err != nil {
 		return err
 	}
 	i.config = cfg

+	i.logger.Info("Configuration loaded",
+		zap.String("grpc_address", cfg.GRPC.Address),
+		zap.String("metrics_address", cfg.Metrics.Address),
+	)
+
 	monetixCfg, err := i.resolveMonetixConfig(cfg.Monetix)
 	if err != nil {
+		i.logger.Error("Failed to resolve Monetix configuration", zap.Error(err))
 		return err
 	}

 	callbackCfg, err := i.resolveCallbackConfig(cfg.HTTP.Callback)
 	if err != nil {
+		i.logger.Error("Failed to resolve callback configuration", zap.Error(err))
 		return err
 	}

+	i.logger.Info("Monetix configuration resolved",
+		zap.Bool("base_url_set", strings.TrimSpace(monetixCfg.BaseURL) != ""),
+		zap.Int64("project_id", monetixCfg.ProjectID),
+		zap.Bool("secret_key_set", strings.TrimSpace(monetixCfg.SecretKey) != ""),
+		zap.Int("allowed_currencies", len(monetixCfg.AllowedCurrencies)),
+		zap.Bool("require_customer_address", monetixCfg.RequireCustomerAddress),
+		zap.Duration("request_timeout", monetixCfg.RequestTimeout),
+		zap.String("status_success", monetixCfg.SuccessStatus()),
+		zap.String("status_processing", monetixCfg.ProcessingStatus()),
+	)
+
+	i.logger.Info("Callback configuration resolved",
+		zap.String("address", callbackCfg.Address),
+		zap.String("path", callbackCfg.Path),
+		zap.Int("allowed_cidrs", len(callbackCfg.AllowedCIDRs)),
+		zap.Int64("max_body_bytes", callbackCfg.MaxBodyBytes),
+	)
+
 	serviceFactory := func(logger mlogger.Logger, _ struct{}, producer msg.Producer) (grpcapp.Service, error) {
 		svc := mntxservice.NewService(logger,
 			mntxservice.WithProducer(producer),
@@ -137,7 +164,7 @@ func (i *Imp) Start() error {
 func (i *Imp) loadConfig() (*config, error) {
 	data, err := os.ReadFile(i.file)
 	if err != nil {
-		i.logger.Error("could not read configuration file", zap.String("config_file", i.file), zap.Error(err))
+		i.logger.Error("Could not read configuration file", zap.String("config_file", i.file), zap.Error(err))
 		return nil, err
 	}

@@ -145,7 +172,7 @@ func (i *Imp) loadConfig() (*config, error) {
 		Config: &grpcapp.Config{},
 	}
 	if err := yaml.Unmarshal(data, cfg); err != nil {
-		i.logger.Error("failed to parse configuration", zap.Error(err))
+		i.logger.Error("Failed to parse configuration", zap.Error(err))
 		return nil, err
 	}

@@ -245,7 +272,7 @@ func (i *Imp) resolveCallbackConfig(cfg callbackConfig) (callbackRuntimeConfig,
 		}
 		_, block, err := net.ParseCIDR(clean)
 		if err != nil {
-			i.logger.Warn("invalid callback allowlist CIDR skipped", zap.String("cidr", clean), zap.Error(err))
+			i.logger.Warn("Invalid callback allowlist CIDR skipped", zap.String("cidr", clean), zap.Error(err))
 			continue
 		}
 		cidrs = append(cidrs, block)
@@ -270,20 +297,36 @@ func (i *Imp) startHTTPCallbackServer(svc *mntxservice.Service, cfg callbackRunt

 	router := chi.NewRouter()
 	router.Post(cfg.Path, func(w http.ResponseWriter, r *http.Request) {
+		log := i.logger.Named("callback_http")
+		log.Debug("Callback request received",
+			zap.String("remote_addr", strings.TrimSpace(r.RemoteAddr)),
+			zap.String("path", r.URL.Path),
+			zap.String("method", r.Method),
+		)
+
 		if len(cfg.AllowedCIDRs) > 0 && !clientAllowed(r, cfg.AllowedCIDRs) {
+			ip := clientIPFromRequest(r)
+			remoteIP := ""
+			if ip != nil {
+				remoteIP = ip.String()
+			}
+			log.Warn("Callback rejected by CIDR allowlist", zap.String("remote_ip", remoteIP))
 			http.Error(w, "forbidden", http.StatusForbidden)
 			return
 		}
 		body, err := io.ReadAll(io.LimitReader(r.Body, cfg.MaxBodyBytes))
 		if err != nil {
+			log.Warn("Callback body read failed", zap.Error(err))
 			http.Error(w, "failed to read body", http.StatusBadRequest)
 			return
 		}
 		status, err := svc.ProcessMonetixCallback(r.Context(), body)
 		if err != nil {
+			log.Warn("Callback processing failed", zap.Error(err), zap.Int("status", status))
 			http.Error(w, err.Error(), status)
 			return
 		}
+		log.Debug("Callback processed", zap.Int("status", status))
 		w.WriteHeader(status)
 	})

@@ -301,7 +344,7 @@ func (i *Imp) startHTTPCallbackServer(svc *mntxservice.Service, cfg callbackRunt

 	go func() {
 		if err := server.Serve(ln); err != nil && !errors.Is(err, http.ErrServerClosed) {
-			i.logger.Error("Monetix callback server stopped with error", zap.Error(err))
+			i.logger.Warn("Monetix callback server stopped with error", zap.Error(err))
 		}
 	}()

--- a/api/gateway/mntx/internal/server/internal/serverimp_test.go
+++ b/api/gateway/mntx/internal/server/internal/serverimp_test.go
@@ -0,0 +1,52 @@
+package serverimp
+
+import (
+	"net"
+	"net/http"
+	"testing"
+)
+
+func TestClientIPFromRequest(t *testing.T) {
+	req := &http.Request{
+		Header:     http.Header{"X-Forwarded-For": []string{"1.2.3.4, 5.6.7.8"}},
+		RemoteAddr: "9.8.7.6:1234",
+	}
+	ip := clientIPFromRequest(req)
+	if ip == nil || ip.String() != "1.2.3.4" {
+		t.Fatalf("expected forwarded ip, got %v", ip)
+	}
+
+	req = &http.Request{RemoteAddr: "9.8.7.6:1234"}
+	ip = clientIPFromRequest(req)
+	if ip == nil || ip.String() != "9.8.7.6" {
+		t.Fatalf("expected remote addr ip, got %v", ip)
+	}
+
+	req = &http.Request{RemoteAddr: "invalid"}
+	ip = clientIPFromRequest(req)
+	if ip != nil {
+		t.Fatalf("expected nil ip, got %v", ip)
+	}
+}
+
+func TestClientAllowed(t *testing.T) {
+	_, cidr, err := net.ParseCIDR("10.0.0.0/8")
+	if err != nil {
+		t.Fatalf("failed to parse cidr: %v", err)
+	}
+
+	allowedReq := &http.Request{RemoteAddr: "10.1.2.3:1234"}
+	if !clientAllowed(allowedReq, []*net.IPNet{cidr}) {
+		t.Fatalf("expected allowed request")
+	}
+
+	deniedReq := &http.Request{RemoteAddr: "8.8.8.8:1234"}
+	if clientAllowed(deniedReq, []*net.IPNet{cidr}) {
+		t.Fatalf("expected denied request")
+	}
+
+	openReq := &http.Request{RemoteAddr: "8.8.8.8:1234"}
+	if !clientAllowed(openReq, nil) {
+		t.Fatalf("expected allow when no cidrs are configured")
+	}
+}
--- a/api/gateway/mntx/internal/service/gateway/callback.go
+++ b/api/gateway/mntx/internal/service/gateway/callback.go
@@ -10,6 +10,7 @@ import (
 	clockpkg "github.com/tech/sendico/pkg/clock"
 	"github.com/tech/sendico/pkg/merrors"
 	mntxv1 "github.com/tech/sendico/pkg/proto/gateway/mntx/v1"
+	"go.uber.org/zap"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )

@@ -66,9 +67,12 @@ type monetixCallback struct {

 // ProcessMonetixCallback ingests Monetix provider callbacks and updates payout state.
 func (s *Service) ProcessMonetixCallback(ctx context.Context, payload []byte) (int, error) {
+	log := s.logger.Named("callback")
 	if s.card == nil {
+		log.Warn("Card payout processor not initialised")
 		return http.StatusInternalServerError, merrors.Internal("card payout processor not initialised")
 	}
+	log.Debug("Callback processing requested", zap.Int("payload_bytes", len(payload)))
 	return s.card.ProcessCallback(ctx, payload)
 }

--- a/api/gateway/mntx/internal/service/gateway/callback_test.go
+++ b/api/gateway/mntx/internal/service/gateway/callback_test.go
@@ -0,0 +1,130 @@
+package gateway
+
+import (
+	"testing"
+	"time"
+
+	"github.com/tech/sendico/gateway/mntx/internal/service/monetix"
+	mntxv1 "github.com/tech/sendico/pkg/proto/gateway/mntx/v1"
+)
+
+type fixedClock struct {
+	now time.Time
+}
+
+func (f fixedClock) Now() time.Time {
+	return f.now
+}
+
+func baseCallback() monetixCallback {
+	cb := monetixCallback{
+		ProjectID: 42,
+	}
+	cb.Payment.ID = "payout-1"
+	cb.Payment.Status = "success"
+	cb.Payment.Sum.Amount = 5000
+	cb.Payment.Sum.Currency = "usd"
+	cb.Customer.ID = "cust-1"
+	cb.Operation.Status = "success"
+	cb.Operation.Code = ""
+	cb.Operation.Message = "ok"
+	cb.Operation.RequestID = "req-1"
+	cb.Operation.Provider.PaymentID = "prov-1"
+	return cb
+}
+
+func TestMapCallbackToState_StatusMapping(t *testing.T) {
+	now := time.Date(2024, 1, 2, 3, 4, 5, 0, time.UTC)
+	cfg := monetix.DefaultConfig()
+
+	cases := []struct {
+		name           string
+		paymentStatus  string
+		operationStatus string
+		code           string
+		expectedStatus mntxv1.PayoutStatus
+		expectedOutcome string
+	}{
+		{
+			name:            "success",
+			paymentStatus:   "success",
+			operationStatus: "success",
+			code:            "0",
+			expectedStatus:  mntxv1.PayoutStatus_PAYOUT_STATUS_PROCESSED,
+			expectedOutcome: monetix.OutcomeSuccess,
+		},
+		{
+			name:            "processing",
+			paymentStatus:   "processing",
+			operationStatus: "success",
+			code:            "",
+			expectedStatus:  mntxv1.PayoutStatus_PAYOUT_STATUS_PENDING,
+			expectedOutcome: monetix.OutcomeProcessing,
+		},
+		{
+			name:            "decline",
+			paymentStatus:   "failed",
+			operationStatus: "failed",
+			code:            "1",
+			expectedStatus:  mntxv1.PayoutStatus_PAYOUT_STATUS_FAILED,
+			expectedOutcome: monetix.OutcomeDecline,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			cb := baseCallback()
+			cb.Payment.Status = tc.paymentStatus
+			cb.Operation.Status = tc.operationStatus
+			cb.Operation.Code = tc.code
+
+			state, outcome := mapCallbackToState(fixedClock{now: now}, cfg, cb)
+			if state.Status != tc.expectedStatus {
+				t.Fatalf("expected status %v, got %v", tc.expectedStatus, state.Status)
+			}
+			if outcome != tc.expectedOutcome {
+				t.Fatalf("expected outcome %q, got %q", tc.expectedOutcome, outcome)
+			}
+			if state.Currency != "USD" {
+				t.Fatalf("expected currency USD, got %q", state.Currency)
+			}
+			if !state.UpdatedAt.AsTime().Equal(now) {
+				t.Fatalf("expected updated_at %v, got %v", now, state.UpdatedAt.AsTime())
+			}
+		})
+	}
+}
+
+func TestFallbackProviderPaymentID(t *testing.T) {
+	cb := baseCallback()
+	if got := fallbackProviderPaymentID(cb); got != "prov-1" {
+		t.Fatalf("expected provider payment id, got %q", got)
+	}
+	cb.Operation.Provider.PaymentID = ""
+	if got := fallbackProviderPaymentID(cb); got != "req-1" {
+		t.Fatalf("expected request id fallback, got %q", got)
+	}
+	cb.Operation.RequestID = ""
+	if got := fallbackProviderPaymentID(cb); got != "payout-1" {
+		t.Fatalf("expected payment id fallback, got %q", got)
+	}
+}
+
+func TestVerifyCallbackSignature(t *testing.T) {
+	secret := "secret"
+	cb := baseCallback()
+
+	sig, err := monetix.SignPayload(cb, secret)
+	if err != nil {
+		t.Fatalf("failed to sign payload: %v", err)
+	}
+	cb.Signature = sig
+	if err := verifyCallbackSignature(cb, secret); err != nil {
+		t.Fatalf("expected valid signature, got %v", err)
+	}
+
+	cb.Signature = "invalid"
+	if err := verifyCallbackSignature(cb, secret); err == nil {
+		t.Fatalf("expected signature mismatch error")
+	}
+}
--- a/api/gateway/mntx/internal/service/gateway/card_payout_handlers.go
+++ b/api/gateway/mntx/internal/service/gateway/card_payout_handlers.go
@@ -9,6 +9,7 @@ import (
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/mservice"
 	mntxv1 "github.com/tech/sendico/pkg/proto/gateway/mntx/v1"
+	"go.uber.org/zap"
 	"google.golang.org/protobuf/proto"
 )

@@ -17,14 +18,24 @@ func (s *Service) CreateCardPayout(ctx context.Context, req *mntxv1.CardPayoutRe
 }

 func (s *Service) handleCreateCardPayout(ctx context.Context, req *mntxv1.CardPayoutRequest) gsresponse.Responder[mntxv1.CardPayoutResponse] {
+	log := s.logger.Named("card_payout")
+	log.Info("Create card payout request received",
+		zap.String("payout_id", strings.TrimSpace(req.GetPayoutId())),
+		zap.String("customer_id", strings.TrimSpace(req.GetCustomerId())),
+		zap.Int64("amount_minor", req.GetAmountMinor()),
+		zap.String("currency", strings.ToUpper(strings.TrimSpace(req.GetCurrency()))),
+	)
 	if s.card == nil {
+		log.Warn("Card payout processor not initialised")
 		return gsresponse.Internal[mntxv1.CardPayoutResponse](s.logger, mservice.MntxGateway, merrors.Internal("card payout processor not initialised"))
 	}

 	resp, err := s.card.Submit(ctx, req)
 	if err != nil {
+		log.Warn("Card payout submission failed", zap.Error(err))
 		return gsresponse.Auto[mntxv1.CardPayoutResponse](s.logger, mservice.MntxGateway, err)
 	}
+	log.Info("Card payout submission completed", zap.String("payout_id", resp.GetPayout().GetPayoutId()), zap.Bool("accepted", resp.GetAccepted()))
 	return gsresponse.Success(resp)
 }

@@ -33,14 +44,24 @@ func (s *Service) CreateCardTokenPayout(ctx context.Context, req *mntxv1.CardTok
 }

 func (s *Service) handleCreateCardTokenPayout(ctx context.Context, req *mntxv1.CardTokenPayoutRequest) gsresponse.Responder[mntxv1.CardTokenPayoutResponse] {
+	log := s.logger.Named("card_token_payout")
+	log.Info("Create card token payout request received",
+		zap.String("payout_id", strings.TrimSpace(req.GetPayoutId())),
+		zap.String("customer_id", strings.TrimSpace(req.GetCustomerId())),
+		zap.Int64("amount_minor", req.GetAmountMinor()),
+		zap.String("currency", strings.ToUpper(strings.TrimSpace(req.GetCurrency()))),
+	)
 	if s.card == nil {
+		log.Warn("Card payout processor not initialised")
 		return gsresponse.Internal[mntxv1.CardTokenPayoutResponse](s.logger, mservice.MntxGateway, merrors.Internal("card payout processor not initialised"))
 	}

 	resp, err := s.card.SubmitToken(ctx, req)
 	if err != nil {
+		log.Warn("Card token payout submission failed", zap.Error(err))
 		return gsresponse.Auto[mntxv1.CardTokenPayoutResponse](s.logger, mservice.MntxGateway, err)
 	}
+	log.Info("Card token payout submission completed", zap.String("payout_id", resp.GetPayout().GetPayoutId()), zap.Bool("accepted", resp.GetAccepted()))
 	return gsresponse.Success(resp)
 }

@@ -49,14 +70,22 @@ func (s *Service) CreateCardToken(ctx context.Context, req *mntxv1.CardTokenizeR
 }

 func (s *Service) handleCreateCardToken(ctx context.Context, req *mntxv1.CardTokenizeRequest) gsresponse.Responder[mntxv1.CardTokenizeResponse] {
+	log := s.logger.Named("card_tokenize")
+	log.Info("Create card token request received",
+		zap.String("request_id", strings.TrimSpace(req.GetRequestId())),
+		zap.String("customer_id", strings.TrimSpace(req.GetCustomerId())),
+	)
 	if s.card == nil {
+		log.Warn("Card payout processor not initialised")
 		return gsresponse.Internal[mntxv1.CardTokenizeResponse](s.logger, mservice.MntxGateway, merrors.Internal("card payout processor not initialised"))
 	}

 	resp, err := s.card.Tokenize(ctx, req)
 	if err != nil {
+		log.Warn("Card tokenization failed", zap.Error(err))
 		return gsresponse.Auto[mntxv1.CardTokenizeResponse](s.logger, mservice.MntxGateway, err)
 	}
+	log.Info("Card tokenization completed", zap.String("request_id", resp.GetRequestId()), zap.Bool("success", resp.GetSuccess()))
 	return gsresponse.Success(resp)
 }

@@ -65,14 +94,19 @@ func (s *Service) GetCardPayoutStatus(ctx context.Context, req *mntxv1.GetCardPa
 }

 func (s *Service) handleGetCardPayoutStatus(_ context.Context, req *mntxv1.GetCardPayoutStatusRequest) gsresponse.Responder[mntxv1.GetCardPayoutStatusResponse] {
+	log := s.logger.Named("card_payout_status")
+	log.Info("Get card payout status request received", zap.String("payout_id", strings.TrimSpace(req.GetPayoutId())))
 	if s.card == nil {
+		log.Warn("Card payout processor not initialised")
 		return gsresponse.Internal[mntxv1.GetCardPayoutStatusResponse](s.logger, mservice.MntxGateway, merrors.Internal("card payout processor not initialised"))
 	}

 	state, err := s.card.Status(context.Background(), req.GetPayoutId())
 	if err != nil {
+		log.Warn("Card payout status lookup failed", zap.Error(err))
 		return gsresponse.Auto[mntxv1.GetCardPayoutStatusResponse](s.logger, mservice.MntxGateway, err)
 	}
+	log.Info("Card payout status retrieved", zap.String("payout_id", state.GetPayoutId()), zap.String("status", state.GetStatus().String()))
 	return gsresponse.Success(&mntxv1.GetCardPayoutStatusResponse{Payout: state})
 }

--- a/api/gateway/mntx/internal/service/gateway/card_payout_validation_test.go
+++ b/api/gateway/mntx/internal/service/gateway/card_payout_validation_test.go
@@ -0,0 +1,103 @@
+package gateway
+
+import (
+	"testing"
+
+	"github.com/tech/sendico/gateway/mntx/internal/service/monetix"
+	mntxv1 "github.com/tech/sendico/pkg/proto/gateway/mntx/v1"
+)
+
+func TestValidateCardPayoutRequest_Valid(t *testing.T) {
+	cfg := testMonetixConfig()
+	req := validCardPayoutRequest()
+	if err := validateCardPayoutRequest(req, cfg); err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+}
+
+func TestValidateCardPayoutRequest_Errors(t *testing.T) {
+	baseCfg := testMonetixConfig()
+	cases := []struct {
+		name     string
+		mutate   func(*mntxv1.CardPayoutRequest)
+		config   func(monetix.Config) monetix.Config
+		expected string
+	}{
+		{
+			name:     "missing_payout_id",
+			mutate:   func(r *mntxv1.CardPayoutRequest) { r.PayoutId = "" },
+			expected: "missing_payout_id",
+		},
+		{
+			name:     "missing_customer_id",
+			mutate:   func(r *mntxv1.CardPayoutRequest) { r.CustomerId = "" },
+			expected: "missing_customer_id",
+		},
+		{
+			name:     "missing_customer_ip",
+			mutate:   func(r *mntxv1.CardPayoutRequest) { r.CustomerIp = "" },
+			expected: "missing_customer_ip",
+		},
+		{
+			name:     "invalid_amount",
+			mutate:   func(r *mntxv1.CardPayoutRequest) { r.AmountMinor = 0 },
+			expected: "invalid_amount",
+		},
+		{
+			name:     "missing_currency",
+			mutate:   func(r *mntxv1.CardPayoutRequest) { r.Currency = "" },
+			expected: "missing_currency",
+		},
+		{
+			name:   "unsupported_currency",
+			mutate: func(r *mntxv1.CardPayoutRequest) { r.Currency = "EUR" },
+			config: func(cfg monetix.Config) monetix.Config {
+				cfg.AllowedCurrencies = []string{"USD"}
+				return cfg
+			},
+			expected: "unsupported_currency",
+		},
+		{
+			name:     "missing_card_pan",
+			mutate:   func(r *mntxv1.CardPayoutRequest) { r.CardPan = "" },
+			expected: "missing_card_pan",
+		},
+		{
+			name:     "missing_card_holder",
+			mutate:   func(r *mntxv1.CardPayoutRequest) { r.CardHolder = "" },
+			expected: "missing_card_holder",
+		},
+		{
+			name:     "invalid_expiry_month",
+			mutate:   func(r *mntxv1.CardPayoutRequest) { r.CardExpMonth = 13 },
+			expected: "invalid_expiry_month",
+		},
+		{
+			name:     "invalid_expiry_year",
+			mutate:   func(r *mntxv1.CardPayoutRequest) { r.CardExpYear = 0 },
+			expected: "invalid_expiry_year",
+		},
+		{
+			name:   "missing_customer_country_when_required",
+			mutate: func(r *mntxv1.CardPayoutRequest) { r.CustomerCountry = "" },
+			config: func(cfg monetix.Config) monetix.Config {
+				cfg.RequireCustomerAddress = true
+				return cfg
+			},
+			expected: "missing_customer_country",
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			req := validCardPayoutRequest()
+			tc.mutate(req)
+			cfg := baseCfg
+			if tc.config != nil {
+				cfg = tc.config(cfg)
+			}
+			err := validateCardPayoutRequest(req, cfg)
+			requireReason(t, err, tc.expected)
+		})
+	}
+}
--- a/api/gateway/mntx/internal/service/gateway/card_processor.go
+++ b/api/gateway/mntx/internal/service/gateway/card_processor.go
@@ -45,14 +45,20 @@ func (p *cardPayoutProcessor) Submit(ctx context.Context, req *mntxv1.CardPayout
 	if p == nil {
 		return nil, merrors.Internal("card payout processor not initialised")
 	}
+	p.logger.Info("Submitting card payout",
+		zap.String("payout_id", strings.TrimSpace(req.GetPayoutId())),
+		zap.String("customer_id", strings.TrimSpace(req.GetCustomerId())),
+		zap.Int64("amount_minor", req.GetAmountMinor()),
+		zap.String("currency", strings.ToUpper(strings.TrimSpace(req.GetCurrency()))),
+	)
 	if strings.TrimSpace(p.config.BaseURL) == "" || strings.TrimSpace(p.config.SecretKey) == "" {
-		p.logger.Warn("monetix configuration is incomplete for payout submission")
+		p.logger.Warn("Monetix configuration is incomplete for payout submission")
 		return nil, merrors.Internal("monetix configuration is incomplete")
 	}

 	req = sanitizeCardPayoutRequest(req)
 	if err := validateCardPayoutRequest(req, p.config); err != nil {
-		p.logger.Warn("card payout validation failed",
+		p.logger.Warn("Card payout validation failed",
 			zap.String("payout_id", req.GetPayoutId()),
 			zap.String("customer_id", req.GetCustomerId()),
 			zap.Error(err),
@@ -65,7 +71,7 @@ func (p *cardPayoutProcessor) Submit(ctx context.Context, req *mntxv1.CardPayout
 		projectID = p.config.ProjectID
 	}
 	if projectID == 0 {
-		p.logger.Warn("monetix project_id is not configured", zap.String("payout_id", req.GetPayoutId()))
+		p.logger.Warn("Monetix project_id is not configured", zap.String("payout_id", req.GetPayoutId()))
 		return nil, merrors.Internal("monetix project_id is not configured")
 	}

@@ -95,7 +101,7 @@ func (p *cardPayoutProcessor) Submit(ctx context.Context, req *mntxv1.CardPayout
 		state.ProviderMessage = err.Error()
 		state.UpdatedAt = timestamppb.New(p.clock.Now())
 		p.store.Save(state)
-		p.logger.Warn("monetix payout submission failed",
+		p.logger.Warn("Monetix payout submission failed",
 			zap.String("payout_id", req.GetPayoutId()),
 			zap.String("customer_id", req.GetCustomerId()),
 			zap.Error(err),
@@ -122,6 +128,13 @@ func (p *cardPayoutProcessor) Submit(ctx context.Context, req *mntxv1.CardPayout
 		ErrorMessage:      result.ErrorMessage,
 	}

+	p.logger.Info("Card payout submission stored",
+		zap.String("payout_id", state.GetPayoutId()),
+		zap.String("status", state.GetStatus().String()),
+		zap.Bool("accepted", result.Accepted),
+		zap.String("provider_request_id", result.ProviderRequestID),
+	)
+
 	return resp, nil
 }

@@ -129,14 +142,20 @@ func (p *cardPayoutProcessor) SubmitToken(ctx context.Context, req *mntxv1.CardT
 	if p == nil {
 		return nil, merrors.Internal("card payout processor not initialised")
 	}
+	p.logger.Info("Submitting card token payout",
+		zap.String("payout_id", strings.TrimSpace(req.GetPayoutId())),
+		zap.String("customer_id", strings.TrimSpace(req.GetCustomerId())),
+		zap.Int64("amount_minor", req.GetAmountMinor()),
+		zap.String("currency", strings.ToUpper(strings.TrimSpace(req.GetCurrency()))),
+	)
 	if strings.TrimSpace(p.config.BaseURL) == "" || strings.TrimSpace(p.config.SecretKey) == "" {
-		p.logger.Warn("monetix configuration is incomplete for token payout submission")
+		p.logger.Warn("Monetix configuration is incomplete for token payout submission")
 		return nil, merrors.Internal("monetix configuration is incomplete")
 	}

 	req = sanitizeCardTokenPayoutRequest(req)
 	if err := validateCardTokenPayoutRequest(req, p.config); err != nil {
-		p.logger.Warn("card token payout validation failed",
+		p.logger.Warn("Card token payout validation failed",
 			zap.String("payout_id", req.GetPayoutId()),
 			zap.String("customer_id", req.GetCustomerId()),
 			zap.Error(err),
@@ -149,7 +168,7 @@ func (p *cardPayoutProcessor) SubmitToken(ctx context.Context, req *mntxv1.CardT
 		projectID = p.config.ProjectID
 	}
 	if projectID == 0 {
-		p.logger.Warn("monetix project_id is not configured", zap.String("payout_id", req.GetPayoutId()))
+		p.logger.Warn("Monetix project_id is not configured", zap.String("payout_id", req.GetPayoutId()))
 		return nil, merrors.Internal("monetix project_id is not configured")
 	}

@@ -179,7 +198,7 @@ func (p *cardPayoutProcessor) SubmitToken(ctx context.Context, req *mntxv1.CardT
 		state.ProviderMessage = err.Error()
 		state.UpdatedAt = timestamppb.New(p.clock.Now())
 		p.store.Save(state)
-		p.logger.Warn("monetix token payout submission failed",
+		p.logger.Warn("Monetix token payout submission failed",
 			zap.String("payout_id", req.GetPayoutId()),
 			zap.String("customer_id", req.GetCustomerId()),
 			zap.Error(err),
@@ -206,6 +225,13 @@ func (p *cardPayoutProcessor) SubmitToken(ctx context.Context, req *mntxv1.CardT
 		ErrorMessage:      result.ErrorMessage,
 	}

+	p.logger.Info("Card token payout submission stored",
+		zap.String("payout_id", state.GetPayoutId()),
+		zap.String("status", state.GetStatus().String()),
+		zap.Bool("accepted", result.Accepted),
+		zap.String("provider_request_id", result.ProviderRequestID),
+	)
+
 	return resp, nil
 }

@@ -213,9 +239,13 @@ func (p *cardPayoutProcessor) Tokenize(ctx context.Context, req *mntxv1.CardToke
 	if p == nil {
 		return nil, merrors.Internal("card payout processor not initialised")
 	}
+	p.logger.Info("Submitting card tokenization",
+		zap.String("request_id", strings.TrimSpace(req.GetRequestId())),
+		zap.String("customer_id", strings.TrimSpace(req.GetCustomerId())),
+	)
 	cardInput, err := validateCardTokenizeRequest(req, p.config)
 	if err != nil {
-		p.logger.Warn("card tokenization validation failed",
+		p.logger.Warn("Card tokenization validation failed",
 			zap.String("request_id", req.GetRequestId()),
 			zap.String("customer_id", req.GetCustomerId()),
 			zap.Error(err),
@@ -228,7 +258,7 @@ func (p *cardPayoutProcessor) Tokenize(ctx context.Context, req *mntxv1.CardToke
 		projectID = p.config.ProjectID
 	}
 	if projectID == 0 {
-		p.logger.Warn("monetix project_id is not configured", zap.String("request_id", req.GetRequestId()))
+		p.logger.Warn("Monetix project_id is not configured", zap.String("request_id", req.GetRequestId()))
 		return nil, merrors.Internal("monetix project_id is not configured")
 	}

@@ -238,7 +268,7 @@ func (p *cardPayoutProcessor) Tokenize(ctx context.Context, req *mntxv1.CardToke
 	apiReq := buildCardTokenizeRequest(projectID, req, cardInput)
 	result, err := client.CreateCardTokenization(ctx, apiReq)
 	if err != nil {
-		p.logger.Warn("monetix tokenization request failed",
+		p.logger.Warn("Monetix tokenization request failed",
 			zap.String("request_id", req.GetRequestId()),
 			zap.String("customer_id", req.GetCustomerId()),
 			zap.Error(err),
@@ -258,6 +288,12 @@ func (p *cardPayoutProcessor) Tokenize(ctx context.Context, req *mntxv1.CardToke
 	resp.ExpiryYear = result.ExpiryYear
 	resp.CardBrand = result.CardBrand

+	p.logger.Info("Card tokenization completed",
+		zap.String("request_id", resp.GetRequestId()),
+		zap.Bool("success", resp.GetSuccess()),
+		zap.String("provider_request_id", result.ProviderRequestID),
+	)
+
 	return resp, nil
 }

@@ -267,16 +303,18 @@ func (p *cardPayoutProcessor) Status(_ context.Context, payoutID string) (*mntxv
 	}

 	id := strings.TrimSpace(payoutID)
+	p.logger.Info("Card payout status requested", zap.String("payout_id", id))
 	if id == "" {
-		p.logger.Warn("payout status requested with empty payout_id")
+		p.logger.Warn("Payout status requested with empty payout_id")
 		return nil, merrors.InvalidArgument("payout_id is required", "payout_id")
 	}

 	state, ok := p.store.Get(id)
 	if !ok || state == nil {
-		p.logger.Warn("payout status not found", zap.String("payout_id", id))
+		p.logger.Warn("Payout status not found", zap.String("payout_id", id))
 		return nil, merrors.NoData("payout not found")
 	}
+	p.logger.Info("Card payout status resolved", zap.String("payout_id", state.GetPayoutId()), zap.String("status", state.GetStatus().String()))
 	return state, nil
 }

@@ -284,18 +322,19 @@ func (p *cardPayoutProcessor) ProcessCallback(ctx context.Context, payload []byt
 	if p == nil {
 		return http.StatusInternalServerError, merrors.Internal("card payout processor not initialised")
 	}
+	p.logger.Debug("Processing Monetix callback", zap.Int("payload_bytes", len(payload)))
 	if len(payload) == 0 {
-		p.logger.Warn("received empty Monetix callback payload")
+		p.logger.Warn("Received empty Monetix callback payload")
 		return http.StatusBadRequest, merrors.InvalidArgument("callback body is empty")
 	}
 	if strings.TrimSpace(p.config.SecretKey) == "" {
-		p.logger.Warn("monetix secret key is not configured; cannot verify callback")
+		p.logger.Warn("Monetix secret key is not configured; cannot verify callback")
 		return http.StatusInternalServerError, merrors.Internal("monetix secret key is not configured")
 	}

 	var cb monetixCallback
 	if err := json.Unmarshal(payload, &cb); err != nil {
-		p.logger.Warn("failed to unmarshal Monetix callback", zap.Error(err))
+		p.logger.Warn("Failed to unmarshal Monetix callback", zap.Error(err))
 		return http.StatusBadRequest, err
 	}

@@ -318,7 +357,7 @@ func (p *cardPayoutProcessor) ProcessCallback(ctx context.Context, payload []byt
 	p.emitCardPayoutEvent(state)
 	monetix.ObserveCallback(statusLabel)

-	p.logger.Info("Monetix payout callback processed",
+	p.logger.Debug("Monetix payout callback processed",
 		zap.String("payout_id", state.GetPayoutId()),
 		zap.String("status", statusLabel),
 		zap.String("provider_code", state.GetProviderCode()),
@@ -337,16 +376,16 @@ func (p *cardPayoutProcessor) emitCardPayoutEvent(state *mntxv1.CardPayoutState)
 	event := &mntxv1.CardPayoutStatusChangedEvent{Payout: state}
 	payload, err := protojson.Marshal(event)
 	if err != nil {
-		p.logger.Warn("failed to marshal payout callback event", zap.Error(err))
+		p.logger.Warn("Failed to marshal payout callback event", zap.Error(err))
 		return
 	}

 	env := messaging.CreateEnvelope(string(mservice.MntxGateway), model.NewNotification(mservice.MntxGateway, nm.NAUpdated))
 	if _, err := env.Wrap(payload); err != nil {
-		p.logger.Warn("failed to wrap payout callback event payload", zap.Error(err))
+		p.logger.Warn("Failed to wrap payout callback event payload", zap.Error(err))
 		return
 	}
 	if err := p.producer.SendMessage(env); err != nil {
-		p.logger.Warn("failed to publish payout callback event", zap.Error(err))
+		p.logger.Warn("Failed to publish payout callback event", zap.Error(err))
 	}
 }
--- a/api/gateway/mntx/internal/service/gateway/card_processor_test.go
+++ b/api/gateway/mntx/internal/service/gateway/card_processor_test.go
@@ -0,0 +1,149 @@
+package gateway
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"io"
+	"net/http"
+	"testing"
+	"time"
+
+	"github.com/tech/sendico/gateway/mntx/internal/service/monetix"
+	clockpkg "github.com/tech/sendico/pkg/clock"
+	"github.com/tech/sendico/pkg/merrors"
+	mntxv1 "github.com/tech/sendico/pkg/proto/gateway/mntx/v1"
+	"go.uber.org/zap"
+	"google.golang.org/protobuf/types/known/timestamppb"
+)
+
+type roundTripperFunc func(*http.Request) (*http.Response, error)
+
+func (f roundTripperFunc) RoundTrip(r *http.Request) (*http.Response, error) {
+	return f(r)
+}
+
+type staticClock struct {
+	now time.Time
+}
+
+func (s staticClock) Now() time.Time {
+	return s.now
+}
+
+func TestCardPayoutProcessor_Submit_Success(t *testing.T) {
+	cfg := monetix.Config{
+		BaseURL:           "https://monetix.test",
+		SecretKey:         "secret",
+		ProjectID:         99,
+		AllowedCurrencies: []string{"RUB"},
+	}
+
+	existingCreated := timestamppb.New(time.Date(2020, 2, 3, 0, 0, 0, 0, time.UTC))
+	store := newCardPayoutStore()
+	store.Save(&mntxv1.CardPayoutState{
+		PayoutId:  "payout-1",
+		CreatedAt: existingCreated,
+	})
+
+	httpClient := &http.Client{
+		Transport: roundTripperFunc(func(r *http.Request) (*http.Response, error) {
+			resp := monetix.APIResponse{}
+			resp.Operation.RequestID = "req-123"
+			body, _ := json.Marshal(resp)
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(bytes.NewReader(body)),
+				Header:     http.Header{"Content-Type": []string{"application/json"}},
+			}, nil
+		}),
+	}
+
+	now := time.Date(2024, 1, 1, 12, 0, 0, 0, time.UTC)
+	processor := newCardPayoutProcessor(zap.NewNop(), cfg, staticClock{now: now}, store, httpClient, nil)
+
+	req := validCardPayoutRequest()
+	req.ProjectId = 0
+
+	resp, err := processor.Submit(context.Background(), req)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+	if !resp.GetAccepted() {
+		t.Fatalf("expected accepted payout response")
+	}
+	if resp.GetPayout().GetProjectId() != cfg.ProjectID {
+		t.Fatalf("expected project id %d, got %d", cfg.ProjectID, resp.GetPayout().GetProjectId())
+	}
+	if resp.GetPayout().GetStatus() != mntxv1.PayoutStatus_PAYOUT_STATUS_PENDING {
+		t.Fatalf("expected pending status, got %v", resp.GetPayout().GetStatus())
+	}
+	if !resp.GetPayout().GetCreatedAt().AsTime().Equal(existingCreated.AsTime()) {
+		t.Fatalf("expected created_at preserved, got %v", resp.GetPayout().GetCreatedAt().AsTime())
+	}
+
+	stored, ok := store.Get(req.GetPayoutId())
+	if !ok || stored == nil {
+		t.Fatalf("expected payout state stored")
+	}
+	if stored.GetProviderPaymentId() == "" {
+		t.Fatalf("expected provider payment id")
+	}
+}
+
+func TestCardPayoutProcessor_Submit_MissingConfig(t *testing.T) {
+	cfg := monetix.Config{
+		AllowedCurrencies: []string{"RUB"},
+	}
+	processor := newCardPayoutProcessor(zap.NewNop(), cfg, clockpkg.NewSystem(), newCardPayoutStore(), &http.Client{}, nil)
+
+	_, err := processor.Submit(context.Background(), validCardPayoutRequest())
+	if err == nil {
+		t.Fatalf("expected error")
+	}
+	if !errors.Is(err, merrors.ErrInternal) {
+		t.Fatalf("expected internal error, got %v", err)
+	}
+}
+
+func TestCardPayoutProcessor_ProcessCallback(t *testing.T) {
+	cfg := monetix.Config{
+		SecretKey:         "secret",
+		StatusSuccess:     "success",
+		StatusProcessing:  "processing",
+		AllowedCurrencies: []string{"RUB"},
+	}
+	store := newCardPayoutStore()
+	processor := newCardPayoutProcessor(zap.NewNop(), cfg, staticClock{now: time.Date(2024, 1, 2, 3, 4, 5, 0, time.UTC)}, store, &http.Client{}, nil)
+
+	cb := baseCallback()
+	cb.Payment.Sum.Currency = "RUB"
+	cb.Signature = ""
+	sig, err := monetix.SignPayload(cb, cfg.SecretKey)
+	if err != nil {
+		t.Fatalf("failed to sign callback: %v", err)
+	}
+	cb.Signature = sig
+
+	payload, err := json.Marshal(cb)
+	if err != nil {
+		t.Fatalf("failed to marshal callback: %v", err)
+	}
+
+	status, err := processor.ProcessCallback(context.Background(), payload)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+	if status != http.StatusOK {
+		t.Fatalf("expected status ok, got %d", status)
+	}
+
+	state, ok := store.Get(cb.Payment.ID)
+	if !ok || state == nil {
+		t.Fatalf("expected payout state stored")
+	}
+	if state.GetStatus() != mntxv1.PayoutStatus_PAYOUT_STATUS_PROCESSED {
+		t.Fatalf("expected processed status, got %v", state.GetStatus())
+	}
+}
--- a/api/gateway/mntx/internal/service/gateway/card_token_validation_test.go
+++ b/api/gateway/mntx/internal/service/gateway/card_token_validation_test.go
@@ -0,0 +1,93 @@
+package gateway
+
+import (
+	"testing"
+
+	"github.com/tech/sendico/gateway/mntx/internal/service/monetix"
+	mntxv1 "github.com/tech/sendico/pkg/proto/gateway/mntx/v1"
+)
+
+func TestValidateCardTokenPayoutRequest_Valid(t *testing.T) {
+	cfg := testMonetixConfig()
+	req := validCardTokenPayoutRequest()
+	if err := validateCardTokenPayoutRequest(req, cfg); err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+}
+
+func TestValidateCardTokenPayoutRequest_Errors(t *testing.T) {
+	baseCfg := testMonetixConfig()
+	cases := []struct {
+		name     string
+		mutate   func(*mntxv1.CardTokenPayoutRequest)
+		config   func(monetix.Config) monetix.Config
+		expected string
+	}{
+		{
+			name:     "missing_payout_id",
+			mutate:   func(r *mntxv1.CardTokenPayoutRequest) { r.PayoutId = "" },
+			expected: "missing_payout_id",
+		},
+		{
+			name:     "missing_customer_id",
+			mutate:   func(r *mntxv1.CardTokenPayoutRequest) { r.CustomerId = "" },
+			expected: "missing_customer_id",
+		},
+		{
+			name:     "missing_customer_ip",
+			mutate:   func(r *mntxv1.CardTokenPayoutRequest) { r.CustomerIp = "" },
+			expected: "missing_customer_ip",
+		},
+		{
+			name:     "invalid_amount",
+			mutate:   func(r *mntxv1.CardTokenPayoutRequest) { r.AmountMinor = 0 },
+			expected: "invalid_amount",
+		},
+		{
+			name:     "missing_currency",
+			mutate:   func(r *mntxv1.CardTokenPayoutRequest) { r.Currency = "" },
+			expected: "missing_currency",
+		},
+		{
+			name:   "unsupported_currency",
+			mutate: func(r *mntxv1.CardTokenPayoutRequest) { r.Currency = "EUR" },
+			config: func(cfg monetix.Config) monetix.Config {
+				cfg.AllowedCurrencies = []string{"USD"}
+				return cfg
+			},
+			expected: "unsupported_currency",
+		},
+		{
+			name:     "missing_card_token",
+			mutate:   func(r *mntxv1.CardTokenPayoutRequest) { r.CardToken = "" },
+			expected: "missing_card_token",
+		},
+		{
+			name:   "missing_customer_city_when_required",
+			mutate: func(r *mntxv1.CardTokenPayoutRequest) {
+				r.CustomerCountry = "US"
+				r.CustomerCity = ""
+				r.CustomerAddress = "Main St"
+				r.CustomerZip = "12345"
+			},
+			config: func(cfg monetix.Config) monetix.Config {
+				cfg.RequireCustomerAddress = true
+				return cfg
+			},
+			expected: "missing_customer_city",
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			req := validCardTokenPayoutRequest()
+			tc.mutate(req)
+			cfg := baseCfg
+			if tc.config != nil {
+				cfg = tc.config(cfg)
+			}
+			err := validateCardTokenPayoutRequest(req, cfg)
+			requireReason(t, err, tc.expected)
+		})
+	}
+}
--- a/api/gateway/mntx/internal/service/gateway/card_tokenize_validation_test.go
+++ b/api/gateway/mntx/internal/service/gateway/card_tokenize_validation_test.go
@@ -0,0 +1,76 @@
+package gateway
+
+import (
+	"testing"
+	"time"
+
+	mntxv1 "github.com/tech/sendico/pkg/proto/gateway/mntx/v1"
+)
+
+func TestValidateCardTokenizeRequest_ValidTopLevel(t *testing.T) {
+	cfg := testMonetixConfig()
+	req := validCardTokenizeRequest()
+	if _, err := validateCardTokenizeRequest(req, cfg); err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+}
+
+func TestValidateCardTokenizeRequest_ValidNestedCard(t *testing.T) {
+	cfg := testMonetixConfig()
+	req := validCardTokenizeRequest()
+	req.Card = &mntxv1.CardDetails{
+		Pan:        "4111111111111111",
+		ExpMonth:   req.CardExpMonth,
+		ExpYear:    req.CardExpYear,
+		CardHolder: req.CardHolder,
+		Cvv:        req.CardCvv,
+	}
+	req.CardPan = ""
+	req.CardExpMonth = 0
+	req.CardExpYear = 0
+	req.CardHolder = ""
+	req.CardCvv = ""
+
+	if _, err := validateCardTokenizeRequest(req, cfg); err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+}
+
+func TestValidateCardTokenizeRequest_Expired(t *testing.T) {
+	cfg := testMonetixConfig()
+	req := validCardTokenizeRequest()
+	now := time.Now().UTC()
+	req.CardExpMonth = uint32(now.Month())
+	req.CardExpYear = uint32(now.Year() - 1)
+
+	_, err := validateCardTokenizeRequest(req, cfg)
+	requireReason(t, err, "expired_card")
+}
+
+func TestValidateCardTokenizeRequest_MissingCvv(t *testing.T) {
+	cfg := testMonetixConfig()
+	req := validCardTokenizeRequest()
+	req.CardCvv = ""
+
+	_, err := validateCardTokenizeRequest(req, cfg)
+	requireReason(t, err, "missing_cvv")
+}
+
+func TestValidateCardTokenizeRequest_MissingCardPan(t *testing.T) {
+	cfg := testMonetixConfig()
+	req := validCardTokenizeRequest()
+	req.CardPan = ""
+
+	_, err := validateCardTokenizeRequest(req, cfg)
+	requireReason(t, err, "missing_card_pan")
+}
+
+func TestValidateCardTokenizeRequest_AddressRequired(t *testing.T) {
+	cfg := testMonetixConfig()
+	cfg.RequireCustomerAddress = true
+	req := validCardTokenizeRequest()
+	req.CustomerCountry = ""
+
+	_, err := validateCardTokenizeRequest(req, cfg)
+	requireReason(t, err, "missing_customer_country")
+}
--- a/api/gateway/mntx/internal/service/gateway/metrics.go
+++ b/api/gateway/mntx/internal/service/gateway/metrics.go
@@ -164,11 +164,3 @@ func statusLabel(err error) string {
 		return "error"
 	}
 }
-
-func normalizeCallbackStatus(status string) string {
-	status = strings.TrimSpace(status)
-	if status == "" {
-		return "unknown"
-	}
-	return strings.ToLower(status)
-}
--- a/api/gateway/mntx/internal/service/gateway/payout_get.go
+++ b/api/gateway/mntx/internal/service/gateway/payout_get.go
@@ -9,6 +9,7 @@ import (
 	"github.com/tech/sendico/pkg/merrors"
 	"github.com/tech/sendico/pkg/mservice"
 	mntxv1 "github.com/tech/sendico/pkg/proto/gateway/mntx/v1"
+	"go.uber.org/zap"
 )

 func (s *Service) GetPayout(ctx context.Context, req *mntxv1.GetPayoutRequest) (*mntxv1.GetPayoutResponse, error) {
@@ -17,14 +18,19 @@ func (s *Service) GetPayout(ctx context.Context, req *mntxv1.GetPayoutRequest) (

 func (s *Service) handleGetPayout(_ context.Context, req *mntxv1.GetPayoutRequest) gsresponse.Responder[mntxv1.GetPayoutResponse] {
 	ref := strings.TrimSpace(req.GetPayoutRef())
+	log := s.logger.Named("payout")
+	log.Info("Get payout request received", zap.String("payout_ref", ref))
 	if ref == "" {
+		log.Warn("Get payout request missing payout_ref")
 		return gsresponse.InvalidArgument[mntxv1.GetPayoutResponse](s.logger, mservice.MntxGateway, merrors.InvalidArgument("payout_ref is required", "payout_ref"))
 	}

 	payout, ok := s.store.Get(ref)
 	if !ok {
+		log.Warn("Payout not found", zap.String("payout_ref", ref))
 		return gsresponse.NotFound[mntxv1.GetPayoutResponse](s.logger, mservice.MntxGateway, merrors.NoData(fmt.Sprintf("payout %s not found", ref)))
 	}

+	log.Info("Payout retrieved", zap.String("payout_ref", ref), zap.String("status", payout.GetStatus().String()))
 	return gsresponse.Success(&mntxv1.GetPayoutResponse{Payout: payout})
 }
--- a/api/gateway/mntx/internal/service/gateway/payout_submit.go
+++ b/api/gateway/mntx/internal/service/gateway/payout_submit.go
@@ -22,8 +22,17 @@ func (s *Service) SubmitPayout(ctx context.Context, req *mntxv1.SubmitPayoutRequ
 }

 func (s *Service) handleSubmitPayout(_ context.Context, req *mntxv1.SubmitPayoutRequest) gsresponse.Responder[mntxv1.SubmitPayoutResponse] {
+	log := s.logger.Named("payout")
+	log.Info("Submit payout request received",
+		zap.String("idempotency_key", strings.TrimSpace(req.GetIdempotencyKey())),
+		zap.String("organization_ref", strings.TrimSpace(req.GetOrganizationRef())),
+		zap.String("currency", strings.TrimSpace(req.GetAmount().GetCurrency())),
+		zap.String("amount", strings.TrimSpace(req.GetAmount().GetAmount())),
+	)
+
 	payout, err := s.buildPayout(req)
 	if err != nil {
+		log.Warn("Submit payout validation failed", zap.Error(err))
 		return gsresponse.Auto[mntxv1.SubmitPayoutResponse](s.logger, mservice.MntxGateway, err)
 	}

@@ -31,6 +40,7 @@ func (s *Service) handleSubmitPayout(_ context.Context, req *mntxv1.SubmitPayout
 	s.emitEvent(payout, nm.NAPending)
 	go s.completePayout(payout, strings.TrimSpace(req.GetSimulatedFailureReason()))

+	log.Info("Payout accepted", zap.String("payout_ref", payout.GetPayoutRef()), zap.String("status", payout.GetStatus().String()))
 	return gsresponse.Success(&mntxv1.SubmitPayoutResponse{Payout: payout})
 }

@@ -79,6 +89,7 @@ func (s *Service) buildPayout(req *mntxv1.SubmitPayoutRequest) (*mntxv1.Payout,
 }

 func (s *Service) completePayout(original *mntxv1.Payout, simulatedFailure string) {
+	log := s.logger.Named("payout")
 	outcome := clonePayout(original)
 	if outcome == nil {
 		return
@@ -95,6 +106,7 @@ func (s *Service) completePayout(original *mntxv1.Payout, simulatedFailure strin
 		observePayoutError(simulatedFailure, outcome.Amount)
 		s.store.Save(outcome)
 		s.emitEvent(outcome, nm.NAUpdated)
+		log.Info("Payout completed", zap.String("payout_ref", outcome.GetPayoutRef()), zap.String("status", outcome.GetStatus().String()), zap.String("failure_reason", simulatedFailure))
 		return
 	}

@@ -102,6 +114,7 @@ func (s *Service) completePayout(original *mntxv1.Payout, simulatedFailure strin
 	observePayoutSuccess(outcome.Amount)
 	s.store.Save(outcome)
 	s.emitEvent(outcome, nm.NAUpdated)
+	log.Info("Payout completed", zap.String("payout_ref", outcome.GetPayoutRef()), zap.String("status", outcome.GetStatus().String()))
 }

 func (s *Service) emitEvent(payout *mntxv1.Payout, action nm.NotificationAction) {
@@ -111,18 +124,18 @@ func (s *Service) emitEvent(payout *mntxv1.Payout, action nm.NotificationAction)

 	payload, err := protojson.Marshal(&mntxv1.PayoutStatusChangedEvent{Payout: payout})
 	if err != nil {
-		s.logger.Warn("failed to marshal payout event", zapError(err))
+		s.logger.Warn("Failed to marshal payout event", zapError(err))
 		return
 	}

 	env := messaging.CreateEnvelope(string(mservice.MntxGateway), model.NewNotification(mservice.MntxGateway, action))
 	if _, err := env.Wrap(payload); err != nil {
-		s.logger.Warn("failed to wrap payout event payload", zapError(err))
+		s.logger.Warn("Failed to wrap payout event payload", zapError(err))
 		return
 	}

 	if err := s.producer.SendMessage(env); err != nil {
-		s.logger.Warn("failed to publish payout event", zapError(err))
+		s.logger.Warn("Failed to publish payout event", zapError(err))
 	}
 }

--- a/api/gateway/mntx/internal/service/gateway/service.go
+++ b/api/gateway/mntx/internal/service/gateway/service.go
@@ -14,6 +14,7 @@ import (
 	"github.com/tech/sendico/pkg/mlogger"
 	"github.com/tech/sendico/pkg/mservice"
 	mntxv1 "github.com/tech/sendico/pkg/proto/gateway/mntx/v1"
+	"go.uber.org/zap"
 	"google.golang.org/grpc"
 )

@@ -97,9 +98,19 @@ func (s *Service) Register(router routers.GRPC) error {
 }

 func executeUnary[TReq any, TResp any](ctx context.Context, svc *Service, method string, handler func(context.Context, *TReq) gsresponse.Responder[TResp], req *TReq) (*TResp, error) {
+	log := svc.logger.Named("rpc")
+	log.Info("RPC request started", zap.String("method", method))
+
 	start := svc.clock.Now()
 	resp, err := gsresponse.Unary(svc.logger, mservice.MntxGateway, handler)(ctx, req)
-	observeRPC(method, err, svc.clock.Now().Sub(start))
+	duration := svc.clock.Now().Sub(start)
+	observeRPC(method, err, duration)
+
+	if err != nil {
+		log.Warn("RPC request failed", zap.String("method", method), zap.Duration("duration", duration), zap.Error(err))
+	} else {
+		log.Info("RPC request completed", zap.String("method", method), zap.Duration("duration", duration))
+	}
 	return resp, err
 }

--- a/api/gateway/mntx/internal/service/gateway/testhelpers_test.go
+++ b/api/gateway/mntx/internal/service/gateway/testhelpers_test.go
@@ -0,0 +1,84 @@
+package gateway
+
+import (
+	"errors"
+	"testing"
+	"time"
+
+	"github.com/tech/sendico/gateway/mntx/internal/service/monetix"
+	"github.com/tech/sendico/pkg/merrors"
+	mntxv1 "github.com/tech/sendico/pkg/proto/gateway/mntx/v1"
+)
+
+func requireReason(t *testing.T, err error, reason string) {
+	t.Helper()
+	if err == nil {
+		t.Fatalf("expected error")
+	}
+	if !errors.Is(err, merrors.ErrInvalidArg) {
+		t.Fatalf("expected invalid argument error, got %v", err)
+	}
+	reasoned, ok := err.(payoutFailure)
+	if !ok {
+		t.Fatalf("expected payout failure reason, got %T", err)
+	}
+	if reasoned.Reason() != reason {
+		t.Fatalf("expected reason %q, got %q", reason, reasoned.Reason())
+	}
+}
+
+func testMonetixConfig() monetix.Config {
+	return monetix.Config{
+		AllowedCurrencies: []string{"RUB", "USD"},
+	}
+}
+
+func validCardPayoutRequest() *mntxv1.CardPayoutRequest {
+	return &mntxv1.CardPayoutRequest{
+		PayoutId:          "payout-1",
+		CustomerId:        "cust-1",
+		CustomerFirstName: "Jane",
+		CustomerLastName:  "Doe",
+		CustomerIp:        "203.0.113.10",
+		AmountMinor:       1500,
+		Currency:          "RUB",
+		CardPan:           "4111111111111111",
+		CardHolder:        "JANE DOE",
+		CardExpMonth:      12,
+		CardExpYear:       2035,
+	}
+}
+
+func validCardTokenPayoutRequest() *mntxv1.CardTokenPayoutRequest {
+	return &mntxv1.CardTokenPayoutRequest{
+		PayoutId:          "payout-1",
+		CustomerId:        "cust-1",
+		CustomerFirstName: "Jane",
+		CustomerLastName:  "Doe",
+		CustomerIp:        "203.0.113.11",
+		AmountMinor:       2500,
+		Currency:          "USD",
+		CardToken:         "tok_123",
+	}
+}
+
+func validCardTokenizeRequest() *mntxv1.CardTokenizeRequest {
+	month, year := futureExpiry()
+	return &mntxv1.CardTokenizeRequest{
+		RequestId:         "req-1",
+		CustomerId:        "cust-1",
+		CustomerFirstName: "Jane",
+		CustomerLastName:  "Doe",
+		CustomerIp:        "203.0.113.12",
+		CardPan:           "4111111111111111",
+		CardHolder:        "JANE DOE",
+		CardCvv:           "123",
+		CardExpMonth:      month,
+		CardExpYear:       year,
+	}
+}
+
+func futureExpiry() (uint32, uint32) {
+	now := time.Now().UTC()
+	return uint32(now.Month()), uint32(now.Year() + 1)
+}
--- a/api/gateway/mntx/internal/service/monetix/client.go
+++ b/api/gateway/mntx/internal/service/monetix/client.go
@@ -2,10 +2,6 @@ package monetix

 import (
 	"context"
-	"crypto/hmac"
-	"crypto/sha256"
-	"encoding/hex"
-	"encoding/json"
 	"net/http"

 	"github.com/tech/sendico/pkg/mlogger"
@@ -45,21 +41,3 @@ func (c *Client) CreateCardTokenPayout(ctx context.Context, req CardTokenPayoutR
 func (c *Client) CreateCardTokenization(ctx context.Context, req CardTokenizeRequest) (*TokenizationResult, error) {
 	return c.sendTokenization(ctx, req)
 }
-
-func signPayload(payload any, secret string) (string, error) {
-	data, err := json.Marshal(payload)
-	if err != nil {
-		return "", err
-	}
-
-	h := hmac.New(sha256.New, []byte(secret))
-	if _, err := h.Write(data); err != nil {
-		return "", err
-	}
-	return hex.EncodeToString(h.Sum(nil)), nil
-}
-
-// SignPayload exposes signature calculation for callback verification.
-func SignPayload(payload any, secret string) (string, error) {
-	return signPayload(payload, secret)
-}
--- a/api/gateway/mntx/internal/service/monetix/mask_test.go
+++ b/api/gateway/mntx/internal/service/monetix/mask_test.go
@@ -0,0 +1,23 @@
+package monetix
+
+import "testing"
+
+func TestMaskPAN(t *testing.T) {
+	cases := []struct {
+		input    string
+		expected string
+	}{
+		{input: "1234", expected: "****"},
+		{input: "1234567890", expected: "12******90"},
+		{input: "1234567890123456", expected: "123456******3456"},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.input, func(t *testing.T) {
+			got := MaskPAN(tc.input)
+			if got != tc.expected {
+				t.Fatalf("expected %q, got %q", tc.expected, got)
+			}
+		})
+	}
+}
--- a/api/gateway/mntx/internal/service/monetix/sender.go
+++ b/api/gateway/mntx/internal/service/monetix/sender.go
@@ -24,7 +24,7 @@ func (c *Client) sendCardPayout(ctx context.Context, req CardPayoutRequest) (*Ca
 	maskedPAN := MaskPAN(req.Card.PAN)
 	return c.send(ctx, &req, "/v2/payment/card/payout",
 		func() {
-			c.logger.Info("dispatching Monetix card payout",
+			c.logger.Info("Dispatching Monetix card payout",
 				zap.String("payout_id", req.General.PaymentID),
 				zap.Int64("amount_minor", req.Payment.Amount),
 				zap.String("currency", req.Payment.Currency),
@@ -47,7 +47,7 @@ func (c *Client) sendCardPayout(ctx context.Context, req CardPayoutRequest) (*Ca
 func (c *Client) sendCardTokenPayout(ctx context.Context, req CardTokenPayoutRequest) (*CardPayoutSendResult, error) {
 	return c.send(ctx, &req, "/v2/payment/card/payout/token",
 		func() {
-			c.logger.Info("dispatching Monetix card token payout",
+			c.logger.Info("Dispatching Monetix card token payout",
 				zap.String("payout_id", req.General.PaymentID),
 				zap.Int64("amount_minor", req.Payment.Amount),
 				zap.String("currency", req.Payment.Currency),
@@ -101,7 +101,7 @@ func (c *Client) sendTokenization(ctx context.Context, req CardTokenizeRequest)
 	httpReq.Header.Set("Content-Type", "application/json")
 	httpReq.Header.Set("Accept", "application/json")

-	c.logger.Info("dispatching Monetix card tokenization",
+	c.logger.Info("Dispatching Monetix card tokenization",
 		zap.String("request_id", req.General.PaymentID),
 		zap.String("masked_pan", MaskPAN(req.Card.PAN)),
 	)
@@ -111,7 +111,7 @@ func (c *Client) sendTokenization(ctx context.Context, req CardTokenizeRequest)
 	duration := time.Since(start)
 	if err != nil {
 		observeRequest(outcomeNetworkError, duration)
-		c.logger.Warn("monetix tokenization request failed", zap.Error(err))
+		c.logger.Warn("Monetix tokenization request failed", zap.Error(err))
 		return nil, merrors.Internal("monetix tokenization request failed: " + err.Error())
 	}
 	defer resp.Body.Close()
@@ -133,7 +133,7 @@ func (c *Client) sendTokenization(ctx context.Context, req CardTokenizeRequest)
 	var apiResp APIResponse
 	if len(body) > 0 {
 		if err := json.Unmarshal(body, &apiResp); err != nil {
-			c.logger.Warn("failed to decode Monetix tokenization response", zap.String("request_id", req.General.PaymentID), zap.Int("status_code", resp.StatusCode), zap.Error(err))
+			c.logger.Warn("Failed to decode Monetix tokenization response", zap.String("request_id", req.General.PaymentID), zap.Int("status_code", resp.StatusCode), zap.Error(err))
 		} else {
 			var tokenData struct {
 				Token       string `json:"token"`
@@ -245,7 +245,7 @@ func (c *Client) send(ctx context.Context, req any, path string, dispatchLog fun
 	var apiResp APIResponse
 	if len(body) > 0 {
 		if err := json.Unmarshal(body, &apiResp); err != nil {
-			c.logger.Warn("failed to decode Monetix response", zap.Int("status_code", resp.StatusCode), zap.Error(err))
+			c.logger.Warn("Failed to decode Monetix response", zap.Int("status_code", resp.StatusCode), zap.Error(err))
 		}
 	}

--- a/api/gateway/mntx/internal/service/monetix/sender_test.go
+++ b/api/gateway/mntx/internal/service/monetix/sender_test.go
@@ -0,0 +1,128 @@
+package monetix
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"io"
+	"net/http"
+	"strings"
+	"testing"
+
+	"go.uber.org/zap"
+)
+
+type roundTripperFunc func(*http.Request) (*http.Response, error)
+
+func (f roundTripperFunc) RoundTrip(r *http.Request) (*http.Response, error) {
+	return f(r)
+}
+
+func TestSendCardPayout_SignsPayload(t *testing.T) {
+	secret := "secret"
+	var captured CardPayoutRequest
+
+	httpClient := &http.Client{
+		Transport: roundTripperFunc(func(r *http.Request) (*http.Response, error) {
+			if r.URL.Path != "/v2/payment/card/payout" {
+				t.Fatalf("expected payout path, got %q", r.URL.Path)
+			}
+			body, _ := io.ReadAll(r.Body)
+			if err := json.Unmarshal(body, &captured); err != nil {
+				t.Fatalf("failed to decode request: %v", err)
+			}
+			resp := APIResponse{}
+			resp.Operation.RequestID = "req-1"
+			payload, _ := json.Marshal(resp)
+			return &http.Response{
+				StatusCode: http.StatusOK,
+				Body:       io.NopCloser(bytes.NewReader(payload)),
+				Header:     http.Header{"Content-Type": []string{"application/json"}},
+			}, nil
+		}),
+	}
+
+	cfg := Config{
+		BaseURL:   "https://monetix.test",
+		SecretKey: secret,
+	}
+	client := NewClient(cfg, httpClient, zap.NewNop())
+
+	req := CardPayoutRequest{
+		General: General{ProjectID: 1, PaymentID: "payout-1"},
+		Customer: Customer{
+			ID:        "cust-1",
+			FirstName: "Jane",
+			LastName:  "Doe",
+			IP:        "203.0.113.10",
+		},
+		Payment: Payment{Amount: 1000, Currency: "RUB"},
+		Card:    Card{PAN: "4111111111111111", Year: 2030, Month: 12, CardHolder: "JANE DOE"},
+	}
+
+	result, err := client.CreateCardPayout(context.Background(), req)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+	if !result.Accepted {
+		t.Fatalf("expected accepted response")
+	}
+	if captured.General.Signature == "" {
+		t.Fatalf("expected signature in request")
+	}
+
+	signed := captured
+	signed.General.Signature = ""
+	expectedSig, err := SignPayload(signed, secret)
+	if err != nil {
+		t.Fatalf("failed to compute signature: %v", err)
+	}
+	if captured.General.Signature != expectedSig {
+		t.Fatalf("expected signature %q, got %q", expectedSig, captured.General.Signature)
+	}
+}
+
+func TestSendCardPayout_HTTPError(t *testing.T) {
+	httpClient := &http.Client{
+		Transport: roundTripperFunc(func(r *http.Request) (*http.Response, error) {
+			body := `{"code":"E100","message":"denied"}`
+			return &http.Response{
+				StatusCode: http.StatusBadRequest,
+				Body:       io.NopCloser(strings.NewReader(body)),
+				Header:     http.Header{"Content-Type": []string{"application/json"}},
+			}, nil
+		}),
+	}
+
+	cfg := Config{
+		BaseURL:   "https://monetix.test",
+		SecretKey: "secret",
+	}
+	client := NewClient(cfg, httpClient, zap.NewNop())
+
+	req := CardPayoutRequest{
+		General: General{ProjectID: 1, PaymentID: "payout-1"},
+		Customer: Customer{
+			ID:        "cust-1",
+			FirstName: "Jane",
+			LastName:  "Doe",
+			IP:        "203.0.113.10",
+		},
+		Payment: Payment{Amount: 1000, Currency: "RUB"},
+		Card:    Card{PAN: "4111111111111111", Year: 2030, Month: 12, CardHolder: "JANE DOE"},
+	}
+
+	result, err := client.CreateCardPayout(context.Background(), req)
+	if err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+	if result.Accepted {
+		t.Fatalf("expected rejected response")
+	}
+	if result.ErrorCode != "E100" {
+		t.Fatalf("expected error code E100, got %q", result.ErrorCode)
+	}
+	if result.ErrorMessage != "denied" {
+		t.Fatalf("expected error message denied, got %q", result.ErrorMessage)
+	}
+}
--- a/api/gateway/mntx/internal/service/monetix/signature.go
+++ b/api/gateway/mntx/internal/service/monetix/signature.go
@@ -0,0 +1,112 @@
+package monetix
+
+import (
+	"bytes"
+	"crypto/hmac"
+	"crypto/sha512"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"sort"
+	"strconv"
+	"strings"
+)
+
+func signPayload(payload any, secret string) (string, error) {
+	canonical, err := signaturePayloadString(payload)
+	if err != nil {
+		return "", err
+	}
+
+	mac := hmac.New(sha512.New, []byte(secret))
+	if _, err := mac.Write([]byte(canonical)); err != nil {
+		return "", err
+	}
+	return base64.StdEncoding.EncodeToString(mac.Sum(nil)), nil
+}
+
+// SignPayload exposes signature calculation for callback verification.
+func SignPayload(payload any, secret string) (string, error) {
+	return signPayload(payload, secret)
+}
+
+func signaturePayloadString(payload any) (string, error) {
+	data, err := json.Marshal(payload)
+	if err != nil {
+		return "", err
+	}
+
+	var root any
+	decoder := json.NewDecoder(bytes.NewReader(data))
+	decoder.UseNumber()
+	if err := decoder.Decode(&root); err != nil {
+		return "", err
+	}
+
+	lines := make([]string, 0)
+	collectSignatureLines(nil, root, &lines)
+	sort.Strings(lines)
+
+	return strings.Join(lines, ";"), nil
+}
+
+func collectSignatureLines(path []string, value any, lines *[]string) {
+	switch v := value.(type) {
+	case map[string]any:
+		for key, child := range v {
+			if strings.EqualFold(key, "signature") {
+				continue
+			}
+			collectSignatureLines(append(path, key), child, lines)
+		}
+	case []any:
+		if len(v) == 0 {
+			return
+		}
+		for idx, child := range v {
+			collectSignatureLines(append(path, strconv.Itoa(idx)), child, lines)
+		}
+	default:
+		line := formatSignatureLine(path, v)
+		if line != "" {
+			*lines = append(*lines, line)
+		}
+	}
+}
+
+func formatSignatureLine(path []string, value any) string {
+	if len(path) == 0 {
+		return ""
+	}
+	val := signatureValueString(value)
+	segments := append(append([]string{}, path...), val)
+	return strings.Join(segments, ":")
+}
+
+func signatureValueString(value any) string {
+	switch v := value.(type) {
+	case nil:
+		return "null"
+	case string:
+		return v
+	case json.Number:
+		return v.String()
+	case bool:
+		if v {
+			return "1"
+		}
+		return "0"
+	case float64:
+		return strconv.FormatFloat(v, 'f', -1, 64)
+	case float32:
+		return strconv.FormatFloat(float64(v), 'f', -1, 32)
+	case int:
+		return strconv.Itoa(v)
+	case int8, int16, int32, int64:
+		return fmt.Sprint(v)
+	case uint, uint8, uint16, uint32, uint64:
+		return fmt.Sprint(v)
+	default:
+		return fmt.Sprint(v)
+	}
+}
--- a/api/gateway/mntx/internal/service/monetix/signature_test.go
+++ b/api/gateway/mntx/internal/service/monetix/signature_test.go
@@ -0,0 +1,148 @@
+package monetix
+
+import "testing"
+
+func TestSignaturePayloadString_Example(t *testing.T) {
+	payload := map[string]any{
+		"general": map[string]any{
+			"project_id": 3254,
+			"payment_id": "id_38202316",
+			"signature":  "<ignored>",
+		},
+		"customer": map[string]any{
+			"id":         "585741",
+			"email":      "johndoe@example.com",
+			"first_name": "John",
+			"last_name":  "Doe",
+			"address":    "Downing str., 23",
+			"identify": map[string]any{
+				"doc_number": "54122312544",
+			},
+			"ip_address": "198.51.100.47",
+		},
+		"payment": map[string]any{
+			"amount":      10800,
+			"currency":    "USD",
+			"description": "Computer keyboards",
+		},
+		"receipt_data": map[string]any{
+			"positions": []any{
+				map[string]any{
+					"quantity":    "10",
+					"amount":      "108",
+					"description": "Computer keyboard",
+				},
+			},
+		},
+		"return_url": map[string]any{
+			"success": "https://paymentpage.example.com/complete-redirect?id=success",
+			"decline": "https://paymentpage.example.com/complete-redirect?id=decline",
+		},
+	}
+
+	got, err := signaturePayloadString(payload)
+	if err != nil {
+		t.Fatalf("failed to build signature string: %v", err)
+	}
+
+	expected := "customer:address:Downing str., 23;customer:email:johndoe@example.com;customer:first_name:John;customer:id:585741;customer:identify:doc_number:54122312544;customer:ip_address:198.51.100.47;customer:last_name:Doe;general:payment_id:id_38202316;general:project_id:3254;payment:amount:10800;payment:currency:USD;payment:description:Computer keyboards;receipt_data:positions:0:amount:108;receipt_data:positions:0:description:Computer keyboard;receipt_data:positions:0:quantity:10;return_url:decline:https://paymentpage.example.com/complete-redirect?id=decline;return_url:success:https://paymentpage.example.com/complete-redirect?id=success"
+	if got != expected {
+		t.Fatalf("unexpected signature string\nexpected: %s\ngot: %s", expected, got)
+	}
+}
+
+func TestSignPayload_Example(t *testing.T) {
+	payload := map[string]any{
+		"general": map[string]any{
+			"project_id": 3254,
+			"payment_id": "id_38202316",
+			"signature":  "<ignored>",
+		},
+		"customer": map[string]any{
+			"id":         "585741",
+			"email":      "johndoe@example.com",
+			"first_name": "John",
+			"last_name":  "Doe",
+			"address":    "Downing str., 23",
+			"identify": map[string]any{
+				"doc_number": "54122312544",
+			},
+			"ip_address": "198.51.100.47",
+		},
+		"payment": map[string]any{
+			"amount":      10800,
+			"currency":    "USD",
+			"description": "Computer keyboards",
+		},
+		"receipt_data": map[string]any{
+			"positions": []any{
+				map[string]any{
+					"quantity":    "10",
+					"amount":      "108",
+					"description": "Computer keyboard",
+				},
+			},
+		},
+		"return_url": map[string]any{
+			"success": "https://paymentpage.example.com/complete-redirect?id=success",
+			"decline": "https://paymentpage.example.com/complete-redirect?id=decline",
+		},
+	}
+
+	got, err := SignPayload(payload, "secret")
+	if err != nil {
+		t.Fatalf("failed to sign payload: %v", err)
+	}
+	expected := "lagSnuspAn+F6XkmQISqwtBg0PsiTy62fF9x33TM+278mnufIDZyi1yP0BQALuCxyikkIxIMbodBn2F8hMdRwA=="
+	if got != expected {
+		t.Fatalf("unexpected signature\nexpected: %s\ngot: %s", expected, got)
+	}
+}
+
+func TestSignaturePayloadString_BooleansAndArrays(t *testing.T) {
+	payload := map[string]any{
+		"flag":       true,
+		"false_flag": false,
+		"empty":      "",
+		"zero":       0,
+		"nested": map[string]any{
+			"list":  []any{},
+			"items": []any{"alpha", "beta"},
+		},
+	}
+
+	got, err := signaturePayloadString(payload)
+	if err != nil {
+		t.Fatalf("failed to build signature string: %v", err)
+	}
+
+	expected := "empty:;false_flag:0;flag:1;nested:items:0:alpha;nested:items:1:beta;zero:0"
+	if got != expected {
+		t.Fatalf("unexpected signature string\nexpected: %s\ngot: %s", expected, got)
+	}
+}
+
+func TestSignPayload_EthEstimateGasExample(t *testing.T) {
+	payload := map[string]any{
+		"jsonrpc": "2.0",
+		"id":      3,
+		"method":  "eth_estimateGas",
+		"params": []any{
+			map[string]any{
+				"from":     "0xfa89b4d534bdeb2713d4ffd893e79d6535fb58f8",
+				"to":       "0x44162e39eefd9296231e772663a92e72958e182f",
+				"gasPrice": "0x64",
+				"data":     "0xa9059cbb00000000000000000000000044162e39eefd9296231e772663a92e72958e182f00000000000000000000000000000000000000000000000000000000000f4240",
+			},
+		},
+	}
+
+	got, err := SignPayload(payload, "1")
+	if err != nil {
+		t.Fatalf("failed to sign payload: %v", err)
+	}
+	expected := "C4WbSvXKSMyX8yLamQcUe/Nzr6nSt9m3HYn4jHSyA7yi/FaTiqk0r8BlfIzfxSCoDaRgrSd82ihgZW+DxELhdQ=="
+	if got != expected {
+		t.Fatalf("unexpected signature\nexpected: %s\ngot: %s", expected, got)
+	}
+}
Author	SHA1	Message	Date
tech	aef5c99a22	Merge pull request 'wallet search fix' (#195 ) from chain-190 into main Some checks failed ci/woodpecker/push/chain_gateway Pipeline is pending Details ci/woodpecker/push/db Pipeline is pending Details ci/woodpecker/push/frontend Pipeline is pending Details ci/woodpecker/push/fx_ingestor Pipeline is pending Details ci/woodpecker/push/fx_oracle Pipeline is pending Details ci/woodpecker/push/ledger Pipeline is pending Details ci/woodpecker/push/mntx_gateway Pipeline is pending Details ci/woodpecker/push/nats Pipeline is pending Details ci/woodpecker/push/notification Pipeline is pending Details ci/woodpecker/push/payments_orchestrator Pipeline is pending Details ci/woodpecker/push/billing_fees Pipeline failed Details ci/woodpecker/push/bff Pipeline failed Details Reviewed-on: #195	2025-12-26 13:09:42 +00:00
Stephan D	be7c965234	wallet search fix	2025-12-26 14:09:16 +01:00
tech	34a565d86d	Merge pull request 'improved logging + autotests' (#189 ) from mntx-188 into main All checks were successful ci/woodpecker/push/billing_fees Pipeline was successful Details ci/woodpecker/push/bff Pipeline was successful Details ci/woodpecker/push/db Pipeline was successful Details ci/woodpecker/push/chain_gateway Pipeline was successful Details ci/woodpecker/push/fx_ingestor Pipeline was successful Details ci/woodpecker/push/fx_oracle Pipeline was successful Details ci/woodpecker/push/frontend Pipeline was successful Details ci/woodpecker/push/ledger Pipeline was successful Details ci/woodpecker/push/nats Pipeline was successful Details ci/woodpecker/push/mntx_gateway Pipeline was successful Details ci/woodpecker/push/notification Pipeline was successful Details ci/woodpecker/push/payments_orchestrator Pipeline was successful Details Reviewed-on: #189	2025-12-26 11:26:52 +00:00
Stephan D	171d90b3f7	improved logging + autotests	2025-12-26 12:26:28 +01:00