feat: integrate unused observability features

- Add request duration metrics via before/after request hooks
- Add PKI audit logging: CERT_ISSUED, CERT_REVOKED, AUTH_FAILURE
- Wire up observe_request_duration() from metrics.py
- Log certificate operations (registration, CA gen, issue, revoke)
- Log auth failures for revoked/expired certificates

app/__init__.py

@@ -3,6 +3,7 @@
 import logging
 import os
 import sys
+import time
 import uuid
 
 from flask import Flask, Response, g, request
@@ -92,6 +93,30 @@ def setup_request_id(app: Flask) -> None:
         return response
 
 
+def setup_request_metrics(app: Flask) -> None:
+    """Record request duration metrics for Prometheus."""
+    from app.metrics import observe_request_duration
+
+    @app.before_request
+    def record_request_start() -> None:
+        """Record request start time for duration metrics."""
+        g.request_start_time = time.time()
+
+    @app.after_request
+    def record_request_duration(response: Response) -> Response:
+        """Record request duration to Prometheus histogram."""
+        start_time = getattr(g, "request_start_time", None)
+        if start_time is not None:
+            duration = time.time() - start_time
+            observe_request_duration(
+                method=request.method,
+                endpoint=request.path,
+                status=response.status_code,
+                duration=duration,
+            )
+        return response
+
+
 def setup_error_handlers(app: Flask) -> None:
     """Register global error handlers with JSON responses."""
     import json
@@ -226,6 +251,10 @@ def create_app(config_name: str | None = None) -> Flask:
     # Setup metrics (skip in testing)
     setup_metrics(app)
 
+    # Setup request duration metrics (skip in testing)
+    if not app.config.get("TESTING"):
+        setup_request_metrics(app)
+
     # Initialize database
     from app import database