fix: preserve sessionId/requestId in middleware-flushed api_metrics

[2witstudios]

Closes #538

Summary

• Added sessionId and requestId fields to the RequestMetrics interface in the monitoring middleware
• Populated them in both the success and error track() calls
• Included them in the database flush insert mapping

This ensures that when metrics are batch-flushed to the api_metrics table, the session_id and request_id columns (which already existed in the DB schema) are now populated.

Changes

• apps/web/src/middleware/monitoring.ts
  • Added sessionId?: string and requestId?: string to RequestMetrics interface
  • Added sessionId: context.sessionId and requestId to the success-path metricsCollector.track() call
  • Added sessionId: context.sessionId and requestId to the error-path metricsCollector.track() call
  • Added sessionId: metric.sessionId and requestId: metric.requestId to the flush db.insert() mapping

Notes

• The apiMetrics DB schema already had sessionId and requestId columns — they were just never populated by the middleware flush
• The MonitoringIngestPayload (separate ingest endpoint) was already passing these fields correctly — only the buffered DB flush was missing them
• requestId comes from getOrCreateRequestId(request) which was already being called for the ingest path and response headers
• sessionId comes from context.sessionId via extractRequestContext() — the same source already used in the ingest payload

Test plan

• monitoring.ts has zero type errors
• All 2 existing monitoring tests pass
• Verify api_metrics rows contain session_id and request_id after deployment

🤖 Generated with Claude Code

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[coderabbitai]

Warning

Rate limit exceeded

@2witstudios has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 26 minutes and 19 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 3ddec7c and d71e8b2.

📒 Files selected for processing (1)

• apps/web/src/middleware/monitoring.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ppg/monitoring-session-ids

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[2witstudios]

Merge Readiness Review

Code Change Verified

The 8-line change in apps/web/src/middleware/monitoring.ts is correct:

• sessionId and requestId added to RequestMetrics interface (lines 22-23)
• Both fields mapped in flush() → db.insert() (lines 98-99)
• Both fields populated in success-path track() (lines 339-340)
• Both fields populated in error-path track() (lines 404-405)
• Symmetry between success/error paths is maintained
• Data sources match the existing ingest endpoint pattern

CI Status

Check	Status
Lint & TypeScript Check	✅ Pass
Security Test Suite	✅ Pass
Dependency Audit	✅ Pass
Secret Scanning	✅ Pass
Static Security Analysis	✅ Pass
CodeQL Security Analysis	✅ Pass
CodeRabbit	✅ Pass
Unit Tests	❌ Fail

Unit Test Failure — Pre-existing on master

The failing test is gift-subscription/route.security.test.ts — completely unrelated to this PR's monitoring change. Verified by running the same test on master:

✗ master: 12/12 tests fail (pg-pool connection error in test setup)
✗ ppg/monitoring-session-ids: same 12/12 tests fail (identical error)

This is a pre-existing infrastructure issue (test tries to connect to a real PostgreSQL instance) — not a regression from this PR.

Local Validation

• ✅ Monitoring-specific tests: 2/2 passing
• ✅ TypeScript: No type errors introduced by this PR (CI confirms)
• ✅ No unresolved review threads
• ✅ PR description accurately describes the change

Conclusion

This PR is merge-ready. The only CI failure is a pre-existing, unrelated test infrastructure issue on master.

🤖 Generated with Claude Code