Skip to content

feat: adds observability with Worker logging and Sentry#26

Merged
wgordon17 merged 10 commits intogordon-code:mainfrom
wgordon17:feat/observability
Mar 28, 2026
Merged

feat: adds observability with Worker logging and Sentry#26
wgordon17 merged 10 commits intogordon-code:mainfrom
wgordon17:feat/observability

Conversation

@wgordon17
Copy link
Copy Markdown
Member

@wgordon17 wgordon17 commented Mar 28, 2026

Summary

  • Adds structured JSON logging to all Worker API endpoints (13 events covering token exchange lifecycle, CORS mismatch detection, and routing)
  • Adds Sentry error tracking client (@sentry/solid) with strict privacy hardening — no PII, no replay, no traces, URL scrubbing via beforeSend/beforeBreadcrumb
  • Adds Sentry tunnel proxy (/api/error-reporting) through the Worker for same-origin delivery (zero CSP changes, ad-blocker bypass) with DSN validation to prevent open-proxy abuse

wgordon17 added 10 commits March 28, 2026 11:06
@wgordon17
feat: adds Worker logging, Sentry tunnel, and error tracking
4426d37
@wgordon17
refactor(worker): simplifies Sentry config to single SENTRY_DSN var
8226c9d
@wgordon17
refactor(sentry): uses VITE_SENTRY_DSN env var, removes placeholder
fb08477
@wgordon17
refactor(sentry): hardcodes DSN directly, removes env var indirection
f948c7c
@wgordon17
chore(sentry): sets production DSN
684f76b
@wgordon17
fix: addresses PR review findings across security, testing, and quality
a283084 
- Fixes CI failure: removes test:waf script referencing gitignored hack/ dir
- Fixes Content-Length bypass: enforces body.length after read, not header
- Fixes parseSentryDsn path extraction: uses split/pop instead of replace
- Fixes query_string scrubbing: uses scrubUrl instead of blanket redaction
- Caches parsed DSN per isolate to avoid repeated URL parsing
- Replaces securityHeaders() function with SECURITY_HEADERS constant
- Moves token_exchange_started log after method check for accuracy
- Simplifies token_exchange_missing_code log payload to 2 fields
- Removes allowed_origin from api_request log (env var leak pattern)
- Exports scrubUrl/beforeSendHandler/beforeBreadcrumbHandler for testing
- Adds 26 new tests: sentry.ts unit tests, 413 enforcement, tunnel log
  assertions, OPTIONS tunnel, CORS mismatch for tunnel path
@wgordon17
fix(ci): moves WAF smoke tests from gitignored hack/ to tracked scripts/
d616132
@wgordon17
fix(ci): removes WAF smoke tests from CI (Cloudflare blocks runner IPs)
27cdba4
@wgordon17
feat(ci): adds WAF bypass header for CI smoke tests
848325e
@wgordon17
fix(ci): moves WAF smoke tests to deploy workflow
2c68042
@wgordon17 wgordon17 merged commit a879a1e into gordon-code:main Mar 28, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wgordon17