refactor: unify server-side observability logging

src/__test__/unit/repo-error-from-http.test.ts

@@ -0,0 +1,24 @@
+import { describe, expect, it } from 'vitest'
+import {
+  getPublicRepoErrorMessage,
+  PUBLIC_ERROR_MESSAGE_INTERNAL,
+  repoErrorFromHttp,
+} from '@/core/shared/errors'
+
+describe('repoErrorFromHttp', () => {
+  it('preserves 400 messages as validation errors', () => {
+    const error = repoErrorFromHttp(400, 'User is already part of this team.')
+
+    expect(error.code).toBe('validation')
+    expect(getPublicRepoErrorMessage(error)).toBe(
+      'User is already part of this team.'
+    )
+  })
+
+  it('still obfuscates unexpected internal errors', () => {
+    const error = repoErrorFromHttp(500, 'database exploded')
+
+    expect(error.code).toBe('unavailable')
+    expect(getPublicRepoErrorMessage(error)).toBe(PUBLIC_ERROR_MESSAGE_INTERNAL)
+  })
+})

src/__test__/unit/request-observability.test.ts

@@ -0,0 +1,49 @@
+import { describe, expect, it } from 'vitest'
+import {
+  createRequestObservabilityContext,
+  createRequestObservabilityContextFromHeaders,
+  formatRequestLogMessage,
+} from '@/core/shared/clients/logger/request-observability'
+
+describe('request observability', () => {
+  it('extracts request path from an absolute URL', () => {
+    const requestContext = createRequestObservabilityContext({
+      requestUrl: 'https://dashboard.test/dashboard/acme/sandboxes?tab=logs',
+      transport: 'action',
+      handlerName: 'addTeamMember',
+    })
+
+    expect(requestContext.request_path).toBe('/dashboard/acme/sandboxes')
+    expect(requestContext.transport).toBe('action')
+    expect(requestContext.handler_name).toBe('addTeamMember')
+  })
+
+  it('prefers referer when deriving browser-origin request context', () => {
+    const headers = new Headers({
+      origin: 'https://dashboard.test',
+      referer: 'https://dashboard.test/dashboard/acme/sandboxes',
+      'next-url': '/api/trpc',
+    })
+
+    const requestContext = createRequestObservabilityContextFromHeaders(
+      headers,
+      {
+        fallbackPath: '/server/actions/addTeamMember',
+        preferReferer: true,
+      }
+    )
+
+    expect(requestContext.request_url).toBe(
+      'https://dashboard.test/dashboard/acme/sandboxes'
+    )
+    expect(requestContext.request_path).toBe('/dashboard/acme/sandboxes')
+  })
+
+  it('prefixes log messages with the request path', () => {
+    expect(
+      formatRequestLogMessage('action addTeamMember failed', {
+        request_path: '/dashboard/acme/sandboxes',
+      })
+    ).toBe('/dashboard/acme/sandboxes: action addTeamMember failed')
+  })
+})

src/app/api/teams/[teamSlug]/metrics/route.ts

@@ -4,86 +4,112 @@ import { getSessionInsecure } from '@/core/server/functions/auth/get-session'
 import { getTeamMetricsCore } from '@/core/server/functions/sandboxes/get-team-metrics-core'
 import { getTeamIdFromSlug } from '@/core/server/functions/team/get-team-id-from-slug'
 import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import { withRequestObservabilityFromRequest } from '@/core/shared/clients/logger/request-observability'
 import { getPublicErrorMessage } from '@/core/shared/errors'
 import { TeamMetricsRequestSchema, type TeamMetricsResponse } from './types'
 
 export async function POST(
   request: Request,
   { params }: { params: Promise<{ teamSlug: string }> }
 ) {
-  try {
-    const { teamSlug } = await params
-
-    const parsedInput = TeamMetricsRequestSchema.safeParse(await request.json())
-
-    if (!parsedInput.success) {
-      // should not happen
-      l.warn(
-        {
-          key: 'team_metrics_route_handler:invalid_request',
-          error: serializeErrorForLog(parsedInput.error),
-          team_slug: teamSlug,
-          context: {
-            request: parsedInput.data,
-          },
-        },
-        'team_metrics_route_handler: invalid request'
-      )
-
-      return Response.json({ error: 'Invalid request' }, { status: 400 })
+  return withRequestObservabilityFromRequest(
+    request,
+    {
+      fallbackPath: '/api/teams/[teamSlug]/metrics',
+      transport: 'route',
+      handlerName: 'teamMetricsRoute',
+    },
+    async () => {
+      try {
+        const { teamSlug } = await params
+
+        const parsedInput = TeamMetricsRequestSchema.safeParse(
+          await request.json()
+        )
+
+        if (!parsedInput.success) {
+          // should not happen
+          l.warn(
+            {
+              key: 'team_metrics_route_handler:invalid_request',
+              error: serializeErrorForLog(parsedInput.error),
+              team_slug: teamSlug,
+              context: {
+                request: parsedInput.data,
+              },
+            },
+            'team_metrics_route_handler: invalid request'
+          )
+
+          return Response.json({ error: 'Invalid request' }, { status: 400 })
+        }
+
+        const { start: startMs, end: endMs } = parsedInput.data
+
+        const session = await getSessionInsecure()
+
+        if (!session) {
+          l.warn(
+            {
+              key: 'team_metrics_route_handler:unauthenticated',
+              team_slug: teamSlug,
+            },
+            'team_metrics_route_handler: unauthenticated'
+          )
+
+          return Response.json({ error: 'Unauthenticated' }, { status: 401 })
+        }
+
+        const teamId = await getTeamIdFromSlug(teamSlug, session.access_token)
+
+        if (!teamId) {
+          l.warn(
+            {
+              key: 'team_metrics_route_handler:forbidden_team',
+              team_slug: teamSlug,
+              user_id: session.user.id,
+            },
+            'team_metrics_route_handler: forbidden team'
+          )
+
+          return Response.json({ error: 'Forbidden' }, { status: 403 })
+        }
+
+        const result = await getTeamMetricsCore({
+          accessToken: session.access_token,
+          teamId,
+          userId: session.user.id,
+          startMs,
+          endMs,
+        })
+
+        if (result.error) {
+          const safeMessage = getPublicErrorMessage({ status: result.status })
+          return Response.json(
+            { error: safeMessage },
+            { status: result.status }
+          )
+        }
+
+        if (!result.data) {
+          return Response.json(
+            { error: 'Internal server error' },
+            { status: 500 }
+          )
+        }
+
+        return Response.json(result.data satisfies TeamMetricsResponse)
+      } catch (error) {
+        l.error({
+          key: 'team_metrics_route_handler:unexpected_error',
+          error: serializeErrorForLog(error),
+        })
+
+        return Response.json(
+          { error: 'Internal server error' },
+          { status: 500 }
+        )
+      }
     }
-
-    const { start: startMs, end: endMs } = parsedInput.data
-
-    const session = await getSessionInsecure()
-
-    if (!session) {
-      l.warn(
-        {
-          key: 'team_metrics_route_handler:unauthenticated',
-          team_slug: teamSlug,
-        },
-        'team_metrics_route_handler: unauthenticated'
-      )
-
-      return Response.json({ error: 'Unauthenticated' }, { status: 401 })
-    }
-
-    const teamId = await getTeamIdFromSlug(teamSlug, session.access_token)
-
-    if (!teamId) {
-      l.warn(
-        {
-          key: 'team_metrics_route_handler:forbidden_team',
-          team_slug: teamSlug,
-          user_id: session.user.id,
-        },
-        'team_metrics_route_handler: forbidden team'
-      )
-
-      return Response.json({ error: 'Forbidden' }, { status: 403 })
-    }
-
-    const result = await getTeamMetricsCore({
-      accessToken: session.access_token,
-      teamId,
-      userId: session.user.id,
-      startMs,
-      endMs,
-    })
-
-    if (result.error) {
-      const safeMessage = getPublicErrorMessage({ status: result.status })
-      return Response.json({ error: safeMessage }, { status: result.status })
-    }
-
-    return Response.json(result.data! satisfies TeamMetricsResponse)
-  } catch (error) {
-    l.error({
-      key: 'team_metrics_route_handler:unexpected_error',
-      error: serializeErrorForLog(error),
-    })
-
-    return Response.json({ error: 'Internal server error' }, { status: 500 })
-  }
+  )
 }

src/app/api/trpc/[trpc]/route.ts

@@ -3,6 +3,7 @@ import type { NextRequest } from 'next/server'
 
 import { trpcAppRouter } from '@/core/server/api/routers'
 import { createTRPCContext } from '@/core/server/trpc/init'
+import { createRequestObservabilityContext } from '@/core/shared/clients/logger/request-observability'
 
 /**
  * This wraps the `createTRPCContext` helper and provides the required context for the tRPC API when
@@ -11,6 +12,12 @@ import { createTRPCContext } from '@/core/server/trpc/init'
 const createContext = async (req: NextRequest) => {
   return createTRPCContext({
     headers: req.headers,
+    requestObservability: createRequestObservabilityContext({
+      requestUrl: req.headers.get('referer') ?? req.url,
+      fallbackPath: '/api/trpc',
+      transport: 'trpc',
+      handlerName: 'http',
+    }),
   })
 }
 

src/core/server/actions/client.ts

@@ -1,5 +1,6 @@
 import { context, SpanStatusCode, trace } from '@opentelemetry/api'
 import type { Session, User } from '@supabase/supabase-js'
+import { headers } from 'next/headers'
 import { unauthorized } from 'next/navigation'
 import { createMiddleware, createSafeActionClient } from 'next-safe-action'
 import { z } from 'zod'
@@ -12,6 +13,10 @@ import { getSessionInsecure } from '@/core/server/functions/auth/get-session'
 import getUserByToken from '@/core/server/functions/auth/get-user-by-token'
 import { getTeamIdFromSlug } from '@/core/server/functions/team/get-team-id-from-slug'
 import { l, serializeErrorForLog } from '@/core/shared/clients/logger/logger'
+import {
+  createRequestObservabilityContextFromHeaders,
+  withRequestObservabilityContext,
+} from '@/core/shared/clients/logger/request-observability'
 import { createClient } from '@/core/shared/clients/supabase/server'
 import { getTracer } from '@/core/shared/clients/tracer'
 import { UnauthenticatedError, UnknownError } from '@/core/shared/errors'
@@ -105,14 +110,23 @@ export const actionClient = createSafeActionClient({
   const name = actionOrFunctionName
 
   const s = t.startSpan(`${type}:${name}`)
+  const headerStore = await headers()
+  const requestObservabilityContext =
+    createRequestObservabilityContextFromHeaders(headerStore, {
+      fallbackPath: `/server/${type}s/${name}`,
+      transport: type,
+      handlerName: name,
+      preferReferer: true,
+    })
 
   const startTime = performance.now()
 
-  const result = await context.with(
-    trace.setSpan(context.active(), s),
-    async () => {
-      return next()
-    }
+  const result = await withRequestObservabilityContext(
+    requestObservabilityContext,
+    () =>
+      context.with(trace.setSpan(context.active(), s), async () => {
+        return next()
+      })
   )
 
   const duration = performance.now() - startTime
@@ -122,6 +136,9 @@ export const actionClient = createSafeActionClient({
     server_function_name: name,
     server_function_input: clientInput,
     server_function_duration_ms: duration.toFixed(3),
+    request_url: requestObservabilityContext.request_url,
+    request_path: requestObservabilityContext.request_path,
+    team_slug: flattenClientInputValue(clientInput, 'teamSlug'),
     team_id: flattenClientInputValue(clientInput, 'teamId'),
     template_id: flattenClientInputValue(clientInput, 'templateId'),
     sandbox_id: flattenClientInputValue(clientInput, 'sandboxId'),
@@ -137,6 +154,9 @@ export const actionClient = createSafeActionClient({
   if (baseLogPayload.team_id) {
     s.setAttribute('team_id', baseLogPayload.team_id)
   }
+  if (baseLogPayload.team_slug) {
+    s.setAttribute('team_slug', baseLogPayload.team_slug)
+  }
   if (baseLogPayload.template_id) {
     s.setAttribute('template_id', baseLogPayload.template_id)
   }

src/core/server/adapters/errors.ts

@@ -119,10 +119,6 @@ function logObfuscatedRepoError(
   error: RepoError
 ) {
   const publicMessage = getPublicRepoErrorMessage(error)
-  if (publicMessage === error.message) {
-    return
-  }
-
   const observedMessage = getObservedErrorMessage(error)
   const span = trace.getActiveSpan()
 
@@ -134,9 +130,12 @@ function logObfuscatedRepoError(
 
   const payload = {
     key: `transport:${transport}:repo_error`,
+    transport,
     repo_error_code: error.code,
     repo_error_status: error.status,
     public_message: publicMessage,
+    observed_message: observedMessage,
+    was_obfuscated: publicMessage !== error.message,
     error: serializeErrorForLog(error),
   }