Description of the new feature / enhancement
MXC currently installs no global std::panic::set_hook in either wxc (src/core/wxc/src/main.rs) or lxc (src/core/lxc/src/main.rs). If MXC itself panics — an actual MXC defect, the truest "crash" — no telemetry is emitted, so these failures are invisible. The existing MXC.Error event only fires on instrumented one-shot completion/early-exit paths, never on a panic.
Add a global panic hook that, when telemetry is active, emits a single MXC.Error event before the process unwinds/aborts, so crashes become observable.
Proposed technical implementation details
- Install a
std::panic::set_hook in both wxc and lxc main, right after telemetry init (src/core/wxc/src/main.rs ~line 702; src/core/lxc/src/main.rs ~line 211).
- Emit via a new helper in
src/core/wxc_common/src/telemetry/mod.rs (alongside emit_completion/emit_early_exit). Consider a dedicated FailureReason such as InternalError (the enum lives in events.rs).
- Data minimization: do NOT emit the panic message text (may contain paths/PII per our existing policy). Emit only the bounded category (+ optionally backend).
- Constraint: emission only works if telemetry was already initialized (provider registered). Default panic strategy is
unwind, so the hook runs and existing Drop/ParkedDaclGuard cleanup still executes.
- Known limitation to document: failures before telemetry init (base64 decode, JSON parse,
load_request) fundamentally cannot emit telemetry because the experimental.telemetry.enabled flag is only known after config parse.
Deferred from PR #493.
Description of the new feature / enhancement
MXC currently installs no global
std::panic::set_hookin eitherwxc(src/core/wxc/src/main.rs) orlxc(src/core/lxc/src/main.rs). If MXC itself panics — an actual MXC defect, the truest "crash" — no telemetry is emitted, so these failures are invisible. The existingMXC.Errorevent only fires on instrumented one-shot completion/early-exit paths, never on a panic.Add a global panic hook that, when telemetry is active, emits a single
MXC.Errorevent before the process unwinds/aborts, so crashes become observable.Proposed technical implementation details
std::panic::set_hookin bothwxcandlxcmain, right after telemetry init (src/core/wxc/src/main.rs~line 702;src/core/lxc/src/main.rs~line 211).src/core/wxc_common/src/telemetry/mod.rs(alongsideemit_completion/emit_early_exit). Consider a dedicatedFailureReasonsuch asInternalError(the enum lives inevents.rs).unwind, so the hook runs and existingDrop/ParkedDaclGuardcleanup still executes.load_request) fundamentally cannot emit telemetry because theexperimental.telemetry.enabledflag is only known after config parse.Deferred from PR #493.