Observability
This document describes observability behavior that exists in the current implementation.
Request Correlation
Inbound
correlationMiddleware in apps/api/src/middleware/correlation.ts:
- reads incoming
x-correlation-idif present, - otherwise generates id via
generateCorrelationId()(req_<hex>), - stores it in request context,
- emits
X-Correlation-Idin response.
Error propagation
requestId in API error responses maps to the correlation id.
Structured Logging
Shared logger is in packages/observability/src/logger.ts.
Features:
- Pino JSON logs
- level from
LOG_LEVEL - ISO timestamps
- centralized redaction of common PII paths
Redacted examples include:
email,mobilereq.headers.authorization- nested user/customer email/mobile fields
Sentry Integration
Sentry is initialized in apps/api/src/index.ts through initSentry(...).
Behavior:
- disabled when DSN is absent,
- environment-aware trace sampling,
beforeSendstrips user-level PII fields.
Error Normalization
Global error handling in apps/api/src/middleware/error-handler.ts maps known exceptions to standard shape:
{
"code": "...",
"message": "...",
"requestId": "req_..."
}
Validation errors include flattened issues details.
Unhandled errors are logged and returned as INTERNAL_ERROR.
Operational Signals to Track
Recommended top-level views:
- route-level 4xx/5xx rates,
- webhook processing failures,
- poll cron failures and per-connection errors,
- auth/profile failure rates by status code,
- admin action audit volume.
Production Practices
- Set
LOG_LEVEL=infoin production. - Set
SENTRY_DSNfor server error capture. - Preserve
X-Correlation-Idfrom clients and proxies. - Never log decrypted tokens or raw secrets.
Related Docs
Written byDhruv Doshi