Part of #975. Related: #982 (self-host dashboard / observability), #983 (convergence & migration).
Context
Add Sentry (errors + performance + distributed tracing) as an optional, per-deployment observability layer for the converged gittensory app. It plugs straight into the per-deployment-config model: an optional SENTRY_DSN binding — the hosted service uses gittensory's DSN; self-hosters supply their own; unset = Sentry is fully off (zero-config). Uses @sentry/cloudflare (Workers-native); Sentry's OSS / sponsored plan covers the hosted side.
It complements the existing Cloudflare observability + audit/usage telemetry by adding error grouping & alerting, distributed tracing of the review pipeline (webhook → queue → dual-AI → gate → post), release health, and — critically — per-installation error/perf slicing, which closes the "no per-tenant observability" gap.
Deliverables (tracked as sub-issues)
Acceptance criteria
- With no
SENTRY_DSN, Sentry is fully inert — zero behaviour change and zero added latency.
- With a DSN, errors + traces flow, grouped and sliceable per installation.
- No PR content, rubric, guardrail paths, tokens, BYOK keys, or wallet/reward/scoring context ever leaves in a Sentry event (verified by tests).
- Self-hosters enable their own Sentry with one env var; docs cover it.
Notes
- Add the thin seam during convergence so it instruments the CONVERGED engine, but keep it dormant/optional until the converged stack is stable. Not a convergence blocker — a quality layer on top.
- Privacy scrubbing reuses the existing redaction discipline (the public-comment redactors /
sanitizePublicComment) so it stays in sync with the comment surface.
Current hardening child issues
Suggested first focus: #1732, because REES currently fails open by design and analyzer degradation can otherwise stay invisible.
Part of #975. Related: #982 (self-host dashboard / observability), #983 (convergence & migration).
Context
Add Sentry (errors + performance + distributed tracing) as an optional, per-deployment observability layer for the converged gittensory app. It plugs straight into the per-deployment-config model: an optional
SENTRY_DSNbinding — the hosted service uses gittensory's DSN; self-hosters supply their own; unset = Sentry is fully off (zero-config). Uses@sentry/cloudflare(Workers-native); Sentry's OSS / sponsored plan covers the hosted side.It complements the existing Cloudflare observability + audit/usage telemetry by adding error grouping & alerting, distributed tracing of the review pipeline (webhook → queue → dual-AI → gate → post), release health, and — critically — per-installation error/perf slicing, which closes the "no per-tenant observability" gap.
Deliverables (tracked as sub-issues)
beforeSend) — non-negotiable redactionAcceptance criteria
SENTRY_DSN, Sentry is fully inert — zero behaviour change and zero added latency.Notes
sanitizePublicComment) so it stays in sync with the comment surface.Current hardening child issues
Suggested first focus: #1732, because REES currently fails open by design and analyzer degradation can otherwise stay invisible.