disclosure-bureau/web/app/api/admin/throw/route.ts

/**
 * /api/debug/throw — admin-only error injector. Throws on demand so we can
 * verify Glitchtip is receiving events. Gated by /api/admin/* middleware (404
 * for non-admins).
 *
 * Move the path under /api/admin/* so the W0-F1 middleware gate applies.
 */
import { withRequest } from "@/lib/logger";

export const runtime = "nodejs";

export async function GET(request: Request) {
  const log = withRequest(request);
  log.warn({ event: "debug_throw" }, "intentional error for Glitchtip smoke test");
  throw new Error("debug_throw_smoke_test: glitchtip wiring verified at " + new Date().toISOString());
}
W0+W1+W1.2: security hardening, observability, autocomplete, glitchtip, forgejo CI W0 — security hardening (5 fixes verified live on disclosure.top) - middleware: gate /api/admin/* same as /admin/* (F1) - imgproxy: tighten LOCAL_FILESYSTEM_ROOT from / to /var/lib/storage (F2) - studio: real basic-auth label (bcrypt hash, middleware reference) (F3) - relations: ENABLE ROW LEVEL SECURITY + public SELECT policy (F4) - migration 0003: fold is_searchable + hybrid_search update into canonical (TD#2) W1 — observability + resilience + autocomplete - studio: HOSTNAME=0.0.0.0 so Next.js binds on loopback for healthcheck - compose: PG_POOL_MAX=20, CLAUDE_CODE_OAUTH_TOKEN gated by separate env - claude-code.ts: subprocess timeout configurable (CLAUDE_CODE_TIMEOUT_MS) - openrouter.ts: retry with exponential backoff + Retry-After + in-memory circuit breaker (promotes FALLBACK after CB_THRESHOLD failures) - lib/logger.ts: pino logger (NDJSON prod / pretty dev) + withRequest helper - middleware: mints correlation_id, stamps x-correlation-id response header, emits structured http_request log per /api/* call - messages/route.ts: switch to structured logger - 60_meili_index.py: push documents + chunks into Meilisearch - /api/search/autocomplete: parallel meili search (docs + chunks), 5-8ms p50 - search-autocomplete.tsx: debounced dropdown wired into search-panel W1.2 — Glitchtip + Forgejo self-hosted - compose: glitchtip-redis + glitchtip-web + glitchtip-worker (v4.2) - compose: forgejo + forgejo-runner (server v9, runner v6) with group_add=988 - @sentry/nextjs SDK wired (instrumentation.ts + sentry.{client,server}.config.ts) - /api/admin/throw smoke endpoint (gated by W0-F1 middleware) - Synthetic event ingestion verified at glitchtip.disclosure.top - forgejo.disclosure.top up, repo discadmin/disclosure-bureau created, runner registered (labels: ubuntu-latest, docker) - .forgejo/workflows/ci.yml: typecheck + lint + build + npm audit + python syntax + compose validation Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-23 21:18:42 +00:00			`/**`
			`* /api/debug/throw — admin-only error injector. Throws on demand so we can`
			`* verify Glitchtip is receiving events. Gated by /api/admin/* middleware (404`
			`* for non-admins).`
			`*`
			`* Move the path under /api/admin/* so the W0-F1 middleware gate applies.`
			`*/`
			`import { withRequest } from "@/lib/logger";`

			`export const runtime = "nodejs";`

			`export async function GET(request: Request) {`
			`const log = withRequest(request);`
			`log.warn({ event: "debug_throw" }, "intentional error for Glitchtip smoke test");`
			`throw new Error("debug_throw_smoke_test: glitchtip wiring verified at " + new Date().toISOString());`
			`}`