disclosure-bureau/web/sentry.server.config.ts

/**
 * Sentry (Glitchtip-compatible) server-side init.
 *
 * DSN must point to Glitchtip — we never send to sentry.io. See
 * SENTRY_DSN / NEXT_PUBLIC_SENTRY_DSN in docker-compose.yml. If unset, the SDK
 * is loaded but no events ship — safe for local dev.
 */
import * as Sentry from "@sentry/nextjs";

const dsn = process.env.SENTRY_DSN || process.env.NEXT_PUBLIC_SENTRY_DSN;
if (dsn) {
  Sentry.init({
    dsn,
    environment: process.env.NODE_ENV || "development",
    release: process.env.SENTRY_RELEASE,
    tracesSampleRate: 0,  // Glitchtip community doesn't support performance traces
    sendDefaultPii: false,
    // Make sure events land on Glitchtip's tunnel-friendly DSN host, not
    // sentry.io. The SDK already infers from DSN; this is just defensive.
  });
}
W0+W1+W1.2: security hardening, observability, autocomplete, glitchtip, forgejo CI W0 — security hardening (5 fixes verified live on disclosure.top) - middleware: gate /api/admin/* same as /admin/* (F1) - imgproxy: tighten LOCAL_FILESYSTEM_ROOT from / to /var/lib/storage (F2) - studio: real basic-auth label (bcrypt hash, middleware reference) (F3) - relations: ENABLE ROW LEVEL SECURITY + public SELECT policy (F4) - migration 0003: fold is_searchable + hybrid_search update into canonical (TD#2) W1 — observability + resilience + autocomplete - studio: HOSTNAME=0.0.0.0 so Next.js binds on loopback for healthcheck - compose: PG_POOL_MAX=20, CLAUDE_CODE_OAUTH_TOKEN gated by separate env - claude-code.ts: subprocess timeout configurable (CLAUDE_CODE_TIMEOUT_MS) - openrouter.ts: retry with exponential backoff + Retry-After + in-memory circuit breaker (promotes FALLBACK after CB_THRESHOLD failures) - lib/logger.ts: pino logger (NDJSON prod / pretty dev) + withRequest helper - middleware: mints correlation_id, stamps x-correlation-id response header, emits structured http_request log per /api/* call - messages/route.ts: switch to structured logger - 60_meili_index.py: push documents + chunks into Meilisearch - /api/search/autocomplete: parallel meili search (docs + chunks), 5-8ms p50 - search-autocomplete.tsx: debounced dropdown wired into search-panel W1.2 — Glitchtip + Forgejo self-hosted - compose: glitchtip-redis + glitchtip-web + glitchtip-worker (v4.2) - compose: forgejo + forgejo-runner (server v9, runner v6) with group_add=988 - @sentry/nextjs SDK wired (instrumentation.ts + sentry.{client,server}.config.ts) - /api/admin/throw smoke endpoint (gated by W0-F1 middleware) - Synthetic event ingestion verified at glitchtip.disclosure.top - forgejo.disclosure.top up, repo discadmin/disclosure-bureau created, runner registered (labels: ubuntu-latest, docker) - .forgejo/workflows/ci.yml: typecheck + lint + build + npm audit + python syntax + compose validation Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-05-23 21:18:42 +00:00			`/**`
			`* Sentry (Glitchtip-compatible) server-side init.`
			`*`
			`* DSN must point to Glitchtip — we never send to sentry.io. See`
			`* SENTRY_DSN / NEXT_PUBLIC_SENTRY_DSN in docker-compose.yml. If unset, the SDK`
			`* is loaded but no events ship — safe for local dev.`
			`*/`
			`import * as Sentry from "@sentry/nextjs";`

			`const dsn = process.env.SENTRY_DSN \|\| process.env.NEXT_PUBLIC_SENTRY_DSN;`
			`if (dsn) {`
			`Sentry.init({`
			`dsn,`
			`environment: process.env.NODE_ENV \|\| "development",`
			`release: process.env.SENTRY_RELEASE,`
			`tracesSampleRate: 0, // Glitchtip community doesn't support performance traces`
			`sendDefaultPii: false,`
			`// Make sure events land on Glitchtip's tunnel-friendly DSN host, not`
			`// sentry.io. The SDK already infers from DSN; this is just defensive.`
			`});`
			`}`