WXYC · jakebromberg · Mar 10, 2026 · Feb 26, 2026
diff --git a/.github/actions/deploy-service/action.yml b/.github/actions/deploy-service/action.yml
@@ -71,7 +71,7 @@ runs:
           docker ps -a --filter "publish=$PUBLISH_PORT" --format "{{.ID}}" | xargs -r docker rm 
 
           echo "Starting new Docker container..."
-          docker run -d --name $TARGET_APP -p $PUBLISH_PORT:8080 --restart unless-stopped --env-file .env ${{ inputs.aws_ecr_uri }}/$TARGET_APP:$DEPLOY_TAG
+          docker run -d --name $TARGET_APP -p $PUBLISH_PORT:8080 --restart unless-stopped --env-file .env -e SENTRY_RELEASE=$TARGET_APP@$DEPLOY_TAG ${{ inputs.aws_ecr_uri }}/$TARGET_APP:$DEPLOY_TAG
 
           echo "Cleaning up old Docker images..."
           docker images --format '{{.Repository}} {{.Tag}}' | \

diff --git a/apps/auth/app.ts b/apps/auth/app.ts
@@ -1,11 +1,14 @@
 // Auth service using Express
+import './instrument.js';
+import * as Sentry from '@sentry/node';
 import { config } from 'dotenv';
 const dotenvResult = config();
 
 import { auth } from '@wxyc/authentication';
 import { toNodeHandler } from 'better-auth/node';
 import cors from 'cors';
 import express from 'express';
+import type { Request, Response, NextFunction } from 'express';
 
 const port = process.env.AUTH_PORT || '8080';
 
@@ -51,7 +54,7 @@
      }

      const userId = userResult[0].id;
      const tokenPrefix = `${type}:`;
      const result = await db
        .select()
        .from(verification)
@@ -60,7 +63,7 @@
        .limit(1);

      if (result.length === 0) {
        return res.status(404).json({ error: `No ${type} token found for this user` });
      }

      // Extract the actual token from the identifier (e.g., "reset-password:abc123" -> "abc123")
@@ -81,7 +84,7 @@
  // Expire a user's session for testing session timeout
  app.post('/auth/test/expire-session', async (req, res) => {
    try {
      const { userId } = req.body;
      if (!userId || typeof userId !== 'string') {
        return res.status(400).json({ error: 'userId is required in request body' });
      }
@@ -119,7 +122,7 @@
    const response = await fetch(`${authServiceUrl}/auth/ok`);

    // Forward the status and body from the /auth/ok response
    const data = await response.json(); // Assuming /auth/ok returns JSON
    res.status(response.status).json(data);
  } catch (error) {
    console.error('Error proxying /healthcheck to /auth/ok:', error);
@@ -128,6 +131,14 @@
   }
 });
 
+Sentry.setupExpressErrorHandler(app);
+
+// Fallback error handler
+app.use((err: any, req: Request, res: Response, next: NextFunction) => {
+  const message = err instanceof Error ? err.message : String(err);
+  res.status(500).json({ error: message });
+});
+
 // Create default user if needed
 const createDefaultUser = async () => {
   if (process.env.CREATE_DEFAULT_USER !== 'TRUE') return;
@@ -201,7 +212,7 @@
        },
      });

      organizationId = newOrganization.id;
    }

    if (!organizationId) {

diff --git a/apps/auth/instrument.ts b/apps/auth/instrument.ts
@@ -0,0 +1,8 @@
+import * as Sentry from '@sentry/node';
+
+Sentry.init({
+  dsn: process.env.SENTRY_DSN,
+  release: process.env.SENTRY_RELEASE,
+  environment: process.env.NODE_ENV || 'development',
+  tracesSampleRate: 1.0,
+});
diff --git a/apps/auth/package.json b/apps/auth/package.json
@@ -16,8 +16,9 @@
   "author": "Jackson Meade",
   "license": "MIT",
   "dependencies": {
-    "@wxyc/database": "^1.0.0",
+    "@sentry/node": "^10.40.0",
     "@wxyc/authentication": "^1.0.0",
+    "@wxyc/database": "^1.0.0",
     "better-auth": "^1.3.23",
     "cors": "^2.8.5",
     "dotenv": "^17.2.1",

diff --git a/apps/auth/tsup.config.ts b/apps/auth/tsup.config.ts
@@ -8,7 +8,7 @@ export default defineConfig((options) => ({
   target: 'node20',
   clean: true,
   sourcemap: true,
-  external: ['@wxyc/database', 'better-auth', 'drizzle-orm', 'express', 'cors', 'postgres'],
+  external: ['@wxyc/database', 'better-auth', 'drizzle-orm', 'express', 'cors', 'postgres', '@sentry/node'],
   env: {
     NODE_ENV: process.env.NODE_ENV || 'development',
   },

diff --git a/apps/backend/app.ts b/apps/backend/app.ts
@@ -1,3 +1,5 @@
+import './instrument.js';
+import * as Sentry from '@sentry/node';
 import express from 'express';
 import cors from 'cors';
 import swaggerUi from 'swagger-ui-express';
@@ -13,6 +15,7 @@ import { request_line_route } from './routes/requestLine.route.js';
 import { showMemberMiddleware } from './middleware/checkShowMember.js';
 import { activeShow } from './middleware/checkActiveShow.js';
 import errorHandler from './middleware/errorHandler.js';
+import { requestIdMiddleware } from './middleware/requestId.js';
 import { requirePermissions } from '@wxyc/authentication';
 
 const port = process.env.PORT || 8080;
@@ -23,12 +26,16 @@ app.set('trust proxy', true);
 //Interpret parse json into js objects
 app.use(express.json());
 
+// Cross-service request correlation
+app.use(requestIdMiddleware);
+
 //CORS
 app.use(
   cors({
     origin: process.env.FRONTEND_SOURCE || '*',
     methods: ['GET', 'POST', 'DELETE', 'PATCH'],
-    allowedHeaders: ['Content-Type', 'Authorization'],
+    allowedHeaders: ['Content-Type', 'Authorization', 'X-Request-Id'],
+    exposedHeaders: ['X-Request-Id'],
     credentials: true,
   })
 );
@@ -69,6 +76,7 @@ app.get('/healthcheck', async (req, res) => {
   res.json({ message: 'Healthy!' });
 });
 
+Sentry.setupExpressErrorHandler(app);
 app.use(errorHandler);
 
 const server = app.listen(port, () => {

diff --git a/apps/backend/instrument.ts b/apps/backend/instrument.ts
@@ -0,0 +1,8 @@
+import * as Sentry from '@sentry/node';
+
+Sentry.init({
+  dsn: process.env.SENTRY_DSN,
+  release: process.env.SENTRY_RELEASE,
+  environment: process.env.NODE_ENV || 'development',
+  tracesSampleRate: 1.0,
+});
diff --git a/apps/backend/middleware/requestId.ts b/apps/backend/middleware/requestId.ts
@@ -0,0 +1,11 @@
+import * as Sentry from '@sentry/node';
+import type { Request, Response, NextFunction } from 'express';
+
+export function requestIdMiddleware(req: Request, res: Response, next: NextFunction) {
+  const requestId = req.get('X-Request-Id') || crypto.randomUUID();
+
+  res.setHeader('X-Request-Id', requestId);
+  Sentry.getCurrentScope().setTag('request_id', requestId);
+
+  next();
+}
diff --git a/apps/backend/package.json b/apps/backend/package.json
@@ -16,6 +16,7 @@
   "author": "AyBruno",
   "license": "MIT",
   "dependencies": {
+    "@sentry/node": "^10.40.0",
     "@wxyc/authentication": "*",
     "@wxyc/database": "*",
     "async-mutex": "^0.5.0",

diff --git a/apps/backend/tsup.config.ts b/apps/backend/tsup.config.ts
@@ -11,6 +11,8 @@ export default defineConfig((options) => ({
   format: ['esm'],
   outDir: 'dist',
   clean: true,
+  sourcemap: true,
+  external: ['@sentry/node'],
   onSuccess: options.watch ? 'node ./dist/app.js' : undefined,
   minify: !options.watch,