feat(monitoring): replace webhook alert with Sentry error tracking via HTTP store API

Author: fullstackjam

src/app.d.ts

@@ -15,8 +15,8 @@ declare global {
 				GOOGLE_CLIENT_SECRET: string;
 				JWT_SECRET: string;
 				APP_URL: string;
-				/** Optional. Webhook URL for health alerts (Discord/Slack/etc). */
-				ALERT_WEBHOOK_URL?: string;
+				/** Optional. Sentry DSN for error alerting. */
+				SENTRY_DSN?: string;
 			};
 		}
 		// Cloudflare Workers Cron Trigger handler signature.

src/hooks.server.ts

@@ -1,5 +1,44 @@
-import type { Handle } from '@sveltejs/kit';
+import type { Handle, HandleServerError } from '@sveltejs/kit';
 import { runHealthChecks } from '$lib/server/monitor';
+
+// Parse DSN into the store endpoint and auth header Sentry expects.
+// DSN format: https://<key>@<host>/<project_id>
+function parseDsn(dsn: string): { url: string; key: string } | null {
+	try {
+		const u = new URL(dsn);
+		const key = u.username;
+		const projectId = u.pathname.replace('/', '');
+		const host = u.host;
+		return { url: `https://${host}/api/${projectId}/store/`, key };
+	} catch {
+		return null;
+	}
+}
+
+async function captureToSentry(
+	dsn: string,
+	payload: { message?: string; exception?: unknown; level: string; request?: unknown }
+): Promise<void> {
+	const parsed = parseDsn(dsn);
+	if (!parsed) return;
+	const event = {
+		timestamp: new Date().toISOString(),
+		platform: 'javascript',
+		level: payload.level,
+		...(payload.message ? { message: payload.message } : {}),
+		...(payload.exception ? { exception: payload.exception } : {}),
+		...(payload.request ? { request: payload.request } : {}),
+	};
+	await fetch(parsed.url, {
+		method: 'POST',
+		headers: {
+			'Content-Type': 'application/json',
+			'X-Sentry-Auth': `Sentry sentry_version=7, sentry_key=${parsed.key}, sentry_client=openboot/1.0`,
+		},
+		body: JSON.stringify(event),
+		signal: AbortSignal.timeout(5_000),
+	}).catch(() => {}); // fire-and-forget, never block the response
+}
 import { RESERVED_ALIASES } from '$lib/server/validation';
 import { getConfigForHookAlias, getConfigForInstall, getConfigForHookSlug } from '$lib/server/db';
 import { serveInstallByAlias, serveInstallBySlug } from '$lib/server/alias';
@@ -49,6 +88,19 @@ function isVersionOlderThan(version: string, minVersion: string): boolean {
 	return aMaj < bMaj || (aMaj === bMaj && (aMin < bMin || (aMin === bMin && aPat < bPat)));
 }
 
+export const handleError: HandleServerError = async ({ error, event }) => {
+	const dsn = event.platform?.env?.SENTRY_DSN;
+	if (dsn) {
+		await captureToSentry(dsn, {
+			level: 'error',
+			exception: {
+				values: [{ type: 'Error', value: error instanceof Error ? error.message : String(error) }],
+			},
+			request: { url: event.url.href, method: event.request.method },
+		});
+	}
+};
+
 export const handle: Handle = async ({ event, resolve }) => {
 	const path = event.url.pathname;
 
@@ -106,6 +158,16 @@ export const handle: Handle = async ({ event, resolve }) => {
 	}
 
 	const response = await resolve(event);
+
+	const dsn = event.platform?.env?.SENTRY_DSN;
+	if (response.status >= 500 && dsn) {
+		await captureToSentry(dsn, {
+			level: 'error',
+			message: `HTTP ${response.status} ${event.request.method} ${event.url.pathname}`,
+			request: { url: event.url.href, method: event.request.method },
+		});
+	}
+
 	const securedResponse = withSecurityHeaders(response);
 
 	// Version negotiation: if CLI sends X-OpenBoot-Version, check compatibility.
@@ -140,9 +202,21 @@ export const handle: Handle = async ({ event, resolve }) => {
 // Cloudflare Workers Cron Trigger — runs on the schedule defined in wrangler.toml.
 // Checks critical production signals and sends an alert to ALERT_WEBHOOK_URL if any fail.
 export const scheduled: App.Scheduled = async ({ platform }) => {
-	await runHealthChecks({
-		APP_URL: platform?.env?.APP_URL ?? 'https://openboot.dev',
-		ALERT_WEBHOOK_URL: platform?.env?.ALERT_WEBHOOK_URL,
-	});
+	const dsn = platform?.env?.SENTRY_DSN;
+	try {
+		await runHealthChecks({
+			APP_URL: platform?.env?.APP_URL ?? 'https://openboot.dev',
+		});
+	} catch (err) {
+		console.error('[monitor] cron failed:', err);
+		if (dsn) {
+			await captureToSentry(dsn, {
+				level: 'error',
+				exception: {
+					values: [{ type: 'HealthCheckError', value: err instanceof Error ? err.message : String(err) }],
+				},
+			});
+		}
+	}
 };
 

src/lib/server/monitor.ts

@@ -1,13 +1,12 @@
 /**
  * Production health monitoring for Cloudflare Workers cron trigger.
  *
- * Checks three critical signals on every run:
+ * Checks two critical signals on every run:
  *   1. /api/packages returns a non-empty array
- *   2. /api/health returns status "healthy"
- *   3. DB is reachable (via health endpoint)
+ *   2. /api/health returns status "healthy" (DB reachable)
  *
- * If any check fails, posts a JSON alert to ALERT_WEBHOOK_URL (if set).
- * Works with Discord, Slack, PagerDuty, or any webhook receiver.
+ * Results are logged to Workers dashboard. Runtime errors are captured
+ * via Sentry (configured in hooks.server.ts).
  */
 
 interface CheckResult {
@@ -18,7 +17,6 @@ interface CheckResult {
 
 interface MonitorEnv {
 	APP_URL: string;
-	ALERT_WEBHOOK_URL?: string;
 }
 
 async function checkPackages(appUrl: string): Promise<CheckResult> {
@@ -57,42 +55,21 @@ async function checkHealth(appUrl: string): Promise<CheckResult> {
 	}
 }
 
-async function sendAlert(webhookUrl: string, failures: CheckResult[]): Promise<void> {
-	const lines = failures.map((f) => `• **${f.name}**: ${f.detail}`).join('\n');
-	const payload = {
-		// Discord-compatible format; Slack ignores unknown fields
-		content: `🚨 **openboot.dev health alert** — ${failures.length} check(s) failed:\n${lines}`,
-		// Slack-compatible fallback
-		text: `openboot.dev health alert — ${failures.length} check(s) failed:\n${failures.map((f) => `• ${f.name}: ${f.detail}`).join('\n')}`,
-	};
-	await fetch(webhookUrl, {
-		method: 'POST',
-		headers: { 'Content-Type': 'application/json' },
-		body: JSON.stringify(payload),
-		signal: AbortSignal.timeout(10_000),
-	});
-}
-
 export async function runHealthChecks(env: MonitorEnv): Promise<void> {
 	const appUrl = env.APP_URL ?? 'https://openboot.dev';
 
 	const results = await Promise.all([checkPackages(appUrl), checkHealth(appUrl)]);
 
-	const failures = results.filter((r) => !r.ok);
-
-	if (failures.length > 0 && env.ALERT_WEBHOOK_URL) {
-		await sendAlert(env.ALERT_WEBHOOK_URL, failures);
-	}
-
-	// Always log — visible in Workers dashboard → Logs
 	for (const r of results) {
 		const icon = r.ok ? '✓' : '✗';
 		console.log(`[monitor] ${icon} ${r.name}: ${r.detail}`);
 	}
 
+	const failures = results.filter((r) => !r.ok);
 	if (failures.length > 0) {
-		// Non-fatal: don't throw, just log. Workers cron retries on exceptions
-		// which could flood alerts. Log and return instead.
-		console.error(`[monitor] ${failures.length} check(s) failed`);
+		// Throw so Sentry (via handleError / uncaught exception) captures the alert.
+		throw new Error(
+			`Health check failed: ${failures.map((f) => `${f.name}=${f.detail}`).join(', ')}`
+		);
 	}
 }