dispatch-rails 0.7.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 300eb860cc2bb5f7dff2322818cc6bd552507695c71c84c9be81ccbd6e34a3fd
-  data.tar.gz: 4070748d3d36256a456e9eb960d36c47418ec55f699e0984a9fd49c4d67b501f
+  metadata.gz: 797a73d62a39b0ab3640364d8ef71186b61f3233da2788f7733b72c85e77cc75
+  data.tar.gz: 235fa20b827e25a6f0537e20d3cdd51221c0bebbed18013046901c9bdabf51ed
 SHA512:
-  metadata.gz: 1dcbd3e9a81c078086e62e5e50bca81679832a2dff5e5fd1fe5b4a82bc052e445adb83dbc8e1f7c22b8699e94d6a7d5a6d843d2ae7f974a97cabf682289d767d
-  data.tar.gz: 21765b8506a454e84d225b8d932ce6a15dc2cddd948d8247cddae59908cfe1499139f607a90892e1dffa247a299f156b3c09e1100a73efeb2ae8243af9a7a133
+  metadata.gz: f3cbf75d09473580ec5f66ffaaf7d7623631c1a453bbe9b67b86e091e4fbcb56cd7da1ea141080b6375b714802915c00c4fd9f64d7c649bb2de7e6d6b46d1c0b
+  data.tar.gz: f24f36ca5d2769053faa65cb5b77da6e09a28aea5b4e3166bcbb64e2473729cd9b54df4d6936572fe3ecb41937cb5e43e32f0b9de24f2c27b1879532da0232de

data/README.md

@@ -98,6 +98,40 @@ c.capture_at_exit  = true  # default; set false to skip the crash-at-exit report
 c.shutdown_timeout = 3     # seconds to wait for the send queue to drain at exit; 0 skips
 ```
 
+### SolidQueue infrastructure failures
+
+Errors raised **inside** a job's `perform` are reported automatically (ActiveJob
+sends them through `Rails.error`, which the SDK subscribes to). But SolidQueue's
+own *infrastructure* failures never touch that path — SolidQueue writes them
+straight into its own tables, so they don't reach `Rails.error` and stay
+invisible in the dashboard. The classic case: a container runs out of memory,
+Heroku SIGKILLs the worker, and the supervisor later prunes the dead process and
+force-fails the jobs it had claimed with `SolidQueue::Processes::ProcessPrunedError`
+— a failure you'd only find by opening the queue.
+
+When SolidQueue is present, the SDK subscribes to its `ActiveSupport::Notifications`
+and turns these into first-class events (all tagged `source: solid_queue`):
+
+- **Lost jobs** (`fail_many_claimed`) — claimed jobs force-failed because their
+  worker died (pruned after a missed heartbeat, or orphaned by a dead process).
+  Reported as `Dispatch::Rails::SolidQueueJobsLost` with `tags.jobs_lost`,
+  `tags.process_ids`, and `tags.job_ids`. **This is the OOM-restart case.**
+- **Thread crashes** (`thread_error`) — an exception that escaped a SolidQueue
+  thread (supervisor/dispatcher/worker/scheduler), reported with its real class
+  and backtrace. Captured even if your app overrides `SolidQueue.on_thread_error`
+  away from the default `Rails.error.report` (deduped against it when it isn't).
+- **Recurring-enqueue misses** (`enqueue_recurring_task`) — a cron task that
+  failed to enqueue, as `Dispatch::Rails::SolidQueueEnqueueError`.
+
+```ruby
+c.capture_solid_queue = true  # default; no-op unless SolidQueue is running
+```
+
+It only does anything when SolidQueue is actually running, so apps that don't use
+it pay nothing. Memory pressure itself (Heroku R14/R15) is a platform signal, not
+an app exception — pair this with a Heroku memory alert to catch the root cause,
+not just the orphaned jobs.
+
 ### Traffic heartbeats (confound signal)
 
 On by default in enabled environments, the SDK ships lightweight per-`transaction`
@@ -128,6 +162,28 @@ quote. With `c.annotate_error_body = true`, the same fields (`dispatch_request_i
 they sit beside `type`/`title`/`detail`). The middleware never changes status codes
 and passes through anything it can't safely parse.
 
+### Browser CSP & Reporting API
+
+CSP violations and other browser-native reports (NEL, deprecation, intervention)
+never reach `window.onerror`, so the SDK captures them two ways — pick **one** for
+CSP, or a violation reported through both is counted twice. Both are opt-in.
+
+```ruby
+# 1. Client-side: the JS error tracker also listens for SecurityPolicyViolationEvents.
+#    Needs dispatch_error_tracker_tag in your layout (it already loads the tracker).
+c.capture_csp_violations = true
+
+# 2. Server-side: a Rack endpoint accepts the browser's NATIVE report POSTs — point a
+#    CSP report-uri/report-to (or any Reporting-Endpoints group) at the path below and
+#    the browser posts straight to Dispatch. No host controller required.
+c.capture_browser_reports = true
+c.reporting_endpoint_path = "/dispatch/reports"  # default; must be a path no route uses
+```
+
+Option 2 also ingests non-CSP Reporting-API types (deprecation, intervention, NEL).
+Reports flow through `error_sample_rate` and `before_send` like any other event, so
+host-specific noise (browser-extension schemes, autofill) is best filtered there.
+
 ### Curated reports (programmatic / agent)
 
 A consumer (or an AI agent inside your app) turns a failure into a tracked report:

data/app/assets/javascripts/dispatch/error_tracker.js

@@ -106,6 +106,45 @@
     };
   }
 
+  // CSP violations never reach window.onerror — the browser fires a dedicated
+  // SecurityPolicyViolationEvent. We synthesize a single stack frame from the
+  // violation's source location so the dashboard can point at the offending file.
+  function buildCspEvent(e) {
+    var directive = e.effectiveDirective || e.violatedDirective || "policy";
+    var blocked = e.blockedURI || "inline";
+    var frames = (e.sourceFile && e.lineNumber) ? [{
+      function: "?", filename: e.sourceFile, abs_path: e.sourceFile,
+      lineno: parseInt(e.lineNumber, 10) || 0, colno: parseInt(e.columnNumber, 10) || 0,
+      in_app: String(e.sourceFile).indexOf("http") === 0
+    }] : [];
+    return {
+      event_id: uuid(),
+      timestamp: now(),
+      platform: "javascript",
+      // report-only disposition is monitoring, not a live block — keep it quieter.
+      level: e.disposition === "report" ? "info" : "warning",
+      environment: cfg.environment,
+      release: cfg.release,
+      exception: { values: [{
+        type: "SecurityPolicyViolation",
+        value: (directive + " blocked " + blocked).slice(0, 2000),
+        mechanism: { type: "securitypolicyviolation", handled: false },
+        stacktrace: { frames: frames }
+      }] },
+      breadcrumbs: { values: breadcrumbs.slice() },
+      user_path: userPath(),
+      request: { url: e.documentURI || location.href, headers: { "User-Agent": navigator.userAgent } },
+      user: cfg.user || null,
+      tags: Object.assign({
+        csp: "true",
+        blocked_uri: blocked,
+        violated_directive: e.violatedDirective || directive,
+        effective_directive: directive,
+        disposition: e.disposition || "enforce"
+      }, cfg.tags || {})
+    };
+  }
+
   function sampledOut() {
     var rate = cfg.sampleRate == null ? 1 : cfg.sampleRate;
     return Math.random() > rate;
@@ -143,6 +182,21 @@
     send(buildEvent(r.name || "UnhandledRejection", value, r.stack));
   });
 
+  // Opt-in (cfg.captureCsp): a permissive or report-only policy can fire these in
+  // bulk, so we dedupe per page — a violation repeated on every render (e.g. a
+  // blocked image) is reported once. Bounded so a page spraying unique blocked
+  // URIs can't grow the key set without limit.
+  if (cfg.captureCsp) {
+    var seenCsp = {};
+    var seenCspCount = 0;
+    document.addEventListener("securitypolicyviolation", function (e) {
+      var key = [e.effectiveDirective, e.blockedURI, e.sourceFile, e.lineNumber].join("|");
+      if (seenCsp[key]) return;
+      if (seenCspCount < 200) { seenCsp[key] = 1; seenCspCount++; }
+      send(buildCspEvent(e));
+    });
+  }
+
   // Manual capture API: window.Dispatch.captureException(error)
   window.Dispatch = window.Dispatch || {};
   window.Dispatch.captureException = function (err) {

data/app/helpers/dispatch/widget_helper.rb

@@ -35,7 +35,8 @@ module Dispatch
     end
 
     # Render the browser exception tracker (captures uncaught JS errors and
-    # unhandled promise rejections). Place once in your layout's <head>.
+    # unhandled promise rejections — and, when config.capture_csp_violations is on,
+    # SecurityPolicyViolationEvents). Place once in your layout's <head>.
     def dispatch_error_tracker_tag(tags: {})
       config = Dispatch::Rails.configuration
       return nil if config.errors_only? # no browser surface in an API-only app
@@ -55,6 +56,7 @@ module Dispatch
             release: config.release,
             sampleRate: config.error_sample_rate,
             captureClicks: config.capture_clicks,
+            captureCsp: config.capture_csp_violations,
             user: normalized_user,
             tags: tags
           }.to_json

data/lib/dispatch/rails/configuration.rb

@@ -16,8 +16,13 @@ module Dispatch
       # Exception tracking
       attr_accessor :capture_exceptions, :capture_browser_errors, :error_endpoint,
                     :environment, :release, :enabled_environments, :error_sample_rate, :before_send
+      # Browser security/reporting capture (both opt-in; high-volume + noise-prone)
+      attr_accessor :capture_csp_violations, :capture_browser_reports, :reporting_endpoint_path
       # Process lifecycle (crash-at-exit capture, rake failures, shutdown flush)
       attr_accessor :capture_at_exit, :shutdown_timeout
+      # SolidQueue infrastructure failures (pruned/orphaned jobs, thread crashes,
+      # recurring-enqueue misses) that never flow through Rails.error/ActiveJob.
+      attr_accessor :capture_solid_queue
       # Structured error responses (API-only)
       attr_accessor :structured_error_responses, :annotate_error_body, :report_base_url
       # Traffic heartbeats — per-transaction success counts that let the Dispatch
@@ -49,12 +54,29 @@ module Dispatch
         @error_sample_rate = 1.0
         @before_send = nil    # ->(event) { event or nil to drop }
 
+        # Browser security/reporting capture. Both opt-in: a permissive or
+        # report-only CSP can emit these in bulk, and capture_browser_reports also
+        # makes the gem own a URL path. Pick ONE CSP mechanism — the JS
+        # securitypolicyviolation listener (capture_csp_violations) OR the native
+        # report endpoint (capture_browser_reports) — or a violation reported
+        # through both is counted twice.
+        @capture_csp_violations = false   # JS: listen for SecurityPolicyViolationEvent
+        @capture_browser_reports = false  # Server: accept native browser report POSTs
+        @reporting_endpoint_path = "/dispatch/reports"
+
         # Process lifecycle. Report the exception killing the process (a crash
         # during boot, a dying runner) and drain the send queue before exit so
         # deploys/restarts don't drop captured events.
         @capture_at_exit = true
         @shutdown_timeout = 3 # seconds to wait for the queue to drain at exit; 0 skips the flush
 
+        # SolidQueue infrastructure capture. On by default in enabled environments
+        # (no-op unless SolidQueue is actually running, so apps that don't use it
+        # pay nothing). These failures — a worker pruned after a missed heartbeat,
+        # jobs orphaned by a dead process, a recurring task that didn't enqueue —
+        # bypass Rails.error entirely, so without this they never reach Dispatch.
+        @capture_solid_queue = true
+
         # Structured error responses (off by default — opt-in so we never alter a
         # host app's error contract without being asked).
         @structured_error_responses = false
@@ -120,12 +142,27 @@ module Dispatch
         configured? && @capture_exceptions
       end
 
+      # Fast-path guard for ReportingEndpointMiddleware: own the reporting path only
+      # when the host opted in and we have credentials to deliver. Otherwise the
+      # middleware passes the request straight through (no surprise 204s).
+      def browser_reports_enabled?
+        configured? && @capture_browser_reports
+      end
+
       # Heartbeats piggyback on the same gating as error capture, plus their own
       # toggle. Off in non-enabled environments (so dev/test never phone home).
       def traffic_tracking_enabled?
         @capture_traffic && error_tracking_enabled? && environment_enabled?
       end
 
+      # SolidQueue capture shares error capture's gating (credentials + the
+      # capture_exceptions master switch + enabled environments), plus its own
+      # toggle. The subscriber is wired unconditionally at boot and checks this
+      # at event time, so toggling it in an initializer always takes effect.
+      def solid_queue_tracking_enabled?
+        @capture_solid_queue && error_tracking_enabled? && environment_enabled?
+      end
+
       def environment_enabled?
         list = Array(@enabled_environments).map(&:to_s)
         list.empty? || list.include?(effective_environment)

data/lib/dispatch/rails/engine.rb

@@ -31,12 +31,32 @@ module Dispatch
       initializer "dispatch-rails.error_capture" do |app|
         app.config.middleware.use Dispatch::Rails::Middleware
 
+        # Native browser Reporting API endpoint (CSP report-uri/report-to, NEL,
+        # deprecation, …). Mounted unconditionally; owns
+        # config.reporting_endpoint_path only when the host opts in via
+        # config.capture_browser_reports, and passes through otherwise. Sits just
+        # inside the capture middleware so a report POST short-circuits to 204
+        # before the heartbeat/router layers below it.
+        app.config.middleware.use Dispatch::Rails::ReportingEndpointMiddleware
+
         # Catch background/non-request errors (ActiveJob, runners, handle blocks).
         if ::Rails.respond_to?(:error) && ::Rails.error.respond_to?(:subscribe)
           ::Rails.error.subscribe(Dispatch::Rails::ErrorSubscriber.new)
         end
       end
 
+      # SolidQueue infrastructure failures (a worker pruned after a missed
+      # heartbeat, jobs orphaned by a dead process, a recurring task that failed
+      # to enqueue) are recorded straight into SolidQueue's own tables and never
+      # flow through Rails.error/ActiveJob — so the subscriber above never sees
+      # them. Bridge SolidQueue's ActiveSupport::Notifications into capture.
+      # Subscribed unconditionally and idempotently; the subscriber no-ops unless
+      # config.solid_queue_tracking_enabled?, and the events only ever fire when
+      # SolidQueue is actually running.
+      initializer "dispatch-rails.solid_queue" do
+        Dispatch::Rails::SolidQueueSubscriber.install!
+      end
+
       # Per-transaction traffic heartbeats. Mounted unconditionally; the middleware
       # no-ops at request time unless config.traffic_tracking_enabled? (false in
       # dev/test), so it never phones home outside enabled environments.

data/lib/dispatch/rails/reporting_endpoint_middleware.rb

@@ -0,0 +1,172 @@
+require "json"
+
+module Dispatch
+  module Rails
+    # A report the browser delivered through the native Reporting API (deprecation,
+    # intervention, NEL, …) — not a Ruby error and not a JS exception.
+    class BrowserReport < StandardError; end
+    # A Content-Security-Policy violation delivered by the browser's native
+    # report-uri/report-to channel. CSP violations never reach window.onerror, so
+    # nothing surfaces them unless the browser is told to POST a report here.
+    class CspViolation < BrowserReport; end
+
+    # Terminal Rack endpoint for the browser Reporting API. Point a CSP
+    # `report-uri`/`report-to` group (or any Reporting-Endpoints group) at
+    # config.reporting_endpoint_path and the browser POSTs its reports straight
+    # here — no host controller required. Each report becomes a synthetic exception
+    # pushed through Reporter.capture, so it lands as a first-class event with the
+    # usual sampling, before_send, and transport applied.
+    #
+    # Opt-in (config.capture_browser_reports). When disabled — or for any request
+    # that isn't a POST to the configured path — it passes straight through. When
+    # it does handle a request it answers 204 itself and never calls downstream, so
+    # the configured path must be one no host route uses.
+    #
+    # Pick ONE CSP mechanism: this endpoint OR the JS securitypolicyviolation
+    # listener (config.capture_csp_violations). Enabling both, with report-uri
+    # aimed here, double-counts every violation.
+    class ReportingEndpointMiddleware
+      MAX_BODY_BYTES = 64_000
+      MAX_REPORTS    = 50
+
+      def initialize(app)
+        @app = app
+      end
+
+      def call(env)
+        config = Dispatch::Rails.configuration
+        return @app.call(env) unless handles?(config, env)
+
+        # @app.call above is deliberately OUTSIDE any rescue — a normal request's
+        # exceptions must propagate to Rails' exception handling, never be
+        # swallowed here. Only the report-handling path is rescued.
+        handle_report(env)
+      end
+
+      private
+
+      def handle_report(env)
+        capture_reports(env)
+        no_content
+      rescue StandardError => e
+        # A report endpoint must never error the browser's beacon — always 204.
+        warn "[dispatch-rails] reporting endpoint failed: #{e.class}: #{e.message}"
+        no_content
+      end
+
+      # A FRESH Rack triple per call — downstream middleware mutates the array and
+      # headers, so a shared/frozen response would raise or corrupt across requests.
+      def no_content
+        [204, { "Content-Type" => "text/plain" }, []]
+      end
+
+      def handles?(config, env)
+        config.browser_reports_enabled? &&
+          env["REQUEST_METHOD"] == "POST" &&
+          path_match?(config, env["PATH_INFO"])
+      end
+
+      def path_match?(config, path)
+        target = config.reporting_endpoint_path.to_s
+        return false if target.empty?
+
+        path == target || path == "#{target}/"
+      end
+
+      def capture_reports(env)
+        raw = read_body(env)
+        return if raw.empty?
+
+        parse_reports(content_type(env), raw).first(MAX_REPORTS).each do |report|
+          capture_one(report, env)
+        end
+      end
+
+      def capture_one(report, env)
+        type = report[:type].to_s
+        body = report[:body].is_a?(Hash) ? report[:body] : {}
+        csp?(type) ? capture_csp(body, env) : capture_generic(type, body, env)
+      end
+
+      def capture_csp(body, env)
+        fields = csp_fields(body)
+        directive = fields[:effective_directive] || fields[:violated_directive] || "policy"
+        blocked = fields[:blocked_uri] || "inline"
+        Reporter.capture(
+          CspViolation.new("#{directive} blocked #{blocked}"),
+          handled: true, env: env,
+          # report-only disposition is monitoring, not a live block — keep it quieter.
+          level: fields[:disposition].to_s == "report" ? "info" : "warning",
+          context: { tags: { csp: "true", report_type: "csp-violation" }.merge(fields) }
+        )
+      end
+
+      def capture_generic(type, body, env)
+        label = type.empty? ? "unknown" : type
+        Reporter.capture(
+          BrowserReport.new("Browser report: #{label}"),
+          handled: true, env: env, level: "info",
+          context: { tags: { report_type: label }.merge(stringify(body)) }
+        )
+      end
+
+      def csp?(type)
+        type == "csp-violation" || type == "csp"
+      end
+
+      # Normalize the two CSP spellings: report-uri's hyphen-case
+      # (blocked-uri/document-uri) and the Reporting API's camelCase, which also
+      # renamed the *-uri fields to *URL.
+      def csp_fields(body)
+        {
+          blocked_uri:         body["blocked-uri"] || body["blockedURI"] || body["blockedURL"],
+          document_uri:        body["document-uri"] || body["documentURI"] || body["documentURL"],
+          violated_directive:  body["violated-directive"] || body["violatedDirective"],
+          effective_directive: body["effective-directive"] || body["effectiveDirective"],
+          source_file:         body["source-file"] || body["sourceFile"],
+          line_number:         body["line-number"] || body["lineNumber"],
+          column_number:       body["column-number"] || body["columnNumber"],
+          disposition:         body["disposition"]
+        }.compact
+      end
+
+      # Legacy report-uri sends a single { "csp-report": {...} } object; the
+      # Reporting API sends an array of { "type", "body" } under reports+json.
+      def parse_reports(content_type, raw)
+        data = JSON.parse(raw)
+        if content_type.include?("reports+json") || data.is_a?(Array)
+          Array(data).map { |r| { type: r["type"], body: r["body"] } }
+        elsif data.is_a?(Hash) && data.key?("csp-report")
+          [{ type: "csp-violation", body: data["csp-report"] }]
+        elsif data.is_a?(Hash)
+          [{ type: "csp-violation", body: data }]
+        else
+          []
+        end
+      rescue JSON::ParserError
+        []
+      end
+
+      def read_body(env)
+        input = env["rack.input"]
+        return "" unless input
+
+        raw = input.read(MAX_BODY_BYTES).to_s
+        input.rewind if input.respond_to?(:rewind)
+        raw
+      rescue StandardError
+        ""
+      end
+
+      def content_type(env)
+        (env["CONTENT_TYPE"] || env["HTTP_CONTENT_TYPE"]).to_s
+      end
+
+      def stringify(hash)
+        return {} unless hash.is_a?(Hash)
+
+        hash.each_with_object({}) { |(k, v), out| out[k.to_s] = v }
+      end
+    end
+  end
+end

data/lib/dispatch/rails/solid_queue_subscriber.rb

@@ -0,0 +1,168 @@
+require "active_support/notifications"
+
+module Dispatch
+  module Rails
+    # Synthetic exceptions for SolidQueue infrastructure failures that have no
+    # Ruby exception of their own (the real cause is written onto SolidQueue's
+    # own tables, not raised). thread_error reports the genuine exception instead.
+    class SolidQueueError < StandardError; end
+    # A worker process died (pruned after a missed heartbeat, or its process went
+    # missing) and SolidQueue force-failed the jobs it had claimed. This is the
+    # OOM-restart case: Heroku SIGKILLs the dyno, the supervisor later prunes the
+    # dead process and fails its claimed jobs straight into solid_queue_failed_executions.
+    class SolidQueueJobsLost < SolidQueueError; end
+    # A recurring (cron) task could not be enqueued — a silent scheduling miss.
+    class SolidQueueEnqueueError < SolidQueueError; end
+
+    # Bridges SolidQueue's ActiveSupport::Notifications into Dispatch error
+    # capture.
+    #
+    # SolidQueue records its *infrastructure* failures — a worker pruned after a
+    # missed heartbeat, claimed jobs orphaned by a dead process, a recurring task
+    # that failed to enqueue — straight into its own tables. They are NOT raised
+    # through ActiveJob's perform path, so they never reach Rails.error and never
+    # reach the Dispatch::Rails::ErrorSubscriber. The result is an invisible class
+    # of failure: jobs that died are only discoverable by opening the queue.
+    #
+    # This subscriber listens for those events and turns each into a first-class
+    # Dispatch event. Captured events (all gated by config.capture_solid_queue and
+    # the usual environment gating):
+    #
+    #   fail_many_claimed       -> SolidQueueJobsLost (pruned / orphaned / dead-worker jobs)
+    #   thread_error            -> the real exception  (a crash in a SolidQueue thread)
+    #   enqueue_recurring_task  -> SolidQueueEnqueueError (only when enqueue_error is set)
+    #
+    # On thread_error: SolidQueue fires this event BEFORE calling on_thread_error
+    # (see SolidQueue::AppExecutor#handle_thread_error), and Reporter marks the
+    # exception object on capture. So when the default on_thread_error
+    # (-> Rails.error.report) runs next, the Dispatch error subscriber dedups it
+    # via that marker — no double report. Capturing here means we still see these
+    # crashes even when the host app overrides on_thread_error away from
+    # Rails.error (a common customization that would otherwise hide them).
+    #
+    # Idempotent: install! subscribes once per process; repeat calls no-op. The
+    # handlers never raise back into SolidQueue's instrumentation.
+    module SolidQueueSubscriber
+      EVENTS = %w[
+        fail_many_claimed.solid_queue
+        thread_error.solid_queue
+        enqueue_recurring_task.solid_queue
+      ].freeze
+
+      # How many job/process ids to inline into tags before truncating. The
+      # payload batches are bounded (prune runs in batches of 50), but we keep
+      # tag values short regardless.
+      MAX_IDS = 20
+
+      class << self
+        def install!
+          return if @installed
+
+          @installed = true
+          @subscriptions = EVENTS.map do |event|
+            ActiveSupport::Notifications.subscribe(event) do |name, _start, _finish, _id, payload|
+              handle(name, payload)
+            end
+          end
+          true
+        end
+
+        # Test/reset seam — unsubscribe so a fresh install! re-registers.
+        def uninstall!
+          Array(@subscriptions).each { |sub| ActiveSupport::Notifications.unsubscribe(sub) }
+          @subscriptions = nil
+          @installed = false
+        end
+
+        def installed?
+          @installed == true
+        end
+
+        private
+
+        # A subscriber that raises surfaces as an InstrumentationSubscriberError
+        # inside SolidQueue's prune/dispatch loop, so every path is guarded.
+        # Reporter.capture already never raises; this guards the tag-building too.
+        def handle(name, payload)
+          return unless Dispatch::Rails.configuration.solid_queue_tracking_enabled?
+
+          case name
+          when "fail_many_claimed.solid_queue"      then on_jobs_lost(payload)
+          when "thread_error.solid_queue"           then on_thread_error(payload)
+          when "enqueue_recurring_task.solid_queue" then on_enqueue_recurring_task(payload)
+          end
+        rescue StandardError => e
+          warn "[dispatch-rails] solid_queue subscriber failed: #{e.class}: #{e.message}"
+          nil
+        end
+
+        # The underlying ProcessPrunedError / ProcessMissingError isn't in the
+        # payload — SolidQueue writes it onto the failed_executions rows — so we
+        # synthesize a stable error (constant message for clean grouping) and
+        # carry the volatile ids/count as tags.
+        def on_jobs_lost(payload)
+          size = payload[:size].to_i
+          return if size.zero?
+
+          Reporter.capture(
+            SolidQueueJobsLost.new(
+              "SolidQueue force-failed claimed job(s) after a worker process died"
+            ),
+            handled: false,
+            level: "error",
+            context: { tags: {
+              source: "solid_queue",
+              solid_queue_event: "fail_many_claimed",
+              jobs_lost: size.to_s,
+              process_ids: truncate_ids(payload[:process_ids]),
+              job_ids: truncate_ids(payload[:job_ids])
+            }.compact }
+          )
+        end
+
+        # The real exception that escaped a SolidQueue thread (supervisor,
+        # dispatcher, worker, scheduler) — report it as-is for an accurate class
+        # and backtrace. Dedups against the default on_thread_error via the
+        # Reporter capture marker (see class comment).
+        def on_thread_error(payload)
+          error = payload[:error]
+          return unless error.is_a?(Exception)
+
+          Reporter.capture(
+            error,
+            handled: false,
+            level: "error",
+            context: { tags: { source: "solid_queue", solid_queue_event: "thread_error" } }
+          )
+        end
+
+        # A recurring task failed to enqueue. payload[:enqueue_error] is the
+        # message string (no exception object), present only on failure.
+        def on_enqueue_recurring_task(payload)
+          message = payload[:enqueue_error].to_s
+          return if message.empty?
+
+          task = payload[:task].to_s
+          Reporter.capture(
+            SolidQueueEnqueueError.new("SolidQueue failed to enqueue recurring task #{task}: #{message}"),
+            handled: false,
+            level: "error",
+            context: { tags: {
+              source: "solid_queue",
+              solid_queue_event: "enqueue_recurring_task",
+              task: task
+            }.reject { |_, v| v.nil? || v == "" } }
+          )
+        end
+
+        def truncate_ids(ids)
+          list = Array(ids)
+          return nil if list.empty?
+
+          shown = list.first(MAX_IDS).join(",")
+          list.size > MAX_IDS ? "#{shown},+#{list.size - MAX_IDS} more" : shown
+        end
+      end
+    end
+  end
+end

data/lib/dispatch/rails/version.rb

@@ -1,5 +1,5 @@
 module Dispatch
   module Rails
-    VERSION = "0.7.0".freeze
+    VERSION = "0.9.0".freeze
   end
 end

data/lib/dispatch-rails.rb

@@ -4,10 +4,12 @@ require "dispatch/rails/event_builder"
 require "dispatch/rails/transport"
 require "dispatch/rails/reporter"
 require "dispatch/rails/middleware"
+require "dispatch/rails/reporting_endpoint_middleware"
 require "dispatch/rails/response_annotator"
 require "dispatch/rails/heartbeat_aggregator"
 require "dispatch/rails/heartbeat_middleware"
 require "dispatch/rails/error_subscriber"
+require "dispatch/rails/solid_queue_subscriber"
 require "dispatch/rails/rake_handler"
 require "dispatch/rails/engine"
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dispatch-rails
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Dispatch Team
@@ -55,7 +55,9 @@ files:
 - lib/dispatch/rails/middleware.rb
 - lib/dispatch/rails/rake_handler.rb
 - lib/dispatch/rails/reporter.rb
+- lib/dispatch/rails/reporting_endpoint_middleware.rb
 - lib/dispatch/rails/response_annotator.rb
+- lib/dispatch/rails/solid_queue_subscriber.rb
 - lib/dispatch/rails/transport.rb
 - lib/dispatch/rails/version.rb
 homepage: https://dispatchit.app