rails_error_dashboard 0.3.1 → 0.4.1

data/lib/rails_error_dashboard/services/swallowed_exception_tracker.rb

@@ -0,0 +1,277 @@
+# frozen_string_literal: true
+
+module RailsErrorDashboard
+  module Services
+    # TracePoint lifecycle manager for detecting swallowed (raised-then-rescued) exceptions.
+    #
+    # Uses separate TracePoint(:raise) and TracePoint(:rescue) hooks (Ruby 3.3+).
+    # Counts raises vs rescues per exception class + location pair. A high rescue ratio
+    # indicates exceptions being silently swallowed (e.g., `rescue => e; nil`).
+    #
+    # This is intentionally SEPARATE from LocalVariableCapturer — that TracePoint aggressively
+    # filters to only app-code paths, while this one needs broader visibility to detect
+    # swallowed exceptions in gem code too (e.g., Stripe::CardError rescued in a service).
+    #
+    # Safety contract:
+    # - Default OFF (opt-in via config.detect_swallowed_exceptions)
+    # - Ruby 3.3+ version gate (TracePoint(:rescue) not available before 3.3)
+    # - Thread-local counters (no shared state, no mutex in hot path)
+    # - ~500ns per raise/rescue (hash lookup + integer increment)
+    # - Zero I/O in callbacks — async flush via Command
+    # - Every callback wrapped in rescue => e (never raises)
+    # - LRU eviction when thread-local cache exceeds max size
+    # - Periodic flush via cheap timestamp check
+    class SwallowedExceptionTracker
+      RAISE_THREAD_KEY  = :red_swallowed_raises
+      RESCUE_THREAD_KEY = :red_swallowed_rescues
+      FLUSH_THREAD_KEY  = :red_swallowed_last_flush
+      RAISE_LOC_IVAR    = :@_red_raise_loc
+
+      # Flow-control exceptions that are commonly raised/rescued in normal Rails operation.
+      # These are NOT bugs — they're control flow. Skipping them reduces noise.
+      FLOW_CONTROL_EXCEPTIONS = %w[
+        SystemExit
+        SignalException
+        Interrupt
+        Errno::EPIPE
+        Errno::ECONNRESET
+        Errno::ETIMEDOUT
+        IOError
+        ActionController::RoutingError
+        ActionController::UnknownFormat
+        ActionController::InvalidAuthenticityToken
+        ActiveRecord::RecordNotFound
+        ActionView::MissingTemplate
+        AbstractController::ActionNotFound
+      ].freeze
+
+      class << self
+        # Enable both TracePoints. No-op on Ruby < 3.3 or if already enabled.
+        def enable!
+          unless RUBY_VERSION >= "3.3"
+            RailsErrorDashboard::Logger.debug(
+              "[RailsErrorDashboard] SwallowedExceptionTracker requires Ruby 3.3+ (current: #{RUBY_VERSION}). Skipping."
+            )
+            return false
+          end
+
+          return true if enabled?
+
+          @raise_tracepoint = TracePoint.new(:raise) do |tp|
+            on_raise(tp)
+          rescue => e
+            RailsErrorDashboard::Logger.debug(
+              "[RailsErrorDashboard] SwallowedExceptionTracker :raise callback error: #{e.class} - #{e.message}"
+            )
+          end
+
+          @rescue_tracepoint = TracePoint.new(:rescue) do |tp|
+            on_rescue(tp)
+          rescue => e
+            RailsErrorDashboard::Logger.debug(
+              "[RailsErrorDashboard] SwallowedExceptionTracker :rescue callback error: #{e.class} - #{e.message}"
+            )
+          end
+
+          @raise_tracepoint.enable
+          @rescue_tracepoint.enable
+
+          at_exit { flush_all_threads! }
+
+          true
+        end
+
+        # Disable both TracePoints and flush remaining data
+        def disable!
+          @raise_tracepoint&.disable
+          @rescue_tracepoint&.disable
+          @raise_tracepoint = nil
+          @rescue_tracepoint = nil
+        end
+
+        # Check if currently enabled
+        def enabled?
+          @raise_tracepoint&.enabled? == true && @rescue_tracepoint&.enabled? == true
+        end
+
+        # Force flush the current thread's counters (used by job and tests)
+        def flush!
+          raises = Thread.current[RAISE_THREAD_KEY]
+          rescues = Thread.current[RESCUE_THREAD_KEY]
+          return if raises.nil? && rescues.nil?
+          return if raises&.empty? && rescues&.empty?
+
+          # Copy and clear atomically (per-thread, no lock needed)
+          raise_snapshot = raises&.dup || {}
+          rescue_snapshot = rescues&.dup || {}
+          raises&.clear
+          rescues&.clear
+          Thread.current[FLUSH_THREAD_KEY] = Time.now.to_f
+
+          dispatch_flush(raise_snapshot, rescue_snapshot)
+        rescue => e
+          RailsErrorDashboard::Logger.debug(
+            "[RailsErrorDashboard] SwallowedExceptionTracker.flush! failed: #{e.class} - #{e.message}"
+          )
+        end
+
+        # Read current thread's counters (for testing/inspection)
+        def current_raises
+          Thread.current[RAISE_THREAD_KEY] || {}
+        end
+
+        def current_rescues
+          Thread.current[RESCUE_THREAD_KEY] || {}
+        end
+
+        # Clear current thread's counters without flushing (for testing)
+        def clear!
+          Thread.current[RAISE_THREAD_KEY] = nil
+          Thread.current[RESCUE_THREAD_KEY] = nil
+          Thread.current[FLUSH_THREAD_KEY] = nil
+        end
+
+        private
+
+        # TracePoint(:raise) callback
+        def on_raise(tp)
+          exception = tp.raised_exception
+
+          # 1. Skip system/flow-control exceptions (cheapest check first)
+          return if skip_exception?(exception)
+
+          # 2. Build location string
+          path = tp.path.to_s
+          line = tp.lineno
+          location = "#{path}:#{line}"
+
+          # 3. Set location ivar on exception for raise→rescue matching
+          exception.instance_variable_set(RAISE_LOC_IVAR, location)
+
+          # 4. Increment raise counter
+          class_name = exception.class.name || exception.class.to_s
+          key = "#{class_name}|#{location}"
+
+          raises = (Thread.current[RAISE_THREAD_KEY] ||= {})
+          raises[key] = (raises[key] || 0) + 1
+
+          # 5. LRU eviction if over capacity
+          evict_oldest!(raises) if raises.size > max_cache_size
+        end
+
+        # TracePoint(:rescue) callback
+        def on_rescue(tp)
+          exception = tp.raised_exception
+
+          # 1. Skip system/flow-control exceptions
+          return if skip_exception?(exception)
+
+          # 2. Get raise location from ivar (set during :raise)
+          raise_loc = if exception.instance_variable_defined?(RAISE_LOC_IVAR)
+            exception.instance_variable_get(RAISE_LOC_IVAR)
+          end
+          return unless raise_loc
+
+          # 3. Build rescue location
+          rescue_path = tp.path.to_s
+          rescue_line = tp.lineno
+          rescue_loc = "#{rescue_path}:#{rescue_line}"
+
+          # 4. Increment rescue counter
+          class_name = exception.class.name || exception.class.to_s
+          key = "#{class_name}|#{raise_loc}->#{rescue_loc}"
+
+          rescues = (Thread.current[RESCUE_THREAD_KEY] ||= {})
+          rescues[key] = (rescues[key] || 0) + 1
+
+          # 5. LRU eviction if over capacity
+          evict_oldest!(rescues) if rescues.size > max_cache_size
+
+          # 6. Maybe flush
+          maybe_flush!
+        end
+
+        # Check if exception should be skipped
+        def skip_exception?(exception)
+          return true if exception.is_a?(SystemExit)
+          return true if exception.is_a?(SignalException)
+          return true if exception.is_a?(Interrupt)
+
+          class_name = exception.class.name
+          return true if class_name.nil?
+
+          # Check built-in flow-control list
+          return true if FLOW_CONTROL_EXCEPTIONS.include?(class_name)
+
+          # Check user-configured ignore list
+          ignore_list = RailsErrorDashboard.configuration.swallowed_exception_ignore_classes
+          return true if ignore_list&.any? { |klass| class_name == klass.to_s }
+
+          false
+        end
+
+        # LRU eviction: delete the oldest key (Ruby hashes maintain insertion order)
+        def evict_oldest!(hash)
+          oldest_key = hash.each_key.first
+          hash.delete(oldest_key) if oldest_key
+        end
+
+        # Cheap periodic flush check
+        def maybe_flush!
+          now = Time.now.to_f
+          last_flush = Thread.current[FLUSH_THREAD_KEY] ||= now
+          interval = RailsErrorDashboard.configuration.swallowed_exception_flush_interval
+
+          return unless (now - last_flush) >= interval
+
+          flush!
+        end
+
+        # Dispatch flush asynchronously via background job (zero I/O in request path).
+        # Falls back to synchronous command if job enqueue fails.
+        def dispatch_flush(raise_snapshot, rescue_snapshot, sync: false)
+          return if raise_snapshot.empty? && rescue_snapshot.empty?
+
+          if sync
+            Commands::FlushSwallowedExceptions.call(
+              raise_counts: raise_snapshot,
+              rescue_counts: rescue_snapshot
+            )
+          else
+            SwallowedExceptionFlushJob.perform_later(raise_snapshot, rescue_snapshot)
+          end
+        rescue => e
+          RailsErrorDashboard::Logger.debug(
+            "[RailsErrorDashboard] SwallowedExceptionTracker.dispatch_flush failed: #{e.class} - #{e.message}"
+          )
+        end
+
+        def max_cache_size
+          RailsErrorDashboard.configuration.swallowed_exception_max_cache_size || 1000
+        end
+
+        # Flush all threads on shutdown (best-effort)
+        def flush_all_threads!
+          Thread.list.each do |thread|
+            raises = thread[RAISE_THREAD_KEY]
+            rescues = thread[RESCUE_THREAD_KEY]
+            next if raises.nil? && rescues.nil?
+            next if raises&.empty? && rescues&.empty?
+
+            raise_snapshot = raises&.dup || {}
+            rescue_snapshot = rescues&.dup || {}
+            thread[RAISE_THREAD_KEY] = nil
+            thread[RESCUE_THREAD_KEY] = nil
+            thread[FLUSH_THREAD_KEY] = nil
+
+            dispatch_flush(raise_snapshot, rescue_snapshot, sync: true)
+          end
+        rescue => e
+          RailsErrorDashboard::Logger.debug(
+            "[RailsErrorDashboard] SwallowedExceptionTracker.flush_all_threads! failed: #{e.class} - #{e.message}"
+          )
+        end
+      end
+    end
+  end
+end

data/lib/rails_error_dashboard/services/system_health_snapshot.rb

@@ -34,6 +34,8 @@ module RailsErrorDashboard
           connection_pool: connection_pool_stats,
           puma: puma_stats,
           job_queue: job_queue_stats,
+          ruby_vm: ruby_vm_stats,
+          yjit: yjit_stats,
           captured_at: Time.current.iso8601
         }
       end
@@ -140,6 +142,37 @@ module RailsErrorDashboard
       rescue => e
         nil
       end
+
+      # RubyVM.stat — constant/method cache invalidation rates
+      # Keys vary by Ruby version; pass through full hash for forward-compat
+      # Ruby 3.2+: constant_cache_invalidations, constant_cache_misses,
+      #            global_cvar_state, next_shape_id, shape_cache_size
+      def ruby_vm_stats
+        return nil unless defined?(RubyVM) && RubyVM.respond_to?(:stat)
+        RubyVM.stat
+      rescue => e
+        nil
+      end
+
+      # RubyVM::YJIT.runtime_stats — JIT compilation health
+      # Cherry-picks diagnostic keys (full hash has 30+ entries)
+      def yjit_stats
+        return nil unless defined?(RubyVM::YJIT) && RubyVM::YJIT.respond_to?(:enabled?) && RubyVM::YJIT.enabled?
+        raw = RubyVM::YJIT.runtime_stats
+        {
+          inline_code_size: raw[:inline_code_size],
+          code_region_size: raw[:code_region_size],
+          compiled_iseq_count: raw[:compiled_iseq_count],
+          compiled_block_count: raw[:compiled_block_count],
+          compile_time_ns: raw[:compile_time_ns],
+          invalidation_count: raw[:invalidation_count],
+          invalidate_method_lookup: raw[:invalidate_method_lookup],
+          invalidate_constant_state_bump: raw[:invalidate_constant_state_bump],
+          object_shape_count: raw[:object_shape_count]
+        }
+      rescue => e
+        nil
+      end
     end
   end
 end

data/lib/rails_error_dashboard/services/variable_serializer.rb

@@ -0,0 +1,326 @@
+# frozen_string_literal: true
+
+module RailsErrorDashboard
+  module Services
+    # Pure algorithm: Serialize local variables to safe JSON-compatible hash
+    #
+    # Handles circular references (thread-local Set of object_id),
+    # depth limiting, string truncation, and per-variable rescue.
+    # Never stores Binding objects.
+    #
+    # Sensitive data filtering uses SensitiveDataFilter.parameter_filter
+    # (same approach as BreadcrumbCollector) — supports String, Symbol,
+    # Regexp, and Proc patterns from Rails filter_parameters.
+    #
+    # Output format per variable:
+    #   { type: "String", value: "hello", truncated: false }
+    #
+    # Safety contract:
+    # - Per-variable rescue — one bad variable never crashes extraction
+    # - Thread-local circular detection Set, cleaned in ensure
+    # - Never raises — returns {} on total failure
+    class VariableSerializer
+      THREAD_KEY = :_red_variable_serializer_seen
+
+      # Serialize a hash of variables to safe output
+      # @param locals [Hash] { variable_name => raw_value }
+      # @param max_count [Integer, nil] Override max variable count (defaults to local_variable_max_count)
+      # @param additional_filter_patterns [Array] Extra sensitive name patterns (e.g. instance_variable_filter_patterns)
+      # @return [Hash] { "variable_name" => { type:, value:, truncated:, filtered: } }
+      def self.call(locals, max_count: nil, additional_filter_patterns: [])
+        return {} unless locals.is_a?(Hash) && locals.any?
+
+        config = RailsErrorDashboard.configuration
+        max_count ||= config.local_variable_max_count || 15
+
+        # Thread-local circular reference tracking
+        Thread.current[THREAD_KEY] = Set.new
+
+        result = {}
+        locals.first(max_count).each do |name, value|
+          name_str = name.to_s
+          result[name_str] = serialize_variable(name_str, value, config)
+        end
+
+        filter_serialized(result, additional_filter_patterns: additional_filter_patterns)
+      rescue => e
+        RailsErrorDashboard::Logger.debug("[RailsErrorDashboard] VariableSerializer.call failed: #{e.message}")
+        {}
+      ensure
+        Thread.current[THREAD_KEY] = nil
+      end
+
+      # Serialize a single variable (per-variable rescue)
+      # @return [Hash] { type:, value:, truncated: }
+      def self.serialize_variable(name, value, config)
+        max_depth = config.local_variable_max_depth || 3
+        serialized_value = serialize_value(value, config, 0, max_depth)
+
+        {
+          type: value.class.name,
+          value: serialized_value[:value],
+          truncated: serialized_value[:truncated] || false
+        }
+      rescue => e
+        { type: "Unknown", value: "(serialization error: #{e.class.name})", truncated: false }
+      end
+      private_class_method :serialize_variable
+
+      # Recursively serialize a value with depth limiting and circular detection
+      # @return [Hash] { value:, truncated: }
+      def self.serialize_value(value, config, depth, max_depth)
+        # Depth limit reached
+        if depth >= max_depth
+          return { value: "(depth limit reached)", truncated: true }
+        end
+
+        case value
+        when NilClass
+          { value: nil, truncated: false }
+        when TrueClass, FalseClass
+          { value: value, truncated: false }
+        when Integer, Float
+          { value: value, truncated: false }
+        when Symbol
+          { value: value.to_s, truncated: false }
+        when String
+          serialize_string(value, config)
+        when Array
+          serialize_array(value, config, depth, max_depth)
+        when Hash
+          serialize_hash(value, config, depth, max_depth)
+        when IO, Tempfile
+          { value: "#<#{value.class.name}>", truncated: false }
+        when Proc
+          { value: "#<Proc>", truncated: false }
+        when Method, UnboundMethod
+          { value: "#<#{value.class.name}: #{value.name}>", truncated: false }
+        when Class, Module
+          { value: value.name || value.to_s, truncated: false }
+        when Regexp
+          { value: value.inspect, truncated: false }
+        when Range
+          { value: value.to_s, truncated: false }
+        else
+          serialize_object(value, config, depth, max_depth)
+        end
+      rescue => e
+        { value: "(serialization error: #{e.class.name})", truncated: false }
+      end
+      private_class_method :serialize_value
+
+      def self.serialize_string(value, config)
+        max_len = config.local_variable_max_string_length || 200
+        if value.length > max_len
+          { value: value[0, max_len], truncated: true }
+        else
+          { value: value, truncated: false }
+        end
+      end
+      private_class_method :serialize_string
+
+      def self.serialize_array(value, config, depth, max_depth)
+        # Circular reference check
+        seen = Thread.current[THREAD_KEY]
+        if seen&.include?(value.object_id)
+          return { value: "(circular reference)", truncated: false }
+        end
+
+        seen&.add(value.object_id)
+        max_items = config.local_variable_max_array_items || 10
+        truncated = value.length > max_items
+        items = value.first(max_items).map do |item|
+          serialize_value(item, config, depth + 1, max_depth)[:value]
+        end
+
+        { value: items, truncated: truncated }
+      end
+      private_class_method :serialize_array
+
+      def self.serialize_hash(value, config, depth, max_depth)
+        seen = Thread.current[THREAD_KEY]
+        if seen&.include?(value.object_id)
+          return { value: "(circular reference)", truncated: false }
+        end
+
+        seen&.add(value.object_id)
+        max_items = config.local_variable_max_hash_items || 20
+        truncated = value.length > max_items
+        result = {}
+        value.first(max_items).each do |k, v|
+          key_str = k.to_s
+          result[key_str] = serialize_value(v, config, depth + 1, max_depth)[:value]
+        end
+
+        { value: result, truncated: truncated }
+      end
+      private_class_method :serialize_hash
+
+      def self.serialize_object(value, config, depth, max_depth)
+        seen = Thread.current[THREAD_KEY]
+        if seen&.include?(value.object_id)
+          return { value: "(circular reference)", truncated: false }
+        end
+
+        seen&.add(value.object_id)
+
+        # ActiveRecord objects — safe summary
+        if defined?(ActiveRecord::Base) && value.is_a?(ActiveRecord::Base)
+          id_str = begin
+            value.id.to_s
+          rescue
+            nil
+          end
+          label = id_str ? "#<#{value.class.name} id: #{id_str}>" : "#<#{value.class.name}>"
+          return { value: label, truncated: false }
+        end
+
+        # Fallback: .inspect with truncation
+        max_len = config.local_variable_max_string_length || 200
+        inspected = value.inspect
+        if inspected.length > max_len
+          { value: inspected[0, max_len], truncated: true }
+        else
+          { value: inspected, truncated: false }
+        end
+      rescue
+        { value: "#<#{value.class.name rescue "Object"}>", truncated: false }
+      end
+      private_class_method :serialize_object
+
+      # --- Sensitive data filtering (post-serialization) ---
+      # Reuses SensitiveDataFilter.parameter_filter — same pattern as BreadcrumbCollector.
+      # Applied AFTER serialization so ParameterFilter works on clean JSON-compatible values.
+
+      # Filter all serialized variables for sensitive data
+      # @param result [Hash] Serialized output from call()
+      # @param additional_filter_patterns [Array] Extra sensitive name patterns
+      # @return [Hash] Filtered output
+      def self.filter_serialized(result, additional_filter_patterns: [])
+        return result unless RailsErrorDashboard.configuration.filter_sensitive_data
+
+        filter = effective_filter(additional_filter_patterns: additional_filter_patterns)
+        return result unless filter
+
+        result.each do |var_name, info|
+          # Filter the variable name itself
+          if filter_matches?(filter, var_name)
+            info[:value] = "[FILTERED]"
+            info[:filtered] = true
+            next
+          end
+
+          # Filter string values (credit card patterns, key=value patterns)
+          if info[:value].is_a?(String)
+            info[:value] = SensitiveDataFilter.send(:filter_message, filter, info[:value])
+          end
+
+          # Filter nested hash keys recursively
+          if info[:value].is_a?(Hash)
+            info[:value] = filter_hash_recursive(filter, info[:value])
+          end
+
+          # Filter nested array items
+          if info[:value].is_a?(Array)
+            info[:value] = filter_array_recursive(filter, info[:value])
+          end
+        end
+
+        result
+      rescue => e
+        RailsErrorDashboard::Logger.debug("[RailsErrorDashboard] VariableSerializer.filter_serialized failed: #{e.message}")
+        result
+      end
+      private_class_method :filter_serialized
+
+      # Build effective filter: SensitiveDataFilter base + variable-specific filter patterns
+      # @param additional_filter_patterns [Array] Extra patterns (e.g. instance_variable_filter_patterns)
+      # @return [ActiveSupport::ParameterFilter, nil]
+      def self.effective_filter(additional_filter_patterns: [])
+        base_filter = SensitiveDataFilter.parameter_filter
+        return nil unless base_filter
+
+        custom_patterns = Array(RailsErrorDashboard.configuration.local_variable_filter_patterns)
+        extra_patterns = Array(additional_filter_patterns)
+        return base_filter if custom_patterns.empty? && extra_patterns.empty?
+
+        # Gather the same patterns SensitiveDataFilter uses, plus custom ones
+        patterns = SensitiveDataFilter::DEFAULT_SENSITIVE_PATTERNS.dup
+        if defined?(Rails) && Rails.application&.config&.respond_to?(:filter_parameters)
+          patterns.concat(Array(Rails.application.config.filter_parameters))
+        end
+        custom_sdf = RailsErrorDashboard.configuration.sensitive_data_patterns
+        patterns.concat(Array(custom_sdf)) if custom_sdf
+        patterns.concat(custom_patterns)
+        patterns.concat(extra_patterns)
+        patterns.uniq!
+
+        ActiveSupport::ParameterFilter.new(patterns)
+      rescue => e
+        RailsErrorDashboard::Logger.debug("[RailsErrorDashboard] VariableSerializer.effective_filter failed: #{e.message}")
+        SensitiveDataFilter.parameter_filter
+      end
+      private_class_method :effective_filter
+
+      # Check if a key name matches any filter pattern
+      # Uses ParameterFilter's own matching — supports String, Symbol, Regexp, Proc
+      # @return [Boolean]
+      def self.filter_matches?(filter, name)
+        filtered = filter.filter(name => "x")
+        filtered[name] != "x"
+      rescue
+        false
+      end
+      private_class_method :filter_matches?
+
+      # Recursively filter hash keys and values
+      # @param filter [ActiveSupport::ParameterFilter]
+      # @param hash [Hash]
+      # @return [Hash] Filtered hash
+      def self.filter_hash_recursive(filter, hash)
+        # ParameterFilter handles nested key filtering natively
+        filtered = filter.filter(hash)
+
+        # Recurse into remaining complex values (arrays, nested hashes that might
+        # contain further structures beyond what ParameterFilter traverses)
+        filtered.each do |key, value|
+          case value
+          when String
+            filtered[key] = SensitiveDataFilter.send(:filter_message, filter, value)
+          when Array
+            filtered[key] = filter_array_recursive(filter, value)
+          end
+        end
+
+        filtered
+      rescue => e
+        RailsErrorDashboard::Logger.debug("[RailsErrorDashboard] filter_hash_recursive failed: #{e.message}")
+        hash
+      end
+      private_class_method :filter_hash_recursive
+
+      # Recursively filter array items
+      # @param filter [ActiveSupport::ParameterFilter]
+      # @param array [Array]
+      # @return [Array] Filtered array
+      def self.filter_array_recursive(filter, array)
+        array.map do |item|
+          case item
+          when String
+            SensitiveDataFilter.send(:filter_message, filter, item)
+          when Hash
+            filter_hash_recursive(filter, item)
+          when Array
+            filter_array_recursive(filter, item)
+          else
+            item
+          end
+        end
+      rescue => e
+        RailsErrorDashboard::Logger.debug("[RailsErrorDashboard] filter_array_recursive failed: #{e.message}")
+        array
+      end
+      private_class_method :filter_array_recursive
+    end
+  end
+end