rails_error_dashboard 0.6.3 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 938ab24cad38b8b20bc0dd0f2a1eb6e5c9e46a4634fb97e2c01b3487221c9fc3
-  data.tar.gz: 6e053a3f8c41e3c3f75f95ab1f9bd8908e9bcea4c473e2d1d3a0c11b7bdf0bdb
+  metadata.gz: bfd6bfaddc3831f37ef4162c92037dddfb18129068e1ad279449b4fcdf164514
+  data.tar.gz: 031a14fd395298e46d95bcbb182c8333dab85d12c64439e7d840a577a7ced989
 SHA512:
-  metadata.gz: 2b84b4a4f917863e7577e253f2324100a06b6fef6f33d56cef211f28a4f1dc4688932f618489f19924baa8aa065135cfcaeffb2c7431f15bea898d3e334395b7
-  data.tar.gz: 4149d8da317c77751e04db12b46f02924fe46e1a420075232e3fa7c96f12218166249596b33a55f1790e696b5fca3580cd5da62d38a39585e356660a702a518c
+  metadata.gz: dae9aaa0bebaf0daf71bd5b3e64590b19b5e48d5a032273304639f49535bc17d5eaa2991a460d9e97403cebcc4dc1f0e70baca2c5291c4c4191d1a5ae092bbf3
+  data.tar.gz: 6bc6d8a6fcf5cb0c262688102ec57cd79d24a8d87f3bed2417ef29d9b63102bc67937784217fbf4a54822b06b1691c333b9210f6bc77c1be49e6055a54559708

data/README.md

@@ -13,7 +13,7 @@
 gem 'rails_error_dashboard'
 ```
 
-**5-minute setup** · **Works out-of-the-box** · **100% Rails + Postgres** · **No vendor lock-in**
+**5-minute setup** · **Works out-of-the-box** · **Postgres, MySQL/Trilogy, SQLite** · **No vendor lock-in**
 
 [Full Documentation](https://anjanj.github.io/rails_error_dashboard/) · [Live Demo](https://rails-error-dashboard.anjan.dev) · [RubyGems](https://rubygems.org/gems/rails_error_dashboard)
 
@@ -35,6 +35,18 @@ gem 'rails_error_dashboard'
 
 ![Error Detail](docs/images/error-detail.png)
 
+**AI Help** — Optional OpenAI or Anthropic assistance streamed directly inside the error detail page.
+
+![AI Help](docs/images/ai-help.png)
+
+---
+
+## From the Community
+
+> All three [self-hosted alternatives] had an issue with error backtrace when using Turbo — RED did fix it… solid_errors and Faultline are not very active projects, RED is very active and @AnjanJ is very responsive in fixing issues. So, RED was my final choice.
+>
+> — **Gael Marziou** ([@gmarziou](https://github.com/gmarziou)) · [read the full discussion](https://github.com/AnjanJ/rails_error_dashboard/discussions/116)
+
 ---
 
 ## Who This Is For
@@ -63,7 +75,7 @@ gem 'rails_error_dashboard'
 
 ### Core (Always Enabled)
 
-Error capture from controllers, jobs, and middleware. Beautiful Bootstrap 5 dashboard with dark/light mode, search, filtering, and real-time updates. Analytics with trend charts, severity breakdown, and spike detection. Workflow management with assignment, priority, snooze, mute/unmute (notification suppression), comments, and batch operations. Security via HTTP Basic Auth or custom lambda (Devise, Warden, session-based). Exception cause chains, enriched HTTP context, custom fingerprinting, CurrentAttributes integration, auto-reopen on recurrence, and sensitive data filtering — all built in.
+Error capture from controllers, jobs, and middleware. Custom-designed dashboard with dark/light mode, search, filtering, and real-time updates. Analytics with trend charts, severity breakdown, and spike detection. Workflow management with assignment, priority, snooze, mute/unmute (notification suppression), comments, and batch operations. Security via HTTP Basic Auth or custom lambda (Devise, Warden, session-based). Exception cause chains, enriched HTTP context, custom fingerprinting, CurrentAttributes integration, auto-reopen on recurrence, and sensitive data filtering — all built in.
 
 ### Optional Features
 
@@ -124,7 +136,7 @@ Requires breadcrumbs to be enabled.
 
 ![Job Health](docs/images/job-health.png)
 
-**Database Health** — PgHero-style live PostgreSQL stats (table sizes, unused indexes, dead tuples, vacuum timestamps) plus historical connection pool data from error snapshots.
+**Database Health** — PgHero-style live PostgreSQL stats (table sizes, unused indexes, dead tuples, vacuum timestamps) plus historical connection pool data from error snapshots. PostgreSQL-only for the system-table views; MySQL and SQLite show connection pool stats and hide the rest.
 
 ![Database Health](docs/images/database-health.png)
 
@@ -147,6 +159,79 @@ config.enable_activestorage_tracking = true  # requires enable_breadcrumbs = tru
 [Complete documentation →](docs/FEATURES.md#job-health-page)
 </details>
 
+<details>
+<summary><strong>LLM Observability — Calls, Tokens, Cost, Tool Use</strong></summary>
+
+Capture every LLM call your app makes — model, latency, token counts, estimated USD cost, and tool-use requests — as breadcrumbs on the error that follows. When a request crashes, you see the chat completion that preceded it: which model was called, how long it took, what it cost, and which tools it asked to invoke.
+
+- Three capture paths — pick whichever matches your stack
+- Cost estimated from a built-in pricing table (Claude 4.x, GPT-4o/o1, Gemini 2.5) — override per-model via `config.llm_pricing_overrides`
+- Tool-call requests summarized inline; tool *execution* spans captured separately via the OTel path
+- Content capture (prompts/completions) **OFF by default** — only token counts and metadata are recorded
+- Same host-app safety guarantees as the rest of the gem — never raises, never blocks the request, every callback rescue-wrapped
+
+```ruby
+config.enable_breadcrumbs        = true   # required — LLM crumbs ride the breadcrumb pipeline
+config.enable_llm_observability  = true
+# Optional — override the built-in pricing table for your account
+# config.llm_pricing_overrides = { "claude-sonnet-4-6" => { input: 3.0, output: 15.0 } }
+```
+
+**Path A — `ruby-openai` (Faraday middleware)**
+
+```ruby
+# Gemfile already has: gem "ruby-openai"
+client = OpenAI::Client.new do |f|
+  f.use RailsErrorDashboard::Integrations::LlmMiddleware
+end
+```
+
+**Path B — `ruby_llm` (OpenTelemetry)**
+
+`ruby_llm` doesn't expose a Faraday hook, but the thoughtbot OTel instrumentation gem emits GenAI-semconv spans that our SpanProcessor picks up automatically.
+
+```ruby
+# Gemfile
+gem "ruby_llm"
+gem "opentelemetry-sdk"
+gem "opentelemetry-instrumentation-ruby_llm"
+
+# config/initializers/opentelemetry.rb
+OpenTelemetry::SDK.configure do |c|
+  c.use "OpenTelemetry::Instrumentation::RubyLLM"
+end
+```
+
+The dashboard's `LlmSpanProcessor` registers itself with `OpenTelemetry.tracer_provider` during engine boot — no extra wiring.
+
+**Path C — anything else (Anthropic official SDK, Net::HTTP, gRPC, Ollama, …)**
+
+The official `anthropic` gem uses `Net::HTTP` directly (no Faraday hook), and many local-inference setups don't run OTel. Wrap any LLM call in `ActiveSupport::Notifications.instrument` — pass a mutable Hash so token counts can be filled in *after* the call:
+
+```ruby
+payload = { provider: "anthropic", model: "claude-sonnet-4-6" }
+
+ActiveSupport::Notifications.instrument("red.llm_call", payload) do
+  response = Anthropic::Client.new.messages.create(
+    model: "claude-sonnet-4-6",
+    messages: [ { role: "user", content: "hi" } ]
+  )
+  payload[:input_tokens]  = response.usage.input_tokens
+  payload[:output_tokens] = response.usage.output_tokens
+end
+
+# Tool execution — captured as its own llm_tool breadcrumb
+ActiveSupport::Notifications.instrument("red.llm_tool_call",
+  tool_name: "search_database",
+  tool_arguments: { query: "..." }
+) do
+  # run the tool
+end
+```
+
+Payload contract matches the `LlmCallEvent` value object — see [`docs/LLM_OBSERVABILITY.md`](docs/LLM_OBSERVABILITY.md) for the full field list.
+</details>
+
 <details>
 <summary><strong>Issue Tracking — GitHub, GitLab, Codeberg</strong></summary>
 
@@ -234,10 +319,20 @@ config.enable_source_code_integration = true  # required for source code viewer
 </details>
 
 <details>
-<summary><strong>Error Replay — Copy as cURL / RSpec / LLM Markdown</strong></summary>
+<summary><strong>AI Help + Error Replay — Ask, Copy as cURL / RSpec / LLM Markdown</strong></summary>
 
 Replay failing requests with one click. Copy the request as a cURL command, generate an RSpec test, or **copy all error details as clean Markdown** for pasting into an LLM session. The LLM export includes app backtrace, cause chain, local/instance variables, breadcrumbs, environment, system health, and related errors — with framework frames filtered and sensitive data preserved as `[FILTERED]`.
 
+When an LLM provider is configured, the error detail page also shows an **AI Help** drawer. Users can ask follow-up questions about the current error and receive streamed Markdown answers from OpenAI or Anthropic without leaving the dashboard.
+
+```ruby
+config.llm_provider = :openai # or :anthropic
+config.llm_api_key = -> { Rails.application.credentials.dig(:openai, :api_key) }
+config.llm_model = "gpt-5"
+```
+
+> **Privacy:** AI Help sends the error's details (backtrace, context, and your question) to the configured provider (OpenAI or Anthropic). Keep `config.filter_sensitive_data = true` (the default) so sensitive values are redacted as `[FILTERED]` before they leave your app.
+
 [Complete documentation →](docs/FEATURES.md#error-details-page)
 </details>
 
@@ -521,13 +616,13 @@ Available as open source under the [MIT License](https://opensource.org/licenses
 
 ## Acknowledgments
 
-Built with [Rails](https://rubyonrails.org/) · UI by [Bootstrap 5](https://getbootstrap.com/) · Charts by [Chart.js](https://www.chartjs.org/) · Pagination by [Pagy](https://github.com/ddnexus/pagy) · Docs theme by [Jekyll VitePress Theme](https://jekyll-vitepress.dev/) by [@crmne](https://github.com/crmne)
+Built with [Rails](https://rubyonrails.org/) · Custom design tokens with [Bootstrap 5 JS](https://getbootstrap.com/) for tooltips and modals · Charts by [Chart.js](https://www.chartjs.org/) · Pagination by [Pagy](https://github.com/ddnexus/pagy) · Docs theme by [Jekyll VitePress Theme](https://jekyll-vitepress.dev/) by [@crmne](https://github.com/crmne)
 
 ## Contributors
 
 [![Contributors](https://contrib.rocks/image?repo=AnjanJ/rails_error_dashboard)](https://github.com/AnjanJ/rails_error_dashboard/graphs/contributors)
 
-Special thanks to [@bonniesimon](https://github.com/bonniesimon), [@gundestrup](https://github.com/gundestrup), [@midwire](https://github.com/midwire), [@RafaelTurtle](https://github.com/RafaelTurtle), [@j4rs](https://github.com/j4rs), and [@gmarziou](https://github.com/gmarziou). See [CONTRIBUTORS.md](CONTRIBUTORS.md) for the full list.
+Special thanks to [@bonniesimon](https://github.com/bonniesimon), [@gundestrup](https://github.com/gundestrup), [@midwire](https://github.com/midwire), [@RafaelTurtle](https://github.com/RafaelTurtle), [@j4rs](https://github.com/j4rs), [@gmarziou](https://github.com/gmarziou), and [@antarr](https://github.com/antarr). See [CONTRIBUTORS.md](CONTRIBUTORS.md) for the full list.
 
 ---
 

data/app/controllers/rails_error_dashboard/application_controller.rb

@@ -46,10 +46,16 @@ module RailsErrorDashboard
       )
     end
 
-    # Handle Pagy pagination errors — redirect to page 1
+    # Handle Pagy pagination errors — redirect to page 1, preserving filters.
+    # Drop both :page and :per_page from the preserved query string. Either can
+    # trigger the rescue (page out of range, per_page negative or non-numeric);
+    # carrying them into the redirect would loop the user right back into the
+    # same error.
     rescue_from Pagy::RangeError, Pagy::OptionError do |exception|
       Rails.logger.warn("[RailsErrorDashboard] Pagination error: #{exception.message}")
-      redirect_to request.path, status: :moved_permanently
+      preserved = request.query_parameters.except("page", :page, "per_page", :per_page)
+      target = preserved.any? ? "#{request.path}?#{preserved.to_query}" : request.path
+      redirect_to target, status: :moved_permanently
     end
 
     private

data/app/controllers/rails_error_dashboard/errors_controller.rb

@@ -22,6 +22,9 @@ module RailsErrorDashboard
       hide_snoozed
       hide_muted
       reopened
+      user_id
+      app_version
+      git_sha
       sort_by
       sort_direction
     ].freeze
@@ -170,8 +173,45 @@ module RailsErrorDashboard
       redirect_to error_path(params[:id], anchor: "issue-tracking", **app_context_params)
     end
 
+    def ai_help
+      unless RailsErrorDashboard.configuration.llm_configured?
+        render json: { error: "AI Help is not configured" }, status: :not_found
+        return
+      end
+
+      question = params[:question].to_s.strip
+      if question.blank?
+        render json: { error: "Question cannot be blank" }, status: :unprocessable_entity
+        return
+      end
+
+      if question.length > 4000
+        render json: { error: "Question is too long. Keep it under 4,000 characters." }, status: :unprocessable_entity
+        return
+      end
+
+      error = ErrorLog.includes(:comments, :parent_cascade_patterns, :child_cascade_patterns).find(params[:id])
+      related_errors = error.related_errors(limit: 5, application_id: @current_application_id)
+      context = Services::MarkdownErrorFormatter.call(error, related_errors: related_errors)
+
+      response.headers["Content-Type"] = "text/event-stream"
+      response.headers["Cache-Control"] = "no-cache"
+      response.headers["X-Accel-Buffering"] = "no"
+
+      self.response_body = Enumerator.new do |stream|
+        begin
+          result = Services::LlmClient.stream(error: error, question: question, context: context) do |text|
+            stream << sse_event("chunk", text: text)
+          end
+          stream << sse_event("done", result)
+        rescue Services::LlmClient::ConfigurationError, Services::LlmClient::RequestError => e
+          stream << sse_event("error", error: e.message)
+        end
+      end
+    end
+
     def analytics
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
 
       # Use Query to get analytics data (pass application filter)
@@ -212,7 +252,7 @@ module RailsErrorDashboard
         return
       end
 
-      days = (params[:days] || 7).to_i
+      days = days_param(default: 7)
       @days = days
 
       # Use Query to get platform comparison data (pass application filter)
@@ -266,7 +306,7 @@ module RailsErrorDashboard
         return
       end
 
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
       correlation = Queries::ErrorCorrelation.new(days: days, application_id: @current_application_id)
 
@@ -280,7 +320,7 @@ module RailsErrorDashboard
     end
 
     def releases
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
       result = Queries::ReleaseTimeline.call(days, application_id: @current_application_id)
       all_releases = result[:releases]
@@ -290,7 +330,7 @@ module RailsErrorDashboard
     end
 
     def user_impact
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
       result = Queries::UserImpactSummary.call(days, application_id: @current_application_id)
       all_entries = result[:entries]
@@ -306,7 +346,7 @@ module RailsErrorDashboard
         return
       end
 
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
       result = Queries::DeprecationWarnings.call(days, application_id: @current_application_id)
       all_deprecations = result[:deprecations]
@@ -326,7 +366,7 @@ module RailsErrorDashboard
         return
       end
 
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
       result = Queries::NplusOneSummary.call(days, application_id: @current_application_id)
       all_patterns = result[:patterns]
@@ -346,7 +386,7 @@ module RailsErrorDashboard
         return
       end
 
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
       result = Queries::CacheHealthSummary.call(days, application_id: @current_application_id)
       all_entries = result[:entries]
@@ -367,7 +407,7 @@ module RailsErrorDashboard
         return
       end
 
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
       result = Queries::JobHealthSummary.call(days, application_id: @current_application_id)
       all_entries = result[:entries]
@@ -387,7 +427,7 @@ module RailsErrorDashboard
         return
       end
 
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
 
       # Live database health (display-time only)
@@ -423,7 +463,7 @@ module RailsErrorDashboard
         return
       end
 
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
       result = Queries::SwallowedExceptionSummary.call(days, application_id: @current_application_id)
       all_entries = result[:entries]
@@ -444,7 +484,7 @@ module RailsErrorDashboard
         return
       end
 
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
       result = Queries::RackAttackSummary.call(days, application_id: @current_application_id)
       all_events = result[:events]
@@ -465,7 +505,7 @@ module RailsErrorDashboard
         return
       end
 
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
       result = Queries::ActionCableSummary.call(days, application_id: @current_application_id)
       all_channels = result[:channels]
@@ -486,7 +526,7 @@ module RailsErrorDashboard
         return
       end
 
-      days = (params[:days] || 30).to_i
+      days = days_param(default: 30)
       @days = days
       result = Queries::ActiveStorageSummary.call(days, application_id: @current_application_id)
       all_services = result[:services]
@@ -606,10 +646,22 @@ module RailsErrorDashboard
       }
     end
 
+    def sse_event(event, payload)
+      "event: #{event}\ndata: #{payload.to_json}\n\n"
+    end
+
     def filter_params
       params.permit(*FILTERABLE_PARAMS).to_h.symbolize_keys
     end
 
+    # Coerce params[:days] into a sane integer in [1, 365]. Without clamping,
+    # a request like ?days=99999999 would scan the full table on every health
+    # query, defeating index pruning and burning CPU.
+    def days_param(default:)
+      raw = params[:days].presence || default
+      raw.to_i.clamp(1, 365)
+    end
+
     def set_application_context
       @current_application_id = params[:application_id].presence
       @applications = Application.ordered_by_name.pluck(:name, :id)

data/app/helpers/rails_error_dashboard/application_helper.rb

@@ -27,6 +27,16 @@ module RailsErrorDashboard
       end
     end
 
+    # Serialize a value to JSON safely for inlining inside a <script> block.
+    # Ruby's #to_json escapes JSON special chars but does NOT escape "</" — a
+    # value containing the literal string "</script>" would break out of the
+    # surrounding <script> tag. Replace "</" with "<\/" (semantically equivalent
+    # in JSON and in JavaScript string literals) to neutralize the close tag.
+    # Returns html_safe for direct interpolation into a script body.
+    def js_safe_json(value)
+      value.to_json.gsub("</", '<\/').html_safe
+    end
+
     # Returns Bootstrap color class for error severity
     # Uses Catppuccin Mocha colors in dark theme via CSS variables
     # @param severity [Symbol] The severity level (:critical, :high, :medium, :low, :info)
@@ -209,6 +219,17 @@ module RailsErrorDashboard
       )
     end
 
+    # Raw connection.select_all returns timestamps as Time in some PG configs
+    # and as ISO8601 strings in others — accept both shapes.
+    def parse_pg_timestamp(value)
+      return nil if value.blank?
+      return value if value.is_a?(Time) || value.is_a?(DateTime)
+
+      Time.parse(value.to_s)
+    rescue ArgumentError
+      nil
+    end
+
     # Renders a relative time ("3 hours ago") that updates automatically
     # @param time [Time, DateTime, nil] The timestamp to display
     # @param fallback [String] Text to show if time is nil
@@ -242,6 +263,8 @@ module RailsErrorDashboard
       when "mailer"     then "secondary"
       when "custom"     then "dark"
       when "deprecation" then "danger"
+      when "llm"        then "info"
+      when "llm_tool"   then "warning"
       else "light"
       end
     end
@@ -265,6 +288,13 @@ module RailsErrorDashboard
     def auto_link_urls(text, error: nil)
       return "" if text.blank?
 
+      # SECURITY: escape HTML special chars in the input before any further
+      # processing. simple_format(..., sanitize: false) at the end means
+      # whatever survives this pipeline is rendered as raw HTML; any unescaped
+      # `<script>` or `<img onerror=>` in the user's text would XSS.
+      # We only intentionally inject our own <a> / <code> tags after this point.
+      text = ERB::Util.html_escape(text)
+
       # Get repository URL from error's application or global config
       repo_url = if error&.application.respond_to?(:repository_url) && error.application.repository_url.present?
         error.application.repository_url
@@ -302,32 +332,34 @@ module RailsErrorDashboard
         )
       }xi
 
-      # Replace URLs with clickable links
+      # Replace URLs with clickable links. The url, code_content, and file_path
+      # values below are slices of `text` which we already escaped at function
+      # entry, so we don't re-escape them here (would double-escape `&amp;`,
+      # breaking visual rendering). repo_url is from config so we escape it
+      # explicitly before interpolating.
+      escaped_repo_url = repo_url ? ERB::Util.html_escape(repo_url.chomp("/")) : nil
+
       linked_text = text_with_placeholders.gsub(url_regex) do |url|
-        # Clean up the URL
         clean_url = url.strip
 
-        # Add protocol if missing
         href = clean_url.start_with?("http://", "https://") ? clean_url : "https://#{clean_url}"
 
-        # Truncate display text for very long URLs
         display_text = clean_url.length > 60 ? "#{clean_url[0..57]}..." : clean_url
 
-        "<a href=\"#{ERB::Util.html_escape(href)}\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"text-primary text-decoration-underline\">#{ERB::Util.html_escape(display_text)}</a>"
+        "<a href=\"#{href}\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"text-primary text-decoration-underline\">#{display_text}</a>"
       end
 
-      # Restore file paths with GitHub links (elvish magic! 🧝‍♀️)
+      # Restore file paths with GitHub links
       linked_text.gsub!(/###FILE_PATH_(\d+)###/) do
         file_path = file_paths[Regexp.last_match(1).to_i]
-        github_url = "#{repo_url.chomp('/')}/blob/main/#{file_path}"
-        "<a href=\"#{ERB::Util.html_escape(github_url)}\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"text-decoration-none\" title=\"View on GitHub\">" \
-        "<code class=\"inline-code-highlight file-path-link\">#{ERB::Util.html_escape(file_path)}</code></a>"
+        "<a href=\"#{escaped_repo_url}/blob/main/#{file_path}\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"text-decoration-none\" title=\"View on GitHub\">" \
+        "<code class=\"inline-code-highlight file-path-link\">#{file_path}</code></a>"
       end
 
       # Restore code blocks with styling
       linked_text.gsub!(/###CODE_BLOCK_(\d+)###/) do
         code_content = code_blocks[Regexp.last_match(1).to_i]
-        "<code class=\"inline-code-highlight\">#{ERB::Util.html_escape(code_content)}</code>"
+        "<code class=\"inline-code-highlight\">#{code_content}</code>"
       end
 
       # Preserve line breaks and return as HTML safe