@agent-native/core 0.9.1 → 0.11.0

package/dist/server/sentry-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sentry-plugin.js","sourceRoot":"","sources":["../../src/server/sentry-plugin.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,EACL,cAAc,EACd,yBAAyB,GAC1B,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EACL,iBAAiB,EACjB,gBAAgB,EAChB,qBAAqB,EACrB,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,yBAAyB,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAgB,MAAM,IAAI,CAAC;AAIxD,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC;QACH,OAAO,KAAK,CAAC,GAAG,EAAE,QAAQ,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,CAAC;QACH,OAAO,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,IAAwB;IACpD,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IACxB,iDAAiD;IACjD,IACE,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAC3B,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;QAC3B,IAAI,KAAK,cAAc;QACvB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAC3B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB;IAChC,OAAO,KAAK,EAAE,QAAa,EAAE,EAAE;QAC7B,yBAAyB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC9C,MAAM,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE/B,gBAAgB,EAAE,CAAC;QACnB,IAAI,CAAC,qBAAqB,EAAE,EAAE,CAAC;YAC7B,kEAAkE;YAClE,qDAAqD;YACrD,OAAO;QACT,CAAC;QAED,uEAAuE;QACvE,wEAAwE;QACxE,uEAAuE;QACvE,oEAAoE;QACpE,QAAQ,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,KAAc,EAAE,EAAE;YACzD,IAAI,CAAC,oBAAoB,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBAAE,OAAO;YACpD,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,CAAC;gBACxC,uBAAuB,CAAC,OAAO,CAAC,CAAC;YACnC,CAAC;YAAC,MAAM,CAAC;gBACP,wCAAwC;YAC1C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,sEAAsE;QACtE,oEAAoE;QACpE,kEAAkE;QAClE,6DAA6D;QAC7D,qEAAqE;QACrE,0BAA0B;QAC1B,yBAAyB,CAAC,CAAC,GAAG,EAAE,EAAE;YAChC,uBAAuB,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QAEH,qEAAqE;QACrE,kEAAkE;QAClE,QAAQ,CAAC,KAAK,EAAE,IAAI,EAAE,CACpB,OAAO,EACP,CAAC,KAAc,EAAE,GAAyB,EAAE,EAAE;YAC5C,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,GAAG,EAAE,KAAK,CAAC;gBACzB,iBAAiB,CAAC,KAAK,EAAE;oBACvB,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;oBAC3C,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;oBAC5C,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;iBACpD,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,4DAA4D;YAC9D,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAmB,kBAAkB,EAAE,CAAC","sourcesContent":["/**\n * Nitro plugin that initializes server-side Sentry and attaches per-request\n * user context.\n *\n * Wires three pieces:\n *   1. On startup, `initServerSentry()` reads `SENTRY_SERVER_DSN` and arms\n *      the SDK (no-op when the env var is unset).\n *   2. On every request, hook into Nitro's `request` event: resolve the\n *      session via `getSession(event)` and tag the per-request isolation\n *      scope with the user's id/email/orgId. Wrapped in try/catch so a\n *      session-resolution failure can never 500 the request.\n *   3. On every Nitro `error` event, capture the exception with the route,\n *      method, and user-agent attached as searchable tags.\n *\n * Mounted as a default plugin from `framework-request-handler.ts` —\n * templates that don't define `server/plugins/sentry.ts` get this for\n * free. Templates that need to customize (e.g. add custom tags / skip\n * Sentry) can override by exporting their own `sentry.ts` plugin.\n */\nimport {\n  awaitBootstrap,\n  markDefaultPluginProvided,\n} from \"./framework-request-handler.js\";\nimport { getSession } from \"./auth.js\";\nimport {\n  captureRouteError,\n  initServerSentry,\n  isServerSentryEnabled,\n  setSentryRequestContext,\n  setSentryUserForRequest,\n} from \"./sentry.js\";\nimport { addRequestContextObserver } from \"./request-context.js\";\nimport { getHeader, getMethod, type H3Event } from \"h3\";\n\ntype NitroPluginDef = (nitroApp: any) => void | Promise<void>;\n\nfunction readRoute(event: H3Event): string | undefined {\n  try {\n    return event.url?.pathname;\n  } catch {\n    return undefined;\n  }\n}\n\nfunction readUserAgent(event: H3Event): string | undefined {\n  try {\n    return getHeader(event, \"user-agent\");\n  } catch {\n    return undefined;\n  }\n}\n\n/**\n * Skip session resolution for paths that obviously don't need one. Avoids\n * a DB round-trip on every static-asset / favicon / public-share request\n * while keeping API + framework routes covered.\n */\nfunction shouldResolveSession(path: string | undefined): boolean {\n  if (!path) return false;\n  // Vite / React Router static assets and similar.\n  if (\n    path.startsWith(\"/assets/\") ||\n    path.startsWith(\"/_build/\") ||\n    path === \"/favicon.ico\" ||\n    path.startsWith(\"/static/\")\n  ) {\n    return false;\n  }\n  return true;\n}\n\nexport function createSentryPlugin(): NitroPluginDef {\n  return async (nitroApp: any) => {\n    markDefaultPluginProvided(nitroApp, \"sentry\");\n    await awaitBootstrap(nitroApp);\n\n    initServerSentry();\n    if (!isServerSentryEnabled()) {\n      // No DSN — skip wiring per-request hooks. We'd just be paying the\n      // call-site overhead for every request to no effect.\n      return;\n    }\n\n    // Per-request: resolve session and attach to Sentry isolation scope so\n    // any exception captured later in the request carries the user. Wrapped\n    // in try/catch so a session-DB hiccup or auth-broken state never turns\n    // into a 500 — the worst case is we lose user context on the event.\n    nitroApp.hooks?.hook?.(\"request\", async (event: H3Event) => {\n      if (!shouldResolveSession(readRoute(event))) return;\n      try {\n        const session = await getSession(event);\n        setSentryUserForRequest(session);\n      } catch {\n        // best-effort — don't break the request\n      }\n    });\n\n    // Wrap-time: every `runWithRequestContext({ userEmail, orgId, ... })`\n    // call also pins user/org onto Sentry's per-async-context isolation\n    // scope. Covers paths the cookie-based `request` hook can't see —\n    // integration webhook processors, A2A calls, agent-chat tool\n    // re-entries, and any internal call chain that opens a request scope\n    // without an HTTP cookie.\n    addRequestContextObserver((ctx) => {\n      setSentryRequestContext({ userEmail: ctx.userEmail, orgId: ctx.orgId });\n    });\n\n    // Per-error: capture with route/method/UA tags. Nitro's `error` hook\n    // signature is (error, { event, tags }) — we forward what we can.\n    nitroApp.hooks?.hook?.(\n      \"error\",\n      (error: unknown, ctx?: { event?: H3Event }) => {\n        try {\n          const event = ctx?.event;\n          captureRouteError(error, {\n            route: event ? readRoute(event) : undefined,\n            method: event ? getMethod(event) : undefined,\n            userAgent: event ? readUserAgent(event) : undefined,\n          });\n        } catch {\n          // Sentry capture must never escape into Nitro's error path.\n        }\n      },\n    );\n  };\n}\n\n/**\n * Default Sentry plugin — auto-mounts when a template doesn't define its\n * own `server/plugins/sentry.ts`. Reads `SENTRY_SERVER_DSN` from env and\n * silently no-ops when it's unset, so this is safe to default-mount in\n * every template (including local dev with no DSN configured).\n */\nexport const defaultSentryPlugin: NitroPluginDef = createSentryPlugin();\n"]}

package/dist/server/sentry.d.ts

@@ -0,0 +1,92 @@
+import type { AuthSession } from "./auth.js";
+/**
+ * Initialize server-side Sentry. Idempotent — safe to call from multiple
+ * plugin entrypoints. Returns `true` if initialization actually happened
+ * (DSN was set), `false` if Sentry is disabled (no DSN).
+ *
+ * No DSN is hardcoded: unlike the CLI (a published binary that always
+ * wants to phone home crashes), the server runs in customer environments.
+ * Operators set `SENTRY_SERVER_DSN` when they want their own Sentry
+ * project to receive these events; without it the module no-ops.
+ */
+export declare function initServerSentry(): boolean;
+/**
+ * `true` once `initServerSentry()` has succeeded with a DSN. Plugins that
+ * want to skip work when Sentry is disabled can check this before calling
+ * the helpers below.
+ */
+export declare function isServerSentryEnabled(): boolean;
+/**
+ * Attach the current request's user to Sentry's isolation scope so any
+ * `captureException` triggered later in the request carries the right
+ * `user.id` / `user.email` / `user.username` and `orgId` tag.
+ *
+ * Sentry node 10 uses Node's AsyncLocalStorage to give each async context
+ * its own isolation scope, so setting on `getIsolationScope()` here only
+ * affects events emitted while this request's async context is active.
+ *
+ * No-ops gracefully when Sentry isn't initialized or no session exists —
+ * never throws into the request path.
+ */
+export declare function setSentryUserForRequest(session: AuthSession | null): void;
+/**
+ * Pin a user/org onto the current isolation scope from a lighter
+ * `RequestContext`-shaped payload. Used by the request-context observer so
+ * action handlers, agent-chat runs, and integration webhook processors —
+ * all of which already wrap their work in `runWithRequestContext({ userEmail,
+ * orgId, ... })` — automatically tag Sentry events with the right user even
+ * when the Nitro `request` hook didn't see a cookie (e.g. webhook delivery,
+ * A2A calls, internal background runs).
+ *
+ * Skips overwriting a richer user identity already set by
+ * `setSentryUserForRequest` — the cookie-resolved session has
+ * userId/username on top of email, which we shouldn't clobber.
+ */
+export declare function setSentryRequestContext(ctx: {
+    userEmail?: string;
+    orgId?: string;
+}): void;
+/**
+ * Capture an error from one of the auth attempt routes (login / signup)
+ * with the email pinned to the event so support can filter by user. Sets
+ * Sentry level to `warning` (not `error`) — bad-password attempts aren't
+ * actionable, but a sustained spike of warnings on a route IS the signal
+ * we care about.
+ *
+ * Caller should still return their normal HTTP response (401/409/etc.);
+ * this just records the error for observability.
+ */
+export declare function captureAuthError(error: unknown, context: {
+    route: "login" | "signup" | "logout";
+    email?: string;
+}): string | undefined;
+export interface RouteErrorContext {
+    /** The full request path (e.g. `/_agent-native/agent-chat`). */
+    route?: string;
+    /** HTTP method (e.g. `GET`, `POST`). */
+    method?: string;
+    /** Caller's `User-Agent` header. */
+    userAgent?: string;
+    /** Free-form extra tags to add to the event (low-cardinality). */
+    tags?: Record<string, string | undefined>;
+    /**
+     * High-cardinality / structured payload — not searchable but visible in
+     * the Sentry event detail (recording IDs, byte counts, compression
+     * metadata, response body tails, etc.).
+     */
+    extra?: Record<string, unknown>;
+    /**
+     * Grouped contexts shown as separate cards in the Sentry event UI.
+     */
+    contexts?: Record<string, Record<string, unknown>>;
+}
+/**
+ * Capture an exception that surfaced in a Nitro route handler with the
+ * request's route/method/userAgent attached as searchable Sentry tags.
+ *
+ * Non-throwing: if Sentry isn't initialized or the underlying capture
+ * fails, this is a no-op. Returns the Sentry event ID when capture
+ * succeeded, otherwise `undefined`.
+ */
+export declare function captureRouteError(error: unknown, context?: RouteErrorContext): string | undefined;
+//# sourceMappingURL=sentry.d.ts.map

package/dist/server/sentry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sentry.d.ts","sourceRoot":"","sources":["../../src/server/sentry.ts"],"names":[],"mappings":"AAuBA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AAoC7C;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,IAAI,OAAO,CAoF1C;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,IAAI,OAAO,CAE/C;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI,GAAG,IAAI,CAsBzE;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,uBAAuB,CAAC,GAAG,EAAE;IAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GAAG,IAAI,CAgBP;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,OAAO,EACd,OAAO,EAAE;IAAE,KAAK,EAAE,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,GAChE,MAAM,GAAG,SAAS,CAcpB;AAED,MAAM,WAAW,iBAAiB;IAChC,gEAAgE;IAChE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC;IACpC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,kEAAkE;IAClE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IAC1C;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChC;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACpD;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,OAAO,EACd,OAAO,GAAE,iBAAsB,GAC9B,MAAM,GAAG,SAAS,CA2BpB"}

package/dist/server/sentry.js

@@ -0,0 +1,287 @@
+/**
+ * Server-side Sentry initialization for Nitro.
+ *
+ * Errors thrown inside Nitro routes (the framework's own /_agent-native/*
+ * handlers, the template's API routes, action handlers, agent-chat streams)
+ * never reach the CLI's Sentry init — that only covers the developer's
+ * machine. Without server-side Sentry the only signal a 500 ever produces
+ * is a server-side console.error that lives and dies with the request.
+ *
+ * This module is the third Sentry init point in the framework:
+ *   - cli/index.ts          → @sentry/node, hardcoded DSN, "agent-native-cli"
+ *   - client/analytics.ts   → @sentry/browser, VITE_SENTRY_CLIENT_DSN
+ *   - server/sentry.ts      → @sentry/node, SENTRY_SERVER_DSN
+ *
+ * Each maps to a different Sentry project so we can route errors to the
+ * right team without one project drowning out the others. Don't wire the
+ * three together — they share the SDK package but live in different
+ * processes / runtimes / call sites.
+ */
+import * as Sentry from "@sentry/node";
+import path from "node:path";
+import fs from "node:fs";
+import { fileURLToPath } from "node:url";
+let _initStarted = false;
+let _initSucceeded = false;
+/**
+ * Resolve the agent-native version baked into core's package.json so Sentry
+ * "release" reflects the running framework version. Mirrors how the CLI
+ * computes `_version` — same dist layout, same fallback string. Guarded so
+ * a missing/unreadable package.json never crashes server boot.
+ */
+function resolveServerRelease() {
+    const explicit = process.env.AGENT_NATIVE_RELEASE;
+    if (explicit)
+        return explicit;
+    try {
+        const here = path.dirname(fileURLToPath(import.meta.url));
+        // dist/server/sentry.js → ../../package.json
+        const pkgPath = path.resolve(here, "../../package.json");
+        const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf-8"));
+        if (pkg?.version)
+            return `agent-native-server@${pkg.version}`;
+    }
+    catch {
+        // ignore — fall through to "unknown"
+    }
+    return "agent-native-server@unknown";
+}
+function parseTracesSampleRate() {
+    const raw = process.env.SENTRY_SERVER_TRACES_SAMPLE_RATE;
+    if (!raw)
+        return 0;
+    const n = Number(raw);
+    if (!Number.isFinite(n) || n < 0 || n > 1)
+        return 0;
+    return n;
+}
+/**
+ * Initialize server-side Sentry. Idempotent — safe to call from multiple
+ * plugin entrypoints. Returns `true` if initialization actually happened
+ * (DSN was set), `false` if Sentry is disabled (no DSN).
+ *
+ * No DSN is hardcoded: unlike the CLI (a published binary that always
+ * wants to phone home crashes), the server runs in customer environments.
+ * Operators set `SENTRY_SERVER_DSN` when they want their own Sentry
+ * project to receive these events; without it the module no-ops.
+ */
+export function initServerSentry() {
+    if (_initStarted)
+        return _initSucceeded;
+    _initStarted = true;
+    const dsn = process.env.SENTRY_SERVER_DSN;
+    if (!dsn) {
+        if (process.env.DEBUG) {
+            console.log("[agent-native] SENTRY_SERVER_DSN not set — server Sentry disabled.");
+        }
+        return false;
+    }
+    Sentry.init({
+        dsn,
+        environment: process.env.NODE_ENV || "production",
+        release: resolveServerRelease(),
+        tracesSampleRate: parseTracesSampleRate(),
+        // sendDefaultPii MUST stay false — the framework runs inside customer
+        // environments and we never want to silently ship request headers,
+        // cookies, or process.env contents to Sentry without explicit consent.
+        sendDefaultPii: false,
+        beforeSend(event) {
+            // Drop expected user-input rejections so they don't pollute Sentry
+            // with non-bug noise. Mirrors the CLI's drop list — the framework
+            // and CLI both throw `ValidationError` for the same class of input
+            // failures, and exception type comes through as the class name.
+            const exceptionType = event.exception?.values?.[0]?.type;
+            if (exceptionType === "ValidationError" ||
+                event.tags?.handled === "validation") {
+                return null;
+            }
+            // Defense in depth: scrub PII even if some integration auto-attached
+            // request metadata despite sendDefaultPii: false.
+            if (event.request) {
+                if (event.request.headers) {
+                    const headers = event.request.headers;
+                    for (const k of Object.keys(headers)) {
+                        const lk = k.toLowerCase();
+                        if (lk === "cookie" ||
+                            lk === "authorization" ||
+                            lk === "set-cookie" ||
+                            lk === "proxy-authorization") {
+                            delete headers[k];
+                        }
+                    }
+                }
+                // Cookies live in their own field too.
+                delete event.request.cookies;
+            }
+            // Keep user info that was explicitly set via Sentry.setUser
+            // (id/email/username) so we can attribute crashes back to a real
+            // operator. Always strip ip_address — auto-collected, no consent.
+            if (event.user) {
+                const user = event.user;
+                delete user.ip_address;
+                const hasIdentity = typeof user.id === "string" ||
+                    typeof user.email === "string" ||
+                    typeof user.username === "string";
+                if (!hasIdentity) {
+                    delete event.user;
+                }
+            }
+            // Sentry's contexts can carry process.env snapshots — strip env-shaped
+            // contexts so we don't leak deployment secrets.
+            if (event.contexts && typeof event.contexts === "object") {
+                delete event.contexts.runtime_env;
+            }
+            return event;
+        },
+    });
+    _initSucceeded = true;
+    return true;
+}
+/**
+ * `true` once `initServerSentry()` has succeeded with a DSN. Plugins that
+ * want to skip work when Sentry is disabled can check this before calling
+ * the helpers below.
+ */
+export function isServerSentryEnabled() {
+    return _initSucceeded;
+}
+/**
+ * Attach the current request's user to Sentry's isolation scope so any
+ * `captureException` triggered later in the request carries the right
+ * `user.id` / `user.email` / `user.username` and `orgId` tag.
+ *
+ * Sentry node 10 uses Node's AsyncLocalStorage to give each async context
+ * its own isolation scope, so setting on `getIsolationScope()` here only
+ * affects events emitted while this request's async context is active.
+ *
+ * No-ops gracefully when Sentry isn't initialized or no session exists —
+ * never throws into the request path.
+ */
+export function setSentryUserForRequest(session) {
+    if (!_initSucceeded)
+        return;
+    try {
+        const scope = Sentry.getIsolationScope();
+        if (!session) {
+            scope.setUser(null);
+            scope.setTag("orgId", null);
+            return;
+        }
+        scope.setUser({
+            id: session.userId ?? session.email,
+            email: session.email,
+            username: session.name,
+        });
+        scope.setTag("orgId", session.orgId ?? null);
+        if (session.orgRole) {
+            scope.setTag("orgRole", session.orgRole);
+        }
+    }
+    catch {
+        // Sentry scope APIs should never throw, but if they do we'd rather
+        // continue serving the request than crash on observability.
+    }
+}
+/**
+ * Pin a user/org onto the current isolation scope from a lighter
+ * `RequestContext`-shaped payload. Used by the request-context observer so
+ * action handlers, agent-chat runs, and integration webhook processors —
+ * all of which already wrap their work in `runWithRequestContext({ userEmail,
+ * orgId, ... })` — automatically tag Sentry events with the right user even
+ * when the Nitro `request` hook didn't see a cookie (e.g. webhook delivery,
+ * A2A calls, internal background runs).
+ *
+ * Skips overwriting a richer user identity already set by
+ * `setSentryUserForRequest` — the cookie-resolved session has
+ * userId/username on top of email, which we shouldn't clobber.
+ */
+export function setSentryRequestContext(ctx) {
+    if (!_initSucceeded)
+        return;
+    try {
+        const scope = Sentry.getIsolationScope();
+        if (ctx.userEmail) {
+            const existing = scope.getScopeData().user;
+            if (!existing?.id && !existing?.email) {
+                scope.setUser({ id: ctx.userEmail, email: ctx.userEmail });
+            }
+        }
+        if (ctx.orgId) {
+            scope.setTag("orgId", ctx.orgId);
+        }
+    }
+    catch {
+        // never throw
+    }
+}
+/**
+ * Capture an error from one of the auth attempt routes (login / signup)
+ * with the email pinned to the event so support can filter by user. Sets
+ * Sentry level to `warning` (not `error`) — bad-password attempts aren't
+ * actionable, but a sustained spike of warnings on a route IS the signal
+ * we care about.
+ *
+ * Caller should still return their normal HTTP response (401/409/etc.);
+ * this just records the error for observability.
+ */
+export function captureAuthError(error, context) {
+    if (!_initSucceeded)
+        return undefined;
+    try {
+        return Sentry.withScope((scope) => {
+            scope.setLevel("warning");
+            scope.setTag("auth", context.route);
+            if (context.email) {
+                scope.setUser({ id: context.email, email: context.email });
+            }
+            return Sentry.captureException(error);
+        });
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Capture an exception that surfaced in a Nitro route handler with the
+ * request's route/method/userAgent attached as searchable Sentry tags.
+ *
+ * Non-throwing: if Sentry isn't initialized or the underlying capture
+ * fails, this is a no-op. Returns the Sentry event ID when capture
+ * succeeded, otherwise `undefined`.
+ */
+export function captureRouteError(error, context = {}) {
+    if (!_initSucceeded)
+        return undefined;
+    try {
+        return Sentry.withScope((scope) => {
+            if (context.route)
+                scope.setTag("route", context.route);
+            if (context.method)
+                scope.setTag("method", context.method);
+            if (context.userAgent)
+                scope.setTag("userAgent", context.userAgent);
+            if (context.tags) {
+                for (const [k, v] of Object.entries(context.tags)) {
+                    if (typeof v === "string")
+                        scope.setTag(k, v);
+                }
+            }
+            if (context.extra) {
+                for (const [k, v] of Object.entries(context.extra)) {
+                    if (v !== undefined)
+                        scope.setExtra(k, v);
+                }
+            }
+            if (context.contexts) {
+                for (const [k, v] of Object.entries(context.contexts)) {
+                    scope.setContext(k, v);
+                }
+            }
+            return Sentry.captureException(error);
+        });
+    }
+    catch {
+        return undefined;
+    }
+}
+//# sourceMappingURL=sentry.js.map

package/dist/server/sentry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sentry.js","sourceRoot":"","sources":["../../src/server/sentry.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AACH,OAAO,KAAK,MAAM,MAAM,cAAc,CAAC;AACvC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC,IAAI,YAAY,GAAG,KAAK,CAAC;AACzB,IAAI,cAAc,GAAG,KAAK,CAAC;AAE3B;;;;;GAKG;AACH,SAAS,oBAAoB;IAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAClD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAC9B,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1D,6CAA6C;QAC7C,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAEvD,CAAC;QACF,IAAI,GAAG,EAAE,OAAO;YAAE,OAAO,uBAAuB,GAAG,CAAC,OAAO,EAAE,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,qCAAqC;IACvC,CAAC;IACD,OAAO,6BAA6B,CAAC;AACvC,CAAC;AAED,SAAS,qBAAqB;IAC5B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC;IACzD,IAAI,CAAC,GAAG;QAAE,OAAO,CAAC,CAAC;IACnB,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IACtB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,CAAC,CAAC;IACpD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB;IAC9B,IAAI,YAAY;QAAE,OAAO,cAAc,CAAC;IACxC,YAAY,GAAG,IAAI,CAAC;IAEpB,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAC1C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO,CAAC,GAAG,CACT,oEAAoE,CACrE,CAAC;QACJ,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,CAAC,IAAI,CAAC;QACV,GAAG;QACH,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,YAAY;QACjD,OAAO,EAAE,oBAAoB,EAAE;QAC/B,gBAAgB,EAAE,qBAAqB,EAAE;QACzC,sEAAsE;QACtE,mEAAmE;QACnE,uEAAuE;QACvE,cAAc,EAAE,KAAK;QACrB,UAAU,CAAC,KAAK;YACd,mEAAmE;YACnE,kEAAkE;YAClE,mEAAmE;YACnE,gEAAgE;YAChE,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC;YACzD,IACE,aAAa,KAAK,iBAAiB;gBACnC,KAAK,CAAC,IAAI,EAAE,OAAO,KAAK,YAAY,EACpC,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YAED,qEAAqE;YACrE,kDAAkD;YAClD,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;gBAClB,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;oBAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,OAAiC,CAAC;oBAChE,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;wBACrC,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;wBAC3B,IACE,EAAE,KAAK,QAAQ;4BACf,EAAE,KAAK,eAAe;4BACtB,EAAE,KAAK,YAAY;4BACnB,EAAE,KAAK,qBAAqB,EAC5B,CAAC;4BACD,OAAO,OAAO,CAAC,CAAC,CAAC,CAAC;wBACpB,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,uCAAuC;gBACvC,OAAQ,KAAK,CAAC,OAAmC,CAAC,OAAO,CAAC;YAC5D,CAAC;YAED,4DAA4D;YAC5D,iEAAiE;YACjE,kEAAkE;YAClE,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,MAAM,IAAI,GAAG,KAAK,CAAC,IAA+B,CAAC;gBACnD,OAAO,IAAI,CAAC,UAAU,CAAC;gBACvB,MAAM,WAAW,GACf,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ;oBAC3B,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;oBAC9B,OAAO,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC;gBACpC,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,OAAO,KAAK,CAAC,IAAI,CAAC;gBACpB,CAAC;YACH,CAAC;YAED,uEAAuE;YACvE,gDAAgD;YAChD,IAAI,KAAK,CAAC,QAAQ,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACzD,OAAQ,KAAK,CAAC,QAAoC,CAAC,WAAW,CAAC;YACjE,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;KACF,CAAC,CAAC;IAEH,cAAc,GAAG,IAAI,CAAC;IACtB,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAA2B;IACjE,IAAI,CAAC,cAAc;QAAE,OAAO;IAC5B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACpB,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;QACD,KAAK,CAAC,OAAO,CAAC;YACZ,EAAE,EAAE,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK;YACnC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,OAAO,CAAC,IAAI;SACvB,CAAC,CAAC;QACH,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC;QAC7C,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,mEAAmE;QACnE,4DAA4D;IAC9D,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,uBAAuB,CAAC,GAGvC;IACC,IAAI,CAAC,cAAc;QAAE,OAAO;IAC5B,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,MAAM,CAAC,iBAAiB,EAAE,CAAC;QACzC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,KAAK,CAAC,YAAY,EAAE,CAAC,IAAI,CAAC;YAC3C,IAAI,CAAC,QAAQ,EAAE,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,CAAC;gBACtC,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QACD,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,gBAAgB,CAC9B,KAAc,EACd,OAAiE;IAEjE,IAAI,CAAC,cAAc;QAAE,OAAO,SAAS,CAAC;IACtC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE;YAChC,KAAK,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YAC1B,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACpC,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,KAAK,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;YAC7D,CAAC;YACD,OAAO,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC;AAuBD;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAC/B,KAAc,EACd,UAA6B,EAAE;IAE/B,IAAI,CAAC,cAAc;QAAE,OAAO,SAAS,CAAC;IACtC,IAAI,CAAC;QACH,OAAO,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,EAAE,EAAE;YAChC,IAAI,OAAO,CAAC,KAAK;gBAAE,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;YACxD,IAAI,OAAO,CAAC,MAAM;gBAAE,KAAK,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAC3D,IAAI,OAAO,CAAC,SAAS;gBAAE,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;YACpE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;gBACjB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;oBAClD,IAAI,OAAO,CAAC,KAAK,QAAQ;wBAAE,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAChD,CAAC;YACH,CAAC;YACD,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;gBAClB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;oBACnD,IAAI,CAAC,KAAK,SAAS;wBAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC5C,CAAC;YACH,CAAC;YACD,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACtD,KAAK,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBACzB,CAAC;YACH,CAAC;YACD,OAAO,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC","sourcesContent":["/**\n * Server-side Sentry initialization for Nitro.\n *\n * Errors thrown inside Nitro routes (the framework's own /_agent-native/*\n * handlers, the template's API routes, action handlers, agent-chat streams)\n * never reach the CLI's Sentry init — that only covers the developer's\n * machine. Without server-side Sentry the only signal a 500 ever produces\n * is a server-side console.error that lives and dies with the request.\n *\n * This module is the third Sentry init point in the framework:\n *   - cli/index.ts          → @sentry/node, hardcoded DSN, \"agent-native-cli\"\n *   - client/analytics.ts   → @sentry/browser, VITE_SENTRY_CLIENT_DSN\n *   - server/sentry.ts      → @sentry/node, SENTRY_SERVER_DSN\n *\n * Each maps to a different Sentry project so we can route errors to the\n * right team without one project drowning out the others. Don't wire the\n * three together — they share the SDK package but live in different\n * processes / runtimes / call sites.\n */\nimport * as Sentry from \"@sentry/node\";\nimport path from \"node:path\";\nimport fs from \"node:fs\";\nimport { fileURLToPath } from \"node:url\";\nimport type { AuthSession } from \"./auth.js\";\n\nlet _initStarted = false;\nlet _initSucceeded = false;\n\n/**\n * Resolve the agent-native version baked into core's package.json so Sentry\n * \"release\" reflects the running framework version. Mirrors how the CLI\n * computes `_version` — same dist layout, same fallback string. Guarded so\n * a missing/unreadable package.json never crashes server boot.\n */\nfunction resolveServerRelease(): string {\n  const explicit = process.env.AGENT_NATIVE_RELEASE;\n  if (explicit) return explicit;\n  try {\n    const here = path.dirname(fileURLToPath(import.meta.url));\n    // dist/server/sentry.js → ../../package.json\n    const pkgPath = path.resolve(here, \"../../package.json\");\n    const pkg = JSON.parse(fs.readFileSync(pkgPath, \"utf-8\")) as {\n      version?: string;\n    };\n    if (pkg?.version) return `agent-native-server@${pkg.version}`;\n  } catch {\n    // ignore — fall through to \"unknown\"\n  }\n  return \"agent-native-server@unknown\";\n}\n\nfunction parseTracesSampleRate(): number {\n  const raw = process.env.SENTRY_SERVER_TRACES_SAMPLE_RATE;\n  if (!raw) return 0;\n  const n = Number(raw);\n  if (!Number.isFinite(n) || n < 0 || n > 1) return 0;\n  return n;\n}\n\n/**\n * Initialize server-side Sentry. Idempotent — safe to call from multiple\n * plugin entrypoints. Returns `true` if initialization actually happened\n * (DSN was set), `false` if Sentry is disabled (no DSN).\n *\n * No DSN is hardcoded: unlike the CLI (a published binary that always\n * wants to phone home crashes), the server runs in customer environments.\n * Operators set `SENTRY_SERVER_DSN` when they want their own Sentry\n * project to receive these events; without it the module no-ops.\n */\nexport function initServerSentry(): boolean {\n  if (_initStarted) return _initSucceeded;\n  _initStarted = true;\n\n  const dsn = process.env.SENTRY_SERVER_DSN;\n  if (!dsn) {\n    if (process.env.DEBUG) {\n      console.log(\n        \"[agent-native] SENTRY_SERVER_DSN not set — server Sentry disabled.\",\n      );\n    }\n    return false;\n  }\n\n  Sentry.init({\n    dsn,\n    environment: process.env.NODE_ENV || \"production\",\n    release: resolveServerRelease(),\n    tracesSampleRate: parseTracesSampleRate(),\n    // sendDefaultPii MUST stay false — the framework runs inside customer\n    // environments and we never want to silently ship request headers,\n    // cookies, or process.env contents to Sentry without explicit consent.\n    sendDefaultPii: false,\n    beforeSend(event) {\n      // Drop expected user-input rejections so they don't pollute Sentry\n      // with non-bug noise. Mirrors the CLI's drop list — the framework\n      // and CLI both throw `ValidationError` for the same class of input\n      // failures, and exception type comes through as the class name.\n      const exceptionType = event.exception?.values?.[0]?.type;\n      if (\n        exceptionType === \"ValidationError\" ||\n        event.tags?.handled === \"validation\"\n      ) {\n        return null;\n      }\n\n      // Defense in depth: scrub PII even if some integration auto-attached\n      // request metadata despite sendDefaultPii: false.\n      if (event.request) {\n        if (event.request.headers) {\n          const headers = event.request.headers as Record<string, string>;\n          for (const k of Object.keys(headers)) {\n            const lk = k.toLowerCase();\n            if (\n              lk === \"cookie\" ||\n              lk === \"authorization\" ||\n              lk === \"set-cookie\" ||\n              lk === \"proxy-authorization\"\n            ) {\n              delete headers[k];\n            }\n          }\n        }\n        // Cookies live in their own field too.\n        delete (event.request as Record<string, unknown>).cookies;\n      }\n\n      // Keep user info that was explicitly set via Sentry.setUser\n      // (id/email/username) so we can attribute crashes back to a real\n      // operator. Always strip ip_address — auto-collected, no consent.\n      if (event.user) {\n        const user = event.user as Record<string, unknown>;\n        delete user.ip_address;\n        const hasIdentity =\n          typeof user.id === \"string\" ||\n          typeof user.email === \"string\" ||\n          typeof user.username === \"string\";\n        if (!hasIdentity) {\n          delete event.user;\n        }\n      }\n\n      // Sentry's contexts can carry process.env snapshots — strip env-shaped\n      // contexts so we don't leak deployment secrets.\n      if (event.contexts && typeof event.contexts === \"object\") {\n        delete (event.contexts as Record<string, unknown>).runtime_env;\n      }\n\n      return event;\n    },\n  });\n\n  _initSucceeded = true;\n  return true;\n}\n\n/**\n * `true` once `initServerSentry()` has succeeded with a DSN. Plugins that\n * want to skip work when Sentry is disabled can check this before calling\n * the helpers below.\n */\nexport function isServerSentryEnabled(): boolean {\n  return _initSucceeded;\n}\n\n/**\n * Attach the current request's user to Sentry's isolation scope so any\n * `captureException` triggered later in the request carries the right\n * `user.id` / `user.email` / `user.username` and `orgId` tag.\n *\n * Sentry node 10 uses Node's AsyncLocalStorage to give each async context\n * its own isolation scope, so setting on `getIsolationScope()` here only\n * affects events emitted while this request's async context is active.\n *\n * No-ops gracefully when Sentry isn't initialized or no session exists —\n * never throws into the request path.\n */\nexport function setSentryUserForRequest(session: AuthSession | null): void {\n  if (!_initSucceeded) return;\n  try {\n    const scope = Sentry.getIsolationScope();\n    if (!session) {\n      scope.setUser(null);\n      scope.setTag(\"orgId\", null);\n      return;\n    }\n    scope.setUser({\n      id: session.userId ?? session.email,\n      email: session.email,\n      username: session.name,\n    });\n    scope.setTag(\"orgId\", session.orgId ?? null);\n    if (session.orgRole) {\n      scope.setTag(\"orgRole\", session.orgRole);\n    }\n  } catch {\n    // Sentry scope APIs should never throw, but if they do we'd rather\n    // continue serving the request than crash on observability.\n  }\n}\n\n/**\n * Pin a user/org onto the current isolation scope from a lighter\n * `RequestContext`-shaped payload. Used by the request-context observer so\n * action handlers, agent-chat runs, and integration webhook processors —\n * all of which already wrap their work in `runWithRequestContext({ userEmail,\n * orgId, ... })` — automatically tag Sentry events with the right user even\n * when the Nitro `request` hook didn't see a cookie (e.g. webhook delivery,\n * A2A calls, internal background runs).\n *\n * Skips overwriting a richer user identity already set by\n * `setSentryUserForRequest` — the cookie-resolved session has\n * userId/username on top of email, which we shouldn't clobber.\n */\nexport function setSentryRequestContext(ctx: {\n  userEmail?: string;\n  orgId?: string;\n}): void {\n  if (!_initSucceeded) return;\n  try {\n    const scope = Sentry.getIsolationScope();\n    if (ctx.userEmail) {\n      const existing = scope.getScopeData().user;\n      if (!existing?.id && !existing?.email) {\n        scope.setUser({ id: ctx.userEmail, email: ctx.userEmail });\n      }\n    }\n    if (ctx.orgId) {\n      scope.setTag(\"orgId\", ctx.orgId);\n    }\n  } catch {\n    // never throw\n  }\n}\n\n/**\n * Capture an error from one of the auth attempt routes (login / signup)\n * with the email pinned to the event so support can filter by user. Sets\n * Sentry level to `warning` (not `error`) — bad-password attempts aren't\n * actionable, but a sustained spike of warnings on a route IS the signal\n * we care about.\n *\n * Caller should still return their normal HTTP response (401/409/etc.);\n * this just records the error for observability.\n */\nexport function captureAuthError(\n  error: unknown,\n  context: { route: \"login\" | \"signup\" | \"logout\"; email?: string },\n): string | undefined {\n  if (!_initSucceeded) return undefined;\n  try {\n    return Sentry.withScope((scope) => {\n      scope.setLevel(\"warning\");\n      scope.setTag(\"auth\", context.route);\n      if (context.email) {\n        scope.setUser({ id: context.email, email: context.email });\n      }\n      return Sentry.captureException(error);\n    });\n  } catch {\n    return undefined;\n  }\n}\n\nexport interface RouteErrorContext {\n  /** The full request path (e.g. `/_agent-native/agent-chat`). */\n  route?: string;\n  /** HTTP method (e.g. `GET`, `POST`). */\n  method?: string;\n  /** Caller's `User-Agent` header. */\n  userAgent?: string;\n  /** Free-form extra tags to add to the event (low-cardinality). */\n  tags?: Record<string, string | undefined>;\n  /**\n   * High-cardinality / structured payload — not searchable but visible in\n   * the Sentry event detail (recording IDs, byte counts, compression\n   * metadata, response body tails, etc.).\n   */\n  extra?: Record<string, unknown>;\n  /**\n   * Grouped contexts shown as separate cards in the Sentry event UI.\n   */\n  contexts?: Record<string, Record<string, unknown>>;\n}\n\n/**\n * Capture an exception that surfaced in a Nitro route handler with the\n * request's route/method/userAgent attached as searchable Sentry tags.\n *\n * Non-throwing: if Sentry isn't initialized or the underlying capture\n * fails, this is a no-op. Returns the Sentry event ID when capture\n * succeeded, otherwise `undefined`.\n */\nexport function captureRouteError(\n  error: unknown,\n  context: RouteErrorContext = {},\n): string | undefined {\n  if (!_initSucceeded) return undefined;\n  try {\n    return Sentry.withScope((scope) => {\n      if (context.route) scope.setTag(\"route\", context.route);\n      if (context.method) scope.setTag(\"method\", context.method);\n      if (context.userAgent) scope.setTag(\"userAgent\", context.userAgent);\n      if (context.tags) {\n        for (const [k, v] of Object.entries(context.tags)) {\n          if (typeof v === \"string\") scope.setTag(k, v);\n        }\n      }\n      if (context.extra) {\n        for (const [k, v] of Object.entries(context.extra)) {\n          if (v !== undefined) scope.setExtra(k, v);\n        }\n      }\n      if (context.contexts) {\n        for (const [k, v] of Object.entries(context.contexts)) {\n          scope.setContext(k, v);\n        }\n      }\n      return Sentry.captureException(error);\n    });\n  } catch {\n    return undefined;\n  }\n}\n"]}

package/dist/server/transcribe-voice.d.ts

@@ -6,10 +6,8 @@
  * `{ error }` on failure.
  *
  * Key resolution order for BYOK providers:
- *   1. User-scoped encrypted secret (`readAppSecret` — set via the sidebar
- *      settings UI).
- *   2. `resolveCredential("<PROVIDER>_API_KEY")` — env var + SQL settings
- *      store.
+ *   1. Request-scoped encrypted secret (`app_secrets`: user, org, workspace).
+ *   2. Env var fallback only outside authenticated request contexts.
  *
  * If no server provider is configured, returns 400 with an error the
  * composer UI can surface (the client falls back to Web Speech when possible).

package/dist/server/transcribe-voice.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"transcribe-voice.d.ts","sourceRoot":"","sources":["../../src/server/transcribe-voice.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AA6FH,wBAAgB,4BAA4B;UAwcxB,MAAM;;;IA7FzB"}
+{"version":3,"file":"transcribe-voice.d.ts","sourceRoot":"","sources":["../../src/server/transcribe-voice.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AA8FH,wBAAgB,4BAA4B;UA8bxB,MAAM;;;IA7FzB"}

package/dist/server/transcribe-voice.js

@@ -6,10 +6,8 @@
  * `{ error }` on failure.
  *
  * Key resolution order for BYOK providers:
- *   1. User-scoped encrypted secret (`readAppSecret` — set via the sidebar
- *      settings UI).
- *   2. `resolveCredential("<PROVIDER>_API_KEY")` — env var + SQL settings
- *      store.
+ *   1. Request-scoped encrypted secret (`app_secrets`: user, org, workspace).
+ *   2. Env var fallback only outside authenticated request contexts.
  *
  * If no server provider is configured, returns 400 with an error the
  * composer UI can surface (the client falls back to Web Speech when possible).
@@ -19,11 +17,9 @@
  * typed JSON-in / JSON-out).
  */
 import { defineEventHandler, getMethod, getRequestHeader, readMultipartFormData, setResponseStatus, } from "h3";
-import { readAppSecret } from "../secrets/storage.js";
-import { resolveCredential } from "../credentials/index.js";
 import { getSession } from "./auth.js";
 import { appStateGet } from "../application-state/store.js";
-import { resolveHasBuilderPrivateKey } from "./credential-provider.js";
+import { resolveHasBuilderPrivateKey, resolveSecret, } from "./credential-provider.js";
 import { transcribeWithBuilder } from "../transcription/builder-transcription.js";
 import { runWithRequestContext } from "./request-context.js";
 import { getOrgContext } from "../org/context.js";
@@ -200,15 +196,7 @@ export function createTranscribeVoiceHandler() {
         // Per-user-or-fallback API key resolution. Hoisted up so the Gemini
         // path below can use it without duplicating logic.
         async function resolveApiKey(key) {
-            const ctx = { userEmail: session?.email };
-            if (!session?.email)
-                return (await resolveCredential(key, ctx)) ?? undefined;
-            const userSecret = await readAppSecret({
-                key,
-                scope: "user",
-                scopeId: session.email,
-            }).catch(() => null);
-            return (userSecret?.value || (await resolveCredential(key, ctx)) || undefined);
+            return (await withRequestContext(() => resolveSecret(key))) ?? undefined;
         }
         if (transcriptText) {
             return await cleanupTranscriptText({