@glidevvr/storage-payload-error-logger-pkg 0.1.1 → 0.2.0

package/README.md

@@ -3,9 +3,10 @@
 Centralized error capture for GLI storage products. See the WEB-1413 design doc in `gli-payload-multitenant/docs/plans/2026-05-05-web-1413-error-logger-design.md` for details.
 
 ## Subpaths
-- `@glidevvr/storage-payload-error-logger-pkg` — core (initLogger, logError, setLogContext, installGlobalHandlers)
+- `@glidevvr/storage-payload-error-logger-pkg` — core browser/Node helper (initLogger, logError, setLogContext, installGlobalHandlers, fingerprint)
 - `@glidevvr/storage-payload-error-logger-pkg/react` — `<ErrorBoundary>`
-- `@glidevvr/storage-payload-error-logger-pkg/payload-endpoint` — Payload v3 `Endpoint` handler
+- `@glidevvr/storage-payload-error-logger-pkg/payload-endpoint` — Payload v3 `Endpoint` handler (the HTTP receiver for browser-side `logError` calls)
+- `@glidevvr/storage-payload-error-logger-pkg/payload-source` — `logFromServer({ req, ... })` for Payload-based servers to log their OWN errors directly via `req.payload.create` (bypasses HTTP / reCAPTCHA / rate-limiting; same destination collection)
 
 ## Init
 `initLogger({ endpoint, repo, release, recaptchaSiteKey })`

package/dist/payload-source/index.d.cts

@@ -0,0 +1,57 @@
+import { PayloadRequest } from 'payload';
+import { e as Source, d as Repo, S as Severity, R as Reason, L as LogContext } from '../types-BLz-TUBl.cjs';
+
+/**
+ * Input shape for server-side logging. Mirrors the browser-side `LogEvent`
+ * minus the fields that don't make sense server-to-self:
+ *
+ * - `fingerprint` is recomputed by the IssueEvents dedup hook from
+ *   (source, message, stack-top-frame, reason). No client-supplied
+ *   fingerprint to validate.
+ * - `userAgent` defaults to "server" — there's no browser involved.
+ * - `occurredAt` defaults to now.
+ *
+ * `tenant` is required: the multi-tenant plugin auto-fills tenant from
+ * `req.user.tenants` when a user is present, but server-internal contexts
+ * often have no user (scheduled tasks, afterTenantCreated, etc.). Passing
+ * tenant explicitly avoids surprises.
+ */
+interface LogFromServerEvent {
+    source: Source;
+    repo: Repo;
+    severity?: Severity;
+    message: string;
+    stack?: string;
+    reason?: Reason;
+    context?: LogContext;
+    url?: string;
+    userAgent?: string;
+    occurredAt?: string;
+    release?: string;
+    tenant: string;
+}
+/**
+ * Server-side error logger for Payload-based applications.
+ *
+ * Writes directly to the `issue-events` collection via `req.payload.create`,
+ * bypassing the public `/api/log-error` HTTP endpoint. This is the right
+ * path for internal CMS errors:
+ *
+ *   - No HTTP roundtrip (server-to-itself is wasteful).
+ *   - No reCAPTCHA (the public endpoint requires a browser-issued token).
+ *   - No per-IP / per-tenant rate-limiting (trusted internal call).
+ *
+ * The same IssueEvents hooks fire as with the HTTP path — dedup, sanitize,
+ * severity escalation, regression detection, Slack alerts. The data flow
+ * converges at the same destination.
+ *
+ * **Fire-and-forget.** Any failure during write is swallowed and logged
+ * via `req.payload.logger.warn`. The original code path (the thing that
+ * called `logFromServer` to report ITS error) should never see a thrown
+ * error from this helper.
+ */
+declare function logFromServer(opts: {
+    req: PayloadRequest;
+} & LogFromServerEvent): Promise<void>;
+
+export { type LogFromServerEvent, logFromServer };

package/dist/payload-source/index.d.ts

@@ -0,0 +1,57 @@
+import { PayloadRequest } from 'payload';
+import { e as Source, d as Repo, S as Severity, R as Reason, L as LogContext } from '../types-BLz-TUBl.js';
+
+/**
+ * Input shape for server-side logging. Mirrors the browser-side `LogEvent`
+ * minus the fields that don't make sense server-to-self:
+ *
+ * - `fingerprint` is recomputed by the IssueEvents dedup hook from
+ *   (source, message, stack-top-frame, reason). No client-supplied
+ *   fingerprint to validate.
+ * - `userAgent` defaults to "server" — there's no browser involved.
+ * - `occurredAt` defaults to now.
+ *
+ * `tenant` is required: the multi-tenant plugin auto-fills tenant from
+ * `req.user.tenants` when a user is present, but server-internal contexts
+ * often have no user (scheduled tasks, afterTenantCreated, etc.). Passing
+ * tenant explicitly avoids surprises.
+ */
+interface LogFromServerEvent {
+    source: Source;
+    repo: Repo;
+    severity?: Severity;
+    message: string;
+    stack?: string;
+    reason?: Reason;
+    context?: LogContext;
+    url?: string;
+    userAgent?: string;
+    occurredAt?: string;
+    release?: string;
+    tenant: string;
+}
+/**
+ * Server-side error logger for Payload-based applications.
+ *
+ * Writes directly to the `issue-events` collection via `req.payload.create`,
+ * bypassing the public `/api/log-error` HTTP endpoint. This is the right
+ * path for internal CMS errors:
+ *
+ *   - No HTTP roundtrip (server-to-itself is wasteful).
+ *   - No reCAPTCHA (the public endpoint requires a browser-issued token).
+ *   - No per-IP / per-tenant rate-limiting (trusted internal call).
+ *
+ * The same IssueEvents hooks fire as with the HTTP path — dedup, sanitize,
+ * severity escalation, regression detection, Slack alerts. The data flow
+ * converges at the same destination.
+ *
+ * **Fire-and-forget.** Any failure during write is swallowed and logged
+ * via `req.payload.logger.warn`. The original code path (the thing that
+ * called `logFromServer` to report ITS error) should never see a thrown
+ * error from this helper.
+ */
+declare function logFromServer(opts: {
+    req: PayloadRequest;
+} & LogFromServerEvent): Promise<void>;
+
+export { type LogFromServerEvent, logFromServer };

package/dist/payload-source/index.js

@@ -0,0 +1,63 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/payload-source/index.ts
+var payload_source_exports = {};
+__export(payload_source_exports, {
+  logFromServer: () => logFromServer
+});
+module.exports = __toCommonJS(payload_source_exports);
+async function logFromServer(opts) {
+  const { req, ...event } = opts;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const data = {
+    source: event.source,
+    repo: event.repo,
+    severity: event.severity ?? "error",
+    message: event.message,
+    stack: event.stack ?? "",
+    reason: event.reason,
+    context: event.context ?? {},
+    url: event.url ?? "",
+    userAgent: event.userAgent ?? "server",
+    occurredAt: event.occurredAt ?? now,
+    release: event.release,
+    tenant: event.tenant
+  };
+  try {
+    await req.payload.create({
+      collection: "issue-events",
+      data,
+      // Thread req so the dedup hook's req.context.triggeringEventContext
+      // stash flows to the downstream Slack hooks (same as HTTP-path events).
+      req,
+      overrideAccess: true
+    });
+  } catch (err) {
+    req.payload.logger.warn(
+      { err, source: event.source, message: event.message },
+      "logFromServer: failed to write IssueEvent"
+    );
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  logFromServer
+});
+//# sourceMappingURL=index.js.map

package/dist/payload-source/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/payload-source/index.ts"],"sourcesContent":["import type { PayloadRequest } from \"payload\";\n\nimport type {\n  LogContext,\n  Reason,\n  Repo,\n  Severity,\n  Source,\n} from \"../types\";\n\n/**\n * Input shape for server-side logging. Mirrors the browser-side `LogEvent`\n * minus the fields that don't make sense server-to-self:\n *\n * - `fingerprint` is recomputed by the IssueEvents dedup hook from\n *   (source, message, stack-top-frame, reason). No client-supplied\n *   fingerprint to validate.\n * - `userAgent` defaults to \"server\" — there's no browser involved.\n * - `occurredAt` defaults to now.\n *\n * `tenant` is required: the multi-tenant plugin auto-fills tenant from\n * `req.user.tenants` when a user is present, but server-internal contexts\n * often have no user (scheduled tasks, afterTenantCreated, etc.). Passing\n * tenant explicitly avoids surprises.\n */\nexport interface LogFromServerEvent {\n  source: Source;\n  repo: Repo;\n  severity?: Severity;\n  message: string;\n  stack?: string;\n  reason?: Reason;\n  context?: LogContext;\n  url?: string;\n  userAgent?: string;\n  occurredAt?: string;\n  release?: string;\n  tenant: string;\n}\n\n/**\n * Server-side error logger for Payload-based applications.\n *\n * Writes directly to the `issue-events` collection via `req.payload.create`,\n * bypassing the public `/api/log-error` HTTP endpoint. This is the right\n * path for internal CMS errors:\n *\n *   - No HTTP roundtrip (server-to-itself is wasteful).\n *   - No reCAPTCHA (the public endpoint requires a browser-issued token).\n *   - No per-IP / per-tenant rate-limiting (trusted internal call).\n *\n * The same IssueEvents hooks fire as with the HTTP path — dedup, sanitize,\n * severity escalation, regression detection, Slack alerts. The data flow\n * converges at the same destination.\n *\n * **Fire-and-forget.** Any failure during write is swallowed and logged\n * via `req.payload.logger.warn`. The original code path (the thing that\n * called `logFromServer` to report ITS error) should never see a thrown\n * error from this helper.\n */\nexport async function logFromServer(\n  opts: { req: PayloadRequest } & LogFromServerEvent,\n): Promise<void> {\n  const { req, ...event } = opts;\n\n  const now = new Date().toISOString();\n  const data = {\n    source: event.source,\n    repo: event.repo,\n    severity: event.severity ?? \"error\",\n    message: event.message,\n    stack: event.stack ?? \"\",\n    reason: event.reason,\n    context: event.context ?? {},\n    url: event.url ?? \"\",\n    userAgent: event.userAgent ?? \"server\",\n    occurredAt: event.occurredAt ?? now,\n    release: event.release,\n    tenant: event.tenant,\n  };\n\n  try {\n    await req.payload.create({\n      collection: \"issue-events\",\n      data,\n      // Thread req so the dedup hook's req.context.triggeringEventContext\n      // stash flows to the downstream Slack hooks (same as HTTP-path events).\n      req,\n      overrideAccess: true,\n    });\n  } catch (err) {\n    req.payload.logger.warn(\n      { err, source: event.source, message: event.message },\n      \"logFromServer: failed to write IssueEvent\",\n    );\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AA4DA,eAAsB,cACpB,MACe;AACf,QAAM,EAAE,KAAK,GAAG,MAAM,IAAI;AAE1B,QAAM,OAAM,oBAAI,KAAK,GAAE,YAAY;AACnC,QAAM,OAAO;AAAA,IACX,QAAQ,MAAM;AAAA,IACd,MAAM,MAAM;AAAA,IACZ,UAAU,MAAM,YAAY;AAAA,IAC5B,SAAS,MAAM;AAAA,IACf,OAAO,MAAM,SAAS;AAAA,IACtB,QAAQ,MAAM;AAAA,IACd,SAAS,MAAM,WAAW,CAAC;AAAA,IAC3B,KAAK,MAAM,OAAO;AAAA,IAClB,WAAW,MAAM,aAAa;AAAA,IAC9B,YAAY,MAAM,cAAc;AAAA,IAChC,SAAS,MAAM;AAAA,IACf,QAAQ,MAAM;AAAA,EAChB;AAEA,MAAI;AACF,UAAM,IAAI,QAAQ,OAAO;AAAA,MACvB,YAAY;AAAA,MACZ;AAAA;AAAA;AAAA,MAGA;AAAA,MACA,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,QAAI,QAAQ,OAAO;AAAA,MACjB,EAAE,KAAK,QAAQ,MAAM,QAAQ,SAAS,MAAM,QAAQ;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/dist/payload-source/index.mjs

@@ -0,0 +1,38 @@
+// src/payload-source/index.ts
+async function logFromServer(opts) {
+  const { req, ...event } = opts;
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const data = {
+    source: event.source,
+    repo: event.repo,
+    severity: event.severity ?? "error",
+    message: event.message,
+    stack: event.stack ?? "",
+    reason: event.reason,
+    context: event.context ?? {},
+    url: event.url ?? "",
+    userAgent: event.userAgent ?? "server",
+    occurredAt: event.occurredAt ?? now,
+    release: event.release,
+    tenant: event.tenant
+  };
+  try {
+    await req.payload.create({
+      collection: "issue-events",
+      data,
+      // Thread req so the dedup hook's req.context.triggeringEventContext
+      // stash flows to the downstream Slack hooks (same as HTTP-path events).
+      req,
+      overrideAccess: true
+    });
+  } catch (err) {
+    req.payload.logger.warn(
+      { err, source: event.source, message: event.message },
+      "logFromServer: failed to write IssueEvent"
+    );
+  }
+}
+export {
+  logFromServer
+};
+//# sourceMappingURL=index.mjs.map

package/dist/payload-source/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/payload-source/index.ts"],"sourcesContent":["import type { PayloadRequest } from \"payload\";\n\nimport type {\n  LogContext,\n  Reason,\n  Repo,\n  Severity,\n  Source,\n} from \"../types\";\n\n/**\n * Input shape for server-side logging. Mirrors the browser-side `LogEvent`\n * minus the fields that don't make sense server-to-self:\n *\n * - `fingerprint` is recomputed by the IssueEvents dedup hook from\n *   (source, message, stack-top-frame, reason). No client-supplied\n *   fingerprint to validate.\n * - `userAgent` defaults to \"server\" — there's no browser involved.\n * - `occurredAt` defaults to now.\n *\n * `tenant` is required: the multi-tenant plugin auto-fills tenant from\n * `req.user.tenants` when a user is present, but server-internal contexts\n * often have no user (scheduled tasks, afterTenantCreated, etc.). Passing\n * tenant explicitly avoids surprises.\n */\nexport interface LogFromServerEvent {\n  source: Source;\n  repo: Repo;\n  severity?: Severity;\n  message: string;\n  stack?: string;\n  reason?: Reason;\n  context?: LogContext;\n  url?: string;\n  userAgent?: string;\n  occurredAt?: string;\n  release?: string;\n  tenant: string;\n}\n\n/**\n * Server-side error logger for Payload-based applications.\n *\n * Writes directly to the `issue-events` collection via `req.payload.create`,\n * bypassing the public `/api/log-error` HTTP endpoint. This is the right\n * path for internal CMS errors:\n *\n *   - No HTTP roundtrip (server-to-itself is wasteful).\n *   - No reCAPTCHA (the public endpoint requires a browser-issued token).\n *   - No per-IP / per-tenant rate-limiting (trusted internal call).\n *\n * The same IssueEvents hooks fire as with the HTTP path — dedup, sanitize,\n * severity escalation, regression detection, Slack alerts. The data flow\n * converges at the same destination.\n *\n * **Fire-and-forget.** Any failure during write is swallowed and logged\n * via `req.payload.logger.warn`. The original code path (the thing that\n * called `logFromServer` to report ITS error) should never see a thrown\n * error from this helper.\n */\nexport async function logFromServer(\n  opts: { req: PayloadRequest } & LogFromServerEvent,\n): Promise<void> {\n  const { req, ...event } = opts;\n\n  const now = new Date().toISOString();\n  const data = {\n    source: event.source,\n    repo: event.repo,\n    severity: event.severity ?? \"error\",\n    message: event.message,\n    stack: event.stack ?? \"\",\n    reason: event.reason,\n    context: event.context ?? {},\n    url: event.url ?? \"\",\n    userAgent: event.userAgent ?? \"server\",\n    occurredAt: event.occurredAt ?? now,\n    release: event.release,\n    tenant: event.tenant,\n  };\n\n  try {\n    await req.payload.create({\n      collection: \"issue-events\",\n      data,\n      // Thread req so the dedup hook's req.context.triggeringEventContext\n      // stash flows to the downstream Slack hooks (same as HTTP-path events).\n      req,\n      overrideAccess: true,\n    });\n  } catch (err) {\n    req.payload.logger.warn(\n      { err, source: event.source, message: event.message },\n      \"logFromServer: failed to write IssueEvent\",\n    );\n  }\n}\n"],"mappings":";AA4DA,eAAsB,cACpB,MACe;AACf,QAAM,EAAE,KAAK,GAAG,MAAM,IAAI;AAE1B,QAAM,OAAM,oBAAI,KAAK,GAAE,YAAY;AACnC,QAAM,OAAO;AAAA,IACX,QAAQ,MAAM;AAAA,IACd,MAAM,MAAM;AAAA,IACZ,UAAU,MAAM,YAAY;AAAA,IAC5B,SAAS,MAAM;AAAA,IACf,OAAO,MAAM,SAAS;AAAA,IACtB,QAAQ,MAAM;AAAA,IACd,SAAS,MAAM,WAAW,CAAC;AAAA,IAC3B,KAAK,MAAM,OAAO;AAAA,IAClB,WAAW,MAAM,aAAa;AAAA,IAC9B,YAAY,MAAM,cAAc;AAAA,IAChC,SAAS,MAAM;AAAA,IACf,QAAQ,MAAM;AAAA,EAChB;AAEA,MAAI;AACF,UAAM,IAAI,QAAQ,OAAO;AAAA,MACvB,YAAY;AAAA,MACZ;AAAA;AAAA;AAAA,MAGA;AAAA,MACA,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH,SAAS,KAAK;AACZ,QAAI,QAAQ,OAAO;AAAA,MACjB,EAAE,KAAK,QAAQ,MAAM,QAAQ,SAAS,MAAM,QAAQ;AAAA,MACpD;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@glidevvr/storage-payload-error-logger-pkg",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Centralized error capture for GLI storage products (theme, unit-table, reservation, rental, login). Publishes a runtime helper for browsers and Node, a React error boundary, and a Payload v3 endpoint handler.",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -20,6 +20,11 @@
       "types": "./dist/payload-endpoint/index.d.ts",
       "import": "./dist/payload-endpoint/index.mjs",
       "require": "./dist/payload-endpoint/index.js"
+    },
+    "./payload-source": {
+      "types": "./dist/payload-source/index.d.ts",
+      "import": "./dist/payload-source/index.mjs",
+      "require": "./dist/payload-source/index.js"
     }
   },
   "files": [
@@ -50,6 +55,7 @@
     "@types/react": "19",
     "@types/react-dom": "19",
     "jsdom": "26.1.0",
+    "payload": "3.81.0",
     "react": "19.2.3",
     "react-dom": "19.2.3",
     "tsup": "8.5.1",