@magnet-cms/plugin-sentry 1.0.0

package/dist/chunk-NDBQHOLK.js

@@ -0,0 +1,907 @@
+import { Module, BadGatewayException, Get, Query, Controller, Inject, Injectable } from '@nestjs/common';
+import { Plugin, RestrictedRoute } from '@magnet-cms/core';
+import { APP_INTERCEPTOR } from '@nestjs/core';
+export { SentryCron } from '@sentry/nestjs';
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/backend/constants.ts
+var SENTRY_OPTIONS;
+var init_constants = __esm({
+  "src/backend/constants.ts"() {
+    SENTRY_OPTIONS = "SENTRY_OPTIONS";
+  }
+});
+function _ts_decorate(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata(k, v) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param(paramIndex, decorator) {
+  return function(target, key) {
+    decorator(target, key, paramIndex);
+  };
+}
+function inferSentryApiBaseUrlFromDsn(dsn) {
+  if (!dsn?.trim()) return void 0;
+  try {
+    const host = new URL(dsn).hostname;
+    if (host.includes(".ingest.us.sentry.io")) return "https://us.sentry.io";
+    if (host.includes(".ingest.de.sentry.io")) return "https://de.sentry.io";
+    return void 0;
+  } catch {
+    return void 0;
+  }
+}
+function sentryApiFailureMessage(status, statusText) {
+  const base = `Sentry API error: ${status} ${statusText}`;
+  if (status === 401 || status === 403) {
+    return `${base}. Check SENTRY_AUTH_TOKEN scopes (e.g. org:read, project:read), that SENTRY_ORG and SENTRY_PROJECT are URL slugs (not numeric IDs), and SENTRY_URL matches your region (e.g. https://us.sentry.io when the DSN uses ingest.us.sentry.io).`;
+  }
+  if (status === 404) {
+    return `${base}. Check SENTRY_ORG and SENTRY_PROJECT slugs and SENTRY_URL.`;
+  }
+  return base;
+}
+var SentryApiService;
+var init_sentry_api_service = __esm({
+  "src/backend/services/sentry-api.service.ts"() {
+    init_constants();
+    __name(_ts_decorate, "_ts_decorate");
+    __name(_ts_metadata, "_ts_metadata");
+    __name(_ts_param, "_ts_param");
+    __name(inferSentryApiBaseUrlFromDsn, "inferSentryApiBaseUrlFromDsn");
+    __name(sentryApiFailureMessage, "sentryApiFailureMessage");
+    SentryApiService = class {
+      static {
+        __name(this, "SentryApiService");
+      }
+      cache = /* @__PURE__ */ new Map();
+      scopeCache;
+      baseUrl;
+      authToken;
+      organization;
+      project;
+      constructor(config) {
+        this.baseUrl = config.sentryUrl ?? inferSentryApiBaseUrlFromDsn(config.dsn) ?? "https://sentry.io";
+        this.authToken = config.authToken;
+        this.organization = config.organization;
+        this.project = config.project;
+      }
+      /** Returns true when all required fields for API access are configured. */
+      isConfigured() {
+        return !!(this.authToken && this.organization && this.project);
+      }
+      /** Returns true when org-level API access is configured (no project required). */
+      isOrgConfigured() {
+        return !!(this.authToken && this.organization);
+      }
+      get orgSlug() {
+        return this.organization;
+      }
+      get projectSlug() {
+        return this.project;
+      }
+      /**
+      * Fetch org-level aggregate stats across all projects.
+      * Uses the org issues endpoint — no project slug required.
+      */
+      async getOrgStats() {
+        if (!this.isOrgConfigured()) {
+          throw new Error("Sentry API not configured: authToken and organization are required");
+        }
+        const issuesUrl = `${this.baseUrl}/api/0/organizations/${this.organization}/issues/?query=is:unresolved&limit=100`;
+        const issues = await this.fetchCached(issuesUrl);
+        const unresolvedIssues = issues.length;
+        const totalErrors = issues.reduce((sum, issue) => sum + Number(issue.count || 0), 0);
+        const cutoff24h = Date.now() - 864e5;
+        const errorsLast24h = issues.filter((issue) => new Date(issue.lastSeen).getTime() > cutoff24h).length;
+        return {
+          totalErrors,
+          unresolvedIssues,
+          errorsLast24h
+        };
+      }
+      /**
+      * Fetch issues from the Sentry organization (all projects).
+      * @param query - Optional Sentry search query (default: 'is:unresolved')
+      */
+      async getOrgIssues(query = "is:unresolved") {
+        if (!this.isOrgConfigured()) {
+          throw new Error("Sentry API not configured: authToken and organization are required");
+        }
+        const url = `${this.baseUrl}/api/0/organizations/${this.organization}/issues/?query=${encodeURIComponent(query)}&limit=25`;
+        return this.fetchCached(url);
+      }
+      /**
+      * Fetch project-level stats: total errors, unresolved issues, errors last 24h.
+      * Derives all stats from the issues endpoint to keep it a single API call.
+      * @param projectSlug - Override the configured project slug.
+      * Throws if not configured.
+      */
+      async getProjectStats(projectSlug) {
+        const project = projectSlug ?? this.project;
+        if (!this.authToken || !this.organization || !project) {
+          throw new Error("Sentry API not configured: authToken, organization, and project are required");
+        }
+        const issuesUrl = `${this.baseUrl}/api/0/projects/${this.organization}/${project}/issues/?query=is:unresolved&limit=100`;
+        const issues = await this.fetchCached(issuesUrl);
+        const unresolvedIssues = issues.length;
+        const totalErrors = issues.reduce((sum, issue) => sum + Number(issue.count || 0), 0);
+        const cutoff24h = Date.now() - 864e5;
+        const errorsLast24h = issues.filter((issue) => new Date(issue.lastSeen).getTime() > cutoff24h).length;
+        return {
+          totalErrors,
+          unresolvedIssues,
+          errorsLast24h
+        };
+      }
+      /**
+      * Fetch issues from the Sentry project.
+      * @param query - Optional Sentry search query (default: 'is:unresolved')
+      * @param projectSlug - Override the configured project slug.
+      */
+      async getIssues(query = "is:unresolved", projectSlug) {
+        const project = projectSlug ?? this.project;
+        if (!this.authToken || !this.organization || !project) {
+          throw new Error("Sentry API not configured: authToken, organization, and project are required");
+        }
+        const url = `${this.baseUrl}/api/0/projects/${this.organization}/${project}/issues/?query=${encodeURIComponent(query)}&limit=25`;
+        return this.fetchCached(url);
+      }
+      /**
+      * Fetch all projects in the organization.
+      * Requires authToken and organization (project not required).
+      * Sets isActive=true for the project matching the configured SENTRY_PROJECT.
+      * Populates errorCount from embedded stats if the API returns them.
+      */
+      async getOrganizationProjects() {
+        if (!this.isOrgConfigured()) {
+          throw new Error("Sentry API not configured: authToken and organization are required");
+        }
+        const url = `${this.baseUrl}/api/0/organizations/${this.organization}/projects/?statsPeriod=24h`;
+        const raw = await this.fetchCached(url);
+        return raw.map((p) => ({
+          id: p.id,
+          slug: p.slug,
+          name: p.name,
+          platform: p.platform,
+          status: p.status,
+          dateCreated: p.dateCreated,
+          isActive: p.slug === this.project,
+          errorCount: p.stats ? p.stats.reduce((sum, [, count]) => sum + count, 0) : null
+        }));
+      }
+      /**
+      * Probe token scopes by making lightweight requests to known Sentry endpoints.
+      * Results are cached for 5 minutes.
+      *
+      * Probed scopes: org:read, project:read, event:read, alerts:read
+      * Non-200/non-403 responses are treated as scope unavailable.
+      * event:read probe is skipped when project is not configured.
+      */
+      async probeTokenScopes() {
+        const allFalse = {
+          orgRead: false,
+          projectRead: false,
+          eventRead: false,
+          alertsRead: false
+        };
+        if (!this.isOrgConfigured()) {
+          return allFalse;
+        }
+        if (this.scopeCache && this.scopeCache.expiresAt > Date.now()) {
+          return this.scopeCache.data;
+        }
+        const probe = /* @__PURE__ */ __name(async (url) => {
+          try {
+            const response = await fetch(url, {
+              headers: {
+                Authorization: `Bearer ${this.authToken}`
+              }
+            });
+            return response.status === 200;
+          } catch {
+            return false;
+          }
+        }, "probe");
+        const [orgRead, projectRead, alertsRead] = await Promise.all([
+          probe(`${this.baseUrl}/api/0/organizations/${this.organization}/`),
+          probe(`${this.baseUrl}/api/0/organizations/${this.organization}/projects/?per_page=1`),
+          probe(`${this.baseUrl}/api/0/organizations/${this.organization}/alert-rules/?per_page=1`)
+        ]);
+        const eventRead = this.isConfigured() ? await probe(`${this.baseUrl}/api/0/projects/${this.organization}/${this.project}/issues/?limit=1`) : false;
+        const scopes = {
+          orgRead,
+          projectRead,
+          eventRead,
+          alertsRead
+        };
+        this.scopeCache = {
+          data: scopes,
+          expiresAt: Date.now() + 3e5
+        };
+        return scopes;
+      }
+      async fetchCached(url) {
+        const cached = this.cache.get(url);
+        if (cached && cached.expiresAt > Date.now()) {
+          return cached.data;
+        }
+        const response = await fetch(url, {
+          headers: {
+            Authorization: `Bearer ${this.authToken}`,
+            "Content-Type": "application/json"
+          }
+        });
+        if (!response.ok) {
+          throw new BadGatewayException(sentryApiFailureMessage(response.status, response.statusText));
+        }
+        const data = await response.json();
+        this.cache.set(url, {
+          data,
+          expiresAt: Date.now() + 6e4
+        });
+        return data;
+      }
+    };
+    SentryApiService = _ts_decorate([
+      Injectable(),
+      _ts_param(0, Inject(SENTRY_OPTIONS)),
+      _ts_metadata("design:type", Function),
+      _ts_metadata("design:paramtypes", [
+        typeof Partial === "undefined" ? Object : Partial
+      ])
+    ], SentryApiService);
+  }
+});
+function _ts_decorate2(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata2(k, v) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param2(paramIndex, decorator) {
+  return function(target, key) {
+    decorator(target, key, paramIndex);
+  };
+}
+function messageFromHttpException(e) {
+  const r = e.getResponse();
+  if (typeof r === "string") return r;
+  if (r && typeof r === "object" && "message" in r) {
+    const m = r.message;
+    return Array.isArray(m) ? m.join(" ") : String(m);
+  }
+  return e.message;
+}
+var SentryAdminController;
+var init_sentry_admin_controller = __esm({
+  "src/backend/controllers/sentry-admin.controller.ts"() {
+    init_sentry_api_service();
+    __name(_ts_decorate2, "_ts_decorate");
+    __name(_ts_metadata2, "_ts_metadata");
+    __name(_ts_param2, "_ts_param");
+    __name(messageFromHttpException, "messageFromHttpException");
+    SentryAdminController = class {
+      static {
+        __name(this, "SentryAdminController");
+      }
+      sentryApi;
+      constructor(sentryApi) {
+        this.sentryApi = sentryApi;
+      }
+      /**
+      * GET /sentry/admin/stats
+      * Returns error metrics for the dashboard: totals, unresolved count, 24h errors.
+      * Optional ?project= overrides the configured SENTRY_PROJECT.
+      * Returns zeroes with isConfigured:false when auth token is not set.
+      */
+      async getStats(project) {
+        if (!this.sentryApi.isOrgConfigured()) {
+          return {
+            isConfigured: false,
+            totalErrors: 0,
+            unresolvedIssues: 0,
+            errorsLast24h: 0
+          };
+        }
+        try {
+          const stats = project ? await this.sentryApi.getProjectStats(project) : await this.sentryApi.getOrgStats();
+          return {
+            isConfigured: true,
+            ...stats
+          };
+        } catch (e) {
+          if (e instanceof BadGatewayException) {
+            return {
+              isConfigured: true,
+              apiError: messageFromHttpException(e),
+              totalErrors: 0,
+              unresolvedIssues: 0,
+              errorsLast24h: 0
+            };
+          }
+          throw e;
+        }
+      }
+      /**
+      * GET /sentry/admin/issues
+      * Returns list of Sentry issues. Optional ?query= for search, ?project= to override project.
+      */
+      async getIssues(query, project) {
+        if (!this.sentryApi.isOrgConfigured()) {
+          return [];
+        }
+        try {
+          return project ? await this.sentryApi.getIssues(query, project) : await this.sentryApi.getOrgIssues(query);
+        } catch (e) {
+          if (e instanceof BadGatewayException) {
+            return [];
+          }
+          throw e;
+        }
+      }
+      /**
+      * GET /sentry/admin/status
+      * Returns API connectivity status for the settings page.
+      */
+      async getStatus() {
+        const connected = this.sentryApi.isConfigured();
+        return {
+          connected,
+          organization: this.sentryApi.orgSlug,
+          project: this.sentryApi.projectSlug,
+          lastSync: connected ? (/* @__PURE__ */ new Date()).toISOString() : null
+        };
+      }
+      /**
+      * GET /sentry/admin/projects
+      * Returns all projects in the organization, with isActive flag for the
+      * configured project and errorCount from 24h stats.
+      * Returns empty array when org is not configured or Sentry API errors.
+      */
+      async getProjects() {
+        if (!this.sentryApi.isOrgConfigured()) {
+          return [];
+        }
+        try {
+          return await this.sentryApi.getOrganizationProjects();
+        } catch (e) {
+          if (e instanceof BadGatewayException) {
+            return [];
+          }
+          throw e;
+        }
+      }
+      /**
+      * GET /sentry/admin/scopes
+      * Returns detected token scope availability by probing known Sentry endpoints.
+      * Results are cached for 5 minutes on the service.
+      * Returns all-false when org is not configured.
+      */
+      async getScopes() {
+        const allFalse = {
+          orgRead: false,
+          projectRead: false,
+          eventRead: false,
+          alertsRead: false
+        };
+        if (!this.sentryApi.isOrgConfigured()) {
+          return allFalse;
+        }
+        try {
+          return await this.sentryApi.probeTokenScopes();
+        } catch (e) {
+          if (e instanceof BadGatewayException) {
+            return allFalse;
+          }
+          throw e;
+        }
+      }
+    };
+    _ts_decorate2([
+      Get("admin/stats"),
+      RestrictedRoute(),
+      _ts_param2(0, Query("project")),
+      _ts_metadata2("design:type", Function),
+      _ts_metadata2("design:paramtypes", [
+        String
+      ]),
+      _ts_metadata2("design:returntype", Promise)
+    ], SentryAdminController.prototype, "getStats", null);
+    _ts_decorate2([
+      Get("admin/issues"),
+      RestrictedRoute(),
+      _ts_param2(0, Query("query")),
+      _ts_param2(1, Query("project")),
+      _ts_metadata2("design:type", Function),
+      _ts_metadata2("design:paramtypes", [
+        Object,
+        String
+      ]),
+      _ts_metadata2("design:returntype", Promise)
+    ], SentryAdminController.prototype, "getIssues", null);
+    _ts_decorate2([
+      Get("admin/status"),
+      RestrictedRoute(),
+      _ts_metadata2("design:type", Function),
+      _ts_metadata2("design:paramtypes", []),
+      _ts_metadata2("design:returntype", Promise)
+    ], SentryAdminController.prototype, "getStatus", null);
+    _ts_decorate2([
+      Get("admin/projects"),
+      RestrictedRoute(),
+      _ts_metadata2("design:type", Function),
+      _ts_metadata2("design:paramtypes", []),
+      _ts_metadata2("design:returntype", Promise)
+    ], SentryAdminController.prototype, "getProjects", null);
+    _ts_decorate2([
+      Get("admin/scopes"),
+      RestrictedRoute(),
+      _ts_metadata2("design:type", Function),
+      _ts_metadata2("design:paramtypes", []),
+      _ts_metadata2("design:returntype", Promise)
+    ], SentryAdminController.prototype, "getScopes", null);
+    SentryAdminController = _ts_decorate2([
+      Controller("sentry"),
+      _ts_metadata2("design:type", Function),
+      _ts_metadata2("design:paramtypes", [
+        typeof SentryApiService === "undefined" ? Object : SentryApiService
+      ])
+    ], SentryAdminController);
+  }
+});
+function _ts_decorate3(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata3(k, v) {
+  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param3(paramIndex, decorator) {
+  return function(target, key) {
+    decorator(target, key, paramIndex);
+  };
+}
+var SentryConfigController;
+var init_sentry_config_controller = __esm({
+  "src/backend/controllers/sentry-config.controller.ts"() {
+    init_constants();
+    __name(_ts_decorate3, "_ts_decorate");
+    __name(_ts_metadata3, "_ts_metadata");
+    __name(_ts_param3, "_ts_param");
+    SentryConfigController = class {
+      static {
+        __name(this, "SentryConfigController");
+      }
+      options;
+      constructor(options) {
+        this.options = options;
+      }
+      /**
+      * Return the public Sentry config needed to initialize the Browser SDK
+      * in the admin UI feedback widget.
+      *
+      * Requires authentication — uses the standard Magnet admin guard.
+      */
+      getConfig() {
+        return {
+          dsn: this.options.dsn ?? "",
+          enabled: this.options.enabled ?? true,
+          environment: this.options.environment ?? process.env.NODE_ENV ?? "production"
+        };
+      }
+    };
+    _ts_decorate3([
+      Get("config"),
+      RestrictedRoute(),
+      _ts_metadata3("design:type", Function),
+      _ts_metadata3("design:paramtypes", []),
+      _ts_metadata3("design:returntype", typeof SentryClientConfig === "undefined" ? Object : SentryClientConfig)
+    ], SentryConfigController.prototype, "getConfig", null);
+    SentryConfigController = _ts_decorate3([
+      Controller("sentry"),
+      _ts_param3(0, Inject(SENTRY_OPTIONS)),
+      _ts_metadata3("design:type", Function),
+      _ts_metadata3("design:paramtypes", [
+        typeof SentryPluginConfig === "undefined" ? Object : SentryPluginConfig
+      ])
+    ], SentryConfigController);
+  }
+});
+function _ts_decorate4(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+var SentryContextInterceptor;
+var init_sentry_context_interceptor = __esm({
+  "src/backend/interceptors/sentry-context.interceptor.ts"() {
+    __name(_ts_decorate4, "_ts_decorate");
+    SentryContextInterceptor = class {
+      static {
+        __name(this, "SentryContextInterceptor");
+      }
+      intercept(context, next) {
+        if (context.getType() !== "http") {
+          return next.handle();
+        }
+        const request = context.switchToHttp().getRequest();
+        try {
+          const Sentry = __require("@sentry/nestjs");
+          if (!Sentry.getClient()) return next.handle();
+          if (request.user?.id) {
+            Sentry.setUser({
+              id: request.user.id,
+              ip_address: request.ip
+            });
+          } else {
+            Sentry.setUser({
+              ip_address: request.ip
+            });
+          }
+          try {
+            const { getEventContext } = __require("@magnet-cms/core");
+            const ctx = getEventContext();
+            if (ctx?.requestId) {
+              Sentry.setTag("requestId", ctx.requestId);
+            }
+          } catch {
+          }
+        } catch {
+        }
+        return next.handle();
+      }
+    };
+    SentryContextInterceptor = _ts_decorate4([
+      Injectable()
+    ], SentryContextInterceptor);
+  }
+});
+
+// src/backend/plugin.ts
+var plugin_exports = {};
+__export(plugin_exports, {
+  SentryPlugin: () => SentryPlugin
+});
+function _ts_decorate5(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+var SentryPlugin;
+var init_plugin = __esm({
+  "src/backend/plugin.ts"() {
+    __name(_ts_decorate5, "_ts_decorate");
+    SentryPlugin = class _SentryPlugin {
+      static {
+        __name(this, "SentryPlugin");
+      }
+      /** Resolved configuration — stored statically so lifecycle hooks can access it */
+      static _resolvedConfig;
+      /** Environment variables used by this plugin */
+      static envVars = [
+        {
+          name: "SENTRY_DSN",
+          required: true,
+          description: "Sentry Data Source Name (DSN) for error reporting"
+        }
+      ];
+      /**
+      * Create a configured plugin provider for MagnetModule.forRoot().
+      *
+      * Auto-resolves DSN from the SENTRY_DSN environment variable if not provided.
+      *
+      * @example
+      * ```typescript
+      * SentryPlugin.forRoot({
+      *   tracesSampleRate: 0.1,
+      *   environment: 'production',
+      * })
+      * ```
+      */
+      static forRoot(config) {
+        const resolvedConfig = {
+          dsn: config?.dsn ?? process.env.SENTRY_DSN,
+          tracesSampleRate: config?.tracesSampleRate ?? 0.1,
+          profileSessionSampleRate: config?.profileSessionSampleRate ?? 1,
+          environment: config?.environment ?? process.env.SENTRY_ENVIRONMENT ?? process.env.NODE_ENV ?? "development",
+          release: config?.release ?? process.env.SENTRY_RELEASE,
+          debug: config?.debug ?? false,
+          enabled: config?.enabled ?? true,
+          attachStacktrace: config?.attachStacktrace ?? true,
+          maxBreadcrumbs: config?.maxBreadcrumbs ?? 100,
+          authToken: config?.authToken ?? process.env.SENTRY_AUTH_TOKEN,
+          organization: config?.organization ?? process.env.SENTRY_ORG,
+          project: config?.project ?? process.env.SENTRY_PROJECT,
+          sentryUrl: config?.sentryUrl ?? process.env.SENTRY_URL
+        };
+        _SentryPlugin._resolvedConfig = resolvedConfig;
+        return {
+          type: "plugin",
+          plugin: _SentryPlugin,
+          options: {
+            ...resolvedConfig
+          },
+          envVars: _SentryPlugin.envVars
+        };
+      }
+      /**
+      * Called by the plugin lifecycle service after NestJS module initialization.
+      * Initializes the Sentry SDK if not already initialized (e.g., via instrument.ts).
+      *
+      * NOTE: For full performance auto-instrumentation (HTTP, DB query tracing),
+      * initialize Sentry before NestJS bootstrap by importing `instrument.ts`
+      * at the top of main.ts and calling `initSentryInstrumentation()`.
+      * Late initialization still captures errors and breadcrumbs correctly.
+      */
+      async onPluginInit() {
+        const config = _SentryPlugin._resolvedConfig;
+        if (!config?.enabled) return;
+        try {
+          const Sentry = __require("@sentry/nestjs");
+          if (Sentry.getClient()) return;
+          Sentry.init({
+            dsn: config.dsn,
+            tracesSampleRate: config.tracesSampleRate,
+            environment: config.environment,
+            release: config.release,
+            debug: config.debug,
+            enabled: config.enabled,
+            attachStacktrace: config.attachStacktrace,
+            maxBreadcrumbs: config.maxBreadcrumbs
+          });
+        } catch {
+        }
+      }
+      /**
+      * Called when the application shuts down.
+      * Flushes pending Sentry events before exit.
+      */
+      async onPluginDestroy() {
+        try {
+          const Sentry = __require("@sentry/nestjs");
+          await Sentry.close(2e3);
+        } catch {
+        }
+      }
+    };
+    SentryPlugin = _ts_decorate5([
+      Plugin({
+        name: "sentry",
+        description: "Sentry error tracking and performance monitoring for Magnet CMS",
+        version: "0.1.0",
+        module: /* @__PURE__ */ __name(() => (
+          // eslint-disable-next-line @typescript-eslint/no-require-imports
+          (init_sentry_module(), __toCommonJS(sentry_module_exports)).SentryModule
+        ), "module"),
+        frontend: {
+          routes: [
+            {
+              path: "sentry",
+              componentId: "SentryDashboard",
+              requiresAuth: true,
+              children: [
+                {
+                  path: "",
+                  componentId: "SentryDashboard"
+                },
+                {
+                  path: "issues",
+                  componentId: "SentryIssues"
+                },
+                {
+                  path: "settings",
+                  componentId: "SentrySettings"
+                }
+              ]
+            }
+          ],
+          sidebar: [
+            {
+              id: "sentry",
+              title: "Sentry",
+              url: "/sentry",
+              icon: "AlertTriangle",
+              order: 80,
+              items: [
+                {
+                  id: "sentry-dashboard",
+                  title: "Dashboard",
+                  url: "/sentry",
+                  icon: "BarChart3"
+                },
+                {
+                  id: "sentry-issues",
+                  title: "Issues",
+                  url: "/sentry/issues",
+                  icon: "Bug"
+                },
+                {
+                  id: "sentry-projects",
+                  title: "Projects",
+                  url: "/sentry/projects",
+                  icon: "FolderKanban"
+                },
+                {
+                  id: "sentry-settings",
+                  title: "Settings",
+                  url: "/sentry/settings",
+                  icon: "Settings"
+                }
+              ]
+            }
+          ]
+        }
+      })
+    ], SentryPlugin);
+  }
+});
+
+// src/backend/sentry.module.ts
+var sentry_module_exports = {};
+__export(sentry_module_exports, {
+  SENTRY_OPTIONS: () => SENTRY_OPTIONS,
+  SentryModule: () => SentryModule
+});
+function _ts_decorate6(decorators, target, key, desc) {
+  var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+  if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+  else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+  return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+var SentryModule;
+var init_sentry_module = __esm({
+  "src/backend/sentry.module.ts"() {
+    init_constants();
+    init_sentry_admin_controller();
+    init_sentry_config_controller();
+    init_sentry_context_interceptor();
+    init_sentry_api_service();
+    init_constants();
+    __name(_ts_decorate6, "_ts_decorate");
+    SentryModule = class {
+      static {
+        __name(this, "SentryModule");
+      }
+    };
+    SentryModule = _ts_decorate6([
+      Module({
+        controllers: [
+          SentryConfigController,
+          SentryAdminController
+        ],
+        providers: [
+          {
+            provide: SENTRY_OPTIONS,
+            // useFactory (not useValue) — factory is called lazily during DI resolution,
+            // after SentryPlugin.forRoot() has stored the config on the static field.
+            useFactory: /* @__PURE__ */ __name(() => {
+              const { SentryPlugin: SentryPlugin2 } = (init_plugin(), __toCommonJS(plugin_exports));
+              return SentryPlugin2._resolvedConfig ?? {};
+            }, "useFactory")
+          },
+          {
+            provide: APP_INTERCEPTOR,
+            useClass: SentryContextInterceptor
+          },
+          SentryApiService
+        ],
+        exports: [
+          SentryApiService
+        ]
+      })
+    ], SentryModule);
+  }
+});
+
+// src/backend/instrumentation.ts
+function initSentryInstrumentation(config) {
+  try {
+    const Sentry = __require("@sentry/nestjs");
+    if (Sentry.getClient()) return;
+    Sentry.init({
+      dsn: config?.dsn ?? process.env.SENTRY_DSN,
+      tracesSampleRate: config?.tracesSampleRate ?? 0.1,
+      profileSessionSampleRate: config?.profileSessionSampleRate ?? 1,
+      environment: config?.environment ?? process.env.SENTRY_ENVIRONMENT ?? process.env.NODE_ENV ?? "development",
+      release: config?.release ?? process.env.SENTRY_RELEASE,
+      debug: config?.debug ?? false,
+      enabled: config?.enabled ?? true,
+      attachStacktrace: config?.attachStacktrace ?? true,
+      maxBreadcrumbs: config?.maxBreadcrumbs ?? 100
+    });
+  } catch {
+  }
+}
+__name(initSentryInstrumentation, "initSentryInstrumentation");
+
+// src/backend/helpers/span.ts
+async function withSentrySpan(name, op, fn) {
+  try {
+    const Sentry = __require("@sentry/nestjs");
+    if (!Sentry.getClient()) return fn();
+    return await Sentry.startSpan({
+      name,
+      op
+    }, () => fn());
+  } catch {
+    return fn();
+  }
+}
+__name(withSentrySpan, "withSentrySpan");
+
+// src/backend/decorators/sentry-span.decorator.ts
+function SentrySpan(name, op = "function") {
+  return /* @__PURE__ */ __name(function sentrySpanDecorator(targetOrMethod, propertyKeyOrContext, descriptor) {
+    if (descriptor !== void 0 && typeof descriptor.value === "function") {
+      const originalMethod = descriptor.value;
+      const spanName = name ?? String(propertyKeyOrContext ?? "unknown");
+      descriptor.value = async function(...args) {
+        return withSentrySpan(spanName, op, () => originalMethod.apply(this, args));
+      };
+      return descriptor;
+    }
+    if (typeof targetOrMethod === "function") {
+      const originalMethod = targetOrMethod;
+      const ctx = propertyKeyOrContext;
+      const spanName = name ?? String(ctx?.name ?? "unknown");
+      return async function(...args) {
+        return withSentrySpan(spanName, op, () => originalMethod.apply(this, args));
+      };
+    }
+  }, "sentrySpanDecorator");
+}
+__name(SentrySpan, "SentrySpan");
+function MagnetSentryCron(slug, options) {
+  return (target, propertyKey, descriptor) => {
+    const monitorSlug = slug ?? `${target.constructor.name}-${String(propertyKey)}`.toLowerCase().replace(/[^a-z0-9-]/g, "-");
+    try {
+      const { SentryCron: SentryCron2 } = __require("@sentry/nestjs");
+      return SentryCron2(monitorSlug, options)(target, propertyKey, descriptor) ?? descriptor;
+    } catch {
+      return descriptor;
+    }
+  };
+}
+__name(MagnetSentryCron, "MagnetSentryCron");
+
+export { MagnetSentryCron, SENTRY_OPTIONS, SentryModule, SentryPlugin, SentrySpan, initSentryInstrumentation, init_constants, init_plugin, init_sentry_module, withSentrySpan };