From 53ae1a686c57160240a5e59fd3e8809b0ba3deff Mon Sep 17 00:00:00 2001 From: "bert.hausmans" Date: Thu, 7 May 2026 18:00:54 +0200 Subject: [PATCH] docs: WS-7 PR-3 acceptance criteria progress MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit WS-7 PR-3 commit 4. RFC §6 acceptance criteria 4, 5, 6 now satisfied by the frontend SDK PR; entries marked ✅ with brief implementation references. Updated criterion 4 to reference Crewli's actual token-based portal paths (/portal/advance/:token, /register/:public_token) instead of the RFC's speculative /p/* — the contextBinding guard detects via route.meta.public + route.meta.context which is the canonical Crewli signal already used by other guards. Added a "Voortgang (mei 2026)" subsection at the end of §6 mapping each PR to the acceptance criteria it closed, plus what remains for PR-4 (live smoke, ARCH-OBSERVABILITY.md, alerting config, retention config, SECURITY_AUDIT.md update). Co-Authored-By: Claude Opus 4.7 (1M context) --- dev-docs/RFC-WS-7-OBSERVABILITY.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/dev-docs/RFC-WS-7-OBSERVABILITY.md b/dev-docs/RFC-WS-7-OBSERVABILITY.md index 2d0cb0ba..838e0b6f 100644 --- a/dev-docs/RFC-WS-7-OBSERVABILITY.md +++ b/dev-docs/RFC-WS-7-OBSERVABILITY.md @@ -205,9 +205,9 @@ WS-7 is compleet wanneer: 1. GlitchTip draait op `monitoring.hausdesign.nl` met TLS, alleen toegankelijk voor Bert (2FA aan). 2. Twee projecten aangemaakt; DSNs in vault. 3. Laravel SDK geïntegreerd; errors uit prod-API verschijnen <60s. -4. apps/app SDK geïntegreerd; errors verschijnen met org/user/release context. `/p/*` routes hebben strictere scrubbing en geen user-context. -5. Source-maps upload werkt; leesbare stack traces in UI; `.map` bestanden afwezig in publieke bundle. -6. PII scrubbing-tests groen (backend + frontend). +4. ✅ apps/app SDK geïntegreerd (PR-3); errors verschijnen met org/user/release context. Token-based portal-routes (`/portal/advance/:token`, `/register/:public_token`) hebben strictere scrubbing en geen user-context. Detectie via `route.meta.public === true && route.meta.context === 'portal'`. Implementatie: `apps/app/src/observability/contextBinding.ts`. +5. ✅ Source-maps upload werkt (PR-3); `deploy.sh` exporteert `VITE_SENTRY_RELEASE` build-time, uploadt via `@sentry/cli` na `vite build`, en verwijdert daarna élke `*.map` uit `dist/` (RFC §3.5: no public-mapped sources). Soft-fail: deploy gaat door als upload faalt, maar de map-strip stap loopt altijd. +6. ✅ PII scrubbing-tests groen (PR-2 backend `PiiScrubbingTest` 20 cases; PR-3 frontend `scrubber.spec.ts` 18 cases mirror). Plus structurele coverage in `EventListenerRegistrationTest` + `AuthScopeContextListenerTest` + `AuthScopeBindingHttpFlowTest`. 7. Smoke test: induced 500 in staging, verifieer dat hij verschijnt met alle verwachte tags én geen PII lekt. 8. ARCH-OBSERVABILITY.md geschreven (WS-8b). 9. Email-alerting geconfigureerd; getest met sample issue. @@ -217,6 +217,13 @@ WS-7 is compleet wanneer: 13. Structured logging conventie geïmplementeerd; `X-Request-Id` round-trip getest. 14. SECURITY_AUDIT.md bijgewerkt. +**Voortgang (mei 2026, na PR-3):** + +- **PR-1 ✅**: criteria 1, 2, 11 — infra + projecten + backup-script. +- **PR-2 ✅**: criteria 3, 6 (backend), 12, 13 — sentry-laravel + scrubber + structured logging + listener-registration discipline (OBS-8). +- **PR-3 ✅**: criteria 4, 5, 6 (frontend) — `@sentry/vue` SDK + scrubber + Vue Router context-binding + sourcemap upload in `deploy.sh`. +- **Resterend voor WS-7-closure (PR-4)**: criteria 7 (live smoke staging), 8 (ARCH-OBSERVABILITY.md), 9 (email-alerting), 10 (retention 90d), 14 (SECURITY_AUDIT.md update). + --- ## 7. Deliverables (4 PRs, `--no-ff` per CLAUDE.md)