Surplus logo
Surplus Docsby Sharing Excess

Monitoring

Surplus is instrumented so that operators can detect, diagnose, and trace issues — while keeping sensitive data out of the tools that do the watching. This page is the security view of observability; the developer-facing how-to is in Observability.

Error monitoring

  • Client (Sentry). The web client reports errors to Sentry in staging and production, tagged by release. It is configured with sendDefaultPii: false (apps/client/src/lib/sentry.ts), so Sentry does not automatically receive default PII with each error event. Error reporting is disabled in local development.
  • Server. Unexpected server errors are logged with full context and surfaced in Apitally's exception view, while the client only ever receives a safe message and a request id.

Request logging (Apitally)

In staging and production, the API uses Apitally for request logging and metrics. Critically, sensitive data is masked before it is recorded (apps/server/src/index.ts):

  • Body fields such as email, phone, address, contact name, coordinates, names, notes, billing fields, and one-time codes are masked.
  • Headers Cookie and Authorization are masked, so session tokens never reach the logs.

Apitally also attributes each request to a consumer (the user id and role) so traffic can be understood per actor without storing personal data.

Tracing (OpenTelemetry)

The server is instrumented with OpenTelemetry, preloaded before anything else runs. Traces span the full request — the ORPC procedure, each service method, and external calls to Stripe, S3, and Resend — and are exported to Apitally. Database and Redis calls are auto-instrumented. This makes it possible to see exactly where a slow or failing request spent its time.

Correlation

Every request carries an x-request-id that flows through logs and traces and is returned to the client on errors (surfaced in the UI with a copy action). When a user reports a problem, that id maps directly to the corresponding logs and trace — no personal data required to find the request.

Sub-processors involved in monitoring

Monitoring uses Apitally (server request logging, metrics, and traces — PII masked) and Sentry (client error monitoring — default PII disabled). Both are listed in the sub-processor table under Infrastructure and secrets.

Backups & recovery

Automated database and file-storage backups.

Dependencies & supply chain

How third-party code is managed, pinned, and kept consistent.

On this page

MonitoringError monitoringRequest logging (Apitally)Tracing (OpenTelemetry)CorrelationSub-processors involved in monitoring