Monitoring Stack
Sentry
Error tracking and performance monitoring. EU region (
de.sentry.io). Captures exceptions, slow transactions, and custom performance spans.Vercel Analytics
Request metrics, function invocation times, and cold start frequency via Vercel’s built-in dashboard.
Cloudflare Analytics
Edge-level traffic, WAF block events, bot scores, and origin error rates.
Pino Structured Logs
Application-level structured JSON logs via the
pino library. Logs are available via Vercel log drains.Health Endpoints
Three health check endpoints provide operational status:| Endpoint | Purpose | Expected Response |
|---|---|---|
GET /api/health/live | Liveness probe — is the process running? | 200 { status: "ok" } |
GET /api/health/ready | Readiness probe — are dependencies available? | 200 if ready, 503 if not |
GET /api/health/db | Database connectivity check | 200 if connected, 503 if disconnected |
Health endpoints are designed to never expose internal error details. DB connection strings, environment variable names, and stack traces are explicitly excluded from health endpoint responses — verified by automated security tests.
Sentry Configuration
Sentry is initialised on three runtimes:| Runtime | Config file | Coverage |
|---|---|---|
| Server | sentry.server.config.ts | API routes, server components |
| Edge | sentry.edge.config.ts | Middleware, edge routes |
| Client | instrumentation-client.ts | Browser errors, client components |
- DSN: routes to EU Sentry ingest (
o4510862548467712.ingest.de.sentry.io) - Org:
137th-advisers/ Project:iorp-ii-prod - Trace sample rate: 1.0 (100% — review for cost optimisation in high-traffic scenarios)
- Source maps: uploaded during CI builds via
SENTRY_AUTH_TOKEN - Tunnel route:
/monitoring— proxies browser Sentry requests through the Next.js app to bypass ad-blockers
Vercel Cron Monitors
Vercel Cron job health is automatically monitored via Sentry’sautomaticVercelMonitors webpack plugin. Missed or failed cron executions trigger Sentry alerts.
Alerting
| Alert Trigger | Channel | Severity |
|---|---|---|
| Unhandled exception in production | Sentry → email / Slack | High |
| Error rate spike (>5% of requests) | Sentry → email | High |
| DB health endpoint returns 503 | Uptime monitor → PagerDuty/email | Critical |
| Vercel function timeout spike | Vercel dashboard | Medium |
| WAF block rate spike | Cloudflare → email | Medium |
Configure uptime monitoring for
/api/health/ready using an external monitor (e.g., Better Uptime, Checkly, or Vercel’s own cron-based checks) to receive alerts when the service is unavailable from outside Vercel.Log Management
Structured logs are emitted viapino and pino-pretty. In production, logs flow to Vercel’s log drain. Sensitive data (PPS numbers, passwords, connection strings) must never appear in logs — this is enforced by code review and the security test suite.
Log retention periods are defined in Log Retention and Integrity.