Skip to content

Add JavaScript source map symbolication#2373

Open
ejsmith wants to merge 9 commits into
mainfrom
feature/source-map-symbolication
Open

Add JavaScript source map symbolication#2373
ejsmith wants to merge 9 commits into
mainfrom
feature/source-map-symbolication

Conversation

@ejsmith

@ejsmith ejsmith commented Jul 14, 2026

Copy link
Copy Markdown
Member

Summary

  • Symbolicate JavaScript error frames with version 3 source maps before stack signatures are calculated.
  • Automatically discover public source maps from SourceMap/X-SourceMap headers, sourceMappingURL, or the conventional .map URL.
  • Add project-scoped upload/list/delete APIs and a Svelte Project Settings page for private or unpublished maps.
  • Add least-privilege, project-scoped source-maps:write tokens for CI/CD uploads, including creation from the API Keys UI, visible scope labels, deployment documentation, and HTTP contract samples.
  • Persist maps in configured file storage, remove them with deleted projects or organizations, and document current limitations.

Security and reliability

  • Automatic downloads are anonymous HTTPS-only requests to public network addresses; redirects are revalidated and cookies/proxies are disabled.
  • Download time, redirects, sizes, concurrency, per-project rate, mapping count, frame count, and total event processing time are bounded and configurable.
  • Parsed maps use a size-bounded, expiring memory cache; in-flight loads are deduplicated without being abandoned when one event times out.
  • Automatically discovered maps are revalidated after a configurable interval, and a failed refresh leaves generated frames unchanged instead of applying stale mappings.
  • Content-versioned storage and distributed artifact locks keep replacements consistent and ensure explicit uploads win races with automatic discovery.
  • Upload-only tokens are accepted only for their assigned project and cannot list/delete maps or use ordinary user APIs; normal client keys cannot upload maps.
  • Generated locations are retained in frame metadata, and symbolication failures or malformed maps never prevent event ingestion.

Validation

  • Backend build: 0 warnings, 0 errors
  • Source map parser/service tests: 20 passed
  • Source map API tests: 10 passed
  • Token/auth authorization tests: 81 passed
  • Organization source-map cleanup regression: passed
  • Controller manifest and OpenAPI integration tests: 4 passed
  • Frontend unit tests: 294 passed
  • npm run validate: 0 errors, 0 warnings
  • npm run build
  • deno task build

Adversarial review

The follow-up reviews found and fixed unbounded parsed-map retention, indefinitely stale auto-downloaded maps, non-atomic replacement storage, upload/download races, canceled-caller in-flight eviction, unsafe configuration limits, hidden UI query/delete failures, missing organization-level source-map cleanup, malformed-map 500 responses, and unbounded empty mapping-line allocations. Regression coverage and HTTP contract samples were added for these paths.

Breaking changes

None.

Follow-ups

Indexed source maps and authenticated automatic downloads are intentionally left for future work; private flat maps can be uploaded now.

@ejsmith ejsmith force-pushed the feature/source-map-symbolication branch from 6fb5096 to 6550a8d Compare July 14, 2026 22:42
@ejsmith ejsmith marked this pull request as ready for review July 14, 2026 23:24

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5e7dd25ce7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/Exceptionless.Web/Controllers/SourceMapController.cs Outdated
Comment thread src/Exceptionless.Core/Jobs/CleanupDataJob.cs
Comment thread src/Exceptionless.Core/Services/SourceMaps/SourceMapDocument.cs Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 3a42b1f6e7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/Exceptionless.Core/Services/SourceMaps/SourceMapDocument.cs Outdated
Comment thread src/Exceptionless.Core/Services/SourceMaps/SourceMapDocument.cs

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 609846c581

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/Exceptionless.Core/Jobs/CleanupDataJob.cs Outdated
@ejsmith

ejsmith commented Jul 15, 2026

Copy link
Copy Markdown
Member Author

/preview

@github-actions github-actions Bot added the dev-preview Deploy this pull request to the shared dev environment. label Jul 15, 2026
@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown

Preview deployed

@ejsmith

ejsmith commented Jul 15, 2026

Copy link
Copy Markdown
Member Author

/preview

@ejsmith

ejsmith commented Jul 15, 2026

Copy link
Copy Markdown
Member Author

/preview

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a687fb5c4c

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

using var generatedResponse = await SendAsync(
generatedFileUri,
_options.MaximumGeneratedFileSize,
request => request.Headers.Range = new RangeHeaderValue(null, 64 * 1024),

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Request identity encoding for ranged JS probes

When a CDN honors this suffix Range request while also returning gzip/br content (advertised in SendAsync for the same request), the byte range is over the compressed representation, so the automatic decompressor cannot reliably produce the last 64 KB of JavaScript that contains sourceMappingURL. In that environment auto-discovery falls through and caches a failure for otherwise valid compressed assets; force identity/no compression for the generated-file range probe or avoid ranged reads when compression is negotiated.

Useful? React with 👍 / 👎.

…mbolication

# Conflicts:
#	src/Exceptionless.Web/Api/Handlers/SourceMapController.cs
#	src/Exceptionless.Web/Controllers/EventController.cs
#	src/Exceptionless.Web/Controllers/TokenController.cs
#	src/Exceptionless.Web/Startup.cs
#	tests/Exceptionless.Tests/Api/Data/openapi.json
#	tests/Exceptionless.Tests/Api/Endpoints/SourceMapControllerTests.cs
#	tests/Exceptionless.Tests/Controllers/Data/controller-manifest.json
#	tests/Exceptionless.Tests/Controllers/OpenApiControllerTests.cs
@github-actions

Copy link
Copy Markdown

Code Coverage

Package Line Rate Branch Rate Complexity Health
Exceptionless.Insulation 23% 23% 205
Exceptionless.Core 72% 65% 9237
Exceptionless.AppHost 38% 39% 144
Exceptionless.Web 84% 67% 6922
Summary 76% (22160 / 29120) 65% (10120 / 15596) 16508

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dev-preview Deploy this pull request to the shared dev environment.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant