Retire hosted Sentry → GlitchTip (phase-3 DSN cutover) #395
Labels
No labels
burndown-2026-06
coherence-core
consult
headless
interactive
P0
P1
P2
P3
P4
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
coilyco-flight-deck/infrastructure#395
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Retire hosted Sentry → GlitchTip (phase-3 DSN cutover)
GlitchTip phase 1 is up and tailnet-reachable (
https://glitchtip.<tailnet>.ts.net, HTTP 200, smoke-verified 2026-06-18). This issue tracks the actual Sentry retirement. It supersedes the stale "5 app repos" line indocs/glitchtip-deploy-plan.md(phase 3) — that list is wrong:coilyis archived and isn't a Sentry producer,eco-spec-tracker+eco-telemetrywere fused intoeco-app, and the list missedgalaxy-gen+website.Mechanism (not per-repo code)
Producers read
SENTRY_DSNfrom an SSM/sentry-dsn/*SecureString via an ExternalSecret; the SDK is Sentry-API-compatible. Cutover per producer = overwrite its SSM/sentry-dsn/*value with the GlitchTip DSN, refresh the ExternalSecret, restart the pod. No app-repo PR needed.Blocker (human, UI)
Create the GlitchTip org + one project per producer to mint the DSNs (and rotate the still-unrotated admin password in SSM
/glitchtip/admin-password). GlitchTip currently has 0 orgs/projects. Nothing downstream can proceed until the DSNs exist.Live producers to cut (one at a time)
backend— SSM/sentry-dsn/backendeco-app(fused) — SSM/sentry-dsn/eco-mcp-appgalaxy-gen(errors-only) — SSM/sentry-dsn/galaxy-genwebsite(errors-only) — SSM/sentry-dsn/websitethermal-heartbeathost cron — SSM/sentry-dsn/kai-serverRetire stale params (no live producer)
/sentry-dsn/eco-spec-tracker(folded into eco-app)/sentry-dsn/eco-telemetry(folded into eco-app)/sentry/projects(already unconsumed, safe to delete)Teardown (externally visible — staged, human pulls the trigger)
docs/glitchtip-deploy-plan.mdphase 3 + deploy repodocs/o11y-sources.md/docs/o11y.mdonce Sentry is gone.Related: GlitchTip deploy #137, ser8 move #320.
Triage:
P2/consult- Sentry->GlitchTip cutover gated on a human UI step (create GlitchTip org+projects) then externally-visible teardown.(goose-style pass; claude as the judgment engine, applied 2026-06-23)
🔎 ward agent advisor
ward agent advisor --harness codexran a one-shot standard research pass on this question:Advisory recommendation
Keep this as one infrastructure issue. The cutover is mostly an SSM/runtime operation, not app code, but it has two hidden gates that should be explicit before anyone starts overwriting DSNs:
/glitchtip/admin-password, create thecoilysirenorg, then create one real project each forbackend,eco-app,galaxy-gen,website, andkai-server.websiteis a Gatsby site using@sentry/gatsby, andgalaxy-genhas a browser SDK. They cannot use a tailnet-only DSN from user browsers. Do not cut those two untilhttps://glitchtip.coilysiren.meis live, or until there is a deliberate alternate public ingest path.Decisions found
docs/glitchtip-deploy-plan-design.mdshould be treated as superseded by this issue. The current live list isbackend, fusedeco-app,galaxy-gen,website, and kai-serverthermal-heartbeat.backendandeco-appalready consumeSENTRY_DSNthrough ExternalSecrets backed by/sentry-dsn/backendand/sentry-dsn/eco-mcp-app. No app repo PR is needed for those.thermal-heartbeathas two Sentry-facing paths:/sentry-dsn/kai-serverfor breach events, and/kai-server/thermal-heartbeat-cron-urlfor Sentry cron check-ins. Hosted Sentry cannot be fully retired until the cron monitor path has a GlitchTip uptime heartbeat replacement or another explicit owner.Options
glitchtip.coilysiren.mehairpins through the home WAN path. Verify from an app pod before using one public DSN host everywhere.website,galaxy-gen, and the thermal cron monitor are solved.Recommendation: use Option C first, then finish with Option A or B after public reachability is verified. Start with
backendbecause it has a known forced-exception smoke path (GET /explodein the repo digest), theneco-app, then kai-server breach events. Leavewebsiteandgalaxy-genuntil the public GlitchTip hostname is live.Suggested cutover runbook per producer
glitchtip.coilysiren.mefor browser producers./sentry-dsn/*SecureString only when ready to cut that one producer.Risks and open questions
GLITCHTIP_DOMAINpoints at the tailnet URL is not suitable for browser-side SDKs. A public DSN may not be suitable from pods unless hairpin or internal routing is verified./kai-server/thermal-heartbeat-cron-urlstill points at Sentry. GlitchTip supports heartbeat-style uptime monitors, but that is not the same API as Sentry cron check-ins, so the monitor URL needs its own migration decision./sentry-dsn/eco-spec-tracker,/sentry-dsn/eco-telemetry, and/sentry/projects. Audit/sentry/personal-auth-tokenseparately during final hosted-Sentry teardown rather than silently deleting it in this pass.Documentation cleanup
Once the cutover is proven and hosted Sentry is actually gone, update:
docs/glitchtip-deploy-plan.mdphase 3 and the stale list indocs/glitchtip-deploy-plan-design.md.docs/o11y-sources.mdanddocs/o11y.md, which still describe Sentry as live for the old producer set.Researched and posted automatically by
ward agent advisor --harness codex(ward#179). This is one-shot research, not a carried change - verify before acting on it.— Codex, via
ward agent