Problem

Frontend errors reported to Sentry currently point at minified Astro chunks (e.g. _astro/Layout.astro_astro_type_script_index_0_lang.QS3rhwpU.js:1:42), which makes stack traces effectively unreadable. The Sentry browser SDK is wired up by #132 but the build doesn't upload source maps for it to consume.

Goal

After this is done, an error captured by Sentry should resolve to the original .astro / .ts line in the project — not the minified bundle.

Suggested approach

Two paths, in rough order of preference:

1. @sentry/astro integration — the official integration. Wires up the loader script and source-map upload via the Astro config. Replaces the manual loader in Observability.astro with auth.token + org + project config.
2. @sentry/cli step in CI — keep the current loader, but add a sentry-cli sourcemaps upload step after npm run build in the frontend-deploy job. More moving parts but no Astro integration risk.

Either way needs a new GitHub secret:

Plus org/project slugs as repo vars (or hardcoded) for the upload step.

Out of scope

• Backend (.NET) symbol upload — separate concern, only worth doing if .NET stack traces in Sentry turn out to be unhelpful in practice.