Releases: script-development/kendo-error-tracker
Releases · script-development/kendo-error-tracker
Release list
v0.1.1
Fixed
- Eager
Dispatcherinjection broke the never-throw invariant.ErrorTrackertookIlluminate\Contracts\Bus\Dispatcheras a constructor dependency, so resolving the service threw aBindingResolutionExceptionbeforereport()'s try/catch whenever the Bus deferred provider was unresolvable. Becausereport()runs inside the consumer's exception handler, that throw escaped the reportable callback and replaced the original error withTarget [Illuminate\Contracts\Bus\Dispatcher] is not instantiable(observed in a Laravel 12 app). The bus is now resolved lazily from the container insidereport()'s guard, so the failure is swallowed and the original error is preserved.
v0.1.0
Inaugural public release. The KD-0885 scrubber hardening below landed before
first publish, so 0.1.0 is the first version available on packagist and the
pre-hardening code was never distributed.
Added
- Initial release of the kendo error-tracking client library.
- Auto-discovered
ErrorTrackerServiceProviderbinding theErrorTrackerservice. - Publishable
config/error-tracker.phpwithkendo_url,project,token,environment,release,synckeys (env defaultsERROR_TRACKER_*). ErrorTracker::report(\Throwable): void— idempotent, swallow-on-failure; never throws, never blocks the caller.- Async dispatch via
ReportErrorJob(0 retries; failed posts log to PHPerror_log, never requeue) with opt-in sync mode (error-tracker.sync). - Scrubbing layer redacting JWT,
Bearertokens, BSN, and email addresses from the message and stack trace before send. - Exact
base_path()path normalization of each stack frame (mirrorslaravel/nightwatch'sLocation::normalizeFile()) for host-stable fingerprints. - POST to
{kendo_url}/api/projects/{project}/error-eventswith Bearer auth and the{environment, release?, exception_class, message, stack_trace}body; treats202as success and swallows every failure (timeout,401/403/422,5xx, unreachable host).
Fixed
- BSN scrub gaps (KD-0885, C-1): the bare 9-digit pattern missed grouped forms (
123.456.782,123 456 782,123-456-782) and BSNs embedded in a longer digit run (0612345678). The pattern now matches grouped separators and any run of 9-or-more digits. Tradeoff: increased over-redaction of legit 9+-digit IDs until the elfproef (11-proef) validator lands (v1.5). - Email IDN / unicode leak (KD-0885, H-1): the ASCII-only email pattern leaked IDN domains (
jan@müller.nl) and unicode local parts. The pattern now uses theuflag and\p{L}\p{N}classes. Quoted local parts with an internal space remain out of scope (documented). - Bearer credential reuse leak (KD-0885, H-2): a credential redacted in a
Bearer <token>value leaked again where the same value reappeared unprefixed (token=<same>). The Bearer scrub now captures the credential and redacts every bare reuse across the string. TheeyJ-header requirement for JWT detection is documented as an explicit scope boundary. - Timeout disabled by zero/negative config (KD-0885, H-3):
ErrorTracker::configFloat()accepted0/negative numeric timeouts (Guzzle-infinite), so a hung kendo host could block the caller in sync mode. A non-positive numeric now floors to the default for bothconnect_timeoutandtimeout. - Bearer over-redaction (KD-0885, M-4): the Bearer credential class included
/and matched across newlines, soBearer /api/v1/users/123ate the whole path. The class now drops/and bounds whitespace to horizontal characters.