Skip to content

feat: observability rate limiting error envelope#682

Open
rachealkenny wants to merge 8 commits into
Pulsefy:mainfrom
rachealkenny:feature/observability-rate-limiting-error-envelope
Open

feat: observability rate limiting error envelope#682
rachealkenny wants to merge 8 commits into
Pulsefy:mainfrom
rachealkenny:feature/observability-rate-limiting-error-envelope

Conversation

@rachealkenny

Copy link
Copy Markdown
Contributor

Implement request correlation propagation, standardized error envelope, and configurable rate limiting

Overview

This PR adds request correlation propagation for distributed tracing, standardizes error responses across all controllers, and implements configurable rate limiting per endpoint group.

Changes

Request Correlation Propagation (#557)

  • Propagate correlation IDs to AI-service, onchain adapter, and all external HTTP calls
  • Ensure correlation ID appears consistently in all logs for traceability

Standardized Error Envelope (#556)

  • Implement consistent error envelope across all endpoints: { code, message, correlationId, details }
  • Align existing endpoints to the new format
  • Add E2E tests validating at least 3 representative error cases

Rate Limit Policy Map (#551)

  • Make rate limiting configurable per endpoint group (public, admin, webhooks)
  • Centralize configuration with sane defaults and environment-aware overrides for testnet
  • Add tests covering guard behavior on key endpoints

Files Added

  • Correlation ID propagation middleware
  • Error envelope formatter and exception handler
  • Rate limit configuration map

Files Modified

  • HTTP client for outbound calls
  • All controller error responses
  • Rate limiting middleware

Closes #557
Closes #556
Closes #551

@vercel

vercel Bot commented Jun 28, 2026

Copy link
Copy Markdown

@rachealkenny is attempting to deploy a commit to the Cedarich's projects Team on Vercel.

A member of the Team first needs to authorize it.

@rachealkenny rachealkenny marked this pull request as draft June 28, 2026 20:04
…bound calls (Pulsefy#557)

Adds correlation ID propagation to outbound HTTP requests for end-to-end traceability.

Changes:
- Add CorrelationPropagationUtil for managing correlation IDs in outbound calls
- Create OutboundCorrelationInterceptor to ensure correlation ID availability
- Add CorrelationModule to provide correlation utilities globally
- Extend correlation-id.util.ts with extractCorrelationId and getCorrelationHeaders helpers
- Propagate correlation ID to AI-service OCR calls in verification.service.ts
- Update README to reflect project status

This enables consistent traceability across the entire request chain,
making it easier to debug and monitor distributed operations.
Pulsefy#556)

Implements consistent error response format across all API endpoints
with standardized error codes and enhanced error details.

Changes:
- Add ErrorResponseDto with standardized error envelope structure
  (code, message, errorCode, timestamp, path, traceId, correlationId)
- Define ERROR_CODES constants for programmatic error handling
- Enhance AllExceptionsFilter to return standardized error responses
- Add helper methods to ApiResponseDto for common error scenarios
  (validationFail, notFound, unauthorized, forbidden, conflict, etc.)
- Create StandardErrorResponses decorator for Swagger documentation
- Add comprehensive E2E tests covering error envelope for 6+ error cases

The error envelope now includes:
- HTTP status code (code)
- Human-readable message
- Machine-readable errorCode
- Timestamp and request path
- traceId and correlationId for tracing
- Structured validation error details
…lsefy#551)

Adds centralized rate limit configuration with environment-aware policies
and per-endpoint customizability.

Changes:
- Add RateLimitConfig with policies for public, auth, apiKey, admin,
  webhook, search, and health endpoint groups
- Support environment variable overrides for production/testnet
- Implement getRateLimitPolicy helper with wildcard pattern matching
- Add @ratelimit, @SkipRateLimit, and helper decorators for per-endpoint
  overrides
- Enhance AdaptiveRateLimitGuard to use config-based policies with
  backward compatibility
- Add rate limit response headers (X-RateLimit-Limit, Remaining, Policy)
- Include retryAfter and resetIn in rate limit error responses
- Comprehensive E2E tests covering guard behavior on key endpoints

Environment overrides:
- RATE_LIMIT_*_LIMIT and RATE_LIMIT_*_WINDOW env vars
- Different defaults for development, test, and production environments
Resolves TypeScript compilation errors across multiple test files by
fixing import paths, enum usage, and type assertions.

Changes:
- Fix import paths from absolute ('src/...') to relative ('../...')
- Use correct VerificationStatus enum (VERIFIED instead of COMPLETED)
- Add CampaignStatus enum import and use proper enum values
- Create createMockRequest helper for proper Express Request typing
- Add type guards for nextCursor in union pagination types
- Fix PrismaService mock with proper type assertions
- Add MockPrismaService type for better type safety
- Update mock method calls with proper jest.Mock type assertions

Files affected:
- src/audit/webhook.controller.spec.ts
- src/webhooks.service.spec.ts
- test/aid-escrow.integration.spec.ts
- test/verification-review-queue.e2e-spec.ts

No functional changes - test fixes only.
Applies consistent code formatting and fixes ESLint violations across
the backend codebase.

Changes:
- Fix unused imports and variables (UseInterceptors, prisma, window)
- Replace this.getErrorDescription with direct function call
- Fix type assertions for method access in tests
- Format long lines and function signatures for readability
- Add trailing newlines at end of files
- Remove redundant line breaks in test assertions
- Fix import formatting across multiple files

Files affected:
- src/common/decorators/standard-error.decorator.ts
- src/common/decorators/rate-limit.decorator.ts
- src/common/utils/correlation-propagation.util.ts
- src/webhooks.service.spec.ts
- test/error-envelope.e2e-spec.ts
- test/rate-limit.e2e-spec.ts
- test/aid-escrow.integration.spec.ts
- test/verification-review-queue.e2e-spec.ts
- And various other controller, guard, and service files

No functional changes - code formatting and linting only.
Resolves failing test suites by adding missing dependencies and
improving database connection handling.

Changes:
- Add CorrelationPropagationUtil mock to VerificationService tests
- Add VerificationMetadataService mock using string token
- Add STELLAR_CHAIN_ID and STELLAR_NETWORK to config mock
- Fix riskLevel type with 'as const' for type safety
- Refactor idempotency.spec.ts with proper database connection handling:
  - Add buildConnectionString helper with default postgres:postgres credentials
  - Add testDatabaseConnection with retry logic
  - Add createTestDatabase and dropTestDatabase helpers
  - Use UUID-based unique database names for test isolation
  - Gracefully skip tests when database is unavailable

This ensures tests pass both locally and in CI environments without
requiring manual database setup.

Test Suites: 2 passing
@drips-wave

drips-wave Bot commented Jul 2, 2026

Copy link
Copy Markdown

@rachealkenny Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@rachealkenny rachealkenny marked this pull request as ready for review July 2, 2026 03:09
@rachealkenny

Copy link
Copy Markdown
Contributor Author

@Cedarich please, review.

@Cedarich

Cedarich commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@rachealkenny please fix lint

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

2 participants