Skip to content

Observability

Effectively none.

What exists

  • console.log calls throughout store/index.js and middleware/guest.js (sample: console.log('FFFFFF', store.$auth.loggedIn) — left-in debug)
  • hotjar plugin (plugins/hotjar.js) — Hotjar session-recording is loaded client-side
  • Toast notifications via vue-notification

Hotjar

Loaded as a client-only plugin. Hotjar captures:

  • Mouse movements / clicks (heatmaps)
  • Session recordings (replay video of user sessions)
  • Possibly: form input (depending on Hotjar configuration)

Privacy/security implication: Hotjar captures keystrokes by default unless explicitly excluded. Sensitive fields (passwords, tokens, customer data viewed by staff) may end up in Hotjar's cloud.

Fix: explicitly mark sensitive fields with data-hj-suppress or use Hotjar's CSP / privacy config to exclude.

What does not exist

Capability Status
Error tracker (Sentry, Bugsnag)
RUM ❌ (Hotjar is session replay, not RUM)
Analytics events partial (Hotjar)
Source-map upload
console.log stripping in production ❌ — console.log('FFFFFF', ...) ships to prod
Web Vitals reporting
Feature flag system

Concerns

  1. Debug console.logs leak to production. Lines like console.log('FFFFFF', store.$auth.loggedIn) are visible in devtools. Add a Vite/Webpack rule to strip them.

  2. No central error capture. A runtime error in the editor or a store action becomes a console.error lost in the user's browser.

  3. Hotjar privacy posture undocumented. Verify what's being recorded; mask sensitive fields.

Recommendations (ordered)

  1. Strip console.log in production — Webpack config tweak (drop_console)
  2. Add Sentry@sentry/vue SDK; ~15 lines of code
  3. Audit Hotjar config — exclude sensitive fields; ensure GDPR-compliant retention
  4. Add web-vitals if/when traffic justifies
  5. Add a request-id correlation — generate UUID per page session; send as header to BE; include in any error reports

Cross-component pattern

Same as siblings — observability is the platform's largest "easy win" gap. If a platform-wide Sentry adoption happens, this repo is a reasonable second target (after the easier Someli-admin-api / admin_console_R).