📌 Description
apiRequest in src/shared/api/client.ts sends no correlation/trace header, so a failing request cannot be matched to a backend log line. Attach an X-Request-Id header (a crypto.randomUUID() per request) to every call and include that id in the thrown error and any logger.error, so support can trace a user-reported failure across the stack.
💡 Why it matters: Correlation IDs turn "the page errored" reports into pinpointed backend log lookups.
🧩 Requirements and context
- Generate a UUID per request (guard for environments lacking
crypto.randomUUID).
- Send it as
X-Request-Id.
- Attach the id to thrown errors and to
logger.error calls.
- Do not override a caller-supplied
X-Request-Id.
- Document the header in API_INTEGRATION.md.
Non-functional requirements
- Must be secure, tested, and documented.
- Should be efficient and easy to review.
🛠️ Suggested execution
1. Fork the repo and create a branch
git checkout -b feat/api-request-id
2. Implement changes
- Write/modify the relevant source:
src/shared/api/client.ts
- Write comprehensive tests:
src/shared/api/client.test.ts
- Add documentation: API_INTEGRATION.md
- Include TSDoc doc comments
- Validate security assumptions: id is random, contains no PII
3. Test and commit
- Cover edge cases: caller-supplied id preserved, missing crypto fallback
- Include test output and security notes in the PR description.
Example commit message
feat(observability): attach X-Request-Id to api requests
✅ Acceptance criteria
🔒 Security notes
The id must be random and PII-free; never derive it from the JWT or user id.
📋 Guidelines
- Minimum 95% test coverage
- Clear documentation
- Timeframe: 96 hours
📌 Description
apiRequestinsrc/shared/api/client.tssends no correlation/trace header, so a failing request cannot be matched to a backend log line. Attach anX-Request-Idheader (acrypto.randomUUID()per request) to every call and include that id in the thrown error and anylogger.error, so support can trace a user-reported failure across the stack.🧩 Requirements and context
crypto.randomUUID).X-Request-Id.logger.errorcalls.X-Request-Id.Non-functional requirements
🛠️ Suggested execution
1. Fork the repo and create a branch
2. Implement changes
src/shared/api/client.tssrc/shared/api/client.test.ts3. Test and commit
npm test -- clientExample commit message
✅ Acceptance criteria
X-Request-Idcrypto.randomUUIDis unavailable🔒 Security notes
The id must be random and PII-free; never derive it from the JWT or user id.
📋 Guidelines