chore: wrangler audit remediation

[chitcommit]

Summary

• Updates stale compatibility_date to 2026-03-16
• Adds tail_consumers for chittytrack
• Adds observability: enabled
• Part of ecosystem-wide wrangler audit remediation

Test plan

• Deploy and verify worker starts correctly
• Verify chittytrack receives tail events

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated Cloudflare Workers compatibility date to leverage the latest platform features and improvements
  • Added observability integration to enhance monitoring and tracking capabilities

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated the Cloudflare Workers compatibility date to March 2026 and added a Tail Consumer configuration for the "chittytrack" service, introducing observability integration for request/response logging.

Changes

Cohort / File(s)	Summary
Configuration Updates wrangler.toml	Updated compatibility_date from 2024-01-01 to 2026-03-16. Added [[tail_consumers]] configuration block with service = "chittytrack" for observability and tail logging integration.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A newer date hops into place,
With chittytrack's logging grace,
Tails now gathered, bright and keen,
Observing all we've never seen! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: wrangler audit remediation' is directly related to the main changes in the pull request, which involve updating the wrangler configuration file (wrangler.toml) as part of an audit remediation effort.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/wrangler-audit-remediation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@wrangler.toml`:
- Around line 52-53: Multiple files are forwarding raw Error objects to the
external chittytrack tail_consumer via console.error (notably the console.error
calls in src/billy-agent.ts, src/index.ts, src/conversation-store.ts, and
src/analytics.ts), which can leak API keys or response metadata; create a single
helper (e.g., sanitizeError or redactError) that accepts any Error/unknown,
strips/redacts fields that may contain headers, request/response bodies or API
keys, and returns a safe string/object (include only error.name, error.message,
and a truncated stack), then replace direct console.error(..., error) uses in
the affected locations (the console.error calls in src/billy-agent.ts where
Anthropic/OpenAI requests are made, and the console.error sites in src/index.ts,
src/conversation-store.ts, src/analytics.ts) to call console.error(...,
sanitizeError(error)); apply this pattern everywhere exported to the tail
consumer "chittytrack" to ensure no raw error objects are forwarded.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 130418a3-6946-4c38-a347-b827aacbe758

📥 Commits

Reviewing files that changed from the base of the PR and between 5549a4e and 6778b2c.

📒 Files selected for processing (1)

• wrangler.toml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether raw error objects are logged and tails are enabled.
rg -n -C3 'console\.error\([^)]*error' --type=ts
rg -n -C2 '^\[\[tail_consumers\]\]|^service\s*=\s*"chittytrack"|^\[observability\]|^enabled\s*=\s*true' --type=toml
rg -n -C3 'ANTHROPIC_API_KEY|OPENAI_API_KEY|Authorization|x-api-key' --type=ts

Repository: chitcommit/billy-bullshit

Length of output: 9031

---

Tail forwarding exposes raw error objects containing sensitive API metadata.

Raw console.error(..., error) calls across multiple files (src/billy-agent.ts:244, src/index.ts:132/175/223/266/310/363/408, src/conversation-store.ts:28/55/66/78, src/analytics.ts:70) forward unfiltered error objects to the external chittytrack service via [[tail_consumers]]. Since src/billy-agent.ts makes requests to Anthropic and OpenAI using API keys (lines 257, 284), error responses could leak request metadata, headers, or response fragments containing sensitive information.

Sanitize error logging to redact API metadata before console.error is called:

Mitigation: Redact error objects

- } catch (error) {
-   console.error('AI generation error:', error);
-   return this.getFallbackResponse();
- }
+ } catch (error) {
+   const safeError =
+     error instanceof Error
+       ? { name: error.name, message: error.message }
+       : { message: 'Unknown error' };
+   console.error('AI generation error', safeError);
+   return this.getFallbackResponse();
+ }

Apply same pattern to all other error logging statements.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@wrangler.toml` around lines 52 - 53, Multiple files are forwarding raw Error
objects to the external chittytrack tail_consumer via console.error (notably the
console.error calls in src/billy-agent.ts, src/index.ts,
src/conversation-store.ts, and src/analytics.ts), which can leak API keys or
response metadata; create a single helper (e.g., sanitizeError or redactError)
that accepts any Error/unknown, strips/redacts fields that may contain headers,
request/response bodies or API keys, and returns a safe string/object (include
only error.name, error.message, and a truncated stack), then replace direct
console.error(..., error) uses in the affected locations (the console.error
calls in src/billy-agent.ts where Anthropic/OpenAI requests are made, and the
console.error sites in src/index.ts, src/conversation-store.ts,
src/analytics.ts) to call console.error(..., sanitizeError(error)); apply this
pattern everywhere exported to the tail consumer "chittytrack" to ensure no raw
error objects are forwarded.