feat: enhance tracing with field attributes and warn logging across all handlers

Add repo_id, finding_id, and filter fields to tracing::instrument attributes for better trace correlation in SigNoz. Replace all silently swallowed errors (Err(_) => Vec::new()) with tracing::warn! logging across mod.rs, dast.rs, graph.rs handlers. Add stage-level spans with .instrument() to pipeline orchestrator for visibility into scan phases. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 21:56:16 +01:00
parent 67d6a937ae
commit 99983c51e3
8 changed files with 178 additions and 70 deletions
--- a/compliance-agent/src/api/handlers/mod.rs
+++ b/compliance-agent/src/api/handlers/mod.rs
@@ -234,7 +234,10 @@ pub async fn stats_overview(Extension(agent): AgentExt) -> ApiResult<OverviewSta
        .await
    {
        Ok(cursor) => collect_cursor_async(cursor).await,
-        Err(_) => Vec::new(),
+        Err(e) => {
+            tracing::warn!("Failed to fetch recent scans: {e}");
+            Vec::new()
+        }
    };

    Ok(Json(ApiResponse {
@@ -276,7 +279,10 @@ pub async fn list_repositories(
        .await
    {
        Ok(cursor) => collect_cursor_async(cursor).await,
-        Err(_) => Vec::new(),
+        Err(e) => {
+            tracing::warn!("Failed to fetch repositories: {e}");
+            Vec::new()
+        }
    };

    Ok(Json(ApiResponse {
@@ -342,7 +348,7 @@ pub async fn get_ssh_public_key(
    Ok(Json(serde_json::json!({ "public_key": public_key.trim() })))
 }

-#[tracing::instrument(skip_all)]
+#[tracing::instrument(skip_all, fields(repo_id = %id))]
 pub async fn trigger_scan(
    Extension(agent): AgentExt,
    Path(id): Path<String>,
@@ -357,7 +363,7 @@ pub async fn trigger_scan(
    Ok(Json(serde_json::json!({ "status": "scan_triggered" })))
 }

-#[tracing::instrument(skip_all)]
+#[tracing::instrument(skip_all, fields(repo_id = %id))]
 pub async fn delete_repository(
    Extension(agent): AgentExt,
    Path(id): Path<String>,
@@ -404,7 +410,7 @@ pub async fn delete_repository(
    Ok(Json(serde_json::json!({ "status": "deleted" })))
 }

-#[tracing::instrument(skip_all)]
+#[tracing::instrument(skip_all, fields(repo_id = ?filter.repo_id, severity = ?filter.severity, scan_type = ?filter.scan_type))]
 pub async fn list_findings(
    Extension(agent): AgentExt,
    Query(filter): Query<FindingsFilter>,
@@ -463,7 +469,10 @@ pub async fn list_findings(
        .await
    {
        Ok(cursor) => collect_cursor_async(cursor).await,
-        Err(_) => Vec::new(),
+        Err(e) => {
+            tracing::warn!("Failed to fetch findings: {e}");
+            Vec::new()
+        }
    };

    Ok(Json(ApiResponse {
@@ -473,7 +482,7 @@ pub async fn list_findings(
    }))
 }

-#[tracing::instrument(skip_all)]
+#[tracing::instrument(skip_all, fields(finding_id = %id))]
 pub async fn get_finding(
    Extension(agent): AgentExt,
    Path(id): Path<String>,
@@ -494,7 +503,7 @@ pub async fn get_finding(
    }))
 }

-#[tracing::instrument(skip_all)]
+#[tracing::instrument(skip_all, fields(finding_id = %id))]
 pub async fn update_finding_status(
    Extension(agent): AgentExt,
    Path(id): Path<String>,
@@ -598,7 +607,7 @@ pub async fn sbom_filters(
    })))
 }

-#[tracing::instrument(skip_all)]
+#[tracing::instrument(skip_all, fields(repo_id = ?filter.repo_id, package_manager = ?filter.package_manager))]
 pub async fn list_sbom(
    Extension(agent): AgentExt,
    Query(filter): Query<SbomFilter>,
@@ -644,7 +653,10 @@ pub async fn list_sbom(
        .await
    {
        Ok(cursor) => collect_cursor_async(cursor).await,
-        Err(_) => Vec::new(),
+        Err(e) => {
+            tracing::warn!("Failed to fetch SBOM entries: {e}");
+            Vec::new()
+        }
    };

    Ok(Json(ApiResponse {
@@ -666,7 +678,10 @@ pub async fn export_sbom(
        .await
    {
        Ok(cursor) => collect_cursor_async(cursor).await,
-        Err(_) => Vec::new(),
+        Err(e) => {
+            tracing::warn!("Failed to fetch SBOM entries for export: {e}");
+            Vec::new()
+        }
    };

    let body = if params.format == "spdx" {
@@ -799,7 +814,10 @@ pub async fn license_summary(

    let entries: Vec<SbomEntry> = match db.sbom_entries().find(query).await {
        Ok(cursor) => collect_cursor_async(cursor).await,
-        Err(_) => Vec::new(),
+        Err(e) => {
+            tracing::warn!("Failed to fetch SBOM entries for license summary: {e}");
+            Vec::new()
+        }
    };

    let mut license_map: std::collections::HashMap<String, Vec<String>> =
@@ -845,7 +863,10 @@ pub async fn sbom_diff(
        .await
    {
        Ok(cursor) => collect_cursor_async(cursor).await,
-        Err(_) => Vec::new(),
+        Err(e) => {
+            tracing::warn!("Failed to fetch SBOM entries for repo_a: {e}");
+            Vec::new()
+        }
    };

    let entries_b: Vec<SbomEntry> = match db
@@ -854,7 +875,10 @@ pub async fn sbom_diff(
        .await
    {
        Ok(cursor) => collect_cursor_async(cursor).await,
-        Err(_) => Vec::new(),
+        Err(e) => {
+            tracing::warn!("Failed to fetch SBOM entries for repo_b: {e}");
+            Vec::new()
+        }
    };

    // Build maps by (name, package_manager) -> version
@@ -944,7 +968,10 @@ pub async fn list_issues(
        .await
    {
        Ok(cursor) => collect_cursor_async(cursor).await,
-        Err(_) => Vec::new(),
+        Err(e) => {
+            tracing::warn!("Failed to fetch tracker issues: {e}");
+            Vec::new()
+        }
    };

    Ok(Json(ApiResponse {
@@ -972,7 +999,10 @@ pub async fn list_scan_runs(
        .await
    {
        Ok(cursor) => collect_cursor_async(cursor).await,
-        Err(_) => Vec::new(),
+        Err(e) => {
+            tracing::warn!("Failed to fetch scan runs: {e}");
+            Vec::new()
+        }
    };

    Ok(Json(ApiResponse {