--- issue: 134 title: "Frontend: Sentry source-map upload configured but no auth token injected" severity: low domain: Observability labels: [frontend, configuration] status: open created: 2026-05-30 source: Full Codebase Audit 2026-05-30 --- # Frontend: Sentry source-map upload configured but no auth token injected **Severity:** low **Domain:** Observability **Labels:** frontend, configuration ## Description `frontend/next.config.ts:83` uses `withSentryConfig` with source-map upload enabled, but `SENTRY_AUTH_TOKEN`, `SENTRY_ORG`, and `SENTRY_PROJECT` are not injected in CI. Source maps are not actually uploaded, making stack traces in Sentry unreadable. ## Options 1. Inject `SENTRY_AUTH_TOKEN`/`ORG`/`PROJECT` via CI so maps actually upload. 2. Disable `withSentryConfig` upload to save build time if Sentry is unused. 3. Keep config but document that uploads are intentionally off. ## Recommendation Decide whether Sentry is in use: if yes, inject the secrets in CI; if no, disable the upload plugin. ## Affected Files - `frontend/next.config.ts:83` - `frontend/.woodpecker/production.yml` — CI secrets ## References - [Full Codebase Audit 2026-05-30](../09%20-%20Audits/Full%20Codebase%20Audit%20-%202026-05-30.md) — DEC-79