Monitoring & logging

ShipVeryFast ships structured security logging out of the box and is easy to wire to an external error tracker. This page covers what exists and what to add for production.

The security log

libs/securityLogger.ts records auth successes and failures, rate-limit hits, permission denials and suspicious activity, each with a severity. On the Node runtime it writes to logs/security.log; on the Edge runtime it logs to the console, since Edge has no filesystem. Admins can read recent events through the audit API.

Event types:   AUTH_SUCCESS, AUTH_FAILURE, RATE_LIMIT_EXCEEDED,
               PERMISSION_DENIED, SUSPICIOUS_ACTIVITY, CONFIGURATION_CHANGE
Severities:    INFO, WARNING, ERROR, CRITICAL

Serverless logs are ephemeral

On Vercel and similar hosts the filesystem is read-only and reset between invocations, so logs/security.log will not persist. Forward events to a log drain or an error tracker for anything you need to keep.

Add error tracking

For production, add a hosted error tracker such as Sentry. Install its Next.js SDK, set the DSN as an environment variable, and it captures unhandled exceptions and performance traces. Pair it with your host's log drain so the security events land somewhere durable.

npm install @sentry/nextjs
# then set SENTRY_DSN and run the Sentry wizard

Next steps

Audit logging (how-to)The logger and the audit API.PerformanceKeep it fast under load.