Add performance monitoring (prometheus for metrics and winston for logging)

[narengogi]

No description provided.

[matter-code-review]

Description

Summary By MatterAI

🔄 What Changed

• Added performance monitoring via Prometheus (metrics) and Winston (logging)
• Introduced comprehensive file-based, Redis, Cloudflare KV, and in-memory cache backends
• Implemented unified cache service with pluggable backends and TTL support
• Added Redis-based rate limiter with Lua scripting for atomic operations
• Enhanced error handling with uncaught exception/rejection listeners
• Integrated Winston for structured logging and Loki for log aggregation
• Added configuration loading from conf.json with fallback defaults
• Extended provider support for Cohere, Bedrock, Google Vertex AI with improved response handling
• Introduced background task execution via addBackgroundTask for async operations

🔍 Impact of the Change

Enables robust observability with metrics collection (Prometheus) and structured logging (Winston/Loki). Introduces scalable, persistent caching layer supporting multiple backends (Redis, file, memory, Cloudflare KV) with TTL and cleanup. Enhances system reliability with proper error boundary handling and background task management. Improves configuration flexibility with file-based settings. Strengthens rate limiting with Redis-backed atomic operations.

📁 Total Files Changed

File	ChangeLog
Config Load .gitignore	Added conf.json to gitignore
Settings Init initializeSettings.ts	Added conf.json loader with default org settings
Deps Update package.json	Added prom-client, winston, winston-loki, ioredis
Enums Add src/globals.ts	Added AtomicOperations and RateLimiterKeyTypes enums
Header Fix src/handlers/services/responseService.ts	Removed transfer-encoding header for node runtime
Runtime Init src/index.ts	Added Redis cache backend initialization
Stream Fix src/providers/anthropic/chatComplete.ts	Added role field to assistant delta
Embed Update src/providers/bedrock/embed.ts	Added float embeddings support and error handling
Batch Error src/providers/bedrock/getBatchOutput.ts	Added generateErrorResponse on failed retrieve
Endpoint Fix src/providers/cohere/api.ts	Corrected Cohere API endpoints
Cohere Chat src/providers/cohere/chatComplete.ts	Rewrote with full config and response transform
Embed Schema src/providers/cohere/embed.ts	Added float embeddings and meta handling
Types Add src/providers/cohere/types.ts	Added Cohere-specific types and enums
Google Tools src/providers/google-vertex-ai/chatComplete.ts	Added googleTools array and transform
Utils Add src/providers/google-vertex-ai/utils.ts	Added googleTools and transformGoogleTools
Google Fix src/providers/google/chatComplete.ts	Added googleTools import and transform
Model Add src/providers/open-ai-base/createModelResponse.ts	Added new Google model parameters
Types Import src/providers/types.ts	Imported COHERE_STOP_REASON
Finish Map src/providers/utils/finishReasonMap.ts	Added Cohere stop reason mappings
BG Tasks src/services/realtimeLlmEventParser.ts	Added addBackgroundTask for async processing
KV Cache src/shared/services/cache/backends/cloudflareKV.ts	Added Cloudflare KV cache backend
File Cache src/shared/services/cache/backends/file.ts	Added file-based cache with auto-save
Mem Cache src/shared/services/cache/backends/memory.ts	Added in-memory cache with LRU eviction
Redis Cache src/shared/services/cache/backends/redis.ts	Added Redis cache backend
Cache Core src/shared/services/cache/index.ts	Added unified cache service with backends
Cache Types src/shared/services/cache/types.ts	Added cache interface types
Rate Limit src/shared/services/cache/utils/rateLimiter.ts	Added Redis rate limiter with Lua script
Logger Add src/shared/utils/logger.ts	Added configurable logger with levels
Process Err src/start-server.ts	Added uncaught exception/rejection handlers
Split Fix src/utils.ts	Fixed split pattern for Cohere streaming
Utils Add src/utils/misc.ts	Added addBackgroundTask utility

🧪 Test Added/Recommended

Recommended

• Unit tests for all cache backends (memory, file, redis, cloudflareKV)
• Integration tests for Redis rate limiter with Lua script execution
• End-to-end tests for configuration loading from conf.json
• Performance tests for cache operations under load
• Error scenario tests for cache backend failures
• Logging format validation tests for Winston output
• Prometheus metrics exposure and scraping verification

🔒Security Vulnerabilities

• Ensure conf.json doesn't expose sensitive credentials in logs
• Validate Redis connection string isn't logged in plaintext
• Confirm Winston transport configurations don't leak PII
• Verify Cloudflare KV binding names are properly secured
• Check that cache entries don't store sensitive authentication data

⏳ Estimated code review effort

HIGH (~45 minutes)

Tip

Quality Recommendations

1. Add validation for Redis connection string to prevent injection attacks

2. Implement proper error handling in cache backends instead of returning null

3. Add input validation for conf.json settings to prevent malformed configurations

4. Include timeout handling for Redis operations to prevent hanging requests

5. Add comprehensive logging for cache hit/miss ratios and performance metrics

6. Implement proper cleanup of Winston log transports on application shutdown

7. Add validation for Prometheus metric names to prevent invalid characters

8. Include health checks for all cache backends in the system monitoring

♫ Tanka Poem

Metrics flow like rain 🌧️
Logs dance through Loki's domain 💫
Cache layers grow deep 🌱
Redis guards with Lua might 🔒
Observability blooms 🌸

Sequence Diagram

sequenceDiagram
    participant App as src/index.ts
    participant Cache as CacheService
    participant Redis as RedisCacheBackend
    participant Settings as initializeSettings.ts
    participant Logger as logger.ts
    participant Prometheus as Prometheus

    Note over App: Application Initialization

    App->>Settings: getSettings()
    Settings-->>App: settings from conf.json or defaults

    App->>Cache: createCacheBackendsRedis(REDIS_CONNECTION_STRING)
    Cache->>Redis: new RedisCacheBackend(redisUrl)
    Redis-->>Cache: Redis backend instance
    Cache-->>App: Initialize token/session/config caches

    App->>Logger: createLogger('gateway')
    Logger-->>App: Configured logger instance

    App->>Prometheus: collectDefaultMetrics()
    Prometheus-->>App: Metrics collection started

    Note over App: Runtime Execution

    App->>App: Add uncaughtException handler
    App->>App: Add unhandledRejection handler

    loop Every Request
        App->>Cache: get/set/delete operations
        Cache->>Redis: Execute cache commands
        Redis-->>Cache: Return results
        Cache-->>App: Cache results
    end

Loading

[matter-code-review]

🧪 PR Review is completed: Review of the new APM implementation with Prometheus and Winston. Key issues found in environment variable handling, error logging, and logger initialization.

Skipped files

• package-lock.json: Skipped file pattern
• wrangler.toml: Skipped file pattern

⬇️ Low Priority Suggestions (4)

src/apm/loki/logger.ts

Location: src/apm/loki/logger.ts (Lines 31-31)

🟡 Error Handling

Issue: The broad try-catch block in LokiLogger initialization swallows all errors and sets the logger to null, which can lead to silent failures and make debugging difficult.

Fix: Log specific errors during initialization to help with debugging while still providing a fallback.

Impact: Improves debuggability and error visibility

-    LokiLogger = null;
+    console.error('[LOKI LOGGER] Failed to initialize Loki logger:', error);
+    LokiLogger = null;
+  

src/apm/prometheus/prometheusClient.ts

Location: src/apm/prometheus/prometheusClient.ts (Lines 27-27)

🟡 Performance

Issue: Calling Environment({}) multiple times (in envConfig.ts and here) may cause redundant environment variable parsing.

Fix: Use the already loaded environment variables from envVars instead of calling Environment({}) again.

Impact: Reduces redundant computation and improves performance

-        .PROMETHEUS_LABELS_METADATA_ALLOWED_KEYS?.replaceAll(' ', '')
+      envVars.PROMETHEUS_LABELS_METADATA_ALLOWED_KEYS?.replaceAll(' ', '')
+  

src/apm/prometheus/prometheusClient.ts

Location: src/apm/prometheus/prometheusClient.ts (Lines 322-322)

🟡 Error Handling

Issue: Returning an empty string on JSON parse error in getCustomLabels is not informative and may hide issues with metadata formatting.

Fix: Return an empty object instead to maintain consistent return types and allow for better error handling upstream.

Impact: Improves error handling consistency

-        return '';
+        return {};
+  

src/apm/index.ts

Location: src/apm/index.ts (Lines 3-3)

🟡 Compatibility

Issue: Direct access to process.env may not work in all environments (e.g., Cloudflare Workers) and could cause runtime errors.

Fix: Add a check for process and process.env existence before accessing them.

Impact: Improves compatibility across different runtime environments

-  if (process && process.env.logger === 'loki') {
+  if (typeof process !== 'undefined' && process.env && process.env.logger === 'loki') {
+  

[matter-code-review]

🔴 Security & Stability

Issue: Using process.exit(1) in library code can cause the entire application to crash abruptly without proper cleanup. This is especially problematic in serverless environments.

Fix: Throw a specific error that can be caught and handled by the application's error handling mechanism, allowing for graceful degradation.

Impact: Improves application stability and allows for better error handling

Suggested change

	process.exit(1);
	throw new Error(`Missing required environment variable: ${varName}`);

[matter-code-review]

🔴 Security & Stability

Issue: Using process.exit(1) in library code can cause the entire application to crash abruptly without proper cleanup. This is especially problematic in serverless environments.

Fix: Throw a specific error that can be caught and handled by the application's error handling mechanism, allowing for graceful degradation.

Impact: Improves application stability and allows for better error handling

Suggested change

	process.exit(1);
	throw new Error(`Missing required environment variable: ${varName}`);

[matter-code-review]

✅ Reviewed the changes: Review of APM integration for Prometheus and Winston/Loki

[matter-code-review]

🧪 PR Review is completed: Improved logger initialization with dynamic imports and type safety.

[matter-code-review]

🧪 PR Review is completed: Improved APM logger initialization with conditional loading based on environment configuration.

[matter-code-review]

✅ Reviewed the changes: Review of the addition of APM_LOGGER environment variable and related type safety improvements.

[matter-code-review]

✅ Reviewed the changes: Review complete. Found 1 issue related to potential sensitive data exposure in error logging.

[matter-code-review]

✅ Reviewed the changes: Review of new Qualifire plugins and related updates. Identified issues with error logging and type safety.

[matter-code-review]

✅ Reviewed the changes: PR introduces performance monitoring with Prometheus and Winston, along with new cache backends and a custom logger. Key areas for review include error handling, type safety, and consistent logging.