fix: reclassify Apollo network-error log severity#117
Draft
TaprootFreak wants to merge 1 commit into
Draft
Conversation
Drop noise from the recoverable-retry path:
- Use logger.warn (not logger.error) when the primary indexer fails and
the fallback is about to be engaged; reserve logger.error for cases
where no fallback is configured or the fallback itself failed.
- Drop the {message, name, stack} metadata payload — the Winston
formatter in api.main.ts uses only info.message, so it never reached
Loki anyway. Inline the message into the log line for actual signal.
- Collapse the redundant info-level breadcrumbs ('Network error
detected' / '503 Service Unavailable') into the single warn line.
- Refresh the fallback window after expiry instead of arming it once
per process lifetime, so a sustained outage keeps the fallback active.
Eliminates ~1500/day of error-level lines from dEURO PRD logs that were
generated by transient indexer hiccups successfully absorbed by retry.
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Reclassify recoverable Apollo network errors from
errortowarnso thetransparent indexer-fallback retry path no longer inflates the dfxprd
error-rate panels. Also tighten the fallback window and drop log payload
fields that the active log formatter silently discards.
Tracked in
DFXServer/server#278;parallel PR for the sister codebase at
JuiceDollar/api#58.Investigation
Sampled
2026-06-01 ~11:00 CESTondfxprd(Loki):deuro-deuro-api-8Every
error [ApiApolloConfig]: [Network error in operation: …]line ondfxprd is paired 1:1 with an
info [ApiApolloConfig]: [Ponder] Network error detected, activating fallbackline — i.e. every error is therecoverable transient-hiccup path, not a real outage. The system handles
them via
forward(operation), the user-facing request retries, but thelog entry already shipped at error severity.
GraphQL-errors path: 0/24h on dfxprd — confirms the noise is purely
from the network-error path.
Two latent problems found while tracing this:
api.main.tsisformat.printf((info) => \${info.level} [${info.context}]: ${info.message}`)— it only readsinfo.message. The{ message, name, stack }second argument tologger.error(...)was never reaching Loki. InliningnetworkError.message` into the main string keeps the signal thatwas being silently lost.
activateFallback()only armed once per process lifetime. Guardwas
if (!fallbackUntil), which stays falsy only until the firstactivation. After the 10-min window expires, the guard fails and
fallbackUntilis never refreshed, so the "Switching to fallback"log fires exactly once per container boot (confirmed via Loki: 0
matches in 24h despite ongoing activity).
Change
if (networkError) { - logger.error(`[Network error in operation: ${op}]`, { message, name, stack }); - - if (getIndexerUrl() === CONFIG.indexer) { - const is503 = ...; - if (is503) logger.log('[Ponder] 503 Service Unavailable - …'); - else logger.log('[Ponder] Network error detected, …'); - activateFallback(); - return forward(operation); - } + const hasFallback = !!CONFIG.indexerFallback; + const onFallback = getIndexerUrl() !== CONFIG.indexer; + const willRecover = hasFallback && !onFallback; + const msg = `[Network error in operation: ${op}] ${networkError.message}`; + + if (willRecover) { + logger.warn(msg); + activateFallback(); + return forward(operation); + } + logger.error(msg); }Plus
activateFallback()re-arm:The
GraphQL errorbranch loses its{ locations, path }payload for thesame reason (Winston discarded it) —
error.messageis appended to themain string instead.
Behaviour matrix
warnerrorCONFIG_INDEXER_FALLBACK_URL == CONFIG_INDEXER_URL(current PRD)warnerrorerrorExpected post-deploy effect on dfxprd
With the current
CONFIG_INDEXER_URL == CONFIG_INDEXER_FALLBACK_URLconfig (intentional, see compose comment about the prior PRD→DEV
traffic leak),
willRecoverevaluates totruefor every networkerror. So:
ApiApolloConfigerror-level lines from network errors: ~977/d → 0/dApiApolloConfigwarn-level lines from network errors: 0/d → ~977/dA real outage where the retry also fails still surfaces at error level
if a distinct fallback URL is configured. For PRD today (same-URL
fallback), real outages will show as elevated warn-rate; switching
fallback to a distinct indexer is a separate infra decision.
Verification query:
Test plan
yarn buildclean (verified locally on the branch HEAD)yarn lintclean (verified locally on the branch HEAD)npx prettier --check api.apollo.config.tscleandeuro-deuro-api-8ApiApolloConfigdrops to ~0; warn-rate picks up the same volume.[Ponder] Switching to fallback for 10min: …log emitson first activation per window (and re-emits after window expiry).