Tracing v2

Author: Sg312

apps/sim/app/api/billing/update-cost/route.ts

@@ -4,7 +4,9 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { recordUsage } from '@/lib/billing/core/usage-log'
 import { checkAndBillOverageThreshold } from '@/lib/billing/threshold-billing'
+import { TraceSpan } from '@/lib/copilot/generated/trace-spans-v1'
 import { checkInternalApiKey } from '@/lib/copilot/request/http'
+import { withIncomingGoSpan } from '@/lib/copilot/request/otel'
 import { isBillingEnabled } from '@/lib/core/config/feature-flags'
 import { type AtomicClaimResult, billingIdempotency } from '@/lib/core/idempotency/service'
 import { generateRequestId } from '@/lib/core/utils/request'
@@ -26,8 +28,28 @@ const UpdateCostSchema = z.object({
 /**
  * POST /api/billing/update-cost
  * Update user cost with a pre-calculated cost value (internal API key auth required)
+ *
+ * Parented under the Go-side `sim.update_cost` span via W3C traceparent
+ * propagation. Every mothership request that bills should therefore show
+ * the Go client span AND this Sim server span sharing one trace, with
+ * the actual usage/overage work nested below.
  */
 export async function POST(req: NextRequest) {
+  return withIncomingGoSpan(
+    req.headers,
+    TraceSpan.CopilotBillingUpdateCost,
+    {
+      'http.method': 'POST',
+      'http.route': '/api/billing/update-cost',
+    },
+    async (span) => updateCostInner(req, span),
+  )
+}
+
+async function updateCostInner(
+  req: NextRequest,
+  span: import('@opentelemetry/api').Span,
+): Promise<NextResponse> {
   const requestId = generateRequestId()
   const startTime = Date.now()
   let claim: AtomicClaimResult | null = null
@@ -37,6 +59,8 @@ export async function POST(req: NextRequest) {
     logger.info(`[${requestId}] Update cost request started`)
 
     if (!isBillingEnabled) {
+      span.setAttribute('billing.outcome', 'billing_disabled')
+      span.setAttribute('http.status_code', 200)
       return NextResponse.json({
         success: true,
         message: 'Billing disabled, cost update skipped',
@@ -52,6 +76,8 @@ export async function POST(req: NextRequest) {
     const authResult = checkInternalApiKey(req)
     if (!authResult.success) {
       logger.warn(`[${requestId}] Authentication failed: ${authResult.error}`)
+      span.setAttribute('billing.outcome', 'auth_failed')
+      span.setAttribute('http.status_code', 401)
       return NextResponse.json(
         {
           success: false,
@@ -69,6 +95,8 @@ export async function POST(req: NextRequest) {
         errors: validation.error.issues,
         body,
       })
+      span.setAttribute('billing.outcome', 'invalid_body')
+      span.setAttribute('http.status_code', 400)
       return NextResponse.json(
         {
           success: false,
@@ -83,6 +111,17 @@ export async function POST(req: NextRequest) {
       validation.data
     const isMcp = source === 'mcp_copilot'
 
+    span.setAttributes({
+      'user.id': userId,
+      'gen_ai.request.model': model,
+      'billing.source': source,
+      'billing.cost_usd': cost,
+      'gen_ai.usage.input_tokens': inputTokens,
+      'gen_ai.usage.output_tokens': outputTokens,
+      'billing.is_mcp': isMcp,
+      ...(idempotencyKey ? { 'billing.idempotency_key': idempotencyKey } : {}),
+    })
+
     claim = idempotencyKey
       ? await billingIdempotency.atomicallyClaim('update-cost', idempotencyKey)
       : null
@@ -93,6 +132,8 @@ export async function POST(req: NextRequest) {
         userId,
         source,
       })
+      span.setAttribute('billing.outcome', 'duplicate_idempotency_key')
+      span.setAttribute('http.status_code', 409)
       return NextResponse.json(
         {
           success: false,
@@ -157,6 +198,9 @@ export async function POST(req: NextRequest) {
       cost,
     })
 
+    span.setAttribute('billing.outcome', 'billed')
+    span.setAttribute('http.status_code', 200)
+    span.setAttribute('billing.duration_ms', duration)
     return NextResponse.json({
       success: true,
       data: {
@@ -191,6 +235,9 @@ export async function POST(req: NextRequest) {
       )
     }
 
+    span.setAttribute('billing.outcome', 'internal_error')
+    span.setAttribute('http.status_code', 500)
+    span.setAttribute('billing.duration_ms', duration)
     return NextResponse.json(
       {
         success: false,

apps/sim/app/api/copilot/api-keys/validate/route.ts

@@ -5,7 +5,9 @@ import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { checkServerSideUsageLimits } from '@/lib/billing/calculations/usage-monitor'
+import { TraceSpan } from '@/lib/copilot/generated/trace-spans-v1'
 import { checkInternalApiKey } from '@/lib/copilot/request/http'
+import { withIncomingGoSpan } from '@/lib/copilot/request/otel'
 
 const logger = createLogger('CopilotApiKeysValidate')
 
@@ -14,54 +16,83 @@ const ValidateApiKeySchema = z.object({
 })
 
 export async function POST(req: NextRequest) {
-  try {
-    const auth = checkInternalApiKey(req)
-    if (!auth.success) {
-      return new NextResponse(null, { status: 401 })
-    }
+  // Incoming-from-Go: extracts traceparent so this handler's work shows
+  // up as a child of the Go-side `sim.validate_api_key` span in the same
+  // trace. If there's no traceparent (manual curl / browser), the helper
+  // falls back to a new root span.
+  return withIncomingGoSpan(
+    req.headers,
+    TraceSpan.CopilotAuthValidateApiKey,
+    {
+      'http.method': 'POST',
+      'http.route': '/api/copilot/api-keys/validate',
+    },
+    async (span) => {
+      try {
+        const auth = checkInternalApiKey(req)
+        if (!auth.success) {
+          span.setAttribute('copilot.validate.outcome', 'internal_auth_failed')
+          span.setAttribute('http.status_code', 401)
+          return new NextResponse(null, { status: 401 })
+        }
 
-    const body = await req.json().catch(() => null)
+        const body = await req.json().catch(() => null)
+        const validationResult = ValidateApiKeySchema.safeParse(body)
+        if (!validationResult.success) {
+          logger.warn('Invalid validation request', { errors: validationResult.error.errors })
+          span.setAttribute('copilot.validate.outcome', 'invalid_body')
+          span.setAttribute('http.status_code', 400)
+          return NextResponse.json(
+            {
+              error: 'userId is required',
+              details: validationResult.error.errors,
+            },
+            { status: 400 }
+          )
+        }
 
-    const validationResult = ValidateApiKeySchema.safeParse(body)
+        const { userId } = validationResult.data
+        span.setAttribute('user.id', userId)
 
-    if (!validationResult.success) {
-      logger.warn('Invalid validation request', { errors: validationResult.error.errors })
-      return NextResponse.json(
-        {
-          error: 'userId is required',
-          details: validationResult.error.errors,
-        },
-        { status: 400 }
-      )
-    }
+        const [existingUser] = await db.select().from(user).where(eq(user.id, userId)).limit(1)
+        if (!existingUser) {
+          logger.warn('[API VALIDATION] userId does not exist', { userId })
+          span.setAttribute('copilot.validate.outcome', 'user_not_found')
+          span.setAttribute('http.status_code', 403)
+          return NextResponse.json({ error: 'User not found' }, { status: 403 })
+        }
 
-    const { userId } = validationResult.data
+        logger.info('[API VALIDATION] Validating usage limit', { userId })
+        const { isExceeded, currentUsage, limit } = await checkServerSideUsageLimits(userId)
+        span.setAttributes({
+          'billing.usage.current': currentUsage,
+          'billing.usage.limit': limit,
+          'billing.usage.exceeded': isExceeded,
+        })
 
-    const [existingUser] = await db.select().from(user).where(eq(user.id, userId)).limit(1)
-    if (!existingUser) {
-      logger.warn('[API VALIDATION] userId does not exist', { userId })
-      return NextResponse.json({ error: 'User not found' }, { status: 403 })
-    }
+        logger.info('[API VALIDATION] Usage limit validated', {
+          userId,
+          currentUsage,
+          limit,
+          isExceeded,
+        })
 
-    logger.info('[API VALIDATION] Validating usage limit', { userId })
+        if (isExceeded) {
+          logger.info('[API VALIDATION] Usage exceeded', { userId, currentUsage, limit })
+          span.setAttribute('copilot.validate.outcome', 'usage_exceeded')
+          span.setAttribute('http.status_code', 402)
+          return new NextResponse(null, { status: 402 })
+        }
 
-    const { isExceeded, currentUsage, limit } = await checkServerSideUsageLimits(userId)
-
-    logger.info('[API VALIDATION] Usage limit validated', {
-      userId,
-      currentUsage,
-      limit,
-      isExceeded,
-    })
-
-    if (isExceeded) {
-      logger.info('[API VALIDATION] Usage exceeded', { userId, currentUsage, limit })
-      return new NextResponse(null, { status: 402 })
-    }
-
-    return new NextResponse(null, { status: 200 })
-  } catch (error) {
-    logger.error('Error validating usage limit', { error })
-    return NextResponse.json({ error: 'Failed to validate usage' }, { status: 500 })
-  }
+        span.setAttribute('copilot.validate.outcome', 'ok')
+        span.setAttribute('http.status_code', 200)
+        return new NextResponse(null, { status: 200 })
+      } catch (error) {
+        logger.error('Error validating usage limit', { error })
+        span.setAttribute('copilot.validate.outcome', 'internal_error')
+        span.setAttribute('http.status_code', 500)
+        return NextResponse.json({ error: 'Failed to validate usage' }, { status: 500 })
+      }
+    },
+  )
 }