from:

• Request logs should contain some resolved information about DB objects #16903 (feat: extend request logs with auth & DB info #17304)

  All request logs should contain:

  • Requester user ID
  • Requester user email (for human lookup)

  If the URL has an ID (or multiple) in it (e.g./api/v2/workspaceagents/{id}):

  • The name of the objectworkspace_agent_name=dev
  • In the case of workspace builds, jobs, workspace agents it should also includeworkspace_name=pog

  This information will make it easier for admins to kick off misbehaving clients.

  There's a design for a potential implementation inLong-lived requests (websockets, SSE) should log request as soon as they start to block #16904

• Add prometheus metric for in flight requests #17212 (feat: add path & method labels to prometheus metrics for current requests #17362)

  Add a prometheus gauge metric that tracks the amount of in flight requests. Using a middleware, we would increment the gauge, and decrement it with a deferred function.

  This metric will be useful to detect strange behavior (like websocket spam) or something, which will be super useful to alert on especially once we haveLong-lived requests (websockets, SSE) should log request as soon as they start to block #16904.

  If it's easy, this should also label by route pattern e.g.route="/api/v2/workspaceagents/:id or something. Don't include IDs in the metrics to avoid ballooning labels.

cc@deansheather@ibetitsmike@matifali