Sentry

Live audit of your Sentry project — verifies your error monitoring is actually receiving events and that source-map releases are wired to your latest deploy.

Available on the Growth tier. Read-only auth token — we never write events, never modify projects.

Why this matters

Sentry is the most common “installed but invisible” failure mode. The SDK is in the repo, the DSN is set, the project exists in Sentry, and yet zero events have been received in weeks. Either the SDK isn’t initialised on the right code paths, the DSN is pointing at a different project, or the environment filter is dropping everything. Repo scanning can’t see any of that. Sentry can.

Connect Sentry

01

Create an internal integration token.

Sentry → Settings → Developer Settings → Internal Integrations → New Internal Integration. Name it pulselight-readonly. Permissions: Project: Read, Organization: Read, Releases: Read. Save and copy the token.

02

Paste into PulseLight.

Project settings → Connected platforms Sentry → paste the token + your org slug + your project slug. KMS-encrypted at rest.

03

First scan.

Findings roll into the Stable pillar on the next scan.

What we verify

  • Project is receiving events

    We query the project stats endpoint for the last 7 days. Zero events on a launched project → blocker. The SDK is installed but functionally absent.

  • Source-map release wired to latest deploy

    For projects using source maps, we check that a release matching your latest commit SHA was uploaded. Missing release → warning. Production stack traces will be unreadable when the next error fires.

  • Production environment exists

    We list distinct environment tags from recent events. A project with only development tags is a project not receiving production data. Surfaces as a blocker on launched projects.

  • Spike-rate sanity

    If the last 24 hours saw a 10× spike vs the rolling 7-day average, we surface it as an advisory. Not a blocker (could be a real launch); just a heads-up so it doesn’t get missed in the founder’s inbox.

Common findings

SENTRY-INSTALL-001 — Project receiving zero events
  Project:  acme-saas-prod (org: acme)
  Events:   0 in 7d, 0 in 30d
  Why:      The Sentry SDK is in package.json but events
            aren't reaching the project. Either Sentry.init()
            isn't being called, the DSN is pointing at a
            different project, or the beforeSend hook is
            dropping everything.
  Fix:      Verify Sentry.init() runs on every server entry
            point; check that NEXT_PUBLIC_SENTRY_DSN matches
            the project DSN exactly.

SENTRY-RELEASE-001 — Latest deploy missing source-map release
  Latest commit:  a3f4b21
  Latest release: 8c1d440 (3 days ago)
  Why:            Stack traces from new code paths will be
                  minified and useless when an error fires.
  Fix:            Wire @sentry/cli releases new + sourcemaps
                  upload into your CI deploy step.

What we don’t do

We never read individual error events, stack traces, or user contexts. We only pull project-level stats and release metadata. The token has read-only scope on Project, Org, and Releases — nothing else is exposed.

Disconnect

From Settings → Connected platforms → Sentry, click Disconnect. You can also delete the internal integration in Sentry directly to revoke the token.

See also: Connected Checks overview.