feat(mobile-error-log): ingest SDK-captured mobile push failures#34
Merged
Conversation
Add a Mobile Error Log doctype (+ child Mobile Error Log Example) and a
mobile_sync.report_error endpoint so the mobile SDK can record terminal push
failures (4XX / terminal 401 / 5XX) with the exact wire request, server
response, and user identity — enough for a developer to rebuild a replayable
CURL with the same payload and permissions.
- Mobile Error Log: signature-keyed upsert, occurrence_count, error_user
(Data + Link to User), roles, trace_id; System Manager read/delete only,
read_only by design
- Mobile Error Log Example (child): rolling last-5 payloads + rendered CURL
- api/error_log.report_error: upsert by client-supplied signature (verbatim,
never recomputed), cumulative count; render_curl emits {{HOST}}/{{TOKEN}}
placeholders (host + token never stored); ignore_links/ignore_permissions
- hooks: register mobile_sync.report_error; daily purge scheduler; after_install
- install.after_install + tasks.purge_mobile_error_logs: configurable retention
(default 30 days) on Mobile Configuration, purged daily
- mobile_configuration: mobile_error_log_retention_days field
- tests: report_error upsert / last-5 eviction / CURL rendering + retention purge
…e resolves The Mobile Error Log doctype shipped with both a doctype-level "read_only": 1 and a System-Manager permission of read only (no write/ create). Frappe's boot logic (frappe/utils/user.py) routes that exact combination into all_read + no_list_view_link, which excludes the doctype from boot.user.can_read — so /app/mobile-error-log fails to resolve with "Page not found". Removing the doctype-level flag matches Frappe's own read-only audit-log pattern (Activity Log): a read-only permission with no read_only flag. The per-field read_only flags plus the absence of write permission keep the form non-editable, and report_error inserts are unaffected (they run with ignore_permissions).
…red test commits for semgrep
report_error was callable by any authenticated user. Gate it with validate_mobile_user_role() (MOBILE_USER_ROLES / Mobile User role fixture) so only mobile-SDK users can write Mobile Error Log records. The save still uses ignore_permissions, so no DocPerm change is needed.
bhushan-barbuddhe
approved these changes
Jun 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add a Mobile Error Log doctype (+ child Mobile Error Log Example) and a mobile_sync.report_error endpoint so the mobile SDK can record terminal push failures (4XX / terminal 401 / 5XX) with the exact wire request, server response, and user identity — enough for a developer to rebuild a replayable CURL with the same payload and permissions.