chore: add chittytrack tail consumer and observability

[chitcommit]

Summary

• Adds tail_consumers: [{ service: "chittytrack" }] to wrangler config
• Adds observability: { enabled: true } (was missing)
• Closes observability gap identified during ecosystem-wide wrangler audit

Test plan

• Deploy and verify chittytrack receives tail events

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation

  • Added service and trust-tier badges to README for clearer project status.

• Chores

  • Enabled observability and added a tail consumer for telemetry.

• New Features

  • Updated external trust-service integration and scoring logic: trust score now derives from three metrics (ty, vy, ry), capped and averaged into a 0–5 score; breakdown fields renamed to reflect the new metrics; verification now requires confidence >50%.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	chittyid	f4c56d2	Apr 13 2026, 10:09 AM

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated README badges; enabled observability and added a tail consumer in wrangler.jsonc; replaced ChittyScore GET integration with a POST reckoning flow and updated trust computation, response parsing, and JSDoc in src/services/trust-client.js.

Changes

Cohort / File(s)	Summary
Documentation README.md	Added two Shields.io badges indicating the "Foundation" service and "Tier 0 Trust Anchors".
Configuration wrangler.jsonc	Added top-level observability: { "enabled": true } and tail_consumers: [{ "service": "chittytrack" }] entries.
Trust integration / Service logic src/services/trust-client.js	Switched ChittyScore call from GET /api/v1/score/{chittyId} to POST /v1/reckon/{encodedChittyId}, changed header to X-Source-Service: 'chittyid', updated response parsing to use top-level ty, vy, ry, compute trust level as min(5, floor(((ty+vy+ry)/3) * 5)), return averaged composite, replace dimensions with ty/vy/ry, and set verified based on data.confidence > 0.5; JSDoc/typedefs updated accordingly.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Poem

🐰 I nibbled through the code tonight,
Badges shimmer, configs bright,
I hopped to reckon TY, VY, RY,
Averaged scores beneath the sky,
A tiny rabbit cheers: "Deploy with delight!" 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the primary changes: adding chittytrack tail consumer and enabling observability in wrangler config, matching the main objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/add-chittytrack-tail-consumer

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

wrangler.jsonc (1)

11-13: ⚠️ Potential issue | 🔴 Critical

Duplicate observability key will cause undefined behavior or override issues.

The observability block already exists at lines 11-13. Adding it again at line 73 creates a duplicate key at the same JSON object level. Most JSON parsers silently take the last occurrence, but this is likely unintentional and violates JSON best practices (RFC 8259 recommends unique keys).

Remove the duplicate at line 73 since the existing block at lines 11-13 already enables observability.

🐛 Proposed fix: Remove duplicate observability key

   "DRAND_BEACON_URL": "https://api.drand.sh/public/latest"
-  },
-  "observability": { "enabled": true },
-  "tail_consumers": [{ "service": "chittytrack" }]
+  },
+  "tail_consumers": [{ "service": "chittytrack" }]
 }

Also applies to: 72-74

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@wrangler.jsonc` around lines 11 - 13, Remove the duplicate "observability"
object: keep the original "observability" block already present and delete the
second occurrence (the repeated "observability": { "enabled": true } block),
then fix any trailing commas or surrounding commas so the JSON remains valid
after removal; ensure only one unique "observability" key exists in the
top-level object.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@wrangler.jsonc`:
- Around line 11-13: Remove the duplicate "observability" object: keep the
original "observability" block already present and delete the second occurrence
(the repeated "observability": { "enabled": true } block), then fix any trailing
commas or surrounding commas so the JSON remains valid after removal; ensure
only one unique "observability" key exists in the top-level object.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c35b394b-e66b-4c34-9ccf-9ce259d4d74c

📥 Commits

Reviewing files that changed from the base of the PR and between 666cb9d and 04307cf.

📒 Files selected for processing (2)

• README.md
• wrangler.jsonc

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/services/trust-client.js`:
- Around line 153-164: The block in src/services/trust-client.js that currently
checks only data.ty must validate all three DRL components before using them:
ensure data.ty, data.vy, and data.ry are present and are finite numbers (e.g.,
using Number.isFinite or safe parse+isFinite) before computing composite,
trustLevel, or calling toFixed; if any component is missing or invalid, skip the
chittyscore branch (return null or fall back) to avoid NaN/toFixed errors, and
also guard data.confidence when setting verified; update the logic in the
function that contains this branch so the composite/trustLevel/reason/verified
lines only run when all three numeric components are valid.
- Around line 156-165: The returned object in src/services/trust-client.js
currently sets verified: data.confidence > 0.5 which conflates soft confidence
with a hard identity/authorization flag; change it so verified remains driven by
the original identity assertion logic (e.g., an explicit identity check or a
separate boolean like data.isVerified) and keep data.confidence (or a new field
like confidence) for scoring; update the return in the function that builds the
trust object (the object with level, source, score, ty, vy, ry, reason,
verified) so verified is not derived from data.confidence and ensure the
confidence value is preserved separately (e.g., confidence: data.confidence) so
downstream consumers like pipeline.js and chittyrouter-gateway.js continue to
treat verified as an authoritative flag while still using confidence for
scoring.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3125feed-a5c0-480f-94b6-ab5c790d8ac4

📥 Commits

Reviewing files that changed from the base of the PR and between 04307cf and f4c56d2.

📒 Files selected for processing (1)

• src/services/trust-client.js

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Validate all three DRL components before using them.

Line 153 only guards data.ty, but Lines 154-164 assume data.vy and data.ry are present numbers too. A partial or differently-typed payload here will either produce NaN or throw on toFixed(), and the catch path silently collapses the lookup to null.

Proposed hardening

       const data = await response.json();
-      if (data.ty !== undefined) {
-        const composite = (data.ty + data.vy + data.ry) / 3;
+      const ty = Number(data.ty);
+      const vy = Number(data.vy);
+      const ry = Number(data.ry);
+      if ([ty, vy, ry].every(Number.isFinite)) {
+        const composite = (ty + vy + ry) / 3;
         const trustLevel = Math.min(5, Math.floor(composite * 5));
         return {
           level: trustLevel,
           source: 'chittyscore',
           score: composite,
-          ty: data.ty,
-          vy: data.vy,
-          ry: data.ry,
-          reason: `TY/VY/RY reckoning: ${data.ty.toFixed(2)}/${data.vy.toFixed(2)}/${data.ry.toFixed(2)}`,
+          ty,
+          vy,
+          ry,
+          reason: `TY/VY/RY reckoning: ${ty.toFixed(2)}/${vy.toFixed(2)}/${ry.toFixed(2)}`,
           verified: data.confidence > 0.5
         };
       }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/services/trust-client.js` around lines 153 - 164, The block in
src/services/trust-client.js that currently checks only data.ty must validate
all three DRL components before using them: ensure data.ty, data.vy, and data.ry
are present and are finite numbers (e.g., using Number.isFinite or safe
parse+isFinite) before computing composite, trustLevel, or calling toFixed; if
any component is missing or invalid, skip the chittyscore branch (return null or
fall back) to avoid NaN/toFixed errors, and also guard data.confidence when
setting verified; update the logic in the function that contains this branch so
the composite/trustLevel/reason/verified lines only run when all three numeric
components are valid.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Keep verified separate from score confidence.

Line 164 turns verified into data.confidence > 0.5, but downstream code treats verified as a hard identity/authorization signal, not a soft quality score. src/services/pipeline.js:320-330 adds 30 trust points from it, and src/integrations/chittyrouter-gateway.js:1048-1060 denies access when it is false. This change will downgrade low-confidence reckonings into “unverified user” decisions instead of “verified user with weaker evidence.”

Suggested direction

         return {
           level: trustLevel,
           source: 'chittyscore',
           score: composite,
+          confidence: data.confidence ?? null,
           ty: data.ty,
           vy: data.vy,
           ry: data.ry,
           reason: `TY/VY/RY reckoning: ${data.ty.toFixed(2)}/${data.vy.toFixed(2)}/${data.ry.toFixed(2)}`,
-          verified: data.confidence > 0.5
+          verified: true
         };

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/services/trust-client.js` around lines 156 - 165, The returned object in
src/services/trust-client.js currently sets verified: data.confidence > 0.5
which conflates soft confidence with a hard identity/authorization flag; change
it so verified remains driven by the original identity assertion logic (e.g., an
explicit identity check or a separate boolean like data.isVerified) and keep
data.confidence (or a new field like confidence) for scoring; update the return
in the function that builds the trust object (the object with level, source,
score, ty, vy, ry, reason, verified) so verified is not derived from
data.confidence and ensure the confidence value is preserved separately (e.g.,
confidence: data.confidence) so downstream consumers like pipeline.js and
chittyrouter-gateway.js continue to treat verified as an authoritative flag
while still using confidence for scoring.