Add Blazor WASM telemetry docs and post-deployment observability guidance

[Copilot]

• Explore existing documentation structure and identify gaps
• Add Blazor WASM section to enable-browser-telemetry.mdx:
  • How to expose OTEL config from server to Blazor WASM browser app
  • JS interop initialization using IJSRuntime
  • Backend-to-frontend trace correlation using traceparent meta tag
  • Authenticated OTEL proxy pattern (keeps API key server-side, no CORS needed)
• Create new dashboard/telemetry-after-deployment.mdx page covering:
  • Development vs production telemetry comparison table
  • Azure Monitor/Application Insights setup with UseAzureMonitor()
  • Troubleshooting missing logs after deployment (env vars, service defaults, sampling, protocol)
  • Dashboard access after deploying to Azure Container Apps (URL, token, OIDC)
• Update dashboard.topics.ts sidebar with "Telemetry after deployment" entry
• Addressed code review feedback (use IHttpClientFactory, strengthen security caution)
• CodeQL scan: 0 alerts found
• Doc-tester validation via Playwright (comment 3841457119):
  • All internal links verified (200 OK)
  • All heading anchors verified correct
  • Removed non-existent WithDashboard() API call
  • Fixed incorrect package attribution: Microsoft.Extensions.Azure → Azure.Monitor.OpenTelemetry.AspNetCore
  • Improved "Find dashboard URL" section with Azure CLI command instead of fabricated output format
  • Build verified (azurecli warning is pre-existing in the codebase)

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Discord Feedback] Telemetry & Dashboard documentation gaps</issue_title>
<issue_description>## Summary

Based on analysis of 20,415 Discord messages + 147 #help threads (April 2025 - February 2026).

Question counts:

Topic	Questions
Dashboard	140
Configuration	89
OTEL/Telemetry	65
Logs	many (overlaps)

---

Docs That Exist

Slug	Title	Coverage
aspire-dashboard-configuration	Aspire dashboard configuration	✅ Configuration options
use-the-aspire-dashboard-with-nodejs-apps	Dashboard with Node.js	✅ Node.js OTEL
use-the-aspire-dashboard-with-python-apps	Dashboard with Python	✅ Python OTEL

---

Gaps in Existing Docs

1. Frontend/Browser Telemetry (Blazor WASM)

From #help threads:

"How to send OTEL traces from Blazor WASM frontend through authenticated proxy?"

Verified: grep -i "blazor.*otel\|wasm.*telemetry\|browser.*trace" aspire-docs-list.txt returns nothing.

Action Items:

• Blazor WASM OTEL integration
• Browser-to-backend trace correlation
• Authenticated OTEL proxy patterns
• Frontend telemetry collection

---

2. Post-Deployment Logging Issues

From #help threads:

"Only some logs show up in Aspire dashboard after deployed to Azure"

"Inconsistent log collection after Azure deployment"

Action Items:

• Troubleshooting OTEL/logging post-deployment
• Azure Monitor vs Aspire Dashboard integration
• Log collection verification

---

3. Dashboard Access After Deploy

From #help threads:

"After aspire deploy only env-dashboard is accessible, asks for token"

Action Items:

• Dashboard authentication post-deploy
• .env file population after deploy
• Token configuration

---

Data Source

• Discord channels: #💫│general, #🔵│azure, #🔨│building-resources
• Help threads: 147 from #🆘│help
• Total messages: 20,415
• Date range: April 2025 - February 2026
• Verified against: aspire-list_docs and aspire-search_docs</issue_description>

<agent_instructions>Please address this issue, while using the .github/skills/doc-writer/SKILL.md. Be certain to also take into account, related issues, pull requests, and comments that are directly linked as well as comments.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

• Fixes [Discord Feedback] Telemetry & Dashboard documentation gaps #328

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[IEvangelist]

This PR looks good so far, but let's double check it for accuracy by using the .github/skills/doc-tester/SKILL.md skill. Please also consider all new comments and feedback/suggestions. @copilot

[IEvangelist]

Hey @copilot, please have a look at this comment: #455 (review)

[Copilot]

This PR looks good so far, but let's double check it for accuracy by using the .github/skills/doc-tester/SKILL.md skill. Please also consider all new comments and feedback/suggestions. @copilot

Ran doc-tester validation using Playwright against the local dev server. Found and fixed three issues (commit a88f5f8):

1. Removed non-existent API — WithDashboard() had no basis in existing docs or the codebase; replaced with Azure CLI command only
2. Fixed package attribution — Microsoft.Extensions.Azure → Azure.Monitor.OpenTelemetry.AspNetCore as the package that reads APPLICATIONINSIGHTS_CONNECTION_STRING via UseAzureMonitor()
3. Improved "Find dashboard URL" section — replaced a fabricated output format with an Azure CLI command (az containerapp show --query ...) consistent with the existing ACA deployment docs

All internal anchor links (#otlp-configuration, #cors-configuration, #example-browser-telemetry-code, #authenticated-otel-proxy) and all cross-page links verified correct (200 OK). The azurecli language warning in the build is pre-existing in the codebase (e.g. aca-deployment-aspire-cli.mdx).

New page rendering:

Blazor WASM section:

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• telemetry.astro.build
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node node_modules/.bin/../astro/astro.js build (dns block)
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node node_modules/.bin/../astro/astro.js build bash --no�� �� %aE ���� (dns block)
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node node_modules/.bin/../astro/astro.js build e/git log �� %aE ���� --follow git dx -head ules=no ne --no�� �� %aE ���� (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

This PR addresses documentation gaps identified from Discord community feedback by adding comprehensive guidance for Blazor WebAssembly telemetry integration and post-deployment observability. The changes fill critical knowledge gaps around browser-based telemetry collection and production telemetry configuration that were frequently asked about in the community.

Changes:

• Added Blazor WASM telemetry integration section to enable-browser-telemetry.mdx covering OTEL config exposure, JS interop initialization, trace correlation, and authenticated proxy patterns
• Created new telemetry-after-deployment.mdx guide explaining development vs. production telemetry differences, Azure Monitor setup, troubleshooting missing logs, and dashboard access after deployment
• Updated sidebar configuration to include the new telemetry after deployment page

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
src/frontend/src/content/docs/dashboard/telemetry-after-deployment.mdx	New comprehensive guide covering production telemetry setup with Azure Monitor, troubleshooting missing logs, and accessing the deployed dashboard
src/frontend/src/content/docs/dashboard/enable-browser-telemetry.mdx	Added Blazor WebAssembly integration section with OTEL configuration API, component initialization, trace correlation, and authenticated proxy pattern
src/frontend/config/sidebar/dashboard.topics.ts	Added sidebar entry for the new telemetry after deployment page

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The "Telemetry after deployment" sidebar entry should include translations for all supported locales to maintain consistency with other entries in the Dashboard section. Most other entries in this section include translations for multiple languages (da, de, es, fr, hi, id, it, ja, ko, pt, pt-BR, pt-PT, ru, tr, uk, zh-CN). Consider adding translations for this new entry to match the pattern established by entries like "Enable browser telemetry" (lines 179-199) and "Microsoft telemetry" (lines 202-222).

Suggested change

	label: 'Telemetry after deployment',
	label: 'Telemetry after deployment',
	translations: {
	da: 'Telemetri efter implementering',
	de: 'Telemetrie nach der Bereitstellung',
	en: 'Telemetry after deployment',
	es: 'Telemetría después de la implementación',
	fr: 'Télémétrie après le déploiement',
	hi: 'परिनियोजन के बाद टेलीमेट्री',
	id: 'Telemetri setelah penerapan',
	it: 'Telemetria dopo la distribuzione',
	ja: 'デプロイ後のテレメトリ',
	ko: '배포 후 텔레메트리',
	pt: 'Telemetria após a implantação',
	'pt-BR': 'Telemetria após a implantação',
	'pt-PT': 'Telemetria após a implementação',
	ru: 'Телеметрия после развертывания',
	tr: 'Dağıtımdan sonra telemetri',
	uk: 'Телеметрія після розгортання',
	'zh-CN': '部署后的遥测',
	},

[Copilot]

The proxy implementation modifies client.DefaultRequestHeaders in the request handler, which can cause issues with concurrent requests since the HttpClient may be reused across requests. Instead, headers should be added to the individual request message. Consider creating a new HttpRequestMessage and adding headers to it, or using a named HttpClient with pre-configured headers via DelegatingHandler.

[Copilot]

The MapGet("/api/telemetry-config" ...) endpoint returns OTEL_EXPORTER_OTLP_HEADERS and other OTEL env vars and is marked AllowAnonymous, which exposes the OTLP API key and related configuration to any caller, including unauthenticated internet clients. An attacker who fetches this endpoint can obtain the key and misuse it to send forged telemetry or abuse downstream telemetry services, and any other sensitive headers placed in OTEL_EXPORTER_OTLP_HEADERS are also disclosed. Consider removing the API key from this response and/or enforcing authentication/authorization on this endpoint, steering users towards the authenticated OTEL proxy pattern for production scenarios.

Suggested change

	app.MapGet("/api/telemetry-config", () => new
	{
	Endpoint = Environment.GetEnvironmentVariable("OTEL_EXPORTER_OTLP_ENDPOINT") ?? string.Empty,
	Headers = Environment.GetEnvironmentVariable("OTEL_EXPORTER_OTLP_HEADERS") ?? string.Empty,
	ResourceAttributes = Environment.GetEnvironmentVariable("OTEL_RESOURCE_ATTRIBUTES") ?? string.Empty
	})
	.AllowAnonymous();
	using Microsoft.AspNetCore.Authorization;
	app.MapGet("/api/telemetry-config", [Authorize] () => new
	{
	Endpoint = Environment.GetEnvironmentVariable("OTEL_EXPORTER_OTLP_ENDPOINT") ?? string.Empty,
	Headers = Environment.GetEnvironmentVariable("OTEL_EXPORTER_OTLP_HEADERS") ?? string.Empty,
	ResourceAttributes = Environment.GetEnvironmentVariable("OTEL_RESOURCE_ATTRIBUTES") ?? string.Empty
	});