Context

Adds PostHog telemetry events for four feature areas that previously had no usage tracking:

• SSO Configuration (SSO Configured) — tracks SAML, OIDC, and LDAP config creation and updates, with provider and action properties
• App Connections (App Connection Created / App Connection Deleted) — tracks connection lifecycle with app (typed as AppConnection enum) and method properties
• Secret Rotation V2 (Secret Rotation V2 Created / Deleted / Executed) — tracks rotation lifecycle with type (typed as SecretRotation enum), projectId, environment, and secretPath
• Gateway (Gateway Cert Exchanged) — tracks gateway certificate exchange via the exchange-cert endpoint

All events follow the existing fire-and-forget pattern (void ... .catch((err) => logger.error(...))). All events pass organizationId at the top level (sourced from req.permission.orgId) for proper org-level grouping in PostHog.

Updates since last revision

Addressed all review feedback (Devin Review + Greptile + human reviewer) across multiple rounds:

• Replaced all empty .catch(() => {}) blocks with .catch((err) => logger.error(err, "...")) across all 6 router files (12 catch blocks) so telemetry failures are logged instead of silently swallowed
• Added import { logger } from "@app/lib/logger" to the 4 files that didn't already have it (gateway-router, oidc-router, secret-rotation-v2-endpoints, app-connection-endpoints)
• Added organizationId: req.permission.orgId to all three Secret Rotation V2 events for proper org-level PostHog grouping
• Removed redundant orgId from properties across SSO, App Connection, and Gateway events (org association is handled by the top-level organizationId field)
• Renamed gatewayId to certificateSerialNumber in the Gateway event to clarify it holds a TLS cert serial number, not a DB gateway ID
• Renamed event from GatewayCreated to GatewayCertExchanged since exchange-cert fires on both first-time provisioning and cert renewals
• Removed if (authProvider) guard on SAML update handler — now always fires telemetry with authProvider ?? "saml" fallback, consistent with LDAP/OIDC update handlers
• Changed app property type from string to AppConnection enum in TAppConnectionCreatedEvent and TAppConnectionDeletedEvent for stronger typing
• Added environment and secretPath to SecretRotationV2Deleted and SecretRotationV2Executed events (sourced from secretRotation.environment.slug and secretRotation.folder.path) for consistency with the Created event
• Changed all SSO telemetry events (LDAP, OIDC, SAML — both create and update) to use req.permission.orgId instead of req.body.organizationId to prevent spoofed org attribution
• Changed type property in all three Secret Rotation V2 event types from string to SecretRotation enum for compile-time safety
• Fixed import sort order in telemetry-types.ts to satisfy simple-import-sort/imports lint rule

Items for human reviewer attention

• Gateway uses certificateSerialNumber: The DB gateway ID is not returned by exchangeAllocatedRelayAddress. If correlating telemetry events with DB records is important, the service would need to be updated to also return the gateway ID.
• SAML update fallback: When authProvider is not in the PATCH body, the telemetry event uses "saml" as the provider value. Verify this default is acceptable.
• method as string cast in app-connection-endpoints.ts: The generic method parameter is cast to string for the telemetry properties type. This is safe but worth a glance.
• Deleted/Executed rotation events access nested fields: secretRotation.environment.slug and secretRotation.folder.path are used — verify these are always populated on the object returned by deleteSecretRotation and rotateSecretRotation.

Steps to verify the change

1. Confirm new enum values and type definitions in telemetry-types.ts are correctly typed (including AppConnection and SecretRotation enum usage)
2. Verify each router file has the telemetry call placed after the service call succeeds and (where applicable) after the audit log write
3. Verify all events pass organizationId: req.permission.orgId at the top level (not inside properties, and not from req.body)
4. Verify all .catch() blocks use logger.error with a descriptive message
5. Run npx tsc --noEmit in backend/ to confirm no type errors

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description
• Tested locally
• Updated docs (if needed)
• Updated CLAUDE.md files (if needed)
• Read the contributing guide

Link to Devin session: https://app.devin.ai/sessions/ff644e7024c8430f847cc431a8ef22b0
Requested by: @0xArshdeep