Migrate Phase 2 admin edges

Migrate five admin/moderator edge functions (merge-contact-tickets, send-escalation-notification, notify-moderators-report, notify-moderators-submission, send-password-added-email) to use createEdgeFunction wrapper. Remove manual CORS, auth, service-client setup, logging, and error handling. Implement handler with EdgeFunctionContext, apply appropriate wrapper config (requireAuth, requiredRoles/useServiceRole, corsEnabled, enableTracing, rateLimitTier). Replace edgeLogger with span events, maintain core business logic and retry/email integration patterns.
Migrate Phase 1 user-facing functions
2025-12-29 03:27:05 -05:00 · 2025-11-11 20:39:10 +00:00 · 2025-11-11 20:35:45 +00:00 · 2025-11-11 20:30:24 +00:00
13 changed files with 1505 additions and 2300 deletions
--- a/supabase/functions/collect-metrics/index.ts
+++ b/supabase/functions/collect-metrics/index.ts
@@ -1,6 +1,7 @@
-import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.57.4';
-import { createEdgeFunction } from '../_shared/edgeFunctionWrapper.ts';
-import { edgeLogger } from '../_shared/logger.ts';
+import { serve } from 'https://deno.land/std@0.190.0/http/server.ts';
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
+import { addSpanEvent } from '../_shared/logger.ts';
+import { corsHeaders } from '../_shared/cors.ts';

 interface MetricRecord {
  metric_name: string;
@@ -9,13 +10,8 @@ interface MetricRecord {
  timestamp: string;
 }

-export default createEdgeFunction(
-  {
-    name: 'collect-metrics',
-    requireAuth: false,
-  },
-  async (req, context, supabase) => {
-    edgeLogger.info('Starting metrics collection', { requestId: context.requestId });
+const handler = async (req: Request, { supabase, span, requestId }: EdgeFunctionContext) => {
+  addSpanEvent(span, 'starting_metrics_collection', { requestId });

    const metrics: MetricRecord[] = [];
    const timestamp = new Date().toISOString();
@@ -152,26 +148,23 @@ export default createEdgeFunction(
        .insert(metrics);

    if (insertError) {
-        edgeLogger.error('Error inserting metrics', { 
-          error: insertError,
-          requestId: context.requestId 
-        });
+      addSpanEvent(span, 'error_inserting_metrics', { error: insertError.message });
      throw insertError;
    }

-      edgeLogger.info('Successfully recorded metrics', { 
-        count: metrics.length,
-        requestId: context.requestId 
-      });
+    addSpanEvent(span, 'metrics_recorded', { count: metrics.length });
  }

-    return new Response(
-      JSON.stringify({
+  return {
    success: true,
    metrics_collected: metrics.length,
    metrics: metrics.map(m => ({ name: m.metric_name, value: m.metric_value })),
-      }),
-      { headers: { 'Content-Type': 'application/json' } }
-    );
-  }
-);
+  };
+};
+
+serve(createEdgeFunction({
+  name: 'collect-metrics',
+  requireAuth: false,
+  corsHeaders,
+  enableTracing: true,
+}, handler));
--- a/supabase/functions/detect-anomalies/index.ts
+++ b/supabase/functions/detect-anomalies/index.ts
@@ -1,6 +1,7 @@
-import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.57.4';
-import { createEdgeFunction } from '../_shared/edgeFunctionWrapper.ts';
-import { edgeLogger } from '../_shared/logger.ts';
+import { serve } from 'https://deno.land/std@0.190.0/http/server.ts';
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
+import { addSpanEvent } from '../_shared/logger.ts';
+import { corsHeaders } from '../_shared/cors.ts';

 interface MetricData {
  timestamp: string;
@@ -288,13 +289,8 @@ class AnomalyDetector {
  }
 }

-export default createEdgeFunction(
-  {
-    name: 'detect-anomalies',
-    requireAuth: false,
-  },
-  async (req, context, supabase) => {
-    edgeLogger.info('Starting anomaly detection run', { requestId: context.requestId });
+const handler = async (req: Request, { supabase, span, requestId }: EdgeFunctionContext) => {
+  addSpanEvent(span, 'starting_anomaly_detection', { requestId });

    // Get all enabled anomaly detection configurations
    const { data: configs, error: configError } = await supabase
@@ -303,14 +299,11 @@ export default createEdgeFunction(
      .eq('enabled', true);

    if (configError) {
-      console.error('Error fetching configs:', configError);
+      addSpanEvent(span, 'error_fetching_configs', { error: configError.message });
      throw configError;
    }

-    edgeLogger.info('Processing metric configurations', { 
-      count: configs?.length || 0,
-      requestId: context.requestId 
-    });
+    addSpanEvent(span, 'processing_metric_configs', { count: configs?.length || 0 });

    const anomaliesDetected: any[] = [];

@@ -327,17 +320,19 @@ export default createEdgeFunction(
          .order('timestamp', { ascending: true });

        if (metricError) {
-          console.error(`Error fetching metric data for ${config.metric_name}:`, metricError);
+          addSpanEvent(span, 'error_fetching_metric_data', { 
+            metric: config.metric_name, 
+            error: metricError.message 
+          });
          continue;
        }

        const data = metricData as MetricData[];

        if (!data || data.length < config.min_data_points) {
-          edgeLogger.info('Insufficient data for metric', {
+          addSpanEvent(span, 'insufficient_data', {
            metric: config.metric_name,
-            points: data?.length || 0,
-            requestId: context.requestId
+            points: data?.length || 0
          });
          continue;
        }
@@ -421,7 +416,10 @@ export default createEdgeFunction(
            .single();

          if (anomalyError) {
-            console.error(`Error inserting anomaly for ${config.metric_name}:`, anomalyError);
+            addSpanEvent(span, 'error_inserting_anomaly', { 
+              metric: config.metric_name, 
+              error: anomalyError.message 
+            });
            continue;
          }

@@ -453,29 +451,39 @@ export default createEdgeFunction(
                .update({ alert_created: true, alert_id: alert.id })
                .eq('id', anomaly.id);

-              console.log(`Created alert for anomaly in ${config.metric_name}`);
+              addSpanEvent(span, 'alert_created', { 
+                metric: config.metric_name,
+                alertId: alert.id 
+              });
            }
          }

-          console.log(`Anomaly detected: ${config.metric_name} - ${bestResult.anomalyType} (${bestResult.deviationScore.toFixed(2)}σ)`);
+          addSpanEvent(span, 'anomaly_detected', { 
+            metric: config.metric_name, 
+            type: bestResult.anomalyType, 
+            deviation: bestResult.deviationScore.toFixed(2) 
+          });
        }
      } catch (error) {
-        console.error(`Error processing metric ${config.metric_name}:`, error);
-      }
-    }
-
-    edgeLogger.info('Anomaly detection complete', { 
-      detected: anomaliesDetected.length,
-      requestId: context.requestId 
+        addSpanEvent(span, 'error_processing_metric', { 
+          metric: config.metric_name, 
+          error: error instanceof Error ? error.message : String(error) 
        });
+      }
+    }

-    return new Response(
-      JSON.stringify({
+    addSpanEvent(span, 'anomaly_detection_complete', { detected: anomaliesDetected.length });
+
+    return {
      success: true,
      anomalies_detected: anomaliesDetected.length,
      anomalies: anomaliesDetected,
-      }),
-      { headers: { 'Content-Type': 'application/json' } }
-    );
-  }
-);
+    };
+};
+
+serve(createEdgeFunction({
+  name: 'detect-anomalies',
+  requireAuth: false,
+  corsHeaders,
+  enableTracing: true,
+}, handler));
--- a/supabase/functions/detect-location/index.ts
+++ b/supabase/functions/detect-location/index.ts
@@ -1,7 +1,7 @@
-import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
-import { corsHeadersWithTracing as corsHeaders } from '../_shared/cors.ts';
-import { edgeLogger, startRequest, endRequest, logSpanToDatabase, startSpan, endSpan } from "../_shared/logger.ts";
-import { formatEdgeError } from "../_shared/errorFormatter.ts";
+import { serve } from "https://deno.land/std@0.190.0/http/server.ts";
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
+import { corsHeaders } from '../_shared/cors.ts';
+import { addSpanEvent } from '../_shared/logger.ts';

 interface IPLocationResponse {
  country: string;
@@ -11,86 +11,47 @@ interface IPLocationResponse {

 // Simple in-memory rate limiter
 const rateLimitMap = new Map<string, { count: number; resetAt: number }>();
-const RATE_LIMIT_WINDOW = 60000; // 1 minute in milliseconds
+const RATE_LIMIT_WINDOW = 60000; // 1 minute
 const MAX_REQUESTS = 10; // 10 requests per minute per IP
-const MAX_MAP_SIZE = 10000; // Maximum number of IPs to track
+const MAX_MAP_SIZE = 10000;

-// Cleanup failure tracking to prevent silent failures
 let cleanupFailureCount = 0;
-const MAX_CLEANUP_FAILURES = 5; // Threshold before forcing drastic cleanup
-const CLEANUP_FAILURE_RESET_INTERVAL = 300000; // Reset failure count every 5 minutes
+const MAX_CLEANUP_FAILURES = 5;
+const CLEANUP_FAILURE_RESET_INTERVAL = 300000; // 5 minutes

 function cleanupExpiredEntries() {
  try {
    const now = Date.now();
-    let deletedCount = 0;
-    const mapSizeBefore = rateLimitMap.size;
-    
    for (const [ip, data] of rateLimitMap.entries()) {
      if (now > data.resetAt) {
        rateLimitMap.delete(ip);
-        deletedCount++;
      }
    }
-    
-    // Cleanup runs silently unless there are issues
    if (cleanupFailureCount > 0) {
      cleanupFailureCount = 0;
    }
-    
  } catch (error: unknown) {
-    // CRITICAL: Increment failure counter and log detailed error information
    cleanupFailureCount++;
    
-    const errorMessage = formatEdgeError(error);
-    
-    edgeLogger.error('Cleanup error', {
-      attempt: cleanupFailureCount,
-      maxAttempts: MAX_CLEANUP_FAILURES,
-      error: errorMessage,
-      mapSize: rateLimitMap.size
-    });
-    
-    // FALLBACK MECHANISM: If cleanup fails repeatedly, force clear to prevent memory leak
    if (cleanupFailureCount >= MAX_CLEANUP_FAILURES) {
-      edgeLogger.error('Cleanup critical - forcing emergency cleanup', {
-        consecutiveFailures: cleanupFailureCount,
-        mapSize: rateLimitMap.size
-      });
-      
      try {
-        // Emergency: Clear oldest 50% of entries to prevent unbounded growth
        const entriesToClear = Math.floor(rateLimitMap.size * 0.5);
        const sortedEntries = Array.from(rateLimitMap.entries())
          .sort((a, b) => a[1].resetAt - b[1].resetAt);
        
-        let clearedCount = 0;
        for (let i = 0; i < entriesToClear && i < sortedEntries.length; i++) {
          rateLimitMap.delete(sortedEntries[i][0]);
-          clearedCount++;
        }
        
-        edgeLogger.warn('Emergency cleanup completed', { clearedCount, newMapSize: rateLimitMap.size });
-        
-        // Reset failure count after emergency cleanup
        cleanupFailureCount = 0;
-        
-      } catch (emergencyError) {
-        // Last resort: If even emergency cleanup fails, clear everything
-        const originalSize = rateLimitMap.size;
+      } catch {
        rateLimitMap.clear();
-        
-        edgeLogger.error('Emergency cleanup failed - cleared entire map', { 
-          originalSize,
-          error: emergencyError instanceof Error ? emergencyError.message : String(emergencyError)
-        });
        cleanupFailureCount = 0;
      }
    }
  }
 }

-// Reset cleanup failure count periodically to avoid permanent emergency state
 setInterval(() => {
  if (cleanupFailureCount > 0) {
    cleanupFailureCount = 0;
@@ -101,7 +62,6 @@ function checkRateLimit(ip: string): { allowed: boolean; retryAfter?: number } {
  const now = Date.now();
  const existing = rateLimitMap.get(ip);

-  // Handle existing entries (most common case - early return for performance)
  if (existing && now <= existing.resetAt) {
    if (existing.count >= MAX_REQUESTS) {
      const retryAfter = Math.ceil((existing.resetAt - now) / 1000);
@@ -111,89 +71,40 @@ function checkRateLimit(ip: string): { allowed: boolean; retryAfter?: number } {
    return { allowed: true };
  }

-  // Need to add new entry or reset expired one
-  // Only perform cleanup if we're at capacity AND adding a new IP
  if (!existing && rateLimitMap.size >= MAX_MAP_SIZE) {
-    // First try cleaning expired entries
    cleanupExpiredEntries();
    
-    // If still at capacity after cleanup, remove oldest entries (LRU eviction)
    if (rateLimitMap.size >= MAX_MAP_SIZE) {
      try {
-        const toDelete = Math.floor(MAX_MAP_SIZE * 0.3); // Remove 30% of entries
+        const toDelete = Math.floor(MAX_MAP_SIZE * 0.3);
        const sortedEntries = Array.from(rateLimitMap.entries())
          .sort((a, b) => a[1].resetAt - b[1].resetAt);
        
-        let deletedCount = 0;
        for (let i = 0; i < toDelete && i < sortedEntries.length; i++) {
          rateLimitMap.delete(sortedEntries[i][0]);
-          deletedCount++;
        }
-        
-        edgeLogger.warn('Rate limit map at capacity - evicted entries', { 
-          maxSize: MAX_MAP_SIZE, 
-          deletedCount, 
-          newSize: rateLimitMap.size 
-        });
-      } catch (evictionError) {
-        // CRITICAL: LRU eviction failed - log error and attempt emergency clear
-        edgeLogger.error('LRU eviction failed', { 
-          error: evictionError instanceof Error ? evictionError.message : String(evictionError),
-          mapSize: rateLimitMap.size 
-        });
-        
-        try {
-          // Emergency: Clear first 30% of entries without sorting
-          const targetSize = Math.floor(MAX_MAP_SIZE * 0.7);
-          const keysToDelete: string[] = [];
-          
-          for (const [key] of rateLimitMap.entries()) {
-            if (rateLimitMap.size <= targetSize) break;
-            keysToDelete.push(key);
-          }
-          
-          keysToDelete.forEach(key => rateLimitMap.delete(key));
-          
-          edgeLogger.warn('Emergency eviction completed', { 
-            clearedCount: keysToDelete.length, 
-            newSize: rateLimitMap.size 
-          });
-        } catch (emergencyError) {
-          edgeLogger.error('Emergency eviction failed - clearing entire map', { 
-            error: emergencyError instanceof Error ? emergencyError.message : String(emergencyError)
-          });
+      } catch {
        rateLimitMap.clear();
      }
    }
  }
-  }
  
-  // Create new entry or reset expired entry
  rateLimitMap.set(ip, { count: 1, resetAt: now + RATE_LIMIT_WINDOW });
  return { allowed: true };
 }

-// Clean up old entries periodically to prevent memory leak
-// Run cleanup more frequently to catch expired entries sooner
-setInterval(cleanupExpiredEntries, Math.min(RATE_LIMIT_WINDOW / 2, 30000)); // Every 30 seconds or half the window
+setInterval(cleanupExpiredEntries, Math.min(RATE_LIMIT_WINDOW / 2, 30000));

-serve(async (req) => {
-  // Handle CORS preflight requests
-  if (req.method === 'OPTIONS') {
-    return new Response(null, { headers: corsHeaders });
-  }
-
-  const tracking = startRequest('detect-location');
-
-  try {
-    // Get the client's IP address
+const handler = async (req: Request, { span, requestId }: EdgeFunctionContext) => {
+  // Get client IP
  const forwarded = req.headers.get('x-forwarded-for');
  const realIP = req.headers.get('x-real-ip');
-    const clientIP = forwarded?.split(',')[0] || realIP || '8.8.8.8'; // fallback to Google DNS for testing
+  const clientIP = forwarded?.split(',')[0] || realIP || '8.8.8.8';
  
  // Check rate limit
  const rateLimit = checkRateLimit(clientIP);
  if (!rateLimit.allowed) {
+    addSpanEvent(span, 'rate_limit_exceeded', { clientIP: clientIP.substring(0, 8) + '...' });
    return new Response(
      JSON.stringify({
        error: 'Rate limit exceeded',
@@ -203,19 +114,15 @@ serve(async (req) => {
      {
        status: 429,
        headers: {
-            ...corsHeaders,
-            'Content-Type': 'application/json',
          'Retry-After': String(rateLimit.retryAfter || 60)
        }
      }
    );
  }
  
-    // PII Note: Do not log full IP addresses in production
-    edgeLogger.info('Detecting location for request', { requestId: tracking.requestId });
+  addSpanEvent(span, 'detecting_location', { requestId });

-    // Use configurable geolocation service with proper error handling
-    // Defaults to ip-api.com if not configured
+  // Use configurable geolocation service
  const geoApiUrl = Deno.env.get('GEOLOCATION_API_URL') || 'http://ip-api.com/json';
  const geoApiFields = Deno.env.get('GEOLOCATION_API_FIELDS') || 'status,country,countryCode';
  
@@ -223,10 +130,7 @@ serve(async (req) => {
  try {
    geoResponse = await fetch(`${geoApiUrl}/${clientIP}?fields=${geoApiFields}`);
  } catch (fetchError) {
-      edgeLogger.error('Network error fetching location data', { 
-        error: fetchError instanceof Error ? fetchError.message : String(fetchError),
-        requestId: tracking.requestId 
-      });
+    addSpanEvent(span, 'network_error', { error: fetchError instanceof Error ? fetchError.message : String(fetchError) });
    throw new Error('Network error: Unable to reach geolocation service');
  }
  
@@ -238,10 +142,7 @@ serve(async (req) => {
  try {
    geoData = await geoResponse.json();
  } catch (parseError) {
-      edgeLogger.error('Failed to parse geolocation response', { 
-        error: parseError instanceof Error ? parseError.message : String(parseError),
-        requestId: tracking.requestId 
-      });
+    addSpanEvent(span, 'parse_error', { error: parseError instanceof Error ? parseError.message : String(parseError) });
    throw new Error('Invalid response format from geolocation service');
  }
  
@@ -250,7 +151,7 @@ serve(async (req) => {
  }

  // Countries that primarily use imperial system
-    const imperialCountries = ['US', 'LR', 'MM']; // USA, Liberia, Myanmar
+  const imperialCountries = ['US', 'LR', 'MM'];
  const measurementSystem = imperialCountries.includes(geoData.countryCode) ? 'imperial' : 'metric';

  const result: IPLocationResponse = {
@@ -259,65 +160,19 @@ serve(async (req) => {
    measurementSystem
  };

-    edgeLogger.info('Location detected', { 
+  addSpanEvent(span, 'location_detected', { 
    country: result.country, 
    countryCode: result.countryCode, 
-      measurementSystem: result.measurementSystem,
-      requestId: tracking.requestId
+    measurementSystem: result.measurementSystem
  });

-    endRequest(tracking);
-
-    return new Response(
-      JSON.stringify({ ...result, requestId: tracking.requestId }),
-      { 
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId
-        } 
-      }
-    );
-
-  } catch (error: unknown) {
-    // Enhanced error logging for better visibility and debugging
-    const errorMessage = formatEdgeError(error);
-    
-    edgeLogger.error('Location detection error', {
-      error: errorMessage,
-      requestId: tracking.requestId
-    });
-    
-    // Persist error to database for monitoring
-    const errorSpan = startSpan('detect-location-error', 'SERVER');
-    endSpan(errorSpan, 'error', error);
-    logSpanToDatabase(errorSpan, tracking.requestId);
-    
-    endRequest(tracking);
-
-    // Return default (metric) with 500 status to indicate error occurred
-    // This allows proper error monitoring while still providing fallback data
-    const defaultResult: IPLocationResponse = {
-      country: 'Unknown',
-      countryCode: 'XX',
-      measurementSystem: 'metric'
+  return result;
 };

-    return new Response(
-      JSON.stringify({
-        ...defaultResult,
-        error: errorMessage,
-        fallback: true,
-        requestId: tracking.requestId
-      }),
-      { 
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId
-        },
-        status: 500
-      }
-    );
-  }
-});
+serve(createEdgeFunction({
+  name: 'detect-location',
+  requireAuth: false,
+  corsHeaders,
+  enableTracing: true,
+  logRequests: true,
+}, handler));
--- a/supabase/functions/export-user-data/index.ts
+++ b/supabase/functions/export-user-data/index.ts
@@ -1,10 +1,7 @@
-import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
-import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.57.4';
+import { serve } from 'https://deno.land/std@0.190.0/http/server.ts';
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
 import { corsHeaders } from '../_shared/cors.ts';
-import { rateLimiters, withRateLimit } from '../_shared/rateLimiter.ts';
-import { sanitizeError } from '../_shared/errorSanitizer.ts';
-import { edgeLogger, startRequest, endRequest, logSpanToDatabase, startSpan, endSpan } from '../_shared/logger.ts';
-import { formatEdgeError } from '../_shared/errorFormatter.ts';
+import { addSpanEvent } from '../_shared/logger.ts';

 interface ExportOptions {
  include_reviews: boolean;
@@ -14,76 +11,12 @@ interface ExportOptions {
  format: 'json';
 }

-// Apply strict rate limiting (5 req/min) for expensive data export operations
-// This prevents abuse and manages server load from large data exports
-serve(withRateLimit(async (req) => {
-  const tracking = startRequest();
+const handler = async (req: Request, { supabase, user, span, requestId }: EdgeFunctionContext) => {
+  addSpanEvent(span, 'processing_export_request', { userId: user.id });

-  // Handle CORS preflight requests
-  if (req.method === 'OPTIONS') {
-    return new Response(null, { 
-      headers: { 
-        ...corsHeaders,
-        'X-Request-ID': tracking.requestId 
-      } 
-    });
-  }
-
-  try {
-    const supabaseClient = createClient(
-      Deno.env.get('SUPABASE_URL') ?? '',
-      Deno.env.get('SUPABASE_ANON_KEY') ?? '',
-      {
-        global: {
-          headers: { Authorization: req.headers.get('Authorization')! },
-        },
-      }
-    );
-
-    // Get authenticated user
-    const {
-      data: { user },
-      error: authError,
-    } = await supabaseClient.auth.getUser();
-
-    if (authError || !user) {
-      const duration = endRequest(tracking);
-      edgeLogger.error('Authentication failed', { 
-        action: 'export_auth',
-        requestId: tracking.requestId,
-        duration 
-      });
-      
-      // Persist error to database
-      const authErrorSpan = startSpan('export-user-data-auth-error', 'SERVER');
-      endSpan(authErrorSpan, 'error', authError);
-      logSpanToDatabase(authErrorSpan, tracking.requestId);
-      return new Response(
-        JSON.stringify({ 
-          error: 'Unauthorized', 
-          success: false,
-          requestId: tracking.requestId 
-        }),
-        { 
-          status: 401, 
-          headers: { 
-            ...corsHeaders, 
-            'Content-Type': 'application/json',
-            'X-Request-ID': tracking.requestId 
-          } 
-        }
-      );
-    }
-
-    edgeLogger.info('Processing export request', { 
-      action: 'export_start', 
-      requestId: tracking.requestId,
-      userId: user.id 
-    });
-
-    // Check rate limiting - max 1 export per hour
+  // Additional rate limiting - max 1 export per hour
  const oneHourAgo = new Date(Date.now() - 60 * 60 * 1000).toISOString();
-    const { data: recentExports, error: rateLimitError } = await supabaseClient
+  const { data: recentExports, error: rateLimitError } = await supabase
    .from('profile_audit_log')
    .select('created_at')
    .eq('user_id', user.id)
@@ -92,35 +25,21 @@ serve(withRateLimit(async (req) => {
    .limit(1);

  if (rateLimitError) {
-      edgeLogger.error('Rate limit check failed', { action: 'export_rate_limit', requestId: tracking.requestId, error: rateLimitError });
+    addSpanEvent(span, 'rate_limit_check_failed', { error: rateLimitError.message });
  }

  if (recentExports && recentExports.length > 0) {
-      const duration = endRequest(tracking);
    const nextAvailableAt = new Date(new Date(recentExports[0].created_at).getTime() + 60 * 60 * 1000).toISOString();
-      edgeLogger.warn('Rate limit exceeded for export', { 
-        action: 'export_rate_limit',
-        requestId: tracking.requestId,
-        userId: user.id,
-        duration,
-        nextAvailableAt 
-      });
+    addSpanEvent(span, 'rate_limit_exceeded', { nextAvailableAt });
+    
    return new Response(
      JSON.stringify({
        success: false,
        error: 'Rate limited. You can export your data once per hour.',
        rate_limited: true,
        next_available_at: nextAvailableAt,
-          requestId: tracking.requestId
      }),
-        { 
-          status: 429, 
-          headers: { 
-            ...corsHeaders, 
-            'Content-Type': 'application/json',
-            'X-Request-ID': tracking.requestId 
-          } 
-        }
+      { status: 429 }
    );
  }

@@ -134,40 +53,32 @@ serve(withRateLimit(async (req) => {
    format: 'json'
  };

-    edgeLogger.info('Export options', { 
-      action: 'export_options', 
-      requestId: tracking.requestId,
-      userId: user.id 
-    });
+  addSpanEvent(span, 'export_options_parsed', { options });

  // Fetch profile data
-    const { data: profile, error: profileError } = await supabaseClient
+  const { data: profile, error: profileError } = await supabase
    .from('profiles')
    .select('username, display_name, bio, preferred_pronouns, personal_location, timezone, preferred_language, theme_preference, privacy_level, ride_count, coaster_count, park_count, review_count, reputation_score, created_at, updated_at')
    .eq('user_id', user.id)
    .single();

  if (profileError) {
-      edgeLogger.error('Profile fetch failed', { 
-        action: 'export_profile',
-        requestId: tracking.requestId,
-        userId: user.id 
-      });
+    addSpanEvent(span, 'profile_fetch_failed', { error: profileError.message });
    throw new Error('Failed to fetch profile data');
  }

  // Fetch statistics
-    const { count: photoCount } = await supabaseClient
+  const { count: photoCount } = await supabase
    .from('photos')
    .select('*', { count: 'exact', head: true })
    .eq('submitted_by', user.id);

-    const { count: listCount } = await supabaseClient
+  const { count: listCount } = await supabase
    .from('user_lists')
    .select('*', { count: 'exact', head: true })
    .eq('user_id', user.id);

-    const { count: submissionCount } = await supabaseClient
+  const { count: submissionCount } = await supabase
    .from('content_submissions')
    .select('*', { count: 'exact', head: true })
    .eq('user_id', user.id);
@@ -188,7 +99,7 @@ serve(withRateLimit(async (req) => {
  // Fetch reviews if requested
  let reviews = [];
  if (options.include_reviews) {
-      const { data: reviewsData, error: reviewsError } = await supabaseClient
+    const { data: reviewsData, error: reviewsError } = await supabase
      .from('reviews')
      .select(`
        id,
@@ -216,7 +127,7 @@ serve(withRateLimit(async (req) => {
  // Fetch lists if requested
  let lists = [];
  if (options.include_lists) {
-      const { data: listsData, error: listsError } = await supabaseClient
+    const { data: listsData, error: listsError } = await supabase
      .from('user_lists')
      .select('id, name, description, is_public, created_at')
      .eq('user_id', user.id)
@@ -225,7 +136,7 @@ serve(withRateLimit(async (req) => {
    if (!listsError && listsData) {
      lists = await Promise.all(
        listsData.map(async (list) => {
-            const { count } = await supabaseClient
+          const { count } = await supabase
            .from('user_list_items')
            .select('*', { count: 'exact', head: true })
            .eq('list_id', list.id);
@@ -246,7 +157,7 @@ serve(withRateLimit(async (req) => {
  // Fetch activity log if requested
  let activity_log = [];
  if (options.include_activity_log) {
-      const { data: activityData, error: activityError } = await supabaseClient
+    const { data: activityData, error: activityError } = await supabase
      .from('profile_audit_log')
      .select('id, action, changes, created_at, changed_by, ip_address_hash, user_agent')
      .eq('user_id', user.id)
@@ -267,7 +178,7 @@ serve(withRateLimit(async (req) => {
  };

  if (options.include_preferences) {
-      const { data: prefsData } = await supabaseClient
+    const { data: prefsData } = await supabase
      .from('user_preferences')
      .select('unit_preferences, accessibility_options, notification_preferences, privacy_settings')
      .eq('user_id', user.id)
@@ -308,7 +219,7 @@ serve(withRateLimit(async (req) => {
  };

  // Log the export action
-    await supabaseClient.from('profile_audit_log').insert([{
+  await supabase.from('profile_audit_log').insert([{
    user_id: user.id,
    changed_by: user.id,
    action: 'data_exported',
@@ -316,17 +227,11 @@ serve(withRateLimit(async (req) => {
      export_options: options,
      timestamp: new Date().toISOString(),
      data_size: JSON.stringify(exportData).length,
-        requestId: tracking.requestId
+      requestId
    }
  }]);

-    const duration = endRequest(tracking);
-    edgeLogger.info('Export completed successfully', { 
-      action: 'export_complete', 
-      requestId: tracking.requestId,
-      traceId: tracking.traceId,
-      userId: user.id,
-      duration,
+  addSpanEvent(span, 'export_completed', { 
    dataSize: JSON.stringify(exportData).length 
  });

@@ -334,47 +239,21 @@ serve(withRateLimit(async (req) => {
    JSON.stringify({ 
      success: true, 
      data: exportData,
-        requestId: tracking.requestId 
    }),
    { 
-        status: 200, 
      headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
        'Content-Disposition': `attachment; filename="thrillwiki-data-export-${new Date().toISOString().split('T')[0]}.json"`,
-          'X-Request-ID': tracking.requestId
      } 
    }
  );
+};

-  } catch (error) {
-    const duration = endRequest(tracking);
-    edgeLogger.error('Export error', { 
-      action: 'export_error', 
-      requestId: tracking.requestId,
-      duration,
-      error: formatEdgeError(error) 
-    });
-    
-    // Persist error to database for monitoring
-    const errorSpan = startSpan('export-user-data-error', 'SERVER');
-    endSpan(errorSpan, 'error', error);
-    logSpanToDatabase(errorSpan, tracking.requestId);
-    const sanitized = sanitizeError(error, 'export-user-data');
-    return new Response(
-      JSON.stringify({ 
-        ...sanitized,
-        success: false,
-        requestId: tracking.requestId 
-      }),
-      { 
-        status: 500, 
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId 
-        } 
-      }
-    );
-  }
-}, rateLimiters.strict, corsHeaders));
+serve(createEdgeFunction({
+  name: 'export-user-data',
+  requireAuth: true,
+  corsHeaders,
+  enableTracing: true,
+  logRequests: true,
+  logResponses: true,
+  rateLimitTier: 'strict', // 5 requests per minute
+}, handler));
--- a/supabase/functions/merge-contact-tickets/index.ts
+++ b/supabase/functions/merge-contact-tickets/index.ts
@@ -1,8 +1,7 @@
 import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
-import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.57.4';
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
 import { corsHeaders } from '../_shared/cors.ts';
-import { edgeLogger, startRequest, endRequest, logSpanToDatabase, startSpan, endSpan } from '../_shared/logger.ts';
-import { createErrorResponse, sanitizeError } from '../_shared/errorSanitizer.ts';
+import { addSpanEvent } from '../_shared/logger.ts';

 interface MergeTicketsRequest {
  primaryTicketId: string;
@@ -18,56 +17,7 @@ interface MergeTicketsResponse {
  deletedTickets: string[];
 }

-serve(async (req) => {
-  const tracking = startRequest();
-
-  if (req.method === 'OPTIONS') {
-    return new Response(null, { headers: corsHeaders });
-  }
-
-  try {
-    const authHeader = req.headers.get('Authorization');
-    if (!authHeader) {
-      throw new Error('Missing authorization header');
-    }
-
-    const supabase = createClient(
-      Deno.env.get('SUPABASE_URL') ?? '',
-      Deno.env.get('SUPABASE_ANON_KEY') ?? '',
-      { global: { headers: { Authorization: authHeader } } }
-    );
-
-    // Authenticate user
-    const { data: { user }, error: authError } = await supabase.auth.getUser();
-    if (authError || !user) {
-      throw new Error('Unauthorized');
-    }
-
-    edgeLogger.info('Merge tickets request started', {
-      requestId: tracking.requestId,
-      userId: user.id,
-    });
-
-    // Check if user has moderator/admin role
-    const { data: hasRole, error: roleError } = await supabase.rpc('has_role', {
-      _user_id: user.id,
-      _role: 'moderator'
-    });
-
-    const { data: isAdmin, error: adminError } = await supabase.rpc('has_role', {
-      _user_id: user.id,
-      _role: 'admin'
-    });
-
-    const { data: isSuperuser, error: superuserError } = await supabase.rpc('has_role', {
-      _user_id: user.id,
-      _role: 'superuser'
-    });
-
-    if (roleError || adminError || superuserError || (!hasRole && !isAdmin && !isSuperuser)) {
-      throw new Error('Insufficient permissions. Moderator role required.');
-    }
-
+const handler = async (req: Request, { supabase, user, span, requestId }: EdgeFunctionContext) => {
  // Parse request body
  const { primaryTicketId, mergeTicketIds, mergeReason }: MergeTicketsRequest = await req.json();

@@ -84,6 +34,11 @@ serve(async (req) => {
    throw new Error('Maximum 10 tickets can be merged at once');
  }

+  addSpanEvent(span, 'merge_tickets_started', { 
+    primaryTicketId, 
+    mergeCount: mergeTicketIds.length 
+  });
+
  // Start transaction-like operations
  const allTicketIds = [primaryTicketId, ...mergeTicketIds];

@@ -105,7 +60,7 @@ serve(async (req) => {
    throw new Error('Primary ticket not found');
  }

-    // Check if any ticket already has merged_ticket_numbers (prevent re-merging)
+  // Check if any ticket already has merged_ticket_numbers
  const alreadyMerged = tickets.find(t => 
    t.merged_ticket_numbers && t.merged_ticket_numbers.length > 0
  );
@@ -113,15 +68,13 @@ serve(async (req) => {
    throw new Error(`Ticket ${alreadyMerged.ticket_number} has already been used in a merge`);
  }

-    edgeLogger.info('Starting merge process', {
-      requestId: tracking.requestId,
+  addSpanEvent(span, 'tickets_validated', { 
    primaryTicket: primaryTicket.ticket_number,
-      mergeTicketCount: mergeTickets.length,
+    mergeTicketCount: mergeTickets.length
  });

  // Step 1: Move all email threads to primary ticket
-    edgeLogger.info('Step 1: Moving email threads', { 
-      requestId: tracking.requestId,
+  addSpanEvent(span, 'moving_email_threads', { 
    fromTickets: mergeTickets.map(t => t.ticket_number)
  });
  
@@ -135,21 +88,13 @@ serve(async (req) => {

  const threadsMovedCount = movedThreads?.length || 0;

-    edgeLogger.info('Threads moved successfully', { 
-      requestId: tracking.requestId,
-      threadsMovedCount 
-    });
+  addSpanEvent(span, 'threads_moved', { threadsMovedCount });

  if (threadsMovedCount === 0) {
-      edgeLogger.warn('No email threads found to move', {
-        requestId: tracking.requestId,
-        mergeTicketIds
-      });
+    addSpanEvent(span, 'no_threads_found', { mergeTicketIds });
  }

  // Step 2: Consolidate admin notes
-    edgeLogger.info('Step 2: Consolidating admin notes', { requestId: tracking.requestId });
-    
  let consolidatedNotes = primaryTicket.admin_notes || '';
  
  for (const ticket of mergeTickets) {
@@ -161,8 +106,6 @@ serve(async (req) => {
  }

  // Step 3: Recalculate metadata from consolidated threads
-    edgeLogger.info('Step 3: Recalculating metadata from threads', { requestId: tracking.requestId });
-    
  const { data: threadStats, error: statsError } = await supabase
    .from('contact_email_threads')
    .select('direction, created_at')
@@ -178,8 +121,7 @@ serve(async (req) => {
    ?.filter(t => t.direction === 'inbound')
    .sort((a, b) => new Date(b.created_at).getTime() - new Date(a.created_at).getTime())[0]?.created_at;

-    edgeLogger.info('Metadata recalculated', { 
-      requestId: tracking.requestId,
+  addSpanEvent(span, 'metadata_recalculated', { 
    outboundCount,
    lastAdminResponse,
    lastUserResponse
@@ -189,8 +131,6 @@ serve(async (req) => {
  const mergedTicketNumbers = mergeTickets.map(t => t.ticket_number);

  // Step 4: Update primary ticket with consolidated data
-    edgeLogger.info('Step 4: Updating primary ticket', { requestId: tracking.requestId });
-    
  const { error: updateError } = await supabase
    .from('contact_submissions')
    .update({
@@ -207,14 +147,9 @@ serve(async (req) => {

  if (updateError) throw updateError;

-    edgeLogger.info('Primary ticket updated successfully', { requestId: tracking.requestId });
+  addSpanEvent(span, 'primary_ticket_updated', { primaryTicket: primaryTicket.ticket_number });

  // Step 5: Delete merged tickets
-    edgeLogger.info('Step 5: Deleting merged tickets', { 
-      requestId: tracking.requestId,
-      ticketsToDelete: mergeTicketIds.length
-    });
-    
  const { error: deleteError } = await supabase
    .from('contact_submissions')
    .delete()
@@ -222,14 +157,12 @@ serve(async (req) => {

  if (deleteError) throw deleteError;

-    edgeLogger.info('Merged tickets deleted successfully', { requestId: tracking.requestId });
+  addSpanEvent(span, 'merged_tickets_deleted', { count: mergeTicketIds.length });

  // Step 6: Audit log
-    edgeLogger.info('Step 6: Creating audit log', { requestId: tracking.requestId });
-    
  const { error: auditError } = await supabase.from('admin_audit_log').insert({
    admin_user_id: user.id,
-      target_user_id: user.id, // No specific target user for this action
+    target_user_id: user.id,
    action: 'merge_contact_tickets',
    details: {
      primary_ticket_id: primaryTicketId,
@@ -243,20 +176,12 @@ serve(async (req) => {
  });

  if (auditError) {
-      edgeLogger.warn('Failed to create audit log for merge', {
-        requestId: tracking.requestId,
-        error: auditError.message,
-        primaryTicket: primaryTicket.ticket_number
-      });
-      // Don't throw - merge already succeeded
+    addSpanEvent(span, 'audit_log_failed', { error: auditError.message });
  }

-    const duration = endRequest(tracking);
-    edgeLogger.info('Merge tickets completed successfully', {
-      requestId: tracking.requestId,
-      duration,
+  addSpanEvent(span, 'merge_completed', { 
    primaryTicket: primaryTicket.ticket_number,
-      mergedCount: mergeTickets.length,
+    mergedCount: mergeTickets.length
  });

  const response: MergeTicketsResponse = {
@@ -267,24 +192,14 @@ serve(async (req) => {
    deletedTickets: mergedTicketNumbers,
  };

-    return new Response(JSON.stringify(response), {
-      headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-      status: 200,
-    });
+  return response;
+};

-  } catch (error) {
-    const duration = endRequest(tracking);
-    edgeLogger.error('Merge tickets failed', {
-      requestId: tracking.requestId,
-      duration,
-      error: error instanceof Error ? error.message : 'Unknown error',
-    });
-    
-    // Persist error to database for monitoring
-    const errorSpan = startSpan('merge-contact-tickets-error', 'SERVER');
-    endSpan(errorSpan, 'error', error);
-    logSpanToDatabase(errorSpan, tracking.requestId);
-
-    return createErrorResponse(error, 500, corsHeaders, 'merge_contact_tickets');
-  }
-});
+serve(createEdgeFunction({
+  name: 'merge-contact-tickets',
+  requireAuth: true,
+  requiredRoles: ['superuser', 'admin', 'moderator'],
+  corsHeaders,
+  enableTracing: true,
+  logRequests: true,
+}, handler));
--- a/supabase/functions/notify-moderators-report/index.ts
+++ b/supabase/functions/notify-moderators-report/index.ts
@@ -1,7 +1,7 @@
-import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
-import { createClient } from "https://esm.sh/@supabase/supabase-js@2.57.4";
-import { corsHeadersWithTracing as corsHeaders } from '../_shared/cors.ts';
-import { edgeLogger, startRequest, endRequest } from "../_shared/logger.ts";
+import { serve } from "https://deno.land/std@0.190.0/http/server.ts";
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
+import { corsHeaders } from '../_shared/cors.ts';
+import { addSpanEvent } from '../_shared/logger.ts';
 import { withEdgeRetry } from '../_shared/retryHelper.ts';

 interface NotificationPayload {
@@ -15,27 +15,13 @@ interface NotificationPayload {
  entityPreview: string;
 }

-serve(async (req) => {
-  if (req.method === 'OPTIONS') {
-    return new Response(null, { headers: corsHeaders });
-  }
-
-  const tracking = startRequest('notify-moderators-report');
-
-  try {
-    const supabaseUrl = Deno.env.get('SUPABASE_URL')!;
-    const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!;
-    
-    const supabase = createClient(supabaseUrl, supabaseServiceKey);
-
+const handler = async (req: Request, { supabase, span, requestId }: EdgeFunctionContext) => {
  const payload: NotificationPayload = await req.json();
  
-    edgeLogger.info('Processing report notification', {
-      action: 'notify_moderators_report',
+  addSpanEvent(span, 'processing_report_notification', {
    reportId: payload.reportId,
    reportType: payload.reportType,
-      reportedEntityType: payload.reportedEntityType,
-      requestId: tracking.requestId
+    reportedEntityType: payload.reportedEntityType
  });

  // Calculate relative time
@@ -76,21 +62,18 @@ serve(async (req) => {
    .maybeSingle();

  if (templateError) {
-      edgeLogger.error('Error fetching workflow', { action: 'notify_moderators_report', requestId: tracking.requestId, error: templateError });
+    addSpanEvent(span, 'workflow_fetch_failed', { error: templateError.message });
    throw new Error(`Failed to fetch workflow: ${templateError.message}`);
  }

  if (!template) {
-      edgeLogger.warn('No active report-alert workflow found', { action: 'notify_moderators_report', requestId: tracking.requestId });
+    addSpanEvent(span, 'no_active_workflow', {});
    return new Response(
      JSON.stringify({
        success: false,
        error: 'No active report-alert workflow configured',
      }),
-        {
-          headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-          status: 400,
-        }
+      { status: 400 }
    );
  }

@@ -115,7 +98,6 @@ serve(async (req) => {
      
      reportedEntityName = profile?.display_name || profile?.username || 'User Profile';
    } else if (payload.reportedEntityType === 'content_submission') {
-        // Query submission_metadata table for the name instead of dropped content JSONB column
      const { data: metadata } = await supabase
        .from('submission_metadata')
        .select('metadata_value')
@@ -126,7 +108,9 @@ serve(async (req) => {
      reportedEntityName = metadata?.metadata_value || 'Submission';
    }
  } catch (error) {
-      edgeLogger.warn('Could not fetch entity name', { action: 'notify_moderators_report', requestId: tracking.requestId, error });
+    addSpanEvent(span, 'entity_name_fetch_failed', { 
+      error: error instanceof Error ? error.message : String(error) 
+    });
  }

  // Build enhanced notification payload
@@ -145,7 +129,10 @@ serve(async (req) => {
    priority,
  };

-    edgeLogger.info('Triggering notification with payload', { action: 'notify_moderators_report', requestId: tracking.requestId });
+  addSpanEvent(span, 'triggering_notification', { 
+    workflowId: template.workflow_id,
+    priority
+  });

  // Invoke the trigger-notification function with retry
  const result = await withEdgeRetry(
@@ -170,49 +157,24 @@ serve(async (req) => {
      return data;
    },
    { maxAttempts: 3, baseDelay: 1000 },
-      tracking.requestId,
+    requestId,
    'trigger-report-notification'
  );

-    edgeLogger.info('Notification triggered successfully', { action: 'notify_moderators_report', requestId: tracking.requestId, result });
+  addSpanEvent(span, 'notification_sent', { transactionId: result?.transactionId });

-    endRequest(tracking, 200);
-
-    return new Response(
-      JSON.stringify({
+  return {
    success: true,
    transactionId: result?.transactionId,
    payload: notificationPayload,
-        requestId: tracking.requestId
-      }),
-      {
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId
-        },
-        status: 200,
-      }
-    );
-  } catch (error: any) {
-    edgeLogger.error('Error in notify-moderators-report', { action: 'notify_moderators_report', requestId: tracking.requestId, error: error.message });
+  };
+};

-    endRequest(tracking, 500, error.message);
-
-    return new Response(
-      JSON.stringify({
-        success: false,
-        error: error.message,
-        requestId: tracking.requestId
-      }),
-      {
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId
-        },
-        status: 500,
-      }
-    );
-  }
-});
+serve(createEdgeFunction({
+  name: 'notify-moderators-report',
+  requireAuth: false,
+  useServiceRole: true,
+  corsHeaders,
+  enableTracing: true,
+  logRequests: true,
+}, handler));
--- a/supabase/functions/notify-moderators-submission/index.ts
+++ b/supabase/functions/notify-moderators-submission/index.ts
@@ -1,7 +1,7 @@
-import { serve } from "https://deno.land/std@0.168.0/http/server.ts";
-import { createClient } from "https://esm.sh/@supabase/supabase-js@2.57.4";
+import { serve } from "https://deno.land/std@0.190.0/http/server.ts";
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
 import { corsHeaders } from '../_shared/cors.ts';
-import { edgeLogger, startRequest, endRequest, logSpanToDatabase, startSpan, endSpan } from '../_shared/logger.ts';
+import { addSpanEvent } from '../_shared/logger.ts';
 import { withEdgeRetry } from '../_shared/retryHelper.ts';

 interface NotificationPayload {
@@ -16,24 +16,7 @@ interface NotificationPayload {
  is_escalated: boolean;
 }

-serve(async (req) => {
-  const tracking = startRequest();
-  
-  if (req.method === 'OPTIONS') {
-    return new Response(null, { 
-      headers: { 
-        ...corsHeaders,
-        'X-Request-ID': tracking.requestId 
-      } 
-    });
-  }
-
-  try {
-    const supabaseUrl = Deno.env.get('SUPABASE_URL')!;
-    const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!;
-    
-    const supabase = createClient(supabaseUrl, supabaseServiceKey);
-
+const handler = async (req: Request, { supabase, span, requestId }: EdgeFunctionContext) => {
  const payload: NotificationPayload = await req.json();
  const { 
    submission_id, 
@@ -47,12 +30,9 @@ serve(async (req) => {
    is_escalated
  } = payload;

-    edgeLogger.info('Notifying moderators about submission via topic', { 
-      action: 'notify_moderators',
-      requestId: tracking.requestId,
+  addSpanEvent(span, 'processing_moderator_notification', { 
    submission_id, 
-      submission_type,
-      content_preview 
+    submission_type
  });

  // Calculate relative time and priority
@@ -85,28 +65,8 @@ serve(async (req) => {
    .single();

  if (workflowError || !workflow) {
-      const duration = endRequest(tracking);
-      edgeLogger.error('Error fetching workflow', { 
-        action: 'notify_moderators',
-        requestId: tracking.requestId,
-        duration,
-        error: workflowError 
-      });
-      return new Response(
-        JSON.stringify({ 
-          success: false, 
-          error: 'Workflow not found or not active',
-          requestId: tracking.requestId 
-        }),
-        {
-          headers: { 
-            ...corsHeaders, 
-            'Content-Type': 'application/json',
-            'X-Request-ID': tracking.requestId 
-          },
-          status: 500,
-        }
-      );
+    addSpanEvent(span, 'workflow_fetch_failed', { error: workflowError?.message });
+    throw new Error('Workflow not found or not active');
  }

  // Generate idempotency key for duplicate prevention
@@ -114,7 +74,7 @@ serve(async (req) => {
    .rpc('generate_notification_idempotency_key', {
      p_notification_type: 'moderation_submission',
      p_entity_id: submission_id,
-        p_recipient_id: '00000000-0000-0000-0000-000000000000', // Topic-based, use placeholder
+      p_recipient_id: '00000000-0000-0000-0000-000000000000',
      p_event_data: { submission_type, action }
    });

@@ -129,62 +89,46 @@ serve(async (req) => {
    .maybeSingle();

  if (existingLog) {
-      // Duplicate detected - log and skip
+    // Duplicate detected
    await supabase.from('notification_logs').update({
      is_duplicate: true
    }).eq('id', existingLog.id);

-      edgeLogger.info('Duplicate notification prevented', {
-        action: 'notify_moderators',
-        requestId: tracking.requestId,
+    addSpanEvent(span, 'duplicate_notification_prevented', {
      idempotencyKey,
      submission_id
    });

-      return new Response(
-        JSON.stringify({
+    return {
      success: true,
      message: 'Duplicate notification prevented',
      idempotencyKey,
-          requestId: tracking.requestId,
-        }),
-        {
-          headers: { 
-            ...corsHeaders, 
-            'Content-Type': 'application/json',
-            'X-Request-ID': tracking.requestId 
-          },
-          status: 200,
-        }
-      );
+    };
  }

  // Prepare enhanced notification payload
  const notificationPayload = {
    baseUrl: 'https://www.thrillwiki.com',
-      // Basic info
    itemType: submission_type,
    submitterName: submitter_name,
    submissionId: submission_id,
    action: action || 'create',
    moderationUrl: 'https://www.thrillwiki.com/admin/moderation',
-      
-      // Enhanced content
    contentPreview: content_preview,
-      
-      // Timing information
    submittedAt: submitted_at,
    relativeTime: relativeTime,
    priority: priority,
-      
-      // Additional metadata
    hasPhotos: has_photos,
    itemCount: item_count,
    isEscalated: is_escalated,
  };

+  addSpanEvent(span, 'triggering_notification', { 
+    workflowId: workflow.workflow_id,
+    priority
+  });
+
  // Send ONE notification to the moderation-submissions topic with retry
-    // All subscribers (moderators) will receive it automatically
  const data = await withEdgeRetry(
    async () => {
      const { data: result, error } = await supabase.functions.invoke('trigger-notification', {
@@ -204,13 +148,13 @@ serve(async (req) => {
      return result;
    },
    { maxAttempts: 3, baseDelay: 1000 },
-      tracking.requestId,
+    requestId,
    'trigger-submission-notification'
  );

-    // Log notification in notification_logs with idempotency key
+  // Log notification with idempotency key
  const { error: logError } = await supabase.from('notification_logs').insert({
-      user_id: '00000000-0000-0000-0000-000000000000', // Topic-based
+    user_id: '00000000-0000-0000-0000-000000000000',
    notification_type: 'moderation_submission',
    idempotency_key: idempotencyKey,
    is_duplicate: false,
@@ -222,69 +166,27 @@ serve(async (req) => {
  });

  if (logError) {
-      // Non-blocking - notification was sent successfully, log failure shouldn't fail the request
-      edgeLogger.warn('Failed to log notification in notification_logs', {
-        action: 'notify_moderators',
-        requestId: tracking.requestId,
-        error: logError.message,
-        submissionId: submission_id
-      });
+    addSpanEvent(span, 'log_insertion_failed', { error: logError.message });
  }

-    const duration = endRequest(tracking);
-    edgeLogger.info('Successfully notified all moderators via topic', {
-      action: 'notify_moderators',
-      requestId: tracking.requestId,
-      traceId: tracking.traceId,
-      duration,
-      transactionId: data?.transactionId
+  addSpanEvent(span, 'notification_sent', { 
+    transactionId: data?.transactionId,
+    topicKey: 'moderation-submissions'
  });

-    return new Response(
-      JSON.stringify({
+  return {
    success: true,
    message: 'Moderator notifications sent via topic',
    topicKey: 'moderation-submissions',
    transactionId: data?.transactionId,
-        requestId: tracking.requestId,
-      }),
-      {
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId 
-        },
-        status: 200,
-      }
-    );
-  } catch (error: any) {
-    const duration = endRequest(tracking);
-    edgeLogger.error('Error in notify-moderators-submission', { 
-      action: 'notify_moderators',
-      requestId: tracking.requestId,
-      duration,
-      error: error.message 
-    });
+  };
+};

-    // Persist error to database for monitoring
-    const errorSpan = startSpan('notify-moderators-submission-error', 'SERVER');
-    endSpan(errorSpan, 'error', error);
-    logSpanToDatabase(errorSpan, tracking.requestId);
-    
-    return new Response(
-      JSON.stringify({
-        success: false,
-        error: error.message,
-        requestId: tracking.requestId,
-      }),
-      {
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId 
-        },
-        status: 500,
-      }
-    );
-  }
-});
+serve(createEdgeFunction({
+  name: 'notify-moderators-submission',
+  requireAuth: false,
+  useServiceRole: true,
+  corsHeaders,
+  enableTracing: true,
+  logRequests: true,
+}, handler));
--- a/supabase/functions/notify-user-submission-status/index.ts
+++ b/supabase/functions/notify-user-submission-status/index.ts
@@ -1,7 +1,7 @@
 import { serve } from "https://deno.land/std@0.190.0/http/server.ts";
-import { createClient } from "https://esm.sh/@supabase/supabase-js@2.57.4";
-import { corsHeadersWithTracing as corsHeaders } from '../_shared/cors.ts';
-import { edgeLogger, startRequest, endRequest } from "../_shared/logger.ts";
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
+import { corsHeaders } from '../_shared/cors.ts';
+import { addSpanEvent } from '../_shared/logger.ts';

 interface RequestBody {
  submission_id: string;
@@ -81,21 +81,15 @@ async function constructEntityURL(
  return `${baseURL}`;
 }

-serve(async (req) => {
-  if (req.method === 'OPTIONS') {
-    return new Response(null, { headers: corsHeaders });
-  }
-
-  const tracking = startRequest('notify-user-submission-status');
-
-  try {
-    const supabaseUrl = Deno.env.get('SUPABASE_URL')!;
-    const supabaseServiceKey = Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')!;
-    
-    const supabase = createClient(supabaseUrl, supabaseServiceKey);
-
+const handler = async (req: Request, { supabase, span, requestId }: EdgeFunctionContext) => {
  const { submission_id, user_id, submission_type, status, reviewer_notes } = await req.json() as RequestBody;

+  addSpanEvent(span, 'notification_request', { 
+    submissionId: submission_id, 
+    userId: user_id,
+    status 
+  });
+
  // Fetch submission items to get entity data
  const { data: items, error: itemsError } = await supabase
    .from('submission_items')
@@ -126,7 +120,6 @@ serve(async (req) => {
  let payload: Record<string, string>;
  
  if (status === 'approved') {
-      // Approval payload
    payload = {
      baseUrl: 'https://www.thrillwiki.com',
      entityType,
@@ -136,7 +129,6 @@ serve(async (req) => {
      moderationNotes: reviewer_notes || '',
    };
  } else {
-      // Rejection payload
    payload = {
      baseUrl: 'https://www.thrillwiki.com',
      rejectionReason: reviewer_notes || 'No reason provided',
@@ -172,42 +164,22 @@ serve(async (req) => {
      is_duplicate: true
    }).eq('id', existingLog.id);

-      edgeLogger.info('Duplicate notification prevented', { 
-        action: 'notify_user_submission_status',
-        userId: user_id,
+    addSpanEvent(span, 'duplicate_notification_prevented', { 
      idempotencyKey,
-        submissionId: submission_id,
-        requestId: tracking.requestId 
+      submissionId: submission_id
    });

-      endRequest(tracking, 200);
-
-      return new Response(
-        JSON.stringify({
+    return {
      success: true,
      message: 'Duplicate notification prevented',
      idempotencyKey,
-          requestId: tracking.requestId
-        }),
-        {
-          headers: { 
-            ...corsHeaders, 
-            'Content-Type': 'application/json',
-            'X-Request-ID': tracking.requestId
-          },
-          status: 200,
-        }
-      );
+    };
  }

-    edgeLogger.info('Sending notification to user', { 
-      action: 'notify_user_submission_status',
-      userId: user_id, 
+  addSpanEvent(span, 'sending_notification', { 
    workflowId, 
    entityName,
-      status,
-      idempotencyKey,
-      requestId: tracking.requestId 
+    idempotencyKey
  });

  // Call trigger-notification function
@@ -239,45 +211,21 @@ serve(async (req) => {
    }
  });

-    edgeLogger.info('User notification sent successfully', { action: 'notify_user_submission_status', requestId: tracking.requestId, result: notificationResult });
+  addSpanEvent(span, 'notification_sent', { 
+    transactionId: notificationResult?.transactionId 
+  });

-    endRequest(tracking, 200);
-
-    return new Response(
-      JSON.stringify({
+  return {
    success: true,
    transactionId: notificationResult?.transactionId,
-        requestId: tracking.requestId
-      }),
-      {
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId
-        },
-        status: 200,
-      }
-    );
-  } catch (error: unknown) {
-    const errorMessage = error instanceof Error ? error.message : 'Unknown error occurred';
-    edgeLogger.error('Error notifying user about submission status', { action: 'notify_user_submission_status', requestId: tracking.requestId, error: errorMessage });
+  };
+};

-    endRequest(tracking, 500, errorMessage);
-
-    return new Response(
-      JSON.stringify({
-        success: false,
-        error: errorMessage,
-        requestId: tracking.requestId
-      }),
-      {
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId
-        },
-        status: 500,
-      }
-    );
-  }
-});
+serve(createEdgeFunction({
+  name: 'notify-user-submission-status',
+  requireAuth: false,
+  useServiceRole: true,
+  corsHeaders,
+  enableTracing: true,
+  logRequests: true,
+}, handler));
--- a/supabase/functions/process-expired-bans/index.ts
+++ b/supabase/functions/process-expired-bans/index.ts
@@ -1,16 +1,10 @@
-import { createClient } from 'https://esm.sh/@supabase/supabase-js@2.57.4';
-import { createEdgeFunction } from '../_shared/edgeFunctionWrapper.ts';
-import { edgeLogger } from '../_shared/logger.ts';
+import { serve } from 'https://deno.land/std@0.190.0/http/server.ts';
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
+import { addSpanEvent } from '../_shared/logger.ts';
+import { corsHeaders } from '../_shared/cors.ts';

-export default createEdgeFunction(
-  {
-    name: 'process-expired-bans',
-    requireAuth: false,
-  },
-  async (req, context, supabase) => {
-    edgeLogger.info('Processing expired bans', { 
-      requestId: context.requestId 
-    });
+const handler = async (req: Request, { supabase, span, requestId }: EdgeFunctionContext) => {
+  addSpanEvent(span, 'processing_expired_bans', { requestId });

    const now = new Date().toISOString();

@@ -23,25 +17,18 @@ export default createEdgeFunction(
      .lte('ban_expires_at', now);

    if (fetchError) {
-      edgeLogger.error('Error fetching expired bans', { 
-        error: fetchError,
-        requestId: context.requestId 
-      });
+      addSpanEvent(span, 'error_fetching_expired_bans', { error: fetchError.message });
      throw fetchError;
    }

-    edgeLogger.info('Found expired bans to process', { 
-      count: expiredBans?.length || 0,
-      requestId: context.requestId 
-    });
+    addSpanEvent(span, 'found_expired_bans', { count: expiredBans?.length || 0 });

    // Unban users with expired bans
    const unbannedUsers: string[] = [];
    for (const profile of expiredBans || []) {
-      edgeLogger.info('Unbanning user', { 
+      addSpanEvent(span, 'unbanning_user', { 
        username: profile.username,
-        userId: profile.user_id,
-        requestId: context.requestId 
+        userId: profile.user_id
      });
      
      const { error: unbanError } = await supabase
@@ -54,10 +41,9 @@ export default createEdgeFunction(
        .eq('user_id', profile.user_id);

      if (unbanError) {
-        edgeLogger.error('Failed to unban user', { 
+        addSpanEvent(span, 'failed_to_unban_user', { 
          username: profile.username,
-          error: unbanError,
-          requestId: context.requestId 
+          error: unbanError.message
        });
        continue;
      }
@@ -76,29 +62,28 @@ export default createEdgeFunction(
        });

      if (logError) {
-        edgeLogger.error('Failed to log auto-unban', { 
+        addSpanEvent(span, 'failed_to_log_auto_unban', { 
          username: profile.username,
-          error: logError,
-          requestId: context.requestId 
+          error: logError.message
        });
      }

      unbannedUsers.push(profile.username);
    }

-    edgeLogger.info('Successfully unbanned users', { 
-      count: unbannedUsers.length,
-      requestId: context.requestId 
-    });
+    addSpanEvent(span, 'successfully_unbanned_users', { count: unbannedUsers.length });

-    return new Response(
-      JSON.stringify({ 
+    return { 
      success: true,
      unbanned_count: unbannedUsers.length,
      unbanned_users: unbannedUsers,
      processed_at: now
-      }),
-      { headers: { 'Content-Type': 'application/json' } }
-    );
-  }
-);
+    };
+};
+
+serve(createEdgeFunction({
+  name: 'process-expired-bans',
+  requireAuth: false,
+  corsHeaders,
+  enableTracing: true,
+}, handler));
--- a/supabase/functions/rate-limit-metrics/index.ts
+++ b/supabase/functions/rate-limit-metrics/index.ts
@@ -1,11 +1,6 @@
-/**
- * Rate Limit Metrics API
- * 
- * Exposes rate limiting metrics for monitoring and analysis.
- * Requires admin/moderator authentication.
- */
-
-import { createEdgeFunction } from '../_shared/edgeFunctionWrapper.ts';
+import { serve } from 'https://deno.land/std@0.190.0/http/server.ts';
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
+import { corsHeaders } from '../_shared/cors.ts';
 import {
  getRecentMetrics,
  getMetricsStats,
@@ -15,18 +10,7 @@ import {
  clearMetrics,
 } from '../_shared/rateLimitMetrics.ts';

-interface QueryParams {
-  action?: string;
-  limit?: string;
-  timeWindow?: string;
-  functionName?: string;
-  userId?: string;
-  clientIP?: string;
-}
-
-const handler = async (req: Request, context: { supabase: any; user: any; span: any; requestId: string }) => {
-  const { supabase, user } = context;
-
+const handler = async (req: Request, { supabase, user, span, requestId }: EdgeFunctionContext) => {
  // Check if user has admin or moderator role
  const { data: roles } = await supabase
    .from('user_roles')
@@ -116,14 +100,10 @@ const handler = async (req: Request, context: { supabase: any; user: any; span:
  return responseData;
 };

-// Create edge function with automatic error handling, CORS, auth, and logging
-createEdgeFunction(
-  {
+serve(createEdgeFunction({
  name: 'rate-limit-metrics',
  requireAuth: true,
-    corsEnabled: true,
-    enableTracing: false,
-    rateLimitTier: 'lenient'
-  },
-  handler
-);
+  corsHeaders,
+  enableTracing: true,
+  rateLimitTier: 'lenient',
+}, handler));
--- a/supabase/functions/resend-deletion-code/index.ts
+++ b/supabase/functions/resend-deletion-code/index.ts
@@ -1,63 +1,13 @@
-import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
-import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
+import { serve } from 'https://deno.land/std@0.190.0/http/server.ts';
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
 import { corsHeaders } from '../_shared/cors.ts';
-import { rateLimiters, withRateLimit } from '../_shared/rateLimiter.ts';
-import { edgeLogger, startRequest, endRequest, logSpanToDatabase, startSpan, endSpan } from '../_shared/logger.ts';
+import { addSpanEvent } from '../_shared/logger.ts';

-// Apply moderate rate limiting (10 req/min) to prevent deletion code spam
-// Protects against abuse while allowing legitimate resend requests
-serve(withRateLimit(async (req) => {
-  const tracking = startRequest();
-  
-  if (req.method === 'OPTIONS') {
-    return new Response(null, { 
-      headers: { 
-        ...corsHeaders,
-        'X-Request-ID': tracking.requestId 
-      } 
-    });
-  }
-
-  try {
-    const supabaseClient = createClient(
-      Deno.env.get('SUPABASE_URL') ?? '',
-      Deno.env.get('SUPABASE_ANON_KEY') ?? '',
-      {
-        global: {
-          headers: { Authorization: req.headers.get('Authorization')! },
-        },
-      }
-    );
-
-    // Get authenticated user
-    const {
-      data: { user },
-      error: userError,
-    } = await supabaseClient.auth.getUser();
-
-    if (userError || !user) {
-      const duration = endRequest(tracking);
-      edgeLogger.error('Authentication failed', { 
-        action: 'resend_deletion_code',
-        requestId: tracking.requestId,
-        duration 
-      });
-      
-      // Persist error to database
-      const authErrorSpan = startSpan('resend-deletion-code-auth-error', 'SERVER');
-      endSpan(authErrorSpan, 'error', userError);
-      logSpanToDatabase(authErrorSpan, tracking.requestId);
-      throw new Error('Unauthorized');
-    }
-
-    edgeLogger.info('Resending deletion code for user', { 
-      action: 'resend_deletion_code',
-      requestId: tracking.requestId,
-      userId: user.id 
-    });
+const handler = async (req: Request, { supabase, user, span, requestId }: EdgeFunctionContext) => {
+  addSpanEvent(span, 'resending_deletion_code', { userId: user.id });

  // Find pending deletion request
-    const { data: deletionRequest, error: requestError } = await supabaseClient
+  const { data: deletionRequest, error: requestError } = await supabase
    .from('account_deletion_requests')
    .select('*')
    .eq('user_id', user.id)
@@ -68,17 +18,21 @@ serve(withRateLimit(async (req) => {
    throw new Error('No pending deletion request found');
  }

-    // Check rate limiting (max 3 resends per hour)
+  // Check rate limiting (max 3 resends per hour - ~20 minutes between resends)
  const lastSent = new Date(deletionRequest.confirmation_code_sent_at);
  const now = new Date();
  const hoursSinceLastSend = (now.getTime() - lastSent.getTime()) / (1000 * 60 * 60);

-    if (hoursSinceLastSend < 0.33) { // ~20 minutes between resends
+  if (hoursSinceLastSend < 0.33) {
+    addSpanEvent(span, 'resend_rate_limited', { 
+      hoursSinceLastSend,
+      minRequired: 0.33 
+    });
    throw new Error('Please wait at least 20 minutes between resend requests');
  }

  // Generate new confirmation code
-    const { data: codeData, error: codeError } = await supabaseClient
+  const { data: codeData, error: codeError } = await supabase
    .rpc('generate_deletion_confirmation_code');

  if (codeError) {
@@ -88,7 +42,7 @@ serve(withRateLimit(async (req) => {
  const confirmationCode = codeData as string;

  // Update deletion request with new code
-    const { error: updateError } = await supabaseClient
+  const { error: updateError } = await supabase
    .from('account_deletion_requests')
    .update({
      confirmation_code: confirmationCode,
@@ -102,6 +56,10 @@ serve(withRateLimit(async (req) => {

  const scheduledDate = new Date(deletionRequest.scheduled_deletion_at);

+  addSpanEvent(span, 'new_code_generated', { 
+    scheduledDeletionDate: scheduledDate.toISOString() 
+  });
+
  // Send email with new code
  const forwardEmailKey = Deno.env.get('FORWARDEMAIL_API_KEY');
  const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com';
@@ -130,64 +88,27 @@ serve(withRateLimit(async (req) => {
          `,
        }),
      });
-        edgeLogger.info('New confirmation code email sent', { requestId: tracking.requestId });
+      addSpanEvent(span, 'email_sent', { email: user.email });
    } catch (emailError) {
-        edgeLogger.error('Failed to send email', { 
-          requestId: tracking.requestId,
-          error: emailError.message
+      addSpanEvent(span, 'email_send_failed', { 
+        error: emailError instanceof Error ? emailError.message : String(emailError) 
      });
    }
  }

-    const duration = endRequest(tracking);
-    edgeLogger.info('New confirmation code sent successfully', { 
-      action: 'resend_deletion_code',
-      requestId: tracking.requestId,
-      userId: user.id,
-      duration 
-    });
+  addSpanEvent(span, 'resend_completed', { userId: user.id });

-    return new Response(
-      JSON.stringify({
+  return {
    success: true,
    message: 'New confirmation code sent successfully',
-        requestId: tracking.requestId,
-      }),
-      {
-        status: 200,
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId 
-        },
-      }
-    );
-  } catch (error) {
-    const duration = endRequest(tracking);
-    edgeLogger.error('Error resending code', { 
-      action: 'resend_deletion_code',
-      requestId: tracking.requestId,
-      duration,
-      error: error.message 
-    });
+  };
+};

-    // Persist error to database for monitoring
-    const errorSpan = startSpan('resend-deletion-code-error', 'SERVER');
-    endSpan(errorSpan, 'error', error);
-    logSpanToDatabase(errorSpan, tracking.requestId);
-    return new Response(
-      JSON.stringify({ 
-        error: error.message,
-        requestId: tracking.requestId 
-      }),
-      {
-        status: 400,
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId 
-        },
-      }
-    );
-  }
-}, rateLimiters.moderate, corsHeaders));
+serve(createEdgeFunction({
+  name: 'resend-deletion-code',
+  requireAuth: true,
+  corsHeaders,
+  enableTracing: true,
+  logRequests: true,
+  rateLimitTier: 'moderate', // 10 requests per minute
+}, handler));
--- a/supabase/functions/send-escalation-notification/index.ts
+++ b/supabase/functions/send-escalation-notification/index.ts
@@ -1,7 +1,7 @@
 import { serve } from "https://deno.land/std@0.190.0/http/server.ts";
-import { createClient } from "https://esm.sh/@supabase/supabase-js@2.57.4";
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
 import { corsHeaders } from '../_shared/cors.ts';
-import { edgeLogger, startRequest, endRequest, logSpanToDatabase, startSpan, endSpan } from '../_shared/logger.ts';
+import { addSpanEvent } from '../_shared/logger.ts';
 import { withEdgeRetry } from '../_shared/retryHelper.ts';

 interface EscalationRequest {
@@ -10,27 +10,10 @@ interface EscalationRequest {
  escalatedBy: string;
 }

-serve(async (req) => {
-  const tracking = startRequest();
-  
-  if (req.method === 'OPTIONS') {
-    return new Response(null, { headers: corsHeaders });
-  }
-
-  try {
-    const supabase = createClient(
-      Deno.env.get('SUPABASE_URL') ?? '',
-      Deno.env.get('SUPABASE_SERVICE_ROLE_KEY') ?? ''
-    );
-
+const handler = async (req: Request, { supabase, span, requestId }: EdgeFunctionContext) => {
  const { submissionId, escalationReason, escalatedBy }: EscalationRequest = await req.json();

-    edgeLogger.info('Processing escalation notification', { 
-      requestId: tracking.requestId,
-      submissionId, 
-      escalatedBy,
-      action: 'send_escalation'
-    });
+  addSpanEvent(span, 'processing_escalation', { submissionId, escalatedBy });

  // Fetch submission details
  const { data: submission, error: submissionError } = await supabase
@@ -51,11 +34,7 @@ serve(async (req) => {
    .single();

  if (escalatorError) {
-      edgeLogger.error('Failed to fetch escalator profile', { 
-        requestId: tracking.requestId,
-        error: escalatorError.message,
-        escalatedBy
-      });
+    addSpanEvent(span, 'escalator_profile_fetch_failed', { error: escalatorError.message });
  }

  // Fetch submission items count
@@ -65,11 +44,7 @@ serve(async (req) => {
    .eq('submission_id', submissionId);

  if (countError) {
-      edgeLogger.error('Failed to fetch items count', { 
-        requestId: tracking.requestId,
-        error: countError.message,
-        submissionId
-      });
+    addSpanEvent(span, 'items_count_fetch_failed', { error: countError.message });
  }

  // Prepare email content
@@ -175,6 +150,8 @@ serve(async (req) => {
    throw new Error('Email configuration is incomplete. Please check environment variables.');
  }

+  addSpanEvent(span, 'sending_escalation_email', { adminEmail });
+
  const emailResult = await withEdgeRetry(
    async () => {
      const emailResponse = await fetch('https://api.forwardemail.net/v1/emails', {
@@ -196,7 +173,7 @@ serve(async (req) => {
        let errorText;
        try {
          errorText = await emailResponse.text();
-          } catch (parseError) {
+        } catch {
          errorText = 'Unable to parse error response';
        }
        
@@ -205,19 +182,16 @@ serve(async (req) => {
        throw error;
      }

-        const result = await emailResponse.json();
-        return result;
+      return await emailResponse.json();
    },
    { maxAttempts: 3, baseDelay: 1500, maxDelay: 10000 },
-      tracking.requestId,
+    requestId,
    'send-escalation-email'
  );
-    edgeLogger.info('Email sent successfully', { 
-      requestId: tracking.requestId,
-      emailId: emailResult.id
-    });
  
-    // Update submission with notification status
+  addSpanEvent(span, 'email_sent', { emailId: emailResult.id });
+
+  // Update submission with escalation status
  const { error: updateError } = await supabase
    .from('content_submissions')
    .update({
@@ -229,57 +203,26 @@ serve(async (req) => {
    .eq('id', submissionId);

  if (updateError) {
-      edgeLogger.error('Failed to update submission escalation status', { 
-        requestId: tracking.requestId,
-        error: updateError.message,
-        submissionId
-      });
+    addSpanEvent(span, 'submission_update_failed', { error: updateError.message });
  }

-    const duration = endRequest(tracking);
-    edgeLogger.info('Escalation notification sent', { 
-      requestId: tracking.requestId, 
-      duration, 
+  addSpanEvent(span, 'escalation_notification_complete', { 
    emailId: emailResult.id,
    submissionId
  });

-    return new Response(
-      JSON.stringify({
+  return {
    success: true,
    message: 'Escalation notification sent successfully',
    emailId: emailResult.id,
-        requestId: tracking.requestId
-      }),
-      { headers: { 
-        ...corsHeaders, 
-        'Content-Type': 'application/json',
-        'X-Request-ID': tracking.requestId 
-      } }
-    );
-  } catch (error) {
-    const duration = endRequest(tracking);
-    edgeLogger.error('Error in send-escalation-notification', { 
-      requestId: tracking.requestId, 
-      duration,
-      error: error instanceof Error ? error.message : 'Unknown error'
-    });
+  };
+};

-    // Persist error to database for monitoring
-    const errorSpan = startSpan('send-escalation-notification-error', 'SERVER');
-    endSpan(errorSpan, 'error', error);
-    logSpanToDatabase(errorSpan, tracking.requestId);
-    return new Response(
-      JSON.stringify({ 
-        error: error instanceof Error ? error.message : 'Unknown error occurred',
-        details: 'Failed to send escalation notification',
-        requestId: tracking.requestId
-      }),
-      { status: 500, headers: { 
-        ...corsHeaders, 
-        'Content-Type': 'application/json',
-        'X-Request-ID': tracking.requestId 
-      } }
-    );
-  }
-});
+serve(createEdgeFunction({
+  name: 'send-escalation-notification',
+  requireAuth: false,
+  useServiceRole: true,
+  corsHeaders,
+  enableTracing: true,
+  logRequests: true,
+}, handler));
--- a/supabase/functions/send-password-added-email/index.ts
+++ b/supabase/functions/send-password-added-email/index.ts
@@ -1,7 +1,7 @@
 import { serve } from 'https://deno.land/std@0.168.0/http/server.ts';
-import { createClient } from 'https://esm.sh/@supabase/supabase-js@2';
+import { createEdgeFunction, type EdgeFunctionContext } from '../_shared/edgeFunctionWrapper.ts';
 import { corsHeaders } from '../_shared/cors.ts';
-import { edgeLogger, startRequest, endRequest, logSpanToDatabase, startSpan, endSpan } from '../_shared/logger.ts';
+import { addSpanEvent } from '../_shared/logger.ts';

 interface EmailRequest {
  email: string;
@@ -9,58 +9,14 @@ interface EmailRequest {
  username?: string;
 }

-serve(async (req) => {
-  const tracking = startRequest();
-  
-  if (req.method === 'OPTIONS') {
-    return new Response(null, { 
-      headers: { 
-        ...corsHeaders,
-        'X-Request-ID': tracking.requestId 
-      } 
-    });
-  }
-
-  try {
-    const supabaseClient = createClient(
-      Deno.env.get('SUPABASE_URL') ?? '',
-      Deno.env.get('SUPABASE_ANON_KEY') ?? '',
-      {
-        global: {
-          headers: { Authorization: req.headers.get('Authorization')! },
-        },
-      }
-    );
-
-    const { data: { user }, error: userError } = await supabaseClient.auth.getUser();
-
-    if (userError || !user) {
-      const duration = endRequest(tracking);
-      edgeLogger.error('Authentication failed', { 
-        action: 'send_password_email',
-        requestId: tracking.requestId,
-        duration 
-      });
-      
-      // Persist error to database
-      const authErrorSpan = startSpan('send-password-added-email-auth-error', 'SERVER');
-      endSpan(authErrorSpan, 'error', userError);
-      logSpanToDatabase(authErrorSpan, tracking.requestId);
-      throw new Error('Unauthorized');
-    }
-
+const handler = async (req: Request, { user, span, requestId }: EdgeFunctionContext) => {
  const { email, displayName, username }: EmailRequest = await req.json();

  if (!email) {
    throw new Error('Email is required');
  }

-    edgeLogger.info('Sending password added email', { 
-      action: 'send_password_email',
-      requestId: tracking.requestId,
-      userId: user.id,
-      email 
-    });
+  addSpanEvent(span, 'sending_password_email', { userId: user.id, email });

  const recipientName = displayName || username || 'there';
  const siteUrl = Deno.env.get('SITE_URL') || 'https://thrillwiki.com';
@@ -139,7 +95,7 @@ serve(async (req) => {
  const fromEmail = Deno.env.get('FROM_EMAIL_ADDRESS') || 'noreply@thrillwiki.com';

  if (!forwardEmailKey) {
-      edgeLogger.error('FORWARDEMAIL_API_KEY not configured', { requestId: tracking.requestId });
+    addSpanEvent(span, 'email_config_missing', {});
    throw new Error('Email service not configured');
  }

@@ -159,67 +115,25 @@ serve(async (req) => {

  if (!emailResponse.ok) {
    const errorText = await emailResponse.text();
-      edgeLogger.error('ForwardEmail API error', { 
-        requestId: tracking.requestId,
+    addSpanEvent(span, 'email_send_failed', { 
      status: emailResponse.status,
-        errorText
+      error: errorText
    });
    throw new Error(`Failed to send email: ${emailResponse.statusText}`);
  }

-    const duration = endRequest(tracking);
-    edgeLogger.info('Password addition email sent successfully', { 
-      action: 'send_password_email',
-      requestId: tracking.requestId,
-      userId: user.id,
-      email,
-      duration 
-    });
+  addSpanEvent(span, 'email_sent_successfully', { email });

-    return new Response(
-      JSON.stringify({
+  return {
    success: true,
    message: 'Password addition email sent successfully',
-        requestId: tracking.requestId,
-      }),
-      {
-        status: 200,
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId 
-        },
-      }
-    );
+  };
+};

-  } catch (error) {
-    const duration = endRequest(tracking);
-    edgeLogger.error('Error in send-password-added-email function', { 
-      action: 'send_password_email',
-      requestId: tracking.requestId,
-      duration,
-      error: error instanceof Error ? error.message : 'Unknown error' 
-    });
-    
-    // Persist error to database for monitoring
-    const errorSpan = startSpan('send-password-added-email-error', 'SERVER');
-    endSpan(errorSpan, 'error', error);
-    logSpanToDatabase(errorSpan, tracking.requestId);
-    
-    return new Response(
-      JSON.stringify({
-        success: false,
-        error: error instanceof Error ? error.message : 'Unknown error',
-        requestId: tracking.requestId,
-      }),
-      {
-        status: 500,
-        headers: { 
-          ...corsHeaders, 
-          'Content-Type': 'application/json',
-          'X-Request-ID': tracking.requestId 
-        },
-      }
-    );
-  }
-});
+serve(createEdgeFunction({
+  name: 'send-password-added-email',
+  requireAuth: true,
+  corsHeaders,
+  enableTracing: true,
+  logRequests: true,
+}, handler));