HeadlessTracker

Adds opt-in error reporting and hardens the holdings fan-out so one broken connector can no longer take down a whole request.

Added

• Opt-in Sentry error reporting, zero new dependencies. Set SENTRY_DSN and the server reports unexpected connector exceptions and upstream schema mismatches; leave it unset (the default) and every capture is a silent no-op. No @sentry/node (it pulls ~20 packages / the OpenTelemetry stack for one HTTP POST) -- instead a ~150-line client posts a Sentry envelope via Node fetch, self-authenticating with the DSN. Privacy hard rule: never sends portfolio data (no amounts, balances, addresses, API keys, or labels), only the error class, a scrubbed message/stack, and the connector id / operation. All strings pass a scrubber that redacts EVM/base58 address shapes and OS usernames.

Fixed

• A connector that throws no longer wipes out every account. The per-account Promise.all fan-out had no error boundary, so any unexpected exception rejected the whole aggregated request and every other account returned nothing. Each fetch is now wrapped: a throw is caught, reported (if Sentry is on), and degraded to a single unknown failure for that one account while healthy accounts return normally. Pinned by a regression test.

343 tests green (up from 332).

Not financial advice -- data aggregation tool only.