feat: add Sentry error tracking with defensive error boundary

- Initialize Sentry SDK in index.tsx when VITE_SENTRY_DSN env var is set
- Wrap entire App with Sentry.ErrorBoundary (replaces the hard crash with a retry UI)
- 5% trace sample rate, sendDefaultPii disabled, strip events containing accessToken
- Add .env.production template with VITE_SENTRY_DSN placeholder
- Get your DSN from sentry.io -> Project Settings -> Client Keys

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

src/index.tsx

@@ -1,4 +1,5 @@
 /* eslint-disable import/first */
+import * as Sentry from '@sentry/react';
 import React from 'react';
 import { createRoot } from 'react-dom/client';
 import { enableMapSet } from 'immer';
@@ -6,6 +7,25 @@ import '@fontsource/inter/variable.css';
 import 'folds/dist/style.css';
 import { configClass, varsClass } from 'folds';
 
+if (import.meta.env.VITE_SENTRY_DSN) {
+  Sentry.init({
+    dsn: import.meta.env.VITE_SENTRY_DSN,
+    environment: import.meta.env.MODE,
+    release: import.meta.env.VITE_APP_VERSION,
+    tracesSampleRate: 0.05,
+    // Don't send PII — strip user IPs and don't attach user info automatically
+    sendDefaultPii: false,
+    beforeSend(event) {
+      // Scrub any accessToken that may have leaked into breadcrumbs/data
+      const str = JSON.stringify(event);
+      if (str.includes('access_token') || str.includes('accessToken')) {
+        return null;
+      }
+      return event;
+    },
+  });
+}
+
 enableMapSet();
 
 import './index.css';