Skip to content

Feat: add crash reporting to Sentry#219

Merged
hisenb3rg merged 3 commits into
mainfrom
feat/add-sentry
Jun 12, 2026
Merged

Feat: add crash reporting to Sentry#219
hisenb3rg merged 3 commits into
mainfrom
feat/add-sentry

Conversation

@hisenb3rg

@hisenb3rg hisenb3rg commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Introduce plain2code_telemetry.py, which reports only unexpected exceptions to Sentry — expected user-facing errors (now collected in EXPECTED_EXCEPTIONS in plain2code.py) are never sent. Sentry DSN is not secret and safe to share in the code.

Privacy and safety measures:

  • Telemetry crash reporting can be disabled via CODEPLAIN_NO_TELEMETRY=1
  • Local variables likely to hold spec or generated code are scrubbed from stack traces, api-key explicitly scrubbed
  • Telemetry failures are swallowed so they never break the CLI or mask the original crash

@hisenb3rg

Copy link
Copy Markdown
Contributor Author

Commit ef949d9 is not ideal as it is adding more context to the RunState. I suggest to remove it for now, unless we believe these two additional args are very helpful in the crash reports.

@hisenb3rg hisenb3rg requested a review from NejcS June 12, 2026 09:12
Comment thread plain2code_telemetry.py

@NejcS NejcS left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left one minor comment. Definitely not a blocker for merging.

Comment thread plain2code_telemetry.py
Comment thread cli_output/render_summary.py Outdated
Add current module, FRID, state-machine state onto RunState as rendering
progresses, so a crash handler can use it and report where the renderer
was.

fixup: add module to runstate
@hisenb3rg hisenb3rg force-pushed the feat/add-sentry branch 2 times, most recently from 3f2aa36 to de3c2cf Compare June 12, 2026 12:35
Introduce plain2code_telemetry.py, which reports only unexpected
exceptions to Sentry — expected user-facing errors (now collected in
EXPECTED_EXCEPTIONS in plain2code.py) are never sent.

Privacy and safety measures:
- Disabled via CODEPLAIN_NO_TELEMETRY=1; user is informed in the exit
  summary whenever a crash report was sent
- Local variables likely to hold spec or generated code are scrubbed
  from stack traces; no PII or hostname sent, only render context tags
- Telemetry failures are swallowed so they never break the CLI or mask
  the original crash
The 'headers' local in codeplain_REST_api.post_request holds the raw
API key (X-API-Key) and was serialized into stack trace frame vars.
Add 'headers' and the hyphenated 'x-api-key' to the scrub denylist
(the SDK default only covers the underscore form) and enable recursive
scrubbing so sensitive keys nested inside dict locals are filtered too.

Users remain identifiable via the existing render_id tag, which the
backend can map to an account since every render API call sends the
render_id on an authenticated request.
@hisenb3rg hisenb3rg merged commit 3966572 into main Jun 12, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants