feat(open-next): create cloudflare-sentry-tail package#8842
feat(open-next): create cloudflare-sentry-tail package#8842
Conversation
Creates a `cloudflare-sentry-tail` package that enables us to add a tail worker to the open next deployment of the site. This package should be publishable as well so that we can reuse it in the release worker. Signed-off-by: flakey5 <73616808+flakey5@users.noreply.github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
PR SummaryMedium Risk Overview Integrates this tail handler into the site’s Cloudflare Reviewed by Cursor Bugbot for commit c0468e2. Bugbot is set up for automated code reviews on this repo. Configure here. |
👋 Codeowner Review RequestThe following codeowners have been identified for the changed files: Team reviewers: @nodejs/web-infra @nodejs/nodejs-website Please review the changes when you have a chance. Thank you! 🙏 |
| const buffer = new Uint32Array(1); | ||
| crypto.getRandomValues(buffer); | ||
|
|
||
| const random = buffer[0] / 4294967295; |
There was a problem hiding this comment.
idk where this number comes from but it works so 🤷
There was a problem hiding this comment.
4294967295 is the maximum value that an element in an Unit32Array could have:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray#typedarray_objects
maybe we can add a constant here instead of this magic number?
There was a problem hiding this comment.
Also, let's be a bit more apparent in where it comes from:
const UINT_32_LIMIT = 2 ** 32
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #8842 +/- ##
==========================================
- Coverage 73.87% 73.82% -0.05%
==========================================
Files 105 105
Lines 8883 8883
Branches 326 327 +1
==========================================
- Hits 6562 6558 -4
- Misses 2320 2324 +4
Partials 1 1 ☔ View full report in Codecov by Sentry. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit c0468e2. Configure here.
| @@ -0,0 +1,3 @@ | |||
| { | |||
| "**/*.{ts}": ["prettier --check --write", "eslint --fix"] | |||
There was a problem hiding this comment.
Single-item brace glob fails to match TypeScript files
Medium Severity
The glob pattern **/*.{ts} uses a single-item brace expression, which micromatch (used by both lint-staged and turbo) does not expand — it is treated as a literal string. As a result, lint-staged will not run prettier/eslint on .ts files in this package, and turbo will not track .ts files as inputs for the lint:js task, silently breaking cache invalidation. The correct form requires multiple items, e.g. **/*.ts or **/*.{ts,tsx}, as used in sibling packages.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit c0468e2. Configure here.
| tlsExportedAuthenticator: request.cf?.tlsExportedAuthenticator, | ||
| tlsVersion: request.cf?.tlsVersion, | ||
| }, | ||
| }; |
There was a problem hiding this comment.
Tail worker sends PII headers and geo data to Sentry
High Severity
The tail handler copies all request headers (only authorization and cookie are redacted) plus request.cf fields such as asn, colo, country, timezone, etc. into the Sentry event. Headers like user-agent, cf-connecting-ip, x-forwarded-for, and x-real-ip expose client IPs and fingerprinting data, which is exactly the PII that the project's Sentry policy forbids forwarding (the reason sendDefaultPii: true is disallowed). Redacting only auth/cookie does not address the IP and user-agent exposure.
Additional Locations (1)
Triggered by learned rule: Sentry configuration rules for Cloudflare Workers
Reviewed by Cursor Bugbot for commit c0468e2. Configure here.
| "lint:fix": "node --run lint:js:fix", | ||
| "lint:js": "eslint \"**/*.ts\"", | ||
| "lint:js:fix": "node --run lint:js -- --fix" | ||
| }, |
There was a problem hiding this comment.
New package lacks lint:types script, skips type checking
Medium Severity
The new package registers a lint:types task in turbo.json but provides no corresponding lint:types script in package.json, so turbo lint:types (invoked in CI and the husky pre-commit hook) silently does nothing for this package. Combined with apps/site/tsconfig.json excluding cloudflare/worker-entrypoint.ts from type checking, neither the new 300+ line tail worker source nor its consumer is type-checked anywhere, letting type errors reach production undetected.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit c0468e2. Configure here.
There was a problem hiding this comment.
this issue seems legit 🤔
| "lint:fix": "node --run lint:js:fix", | ||
| "lint:js": "eslint \"**/*.ts\"", | ||
| "lint:js:fix": "node --run lint:js -- --fix" | ||
| }, |
There was a problem hiding this comment.
this issue seems legit 🤔
| const buffer = new Uint32Array(1); | ||
| crypto.getRandomValues(buffer); | ||
|
|
||
| const random = buffer[0] / 4294967295; |
There was a problem hiding this comment.
4294967295 is the maximum value that an element in an Unit32Array could have:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/TypedArray#typedarray_objects
maybe we can add a constant here instead of this magic number?
| // Allocate space for the elements we're gonna add | ||
| sentryEvent.breadcrumbs.length += | ||
| item.logs.length + | ||
| item.diagnosticsChannelEvents.length + | ||
| item.exceptions.length; |
There was a problem hiding this comment.
Arrays in JavaScript automatically expand as you add elements to them, see:
So I don't think we need to allocate memory for the new elements here 🤔
| sentryEvent.fingerprint!.length += item.exceptions.length; | ||
| sentryEvent.exception!.values!.length += item.exceptions.length; |
There was a problem hiding this comment.
Like my other comment, I don't think that any "allocation" is needed for the arrays
| @@ -0,0 +1,31 @@ | |||
| { | |||
| "name": "@node-core/cloudflare-sentry-tail", | |||
There was a problem hiding this comment.
Can you open an issue in admin for this package?
3 participants
Creates a
cloudflare-sentry-tailpackage that enables us to add a tail worker to the open next deployment of the site.This package should be publishable as well so that we can reuse it in the release worker.
Description
Validation
Related Issues
Check List
pnpm formatto ensure the code follows the style guide.pnpm testto check if all tests are passing.pnpm buildto check if the website builds without errors.