fix(sentry): Harden observability and privacy telemetry#221
fix(sentry): Harden observability and privacy telemetry#221cameroncooke wants to merge 2 commits intomainfrom
Conversation
Limit Sentry capture to internal infrastructure signals while keeping\nuseful operational visibility for CLI and MCP runtimes.\n\nAdd runtime and dependency context tags, add daemon/bootstrap/tool metrics,\nand tighten redaction and logging behavior to avoid user-domain payloads. Fixes #204 Co-Authored-By: Claude <noreply@anthropic.com>
Capture all remaining updates in the current worktree, including\nworkflow/config/script adjustments and code simplifications across\nCLI, daemon, runtime, server, and utility modules.
commit: |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 4 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| setTagIfDefined('config.xcode_ide_workflow_enabled', boolToTag(context.xcodeIdeWorkflowEnabled)); | ||
| setTagIfDefined('axe.available', boolToTag(context.axeAvailable)); | ||
| setTagIfDefined('axe.source', context.axeSource); | ||
| setTagIfDefined('axe.path_mode', context.axeSource); |
There was a problem hiding this comment.
Duplicate tag: axe.path_mode copies axe.source value
Medium Severity
axe.path_mode and axe.source both receive the same context.axeSource value, producing a redundant duplicate tag. The axe.path_mode tag name implies it tracks a distinct property, but it's set to the identical value as axe.source — almost certainly a copy-paste oversight from when the tags were being wired up.
|
|
||
| return { available: true, version }; | ||
| return event; | ||
| } |
There was a problem hiding this comment.
redactEvent omits tag values from path scrubbing
Medium Severity
The redactEvent beforeSend hook scrubs message, exception, and extra fields but does not scrub event.tags. Tags like xcode.developer_dir and xcode.xcodebuild_path (set via setSentryRuntimeContext) contain filesystem paths that could include /Users/<username>/… in non-standard Xcode installations. These would be sent to Sentry unredacted, contradicting the privacy docs' claim that user home paths are scrubbed before send.
Additional Locations (1)
Triggered by project rule: Bugbot Review Guide for XcodeBuildMCP
| - GitHub issue: https://github.com/getsentry/XcodeBuildMCP/issues/204 | ||
| - `/Users/cameroncooke/.codex/worktrees/a59a/XcodeBuildMCP/src/utils/sentry.ts` | ||
| - `/Users/cameroncooke/.codex/worktrees/a59a/XcodeBuildMCP/src/server/server.ts` | ||
| - `/Users/cameroncooke/.codex/worktrees/a59a/XcodeBuildMCP/src/utils/logger.ts` |
There was a problem hiding this comment.
Developer filesystem paths committed in audit report
Low Severity
The audit report contains multiple unredacted local filesystem paths like /Users/cameroncooke/.codex/worktrees/a59a/XcodeBuildMCP/..., exposing a developer's username and machine-specific directory structure in committed documentation. This is ironic for a PR focused on reducing PII — these paths could be replaced with relative repo paths.
Additional Locations (2)
Triggered by project rule: Bugbot Review Guide for XcodeBuildMCP
| return error.name || 'Error'; | ||
| } | ||
| return typeof error; | ||
| } |
There was a problem hiding this comment.
Identical getErrorKind duplicated across two files
Low Severity
The getErrorKind function is identically defined as a private function in both src/utils/config-store.ts and src/runtime/tool-invoker.ts. Both were added in this PR. This duplicated logic increases the risk of inconsistent future fixes — it could be extracted into a shared utility.
Additional Locations (1)
1 participant
Improve Sentry instrumentation for XcodeBuildMCP so we keep actionable internal observability while reducing privacy risk and user-domain noise.
This updates runtime tagging, redaction, and metric coverage across CLI/MCP/daemon paths. It also adds Sentry-focused docs updates and an audit report, plus related simplifications and supporting workflow/script updates that were pending in this branch.
For telemetry behavior, the key direction is: keep infra/server diagnostics, avoid capturing user project/tool payloads, and make runtime/dependency context explicit for debugging.
Fixes #204