[POC] W3C/OpenTelemetry Trace Context Propagation#2163
Draft
[POC] W3C/OpenTelemetry Trace Context Propagation#2163
Conversation
Implements automatic trace context propagation for distributed tracing across all Supabase services. When enabled, the SDK automatically attaches trace context headers (traceparent, tracestate, baggage) to outgoing requests, enabling end-to-end request tracing from client applications through Supabase services. ## Changes ### New Package: @supabase/trace-propagation - Created shared package for trace context utilities - Implements W3C Trace Context specification parsing - Supports OpenTelemetry API integration with graceful fallback - Provides URL target validation (string, RegExp, function matchers) - Includes 63 unit tests with 85%+ coverage ### Enhanced: @supabase/supabase-js - Updated fetchWithAuth to inject trace headers automatically - Added TracePropagationOptions configuration API - Updated SupabaseClient to support trace propagation - Added Realtime WebSocket trace context via query parameters - Added 9 integration tests for trace propagation scenarios - Added comprehensive documentation to README ## Features - **Auto-detection**: Automatically detects active trace context from OpenTelemetry API - **Custom extractors**: Support for custom tracing systems - **Security-first**: Only propagates to Supabase domains by default - **Configurable targets**: Support for custom allowed domains - **Sampling aware**: Respects upstream sampling decisions - **Zero breaking changes**: Fully backward compatible ## Configuration Modes - `auto` (default): Automatically detect and propagate trace context - `off`: Disable trace propagation - `manual`: Only propagate manually set headers ## Testing - All builds pass (nx build supabase-js) - All type checks pass - 63 unit tests pass in trace-propagation package - 95 unit tests pass in supabase-js (including new tests) - 85%+ code coverage across all modules Related: Linear SDK-578 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Central YAML (base), Organization UI (inherited) Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
@supabase/auth-js
@supabase/functions-js
@supabase/postgrest-js
@supabase/realtime-js
@supabase/storage-js
@supabase/supabase-js
commit: |
Ziinc
requested changes
Mar 12, 2026
| const supabase = createClient('https://xyzcompany.supabase.co', 'public-anon-key', { | ||
| tracePropagation: { | ||
| mode: 'auto', | ||
| respectSamplingDecision: false, // Always propagate, ignore sampling |
Rename @supabase/trace-propagation to @supabase/tracing for consistency with naming conventions across the codebase. Changes: - Rename packages/shared/trace-propagation to packages/shared/tracing - Update package name from @supabase/trace-propagation to @supabase/tracing - Update all imports in supabase-js package - Update workspace configuration - Rename test-trace-propagation to test-tracing Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove the customExtractor option from trace propagation configuration. Users should rely on OpenTelemetry API for trace context extraction. Changes: - Remove customExtractor field from TracePropagationOptions interface - Remove customExtractor parameter from extractTraceContext function - Update all code that used customExtractor - Remove custom extractor tests - Update documentation in READMEs Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Simplify trace propagation API by changing from string-based mode
('auto' | 'off' | 'manual') to a simple boolean flag (enabled).
Changes:
- Replace TracePropagationMode type with boolean enabled field
- Remove mode field from TracePropagationOptions interface
- Add enabled?: boolean field (defaults to true)
- Update all code to check enabled flag instead of mode
- Remove 'manual' mode functionality
- Update tests to use boolean flag
- Update documentation in README
BREAKING CHANGE: The tracePropagation.mode option has been replaced with
tracePropagation.enabled. Update from { mode: 'auto' } to { enabled: true }
and from { mode: 'off' } to { enabled: false }.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove the ability for users to customize which domains receive trace context headers. Trace propagation is now restricted to Supabase domains only (*.supabase.co, *.supabase.in, localhost) for security. Changes: - Remove targets field from TracePropagationOptions interface - Remove TracePropagationTarget import from types - Update code to always use default Supabase domains - Remove custom targets test case - Update documentation to reflect fixed target domains BREAKING CHANGE: The tracePropagation.targets option has been removed. Trace context is now only propagated to Supabase domains for security. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Remove trace context propagation for Realtime WebSocket connections. Trace propagation is now only applied to HTTP requests (REST API, Storage, Functions, Auth) and not to WebSocket connections. Changes: - Remove trace context extraction from _initRealtimeClient - Remove extractTraceContext import from SupabaseClient.ts - Simplify Realtime client initialization Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is a proof of concept to demonstrate W3C/OpenTelemetry trace context propagation in the Supabase JS SDK. It is not ready for production and should not be merged without further review, discussion, and refinement.
Summary
Implements automatic W3C/OpenTelemetry trace context propagation for HTTP requests to Supabase services (Auth, Storage, PostgREST, Functions). This enables end-to-end distributed tracing from client applications through Supabase services.
Key Design Principles:
Implementation
New Package:
@supabase/tracingCreated shared package in
packages/shared/tracing/with:Core Changes:
@supabase/supabase-jsEnhanced
fetchWithAuthinpackages/core/supabase-js/src/lib/fetch.tsto inject trace headers:Configuration
Usage Examples
Auto-Detection (Default)
Disable Trace Propagation
Ignore Sampling Decisions
Architecture
Centralized Injection Pattern:
Security Model:
Testing
packages/shared/tracing/test/(90%+ coverage)packages/core/supabase-js/test/unit/fetch.test.tstest-tracing/What Still Needs Work
References
Test Plan
This is a POC for exploration and feedback. Do not merge without thorough review.
🤖 Generated with Claude Code