fix(sentry): Harden observability and privacy telemetry#221
fix(sentry): Harden observability and privacy telemetry#221cameroncooke wants to merge 4 commits intomainfrom
Conversation
Limit Sentry capture to internal infrastructure signals while keeping\nuseful operational visibility for CLI and MCP runtimes.\n\nAdd runtime and dependency context tags, add daemon/bootstrap/tool metrics,\nand tighten redaction and logging behavior to avoid user-domain payloads. Fixes #204 Co-Authored-By: Claude <noreply@anthropic.com>
Capture all remaining updates in the current worktree, including\nworkflow/config/script adjustments and code simplifications across\nCLI, daemon, runtime, server, and utility modules.
commit: |
19fa0fc to
8359a69
Compare
| xcodeVersion.developerDir || | ||
| xcodeVersion.xcodebuildPath, | ||
| ); | ||
| const axeBinary = resolveAxeBinary(); | ||
| const axeAvailable = axeBinary !== null; | ||
| const axeSource = axeBinary?.source ?? 'unavailable'; | ||
| const xcodemakeAvailable = isXcodemakeBinaryAvailable(); | ||
| const axeVersion = await getAxeVersionMetadata(async (command) => { | ||
| const result = await commandExecutor(command, 'Get AXe Version'); | ||
| return { success: result.success, output: result.output }; | ||
| }, axeBinary?.path); |
There was a problem hiding this comment.
Bug: The await calls to getXcodeVersionMetadata() and getAxeVersionMetadata() during daemon startup can hang indefinitely because the underlying command execution has no timeout.
Severity: CRITICAL
Suggested Fix
Wrap the calls to getXcodeVersionMetadata() and getAxeVersionMetadata() in a timeout mechanism, such as Promise.race with a setTimeout. This will prevent the daemon startup from blocking indefinitely if the version check commands hang. Alternatively, implement a timeout within the command execution utility itself.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: src/daemon.ts#L196-L214
Potential issue: During daemon startup, `getXcodeVersionMetadata()` and
`getAxeVersionMetadata()` are called synchronously. These functions execute external
commands, such as `xcodebuild -version`, using Node.js's `spawn()` which lacks a
built-in timeout. In certain real-world scenarios, like when an Xcode license needs
acceptance, these commands can hang indefinitely. Because these `await` calls are not
protected by a timeout mechanism, the promise will never resolve, causing the entire
daemon startup process to block. This prevents the daemon from ever starting and
listening for connections.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| } | ||
|
|
||
| return false; | ||
| } |
There was a problem hiding this comment.
New direct statSync usage bypasses filesystem executor injection
Low Severity
The newly added isExecutable and isXcodemakeBinaryAvailable functions use statSync imported directly from fs rather than going through the FileSystemExecutor injection pattern. The project's architectural rules flag any new direct fs usage as critical — the DI rule requires filesystem operations to go through injected executors.
Triggered by project rule: Bugbot Review Guide for XcodeBuildMCP


Improve Sentry instrumentation for XcodeBuildMCP so we keep actionable internal observability while reducing privacy risk and user-domain noise.
This updates runtime tagging, redaction, and metric coverage across CLI/MCP/daemon paths. It also adds Sentry-focused docs updates and an audit report, plus related simplifications and supporting workflow/script updates that were pending in this branch.
For telemetry behavior, the key direction is: keep infra/server diagnostics, avoid capturing user project/tool payloads, and make runtime/dependency context explicit for debugging.
Fixes #204