fix(dsn): make code scanner monorepo-aware and extend --fresh to bypass DSN cache#420
Merged
fix(dsn): make code scanner monorepo-aware and extend --fresh to bypass DSN cache#420
Conversation
The code scanner used MAX_SCAN_DEPTH=2 which couldn't reach files inside monorepo packages (e.g., packages/spotlight/src/instrument.ts at depth 3). The packages/ prefix consumed the full depth budget, leaving nothing for src/. Bump MAX_SCAN_DEPTH to 3 and reset depth to 0 when entering a monorepo package directory (packages/*, apps/*, etc.), giving each package its own depth budget. This matches how the env file scanner already handles monorepos. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
Semver Impact of This PR🟢 Patch (bug fixes) 📋 Changelog PreviewThis is how your changes will appear in the changelog. New Features ✨Init
Issue List
Other
Bug Fixes 🐛Dsn
Init
Other
Documentation 📚
Internal Changes 🔧Init
Other
Other
🤖 This preview updates automatically when you update the PR. |
Contributor
Codecov Results 📊✅ 111 passed | Total: 111 | Pass Rate: 100% | Execution Time: 0ms 📊 Comparison with Base Branch
✨ No test changes detected All tests are passing successfully. ✅ Patch coverage is 96.43%. Project has 1065 uncovered lines. Files with missing lines (3)
Coverage diff@@ Coverage Diff @@
## main #PR +/-##
==========================================
+ Coverage 95.02% 95.03% +0.01%
==========================================
Files 159 159 —
Lines 21404 21428 +24
Branches 0 0 —
==========================================
+ Hits 20339 20363 +24
- Misses 1065 1065 —
- Partials 0 0 —Generated by Codecov Action |
After the scanner fix, stale cached results (with fewer DSNs) survive because mtime validation only checks files that were previously found. Users had no way to force a re-scan short of manually clearing SQLite. Add disableDsnCache()/enableDsnCache() following the same pattern as disableResponseCache(), and wire it into applyFreshFlag() so --fresh now bypasses both HTTP response cache and DSN detection cache. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
betegon
changed the title
Add projects, plugins, sites, workers, and functions to the list of recognized monorepo root directories. These cover Google-style monorepos, WordPress/Grafana plugin repos, multi-site setups, Cloudflare Workers, and AWS Lambda serverless monorepos respectively. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add test for deeply nested monorepo files (depth 5 from root, the specific case from the original bug) and a negative test confirming non-monorepo directories still respect the depth limit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
5 tasks
BYK
added a commit
that referenced
this pull request
Mar 17, 2026
…ixtures DSN auto-detection was hanging when run in repos containing many test fixture DSNs (e.g., the CLI repo itself). PR #420 bumped scan depth from 2→3, causing test/ directories to be scanned. This found ~86 fake DSNs that were all resolved via unbounded Promise.all — triggering 190+ concurrent API requests, rate limiting, and retry storms. Fixes: - Skip test/, tests/, __mocks__, fixtures/, __fixtures__ in scanner - Deduplicate DSNs by (orgId, projectId) before API resolution - Add p-limit(5) concurrency cap on DSN resolution API calls - Add 15s timeout with partial results for DSN resolution - Add in-flight promise dedup for resolveOrgRegion (concurrent calls for the same org share one HTTP request) - Fix getDirMtime to use static import instead of dynamic import
BYK
added a commit
that referenced
this pull request
Mar 17, 2026
…ixtures (#445) Running `sentry issues` without explicit flags in repos containing test fixture DSNs (e.g., the CLI repo itself) caused the process to hang. PR #420 bumped scan depth from 2→3, causing `test/` directories to be scanned — finding ~86 fake DSNs that were all resolved via unbounded `Promise.all`, triggering 190+ concurrent API requests, rate limiting (429), and retry storms. ## Changes - **Skip test directories in scanner** — Add `test/`, `tests/`, `__mocks__/`, `fixtures/`, `__fixtures__/` to `ALWAYS_SKIP_DIRS`. Test directories contain fixture DSNs, not real Sentry configuration. - **Deduplicate DSNs before resolution** — Group by `(orgId, projectId)` or `publicKey`, resolving only one representative per unique pair. Reduces ~86 DSNs to ~10-20 unique API calls. - **Add concurrency limit** — `p-limit(5)` on DSN resolution API calls to prevent overwhelming the Sentry API. - **Add 15s timeout** — Race `Promise.all` against a deadline, returning partial results on timeout so the CLI never hangs indefinitely. - **In-flight dedup for `resolveOrgRegion`** — Concurrent calls for the same orgSlug share a single HTTP request via a module-level promise cache. - **Fix `getDirMtime` dynamic import** — Replace wasteful `await import("node:fs/promises")` (called 75+ times) with a static import. Relates to #420 and #414.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The DSN code scanner missed files inside monorepo packages because
MAX_SCAN_DEPTH=2couldn't reach pastpackages/<name>/src/. For example, in the spotlight monorepo only 1 of 3 DSNs was detected —packages/website/sentry.client.config.mjsat depth 2 was found, butpackages/spotlight/src/instrument.tsat depth 3 was not.Even after fixing the scanner, stale cached results survive because mtime validation only checks files that were previously found — files missed by the old depth limit have no cache entries. Users had no way to force a re-scan.
Changes
Scanner fix:
MAX_SCAN_DEPTHfrom 2 to 3 (also helps non-monorepo projects with deeper configs likesrc/lib/config/sentry.ts)packages/*,apps/*,libs/*,services/*,modules/*), giving each package its own depth-3 scanning budgetMONOREPO_ROOTSconstant fromtypes.ts, matching how the env file scanner already handles monoreposCache bypass (
--fresh):disableDsnCache()/enableDsnCache()following the same pattern asdisableResponseCache()applyFreshFlag()so--freshnow bypasses both HTTP response cache and DSN detection cacheTest plan
packagePathgetCachedDsn/getCachedDetectionreturn undefined when cache disabled, writes persistsentry issue list --freshfrom spotlight monorepo, verify multiple projects detected🤖 Generated with Claude Code