refactor(sentry): remove exception message and stack trace data from tracing spans

[huangdijia]

Summary

• Remove exception.message and exception.stack_trace data from all tracing spans
• Remove exception.stack_trace extra tag from default configuration
• Simplify exception handling in tracing aspects and listeners
• Remove Feature dependency from Tracer class as it's no longer needed

Background

This change reduces the amount of potentially sensitive data captured in tracing spans while maintaining the essential exception metadata (class and code) as tags. The exception message and stack trace can contain sensitive information that shouldn't be included in tracing data.

Changes Made

• Configuration: Removed exception.stack_trace from extra_tags in default config
• CoroutineAspect: Removed exception message and stack trace data setting
• GuzzleHttpClientAspect: Removed exception message and stack trace data setting
• EventHandleListener: Removed exception message and stack trace data setting in all event handlers
• Tracer: Removed Feature dependency and exception data setting logic

Test Plan

• Verify tracing still works correctly without exception data
• Confirm exception class and code are still captured as tags
• Test that no sensitive information leaks through tracing spans
• Validate that existing functionality remains intact

Summary by CodeRabbit

• 重构
  • 追踪中不再记录异常消息与堆栈，仅保留异常类型与错误码，降低敏感信息曝光风险。
  • 移除与额外标签相关的开关与逻辑，简化配置与运行时开销。
  • 调整初始化方式，去除特性依赖；如有自定义集成，请检查兼容性。

[coderabbitai]

Walkthrough

本次变更统一移除了对异常 message 与 stack_trace 的数据附加与公开标记；删除了 Tracer 的 Feature 构造器与相关特性判断逻辑。异常仍打上 exception.class 与 exception.code 标签，控制流与错误状态设置保持不变。

Changes

Cohort / File(s)	Summary
发布配置 src/sentry/publish/sentry.php	移除 tracing spans 的公开 extra_tag：exception.stack_trace。
协程追踪切面 src/sentry/src/Tracing/Aspect/CoroutineAspect.php	异常路径不再写入 data 中的 exception.message 与条件性的 exception.stack_trace；保留标签 exception.class、exception.code 与异常重抛。
HTTP 客户端切面（Guzzle） src/sentry/src/Tracing/Aspect/GuzzleHttpClientAspect.php	记录处理器错误时，删除 data 中的 exception.message 与条件性的 exception.stack_trace；保留错误标记与 SpanStatus::internalError 及异常类/码标签。
事件处理监听器 src/sentry/src/Tracing/Listener/EventHandleListener.php	各事件的错误处理不再写入 data 中的 exception.message 与条件性的 exception.stack_trace；其他流程不变。
核心追踪器 src/sentry/src/Tracing/Tracer.php	移除 __construct(Feature $feature) 与全部特性开关逻辑；trace 异常路径删除对 exception.message 与条件性 exception.stack_trace 的 data 写入；同步移除相关 import。

Sequence Diagram(s)

sequenceDiagram
  actor Caller
  participant Tracer
  participant Span

  Caller->>Tracer: trace(fn)
  Tracer->>Span: startSpan()
  rect rgb(235, 245, 255)
    note over Tracer,Span: 正常执行路径
    Tracer-->>Span: 标准标记/属性
  end
  alt 发生异常
    Tracer-->>Span: setTag(exception.class, code)
    Tracer-->>Span: setStatus(internalError), markError()
    note over Tracer,Span: 不再写入 data.exception.message / stack_trace
    Tracer-->>Caller: 重新抛出异常
  else 正常完成
    Tracer-->>Span: finish()
    Tracer-->>Caller: 返回结果
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• refactor(sentry): simplify hub initialization in Tracer #934: 同样改动 Tracer，围绕事务启动/初始化与构造相关路径，具备直接代码关联。
• feature: Update GuzzleHttpClientAspect to support transfer methods and enhance request logging #835: 涉及 GuzzleHttpClientAspect 的错误记录与追踪数据写入，和本次对异常数据移除相同代码区域相关。
• Feat/sentry coroutine context propagation improvements #919: 在相同追踪组件中对异常信息的添加/传播进行调整，与本次删除异常数据形成对照关系。

Suggested reviewers

• xuanyanwow
• zds-s

Poem

小兔提笔轻点栈，
异常不再写长单。
只留类名与其码，
追踪清爽路更宽。
跳过絮语与长帧，
嘀嗒一记，稳如山。 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	标题“refactor(sentry): remove exception message and stack trace data from tracing spans”准确地说明了本次 PR 的核心改动，即从 Tracing spans 中移除异常消息和堆栈信息，简洁清晰地体现了开发者意图，符合标题规范。
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor/remove-exception-data-from-tracing

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 PHPStan (2.1.28)

At least one path must be specified to analyse.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

src/sentry/src/Tracing/Tracer.php (2)

90-94: 可选：仅在异常码存在时再打 exception.code 标签，减少噪声

部分异常返回默认码 0/空字符串时，该标签价值有限。可在存在有效码时再设置，降低标签基数。

- $span->setStatus(SpanStatus::internalError())
-     ->setTags([
-         'error' => 'true',
-         'exception.class' => $exception::class,
-         'exception.code' => (string) $exception->getCode(),
-     ]);
+ $tags = [
+     'error' => 'true',
+     'exception.class' => $exception::class,
+ ];
+ $code = $exception->getCode();
+ if ($code !== 0 && $code !== '' && $code !== null) {
+     $tags['exception.code'] = (string) $code;
+ }
+ $span->setStatus(SpanStatus::internalError())->setTags($tags);

---

40-41: 确认合并策略：是否希望强制覆盖/保留已有 coroutine.id？

当前用数组并集 ['coroutine.id'=>...] + getData()，会“保留左侧、忽略右侧同名键”。若期望“以新值覆盖旧值”，应改为 array_merge(getData(), ['coroutine.id'=>...])。

是否有场景需要调用方自定义并覆盖该字段？请确认后选定一致策略。

Also applies to: 80-81

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cff2274 and 76f0232.

📒 Files selected for processing (5)

• src/sentry/publish/sentry.php (0 hunks)
• src/sentry/src/Tracing/Aspect/CoroutineAspect.php (0 hunks)
• src/sentry/src/Tracing/Aspect/GuzzleHttpClientAspect.php (0 hunks)
• src/sentry/src/Tracing/Listener/EventHandleListener.php (0 hunks)
• src/sentry/src/Tracing/Tracer.php (1 hunks)

💤 Files with no reviewable changes (4)

• src/sentry/publish/sentry.php
• src/sentry/src/Tracing/Listener/EventHandleListener.php
• src/sentry/src/Tracing/Aspect/GuzzleHttpClientAspect.php
• src/sentry/src/Tracing/Aspect/CoroutineAspect.php

🧰 Additional context used

📓 Path-based instructions (3)

src/*/src/**/*.php

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Use the namespace pattern FriendsOfHyperf{ComponentName} in all component PHP source files

Files:

• src/sentry/src/Tracing/Tracer.php

{src,tests}/**/*.php

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Adhere to PSR-12 coding standards across PHP code

Files:

• src/sentry/src/Tracing/Tracer.php

src/*/**

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

New components must follow the standard component structure under src/{component-name}/ including .gitattributes, .github, LICENSE, README.md, composer.json, and a src/ subdirectory

Files:

• src/sentry/src/Tracing/Tracer.php

🧬 Code graph analysis (1)

src/sentry/src/Tracing/Tracer.php (2)

src/sentry/src/Function.php (1)

• trace (48-53)

src/sentry/src/Tracing/SpanStarter.php (1)

• trace (57-62)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: Test on PHP 8.1 with Swoole 6.0.2
• GitHub Check: Test on PHP 8.1 with Swoole 5.1.7
• GitHub Check: Test on PHP 8.2 with Swoole 6.0.2
• GitHub Check: Test on PHP 8.2 with Swoole 5.1.7
• GitHub Check: Test on PHP 8.3 with Swoole 5.1.7
• GitHub Check: Test on PHP 8.3 with Swoole 6.0.2
• GitHub Check: Test on PHP 8.1 with Swoole 5.1.7
• GitHub Check: Test on PHP 8.2 with Swoole 5.1.7
• GitHub Check: Test on PHP 8.3 with Swoole 5.1.7

🔇 Additional comments (1)

src/sentry/src/Tracing/Tracer.php (1)

82-100: 脚本未发现对 exception.message 或 exception.stack_trace 的设置，请人工确认是否仍有遗漏。