fix(sentry): auto-send React events; collapse core→tauri for desktop

[CodeGhost21]

Summary

• React Sentry now auto-sends sanitized events to openhuman-react instead of queueing them behind a user-opt-in notification — pre-feat(sentry): split errors into per-surface projects (react, core, tauri) #1032 the trickle that landed in Sentry came from users occasionally clicking "Send"; post-split the trickle dried up across three projects, so this PR flips React to classic auto-send (still consent-gated + privacy-stripped).
• Removes the errorReportQueue + ErrorReportNotification opt-in scaffolding (the in-app toast + queue) and rewires the one user-facing call site (OAuth stale-app version) to Sentry.captureMessage + console.warn.
• Collapses the desktop openhuman-core Sentry surface into openhuman-tauri because since fix(core,cef): run core in-process and stop orphaning CEF helpers on Cmd+Q #1061 the core lives in-process inside the Tauri shell binary — one Rust process → one sentry::init → one hub. Repoints the Rust DIF upload step accordingly.
• Adds a VITE_SENTRY_SMOKE_TEST env-gated one-shot trigger mirroring the existing OPENHUMAN_TAURI_SENTRY_TEST so the pipeline can be verified end-to-end.

Problem

After #1032 split errors into three projects (openhuman-react / openhuman-tauri / openhuman-core), all three projects went silent — the user reported zero events captured in the last 2 hours across all three. Diagnosis surfaced three independent issues, ordered by impact:

1. React opt-in gate is the dominant cause of silence. analytics.ts::beforeSend returns null for every event unless _bypassBeforeSend = true, queueing each event in errorReportQueue for user approval via ErrorReportNotification. Pre-feat(sentry): split errors into per-surface projects (react, core, tauri) #1032 a single project occasionally received approved events; post-split the same trickle is now divided across three projects and effectively dries up.
2. openhuman-core is structurally dead in the desktop build. PR fix(core,cef): run core in-process and stop orphaning CEF helpers on Cmd+Q #1061 made the core a library linked into the Tauri shell (path dep openhuman_core in app/src-tauri/Cargo.toml:114). src/main.rs::main() — the only place that calls sentry::init for OPENHUMAN_SENTRY_DSN — only runs for the standalone CLI (release-packages.yml Linux-arm64, Docker). When openhuman_core code emits tracing::error! or calls sentry::capture_* inside the desktop app, the active Sentry hub is the Tauri shell's, so events route to openhuman-tauri, not openhuman-core.
3. Workflow was uploading desktop Rust DIFs to the wrong project. Both release.yml and release-staging.yml were uploading the Tauri shell binary's debug info (which covers the linked-in core too) to vars.SENTRY_PROJECT_CORE — a project that no events from the desktop binary ever land in.

Solution

React: auto-send with privacy-preserving sanitization (app/src/services/analytics.ts)

beforeSend now returns the (sanitized) event instead of null:

• Consent gate: drop events when isAnalyticsEnabled() is false (reads coreState.analyticsEnabled per-event, so toggling consent in Settings takes effect immediately).
• PII strip: sendDefaultPii: false (no IP, no cookies); reduce event.user to a stable anonymous id only.
• State strip: wipe breadcrumbs / request / extras; restrict event.contexts to {os, browser, device} (drops anything that could carry Redux / localStorage state).
• Frame strip: delete vars / context_line / pre_context / post_context / mechanism.data from every stack frame so live local values + raw source snippets never leave the user's machine.
• Tag: every event tagged surface: "react".

Defaults that already enforce privacy stay: no breadcrumb-producing integrations (defaultIntegrations: false + a hand-picked allowlist), no replays, no traces.

Removed dead scaffolding

errorReportQueue.ts (+ tests), ErrorReportNotification.tsx, the second React root in main.tsx, and the tagErrorSource ErrorBoundary callback in App.tsx are all gone. The OAuth stale-app version notification in desktopDeepLinkListener.ts (which was the last in-app caller of enqueueError) is rewired to call Sentry.captureMessage(..., { level: 'warning', tags: ... }) + console.warn — preserves the Sentry signal, drops the in-app toast (the user already opens the download URL externally).

Workflow: collapse core → tauri for desktop builds

• release.yml — renames "Upload core sidecar debug symbols" → "Upload Rust debug symbols (tauri project)" and points it at vars.SENTRY_PROJECT_TAURI. Comments updated to explain the in-process consequence.
• release-staging.yml — splits the upload into two steps: Tauri shell DIFs (app/src-tauri/target/<triple>/debug) → SENTRY_PROJECT_TAURI; standalone CLI DIFs (target/<triple>/debug, built by the existing "Build sidecar core binary" step) → SENTRY_PROJECT_CORE. The CLI still has its own sentry::init in src/main.rs and routes to openhuman-core for any operator running it.
• release-packages.yml unchanged — the Linux-arm64 standalone CLI genuinely uses OPENHUMAN_SENTRY_DSN and routes to openhuman-core.

Smoke trigger

VITE_SENTRY_SMOKE_TEST=true in the build env fires one react-sentry-smoke-test info event at initSentry() time. Mirrors the existing OPENHUMAN_TAURI_SENTRY_TEST=panic|message trigger at app/src-tauri/src/lib.rs:838. Documented in app/.env.example. Set for one staging build to verify, then remove.

Known limitation (deliberately deferred)

The Tauri shell's sentry::init captures panics (via sentry::panic_integration) and explicit captures, but plain tracing::error! from linked-in core code is not auto-routed to Sentry inside the desktop binary — init_for_cli_run (which installs the sentry-tracing layer at src/core/logging.rs:198) only runs for the openhuman run/serve CLI subcommands, not the in-process run_server_embedded path. Closing this gap means installing sentry::integrations::tracing::layer() inside the Tauri shell process before the core boots; flagged for a follow-up rather than expanding this PR.

Submission Checklist

• Tests added or updated — errorReportQueue.test.ts removed alongside the module it tested. The remaining analytics.ts change is config (no logic worth unit-testing); the smoke trigger is env-gated dispatch verified manually. All 1033 existing unit tests still pass (pnpm test:unit).
• N/A coverage matrix — observability/Sentry wiring isn't a feature row in docs/TEST-COVERAGE-MATRIX.md; this changes how events are dispatched, not user-visible behaviour.
• N/A network deps — no new outbound calls; Sentry.captureEvent already exists.
• N/A manual smoke checklist — Sentry is observability infrastructure, not a release-cut surface in docs/RELEASE-MANUAL-SMOKE.md.
• Linked issue — see ## Related.

Impact

• Runtime (React): events that previously sat in the in-app queue waiting for user approval now auto-flow to Sentry (sanitized, consent-gated). Users who opted out of analytics see no behavioural change. Users with consent on will silently produce error events — same as classic Sentry behaviour; no UI change.
• Runtime (Rust): zero change to capture paths. Only the destination project of debug-info uploads moves from openhuman-core to openhuman-tauri for the desktop build.
• Bundle size: −~900 net lines of TS removed (queue + notification component + their tests). Tiny shrink.
• Backwards compat: vars.OPENHUMAN_CORE_SENTRY_DSN and vars.SENTRY_PROJECT_CORE are no longer read by release.yml and only referenced by release-staging.yml for the standalone CLI upload + by release-packages.yml. Safe to keep — they still apply to CLI surfaces.
• Privacy posture: equivalent to before. The same fields are stripped; the only difference is that sanitized events now reach Sentry automatically instead of waiting for user approval. Consent gate (isAnalyticsEnabled()) is now enforced inside beforeSend on every event.

Related

• Closes:
• Follow-up PR(s)/TODOs:
  • Install sentry::integrations::tracing::layer() in the Tauri shell process so tracing::error! from in-process core code auto-routes to openhuman-tauri (current behaviour: only panics + explicit captures reach Sentry).
  • Decide whether the standalone openhuman-core CLI (Docker / Linux-arm64 / Homebrew) keeps its own Sentry project or also collapses into openhuman-tauri once the desktop split settles.
  • Verify end-to-end on the next staging build with VITE_SENTRY_SMOKE_TEST=true + OPENHUMAN_TAURI_SENTRY_TEST=message, then remove the smoke env vars.

Summary by CodeRabbit

• New Features

  • Added optional smoke-test toggle for end-to-end Sentry connectivity and release tagging verification.

• Bug Fixes

  • Switched to consent-gated automatic Sentry error sending; removed the per-error review queue and on-screen error-report notifications.
  • Simplified stale-app OAuth handling to report warnings directly to Sentry.

• Chores

  • Updated CI workflows for more accurate Sentry debug-symbol uploads and release tagging.

• Tests

  • Removed legacy tests for the removed error-report queue.

[coderabbitai]

📝 Walkthrough

Walkthrough

Refactors error reporting from a queue-based, user-review pipeline to consent-gated auto-send via Sentry (sanitizing events in beforeSend), removes the queued notification UI and queue module, adjusts React boundary handling, adds a Sentry smoke-test flag, and splits/updates CI Sentry debug-symbol upload steps for Tauri vs core.

Changes

Cohort / File(s)	Summary
GitHub Workflows .​github/workflows/release-staging.yml, .​github/workflows/release.yml	Threads OPENHUMAN_BUILD_SHA into the build step; splits Rust debug-symbol uploads into distinct steps/projects (Tauri vs core) and changes upload scan targets and release-tag guidance.
Sentry init & Analytics app/src/services/analytics.ts, app/.env.example, app/src/utils/config.ts, app/src/vite-env.d.ts	Reworks initSentry()/beforeSend to sanitize events and perform per-event consent gating (auto-send when allowed); adds VITE_SENTRY_SMOKE_TEST config and TypeScript typing.
Error Queue & Tests (deleted) app/src/services/errorReportQueue.ts, app/src/services/errorReportQueue.test.ts	Removes the module-level error-report queue, its API (enqueue/dequeue/subscribe/etc.), and all associated tests.
React UI / Boundary app/src/App.tsx, app/src/components/ErrorFallbackScreen.tsx, app/src/components/ErrorReportNotification.tsx	Removes custom onError forwarder from Sentry.ErrorBoundary, deletes the ErrorReportNotification UI component, and updates fallback docs to reflect automatic forwarding.
Entrypoint & Utilities app/src/main.tsx, app/src/utils/desktopDeepLinkListener.ts	Stops mounting the notification root; replaces enqueueing of manual events with direct Sentry.captureMessage for stale-app OAuth warnings.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant React as React Component
    participant ErrorBoundary as Sentry.ErrorBoundary
    participant SentrySDK as Sentry SDK
    participant beforeSend as beforeSend Hook
    participant SentryBackend as Sentry Backend

    Note over React,SentryBackend: New Flow: Direct Auto-Send with Consent Gating

    React->>ErrorBoundary: Error thrown
    ErrorBoundary->>SentrySDK: Capture exception
    SentrySDK->>beforeSend: Event for processing
    beforeSend->>beforeSend: Check analytics consent
    alt Consent Enabled
        beforeSend->>beforeSend: Sanitize event (clear breadcrumbs,<br/>remove request/extra, trim contexts/vars)
        beforeSend->>SentrySDK: Return sanitized event
        SentrySDK->>SentryBackend: Upload event
    else Consent Disabled
        beforeSend->>SentrySDK: Return null (drop event)
    end

Loading

sequenceDiagram
    autonumber
    participant CI as GitHub Actions
    participant Build as Rust/Tauri Build
    participant Upload as Sentry Upload Step
    participant Sentry as Sentry Projects

    Note over CI,Sentry: CI symbol upload split per-surface

    CI->>Build: Build Tauri shell (includes core)
    CI->>Upload: Upload Tauri debug symbols -> `SENTRY_PROJECT_TAURI`
    CI->>Upload: Upload core CLI debug symbols -> `SENTRY_PROJECT_CORE`
    Upload->>Sentry: DIFs ingested per project with release tag

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• PR #1067: Modifies the same release workflows and Rust symbol-upload wiring (per-project targeting and release-tag threading).
• PR #1032: Makes overlapping changes to Sentry workflow symbol uploads and project assignment for Rust/Tauri artifacts.
• PR #1061: Adjusts Sentry debug-symbol upload steps for in-process/core-linked builds (related CI changes).

Suggested reviewers

• senamakel

Poem

🐰 A little hop, a tidy switch of queues,

I scrub the crumbs and brighten Sentry's views.
Consent now guides which whispers should take flight;
CI splits the symbols, keeping tags just right.
Hooray — a squeaky-clean, well-logged delight! 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes the main changes: converting to auto-send React events and merging the core→tauri Sentry surface for desktop builds.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Review rate limit: 4/5 reviews remaining, refill in 12 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/release.yml (1)

551-557: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Upload the whole Tauri release target, not just release/deps.

The comment above says the shell target dir is scanned recursively, but this step only hands upload_sentry_symbols.sh app/src-tauri/target/${MATRIX_TARGET}/release/deps. That can skip the shell binary’s own debug files, which is where the linked-in core frames now live after the sidecar collapse, so production desktop Rust crashes can still come through unsymbolicated. This also diverges from .github/workflows/release-staging.yml:366-369, which scans the target dir root.

Suggested fix

-          deps_dir="app/src-tauri/target/${MATRIX_TARGET}/release/deps"
-          if [ -d "$deps_dir" ]; then
-            echo "==> Uploading symbols from $deps_dir to ${SENTRY_PROJECT}"
-            bash scripts/upload_sentry_symbols.sh "$VERSION" "$deps_dir"
+          dif_dir="app/src-tauri/target/${MATRIX_TARGET}/release"
+          if [ -d "$dif_dir" ]; then
+            echo "==> Uploading symbols from $dif_dir to ${SENTRY_PROJECT}"
+            bash scripts/upload_sentry_symbols.sh "$VERSION" "$dif_dir"
           else
-            echo "==> Skipping $deps_dir (not present)"
+            echo "==> Skipping $dif_dir (not present)"
           fi

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml around lines 551 - 557, The workflow currently
sets deps_dir to "app/src-tauri/target/${MATRIX_TARGET}/release/deps", which
misses the shell binary debug files; change the directory passed to
scripts/upload_sentry_symbols.sh to the Tauri release target root (e.g., set
deps_dir to "app/src-tauri/target/${MATRIX_TARGET}/release" or a new variable
like target_dir) so the upload script scans recursively and includes the shell
binary and linked core frames; keep the existence check and the call to bash
scripts/upload_sentry_symbols.sh "$VERSION" "$target_dir" (preserving
MATRIX_TARGET and VERSION usage).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/release-staging.yml:
- Around line 374-394: The build uploads Sentry symbols with a release tag
containing the short SHA, but the standalone CLI binary omits the short SHA
unless OPENHUMAN_BUILD_SHA is set at compile time (see build_release_tag() in
src/main.rs); modify the "Build sidecar core binary" step to export
OPENHUMAN_BUILD_SHA using needs.prepare-build.outputs.short_sha
(OPENHUMAN_BUILD_SHA: ${{ needs.prepare-build.outputs.short_sha }}) so the
compiled binary’s release tag matches the Sentry-uploaded symbols.

In `@app/src/services/analytics.ts`:
- Around line 53-55: beforeSend currently drops all events when
isAnalyticsEnabled() is false which suppresses the one-shot smoke test sent from
initSentry (Sentry.captureMessage('react-sentry-smoke-test', ...)); update
beforeSend in analytics.ts to allow this specific synthetic event through (check
event.message === 'react-sentry-smoke-test' or event.tags?.smoke_test) even when
isAnalyticsEnabled() is false, or alternatively move the Sentry.captureMessage
call in initSentry to fire only after analytics consent is resolved; reference
beforeSend, initSentry, Sentry.captureMessage, isAnalyticsEnabled and
VITE_SENTRY_SMOKE_TEST when making the change.
- Line 108: Replace the direct import.meta.env access in analytics.ts with a
config export from app/src/utils/config.ts: add a boolean (or string) export
like VITE_SENTRY_SMOKE_TEST (or SENTRY_SMOKE_TEST) in utils/config.ts that reads
import.meta.env.VITE_SENTRY_SMOKE_TEST and then import that symbol into
analytics.ts and use it in the if check instead of
import.meta.env.VITE_SENTRY_SMOKE_TEST; update any type/coercion so the
conditional logic in analytics.ts (the existing if) behaves the same.

---

Outside diff comments:
In @.github/workflows/release.yml:
- Around line 551-557: The workflow currently sets deps_dir to
"app/src-tauri/target/${MATRIX_TARGET}/release/deps", which misses the shell
binary debug files; change the directory passed to
scripts/upload_sentry_symbols.sh to the Tauri release target root (e.g., set
deps_dir to "app/src-tauri/target/${MATRIX_TARGET}/release" or a new variable
like target_dir) so the upload script scans recursively and includes the shell
binary and linked core frames; keep the existence check and the call to bash
scripts/upload_sentry_symbols.sh "$VERSION" "$target_dir" (preserving
MATRIX_TARGET and VERSION usage).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4059b2ce-24fb-474f-9554-a75b937c3c37

📥 Commits

Reviewing files that changed from the base of the PR and between 1208503 and 7ecd6a6.

📒 Files selected for processing (12)

• .github/workflows/release-staging.yml
• .github/workflows/release.yml
• app/.env.example
• app/src/App.tsx
• app/src/components/ErrorFallbackScreen.tsx
• app/src/components/ErrorReportNotification.tsx
• app/src/main.tsx
• app/src/services/analytics.ts
• app/src/services/errorReportQueue.test.ts
• app/src/services/errorReportQueue.ts
• app/src/utils/desktopDeepLinkListener.ts
• app/src/vite-env.d.ts

💤 Files with no reviewable changes (4)

• app/src/main.tsx
• app/src/components/ErrorReportNotification.tsx
• app/src/services/errorReportQueue.test.ts
• app/src/services/errorReportQueue.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@app/src/services/analytics.ts`:
- Around line 59-101: The beforeSend handler still forwards free-text fields
that can contain PII; update the beforeSend function to sanitize/redact those
fields by removing or replacing event.message, event.logentry, and
exception.values[*].value (and any nested free-text fields) before returning the
event; locate the beforeSend implementation and ensure you also sanitize
event.exception.values array entries (the value property) and any other
top-level string fields that could leak user input so only non-PII identifiers
(tags, user.id) and allowed contexts remain.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e7870e39-fd92-4fa2-8b50-6749755685c5

📥 Commits

Reviewing files that changed from the base of the PR and between 7ecd6a6 and 2ce7073.

📒 Files selected for processing (4)

• .github/workflows/release-staging.yml
• .github/workflows/release.yml
• app/src/services/analytics.ts
• app/src/utils/config.ts

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/release.yml
• .github/workflows/release-staging.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Exception/message text is still a PII escape hatch.

beforeSend strips structural fields, but it still forwards event.message, event.logentry, and exception.values[*].value. Those strings often contain user input, filenames, URLs, or backend fragments, so the current auto-send path does not fully meet the “No PII” guarantee.

Suggested hardening

     beforeSend(event) {
       // Always allow the smoke-test event through so pipeline validation works
       // even when the user hasn't opted into analytics yet on first boot.
       const isSmokeTest = event.message === 'react-sentry-smoke-test';
       // Drop events when the user hasn't opted into analytics.
       if (!isSmokeTest && !isAnalyticsEnabled()) return null;
+
+      if (!isSmokeTest) {
+        event.message = undefined;
+        event.logentry = undefined;
+      }
 
       // Strip anything that could carry Redux / localStorage / request bodies.
       event.breadcrumbs = [];
       delete event.request;
       delete event.extra;
@@
       if (event.exception?.values) {
         for (const v of event.exception.values) {
+          v.value = undefined;
           if (v.stacktrace?.frames) {
             for (const f of v.stacktrace.frames) {
               delete f.vars;
               delete f.context_line;
               delete f.pre_context;

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	beforeSend(event) {
	// Bypass mode: let the event through (used by sendEventToSentry)
	if (_bypassBeforeSend) {
	_bypassBeforeSend = false;
	return event;
	}
	// --- Sanitize the event ---
	// Always allow the smoke-test event through so pipeline validation works
	// even when the user hasn't opted into analytics yet on first boot.
	const isSmokeTest = event.message === 'react-sentry-smoke-test';
	// Drop events when the user hasn't opted into analytics.
	if (!isSmokeTest && !isAnalyticsEnabled()) return null;
	// Strip any breadcrumbs that somehow snuck in
	// Strip anything that could carry Redux / localStorage / request bodies.
	event.breadcrumbs = [];
	// Strip request data (cookies, headers, body)
	delete event.request;
	// Strip user PII — keep only a stable anonymous ID
	const userId = getCoreStateSnapshot().snapshot.currentUser?._id;
	event.user = userId ? { id: userId } : undefined;
	// Strip any extra/contexts that could contain Redux or localStorage data
	delete event.extra;
	event.contexts = {
	// Keep only OS / browser / device metadata
	os: event.contexts?.os,
	browser: event.contexts?.browser,
	device: event.contexts?.device,
	};
	// --- Build a sanitized snapshot for the user to inspect ---
	const sanitized: SanitizedSentryEvent = {
	event_id: event.event_id ?? crypto.randomUUID().replace(/-/g, ''),
	timestamp: typeof event.timestamp === 'number' ? event.timestamp : Date.now() / 1000,
	platform: event.platform ?? 'javascript',
	exception: sanitizeException(event.exception),
	contexts: event.contexts as SanitizedSentryEvent['contexts'],
	user: event.user as SanitizedSentryEvent['user'],
	tags: event.tags as Record<string, string> | undefined,
	environment: IS_DEV ? 'development' : 'production',
	};
	// Tag with surface so events filter cleanly inside `openhuman-react`.
	event.tags = { ...(event.tags ?? {}), surface: 'react' };
	// Extract human-readable title + message from the exception
	const firstException = event.exception?.values?.[0];
	const title = firstException?.type ?? 'Error';
	const message = firstException?.value ?? 'Unknown error';
	// Strip PII; keep a stable anonymous user id only.
	const userId = getCoreStateSnapshot().snapshot.currentUser?._id;
	event.user = userId ? { id: userId } : undefined;
	// Queue the error for the notification UI
	enqueueError({
	id: crypto.randomUUID(),
	timestamp: Date.now(),
	source: 'global',
	title,
	message,
	sentryEvent: sanitized,
	});
	// Strip frame-level local variables and source context — never send
	// raw source snippets or live variable values to the dashboard.
	if (event.exception?.values) {
	for (const v of event.exception.values) {
	if (v.stacktrace?.frames) {
	for (const f of v.stacktrace.frames) {
	delete f.vars;
	delete f.context_line;
	delete f.pre_context;
	delete f.post_context;
	}
	}
	if (v.mechanism) {
	delete v.mechanism.data;
	}
	}
	}
	// Return null to prevent Sentry from auto-sending
	return null;
	return event;
	beforeSend(event) {
	// Always allow the smoke-test event through so pipeline validation works
	// even when the user hasn't opted into analytics yet on first boot.
	const isSmokeTest = event.message === 'react-sentry-smoke-test';
	// Drop events when the user hasn't opted into analytics.
	if (!isSmokeTest && !isAnalyticsEnabled()) return null;
	if (!isSmokeTest) {
	event.message = undefined;
	event.logentry = undefined;
	}
	// Strip anything that could carry Redux / localStorage / request bodies.
	event.breadcrumbs = [];
	delete event.request;
	delete event.extra;
	event.contexts = {
	os: event.contexts?.os,
	browser: event.contexts?.browser,
	device: event.contexts?.device,
	};
	// Tag with surface so events filter cleanly inside `openhuman-react`.
	event.tags = { ...(event.tags ?? {}), surface: 'react' };
	// Strip PII; keep a stable anonymous user id only.
	const userId = getCoreStateSnapshot().snapshot.currentUser?._id;
	event.user = userId ? { id: userId } : undefined;
	// Strip frame-level local variables and source context — never send
	// raw source snippets or live variable values to the dashboard.
	if (event.exception?.values) {
	for (const v of event.exception.values) {
	v.value = undefined;
	if (v.stacktrace?.frames) {
	for (const f of v.stacktrace.frames) {
	delete f.vars;
	delete f.context_line;
	delete f.pre_context;
	delete f.post_context;
	}
	}
	if (v.mechanism) {
	delete v.mechanism.data;
	}
	}
	}
	return event;
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/src/services/analytics.ts` around lines 59 - 101, The beforeSend handler
still forwards free-text fields that can contain PII; update the beforeSend
function to sanitize/redact those fields by removing or replacing event.message,
event.logentry, and exception.values[*].value (and any nested free-text fields)
before returning the event; locate the beforeSend implementation and ensure you
also sanitize event.exception.values array entries (the value property) and any
other top-level string fields that could leak user input so only non-PII
identifiers (tags, user.id) and allowed contexts remain.