Files
wehub-resource-sync 4b6817381b
CI (OpenClaw E2E) / openclaw test (push) Has been cancelled
CI / coverage-report (push) Has been cancelled
CI / test-kubernetes (push) Has been cancelled
CI / should-run-thorough (push) Has been cancelled
CI / test-thorough (cloudwatch-demo) (push) Has been cancelled
CI / test-thorough (flink-ecs) (push) Has been cancelled
CI / test-thorough (upstream-lambda) (push) Has been cancelled
CI / test-thorough (prefect-ecs-fargate) (push) Has been cancelled
Release / build-binaries (zip, opensre.exe, onefile, windows-latest, windows-x64) (push) Has been cancelled
Benchmark image — build + push to ECR (any adapter) / build + push (push) Has been cancelled
CI / quality (ubuntu-latest) (push) Has been cancelled
CI / test (tools-runtime) (push) Has been cancelled
CI / test (e2e-general) (push) Has been cancelled
CI / test (cli-runtime) (push) Has been cancelled
CI / test (e2e-provider-and-openclaw) (push) Has been cancelled
CI / test (integrations-and-misc) (push) Has been cancelled
Release / verify (push) Has been cancelled
Release / build-python-dist (push) Has been cancelled
Release / build-binaries (tar.gz, opensre, onedir, macos-15-intel, darwin-x64) (push) Has been cancelled
Release / build-binaries (tar.gz, opensre, onedir, macos-latest, darwin-arm64) (push) Has been cancelled
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04, linux-x64) (push) Has been cancelled
Release / publish-release (push) Has been cancelled
Release / publish-main-release (push) Has been cancelled
Interactive Shell Live (PR + post-merge) / turn-checks (no-LLM) (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
Interactive Shell Live (PR + post-merge) / turn-live shard ${{ matrix.shard_index }} (push) Has been cancelled
Release / prepare (push) Has been cancelled
Release / build-binaries (tar.gz, opensre, onedir, ubuntu-22.04-arm, linux-arm64) (push) Has been cancelled
Synthetic Deterministic Tests / Synthetic offline (deterministic) (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:10:45 +08:00

364 lines
12 KiB
Python

"""Shared Sentry integration helpers."""
from __future__ import annotations
import logging
import os
import re
from dataclasses import dataclass
from typing import Any
import httpx
from pydantic import Field, field_validator
from config.strict_config import StrictConfigModel
from integrations._validation_helpers import report_classify_failure, report_validation_failure
logger = logging.getLogger(__name__)
DEFAULT_SENTRY_URL = "https://sentry.io"
DEFAULT_SENTRY_STATS_PERIOD = "24h"
# Sentry's issues endpoint caps the page size at 100; asking for more is
# silently truncated to 100. We default to the full page so a search returns
# the whole recent issue set instead of a tiny slice (a low limit was why
# queries appeared to "only find one issue").
DEFAULT_SENTRY_ISSUE_LIMIT = 100
_MAX_SENTRY_PAGE_SIZE = 100
_MAX_SENTRY_QUERY_LEN = 200
_OR_SPLIT = re.compile(r"\s+OR\s+", re.IGNORECASE)
# Window used by the verification probe to report a recent issue count.
_SENTRY_VERIFY_STATS_PERIOD = "7d"
_SENTRY_VERIFY_WINDOW_LABEL = "last 7 days"
def _resolve_stats_period(explicit: str | None = None) -> str:
"""Resolve the issues lookback window, overridable via ``SENTRY_STATS_PERIOD``."""
period = (explicit or os.getenv("SENTRY_STATS_PERIOD", "") or "").strip()
return period or DEFAULT_SENTRY_STATS_PERIOD
def _clamp_issue_limit(limit: int | None) -> int:
"""Clamp a requested issue limit into Sentry's valid 1..100 page range."""
try:
value = DEFAULT_SENTRY_ISSUE_LIMIT if limit is None else int(limit)
except (TypeError, ValueError):
value = DEFAULT_SENTRY_ISSUE_LIMIT
return max(1, min(value, _MAX_SENTRY_PAGE_SIZE))
class SentryConfig(StrictConfigModel):
"""Normalized Sentry connection settings."""
base_url: str = DEFAULT_SENTRY_URL
organization_slug: str = ""
auth_token: str = ""
project_slug: str = ""
timeout_seconds: float = Field(default=15.0, gt=0)
integration_id: str = ""
@field_validator("base_url", mode="before")
@classmethod
def _normalize_base_url(cls, value: Any) -> str:
normalized = str(value or DEFAULT_SENTRY_URL).strip()
return normalized or DEFAULT_SENTRY_URL
@property
def api_base_url(self) -> str:
return self.base_url.rstrip("/")
@property
def auth_headers(self) -> dict[str, str]:
return {
"Authorization": f"Bearer {self.auth_token}",
"Accept": "application/json",
}
@dataclass(frozen=True)
class SentryValidationResult:
"""Result of validating a Sentry integration."""
ok: bool
detail: str
issue_count: int = 0
def build_sentry_config(raw: dict[str, Any] | None) -> SentryConfig:
"""Build a normalized Sentry config object from env/store data."""
return SentryConfig.model_validate(raw or {})
def sentry_config_from_env() -> SentryConfig | None:
"""Load a Sentry config from env vars."""
organization_slug = os.getenv("SENTRY_ORG_SLUG", "").strip()
auth_token = os.getenv("SENTRY_AUTH_TOKEN", "").strip()
if not organization_slug or not auth_token:
return None
return build_sentry_config(
{
"base_url": os.getenv("SENTRY_URL", DEFAULT_SENTRY_URL).strip() or DEFAULT_SENTRY_URL,
"organization_slug": organization_slug,
"auth_token": auth_token,
"project_slug": os.getenv("SENTRY_PROJECT_SLUG", "").strip(),
}
)
def get_sentry_auth_recommendations() -> dict[str, str]:
"""Return operator guidance for creating the right Sentry token."""
return {
"recommended_token_type": "Organization Token",
"why": (
"Use an Organization Token first for least-privilege automation. "
"Use an Internal Integration only if you need broader organization-level API scopes."
),
"where_to_create": "Settings > Developer Settings > Organization Tokens",
"fallback_token_type": "Internal Integration",
"fallback_where_to_create": "Settings > Developer Settings > Internal Integrations",
"required_scope_hint": "Issue and event lookup requires an auth token with event:read access.",
}
def _normalize_sentry_query_segment(segment: str) -> str:
return segment.strip()[:_MAX_SENTRY_QUERY_LEN]
def _sentry_query_candidates(query: str) -> list[str]:
"""Return ordered issue-search query strings to try against the Sentry API.
Issue search does not support ``OR`` (unlike Discover). When the agent
passes ``"foo" OR "bar"``, each alternative is returned so callers can
retry after a 400 ``InvalidSearchQuery`` response.
"""
first_line = query.split("\n")[0].strip()
if not first_line:
return [""]
if _OR_SPLIT.search(first_line):
segments = [
_normalize_sentry_query_segment(part)
for part in _OR_SPLIT.split(first_line)
if part.strip()
]
return segments or [""]
return [_normalize_sentry_query_segment(first_line)]
def _sanitize_sentry_query(query: str) -> str:
"""Reduce a raw query string to something the Sentry issues API accepts.
The agent may pass a full error message or multi-line stack trace as the
search term, which causes a 400 Bad Request because the Sentry search
grammar treats ``:`` as a field separator and rejects very long URLs.
Taking the first non-empty line and capping at _MAX_SENTRY_QUERY_LEN
characters is enough to produce a valid free-text search token.
"""
return _sentry_query_candidates(query)[0]
def describe_sentry_api_error(
err: httpx.HTTPStatusError,
*,
query: str = "",
project_slug: str = "",
) -> str:
"""Turn a Sentry HTTP failure into an operator- and agent-friendly message."""
detail = ""
try:
body = err.response.json()
if isinstance(body, dict):
detail = str(body.get("detail") or body.get("error") or "").strip()
except Exception:
detail = err.response.text.strip()
if not detail:
detail = str(err)
hints: list[str] = []
if err.response.status_code == 400:
if _OR_SPLIT.search(query.split("\n", maxsplit=1)[0]):
hints.append(
"Sentry issue search does not support OR; use one keyword or phrase at a time."
)
if project_slug:
hints.append(f"Verify project slug {project_slug!r} exists in the organization.")
hints.append(
"Prefer short free-text keywords or field filters such as is:unresolved level:error."
)
message = f"Sentry API returned HTTP {err.response.status_code}: {detail}"
if hints:
message = f"{message} {' '.join(hints)}"
return message
def _build_issue_list_params(
config: SentryConfig,
limit: int,
query: str,
stats_period: str | None = None,
*,
normalized_query: str | None = None,
) -> list[tuple[str, str | int | float | bool | None]]:
effective_query = (
normalized_query if normalized_query is not None else _sanitize_sentry_query(query)
)
params: list[tuple[str, str | int | float | bool | None]] = [
("limit", str(_clamp_issue_limit(limit))),
("statsPeriod", _resolve_stats_period(stats_period)),
("query", effective_query),
]
if config.project_slug:
params.append(("project", config.project_slug))
return params
def _request_json(
config: SentryConfig,
method: str,
path: str,
*,
params: list[tuple[str, str | int | float | bool | None]] | None = None,
) -> Any:
url = f"{config.api_base_url}{path}"
response = httpx.request(
method,
url,
headers=config.auth_headers,
params=params,
timeout=config.timeout_seconds,
)
response.raise_for_status()
return response.json()
def validate_sentry_config(config: SentryConfig) -> SentryValidationResult:
"""Validate Sentry connectivity with a lightweight issues query."""
if not config.organization_slug:
return SentryValidationResult(ok=False, detail="Sentry organization slug is required.")
if not config.auth_token:
return SentryValidationResult(ok=False, detail="Sentry auth token is required.")
try:
# Fetch a full page over the verify window so the detail reports a
# meaningful recent issue count instead of a probe artifact. The count
# is capped at the Sentry page size, shown as "N+" when it saturates.
issues = list_sentry_issues(
config=config,
limit=DEFAULT_SENTRY_ISSUE_LIMIT,
stats_period=_SENTRY_VERIFY_STATS_PERIOD,
)
issue_count = len(issues)
count_label = (
f"{issue_count}+" if issue_count >= _MAX_SENTRY_PAGE_SIZE else str(issue_count)
)
return SentryValidationResult(
ok=True,
detail=(
f"Sentry validated for org {config.organization_slug}; "
f"{count_label} issue(s) in the {_SENTRY_VERIFY_WINDOW_LABEL}."
),
issue_count=issue_count,
)
except httpx.HTTPStatusError as err:
detail = err.response.text.strip() or str(err)
return SentryValidationResult(ok=False, detail=f"Sentry validation failed: {detail}")
except Exception as err:
report_validation_failure(
err,
logger=logger,
integration="sentry",
method="validate_sentry_config",
)
return SentryValidationResult(ok=False, detail=f"Sentry validation failed: {err}")
def list_sentry_issues(
*,
config: SentryConfig,
query: str = "",
limit: int = DEFAULT_SENTRY_ISSUE_LIMIT,
stats_period: str | None = None,
) -> list[dict[str, Any]]:
"""List Sentry issues for an organization.
``limit`` is clamped to Sentry's 1..100 page range; ``stats_period``
(e.g. ``24h``, ``14d``) defaults to ``SENTRY_STATS_PERIOD`` then ``24h``.
"""
path = f"/api/0/organizations/{config.organization_slug}/issues/"
last_error: httpx.HTTPStatusError | None = None
for candidate in _sentry_query_candidates(query):
try:
payload = _request_json(
config,
"GET",
path,
params=_build_issue_list_params(
config,
limit,
query,
stats_period,
normalized_query=candidate,
),
)
return payload if isinstance(payload, list) else []
except httpx.HTTPStatusError as err:
if err.response.status_code == 400:
last_error = err
continue
raise
if last_error is not None:
raise last_error
return []
def get_sentry_issue(
*,
config: SentryConfig,
issue_id: str,
) -> dict[str, Any]:
"""Fetch full details for one Sentry issue."""
payload = _request_json(
config,
"GET",
f"/api/0/organizations/{config.organization_slug}/issues/{issue_id}/",
)
return payload if isinstance(payload, dict) else {}
def list_sentry_issue_events(
*,
config: SentryConfig,
issue_id: str,
limit: int = 10,
) -> list[dict[str, Any]]:
"""List recent events for a Sentry issue."""
payload = _request_json(
config,
"GET",
f"/api/0/organizations/{config.organization_slug}/issues/{issue_id}/events/",
params=[("limit", str(limit))],
)
return payload if isinstance(payload, list) else []
def classify(credentials: dict[str, Any], record_id: str) -> tuple[SentryConfig | None, str | None]:
try:
cfg = build_sentry_config(
{
"base_url": credentials.get("base_url", "https://sentry.io"),
"organization_slug": credentials.get("organization_slug", ""),
"auth_token": credentials.get("auth_token", ""),
"project_slug": credentials.get("project_slug", ""),
"integration_id": record_id,
}
)
except Exception as exc:
report_classify_failure(exc, logger=logger, integration="sentry", record_id=record_id)
return None, None
if cfg.organization_slug and cfg.auth_token:
return cfg, "sentry"
return None, None