Added Sentry to FE

[GelatoGenesis]

Summary by CodeRabbit

• New Features

  • Integrated comprehensive error tracking and performance monitoring (client, server, and edge)
  • Added an example page demonstrating diagnostics and a frontend trigger for reporting
  • Added a backend test endpoint to exercise error reporting

• Chores

  • Exposed monitoring env vars to the build process and updated public env schema
  • Added monitoring package dependency and ignored local plugin env file in VCS

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds Sentry integration across the app: CI secrets, public env keys, Next config wrapping, server/edge and client Sentry initialization, runtime-aware instrumentation, example frontend page and API route that trigger/report errors, and package + gitignore updates.

Changes

Cohort / File(s)	Change Summary
CI & Gitignore '.github/workflows/build-upload-deploy-prod.yml', '.gitignore'	CI Build step now passes SENTRY_AUTH_TOKEN and SENTRY_DSN from secrets into the build; added .env.sentry-build-plugin to .gitignore.
Next config & deps next.config.mjs, package.json	Added @sentry/nextjs dependency and conditionally wrap Next config with withSentryConfig when SENTRY_DSN is present; default export becomes a wrapper that delegates to the appropriate config.
Public env schema config/env.schema.ts	Added optional SENTRY_DSN and NEXT_RUNTIME to publicEnvSchema and the exported PublicEnv type.
Server / Edge Sentry configs sentry.server.config.ts, sentry.edge.config.ts	New server- and edge-targeted Sentry initialization modules that read publicEnv.SENTRY_DSN and initialize Sentry (tracesSampleRate, logs, sendDefaultPii).
Instrumentation API instrumentation.ts, instrumentation-client.ts	New runtime-aware register() that dynamically imports server/edge configs; client instrumentation initializes Sentry + Replay, and exports onRouterTransitionStart.
Client error integration app/error.tsx, app/global-error.tsx	Added client-side effect hooks to capture exceptions to Sentry when publicEnv.SENTRY_DSN is set.
Sentry example UI & API app/sentry-example-page/page.tsx, app/api/sentry-example-api/route.ts	New example page that checks Sentry connectivity, starts a span and triggers a frontend error; new API route that throws a custom error to demonstrate server-side capture.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Browser as Frontend Page
    participant NextAPI as Server API
    participant Sentry

    User->>Browser: Click "Send Example Error"
    Browser->>Sentry: start span (Example Frontend/Backend Span)
    Browser->>NextAPI: fetch /api/sentry-example-api
    Note right of NextAPI: route throws SentryExampleAPIError
    NextAPI-->>Sentry: capture exception (server)
    NextAPI-->>Browser: 500 response
    Browser->>Sentry: capture exception (frontend) / finish span

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Inspect next.config.mjs wrapper to ensure phase/rest propagation and no build-time leak of secrets.
• Verify dynamic import logic and runtime detection in instrumentation.ts (nodejs vs edge).
• Confirm DSN presence guards to avoid reporting in unintended environments and validate sampling rates.

Possibly related PRs

• Better error handling #1611 — touches app-level error handling in app/error.tsx and app/global-error.tsx, directly related.
• Fix process.env use #1495 — modifies env handling and Next config similar to config/env.schema.ts and next.config.mjs.

Suggested reviewers

• ragnep
• prxt6529

Poem

🐰 I hopped through files with nimble feet,

I wove a DSN where errors meet,
Client, server, edge — a stitched-up song,
Now traces hum and logs belong,
🥕✨ — from the rabbit who chased each bug so long.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 14.29% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Added Sentry to FE' accurately summarizes the main objective of the changeset, which comprehensively integrates Sentry error monitoring across frontend and backend infrastructure.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch sentry

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (7)

sentry.server.config.ts (1)

16-16: Consider lowering tracesSampleRate for production.

Setting tracesSampleRate: 1 means 100% of traces will be sampled, which can impact performance and incur significant costs in production. Consider using a lower value (e.g., 0.1 for 10%) or implementing tracesSampler for more granular control.

-  tracesSampleRate: 1,
+  tracesSampleRate: 0.1,

sentry.edge.config.ts (1)

1-24: Strip template comments to match repo guidelines

This new TS file introduces several header and inline comments. Per the repo rules for *.ts/tsx/js/jsx files, the code should be self‑explanatory and comment‑free. Please remove these comments (or move any necessary documentation into separate markdown) and keep just the minimal Sentry init.

instrumentation-client.ts (1)

1-37: Remove inline comments to comply with TS/JS comment policy

Similar to the edge config, this file adds several comments in a *.ts module. The project guidelines ask for self‑documenting code without comments in TS/JS/TSX/JSX. Please strip these comments (or move explanatory text into docs) and keep the code minimal.

config/env.schema.ts (1)

17-18: Env schema updates look good; consider tightening SENTRY_DSN validation

Adding NEXT_RUNTIME and SENTRY_DSN to publicEnvSchema is consistent with how other public vars are handled and will flow cleanly into PUBLIC_RUNTIME.

If you want stronger guardrails, you could validate SENTRY_DSN as a URL (Sentry DSNs are URL‑shaped), e.g.:

SENTRY_DSN: z.string().url().optional(),

Not required, but it would fail fast on obviously broken DSNs during build.

Also applies to: 119-131

next.config.mjs (1)

12-13: Propagate ...rest and name the default export to satisfy tooling

The conditional default export works, but you can make it a bit more robust and address the Sonar warning by:

• Propagating ...rest to nextConfigFactory as well, so future changes that use the second argument stay consistent.
• Giving the wrapper a name.

For example:

-const sentryWrappedConfig = withSentryConfig(nextConfigFactory, { /* ... */ });
-
-export default (phase, ...rest) => {
-  if (!sentryEnabled) {
-    return nextConfigFactory(phase);
-  }
-  return sentryWrappedConfig(phase, ...rest);
-};
+const sentryWrappedConfig = withSentryConfig(nextConfigFactory, { /* ... */ });
+
+const createNextConfig = (phase, ...rest) => {
+  if (!sentryEnabled) {
+    return nextConfigFactory(phase, ...rest);
+  }
+  return sentryWrappedConfig(phase, ...rest);
+};
+
+export default createNextConfig;

This should keep Next/Sentry behavior identical while making linters happier and future‑proofing the call signature.

Also applies to: 290-321, 323-327

app/sentry-example-page/page.tsx (2)

69-79: Flatten nested ternary for readability (optional)

The nested ternary for hasSentError / !isConnected works but is harder to read and is flagged by Sonar. Consider extracting it to a small helper or using explicit conditionals, e.g.:

let statusNode: React.ReactNode;

if (hasSentError) {
  statusNode = <p className="success">Error sent to Sentry.</p>;
} else if (!isConnected) {
  statusNode = (
    <div className="connectivity-error">
      <p>It looks like network requests to Sentry are being blocked, which will prevent errors from being captured. Try disabling your ad-blocker to complete the test.</p>
    </div>
  );
} else {
  statusNode = <div className="success_placeholder" />;
}

return (
  <>
    {/* ... */}
    {statusNode}
    {/* ... */}
  </>
);

Pure readability/maintainability; behavior stays the same.

---

35-67: Optional: Align styling/data-fetching with Tailwind, react-query, and icon guidelines

Given this is an example page, the inline <style> block, SVG icon, and direct fetch are understandable, but they diverge from the project conventions for TSX components (TailwindCSS for styling, FontAwesome for icons, react‑query for data fetching).

Not required for functionality, but if you want everything to conform strictly to the shared patterns, consider:

• Replacing the inline CSS with Tailwind utility classes.
• Using a FontAwesome icon instead of the raw SVG (or wrapping the SVG in a reusable icon component).
• Wrapping the backend request in a small react‑query mutation instead of a bare fetch.

Happy to sketch a Tailwind/react‑query version if you decide to align this example page with the rest of the app.

Also applies to: 85-206

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 261fc9a and 0ba33a5.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (13)

• .github/workflows/build-upload-deploy-prod.yml (1 hunks)
• .gitignore (1 hunks)
• app/api/sentry-example-api/route.ts (1 hunks)
• app/error.tsx (1 hunks)
• app/global-error.tsx (1 hunks)
• app/sentry-example-page/page.tsx (1 hunks)
• config/env.schema.ts (2 hunks)
• instrumentation-client.ts (1 hunks)
• instrumentation.ts (1 hunks)
• next.config.mjs (3 hunks)
• package.json (1 hunks)
• sentry.edge.config.ts (1 hunks)
• sentry.server.config.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (8)

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursorrules)

**/*.{ts,tsx,js,jsx}: Do not include any comments in the code; it should be self-explanatory
Write correct, up-to-date, bug-free, fully componentized, secure, and efficient code
Include all required imports and ensure proper naming of key components
Use NextJS features that match the current version

**/*.{ts,tsx,js,jsx}: Enforce ≥ 80% line coverage for files changed since main via npm run test
All code must pass ESLint (Next's Core Web Vitals + React Hooks rules) via npm run lint
Use <Link> from Next.js for internal navigation instead of <a> tags or HTML anchors
Use <Image> from next/image instead of HTML <img> elements

Files:

• app/error.tsx
• sentry.server.config.ts
• instrumentation.ts
• app/sentry-example-page/page.tsx
• app/api/sentry-example-api/route.ts
• app/global-error.tsx
• instrumentation-client.ts
• sentry.edge.config.ts
• config/env.schema.ts

**/*.{tsx,jsx}

📄 CodeRabbit inference engine (.cursorrules)

**/*.{tsx,jsx}: Use FontAwesome for icons in React components
Use TailwindCSS for styling in React components
Use react-query for data fetching
Always add readonly before props in React components

Files:

• app/error.tsx
• app/sentry-example-page/page.tsx
• app/global-error.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: All code must pass TypeScript type checking via npm run type-check (tsc --noEmit)
Use 'use cache' directive at the top of Server Components or functions to explicitly opt-in to caching in Next.js 16

Files:

• app/error.tsx
• sentry.server.config.ts
• instrumentation.ts
• app/sentry-example-page/page.tsx
• app/api/sentry-example-api/route.ts
• app/global-error.tsx
• instrumentation-client.ts
• sentry.edge.config.ts
• config/env.schema.ts

app/**/page.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

All routes in app/ must export generateMetadata using the getAppMetadata helper from @/components/providers/metadata

Files:

• app/sentry-example-page/page.tsx

app/api/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (app/api/AGENTS.md)

app/api/**/*.{ts,tsx,js,jsx}: Never call fetch directly with user-controlled or scraped URLs. Use helpers from @/lib/security/urlGuard (parsePublicUrl, assertPublicUrl, fetchPublicUrl, fetchPublicJson) to validate URLs against host/IP allowlists and DNS checks before making network requests.
When needing custom headers or timeouts for external requests, pass them via @/lib/security/urlGuard helper options rather than re-implementing your own wrapper.
Catch UrlGuardError explicitly if returning a tailored response; otherwise let it bubble so the caller can surface the correct status code.
Follow the project default responses (NextResponse.json) and reuse existing util modules instead of duplicating logic.

Files:

• app/api/sentry-example-api/route.ts

app/api/**/route.ts

📄 CodeRabbit inference engine (app/api/AGENTS.md)

app/api/**/route.ts: Export HTTP verb handlers (e.g. GET, POST, etc.) from route.ts files, keeping logic in small internal functions when it grows beyond ~200 lines.
For edge caching behavior, prefer export const dynamic = "force-dynamic"; or revalidate constants rather than inline headers.

Files:

• app/api/sentry-example-api/route.ts

app/api/**/*.{ts,tsx}

📄 CodeRabbit inference engine (app/api/AGENTS.md)

Use TypeScript types for request parameters and responses; avoid any unless a 3rd-party payload truly has no shape guarantees.

Files:

• app/api/sentry-example-api/route.ts

{.env*,*.env,**/config/**}

📄 CodeRabbit inference engine (.cursor/rules/dev_workflow.mdc)

Configure Task Master behavior via environment variables: ANTHROPIC_API_KEY (required), MODEL, MAX_TOKENS, TEMPERATURE, DEBUG, LOG_LEVEL, DEFAULT_SUBTASKS, DEFAULT_PRIORITY, PROJECT_NAME, PROJECT_VERSION, PERPLEXITY_API_KEY, and PERPLEXITY_MODEL

Files:

• config/env.schema.ts

🧠 Learnings (8)

📓 Common learnings

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: .cursorrules:0-0
Timestamp: 2025-11-25T08:35:58.721Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use NextJS features that match the current version

📚 Learning: 2025-11-25T08:37:44.679Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: app/api/AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:44.679Z
Learning: Applies to app/api/**/*.{ts,tsx,js,jsx} : Catch `UrlGuardError` explicitly if returning a tailored response; otherwise let it bubble so the caller can surface the correct status code.

Applied to files:

• app/error.tsx
• app/api/sentry-example-api/route.ts
• app/global-error.tsx

📚 Learning: 2025-11-25T08:35:58.721Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: .cursorrules:0-0
Timestamp: 2025-11-25T08:35:58.721Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use NextJS features that match the current version

Applied to files:

• sentry.server.config.ts
• package.json

📚 Learning: 2025-11-25T08:37:44.679Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: app/api/AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:44.679Z
Learning: Applies to app/api/**/route.ts : For edge caching behavior, prefer `export const dynamic = "force-dynamic";` or `revalidate` constants rather than inline headers.

Applied to files:

• app/api/sentry-example-api/route.ts

📚 Learning: 2025-11-25T08:37:44.679Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: app/api/AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:44.679Z
Learning: Applies to app/api/**/route.ts : Export HTTP verb handlers (e.g. `GET`, `POST`, etc.) from `route.ts` files, keeping logic in small internal functions when it grows beyond ~200 lines.

Applied to files:

• app/api/sentry-example-api/route.ts

📚 Learning: 2025-11-25T08:37:14.939Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:14.939Z
Learning: Fix issues with modernization aligned to React 19.2, React Compiler, and Next.js 16 conventions; do not add `// eslint-disable` comments unless explicitly instructed

Applied to files:

• next.config.mjs
• package.json

📚 Learning: 2025-11-25T08:37:14.939Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:14.939Z
Learning: Applies to next.config.{ts,js} : Use ESLint CLI with `eslint-config-next` flat config instead of removed `next lint` command in Next.js 16; remove any `eslint` options from `next.config.*`

Applied to files:

• next.config.mjs

📚 Learning: 2025-11-25T08:37:14.939Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:14.939Z
Learning: Applies to next.config.ts : Consider enabling React Compiler in `next.config.ts` with `reactCompiler: true` once CI is green

Applied to files:

• next.config.mjs

🧬 Code graph analysis (5)

app/error.tsx (2)

app/error/page.tsx (1)

• ErrorPage (9-19)

next.config.mjs (2)

• publicEnv (217-217)
• publicEnv (275-275)

sentry.server.config.ts (1)

next.config.mjs (2)

• publicEnv (217-217)
• publicEnv (275-275)

instrumentation.ts (1)

next.config.mjs (3)

• sentryEnabled (12-12)
• publicEnv (217-217)
• publicEnv (275-275)

app/global-error.tsx (1)

next.config.mjs (2)

• publicEnv (217-217)
• publicEnv (275-275)

sentry.edge.config.ts (1)

next.config.mjs (2)

• publicEnv (217-217)
• publicEnv (275-275)

🪛 Biome (2.1.2)

app/sentry-example-page/page.tsx

[error] 43-43: Avoid using target="_blank" without rel="noopener" or rel="noreferrer".

Opening external links in new tabs without rel="noopener" is a security risk. See the explanation for more details.
Safe fix: Add the rel="noopener" attribute.

(lint/security/noBlankTarget)

---

[error] 44-44: Avoid using target="_blank" without rel="noopener" or rel="noreferrer".

Opening external links in new tabs without rel="noopener" is a security risk. See the explanation for more details.
Safe fix: Add the rel="noopener" attribute.

(lint/security/noBlankTarget)

app/api/sentry-example-api/route.ts

[error] 13-13: This code will never be reached ...

... because this statement will throw an exception beforehand

(lint/correctness/noUnreachable)

🪛 GitHub Check: SonarCloud Code Analysis

app/sentry-example-page/page.tsx

[warning] 73-79: Extract this nested ternary operation into an independent statement.

See more on https://sonarcloud.io/project/issues?id=6529-Collections_6529seize-frontend&issues=AZrKp68BQcjaf255EI57&open=AZrKp68BQcjaf255EI57&pullRequest=1622

---

[warning] 73-73: Unexpected negated condition.

See more on https://sonarcloud.io/project/issues?id=6529-Collections_6529seize-frontend&issues=AZrKp68BQcjaf255EI56&open=AZrKp68BQcjaf255EI56&pullRequest=1622

next.config.mjs

[warning] 323-323: The arrow function should be named.

See more on https://sonarcloud.io/project/issues?id=6529-Collections_6529seize-frontend&issues=AZrKp688Qcjaf255EI59&open=AZrKp688Qcjaf255EI59&pullRequest=1622

instrumentation-client.ts

[warning] 32-32: Don't use a zero fraction in the number.

See more on https://sonarcloud.io/project/issues?id=6529-Collections_6529seize-frontend&issues=AZrKp68iQcjaf255EI58&open=AZrKp68iQcjaf255EI58&pullRequest=1622

🔇 Additional comments (10)

.gitignore (1)

95-97: LGTM!

Adding .env.sentry-build-plugin to .gitignore is standard practice to prevent committing sensitive Sentry build tokens.

.github/workflows/build-upload-deploy-prod.yml (1)

53-54: LGTM!

Passing Sentry secrets as environment variables during the build step is standard practice for Sentry integration with Next.js.

app/api/sentry-example-api/route.ts (1)

3-3: LGTM!

The use of export const dynamic = "force-dynamic" follows the coding guidelines for API routes.

app/error.tsx (1)

16-19: LGTM!

The Sentry error capture integration is correctly implemented with a conditional check for the DSN configuration.

sentry.server.config.ts (1)

23-23: Review privacy implications of sendDefaultPii.

Setting sendDefaultPii: true sends personally identifiable information to Sentry. Ensure this aligns with your privacy policy and compliance requirements (GDPR, CCPA, etc.).

instrumentation.ts (2)

6-15: LGTM!

The conditional dynamic import pattern for server and edge Sentry configurations based on NEXT_RUNTIME is correct and follows Next.js 15+ instrumentation best practices.

---

17-19: LGTM!

Conditionally exporting onRequestError based on whether Sentry is enabled is a clean pattern for optional error capture.

package.json (1)

77-77: @sentry/nextjs@10.27.0 is a security patch release but lacks official Next.js 16 / React 19 support documentation.

Version 10.27.0 fixes CVE-2025-65944 (sensitive HTTP headers leaked when sendDefaultPii=true), so it is security-current. However, Sentry's official documentation does not list Next.js 16 or React 19 as supported—only through Next.js 15 is explicitly documented. Before deployment, verify full build and runtime compatibility (SSR, API routes, edge functions, client errors) in a test environment. If issues arise, consider upgrading to the latest @sentry/nextjs release or checking Sentry's GitHub for Next.js 16 / React 19 compatibility notes.

next.config.mjs (1)

290-321: Sentry wrapping pattern is good; verify org/project/tunnelRoute settings

Using withSentryConfig(nextConfigFactory, options) and gating it behind sentryEnabled is a solid approach and should keep Sentry disabled when SENTRY_DSN is absent.

Two small follow‑ups:

• Double‑check org: "seize-ff", project: "6529-frontend", and tunnelRoute: "/monitoring" match your actual Sentry org/project and any existing monitoring routes.
• If you ever need to disable source map upload in specific environments, you might want to gate widenClientFileUpload and automaticVercelMonitors behind env flags as well, since both impact build time/behavior.

app/sentry-example-page/page.tsx (1)

3-4: The review comment's primary recommendation is incorrect for this client component

This file is marked "use client" (line 1), which means it's a Client Component. In Next.js App Router:

• generateMetadata can only be exported from Server Components
• Client Components must use <Head> from next/head (or equivalent) for metadata
• The current implementation using Head is actually correct for a client component

However, the genuine security issue remains unaddressed:

The external links on lines 43–45 lack the rel attribute. Fix this:

-          Click the button below, and view the sample error on the Sentry <a target="_blank" href="https://seize-ff.sentry.io/issues/?project=4510442439573504">Issues Page</a>.
-          For more details about setting up Sentry, <a target="_blank"
-           href="https://docs.sentry.io/platforms/javascript/guides/nextjs/">read our docs</a>.
+          Click the button below, and view the sample error on the Sentry <a target="_blank" rel="noopener noreferrer" href="https://seize-ff.sentry.io/issues/?project=4510442439573504">Issues Page</a>.
+          For more details about setting up Sentry, <a target="_blank" rel="noopener noreferrer"
+           href="https://docs.sentry.io/platforms/javascript/guides/nextjs/">read our docs</a>.

This is required to pass ESLint's security rules.

Likely an incorrect or invalid review comment.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
5 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 3

♻️ Duplicate comments (2)

app/api/sentry-example-api/route.ts (1)

1-14: LGTM!

The API route structure correctly uses export const dynamic = "force-dynamic" and the custom error class for Sentry testing. The unreachable return has been acknowledged and will be addressed in a follow-up PR.

app/sentry-example-page/page.tsx (1)

43-45: Add rel="noopener noreferrer" to external links.

Both external <a> tags use target="_blank" without the rel attribute, creating a security vulnerability (tab-nabbing). All external links opened in new tabs must include this attribute.

Apply this diff:

-          Click the button below, and view the sample error on the Sentry <a target="_blank" href="https://seize-ff.sentry.io/issues/?project=4510442439573504">Issues Page</a>.
-          For more details about setting up Sentry, <a target="_blank"
-           href="https://docs.sentry.io/platforms/javascript/guides/nextjs/">read our docs</a>.
+          Click the button below, and view the sample error on the Sentry <a target="_blank" rel="noopener noreferrer" href="https://seize-ff.sentry.io/issues/?project=4510442439573504">Issues Page</a>.
+          For more details about setting up Sentry, <a target="_blank" rel="noopener noreferrer"
+           href="https://docs.sentry.io/platforms/javascript/guides/nextjs/">read our docs</a>.

🧹 Nitpick comments (1)

config/env.schema.ts (1)

122-122: Consider adding URL validation for SENTRY_DSN.

The DSN is typically a URL. Adding .url() validation would catch configuration errors early.

Apply this diff if you want stricter validation:

-  SENTRY_DSN: z.string().optional(),
+  SENTRY_DSN: z.string().url("SENTRY_DSN must be a valid URL").optional(),

Alternatively, keep it as-is if you need flexibility during development or if the DSN can be omitted entirely.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0ba33a5 and dbf0be5.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (13)

• .github/workflows/build-upload-deploy-prod.yml (1 hunks)
• .gitignore (1 hunks)
• app/api/sentry-example-api/route.ts (1 hunks)
• app/error.tsx (1 hunks)
• app/global-error.tsx (1 hunks)
• app/sentry-example-page/page.tsx (1 hunks)
• config/env.schema.ts (2 hunks)
• instrumentation-client.ts (1 hunks)
• instrumentation.ts (1 hunks)
• next.config.mjs (3 hunks)
• package.json (1 hunks)
• sentry.edge.config.ts (1 hunks)
• sentry.server.config.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (8)

• package.json
• .gitignore
• sentry.edge.config.ts
• instrumentation.ts
• .github/workflows/build-upload-deploy-prod.yml
• app/error.tsx
• next.config.mjs
• instrumentation-client.ts

🧰 Additional context used

📓 Path-based instructions (8)

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursorrules)

**/*.{ts,tsx,js,jsx}: Do not include any comments in the code; it should be self-explanatory
Write correct, up-to-date, bug-free, fully componentized, secure, and efficient code
Include all required imports and ensure proper naming of key components
Use NextJS features that match the current version

**/*.{ts,tsx,js,jsx}: Enforce ≥ 80% line coverage for files changed since main via npm run test
All code must pass ESLint (Next's Core Web Vitals + React Hooks rules) via npm run lint
Use <Link> from Next.js for internal navigation instead of <a> tags or HTML anchors
Use <Image> from next/image instead of HTML <img> elements

Files:

• app/global-error.tsx
• config/env.schema.ts
• app/sentry-example-page/page.tsx
• sentry.server.config.ts
• app/api/sentry-example-api/route.ts

**/*.{tsx,jsx}

📄 CodeRabbit inference engine (.cursorrules)

**/*.{tsx,jsx}: Use FontAwesome for icons in React components
Use TailwindCSS for styling in React components
Use react-query for data fetching
Always add readonly before props in React components

Files:

• app/global-error.tsx
• app/sentry-example-page/page.tsx

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: All code must pass TypeScript type checking via npm run type-check (tsc --noEmit)
Use 'use cache' directive at the top of Server Components or functions to explicitly opt-in to caching in Next.js 16

Files:

• app/global-error.tsx
• config/env.schema.ts
• app/sentry-example-page/page.tsx
• sentry.server.config.ts
• app/api/sentry-example-api/route.ts

{.env*,*.env,**/config/**}

📄 CodeRabbit inference engine (.cursor/rules/dev_workflow.mdc)

Configure Task Master behavior via environment variables: ANTHROPIC_API_KEY (required), MODEL, MAX_TOKENS, TEMPERATURE, DEBUG, LOG_LEVEL, DEFAULT_SUBTASKS, DEFAULT_PRIORITY, PROJECT_NAME, PROJECT_VERSION, PERPLEXITY_API_KEY, and PERPLEXITY_MODEL

Files:

• config/env.schema.ts

app/**/page.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

All routes in app/ must export generateMetadata using the getAppMetadata helper from @/components/providers/metadata

Files:

• app/sentry-example-page/page.tsx

app/api/**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (app/api/AGENTS.md)

app/api/**/*.{ts,tsx,js,jsx}: Never call fetch directly with user-controlled or scraped URLs. Use helpers from @/lib/security/urlGuard (parsePublicUrl, assertPublicUrl, fetchPublicUrl, fetchPublicJson) to validate URLs against host/IP allowlists and DNS checks before making network requests.
When needing custom headers or timeouts for external requests, pass them via @/lib/security/urlGuard helper options rather than re-implementing your own wrapper.
Catch UrlGuardError explicitly if returning a tailored response; otherwise let it bubble so the caller can surface the correct status code.
Follow the project default responses (NextResponse.json) and reuse existing util modules instead of duplicating logic.

Files:

• app/api/sentry-example-api/route.ts

app/api/**/route.ts

📄 CodeRabbit inference engine (app/api/AGENTS.md)

app/api/**/route.ts: Export HTTP verb handlers (e.g. GET, POST, etc.) from route.ts files, keeping logic in small internal functions when it grows beyond ~200 lines.
For edge caching behavior, prefer export const dynamic = "force-dynamic"; or revalidate constants rather than inline headers.

Files:

• app/api/sentry-example-api/route.ts

app/api/**/*.{ts,tsx}

📄 CodeRabbit inference engine (app/api/AGENTS.md)

Use TypeScript types for request parameters and responses; avoid any unless a 3rd-party payload truly has no shape guarantees.

Files:

• app/api/sentry-example-api/route.ts

🧠 Learnings (6)

📚 Learning: 2025-11-25T08:37:44.679Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: app/api/AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:44.679Z
Learning: Applies to app/api/**/*.{ts,tsx,js,jsx} : Catch `UrlGuardError` explicitly if returning a tailored response; otherwise let it bubble so the caller can surface the correct status code.

Applied to files:

• app/global-error.tsx
• app/api/sentry-example-api/route.ts

📚 Learning: 2025-11-25T08:37:14.939Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:14.939Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Use `<Link>` from Next.js for internal navigation instead of `<a>` tags or HTML anchors

Applied to files:

• app/sentry-example-page/page.tsx

📚 Learning: 2025-11-25T08:37:14.939Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:14.939Z
Learning: Fix issues with modernization aligned to React 19.2, React Compiler, and Next.js 16 conventions; do not add `// eslint-disable` comments unless explicitly instructed

Applied to files:

• app/sentry-example-page/page.tsx

📚 Learning: 2025-11-25T08:37:44.679Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: app/api/AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:44.679Z
Learning: Applies to app/api/**/route.ts : For edge caching behavior, prefer `export const dynamic = "force-dynamic";` or `revalidate` constants rather than inline headers.

Applied to files:

• app/api/sentry-example-api/route.ts

📚 Learning: 2025-11-25T08:37:44.679Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: app/api/AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:44.679Z
Learning: Applies to app/api/**/route.ts : Export HTTP verb handlers (e.g. `GET`, `POST`, etc.) from `route.ts` files, keeping logic in small internal functions when it grows beyond ~200 lines.

Applied to files:

• app/api/sentry-example-api/route.ts

📚 Learning: 2025-11-25T08:37:14.939Z

Learnt from: CR
Repo: 6529-Collections/6529seize-frontend PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-11-25T08:37:14.939Z
Learning: Applies to app/**/page.{ts,tsx} : All routes in `app/` must export `generateMetadata` using the `getAppMetadata` helper from `@/components/providers/metadata`

Applied to files:

• app/api/sentry-example-api/route.ts

🧬 Code graph analysis (2)

app/global-error.tsx (1)

next.config.mjs (2)

• publicEnv (217-217)
• publicEnv (275-275)

sentry.server.config.ts (1)

next.config.mjs (2)

• publicEnv (217-217)
• publicEnv (275-275)

🪛 Biome (2.1.2)

app/sentry-example-page/page.tsx

[error] 43-43: Avoid using target="_blank" without rel="noopener" or rel="noreferrer".

Opening external links in new tabs without rel="noopener" is a security risk. See the explanation for more details.
Safe fix: Add the rel="noopener" attribute.

(lint/security/noBlankTarget)

---

[error] 44-44: Avoid using target="_blank" without rel="noopener" or rel="noreferrer".

Opening external links in new tabs without rel="noopener" is a security risk. See the explanation for more details.
Safe fix: Add the rel="noopener" attribute.

(lint/security/noBlankTarget)

app/api/sentry-example-api/route.ts

[error] 13-13: This code will never be reached ...

... because this statement will throw an exception beforehand

(lint/correctness/noUnreachable)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (2)

app/global-error.tsx (1)

16-19: LGTM!

The Sentry integration correctly uses a truthiness check for publicEnv.SENTRY_DSN and properly captures exceptions in the global error handler.

config/env.schema.ts (1)

17-17: LGTM!

The NEXT_RUNTIME addition correctly identifies the runtime environment (nodejs or edge) for conditional Sentry initialization.