Skip to content

feat: add Sentry error tracking to all Next.js apps #436

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
saddlepaddle merged 2 commits into from
Dec 19, 2025
Merged

feat: add Sentry error tracking to all Next.js apps #436

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9244bb3
feat: add Sentry error tracking to all Next.js apps
saddlepaddle Dec 19, 2025
de6bfc8
WIP - sentry
saddlepaddle Dec 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,4 +59,16 @@ DESKTOP_AUTH_SECRET=
# -----------------------------------------------------------------------------
# Freestyle
# -----------------------------------------------------------------------------
FREESTYLE_API_KEY=
FREESTYLE_API_KEY=

# -----------------------------------------------------------------------------
# Sentry Error Tracking
# -----------------------------------------------------------------------------
SENTRY_AUTH_TOKEN=
NEXT_PUBLIC_SENTRY_ENVIRONMENT=development
NEXT_PUBLIC_SENTRY_DSN_WEB=
NEXT_PUBLIC_SENTRY_DSN_MARKETING=
NEXT_PUBLIC_SENTRY_DSN_ADMIN=
NEXT_PUBLIC_SENTRY_DSN_DOCS=
NEXT_PUBLIC_SENTRY_DSN_API=
SENTRY_DSN_DESKTOP=
35 changes: 30 additions & 5 deletions .github/workflows/deploy-preview.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,9 @@ jobs:
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
GH_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
GH_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }}
NEXT_PUBLIC_SENTRY_DSN_API: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_API }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=preview --token=$VERCEL_TOKEN
vercel build --token=$VERCEL_TOKEN
Expand All @@ -147,7 +150,9 @@ jobs:
--env GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID \
--env GOOGLE_CLIENT_SECRET=$GOOGLE_CLIENT_SECRET \
--env GH_CLIENT_ID=$GH_CLIENT_ID \
--env GH_CLIENT_SECRET=$GH_CLIENT_SECRET)
--env GH_CLIENT_SECRET=$GH_CLIENT_SECRET \
--env NEXT_PUBLIC_SENTRY_DSN_API=$NEXT_PUBLIC_SENTRY_DSN_API \
--env NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT)
vercel alias $VERCEL_URL ${{ env.API_ALIAS }} --scope=$VERCEL_ORG_ID --token=$VERCEL_TOKEN
echo "vercel_url=$VERCEL_URL" >> $GITHUB_OUTPUT

Expand Down Expand Up @@ -221,6 +226,9 @@ jobs:
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
DESKTOP_AUTH_SECRET: ${{ secrets.DESKTOP_AUTH_SECRET }}
NEXT_PUBLIC_SENTRY_DSN_WEB: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_WEB }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=preview --token=$VERCEL_TOKEN
vercel build --token=$VERCEL_TOKEN
Expand All @@ -236,7 +244,9 @@ jobs:
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST)
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
--env NEXT_PUBLIC_SENTRY_DSN_WEB=$NEXT_PUBLIC_SENTRY_DSN_WEB \
--env NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT)
vercel alias $VERCEL_URL ${{ env.WEB_ALIAS }} --scope=$VERCEL_ORG_ID --token=$VERCEL_TOKEN
echo "vercel_url=$VERCEL_URL" >> $GITHUB_OUTPUT

Expand Down Expand Up @@ -293,6 +303,9 @@ jobs:
NEXT_PUBLIC_COOKIE_DOMAIN: ${{ secrets.NEXT_PUBLIC_COOKIE_DOMAIN }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
NEXT_PUBLIC_SENTRY_DSN_MARKETING: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_MARKETING }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=preview --token=$VERCEL_TOKEN
vercel build --token=$VERCEL_TOKEN
Expand All @@ -303,7 +316,9 @@ jobs:
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST)
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
--env NEXT_PUBLIC_SENTRY_DSN_MARKETING=$NEXT_PUBLIC_SENTRY_DSN_MARKETING \
--env NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT)
vercel alias $VERCEL_URL ${{ env.MARKETING_ALIAS }} --scope=$VERCEL_ORG_ID --token=$VERCEL_TOKEN
echo "vercel_url=$VERCEL_URL" >> $GITHUB_OUTPUT

Expand Down Expand Up @@ -373,6 +388,9 @@ jobs:
NEXT_PUBLIC_COOKIE_DOMAIN: ${{ secrets.NEXT_PUBLIC_COOKIE_DOMAIN }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
NEXT_PUBLIC_SENTRY_DSN_ADMIN: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_ADMIN }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=preview --token=$VERCEL_TOKEN
vercel build --token=$VERCEL_TOKEN
Expand All @@ -385,7 +403,9 @@ jobs:
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST)
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
--env NEXT_PUBLIC_SENTRY_DSN_ADMIN=$NEXT_PUBLIC_SENTRY_DSN_ADMIN \
--env NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT)
vercel alias $VERCEL_URL ${{ env.ADMIN_ALIAS }} --scope=$VERCEL_ORG_ID --token=$VERCEL_TOKEN
echo "vercel_url=$VERCEL_URL" >> $GITHUB_OUTPUT

Expand Down Expand Up @@ -440,12 +460,17 @@ jobs:
NEXT_PUBLIC_MARKETING_URL: https://${{ env.MARKETING_ALIAS }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
NEXT_PUBLIC_SENTRY_DSN_DOCS: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_DOCS }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=preview --token=$VERCEL_TOKEN
vercel build --token=$VERCEL_TOKEN
VERCEL_URL=$(vercel deploy --prebuilt --token=$VERCEL_TOKEN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST)
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
--env NEXT_PUBLIC_SENTRY_DSN_DOCS=$NEXT_PUBLIC_SENTRY_DSN_DOCS \
--env NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT)
vercel alias $VERCEL_URL ${{ env.DOCS_ALIAS }} --scope=$VERCEL_ORG_ID --token=$VERCEL_TOKEN
echo "vercel_url=$VERCEL_URL" >> $GITHUB_OUTPUT

Expand Down
35 changes: 30 additions & 5 deletions .github/workflows/deploy-production.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,9 @@ jobs:
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
GH_CLIENT_ID: ${{ secrets.GH_CLIENT_ID }}
GH_CLIENT_SECRET: ${{ secrets.GH_CLIENT_SECRET }}
NEXT_PUBLIC_SENTRY_DSN_API: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_API }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=production --token=$VERCEL_TOKEN
vercel build --prod --token=$VERCEL_TOKEN
Expand All @@ -97,7 +100,9 @@ jobs:
--env GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID \
--env GOOGLE_CLIENT_SECRET=$GOOGLE_CLIENT_SECRET \
--env GH_CLIENT_ID=$GH_CLIENT_ID \
--env GH_CLIENT_SECRET=$GH_CLIENT_SECRET
--env GH_CLIENT_SECRET=$GH_CLIENT_SECRET \
--env NEXT_PUBLIC_SENTRY_DSN_API=$NEXT_PUBLIC_SENTRY_DSN_API \
--env NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT

deploy-web:
name: Deploy Web to Vercel
Expand Down Expand Up @@ -143,6 +148,9 @@ jobs:
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
DESKTOP_AUTH_SECRET: ${{ secrets.DESKTOP_AUTH_SECRET }}
NEXT_PUBLIC_SENTRY_DSN_WEB: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_WEB }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=production --token=$VERCEL_TOKEN
vercel build --prod --token=$VERCEL_TOKEN
Expand All @@ -158,7 +166,9 @@ jobs:
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
--env NEXT_PUBLIC_SENTRY_DSN_WEB=$NEXT_PUBLIC_SENTRY_DSN_WEB \
--env NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT

deploy-marketing:
name: Deploy Marketing to Vercel
Expand Down Expand Up @@ -199,6 +209,9 @@ jobs:
NEXT_PUBLIC_COOKIE_DOMAIN: ${{ secrets.NEXT_PUBLIC_COOKIE_DOMAIN }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
NEXT_PUBLIC_SENTRY_DSN_MARKETING: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_MARKETING }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=production --token=$VERCEL_TOKEN
vercel build --prod --token=$VERCEL_TOKEN
Expand All @@ -209,7 +222,9 @@ jobs:
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
--env NEXT_PUBLIC_SENTRY_DSN_MARKETING=$NEXT_PUBLIC_SENTRY_DSN_MARKETING \
--env NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT

deploy-admin:
name: Deploy Admin to Vercel
Expand Down Expand Up @@ -252,6 +267,9 @@ jobs:
NEXT_PUBLIC_COOKIE_DOMAIN: ${{ secrets.NEXT_PUBLIC_COOKIE_DOMAIN }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
NEXT_PUBLIC_SENTRY_DSN_ADMIN: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_ADMIN }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=production --token=$VERCEL_TOKEN
vercel build --prod --token=$VERCEL_TOKEN
Expand All @@ -264,7 +282,9 @@ jobs:
--env NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
--env NEXT_PUBLIC_COOKIE_DOMAIN=$NEXT_PUBLIC_COOKIE_DOMAIN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
--env NEXT_PUBLIC_SENTRY_DSN_ADMIN=$NEXT_PUBLIC_SENTRY_DSN_ADMIN \
--env NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT

deploy-docs:
name: Deploy Docs to Vercel
Expand Down Expand Up @@ -303,9 +323,14 @@ jobs:
NEXT_PUBLIC_MARKETING_URL: ${{ secrets.NEXT_PUBLIC_MARKETING_URL }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
NEXT_PUBLIC_POSTHOG_HOST: ${{ secrets.NEXT_PUBLIC_POSTHOG_HOST }}
NEXT_PUBLIC_SENTRY_DSN_DOCS: ${{ secrets.NEXT_PUBLIC_SENTRY_DSN_DOCS }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_SENTRY_ENVIRONMENT: ${{ vars.NEXT_PUBLIC_SENTRY_ENVIRONMENT }}
run: |
vercel pull --yes --environment=production --token=$VERCEL_TOKEN
vercel build --prod --token=$VERCEL_TOKEN
vercel deploy --prod --prebuilt --token=$VERCEL_TOKEN \
--env NEXT_PUBLIC_POSTHOG_KEY=$NEXT_PUBLIC_POSTHOG_KEY \
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST
--env NEXT_PUBLIC_POSTHOG_HOST=$NEXT_PUBLIC_POSTHOG_HOST \
--env NEXT_PUBLIC_SENTRY_DSN_DOCS=$NEXT_PUBLIC_SENTRY_DSN_DOCS \
--env NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT
12 changes: 11 additions & 1 deletion apps/admin/next.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import { join } from "node:path";
import { withSentryConfig } from "@sentry/nextjs";
import { config as dotenvConfig } from "dotenv";
import type { NextConfig } from "next";

Expand Down Expand Up @@ -31,4 +32,13 @@ const config: NextConfig = {
skipTrailingSlashRedirect: true,
};

export default config;
export default withSentryConfig(config, {
org: "superset-sh",
project: "admin",
silent: !process.env.CI,
authToken: process.env.SENTRY_AUTH_TOKEN,
widenClientFileUpload: true,
tunnelRoute: "/monitoring",
disableLogger: true,
automaticVercelMonitors: true,
});
3 changes: 3 additions & 0 deletions apps/admin/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
},
"dependencies": {
"@clerk/nextjs": "^6.36.2",
"@sentry/nextjs": "^10.32.1",
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Update import-in-the-middle to a valid version—2.0.1 does not exist.

The latest version of import-in-the-middle is 2.0.0, not 2.0.1 as specified in package.json. This will cause installation failures. @sentry/nextjs@10.32.1 is the latest version and is current. require-in-the-middle@8.0.1 is the latest version and has no known vulnerabilities.

🤖 Prompt for AI Agents 
In apps/admin/package.json around line 15, the dependency "import-in-the-middle"
is set to a non-existent 2.0.1 which will break installs; change it to the valid
version "2.0.0", then run your package manager (npm/yarn/pnpm) to update
node_modules and the lockfile (package-lock.json / yarn.lock / pnpm-lock.yaml)
and verify installs/builds succeed; also run tests or start the app to confirm
no regressions.

"@superset/db": "workspace:*",
"@superset/queries": "workspace:*",
"@superset/shared": "workspace:*",
Expand All @@ -24,12 +25,14 @@
"@trpc/server": "^11.7.1",
"@trpc/tanstack-react-query": "^11.7.1",
"date-fns": "^4.1.0",
"import-in-the-middle": "2.0.1",
"next": "^16.0.10",
"next-themes": "^0.4.6",
"posthog-js": "^1.306.1",
"react": "^19.2.3",
"react-dom": "^19.2.3",
"react-icons": "^5.5.0",
"require-in-the-middle": "8.0.1",
"server-only": "^0.0.1",
"superjson": "^2.2.5",
"zod": "^4.1.13"
Expand Down
13 changes: 13 additions & 0 deletions apps/admin/sentry.edge.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
import * as Sentry from "@sentry/nextjs";

import { env } from "@/env";

Sentry.init({
dsn: env.NEXT_PUBLIC_SENTRY_DSN_ADMIN,
environment: env.NEXT_PUBLIC_SENTRY_ENVIRONMENT,
enabled: !!env.NEXT_PUBLIC_SENTRY_DSN_ADMIN,
tracesSampleRate:
env.NEXT_PUBLIC_SENTRY_ENVIRONMENT === "production" ? 0.1 : 1.0,
sendDefaultPii: true,
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Privacy concern: sendDefaultPii: true may violate GDPR/CCPA.

Enabling sendDefaultPii sends personally identifiable information (IP addresses, cookies, user agents) to Sentry. This requires explicit user consent under GDPR/CCPA and should be documented in your privacy policy.

Consider:

  • Setting sendDefaultPii: false by default
  • Adding a configuration flag to enable it only when compliant
  • Documenting this in privacy policies and consent flows
  • Using beforeSend callbacks to scrub PII from events
🔎 Recommended configuration 
 Sentry.init({
 	dsn: env.NEXT_PUBLIC_SENTRY_DSN_ADMIN,
 	environment: env.NEXT_PUBLIC_SENTRY_ENVIRONMENT,
 	enabled: !!env.NEXT_PUBLIC_SENTRY_DSN_ADMIN,
 	tracesSampleRate: env.NEXT_PUBLIC_SENTRY_ENVIRONMENT === "production" ? 0.1 : 1.0,
-	sendDefaultPii: true,
+	sendDefaultPii: false,
 	debug: false,
+	beforeSend(event) {
+		// Scrub sensitive data if needed
+		return event;
+	},
 });
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
sendDefaultPii: true,
Sentry.init({
dsn: env.NEXT_PUBLIC_SENTRY_DSN_ADMIN,
environment: env.NEXT_PUBLIC_SENTRY_ENVIRONMENT,
enabled: !!env.NEXT_PUBLIC_SENTRY_DSN_ADMIN,
tracesSampleRate: env.NEXT_PUBLIC_SENTRY_ENVIRONMENT === "production" ? 0.1 : 1.0,
sendDefaultPii: false,
debug: false,
beforeSend(event) {
// Scrub sensitive data if needed
return event;
},
});
🤖 Prompt for AI Agents 
In apps/admin/sentry.edge.config.ts around line 10, sendDefaultPii is currently
set to true which can transmit PII and conflict with GDPR/CCPA; change the
default to sendDefaultPii: false, add a config flag (e.g., SENTRY_SEND_PII) read
from env to enable it only when explicit consent/compliance is present,
implement a beforeSend hook that strips IPs/user-agent/cookies from events when
the flag is false, and update project privacy/consent docs and any consent-flow
code to toggle the env/config flag accordingly.

debug: false,
});
13 changes: 13 additions & 0 deletions apps/admin/sentry.server.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
import * as Sentry from "@sentry/nextjs";

import { env } from "@/env";

Sentry.init({
dsn: env.NEXT_PUBLIC_SENTRY_DSN_ADMIN,
environment: env.NEXT_PUBLIC_SENTRY_ENVIRONMENT,
enabled: !!env.NEXT_PUBLIC_SENTRY_DSN_ADMIN,
tracesSampleRate:
env.NEXT_PUBLIC_SENTRY_ENVIRONMENT === "production" ? 0.1 : 1.0,
sendDefaultPii: true,
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Review PII transmission for compliance requirements.

The sendDefaultPii: true option enables transmission of personally identifiable information to Sentry. Ensure this complies with your privacy policy and data protection regulations.

🤖 Prompt for AI Agents 
In apps/admin/sentry.server.config.ts around line 10, the configuration sets
sendDefaultPii: true which enables transmission of PII to Sentry; change this to
a safer default and make it configurable: set sendDefaultPii to false by
default, read an environment variable (e.g., SENTRY_SEND_PII) to enable it only
when explicitly allowed, add server-side gating so it cannot be enabled in
production without documented privacy approval, and update project docs/README
to record the required compliance review and where to change the env flag.

debug: false,
});
23 changes: 23 additions & 0 deletions apps/admin/src/app/global-error.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
"use client";

import * as Sentry from "@sentry/nextjs";
import NextError from "next/error";
import { useEffect } from "react";

export default function GlobalError({
error,
}: {
error: Error & { digest?: string };
}) {
useEffect(() => {
Sentry.captureException(error);
}, [error]);

return (
<html lang="en">
<body>
<NextError statusCode={0} />
</body>
</html>
);
}
7 changes: 7 additions & 0 deletions apps/admin/src/env.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ export const env = createEnv({
DATABASE_URL: z.string().url(),
DATABASE_URL_UNPOOLED: z.string().url(),
CLERK_SECRET_KEY: z.string(),
SENTRY_AUTH_TOKEN: z.string().optional(),
},

client: {
Expand All @@ -23,6 +24,10 @@ export const env = createEnv({
NEXT_PUBLIC_COOKIE_DOMAIN: z.string(),
NEXT_PUBLIC_POSTHOG_KEY: z.string(),
NEXT_PUBLIC_POSTHOG_HOST: z.string().url(),
NEXT_PUBLIC_SENTRY_DSN_ADMIN: z.string().optional(),
NEXT_PUBLIC_SENTRY_ENVIRONMENT: z
.enum(["development", "preview", "production"])
.optional(),
},

experimental__runtimeEnv: {
Expand All @@ -34,6 +39,8 @@ export const env = createEnv({
NEXT_PUBLIC_COOKIE_DOMAIN: process.env.NEXT_PUBLIC_COOKIE_DOMAIN,
NEXT_PUBLIC_POSTHOG_KEY: process.env.NEXT_PUBLIC_POSTHOG_KEY,
NEXT_PUBLIC_POSTHOG_HOST: process.env.NEXT_PUBLIC_POSTHOG_HOST,
NEXT_PUBLIC_SENTRY_DSN_ADMIN: process.env.NEXT_PUBLIC_SENTRY_DSN_ADMIN,
NEXT_PUBLIC_SENTRY_ENVIRONMENT: process.env.NEXT_PUBLIC_SENTRY_ENVIRONMENT,
},

skipValidation: !!process.env.SKIP_ENV_VALIDATION,
Expand Down
13 changes: 13 additions & 0 deletions apps/admin/src/instrumentation-client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import * as Sentry from "@sentry/nextjs";
import { POSTHOG_COOKIE_NAME } from "@superset/shared/constants";
import posthog from "posthog-js";

Expand All @@ -21,3 +22,15 @@ posthog.init(env.NEXT_PUBLIC_POSTHOG_KEY, {
});
},
});

Sentry.init({
dsn: env.NEXT_PUBLIC_SENTRY_DSN_ADMIN,
environment: env.NEXT_PUBLIC_SENTRY_ENVIRONMENT,
enabled: !!env.NEXT_PUBLIC_SENTRY_DSN_ADMIN,
tracesSampleRate:
env.NEXT_PUBLIC_SENTRY_ENVIRONMENT === "production" ? 0.1 : 1.0,
sendDefaultPii: true,
debug: false,
});
Comment on lines +26 to +34
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Review PII transmission for compliance requirements.

The sendDefaultPii: true option on Line 31 enables transmission of personally identifiable information to Sentry. Ensure this complies with your privacy policy and data protection regulations.

🤖 Prompt for AI Agents 
In apps/admin/src/instrumentation-client.ts around lines 26 to 33, the Sentry
config uses sendDefaultPii: true which will transmit PII; change this to
sendDefaultPii: false or gate it behind an explicit environment variable (e.g.,
NEXT_PUBLIC_SENTRY_SEND_PII) so PII is only enabled when explicitly allowed,
update the env usage to coerce to a boolean, and add a short code comment
referencing the privacy compliance decision so future reviewers know why PII is
disabled or when it may be enabled.


export const onRouterTransitionStart = Sentry.captureRouterTransitionStart;
13 changes: 13 additions & 0 deletions apps/admin/src/instrumentation.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
import * as Sentry from "@sentry/nextjs";

export async function register() {
if (process.env.NEXT_RUNTIME === "nodejs") {
await import("../sentry.server.config");
}

if (process.env.NEXT_RUNTIME === "edge") {
await import("../sentry.edge.config");
}
}

export const onRequestError = Sentry.captureRequestError;
Loading