feat(observability): optional self-hosted Sentry instrumentation for MCP workflow failures (Closes #606) #679
Open
jcwalker3
wants to merge 1 commits from
feat/issue-606-sentry-observability into master
pull from: feat/issue-606-sentry-observability
merge into: :master
:master
:fix/issue-709-decision-lock-cross-profile
:fix/issue-695-native-transport-quarantine
:fix/issue-698-report-validator-schema
:fix/issue-702-stale-binding-lease-recovery
:fix/issue-699-structured-auth-mcp-errors
:fix/issue-695-native-quarantine-v2
:fix/issue-693-review-decision-lock-recovery
:fix/issue-691-obsolete-reviewer-lease-cleanup
:feat/issue-687-reconciler-branch-delete
:fix/issue-683-workflow-guard-hardening
:chore/issue-681-preserve-review-session-wip
:feat/issue-604-anti-stomp-preflight
:feat/issue-606-sentry-observability
:fix/issue-671-block-stable-branch-push
:fix/issue-675-residual-preflight-remediation
:fix/issue-673-remediate-regressions-part2
:fix/issue-673-remediate-regressions
:feat/issue-603-lifecycle-labels
:fix/issue-627-set-issue-labels-pagination
:feat/issue-601-first-class-leases
:feat/issue-612-incident-bridge
:feat/issue-600-controller-allocator-api
:fix/issue-620-head-scoped-review-locks
:feat/issue-613-allocator-db-substrate
:docs/mcp-stable-control-runtime-policy
:feat/issue-609-prepared-review-verdict-resume
:feat/issue-610-live-remote-parity
:feat/issue-503-reviewer-active-worktree
:feat/issue-470-preflight-contract
:feat/issue-440-lock-recovery
:feat/issue-440-branch-recovery
:feat/issue-458-queue-fail-closed-copy
:feat/issue-400-early-duplicate-work-gate
:feat/issue-308-reconcile-inventory-pagination
:feat/issue-308-reconcile-pagination-proof
:docs/issue-261-agent-temp-artifact-cleanup
:feat/issue-262-map-commit-files
:fix/infra-stop-conflict-marker-false-positive
:feat/issue-139-role-aware-task-routing
:feat/issue-188-continuation-selection-wall
:feat/issue-189-continuation-mode-proofs
:feat/issue-232-refresh-wiki-proof-heads
:feat/issue-210-block-workspace-edits
:feat/issue-204-exact-issue-lock
:docs/issue-80-label-taxonomy
:docs/issue-79-safety-boundary-updates
No Reviewers
Labels
Clear labels
allocator
anti-stomp
architecture
bug
chore
codex
concurrency
contamination
control-plane
dashboard
database
design
documentation
enhancement
gitea
glitchtip
important
incident
incident-bridge
integration
jenkins
labels
leases
mcp
mcp-health
mcp-menu
multi-project
mutating
nice-to-have
observability
portability
preflight
protected-branch
queue
read-only
reconnect
recovery
refactor
release
reliability
resumable-review
reviewer
roadmap
safety
security
self-hosted
sentry
stale-runtime
status:blocked
status:in-progress
status:pr-open
status:ready
terminal-lock
testing
tracker
type:bug
type:feature
type:feature
type:guardrail
visibility
workflow
workflow-hardening
workflow-hardening
Controller-owned work allocator
Prevent concurrent LLM session stomping
Architecture / structural design
OpenAI Codex client / workflow session surface
Concurrent session safety
Workflow or session contamination incident
MCP control-plane coordination and allocation authority
MCP operational dashboard/queue view
Internal coordination storage (SQLite/Postgres)
Design / investigation, no implementation
Docs / runbooks
New feature or improvement
Gitea MCP workflow
GlitchTip integration
Operational or process incident requiring durable audit trail
Sentry-to-Gitea incident bridging
Integration testing
Jenkins integration
Label taxonomy management
Lease adopt/release/expire lifecycle
MCP server / tooling
MCP namespace and runtime health
MCP menu surface
Work spanning multiple monitoring projects or Gitea repos
Mutating action; requires gating
Observability, metrics, traces, error reporting
Cross-platform / portability
Shared preflight gates before mutation
Protected branch / stable-branch policy concern
Work queue visibility and allocation
Read-only, no mutation
MCP client reconnect/reload recovery path
Recovery paths for stale/foreign leases
Code refactor / restructure
Release / versioning
Reliability / failure handling
Persist and resume prepared review verdicts across sessions
Reviewer workflow tooling
Roadmap / umbrella issue
Safety rails and fail-closed mutation guards
Security / trust boundary
Self-hosted infrastructure integration
Sentry error monitoring integration
Stale backend daemon / runtime-vs-master parity failures
Issue is blocked
Issue is being worked on
Issue has an open pull request
Issue is ready for work
Terminal review lock (#332) path
Tests / test coverage
Issue tracker hygiene / meta
Bug or defect
Feature or enhancement
Feature or enhancement
Safety gate or guardrail
Workflow state visibility for LLMs/operators
Cross-tool workflow
LLM workflow coordination hardening
LLM workflow coordination hardening
No labels
Milestone
No items
No Milestone
Projects
Clear projects
No projects
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: Scaled-Tech-Consulting/Gitea-Tools#679
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Summary
Closes #606. Adds optional, off-by-default self-hosted Sentry SDK
instrumentation so MCP runtime errors, fail-closed workflow blockers,
lease/terminal-lock/stale-runtime collisions, and recurring watchdog check-ins
are visible in Sentry at
https://sentry.prgs.cc/(never Sentry Cloud). Giteastays the durable source of truth; Sentry is observe-only.
What changed
sentry_observability.py— mirrors thegitea_auditconventions(env-gated, best-effort, redacting):
MCP_SENTRY_ENABLED,SENTRY_DSN,SENTRY_ENVIRONMENT,SENTRY_RELEASE,MCP_SENTRY_TRACES_SAMPLE_RATE,MCP_SENTRY_ENABLE_LOGS.Active only when enabled AND a DSN is present; otherwise a hard no-op.
closed for redaction (drop a field rather than risk a leak).
scrub_eventbefore_send/before_send_loghook + allowlisted tags: notokens/passwords/keychain-ids/DSNs/cookies, no raw session-state or full
prompt bodies (
session_id→ 12-char hash), no full filesystem paths(worktree path → coarse category). Reuses
incident_bridge+gitea_auditscrubbers.
capture_exception,capture_workflow_blocker(carries the canonical nextaction), and
monitor_checkinwith six stable cron slugs.sentry_sdkis a lazily-imported optional dependency — the module importsand no-ops cleanly when the package is absent.
gitea_mcp_server.py(additive, guarded, best-effort):init_sentry()in
__main__beforemcp.run; exception capture in the_auditedfailurepath; blocker capture in the
_audit_pr_resultBLOCKED/FAILED path; allocatorleft pure).
requirements.txt— pinsentry-sdk==2.20.0(optional)..env.example— document the six env vars.docs/observability/sentry-integration.md— project creation inhttps://sentry.prgs.cc/, DSN handling, local/dev/prod config, redactionguarantees, and coexistence with the #612 incident bridge.
Acceptance criteria mapping
test_init_noop_*)(
test_init_configures_sdk_with_scrubber,_auditedcapture)(
build_blocker_event,_audit_pr_resultwiring)MCP_SENTRY_ENABLE_LOGS=1✓(
test_init_enable_logs_wires_log_scrubber)(redaction test block)
MONITOR_SLUGS+ wiring)Non-goals (enforced)
Sentry does not become the workflow authority and cannot approve/merge/close/
mutate Gitea state or bypass leases/#332/roles/MCP gates. Alerts may only reach
Gitea through the sanctioned #612 incident-bridge path.
Validation
tests/test_sentry_observability.py: 36 passing.Reviewer handoff
allocator_service.pyand otherdomain modules are intentionally untouched (observability wiring lives in the
MCP server layer, consistent with
_audit).fail-open placement of the capture calls. This PR complements #612 and does
not replace it.
🤖 Generated with Claude Code
[THREAD STATE LEDGER] PR #679 / Issue #606 — author implementation complete, review requested
What is true now:
78cc37a977What changed:
sentry_observability.py, additive guarded wiring ingitea_mcp_server.py, pinned optionalsentry-sdk==2.20.0, six env vars in.env.example,docs/observability/sentry-integration.md, andtests/test_sentry_observability.pyWhat is blocked:
Who/what acts next:
tests/test_sentry_observability.pyCanonical PR State
STATE: implemented; open; awaiting reviewer verdict
WHO_IS_NEXT: reviewer
NEXT_ACTION: review PR #679 against #606 acceptance criteria, then post an APPROVE or REQUEST_CHANGES review verdict to Gitea
NEXT_PROMPT:
WHAT_HAPPENED: Implemented optional self-hosted Sentry SDK instrumentation (env-gated, off-by-default, fail-open capture, fail-closed redaction) with cron watchdog check-ins; wiring additive in the MCP server layer; domain modules left pure.
WHY: Workflow collisions and late #332 blockers need structured observability without making Sentry the workflow authority; Gitea remains canonical.
RELATED_PRS: none supersede this. Complements #612 incident bridge; does not replace it.
BLOCKERS: none
VALIDATION: new suite 36 passed; full suite 2632 passed, 6 skipped; scope limited to six files;
allocator_service.pyuntouched.LAST_UPDATED_BY: jcwalker3 (prgs-author)
View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.