Skip to content

add onError callback with secret redaction for external error reporting#26

Open
jackcbrown89 wants to merge 1 commit intomainfrom
worktree-jb-remove-sentry
Open

add onError callback with secret redaction for external error reporting#26
jackcbrown89 wants to merge 1 commit intomainfrom
worktree-jb-remove-sentry

Conversation

@jackcbrown89
Copy link
Copy Markdown
Contributor

@jackcbrown89 jackcbrown89 commented Apr 14, 2026
edited by cursor bot
Loading

Replace implicit error swallowing with an explicit onError hook that callers can wire to their own reporting (e.g. Sentry). Errors and metadata are redacted via redactError/redactSecrets before reaching the callback, and the callback is wrapped in try/catch so it can never break the session's own error handling.

Note

Medium Risk
Introduces a new onError callback into the WebSocket server/session error paths and changes how errors are propagated to external handlers; mistakes could leak sensitive data or alter observability behavior. Redaction and try/catch guards reduce blast radius but the hook runs in multiple failure scenarios.

Overview
Adds an optional onError(error, metadata) hook to RuntimeUseServer/WebSocketSession so callers can report internal failures (e.g., parsing, websocket, artifact upload, agent/command execution, and top-level session errors).

Introduces redactError in error-utils.ts and uses it (plus redactSecrets) to ensure errors/stack traces and serialized metadata are secret-redacted before invoking onError, and wraps callback execution in try/catch so reporting cannot break session error handling.

Also bumps the runtimeuse package-lock version from 0.3.0 to 0.9.1.

Reviewed by Cursor Bugbot for commit 58f51c1. Bugbot is set up for automated code reviews on this repo. Configure here.

@jackcbrown89
add onError callback with secret redaction for external error reporting
58f51c1 
Replace implicit error swallowing with an explicit onError hook that
callers can wire to their own reporting (e.g. Sentry). Errors and
metadata are redacted via redactError/redactSecrets before reaching
the callback, and the callback is wrapped in try/catch so it can
never break the session's own error handling.
@jackcbrown89
Copy link
Copy Markdown
Contributor Author

jackcbrown89 commented Apr 14, 2026

bugbot run

cursor[bot]
cursor bot reviewed Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 58f51c1. Configure here.

Comment thread packages/runtimeuse/src/server.ts
this.config.onError?.(error, {
...serializeErrorMetadata(error),
phase: "session",
});
Copy link
Copy Markdown

@cursor cursor bot Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Server-level onError bypasses secret redaction

Medium Severity

The onError call in server.ts passes the raw error and unredacted serializeErrorMetadata(error) directly to the callback, unlike session.ts's reportError which properly wraps both in redactError and redactSecrets. If session.run() ever rejects with an error containing secrets, those secrets will leak unredacted to the external error reporting callback (e.g. Sentry), defeating the stated purpose of this PR.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 58f51c1. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jackcbrown89