Guidelines for AI agents working in this codebase.
Sentry CLI is a command-line interface for Sentry, built with Bun and Stricli.
- Zero-config experience - Auto-detect project context from DSNs in source code and env files
- AI-powered debugging - Integrate Seer AI for root cause analysis and fix plans
- Developer-friendly - Follow
ghCLI conventions for intuitive UX - Agent-friendly - JSON output and predictable behavior for AI coding agents
- Fast - Native binaries via Bun, SQLite caching for API responses
- DSN Auto-Detection - Scans
.envfiles and source code (JS, Python, Go, Java, Ruby, PHP) to find Sentry DSNs - Project Root Detection - Walks up from CWD to find project boundaries using VCS, language, and build markers
- Directory Name Inference - Fallback project matching using bidirectional word boundary matching
- Multi-Region Support - Automatic region detection with fan-out to regional APIs (us.sentry.io, de.sentry.io)
- Monorepo Support - Generates short aliases for multiple projects
- Seer AI Integration -
issue explainandissue plancommands for AI analysis - OAuth Device Flow - Secure authentication without browser redirects
Before working on this codebase, read the Cursor rules:
.cursor/rules/bun-cli.mdc- Bun API usage, file I/O, process spawning, testing.cursor/rules/ultracite.mdc- Code style, formatting, linting rules
Note: Always check
package.jsonfor the latest scripts.
# Development
bun install # Install dependencies
bun run dev # Run CLI in dev mode
bun run --env-file=.env.local src/bin.ts # Dev with env vars
# Build
bun run build # Build for current platform
bun run build:all # Build for all platforms
# Type Checking
bun run typecheck # Check types
# Linting & Formatting
bun run lint # Check for issues
bun run lint:fix # Auto-fix issues (run before committing)
# Testing
bun test # Run all tests
bun test path/to/file.test.ts # Run single test file
bun test --watch # Watch mode
bun test --filter "test name" # Run tests matching pattern
bun run test:unit # Run unit tests only
bun run test:e2e # Run e2e tests onlyCRITICAL: All packages must be in devDependencies, never dependencies. Everything is bundled at build time via esbuild. CI enforces this with bun run check:deps.
When adding a package, always use bun add -d <package> (the -d flag).
When the @sentry/api SDK provides types for an API response, import them directly from @sentry/api instead of creating redundant Zod schemas in src/types/sentry.ts.
CRITICAL: This project uses Bun as runtime. Always prefer Bun-native APIs over Node.js equivalents.
Read the full guidelines in .cursor/rules/bun-cli.mdc.
Bun Documentation: https://bun.sh/docs - Consult these docs when unsure about Bun APIs.
| Task | Use This | NOT This |
|---|---|---|
| Read file | await Bun.file(path).text() |
fs.readFileSync() |
| Write file | await Bun.write(path, content) |
fs.writeFileSync() |
| Check file exists | await Bun.file(path).exists() |
fs.existsSync() |
| Spawn process | Bun.spawn() |
child_process.spawn() |
| Shell commands | Bun.$\command`` |
child_process.exec() |
| Find executable | Bun.which("git") |
which package |
| Glob patterns | new Bun.Glob() |
glob / fast-glob packages |
| Sleep | await Bun.sleep(ms) |
setTimeout with Promise |
| Parse JSON file | await Bun.file(path).json() |
Read + JSON.parse |
Exception: Use node:fs for directory creation with permissions:
import { mkdirSync } from "node:fs";
mkdirSync(dir, { recursive: true, mode: 0o700 });Exception: Bun.$ (shell tagged template) has no shim in script/node-polyfills.ts and will crash on the npm/node distribution. Until a shim is added, use execSync from node:child_process for shell commands that must work in both runtimes:
import { execSync } from "node:child_process";
const result = execSync("id -u username", { encoding: "utf-8", stdio: ["pipe", "pipe", "ignore"] });cli/
├── src/
│ ├── bin.ts # Entry point
│ ├── app.ts # Stricli application setup
│ ├── context.ts # Dependency injection context
│ ├── commands/ # CLI commands
│ │ ├── auth/ # login, logout, status, refresh
│ │ ├── event/ # view
│ │ ├── issue/ # list, view, explain, plan
│ │ ├── org/ # list, view
│ │ ├── project/ # list, view
│ │ ├── span/ # list, view
│ │ ├── trace/ # list, view, logs
│ │ ├── log/ # list, view
│ │ ├── trial/ # list, start
│ │ ├── cli/ # fix, upgrade, feedback, setup
│ │ ├── api.ts # Direct API access command
│ │ └── help.ts # Help command
│ ├── lib/ # Shared utilities
│ │ ├── command.ts # buildCommand wrapper (telemetry + output)
│ │ ├── api-client.ts # Barrel re-export for API modules
│ │ ├── api/ # Domain API modules
│ │ │ ├── infrastructure.ts # Shared helpers, types, raw requests
│ │ │ ├── organizations.ts
│ │ │ ├── projects.ts
│ │ │ ├── issues.ts
│ │ │ ├── events.ts
│ │ │ ├── traces.ts # Trace + span listing
│ │ │ ├── logs.ts
│ │ │ ├── seer.ts
│ │ │ └── trials.ts
│ │ ├── region.ts # Multi-region resolution
│ │ ├── telemetry.ts # Sentry SDK instrumentation
│ │ ├── sentry-urls.ts # URL builders for Sentry
│ │ ├── hex-id.ts # Hex ID validation (32-char + 16-char span)
│ │ ├── trace-id.ts # Trace ID validation wrapper
│ │ ├── db/ # SQLite database layer
│ │ │ ├── instance.ts # Database singleton
│ │ │ ├── schema.ts # Table definitions
│ │ │ ├── migration.ts # Schema migrations
│ │ │ ├── utils.ts # SQL helpers (upsert)
│ │ │ ├── auth.ts # Token storage
│ │ │ ├── user.ts # User info cache
│ │ │ ├── regions.ts # Org→region URL cache
│ │ │ ├── defaults.ts # Default org/project
│ │ │ ├── pagination.ts # Cursor pagination storage
│ │ │ ├── dsn-cache.ts # DSN resolution cache
│ │ │ ├── project-cache.ts # Project data cache
│ │ │ ├── project-root-cache.ts # Project root cache
│ │ │ ├── project-aliases.ts # Monorepo alias mappings
│ │ │ └── version-check.ts # Version check cache
│ │ ├── dsn/ # DSN detection system
│ │ │ ├── detector.ts # High-level detection API
│ │ │ ├── scanner.ts # File scanning logic
│ │ │ ├── code-scanner.ts # Code file DSN extraction
│ │ │ ├── project-root.ts # Project root detection
│ │ │ ├── parser.ts # DSN parsing utilities
│ │ │ ├── resolver.ts # DSN to org/project resolution
│ │ │ ├── fs-utils.ts # File system helpers
│ │ │ ├── env.ts # Environment variable detection
│ │ │ ├── env-file.ts # .env file parsing
│ │ │ ├── errors.ts # DSN-specific errors
│ │ │ ├── types.ts # Type definitions
│ │ │ └── languages/ # Per-language DSN extractors
│ │ │ ├── javascript.ts
│ │ │ ├── python.ts
│ │ │ ├── go.ts
│ │ │ ├── java.ts
│ │ │ ├── ruby.ts
│ │ │ └── php.ts
│ │ ├── formatters/ # Output formatting
│ │ │ ├── human.ts # Human-readable output
│ │ │ ├── json.ts # JSON output
│ │ │ ├── output.ts # Output utilities
│ │ │ ├── seer.ts # Seer AI response formatting
│ │ │ ├── colors.ts # Terminal colors
│ │ │ ├── markdown.ts # Markdown → ANSI renderer
│ │ │ ├── trace.ts # Trace/span formatters
│ │ │ ├── time-utils.ts # Shared time/duration utils
│ │ │ ├── table.ts # Table rendering
│ │ │ └── log.ts # Log entry formatting
│ │ ├── oauth.ts # OAuth device flow
│ │ ├── errors.ts # Error classes
│ │ ├── resolve-target.ts # Org/project resolution
│ │ ├── resolve-issue.ts # Issue ID resolution
│ │ ├── issue-id.ts # Issue ID parsing utilities
│ │ ├── arg-parsing.ts # Argument parsing helpers
│ │ ├── alias.ts # Alias generation
│ │ ├── promises.ts # Promise utilities
│ │ ├── polling.ts # Polling utilities
│ │ ├── upgrade.ts # CLI upgrade functionality
│ │ ├── version-check.ts # Version checking
│ │ ├── browser.ts # Open URLs in browser
│ │ ├── clipboard.ts # Clipboard access
│ │ └── qrcode.ts # QR code generation
│ └── types/ # TypeScript types and Zod schemas
│ ├── sentry.ts # Sentry API types
│ ├── config.ts # Configuration types
│ ├── oauth.ts # OAuth types
│ └── seer.ts # Seer AI types
├── test/ # Test files (mirrors src/ structure)
│ ├── lib/ # Unit tests for lib/
│ │ ├── *.test.ts # Standard unit tests
│ │ ├── *.property.test.ts # Property-based tests
│ │ └── db/
│ │ ├── *.test.ts # DB unit tests
│ │ └── *.model-based.test.ts # Model-based tests
│ ├── model-based/ # Model-based testing helpers
│ │ └── helpers.ts # Isolated DB context, constants
│ ├── commands/ # Unit tests for commands/
│ ├── e2e/ # End-to-end tests
│ ├── fixtures/ # Test fixtures
│ └── mocks/ # Test mocks
├── docs/ # Documentation site (Astro + Starlight)
├── script/ # Build and utility scripts
├── .cursor/rules/ # Cursor AI rules (read these!)
└── biome.jsonc # Linting config (extends ultracite)
Commands use Stricli wrapped by src/lib/command.ts.
CRITICAL: Import buildCommand from ../../lib/command.js, NEVER from @stricli/core directly — the wrapper adds telemetry, --json/--fields injection, and output rendering.
Pattern:
import { buildCommand } from "../../lib/command.js";
import type { SentryContext } from "../../context.js";
import { CommandOutput } from "../../lib/formatters/output.js";
export const myCommand = buildCommand({
docs: {
brief: "Short description",
fullDescription: "Detailed description",
},
output: {
human: formatMyData, // (data: T) => string
jsonTransform: jsonTransformMyData, // optional: (data: T, fields?) => unknown
jsonExclude: ["humanOnlyField"], // optional: strip keys from JSON
},
parameters: {
flags: {
limit: { kind: "parsed", parse: Number, brief: "Max items", default: 10 },
},
},
async *func(this: SentryContext, flags) {
const data = await fetchData();
yield new CommandOutput(data);
return { hint: "Tip: use --json for machine-readable output" };
},
});Key rules:
- Functions are
async *func()generators — yieldnew CommandOutput(data), return{ hint }. output.humanreceives the same data object that gets serialized to JSON — no divergent-data paths.- The wrapper auto-injects
--jsonand--fieldsflags. Do NOT add your ownjsonflag. - Do NOT use
stdout.write()orif (flags.json)branching — the wrapper handles it.
Route groups use Stricli's buildRouteMap wrapped by src/lib/route-map.ts.
CRITICAL: Import buildRouteMap from ../../lib/route-map.js, NEVER from @stricli/core directly — the wrapper auto-injects standard subcommand aliases based on which route keys exist:
| Route | Auto-aliases |
|---|---|
list |
ls |
view |
show |
delete |
remove, rm |
create |
new |
Manually specified aliases in aliases are merged with (and take precedence over) auto-generated ones. Do NOT manually add aliases that are already in the standard set above.
import { buildRouteMap } from "../../lib/route-map.js";
export const myRoute = buildRouteMap({
routes: {
list: listCommand,
view: viewCommand,
create: createCommand,
},
defaultCommand: "view",
// No need for aliases — ls, show, and new are auto-injected.
// Only add aliases for non-standard mappings:
// aliases: { custom: "list" },
docs: {
brief: "Manage my resources",
},
});Use parseSlashSeparatedArg from src/lib/arg-parsing.ts for the standard [<org>/<project>/]<id> pattern. Required identifiers (trace IDs, span IDs) should be positional args, not flags.
import { parseSlashSeparatedArg, parseOrgProjectArg } from "../../lib/arg-parsing.js";
// "my-org/my-project/abc123" → { id: "abc123", targetArg: "my-org/my-project" }
const { id, targetArg } = parseSlashSeparatedArg(first, "Trace ID", USAGE_HINT);
const parsed = parseOrgProjectArg(targetArg);
// parsed.type: "auto-detect" | "explicit" | "project-search" | "org-all"Reference: span/list.ts, trace/view.ts, event/view.ts
All non-trivial human output must use the markdown rendering pipeline:
- Build markdown strings with helpers:
mdKvTable(),colorTag(),escapeMarkdownCell(),renderMarkdown() - NEVER use raw
muted()/ chalk in output strings — usecolorTag("muted", text)inside markdown - Tree-structured output (box-drawing characters) that can't go through
renderMarkdown()should use theplainSafeMutedpattern:isPlainOutput() ? text : muted(text) isPlainOutput()precedence:SENTRY_PLAIN_OUTPUT>NO_COLOR>FORCE_COLOR(TTY only) >!isTTYisPlainOutput()lives insrc/lib/formatters/plain-detect.ts(re-exported frommarkdown.tsfor compat)
Reference: formatters/trace.ts (formatAncestorChain), formatters/human.ts (plainSafeMuted)
Mutation (create/delete) commands use shared infrastructure from src/lib/mutate-command.ts,
paralleling list-command.ts for list commands.
Delete commands MUST use buildDeleteCommand() instead of buildCommand(). It:
- Auto-injects
--yes,--force,--dry-runflags with-y,-f,-naliases - Runs a non-interactive safety guard before
func()— refuses to proceed if stdin is not a TTY and--yes/--forcewas not passed (dry-run bypasses) - Options to skip specific injections (
noForceFlag,noDryRunFlag,noNonInteractiveGuard)
import { buildDeleteCommand, confirmByTyping, isConfirmationBypassed, requireExplicitTarget } from "../../lib/mutate-command.js";
export const deleteCommand = buildDeleteCommand({
// Same args as buildCommand — flags/aliases auto-injected
async *func(this: SentryContext, flags, target) {
requireExplicitTarget(parsed, "Entity", "sentry entity delete <target>");
if (flags["dry-run"]) { yield preview; return; }
if (!isConfirmationBypassed(flags)) {
if (!await confirmByTyping(expected, promptMessage)) return;
}
await doDelete();
},
});Create commands import DRY_RUN_FLAG and DRY_RUN_ALIASES for consistent dry-run support:
import { DRY_RUN_FLAG, DRY_RUN_ALIASES } from "../../lib/mutate-command.js";
// In parameters:
flags: { "dry-run": DRY_RUN_FLAG, team: { ... } },
aliases: { ...DRY_RUN_ALIASES, t: "team" },Key utilities in mutate-command.ts:
isConfirmationBypassed(flags)— true if--yesor--forceis setguardNonInteractive(flags)— throws in non-interactive mode without--yesconfirmByTyping(expected, message)— type-out confirmation promptrequireExplicitTarget(parsed, entityType, usage)— blocks auto-detect for safetyDESTRUCTIVE_FLAGS/DESTRUCTIVE_ALIASES— spreadable bundles for manual use
All list commands with API pagination MUST use the shared cursor-stack
infrastructure for bidirectional pagination (-c next / -c prev):
import { LIST_CURSOR_FLAG } from "../../lib/list-command.js";
import {
buildPaginationContextKey, resolveCursor,
advancePaginationState, hasPreviousPage,
} from "../../lib/db/pagination.js";
export const PAGINATION_KEY = "my-entity-list";
// In buildCommand:
flags: { cursor: LIST_CURSOR_FLAG },
aliases: { c: "cursor" },
// In func():
const contextKey = buildPaginationContextKey("entity", `${org}/${project}`, {
sort: flags.sort, q: flags.query,
});
const { cursor, direction } = resolveCursor(flags.cursor, PAGINATION_KEY, contextKey);
const { data, nextCursor } = await listEntities(org, project, { cursor, ... });
advancePaginationState(PAGINATION_KEY, contextKey, direction, nextCursor);
const hasPrev = hasPreviousPage(PAGINATION_KEY, contextKey);
const hasMore = !!nextCursor;Cursor stack model: The DB stores a JSON array of page-start cursors
plus a page index. Each entry is an opaque string — plain API cursors,
compound cursors (issue list), or extended cursors with mid-page bookmarks
(dashboard list). -c next increments the index, -c prev decrements it,
-c first resets to 0. The stack truncates on back-then-forward to avoid
stale entries. "last" is a silent alias for "next".
Hint rules: Show -c prev when hasPreviousPage() returns true.
Show -c next when hasMore is true. Include both nextCursor and
hasPrev in the JSON envelope.
Navigation hint generation: Use paginationHint() from
src/lib/list-command.ts to build bidirectional navigation strings.
Pass it pre-built prevHint/nextHint command strings and it returns
the combined "Prev: X | Next: Y" string (or single-direction, or "").
Do NOT assemble navParts arrays manually — the shared helper ensures
consistent formatting across all list commands.
import { paginationHint } from "../../lib/list-command.js";
const nav = paginationHint({
hasPrev,
hasMore,
prevHint: `sentry entity list ${org}/ -c prev`,
nextHint: `sentry entity list ${org}/ -c next`,
});
if (items.length === 0 && nav) {
hint = `No entities on this page. ${nav}`;
} else if (hasMore) {
header = `Showing ${items.length} entities (more available)\n${nav}`;
} else if (nav) {
header = `Showing ${items.length} entities\n${nav}`;
}Three abstraction levels for list commands (prefer the highest level that fits your use case):
-
buildOrgListCommand(team/repo list) — Fully automatic. Pagination hints, cursor management, JSON envelope, and human formatting are all handled internally. New simple org-scoped list commands should use this. -
dispatchOrgScopedListwith overrides (project/issue list) — Automatic for most modes; custom"org-all"override callsresolveCursor+advancePaginationState+paginationHintmanually. -
buildListCommandwith manual pagination (trace/span/dashboard list) — Command manages its own pagination loop. Must callresolveCursor,advancePaginationState,hasPreviousPage, andpaginationHintdirectly.
Auto-pagination for large limits:
When --limit exceeds API_MAX_PER_PAGE (100), list commands MUST transparently
fetch multiple pages to fill the requested limit. Cap perPage at
Math.min(flags.limit, API_MAX_PER_PAGE) and loop until results.length >= limit
or pages are exhausted. This matches the listIssuesAllPages pattern.
const perPage = Math.min(flags.limit, API_MAX_PER_PAGE);
for (let page = 0; page < MAX_PAGINATION_PAGES; page++) {
const { data, nextCursor } = await listPaginated(org, { perPage, cursor });
results.push(...data);
if (results.length >= flags.limit || !nextCursor) break;
cursor = nextCursor;
}Never pass a per_page value larger than API_MAX_PER_PAGE to the API — the
server silently caps it, causing the command to return fewer items than requested.
Reference template: trace/list.ts, span/list.ts, dashboard/list.ts
Use shared validators from src/lib/hex-id.ts:
validateHexId(value, label)— 32-char hex IDs (trace IDs, log IDs). Auto-strips UUID dashes.validateSpanId(value)— 16-char hex span IDs. Auto-strips dashes.validateTraceId(value)— thin wrapper aroundvalidateHexIdinsrc/lib/trace-id.ts.
All normalize to lowercase. Throw ValidationError on invalid input.
Use "date" for timestamp-based sort (not "time"). Export sort types from the API layer (e.g., SpanSortValue from api/traces.ts), import in commands. This matches issue list, trace list, and span list.
All command docs and skill files are generated via bun run generate:docs (which runs generate:command-docs then generate:skill). This runs automatically as part of dev, build, typecheck, and test scripts.
- Command docs (
docs/src/content/docs/commands/*.md) are gitignored and generated from CLI metadata + hand-written fragments indocs/src/fragments/commands/. - Skill files (
plugins/sentry-cli/skills/sentry-cli/) are committed (consumed by external plugin systems) and auto-committed by CI when stale. - Edit fragments in
docs/src/fragments/commands/for custom examples and guides. bun run check:fragmentsvalidates fragment ↔ route consistency.- Positional
placeholdervalues must be descriptive:"org/project/trace-id"not"args".
All config and API types use Zod schemas:
import { z } from "zod";
export const MySchema = z.object({
field: z.string(),
optional: z.number().optional(),
});
export type MyType = z.infer<typeof MySchema>;
// Validate data
const result = MySchema.safeParse(data);
if (result.success) {
// result.data is typed
}- Define Zod schemas alongside types in
src/types/*.ts - Key type files:
sentry.ts(API types),config.ts(configuration),oauth.ts(auth flow),seer.ts(Seer AI) - Re-export from
src/types/index.ts - Use
typeimports:import type { MyType } from "../types/index.js"
Use the upsert() helper from src/lib/db/utils.ts to reduce SQL boilerplate:
import { upsert, runUpsert } from "../db/utils.js";
// Generate UPSERT statement
const { sql, values } = upsert("table", { id: 1, name: "foo" }, ["id"]);
db.query(sql).run(...values);
// Or use convenience wrapper
runUpsert(db, "table", { id: 1, name: "foo" }, ["id"]);
// Exclude columns from update
const { sql, values } = upsert(
"users",
{ id: 1, name: "Bob", created_at: now },
["id"],
{ excludeFromUpdate: ["created_at"] }
);All CLI errors extend the CliError base class from src/lib/errors.ts:
// Error hierarchy in src/lib/errors.ts
CliError (base)
├── ApiError (HTTP/API failures - status, detail, endpoint)
├── AuthError (authentication - reason: 'not_authenticated' | 'expired' | 'invalid')
├── ConfigError (configuration - suggestion?)
├── ContextError (missing context - resource, command, alternatives)
├── ResolutionError (value provided but not found - resource, headline, hint, suggestions)
├── ValidationError (input validation - field?)
├── DeviceFlowError (OAuth flow - code)
├── SeerError (Seer AI - reason: 'not_enabled' | 'no_budget' | 'ai_disabled')
└── UpgradeError (upgrade - reason: 'unknown_method' | 'network_error' | 'execution_failed' | 'version_not_found')Choosing between ContextError, ResolutionError, and ValidationError:
| Scenario | Error Class | Example |
|---|---|---|
| User omitted a required value | ContextError |
No org/project provided |
| User provided a value that wasn't found | ResolutionError |
Project 'cli' not found |
| User input is malformed | ValidationError |
Invalid hex ID format |
ContextError rules:
commandmust be a single-line CLI usage example (e.g.,"sentry org view <slug>")- Constructor throws if
commandcontains\n(catches misuse in tests) - Pass
alternatives: []when defaults are irrelevant (e.g., for missing Trace ID, Event ID) - Use
" and "inresourcefor plural grammar:"Trace ID and span ID"→ "are required"
CI enforcement: bun run check:errors scans for ContextError with multiline commands and CliError with ad-hoc "Try:" strings.
// Usage examples
throw new ContextError("Organization", "sentry org view <org-slug>");
throw new ContextError("Trace ID", "sentry trace view <trace-id>", []); // no alternatives
throw new ResolutionError("Project 'cli'", "not found", "sentry issue list <org>/cli", [
"No project with this slug found in any accessible organization",
]);
throw new ValidationError("Invalid trace ID format", "traceId");Fuzzy suggestions in resolution errors:
When a user-provided name/title doesn't match any entity, use fuzzyMatch() from
src/lib/fuzzy.ts to suggest similar candidates instead of listing all entities
(which can be overwhelming). Show at most 5 fuzzy matches.
Reference: resolveDashboardId() in src/commands/dashboard/resolve.ts.
When a user provides the wrong type of identifier (e.g., an issue short ID where a trace ID is expected), commands should auto-recover when the user's intent is unambiguous:
- Detect the actual entity type using helpers like
looksLikeIssueShortId(),SPAN_ID_RE,HEX_ID_RE, or non-hex character checks. - Resolve the input to the correct type (e.g., issue → latest event → trace ID).
- Warn via
log.warn()explaining what happened. - Show the result with a return
hintnudging toward the correct command.
When recovery is ambiguous or impossible, keep the existing error but add entity-aware suggestions (e.g., "This looks like a span ID").
Detection helpers:
looksLikeIssueShortId(value)— uppercase dash-separated (e.g.,CLI-G5)SPAN_ID_RE.test(value)— 16-char hex (span ID)HEX_ID_RE.test(value)— 32-char hex (trace/event/log ID)/[^0-9a-f]/.test(normalized)— non-hex characters → likely a slug/name
Reference implementations:
event/view.ts— issue short ID → latest event redirectspan/view.ts—traceId/spanIdslash format → auto-splittrace/view.ts— issue short ID → issue's trace redirecthex-id.ts— entity-aware error hints invalidateHexId/validateSpanId
All config operations are async. Always await:
const token = await getAuthToken();
const isAuth = await isAuthenticated();
await setAuthToken(token, expiresIn);- Use
.jsextension for local imports (ESM requirement) - Group: external packages first, then local imports
- Use
typekeyword for type-only imports
import { z } from "zod";
import { buildCommand } from "../../lib/command.js";
import type { SentryContext } from "../../context.js";
import { getAuthToken } from "../../lib/config.js";Two abstraction levels exist for list commands:
-
src/lib/list-command.ts—buildOrgListCommandfactory + shared Stricli parameter constants (LIST_TARGET_POSITIONAL,LIST_JSON_FLAG,LIST_CURSOR_FLAG,buildListLimitFlag). Use this for simple entity lists liketeam listandrepo list. -
src/lib/org-list.ts—dispatchOrgScopedListwithOrgListConfigand a 4-mode handler map:auto-detect,explicit,org-all,project-search. Complex commands (project list,issue list) calldispatchOrgScopedListwith anoverridesmap directly instead of usingbuildOrgListCommand.
Key rules when writing overrides:
- Each mode handler receives a
HandlerContext<T>with the narrowedparsedplus shared I/O (stdout,cwd,flags). Access parsed fields viactx.parsed.org,ctx.parsed.projectSlug, etc. — no manualExtract<>casts needed. - Commands with extra fields (e.g.,
stderr,setContext) spread the context and add them:(ctx) => handle({ ...ctx, flags, stderr, setContext }). Overridectx.flagswith the command-specific flags type when needed. resolveCursor()must be called inside theorg-alloverride closure, not beforedispatchOrgScopedList, so that--cursorvalidation errors fire correctly for non-org-all modes.handleProjectSearcherrors must use"Project"as theContextErrorresource, notconfig.entityName.- Always set
orgSlugMatchBehaviorondispatchOrgScopedListto declare how bare-slug org matches are handled. Use"redirect"for commands where listing all entities in the org makes sense (e.g.,project list,team list,issue list). Use"error"for commands where org-all redirect is inappropriate. The pre-check uses cached orgs to avoid N API calls — when the cache is cold, the handler's own org-slug check serves as a safety net (throwsResolutionErrorwith a hint).
- Standalone list commands (e.g.,
span list,trace list) that don't use org-scoped dispatch wire pagination directly infunc(). See the "List Command Pagination" section above for the pattern.
- Prefer JSDoc over inline comments.
- Code should be readable without narrating what it already says.
Add JSDoc comments on:
- Every exported function, class, and type (and important internal ones).
- Types/interfaces: document each field/property (what it represents, units, allowed values, meaning of
null, defaults).
Include in JSDoc:
- What it does
- Key business rules / constraints
- Assumptions and edge cases
- Side effects
- Why it exists (when non-obvious)
Inline comments are allowed only when they add information the code cannot express:
- "Why" - business reason, constraint, historical context
- Non-obvious behavior - surprising edge cases
- Workarounds - bugs in dependencies, platform quirks
- Hardcoded values - why hardcoded, what would break if changed
Inline comments are NOT allowed if they just restate the code:
// Bad:
if (!person) // if no person
i++ // increment i
return result // return result
// Good:
// Required by GDPR Article 17 - user requested deletion
await deleteUserData(userId)- ASCII art section dividers - Do not use decorative box-drawing characters like
─────────to create section headers. Use standard JSDoc comments or simple// Section Namecomments instead.
Minimal comments, maximum clarity. Comments explain intent and reasoning, not syntax.
Prefer property-based and model-based testing over traditional unit tests. These approaches find edge cases automatically and provide better coverage with less code.
fast-check Documentation: https://fast-check.dev/docs/core-blocks/arbitraries/
- Model-Based Tests - For stateful systems (database, caches, state machines)
- Property-Based Tests - For pure functions, parsing, validation, transformations
- Unit Tests - Only for trivial cases or when properties are hard to express
| Type | Pattern | Location |
|---|---|---|
| Property-based | *.property.test.ts |
test/lib/ |
| Model-based | *.model-based.test.ts |
test/lib/db/ |
| Unit tests | *.test.ts |
test/ (mirrors src/) |
| E2E tests | *.test.ts |
test/e2e/ |
Tests that need a database or config directory must use useTestConfigDir() from test/helpers.ts. This helper:
- Creates a unique temp directory in
beforeEach - Sets
SENTRY_CONFIG_DIRto point at it - Restores (never deletes) the env var in
afterEach - Closes the database and cleans up temp files
NEVER do any of these in test files:
delete process.env.SENTRY_CONFIG_DIR— This pollutes other test files that load after yoursconst baseDir = process.env[CONFIG_DIR_ENV_VAR]!at module scope — This captures a value that may be stale- Manual
beforeEach/afterEachthat sets/deletesSENTRY_CONFIG_DIR
Why: Bun runs test files sequentially in one thread (load → run all tests → load next file). If your afterEach deletes the env var, the next file's module-level code reads undefined, causing TypeError: The "paths[0]" property must be of type string.
// CORRECT: Use the helper
import { useTestConfigDir } from "../helpers.js";
const getConfigDir = useTestConfigDir("my-test-prefix-");
// If you need the directory path in a test:
test("example", () => {
const dir = getConfigDir();
});
// WRONG: Manual env var management
beforeEach(() => { process.env.SENTRY_CONFIG_DIR = tmpDir; });
afterEach(() => { delete process.env.SENTRY_CONFIG_DIR; }); // BUG!Use property-based tests when verifying invariants that should hold for any valid input.
import { describe, expect, test } from "bun:test";
import { constantFrom, assert as fcAssert, property, tuple } from "fast-check";
import { DEFAULT_NUM_RUNS } from "../model-based/helpers.js";
// Define arbitraries (random data generators)
const slugArb = array(constantFrom(..."abcdefghijklmnopqrstuvwxyz0123456789".split("")), {
minLength: 1,
maxLength: 15,
}).map((chars) => chars.join(""));
describe("property: myFunction", () => {
test("is symmetric", () => {
fcAssert(
property(slugArb, slugArb, (a, b) => {
// Properties should always hold regardless of input
expect(myFunction(a, b)).toBe(myFunction(b, a));
}),
{ numRuns: DEFAULT_NUM_RUNS }
);
});
test("round-trip: encode then decode returns original", () => {
fcAssert(
property(validInputArb, (input) => {
const encoded = encode(input);
const decoded = decode(encoded);
expect(decoded).toEqual(input);
}),
{ numRuns: DEFAULT_NUM_RUNS }
);
});
});Good candidates for property-based testing:
- Parsing functions (DSN, issue IDs, aliases)
- Encoding/decoding (round-trip invariant)
- Symmetric operations (a op b = b op a)
- Idempotent operations (f(f(x)) = f(x))
- Validation functions (valid inputs accepted, invalid rejected)
See examples: test/lib/dsn.property.test.ts, test/lib/alias.property.test.ts, test/lib/issue-id.property.test.ts
Use model-based tests for stateful systems where sequences of operations should maintain invariants.
import { describe, expect, test } from "bun:test";
import {
type AsyncCommand,
asyncModelRun,
asyncProperty,
commands,
assert as fcAssert,
} from "fast-check";
import { createIsolatedDbContext, DEFAULT_NUM_RUNS } from "../../model-based/helpers.js";
// Define a simplified model of expected state
type DbModel = {
entries: Map<string, string>;
};
// Define commands that operate on both model and real system
class SetCommand implements AsyncCommand<DbModel, RealDb> {
constructor(readonly key: string, readonly value: string) {}
check = () => true;
async run(model: DbModel, real: RealDb): Promise<void> {
// Apply to real system
await realSet(this.key, this.value);
// Update model
model.entries.set(this.key, this.value);
}
toString = () => `set("${this.key}", "${this.value}")`;
}
class GetCommand implements AsyncCommand<DbModel, RealDb> {
constructor(readonly key: string) {}
check = () => true;
async run(model: DbModel, real: RealDb): Promise<void> {
const realValue = await realGet(this.key);
const expectedValue = model.entries.get(this.key);
// Verify real system matches model
expect(realValue).toBe(expectedValue);
}
toString = () => `get("${this.key}")`;
}
describe("model-based: database", () => {
test("random sequences maintain consistency", () => {
fcAssert(
asyncProperty(commands(allCommandArbs), async (cmds) => {
const cleanup = createIsolatedDbContext();
try {
await asyncModelRun(
() => ({ model: { entries: new Map() }, real: {} }),
cmds
);
} finally {
cleanup();
}
}),
{ numRuns: DEFAULT_NUM_RUNS }
);
});
});Good candidates for model-based testing:
- Database operations (auth, caches, regions)
- Stateful caches with invalidation
- Systems with cross-cutting invariants (e.g., clearAuth also clears regions)
See examples: test/lib/db/model-based.test.ts, test/lib/db/dsn-cache.model-based.test.ts
Use test/model-based/helpers.ts for shared utilities:
import { createIsolatedDbContext, DEFAULT_NUM_RUNS } from "../model-based/helpers.js";
// Create isolated DB for each test run (prevents interference)
const cleanup = createIsolatedDbContext();
try {
// ... test code
} finally {
cleanup();
}
// Use consistent number of runs across tests
fcAssert(property(...), { numRuns: DEFAULT_NUM_RUNS }); // 50 runsUse traditional unit tests only when:
- Testing trivial logic with obvious expected values
- Properties are difficult to express or would be tautological
- Testing error messages or specific output formatting
- Integration with external systems (E2E tests)
When a *.property.test.ts file exists for a module, do not add unit tests that re-check the same invariants with hardcoded examples. Before adding a unit test, check whether the companion property file already generates random inputs for that invariant.
Unit tests that belong alongside property tests:
- Edge cases outside the property generator's range (e.g., self-hosted DSNs when the arbitrary only produces SaaS ones)
- Specific output format documentation (exact strings, column layouts, rendered vs plain mode)
- Concurrency/timing behavior that property tests cannot express
- Integration tests exercising multiple functions together (e.g.,
writeJsonListenvelope shape)
Unit tests to avoid when property tests exist:
- "returns true for valid input" / "returns false for invalid input" — the property test already covers this with random inputs
- Basic round-trip assertions — property tests check
decode(encode(x)) === xfor allx - Hardcoded examples of invariants like idempotency, symmetry, or subset relationships
When adding property tests for a function that already has unit tests, remove the unit tests that become redundant. Add a header comment to the unit test file noting which invariants live in the property file:
/**
* Note: Core invariants (round-trips, validation, ordering) are tested via
* property-based tests in foo.property.test.ts. These tests focus on edge
* cases and specific output formatting not covered by property generators.
*/import { describe, expect, test, mock } from "bun:test";
describe("feature", () => {
test("should return specific value", async () => {
expect(await someFunction("input")).toBe("expected output");
});
});
// Mock modules when needed
mock.module("./some-module", () => ({
default: () => "mocked",
}));| What | Where |
|---|---|
| Add new command | src/commands/<domain>/ |
| Add API types | src/types/sentry.ts |
| Add config types | src/types/config.ts |
| Add Seer types | src/types/seer.ts |
| Add utility | src/lib/ |
| Add DSN language support | src/lib/dsn/languages/ |
| Add DB operations | src/lib/db/ |
| Build scripts | script/ |
| Add property tests | test/lib/<name>.property.test.ts |
| Add model-based tests | test/lib/db/<name>.model-based.test.ts |
| Add unit tests | test/ (mirror src/ structure) |
| Add E2E tests | test/e2e/ |
| Test helpers | test/model-based/helpers.ts |
| Add documentation | docs/src/content/docs/ |
| Hand-written command doc content | docs/src/fragments/commands/ |
- api-client.ts split into domain modules under src/lib/api/: Monolithic `src/lib/api-client.ts` was split into domain modules under `src/lib/api/`: infrastructure.ts, organizations.ts, projects.ts, teams.ts, repositories.ts, issues.ts, events.ts, traces.ts, logs.ts, seer.ts, trials.ts, users.ts. Original file is now a ~100-line barrel re-export (already in `biome.jsonc` `noBarrelFile` override). Add new API functions to the appropriate domain module, not the barrel file.
- cli.sentry.dev is served from gh-pages branch via GitHub Pages: `cli.sentry.dev` is served from gh-pages branch via GitHub Pages. Craft's gh-pages target runs `git rm -r -f .` before extracting docs — persist extra files via `postReleaseCommand` in `.craft.yml`. Install script supports `--channel nightly`, downloading from the `nightly` release tag directly. version.json is only used by upgrade/version-check flow.
- Debug ID sourcemap matching works but each build generates independent debug IDs: Binary build pipeline: esbuild bundles TS→minified JS+`.map` (not `Bun.build()` — collision bug oven-sh/bun#14585 + empty sourcemap `names`); config: `platform:"node"`, `format:"esm"`, `external:["bun:*"]`. Then `injectDebugId()` + `uploadSourcemaps()` (prefix `~/$bunfs/root/`), then `Bun.build({compile:true, minify:false})`. Debug IDs via `globalThis._sentryDebugIds`. `binpunch` strips unused ICU data. CRITICAL: `SENTRY_AUTH_TOKEN` is a GitHub **environment** secret (in `production`), not repo secret. Jobs needing it must declare `environment: ${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) && 'production' || '' }}` — otherwise secret resolves empty and uploads silently skip. Build also requires `SENTRY_CLIENT_ID` env var (exits 1 without it); use `bun run --env-file=.env.local build` locally.
- Issue resolve --in grammar: release + @next + @commit sentinels: `sentry issue resolve --in` grammar: (a) omitted → immediate resolve, (b) `<version>` → `inRelease` (monorepo strings like `spotlight@1.2.3` pass through as-is), (c) `@next` → `inNextRelease`, (d) `@commit` → auto-detect git HEAD + match against Sentry repos, (e) `@commit:<repo>@<sha>` → explicit. `@commit:` is the unambiguous anchor. `parseResolveSpec` returns `ParsedResolveSpec` (`kind: 'static' | 'commit-auto' | 'commit-explicit'`); `resolveCommitSpec` in `src/commands/issue/resolve-commit-spec.ts` uses `getHeadCommit`/`getRepositoryName` from `src/lib/git.ts` and matches against Sentry repo `externalSlug` or `name` via `listRepositoriesCached`. Sentry's `statusDetails.inCommit` requires `{commit, repository}` object — not bare SHA. All failure paths throw `ValidationError` with hints; never silent fallback.
- Nightly delta upgrade buildNightlyPatchGraph fetches ALL patch tags — O(N) HTTP calls: Nightly delta upgrade via GHCR versioned tags (GitHub releases are immutable): nightlies publish to GHCR as `nightly-0.14.0-dev.1772661724`. `src/lib/delta-upgrade.ts` supports stable (GitHub Releases) and nightly (GHCR). `filterAndSortChainTags` filters `patch-*` via `Bun.semver.order()`. GHCR uses `fetchWithRetry` (10s+1 retry) with `AbortSignal.any()`; `isExternalAbort` skips retries for external aborts (critical for background prefetch). Patches cached to `~/.sentry/patch-cache/` (7-day TTL). CI tag filter: `grep '^nightly-[0-9]'`. `fetchManifest()` throws `UpgradeError("network_error")` on network failure/non-200.
- npm bundle requires Node.js >= 22 due to node:sqlite polyfill: The npm package (dist/bin.cjs) requires Node.js >= 22 because the bun:sqlite polyfill uses `node:sqlite`. A runtime version guard in the esbuild banner catches this early. When writing esbuild banner strings in TS template literals, double-escape: `\\\\n` in TS → `\\n` in output → newline at runtime. Single `\\n` produces a literal newline inside a JS string, causing SyntaxError.
- Numeric issue ID resolution returns org:undefined despite API success: Numeric issue ID resolution in `resolveNumericIssue()`: (1) try DSN/env/config for org, (2) if found use `getIssueInOrg(org, id)` with region routing, (3) else fall back to unscoped `getIssue(id)`, (4) extract org from `issue.permalink` via `parseSentryUrl` as final fallback. `parseSentryUrl` handles path-based (`/organizations/{org}/...`) and subdomain-style URLs. `matchSubdomainOrg()` filters region subdomains by requiring slug length > 2. Self-hosted uses path-based only.
- repo_cache SQLite table for offline Sentry repo lookups: Schema v14 adds `repo_cache` table in `src/lib/db/schema.ts` + helpers in `src/lib/db/repo-cache.ts` (7-day TTL). `listAllRepositories(org)` in `src/lib/api/repositories.ts` paginates through `listRepositoriesPaginated` using `API_MAX_PER_PAGE` and `MAX_PAGINATION_PAGES` — never use the unpaginated `listRepositories` for cache-backed lookups (silently caps at ~25). `listRepositoriesCached(org)` wraps it with cache-first lookup and a try/catch around `setCachedRepos` so read-only databases (macOS `sudo brew install`) don't crash commands whose API fetch already succeeded. Used by `@commit` resolver to match git origin `owner/repo` against Sentry repo `externalSlug` or `name`.
- Seer trial prompt uses middleware layering in bin.ts error handling chain: Seer trial prompt via error middleware layering: `bin.ts` chain is `main() → executeWithAutoAuth() → executeWithSeerTrialPrompt() → runCommand()`. Seer trial prompts (`no_budget`/`not_enabled`) caught by inner wrapper; auth errors bubble to outer. Trial API: `GET /api/0/customers/{org}/` → `productTrials[]` (prefer `seerUsers`, fallback `seerAutofix`). Start: `PUT /api/0/customers/{org}/product-trial/`. SaaS-only; self-hosted 404s gracefully. `ai_disabled` excluded. `startSeerTrial` accepts `category` from trial object — don't hardcode.
- SQLite DB functions are synchronous — async signatures are historical artifacts: All `src/lib/db/` functions do synchronous SQLite operations. Many have `async` signatures — historical artifact from PR #89 (JSON file→SQLite migration). Safe to convert to sync. Legitimately async exceptions: `clearAuth()` (cache dir cleanup), `getCachedDetection()`/`getCachedProjectRoot()`/`setCachedProjectRoot()` (stat for mtime), `refreshToken()`/`performTokenRefresh()` (HTTP calls).
- Raw markdown output for non-interactive terminals, rendered for TTY: Markdown-first output pipeline: custom renderer in `src/lib/formatters/markdown.ts` walks `marked` tokens to produce ANSI-styled output. Commands build CommonMark using helpers (`mdKvTable()`, `mdRow()`, `colorTag()`, `escapeMarkdownCell()`, `safeCodeSpan()`) and pass through `renderMarkdown()`. `isPlainOutput()` precedence: `SENTRY_PLAIN_OUTPUT` > `NO_COLOR` > `FORCE_COLOR` > `!isTTY`. `--json` always outputs JSON. Colors defined in `COLORS` object in `colors.ts`. Tests run non-TTY so assertions match raw CommonMark; use `stripAnsi()` helper for rendered-mode assertions.
- @sentry/api SDK passes Request object to custom fetch — headers lost on Node.js: @sentry/api SDK calls `_fetch(request)` with no init object. In `authenticatedFetch`, `init` is undefined so `prepareHeaders` creates empty headers — on Node.js this strips Content-Type (HTTP 415). Fix: fall back to `input.headers` when `init` is undefined. Use `unwrapPaginatedResult` (not `unwrapResult`) to access the Response's Link header for pagination. `per_page` is not in SDK types; cast query to pass it at runtime.
- Completion drift test requires new issue-positional commands be registered: `test/lib/completions.property.test.ts` scans the route tree for commands whose positional placeholder contains "org" or equals "issue", then asserts every such command appears in `ORG_PROJECT_COMMANDS` or `ORG_ONLY_COMMANDS` (in `src/lib/complete.ts`). When adding a new issue subcommand (resolve, unresolve, merge, etc.) using `issueIdPositional`, register it in `ORG_PROJECT_COMMANDS` or the test fails with `expect(combined.has(cmd)).toBe(true)` → false.
- Cross-org merge check must reject undefined orgs, not filter them: In `src/commands/issue/merge.ts` `resolveAllIssues`, bare numeric issue IDs without DSN/config context resolve with `org: undefined`. Filtering `undefined` out of the org set before the cross-org check lets mixed-org merges slip through — call goes to known org's endpoint and fails with confusing API error instead of friendly "Cannot merge issues across organizations". Require every resolved issue to have defined org (or reject undefined) before proceeding. Applies anywhere resolved entities must share an org.
- Install script: BSD sed and awk JSON parsing breaks OCI digest extraction: The install script parses OCI manifests with awk (no jq). Key trap: BSD sed `\n` is literal, not newline. Fix: single awk pass tracking last-seen `"digest"`, printing when `"org.opencontainers.image.title"` matches target. The config digest (`sha256:44136fa...`) is a 2-byte `{}` blob — downloading it instead of the real binary causes `gunzip: unexpected end of file`.
- Multi-region fan-out: distinguish all-403 from empty orgs with hasSuccessfulRegion flag: In `listOrganizationsUncached` (`src/lib/api/organizations.ts`), `Promise.allSettled` collects multi-region results. Don't use `flatResults.length === 0` to detect all-regions-failed — a region returning 200 OK with zero orgs pushes nothing into `flatResults`. Track a `hasSuccessfulRegion` boolean on any `"fulfilled"` settlement. Only re-throw 403 `ApiError` when `!hasSuccessfulRegion && lastScopeError`.
- Multiple mockFetch calls replace each other — use unified mocks for multi-endpoint tests: Bun test mocking gotchas: (1) `mockFetch()` replaces `globalThis.fetch` — calling twice replaces the first. Use one unified mock dispatching by URL. (2) `mock.module()` pollutes module registry for ALL subsequent files — tests using it must live in `test/isolated/` and run via `test:isolated`. (3) For `Bun.spawn`, use direct property assignment in `beforeEach`/`afterEach`.
- Sentry bulk merge --into is a preference, not a guarantee: Sentry bulk merge API quirks: `PUT /api/0/organizations/{org}/issues/?id=X&id=Y` with `{merge:1}` picks canonical parent by event count, not input order — `--into` is a preference only. Commands must check API response's `parent` against requested preference and warn when Sentry picked differently. Strip `org/` prefix from user input before comparing to `issue.shortId`. Empty-result merges return 204, not 200. Server-side fingerprint rules only apply to NEW events — existing fragmented issues must be merged via this endpoint (async, prefer org-scoped); verify by re-fetching child's `id`.
- useTestConfigDir without isolateProjectRoot causes DSN scanning of repo tree: `useTestConfigDir()` creates temp dirs under `.test-tmp/` in the repo tree. Without `{ isolateProjectRoot: true }`, `findProjectRoot` walks up and finds the repo's `.git`, causing DSN detection to scan real source code and trigger network calls against test mocks (timeouts). Always pass `isolateProjectRoot: true` when tests exercise `resolveOrg`, `detectDsn`, or `findProjectRoot`.
- apiRequestToRegion throws ApiError on 204/205 — don't return null as T: apiRequestToRegion throws ApiError on 204/205 — don't return null as T: Empty responses (204/205) throw `ApiError(204)` rather than returning `null as T`, keeping the `T` return type sound. Callers expecting 204 (e.g. Sentry's bulk mutate for "no matching issues") must catch `ApiError` with `status === 204` and translate to a domain-specific error. Don't use `null as T` to signal empty bodies — TypeScript hides the null and causes runtime crashes on property access.
- findProjectsByPattern as fuzzy fallback for exact slug misses: When `findProjectsBySlug` returns empty (no exact match), use `findProjectsByPattern` as a fallback to suggest similar projects. `findProjectsByPattern` does bidirectional word-boundary matching (`matchesWordBoundary`) against all projects in all orgs — the same logic used for directory name inference. In the `project-search` handler, call it after the exact miss, format matches as `<org>/<slug>` suggestions in the `ResolutionError`. This avoids a dead-end error for typos like 'patagonai' when 'patagon-ai' exists. Note: `findProjectsByPattern` makes additional API calls (lists all projects per org), so only call it on the failure path.
- Issue command hint: pass subcommand name only, not full path: `resolveIssue({command, commandBase})` builds error hints via `buildCommandHint(command, issueId, base="sentry issue")` which concatenates `${base} ${command} ...`. Pass the subcommand name only (e.g. `"resolve"`, `"view"`) and let `commandBase` default to `"sentry issue"`. Passing `command: "issue resolve"` with `commandBase: "issue"` produces doubled prefixes like `"issue issue resolve <id>"`. Pattern followed by `view`/`events`/`explain`/`plan`/`resolve`/`unresolve`/`merge` in `src/commands/issue/`.
- Preserve ApiError type so classifySilenced can silence 4xx errors: `classifySilenced` in `src/lib/error-reporting.ts` only silences `ApiError` with status 401-499 — wrapping API errors in generic `CliError` loses `status` and causes 403s etc. to be captured as Sentry issues. Re-throw as `ApiError` preserving `status`/`detail`/`endpoint`. Keep message terse: `ApiError.format()` appends `detail`/`endpoint` on own lines, so including detail in message causes duplicated output. Pattern: `throw new ApiError(\`Failed to X (HTTP ${error.status}).\`, error.status, error.detail, error.endpoint)`. Also: ValidationError without a `field` arg previously produced empty `cli_error.kind`, fingerprint-collapsing all unfielded ValidationErrors into one group. Fix (PR #776): `setGroupingTags` falls back to normalized message prefix via `extractMessagePrefix`. When adding ValidationError sites, pass `field` or ensure distinctive message prefix.
- Resolve --into flag through resolveIssue for alias parity with positionals: Merge/batch commands with a `--into <issue>` (or similar canonical-parent) flag should pass it through `resolveIssue()` the same way positional args are resolved, then compare by numeric `id` — not by string-matching against `issue.shortId`. This gives alias support (`f-g`, `fr-a3`) and org-qualified forms (`my-org/CLI-G5`) for free, and avoids asymmetry where positionals accept aliases but flags don't. Makes `orderForMerge` async. Pattern in `src/commands/issue/merge.ts`.
- Sentry SDK tree-shaking patches must be regenerated via bun patch workflow: Sentry SDK tree-shaking via bun patch: `patchedDependencies` in `package.json` tree-shakes unused exports from `@sentry/core` and `@sentry/node-core` (AI integrations, feature flags, profiler). Bumping SDK versions: (1) remove old patches/entries, (2) `rm -rf ~/.bun/install/cache/@sentry` (edits persist in cache), (3) `bun install` fresh, (4) `bun patch @sentry/core`, edit, `bun patch --commit`; repeat for node-core. Preserved exports: `_INTERNAL_safeUnref`, `_INTERNAL_safeDateNow` (core), `nodeRuntimeMetricsIntegration` (node-core). Manual `git diff` patches fail — always use `bun patch --commit`.
- Shared pagination infrastructure: buildPaginationContextKey and parseCursorFlag: Bidirectional pagination via cursor stack in `src/lib/db/pagination.ts`. `resolveCursor(flag, key, contextKey)` maps keywords (next/prev/first/last) to `{cursor, direction}`. `advancePaginationState` manages stack — back-then-forward truncates stale entries. `hasPreviousPage` checks `page_index > 0`. `paginationHint()` builds nav strings. All list commands use this. Critical: `resolveCursor()` must be called inside `org-all` override closures, not before `dispatchOrgScopedList`.
- Telemetry instrumentation pattern: withTracingSpan + captureException for handled errors: For graceful-fallback operations, use `withTracingSpan` from `src/lib/telemetry.ts` for child spans and `captureException` from `@sentry/bun` (named import — Biome forbids namespace imports) with `level: 'warning'` for non-fatal errors. `withTracingSpan` uses `onlyIfParent: true` — no-op without active transaction. User-visible fallbacks use `log.warn()` not `log.debug()`. Several commands bypass telemetry by importing `buildCommand` from `@stricli/core` directly instead of `../../lib/command.js` (trace/list, trace/view, log/view, api.ts, help.ts).
- Testing Stricli command func() bodies via spyOn mocking: To unit-test a Stricli command's `func()` body: (1) `const func = await cmd.loader()`, (2) `func.call(mockContext, flags, ...args)` with mock `stdout`, `stderr`, `cwd`, `setContext`. (3) `spyOn` namespace imports to mock dependencies (e.g., `spyOn(apiClient, 'getLogs')`). The `loader()` return type union causes `.call()` LSP errors — these are false positives that pass `tsc --noEmit`. When API functions are renamed (e.g., `getLog` → `getLogs`), update both spy target name AND mock return shape (single → array). Slug normalization (`normalizeSlug`) replaces underscores with dashes but does NOT lowercase — test assertions must match original casing (e.g., `'CAM-82X'` not `'cam-82x'`).