Skip to content

test(sentry): pin /invites/validate 400 suppression in fetchWithSentry#2449

Open
innolope-dev wants to merge 1 commit into
mainfrom
test/invites-validate-400-sentry-suppression
Open

test(sentry): pin /invites/validate 400 suppression in fetchWithSentry#2449
innolope-dev wants to merge 1 commit into
mainfrom
test/invites-validate-400-sentry-suppression

Conversation

@innolope-dev

@innolope-dev innolope-dev commented Jul 18, 2026

Copy link
Copy Markdown
Collaborator

Problem

Sentry issue PEANUT-UI-QDRPOST to https://api.peanut.me/invites/validate failed with status 400 — accumulated 2,850 events from 701 users in 14 days, culprit page /setup.

Root cause

The 400 is an expected user-input outcome, not a bug:

  • On /setup, JoinWaitlist debounce-validates the invite-code input (750ms, min-length gated) against POST /invites/validate.
  • The backend (peanut-api-ts/src/routes/invite.ts) returns 400 Invalid Invite whenever the typed code doesn't resolve to an existing inviter with app access — i.e. any typo'd or unknown username. The UI already handles this gracefully with an inline "inviter not found" error.
  • fetchWithSentry reported every non-OK response to Sentry, so each invalid attempt became an event (~4 events/user matches debounced retyping).
  • The volume spike from ~July 5 coincides with the iOS launch wave (July 4–7 native/setup commits) funneling many new users through /setup.

The suppression fix already landed: f3d8090 (July 8) added /invites/validate 400 to SKIP_REPORTING on main, and it reached feat/mobile-release on July 9 — which is why the issue is tapering. The residual trickle is stale clients (old native bundles pre-OTA / cached web sessions) and will die off on its own.

Gap found: nothing pinned that fix. sentry.utils.test.ts never exercised the shouldSkipReporting path of fetchWithSentry at all, so a refactor of the skip rules could silently resurrect the noise.

Fix

Regression tests for the suppression contract in fetchWithSentry:

  • /invites/validate 400 → no Sentry.captureMessage, no console.warn (which would otherwise become a breadcrumb via forward-logs)
  • /invites/validate 500 → still reported at error level (real server failures stay visible)
  • unlisted endpoint 400 → still reported at warning level

No production code change needed — the suppression is correct and shipped.

Impact

  • Locks in the removal of ~2,850 events/14d of Sentry noise so the skip rule can't regress unnoticed.
  • No user-facing change: onboarding already surfaces invalid codes inline, and PostHog still tracks invite_code_validated for funnel analytics.

Testing

pnpm jest src/utils/__tests__/sentry.utils.test.ts — 23 passed (3 new + 20 existing). File formatted with prettier.

Summary by CodeRabbit

  • Tests
    • Added coverage ensuring expected invalid invite-code responses do not trigger error reporting or console warnings.
    • Verified that genuine server failures and unexpected client errors continue to be reported appropriately.

The SKIP_REPORTING entry added in f3d8090 stopped expected 'Invalid
Invite' 400s from the setup-flow invite input flooding Sentry
(PEANUT-UI-QDR, ~2,850 events / 701 users in 14 days). Nothing pinned
that behavior: no test exercised the suppression path in fetchWithSentry
at all, so a refactor of the skip rules could silently bring the noise
back.

Cover the three contract points: /invites/validate 400 emits neither a
Sentry event nor a console.warn, a 500 on the same endpoint still
reports as an error, and unlisted endpoints still report their 400s.
@innolope-dev innolope-dev self-assigned this Jul 18, 2026
@vercel

vercel Bot commented Jul 18, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
peanut-wallet Ready Ready Preview, Comment Jul 18, 2026 10:27am

Request Review

@coderabbitai

coderabbitai Bot commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

Expanded fetchWithSentry tests mock instrumentation and connectivity, covering suppression of expected invite-validation 400 responses and reporting of 500 and other 400 responses.

Changes

Sentry response reporting

Layer / File(s) Summary
Response reporting behavior
src/utils/__tests__/sentry.utils.test.ts
Mocks Sentry, connectivity, and response methods, then verifies expected invite-validation errors are suppressed while server errors and generic client errors are reported.

Estimated code review effort: 2 (Simple) | ~10 minutes

Suggested reviewers: hugo0

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly reflects the main change: regression tests for fetchWithSentry suppression of /invites/validate 400 responses.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch test/invites-validate-400-sentry-suppression

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed: dependency version conflict. Check your lock file or package.json.


Comment @coderabbitai help to get the list of available commands.

@github-actions

Copy link
Copy Markdown
Contributor

Code-analysis diff

Painscore total: 6208.86 → 6208.86 (0)
Findings: 0 net (+0 new, -0 resolved)

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
src/utils/__tests__/sentry.utils.test.ts (1)

41-41: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Consider restoring global.fetch in afterEach to avoid cross-suite leakage.

global.fetch is reassigned via direct assignment (global.fetch = jest.fn()...) in each test. jest.clearAllMocks() resets call history but does not restore the original global.fetch implementation. If other describe blocks in this file (or future tests) run after this suite and rely on the real or a different fetch mock, they could silently use the last assigned mock. Using jest.spyOn(global, 'fetch') or saving/restoring the original in afterEach would make this suite self-contained.

This is not causing a failure today (all 23 tests pass), so it's a defensive improvement only.

♻️ Optional: save and restore global.fetch
     beforeEach(() => {
         jest.clearAllMocks()
         warnSpy = jest.spyOn(console, 'warn').mockImplementation(() => {})
     })
 
     afterEach(() => {
         warnSpy.mockRestore()
+        // Restore fetch so subsequent suites get the real implementation
+        jest.restoreAllMocks()
     })

Alternatively, switch to jest.spyOn(global, 'fetch') in each test so restoreAllMocks handles cleanup automatically.

Also applies to: 54-54, 65-65

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/utils/__tests__/sentry.utils.test.ts` at line 41, Restore global.fetch
after each test in the affected test suite instead of relying only on
jest.clearAllMocks. Save the original fetch before the tests and reassign it in
afterEach, or replace direct assignments with jest.spyOn(global, 'fetch') and
restore the spy, ensuring no mock leaks into other describe blocks.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/utils/__tests__/sentry.utils.test.ts`:
- Line 41: Restore global.fetch after each test in the affected test suite
instead of relying only on jest.clearAllMocks. Save the original fetch before
the tests and reassign it in afterEach, or replace direct assignments with
jest.spyOn(global, 'fetch') and restore the spy, ensuring no mock leaks into
other describe blocks.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 83f8170a-10a4-4040-bd6f-bd105df22713

📥 Commits

Reviewing files that changed from the base of the PR and between f9ab02d and 122ecc4.

📒 Files selected for processing (1)
  • src/utils/__tests__/sentry.utils.test.ts

@github-actions

Copy link
Copy Markdown
Contributor

🧪 UI test report — ✅ all green

Suites

  • unit: 2003 ran, 0 failed, 0 skipped, 32.9s

📊 Coverage (unit)

metric %
statements 59.8%
branches 43.5%
functions 48.7%
lines 60.1%
⏱ 10 slowest test cases
time test
3.5s src/components/Card/share-asset/__tests__/shareAssetLayout.test.ts › never places two stickers in heavy overlap (broad seed sweep)
1.1s src/utils/__tests__/demo-api.test.ts › isDemoMode() is false when not running under Capacitor
0.4s src/components/Card/share-asset/__tests__/shareAssetLayout.test.ts › every sticker stays within canvas at any count
0.3s src/app/(mobile-ui)/withdraw/__tests__/withdraw-states.test.tsx › Bank withdrawal keeps the $1 minimum for sub-$1 amounts
0.3s src/app/actions/__tests__/api-headers.test.ts › should include Content-Type in validateInviteCode
0.2s src/components/Card/share-asset/__tests__/shareAssetLayout.test.ts › keeps stickers off the username pill (final pass respects the keep-out)
0.2s src/app/actions/__tests__/api-headers-extended.test.ts › should not include apiKey in validateInviteCode body
0.2s src/utils/__tests__/demo-balance.test.ts › starts at the full balance on a fresh install and stamps a timestamp
0.2s src/utils/__tests__/demo-balance.test.ts › auto-refills a stored balance that has no timestamp (legacy install)
0.1s src/utils/__tests__/demo-balance.test.ts › debits and floors at zero
📍 Inline annotations are in the **Unit test report** check above. Coverage artifact: `coverage-unit`. Generated by `.github/workflows/tests.yml`.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant