feat: Implement strict trace continuation#4981
Merged
jamescrosswell merged 6 commits intomainfrom May 7, 2026
Merged
Conversation
Contributor
Semver Impact of This PR⚪ None (no version bump detected) 📋 Changelog PreviewThis is how your changes will appear in the changelog. Breaking Changes 🛠
Features ✨
Fixes 🐛
Dependencies ⬆️Deps
Other
🤖 This preview updates automatically when you update the PR. |
Contributor
|
giortzisg
added a commit
that referenced
this pull request
Mar 4, 2026
…ion to CreateFromHeaders - Add CHANGELOG.md entry for strict trace continuation feature (#4981) - Fix CS8632 build error by adding #nullable enable before test methods using string? parameters in HubTests.cs - Add org ID mismatch validation directly in SentryPropagationContext.CreateFromHeaders so it starts a new trace when SDK and baggage org IDs don't match - Pass effective org ID from Hub.ContinueTrace to CreateFromHeaders - Add CreateFromHeaders_WithOrgMismatch_StartsNewTrace and CreateFromHeaders_WithOrgMatch_ContinuesTrace tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
3 tasks
Collaborator
|
@giortzisg I've added some context to AGENTS.md in #5035, which should give the agent enough context to be able to correct this PR (once that's been merged into main/this PR). |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4981 +/- ##
==========================================
+ Coverage 74.08% 74.14% +0.05%
==========================================
Files 506 506
Lines 18247 18292 +45
Branches 3564 3576 +12
==========================================
+ Hits 13519 13562 +43
- Misses 3858 3859 +1
- Partials 870 871 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
jamescrosswell
approved these changes
Mar 19, 2026
Collaborator
|
@giortzisg / @Flash0ver this looks good to me. OK to merge? |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit c861e08. Configure here.
Add org ID validation to distributed trace continuation to prevent traces from being continued across different Sentry organizations. - Parse org ID from DSN host (e.g., o1.ingest.us.sentry.io -> "1") - Add OrgId option to SentryOptions to override DSN-parsed value - Add StrictTraceContinuation bool option (default false) - Propagate sentry-org_id in outgoing baggage via DynamicSamplingContext - Validate org IDs in Hub.ContinueTrace: - Mismatched org IDs always start new trace (regardless of setting) - Missing incoming org_id + strict=true -> start new trace - Missing incoming org_id + strict=false -> continue trace (default) - Add comprehensive tests for all org ID validation scenarios - Update API approval snapshots Closes #4963 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ion to CreateFromHeaders - Add CHANGELOG.md entry for strict trace continuation feature (#4981) - Fix CS8632 build error by adding #nullable enable before test methods using string? parameters in HubTests.cs - Add org ID mismatch validation directly in SentryPropagationContext.CreateFromHeaders so it starts a new trace when SDK and baggage org IDs don't match - Pass effective org ID from Hub.ContinueTrace to CreateFromHeaders - Add CreateFromHeaders_WithOrgMismatch_StartsNewTrace and CreateFromHeaders_WithOrgMatch_ContinuesTrace tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…tests Hub.ShouldContinueTrace already nulls both headers before calling CreateFromHeaders, making the org-ID guard inside CreateFromHeaders unreachable from all current call paths. Remove the duplicate check and its sdkOrgId parameter to eliminate the inconsistency and maintenance risk. Add ValidDsnWithOrgId DSN sample and six new DynamicSamplingContextTests covering that org_id is included in outgoing baggage for all three factory methods (CreateFromTransaction, CreateFromUnsampledTransaction, CreateFromPropagationContext) when the DSN has an o<num> host prefix, and excluded when it does not. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
CreateFromExternalPropagationContext (the OTel path) was missing orgId: options.GetEffectiveOrgId(), which would cause downstream services with StrictTraceContinuation to start new traces unnecessarily. Add two DynamicSamplingContextTests covering that org_id is included when the DSN has an o<num> host prefix and excluded when it does not. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jamescrosswell
force-pushed
the
feat/strict-trace-continuation-v2
branch
from
c861e08 to
ce0127d
Compare
jamescrosswell
approved these changes
May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
By default, the SDK should extract the organization ID from the DSN (e.g. o123.ingest.sentry.io) and compare it with the sentry-org_id value in incoming baggage headers. When the two differ, the SDK should start a fresh trace instead of continuing the foreign one. This guards against accidentally linking traces across organizations.
Implementation
Implements strict trace continuation to validate org IDs in distributed traces, preventing trace continuation from unknown third-party services.
org_idfrom DSN host (e.g.,o1inhttps://key@o1.ingest.us.sentry.io/123yields org ID"1")OrgIdconfig option to manually override DSN-parsed valueStrictTraceContinuationbool config option (defaultfalse)sentry-org_idin outgoing baggage viaDynamicSamplingContextHub.ContinueTrace():StrictTraceContinuation: true-> start new traceStrictTraceContinuation: false-> continue trace (default behavior)Changes
Source files:
src/Sentry/Dsn.cs- Parse org ID from DSN host subdomainsrc/Sentry/SentryOptions.cs- AddStrictTraceContinuationandOrgIdoptions,GetEffectiveOrgId()helpersrc/Sentry/DynamicSamplingContext.cs- Addorg_idto outgoing baggage in all DSC factory methodssrc/Sentry/Internal/Hub.cs- AddShouldContinueTrace()validation logic inContinueTrace()Test files:
test/Sentry.Tests/Protocol/DsnTests.cs- Tests for DSN org ID parsingtest/Sentry.Tests/HubTests.cs- Comprehensive[Theory]tests for all org ID validation scenariosSnapshot files:
OrgIdandStrictTraceContinuationpropertiesReferences
strictTraceContinuationsentry-javascript#16313Closes #4963