Merge branch 'master' into roggenkemper/feat/budget-paced-detection-scheduling

Author: roggenkemper

.github/file-filters.yml

@@ -3,6 +3,9 @@
 sentry_frontend_workflow_file: &sentry_frontend_workflow_file
   - added|modified: '.github/workflows/frontend.yml'
 
+sentry_frontend_snapshots_workflow_file: &sentry_frontend_snapshots_workflow_file
+  - added|modified: '.github/workflows/frontend-snapshots.yml'
+
 # Provides list of changed files to test (jest)
 # getsentry/sentry does not use the list directly, instead we shard tests inside jest.config.js
 testable_modified: &testable_modified
@@ -30,6 +33,7 @@ typecheckable_rules_changed: &typecheckable_rules_changed
 # Trigger to apply the 'Scope: Frontend' label to PRs
 frontend_all: &frontend_all
   - *sentry_frontend_workflow_file
+  - *sentry_frontend_snapshots_workflow_file
   - added|modified: '**/*.{ts,tsx,js,jsx,mjs}'
   - added|modified: 'static/**/*.{less,json,yml,md,mdx}'
   - added|modified: '{vercel,tsconfig,biome,package}.json'

.github/workflows/frontend-snapshots.yml

@@ -69,37 +69,19 @@ jobs:
 
       - name: Install sentry-cli
         if: ${{ !cancelled() }}
-        run: curl -sL https://sentry.io/get-cli/ | SENTRY_CLI_VERSION=3.3.4 sh
+        run: curl -sL https://sentry.io/get-cli/ | SENTRY_CLI_VERSION=3.3.5 sh
 
       - name: Upload snapshots
         id: upload
         if: ${{ !cancelled() }}
         env:
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_SNAPSHOTS_AUTH_TOKEN }}
-        run: |
-          ARGS=(
-            --log-level=debug
-            --auth-token "${{ secrets.SENTRY_SNAPSHOTS_AUTH_TOKEN }}"
-            build snapshots "${{ env.SNAPSHOT_OUTPUT_DIR }}"
-            --app-id sentry-frontend
-            --project sentry-frontend
-            --head-sha "${{ github.event.pull_request.head.sha || github.sha }}"
-            --vcs-provider github
-            --head-repo-name "${{ github.repository }}"
-          )
-
-          # PR-only flags: base-sha, base-ref, base-repo-name, head-ref, pr-number
-          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
-            ARGS+=(
-              --base-sha "${{ github.event.pull_request.base.sha }}"
-              --base-repo-name "${{ github.repository }}"
-              --head-ref "${{ github.head_ref }}"
-              --base-ref "${{ github.base_ref }}"
-              --pr-number "${{ github.event.number }}"
-            )
-          fi
-
-          sentry-cli "${ARGS[@]}"
+        run: >
+          sentry-cli
+          --log-level=debug
+          build snapshots "${{ env.SNAPSHOT_OUTPUT_DIR }}"
+          --app-id sentry-frontend
+          --project sentry-frontend
 
       - name: Report upload failure to Sentry
         if: ${{ failure() && steps.upload.outcome == 'failure' }}

src/sentry/api/endpoints/internal/feature_flags.py

@@ -1,3 +1,5 @@
+from collections.abc import Mapping
+
 from django.conf import settings
 from rest_framework.request import Request
 from rest_framework.response import Response
@@ -10,6 +12,30 @@
 from sentry.runner.settings import configure, discover_configs
 
 
+def _coerce_early_feature_flag_value(value: object) -> bool | None:
+    """
+    Map API input to a bool for SENTRY_FEATURES. Accepts JSON booleans, 0/1
+    (common in scripts), and the strings "true"/"false" (case-insensitive).
+    Returns None if the value cannot be interpreted safely.
+    """
+    if isinstance(value, bool):
+        return value
+    if isinstance(value, int):
+        if value == 1:
+            return True
+        if value == 0:
+            return False
+        return None
+    if isinstance(value, str):
+        lowered = value.lower()
+        if lowered == "true":
+            return True
+        if lowered == "false":
+            return False
+        return None
+    return None
+
+
 @all_silo_endpoint
 class InternalFeatureFlagsEndpoint(Endpoint):
     permission_classes = (SuperuserPermission,)
@@ -36,18 +62,38 @@ def put(self, request: Request) -> Response:
         if not settings.SENTRY_SELF_HOSTED:
             return Response("You are not self-hosting Sentry.", status=403)
 
-        data = request.data.keys()
-        valid_feature_flags = [flag for flag in data if SENTRY_EARLY_FEATURES.get(flag, False)]
+        payload: object = request.data
+        if not isinstance(payload, Mapping):
+            return Response(
+                {"detail": "Feature flag updates must be a JSON object."},
+                status=400,
+            )
+
+        valid_feature_flags = [flag for flag in payload if flag in SENTRY_EARLY_FEATURES]
+        coerced_values: dict[str, bool] = {}
+        for valid_flag in valid_feature_flags:
+            coerced = _coerce_early_feature_flag_value(payload.get(valid_flag))
+            if coerced is None:
+                return Response(
+                    {
+                        "detail": (
+                            f'Feature flag "{valid_flag}" must be true or false '
+                            f"(boolean, 0 or 1, or the string true or false)."
+                        )
+                    },
+                    status=400,
+                )
+            coerced_values[valid_flag] = coerced
+
         _, py, yml = discover_configs()
         # Open the file for reading and writing
         with open(py, "r+") as file:
             lines = file.readlines()
             # print(lines)
             for valid_flag in valid_feature_flags:
                 match_found = False
-                new_string = (
-                    f'\nSENTRY_FEATURES["{valid_flag}"]={request.data.get(valid_flag, False)}\n'
-                )
+                python_bool = "True" if coerced_values[valid_flag] else "False"
+                new_string = f'\nSENTRY_FEATURES["{valid_flag}"]={python_bool}\n'
                 # Search for the string match and update lines
                 for i, line in enumerate(lines):
                     if valid_flag in line:

src/sentry/api/serializers/models/organization.py

@@ -170,6 +170,13 @@ class BaseOrganizationSerializer(serializers.Serializer):
         max_length=DEFAULT_SLUG_MAX_LENGTH,
     )
 
+    def validate_name(self, value: str) -> str:
+        if "://" in value:
+            raise serializers.ValidationError(
+                "Organization name cannot contain URL schemes (e.g. http:// or https://)."
+            )
+        return value
+
     def validate_slug(self, value: str) -> str:
         # Historically, the only check just made sure there was more than 1
         # character for the slug, but since then, there are many slugs that

src/sentry/conf/server.py

@@ -1216,7 +1216,7 @@ def SOCIAL_AUTH_DEFAULT_USERNAME() -> str:
     },
     "llm-issue-detection": {
         "task": "issues:sentry.tasks.llm_issue_detection.run_llm_issue_detection",
-        "schedule": crontab("0", "*", "*", "*", "*"),
+        "schedule": crontab("*/15", "*", "*", "*", "*"),
     },
     "preprod-detect-expired-artifacts": {
         "task": "preprod:sentry.preprod.tasks.detect_expired_preprod_artifacts",

src/sentry/features/temporary.py

@@ -50,6 +50,8 @@ def register_temporary_features(manager: FeatureManager) -> None:
     manager.add("organizations:alert-allow-indexed", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=True)
     # Enables flag for org specific runs on alerts comparison script for spans migration
     manager.add("organizations:alerts-timeseries-comparison", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=False)
+    # Enable AI-based issue detection for an organization (budget-paced scheduling)
+    manager.add("organizations:ai-issue-detection", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=False)
     # Enable anomaly detection feature for EAP spans
     manager.add("organizations:anomaly-detection-eap", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=True)
     # Enables the cron job to auto-enable codecov integrations.
@@ -104,8 +106,6 @@ def register_temporary_features(manager: FeatureManager) -> None:
     manager.add("organizations:intercom-support", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=True)
     # Enable default anomaly detection metric monitor for new projects
     manager.add("organizations:default-anomaly-detector", OrganizationFeature, FeatureHandlerStrategy.FLAGPOLE, api_expose=False)
-    # Enables synthesis of device.class in ingest
-    manager.add("organizations:device-class-synthesis", OrganizationFeature, FeatureHandlerStrategy.INTERNAL, api_expose=False)
     # Enable the 'discover' interface. (might be unused)
     manager.add("organizations:discover", OrganizationFeature, FeatureHandlerStrategy.INTERNAL, api_expose=True)
     # Enable the discover saved queries deprecation warnings

src/sentry/incidents/endpoints/serializers/workflow_engine_incident.py

@@ -93,6 +93,18 @@ def get_attrs(
             results[open_period] = {"projects": [open_period.project.slug]}
             results[open_period]["alert_rule"] = alert_rules.get(str(alert_rule_id))
 
+        igops = IncidentGroupOpenPeriod.objects.filter(group_open_period__in=results.keys())
+        igop_by_open_period_id = {igop.group_open_period_id: igop for igop in igops}
+
+        for open_period in results:
+            if igop := igop_by_open_period_id.get(open_period.id):
+                results[open_period]["incident_id"] = igop.incident_id
+                results[open_period]["incident_identifier"] = igop.incident_identifier
+            else:
+                fake_id = get_fake_id_from_object_id(open_period.id)
+                results[open_period]["incident_id"] = fake_id
+                results[open_period]["incident_identifier"] = fake_id
+
         if "activities" in self.expand:
             gopas = list(
                 GroupOpenPeriodActivity.objects.filter(group_open_period__in=item_list).order_by(
@@ -169,13 +181,8 @@ def serialize(
         """
         Temporary serializer to take a GroupOpenPeriod and serialize it for the old incident endpoint
         """
-        try:
-            igop = IncidentGroupOpenPeriod.objects.get(group_open_period=obj)
-            incident_id = igop.incident_id
-            incident_identifier = igop.incident_identifier
-        except IncidentGroupOpenPeriod.DoesNotExist:
-            incident_id = get_fake_id_from_object_id(obj.id)
-            incident_identifier = incident_id
+        incident_id = attrs["incident_id"]
+        incident_identifier = attrs["incident_identifier"]
 
         date_closed = obj.date_ended.replace(second=0, microsecond=0) if obj.date_ended else None
         return {

src/sentry/models/organizationmember.py

@@ -348,6 +348,7 @@ def get_invite_link(self, referrer: str | None = None):
 
     def send_invite_email(self, referrer: str | None = None):
         from sentry.utils.email import MessageBuilder
+        from sentry.utils.email.sanitize import sanitize_outbound_name
 
         context = {
             "email": self.email,
@@ -356,7 +357,7 @@ def send_invite_email(self, referrer: str | None = None):
         }
 
         msg = MessageBuilder(
-            subject="Join %s in using Sentry" % self.organization.name,
+            subject="Join %s in using Sentry" % sanitize_outbound_name(self.organization.name),
             template="sentry/emails/member-invite.txt",
             html_template="sentry/emails/member-invite.html",
             type="organization.invite",
@@ -371,6 +372,7 @@ def send_invite_email(self, referrer: str | None = None):
 
     def send_sso_link_email(self, sending_user_email: str, provider):
         from sentry.utils.email import MessageBuilder
+        from sentry.utils.email.sanitize import sanitize_outbound_name
 
         link_args = {"organization_slug": self.organization.slug}
         context = {
@@ -381,7 +383,7 @@ def send_sso_link_email(self, sending_user_email: str, provider):
         }
 
         msg = MessageBuilder(
-            subject=f"Action Required for {self.organization.name}",
+            subject=f"Action Required for {sanitize_outbound_name(self.organization.name)}",
             template="sentry/emails/auth-link-identity.txt",
             html_template="sentry/emails/auth-link-identity.html",
             type="organization.auth_link",
@@ -392,6 +394,7 @@ def send_sso_link_email(self, sending_user_email: str, provider):
     def send_sso_unlink_email(self, disabling_user: RpcUser | str, provider):
         from sentry.users.services.lost_password_hash import lost_password_hash_service
         from sentry.utils.email import MessageBuilder
+        from sentry.utils.email.sanitize import sanitize_outbound_name
 
         # Nothing to send if this member isn't associated to a user
         if not self.user_id:
@@ -424,7 +427,7 @@ def send_sso_unlink_email(self, disabling_user: RpcUser | str, provider):
             context["set_password_url"] = password_hash.get_absolute_url(mode="set_password")
 
         msg = MessageBuilder(
-            subject=f"Action Required for {self.organization.name}",
+            subject=f"Action Required for {sanitize_outbound_name(self.organization.name)}",
             template="sentry/emails/auth-sso-disabled.txt",
             html_template="sentry/emails/auth-sso-disabled.html",
             type="organization.auth_sso_disabled",

src/sentry/notifications/notifications/organization_request/abstract_invite_request.py

@@ -16,6 +16,7 @@
 from sentry.notifications.utils.actions import MessageAction
 from sentry.types.actor import Actor
 from sentry.users.services.user.service import user_service
+from sentry.utils.email.sanitize import sanitize_outbound_name
 
 if TYPE_CHECKING:
     from sentry.users.models.user import User
@@ -40,7 +41,7 @@ def members_url(self) -> str:
         )
 
     def get_subject(self, context: Mapping[str, Any] | None = None) -> str:
-        return f"Access request to {self.organization.name}"
+        return f"Access request to {sanitize_outbound_name(self.organization.name)}"
 
     def get_recipient_context(
         self, recipient: Actor, extra_context: Mapping[str, Any]

src/sentry/notifications/notifications/organization_request/integration_request.py

@@ -11,6 +11,7 @@
 )
 from sentry.notifications.utils.actions import MessageAction
 from sentry.types.actor import Actor
+from sentry.utils.email.sanitize import sanitize_outbound_name
 
 if TYPE_CHECKING:
     from sentry.models.organization import Organization
@@ -71,7 +72,7 @@ def get_context(self) -> MutableMapping[str, Any]:
         }
 
     def get_subject(self, context: Mapping[str, Any] | None = None) -> str:
-        return f"Your team member requested the {self.provider_name} integration on Sentry"
+        return f"Your team member requested the {sanitize_outbound_name(self.provider_name)} integration on Sentry"
 
     def get_notification_title(
         self, provider: ExternalProviders, context: Mapping[str, Any] | None = None
@@ -82,11 +83,13 @@ def build_attachment_title(self, recipient: Actor) -> str:
         return "Request to Install"
 
     def get_message_description(self, recipient: Actor, provider: ExternalProviders) -> str:
-        requester_name = self.requester.get_display_name()
+        requester_name = sanitize_outbound_name(self.requester.get_display_name())
         optional_message = (
-            f" They've included this message `{self.message}`" if self.message else ""
+            f" They've included this message `{sanitize_outbound_name(self.message)}`"
+            if self.message
+            else ""
         )
-        return f"{requester_name} is requesting to install the {self.provider_name} integration into {self.organization.name}.{optional_message}"
+        return f"{requester_name} is requesting to install the {sanitize_outbound_name(self.provider_name)} integration into {sanitize_outbound_name(self.organization.name)}.{optional_message}"
 
     def get_message_actions(
         self, recipient: Actor, provider: ExternalProviders