feat: sentry improvements

[DaniAkash]

This pull request introduces improved user identity tracking across analytics and error reporting, and adds robust sanitization of sensitive data in Sentry events for both agent and server applications. It ensures that user identification is consistently set or cleared on login/logout, and that sensitive information (like API keys and tokens) is redacted from error reports before they are sent.

User Identity Management and Analytics:

• Added new identify and resetIdentity functions in identify.ts to synchronize user identity across analytics (PostHog) and error tracking (Sentry). These are now called on login, logout, and session changes to keep user context accurate. (packages/browseros-agent/apps/agent/lib/analytics/identify.ts, packages/browseros-agent/apps/agent/lib/auth/AuthProvider.tsx, packages/browseros-agent/apps/agent/entrypoints/app/login/LogoutPage.tsx) [1] [2] [3] [4] [5]

• On the server side, user identity is now set in Sentry using Sentry.setUser with the browserosId for better traceability of errors. (packages/browseros-agent/apps/server/src/main.ts)

Sensitive Data Sanitization in Sentry Events:

• Introduced a shared sanitizeEvent utility in @browseros/shared/sentry/sanitize that recursively redacts sensitive fields (like tokens, passwords, secrets) from Sentry event payloads. This utility is now used in both agent and server Sentry beforeSend hooks to prevent accidental leakage of credentials in error reports. (packages/browseros-agent/packages/shared/src/sentry/sanitize.ts, packages/browseros-agent/apps/agent/lib/sentry/sanitize.ts, packages/browseros-agent/apps/agent/lib/sentry/sentry.ts, packages/browseros-agent/apps/server/src/lib/sentry.ts, packages/browseros-agent/packages/shared/package.json) [1] [2] [3] [4] [5] [6] [7]

Other Improvements:

• When logging chat requests, the server now stores only the origin part of the baseUrl in Sentry context, further reducing risk of leaking sensitive URL components. (packages/browseros-agent/apps/server/src/api/routes/chat.ts)

These changes significantly improve both user privacy and the quality of analytics and error reporting across the BrowserOS agent and server.

[greptile-apps]

Greptile Summary

This PR improves Sentry error reporting by adding a beforeSend sanitization layer that redacts sensitive key values (tokens, passwords, secrets, etc.) from events on both the agent and server, unifies user identity management across Sentry and PostHog into a single identify/resetIdentity API, and strips path/query from baseUrl before it reaches Sentry context.

Key changes:

• New shared sanitizeEvent utility (packages/shared/src/sentry/sanitize.ts) is wired into both the server's beforeSend and the agent's existing beforeSend
• New identify.ts module centralises sentry.setUser + posthog.identify calls; called on session restore (AuthProvider) and cleared on logout (LogoutPage)
• Server startup now calls Sentry.setUser({ id: browserosId }) so all server events are correlated to the install identity
• Gap: sanitizeEvent does not sanitize event.request, meaning HTTP request headers (e.g. Authorization: Bearer …, Cookie: …) captured by @sentry/bun with sendDefaultPii: true can still leak — adding if (e.request) e.request = sanitize(e.request) alongside the existing blocks would close this
• Duplication: apps/agent/lib/sentry/sanitize.ts is a near-identical local copy of the new shared version; the agent should import from @browseros/shared/sentry/sanitize directly so the patterns stay in sync

Confidence Score: 3/5

• The sanitization gap around event.request means HTTP headers (including Authorization) can still leak to Sentry on the server despite the new beforeSend hook — fix recommended before merge.
• Most of the PR is solid: identify/resetIdentity unification is clean, the baseUrl origin-stripping is a good touch, and the general sanitize logic is correct. The missing e.request sanitization is a concrete security gap in the new code that could expose bearer tokens from inbound API requests captured by @sentry/bun with sendDefaultPii: true. It warrants a fix before shipping.
• packages/browseros-agent/packages/shared/src/sentry/sanitize.ts (missing event.request sanitization) and packages/browseros-agent/apps/agent/lib/sentry/sanitize.ts (duplicate of the shared version)

Important Files Changed

Filename	Overview
packages/browseros-agent/packages/shared/src/sentry/sanitize.ts	New shared sanitize utility for Sentry events — correctly redacts sensitive keys in contexts, extra, and stack frame vars, but does not sanitize event.request (HTTP headers/cookies) which can leak Authorization/Cookie values on the server.
packages/browseros-agent/apps/agent/lib/sentry/sanitize.ts	Local agent copy of the shared sanitize module — nearly identical to the shared version just added in this PR; should be removed in favour of importing from @browseros/shared/sentry/sanitize.
packages/browseros-agent/apps/server/src/lib/sentry.ts	Server Sentry config gains a beforeSend hook that runs sanitizeEvent; imports correctly from the shared package.
packages/browseros-agent/apps/agent/lib/analytics/identify.ts	New module unifying Sentry user identification and PostHog identification/reset; clean and well-documented.
packages/browseros-agent/apps/server/src/main.ts	Adds Sentry.setUser({ id: browserosId }) on server startup so all server-side errors are correlated to the install identity.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Sentry error captured] --> B{beforeSend hook}
    B --> C[sanitizeEvent]
    C --> D[sanitize breadcrumbs.data]
    C --> E[sanitize contexts]
    C --> F[sanitize extra]
    C --> G[sanitize stackframe vars]
    C --> H[❌ event.request NOT sanitized]
    H --> I[Authorization / Cookie headers leak]
    D & E & F & G --> J[Return sanitized event → Sentry]

    subgraph identify.ts
        K[Session restored / user login] --> L[identify - sentry.setUser + posthog.identify]
        M[Logout] --> N[resetIdentity - sentry.setUser null + posthog.reset]
    end

Loading

Prompt To Fix All With AI

This is a comment left during a code review.
Path: packages/browseros-agent/packages/shared/src/sentry/sanitize.ts
Line: 59-87

Comment:
**`event.request` not sanitized — headers/cookies can still leak**

`sanitizeEvent` scrubs `breadcrumbs`, `contexts`, `extra`, and stackframe vars, but never touches `event.request`. On the server (`@sentry/bun`) with `sendDefaultPii: true`, Sentry automatically captures the full inbound HTTP request under `event.request`, including a `headers` map that can contain `Authorization: Bearer <token>` and `Cookie: …` values. Those keys would be caught by `isSensitiveKey`, but only if the `request` field is actually passed through `sanitize()`.

Add the missing section:

```ts
  if (e.request) {
    e.request = sanitize(e.request)
  }
```

Place it alongside the existing `e.contexts` / `e.extra` blocks so headers and cookies are scrubbed before the event is sent.

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: packages/browseros-agent/apps/agent/lib/sentry/sanitize.ts
Line: 1-77

Comment:
**Duplicate `sanitize.ts` — agent should use the shared version**

This file is an almost-exact copy of `packages/shared/src/sentry/sanitize.ts`, which was added in the same PR and is now exported via the `package.json` export map (`./sentry/sanitize`). Maintaining two near-identical copies increases the risk of them drifting out of sync (e.g., if a new sensitive pattern is added to the shared version but forgotten here).

The agent's `sentry.ts` could simply import from the shared package instead:

```ts
import { sanitizeEvent } from '@browseros/shared/sentry/sanitize'
```

This lets the agent's `lib/sentry/sanitize.ts` file be removed entirely.

**Rule Used:** Remove unused/dead code rather than leaving it in ... ([source](https://app.greptile.com/review/custom-context?memory=9b045db4-2630-428c-95b7-ccf048d34547))

**Learnt From**
[browseros-ai/BrowserOS-agent#126](https://github.com/browseros-ai/BrowserOS-agent/pull/126)

How can I resolve this? If you propose a fix, please make it concise.

_{Reviews (1): Last reviewed commit: "feat: added analytics for logged in user..." | Re-trigger Greptile}