fix: prevent large context data from being serialized into job payloads

Naoray · claude · Naoray · commit dfed772e7a21 · 2026-01-27T16:52:06.000+01:00
Use Context::addHidden() for large tracing data (queries, outgoing_requests,
session, request) to prevent serialization into Laravel job payloads.

Hidden context is available during the request for error logging but is NOT
serialized when jobs are queued, preventing ~6.8MB job payloads and Redis
OOM errors.

- QueryCollector: use hidden context for queries
- OutgoingRequestSendingCollector: use hidden context for request tracking
- OutgoingRequestResponseCollector: use hidden context for outgoing requests
- SessionCollector: use hidden context for session data
- RequestDataCollector: use hidden context for request data
- ContextProcessor: merge both regular and hidden context for logging
- GithubMonologServiceProvider: add dehydration callback as safety net

Co-Authored-By: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/src/GithubMonologServiceProvider.php b/src/GithubMonologServiceProvider.php
@@ -2,12 +2,18 @@
 
 namespace Naoray\LaravelGithubMonolog;
 
+use Illuminate\Support\Facades\Context;
 use Illuminate\Support\Facades\Event;
 use Illuminate\Support\ServiceProvider;
 use Naoray\LaravelGithubMonolog\Tracing\EventHandler;
 
 class GithubMonologServiceProvider extends ServiceProvider
 {
+    public function register(): void
+    {
+        $this->registerContextDehydration();
+    }
+
     public function boot(): void
     {
         $config = config('logging.channels.github.tracing');
@@ -22,4 +28,29 @@ public function boot(): void
             ], 'github-monolog-views');
         }
     }
+
+    /**
+     * Register context dehydration callback to prevent large tracing data
+     * from being serialized into job payloads.
+     */
+    protected function registerContextDehydration(): void
+    {
+        if (! method_exists(Context::class, 'dehydrating')) {
+            return;
+        }
+
+        Context::dehydrating(function ($context) {
+            foreach (['queries', 'outgoing_requests', 'session', 'request'] as $key) {
+                if ($context->has($key)) {
+                    $context->forget($key);
+                }
+            }
+
+            foreach (array_keys($context->all()) as $key) {
+                if (str_starts_with($key, 'outgoing_request.')) {
+                    $context->forget($key);
+                }
+            }
+        });
+    }
 }
diff --git a/src/Tracing/ContextProcessor.php b/src/Tracing/ContextProcessor.php
@@ -28,7 +28,7 @@ public function __invoke(LogRecord $record): LogRecord
             $sessionCollector->collect();
         }
 
-        $contextData = Context::all();
+        $contextData = array_merge(Context::all(), Context::allHidden());
 
         if (empty($contextData)) {
             return $record;
diff --git a/src/Tracing/OutgoingRequestResponseCollector.php b/src/Tracing/OutgoingRequestResponseCollector.php
@@ -30,11 +30,11 @@ public function __invoke(ResponseReceived $event): void
         $config = config('logging.channels.github.tracing.outgoing_requests', []);
         $limit = $config['limit'] ?? self::DEFAULT_LIMIT;
 
-        $requestData = Context::get("outgoing_request.{$requestId}", []);
+        $requestData = Context::getHidden("outgoing_request.{$requestId}") ?? [];
         $startedAt = $requestData['started_at'] ?? microtime(true);
         $duration = (microtime(true) - $startedAt) * 1000; // Convert to milliseconds
 
-        $outgoingRequests = Context::get('outgoing_requests', []);
+        $outgoingRequests = Context::getHidden('outgoing_requests') ?? [];
 
         $outgoingRequests[] = [
             'url' => $request->url(),
@@ -49,7 +49,7 @@ public function __invoke(ResponseReceived $event): void
             $outgoingRequests = array_slice($outgoingRequests, -$limit);
         }
 
-        Context::add('outgoing_requests', $outgoingRequests);
-        Context::forget("outgoing_request.{$requestId}");
+        Context::addHidden('outgoing_requests', $outgoingRequests);
+        Context::forgetHidden("outgoing_request.{$requestId}");
     }
 }
diff --git a/src/Tracing/OutgoingRequestSendingCollector.php b/src/Tracing/OutgoingRequestSendingCollector.php
@@ -31,7 +31,7 @@ public function __invoke(RequestSending $event): void
         $headers = $request->headers();
         $headerBag = new \Symfony\Component\HttpFoundation\HeaderBag($headers);
 
-        Context::add("outgoing_request.{$requestId}", [
+        Context::addHidden("outgoing_request.{$requestId}", [
             'url' => $request->url(),
             'method' => $request->method(),
             'headers' => $this->redactHeaders($headerBag),
diff --git a/src/Tracing/QueryCollector.php b/src/Tracing/QueryCollector.php
@@ -30,7 +30,7 @@ public function __invoke(QueryExecuted $event): void
 
         $limit = $config['limit'] ?? self::DEFAULT_LIMIT;
 
-        $queries = Context::get('queries', []);
+        $queries = Context::getHidden('queries') ?? [];
         $queries[] = [
             'sql' => $event->sql,
             'bindings' => $this->redactBindings($event->bindings),
@@ -43,6 +43,6 @@ public function __invoke(QueryExecuted $event): void
             $queries = array_slice($queries, -$limit);
         }
 
-        Context::add('queries', $queries);
+        Context::addHidden('queries', $queries);
     }
 }
diff --git a/src/Tracing/RequestDataCollector.php b/src/Tracing/RequestDataCollector.php
@@ -28,7 +28,7 @@ public function __invoke(RequestHandled $event): void
             $files = null;
         }
 
-        Context::add('request', array_filter([
+        Context::addHidden('request', array_filter([
             'url' => $request->url(),
             'full_url' => $request->fullUrl(),
             'method' => $request->method(),
diff --git a/src/Tracing/SessionCollector.php b/src/Tracing/SessionCollector.php
@@ -27,7 +27,7 @@ public function collect(): void
             return;
         }
 
-        Context::add('session', [
+        Context::addHidden('session', [
             'data' => $this->redactPayload(Session::all()),
             'flash' => [
                 'old' => Session::get('_flash.old', []),
diff --git a/tests/Issues/TemplateRendererRouteTest.php b/tests/Issues/TemplateRendererRouteTest.php
@@ -44,7 +44,7 @@
     // Verify route and request data are in Context
     expect(Context::get('route'))->toHaveKey('name');
     expect(Context::get('route')['name'])->toBe('api.users.index');
-    expect(Context::get('request'))->toHaveKey('url');
+    expect(Context::getHidden('request'))->toHaveKey('url');
 
     $record = createLogRecord('Test error');
     $record = ($this->processor)($record);
@@ -87,7 +87,7 @@
     expect(Context::get('user'))->toBe(['id' => 123, 'email' => 'user@example.com']);
     expect(Context::get('route'))->toHaveKey('name');
     expect(Context::get('route')['name'])->toBe('api.posts.store');
-    expect(Context::get('request'))->toHaveKey('url');
+    expect(Context::getHidden('request'))->toHaveKey('url');
 
     $record = createLogRecord('Test error');
     $record = ($this->processor)($record);
diff --git a/tests/Tracing/ContextProcessorTest.php b/tests/Tracing/ContextProcessorTest.php
@@ -18,7 +18,7 @@
 it('merges context data into log record context', function () {
     // Arrange
     Context::add('user', ['id' => 123, 'name' => 'John']);
-    Context::add('request', ['url' => 'https://example.com', 'method' => 'GET']);
+    Context::addHidden('request', ['url' => 'https://example.com', 'method' => 'GET']);
 
     $record = createLogRecord(
         'Test message',
diff --git a/tests/Tracing/EventHandlerTest.php b/tests/Tracing/EventHandlerTest.php
@@ -42,8 +42,8 @@
 
     Event::dispatch($event);
 
-    expect(Context::get('request'))->not->toBeNull();
-    expect(Context::get('request')['url'])->toBe('https://example.com/test');
+    expect(Context::getHidden('request'))->not->toBeNull();
+    expect(Context::getHidden('request')['url'])->toBe('https://example.com/test');
 });
 
 it('registers route collector when enabled', function () {
@@ -97,8 +97,8 @@
 
     Event::dispatch($event);
 
-    expect(Context::get('queries'))->not->toBeNull();
-    expect(Context::get('queries'))->toHaveCount(1);
+    expect(Context::getHidden('queries'))->not->toBeNull();
+    expect(Context::getHidden('queries'))->toHaveCount(1);
 });
 
 it('registers job collector when enabled', function () {
@@ -151,7 +151,7 @@
 
     // Check that outgoing request data was stored (using object hash as key)
     $requestId = spl_object_hash($request);
-    expect(Context::get("outgoing_request.{$requestId}"))->not->toBeNull();
+    expect(Context::getHidden("outgoing_request.{$requestId}"))->not->toBeNull();
 
     // Mock the same request object for the response event
     $request->shouldReceive('url')->andReturn('https://example.com/api');
@@ -163,7 +163,7 @@
     $responseEvent = new ResponseReceived($request, $response);
     Event::dispatch($responseEvent);
 
-    $outgoingRequests = Context::get('outgoing_requests');
+    $outgoingRequests = Context::getHidden('outgoing_requests');
     expect($outgoingRequests)->toHaveCount(1);
     expect($outgoingRequests[0]['url'])->toBe('https://example.com/api');
     expect($outgoingRequests[0]['status'])->toBe(200);
@@ -216,7 +216,7 @@
 
     // Queries collector is disabled, so it should not have collected data
     // (Note: Context might have data from previous tests, but queries should be empty or unchanged)
-    $queries = Context::get('queries', []);
+    $queries = Context::getHidden('queries') ?? [];
     expect($queries)->toBeEmpty();
 });
 
diff --git a/tests/Tracing/OutgoingRequestResponseCollectorTest.php b/tests/Tracing/OutgoingRequestResponseCollectorTest.php
@@ -9,6 +9,7 @@
 use Naoray\LaravelGithubMonolog\Tracing\OutgoingRequestResponseCollector;
 
 beforeEach(function () {
+    Context::flush();
     $this->collector = new OutgoingRequestResponseCollector;
     Config::set('logging.channels.github.tracing.outgoing_requests', ['enabled' => true, 'limit' => 5]);
 });
@@ -23,7 +24,7 @@
     $requestId = spl_object_hash($request);
 
     // Simulate request sending data
-    Context::add("outgoing_request.{$requestId}", [
+    Context::addHidden("outgoing_request.{$requestId}", [
         'url' => 'https://api.example.com/test',
         'method' => 'GET',
         'headers' => [],
@@ -37,7 +38,7 @@
     $receivedEvent = new ResponseReceived($request, $response);
     ($this->collector)($receivedEvent);
 
-    $requests = Context::get('outgoing_requests');
+    $requests = Context::getHidden('outgoing_requests');
 
     expect($requests)->toHaveCount(1);
     expect($requests[0])->toHaveKeys(['url', 'method', 'status', 'duration_ms']);
@@ -47,7 +48,7 @@
     expect($requests[0]['duration_ms'])->toBeNumeric();
 
     // Verify temporary request data is cleaned up
-    expect(Context::has("outgoing_request.{$requestId}"))->toBeFalse();
+    expect(Context::hasHidden("outgoing_request.{$requestId}"))->toBeFalse();
 });
 
 it('respects request limit', function () {
@@ -62,7 +63,7 @@
         $requestId = spl_object_hash($request);
 
         // Simulate request sending data
-        Context::add("outgoing_request.{$requestId}", [
+        Context::addHidden("outgoing_request.{$requestId}", [
             'url' => "https://api.example.com/test{$i}",
             'method' => 'GET',
             'headers' => [],
@@ -73,7 +74,7 @@
         ($this->collector)(new ResponseReceived($request, $response));
     }
 
-    $requests = Context::get('outgoing_requests');
+    $requests = Context::getHidden('outgoing_requests');
 
     expect($requests)->toHaveCount(2);
     expect($requests[0]['url'])->toContain('test3');
@@ -88,7 +89,7 @@
     $requestId = spl_object_hash($request);
 
     // Simulate request sending data
-    Context::add("outgoing_request.{$requestId}", [
+    Context::addHidden("outgoing_request.{$requestId}", [
         'url' => 'https://api.example.com/test',
         'method' => 'GET',
         'headers' => [],
@@ -100,5 +101,5 @@
 
     ($this->collector)(new ResponseReceived($request, $response));
 
-    expect(Context::has('outgoing_requests'))->toBeFalse();
+    expect(Context::hasHidden('outgoing_requests'))->toBeFalse();
 });
diff --git a/tests/Tracing/OutgoingRequestSendingCollectorTest.php b/tests/Tracing/OutgoingRequestSendingCollectorTest.php
@@ -24,7 +24,7 @@
     ($this->collector)($sendingEvent);
 
     $requestId = spl_object_hash($request);
-    $requestData = Context::get("outgoing_request.{$requestId}");
+    $requestData = Context::getHidden("outgoing_request.{$requestId}");
 
     expect($requestData)->not->toBeNull();
     expect($requestData)->toHaveKeys(['url', 'method', 'headers', 'body', 'started_at']);
@@ -43,5 +43,5 @@
     ($this->collector)($sendingEvent);
 
     $requestId = spl_object_hash($request);
-    expect(Context::has("outgoing_request.{$requestId}"))->toBeFalse();
+    expect(Context::hasHidden("outgoing_request.{$requestId}"))->toBeFalse();
 });
diff --git a/tests/Tracing/QueryCollectorTest.php b/tests/Tracing/QueryCollectorTest.php
@@ -6,6 +6,7 @@
 use Naoray\LaravelGithubMonolog\Tracing\QueryCollector;
 
 beforeEach(function () {
+    Context::flush();
     $this->collector = new QueryCollector;
     Config::set('logging.channels.github.tracing.queries', ['enabled' => true, 'limit' => 10]);
 });
@@ -27,7 +28,7 @@
 
     ($this->collector)($event);
 
-    $queries = Context::get('queries');
+    $queries = Context::getHidden('queries');
 
     expect($queries)->toHaveCount(1);
     expect($queries[0])->toHaveKeys(['sql', 'bindings', 'time', 'connection']);
@@ -53,7 +54,7 @@
         ($this->collector)($event);
     }
 
-    $queries = Context::get('queries');
+    $queries = Context::getHidden('queries');
 
     expect($queries)->toHaveCount(2);
     expect($queries[0]['sql'])->toContain('id = 3');
@@ -75,5 +76,5 @@
 
     ($this->collector)($event);
 
-    expect(Context::has('queries'))->toBeFalse();
+    expect(Context::hasHidden('queries'))->toBeFalse();
 });
diff --git a/tests/Tracing/RequestDataCollectorTest.php b/tests/Tracing/RequestDataCollectorTest.php
@@ -30,7 +30,7 @@
     ($this->collector)($event);
 
     // Assert
-    $requestData = Context::get('request');
+    $requestData = Context::getHidden('request');
     expect($requestData)->toHaveKeys(['url', 'full_url', 'method', 'ip', 'headers', 'cookies', 'query', 'body']);
     expect($requestData['url'])->toBe('https://example.com/test');
     expect($requestData['full_url'])->toBe('https://example.com/test?foo=bar');
@@ -50,7 +50,7 @@
     ($this->collector)($event);
 
     // Assert
-    $requestData = Context::get('request');
+    $requestData = Context::getHidden('request');
     expect($requestData['headers']['authorization'][0])->toContain('Bearer');
     expect($requestData['headers']['authorization'][0])->toContain('bytes redacted');
     expect($requestData['headers']['safe-header'][0])->toBe('value');
@@ -72,7 +72,7 @@
     // Act & Assert - Should not throw exception
     ($this->collector)($event);
 
-    $requestData = Context::get('request');
+    $requestData = Context::getHidden('request');
     // When formatFiles() throws an exception, files are set to null and filtered out
     // So we check that the request data exists and files may or may not be present
     expect($requestData)->toBeArray();
@@ -105,7 +105,7 @@
     ($this->collector)($event);
 
     // Assert
-    $requestData = Context::get('request');
+    $requestData = Context::getHidden('request');
     expect($requestData)->toHaveKey('files');
     expect($requestData['files'])->toHaveKey('document');
     expect($requestData['files'])->toHaveKey('photo');
@@ -147,7 +147,7 @@
     ($this->collector)($event);
 
     // Assert
-    $requestData = Context::get('request');
+    $requestData = Context::getHidden('request');
     expect($requestData['files'])->toHaveKey('files');
     expect($requestData['files']['files'])->toBeArray();
     expect($requestData['files']['files'])->toHaveCount(2);
diff --git a/tests/Tracing/SessionCollectorTest.php b/tests/Tracing/SessionCollectorTest.php
@@ -20,7 +20,7 @@
 
     $this->collector->collect();
 
-    $session = Context::get('session');
+    $session = Context::getHidden('session');
 
     expect($session)->toHaveKey('data');
     expect($session['data']['key'])->toBe('value');
@@ -30,5 +30,5 @@
 it('does not collect when session is not started', function () {
     $this->collector->collect();
 
-    expect(Context::has('session'))->toBeFalse();
+    expect(Context::hasHidden('session'))->toBeFalse();
 });

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ public function __invoke(LogRecord $record): LogRecord`
`28`	`28`	`$sessionCollector->collect();`
`29`	`29`	`}`
`30`	`30`
`31`		`- $contextData = Context::all();`
	`31`	`+ $contextData = array_merge(Context::all(), Context::allHidden());`
`32`	`32`
`33`	`33`	`if (empty($contextData)) {`
`34`	`34`	`return $record;`
Original file line number	Diff line number	Diff line change
`@@ -30,11 +30,11 @@ public function __invoke(ResponseReceived $event): void`
`30`	`30`	`$config = config('logging.channels.github.tracing.outgoing_requests', []);`
`31`	`31`	`$limit = $config['limit'] ?? self::DEFAULT_LIMIT;`
`32`	`32`
`33`		`- $requestData = Context::get("outgoing_request.{$requestId}", []);`
	`33`	`+ $requestData = Context::getHidden("outgoing_request.{$requestId}") ?? [];`
`34`	`34`	`$startedAt = $requestData['started_at'] ?? microtime(true);`
`35`	`35`	`$duration = (microtime(true) - $startedAt) * 1000; // Convert to milliseconds`
`36`	`36`
`37`		`- $outgoingRequests = Context::get('outgoing_requests', []);`
	`37`	`+ $outgoingRequests = Context::getHidden('outgoing_requests') ?? [];`
`38`	`38`
`39`	`39`	`$outgoingRequests[] = [`
`40`	`40`	`'url' => $request->url(),`
`@@ -49,7 +49,7 @@ public function __invoke(ResponseReceived $event): void`
`49`	`49`	`$outgoingRequests = array_slice($outgoingRequests, -$limit);`
`50`	`50`	`}`
`51`	`51`
`52`		`- Context::add('outgoing_requests', $outgoingRequests);`
`53`		`- Context::forget("outgoing_request.{$requestId}");`
	`52`	`+ Context::addHidden('outgoing_requests', $outgoingRequests);`
	`53`	`+ Context::forgetHidden("outgoing_request.{$requestId}");`
`54`	`54`	`}`
`55`	`55`	`}`
Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ public function __invoke(QueryExecuted $event): void`
`30`	`30`
`31`	`31`	`$limit = $config['limit'] ?? self::DEFAULT_LIMIT;`
`32`	`32`
`33`		`- $queries = Context::get('queries', []);`
	`33`	`+ $queries = Context::getHidden('queries') ?? [];`
`34`	`34`	`$queries[] = [`
`35`	`35`	`'sql' => $event->sql,`
`36`	`36`	`'bindings' => $this->redactBindings($event->bindings),`
`@@ -43,6 +43,6 @@ public function __invoke(QueryExecuted $event): void`
`43`	`43`	`$queries = array_slice($queries, -$limit);`
`44`	`44`	`}`
`45`	`45`
`46`		`- Context::add('queries', $queries);`
	`46`	`+ Context::addHidden('queries', $queries);`
`47`	`47`	`}`
`48`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ public function collect(): void`
`27`	`27`	`return;`
`28`	`28`	`}`
`29`	`29`
`30`		`- Context::add('session', [`
	`30`	`+ Context::addHidden('session', [`
`31`	`31`	`'data' => $this->redactPayload(Session::all()),`
`32`	`32`	`'flash' => [`
`33`	`33`	`'old' => Session::get('_flash.old', []),`