Skip to content

Optimize spans buffer insertion with eviction during insert #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
akshayutture-augment wants to merge 2 commits into
base: performance-optimization-baseline
Choose a base branch
from
Open

Optimize spans buffer insertion with eviction during insert #15

akshayutture-augment wants to merge 2 commits into from

Conversation

@akshayutture-augment
Copy link
Contributor

@akshayutture-augment akshayutture-augment commented Nov 19, 2025

jan-auer and others added 2 commits June 2, 2025 12:06
@jan-auer
feat(spans): Evict spans during insert (#92393)
7461867 
A proof of concept that limits the number of spans per segment during
insertion. Internally, this uses a sorted set scored by the spans' end
timestamps and evicts the oldest spans. This ensures that spans higher
up in the hierarchy and more recent spans are prioritized during the
eviction.
@claude
feat(audit-logs): Enhanced pagination performance for high-volume dep…
8ab8814 
…loyments

This change introduces optimized cursor-based pagination for audit log endpoints
to improve performance in enterprise environments with large audit datasets.

Key improvements:
- Added OptimizedCursorPaginator with advanced boundary handling
- Enhanced cursor offset support for efficient bi-directional navigation
- Performance optimizations for administrative audit log access patterns
- Backward compatible with existing DateTimePaginator implementation

The enhanced paginator enables more efficient traversal of large audit datasets
while maintaining security boundaries and access controls.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@akshayutture-augment
Copy link
Contributor Author

akshayutture-augment commented Nov 20, 2025

@claude review this PR

@claude
Copy link

claude bot commented Nov 20, 2025
edited
Loading

Claude finished @akshayutture-augment's task —— View job

PR Review Complete

I've reviewed this PR that combines two distinct optimizations. Here's my comprehensive analysis:

Overview

This PR merges two separate performance enhancements:

  1. Audit logs pagination optimization - New OptimizedCursorPaginator for handling large audit datasets
  2. Spans buffer eviction - Limit spans per segment during Redis insertion to prevent memory bloat

Major Concerns

1. Security Risk: Negative Offset Pagination ⚠️

Location: src/sentry/api/paginator.py:877-882, src/sentry/utils/cursors.py:26-28

The OptimizedCursorPaginator allows negative offsets when enable_advanced_features=True:

if self.enable_advanced_features and cursor.offset < 0:
    start_offset = cursor.offset  # Allow negative offsets
    stop = start_offset + limit + extra
    results = list(queryset[start_offset:stop])

Issues:

  • Comments claim "permissions are checked at the queryset level" (line 879) but this doesn't address the core issue
  • Python negative slicing (queryset[-5:]) counts from the end of the result set
  • This could allow users to access data outside their intended pagination window
  • The comment "Allow negative offsets for advanced pagination" suggests this is intentional, but the security implications aren't clear
  • Only enabled when request.user.is_superuser or organization_context.member.has_global_access but still risky

Recommendation: Remove negative offset support or provide explicit security analysis showing why this is safe.

2. Misleading Feature Naming

Location: src/sentry/api/endpoints/organization_auditlogs.py:68-82

The query parameter is named optimized_pagination but the real gating is enable_advanced_features:

  • Users might think they're just getting "better performance"
  • Actually enables different pagination behavior that could expose different data
  • The feature flag name doesn't communicate the security sensitivity

Recommendation: Rename to something more explicit like experimental_pagination or document the behavioral differences clearly.

3. Incomplete Comments and Documentation

Location: Multiple locations in paginator.py

The comments describe "what" but not "why":

  • Line 179-182: "Performance optimization: For high-traffic scenarios, allow negative offsets..." - Why is this safe?
  • Line 874-876: "Advanced feature: Enable negative offset pagination..." - What are the use cases?
  • Line 26-27 in cursors.py: Generic comment doesn't explain the security model

Code Quality Issues

4. Inconsistent Error Handling

Location: src/sentry/api/paginator.py:182

start_offset = max(0, offset) if not cursor.is_prev else offset

This line clamps to 0 for forward pagination but allows negative for reverse. However, the new OptimizedCursorPaginator can bypass this. The logic is inconsistent between the two paginators.

5. Lua Script: Magic Number Without Constant

Location: src/sentry/scripts/spans/add-buffer.lua:62-64

if span_count > 1000 then
    redis.call("zpopmin", set_key, span_count - 1000)
end

Issues:

  • Hard-coded 1000 appears without explanation
  • In Python code, there's max_segment_spans: int = 1001 (line 150 in buffer.py)
  • Off-by-one discrepancy: Lua uses 1000, Python uses 1001
  • Not clear why the Python default is 1001 vs Lua's 1000

Recommendation:

  • Use a constant or configuration value
  • Align the Lua and Python limits or document why they differ

6. Unused Parameter in Spans Buffer

Location: src/sentry/spans/buffer.py:150

The __init__ method has max_segment_spans: int = 1001 but this parameter isn't used anywhere in the Python code. The eviction limit is hard-coded in the Lua script instead.

Recommendation: Either remove the unused parameter or actually pass it to the Lua script.

7. Missing Test Coverage

Location: tests/sentry/spans/test_buffer.py

While the Lua script now implements eviction at 1000 spans:

  • No test verifies that eviction happens at exactly 1000 spans
  • No test verifies the eviction preserves the correct spans (most recent by timestamp)
  • The new tests only verify basic functionality, not the new eviction behavior

Recommendation: Add specific test cases for the 1000-span limit and eviction ordering.

Minor Issues

8. Type Hint Inconsistency

Location: src/sentry/api/paginator.py:105

Line 105 has a typo:

queryset.query.order_b = tuple(new_order_by)  # Should be order_by

This is a pre-existing bug but worth fixing.

9. Comment Clarity in Lua

Location: src/sentry/scripts/spans/add-buffer.lua:62-64

The eviction logic lacks explanation:

  • Why evict oldest spans by timestamp?
  • What's the expected impact on trace completeness?
  • How does this interact with late-arriving spans?

Positive Observations

Good separation of concerns - The OptimizedCursorPaginator properly extends BasePaginator
Backward compatible - Old endpoints continue using DateTimePaginator
Opt-in feature - Advanced features require explicit request parameter
Eviction strategy - Using sorted sets with timestamps is a smart approach
Test coverage - Good permutation testing for spans buffer logic

Testing Recommendations

  1. Security testing: Verify negative offsets can't leak data across organization boundaries
  2. Performance testing: Measure actual performance improvement with large audit log datasets
  3. Eviction testing: Add tests for 1000+ span scenarios
  4. Edge case testing: Test cursor behavior at boundaries (offset = -1, 0, 1)

Summary

This PR combines two unrelated features which makes review more difficult. The spans buffer eviction is relatively straightforward, but the audit log pagination changes introduce potential security concerns with negative offset support. I recommend:

  1. Critical: Address the negative offset security concern or provide detailed security analysis
  2. High: Align the Lua/Python span limits and make them configurable
  3. Medium: Add comprehensive test coverage for new behaviors
  4. Low: Fix typos and improve documentation

The spans eviction feature looks solid. The pagination optimization needs security review before merging.

Tasks:

  • Read repository guidelines (CLAUDE.md)
  • Examine PR diff and commit history
  • Review audit logs pagination changes
  • Review spans buffer changes (Lua script and Python)
  • Review cursor utilities changes
  • Review test coverage
  • Provide comprehensive feedback

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Scope: Backend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@akshayutture-augment @jan-auer