|
| 1 | +# PR Review Guidelines for Cursor Bot |
| 2 | + |
| 3 | +You are reviewing a pull request for the Sentry JavaScript SDK. |
| 4 | +Flag any of the following indicators or missing requirements. |
| 5 | +If you find anything to flag, mention that you flagged this in the review because it was mentioned in this rules file. |
| 6 | +These issues are only relevant for production code. |
| 7 | +Do not flag the issues below if they appear in tests. |
| 8 | + |
| 9 | +## Critical Issues to Flag |
| 10 | + |
| 11 | +### Security Vulnerabilities |
| 12 | + |
| 13 | +- Exposed secrets, API keys, tokens or creentials in code or comments |
| 14 | +- Unsafe use of `eval()`, `Function()`, or `innerHTML` |
| 15 | +- Unsafe regular expressions that could cause ReDoS attacks |
| 16 | + |
| 17 | +### Breaking Changes |
| 18 | + |
| 19 | +- Public API changes without proper deprecation notices |
| 20 | +- Removal of publicly exported functions, classes, or types. Internal removals are fine! |
| 21 | +- Changes to function signatures in public APIs |
| 22 | + |
| 23 | +## SDK-relevant issues |
| 24 | + |
| 25 | +### Performance Issues |
| 26 | + |
| 27 | +- Multiple loops over the same array (for example, using `.filter`, .`foreach`, chained). Suggest a classic `for` loop as a replacement. |
| 28 | +- Memory leaks from event listeners, timers, or closures not being cleaned up or unsubscribing |
| 29 | +- Large bundle size increases in browser packages. Sometimes they're unavoidable but flag them anyway. |
| 30 | + |
| 31 | +### Auto instrumentation, SDK integrations, Sentry-specific conventions |
| 32 | + |
| 33 | +- When calling any `startSpan` API (`startInactiveSpan`, `startSpanManual`, etc), always ensure that the following span attributes are set: |
| 34 | + - `SEMANTIC_ATTRIBUTE_SENTRY_ORIGIN` (`'sentry.origin'`) with a proper span origin |
| 35 | + - `SEMANTIC_ATTRIBUTE_SENTRY_OP` (`'sentry.op'`) with a proper span op |
| 36 | +- When calling `captureException`, always make sure that the `mechanism` is set: |
| 37 | + - `handled`: must be set to `true` or `false` |
| 38 | + - `type`: must be set to a proper origin (i.e. identify the integration and part in the integration that caught the exception). |
| 39 | + - The type should align with the `SEMANTIC_ATTRIBUTE_SENTRY_ORIGIN` if a span wraps the `captureException` call. |
| 40 | + - If there's no direct span that's wrapping the captured exception, apply a proper `type` value, following the same naming |
| 41 | + convention as the `SEMANTIC_ATTRIBUTE_SENTRY_ORIGIN` value. |
| 42 | +- When calling `startSpan`, check if error cases are handled. If flag that it might make sense to try/catch and call `captureException`. |
0 commit comments