feat(nextjs): Add --skip-auth flag for headless CLI operation #1183
Conversation
Add support for fully headless/automated Sentry setup without browser authentication. This enables CI/CD pipelines and AI agents to scaffold Sentry configuration with environment variable placeholders. New CLI flags: - --skip-auth: Skip authentication, use env var placeholders - --tracing: Enable performance monitoring - --replay: Enable Session Replay - --logs: Enable Sentry Logs - --tunnel-route: Enable tunnel route - --mcp-cursor/vscode/claude/opencode/jetbrains: Add MCP configs In skip-auth mode: - Config files use process.env.SENTRY_DSN / NEXT_PUBLIC_SENTRY_DSN - next.config uses process.env.SENTRY_ORG / SENTRY_PROJECT - Creates .env.example documenting required variables - MCP configs use base URL without project scope - Skips example page, CI setup, and turbopack warning
Semver Impact of This PR🟡 Minor (new features) 📋 Changelog PreviewThis is how your changes will appear in the changelog. New Features ✨Cloudflare
Mcp
Other
Bug Fixes 🐛
Build / dependencies / internal 🔧Deps
Test
Other
Other
🤖 This preview updates automatically when you update the PR. |
There was a problem hiding this comment.
Thanks for opening this PR! I think adding a non-blocking execution flow makes sense. Both for agents as well as humans :) However, I would ask that we take one of these two routes but not mix things up:
- We add a
--agentModeCLI flag which fully automates every step to make it non-blocking. It can work in conjuction with other high-level CLI flags like--tracingfor high-level options but it can be used to skip over multiple steps or change wizard behaviour however otherwise necessary - We add specific flags for each step. For example
--auth=false(or--skip-auth) controls authentication and the related code injection steps requiring dsns, project/org data etc (like right now). But in addition,--example-page=falseskips the example page,--tunnelRoutedecides whether to set tunnelRoute,--setup-cifor (not) skipping CI setup, etc.
I would personally prefer 2 because this allows to make the wizard non-blocking for non-agentic use, too. For example, we could use it in docs to customize the wizard code snippet more based on the selected features on the setup page. Same in the in-product onboarding.
I just want to avoid that a flag like --skip-auth does more than its name implies.
Likewise, I'd slightly prefer "enable" naming over "skip". So users set --example-page=false instead of --skip-example-page. This more resembles the default behaviour of the wizard in the interactive mode. Though happy to hear counter arguments here :)
WDYT?
src/nextjs/nextjs-wizard.ts
Outdated
|
|
||
| // Determine tunnel route setting | ||
| let tunnelRoute: boolean; | ||
| if (skipAuth) { |
There was a problem hiding this comment.
m: is there a reason we only apply the --tunnelRoute argument on if --skip-auth is set? I'd tend towards treating these flags independently of each other
src/nextjs/nextjs-wizard.ts
Outdated
| let shouldCreateExamplePage = false; | ||
| if (!skipAuth) { | ||
| shouldCreateExamplePage = await askShouldCreateExamplePage(); |
There was a problem hiding this comment.
m: I'd rather have this be its own flag. Nothing about --skip-auth suggests that it skips example page creation.
Instead, I suggest we do something like this:
const shouldCreateExamplePage = options.examplePage ?? await askShouldCreateExamplePage();
src/nextjs/nextjs-wizard.ts
Outdated
| // Skip turbopack warning in skip-auth mode | ||
| if (!skipAuth) { |
There was a problem hiding this comment.
m: I don't think we should skip this but rather just log the warning instead if the clack.select prompt that halts the wizard execution. My thinking is that this might even be valuable information for agents.
src/nextjs/nextjs-wizard.ts
Outdated
| // Skip CI setup in skip-auth mode | ||
| if (!skipAuth) { |
There was a problem hiding this comment.
m: same here. I think a log message that users/agents need to configure CI after the wizard finished instead of the prompt, is better than entirely skipping this step, no?
| # Your Sentry DSN (from Project Settings > Client Keys) | ||
| # Used on the server-side | ||
| SENTRY_DSN= | ||
| # Your Sentry DSN for client-side (same value as SENTRY_DSN) | ||
| # The NEXT_PUBLIC_ prefix exposes this to the browser | ||
| NEXT_PUBLIC_SENTRY_DSN= |
There was a problem hiding this comment.
m: isn't it enough to just always set NEXT_PUBLIC_SENTRY_DSN? I think having one DSN env variable would be much less friction than two. Especially because it would tempt users to use different DSNs, when we don't recommend this in docs/other setup guides.
There was a problem hiding this comment.
We don't update CHANGELOG.md anymore. Instead, you can customize the PR description and put the custom description into a
### Changelog Entry
your descriptionsection
|
Also, please add an e2e test that covers the agentic setup flow so that we have a good picture of what kind of file output we expect from this flow. |
bin.ts
Outdated
| 'mcp-cursor': { | ||
| default: false, | ||
| describe: 'Add MCP config for Cursor (used with --skip-auth)', | ||
| type: 'boolean', | ||
| }, | ||
| 'mcp-vscode': { | ||
| default: false, | ||
| describe: 'Add MCP config for VS Code (used with --skip-auth)', | ||
| type: 'boolean', | ||
| }, | ||
| 'mcp-claude': { | ||
| default: false, | ||
| describe: 'Add MCP config for Claude Code (used with --skip-auth)', | ||
| type: 'boolean', | ||
| }, | ||
| 'mcp-opencode': { | ||
| default: false, | ||
| describe: 'Add MCP config for OpenCode (used with --skip-auth)', | ||
| type: 'boolean', | ||
| }, | ||
| 'mcp-jetbrains': { | ||
| default: false, | ||
| describe: 'Show MCP config for JetBrains IDEs (used with --skip-auth)', | ||
| type: 'boolean', | ||
| }, |
There was a problem hiding this comment.
Instead of adding 5 (or more in the future?) individual options, what about one combined option?
--mcp claude,cursor,jetbrains
# or
--mcp cursor
# or
--mcp cursor --mcp jetbrainsI think yargs handles all of these formats automatically, so we only need to adjust how we read these options (as an array of strings, rather than boolean flags, I presume)
| 'skip-auth': { | ||
| default: false, | ||
| describe: | ||
| 'Skip Sentry authentication and use environment variable placeholders. Enables fully headless CLI operation.', |
There was a problem hiding this comment.
For the time being, let's prefix all these options with something like
| 'skip-auth': { | |
| default: false, | |
| describe: | |
| 'Skip Sentry authentication and use environment variable placeholders. Enables fully headless CLI operation.', | |
| 'skip-auth': { | |
| default: false, | |
| describe: | |
| '[NextJS only] Skip Sentry authentication and use environment variable placeholders. Enables fully headless CLI operation.', |
Users can call npx @sentry/wizard --help and might be confused about why this flag does nothing in e.g. the nuxt or sveltekit wizard.
Which brings me to my last point (for now):
Long-term, we should definitely bring all of these options to all our wizards. I fully understand that trialing this in the most used one makes sense but I really want to avoid the other flows falling behind. We'Ve had that before and it led to sub-par wizard experiences for non-NextJS users. Though let's tackle this in individual PRs please 😅
|
Oh yea, speaking of |
Address PR review feedback:
1. Revert CHANGELOG.md - use PR description instead
2. Simplify to single NEXT_PUBLIC_SENTRY_DSN env var (works for both
server and client)
3. Consolidate MCP flags into single --mcp array option:
--mcp cursor,vscode or --mcp cursor --mcp vscode
4. Make all flags work independently (not tied to --skip-auth):
- --tracing, --replay, --logs: use flag if set, prompt otherwise
- --tunnel-route: use flag if set, prompt otherwise
- --example-page: use flag if set, prompt otherwise (defaults to
false in skip-auth mode)
5. Turbopack warning: log as warning in skip-auth mode instead of skip
6. CI setup: show helpful log message in skip-auth mode instead of skip
Summary
Adds support for fully headless/automated Sentry setup without browser authentication. This enables CI/CD pipelines and AI agents to scaffold Sentry configuration with environment variable placeholders that can be populated later.
New CLI Flags
--skip-auth--tracing--replay--logs--tunnel-route--mcp-cursor--mcp-vscode--mcp-claude--mcp-opencode--mcp-jetbrainsExample Usage
Behavior in
--skip-authModeprocess.env.SENTRY_DSN/process.env.NEXT_PUBLIC_SENTRY_DSNnext.config.jsusesprocess.env.SENTRY_ORGandprocess.env.SENTRY_PROJECT.env.exampledocumenting all required environment variablesmcp.sentry.dev/mcp) without project scopefalse(must be explicitly enabled)Generated
.env.example# Sentry Configuration SENTRY_DSN= NEXT_PUBLIC_SENTRY_DSN= SENTRY_ORG= SENTRY_PROJECT= SENTRY_AUTH_TOKEN=Use Cases
Testing
yarn buildpassesyarn lintpassesyarn testpasses--skip-authflag in test Next.js project