feat(core): Seal SentryTracerProvider spans against mutation after they end

[andreiborza]

What

Seal spans created by the SentryTracerProvider once they end. After SentrySpan.end() finishes its end-of-span processing, every mutator no-ops, gated on the spanIsTracerProviderSpan brand:

• setAttribute / setAttributes
• setStatus
• updateName
• updateStartTime
• addLink / addLinks
• addEvent

Spans created directly through core (e.g. the browser SDK) are never branded, so they stay mutable.

Why

OpenTelemetry SDK spans are immutable after end() (setters no-op). The SentryTracerProvider hands native SentrySpans to OTel instrumentations as OTel spans, so they must honor that contract. Some instrumentations write to a span after end() (e.g. Next.js sets a status on a render error); without sealing, those late writes overwrite the finalized values.

This matters most once segment-span capture is deferred (#21839): the transaction snapshot is then taken on a later tick, so any late post-end() write (status, attribute, name, start time, link, or event) would be serialized into it. Sealing the span on end() keeps the finalized values intact.

Notes

• The seal applies only to provider-branded spans. The brand is set exclusively by the OTel SentryTracer, never by the browser SDK, so browser spans (including web-vitals start-time adjustments via updateStartTime) are unaffected.
• Tests in sentrySpan.test.ts cover both directions: a branded span where all mutators no-op after end(), and a non-branded span that stays mutable.

Stacked on #21839 (deferred capture / orphan emission) and #21666 (which provides the spanIsTracerProviderSpan brand). Dormant until #21680 wires the provider; no provider-branded spans exist before then.

[github-actions]

size-limit report 📦

Path	Size	% Change	Change
@sentry/browser	27.62 kB	-	-
@sentry/browser - with treeshaking flags	26.05 kB	-	-
@sentry/browser (incl. Tracing)	46.32 kB	+0.55%	+249 B 🔺
@sentry/browser (incl. Tracing + Span Streaming)	48.08 kB	+0.55%	+261 B 🔺
@sentry/browser (incl. Tracing, Profiling)	51.09 kB	+0.5%	+252 B 🔺
@sentry/browser (incl. Tracing, Replay)	85.56 kB	+0.31%	+259 B 🔺
@sentry/browser (incl. Tracing, Replay) - with treeshaking flags	75.16 kB	+0.33%	+245 B 🔺
@sentry/browser (incl. Tracing, Replay with Canvas)	90.25 kB	+0.3%	+261 B 🔺
@sentry/browser (incl. Tracing, Replay, Feedback)	102.92 kB	+0.25%	+255 B 🔺
@sentry/browser (incl. Feedback)	44.8 kB	-	-
@sentry/browser (incl. sendFeedback)	32.42 kB	-	-
@sentry/browser (incl. FeedbackAsync)	37.55 kB	-	-
@sentry/browser (incl. Metrics)	28.68 kB	-	-
@sentry/browser (incl. Logs)	28.93 kB	-	-
@sentry/browser (incl. Metrics & Logs)	29.61 kB	-	-
@sentry/react	29.41 kB	-	-
@sentry/react (incl. Tracing)	48.59 kB	+0.45%	+214 B 🔺
@sentry/vue	33.1 kB	+0.78%	+255 B 🔺
@sentry/vue (incl. Tracing)	48.2 kB	+0.56%	+266 B 🔺
@sentry/svelte	27.64 kB	-	-
CDN Bundle	30.03 kB	+0.03%	+7 B 🔺
CDN Bundle (incl. Tracing)	48.29 kB	+0.58%	+276 B 🔺
CDN Bundle (incl. Logs, Metrics)	31.59 kB	+0.01%	+3 B 🔺
CDN Bundle (incl. Tracing, Logs, Metrics)	49.59 kB	+0.5%	+243 B 🔺
CDN Bundle (incl. Replay, Logs, Metrics)	70.79 kB	+0.01%	+5 B 🔺
CDN Bundle (incl. Tracing, Replay)	85.75 kB	+0.28%	+237 B 🔺
CDN Bundle (incl. Tracing, Replay, Logs, Metrics)	87.03 kB	+0.28%	+242 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback)	91.56 kB	+0.27%	+243 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics)	92.82 kB	+0.29%	+260 B 🔺
CDN Bundle - uncompressed	89.42 kB	-	-
CDN Bundle (incl. Tracing) - uncompressed	146.09 kB	+0.51%	+737 B 🔺
CDN Bundle (incl. Logs, Metrics) - uncompressed	94.12 kB	-	-
CDN Bundle (incl. Tracing, Logs, Metrics) - uncompressed	150.06 kB	+0.5%	+737 B 🔺
CDN Bundle (incl. Replay, Logs, Metrics) - uncompressed	218.66 kB	-	-
CDN Bundle (incl. Tracing, Replay) - uncompressed	265.1 kB	+0.28%	+737 B 🔺
CDN Bundle (incl. Tracing, Replay, Logs, Metrics) - uncompressed	269.06 kB	+0.28%	+737 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback) - uncompressed	278.8 kB	+0.27%	+739 B 🔺
CDN Bundle (incl. Tracing, Replay, Feedback, Logs, Metrics) - uncompressed	282.75 kB	+0.27%	+739 B 🔺
@sentry/nextjs (client)	51.02 kB	+0.52%	+260 B 🔺
@sentry/sveltekit (client)	46.72 kB	+0.57%	+264 B 🔺
@sentry/core/server	78.14 kB	+0.51%	+389 B 🔺
@sentry/core/browser	64.46 kB	+0.63%	+399 B 🔺
@sentry/node-core	61.79 kB	+0.53%	+324 B 🔺
@sentry/node	123.13 kB	+0.25%	+304 B 🔺
@sentry/node/import (ESM hook with diagnostics-channel injection)	69.95 kB	-	-
@sentry/node/light	50.72 kB	+0.55%	+274 B 🔺
@sentry/node - without tracing	73.6 kB	+0.54%	+395 B 🔺
@sentry/aws-serverless	84.43 kB	+0.41%	+344 B 🔺
@sentry/cloudflare (withSentry) - minified	181.55 kB	+0.52%	+930 B 🔺
@sentry/cloudflare (withSentry)	449.36 kB	+0.55%	+2.43 kB 🔺

View base workflow run

[Lms24]

dumb q but is there anything we could do to avoid having this logic hard-baked into SentrySpan? No super strong opinion, but maybe medium-strong: Ideally we can keep our SentrySpan as size-efficient as possible and rather special-case provider-emitted spans. wdyt? I might be missing something that makes this more complicated/infeasible, so feel free to disregard

[andreiborza]

@Lms24 as discussed, this adds a lot of extra code. The SentryTracerProvider doesn't instantiate spans itself, it calls core startSpan apis so there's not an easy way to instantiate spans that have this logic in them just for the tracer provider path.

This change is about 60 bytes gzipped, so I think the impact shouldn't be too bad. Also, spans should probably be finalized for core and browser as well, but that's something we can take a look at a later point.

[JPeer264]

[JPeer264]

(After looking at other functions the following is a bad idea, but I'll keep it here for food for thoughts)

q: This might be an issue for a future method when we forget to add this._frozen. Would it make sense to add an this._update() function where we update certain fields and protect that?

E.g. here we would update the startTime with this._update({ startTime: '' }), while the this._update is guarded with the this._frozen check.

[andreiborza]

I'd rather not add more code to the SentrySpan, see Lukas' original objection. I think this kind of issue of forgetting to add is easily caught by review bots nowadays.

Also, realistically, I don't think we'll expose much more api on this class.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit a416506. Configure here.}