Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
@claude review |
|
OX Security reviewed this pull request — nothing to fix.
Branch |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 |
| persist-credentials: false | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 |
| uses: docker/setup-qemu-action@v3 | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 |
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Log in to GitHub Container Registry | ||
| uses: docker/login-action@v3 |
|
|
||
| - name: Log in to Docker Hub | ||
| if: secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' | ||
| uses: docker/login-action@v3 |
|
|
||
| - name: Extract metadata for Docker | ||
| id: meta | ||
| uses: docker/metadata-action@v5 |
| type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} | ||
|
|
||
| - name: Build and push ${{ matrix.component }} | ||
| uses: docker/build-push-action@v6 |
kingster
pushed a commit
that referenced
this pull request
May 20, 2026
… to PostHog and Mixpanel (langfuse#13684) ## Summary Follow-up to [LFE-9688](https://linear.app/langfuse/issue/LFE-9688) / [langfuse#13627](https://app.graphite.com/github/pr/langfuse/langfuse/13627), which intentionally scoped the cutoff gate to blob-storage and listed PostHog / Mixpanel under "Out of scope". Tracked as [LFE-9838](https://linear.app/langfuse/issue/LFE-9838); planning doc: `ideabox/Implementations/Proposed/2026-05-18 extend-cutoff-gate-to-posthog-mixpanel.md`. - Post-cutoff Cloud projects (`createdAt >= 2026-05-20`) now see the Export Source field hidden in PostHog and Mixpanel settings pages (form value pinned to `EVENTS` via `defaultValues`). - The matching tRPC `update` mutations reject any legacy `exportSource` (`TRACES_OBSERVATIONS`, `TRACES_OBSERVATIONS_EVENTS`) for post-cutoff Cloud projects with `BAD_REQUEST`. - Pre-cutoff Cloud projects and self-hosted deployments keep full choice — no behavior change. - Pure parity work: reuses the shared `isLegacyBlobExportAllowed` predicate and `assertLegacyBlobExportSourceAllowed` guard. No new constants, no shared-package edits, no public REST surface to gate (neither integration has one). - The `LEGACY_BLOB_EXPORT_*` / `assertLegacyBlobExportSourceAllowed` names retain their "Blob" prefix; renaming is deferred to a separate cleanup PR (see planning doc, Decision #2). ### Impacted packages - `web` — two settings pages, two routers, one extended servertest, one new servertest. No other package touched. ## Test plan - [x] `pnpm --filter web run typecheck` - [x] `pnpm --filter web exec vitest run --project=server src/__tests__/server/posthog-integration.servertest.ts src/__tests__/server/mixpanel-integration.servertest.ts` — 11/11 passed (PostHog 6, Mixpanel 5) - [x] Browser review on dev (Playwright MCP): post-cutoff cloud projects (dev `.env` overrides cutoff to `2020-01-01`) — Export Source hidden on both PostHog and Mixpanel settings pages, Enabled switch + other form fields still render correctly - [ ] Browser review with pre-cutoff Cloud (toggle `NEXT_PUBLIC_LANGFUSE_BLOB_EXPORT_CUTOFF` to a future date, restart dev server) - [ ] Self-hosted parity check (`LANGFUSE_CLOUD_REGION` unset → field visible for any `createdAt`) 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- greptile_comment --> <details open><summary><h3>Greptile Summary</h3></summary> This PR extends the legacy export source cutoff gate (originally applied to blob-storage in LFE-9688) to the PostHog and Mixpanel analytics integrations. Post-cutoff Cloud projects (`createdAt >= 2026-05-20`) can no longer save a legacy `exportSource` value; the field is hidden in the UI and pinned to `EVENTS`, while the tRPC `update` mutations enforce the same rule server-side. - **Routers**: Both `posthogIntegrationRouter` and `mixpanelIntegrationRouter` gain the same `assertLegacyBlobExportSourceAllowed` guard that already protects the blob-storage router; the gate is correctly placed before the audit log and DB write. - **UI pages**: Both settings pages derive `isPostCutoffCloud` from `useQueryProject` + `isLegacyBlobExportAllowed`, hide the Export Source `FormField` when that flag is true, and pin the form default to `EVENTS` — exactly mirroring the blob-storage page pattern. - **Tests**: New `servertest` files (and an extended PostHog file) cover all five gate scenarios (pre-cutoff Cloud allow, two legacy-source rejections, `EVENTS` allow, self-hosted bypass) using a shared `buildSession` helper refactored from the existing SSRF test. </details> <details><summary><h3>Confidence Score: 5/5</h3></summary> Safe to merge — the server-side gate is correctly placed and always reachable, the UI correctly hides and pins the field, and tests cover all five gate scenarios for both integrations. The change is tightly scoped: two routers gain the same guard already proven in blob-storage, two settings pages hide a single field for post-cutoff Cloud projects, and tests exercise every code branch. No new public API surface is added, and self-hosted / pre-cutoff behaviour is unchanged. No files require special attention. The only observation is a duplicated buildSession helper in the two new test files, which is a maintenance concern rather than a functional one. </details> <details><summary><h3>Flowchart</h3></summary> ```mermaid %%{init: {'theme': 'neutral'}}%% flowchart TD A[User submits PostHog / Mixpanel settings form] --> B{exportSource provided?} B -- "always truthy after Zod .default()" --> C[Fetch project.createdAt from DB] C --> D{Is legacy export source?} D -- No: EVENTS --> E[Allow — skip gate] D -- Yes: TRACES_OBSERVATIONS / TRACES_OBSERVATIONS_EVENTS --> F{isCloud AND project.createdAt >= cutoff?} F -- No: self-hosted OR pre-cutoff --> G[Allow] F -- Yes: post-cutoff Cloud --> H[Throw InvalidRequestError → BAD_REQUEST] E --> I[Audit log + DB upsert] G --> I ``` </details> <details><summary>Prompt To Fix All With AI</summary> `````markdown Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes. --- ### Issue 1 of 1 web/src/__tests__/server/mixpanel-integration.servertest.ts:13-44 **Duplicated `buildSession` helper across test files** The `buildSession` function in this file is byte-for-byte identical to the one added to `posthog-integration.servertest.ts`. If the session shape ever changes (e.g., a new required project field), both copies need updating in sync. Consider extracting it to a shared test utility (e.g., `web/src/__tests__/server/fixtures/session.ts`) so there is a single source of truth. ````` </details> <sub>Reviews (1): Last reviewed commit: ["feat(analytics-integrations): extend leg..."](langfuse@6418f93) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=32589990)</sub> <!-- /greptile_comment -->
kingster
pushed a commit
that referenced
this pull request
May 20, 2026
Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Workflow (#4) * ci: add Docker publish workflow for PRs and main branch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): pin action versions to full SHAs to fix zizmor alerts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Workflow (#5) * ci: add Docker publish workflow for PRs and main branch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): pin action versions to full SHAs to fix zizmor alerts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): fix invalid secrets expressions causing workflow to be silently skipped Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): remove invalid Docker Hub secrets if-condition Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): fix incorrect action SHAs for buildx and build-push-action Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): use version tags instead of broken SHAs for docker actions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(docker): fix cross-compilation of migrate binary for arm64 Removes GOBIN so go install works when cross-compiling. The binary lands in $GOPATH/bin/${GOOS}_${GOARCH}/migrate for cross builds and $GOPATH/bin/migrate for native builds; copy whichever exists to /out/migrate. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(docker): fix cross-compilation of migrate binary in devcontainer Dockerfile Same GOBIN cross-compilation fix as web/Dockerfile. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> reverted docker files (#7) * reverted docker files * only build amd images --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com>
kingster
pushed a commit
that referenced
this pull request
May 20, 2026
Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Workflow (#4) * ci: add Docker publish workflow for PRs and main branch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): pin action versions to full SHAs to fix zizmor alerts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Workflow (#5) * ci: add Docker publish workflow for PRs and main branch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): pin action versions to full SHAs to fix zizmor alerts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): fix invalid secrets expressions causing workflow to be silently skipped Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): remove invalid Docker Hub secrets if-condition Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): fix incorrect action SHAs for buildx and build-push-action Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): use version tags instead of broken SHAs for docker actions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(docker): fix cross-compilation of migrate binary for arm64 Removes GOBIN so go install works when cross-compiling. The binary lands in $GOPATH/bin/${GOOS}_${GOARCH}/migrate for cross builds and $GOPATH/bin/migrate for native builds; copy whichever exists to /out/migrate. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(docker): fix cross-compilation of migrate binary in devcontainer Dockerfile Same GOBIN cross-compilation fix as web/Dockerfile. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> reverted docker files (#7) * reverted docker files * only build amd images --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> fix line issues Update Dockerfile
kingster
added a commit
that referenced
this pull request
May 20, 2026
* ci: add Docker publish workflow for PRs and main branch (#2) Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Workflow (#4) * ci: add Docker publish workflow for PRs and main branch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): pin action versions to full SHAs to fix zizmor alerts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Workflow (#5) * ci: add Docker publish workflow for PRs and main branch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): pin action versions to full SHAs to fix zizmor alerts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): fix invalid secrets expressions causing workflow to be silently skipped Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): remove invalid Docker Hub secrets if-condition Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): fix incorrect action SHAs for buildx and build-push-action Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): use version tags instead of broken SHAs for docker actions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(docker): fix cross-compilation of migrate binary for arm64 Removes GOBIN so go install works when cross-compiling. The binary lands in $GOPATH/bin/${GOOS}_${GOARCH}/migrate for cross builds and $GOPATH/bin/migrate for native builds; copy whichever exists to /out/migrate. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(docker): fix cross-compilation of migrate binary in devcontainer Dockerfile Same GOBIN cross-compilation fix as web/Dockerfile. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * reverted docker files * only build amd images * reverted .devcontainer dockerfile * merge * Update Dockerfile * Update Dockerfile * Update Dockerfile --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kinshuk Bairagi <kingster@users.noreply.github.com>
kingster
added a commit
that referenced
this pull request
May 20, 2026
Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Workflow (#4) * ci: add Docker publish workflow for PRs and main branch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): pin action versions to full SHAs to fix zizmor alerts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Workflow (#5) * ci: add Docker publish workflow for PRs and main branch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): pin action versions to full SHAs to fix zizmor alerts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): fix invalid secrets expressions causing workflow to be silently skipped Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): remove invalid Docker Hub secrets if-condition Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): fix incorrect action SHAs for buildx and build-push-action Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): use version tags instead of broken SHAs for docker actions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(docker): fix cross-compilation of migrate binary for arm64 Removes GOBIN so go install works when cross-compiling. The binary lands in $GOPATH/bin/${GOOS}_${GOARCH}/migrate for cross builds and $GOPATH/bin/migrate for native builds; copy whichever exists to /out/migrate. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(docker): fix cross-compilation of migrate binary in devcontainer Dockerfile Same GOBIN cross-compilation fix as web/Dockerfile. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> reverted docker files (#7) * reverted docker files * only build amd images --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> fix line issues Update Dockerfile Docker revert (#8) * ci: add Docker publish workflow for PRs and main branch (#2) Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Workflow (#4) * ci: add Docker publish workflow for PRs and main branch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): pin action versions to full SHAs to fix zizmor alerts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * Workflow (#5) * ci: add Docker publish workflow for PRs and main branch Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): pin action versions to full SHAs to fix zizmor alerts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): fix invalid secrets expressions causing workflow to be silently skipped Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): remove invalid Docker Hub secrets if-condition Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): fix incorrect action SHAs for buildx and build-push-action Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ci(docker): use version tags instead of broken SHAs for docker actions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(docker): fix cross-compilation of migrate binary for arm64 Removes GOBIN so go install works when cross-compiling. The binary lands in $GOPATH/bin/${GOOS}_${GOARCH}/migrate for cross builds and $GOPATH/bin/migrate for native builds; copy whichever exists to /out/migrate. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(docker): fix cross-compilation of migrate binary in devcontainer Dockerfile Same GOBIN cross-compilation fix as web/Dockerfile. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> * reverted docker files * only build amd images * reverted .devcontainer dockerfile * merge * Update Dockerfile * Update Dockerfile * Update Dockerfile --------- Co-authored-by: napan.vijayvargiya <napan.vijayvargiya@flipkart.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Kinshuk Bairagi <kingster@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Fixes # (issue)
Type of change
Mandatory Tasks
Checklist
pnpm run format)npm run lint)