Anonymization app

[lkostrowski]

Adds new app - adjusted https://github.com/saleor/anonymization-app

1. Runs only on the frontend, doesn't store token, no DB, no backend

Two features:

1. When user enters email of a customer, it scrumbles this customer orders and remove customer. Classic for GDPR request
2. Bulk scramble, e.g. to clean up production snapshot to be used on dev. Anonymize all orders and remove all customers. Anonimized orders are marked with metadata flag

[changeset-bot]

🦋 Changeset detected

Latest commit: cb08651

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
saleor-app-anonymizer	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

9 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
saleor-app-avatax	Ignored	Preview, Comment	Jun 10, 2026 11:42am
saleor-app-cms	Ignored	Preview, Comment	Jun 10, 2026 11:42am
saleor-app-klaviyo	Ignored	Preview	Jun 10, 2026 11:42am
saleor-app-payment-np-atobarai	Ignored	Preview, Comment	Jun 10, 2026 11:42am
saleor-app-payment-stripe	Ignored	Preview	Jun 10, 2026 11:42am
saleor-app-products-feed	Ignored	Preview, Comment	Jun 10, 2026 11:42am
saleor-app-search	Ignored	Preview, Comment	Jun 10, 2026 11:42am
saleor-app-segment	Ignored	Preview, Comment	Jun 10, 2026 11:42am
saleor-app-smtp	Ignored	Preview, Comment	Jun 10, 2026 11:42am

[github-actions]

Differences Found

⚠️ 2 packages or licenses were added.

Expand

License	Package
<<missing>> saleor-app-anonymizer
MIT	@types/uuid

Summary

Expand

License Name	Package Count	Packages
0BSD	1	Packages tslib
CC BY-SA 4.0	1	Packages @cspell/dict-en-common-misspellings
CC0-1.0	1	Packages type-fest
MIT (http://mootools.net/license.txt)	1	Packages slick
MIT/X11	1	Packages nub
Public Domain	1	Packages jsonify
Python-2.0	1	Packages argparse
SEE LICENSE IN LICENSE	1	Packages spawndamnit
SEE LICENSE IN LICENSE.md	1	Packages cookie-lite
Unlicense	1	Packages @sinonjs/text-encoding
WTFPL	1	Packages opener
BlueOak-1.0.0	3	Packages jackspeak package-json-from-dist path-scurry
CC-BY-4.0	3	Packages @saleor/macaw-ui caniuse-lite saleor-apps
LGPL-3.0-or-later	14	Packages @img/sharp-libvips-darwin-arm64 @img/sharp-libvips-darwin-x64 @img/sharp-libvips-linux-arm @img/sharp-libvips-linux-arm64 @img/sharp-libvips-linux-ppc64 @img/sharp-libvips-linux-riscv64 @img/sharp-libvips-linux-s390x @img/sharp-libvips-linux-x64 @img/sharp-libvips-linuxmusl-arm64 @img/sharp-libvips-linuxmusl-x64 @img/sharp-wasm32 @img/sharp-win32-arm64 @img/sharp-win32-ia32 @img/sharp-win32-x64
BSD-2-Clause	22	Packages cheerio-select css-select css-what domelementtype domhandler domutils dotenv entities escodegen eslint-scope espree esprima esrecurse estraverse esutils glob-to-regexp nth-check shimmer terser uglify-js And 2 more...
<<missing>>	28	Packages @saleor/app-problems @saleor/apps-domain @saleor/apps-logger @saleor/apps-otel @saleor/apps-shared @saleor/apps-trpc @saleor/apps-ui @saleor/dynamo-config-repository @saleor/errors @saleor/eslint-config-apps @saleor/handlebars @saleor/react-hook-form-macaw @saleor/sentry-utils @saleor/typescript-config-apps @saleor/webhook-utils busboy json-query saleor-app-anonymizer saleor-app-avatax saleor-app-cms And 8 more...
BSD-3-Clause	48	Packages @protobufjs/aspromise @protobufjs/base64 @protobufjs/codegen @protobufjs/eventemitter @protobufjs/fetch @protobufjs/float @protobufjs/inquire @protobufjs/path @protobufjs/pool @protobufjs/utf8 @saleor/app-sdk @saleor/eslint-plugin-saleor-app @sentry/cli @sentry/cli-darwin @sentry/cli-linux-arm @sentry/cli-linux-arm64 @sentry/cli-linux-i686 @sentry/cli-linux-x64 @sentry/cli-win32-i686 @sentry/cli-win32-x64 And 28 more...
ISC	56	Packages @bundled-es-modules/cookie @bundled-es-modules/statuses @bundled-es-modules/tough-cookie @isaacs/cliui abbrev anymatch boolbase cli-width cliui concat-with-sourcemaps electron-to-chromium fastq flatted foreground-child form-data-lite fs.realpath get-caller-file glob glob-parent graceful-fs And 36 more...
Apache-2.0	241	Packages @ampproject/remapping @aws-crypto/crc32 @aws-crypto/crc32c @aws-crypto/ie11-detection @aws-crypto/sha1-browser @aws-crypto/sha256-browser @aws-crypto/sha256-js @aws-crypto/supports-web-crypto @aws-crypto/util @aws-sdk/abort-controller @aws-sdk/chunked-blob-reader @aws-sdk/client-dynamodb @aws-sdk/client-s3 @aws-sdk/client-sso @aws-sdk/client-sso-oidc @aws-sdk/client-sts @aws-sdk/config-resolver @aws-sdk/core @aws-sdk/credential-provider-env @aws-sdk/credential-provider-http And 221 more...
MIT	1410	Packages @0no-co/graphql.web @adobe/css-tools @algolia/cache-browser-local-storage @algolia/cache-common @algolia/cache-in-memory @algolia/client-account @algolia/client-analytics @algolia/client-common @algolia/client-personalization @algolia/client-search @algolia/logger-common @algolia/logger-console @algolia/recommend @algolia/requester-browser-xhr @algolia/requester-common @algolia/requester-node-http @algolia/transporter @apidevtools/json-schema-ref-parser @ardatan/relay-compiler @ardatan/sync-fetch And 1390 more...

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 38.00%. Comparing base (aa4983b) to head (cb08651).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2368   +/-   ##
=======================================
  Coverage   38.00%   38.00%           
=======================================
  Files        1048     1048           
  Lines       67133    67133           
  Branches     3578     3578           
=======================================
  Hits        25515    25515           
  Misses      41228    41228           
  Partials      390      390           

Flag	Coverage Δ
avatax	57.57% <ø> (ø)
cms	20.35% <ø> (ø)
domain	100.00% <ø> (ø)
dynamo-config-repository	79.29% <ø> (ø)
errors	92.00% <ø> (ø)
logger	28.81% <ø> (ø)
np-atobarai	72.66% <ø> (ø)
products-feed	6.01% <ø> (ø)
search	32.31% <ø> (ø)
segment	33.65% <ø> (ø)
shared	56.07% <ø> (ø)
smtp	36.27% <ø> (ø)
stripe	70.89% <ø> (ø)
webhook-utils	21.35% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

This PR introduces a new Saleor Anonymizer app into the monorepo. The app provides a Dashboard UI to find a customer by email, anonymize all associated orders by scrambling identifying address/email fields, and then delete the customer profile, following the repo’s shared tooling and observability patterns.

Changes:

• Added a new Next.js Pages Router app (apps/anonymizer) with manifest/register endpoints and a single-page UI flow to anonymize orders by email.
• Added GraphQL operations + generated typings to support fetching orders, updating orders, and deleting customers.
• Wired in shared monorepo tooling (TypeScript/ESLint/Vitest), env validation, and observability (Sentry + OTel + structured logging).

Reviewed changes

Copilot reviewed 34 out of 40 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
pnpm-lock.yaml	Adds the new app workspace importer and updates lockfile snapshots for new dependencies.
apps/anonymizer/vitest.config.ts	Vitest configuration for the anonymizer app (jsdom, setup file, aliases, shuffle).
apps/anonymizer/turbo.json	Turbo task env passthrough configuration for deploy.
apps/anonymizer/tsconfig.json	TypeScript config extending shared base, with app-specific path aliases.
apps/anonymizer/src/setup-tests.ts	Vitest setup entrypoint (currently empty module).
apps/anonymizer/src/pages/index.tsx	App entry page rendering the anonymization UI component.
apps/anonymizer/src/pages/api/register.ts	Saleor app registration endpoint (APL + allowed URL gating + logging/otel wrappers).
apps/anonymizer/src/pages/api/manifest.ts	Saleor app manifest endpoint describing permissions/URLs/version.
apps/anonymizer/src/pages/_error.tsx	Custom Next.js error page integrated with Sentry.
apps/anonymizer/src/pages/_document.tsx	Custom Next.js document wrapper.
apps/anonymizer/src/pages/_app.tsx	App shell: Macaw styling, iframe protection, AppBridge, theme sync, GraphQL provider.
apps/anonymizer/src/modules/graphql/graphql-provider.tsx	Provides an urql client once AppBridge state is available.
apps/anonymizer/src/modules/anonymize/scramble.ts	Scrambling/anonymization helpers for address and user details.
apps/anonymizer/src/modules/anonymize/scramble.test.ts	Unit tests for scrambling helpers.
apps/anonymizer/src/modules/anonymize/scramble-orders-by-email.tsx	Main UI and orchestration to fetch orders, update them, and delete the user.
apps/anonymizer/src/logger.ts	App logger setup with transports and masking configuration.
apps/anonymizer/src/logger-context.ts	Logger context for server-side runtime transport binding.
apps/anonymizer/src/instrumentations/sentry-node.ts	Custom Sentry NodeClient wiring (without Sentry’s OTel setup).
apps/anonymizer/src/instrumentations/otel-node.ts	OTel registration for Node runtime with Saleor helpers + Vercel OTel.
apps/anonymizer/src/instrumentation.ts	Next.js instrumentation entry (conditionally loads OTel/Sentry).
apps/anonymizer/src/env.ts	Env validation and runtime env binding for the anonymizer app.
apps/anonymizer/sentry.client.config.ts	Client-side Sentry init configuration.
apps/anonymizer/saleor-app.ts	SaleorApp instance + APL wiring (currently FileAPL only).
apps/anonymizer/README.md	App documentation and local development instructions.
apps/anonymizer/package.json	New app package manifest (scripts + deps/devDeps).
apps/anonymizer/next.config.ts	Next.js config + Sentry wrapper.
apps/anonymizer/next-env.d.ts	Next.js TypeScript env references.
apps/anonymizer/lint-staged.config.js	App-level lint-staged configuration extending repo base.
apps/anonymizer/graphql/queries/user-by-email.graphql	Query to fetch user + orders by email.
apps/anonymizer/graphql/mutations/order-update.graphql	Mutation to update order userEmail + addresses.
apps/anonymizer/graphql/mutations/customer-delete.graphql	Mutation to delete a customer.
apps/anonymizer/graphql.config.ts	GraphQL Codegen configuration for generating typed documents/types.
apps/anonymizer/generated/graphql.ts	Generated GraphQL documents and types for the app.
apps/anonymizer/eslint.config.js	ESLint config extending shared rules with app overrides.
apps/anonymizer/.prettierignore	Ignores generated outputs and schema from formatting.
apps/anonymizer/.env.example	Example env file for local development/deployment.
.changeset/anonymizer-app-onboarded.md	Changeset entry announcing addition of the anonymizer app.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[Copilot]

Pull request overview

Copilot reviewed 43 out of 49 changed files in this pull request and generated 6 comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[Copilot]

Pull request overview

Copilot reviewed 50 out of 56 changed files in this pull request and generated 4 comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[Copilot]

Pull request overview

Copilot reviewed 51 out of 56 changed files in this pull request and generated 5 comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

[lkostrowski]

was causing build issues, fixed once for all apps

[lkostrowski]

for 3.23+ we don't even need to provide register url / token exchange url, but its kept for compatiblity

[Copilot]

Pull request overview

Copilot reviewed 52 out of 57 changed files in this pull request and generated 4 comments.

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported