Skip to content

[wrangler] Expand telemetry arg allow list to restore dropped boolean flags#13576

Merged
MattieTK merged 3 commits intomainfrom
expand-telemetry-arg-allow-list
Apr 27, 2026
Merged

[wrangler] Expand telemetry arg allow list to restore dropped boolean flags#13576
MattieTK merged 3 commits intomainfrom
expand-telemetry-arg-allow-list

Conversation

@MattieTK
Copy link
Copy Markdown
Contributor

@MattieTK MattieTK commented Apr 16, 2026
edited by devin-ai-integration Bot
Loading

Fixes the issue where common CLI flags like --remote, --json, --dry-run, --force, and many others were being silently dropped from sanitizedArgs in telemetry events.

When argument sanitisation was introduced, the COMMAND_ARG_ALLOW_LIST was very conservative — only --format and --log-level were permitted globally. Any arg not in the list had its value completely dropped from sanitizedArgs by sanitizeArgValues. These flags were previously tracked and were unintentionally removed as part of the sanitisation process.

This PR expands the allow list with:

  • 32 boolean flags added to the global * entry (inherently safe — values are only true/false): json, force, remote, local, dryRun, preview, yes, skipConfirmation, noBundle, bundle, minify, latest, uploadSourceMaps, legacyEnv, liveReload, keepVars, logpush, strict, testScheduled, showInteractiveDevSession, skipCaching, commitDirty, includeRuntime, includeEnv, strictVars, check, useRemote, updateConfig, nodeCompat, enableContainers, xAutoconfig, ignoreDefaults
  • 3 fixed-choice args scoped to their commands: localProtocol and upstreamProtocol for dev (["http", "https"]), containersRollout for deploy (["immediate", "gradual"])

An integration test has been added that exercises the full sanitisation pipeline (sanitizeArgKeys → getAllowedArgs → sanitizeArgValues) against the real COMMAND_ARG_ALLOW_LIST to verify flags like --remote now pass through correctly.

  • Tests
    • Tests included/updated
    • Automated tests not possible - manual testing has been completed as follows:
    • Additional testing not necessary because:
  • Public documentation
    • Cloudflare docs PR(s):
    • Documentation not necessary because: telemetry.md already describes the intended behaviour; this change makes the implementation match.
Open with Devin

@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Apr 16, 2026
edited
Loading

🦋 Changeset detected

Latest commit: d41a3ab

The changes in this PR will be included in the next version bump.

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-project-automation github-project-automation Bot moved this to Untriaged in workers-sdk Apr 16, 2026
@workers-devprod workers-devprod requested review from a team and petebacondarwin and removed request for a team April 16, 2026 22:24
@workers-devprod
Copy link
Copy Markdown
Contributor

workers-devprod commented Apr 16, 2026
edited
Loading

Codeowners approval required for this PR:

  • ✅ @cloudflare/wrangler
Show detailed file reviewers

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 16, 2026
edited
Loading

✅ All changesets look good

Summary

Reviewed 26 changeset files:

Validated Changesets (16)

File Package(s) Version Notes
fix-remote-proxy-session-auth-persistence.md wrangler patch Bug fix with good technical description
fix-router-worker-user-worker-rules-iterable.md workers-shared, miniflare patch Bug fix with clear explanation
expand-telemetry-arg-allow-list.md wrangler patch Telemetry fix - restoring previously tracked data, not adding new collection
fix-wrangler-tail-exit-listener-leak.md wrangler patch Bug fix with detailed technical explanation
vite-plugin-dev-tunnel-sharing.md vite-plugin minor New feature with code examples
flagship-remote-only.md wrangler, miniflare minor Behavioral change to bindings
fix-workflows-step-name-suffix.md miniflare patch Bug fix for UI
queues-consumer-list-commands.md wrangler minor New CLI subcommands
dev-tunnel-sharing.md wrangler minor New feature with examples
fix-esbuild-teardown-leaks.md wrangler patch Bug fix with technical details
chilly-trams-flow.md miniflare minor New SSL mode feature
fix-workflows-instance-ui.md local-explorer-ui patch UI bug fixes
fix-dev-registry-service-binding-props.md miniflare, wrangler patch Bug fix with wrangler.json example
fix-browser-rendering-multi-worker.md miniflare patch Bug fix
lemon-hoops-stick.md wrangler patch Framework detection fix
pages-deploy-env-account-id.md wrangler patch Bug fix for env var priority
fix-rebuild-abort-error-noise.md wrangler patch Bug fix for log noise
feat-wrangler-tail-stack-trace.md wrangler minor New feature (stack traces in tail)

Skipped (Dependency Updates - per guidelines)

File Package Notes
c3-frameworks-update-13680.md create-cloudflare Dependency update - not validated
c3-frameworks-update-13681.md create-cloudflare Dependency update - not validated
c3-frameworks-update-13682.md create-cloudflare Dependency update - not validated
c3-frameworks-update-13683.md create-cloudflare Dependency update - not validated
c3-frameworks-update-13684.md create-cloudflare Dependency update - not validated
c3-frameworks-update-13685.md create-cloudflare Dependency update - not validated
c3-frameworks-update-13686.md create-cloudflare Dependency update - not validated
c3-frameworks-update-13687.md create-cloudflare Dependency update - not validated
dependabot-update-13696.md miniflare, wrangler Dependency update (workerd)

Checks Passed

  • Version Types: Appropriate use of patch for bug fixes and minor for new features
  • Changelog Quality: All changesets have meaningful descriptions explaining the change and user impact
  • Markdown Headers: No h1/h2/h3 headers found in any changeset
  • Analytics: The telemetry changeset (expand-telemetry-arg-allow-list.md) is restoring previously tracked args, not adding new collection - patch is appropriate
  • Examples: New features include helpful usage examples where applicable

ask-bonk[bot]

This comment was marked as resolved.

Sign in to view

@ask-bonk
Copy link
Copy Markdown
Contributor

ask-bonk Bot commented Apr 16, 2026

I posted a review on PR #13576 with one actionable finding:

localProtocol and upstreamProtocol are scoped to "dev" but also apply to "pages dev". The getAllowedArgs resolution for "pages dev" walks "pages dev""pages *""pages""*", none of which contain these flags. So --local-protocol used with wrangler pages dev would not be tracked in telemetry. I suggested adding a "pages dev" entry with the same allowed values.

Everything else looks correct — all 32 boolean flags are verified as genuinely boolean in their yargs definitions, the changeset is properly formatted, and the test exercises the full sanitization pipeline.

github run

devin-ai-integration[bot]
devin-ai-integration Bot reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.

Open in Devin Review

@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new Bot commented Apr 16, 2026
edited
Loading

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@13576

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@13576

miniflare

npm i https://pkg.pr.new/miniflare@13576

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@13576

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@13576

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@13576

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@13576

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@13576

@cloudflare/workers-utils

npm i https://pkg.pr.new/@cloudflare/workers-utils@13576

wrangler

npm i https://pkg.pr.new/wrangler@13576

commit: d41a3ab

workers-devprod
workers-devprod approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@workers-devprod workers-devprod left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codeowners reviews satisfied

@github-project-automation github-project-automation Bot moved this from Untriaged to Approved in workers-sdk Apr 17, 2026
@MattieTK MattieTK force-pushed the expand-telemetry-arg-allow-list branch from 1f7d4d7 to 34aa994 Compare April 17, 2026 09:56
devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

MattieTK and others added 3 commits April 27, 2026 22:01
@MattieTK
fix: expand telemetry arg allow list to restore dropped boolean flags
0be393b 
Common boolean flags like --remote, --json, --dry-run, --force and others
were unintentionally dropped from sanitizedArgs when argument sanitisation
was introduced. The COMMAND_ARG_ALLOW_LIST was too conservative, only
permitting --format and --log-level globally.

Boolean flags are inherently safe (values are only true/false), so these
have been added back. Fixed-choice args (--local-protocol, etc.) have
also been added with their known value sets.
@MattieTK @ask-bonk
Update packages/wrangler/src/metrics/sanitization.ts
c1c0b8a 
Co-authored-by: ask-bonk[bot] <249159057+ask-bonk[bot]@users.noreply.github.com>
@MattieTK
undoing bonk's terrible review
d41a3ab
@MattieTK MattieTK force-pushed the expand-telemetry-arg-allow-list branch from 5146aba to d41a3ab Compare April 27, 2026 21:01
@workers-devprod
Copy link
Copy Markdown
Contributor

workers-devprod commented Apr 27, 2026

Codeowners approval required for this PR:

  • ✅ @cloudflare/wrangler
Show detailed file reviewers

@MattieTK MattieTK merged commit 2dc6175 into main Apr 27, 2026
85 of 95 checks passed
@github-project-automation github-project-automation Bot moved this from Approved to Done in workers-sdk Apr 27, 2026
@MattieTK MattieTK deleted the expand-telemetry-arg-allow-list branch April 27, 2026 22:09
@workers-devprod workers-devprod mentioned this pull request Apr 27, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@ask-bonk ask-bonk[bot] ask-bonk[bot] left review comments

@petebacondarwin petebacondarwin petebacondarwin approved these changes

@dario-piotrowicz dario-piotrowicz dario-piotrowicz approved these changes

@workers-devprod workers-devprod workers-devprod approved these changes

Assignees

No one assigned

Labels

None yet

Projects

workers-sdk
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@MattieTK @workers-devprod @petebacondarwin @dario-piotrowicz