fix(hono): Do not capture 3xx and 4xx errors and add tests

dev-packages/e2e-tests/test-applications/hono-4/src/route-groups/test-errors.ts

@@ -0,0 +1,45 @@
+import { Hono } from 'hono';
+import { HTTPException } from 'hono/http-exception';
+
+const errorRoutes = new Hono();
+
+// Middleware that throws a 5xx HTTPException (should be captured)
+errorRoutes.use('/middleware-http-exception/*', async (_c, _next) => {
+  throw new HTTPException(503, { message: 'Service Unavailable from middleware' });
+});
+
+errorRoutes.get('/middleware-http-exception', c => c.text('should not reach'));
+
+// Middleware that throws a 4xx HTTPException (should NOT be captured)
+errorRoutes.use('/middleware-http-exception-4xx/*', async (_c, _next) => {
+  throw new HTTPException(401, { message: 'Unauthorized from middleware' });
+});
+
+errorRoutes.get('/middleware-http-exception-4xx', c => c.text('should not reach'));
+
+// Sub-app with a custom onError handler that swallows errors
+const subAppWithOnError = new Hono();
+
+subAppWithOnError.onError((err, c) => {
+  return c.text(`Handled by onError: ${err.message}`, 500);
+});
+
+subAppWithOnError.get('/fail', () => {
+  throw new Error('Error caught by custom onError');
+});
+
+errorRoutes.route('/custom-on-error', subAppWithOnError);
+
+// Nested sub-apps: parent mounts child, child route throws
+const childApp = new Hono();
+
+childApp.get('/error', () => {
+  throw new Error('Nested child app error');
+});
+
+const parentApp = new Hono();
+parentApp.route('/child', childApp);
+
+errorRoutes.route('/nested', parentApp);
+
+export { errorRoutes };

dev-packages/e2e-tests/test-applications/hono-4/src/route-groups/test-route-patterns.ts

@@ -1,5 +1,4 @@
 import { Hono } from 'hono';
-import { HTTPException } from 'hono/http-exception';
 
 const routePatterns = new Hono();
 
@@ -24,32 +23,4 @@ METHODS.forEach(method => {
   routePatterns.on(method, '/on', c => c.text(`${method} on response`));
 });
 
-// Error routes for direct method registration
-METHODS.forEach(method => {
-  routePatterns[method]('/500', () => {
-    throw new HTTPException(500, { message: 'response 500' });
-  });
-  routePatterns[method]('/401', () => {
-    throw new HTTPException(401, { message: 'response 401' });
-  });
-  routePatterns[method]('/402', () => {
-    throw new HTTPException(402, { message: 'response 402' });
-  });
-  routePatterns[method]('/403', () => {
-    throw new HTTPException(403, { message: 'response 403' });
-  });
-});
-
-// Error routes for .all()
-routePatterns.all('/all/500', () => {
-  throw new HTTPException(500, { message: 'response 500' });
-});
-
-// Error routes for .on()
-METHODS.forEach(method => {
-  routePatterns.on(method, '/on/500', () => {
-    throw new HTTPException(500, { message: 'response 500' });
-  });
-});
-
 export { routePatterns };

dev-packages/e2e-tests/test-applications/hono-4/src/routes.ts

@@ -1,6 +1,7 @@
 import type { Hono } from 'hono';
 import { HTTPException } from 'hono/http-exception';
 import { failingMiddleware, middlewareA, middlewareB } from './middleware';
+import { errorRoutes } from './route-groups/test-errors';
 import { middlewareRoutes, subAppWithInlineMiddleware, subAppWithMiddleware } from './route-groups/test-middleware';
 import { routePatterns } from './route-groups/test-route-patterns';
 
@@ -43,4 +44,7 @@ export function addRoutes(app: Hono<{ Bindings?: { E2E_TEST_DSN: string } }>): v
 
   // Route patterns: HTTP methods, .all(), .on(), sync/async, errors
   app.route('/test-routes', routePatterns);
+
+  // Error-specific routes: onError handler, nested sub-apps, middleware HTTPException
+  app.route('/test-errors', errorRoutes);
 }

dev-packages/e2e-tests/test-applications/hono-4/tests/errors.test.ts

@@ -1,53 +1,250 @@
 import { expect, test } from '@playwright/test';
-import { waitForError } from '@sentry-internal/test-utils';
-import { APP_NAME } from './constants';
+import { waitForError, waitForTransaction } from '@sentry-internal/test-utils';
+import { APP_NAME, RUNTIME } from './constants';
 
-test('captures error thrown in route handler', async ({ baseURL }) => {
-  const errorWaiter = waitForError(APP_NAME, event => {
-    return event.exception?.values?.[0]?.value === 'This is a test error for Sentry!';
-  });
+test.describe('route handler errors', () => {
+  test('captures error with mechanism and trace correlation', async ({ baseURL }) => {
+    const errorPromise = waitForError(APP_NAME, event => {
+      return event.exception?.values?.[0]?.value === 'This is a test error for Sentry!';
+    });
+
+    const transactionPromise = waitForTransaction(APP_NAME, event => {
+      return event.contexts?.trace?.op === 'http.server' && !!event.transaction?.includes('/error/');
+    });
+
+    const response = await fetch(`${baseURL}/error/test-cause`);
+    expect(response.status).toBe(500);
+
+    const errorEvent = await errorPromise;
+    const transactionEvent = await transactionPromise;
+
+    expect(transactionEvent.transaction).toBe('GET /error/:cause');
+
+    expect(errorEvent.exception?.values).toHaveLength(1);
+
+    const exception = errorEvent.exception?.values?.[0];
+    expect(exception?.value).toBe('This is a test error for Sentry!');
+    expect(exception?.mechanism).toEqual({
+      handled: false,
+      type: 'auto.http.hono.context_error',
+    });
 
-  const response = await fetch(`${baseURL}/error/test-cause`);
-  expect(response.status).toBe(500);
+    expect(errorEvent.transaction).toBe('GET /error/:cause');
+    expect(errorEvent.request?.method).toBe('GET');
+    expect(errorEvent.request?.url).toContain('/error/test-cause');
 
-  const event = await errorWaiter;
-  expect(event.exception?.values?.[0]?.value).toBe('This is a test error for Sentry!');
+    expect(errorEvent.contexts?.trace?.trace_id).toBe(transactionEvent.contexts?.trace?.trace_id);
+  });
 });
 
-test('captures HTTPException with 502 status', async ({ baseURL }) => {
-  const errorWaiter = waitForError(APP_NAME, event => {
-    return event.exception?.values?.[0]?.value === 'HTTPException 502';
+test.describe('HTTPException errors', () => {
+  test('captures 5xx HTTPException', async ({ baseURL }) => {
+    const errorPromise = waitForError(APP_NAME, event => {
+      return event.exception?.values?.[0]?.value === 'HTTPException 500';
+    });
+
+    const response = await fetch(`${baseURL}/http-exception/500`);
+    expect(response.status).toBe(500);
+
+    const errorEvent = await errorPromise;
+    expect(errorEvent.exception?.values?.[0]?.value).toBe('HTTPException 500');
+    expect(errorEvent.exception?.values?.[0]?.mechanism).toEqual({
+      handled: false,
+      type: 'auto.http.hono.context_error',
+    });
   });
 
-  const response = await fetch(`${baseURL}/http-exception/502`);
-  expect(response.status).toBe(502);
+  // On Node/Bun, httpServerSpansIntegration drops transactions for 3xx/4xx responses (ignoreStatusCodes), so we just use a request guard.
+  // On Cloudflare the transaction is available, and we additionally verify its name.
+  [301, 302].forEach(code => {
+    test(`does not capture ${code} HTTPException`, async ({ baseURL }) => {
+      let errorEventOccurred = false;
+
+      waitForError(APP_NAME, event => {
+        if (event.exception?.values?.[0]?.value === `HTTPException ${code}`) {
+          errorEventOccurred = true;
+        }
+        return false;
+      });
+
+      const transactionPromise = waitForTransaction(APP_NAME, event => {
+        return RUNTIME === 'cloudflare'
+          ? event.contexts?.trace?.op === 'http.server' && !!event.transaction?.includes('/http-exception/')
+          : event.contexts?.trace?.op === 'http.server' && event.transaction === 'GET /';
+      });
+
+      const response = await fetch(`${baseURL}/http-exception/${code}`, { redirect: 'manual' });
+      expect(response.status).toBe(code);
+
+      if (RUNTIME !== 'cloudflare') {
+        // Simple request guard for non-Cloudflare runtimes since the other transaction is dropped for 4xx responses
+        await fetch(`${baseURL}/`);
+      }
+
+      const transaction = await transactionPromise;
+
+      if (RUNTIME === 'cloudflare') {
+        expect(transaction.transaction).toBe('GET /http-exception/:code');
+      }
+
+      expect(errorEventOccurred).toBe(false);
+    });
+  });
+
+  [401, 403, 404].forEach(code => {
+    test(`does not capture ${code} HTTPException`, async ({ baseURL }) => {
+      let errorEventOccurred = false;
+
+      waitForError(APP_NAME, event => {
+        if (event.exception?.values?.[0]?.value === `HTTPException ${code}`) {
+          errorEventOccurred = true;
+        }
+        return false;
+      });
+
+      const transactionPromise = waitForTransaction(APP_NAME, event => {
+        return RUNTIME === 'cloudflare'
+          ? event.contexts?.trace?.op === 'http.server' && !!event.transaction?.includes('/http-exception/')
+          : event.contexts?.trace?.op === 'http.server' && event.transaction === 'GET /';
+      });
+
+      const response = await fetch(`${baseURL}/http-exception/${code}`);
+      expect(response.status).toBe(code);
+
+      if (RUNTIME !== 'cloudflare') {
+        // Simple request guard for non-Cloudflare runtimes since the other transaction is dropped for 4xx responses
+        await fetch(`${baseURL}/`);
+      }
+
+      const transaction = await transactionPromise;
+
+      if (RUNTIME === 'cloudflare') {
+        expect(transaction.transaction).toBe('GET /http-exception/:code');
+      }
 
-  const event = await errorWaiter;
-  expect(event.exception?.values?.[0]?.value).toBe('HTTPException 502');
+      expect(errorEventOccurred).toBe(false);
+    });
+  });
 });
 
-// TODO: 401 and 404 HTTPExceptions should not be captured by Sentry by default,
-// but currently they are. Fix the filtering and update these tests accordingly.
-test('captures HTTPException with 401 status', async ({ baseURL }) => {
-  const errorWaiter = waitForError(APP_NAME, event => {
-    return event.exception?.values?.[0]?.value === 'HTTPException 401';
+test.describe('middleware errors', () => {
+  test('captures 5xx HTTPException thrown in middleware with error span status', async ({ baseURL }) => {
+    const errorPromise = waitForError(APP_NAME, event => {
+      return event.exception?.values?.[0]?.value === 'Service Unavailable from middleware';
+    });
+
+    const transactionPromise = waitForTransaction(APP_NAME, event => {
+      return (
+        event.contexts?.trace?.op === 'http.server' &&
+        !!event.transaction?.includes('/test-errors/middleware-http-exception')
+      );
+    });
+
+    const response = await fetch(`${baseURL}/test-errors/middleware-http-exception`);
+    expect(response.status).toBe(503);
+
+    const errorEvent = await errorPromise;
+    expect(errorEvent.exception?.values?.[0]?.value).toBe('Service Unavailable from middleware');
+    expect(errorEvent.exception?.values?.[0]?.mechanism?.type).toBe('auto.middleware.hono');
+    expect(errorEvent.exception?.values?.[0]?.mechanism?.handled).toBe(false);
+
+    const transaction = await transactionPromise;
+    const middlewareSpan = (transaction.spans || []).find(s => s.op === 'middleware.hono');
+    expect(middlewareSpan?.status).toBe('internal_error');
   });
 
-  const response = await fetch(`${baseURL}/http-exception/401`);
-  expect(response.status).toBe(401);
+  test('does not capture 4xx HTTPException thrown in middleware', async ({ baseURL }) => {
+    let errorEventOccurred = false;
+
+    waitForError(APP_NAME, event => {
+      if (event.exception?.values?.[0]?.value === 'Unauthorized from middleware') {
+        errorEventOccurred = true;
+      }
+      return false;
+    });
+
+    const transactionPromise = waitForTransaction(APP_NAME, event => {
+      if (RUNTIME === 'cloudflare') {
+        return (
+          event.contexts?.trace?.op === 'http.server' &&
+          !!event.transaction?.includes('/test-errors/middleware-http-exception-4xx')
+        );
+      }
+      return event.contexts?.trace?.op === 'http.server' && event.transaction === 'GET /';
+    });
 
-  const event = await errorWaiter;
-  expect(event.exception?.values?.[0]?.value).toBe('HTTPException 401');
+    const response = await fetch(`${baseURL}/test-errors/middleware-http-exception-4xx`);
+    expect(response.status).toBe(401);
+
+    if (RUNTIME !== 'cloudflare') {
+      await fetch(`${baseURL}/`);
+    }
+
+    const transaction = await transactionPromise;
+
+    if (RUNTIME === 'cloudflare') {
+      expect(transaction.transaction).toBe('GET /test-errors/middleware-http-exception-4xx/*');
+
+      const middlewareSpan = (transaction.spans || []).find(s => s.op === 'middleware.hono');
+      expect(middlewareSpan?.status).not.toBe('internal_error');
+    }
+
+    expect(errorEventOccurred).toBe(false);
+  });
 });
 
-test('captures HTTPException with 404 status', async ({ baseURL }) => {
-  const errorWaiter = waitForError(APP_NAME, event => {
-    return event.exception?.values?.[0]?.value === 'HTTPException 404';
+test.describe('nested sub-app errors', () => {
+  test('captures error from nested child sub-app', async ({ baseURL }) => {
+    const errorPromise = waitForError(APP_NAME, event => {
+      return event.exception?.values?.[0]?.value === 'Nested child app error';
+    });
+
+    const transactionPromise = waitForTransaction(APP_NAME, event => {
+      return event.contexts?.trace?.op === 'http.server' && !!event.transaction?.includes('/nested/child/error');
+    });
+
+    const response = await fetch(`${baseURL}/test-errors/nested/child/error`);
+    expect(response.status).toBe(500);
+
+    const errorEvent = await errorPromise;
+    const transaction = await transactionPromise;
+
+    expect(transaction.transaction).toBe('GET /test-errors/nested/child/error');
+
+    expect(errorEvent.exception?.values?.[0]?.value).toBe('Nested child app error');
+    expect(errorEvent.exception?.values?.[0]?.mechanism).toEqual({
+      handled: false,
+      type: 'auto.http.hono.context_error',
+    });
+    expect(errorEvent.request?.url).toContain('/test-errors/nested/child/error');
   });
+});
 
-  const response = await fetch(`${baseURL}/http-exception/404`);
-  expect(response.status).toBe(404);
+test.describe('custom onError handler', () => {
+  test('captures error even when onError handles the response', async ({ baseURL }) => {
+    const errorPromise = waitForError(APP_NAME, event => {
+      return event.exception?.values?.[0]?.value === 'Error caught by custom onError';
+    });
 
-  const event = await errorWaiter;
-  expect(event.exception?.values?.[0]?.value).toBe('HTTPException 404');
+    const transactionPromise = waitForTransaction(APP_NAME, event => {
+      return event.contexts?.trace?.op === 'http.server' && !!event.transaction?.includes('/custom-on-error/fail');
+    });
+
+    const response = await fetch(`${baseURL}/test-errors/custom-on-error/fail`);
+    expect(response.status).toBe(500);
+
+    const body = await response.text();
+    expect(body).toContain('Handled by onError');
+
+    const errorEvent = await errorPromise;
+    const transaction = await transactionPromise;
+
+    expect(transaction.transaction).toBe('GET /test-errors/custom-on-error/fail');
+
+    expect(errorEvent.exception?.values?.[0]?.value).toBe('Error caught by custom onError');
+    expect(errorEvent.exception?.values?.[0]?.mechanism).toEqual({
+      handled: false,
+      type: 'auto.http.hono.context_error',
+    });
+  });
 });