feat(nightshift): Add endpoint to manually trigger nightshift#113803
feat(nightshift): Add endpoint to manually trigger nightshift#113803
Conversation
github-actions
Bot
added
the
Scope: Backend
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
github-actions
Bot
added
the
Scope: Frontend
|
🚨 Warning: This pull request contains Frontend and Backend changes! It's discouraged to make changes to Sentry's Frontend and Backend in a single pull request. The Frontend and Backend are not atomically deployed. If the changes are interdependent of each other, they must be separated into two pull requests and be made forward or backwards compatible, such that the Backend or Frontend can be safely deployed independently. Have questions? Please ask in the |
Backend Test FailuresFailures on
|
Convert run_night_shift_for_project into an instrumented Celery task and have the manual trigger endpoint enqueue it via apply_async instead of running it synchronously in the request. The endpoint now returns 202 to reflect that the work happens in the background. Co-Authored-By: Claude <noreply@anthropic.com> Agent transcript: https://claudescope.sentry.dev/share/NbgWwkYbXHUsKP9fXIEeS354KlJdTM6vT4hp_VRZFho
chromy
force-pushed
the
chromy/2026-04-23-add-endpoint-to-trigger-nightshift
branch
from
8959c40 to
8c905cf
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 8c905cf. Configure here.
|
|
||
| def post(self, request: Request, project: Project) -> Response: | ||
| if not features.has("organizations:seer-night-shift", project.organization): | ||
| raise NotFound |
There was a problem hiding this comment.
Manual trigger bypasses org-level feature flag checks
Medium Severity
The endpoint only checks "organizations:seer-night-shift" before dispatching the task. The scheduled path in _get_eligible_orgs_from_batch enforces all three FEATURE_NAMES — "organizations:seer-night-shift", "organizations:gen-ai-features", and "organizations:seat-based-seer-enabled" — plus the sentry:hide_ai_features option. The manual trigger path skips the latter two feature flags, which likely gate AI product entitlement and billing, allowing nightshift to run for orgs that aren't fully entitled.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 8c905cf. Configure here.
| raise NotFound | ||
|
|
||
| run_night_shift_for_project.apply_async(args=[project.id]) | ||
| return Response(status=202) |
There was a problem hiding this comment.
Endpoint missing rate limiting for expensive operation
Low Severity
ProjectSeerNightShiftEndpoint lacks rate limiting, yet each POST creates a SeerNightShiftRun, consumes Seer autofix quota, and can trigger autofix runs. The sibling ProjectSeerPreferencesEndpoint in the same directory explicitly sets enforce_rate_limit = True with a RateLimitConfig. Without rate limits, repeated calls could queue many concurrent nightshift runs for the same project.
Reviewed by Cursor Bugbot for commit 8c905cf. Configure here.
| def post(self, request: Request, project: Project) -> Response: | ||
| if not features.has("organizations:seer-night-shift", project.organization): | ||
| raise NotFound | ||
|
|
||
| run_night_shift_for_project.apply_async(args=[project.id]) |
There was a problem hiding this comment.
Bug: The endpoint only checks the organizations:seer-night-shift flag, not projects:seer-night-shift. This can lead to silently failing jobs if the project-level flag is disabled.
Severity: MEDIUM
Suggested Fix
Before enqueuing the task, check if the project has the projects:seer-night-shift feature flag enabled, in addition to the existing organizations:seer-night-shift check. Return an appropriate error response if the project-level flag is not set.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.
Location: src/sentry/seer/endpoints/project_seer_night_shift.py#L24-L28
Potential issue: The endpoint checks for the `organizations:seer-night-shift` feature
flag but not the project-specific `projects:seer-night-shift` flag. If the organization
flag is enabled but the project flag is not, the endpoint returns a 202 Accepted
response and enqueues a task. The task creates a `SeerNightShiftRun` database record,
but then the `_get_eligible_projects` function filters out the project due to the
missing project flag. This results in a silent failure where the user is notified of
success, but no work is performed, and a dangling database record is created.
2 participants
No description provided.