Skip to content

[chore] Clean up logs #3511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jp-agenta wants to merge 2 commits into
base: release/v0.80.4
Choose a base branch
from
Open

[chore] Clean up logs #3511

jp-agenta wants to merge 2 commits into from

Conversation

@jp-agenta
Copy link
Member

@jp-agenta jp-agenta commented Jan 19, 2026
edited by devin-ai-integration bot
Loading

@vercel
Copy link

vercel bot commented Jan 19, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Review Updated (UTC)
agenta-documentation Ready Ready Preview, Comment Jan 19, 2026 4:40pm

Request Review

@dosubot dosubot bot added the size:L This PR changes 100-499 lines, ignoring generated files. label Jan 19, 2026
@dosubot dosubot bot added the Backend label Jan 19, 2026
@jp-agenta jp-agenta changed the base branch from main to release/v0.80.4 January 19, 2026 16:40
devin-ai-integration[bot]
devin-ai-integration bot reviewed Jan 22, 2026
View reviewed changes
Copy link

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 potential issue.

View issue and 5 additional flags in Devin Review.

Open in Devin Review

api/oss/src/services/analytics_service.py
Comment on lines +86 to 91
posthog.capture(
distinct_id=distinct_id,
event="$identify",
properties={
"$set_once": {
property_name: True,
Copy link

@devin-ai-integration devin-ai-integration bot Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Incorrect PostHog API usage: posthog.capture(event="$identify") instead of posthog.identify()

The change replaces the proper posthog.identify() API call with posthog.capture(event="$identify"). While $identify is a special event in PostHog, the identify() method is the correct SDK function for setting person properties.

Original code:

posthog.identify(
    distinct_id=distinct_id,
    properties={
        "$set_once": {
            property_name: True,
        }
    },
)

New code:

posthog.capture(
    distinct_id=distinct_id,
    event="$identify",
    properties={
        "$set_once": {
            property_name: True,
        }
    },
)

The posthog.identify() method has special handling for person property operations like $set_once. When using capture() directly, the properties parameter is treated as event properties, not person properties. The $set_once modifier nested inside properties may not be processed correctly by PostHog's ingestion pipeline.

Impact: Activation properties (like activated_prompt_management, activated_observability, etc.) may fail to be set on user profiles in PostHog, breaking activation tracking analytics.

(Refers to lines 86-94)

Recommendation: Revert to using posthog.identify() which is the proper SDK method for setting person properties:

posthog.identify(
    distinct_id=distinct_id,
    properties={
        "$set_once": {
            property_name: True,
        }
    },
)
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

devin-ai-integration[bot]
devin-ai-integration bot reviewed Jan 22, 2026
View reviewed changes
api/oss/src/services/auth_service.py
Comment on lines 122 to 128
except HTTPException as exc:
log.error("%s: %s", exc.status_code, exc.detail)
# Only log server errors (5xx), not client errors like 401/403
if exc.status_code >= 500:
log.error("%s: %s", exc.status_code, exc.detail)
# elif 400 <= exc.status_code < 500:
# log.warn("%s: %s", exc.status_code, exc.detail)

Copy link

@devin-ai-integration devin-ai-integration bot Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚩 Auth middleware logging reduction may impact debugging

The change at auth_service.py:122-127 stops logging 4xx HTTP errors (401, 403, 404, etc.) and only logs 5xx server errors. While this reduces log noise from normal client errors (invalid tokens, forbidden access), it could make it harder to investigate:

  • Brute force or credential stuffing attacks (many 401s)
  • Permission escalation attempts (403s)
  • Suspicious patterns of 4xx errors

The commented-out code suggests the team considered logging 4xx at warn level. For security-sensitive applications, some level of 4xx logging (even sampled) can be valuable for detecting attacks.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Copy link
Member

@mmabrouk mmabrouk Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks intended but just in case

mmabrouk
mmabrouk requested changes Jan 22, 2026
View reviewed changes
api/oss/src/services/analytics_service.py
try:
# Set the property using PostHog's $set_once (idempotent)
posthog.identify(
posthog.capture(
Copy link
Member

@mmabrouk mmabrouk Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this change?

Copy link
Member

@mmabrouk mmabrouk Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ncorrect PostHog API usage: posthog.capture(event="$identify") instead of posthog.identify()
The change replaces the proper posthog.identify() API call with posthog.capture(event="$identify"). While $identify is a special event in PostHog, the identify() method is the correct SDK function for setting person properties.

Original code:

posthog.identify(
distinct_id=distinct_id,
properties={
"$set_once": {
property_name: True,
}
},
)
New code:

posthog.capture(
distinct_id=distinct_id,
event="$identify",
properties={
"$set_once": {
property_name: True,
}
},
)
The posthog.identify() method has special handling for person property operations like $set_once. When using capture() directly, the properties parameter is treated as event properties, not person properties. The $set_once modifier nested inside properties may not be processed correctly by PostHog's ingestion pipeline.

Impact: Activation properties (like activated_prompt_management, activated_observability, etc.) may fail to be set on user profiles in PostHog, breaking activation tracking analytics.

Recommendation
Revert to using posthog.identify() which is the proper SDK method for setting person properties:

posthog.identify(
distinct_id=distinct_id,
properties={
"$set_once": {
property_name: True,
}
},
)

api/oss/src/services/auth_service.py
Comment on lines 122 to 128
except HTTPException as exc:
log.error("%s: %s", exc.status_code, exc.detail)
# Only log server errors (5xx), not client errors like 401/403
if exc.status_code >= 500:
log.error("%s: %s", exc.status_code, exc.detail)
# elif 400 <= exc.status_code < 500:
# log.warn("%s: %s", exc.status_code, exc.detail)

Copy link
Member

@mmabrouk mmabrouk Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks intended but just in case

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@mmabrouk mmabrouk mmabrouk requested changes

Assignees

No one assigned

Labels

Backend size:L This PR changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jp-agenta @mmabrouk