Skip to content

feat(hybridcloud): Propagate ViewerContext through cross-silo RPC#112248

Open
gricha wants to merge 1 commit intomasterfrom
gricha/feat/rpc-viewer-context-propagation
Open

feat(hybridcloud): Propagate ViewerContext through cross-silo RPC#112248
gricha wants to merge 1 commit intomasterfrom
gricha/feat/rpc-viewer-context-propagation

Conversation

@gricha
Copy link
Copy Markdown
Member

@gricha gricha commented Apr 3, 2026

Pack ViewerContext into the RPC meta dict on the sending side (_send_to_remote_silo) and restore it via viewer_context_scope on the receiving side (InternalRpcServiceEndpoint).

Previously, cross-silo RPC handlers had no ViewerContext — the middleware saw RPC signature auth, not the original user. The real user identity was only available through AuthenticationContext (which most RPC calls don't pass). Now the contextvar is automatically propagated through meta, which was already reserved in the wire format for exactly this kind of use.

Backwards compatible — old callers send meta: {}, receivers treat missing viewer_context as None.

Also adds ViewerContext.deserialize() as the inverse of serialize().

Part of the ViewerContext RFC.

@gricha @claude
feat(hybridcloud): Propagate ViewerContext through cross-silo RPC
542e8dc 
Pack ViewerContext into the RPC meta dict on the sending side and
restore it via viewer_context_scope on the receiving side. This closes
the gap where cross-silo RPC handlers had no ViewerContext despite
the original request having one.

Uses the existing reserved meta key in the RPC wire format. Backwards
compatible — old callers send empty meta, receivers treat missing
viewer_context as None.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Apr 3, 2026
@gricha gricha marked this pull request as ready for review April 4, 2026 05:32
@gricha gricha requested review from a team as code owners April 4, 2026 05:32
cursor[bot]
cursor bot reviewed Apr 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 542e8dc. Configure here.

src/sentry/api/endpoints/internal/rpc.py
viewer_context_scope(ViewerContext.deserialize(vc_data))
if vc_data
else contextlib.nullcontext()
)
Copy link
Copy Markdown
Contributor

@cursor cursor bot Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deserialization error outside try block causes unhandled 500

Low Severity

ViewerContext.deserialize(vc_data) is called outside the try block (line 75), so any exception from malformed vc_data (e.g. a non-dict truthy value) produces an unhandled 500 instead of a ParseError. This contrasts with the auth_context parsing just above, which wraps AuthenticationContext.parse_obj() in its own try/except for clean error reporting. Since meta comes from the request body, a malformed viewer_context value will bypass all exception handling in the method.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 542e8dc. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gricha