Skip to content

feat(cli): route observability through GuardScan-Monitoring API#30

Closed
ntanwir10 wants to merge 7 commits into
feat/enhanced-ai-providersfrom
feat/remote-observability
Closed

feat(cli): route observability through GuardScan-Monitoring API#30
ntanwir10 wants to merge 7 commits into
feat/enhanced-ai-providersfrom
feat/remote-observability

Conversation

@ntanwir10

@ntanwir10 ntanwir10 commented Jun 9, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add getGuardscanMonitoringBaseUrl() helper (GUARDSCAN_API_URL or default api.guardscancli.com)
  • Point telemetry client and monitoring manager at the GuardScan-Monitoring worker
  • Respect telemetryEnabled, offlineMode, and GUARDSCAN_NO_TELEMETRY when inferring remote endpoints

Stacks on: #29

Test plan

  • Build and tests pass on stacked branch
  • With telemetry enabled, confirm POSTs reach api.guardscancli.com/api/telemetry and /api/monitoring
  • With --no-telemetry / offline mode, confirm no remote endpoint is configured

Summary by CodeRabbit

  • Refactor
    • Reorganized how the CLI determines and initializes the monitoring backend endpoint configuration.
    • Improved separation of concerns for endpoint discovery and telemetry configuration management.

…g API

Centralize the remote API base URL via getGuardscanMonitoringBaseUrl and
derive monitoring endpoint defaults from telemetry/offline config so remote
observability uses the same GuardScan-Monitoring worker as telemetry.

Co-authored-by: Cursor <cursoragent@cursor.com>
@coderabbitai

coderabbitai Bot commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1b77197f-9b84-4d6f-a4de-51ea951e1758

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and specifically describes the main change: routing observability/telemetry through a GuardScan-Monitoring API, which aligns with the core functionality added across all three modified files.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/remote-observability

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 9, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs
guardscan-backend 88a0f35 Jun 10 2026, 05:14 AM

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request refactors telemetry and monitoring base URL resolution by introducing a shared helper function and dynamically resolving configuration options in the MonitoringManager constructor. The review feedback highlights a critical privacy issue where the application could default to online mode if the configuration file is missing or fails to load, and suggests a cleaner, more idiomatic way to construct the merged configuration object without mutating it post-creation.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread cli/src/utils/monitoring.ts Outdated
Comment thread cli/src/utils/monitoring.ts Outdated
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
cli/src/utils/monitoring.ts (1)

233-233: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Potential crash if config file doesn't exist.

The constructor gracefully handles missing YAML config (lines 118-122 with try-catch), but trackUsage unconditionally calls this.configManager.load() which throws if the config file is missing (per ConfigManager.load() documentation). This inconsistency could cause trackUsage to crash in environments where guardscan init hasn't been run yet, even though the constructor succeeds.

🛡️ Suggested fix
-    const userConfig = this.configManager.load();
+    let userConfig;
+    try {
+      userConfig = this.configManager.load();
+    } catch {
+      // Config not initialized, skip usage tracking
+      return;
+    }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cli/src/utils/monitoring.ts` at line 233, trackUsage calls
this.configManager.load() unconditionally which can throw if no config exists;
wrap the load call in a try/catch (or check for existence via a provided API)
inside trackUsage so a missing config falls back to null/empty config and does
not propagate an exception. Specifically, update the trackUsage method to call
this.configManager.load() inside a try block, handle/load defaults in the catch,
and ensure subsequent logic that reads userConfig (the variable currently
assigned from this.configManager.load()) handles the null/default case;
reference the trackUsage function and ConfigManager.load for locating the
change.
🧹 Nitpick comments (1)
cli/src/utils/monitoring.ts (1)

130-139: ⚡ Quick win

Consider restructuring the config merge for clarity.

The current code spreads custom at line 137, then explicitly overwrites endpoint at line 139. While functionally correct, this pattern is a bit redundant for the endpoint field—the spread already assigns custom.endpoint if it exists, then line 139 reassigns it with the same fallback logic.

For better clarity, consider moving the endpoint assignment into the object literal itself:

♻️ Suggested restructure
-    const merged: MonitoringConfig = {
-      enabled: telemetryOn,
-      endpoint: inferredEndpoint,
-      errorReportingEnabled: true,
-      performanceMonitoringEnabled: true,
-      usageAnalyticsEnabled: true,
-      sampleRate: 1.0,
-      ...custom,
-    };
-    merged.endpoint = custom?.endpoint ?? inferredEndpoint;
+    const merged: MonitoringConfig = {
+      enabled: telemetryOn,
+      errorReportingEnabled: true,
+      performanceMonitoringEnabled: true,
+      usageAnalyticsEnabled: true,
+      sampleRate: 1.0,
+      ...custom,
+      endpoint: custom?.endpoint ?? inferredEndpoint,
+    };

This makes it explicit that endpoint has special fallback handling and avoids the redundant assignment.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@cli/src/utils/monitoring.ts` around lines 130 - 139, The merge of
MonitoringConfig builds `merged` by spreading `custom` then immediately
reassigning `merged.endpoint`; update the object literal for `merged` (the const
merged: MonitoringConfig = { ... }) to set `endpoint: custom?.endpoint ??
inferredEndpoint` inside the initial object and remove the subsequent
`merged.endpoint = ...` line; this keeps `telemetryOn`, `inferredEndpoint`,
`custom`, and the `endpoint` fallback behavior intact while eliminating the
redundant reassignment.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@cli/src/utils/monitoring.ts`:
- Line 233: trackUsage calls this.configManager.load() unconditionally which can
throw if no config exists; wrap the load call in a try/catch (or check for
existence via a provided API) inside trackUsage so a missing config falls back
to null/empty config and does not propagate an exception. Specifically, update
the trackUsage method to call this.configManager.load() inside a try block,
handle/load defaults in the catch, and ensure subsequent logic that reads
userConfig (the variable currently assigned from this.configManager.load())
handles the null/default case; reference the trackUsage function and
ConfigManager.load for locating the change.

---

Nitpick comments:
In `@cli/src/utils/monitoring.ts`:
- Around line 130-139: The merge of MonitoringConfig builds `merged` by
spreading `custom` then immediately reassigning `merged.endpoint`; update the
object literal for `merged` (the const merged: MonitoringConfig = { ... }) to
set `endpoint: custom?.endpoint ?? inferredEndpoint` inside the initial object
and remove the subsequent `merged.endpoint = ...` line; this keeps
`telemetryOn`, `inferredEndpoint`, `custom`, and the `endpoint` fallback
behavior intact while eliminating the redundant reassignment.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 79cf18c7-dee6-4ee2-afc0-160f75b3a4ec

📥 Commits

Reviewing files that changed from the base of the PR and between ea8827f and 8aa55df.

📒 Files selected for processing (3)
  • cli/src/utils/api-client.ts
  • cli/src/utils/monitoring-base-url.ts
  • cli/src/utils/monitoring.ts

@ntanwir10 ntanwir10 closed this Jul 13, 2026
@ntanwir10 ntanwir10 deleted the feat/remote-observability branch July 13, 2026 04:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant