feat(telemetry): auth flow events#239
Merged
Merged
Conversation
- go telemetryClient.Close() ran in PersistentPreRunE, closing the client before the command executed and racing with process exit - close the client in Execute() via defer, bounded by a 3s timeout so an unreachable telemetry endpoint never delays exit - fall back to NoOpTelemetryClient when the analytics client cannot be created instead of storing a nil interface in the context - enable analytics-go verbose logging in debug mode so successful flushes are visible with DEBUG=1 Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…umber - Track now takes a properties map, merged with the base properties; base properties are written last so call sites cannot override them - each Track event carries a monotonic sequence number (atomic counter) so the exact order of one invocation can be reconstructed downstream: Segment stores timestamps with millisecond precision, so back-to-back events can tie Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- events.go: typed catalog for the flow events (event name constants, Flow/Step/Direction enums), FlowTracker helper (current step and flow duration) and ErrorClass (root cause type only, never the message, which could contain user data) - Execute() reports a Command Completed event with succeeded, exit_code, duration_ms, and error_class/user_cancelled on failure, through a deferred read of the named return value Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- don't emit an orphan Command Completed when PersistentPreRunE never ran (--help, --version, unknown flag/command, failed auth check): no Command Invoked was sent, and the command property would be empty - measure the command duration right after execution, so duration_ms never includes the update-notifier wait (which only happens on the success path and would bias the metric) - ErrorClass keeps the first informative type of the error chain instead of unwrapping to the root, which collapsed every CLI error into *errors.errorString - tests: trackCommandCompleted (skip/success/failure), sequence uniqueness under concurrency, informative wrapper type Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- RunOAuthFlow emits CLI Auth Started at entry, then exactly one terminal event: Completed, Aborted (user cancellation) or Failed, with the step the user stopped at - RunOAuth takes an optional nil-safe FlowTracker and records the browser_wait and code_exchange steps; automatic re-authentications (EnsureAuthenticated, ReauthenticateIfExpired) pass nil so they are not counted as auth funnels - new Event struct, typed constructors and TrackEvent helper: one-line call sites, compile-time consistent properties - identifyAuthenticatedUser uses the context client; IdentifyOnce is removed (it only existed because the client used to be closed before the command ran) - telemetrytest.RecordingClient: shared recording fake for flow tests Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 24 |
| Duplication | 0 |
TIP This summary will be updated as you push new changes.
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
LorrisSaintGenez
requested review from
8bittitan,
NatanTechofNY,
dylantientcheu and
pipeline1987
8bittitan
approved these changes
Jun 11, 2026
Base automatically changed from
fix/telemetry-client-lifecycle
to
feat/events-flow
June 11, 2026 19:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Step 2 of GROUT-349 — instruments the browser-based OAuth flow with funnel events. Stacked on #238
RunOAuthFlowemitsCLI Auth Startedat entry (flow:login|signup,no_browser), then exactly one terminal event:CLI Auth Completed(duration_ms),CLI Auth Aborted(step) on user cancellation, orCLI Auth Failed(step,duration_ms,error_class).browser_wait,code_exchange(insideauth.RunOAuth, which now takes an optional nil-safeFlowTracker), thenapps_fetch,app_create/app_select,profile_configure.EnsureAuthenticated,ReauthenticateIfExpired) pass a nil tracker: they belong to the calling flow, not to anauth loginfunnel.Eventstruct + typed constructors (AuthStarted, …) + nil-safeTrackEvent(ctx, Event)helper: call sites are one line and properties are compile-time consistent.identifyAuthenticatedUseruses the context's telemetry client;telemetry.IdentifyOnceis removed — it only existed because the client used to be closed before the command ran (fixed in feat(telemetry): flow events foundations #238).telemetrytest.RecordingClient: shared recording fake for flow event tests.Included GROUT-351 — logout telemetry flow. Stacked on #239 (
feat/auth-flow-events): it only needs the event catalog andTrackEventhelper from the auth step, nothing from the create/plan-change work.auth logoutemitsCLI Auth Logout(flow: logout) beforeauth.ClearToken(), while the user identifier is still attached to the telemetry metadata — the event is attributed to the user signing out.Identifyat logout time: Segment's identity graph has no concept of un-identifying — once ananonymousIdis aliased to auserId, the mapping persists by design.userId:Track/Identifyonly set the field when the metadata has one, and afterClearToken()the next invocations load no token. Events fall back toanonymousIdattribution, like a fresh install.Test
GROUT-351
GROUT-349