Skip to content

Audit checks: non-determinism + false positives (capture-event-names-static, capture-uses-proxy) #736

Description

@gewenyu99

A few observations that might help refine the audit checks.

  • Non-determinism between runs. On the same codebase we consistently get a "1 error + 3 warnings" count, but the specific findings rotate from run to run, and a few are false positives.

  • capture-event-names-static. Flags any variable passed as the first argument to capture(), whereas the best-practices guidance it cites only warns against interpolated names (e.g. page_viewed_${x}) that create unbounded event definitions. We centralise capture behind a typed wrapper where the event name is constrained to a fixed string-literal union — a bounded, finite set that satisfies the guidance — yet it's reported as an error on some runs. Judging against the interpolation criterion rather than "is it a variable" would likely resolve this.

  • capture-uses-proxy. Flagged us as lacking a reverse proxy because it couldn't read the env value at runtime, when we do in fact route ingestion through a first-party subdomain.

Metadata

Metadata

Assignees

No one assigned

    Labels

    wizard-painPain point from team triage — DX, tech debt, bugs, future improvements

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions