Merge branch 'master' into sdybskiy/logs-attribute-value-types

Author: KyleTryon

.claude/skills/technical-docs/SKILL.md

@@ -130,12 +130,68 @@ Link to related docs rather than repeating content:
 For automatic tracing, see <PlatformLink to="/configuration/apis/">API Reference</PlatformLink>.
 ```
 
-### Code Block Filenames
+### Code Block Meta Flags
 
 Always include filename when showing file-specific code:
 ```tsx {filename:app/error.tsx}
 ```
 
+Consecutive fenced code blocks are automatically grouped into tabbed code snippets.
+Each tab can have a title and filename:
+
+~~~
+```swift {tabTitle:Swift}
+SentrySDK.capture(error: error)
+```
+
+```objc {tabTitle:Objective-C}
+[SentrySDK captureError:error];
+```
+~~~
+
+#### Markdown Export and `{mdExpandTabs}`
+
+The `.md` export (mainly used by LLMs via the "Copy page" button) **collapses tab groups
+by default**: only the first tab is included, with a note listing the other tabs
+(e.g. *Other available variations of the above snippet: yarn, pnpm*). This keeps context lean when tabs show
+trivial variations an LLM can infer on its own.
+
+Add `{mdExpandTabs}` to the first code fence in a group when the tabs contain code an LLM
+**cannot reliably derive** from seeing just one tab. This is rare — most times, adding only
+one tab to the produced `.md` is enough.
+
+~~~
+```swift {tabTitle:Swift} {mdExpandTabs}
+SentrySDK.start { options in
+    options.dsn = "..."
+}
+```
+
+```objc {tabTitle:Objective-C}
+[SentrySDK startWithConfigureOptions:^(SentryOptions *options) {
+    options.dsn = @"...";
+}];
+```
+~~~
+
+**Expand** — the code is too different for an LLM to infer:
+- Different languages: Swift / Objective-C, cross-language guides (JS/Python/PHP/Ruby/...)
+- Different setup flows: Hono guide init (Cloudflare vs Node.js `--import` vs Bun)
+- Different APIs or wrappers: GCP Cloud Functions (`wrapHttpFunction` vs `wrapCloudEventFunction`), serverless async/sync handlers
+- Different framework versions with distinct imports: Spring 5/6/7, Spring Boot 2/3/4, Svelte v5+ / v3
+- Client / Server splits: Next.js, Remix, React Router (Replay + browser tracing vs Node integrations)
+- Different platform tooling: KMP (`commonMain` / `iosApp` / `androidApp`), Flutter navigation (Navigator / GoRouter / AutoRoute)
+- Install methods with different patterns: npm (`import`) vs CDN (`<script>`) vs Loader (`sentryOnLoad`)
+- SDK version migration: SDK 2.x vs 1.x when APIs differ
+
+**Collapse** (default) — an LLM can figure it out from one tab:
+- Package managers: npm / yarn / pnpm, pip / uv, .NET CLI / NuGet
+- Module format: ESM / CommonJS (same API, different import syntax)
+- Config file formats: JSON / TOML, properties / yml
+- Java / Kotlin on the same platform (same APIs, syntactic sugar differences)
+- Runtime tabs where only the import path changes (e.g. `@sentry/hono/cloudflare` vs `@sentry/hono/node` in `platform-includes/` snippets)
+- Build tools when only dependency declaration syntax differs: Gradle / Maven / SBT
+
 ## Review Checklist
 
 When reviewing documentation:

develop-docs/backend/application-domains/tasks/index.mdx

@@ -342,7 +342,7 @@ def test_schedule_task(self, mock_deliver: MagicMock) -> None:
     mock_deliver.delay.assert_called_with(webhook_one.id)
 ```
 
-<Alert type="warning">
+<Alert level="warning">
 Mocking tasks will not validate that parameters are JSON compatible, nor will it catch TypeErrors from signature mismatches.
 </Alert>
 

develop-docs/development-infrastructure/testing.mdx

@@ -285,7 +285,7 @@ with in_test_hide_transaction_boundary():
     users = user_service.get_many(filter={"user_ids": list(owners)})
 ```
 
-<Alert type="warning">
+<Alert level="warning">
 Bypassing safety checks is not recommended and usage can cause consistency
 issues and data loss.
 </Alert>

develop-docs/sdk/foundations/client/data-collection/index.mdx

@@ -144,6 +144,22 @@ init({
 })
 ```
 
+#### URLs
+
+URL strings in span descriptions follow the format defined in [Structuring Data](/sdk/telemetry/traces/structuring-data/): `METHOD scheme://host/path` — query strings and fragments are excluded.
+
+The `queryParams` option controls query parameter filtering wherever query strings appear — including `url.full`, `url.query`, and [`request.query_string`](/sdk/foundations/envelopes/event-payloads/request/). `url.path` and the span description are unaffected since they never contain query strings. For general data scrubbing rules (variable size limits, structuring for server-side scrubbing), see [Data Scrubbing](/sdk/foundations/data-scrubbing/).
+
+**Example:** Given a request to `https://example.com/api/users?token=abc123&page=5`:
+
+| Attribute | `queryParams` enabled | `queryParams` off |
+|---|---|---|
+| Span description | `GET https://example.com/api/users` | same |
+| `url.full` | `https://example.com/api/users?token=[Filtered]&page=5` | `https://example.com/api/users` |
+| `url.path` | `/api/users` | same |
+| `url.query` | `token=[Filtered]&page=5` | not collected |
+| `request.query_string` | `token=[Filtered]&page=5` | not collected |
+
 #### Cookies and Query Params
 
 Cookies and query params may arrive as a single unparsed string (e.g., `Cookie: user_session=abc; theme=dark-mode`) rather than pre-split key-value pairs. SDKs **MAY** handle both cases:

develop-docs/sdk/foundations/data-scrubbing.mdx

@@ -18,6 +18,7 @@ The normative rules for sensitive data, PII, cookies, request bodies, and user-s
 - SDKs should not include PII or other sensitive data in the payload by default. The legacy option [_send-default-pii_](https://docs.sentry.io/platforms/python/configuration/options/#send-default-pii) is **disabled by default**; the replacement is `dataCollection.includeUserInfo` and `dataCollection.collect` (see [Data Collection](/sdk/foundations/client/data-collection/)).
 - Certain sensitive data must never be sent through SDK instrumentation: header/cookie/query values matching the default denylist are replaced with `"[Filtered]"`. User-set data is always attached; only automatically gathered data is scrubbed. Users can use `beforeSend` / event processors to remove or redact any data.
 - For the exact default denylist (partial, case-insensitive match), PII denylist (`x-forwarded-`, `-user`), cookies when unparsable, and raw request bodies, see [Data Collection — Default Denylist](/sdk/foundations/client/data-collection/#default-denylist) and [User-Set Data and Scrubbing](/sdk/foundations/client/data-collection/#user-set-data-scrubbing).
+- For how `queryParams` filtering applies to URL attributes, see [Data Collection — URLs](/sdk/foundations/client/data-collection/#urls).
 
 ### Application State
 

docs/cli/snapshots.mdx

@@ -58,40 +58,7 @@ If you only upload a subset of your snapshots per CI run — for example, becaus
 sentry-cli build snapshots ./snapshots --app-id web-frontend --selective
 ```
 
-When an upload is marked as selective, Sentry only diffs the snapshots you uploaded. Any snapshot that exists in the base build but was not included in the upload is treated as unchanged (skipped) rather than removed.
-
-### Detecting Removals and Renames in Selective Mode
-
-By default, `--selective` cannot detect removals or renames because Sentry cannot distinguish a deliberately deleted snapshot from one that was not part of the subset. To enable removal and rename detection, pass the full list of image file names from your test suite using one of:
-
-- `--all-image-file-names <NAMES>` — a comma-separated list of all image file names.
-- `--all-image-file-names-file <PATH>` — a path to a file (`.txt`, `.csv`, etc.) containing all image file names, one per line.
-- `--all-image-file-names-as-regex <PATTERNS>` — a comma-separated list of regex patterns matching all image file names.
-- `--all-image-file-names-as-regex-file <PATH>` — a path to a file containing regex patterns, one per line.
-
-<Alert level="warning">
-  These four flags are mutually exclusive — you can only use one per upload.
-</Alert>
-
-All four flags implicitly enable `--selective`.
-
-```bash
-# Literal names
-sentry-cli build snapshots ./snapshots \
-  --app-id web-frontend \
-  --all-image-file-names "homepage.png,settings/profile.png,settings/billing.png"
-
-# Regex patterns
-sentry-cli build snapshots ./snapshots \
-  --app-id web-frontend \
-  --all-image-file-names-as-regex ".*\.png"
-```
-
-With the image names or patterns provided, Sentry can tell apart three categories of missing images:
-
-- **Skipped** — matched by the list/pattern but not uploaded (part of the test suite, just not run in this CI job).
-- **Removed** — not matched and not uploaded (deliberately deleted from the test suite).
-- **Renamed** — a new image has the same content hash as a missing one.
+When an upload is marked as selective, Sentry only diffs the snapshots you uploaded. Any snapshot that exists in the base build but was not included in the upload is treated as unchanged rather than removed. Removals and renames cannot be detected when using `--selective`, because Sentry cannot distinguish a deliberately deleted snapshot from one that was not part of the subset.
 
 ## Diff Threshold
 
@@ -116,12 +83,8 @@ sentry-cli build snapshots [OPTIONS] --app-id <APP_ID> <PATH>
 | `--auth-token <TOKEN>`          | Sentry auth token. Can also be set via `SENTRY_AUTH_TOKEN`.                                                                                                                    |
 | `-o`, `--org <ORG>`             | Sentry organization slug. Can also be set via `SENTRY_ORG`.                                                                                                                    |
 | `-p`, `--project <PROJECT>`     | Sentry project slug. Can also be set via `SENTRY_PROJECT`.                                                                                                                     |
-| `--selective`                          | Mark the upload as a subset. Use when uploading only a portion of your snapshots (for example, affected tests only).                                                  |
-| `--all-image-file-names <NAMES>`       | Comma-separated list of all image file names in the full test suite. Enables removal and rename detection in selective mode. Implicitly enables `--selective`. Mutually exclusive with the other `--all-image-*` flags. |
-| `--all-image-file-names-file <PATH>`   | Path to a file (`.txt`, `.csv`, etc.) containing all image file names, one per line. Enables removal and rename detection in selective mode. Implicitly enables `--selective`. Mutually exclusive with the other `--all-image-*` flags. |
-| `--all-image-file-names-as-regex <PATTERNS>` | Comma-separated list of regex patterns matching all image file names in the full test suite. Enables removal and rename detection in selective mode. Implicitly enables `--selective`. Mutually exclusive with the other `--all-image-*` flags. |
-| `--all-image-file-names-as-regex-file <PATH>` | Path to a file containing regex patterns matching all image file names, one per line. Enables removal and rename detection in selective mode. Implicitly enables `--selective`. Mutually exclusive with the other `--all-image-*` flags. |
-| `--diff-threshold <THRESHOLD>`         | Float between `0.0` and `1.0`. Sentry only reports images as changed if the percentage of changed pixels exceeds this value.                                          |
+| `--selective`                   | Mark the upload as a subset. Use when uploading only a portion of your snapshots (for example, affected tests only).                                                           |
+| `--diff-threshold <THRESHOLD>`  | Float between `0.0` and `1.0`. Sentry only reports images as changed if the percentage of changed pixels exceeds this value.                                                   |
 | `--head-sha <SHA>`              | Commit SHA for the upload. Auto-detected in CI.                                                                                                                                |
 | `--base-sha <SHA>`              | Base commit SHA for comparison (PR only). Auto-detected from merge-base.                                                                                                       |
 | `--vcs-provider <PROVIDER>`     | VCS provider (for example, `github`). Auto-detected from the git remote.                                                                                                       |

docs/contributing/approach/sdk-docs/write-getting-started.mdx

@@ -4,7 +4,7 @@ noindex: true
 sidebar_order: 30
 ---
 
-<Alert type="info">
+<Alert level="info">
   This page describes the legacy "Getting Started" guide format. New SDKs and
   guides that have been updated should use the [Quick Start guide
   format](/contributing/approach/sdk-docs/write-quick-start/).

docs/contributing/approach/sdk-docs/write-quick-start.mdx

@@ -6,7 +6,7 @@ sidebar_order: 25
 
 New SDKs should use the Quick Start guide format outlined on this page. You may still encounter Getting Started guides for existing SDKs.
 
-<Alert type="info" title="Note">
+<Alert level="info" title="Note">
   If you want to update an existing Getting Started Guide without refactoring it
   into a Quick Start guide, see [How to Write - Getting
   Started](/contributing/approach/sdk-docs/write-getting-started/). If you're
@@ -133,7 +133,7 @@ If the content you want to include doesn't already exist, create a new file for
 
 Integrate this content into your guide using the `PlatformSection` component.
 
-<Alert type="info">
+<Alert level="info">
   If the SDK supports performance monitoring, add it to the list that links back
   into the SDK content from Product, stored in
   [`/docs/product/dashboards/sentry-dashboards/index.mdx`](https://github.com/getsentry/sentry-docs/blob/master/docs/product/dashboards/sentry-dashboards/index.mdx) (Sentry Dashboards index, which includes a Set Up section and platform redirect to tracing).

docs/organization/data-storage-location/index.mdx

@@ -27,7 +27,10 @@ Here’s a list of the types of data that will be stored in whichever data stora
 
 - Error events, activity, and issue links
 - Transactions
+- Spans
 - Profiles
+- Logs
+- Metrics
 - Release health
 - Releases, debug symbols, and source maps
 - Debug symbol metadata and source map metadata
@@ -103,7 +106,10 @@ If you have a self-hosted Sentry account, you can [follow these instructions](/c
 
 - Error events, activity, and issue links
 - Transactions
+- Spans
 - Profiles
+- Logs
+- Metrics
 - Session Replays
 - Cron check-ins
 - Uptime checks

docs/platforms/apple/guides/ios/size-analysis/insights.mdx

@@ -34,7 +34,7 @@ Below are a list of available insights for iOS builds, followed by more details
 
 **How to fix**: Strip symbols from release builds and instead use debug symbols in separate dSYM files for crash reporters.
 
-<Alert type="warning">
+<Alert level="warning">
   Stripping symbols before creating a dSYM breaks crash symbolication. Confirm
   your release build still produces and uploads dSYMs (or another crash reporter
   has them) before stripping.
@@ -50,7 +50,7 @@ strip -rSTx AppBinary -o AppBinaryStripped
 
 To automate stripping in your project after building, add a Run Script phase that skips non-release builds and leaves Apple-signed frameworks untouched:
 
-<Alert type="warning">
+<Alert level="warning">
   This script will strip the main app binary along with any binaries in the
   `Frameworks/` directory. This is a sample script that **may require
   adjustments** for your project.
@@ -304,7 +304,7 @@ Xcode now limits the export trie to just that allowlist.
 
 **How to fix**: Enable [Source maps](https://reactnative.dev/docs/debugging-release-builds) when building your release app.
 
-<Alert type="warning">
+<Alert level="warning">
   Stripping debug information breaks crash symbolication. Source maps need to be
   uploaded separately to your crash reporter.
 </Alert>