fix(core): Include watchFolders as allowed roots for source context

antonis · claude · antonis · commit 7cf4aa809817 · 2026-04-24T13:03:13.000+02:00
Monorepos and yarn workspaces set projectRoot to the app package and
declare sibling packages via Metro's watchFolders. Allow reads under any
configured root so source context keeps working in those setups.

Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/packages/core/src/js/tools/metroMiddleware.ts b/packages/core/src/js/tools/metroMiddleware.ts
@@ -17,10 +17,12 @@ const readFileAsync = promisify(readFile);
  * Accepts Sentry formatted stack frames and
  * adds source context to the in app frames.
  *
- * Filenames are resolved relative to `projectRoot` and must remain within it.
+ * Relative filenames are resolved against the first entry in `allowedRoots`.
+ * A resolved filename must be contained in at least one of `allowedRoots`
+ * (project root plus any Metro `watchFolders`).
  */
-export const createStackFramesContextMiddleware = (projectRoot: string): Middleware => {
-  const normalizedRoot = path.resolve(projectRoot);
+export const createStackFramesContextMiddleware = (allowedRoots: string[]): Middleware => {
+  const normalizedRoots = allowedRoots.map(root => path.resolve(root));
 
   return async (request: IncomingMessage, response: ServerResponse, _next: () => void): Promise<void> => {
     debug.log('[@sentry/react-native/metro] Received request for stack frames context.');
@@ -45,15 +47,15 @@ export const createStackFramesContextMiddleware = (projectRoot: string): Middlew
       return;
     }
 
-    const stackWithSourceContext = await Promise.all(stack.map(frame => addSourceContext(frame, normalizedRoot)));
+    const stackWithSourceContext = await Promise.all(stack.map(frame => addSourceContext(frame, normalizedRoots)));
     response.setHeader('Content-Type', 'application/json');
     response.statusCode = 200;
     response.end(JSON.stringify({ stack: stackWithSourceContext }));
     debug.log('[@sentry/react-native/metro] Sent stack frames context.');
   };
 };
 
-async function addSourceContext(frame: StackFrame, projectRoot: string): Promise<StackFrame> {
+async function addSourceContext(frame: StackFrame, allowedRoots: string[]): Promise<StackFrame> {
   if (!frame.in_app) {
     return frame;
   }
@@ -64,10 +66,18 @@ async function addSourceContext(frame: StackFrame, projectRoot: string): Promise
       return frame;
     }
 
-    const resolvedPath = path.resolve(projectRoot, frame.filename);
-    const relative = path.relative(projectRoot, resolvedPath);
-    if (relative === '' || relative.startsWith('..') || path.isAbsolute(relative)) {
-      debug.warn('[@sentry/react-native/metro] Skipping frame whose filename is outside the project root.');
+    if (allowedRoots.length === 0) {
+      debug.warn('[@sentry/react-native/metro] Skipping frame: no allowed roots configured.');
+      return frame;
+    }
+
+    const resolvedPath = path.resolve(allowedRoots[0]!, frame.filename);
+    const isInside = allowedRoots.some(root => {
+      const relative = path.relative(root, resolvedPath);
+      return relative !== '' && !relative.startsWith('..') && !path.isAbsolute(relative);
+    });
+    if (!isInside) {
+      debug.warn('[@sentry/react-native/metro] Skipping frame whose filename is outside the allowed roots.');
       return frame;
     }
 
@@ -88,8 +98,8 @@ function badRequest(response: ServerResponse, message: string): void {
 /**
  * Creates a middleware that adds source context to the Sentry formatted stack frames.
  */
-export const createSentryMetroMiddleware = (middleware: Middleware, projectRoot: string): Middleware => {
-  const stackFramesContextMiddleware = createStackFramesContextMiddleware(projectRoot) as (
+export const createSentryMetroMiddleware = (middleware: Middleware, allowedRoots: string[]): Middleware => {
+  const stackFramesContextMiddleware = createStackFramesContextMiddleware(allowedRoots) as (
     req: IncomingMessage,
     res: ServerResponse,
     next: () => void,
@@ -117,10 +127,14 @@ export const withSentryMiddleware = (config: InputConfigT): InputConfigT => {
     config.server = {};
   }
 
-  const projectRoot = (config as { projectRoot?: string }).projectRoot || process.cwd();
+  const typedConfig = config as { projectRoot?: string; watchFolders?: readonly string[] };
+  const projectRoot = typedConfig.projectRoot || process.cwd();
+  const watchFolders = typedConfig.watchFolders || [];
+  const allowedRoots = [projectRoot, ...watchFolders];
+
   const originalEnhanceMiddleware = config.server.enhanceMiddleware;
   config.server.enhanceMiddleware = (middleware, server) => {
-    const sentryMiddleware = createSentryMetroMiddleware(middleware, projectRoot);
+    const sentryMiddleware = createSentryMetroMiddleware(middleware, allowedRoots);
     return originalEnhanceMiddleware ? originalEnhanceMiddleware(sentryMiddleware, server) : sentryMiddleware;
   };
   return config;
diff --git a/packages/core/test/tools/metroMiddleware.test.ts b/packages/core/test/tools/metroMiddleware.test.ts
@@ -79,14 +79,14 @@ describe('metroMiddleware', () => {
     });
 
     it('should call stackFramesContextMiddleware for sentry context requests', () => {
-      const testedMiddleware = createSentryMetroMiddleware(defaultMiddleware, TEST_PROJECT_ROOT);
+      const testedMiddleware = createSentryMetroMiddleware(defaultMiddleware, [TEST_PROJECT_ROOT]);
 
       const sentryRequest = {
         url: '/__sentry/context',
       } as any;
       testedMiddleware(sentryRequest, response, next);
       expect(defaultMiddleware).not.toHaveBeenCalled();
-      expect(spiedCreateStackFramesContextMiddleware).toHaveBeenCalledWith(TEST_PROJECT_ROOT);
+      expect(spiedCreateStackFramesContextMiddleware).toHaveBeenCalledWith([TEST_PROJECT_ROOT]);
       expect(mockedStackFramesContextMiddleware).toHaveBeenCalledWith(sentryRequest, response, next);
     });
 
@@ -95,7 +95,7 @@ describe('metroMiddleware', () => {
         .spyOn(openUrlMiddlewareModule, 'openURLMiddleware')
         .mockReturnValue(undefined as any);
 
-      const testedMiddleware = createSentryMetroMiddleware(defaultMiddleware, TEST_PROJECT_ROOT);
+      const testedMiddleware = createSentryMetroMiddleware(defaultMiddleware, [TEST_PROJECT_ROOT]);
 
       const openUrlRequest = {
         url: '/__sentry/open-url',
@@ -109,7 +109,7 @@ describe('metroMiddleware', () => {
     });
 
     it('should call default middleware for non-sentry requests', () => {
-      const testedMiddleware = createSentryMetroMiddleware(defaultMiddleware, TEST_PROJECT_ROOT);
+      const testedMiddleware = createSentryMetroMiddleware(defaultMiddleware, [TEST_PROJECT_ROOT]);
 
       const regularRequest = {
         url: '/regular/path',
@@ -125,7 +125,7 @@ describe('metroMiddleware', () => {
     let request: any;
     let response: any;
     const next = jest.fn();
-    const stackFramesContextMiddleware = createStackFramesContextMiddleware(TEST_PROJECT_ROOT);
+    const stackFramesContextMiddleware = createStackFramesContextMiddleware([TEST_PROJECT_ROOT]);
 
     let testData: string = '';
 
@@ -289,6 +289,43 @@ describe('metroMiddleware', () => {
       });
     });
 
+    it('should add source context for frames under additional allowed roots (watchFolders)', async () => {
+      const watchFolder = path.resolve('/tmp/sentry-rn-test-workspace-pkg');
+      const scopedMiddleware = createStackFramesContextMiddleware([TEST_PROJECT_ROOT, watchFolder]);
+      const readFileSpy = jest.spyOn(fs, 'readFile');
+      mockReadFileOnce(readFileSpy, path.join(watchFolder, 'shared.js'), 'one\ntwo\nthree\nfour\nfive');
+
+      testData = JSON.stringify({
+        stack: [
+          {
+            in_app: true,
+            filename: path.join(watchFolder, 'shared.js'),
+            function: 'sharedFn',
+            lineno: 3,
+            colno: 1,
+          },
+        ],
+      } satisfies { stack: StackFrame[] });
+
+      await scopedMiddleware(request, response, next);
+
+      expect(response.statusCode).toBe(200);
+      expect(JSON.parse(response.end.mock.calls[0][0])).toEqual({
+        stack: [
+          {
+            in_app: true,
+            filename: path.join(watchFolder, 'shared.js'),
+            function: 'sharedFn',
+            lineno: 3,
+            colno: 1,
+            pre_context: ['one', 'two'],
+            context_line: 'three',
+            post_context: ['four', 'five'],
+          },
+        ],
+      });
+    });
+
     it('should skip frames whose filename escapes the project root', async () => {
       const readFileSpy = jest.spyOn(fs, 'readFile');
       testData = JSON.stringify({
