feat(telemetry): include sanitized error message in events

[facundofarias]

Summary

• Add error_message property to cli_command Mixpanel events
• First line only, with home dir → ~, emails / UUIDs / bearer tokens / key=value secrets redacted, truncated to 200 chars
• Update the dhq telemetry long help to reflect the new field

Why

Today telemetry reports exit_code and a coarse error_class bucket but discards the actual error string. That makes the internal cluster opaque — Mixpanel currently shows 6 of 15 auth login attempts in the last 30d failing with error_class=internal, root cause unknown from analytics alone. With a sanitized first-line message we can finally see whether those are network timeouts, keyring failures, malformed responses, etc., without leaking PII.

Privacy

• First line of err.Error() only — no stack traces
• User's home directory replaced with ~
• Redacted: emails, UUIDs, Bearer <token>, and api_key= / token= / secret= / password= style key-value leaks
• Truncated to 200 chars
• Opt-out unchanged: DEPLOYHQ_NO_TELEMETRY=1 or dhq telemetry disable

Test plan

• go test ./... — green
• go vet ./... — clean
• golangci-lint run (latest) — 0 issues
• Unit tests cover: nil err, multi-line err, email / UUID / bearer / kv-secret redaction, home-dir replacement, truncation, empty err
• Verify in Mixpanel that error_message lands on a deliberately failed invocation (e.g. `dhq deployments show non-existent`)

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

• New Features

  • Telemetry events now include sanitized error messages with automatic redaction of credentials, email addresses, UUIDs, and home directory paths.

• Documentation

  • Updated telemetry command documentation to clarify data collection practices and sensitive information handling.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7dac5ef5-0f19-4146-af46-b94b40b80ee0

📥 Commits

Reviewing files that changed from the base of the PR and between 9d0c7bc and ff9bfdb.

📒 Files selected for processing (4)

• internal/commands/root.go
• internal/commands/telemetry.go
• internal/telemetry/telemetry.go
• internal/telemetry/telemetry_test.go

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

---

Walkthrough

The changes extend telemetry event tracking by adding a sanitized error message field to the Event payload. A new SanitizeErrorMessage function masks sensitive data (credentials, UUIDs, emails, home directories) and truncates the first line of errors for privacy-safe telemetry reporting. Integration occurs in SendTelemetry and the Mixpanel tracker.

Changes

Cohort / File(s)	Summary
Telemetry Event & Sanitization internal/telemetry/telemetry.go	Added ErrorMessage field to Event struct and new exported SanitizeErrorMessage function that redacts credentials, UUIDs, emails, home paths, and truncates to single line. Updated Mixpanel tracker to emit error_message field.
Telemetry Sanitization Tests internal/telemetry/telemetry_test.go	Added comprehensive test suite validating sanitization for nil/empty errors, truncation with ellipsis, first-line normalization, redaction of emails/UUIDs/Bearer tokens/secrets, and home directory path replacement.
Root Command Integration internal/commands/root.go	Updated SendTelemetry to populate ErrorMessage field with sanitized error output before dispatching telemetry event.
Telemetry Command Help internal/commands/telemetry.go	Updated command help text to document that telemetry includes sanitized, truncated one-line error summaries with explicit redactions, clarifying that full stack traces and unredacted credentials are never collected.

Sequence Diagram(s)

sequenceDiagram
    participant Command as Command Execution
    participant Error as Error Capture
    participant Sanitizer as SanitizeErrorMessage
    participant Event as telemetry.Event
    participant Tracker as Mixpanel Tracker

    Error->>Sanitizer: Pass error object
    Sanitizer->>Sanitizer: Extract first line
    Sanitizer->>Sanitizer: Redact credentials, UUIDs, emails
    Sanitizer->>Sanitizer: Replace home paths with ~
    Sanitizer->>Sanitizer: Truncate to max length
    Sanitizer-->>Event: Return sanitized string
    Command->>Event: Populate ErrorMessage field
    Event->>Tracker: Send Event with ErrorMessage
    Tracker->>Tracker: Emit error_message to Mixpanel

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/telemetry-error-context

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ff9bfdbd42

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Redact access_token-style secrets in telemetry sanitizer

SanitizeErrorMessage is intended to prevent credential leakage, but kvSecretRE only matches token when it appears as a standalone key, so values like access_token=... or id_token=... pass through unredacted. Because many OAuth/API errors include those exact keys, telemetry can still emit live tokens in error_message when such errors are reported. Expanding the key pattern (or matching token-like suffixes) would close this leak.

Useful? React with 👍 / 👎.