fix(ensapi): downgrade graphql input validation errors to debug#2137
Conversation
Wrap the pino logger passed to graphql-yoga so ZodErrors (raised by @pothos/plugin-zod for invalid graphql inputs) log at debug instead of error. These are 4xx-class client errors, not server faults, and were flooding logs with stack traces for every malformed request. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
3 Skipped Deployments
|
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe PR customizes GraphQL error logging in Yoga to downgrade Zod validation failures to debug level instead of errors. A custom logger detects Zod errors both directly and when wrapped inside GraphQLError, logging validation failures at debug level while preserving error-level logging for other exceptions. ChangesZod Validation Error Logging
Poem
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Wraps the pino logger passed to graphql-yoga so that input-validation errors from @pothos/plugin-zod (raw ZodError or a GraphQLError whose originalError is a ZodError) log at debug instead of error, preventing client 4xx-class validation failures from flooding server logs with stack traces. Real server errors continue to log at error.
Changes:
- Add
isZodErrorpredicate covering both rawZodErrorandGraphQLError-wrapped variants. - Introduce a
yogaLoggeradapter that delegatesdebug/info/warnto pino and downgrades Zod-shaped errors todebuginerror. - Wire the adapter into
createYoga'sloggingoption in place of the rawlogger.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Greptile SummaryThis PR wraps the pino logger passed to
Confidence Score: 5/5Safe to merge — a narrowly scoped logging wrapper with no changes to request handling, schema, or response semantics. The change touches only how yoga's execution errors are routed to pino. The No files require special attention. Important Files Changed
Sequence DiagramsequenceDiagram
participant Yoga as graphql-yoga
participant YL as yogaLogger.error
participant IZE as isZodError()
participant Pino as pino logger
Yoga->>YL: error(err, ...rest)
YL->>IZE: isZodError(err)
alt err is ZodError or GraphQLError(ZodError)
IZE-->>YL: true
YL->>Pino: "debug({ err }, "GraphQL input validation rejected")"
else other execution error
IZE-->>YL: false
YL->>Pino: "error({ err }, "GraphQL execution error")"
end
Reviews (6): Last reviewed commit: "fix: bot notes (loop 2)" | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@apps/ensapi/src/omnigraph-api/yoga.ts`:
- Around line 19-21: Update the existing comment block that begins "Yoga logs
every execution error..." to explicitly document the tradeoff: note the current
assumption that ZodErrors originate only from `@pothos/plugin-zod` input
validation and are therefore safe to downgrade to debug, and state that any
ZodErrors thrown inside resolvers (e.g., future uses of Zod.validate or manual
throws) would also be downgraded to debug and might hide server-side faults;
mention that maintainers should revisit this behavior if resolver-side Zod usage
is added.
- Around line 22-33: The yogaLogger implementation currently uses logger.bind
and a single-arg error signature which drops extra arguments from GraphQL Yoga;
change yogaLogger so each method accepts variadic args (e.g., debug: (...args:
any[]) => logger.debug(...args), info/warn similarly) and make error: (...args:
unknown[]) => { if (args.length>0 && isZodError(args[0])) { logger.debug({ err:
args[0] }, "GraphQL input validation rejected"); return; }
logger.error(...args); } to forward all arguments and only inspect the first for
isZodError.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 16903545-0443-464f-979b-f691fbb624ce
📒 Files selected for processing (1)
apps/ensapi/src/omnigraph-api/yoga.ts
|
![vercel[bot]](https://avatars.githubusercontent.com/in/8329?s=60&v=4){kind=small}
Address review feedback from Greptile, CodeRabbit, and Vercel:
- accept variadic args in yogaLogger.error so additional yoga args aren't
dropped at the TS signature level (.bind for the others already forwards
at runtime)
- use structured logging form ({ err }, "GraphQL execution error") for the
non-ZodError path to match the ZodError path
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
@greptile review |
Fix comment typo flagged by copilot review bot. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
@greptile review |
Summary
ZodErrors (raised by@pothos/plugin-zodfor invalid graphql inputs) log atdebuginstead oferror.Why
errorlevel, including 4xx-class client input validation failures. these are not server faults and flood integration-test (and prod) logs with full stack traces for every malformed request.Testing
pnpm -F ensapi typecheck,pnpm lint,pnpm test --project ensapi— all pass.errorlevel from this exact code path; the wrapper silences those while leaving real server errors aterror.Notes for Reviewer
isZodErrormatches both a rawZodErrorand aGraphQLErrorwhoseoriginalErroris aZodError— both shapes appear depending on whether yoga'smaskedErrorsre-wraps before logging.ZodErrorfor a server-side reason (not input validation), it would also be downgraded. acceptable today sinceZodErrors in this codebase only originate from input-validation boundaries.Checklist