Skip to content

Port fetch-incident-logs.sh to Cloud V2 admin reports API#3391

Merged
aisraelov merged 2 commits into
devfrom
claude/fetch-incident-logs-v2
Jul 11, 2026
Merged

Port fetch-incident-logs.sh to Cloud V2 admin reports API#3391
aisraelov merged 2 commits into
devfrom
claude/fetch-incident-logs-v2

Conversation

@PhilippeFerreiraDeSousa

@PhilippeFerreiraDeSousa PhilippeFerreiraDeSousa commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Scope

scripts/fetch-incident-logs.sh still called the Cloud V1 agent endpoint (GET /api/agent/incidents/:id/logs with X-Agent-Key), which lives in the frozen cloud/ tree. This ports it to the Cloud V2 reports system using the admin read API that landed in #3378 — no V1 fallback, per the plan to remove cloud/.

  • ./scripts/fetch-incident-logs.sh rep_01... fetches GET /api/admin/reports/:reportId and downloads every artifact (GET .../artifacts/:artifactId) into ./incident-logs/<reportId>/: report.json (full document + asset rows), pretty-printed NN-logs-<source>.json bundles, and screenshots with extensions derived from content type (client filenames sanitized).
  • --json prints the raw report JSON to stdout (pipe-to-jq mode, V1 spirit); --list [--kind|--status|--limit] lists recent reports.
  • Auth: MENTRA_ADMIN_TOKEN sent as Authorization: Bearer — an org API key (msk_...) whose synthetic email is allowlisted via CLOUD_CORE_ADMIN_EMAILS, or a WorkOS admin access token. Deliberately not reusing MENTRA_AGENT_API_KEY: V1 agent keys are not valid V2 bearers, and silently sending one would produce confusing 401s.
  • Environment: --env prod|staging|dev (default prod, core.mentraglass.com) or MENTRA_CORE_URL (matches the CLI convention). Targeted messages for 401/403/404, including the collecting-status hint that a device may still be uploading.
  • AGENTS.md "Bug Report Logs" section rewritten for the V2 flow; incident-logs/ gitignored.

Test evidence

  • Endpoint paths and auth verified against the routes merged in Admin console: report triage (list, detail, screenshots, logs) #3378 (cloud-v2/packages/core/src/api/admin/reports.api.ts) and its integration test (cloud-v2/tests/admin-reports.integration.test.ts).
  • Script exercised end-to-end against a local stub implementing that exact surface (auth check, list/detail/artifact routes with real content types): missing/rejected token guidance, --list filters, --json, full fetch (pretty-printed JSON logs, PNG bytes intact, unsafe filename sanitization), 404 messaging, and a failing artifact (skips it, downloads the rest, exits 1).
  • Live probes: all three core hosts serve /healthz 200 and return the expected 401 envelope on /api/admin/reports unauthenticated. A live authenticated run needs an admin-allowlisted msk_ key — pending credentials.

Notes

  • cloud/packages/console-mcp (incident_get/incident_get_logs) still speaks V1; porting it is spun off as a separate task, and AGENTS.md now says so.

Note

Low Risk
Developer-tooling and documentation only; no runtime services or app code paths change.

Overview
fetch-incident-logs.sh no longer calls the frozen Cloud V1 agent incidents endpoint (X-Agent-Key / UUID incident ids). It now uses the Cloud V2 admin reports API on core.* with MENTRA_ADMIN_TOKEN as a Bearer token (msk_... or WorkOS admin).

Default fetch downloads report.json and every artifact into ./incident-logs/<reportId>/, with sanitized local filenames, content-type-based extensions, and pretty-printed JSON log bundles. New modes: --json, --list (kind/status/limit filters), --env prod|staging|dev, and MENTRA_CORE_URL. HTTP 401/403/404 responses get targeted error text; partial artifact failures skip and exit non-zero.

AGENTS.md “Bug Report Logs” is rewritten for rep_01... ids and the new auth/output layout, and notes that mentra-console MCP is still on V1. incident-logs/ is added to .gitignore.

Reviewed by Cursor Bugbot for commit d23e461. Bugbot is set up for automated code reviews on this repo. Configure here.

The V1 agent incidents endpoint (/api/agent/incidents, X-Agent-Key) lives
in the frozen cloud/ tree and is superseded by the Cloud V2 reports
system. The script now reads GET /api/admin/reports[/:id[/artifacts/:id]]
with a MENTRA_ADMIN_TOKEN bearer (msk_ org API key allowlisted via
CLOUD_CORE_ADMIN_EMAILS, or a WorkOS admin token), downloads report.json
plus every artifact (log bundles, screenshots) into
./incident-logs/<reportId>/, and adds --json, --list, and --env
prod|staging|dev modes. Update the AGENTS.md Bug Report Logs section to
match and gitignore the download directory.
@github-actions

Copy link
Copy Markdown
Contributor

📋 PR Review Helper

📱 Mobile App Build

Waiting for build...

🕶️ ASG Client Build

Waiting for build...


🔀 Test Locally

gh pr checkout 3391

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d03fac2c40

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/fetch-incident-logs.sh Outdated
Artifact source (and screenshot filename) are client-supplied free text,
so a value containing / or .. would make the download mv target a
nested or parent path — failing under set -e and aborting the remaining
artifacts. Strip all path-shaping characters from every metadata-derived
filename component and fall back to placeholders when nothing survives.
@PhilippeFerreiraDeSousa

Copy link
Copy Markdown
Contributor Author

Merge-order note: #3388 (console-mcp V2 port) edits the same AGENTS.md "Bug Report Logs" section — this PR's "MCP not ported yet" line and #3388's "script still V1" line each go stale when the other lands. Whichever merges second should reconcile the section to: script→V2 and MCP→V2 (cloud-v2/packages/console-mcp).

@aisraelov aisraelov merged commit c60e193 into dev Jul 11, 2026
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants