ref: Gate SentryApp actor resolution on is_sentry_app

yuvmen · yuvmen · commit 4e3e916b51ae · 2026-06-10T14:11:33.000-07:00
Gate the app lookup on request.user.is_sentry_app rather than application_id
alone. An OAuth client acting on behalf of a user (e.g. the MCP) also carries
an application_id but authenticates as the real user, so it must resolve to
USER -- and gating on application_id would run an app lookup (uncached on a
None result) on every such request. is_sentry_app is true only for an app's
proxy user, so only genuine app-as-itself tokens pay the cached lookup.
diff --git a/src/sentry/issues/action_log/base.py b/src/sentry/issues/action_log/base.py
@@ -125,10 +125,11 @@ def resolve_action_actor(request: Request) -> GroupActionActor:
         if organization_id is not None:
             return GroupActionActor.org(organization_id)
     elif kind == "api_token":
-        # A token bound to an ApiApplication belongs to an integration; resolve the owning
-        # SentryApp (control silo) so the actor is the app, not its proxy user.
+        user = getattr(request, "user", None)
         application_id = getattr(auth, "application_id", None)
-        if application_id is not None:
+        # Gate on is_sentry_app (the app's proxy user), not application_id: an OAuth client
+        # acting for a user (e.g. the MCP) also has an application_id but stays USER.
+        if getattr(user, "is_sentry_app", False) and application_id is not None:
             from sentry.sentry_apps.services.app import app_service
 
             sentry_app = app_service.get_by_application_id(application_id=application_id)
diff --git a/tests/sentry/issues/test_action_log.py b/tests/sentry/issues/test_action_log.py
@@ -175,6 +175,14 @@ def test_sentry_app_token_resolves_to_app(self) -> None:
         request = self._request(auth=auth, user=sentry_app.proxy_user)
         assert resolve_action_actor(request) == GroupActionActor.sentry_app(sentry_app.id)
 
+    def test_user_oauth_token_with_application_id_is_user(self) -> None:
+        # An OAuth client acting on behalf of a user (e.g. the MCP) has an application_id but
+        # authenticates as the real user (is_sentry_app=False), so it must resolve to USER and
+        # not trigger a SentryApp lookup.
+        auth = AuthenticatedToken(kind="api_token", user_id=self.user.id, application_id=987654)
+        request = self._request(auth=auth, user=self.user)
+        assert resolve_action_actor(request) == GroupActionActor.user(self.user.id)
+
     def test_unauthenticated_is_system(self) -> None:
         assert resolve_action_actor(self._request()) == SYSTEM_ACTOR
 
