hybrid-cloud-outboxes
Hybrid Cloud Outboxes
Sentry uses a transactional outbox pattern for eventually consistent operations. When a model changes, an outbox row is written inside the same database transaction. After the transaction commits, the outbox is drained — firing a signal that triggers side effects such as RPC calls, tombstone propagation, or audit logging.
The most common use case is cross-silo data replication: a model saved in the Cell silo produces a CellOutbox that, when processed, replicates data to the Control silo (or vice versa via ControlOutbox). But the pattern is general — outboxes work for any operation that should happen reliably after a transaction commits, even within a single silo.
There are two outbox types corresponding to the two directions of flow:
CellOutbox— written in a Cell silo, processed in the Cell silo to push data toward Control (via RPC calls in signal receivers).ControlOutbox— written in the Control silo, processed in the Control silo to push data toward one or more Cell silos. EachControlOutboxrow targets a specificcell_name.
Critical Constraints
Outboxes MUST be written in the same transaction as the data change. The mixin classes (
ReplicatedCellModel,ReplicatedControlModel) enforce this automatically viaprepare_outboxes(). If you write outboxes manually, always useoutbox_context(transaction.atomic(...)).
Handlers MUST be idempotent. Outboxes can be retried on failure and are coalesced — the handler may receive only the latest version of a change, or be called multiple times for the same change.
More from getsentry/sentry
design-system
Guide for using Sentry's layout and text primitives. Use when implementing UI components, layouts, or typography. Enforces use of core components over styled components.
84sentry-security
Sentry-specific security review based on real vulnerability history. Use when reviewing Sentry endpoints, serializers, or views for security issues. Trigger keywords: "sentry security review", "check for IDOR", "access control review", "org scoping", "cross-org", "security audit endpoint".
67generate-migration
Generate Django database migrations for Sentry. Use when creating migrations, adding/removing columns or tables, adding indexes, or resolving migration conflicts.
67sentry-javascript-bugs
Review Sentry React and TypeScript changes for bug patterns drawn from real production issues. Use when reviewing a frontend diff or PR, checking Warden findings, auditing the current branch, reviewing production-error patterns, or looking for common regressions in `static/`.
61generate-frontend-forms
Guide for creating forms using Sentry's new form system. Use when implementing forms, form fields, validation, or auto-save functionality.
61migrate-frontend-forms
Guide for migrating forms from the legacy JsonForm/FormModel system to the new TanStack-based form system.
57