npm - @atrim/instrument-web - Versions diffs - 0.5.0 → 0.5.1 - Mend

@atrim/instrument-web 0.5.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@atrim/instrument-web",
-  "version": "0.5.0",
+  "version": "0.5.1",
   "description": "OpenTelemetry instrumentation for browsers with centralized YAML configuration",
   "type": "module",
   "license": "MIT",
@@ -82,10 +82,10 @@
     "format": "prettier --write \"src/**/*.ts\" \"test/**/*.ts\"",
     "format:check": "prettier --check \"src/**/*.ts\" \"test/**/*.ts\"",
     "clean": "rm -rf target",
-    "publish:dev:version": "npm version $(git describe --tags --abbrev=0 | sed 's/^.*@//' | sed 's/^v//')-$(git rev-parse --short HEAD)-$(date -u +%Y%m%d%H%M%S) --no-git-tag-version",
+    "publish:dev:version": "pnpm version $(node -p \"require('./package.json').version\")-$(git rev-parse --short HEAD)-$(date -u +%Y%m%d%H%M%S) --no-git-tag-version",
     "publish:dev:save": "node -p \"require('./package.json').version\" > .version",
     "publish:dev:publish": "pnpm build && pnpm publish --tag dev --access public --no-git-checks",
-    "publish:dev:reset": "npm version 0.1.0 --no-git-tag-version",
+    "publish:dev:reset": "pnpm version 0.5.0 --no-git-tag-version",
     "publish:dev": "pnpm publish:dev:version && pnpm publish:dev:save && pnpm publish:dev:publish && pnpm publish:dev:reset"
   }
 }

package/target/dist/index.d.ts CHANGED Viewed

@@ -70,6 +70,31 @@ interface SdkInitializationOptions {
      * @default true
      */
     enableXhr?: boolean;
+    /**
+     * Control trace context propagation for cross-origin requests
+     *
+     * Determines which cross-origin requests receive W3C Trace Context headers
+     * (traceparent, tracestate). Note: Backends must allow these headers in CORS
+     * configuration or requests will fail with CORS errors.
+     *
+     * - 'all': Propagate to all cross-origin requests (may cause CORS errors)
+     * - 'none': Never propagate trace headers
+     * - 'same-origin': Only propagate to same-origin requests (default)
+     * - Array of URL patterns: Custom propagation patterns (regex strings)
+     *
+     * @default 'same-origin'
+     *
+     * @example Propagate to specific API domains
+     * ```typescript
+     * propagateTraceContext: ['^https://api\\.myapp\\.com', '^http://localhost:300[0-9]']
+     * ```
+     *
+     * @example Disable propagation (for debugging CORS issues)
+     * ```typescript
+     * propagateTraceContext: 'none'
+     * ```
+     */
+    propagateTraceContext?: 'all' | 'none' | 'same-origin' | string[];
 }
 /**
  * Get the current SDK instance

package/target/dist/index.js CHANGED Viewed

@@ -4095,7 +4095,20 @@ var HttpFilteringConfigSchema = external_exports.object({
   // Patterns to ignore for incoming HTTP requests (string patterns only in YAML)
   ignore_incoming_paths: external_exports.array(external_exports.string()).optional(),
   // Require parent span for outgoing requests (prevents root spans for HTTP calls)
-  require_parent_for_outgoing_spans: external_exports.boolean().optional()
+  require_parent_for_outgoing_spans: external_exports.boolean().optional(),
+  // Trace context propagation configuration
+  // Controls which cross-origin requests receive W3C Trace Context headers (traceparent, tracestate)
+  propagate_trace_context: external_exports.object({
+    // Strategy for trace propagation
+    // - "all": Propagate to all cross-origin requests (may cause CORS errors)
+    // - "none": Never propagate trace headers
+    // - "same-origin": Only propagate to same-origin requests (default, safe)
+    // - "patterns": Propagate based on include_urls patterns
+    strategy: external_exports.enum(["all", "none", "same-origin", "patterns"]).default("same-origin"),
+    // URL patterns to include when strategy is "patterns"
+    // Supports regex patterns (e.g., "^https://api\\.myapp\\.com")
+    include_urls: external_exports.array(external_exports.string()).optional()
+  }).optional()
 });
 var InstrumentationConfigSchema = external_exports.object({
   version: external_exports.string(),
@@ -4526,6 +4539,54 @@ var PatternSpanProcessor = class {
 // src/core/sdk-initializer.ts
 var sdkInstance = null;
+function buildPropagateTraceUrls(options, config) {
+  const apiOption = options.propagateTraceContext;
+  const yamlStrategy = config?.http?.propagate_trace_context?.strategy;
+  const yamlIncludeUrls = config?.http?.propagate_trace_context?.include_urls;
+  let effectiveStrategy;
+  let patterns = [];
+  if (apiOption !== void 0) {
+    if (typeof apiOption === "string") {
+      effectiveStrategy = apiOption;
+    } else {
+      effectiveStrategy = "patterns";
+      patterns = apiOption;
+    }
+  } else if (yamlStrategy) {
+    effectiveStrategy = yamlStrategy;
+    if (effectiveStrategy === "patterns" && yamlIncludeUrls) {
+      patterns = yamlIncludeUrls;
+    }
+  } else {
+    effectiveStrategy = "same-origin";
+  }
+  switch (effectiveStrategy) {
+    case "all":
+      return [/.*/];
+    case "none":
+    case "same-origin":
+      return [];
+    case "patterns": {
+      const regexes = [];
+      for (const pattern of patterns) {
+        try {
+          regexes.push(new RegExp(pattern));
+        } catch (error) {
+          console.warn(
+            `[@atrim/instrument-web] Invalid trace propagation pattern: "${pattern}"`,
+            error
+          );
+        }
+      }
+      return regexes;
+    }
+    default:
+      console.warn(
+        `[@atrim/instrument-web] Unknown trace propagation strategy: "${effectiveStrategy}". Defaulting to same-origin only.`
+      );
+      return [];
+  }
+}
 async function initializeSdk(options) {
   if (sdkInstance) {
     return sdkInstance;
@@ -4563,6 +4624,7 @@ async function initializeSdk(options) {
         "[@atrim/instrument-web] Missing http.ignore_outgoing_urls in instrumentation.yaml. Using default OTLP endpoint patterns only. Consider adding http filtering to your config for better control."
       );
     }
+    const propagateTraceUrls = buildPropagateTraceUrls(options, config);
     const exporterOptions = {};
     if (options.otlpEndpoint) {
       exporterOptions.endpoint = options.otlpEndpoint;
@@ -4594,15 +4656,16 @@ async function initializeSdk(options) {
           },
           "@opentelemetry/instrumentation-fetch": {
             enabled: options.enableFetch ?? true,
-            propagateTraceHeaderCorsUrls: [/.*/],
-            // Propagate to all origins
+            propagateTraceHeaderCorsUrls: propagateTraceUrls,
+            // Controlled by config/API
             clearTimingResources: true,
             ignoreUrls
             // Prevent self-instrumentation of OTLP exports
           },
           "@opentelemetry/instrumentation-xml-http-request": {
             enabled: options.enableXhr ?? true,
-            propagateTraceHeaderCorsUrls: [/.*/]
+            propagateTraceHeaderCorsUrls: propagateTraceUrls
+            // Controlled by config/API
           }
         })
       ]