npm - @hexclave/next - Versions diffs - 1.0.16 → 1.0.18 - Mend

@hexclave/next 1.0.16 → 1.0.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

package/dist/lib/hexclave-app/apps/implementations/session-replay.test.js CHANGED Viewed

@@ -1,8 +1,20 @@
 const require_chunk = require('../../../../chunk-BE-pF4vm.js');
 let vitest = require("vitest");
+let _hexclave_shared_dist_utils_results = require("@hexclave/shared/dist/utils/results");
 let __session_replay_js = require("./session-replay.js");
 //#region src/lib/hexclave-app/apps/implementations/session-replay.test.ts
+// @vitest-environment jsdom
+(0, vitest.describe)("session replay options", () => {
+	(0, vitest.it)("enables replays by default", () => {
+		(0, vitest.expect)((0, __session_replay_js.getSessionReplayOptions)(void 0).enabled).toBe(true);
+		(0, vitest.expect)((0, __session_replay_js.getSessionReplayOptions)({}).enabled).toBe(true);
+		(0, vitest.expect)((0, __session_replay_js.getSessionReplayOptions)({ replays: {} }).enabled).toBe(true);
+	});
+	(0, vitest.it)("preserves explicit replay opt-out", () => {
+		(0, vitest.expect)((0, __session_replay_js.getSessionReplayOptions)({ replays: { enabled: false } }).enabled).toBe(false);
+	});
+});
 (0, vitest.describe)("analytics option JSON conversion", () => {
 	(0, vitest.it)("preserves top-level analytics options when serializing replay block classes", () => {
 		const json = (0, __session_replay_js.analyticsOptionsToJson)({
@@ -24,6 +36,56 @@ let __session_replay_js = require("./session-replay.js");
 		(0, vitest.expect)(roundTripped?.replays?.blockClass).toEqual(/stack-sensitive/u);
 	});
 });
+(0, vitest.describe)("SessionRecorder flush", () => {
+	(0, vitest.it)("silently disables when server responds with ANALYTICS_NOT_ENABLED", async () => {
+		vitest.vi.useFakeTimers();
+		const storageKey = `hexclave:session-replay:v1:test-project`;
+		localStorage.setItem(storageKey, JSON.stringify({
+			session_id: "test-session",
+			created_at_ms: Date.now(),
+			last_activity_ms: Date.now()
+		}));
+		const sentBodies = [];
+		const recorder = new __session_replay_js.SessionRecorder({
+			projectId: "test-project",
+			sendBatch: async (body) => {
+				sentBodies.push(body);
+				return _hexclave_shared_dist_utils_results.Result.ok(new Response(JSON.stringify({
+					code: "ANALYTICS_NOT_ENABLED",
+					error: "Analytics is not enabled for this project."
+				}), {
+					status: 400,
+					headers: { "x-stack-known-error": "ANALYTICS_NOT_ENABLED" }
+				}));
+			}
+		}, {});
+		const warnSpy = vitest.vi.spyOn(console, "warn").mockImplementation(() => {});
+		try {
+			recorder._events = [{
+				type: 2,
+				timestamp: Date.now(),
+				data: {}
+			}];
+			recorder._tick();
+			await vitest.vi.advanceTimersByTimeAsync(0);
+			(0, vitest.expect)(sentBodies).toHaveLength(1);
+			(0, vitest.expect)(warnSpy.mock.calls.filter((args) => typeof args[0] === "string" && args[0].includes("SessionRecorder"))).toHaveLength(0);
+			recorder._events = [{
+				type: 3,
+				timestamp: Date.now(),
+				data: {}
+			}];
+			recorder._tick();
+			await vitest.vi.advanceTimersByTimeAsync(0);
+			(0, vitest.expect)(sentBodies).toHaveLength(1);
+		} finally {
+			recorder.stop();
+			warnSpy.mockRestore();
+			localStorage.removeItem(storageKey);
+			vitest.vi.useRealTimers();
+		}
+	});
+});
 //#endregion
 //# sourceMappingURL=session-replay.test.js.map

package/dist/lib/hexclave-app/apps/implementations/session-replay.test.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"session-replay.test.js","names":[],"sources":["../../../../../src/lib/hexclave-app/apps/implementations/session-replay.test.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY UNLESS YOU ALSO EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\nimport { describe, expect, it } from \"vitest\";\nimport { analyticsOptionsFromJson, analyticsOptionsToJson } from \"./session-replay\";\n\ndescribe(\"analytics option JSON conversion\", () => {\n it(\"preserves top-level analytics options when serializing replay block classes\", () => {\n const json = analyticsOptionsToJson({\n enabled: false,\n replays: {\n enabled: true,\n blockClass: /stack-sensitive/u,\n },\n });\n\n expect(json?.enabled).toBe(false);\n expect(json?.replays?.enabled).toBe(true);\n });\n\n it(\"preserves top-level analytics options when deserializing replay block classes\", () => {\n const roundTripped = analyticsOptionsFromJson(analyticsOptionsToJson({\n enabled: false,\n replays: {\n blockClass: /stack-sensitive/u,\n },\n }));\n\n expect(roundTripped?.enabled).toBe(false);\n expect(roundTripped?.replays?.blockClass).toEqual(/stack-sensitive/u);\n });\n});\n"],"mappings":"~~;;;;;qBAOS~~,0CAA0C;AACjD,gBAAG,qFAAqF;EACtF,MAAM,uDAA8B;GAClC,SAAS;GACT,SAAS;IACP,SAAS;IACT,YAAY;IACb;GACF,CAAC;AAEF,qBAAO,MAAM,QAAQ,CAAC,KAAK,MAAM;AACjC,qBAAO,MAAM,SAAS,QAAQ,CAAC,KAAK,KAAK;GACzC;AAEF,gBAAG,uFAAuF;EACxF,MAAM,iHAA+D;GACnE,SAAS;GACT,SAAS,EACP,YAAY,oBACb;GACF,CAAC,CAAC;AAEH,qBAAO,cAAc,QAAQ,CAAC,KAAK,MAAM;AACzC,qBAAO,cAAc,SAAS,WAAW,CAAC,QAAQ,mBAAmB;GACrE;EACF"}
1	+ {"version":3,"file":"session-replay.test.js","names":["SessionRecorder","Result","vi"],"sources":["../../../../../src/lib/hexclave-app/apps/implementations/session-replay.test.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY UNLESS YOU ALSO EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\n// @vitest-environment jsdom\n\nimport { describe, expect, it, vi } from \"vitest\";\nimport { Result } from \"@hexclave/shared/dist/utils/results\";\nimport { analyticsOptionsFromJson, analyticsOptionsToJson, getSessionReplayOptions, SessionRecorder } from \"./session-replay\";\n\ndescribe(\"session replay options\", () => {\n it(\"enables replays by default\", () => {\n expect(getSessionReplayOptions(undefined).enabled).toBe(true);\n expect(getSessionReplayOptions({}).enabled).toBe(true);\n expect(getSessionReplayOptions({ replays: {} }).enabled).toBe(true);\n });\n\n it(\"preserves explicit replay opt-out\", () => {\n expect(getSessionReplayOptions({ replays: { enabled: false } }).enabled).toBe(false);\n });\n});\n\ndescribe(\"analytics option JSON conversion\", () => {\n it(\"preserves top-level analytics options when serializing replay block classes\", () => {\n const json = analyticsOptionsToJson({\n enabled: false,\n replays: {\n enabled: true,\n blockClass: /stack-sensitive/u,\n },\n });\n\n expect(json?.enabled).toBe(false);\n expect(json?.replays?.enabled).toBe(true);\n });\n\n it(\"preserves top-level analytics options when deserializing replay block classes\", () => {\n const roundTripped = analyticsOptionsFromJson(analyticsOptionsToJson({\n enabled: false,\n replays: {\n blockClass: /stack-sensitive/u,\n },\n }));\n\n expect(roundTripped?.enabled).toBe(false);\n expect(roundTripped?.replays?.blockClass).toEqual(/stack-sensitive/u);\n });\n});\n\ndescribe(\"SessionRecorder flush\", () => {\n it(\"silently disables when server responds with ANALYTICS_NOT_ENABLED\", async () => {\n vi.useFakeTimers();\n\n // Seed localStorage with a valid session so _flush doesn't fail on getOrRotateSession\n const storageKey = `hexclave:session-replay:v1:test-project`;\n localStorage.setItem(storageKey, JSON.stringify({\n session_id: \"test-session\",\n created_at_ms: Date.now(),\n last_activity_ms: Date.now(),\n }));\n\n const sentBodies: string[] = [];\n const recorder = new SessionRecorder(\n {\n projectId: \"test-project\",\n sendBatch: async (body) => {\n sentBodies.push(body);\n return Result.ok(new Response(\n JSON.stringify({ code: \"ANALYTICS_NOT_ENABLED\", error: \"Analytics is not enabled for this project.\" }),\n {\n status: 400,\n headers: { \"x-stack-known-error\": \"ANALYTICS_NOT_ENABLED\" },\n },\n ));\n },\n },\n {},\n );\n\n const warnSpy = vi.spyOn(console, \"warn\").mockImplementation(() => {});\n\n try {\n // Inject an event directly into the recorder's buffer to test flush behavior\n // without needing rrweb. We access private fields for testing purposes.\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (recorder as any)._events = [{ type: 2, timestamp: Date.now(), data: {} }];\n\n // Manually trigger a tick (which calls _flush)\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call\n (recorder as any)._tick();\n await vi.advanceTimersByTimeAsync(0);\n\n // One batch should have been sent\n expect(sentBodies).toHaveLength(1);\n\n // No console.warn about \"SessionRecorder flush failed\" should have been emitted\n const flushWarnings = warnSpy.mock.calls.filter(\n (args) => typeof args[0] === \"string\" && args[0].includes(\"SessionRecorder\")\n );\n expect(flushWarnings).toHaveLength(0);\n\n // After disabling, pushing new events and triggering another tick should not send\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access\n (recorder as any)._events = [{ type: 3, timestamp: Date.now(), data: {} }];\n // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call\n (recorder as any)._tick();\n await vi.advanceTimersByTimeAsync(0);\n expect(sentBodies).toHaveLength(1);\n } finally {\n recorder.stop();\n warnSpy.mockRestore();\n localStorage.removeItem(storageKey);\n vi.useRealTimers();\n }\n });\n});\n"],"mappings":";;;;;;;qBAUS,gCAAgC;AACvC,gBAAG,oCAAoC;AACrC,sEAA+B,OAAU,CAAC,QAAQ,CAAC,KAAK,KAAK;AAC7D,sEAA+B,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,KAAK;AACtD,sEAA+B,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,KAAK;GACnE;AAEF,gBAAG,2CAA2C;AAC5C,sEAA+B,EAAE,SAAS,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,MAAM;GACpF;EACF;qBAEO,0CAA0C;AACjD,gBAAG,qFAAqF;EACtF,MAAM,uDAA8B;GAClC,SAAS;GACT,SAAS;IACP,SAAS;IACT,YAAY;IACb;GACF,CAAC;AAEF,qBAAO,MAAM,QAAQ,CAAC,KAAK,MAAM;AACjC,qBAAO,MAAM,SAAS,QAAQ,CAAC,KAAK,KAAK;GACzC;AAEF,gBAAG,uFAAuF;EACxF,MAAM,iHAA+D;GACnE,SAAS;GACT,SAAS,EACP,YAAY,oBACb;GACF,CAAC,CAAC;AAEH,qBAAO,cAAc,QAAQ,CAAC,KAAK,MAAM;AACzC,qBAAO,cAAc,SAAS,WAAW,CAAC,QAAQ,mBAAmB;GACrE;EACF;qBAEO,+BAA+B;AACtC,gBAAG,qEAAqE,YAAY;AAClF,YAAG,eAAe;EAGlB,MAAM,aAAa;AACnB,eAAa,QAAQ,YAAY,KAAK,UAAU;GAC9C,YAAY;GACZ,eAAe,KAAK,KAAK;GACzB,kBAAkB,KAAK,KAAK;GAC7B,CAAC,CAAC;EAEH,MAAM,aAAuB,EAAE;EAC/B,MAAM,WAAW,IAAIA,oCACnB;GACE,WAAW;GACX,WAAW,OAAO,SAAS;AACzB,eAAW,KAAK,KAAK;AACrB,WAAOC,2CAAO,GAAG,IAAI,SACnB,KAAK,UAAU;KAAE,MAAM;KAAyB,OAAO;KAA8C,CAAC,EACtG;KACE,QAAQ;KACR,SAAS,EAAE,uBAAuB,yBAAyB;KAC5D,CACF,CAAC;;GAEL,EACD,EAAE,CACH;EAED,MAAM,UAAUC,UAAG,MAAM,SAAS,OAAO,CAAC,yBAAyB,GAAG;AAEtE,MAAI;AAIF,GAAC,SAAiB,UAAU,CAAC;IAAE,MAAM;IAAG,WAAW,KAAK,KAAK;IAAE,MAAM,EAAE;IAAE,CAAC;AAI1E,GAAC,SAAiB,OAAO;AACzB,SAAMA,UAAG,yBAAyB,EAAE;AAGpC,sBAAO,WAAW,CAAC,aAAa,EAAE;AAMlC,sBAHsB,QAAQ,KAAK,MAAM,QACtC,SAAS,OAAO,KAAK,OAAO,YAAY,KAAK,GAAG,SAAS,kBAAkB,CAC7E,CACoB,CAAC,aAAa,EAAE;AAIrC,GAAC,SAAiB,UAAU,CAAC;IAAE,MAAM;IAAG,WAAW,KAAK,KAAK;IAAE,MAAM,EAAE;IAAE,CAAC;AAE1E,GAAC,SAAiB,OAAO;AACzB,SAAMA,UAAG,yBAAyB,EAAE;AACpC,sBAAO,WAAW,CAAC,aAAa,EAAE;YAC1B;AACR,YAAS,MAAM;AACf,WAAQ,aAAa;AACrB,gBAAa,WAAW,WAAW;AACnC,aAAG,eAAe;;GAEpB;EACF"}

package/dist/lib/hexclave-app/apps/interfaces/client-app.d.ts CHANGED Viewed

@@ -36,8 +36,8 @@ type StackClientAppConstructorOptions<HasTokenStore extends boolean, ProjectId e
    */
   noAutomaticPrefetch?: boolean;
   /**
-   * Options for analytics and session recording. Replays are disabled by default;
-   * set `{ replays: { enabled: true } }` to opt in.
+   * Options for analytics and session recording. Replays are enabled by default;
+   * set `{ replays: { enabled: false } }` to opt out.
    */
   analytics?: AnalyticsOptions;
 } & ({

package/dist/lib/hexclave-app/apps/interfaces/client-app.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"client-app.js","names":["_HexclaveClientAppImpl"],"sources":["../../../../../src/lib/hexclave-app/apps/interfaces/client-app.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY UNLESS YOU ALSO EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\nimport { KnownErrors } from \"@hexclave/shared\";\nimport { CurrentUserCrud } from \"@hexclave/shared/dist/interface/crud/current-user\";\nimport { Result } from \"@hexclave/shared/dist/utils/results\";\nimport { AsyncStoreProperty, AuthLike, GetCurrentPartialUserOptions, GetCurrentUserOptions, HandlerUrlOptions, HandlerUrls, OAuthScopesOnSignIn, RedirectMethod, RedirectToOptions, ResolvedHandlerUrls, hexclaveAppInternalsSymbol, TokenStoreInit } from \"../../common\";\nimport type { RequestListener } from \"@hexclave/shared/dist/interface/client-interface\";\nimport { CustomerInvoicesList, CustomerInvoicesRequestOptions, CustomerProductsList, CustomerProductsRequestOptions, Item } from \"../../customers\";\nimport { Project } from \"../../projects\";\nimport { ProjectCurrentUser, SyncedPartialUser, TokenPartialUser } from \"../../users\";\nimport { _HexclaveClientAppImpl } from \"../implementations\";\nimport { AnalyticsOptions } from \"../implementations/session-replay\";\n\n/** @deprecated Use `HexclaveClientAppConstructorOptions` from the `@hexclave/` package instead — same symbol, new brand name. See https://docs.hexclave.com/migration. /\nexport type StackClientAppConstructorOptions<HasTokenStore extends boolean, ProjectId extends string> = {\n baseUrl?: string \| { browser: string, server: string },\n extraRequestHeaders?: Record<string, string>,\n projectId?: ProjectId,\n publishableClientKey?: string,\n urls?: HandlerUrlOptions,\n oauthScopesOnSignIn?: Partial<OAuthScopesOnSignIn>,\n tokenStore?: TokenStoreInit<HasTokenStore>,\n redirectMethod?: RedirectMethod,\n inheritsFrom?: StackClientApp<any, any>,\n\n /*\n Whether to show the Hexclave dev tool indicator in browser-like development environments.\n \n Defaults to true.\n /\n devTool?: boolean,\n\n /\n By default, the Stack app will automatically prefetch some data from Stack's server when this app is first\n * constructed. This improves the performance of your app, but will create network requests that are unnecessary if\n * the app is never used or disposed of immediately. To disable this behavior, set this option to true.\n /\n noAutomaticPrefetch?: boolean,\n\n /\n Options for analytics and session recording. Replays are disabled by default;\n * set `{ replays: { enabled: true } }` to opt in.\n /\n analytics?: AnalyticsOptions,\n} & (\n { tokenStore: TokenStoreInit<HasTokenStore> } \| { tokenStore?: undefined, inheritsFrom: StackClientApp<HasTokenStore, any> }\n) & (\n string extends ProjectId ? unknown : ({ projectId: ProjectId } \| { inheritsFrom: StackClientApp<any, ProjectId> })\n);\n\n\n/* @deprecated Use `HexclaveClientAppJson` from the `@hexclave/` package instead — same symbol, new brand name. See https://docs.hexclave.com/migration. /\nexport type StackClientAppJson<HasTokenStore extends boolean, ProjectId extends string> = StackClientAppConstructorOptions<HasTokenStore, ProjectId> & { inheritsFrom?: undefined } & {\n uniqueIdentifier: string,\n // note: if you add more fields here, make sure to ensure the checkString in the constructor has/doesn't have them\n};\n\n/** @deprecated Use `HexclaveClientApp` from the `@hexclave/` package instead — same symbol, new brand name. See https://docs.hexclave.com/migration. /\nexport type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = (\n & {\n readonly projectId: ProjectId,\n\n /*\n The version of the Hexclave SDK.\n /\n readonly version: string,\n\n /\n @deprecated `app.urls` is static and does not include runtime redirect-back parameters.\n * For navigation, prefer `redirectToXyz()` methods (for example `redirectToSignIn()`).\n /\n readonly urls: Readonly<ResolvedHandlerUrls>,\n\n signInWithOAuth(provider: string, options?: { returnTo?: string }): Promise<void>,\n signInWithCredential(options: { email: string, password: string, noRedirect?: boolean }): Promise<Result<undefined, KnownErrors[\"EmailPasswordMismatch\"] \| KnownErrors[\"InvalidTotpCode\"]>>,\n signUpWithCredential(options: {\n email: string,\n password: string,\n noRedirect?: boolean,\n } & ({ noVerificationCallback: true } \| { noVerificationCallback?: false, verificationCallbackUrl?: string })): Promise<Result<undefined, KnownErrors[\"UserWithEmailAlreadyExists\"] \| KnownErrors[\"PasswordRequirementsNotMet\"] \| KnownErrors[\"BotChallengeFailed\"]>>,\n signInWithPasskey(): Promise<Result<undefined, KnownErrors[\"PasskeyAuthenticationFailed\"] \| KnownErrors[\"InvalidTotpCode\"] \| KnownErrors[\"PasskeyWebAuthnError\"]>>,\n callOAuthCallback(): Promise<boolean>,\n promptCliLogin(options: { appUrl: string, expiresInMillis?: number, anonRefreshToken?: string, promptLink?: (url: string, loginCode: string) => void }): Promise<Result<string, KnownErrors[\"CliAuthError\"] \| KnownErrors[\"CliAuthExpiredError\"] \| KnownErrors[\"CliAuthUsedError\"]>>,\n sendForgotPasswordEmail(email: string, options?: { callbackUrl?: string }): Promise<Result<undefined, KnownErrors[\"UserNotFound\"]>>,\n sendMagicLinkEmail(email: string, options?: { callbackUrl?: string }): Promise<Result<{ nonce: string }, KnownErrors[\"RedirectUrlNotWhitelisted\"] \| KnownErrors[\"BotChallengeFailed\"]>>,\n resetPassword(options: { code: string, password: string }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>>,\n verifyPasswordResetCode(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>>,\n verifyTeamInvitationCode(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>>,\n acceptTeamInvitation(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>>,\n getTeamInvitationDetails(code: string): Promise<Result<{ teamDisplayName: string }, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>>,\n verifyEmail(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>>,\n signInWithMagicLink(code: string, options?: { noRedirect?: boolean }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"InvalidTotpCode\"]>>,\n signInWithMfa(otp: string, code: string, options?: { noRedirect?: boolean }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"InvalidTotpCode\"]>>,\n\n redirectToOAuthCallback(): Promise<void>,\n\n getConvexClientAuth(options: HasTokenStore extends false ? { tokenStore: TokenStoreInit } : { tokenStore?: TokenStoreInit }): (args: { forceRefreshToken: boolean }) => Promise<string \| null>,\n getConvexHttpClientAuth(options: { tokenStore: TokenStoreInit }): Promise<string>,\n\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'redirect' }): ProjectCurrentUser<ProjectId>,\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'throw' }): ProjectCurrentUser<ProjectId>,\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'anonymous' }): ProjectCurrentUser<ProjectId>,\n useUser(options?: GetCurrentUserOptions<HasTokenStore>): ProjectCurrentUser<ProjectId> \| null,\n\n getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'redirect' }): Promise<ProjectCurrentUser<ProjectId>>,\n getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'throw' }): Promise<ProjectCurrentUser<ProjectId>>,\n getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'anonymous' }): Promise<ProjectCurrentUser<ProjectId>>,\n getUser(options?: GetCurrentUserOptions<HasTokenStore>): Promise<ProjectCurrentUser<ProjectId> \| null>,\n\n cancelSubscription(options: { productId: string, subscriptionId?: string } \| { productId: string, subscriptionId?: string, teamId: string }): Promise<void>,\n\n // note: we don't special-case 'anonymous' here to return non-null, see GetPartialUserOptions for more details\n getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'token' }): Promise<TokenPartialUser \| null>,\n getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'convex' }): Promise<TokenPartialUser \| null>,\n getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore>): Promise<SyncedPartialUser \| TokenPartialUser \| null>,\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'token' }): TokenPartialUser \| null,\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'convex' }): TokenPartialUser \| null,\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore>): SyncedPartialUser \| TokenPartialUser \| null,\n useNavigate(): (to: string) => void, // THIS_LINE_PLATFORM react-like\n\n [hexclaveAppInternalsSymbol]: {\n toClientJson(): StackClientAppJson<HasTokenStore, ProjectId>,\n setCurrentUser(userJsonPromise: Promise<CurrentUserCrud['Client']['Read'] \| null>): void,\n getConstructorOptions(): StackClientAppConstructorOptions<HasTokenStore, ProjectId> & { inheritsFrom?: undefined },\n sendSessionReplayBatch(body: string, options: { keepalive: boolean }): Promise<Result<Response, Error>>,\n sendAnalyticsEventBatch(body: string, options: { keepalive: boolean }): Promise<Result<Response, Error>>,\n addRequestListener(listener: RequestListener): () => void,\n sendRequest(path: string, requestOptions: RequestInit, requestType?: \"client\" \| \"server\" \| \"admin\"): Promise<Response>,\n getRedirectMethod(): RedirectMethod,\n redirectToUrl(url: string \| URL, options?: { replace?: boolean }): Promise<void>,\n redirectToHandler(handlerName: keyof HandlerUrls, options?: RedirectToOptions): Promise<void>,\n signInWithTokens(tokens: { accessToken: string, refreshToken: string }): Promise<void>,\n },\n }\n & AsyncStoreProperty<\"project\", [], Project, false>\n & AsyncStoreProperty<\n \"item\",\n [{ itemId: string, userId: string } \| { itemId: string, teamId: string } \| { itemId: string, customCustomerId: string }],\n Item,\n false\n >\n & AsyncStoreProperty<\n \"products\",\n [options: CustomerProductsRequestOptions],\n CustomerProductsList,\n true\n >\n & AsyncStoreProperty<\n \"invoices\",\n [options: CustomerInvoicesRequestOptions],\n CustomerInvoicesList,\n true\n >\n & { [K in `redirectTo${Capitalize<keyof Omit<HandlerUrls, 'handler' \| 'oauthCallback'>>}`]: (options?: RedirectToOptions) => Promise<void> }\n & AuthLike<HasTokenStore extends false ? { tokenStore: TokenStoreInit } : { tokenStore?: TokenStoreInit }>\n);\n/* @deprecated Use `HexclaveClientAppConstructor` from the `@hexclave/` package instead — same symbol, new brand name. See https://docs.hexclave.com/migration. /\nexport type StackClientAppConstructor = {\n new <\n TokenStoreType extends string,\n HasTokenStore extends (TokenStoreType extends {} ? true : boolean),\n ProjectId extends string\n >(options: StackClientAppConstructorOptions<HasTokenStore, ProjectId>): StackClientApp<HasTokenStore, ProjectId>,\n new(options: StackClientAppConstructorOptions<boolean, string>): StackClientApp<boolean, string>,\n\n [hexclaveAppInternalsSymbol]: {\n fromClientJson<HasTokenStore extends boolean, ProjectId extends string>(\n json: StackClientAppJson<HasTokenStore, ProjectId>\n ): StackClientApp<HasTokenStore, ProjectId>,\n },\n};\nexport type HexclaveClientAppConstructorOptions<HasTokenStore extends boolean, ProjectId extends string> = StackClientAppConstructorOptions<HasTokenStore, ProjectId>;\nexport type HexclaveClientAppJson<HasTokenStore extends boolean, ProjectId extends string> = StackClientAppJson<HasTokenStore, ProjectId>;\nexport type HexclaveClientApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = StackClientApp<HasTokenStore, ProjectId>;\nexport type HexclaveClientAppConstructor = StackClientAppConstructor;\nexport const HexclaveClientApp: HexclaveClientAppConstructor = _HexclaveClientAppImpl;\n/** @deprecated Use `HexclaveClientApp` from the `@hexclave/` package instead — same symbol, new brand name. See https://docs.hexclave.com/migration. /\nexport const StackClientApp: StackClientAppConstructor = HexclaveClientApp;\n"],"mappings":";;;;;AAiLA,MAAa,oBAAkDA;;AAE/D,MAAa,iBAA4C"}
1	+ {"version":3,"file":"client-app.js","names":["_HexclaveClientAppImpl"],"sources":["../../../../../src/lib/hexclave-app/apps/interfaces/client-app.ts"],"sourcesContent":["\n//===========================================\n// THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY UNLESS YOU ALSO EDIT THE CORRESPONDING FILE IN packages/template\n//===========================================\nimport { KnownErrors } from \"@hexclave/shared\";\nimport { CurrentUserCrud } from \"@hexclave/shared/dist/interface/crud/current-user\";\nimport { Result } from \"@hexclave/shared/dist/utils/results\";\nimport { AsyncStoreProperty, AuthLike, GetCurrentPartialUserOptions, GetCurrentUserOptions, HandlerUrlOptions, HandlerUrls, OAuthScopesOnSignIn, RedirectMethod, RedirectToOptions, ResolvedHandlerUrls, hexclaveAppInternalsSymbol, TokenStoreInit } from \"../../common\";\nimport type { RequestListener } from \"@hexclave/shared/dist/interface/client-interface\";\nimport { CustomerInvoicesList, CustomerInvoicesRequestOptions, CustomerProductsList, CustomerProductsRequestOptions, Item } from \"../../customers\";\nimport { Project } from \"../../projects\";\nimport { ProjectCurrentUser, SyncedPartialUser, TokenPartialUser } from \"../../users\";\nimport { _HexclaveClientAppImpl } from \"../implementations\";\nimport { AnalyticsOptions } from \"../implementations/session-replay\";\n\n/** @deprecated Use `HexclaveClientAppConstructorOptions` from the `@hexclave/` package instead — same symbol, new brand name. See https://docs.hexclave.com/migration. /\nexport type StackClientAppConstructorOptions<HasTokenStore extends boolean, ProjectId extends string> = {\n baseUrl?: string \| { browser: string, server: string },\n extraRequestHeaders?: Record<string, string>,\n projectId?: ProjectId,\n publishableClientKey?: string,\n urls?: HandlerUrlOptions,\n oauthScopesOnSignIn?: Partial<OAuthScopesOnSignIn>,\n tokenStore?: TokenStoreInit<HasTokenStore>,\n redirectMethod?: RedirectMethod,\n inheritsFrom?: StackClientApp<any, any>,\n\n /*\n Whether to show the Hexclave dev tool indicator in browser-like development environments.\n \n Defaults to true.\n /\n devTool?: boolean,\n\n /\n By default, the Stack app will automatically prefetch some data from Stack's server when this app is first\n * constructed. This improves the performance of your app, but will create network requests that are unnecessary if\n * the app is never used or disposed of immediately. To disable this behavior, set this option to true.\n /\n noAutomaticPrefetch?: boolean,\n\n /\n Options for analytics and session recording. Replays are enabled by default;\n * set `{ replays: { enabled: false } }` to opt out.\n /\n analytics?: AnalyticsOptions,\n} & (\n { tokenStore: TokenStoreInit<HasTokenStore> } \| { tokenStore?: undefined, inheritsFrom: StackClientApp<HasTokenStore, any> }\n) & (\n string extends ProjectId ? unknown : ({ projectId: ProjectId } \| { inheritsFrom: StackClientApp<any, ProjectId> })\n);\n\n\n/* @deprecated Use `HexclaveClientAppJson` from the `@hexclave/` package instead — same symbol, new brand name. See https://docs.hexclave.com/migration. /\nexport type StackClientAppJson<HasTokenStore extends boolean, ProjectId extends string> = StackClientAppConstructorOptions<HasTokenStore, ProjectId> & { inheritsFrom?: undefined } & {\n uniqueIdentifier: string,\n // note: if you add more fields here, make sure to ensure the checkString in the constructor has/doesn't have them\n};\n\n/** @deprecated Use `HexclaveClientApp` from the `@hexclave/` package instead — same symbol, new brand name. See https://docs.hexclave.com/migration. /\nexport type StackClientApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = (\n & {\n readonly projectId: ProjectId,\n\n /*\n The version of the Hexclave SDK.\n /\n readonly version: string,\n\n /\n @deprecated `app.urls` is static and does not include runtime redirect-back parameters.\n * For navigation, prefer `redirectToXyz()` methods (for example `redirectToSignIn()`).\n /\n readonly urls: Readonly<ResolvedHandlerUrls>,\n\n signInWithOAuth(provider: string, options?: { returnTo?: string }): Promise<void>,\n signInWithCredential(options: { email: string, password: string, noRedirect?: boolean }): Promise<Result<undefined, KnownErrors[\"EmailPasswordMismatch\"] \| KnownErrors[\"InvalidTotpCode\"]>>,\n signUpWithCredential(options: {\n email: string,\n password: string,\n noRedirect?: boolean,\n } & ({ noVerificationCallback: true } \| { noVerificationCallback?: false, verificationCallbackUrl?: string })): Promise<Result<undefined, KnownErrors[\"UserWithEmailAlreadyExists\"] \| KnownErrors[\"PasswordRequirementsNotMet\"] \| KnownErrors[\"BotChallengeFailed\"]>>,\n signInWithPasskey(): Promise<Result<undefined, KnownErrors[\"PasskeyAuthenticationFailed\"] \| KnownErrors[\"InvalidTotpCode\"] \| KnownErrors[\"PasskeyWebAuthnError\"]>>,\n callOAuthCallback(): Promise<boolean>,\n promptCliLogin(options: { appUrl: string, expiresInMillis?: number, anonRefreshToken?: string, promptLink?: (url: string, loginCode: string) => void }): Promise<Result<string, KnownErrors[\"CliAuthError\"] \| KnownErrors[\"CliAuthExpiredError\"] \| KnownErrors[\"CliAuthUsedError\"]>>,\n sendForgotPasswordEmail(email: string, options?: { callbackUrl?: string }): Promise<Result<undefined, KnownErrors[\"UserNotFound\"]>>,\n sendMagicLinkEmail(email: string, options?: { callbackUrl?: string }): Promise<Result<{ nonce: string }, KnownErrors[\"RedirectUrlNotWhitelisted\"] \| KnownErrors[\"BotChallengeFailed\"]>>,\n resetPassword(options: { code: string, password: string }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>>,\n verifyPasswordResetCode(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>>,\n verifyTeamInvitationCode(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>>,\n acceptTeamInvitation(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>>,\n getTeamInvitationDetails(code: string): Promise<Result<{ teamDisplayName: string }, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"TeamInvitationEmailMismatch\"]>>,\n verifyEmail(code: string): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"]>>,\n signInWithMagicLink(code: string, options?: { noRedirect?: boolean }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"InvalidTotpCode\"]>>,\n signInWithMfa(otp: string, code: string, options?: { noRedirect?: boolean }): Promise<Result<undefined, KnownErrors[\"VerificationCodeError\"] \| KnownErrors[\"InvalidTotpCode\"]>>,\n\n redirectToOAuthCallback(): Promise<void>,\n\n getConvexClientAuth(options: HasTokenStore extends false ? { tokenStore: TokenStoreInit } : { tokenStore?: TokenStoreInit }): (args: { forceRefreshToken: boolean }) => Promise<string \| null>,\n getConvexHttpClientAuth(options: { tokenStore: TokenStoreInit }): Promise<string>,\n\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'redirect' }): ProjectCurrentUser<ProjectId>,\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'throw' }): ProjectCurrentUser<ProjectId>,\n useUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'anonymous' }): ProjectCurrentUser<ProjectId>,\n useUser(options?: GetCurrentUserOptions<HasTokenStore>): ProjectCurrentUser<ProjectId> \| null,\n\n getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'redirect' }): Promise<ProjectCurrentUser<ProjectId>>,\n getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'throw' }): Promise<ProjectCurrentUser<ProjectId>>,\n getUser(options: GetCurrentUserOptions<HasTokenStore> & { or: 'anonymous' }): Promise<ProjectCurrentUser<ProjectId>>,\n getUser(options?: GetCurrentUserOptions<HasTokenStore>): Promise<ProjectCurrentUser<ProjectId> \| null>,\n\n cancelSubscription(options: { productId: string, subscriptionId?: string } \| { productId: string, subscriptionId?: string, teamId: string }): Promise<void>,\n\n // note: we don't special-case 'anonymous' here to return non-null, see GetPartialUserOptions for more details\n getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'token' }): Promise<TokenPartialUser \| null>,\n getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'convex' }): Promise<TokenPartialUser \| null>,\n getPartialUser(options: GetCurrentPartialUserOptions<HasTokenStore>): Promise<SyncedPartialUser \| TokenPartialUser \| null>,\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'token' }): TokenPartialUser \| null,\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore> & { from: 'convex' }): TokenPartialUser \| null,\n usePartialUser(options: GetCurrentPartialUserOptions<HasTokenStore>): SyncedPartialUser \| TokenPartialUser \| null,\n useNavigate(): (to: string) => void, // THIS_LINE_PLATFORM react-like\n\n [hexclaveAppInternalsSymbol]: {\n toClientJson(): StackClientAppJson<HasTokenStore, ProjectId>,\n setCurrentUser(userJsonPromise: Promise<CurrentUserCrud['Client']['Read'] \| null>): void,\n getConstructorOptions(): StackClientAppConstructorOptions<HasTokenStore, ProjectId> & { inheritsFrom?: undefined },\n sendSessionReplayBatch(body: string, options: { keepalive: boolean }): Promise<Result<Response, Error>>,\n sendAnalyticsEventBatch(body: string, options: { keepalive: boolean }): Promise<Result<Response, Error>>,\n addRequestListener(listener: RequestListener): () => void,\n sendRequest(path: string, requestOptions: RequestInit, requestType?: \"client\" \| \"server\" \| \"admin\"): Promise<Response>,\n getRedirectMethod(): RedirectMethod,\n redirectToUrl(url: string \| URL, options?: { replace?: boolean }): Promise<void>,\n redirectToHandler(handlerName: keyof HandlerUrls, options?: RedirectToOptions): Promise<void>,\n signInWithTokens(tokens: { accessToken: string, refreshToken: string }): Promise<void>,\n },\n }\n & AsyncStoreProperty<\"project\", [], Project, false>\n & AsyncStoreProperty<\n \"item\",\n [{ itemId: string, userId: string } \| { itemId: string, teamId: string } \| { itemId: string, customCustomerId: string }],\n Item,\n false\n >\n & AsyncStoreProperty<\n \"products\",\n [options: CustomerProductsRequestOptions],\n CustomerProductsList,\n true\n >\n & AsyncStoreProperty<\n \"invoices\",\n [options: CustomerInvoicesRequestOptions],\n CustomerInvoicesList,\n true\n >\n & { [K in `redirectTo${Capitalize<keyof Omit<HandlerUrls, 'handler' \| 'oauthCallback'>>}`]: (options?: RedirectToOptions) => Promise<void> }\n & AuthLike<HasTokenStore extends false ? { tokenStore: TokenStoreInit } : { tokenStore?: TokenStoreInit }>\n);\n/* @deprecated Use `HexclaveClientAppConstructor` from the `@hexclave/` package instead — same symbol, new brand name. See https://docs.hexclave.com/migration. /\nexport type StackClientAppConstructor = {\n new <\n TokenStoreType extends string,\n HasTokenStore extends (TokenStoreType extends {} ? true : boolean),\n ProjectId extends string\n >(options: StackClientAppConstructorOptions<HasTokenStore, ProjectId>): StackClientApp<HasTokenStore, ProjectId>,\n new(options: StackClientAppConstructorOptions<boolean, string>): StackClientApp<boolean, string>,\n\n [hexclaveAppInternalsSymbol]: {\n fromClientJson<HasTokenStore extends boolean, ProjectId extends string>(\n json: StackClientAppJson<HasTokenStore, ProjectId>\n ): StackClientApp<HasTokenStore, ProjectId>,\n },\n};\nexport type HexclaveClientAppConstructorOptions<HasTokenStore extends boolean, ProjectId extends string> = StackClientAppConstructorOptions<HasTokenStore, ProjectId>;\nexport type HexclaveClientAppJson<HasTokenStore extends boolean, ProjectId extends string> = StackClientAppJson<HasTokenStore, ProjectId>;\nexport type HexclaveClientApp<HasTokenStore extends boolean = boolean, ProjectId extends string = string> = StackClientApp<HasTokenStore, ProjectId>;\nexport type HexclaveClientAppConstructor = StackClientAppConstructor;\nexport const HexclaveClientApp: HexclaveClientAppConstructor = _HexclaveClientAppImpl;\n/** @deprecated Use `HexclaveClientApp` from the `@hexclave/` package instead — same symbol, new brand name. See https://docs.hexclave.com/migration. /\nexport const StackClientApp: StackClientAppConstructor = HexclaveClientApp;\n"],"mappings":";;;;;AAiLA,MAAa,oBAAkDA;;AAE/D,MAAa,iBAA4C"}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "//": "THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY UNLESS YOU ALSO EDIT THE CORRESPONDING FILE IN packages/template (FOR package.json FILES, PLEASE EDIT package-template.json)",
   "name": "@hexclave/next",
-  "version": "1.0.16",
+  "version": "1.0.18",
   "repository": "https://github.com/hexclave/hexclave",
   "sideEffects": false,
   "main": "./dist/index.js",
@@ -75,9 +75,9 @@
     "rrweb": "^1.1.3",
     "tsx": "^4.21.0",
     "yup": "^1.7.1",
-    "@hexclave/sc": "1.0.16",
-    "@hexclave/shared": "1.0.16",
-    "@hexclave/ui": "1.0.16"
+    "@hexclave/sc": "1.0.18",
+    "@hexclave/shared": "1.0.18",
+    "@hexclave/ui": "1.0.18"
   },
   "peerDependencies": {
     "@types/react": ">=18.0.0",

package/src/dev-tool/dev-tool-styles.ts CHANGED Viewed

@@ -306,11 +306,14 @@ export const devToolCSS = getInPageUiBaseCSS('.hexclave-devtool') + `
   .hexclave-devtool .sdt-tab-pane {
     position: absolute;
     inset: 0;
+    display: none;
     overflow-y: auto;
     overflow-x: hidden;
     padding: 16px;
-    visibility: hidden;
+    background: var(--sdt-bg);
+    opacity: 0;
     pointer-events: none;
+    z-index: 0;
   }
   .hexclave-devtool .sdt-tab-pane-iframe {
@@ -319,20 +322,10 @@ export const devToolCSS = getInPageUiBaseCSS('.hexclave-devtool') + `
   }
   .hexclave-devtool .sdt-tab-pane-active {
-    visibility: visible;
+    display: block;
+    opacity: 1;
     pointer-events: auto;
-    animation: sdt-tab-fade-in 0.15s ease-out;
-  }
-  @keyframes sdt-tab-fade-in {
-    from {
-      opacity: 0;
-      transform: translateY(6px);
-    }
-    to {
-      opacity: 1;
-      transform: translateY(0);
-    }
+    z-index: 1;
   }
   /* ===== Overview tab — single column ===== */

package/src/lib/hexclave-app/apps/implementations/client-app-impl.ts CHANGED Viewed

@@ -67,7 +67,7 @@ import { EventTracker } from "./event-tracker";
 import type { CrossDomainHandoffParams } from "./redirect-page-urls";
 import { crossDomainAuthQueryParams, getCrossDomainHandoffParamsFromCurrentUrl, planRedirectToHandler } from "./redirect-page-urls";
 import { subscribeSessionRefresh } from "./session-refresh-subscription";
-import { AnalyticsOptions, SessionRecorder, analyticsOptionsFromJson, analyticsOptionsToJson } from "./session-replay";
+import { AnalyticsOptions, SessionRecorder, analyticsOptionsFromJson, analyticsOptionsToJson, getSessionReplayOptions } from "./session-replay";
 import { useAsyncCache } from "./common";
 import { mountClickmapOverlay } from "../../../../clickmap";
@@ -658,13 +658,14 @@ export class _HexclaveClientAppImplIncomplete<HasTokenStore extends boolean, Pro
     const analyticsEnabled = this._analyticsOptions?.enabled !== false;
-    if (analyticsEnabled && isBrowserLike() && this._hasPersistentTokenStore() && this._analyticsOptions?.replays?.enabled === true) {
+    const sessionReplayOptions = getSessionReplayOptions(this._analyticsOptions);
+    if (analyticsEnabled && isBrowserLike() && this._hasPersistentTokenStore() && sessionReplayOptions.enabled) {
       this._sessionRecorder = new SessionRecorder({
         projectId: this.projectId,
         sendBatch: async (body, opts) => {
           return await this._interface.sendSessionReplayBatch(body, await getAnalyticsSession(), opts);
         },
-      }, this._analyticsOptions.replays);
+      }, sessionReplayOptions);
       this._sessionRecorder.start();
     }

package/src/lib/hexclave-app/apps/implementations/event-tracker.test.ts CHANGED Viewed

@@ -389,4 +389,45 @@ describe("EventTracker", () => {
       tracker.stop();
     }
   });
+  it("silently disables when server responds with ANALYTICS_NOT_ENABLED", async () => {
+    vi.useFakeTimers();
+    document.body.innerHTML = "<button>Click me</button>";
+    const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => {});
+    const sentBodies: string[] = [];
+    const tracker = new EventTracker({
+      projectId: "internal",
+      sendBatch: async (body) => {
+        sentBodies.push(body);
+        return Result.ok(new Response(
+          JSON.stringify({ code: "ANALYTICS_NOT_ENABLED", error: "Analytics is not enabled for this project." }),
+          {
+            status: 400,
+            headers: { "x-stack-known-error": "ANALYTICS_NOT_ENABLED" },
+          },
+        ));
+      },
+    });
+    try {
+      tracker.start();
+      // First flush sends the initial page-view event; server rejects it.
+      await advancePastFlush();
+      expect(sentBodies).toHaveLength(1);
+      // No console.warn should have been emitted.
+      expect(warnSpy).not.toHaveBeenCalled();
+      // After disabling, new events should not accumulate or trigger further
+      // flushes.
+      document.querySelector("button")?.dispatchEvent(new MouseEvent("click", { bubbles: true }));
+      await advancePastFlush();
+      expect(sentBodies).toHaveLength(1);
+    } finally {
+      tracker.stop();
+      warnSpy.mockRestore();
+    }
+  });
 });

package/src/lib/hexclave-app/apps/implementations/event-tracker.ts CHANGED Viewed

@@ -112,6 +112,7 @@ type TrackedEvent = {
 export class EventTracker {
   private _started = false;
   private _cancelled = false;
+  private _disabled = false;
   private _detachListeners: (() => void) | null = null;
   private _flushTimer: ReturnType<typeof setInterval> | null = null;
   private _events: TrackedEvent[] = [];
@@ -177,6 +178,7 @@ export class EventTracker {
   }
   private _pushEvent(event: TrackedEvent) {
+    if (this._disabled) return;
     this._events.push(event);
     this._approxBytes += JSON.stringify(event).length;
     if (this._events.length >= MAX_EVENTS_PER_BATCH || this._approxBytes >= MAX_APPROX_BYTES_PER_BATCH) {
@@ -468,6 +470,8 @@ export class EventTracker {
   }
   private async _flush(options: { keepalive: boolean }) {
+    if (this._disabled) return;
     // A keepalive flush means the page is unloading — a click still awaiting
     // dead-click classification led to that unload, so it is alive by
     // definition and ships unmarked.
@@ -504,6 +508,18 @@ export class EventTracker {
     }
     if (!res.data.ok) {
+      // If the server tells us analytics is not enabled for this project,
+      // silently disable the tracker — no point retrying or warning the user.
+      const knownError = res.data.headers.get("x-hexclave-known-error") ?? res.data.headers.get("x-stack-known-error");
+      if (knownError === "ANALYTICS_NOT_ENABLED") {
+        this._disabled = true;
+        if (this._flushTimer !== null) {
+          clearInterval(this._flushTimer);
+          this._flushTimer = null;
+        }
+        this._teardown();
+        return;
+      }
       console.warn("EventTracker flush failed:", res.data.status, await res.data.text());
     }
   }

package/src/lib/hexclave-app/apps/implementations/session-replay.test.ts CHANGED Viewed

@@ -2,8 +2,23 @@
 //===========================================
 // THIS FILE IS AUTO-GENERATED FROM TEMPLATE. DO NOT EDIT IT DIRECTLY UNLESS YOU ALSO EDIT THE CORRESPONDING FILE IN packages/template
 //===========================================
-import { describe, expect, it } from "vitest";
-import { analyticsOptionsFromJson, analyticsOptionsToJson } from "./session-replay";
+// @vitest-environment jsdom
+import { describe, expect, it, vi } from "vitest";
+import { Result } from "@hexclave/shared/dist/utils/results";
+import { analyticsOptionsFromJson, analyticsOptionsToJson, getSessionReplayOptions, SessionRecorder } from "./session-replay";
+describe("session replay options", () => {
+  it("enables replays by default", () => {
+    expect(getSessionReplayOptions(undefined).enabled).toBe(true);
+    expect(getSessionReplayOptions({}).enabled).toBe(true);
+    expect(getSessionReplayOptions({ replays: {} }).enabled).toBe(true);
+  });
+  it("preserves explicit replay opt-out", () => {
+    expect(getSessionReplayOptions({ replays: { enabled: false } }).enabled).toBe(false);
+  });
+});
 describe("analytics option JSON conversion", () => {
   it("preserves top-level analytics options when serializing replay block classes", () => {
@@ -31,3 +46,71 @@ describe("analytics option JSON conversion", () => {
     expect(roundTripped?.replays?.blockClass).toEqual(/stack-sensitive/u);
   });
 });
+describe("SessionRecorder flush", () => {
+  it("silently disables when server responds with ANALYTICS_NOT_ENABLED", async () => {
+    vi.useFakeTimers();
+    // Seed localStorage with a valid session so _flush doesn't fail on getOrRotateSession
+    const storageKey = `hexclave:session-replay:v1:test-project`;
+    localStorage.setItem(storageKey, JSON.stringify({
+      session_id: "test-session",
+      created_at_ms: Date.now(),
+      last_activity_ms: Date.now(),
+    }));
+    const sentBodies: string[] = [];
+    const recorder = new SessionRecorder(
+      {
+        projectId: "test-project",
+        sendBatch: async (body) => {
+          sentBodies.push(body);
+          return Result.ok(new Response(
+            JSON.stringify({ code: "ANALYTICS_NOT_ENABLED", error: "Analytics is not enabled for this project." }),
+            {
+              status: 400,
+              headers: { "x-stack-known-error": "ANALYTICS_NOT_ENABLED" },
+            },
+          ));
+        },
+      },
+      {},
+    );
+    const warnSpy = vi.spyOn(console, "warn").mockImplementation(() => {});
+    try {
+      // Inject an event directly into the recorder's buffer to test flush behavior
+      // without needing rrweb. We access private fields for testing purposes.
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+      (recorder as any)._events = [{ type: 2, timestamp: Date.now(), data: {} }];
+      // Manually trigger a tick (which calls _flush)
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+      (recorder as any)._tick();
+      await vi.advanceTimersByTimeAsync(0);
+      // One batch should have been sent
+      expect(sentBodies).toHaveLength(1);
+      // No console.warn about "SessionRecorder flush failed" should have been emitted
+      const flushWarnings = warnSpy.mock.calls.filter(
+        (args) => typeof args[0] === "string" && args[0].includes("SessionRecorder")
+      );
+      expect(flushWarnings).toHaveLength(0);
+      // After disabling, pushing new events and triggering another tick should not send
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
+      (recorder as any)._events = [{ type: 3, timestamp: Date.now(), data: {} }];
+      // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-call
+      (recorder as any)._tick();
+      await vi.advanceTimersByTimeAsync(0);
+      expect(sentBodies).toHaveLength(1);
+    } finally {
+      recorder.stop();
+      warnSpy.mockRestore();
+      localStorage.removeItem(storageKey);
+      vi.useRealTimers();
+    }
+  });
+});

package/src/lib/hexclave-app/apps/implementations/session-replay.ts CHANGED Viewed

@@ -11,7 +11,7 @@ export type AnalyticsReplayOptions = {
   /**
    * Whether session replays are enabled.
    *
-   * @default false
+   * @default true
    */
   enabled?: boolean,
   /**
@@ -44,12 +44,19 @@ export type AnalyticsOptions = {
    */
   enabled?: boolean,
   /**
-   * Options for session replay recording. Replays are disabled by default;
-   * set `enabled: true` to opt in.
+   * Options for session replay recording. Replays are enabled by default;
+   * set `enabled: false` to opt out.
    */
   replays?: AnalyticsReplayOptions,
 };
+export function getSessionReplayOptions(analyticsOptions: AnalyticsOptions | undefined): AnalyticsReplayOptions {
+  return {
+    ...analyticsOptions?.replays,
+    enabled: analyticsOptions?.replays?.enabled ?? true,
+  };
+}
 /**
  * Converts AnalyticsOptions to a JSON-safe representation.
  * RegExp blockClass values are serialized as `{ __regexp, __flags }` objects.
@@ -161,6 +168,7 @@ export type SessionRecorderDeps = {
 export class SessionRecorder {
   private _started = false;
   private _cancelled = false;
+  private _disabled = false;
   private _stopRecording: (() => void) | null = null;
   private _detachListeners: (() => void) | null = null;
   private _flushTimer: ReturnType<typeof setInterval> | null = null;
@@ -228,6 +236,7 @@ export class SessionRecorder {
   }
   private async _flush(options: { keepalive: boolean }) {
+    if (this._disabled) return;
     if (this._events.length === 0) return;
     // Prevent concurrent in-flight HTTP requests. When a flush is already
     // in-flight, a second batch could race on the server (both call
@@ -265,6 +274,18 @@ export class SessionRecorder {
       }
       if (!res.data.ok) {
+        // If the server tells us analytics is not enabled for this project,
+        // silently disable the recorder — no point retrying or warning the user.
+        const knownError = res.data.headers.get("x-hexclave-known-error") ?? res.data.headers.get("x-stack-known-error");
+        if (knownError === "ANALYTICS_NOT_ENABLED") {
+          this._disabled = true;
+          if (this._flushTimer !== null) {
+            clearInterval(this._flushTimer);
+            this._flushTimer = null;
+          }
+          this._stopCurrentRecording();
+          return;
+        }
         captureWarning("SessionRecorder.flush", new Error(`SessionRecorder flush failed: ${res.data.status} ${await res.data.text()}`));
       }
     } finally {

package/src/lib/hexclave-app/apps/interfaces/client-app.ts CHANGED Viewed

@@ -40,8 +40,8 @@ export type StackClientAppConstructorOptions<HasTokenStore extends boolean, Proj
   noAutomaticPrefetch?: boolean,
   /**
-   * Options for analytics and session recording. Replays are disabled by default;
-   * set `{ replays: { enabled: true } }` to opt in.
+   * Options for analytics and session recording. Replays are enabled by default;
+   * set `{ replays: { enabled: false } }` to opt out.
    */
   analytics?: AnalyticsOptions,
 } & (