@openreplay/tracker 17.2.9 → 17.2.11

package/dist/cjs/main/app/canvas.d.ts

@@ -24,6 +24,12 @@ declare class CanvasRecorder {
     private isProcessingQueue;
     constructor(app: App, options: Options);
     startTracking(): void;
+    /**
+     * Reacts to a runtime sanitization change on a canvas: stop capturing if it
+     * just became masked, start if it just became visible. (Already-sent frames
+     * can't be retracted — escalation only stops future capture.)
+     */
+    resanitizeCanvas: (node: Node, id: number) => void;
     restartTracking: () => void;
     captureCanvas: (node: Node) => void;
     recordCanvas: (node: Node, id: number) => void;

package/dist/cjs/main/app/index.d.ts

@@ -8,7 +8,7 @@ import Nodes from './nodes/index.js';
 import type { Options as ObserverOptions } from './observer/top_observer.js';
 import Observer from './observer/top_observer.js';
 import type { Options as SanitizerOptions } from './sanitizer.js';
-import Sanitizer from './sanitizer.js';
+import Sanitizer, { SanitizeLevel } from './sanitizer.js';
 import type { Options as SessOptions } from './session.js';
 import Session from './session.js';
 import Ticker from './ticker.js';
@@ -129,6 +129,7 @@ export default class App {
     readonly ticker: Ticker;
     readonly projectKey: string;
     readonly sanitizer: Sanitizer;
+    private readonly resanitizeCallbacks;
     readonly debug: Logger;
     readonly notify: Logger;
     readonly session: Session;
@@ -170,11 +171,72 @@ export default class App {
     /** used by child iframes for crossdomain only */
     parentActive: boolean;
     checkStatus: () => boolean;
+    /** child-side crossdomain debug state (only meaningful when insideIframe) */
+    private lastTokenReceived;
+    private lastParentMsgAt;
+    private lastSentToParentAt;
+    private iframeDebugInterval;
+    /** stamp every outbound post to the parent window, for the child debug snapshot */
+    private markSentToParent;
+    /**
+     * Child-side counterpart of emitCrossdomainDebug: once per minute an iframe posts an
+     * encoded snapshot of its own tracking state up to the parent, which records it as a
+     * console log. Posted directly (not via this.send) so it is reported even when the
+     * child is NOT active — an inactive/orphaned child is exactly what we want to catch.
+     */
+    private emitIframeDebug;
     parentCrossDomainFrameListener: (event: MessageEvent) => void;
     trackedFrames: string[];
+    /** every context that has been enrolled at least once, to tell an orphan (re-adopt) apart
+     *  from a brand-new child still mid-enrollment (leave alone). */
+    private everTrackedFrames;
     private frameLastSeen;
+    /** crossdomain debug diagnostics, reported once per minute as an encoded console log */
+    private frameOrigin;
+    private frameAnyLastSeen;
+    private frameBatchLastSeen;
+    private frameLastSent;
+    private xdomainDebugInterval;
+    /** last time we re-adopted a given orphaned context, to avoid restart spam */
+    private reAdoptCooldown;
+    private readonly RE_ADOPT_COOLDOWN_MS;
+    /**
+     * Stable, collision-free frame-order allocation. Node ids are partitioned by
+     * (frameLevel, frameOrder) via pack() — every (level, order) owns its own id block, so
+     * two simultaneously-live frames sharing an order at the same level corrupt each other's
+     * node trees and one stops rendering. The previous `trackedFrames.findIndex+1` derived
+     * order from a mutable array index, and pruneStaleFrames()'s .filter() shifts those
+     * indices, so a newly enrolled frame could be handed an order still in use by a live
+     * (but pruned) frame. We instead assign each context a persistent order, unique among all
+     * non-recycled contexts at its level, freed only when the context is GC'd (truly gone).
+     */
+    private frameAlloc;
+    private usedOrdersByLevel;
+    private allocateFrameOrder;
+    private freeFrameOrder;
     private readonly FRAME_STALE_MS;
     private pruneStaleFrames;
+    /** records the last command/signal we posted to a given child iframe context (debug) */
+    private recordSentToFrame;
+    /**
+     * Self-heal for the "kill-then-prune orphan" race: a live child can fall out of
+     * `trackedFrames` (its 250ms poll was delayed past FRAME_STALE_MS during the parent's
+     * stop/start NotActive gap, so pruneStaleFrames evicted it). It keeps polling but the
+     * only re-enrollment path is an `iframeSignal`, which a stopped/active-but-orphaned
+     * child never re-emits — so it would record nothing forever. When we (the parent) are
+     * active and see a poll from an un-tracked context, push a `startIframe` so the child
+     * restarts, re-runs the full handshake and re-observes with a fresh rootId. Cooldowned
+     * so we don't spam restarts during the child's start window.
+     */
+    private reAdoptOrphanFrame;
+    /**
+     * Once per minute: emit an encoded console log from the parent tracker describing every
+     * tracked child iframe and the freshness of our two-way communication with it. Lets us
+     * see in replay which crossdomain iframe went silent and on which leg of the handshake.
+     */
+    /** drop debug entries for contexts we have neither heard from nor messaged in this long */
+    private readonly XDOMAIN_DEBUG_RETENTION_MS;
+    private emitCrossdomainDebug;
     crossDomainIframeListener: (event: MessageEvent) => void;
     /**
      * { command : [remaining iframes] }
@@ -292,6 +354,10 @@ export default class App {
     private userStartCallback?;
     private _start;
     restartCanvasTracking: () => void;
+    attachResanitizeCallback: (cb: (node: Node, id: number) => void) => void;
+    callResanitizeCallbacks: (node: Node, id: number) => void;
+    resanitize: (el?: Element) => void;
+    checkSanitization: (el: Node) => SanitizeLevel | undefined;
     flushBuffer: (buffer: Message[]) => Promise<unknown>;
     waitStart(): Promise<unknown>;
     waitStarted(): Promise<unknown>;

package/dist/cjs/main/app/observer/observer.d.ts

@@ -53,6 +53,16 @@ export default abstract class Observer {
     private commitNode;
     private commitNodes;
     protected observeRoot(node: Node, beforeCommit: (id?: number) => unknown, nodeToBind?: Node): void;
+    /**
+     * Re-evaluates sanitization for every tracked node in `root`'s subtree against
+     * the current DOM and re-emits whatever changed. Pass the highest node you
+     * changed (or the document root) so inherited levels propagate correctly.
+     */
+    resanitizeSubtree(root: Node): void;
+    private resanitizeNode;
+    private recreateSubtree;
+    private clearSubtreeRegistration;
+    private reemitNode;
     disconnect(): void;
 }
 export {};

package/dist/cjs/main/app/sanitizer.d.ts

@@ -35,8 +35,7 @@ export interface Options {
 }
 export declare const stringWiper: (input: string) => string;
 export default class Sanitizer {
-    private readonly obscured;
-    private readonly hidden;
+    private readonly levels;
     private readonly options;
     readonly privateMode: boolean;
     private readonly app;
@@ -44,7 +43,10 @@ export default class Sanitizer {
         app: App;
         options?: Partial<Options>;
     });
-    handleNode(id: number, parentID: number, node: Node): Set<number> | undefined;
+    computeLevel(node: Node, parentLevel: SanitizeLevel): SanitizeLevel;
+    getLevel(id: number): SanitizeLevel;
+    setLevel(id: number, level: SanitizeLevel): SanitizeLevel;
+    handleNode(id: number, parentID: number, node: Node): void;
     sanitize(id: number, data: string): string;
     isObscured(id: number): boolean;
     isHidden(id: number): boolean;

package/dist/cjs/main/index.d.ts

@@ -47,6 +47,21 @@ export default class API {
     checkDoNotTrack: () => boolean | undefined;
     signalStartIssue: (reason: string, missingApi: string[]) => void;
     restartCanvasTracking: () => void;
+    /**
+     * Re-evaluates sanitization against the current DOM and re-emits whatever
+     * changed, updating already-recorded nodes mid-session. Call after toggling
+     * `data-openreplay-*` attributes or after changing whatever your `domSanitizer`
+     * keys on (class/id/etc).
+     *
+     * @param el - the highest node you changed; omit to re-scan the whole document;
+     * scanning the entire doc is O(dom size)
+     * */
+    resanitize: (el?: Element) => void;
+    /**
+     * Returns the sanitization level the tracker currently has for a node
+     * (0 = Plain, 1 = Obscured, 2 = Hidden), or undefined if it isn't tracked.
+     * */
+    checkSanitization: (el: Node) => import("./app/sanitizer.js").SanitizeLevel | undefined;
     use<T>(fn: (app: App | null, options?: Partial<Options>) => T): T;
     isActive(): boolean;
     /**
@@ -103,9 +118,9 @@ export default class API {
     }) => string | undefined;
     setUserID: (id: string) => void;
     identify: (id: string) => void;
-    track: ((eventName: string, properties?: Record<string, any>, options?: {
+    track: (eventName: string, properties?: Record<string, any>, options?: {
         send_immediately: boolean;
-    }) => void) | undefined;
+    }) => void | undefined;
     userID: (id: string) => void;
     setUserAnonymousID(id: string): void;
     userAnonymousID(id: string): void;

package/dist/cjs/main/singleton.d.ts

@@ -16,7 +16,7 @@ declare class TrackerSingleton {
      * (which can be used to stitch sessions together)
      * */
     stop(): string | undefined;
-    setUserID(id: string): void;
+    setUserID: (id: string) => void;
     get analytics(): import("./entry.js").Analytics | null;
     identify: (id: string) => void;
     track: (eventName: string, properties?: Record<string, any>, options?: {
@@ -101,6 +101,30 @@ declare class TrackerSingleton {
     forceFlushBatch(): void;
     getSessionInfo(): import("./app/session.js").SessionInfo | null;
     getTabId(): string | null;
+    /**
+     * Re-evaluates sanitization against the current DOM and re-emits whatever
+     * changed, updating already-recorded nodes mid-session. Call after toggling
+     * `data-openreplay-*` attributes or after changing whatever your `domSanitizer`
+     * keys on (class/id/etc).
+     *
+     * @param el - the highest node you changed; omit to re-scan the whole document.
+     * */
+    resanitize(el?: Element): void;
+    /**
+     * Returns the sanitization level the tracker currently has for a node
+     * (0 = Plain, 1 = Obscured, 2 = Hidden), or undefined if it isn't tracked.
+     * */
+    checkSanitization(el: Node): import("./index.js").SanitizeLevel | undefined;
+    incident(options: {
+        label?: string;
+        startTime: number;
+        endTime?: number;
+    }): void;
+    /**
+     * Use custom token for analytics events without session recording
+     * */
+    setAnalyticsToken(token: string): void;
+    getAnalyticsToken(): string | undefined;
 }
 declare const tracker: TrackerSingleton;
 export default tracker;