@sailfish-ai/recorder 1.10.2 → 1.10.4

package/dist/index.js

@@ -7,15 +7,26 @@ import { fetchAndSendIp } from "./sendSailfishMessages";
 import { readGitSha } from "./env";
 import { initializeErrorInterceptor } from "./errorInterceptor";
 import { fetchCaptureSettings, fetchFunctionSpanTrackingEnabled, sendDomainsToNotPropagateHeaderTo, startRecordingSession, } from "./graphql";
-import { setupIssueReporting } from "./inAppReportIssueModal";
-import { fetchIntegrationData, getIntegrationData, } from "./inAppReportIssueModal/integrations";
 import { sendMapUuidIfAvailable } from "./mapUuid";
 import { getUrlAndStoredUuids, initializeConsolePlugin, initializeDomContentEvents, initializeRecording, } from "./recording";
 import { HAS_DOCUMENT, HAS_LOCAL_STORAGE, HAS_SESSION_STORAGE, HAS_WINDOW, } from "./runtimeEnv";
-import { getOrSetSessionId } from "./session";
+import { ensureSessionListeners, getOrSetSessionId } from "./session";
 import { withAppUrlMetadata } from "./utils";
-import { clearStaleFuncSpanState, getFuncSpanHeader, isFunctionSpanTrackingEnabled, sendEvent, sendMessage, } from "./websocket";
+import { clearStaleFuncSpanState, getFuncSpanHeader, isFunctionSpanTrackingEnabled, restoreFuncSpanState, sendEvent, sendMessage, } from "./websocket";
 const DEBUG = readDebugFlag(); // A wrapper around fetch that suppresses connection refused errors
+// Regex cache for matchUrlWithWildcard() — avoids recompiling on every network request
+const _regexCache = new Map();
+function getCachedRegex(pattern, flags) {
+    const key = flags ? `${pattern}|${flags}` : pattern;
+    let re = _regexCache.get(key);
+    if (!re) {
+        re = new RegExp(pattern, flags);
+        _regexCache.set(key, re);
+    }
+    return re;
+}
+// Pre-built Set for O(1) static extension lookups (replaces linear STATIC_EXTENSIONS array scan)
+const STATIC_EXTENSIONS_SET = new Set(STATIC_EXTENSIONS.map(ext => ext.toLowerCase()));
 // Default list of domains to ignore
 const DOMAINS_TO_NOT_PROPAGATE_HEADER_TO_DEFAULT = [
     "t.co",
@@ -57,7 +68,7 @@ export const DEFAULT_CAPTURE_SETTINGS = {
     recordSsn: false,
     recordDob: false,
     sampling: {},
-    enableFiberTracking: true,
+    enableFiberTracking: false,
 };
 export const DEFAULT_CONSOLE_RECORDING_SETTINGS = {
     level: ["info", "log", "warn", "error"],
@@ -180,11 +191,7 @@ function sendTimeZone() {
     };
     sendMessage(message);
 }
-// Send standard information like userDeviceUuid and timeZone
-if (HAS_WINDOW) {
-    sendUserDeviceUuid();
-    sendTimeZone();
-}
+// Side effects deferred into startRecording() — see _ensureModuleSideEffects()
 // Function to get or set the device & program UUID in localStorage
 function getOrSetUserDeviceUuid() {
     let userDeviceUuid = null;
@@ -244,15 +251,32 @@ function clearPageVisitDataFromSessionStorage() {
     sessionStorage.removeItem("tabVisibilityChanged");
     sessionStorage.removeItem("tabVisibilityState");
 }
-// Initialize event listeners for visibility change and page unload
-if (HAS_DOCUMENT) {
-    document.addEventListener("visibilitychange", handleVisibilityChange);
-}
-if (HAS_WINDOW) {
-    window.addEventListener("beforeunload", () => {
-        // window.name = "";
-        clearPageVisitDataFromSessionStorage();
-    });
+// Visibility/beforeunload listeners are deferred — see _ensureModuleSideEffects()
+// One-time deferred side effects that were previously at module top-level.
+// Called once at the start of startRecording() to avoid import-time work.
+let _moduleSideEffectsInit = false;
+function _ensureModuleSideEffects() {
+    if (_moduleSideEffectsInit)
+        return;
+    _moduleSideEffectsInit = true;
+    // Restore funcspan state from localStorage (was an IIFE in websocket.tsx)
+    restoreFuncSpanState();
+    // Session beforeunload listener (was module-level in session.tsx)
+    ensureSessionListeners();
+    // Send standard information
+    if (HAS_WINDOW) {
+        sendUserDeviceUuid();
+        sendTimeZone();
+    }
+    // Visibility change and page unload listeners
+    if (HAS_DOCUMENT) {
+        document.addEventListener("visibilitychange", handleVisibilityChange);
+    }
+    if (HAS_WINDOW) {
+        window.addEventListener("beforeunload", () => {
+            clearPageVisitDataFromSessionStorage();
+        });
+    }
 }
 function storeCredentialsAndConnection({ apiKey, backendApi, }) {
     if (!HAS_SESSION_STORAGE)
@@ -311,8 +335,8 @@ export function matchUrlWithWildcard(input, patterns) {
         const normalizedPatternDomain = patternDomain
             .replace(/\./g, "\\.") // Escape dots for regex
             .replace(/\*/g, ".*"); // Replace '*' with regex to match any characters
-        // Create regex for the domain pattern
-        const domainRegex = new RegExp(`^${normalizedPatternDomain}$`, "i");
+        // Create regex for the domain pattern (cached)
+        const domainRegex = getCachedRegex(`^${normalizedPatternDomain}$`, "i");
         // Strip 'www.' from both the input domain and the pattern domain for comparison
         const strippedDomain = domain.startsWith("www.") ? domain.slice(4) : domain;
         // If pattern specifies a port, match the exact port
@@ -330,7 +354,7 @@ export function matchUrlWithWildcard(input, patterns) {
                 const normalizedPatternPath = patternPath
                     .replace(/\*/g, ".*") // Replace '*' with regex to match any characters
                     .replace(/\/$/, ""); // Remove trailing slashes from pattern
-                const pathRegex = new RegExp(`^/${normalizedPatternPath}`, "i");
+                const pathRegex = getCachedRegex(`^/${normalizedPatternPath}`, "i");
                 return pathRegex.test(pathname); // Match the path
             }
             return true; // Domain matched, no path required
@@ -343,7 +367,7 @@ export function matchUrlWithWildcard(input, patterns) {
             const normalizedPatternPath = patternPath
                 .replace(/\*/g, ".*") // Replace '*' with regex to match any characters
                 .replace(/\/$/, ""); // Remove trailing slashes from pattern
-            const pathRegex = new RegExp(`^/${normalizedPatternPath}`, "i");
+            const pathRegex = getCachedRegex(`^/${normalizedPatternPath}`, "i");
             return pathRegex.test(pathname); // Match the path
         }
         // If no path pattern, only the domain needs to match
@@ -359,11 +383,11 @@ function shouldSkipHeadersPropagation(url, domainsToNotPropagateHeaderTo = []) {
         // If we cannot parse, play it safe and do NOT inject headers.
         return true;
     }
-    // 1️⃣ STATIC ASSET EXCLUSIONS (by comprehensive file extension list)
-    for (const ext of STATIC_EXTENSIONS) {
-        if (urlObj.pathname.toLowerCase().endsWith(ext)) {
-            return true;
-        }
+    // 1️⃣ STATIC ASSET EXCLUSIONS (by comprehensive file extension list) — O(1) Set lookup
+    const lowerPathname = urlObj.pathname.toLowerCase();
+    const lastDotIdx = lowerPathname.lastIndexOf(".");
+    if (lastDotIdx !== -1 && STATIC_EXTENSIONS_SET.has(lowerPathname.slice(lastDotIdx))) {
+        return true;
     }
     // 2️⃣ WILDCARD-BASED EXCLUSION (domain + path)
     // Pass patterns like ["*.cdn.com/*", "api.example.com/v1/*"]
@@ -377,7 +401,7 @@ function shouldSkipHeadersPropagation(url, domainsToNotPropagateHeaderTo = []) {
     return false;
 }
 // Updated XMLHttpRequest interceptor with domain exclusion
-function setupXMLHttpRequestInterceptor(domainsToNotPropagateHeaderTo = []) {
+function setupXMLHttpRequestInterceptor(domainsToNotPropagateHeaderTo = [], bodyCaptureConfig = { captureStreamingResponseBody: true, captureResponseBodyMaxMb: 10, captureStreamPrefixKb: 64, captureStreamTimeoutMs: 10000 }) {
     const originalOpen = XMLHttpRequest.prototype.open;
     const originalSend = XMLHttpRequest.prototype.send;
     const originalSetRequestHeader = XMLHttpRequest.prototype.setRequestHeader;
@@ -480,9 +504,23 @@ function setupXMLHttpRequestInterceptor(domainsToNotPropagateHeaderTo = []) {
             const status = this.status || 0;
             let responseData;
             let responseHeaders = null;
+            const maxBodyBytes = bodyCaptureConfig.captureResponseBodyMaxMb * 1024 * 1024;
             try {
-                // Try to capture response data
-                responseData = this.responseText || this.response;
+                if (bodyCaptureConfig.captureResponseBodyMaxMb === 0) {
+                    // Body capture disabled
+                    responseData = null;
+                }
+                else {
+                    // Try to capture response data
+                    const rawData = this.responseText || this.response;
+                    if (typeof rawData === 'string' && rawData.length > maxBodyBytes) {
+                        // Response exceeds size limit — skip
+                        responseData = null;
+                    }
+                    else {
+                        responseData = rawData;
+                    }
+                }
             }
             catch (e) {
                 // Response might not be accessible in some cases
@@ -530,9 +568,93 @@ function setupXMLHttpRequestInterceptor(domainsToNotPropagateHeaderTo = []) {
     };
 }
 // Updated fetch interceptor with exclusion handling
-function setupFetchInterceptor(domainsToNotPropagateHeadersTo = []) {
+function setupFetchInterceptor(domainsToNotPropagateHeadersTo = [], bodyCaptureConfig = { captureStreamingResponseBody: true, captureResponseBodyMaxMb: 10, captureStreamPrefixKb: 64, captureStreamTimeoutMs: 10000 }) {
     const originalFetch = window.fetch;
     const sessionId = getOrSetSessionId();
+    // --- Streaming detection helpers ---
+    // Content types that indicate a streaming response.
+    // These responses should NOT have their body fully consumed — only a limited prefix is captured.
+    const STREAMING_CONTENT_TYPES = [
+        'text/event-stream', // Server-Sent Events (SSE)
+        'application/x-ndjson', // Newline-delimited JSON
+        'application/stream+json', // Spring WebFlux / reactive streams
+        'application/grpc', // gRPC-Web
+        'application/grpc-web', // gRPC-Web alternative
+    ];
+    // Content types where body capture should be skipped entirely (binary data as text is useless).
+    const SKIP_BODY_CONTENT_TYPES = [
+        'application/octet-stream',
+    ];
+    function isStreamingResponse(response) {
+        const contentType = response.headers.get('content-type');
+        if (!contentType)
+            return false;
+        const lowerCT = contentType.toLowerCase();
+        return STREAMING_CONTENT_TYPES.some(t => lowerCT.includes(t));
+    }
+    function shouldSkipBodyCapture(response) {
+        const contentType = response.headers.get('content-type');
+        if (!contentType)
+            return false;
+        const lowerCT = contentType.toLowerCase();
+        return SKIP_BODY_CONTENT_TYPES.some(t => lowerCT.includes(t));
+    }
+    /**
+     * Reads a limited prefix from a cloned response's ReadableStream body.
+     * Respects a byte limit and timeout. Cancels the reader when done to free resources.
+     * Returns the captured text or null on error.
+     */
+    async function readStreamPrefix(clonedResponse, maxBytes, timeoutMs) {
+        const body = clonedResponse.body;
+        if (!body)
+            return null;
+        const reader = body.getReader();
+        const decoder = new TextDecoder();
+        const chunks = [];
+        let totalBytes = 0;
+        const readWithLimit = async () => {
+            try {
+                while (totalBytes < maxBytes) {
+                    const { done, value } = await reader.read();
+                    if (done)
+                        break;
+                    totalBytes += value.byteLength;
+                    chunks.push(decoder.decode(value, { stream: true }));
+                }
+                // Flush the decoder
+                chunks.push(decoder.decode());
+                return chunks.join('');
+            }
+            catch {
+                return chunks.length > 0 ? chunks.join('') : null;
+            }
+            finally {
+                try {
+                    reader.cancel();
+                }
+                catch { /* ignore */ }
+            }
+        };
+        try {
+            return await Promise.race([
+                readWithLimit(),
+                new Promise((resolve) => setTimeout(() => {
+                    try {
+                        reader.cancel();
+                    }
+                    catch { /* ignore */ }
+                    resolve(chunks.length > 0 ? chunks.join('') : null);
+                }, timeoutMs)),
+            ]);
+        }
+        catch {
+            try {
+                reader.cancel();
+            }
+            catch { /* ignore */ }
+            return null;
+        }
+    }
     window.fetch = new Proxy(originalFetch, {
         apply: async (target, thisArg, args) => {
             let input = args[0];
@@ -573,19 +695,21 @@ function setupFetchInterceptor(domainsToNotPropagateHeadersTo = []) {
         // Capture request headers and body
         let requestHeaders = {};
         let requestBody;
+        // For Request inputs, we clone BEFORE fetch (since fetch consumes the body)
+        // but defer .text() read to avoid blocking
+        let requestBodyClone = null;
         try {
             if (input instanceof Request) {
                 // Extract headers from Request object
                 input.headers.forEach((value, key) => {
                     requestHeaders[key] = value;
                 });
-                // Try to clone and read body if present
+                // Clone the Request NOW (before fetch consumes it) for deferred body reading
                 try {
-                    const clonedRequest = input.clone();
-                    requestBody = await clonedRequest.text();
+                    requestBodyClone = input.clone();
                 }
                 catch (e) {
-                    requestBody = null;
+                    requestBodyClone = null;
                 }
             }
             else {
@@ -605,7 +729,7 @@ function setupFetchInterceptor(domainsToNotPropagateHeadersTo = []) {
                         requestHeaders = { ...init.headers };
                     }
                 }
-                // Capture request body
+                // Capture request body (non-blocking for string/object bodies)
                 requestBody = init.body;
             }
         }
@@ -643,20 +767,7 @@ function setupFetchInterceptor(domainsToNotPropagateHeadersTo = []) {
             const status = response.status;
             const success = response.ok;
             const error = success ? "" : `Request Error: ${response.statusText}`;
-            // Capture response data
-            let responseData;
-            try {
-                // Clone the response so we don't consume the original stream
-                const clonedResponse = response.clone();
-                responseData = await clonedResponse.text();
-            }
-            catch (e) {
-                if (DEBUG) {
-                    console.warn("[Sailfish] Failed to capture response data:", e);
-                }
-                responseData = null;
-            }
-            // Capture response headers
+            // Capture response headers (non-blocking — just reads header map)
             let responseHeaders = null;
             try {
                 responseHeaders = {};
@@ -670,8 +781,8 @@ function setupFetchInterceptor(domainsToNotPropagateHeadersTo = []) {
                 }
                 responseHeaders = null;
             }
-            // Emit 'networkRequestFinished' event
-            const eventData = {
+            // Build the base event data (response_body filled asynchronously below)
+            const baseEventData = {
                 type: NetworkRequestEventId,
                 timestamp: endTime,
                 sessionId,
@@ -689,11 +800,75 @@ function setupFetchInterceptor(domainsToNotPropagateHeadersTo = []) {
                     request_headers: requestHeaders,
                     request_body: requestBody,
                     response_headers: responseHeaders,
-                    response_body: responseData,
+                    response_body: null,
                 },
                 ...urlAndStoredUuids,
             };
-            sendEvent(eventData);
+            // Helper to resolve deferred request body and send event
+            const sendEventWithBody = (responseData) => {
+                baseEventData.data.response_body = responseData;
+                if (requestBodyClone) {
+                    requestBodyClone.text().then((body) => { baseEventData.data.request_body = body; sendEvent(baseEventData); }, () => { sendEvent(baseEventData); });
+                }
+                else {
+                    sendEvent(baseEventData);
+                }
+            };
+            const maxBodyBytes = bodyCaptureConfig.captureResponseBodyMaxMb * 1024 * 1024;
+            // --- Determine body capture strategy and return response IMMEDIATELY ---
+            if (bodyCaptureConfig.captureResponseBodyMaxMb === 0) {
+                // All body capture disabled
+                sendEventWithBody(null);
+            }
+            else if (shouldSkipBodyCapture(response)) {
+                // Binary content type — text capture is useless
+                sendEventWithBody(null);
+            }
+            else if (isStreamingResponse(response)) {
+                // Streaming response
+                if (bodyCaptureConfig.captureStreamingResponseBody) {
+                    // Tee the stream: clone, capture limited prefix in background, cancel reader when done
+                    try {
+                        const clonedResponse = response.clone();
+                        readStreamPrefix(clonedResponse, bodyCaptureConfig.captureStreamPrefixKb * 1024, bodyCaptureConfig.captureStreamTimeoutMs).then((prefix) => sendEventWithBody(prefix), () => sendEventWithBody(null));
+                    }
+                    catch {
+                        sendEventWithBody(null);
+                    }
+                }
+                else {
+                    // Streaming body capture disabled — don't clone, send immediately
+                    sendEventWithBody(null);
+                }
+            }
+            else {
+                // Non-streaming response — check Content-Length against size limit
+                const contentLength = response.headers.get('content-length');
+                const declaredSize = contentLength ? parseInt(contentLength, 10) : NaN;
+                if (!isNaN(declaredSize) && declaredSize > maxBodyBytes) {
+                    // Response too large — skip body capture
+                    sendEventWithBody(null);
+                }
+                else {
+                    // Clone and read body asynchronously (fire-and-forget)
+                    try {
+                        const clonedResponse = response.clone();
+                        clonedResponse.text().then((text) => {
+                            // Double-check actual size after reading (Content-Length may be absent/wrong)
+                            if (text.length > maxBodyBytes) {
+                                sendEventWithBody(null);
+                            }
+                            else {
+                                sendEventWithBody(text);
+                            }
+                        }, () => sendEventWithBody(null));
+                    }
+                    catch {
+                        sendEventWithBody(null);
+                    }
+                }
+            }
+            // CRITICAL: Return response to caller IMMEDIATELY — never block on body capture
             return response;
         }
         catch (error) {
@@ -706,6 +881,16 @@ function setupFetchInterceptor(domainsToNotPropagateHeadersTo = []) {
                 // CORS/network failure: exclude just this path
                 return target.apply(thisArg, args);
             }
+            // Resolve deferred request body for error telemetry
+            let resolvedRequestBody = requestBody;
+            if (requestBodyClone) {
+                try {
+                    resolvedRequestBody = await requestBodyClone.text();
+                }
+                catch {
+                    resolvedRequestBody = null;
+                }
+            }
             const eventData = {
                 type: NetworkRequestEventId,
                 timestamp: endTime,
@@ -721,7 +906,7 @@ function setupFetchInterceptor(domainsToNotPropagateHeadersTo = []) {
                     method,
                     url,
                     request_headers: requestHeaders,
-                    request_body: requestBody,
+                    request_body: resolvedRequestBody,
                     response_body: null,
                 },
                 ...urlAndStoredUuids,
@@ -824,7 +1009,9 @@ function getMapUuidFromWindow() {
 // Note - we do NOT send serviceIdentifier because
 // it would be 1 serviceIdentifier per frontend user session,
 // which is very wasteful
-export async function startRecording({ apiKey, backendApi = "https://api-service.sailfishqa.com", domainsToPropagateHeaderTo = [], domainsToNotPropagateHeaderTo = [], serviceVersion, serviceIdentifier, gitSha, serviceAdditionalMetadata, enableIpTracking, }) {
+export async function startRecording({ apiKey, backendApi = "https://api-service.sailfishqa.com", domainsToPropagateHeaderTo = [], domainsToNotPropagateHeaderTo = [], serviceVersion, serviceIdentifier, gitSha, serviceAdditionalMetadata, enableIpTracking, captureStreamingResponseBody = true, captureResponseBodyMaxMb = 10, captureStreamPrefixKb = 64, captureStreamTimeoutMs = 10000, }) {
+    // Initialize deferred module-level side effects (one-time)
+    _ensureModuleSideEffects();
     const effectiveGitSha = gitSha ?? readGitSha();
     const effectiveServiceIdentifier = serviceIdentifier ?? "";
     const effectiveServiceVersion = serviceVersion ?? "";
@@ -895,13 +1082,20 @@ export async function startRecording({ apiKey, backendApi = "https://api-service
         ], backendApi).catch((error) => console.error("Failed to send domains to not propagate header to:", error));
         g.sentDoNotPropagateOnce = true;
     }
+    // Network body capture config
+    const bodyCaptureConfig = {
+        captureStreamingResponseBody,
+        captureResponseBodyMaxMb,
+        captureStreamPrefixKb,
+        captureStreamTimeoutMs,
+    };
     // Patch XHR/fetch once per window
     if (!g.xhrPatched) {
-        setupXMLHttpRequestInterceptor(domainsToNotPropagateHeaderTo);
+        setupXMLHttpRequestInterceptor(domainsToNotPropagateHeaderTo, bodyCaptureConfig);
         g.xhrPatched = true;
     }
     if (!g.fetchPatched) {
-        setupFetchInterceptor(domainsToNotPropagateHeaderTo);
+        setupFetchInterceptor(domainsToNotPropagateHeaderTo, bodyCaptureConfig);
         g.fetchPatched = true;
     }
     gatherAndCacheDeviceInfo();
@@ -967,9 +1161,14 @@ export const initRecorder = async (options) => {
                 g.hasLoggedInitOnce = true;
             }
             await startRecording(options);
-            // Set up the issue reporting UI once
+            // Set up the issue reporting UI once (lazy-loaded)
             if (!g.issueReportingInit) {
                 const backendApiUrl = options.backendApi ?? "https://api-service.sailfishqa.com";
+                // Dynamically import issue reporting modules to reduce initial bundle
+                const [{ setupIssueReporting }, { fetchIntegrationData, getIntegrationData }] = await Promise.all([
+                    import("./inAppReportIssueModal"),
+                    import("./inAppReportIssueModal/integrations"),
+                ]);
                 // Fetch integration data before setting up issue reporting
                 let integrationData = null;
                 try {