@sailfish-ai/recorder 1.11.6 → 1.12.4

package/dist/clockSync.js

@@ -0,0 +1,196 @@
+// Browser → server clock synchronization.
+//
+// Browser wall time (Date.now()) is untrustworthy: users can have wrong system
+// clocks, NTP can jump them, sleep/resume can drift them, and they can be
+// spoofed. We need every event to carry a server-comparable timestamp.
+//
+// Strategy: NTP-style handshake over the existing WebSocket. The browser
+// records performance.now() before and after each handshake; the server
+// returns its receive/send wall times. From those we compute RTT and a
+// midpoint-aligned estimate of (serverWall - browserMonotonic), which we then
+// add to performance.now() at any later moment to estimate server wall time.
+//
+// performance.now() is preferred over Date.now() because it is monotonic and
+// unaffected by user clock changes mid-session.
+const HAS_WINDOW = typeof window !== "undefined";
+const HAS_PERFORMANCE = typeof performance !== "undefined" && typeof performance.now === "function";
+// Caps how many samples we retain. We only ever rank-select a few; the rest
+// are pruned on age so we don't grow unbounded across a long session.
+const MAX_SAMPLES = 20;
+const MAX_SAMPLE_AGE_MS = 10 * 60 * 1000; // 10 minutes
+// Filter cutoff: samples with RTT above this are not considered usable.
+const MAX_USABLE_RTT_MS = 500;
+// Number of best (lowest-RTT) samples we take the median over.
+const BEST_SAMPLE_COUNT = 5;
+// Browser monotonic clock. Falls back to Date.now() when performance is
+// unavailable (SSR / very old runtimes).
+export function monotonicNow() {
+    return HAS_PERFORMANCE ? performance.now() : Date.now();
+}
+export function timeOriginMs() {
+    return HAS_PERFORMANCE ? performance.timeOrigin : 0;
+}
+class ClockSyncManager {
+    samples = [];
+    pending = new Map();
+    estimatedOffsetMs = null;
+    bestRttMs = null;
+    lastSyncMonoMs = null;
+    // Begins a sync exchange. The caller is responsible for actually sending
+    // the request payload — we just record what we need to correlate the reply.
+    beginSync(requestId) {
+        const entry = {
+            requestId,
+            clientSendMonoMs: monotonicNow(),
+        };
+        this.pending.set(requestId, entry);
+        return entry;
+    }
+    // Drops a pending request without recording a sample. Use when a request
+    // times out or the websocket closes while it was in flight.
+    abandonSync(requestId) {
+        this.pending.delete(requestId);
+    }
+    // Process a server reply. Returns the sample we recorded, or null if the
+    // requestId was unknown (late reply after abandon, duplicate, etc.).
+    recordTimeSyncResponse(body) {
+        const pending = this.pending.get(body.requestId);
+        if (!pending)
+            return null;
+        this.pending.delete(body.requestId);
+        const clientReceiveMonoMs = monotonicNow();
+        const rttMs = clientReceiveMonoMs - pending.clientSendMonoMs;
+        if (rttMs < 0 || !isFinite(rttMs))
+            return null;
+        const clientMidpointMono = (pending.clientSendMonoMs + clientReceiveMonoMs) / 2;
+        const serverMidpointWall = (body.serverReceivedAtMs + body.serverSentAtMs) / 2;
+        const estimatedOffsetMs = serverMidpointWall - clientMidpointMono;
+        const sample = {
+            clientSendMonoMs: pending.clientSendMonoMs,
+            clientReceiveMonoMs,
+            serverReceiveWallMs: body.serverReceivedAtMs,
+            serverSendWallMs: body.serverSentAtMs,
+            rttMs,
+            estimatedOffsetMs,
+            browserWallAtSyncMs: Date.now(),
+        };
+        this.samples.push(sample);
+        this.pruneSamples(clientReceiveMonoMs);
+        this.recompute(clientReceiveMonoMs);
+        return sample;
+    }
+    // Returns null when no estimate is available yet.
+    estimateServerTime(monoMs) {
+        if (this.estimatedOffsetMs == null)
+            return null;
+        return this.estimatedOffsetMs + monoMs;
+    }
+    getSyncMetadata() {
+        const now = monotonicNow();
+        const syncAgeMs = this.lastSyncMonoMs != null ? now - this.lastSyncMonoMs : null;
+        return {
+            offsetMs: this.estimatedOffsetMs,
+            rttMs: this.bestRttMs,
+            syncAgeMs,
+        };
+    }
+    // Difference between browser wall clock and estimated server wall clock at
+    // the time of the most recent sample. Positive means browser clock is ahead.
+    getBrowserClockSkewMs() {
+        if (this.samples.length === 0)
+            return null;
+        const latest = this.samples[this.samples.length - 1];
+        const serverWallAtLatest = latest.estimatedOffsetMs + latest.clientReceiveMonoMs;
+        return latest.browserWallAtSyncMs - serverWallAtLatest;
+    }
+    reset() {
+        this.samples = [];
+        this.pending.clear();
+        this.estimatedOffsetMs = null;
+        this.bestRttMs = null;
+        this.lastSyncMonoMs = null;
+    }
+    pruneSamples(nowMono) {
+        if (this.samples.length === 0)
+            return;
+        const cutoff = nowMono - MAX_SAMPLE_AGE_MS;
+        this.samples = this.samples.filter((s) => s.clientReceiveMonoMs >= cutoff);
+        if (this.samples.length > MAX_SAMPLES) {
+            this.samples = this.samples.slice(this.samples.length - MAX_SAMPLES);
+        }
+    }
+    recompute(nowMono) {
+        const usable = this.samples
+            .filter((s) => s.rttMs <= MAX_USABLE_RTT_MS)
+            .sort((a, b) => a.rttMs - b.rttMs)
+            .slice(0, BEST_SAMPLE_COUNT);
+        if (usable.length === 0) {
+            // No usable samples; keep last known offset but mark no-recent-sync.
+            // (We still update lastSyncMonoMs so the caller can see we tried.)
+            this.lastSyncMonoMs = nowMono;
+            this.bestRttMs = null;
+            return;
+        }
+        const offsets = usable
+            .map((s) => s.estimatedOffsetMs)
+            .sort((a, b) => a - b);
+        this.estimatedOffsetMs = offsets[Math.floor(offsets.length / 2)];
+        this.bestRttMs = usable[0].rttMs;
+        this.lastSyncMonoMs = nowMono;
+    }
+}
+// Singleton — every consumer in the SDK shares one offset state. Created
+// lazily so SSR imports don't need any browser globals.
+let _instance = null;
+export function getClockSyncManager() {
+    if (!_instance) {
+        _instance = new ClockSyncManager();
+    }
+    return _instance;
+}
+// Convenience wrappers for callers that don't care about the instance.
+export function estimateServerTime(monoMs) {
+    return getClockSyncManager().estimateServerTime(monoMs);
+}
+export function getClockSyncMetadata() {
+    return getClockSyncManager().getSyncMetadata();
+}
+// Builds the `client` and `serverEstimated` envelope attached to every event.
+// `capturedMonoMs` should be performance.now() captured at the moment the
+// event occurred (not when it was eventually flushed).
+export function buildEventTimeEnvelope(capturedMonoMs, capturedWallMs) {
+    const mgr = getClockSyncManager();
+    const meta = mgr.getSyncMetadata();
+    const eventTimeMs = mgr.estimateServerTime(capturedMonoMs);
+    return {
+        client: {
+            wallTimeMs: capturedWallMs,
+            monotonicMs: capturedMonoMs,
+            timeOriginMs: timeOriginMs(),
+        },
+        serverEstimated: {
+            eventTimeMs,
+            offsetMs: meta.offsetMs,
+            rttMs: meta.rttMs,
+            syncAgeMs: meta.syncAgeMs,
+        },
+    };
+}
+// Capture-at-source helper for callers that want to stamp the moment the
+// event happened, not the moment sendEvent runs (e.g. after a network body
+// has finished reading). The enrichment step will reuse these values.
+export function captureClientTime() {
+    return {
+        wallTimeMs: Date.now(),
+        monotonicMs: monotonicNow(),
+        timeOriginMs: timeOriginMs(),
+    };
+}
+// Exported for tests only.
+export const __testing = {
+    reset: () => getClockSyncManager().reset(),
+    MAX_USABLE_RTT_MS,
+    BEST_SAMPLE_COUNT,
+    HAS_WINDOW,
+    HAS_PERFORMANCE,
+};

package/dist/graphql.js

@@ -39,6 +39,11 @@ export function fetchCaptureSettings(apiKey, backendApi) {
         recordDob
         sampling
         textEditThrottleEnabled
+        maskInputSelector
+        maskTextSelector
+        blockSelector
+        unmaskSelector
+        maskInputOptions
       }
     }
   `, { apiKey, backendApi });

package/dist/inAppReportIssueModal/index.js

@@ -1,6 +1,6 @@
 import { createTriageAndIssueFromRecorder, createTriageFromRecorder, } from "../graphql";
 import { getDefaultReporterAccountId, getFieldsForProject, getIntegrationData, getProjectsForTeam, getSprintFieldId, getUsers, getValidSavedReporterAccountId, hasValidIntegration, refreshIntegrationData, saveLastReporterAccountId, updateFormWithIntegrationData, updateIssueTypeOptions, } from "./integrations";
-import { currentState, isRecording, recordingEndTime, recordingStartTime, resetState, setIsRecording, setRecordingEndTime, setRecordingStartTime, setTimerInterval, timerInterval, } from "./state";
+import { currentState, isRecording, recordingEndTime, recordingStartTime, resetState, setIsRecording, setRecordingEndTime, setRecordingStartTime, setSprintDefaulted, setTimerInterval, timerInterval, } from "./state";
 import { STORAGE_KEYS } from "./types";
 import { getChevronSVG, renderCustomMultiSelect, renderDynamicField, } from "./ui";
 // TODO - enable configuration by keyboard typing in UI
@@ -980,6 +980,9 @@ function bindEngTicketListeners() {
         engSprintSelect.addEventListener("change", () => {
             currentState.engTicketSprint = engSprintSelect.value;
             engSprintSelect.style.color = engSprintSelect.value ? "" : "#9ca3af";
+            // User made an explicit choice (including clearing) — don't let a
+            // later integration data refetch override it with the auto-default.
+            setSprintDefaulted(true);
         });
     }
     if (engPrioritySelect) {

package/dist/inAppReportIssueModal/integrations.js

@@ -1,5 +1,6 @@
 import { fetchEngineeringTicketPlatformIntegrations } from "../graphql";
 import { getIdentifiedUser } from "../sendSailfishMessages";
+import { sprintDefaulted, setSprintDefaulted } from "./state";
 const SUPPORT_TICKET_INTEGRATIONS = ["jira", "linear", "zendesk"];
 let integrationData = null;
 // Cache per cloud so switching between clouds is instant
@@ -124,6 +125,27 @@ export function populatePriorityOptions(selectElement, provider, defaultPriority
         selectElement.value = "0";
     }
 }
+// Mirrors useEngineeringTicketForm.ts:_projectBoardIds — when the chosen
+// project exposes its boards, prefer an active sprint whose originBoardId
+// matches one of them so multi-board Jira projects don't grab a sprint
+// from the wrong board.
+function _projectBoardIds(projectId, projects) {
+    if (!projectId)
+        return [];
+    const project = (projects || []).find((p) => p.id === projectId || p.key === projectId);
+    const boards = project?.boards || project?.board_ids || [];
+    return boards.map((b) => (typeof b === "object" ? b.id : b));
+}
+export function pickDefaultActiveSprint(sprints, projectId, projects) {
+    const activeSprints = (sprints || []).filter((s) => s.state === "active");
+    if (!activeSprints.length)
+        return null;
+    const projectBoardIds = _projectBoardIds(projectId, projects);
+    const projectScoped = projectBoardIds.length
+        ? activeSprints.find((s) => projectBoardIds.some((bid) => String(bid) === String(s.originBoardId)))
+        : null;
+    return projectScoped || activeSprints[0];
+}
 export function populateSprintOptions(selectElement, sprints, currentValue) {
     selectElement.innerHTML = "";
     // Placeholder option
@@ -407,7 +429,21 @@ export function updateFormWithIntegrationData(currentState) {
     const sprintSelect = document.getElementById("sf-eng-ticket-sprint");
     const isJira = integrationData.provider?.toLowerCase() === "jira";
     if (sprintSelect && isJira && integrationData.sprints) {
+        // Default to the current active sprint on first population so Report
+        // Issue-created Jira tickets land in the current sprint, matching the
+        // dashboard EngineeringTicketModal's auto-default behavior
+        // (useEngineeringTicketForm.ts:956-991).
+        if (!currentState.engTicketSprint && !sprintDefaulted) {
+            const chosen = pickDefaultActiveSprint(integrationData.sprints, currentState.engTicketProject, integrationData.projects || []);
+            if (chosen?.id) {
+                currentState.engTicketSprint = String(chosen.id);
+                setSprintDefaulted(true);
+            }
+        }
         populateSprintOptions(sprintSelect, integrationData.sprints, currentState.engTicketSprint || undefined);
+        if (currentState.engTicketSprint) {
+            sprintSelect.style.color = "";
+        }
     }
     // Update issue type dropdown based on selected project (for Jira)
     const issueTypeSelect = document.getElementById("sf-eng-ticket-type");

package/dist/inAppReportIssueModal/state.js

@@ -35,6 +35,10 @@ export let recordingStartTime = null;
 export let recordingEndTime = null;
 export let timerInterval = null;
 export let isRecording = false;
+// Tracks whether the Jira sprint dropdown has already been auto-defaulted
+// for this modal session, so refetches of integration data don't override
+// a user-cleared/changed value.
+export let sprintDefaulted = false;
 // State setters
 export function setCurrentState(state) {
     currentState = state;
@@ -43,6 +47,10 @@ export function resetState() {
     currentState = getInitialState();
     recordingStartTime = null;
     recordingEndTime = null;
+    sprintDefaulted = false;
+}
+export function setSprintDefaulted(value) {
+    sprintDefaulted = value;
 }
 export function setRecordingStartTime(time) {
     recordingStartTime = time;

package/dist/index.js

@@ -11,10 +11,11 @@ import { sendMapUuidIfAvailable } from "./mapUuid";
 import { getUrlAndStoredUuids, initializeConsolePlugin, initializeDomContentEvents, initializePerformancePlugin, initializeRecording, invalidateUrlCache, } from "./recording";
 import { HAS_DOCUMENT, HAS_LOCAL_STORAGE, HAS_SESSION_STORAGE, HAS_WINDOW, } from "./runtimeEnv";
 import { isHeadlessOrLighthouse } from "./headlessDetection";
+import { captureClientTime } from "./clockSync";
 import { ensureSessionListeners, getOrSetSessionId } from "./session";
 import { withAppUrlMetadata } from "./utils";
 import { onNavigationChange } from "./websocket";
-import { clearStaleFuncSpanState, getFuncSpanHeader, isFunctionSpanTrackingEnabled, restoreFuncSpanState, sendEvent, sendMessage, } from "./websocket";
+import { clearStaleFuncSpanState, getFuncSpanHeader, isFunctionSpanTrackingEnabled, requestTimeSync, restoreFuncSpanState, sendEvent, sendMessage, } from "./websocket";
 import { yieldToMain } from "./scheduler";
 import { detectFramework } from "./frameworkDetection";
 const DEBUG = readDebugFlag(); // A wrapper around fetch that suppresses connection refused errors
@@ -73,6 +74,13 @@ export const DEFAULT_CAPTURE_SETTINGS = {
     recordDob: false,
     sampling: {},
     enableFiberTracking: false,
+    // Form Privacy Rules — empty = no rule. Mirrors the backend defaults so the
+    // recorder behaves identically whether the server payload arrives or not.
+    maskInputSelector: "",
+    maskTextSelector: "",
+    blockSelector: "",
+    unmaskSelector: "",
+    maskInputOptions: { password: true },
 };
 export const DEFAULT_CONSOLE_RECORDING_SETTINGS = {
     level: ["info", "log", "warn", "error"],
@@ -154,6 +162,22 @@ function trackDomainChangesOnce() {
             sessionStorage.setItem("prevPageVisitUUID", prevPageVisitUUID);
             invalidateUrlCache();
             const timestamp = Date.now();
+            // Opt-in diagnostic log for the duplicate-/-skipped page_visit_uuid bug.
+            // Gated by enableInternalDebugLogs (passed via initRecorder); off by
+            // default so customer integrations see no console noise. Captures the
+            // call stack so we can tell which trigger fired (pushState, replaceState,
+            // popstate, the 1s poll, or the initial forced mint).
+            if (g.internalDebugLogs) {
+                // eslint-disable-next-line no-console
+                console.log("[sf-recorder] mint pageVisitUUID", {
+                    url: currentDomain,
+                    newUuid: pageVisitUUID,
+                    prevUuid: prevPageVisitUUID,
+                    forceSend,
+                    timestamp,
+                    stack: new Error().stack,
+                });
+            }
             sendMessage({
                 type: "routeChange",
                 data: {
@@ -226,6 +250,9 @@ function handleVisibilityChange() {
     // Restore sessionId when the user returns to the page
     if (visibilityState === "visible") {
         getOrSetSessionId();
+        // Background tabs commonly suffer clock drift (sleep/resume); refresh the
+        // browser→server offset before any post-resume events fire.
+        requestTimeSync();
     }
     // Send visibility change event for both visible and hidden states
     try {
@@ -285,6 +312,11 @@ function _ensureModuleSideEffects() {
         window.addEventListener("beforeunload", () => {
             clearPageVisitDataFromSessionStorage();
         });
+        // Reconnection is a strong trigger for stale clock offset (DHCP-driven
+        // NTP correction often happens here).
+        window.addEventListener("online", () => {
+            requestTimeSync();
+        });
     }
 }
 function storeCredentialsAndConnection({ apiKey, backendApi, }) {
@@ -354,6 +386,23 @@ function matchParsedUrlAgainstPatterns(parsed, patterns) {
         return true;
     });
 }
+// Resolve a captured request URL to absolute form before it is transmitted.
+// Idempotent: already-absolute URLs (https:, blob:, chrome-extension:) pass
+// through unchanged; relative/protocol-relative URLs gain the page origin.
+// SSR-safe: never touches `window` unguarded (see veritas/jsts-frontend/CLAUDE.md).
+export function toAbsoluteUrl(url) {
+    if (typeof url !== "string" || url.length === 0)
+        return url;
+    try {
+        const base = typeof window !== "undefined"
+            ? window.location.href
+            : "http://localhost/";
+        return new URL(url, base).href;
+    }
+    catch {
+        return url;
+    }
+}
 // Public wrapper: parse + delegate. Preserved for callers outside the gate
 // (interceptor wrappers, tests). Hot paths should call
 // matchParsedUrlAgainstPatterns() directly with a pre-parsed URL.
@@ -515,7 +564,7 @@ function setupXMLHttpRequestInterceptor(domainsToNotPropagateHeaderTo = [], body
                     success,
                     error: errorMsg,
                     method: this._requestMethod,
-                    url,
+                    url: toAbsoluteUrl(url),
                     request_headers: requestHeaders,
                     request_body: requestBody,
                     response_headers: responseHeaders,
@@ -790,6 +839,9 @@ function setupFetchInterceptor(domainsToNotPropagateHeadersTo = [], bodyCaptureC
                 isRetry = true;
             }
             const endTime = Date.now();
+            // Stamp client.* at the moment the response arrived; body capture may
+            // delay sendEvent() by hundreds of ms for streaming/large bodies.
+            const requestCompletionTime = captureClientTime();
             const status = response.status;
             const success = response.ok;
             const error = success ? "" : `Request Error: ${response.statusText}`;
@@ -812,6 +864,7 @@ function setupFetchInterceptor(domainsToNotPropagateHeadersTo = [], bodyCaptureC
                 type: NetworkRequestEventId,
                 timestamp: endTime,
                 sessionId,
+                client: requestCompletionTime,
                 data: {
                     request_id: networkUUID,
                     session_id: sessionId,
@@ -821,7 +874,7 @@ function setupFetchInterceptor(domainsToNotPropagateHeadersTo = [], bodyCaptureC
                     success,
                     error,
                     method,
-                    url,
+                    url: toAbsoluteUrl(url),
                     retry_without_trace_id: isRetry,
                     request_headers: requestHeaders,
                     request_body: requestBody,
@@ -930,7 +983,7 @@ function setupFetchInterceptor(domainsToNotPropagateHeadersTo = [], bodyCaptureC
                     success,
                     error: errorMessage,
                     method,
-                    url,
+                    url: toAbsoluteUrl(url),
                     request_headers: requestHeaders,
                     request_body: resolvedRequestBody,
                     response_body: null,
@@ -1040,7 +1093,7 @@ export async function startRecording({ apiKey, backendApi = "https://api-service
 // Pass [] to fully disable header propagation. Pass exact patterns
 // (e.g. ["api.myapp.com", "*.internal.com"]) to restrict propagation
 // to a known set of domains.
-domainsToPropagateHeaderTo = ["*"], domainsToNotPropagateHeaderTo = [], serviceVersion, serviceIdentifier, gitSha, serviceAdditionalMetadata, enableIpTracking, captureStreamingResponseBody = true, captureResponseBodyMaxMb = 10, captureStreamPrefixKb = 64, captureStreamTimeoutMs = 10000, enableFiberTracking = false, deferRecording, deferRecordingStart, chunkSnapshot, useWsWorker = true, capturePerformanceMetrics = true, maskTextClass, library, headlessRecording = false, }) {
+domainsToPropagateHeaderTo = ["*"], domainsToNotPropagateHeaderTo = [], serviceVersion, serviceIdentifier, gitSha, serviceAdditionalMetadata, enableIpTracking, captureStreamingResponseBody = true, captureResponseBodyMaxMb = 10, captureStreamPrefixKb = 64, captureStreamTimeoutMs = 10000, enableFiberTracking = false, deferRecording, deferRecordingStart, chunkSnapshot, useWsWorker = true, capturePerformanceMetrics = true, maskTextClass, maskInputSelector, maskTextSelector, blockSelector, unmaskSelector, maskInputOptions, library, headlessRecording = false, }) {
     // Synthetic-environment no-op: Lighthouse/PSI, HeadlessChrome, WebPageTest
     // (PTST), Puppeteer/Playwright/Selenium (navigator.webdriver). We skip init
     // entirely to avoid WSS retry noise, third-party perf penalties in audits,
@@ -1196,6 +1249,12 @@ domainsToPropagateHeaderTo = ["*"], domainsToNotPropagateHeaderTo = [], serviceV
             // Caller-supplied maskTextClass wins over server-fetched value; only
             // applied when explicitly set so undefined cannot clobber the server.
             ...(maskTextClass !== undefined ? { maskTextClass } : {}),
+            // Form Privacy Rules — same caller-overrides-when-defined pattern.
+            ...(maskInputSelector !== undefined ? { maskInputSelector } : {}),
+            ...(maskTextSelector !== undefined ? { maskTextSelector } : {}),
+            ...(blockSelector !== undefined ? { blockSelector } : {}),
+            ...(unmaskSelector !== undefined ? { unmaskSelector } : {}),
+            ...(maskInputOptions !== undefined ? { maskInputOptions } : {}),
         };
         // If a socket is already open now, stop here.
         if (g.ws && g.ws.readyState === 1) {
@@ -1233,6 +1292,9 @@ export const initRecorder = async (options) => {
     if (typeof window === "undefined")
         return;
     const g = (window.__sailfish_recorder ||= {});
+    // Stash the debug flag on the global so trackDomainChangesOnce and other
+    // helpers can read it without being passed through every call site.
+    g.internalDebugLogs = options.enableInternalDebugLogs === true;
     const currentSessionId = getOrSetSessionId();
     // remove stale page visit data from previous sessions
     clearPageVisitDataFromSessionStorage();

package/dist/privacyMask.js

@@ -0,0 +1,93 @@
+// Helpers that apply account-level Form Privacy Rules to rrweb's masking
+// hooks. Kept in their own module so they can be unit-tested without
+// pulling in the rest of recording.tsx (which imports rrweb dynamically).
+/**
+ * Safe ancestor-match check. A malformed selector — typo'd by an admin in
+ * the Form Privacy Rules UI — would otherwise throw from `closest()` and
+ * crash rrweb's serializer mid-walk. Under-masking is better than dropping
+ * the session.
+ */
+export function closestSafe(el, selector) {
+    if (!el || !selector)
+        return false;
+    try {
+        return !!el.closest(selector);
+    }
+    catch {
+        return false;
+    }
+}
+/** Element.matches with try/catch for malformed selectors. */
+export function matchesSelectorSafe(el, selector) {
+    if (!selector)
+        return false;
+    try {
+        return el.matches(selector);
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Build the maskInputFn we hand to rrweb. rrweb only calls maskInputFn after
+ * its own check on `maskInputOptions[tagName] || maskInputOptions[type]` —
+ * it has NO `maskInputSelector` concept. To honor admin-set
+ * `maskInputSelector` in normal record() mode, callers expand the
+ * rrweb-facing `maskInputOptions` to all-true so rrweb routes EVERY input
+ * through this fn. This function then enforces the real per-element decision:
+ *
+ *   1. unmaskSelector match → raw (admin opted this subtree out)
+ *   2. type in admin-intent maskInputOptions OR maskInputSelector match → mask
+ *   3. otherwise → raw (admin didn't configure this field for masking)
+ *
+ * `baseFn` produces the masked string (PII-specific last-4 CC/SSN/DOB, or
+ * a full-asterisk fallback).
+ */
+export function buildMaskInputFn(opts) {
+    const { baseFn, unmaskSelector, maskInputSelector, adminMaskInputOptions } = opts;
+    // Without any per-element rule there's nothing to decide; rrweb's own
+    // maskInputOptions check already gates the call and baseFn does the rest.
+    if (!unmaskSelector && !maskInputSelector)
+        return baseFn;
+    return (text, node) => {
+        if (node.type === "hidden")
+            return "";
+        if (closestSafe(node, unmaskSelector))
+            return text;
+        const type = (node.type || "").toLowerCase();
+        const tag = (node.tagName || "").toLowerCase();
+        const typeMatches = adminMaskInputOptions[type] === true ||
+            adminMaskInputOptions[tag] === true;
+        const selectorMatches = matchesSelectorSafe(node, maskInputSelector);
+        if (!typeMatches && !selectorMatches) {
+            // Admin didn't configure this field; pass raw through.
+            return text;
+        }
+        return baseFn(text, node);
+    };
+}
+/**
+ * @deprecated Use buildMaskInputFn. Kept so older test imports keep working
+ * during the transition.
+ */
+export function wrapMaskInputFn(baseFn, unmaskSelector) {
+    if (!unmaskSelector)
+        return baseFn;
+    return (text, node) => {
+        if (closestSafe(node, unmaskSelector))
+            return text;
+        return baseFn(text, node);
+    };
+}
+/**
+ * Default maskTextFn — replaces every non-whitespace char with "*",
+ * matching rrweb's built-in behavior. Wrapped so that nodes under
+ * `unmaskSelector` skip masking.
+ */
+export function makeMaskTextFn(unmaskSelector) {
+    return (text, element) => {
+        if (closestSafe(element, unmaskSelector))
+            return text;
+        return text.replace(/\S/g, "*");
+    };
+}

package/dist/recorder.cjs

@@ -1,4 +1,4 @@
 "use strict";
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
-const e = require("./chunks/index-CftVmmO9.js");
-exports.DEFAULT_CAPTURE_SETTINGS = e.DEFAULT_CAPTURE_SETTINGS, exports.DEFAULT_CONSOLE_RECORDING_SETTINGS = e.DEFAULT_CONSOLE_RECORDING_SETTINGS, exports.STORAGE_VERSION = e.STORAGE_VERSION, exports.addOrUpdateMetadata = e.addOrUpdateMetadata, exports.buildBatches = e.buildBatches, exports.clearStaleFuncSpanState = e.clearStaleFuncSpanState, exports.createSkipHeadersPropagationChecker = e.createSkipHeadersPropagationChecker, exports.createTriageAndIssueFromRecorder = e.createTriageAndIssueFromRecorder, exports.createTriageFromRecorder = e.createTriageFromRecorder, exports.disableFunctionSpanTracking = e.disableFunctionSpanTracking, exports.enableFunctionSpanTracking = e.enableFunctionSpanTracking, exports.ensureHrefCache = e.ensureHrefCache, exports.eventSize = e.eventSize, exports.fetchAndSendIp = e.fetchAndSendIp, exports.fetchCaptureSettings = e.fetchCaptureSettings, exports.fetchEngineeringTicketPlatformIntegrations = e.fetchEngineeringTicketPlatformIntegrations, exports.fetchFunctionSpanTrackingEnabled = e.fetchFunctionSpanTrackingEnabled, exports.flushBufferedEvents = e.flushBufferedEvents, exports.getCachedHref = e.getCachedHref, exports.getCachedHrefNoQuery = e.getCachedHrefNoQuery, exports.getFuncSpanHeader = e.getFuncSpanHeader, exports.getIdentifiedUser = e.getIdentifiedUser, exports.getOrSetSessionId = e.getOrSetSessionId, exports.getUrlAndStoredUuids = e.getUrlAndStoredUuids, exports.identify = e.identify, exports.initRecorder = e.initRecorder, exports.initializeConsolePlugin = e.initializeConsolePlugin, exports.initializeDomContentEvents = e.initializeDomContentEvents, exports.initializeFunctionSpanTrackingFromApi = e.initializeFunctionSpanTrackingFromApi, exports.initializePerformancePlugin = e.initializePerformancePlugin, exports.initializeRecording = e.initializeRecording, exports.initializeWebSocket = e.initializeWebSocket, exports.invalidateUrlCache = e.invalidateUrlCache, exports.isFunctionSpanTrackingEnabled = e.isFunctionSpanTrackingEnabled, exports.matchUrlWithWildcard = e.matchUrlWithWildcard, Object.defineProperty(exports, "nowTimestamp", { enumerable: true, get: () => e.nowTimestamp }), exports.onNavigationChange = e.onNavigationChange, exports.openReportIssueModal = e.openReportIssueModal, exports.restoreFuncSpanState = e.restoreFuncSpanState, exports.sendDomainsToNotPropagateHeaderTo = e.sendDomainsToNotPropagateHeaderTo, exports.sendEvent = e.sendEvent, exports.sendGraphQLRequest = e.sendGraphQLRequest, exports.sendMessage = e.sendMessage, exports.startRecording = e.startRecording, exports.startRecordingSession = e.startRecordingSession, exports.trackingEvent = e.trackingEvent, exports.withAppUrlMetadata = e.withAppUrlMetadata;
+const e = require("./chunks/index-C-qbsfKe.js");
+exports.DEFAULT_CAPTURE_SETTINGS = e.DEFAULT_CAPTURE_SETTINGS, exports.DEFAULT_CONSOLE_RECORDING_SETTINGS = e.DEFAULT_CONSOLE_RECORDING_SETTINGS, exports.STORAGE_VERSION = e.STORAGE_VERSION, exports.addOrUpdateMetadata = e.addOrUpdateMetadata, exports.buildBatches = e.buildBatches, exports.clearStaleFuncSpanState = e.clearStaleFuncSpanState, exports.createSkipHeadersPropagationChecker = e.createSkipHeadersPropagationChecker, exports.createTriageAndIssueFromRecorder = e.createTriageAndIssueFromRecorder, exports.createTriageFromRecorder = e.createTriageFromRecorder, exports.disableFunctionSpanTracking = e.disableFunctionSpanTracking, exports.enableFunctionSpanTracking = e.enableFunctionSpanTracking, exports.ensureHrefCache = e.ensureHrefCache, exports.eventSize = e.eventSize, exports.fetchAndSendIp = e.fetchAndSendIp, exports.fetchCaptureSettings = e.fetchCaptureSettings, exports.fetchEngineeringTicketPlatformIntegrations = e.fetchEngineeringTicketPlatformIntegrations, exports.fetchFunctionSpanTrackingEnabled = e.fetchFunctionSpanTrackingEnabled, exports.flushBufferedEvents = e.flushBufferedEvents, exports.getCachedHref = e.getCachedHref, exports.getCachedHrefNoQuery = e.getCachedHrefNoQuery, exports.getFuncSpanHeader = e.getFuncSpanHeader, exports.getIdentifiedUser = e.getIdentifiedUser, exports.getOrSetSessionId = e.getOrSetSessionId, exports.getUrlAndStoredUuids = e.getUrlAndStoredUuids, exports.identify = e.identify, exports.initRecorder = e.initRecorder, exports.initializeConsolePlugin = e.initializeConsolePlugin, exports.initializeDomContentEvents = e.initializeDomContentEvents, exports.initializeFunctionSpanTrackingFromApi = e.initializeFunctionSpanTrackingFromApi, exports.initializePerformancePlugin = e.initializePerformancePlugin, exports.initializeRecording = e.initializeRecording, exports.initializeWebSocket = e.initializeWebSocket, exports.invalidateUrlCache = e.invalidateUrlCache, exports.isFunctionSpanTrackingEnabled = e.isFunctionSpanTrackingEnabled, exports.maskInputFn = e.maskInputFn, exports.matchUrlWithWildcard = e.matchUrlWithWildcard, Object.defineProperty(exports, "nowTimestamp", { enumerable: true, get: () => e.nowTimestamp }), exports.onNavigationChange = e.onNavigationChange, exports.openReportIssueModal = e.openReportIssueModal, exports.requestTimeSync = e.requestTimeSync, exports.restoreFuncSpanState = e.restoreFuncSpanState, exports.sendDomainsToNotPropagateHeaderTo = e.sendDomainsToNotPropagateHeaderTo, exports.sendEvent = e.sendEvent, exports.sendGraphQLRequest = e.sendGraphQLRequest, exports.sendMessage = e.sendMessage, exports.startRecording = e.startRecording, exports.startRecordingSession = e.startRecordingSession, exports.toAbsoluteUrl = e.toAbsoluteUrl, exports.trackingEvent = e.trackingEvent, exports.withAppUrlMetadata = e.withAppUrlMetadata;