@tracelog/lib 0.6.0 → 0.6.3

package/dist/cjs/utils/logging.utils.js

@@ -3,19 +3,61 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.log = exports.formatLogMsg = void 0;
 const formatLogMsg = (msg, error) => {
     if (error) {
+        // In production, sanitize error messages to avoid exposing sensitive paths
+        if (process.env.NODE_ENV !== 'dev' && error instanceof Error) {
+            // Remove file paths and line numbers from error messages
+            const sanitizedMessage = error.message.replace(/\s+at\s+.*$/gm, '').replace(/\(.*?:\d+:\d+\)/g, '');
+            return `[TraceLog] ${msg}: ${sanitizedMessage}`;
+        }
         return `[TraceLog] ${msg}: ${error instanceof Error ? error.message : 'Unknown error'}`;
     }
     return `[TraceLog] ${msg}`;
 };
 exports.formatLogMsg = formatLogMsg;
+/**
+ * Safe logging utility that respects production environment
+ *
+ * @param type - Log level (info, warn, error, debug)
+ * @param msg - Message to log
+ * @param extra - Optional extra data
+ *
+ * Production behavior:
+ * - debug: Never logged in production
+ * - info: Only logged if showToClient=true
+ * - warn: Always logged (important for debugging production issues)
+ * - error: Always logged
+ * - Stack traces are sanitized
+ * - Data objects are sanitized
+ */
 const log = (type, msg, extra) => {
-    const { error, data, showToClient } = extra ?? {};
+    const { error, data, showToClient = false } = extra ?? {};
     const formattedMsg = error ? (0, exports.formatLogMsg)(msg, error) : `[TraceLog] ${msg}`;
     const method = type === 'error' ? 'error' : type === 'warn' ? 'warn' : 'log';
-    if (process.env.NODE_ENV !== 'dev' && !showToClient) {
-        return;
+    // Production logging strategy:
+    // - Development: Log everything
+    // - Production:
+    //   - debug: never logged
+    //   - info: only if showToClient=true
+    //   - warn: always logged (critical for debugging)
+    //   - error: always logged
+    const isProduction = process.env.NODE_ENV !== 'dev';
+    if (isProduction) {
+        // Never log debug in production
+        if (type === 'debug') {
+            return;
+        }
+        // Log info only if explicitly flagged
+        if (type === 'info' && !showToClient) {
+            return;
+        }
+        // warn and error always logged in production
     }
-    if (data !== undefined) {
+    // In production, sanitize data to avoid exposing sensitive information
+    if (isProduction && data !== undefined) {
+        const sanitizedData = sanitizeLogData(data);
+        console[method](formattedMsg, sanitizedData);
+    }
+    else if (data !== undefined) {
         console[method](formattedMsg, data);
     }
     else {
@@ -23,3 +65,22 @@ const log = (type, msg, extra) => {
     }
 };
 exports.log = log;
+/**
+ * Sanitizes log data in production to prevent sensitive information leakage
+ * Simple approach: redact sensitive keys only
+ */
+const sanitizeLogData = (data) => {
+    const sanitized = {};
+    const sensitiveKeys = ['token', 'password', 'secret', 'key', 'apikey', 'api_key', 'sessionid', 'session_id'];
+    for (const [key, value] of Object.entries(data)) {
+        const lowerKey = key.toLowerCase();
+        // Redact sensitive keys
+        if (sensitiveKeys.some((sensitiveKey) => lowerKey.includes(sensitiveKey))) {
+            sanitized[key] = '[REDACTED]';
+        }
+        else {
+            sanitized[key] = value;
+        }
+    }
+    return sanitized;
+};

package/dist/cjs/utils/network/url.utils.d.ts

@@ -4,7 +4,7 @@ import { Config } from '@/types';
  * @param id - The project ID
  * @returns The generated API URL
  */
-export declare const getApiUrl: (config: Config) => string;
+export declare const getCollectApiUrl: (config: Config) => string;
 /**
  * Normalizes a URL by removing sensitive query parameters
  * @param url - The URL to normalize

package/dist/cjs/utils/network/url.utils.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.normalizeUrl = exports.getApiUrl = void 0;
+exports.normalizeUrl = exports.getCollectApiUrl = void 0;
 const logging_utils_1 = require("../logging.utils");
 /**
  * Validates if a URL is valid and optionally allows HTTP URLs
@@ -24,8 +24,7 @@ const isValidUrl = (url, allowHttp = false) => {
  * @param id - The project ID
  * @returns The generated API URL
  */
-const getApiUrl = (config) => {
-    const allowHttp = config.allowHttp ?? false;
+const getCollectApiUrl = (config) => {
     if (config.integrations?.tracelog?.projectId) {
         const url = new URL(window.location.href);
         const host = url.hostname;
@@ -35,25 +34,25 @@ const getApiUrl = (config) => {
         }
         const projectId = config.integrations.tracelog.projectId;
         const cleanDomain = parts.slice(-2).join('.');
-        const protocol = allowHttp && url.protocol === 'http:' ? 'http' : 'https';
-        const apiUrl = `${protocol}://${projectId}.${cleanDomain}`;
-        const isValid = isValidUrl(apiUrl, allowHttp);
+        const collectApiUrl = `https://${projectId}.${cleanDomain}/collect`;
+        const isValid = isValidUrl(collectApiUrl);
         if (!isValid) {
             throw new Error('Invalid URL');
         }
-        return apiUrl;
+        return collectApiUrl;
     }
-    if (config.integrations?.custom?.apiUrl) {
-        const apiUrl = config.integrations.custom.apiUrl;
-        const isValid = isValidUrl(apiUrl, allowHttp);
+    const collectApiUrl = config.integrations?.custom?.collectApiUrl;
+    if (collectApiUrl) {
+        const allowHttp = config.integrations?.custom?.allowHttp ?? false;
+        const isValid = isValidUrl(collectApiUrl, allowHttp);
         if (!isValid) {
             throw new Error('Invalid URL');
         }
-        return apiUrl;
+        return collectApiUrl;
     }
     return '';
 };
-exports.getApiUrl = getApiUrl;
+exports.getCollectApiUrl = getCollectApiUrl;
 /**
  * Normalizes a URL by removing sensitive query parameters
  * @param url - The URL to normalize

package/dist/cjs/utils/validations/config-validations.utils.d.ts

@@ -6,7 +6,7 @@ import { Config } from '../../types';
  * @throws {ProjectIdValidationError} If project ID validation fails
  * @throws {AppConfigValidationError} If other configuration validation fails
  */
-export declare const validateAppConfig: (config: Config) => void;
+export declare const validateAppConfig: (config?: Config) => void;
 /**
  * Validates and normalizes the app configuration
  * This is the primary validation entry point that ensures consistent behavior
@@ -15,4 +15,4 @@ export declare const validateAppConfig: (config: Config) => void;
  * @throws {ProjectIdValidationError} If project ID validation fails after normalization
  * @throws {AppConfigValidationError} If other configuration validation fails
  */
-export declare const validateAndNormalizeConfig: (config: Config) => Config;
+export declare const validateAndNormalizeConfig: (config?: Config) => Config;

package/dist/cjs/utils/validations/config-validations.utils.js

@@ -12,9 +12,12 @@ const logging_utils_1 = require("../logging.utils");
  * @throws {AppConfigValidationError} If other configuration validation fails
  */
 const validateAppConfig = (config) => {
-    if (!config || typeof config !== 'object') {
+    if (config !== undefined && (config === null || typeof config !== 'object')) {
         throw new validation_error_types_1.AppConfigValidationError('Configuration must be an object', 'config');
     }
+    if (!config) {
+        return;
+    }
     if (config.sessionTimeout !== undefined) {
         if (typeof config.sessionTimeout !== 'number' ||
             config.sessionTimeout < constants_1.MIN_SESSION_TIMEOUT_MS ||
@@ -53,11 +56,6 @@ const validateAppConfig = (config) => {
             throw new validation_error_types_1.SamplingRateValidationError(constants_1.VALIDATION_MESSAGES.INVALID_SAMPLING_RATE, 'config');
         }
     }
-    if (config.allowHttp !== undefined) {
-        if (typeof config.allowHttp !== 'boolean') {
-            throw new validation_error_types_1.AppConfigValidationError('allowHttp must be a boolean', 'config');
-        }
-    }
 };
 exports.validateAppConfig = validateAppConfig;
 /**
@@ -149,13 +147,21 @@ const validateIntegrations = (integrations) => {
         }
     }
     if (integrations.custom) {
-        if (!integrations.custom.apiUrl ||
-            typeof integrations.custom.apiUrl !== 'string' ||
-            integrations.custom.apiUrl.trim() === '') {
+        if (!integrations.custom.collectApiUrl ||
+            typeof integrations.custom.collectApiUrl !== 'string' ||
+            integrations.custom.collectApiUrl.trim() === '') {
             throw new validation_error_types_1.IntegrationValidationError(constants_1.VALIDATION_MESSAGES.INVALID_CUSTOM_API_URL, 'config');
         }
-        if (!integrations.custom.apiUrl.startsWith('http')) {
-            throw new validation_error_types_1.IntegrationValidationError('Custom API URL must start with "http"', 'config');
+        if (integrations.custom.allowHttp !== undefined && typeof integrations.custom.allowHttp !== 'boolean') {
+            throw new validation_error_types_1.IntegrationValidationError('allowHttp must be a boolean', 'config');
+        }
+        const collectApiUrl = integrations.custom.collectApiUrl.trim();
+        if (!collectApiUrl.startsWith('http://') && !collectApiUrl.startsWith('https://')) {
+            throw new validation_error_types_1.IntegrationValidationError('Custom API URL must start with "http://" or "https://"', 'config');
+        }
+        const allowHttp = integrations.custom.allowHttp ?? false;
+        if (!allowHttp && collectApiUrl.startsWith('http://')) {
+            throw new validation_error_types_1.IntegrationValidationError('Custom API URL must use HTTPS in production. Set allowHttp: true in integration config to allow HTTP (not recommended)', 'config');
         }
     }
     if (integrations.googleAnalytics) {
@@ -181,14 +187,20 @@ const validateIntegrations = (integrations) => {
 const validateAndNormalizeConfig = (config) => {
     (0, exports.validateAppConfig)(config);
     const normalizedConfig = {
-        ...config,
-        sessionTimeout: config.sessionTimeout ?? constants_1.DEFAULT_SESSION_TIMEOUT,
-        globalMetadata: config.globalMetadata ?? {},
-        sensitiveQueryParams: config.sensitiveQueryParams ?? [],
-        errorSampling: config.errorSampling ?? 1,
-        samplingRate: config.samplingRate ?? 1,
-        allowHttp: config.allowHttp ?? false,
+        ...(config ?? {}),
+        sessionTimeout: config?.sessionTimeout ?? constants_1.DEFAULT_SESSION_TIMEOUT,
+        globalMetadata: config?.globalMetadata ?? {},
+        sensitiveQueryParams: config?.sensitiveQueryParams ?? [],
+        errorSampling: config?.errorSampling ?? 1,
+        samplingRate: config?.samplingRate ?? 1,
     };
+    // Normalize integrations
+    if (normalizedConfig.integrations?.custom) {
+        normalizedConfig.integrations.custom = {
+            ...normalizedConfig.integrations.custom,
+            allowHttp: normalizedConfig.integrations.custom.allowHttp ?? false,
+        };
+    }
     return normalizedConfig;
 };
 exports.validateAndNormalizeConfig = validateAndNormalizeConfig;

package/dist/esm/api.d.ts

@@ -1,7 +1,7 @@
 import { App } from './app';
 import { MetadataType, Config, EmitterCallback, EmitterMap } from './types';
 import './types/window.types';
-export declare const init: (config: Config) => Promise<void>;
+export declare const init: (config?: Config) => Promise<void>;
 export declare const event: (name: string, metadata?: Record<string, MetadataType> | Record<string, MetadataType>[]) => void;
 export declare const on: <K extends keyof EmitterMap>(event: K, callback: EmitterCallback<EmitterMap[K]>) => void;
 export declare const off: <K extends keyof EmitterMap>(event: K, callback: EmitterCallback<EmitterMap[K]>) => void;

package/dist/esm/api.js

@@ -1,6 +1,7 @@
 import { App } from './app';
 import { log, validateAndNormalizeConfig } from './utils';
 import { TestBridge } from './test-bridge';
+import { INITIALIZATION_TIMEOUT_MS } from './constants';
 import './types/window.types';
 // Buffer for listeners registered before init()
 const pendingListeners = [];
@@ -22,7 +23,7 @@ export const init = async (config) => {
     }
     isInitializing = true;
     try {
-        const validatedConfig = validateAndNormalizeConfig(config);
+        const validatedConfig = validateAndNormalizeConfig(config ?? {});
         const instance = new App();
         try {
             // Attach buffered listeners BEFORE init() so they capture initial events
@@ -30,7 +31,14 @@ export const init = async (config) => {
                 instance.on(event, callback);
             });
             pendingListeners.length = 0;
-            await instance.init(validatedConfig);
+            // Wrap initialization with timeout using Promise.race
+            const initPromise = instance.init(validatedConfig);
+            const timeoutPromise = new Promise((_, reject) => {
+                setTimeout(() => {
+                    reject(new Error(`[TraceLog] Initialization timeout after ${INITIALIZATION_TIMEOUT_MS}ms`));
+                }, INITIALIZATION_TIMEOUT_MS);
+            });
+            await Promise.race([initPromise, timeoutPromise]);
             app = instance;
         }
         catch (error) {
@@ -105,8 +113,9 @@ export const destroy = async () => {
         app = null;
         isInitializing = false;
         pendingListeners.length = 0;
-        log('error', 'Error during destroy, forced cleanup', { error });
-        throw error;
+        // Log error but don't re-throw - destroy should always complete successfully
+        // Applications should be able to tear down TraceLog even if internal cleanup fails
+        log('warn', 'Error during destroy, forced cleanup completed', { error });
     }
     finally {
         isDestroying = false;

package/dist/esm/app.d.ts

@@ -29,7 +29,7 @@ export declare class App extends StateManager {
         googleAnalytics?: GoogleAnalyticsIntegration;
     };
     get initialized(): boolean;
-    init(config: Config): Promise<void>;
+    init(config?: Config): Promise<void>;
     sendCustomEvent(name: string, metadata?: Record<string, unknown> | Record<string, unknown>[]): void;
     on<K extends keyof EmitterMap>(event: K, callback: EmitterCallback<EmitterMap[K]>): void;
     off<K extends keyof EmitterMap>(event: K, callback: EmitterCallback<EmitterMap[K]>): void;

package/dist/esm/app.js

@@ -7,7 +7,7 @@ import { ClickHandler } from './handlers/click.handler';
 import { ScrollHandler } from './handlers/scroll.handler';
 import { EventType, Mode } from './types';
 import { GoogleAnalyticsIntegration } from './integrations/google-analytics.integration';
-import { isEventValid, getDeviceType, normalizeUrl, Emitter, getApiUrl, detectQaMode, log } from './utils';
+import { isEventValid, getDeviceType, normalizeUrl, Emitter, getCollectApiUrl, detectQaMode, log } from './utils';
 import { StorageManager } from './managers/storage.manager';
 import { SCROLL_DEBOUNCE_TIME_MS, SCROLL_SUPPRESS_MULTIPLIER } from './constants/config.constants';
 import { PerformanceHandler } from './handlers/performance.handler';
@@ -25,7 +25,7 @@ export class App extends StateManager {
     get initialized() {
         return this.isInitialized;
     }
-    async init(config) {
+    async init(config = {}) {
         if (this.isInitialized) {
             return;
         }
@@ -100,12 +100,12 @@ export class App extends StateManager {
         this.isInitialized = false;
         this.handlers = {};
     }
-    setupState(config) {
+    setupState(config = {}) {
         this.set('config', config);
         const userId = UserManager.getId(this.managers.storage);
         this.set('userId', userId);
-        const apiUrl = getApiUrl(config);
-        this.set('apiUrl', apiUrl);
+        const collectApiUrl = getCollectApiUrl(config);
+        this.set('collectApiUrl', collectApiUrl);
         const device = getDeviceType();
         this.set('device', device);
         const pageUrl = normalizeUrl(window.location.href, config.sensitiveQueryParams);

package/dist/esm/constants/config.constants.d.ts

@@ -22,7 +22,10 @@ export declare const MAX_SCROLL_EVENTS_PER_SESSION = 120;
 export declare const DEFAULT_SAMPLING_RATE = 1;
 export declare const MIN_SAMPLING_RATE = 0;
 export declare const MAX_SAMPLING_RATE = 1;
+export declare const RATE_LIMIT_WINDOW_MS = 1000;
+export declare const MAX_EVENTS_PER_SECOND = 200;
 export declare const BATCH_SIZE_THRESHOLD = 50;
+export declare const MAX_PENDING_EVENTS_BUFFER = 100;
 export declare const MIN_SESSION_TIMEOUT_MS = 30000;
 export declare const MAX_SESSION_TIMEOUT_MS = 86400000;
 export declare const MAX_CUSTOM_EVENT_NAME_LENGTH = 120;

package/dist/esm/constants/config.constants.js

@@ -32,8 +32,11 @@ export const MAX_SCROLL_EVENTS_PER_SESSION = 120;
 export const DEFAULT_SAMPLING_RATE = 1;
 export const MIN_SAMPLING_RATE = 0;
 export const MAX_SAMPLING_RATE = 1;
+export const RATE_LIMIT_WINDOW_MS = 1000; // 1 second window
+export const MAX_EVENTS_PER_SECOND = 200; // Maximum 200 events per second
 // Queue and batch limits
 export const BATCH_SIZE_THRESHOLD = 50;
+export const MAX_PENDING_EVENTS_BUFFER = 100; // Maximum events to buffer before session init
 // Session timeout validation limits
 export const MIN_SESSION_TIMEOUT_MS = 30000; // 30 seconds minimum
 export const MAX_SESSION_TIMEOUT_MS = 86400000; // 24 hours maximum

package/dist/esm/handlers/click.handler.js

@@ -14,9 +14,9 @@ export class ClickHandler extends StateManager {
         this.clickHandler = (event) => {
             const mouseEvent = event;
             const target = mouseEvent.target;
-            const clickedElement = target instanceof HTMLElement
+            const clickedElement = typeof HTMLElement !== 'undefined' && target instanceof HTMLElement
                 ? target
-                : target instanceof Node && target.parentElement instanceof HTMLElement
+                : typeof HTMLElement !== 'undefined' && target instanceof Node && target.parentElement instanceof HTMLElement
                     ? target.parentElement
                     : null;
             if (!clickedElement) {

package/dist/esm/handlers/scroll.handler.js

@@ -42,7 +42,7 @@ export class ScrollHandler extends StateManager {
     trySetupContainers(selectors, attempt) {
         const elements = selectors
             .map((sel) => this.safeQuerySelector(sel))
-            .filter((element) => element instanceof HTMLElement);
+            .filter((element) => element != null && typeof HTMLElement !== 'undefined' && element instanceof HTMLElement);
         if (elements.length > 0) {
             for (const element of elements) {
                 const isAlreadyTracking = this.containers.some((c) => c.element === element);

package/dist/esm/handlers/session.handler.js

@@ -18,7 +18,7 @@ export class SessionHandler extends StateManager {
             return;
         }
         const config = this.get('config');
-        const projectId = config?.integrations?.tracelog?.projectId ?? config?.integrations?.custom?.apiUrl ?? 'default';
+        const projectId = config?.integrations?.tracelog?.projectId ?? config?.integrations?.custom?.collectApiUrl ?? 'default';
         if (!projectId) {
             throw new Error('Cannot start session tracking: config not available');
         }

package/dist/esm/managers/event.manager.d.ts

@@ -12,6 +12,8 @@ export declare class EventManager extends StateManager {
     private lastEventFingerprint;
     private lastEventTime;
     private sendIntervalId;
+    private rateLimitCounter;
+    private rateLimitWindowStart;
     constructor(storeManager: StorageManager, googleAnalytics?: GoogleAnalyticsIntegration | null, emitter?: Emitter | null);
     recoverPersistedEvents(): Promise<void>;
     track({ type, page_url, from_page_url, scroll_data, click_data, custom_event, web_vitals, error_data, session_end_reason, }: Partial<EventData>): void;
@@ -32,6 +34,7 @@ export declare class EventManager extends StateManager {
     private startSendInterval;
     private handleGoogleAnalyticsIntegration;
     private shouldSample;
+    private checkRateLimit;
     private removeProcessedEvents;
     private emitEvent;
     private emitEventsQueue;

package/dist/esm/managers/event.manager.js

@@ -1,4 +1,4 @@
-import { EVENT_SENT_INTERVAL_MS, MAX_EVENTS_QUEUE_LENGTH, DUPLICATE_EVENT_THRESHOLD_MS, } from '../constants/config.constants';
+import { EVENT_SENT_INTERVAL_MS, MAX_EVENTS_QUEUE_LENGTH, DUPLICATE_EVENT_THRESHOLD_MS, RATE_LIMIT_WINDOW_MS, MAX_EVENTS_PER_SECOND, MAX_PENDING_EVENTS_BUFFER, } from '../constants/config.constants';
 import { EmitterEvent, EventType, Mode } from '../types';
 import { getUTMParameters, log, generateEventId } from '../utils';
 import { SenderManager } from './sender.manager';
@@ -11,6 +11,8 @@ export class EventManager extends StateManager {
         this.lastEventFingerprint = null;
         this.lastEventTime = 0;
         this.sendIntervalId = null;
+        this.rateLimitCounter = 0;
+        this.rateLimitWindowStart = 0;
         this.googleAnalytics = googleAnalytics;
         this.dataSender = new SenderManager(storeManager);
         this.emitter = emitter;
@@ -33,10 +35,19 @@ export class EventManager extends StateManager {
     }
     track({ type, page_url, from_page_url, scroll_data, click_data, custom_event, web_vitals, error_data, session_end_reason, }) {
         if (!type) {
-            log('warn', 'Event type is required');
+            log('error', 'Event type is required - event will be ignored');
             return;
         }
+        // Check session BEFORE rate limiting to avoid consuming quota for buffered events
         if (!this.get('sessionId')) {
+            // Protect against unbounded buffer growth during initialization delays
+            if (this.pendingEventsBuffer.length >= MAX_PENDING_EVENTS_BUFFER) {
+                // Drop oldest event (FIFO) to make room for new one
+                this.pendingEventsBuffer.shift();
+                log('warn', 'Pending events buffer full - dropping oldest event', {
+                    data: { maxBufferSize: MAX_PENDING_EVENTS_BUFFER },
+                });
+            }
             this.pendingEventsBuffer.push({
                 type,
                 page_url,
@@ -50,10 +61,16 @@ export class EventManager extends StateManager {
             });
             return;
         }
+        // Rate limiting check (except for critical events)
+        // Applied AFTER session check to only rate-limit processable events
+        const isCriticalEvent = type === EventType.SESSION_START || type === EventType.SESSION_END;
+        if (!isCriticalEvent && !this.checkRateLimit()) {
+            // Rate limit exceeded - drop event silently
+            // Logging would itself cause performance issues
+            return;
+        }
         const eventType = type;
         const isSessionStart = eventType === EventType.SESSION_START;
-        const isSessionEnd = eventType === EventType.SESSION_END;
-        const isCriticalEvent = isSessionStart || isSessionEnd;
         const currentPageUrl = page_url || this.get('pageUrl');
         const payload = this.buildEventPayload({
             type: eventType,
@@ -72,7 +89,7 @@ export class EventManager extends StateManager {
         if (isSessionStart) {
             const currentSessionId = this.get('sessionId');
             if (!currentSessionId) {
-                log('warn', 'Session start event ignored: missing sessionId');
+                log('error', 'Session start event requires sessionId - event will be ignored');
                 return;
             }
             if (this.get('hasStartSession')) {
@@ -105,6 +122,8 @@ export class EventManager extends StateManager {
         this.pendingEventsBuffer = [];
         this.lastEventFingerprint = null;
         this.lastEventTime = 0;
+        this.rateLimitCounter = 0;
+        this.rateLimitWindowStart = 0;
         this.dataSender.stop();
     }
     async flushImmediately() {
@@ -120,12 +139,19 @@ export class EventManager extends StateManager {
         if (this.pendingEventsBuffer.length === 0) {
             return;
         }
-        if (!this.get('sessionId')) {
-            log('warn', 'Cannot flush pending events: session not initialized');
+        const currentSessionId = this.get('sessionId');
+        if (!currentSessionId) {
+            // Keep events in buffer for future retry - do NOT discard
+            // This prevents data loss during legitimate race conditions
+            log('warn', 'Cannot flush pending events: session not initialized - keeping in buffer', {
+                data: { bufferedEventCount: this.pendingEventsBuffer.length },
+            });
             return;
         }
+        // Create copy before clearing to avoid infinite recursion
         const bufferedEvents = [...this.pendingEventsBuffer];
         this.pendingEventsBuffer = [];
+        // Process all buffered events now that session exists
         bufferedEvents.forEach((event) => {
             this.track(event);
         });
@@ -301,6 +327,21 @@ export class EventManager extends StateManager {
         const samplingRate = this.get('config')?.samplingRate ?? 1;
         return Math.random() < samplingRate;
     }
+    checkRateLimit() {
+        const now = Date.now();
+        // Reset counter if window has expired
+        if (now - this.rateLimitWindowStart > RATE_LIMIT_WINDOW_MS) {
+            this.rateLimitCounter = 0;
+            this.rateLimitWindowStart = now;
+        }
+        // Check if limit exceeded
+        if (this.rateLimitCounter >= MAX_EVENTS_PER_SECOND) {
+            return false;
+        }
+        // Increment counter
+        this.rateLimitCounter++;
+        return true;
+    }
     removeProcessedEvents(eventIds) {
         const eventIdSet = new Set(eventIds);
         this.eventsQueue = this.eventsQueue.filter((event) => {

package/dist/esm/managers/sender.manager.js

@@ -20,7 +20,7 @@ export class SenderManager extends StateManager {
             return true;
         }
         const config = this.get('config');
-        if (config?.integrations?.custom?.apiUrl === SpecialApiUrl.Fail) {
+        if (config?.integrations?.custom?.collectApiUrl === SpecialApiUrl.Fail) {
             log('warn', 'Fail mode: simulating network failure (sync)', {
                 data: { events: body.events.length },
             });
@@ -90,7 +90,7 @@ export class SenderManager extends StateManager {
             return this.simulateSuccessfulSend();
         }
         const config = this.get('config');
-        if (config?.integrations?.custom?.apiUrl === SpecialApiUrl.Fail) {
+        if (config?.integrations?.custom?.collectApiUrl === SpecialApiUrl.Fail) {
             log('warn', 'Fail mode: simulating network failure', {
                 data: { events: body.events.length },
             });
@@ -152,7 +152,6 @@ export class SenderManager extends StateManager {
         return false;
     }
     prepareRequest(body) {
-        const url = `${this.get('apiUrl')}/collect`;
         // Enrich payload with metadata for sendBeacon() fallback
         // sendBeacon() doesn't send custom headers, so we include referer in payload
         const enrichedBody = {
@@ -163,7 +162,7 @@ export class SenderManager extends StateManager {
             },
         };
         return {
-            url,
+            url: this.get('collectApiUrl'),
             payload: JSON.stringify(enrichedBody),
         };
     }
@@ -269,7 +268,7 @@ export class SenderManager extends StateManager {
         }, retryDelay);
     }
     shouldSkipSend() {
-        return !this.get('apiUrl');
+        return !this.get('collectApiUrl');
     }
     async simulateSuccessfulSend() {
         const delay = Math.random() * 400 + 100;

package/dist/esm/managers/storage.manager.d.ts

@@ -35,6 +35,11 @@ export declare class StorageManager {
      * This indicates localStorage is full and data may not persist
      */
     hasQuotaError(): boolean;
+    /**
+     * Attempts to cleanup old TraceLog data from storage to free up space
+     * Returns true if any data was removed, false otherwise
+     */
+    private cleanupOldData;
     /**
      * Initialize storage (localStorage or sessionStorage) with feature detection
      */