Skip to content

feat: wire amplitude v2 autocapture toggles#3091

Open
rudder-devbox[bot] wants to merge 8 commits into
developfrom
harness/SDK-5014-feat-wire-amplitude-v2-autocapt-da5ae275
Open

feat: wire amplitude v2 autocapture toggles#3091
rudder-devbox[bot] wants to merge 8 commits into
developfrom
harness/SDK-5014-feat-wire-amplitude-v2-autocapt-da5ae275

Conversation

@rudder-devbox

@rudder-devbox rudder-devbox Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

PR Description

Wires all Amplitude Browser SDK v2 autocapture sub-feature flags from destination config while preserving the v1 init path and existing user-instrumented rudder.page() translation behavior.

Adds config constants and helper getters for the new v2 autocapture controls: autoCapturePageViews, pageUrlEnrichment, webVitals, fileDownloads, frustrationInteractions, networkTracking, elementInteractions, and formInteractions. Maps web trackSessionEvents to autocapture.sessions, keeps v2 attribution inverted from the existing attribution config, and keeps all new toggles defaulting to false.

Validation:

  • npm install --package-lock=false --ignore-scripts --no-audit --no-fund was used to install dependencies because npm ci failed before tests due the checked-in package.json / package-lock.json being out of sync (typescript@5.9.3 and conventional-commits-filter@5.0.0 missing from lock) and the environment running Node v20 while .nvmrc specifies 24.
  • cd /workspace/rudder-sdk-js/packages/analytics-js-integrations && npm run test -- Amplitude/. passed: 2 test suites passed, 85 tests passed.
  • cd /workspace/rudder-sdk-js/packages/analytics-js-integrations && npm run check:lint passed with existing warnings only: 0 errors, 214 warnings.
  • git -C /workspace/rudder-sdk-js diff --check passed.

Linear task (optional)

SDK-5014

Cross Browser Tests

Please confirm you have tested for the following browsers:

  • Chrome
  • Firefox
  • IE11

Sanity Suite

  • All sanity suite test cases pass locally

Security

  • The code changed/added as part of this pull request won't create any security issues with how the software is being used.

Copilot AI review requested due to automatic review settings July 1, 2026 08:58

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

@rudder-devbox

rudder-devbox Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

👋 I'm rudder-devbox. I opened this PR from a Linear ticket.

Leave an inline comment on the diff — pick a line, add your comment, and
I'll pick it up. No @rudder-devbox mention needed on inline comments; every
inline thread on this PR is something I'll address.

Top-level PR comments need @rudder-devbox. Comment @rudder-devbox <what you want>
on the PR (the top-level conversation, not on a code line) and I'll act on it.
Without the mention I won't see it.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

size-limit report 📦

Name Size Delta Limit check
Common - No bundling 5.78 KB 0 B (0% 🟢) 6 KB (✅)
Legacy Utils - No bundling 11.11 KB 0 B (0% 🟢) 12 KB (✅)
Cookies Utils - Legacy - NPM (ESM) 1.54 KB 0 B (0% 🟢) 2 KB (✅)
Cookies Utils - Legacy - NPM (CJS) 1.74 KB 0 B (0% 🟢) 2 KB (✅)
Cookies Utils - Legacy - NPM (UMD) 1.52 KB 0 B (0% 🟢) 2 KB (✅)
Cookies Utils - Modern - NPM (ESM) 1.16 KB 0 B (0% 🟢) 1.5 KB (✅)
Cookies Utils - Modern - NPM (CJS) 1.39 KB 0 B (0% 🟢) 1.5 KB (✅)
Cookies Utils - Modern - NPM (UMD) 1.15 KB 0 B (0% 🟢) 1.5 KB (✅)
Plugins Module Federation Mapping - Legacy - CDN 330 B 0 B (0% 🟢) 512 B (✅)
Plugins Module Federation Mapping - Modern - CDN 330 B 0 B (0% 🟢) 512 B (✅)
Plugins - Legacy - CDN 13.6 KB 0 B (0% 🟢) 15 KB (✅)
Plugins - Modern - CDN 5.52 KB 0 B (0% 🟢) 6 KB (✅)
Core (v1.1) - NPM (ESM) 29.77 KB 0 B (0% 🟢) 32 KB (✅)
Core (v1.1) - NPM (CJS) 29.99 KB 0 B (0% 🟢) 32 KB (✅)
Core (v1.1) - NPM (UMD) 29.8 KB 0 B (0% 🟢) 32 KB (✅)
Core (Content Script - v1.1) - NPM (ESM) 29.39 KB 0 B (0% 🟢) 30.5 KB (✅)
Core (Content Script - v1.1) - NPM (CJS) 29.47 KB 0 B (0% 🟢) 30.5 KB (✅)
Core (Content Script - v1.1) - NPM (UMD) 29.37 KB 0 B (0% 🟢) 30.5 KB (✅)
Core (v1.1) - Legacy - CDN 31.24 KB 0 B (0% 🟢) 32.5 KB (✅)
Core (v1.1) - Modern - CDN 29.68 KB 0 B (0% 🟢) 32 KB (✅)
Service Worker - Legacy - NPM (ESM) 31.68 KB 0 B (0% 🟢) 32 KB (✅)
Service Worker - Legacy - NPM (CJS) 31.85 KB 0 B (0% 🟢) 32 KB (✅)
Service Worker - Legacy - NPM (UMD) 31.68 KB 0 B (0% 🟢) 32 KB (✅)
Service Worker - Modern - NPM (ESM) 27.55 KB 0 B (0% 🟢) 28 KB (✅)
Service Worker - Modern - NPM (CJS) 27.74 KB 0 B (0% 🟢) 28 KB (✅)
Service Worker - Modern - NPM (UMD) 27.56 KB 0 B (0% 🟢) 28 KB (✅)
Core - Legacy - NPM (ESM) 47.77 KB 0 B (0% 🟢) 50 KB (✅)
Core - Legacy - NPM (CJS) 47.94 KB 0 B (0% 🟢) 50 KB (✅)
Core - Legacy - NPM (UMD) 47.83 KB 0 B (0% 🟢) 50 KB (✅)
Core - Legacy - CDN 47.88 KB 0 B (0% 🟢) 50 KB (✅)
Core - Modern - NPM (ESM) 27.09 KB 0 B (0% 🟢) 28.5 KB (✅)
Core - Modern - NPM (CJS) 27.33 KB 0 B (0% 🟢) 28.5 KB (✅)
Core - Modern - NPM (UMD) 27.14 KB 0 B (0% 🟢) 28.5 KB (✅)
Core - Modern - CDN 27.36 KB 0 B (0% 🟢) 28.5 KB (✅)
Core (Bundled) - Legacy - NPM (ESM) 47.81 KB 0 B (0% 🟢) 50 KB (✅)
Core (Bundled) - Legacy - NPM (CJS) 47.97 KB 0 B (0% 🟢) 50 KB (✅)
Core (Bundled) - Legacy - NPM (UMD) 47.78 KB 0 B (0% 🟢) 50 KB (✅)
Core (Bundled) - Modern - NPM (ESM) 40.35 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Bundled) - Modern - NPM (CJS) 40.59 KB 0 B (0% 🟢) 42 KB (✅)
Core (Bundled) - Modern - NPM (UMD) 40.42 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Content Script) - Legacy - NPM (ESM) 47.72 KB 0 B (0% 🟢) 50 KB (✅)
Core (Content Script) - Legacy - NPM (CJS) 47.82 KB 0 B (0% 🟢) 50 KB (✅)
Core (Content Script) - Legacy - NPM (UMD) 47.74 KB 0 B (0% 🟢) 50 KB (✅)
Core (Content Script) - Modern - NPM (ESM) 40.38 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Content Script) - Modern - NPM (CJS) 40.52 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Content Script) - Modern - NPM (UMD) 40.32 KB 0 B (0% 🟢) 41.5 KB (✅)
Core (Lite) - Legacy - NPM (ESM) 36.48 KB 0 B (0% 🟢) 39 KB (✅)
Core (Lite) - Legacy - NPM (CJS) 36.69 KB 0 B (0% 🟢) 39 KB (✅)
Core (Lite) - Legacy - NPM (UMD) 36.47 KB 0 B (0% 🟢) 39 KB (✅)
Core (Lite) - Modern - NPM (ESM) 31.8 KB 0 B (0% 🟢) 34 KB (✅)
Core (Lite) - Modern - NPM (CJS) 32.01 KB 0 B (0% 🟢) 34 KB (✅)
Core (Lite) - Modern - NPM (UMD) 31.84 KB 0 B (0% 🟢) 34 KB (✅)
Load Snippet 780 B 0 B (0% 🟢) 1 KB (✅)
All Integrations - Legacy - CDN 96.11 KB -152 B (-0.16% 🟢) 97 KB (✅)
All Integrations - Modern - CDN 88.58 KB 84 B (+0.1% 🔺) 93.5 KB (✅)

@rudder-devbox

rudder-devbox Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Root cause: the Security checks job failed in npm run check:security, where npm audit --audit-level=high --omit=dev reported form-data 4.0.0 - 4.0.5 as a high-severity CRLF injection advisory (GHSA-hmw2-7cc7-3qxx) at node_modules/form-data, then exited with code 1.

I fixed the production lockfile resolution so the axios@1.16.1 production path now installs form-data@4.0.6. Because nx has a dev-only exact dependency on form-data@4.0.5, the lockfile now keeps that under node_modules/nx/node_modules/form-data, which is omitted by the failing audit command.

Validation: npm@11.16.0 ci --prefer-offline --no-audit --include=optional --ignore-scripts passed, npm@11.16.0 ls form-data --omit=dev --all shows axios@1.16.1 -> form-data@4.0.6, and git diff --check passed. I could not run npm audit locally because the registry audit endpoint returned 403, but the audited production package version is no longer in the vulnerable range.

Pushed commit: 6832730

Copilot AI review requested due to automatic review settings July 1, 2026 10:01

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 8 changed files in this pull request and generated 1 comment.

Comment thread .agents/knowledge/patterns.md Outdated
@SKannaniOS SKannaniOS self-assigned this Jul 8, 2026
@SKannaniOS SKannaniOS marked this pull request as ready for review July 8, 2026 07:20
@SKannaniOS SKannaniOS requested review from a team as code owners July 8, 2026 07:20

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 8 changed files in this pull request and generated 1 comment.

Copilot AI review requested due to automatic review settings July 8, 2026 13:43

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 8 changed files in this pull request and generated no new comments.

Comment thread package-lock.json
Copilot AI review requested due to automatic review settings July 9, 2026 08:39

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

saikumarrs
saikumarrs previously approved these changes Jul 9, 2026
Copilot AI review requested due to automatic review settings July 9, 2026 08:51

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

@rudder-devbox

rudder-devbox Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

Root cause: the Security checks job failed in npm run check:security; the log shows npm audit --audit-level=high --omit=dev reporting form-data 4.0.0 - 4.0.5 as a high-severity CRLF injection advisory (GHSA-hmw2-7cc7-3qxx) at node_modules/form-data, followed by 1 high severity vulnerability and exit code 1.

I fixed the production lockfile resolution so the audited root node_modules/form-data package now resolves to 4.0.6. The existing nx exact form-data@4.0.5 requirement is kept as a nested dev: true dependency under node_modules/nx/node_modules/form-data, so it is omitted by the failing --omit=dev audit while keeping npm ci consistent.

Validation: npm@11.16.0 ci --prefer-offline --no-audit --include=optional --ignore-scripts passed, npm@11.16.0 ls form-data --omit=dev --all shows axios@1.16.1 -> form-data@4.0.6, and git diff --check passed. I also attempted the audit command locally, but the registry audit endpoint returned 403 from this workspace.

Pushed commit: 2574f24

@sonarqubecloud

sonarqubecloud Bot commented Jul 9, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants