Conversation
leofelix077
added
the
don't review yet
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Pull request overview
This PR integrates the Amplitude browser SDK into the extension’s analytics pipeline, refactors metric emission to use the SDK (with opt-out support), and adds a development-only analytics debug panel to inspect recent events/state.
Changes:
- Add
@amplitude/analytics-browserand migrateemitMetricto Amplitude SDK-based tracking with common context, opt-out syncing, and popup-close flushing. - Introduce an Analytics Debug section on the Debug page that displays SDK state plus a dev-only localStorage-backed recent-events buffer.
- Adjust webpack env wiring to centralize DefinePlugin values and inject
APP_VERSION/BUILD_TYPEfor analytics context.
Reviewed changes
Copilot reviewed 24 out of 25 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| yarn.lock | Locks Amplitude SDK and transitive deps. |
| extension/package.json | Adds @amplitude/analytics-browser dependency. |
| extension/webpack.common.js | Centralizes DefinePlugin values; injects APP_VERSION and BUILD_TYPE. |
| extension/webpack.extension.js | Routes DEV_SERVER / DEV_EXTENSION into common config via merged env. |
| extension/webpack.dev.js | Passes .env AMPLITUDE_KEY into common config env and converts dev config to a factory. |
| extension/src/constants/env.ts | Adds typed APP_VERSION and BUILD_TYPE globals exported for analytics. |
| extension/src/constants/localStorageTypes.ts | Adds DEBUG_ANALYTICS_EVENTS localStorage key constant. |
| extension/src/helpers/metrics.ts | Replaces manual HTTP upload with Amplitude SDK; adds debug snapshots/subscriptions and recent-event buffer. |
| extension/src/popup/App.tsx | Initializes Amplitude at popup startup. |
| extension/src/popup/views/Debug.tsx | Adds Analytics Debug UI (SDK status + recent events) using useSyncExternalStore. |
| extension/src/popup/views/Debug/styles.scss | Styles for analytics debug status + events list. |
| extension/src/popup/views/Swap/index.tsx | Emits screen-view metrics once per step transition. |
| extension/src/popup/views/Send/index.tsx | Emits screen-view metrics once per step transition. |
| extension/src/popup/views/FullscreenSuccessMessage/index.tsx | Moves metric emission into a mount-only effect. |
| extension/src/popup/components/manageAssets/TrustlineError/index.tsx | Prevents repeated metric emission by adding empty deps array. |
| extension/src/popup/components/ErrorTracking/index.tsx | Broadens Sentry denyUrls to suppress Amplitude SDK network noise. |
| extension/src/popup/constants/metricsNames.ts | Adds swapAmountReview metric name. |
| extension/src/popup/locales/en/translation.json | Adds strings for analytics debug UI. |
| extension/src/popup/locales/pt/translation.json | Adds Portuguese strings for analytics debug UI. |
| extension/src/popup/views/tests/SignTransaction.test.tsx | Updates metrics helper mocks for new exports. |
| extension/src/popup/views/tests/Account.test.tsx | Updates metrics helper mocks for new exports. |
| config/jest/setupTests.tsx | Adds Amplitude SDK mock and expands metrics helper mock surface. |
| extension/README.md | Documents the dev-only Analytics Debug panel and behavior. |
| extension/.env.example | Adds example env file and notes for AMPLITUDE_KEY usage. |
| .github/workflows/submitBeta.yml | Attempts to pass AMPLITUDE_KEY/SENTRY_KEY at build time (currently broken YAML). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 25 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
extension/src/helpers/metrics.ts
Outdated
| let recentEventsSnapshot: DebugEvent[] = []; | ||
| let debugListeners: Array<() => void> = []; | ||
|
|
There was a problem hiding this comment.
getRecentEvents() returns recentEventsSnapshot, but that snapshot is initialized as [] and never populated from localStorage on startup. As a result, the Analytics Debug panel won't show persisted events after a refresh/reopen until a new event is emitted (or a storage event fires from another tab), which contradicts the README behavior. Consider initializing recentEventsSnapshot from readPersistedEvents() at module load (dev-only), or calling invalidateSnapshot() when the first subscriber registers / on first getRecentEvents() call.
leofelix077
added
enhancement
| * Returns first 8 + last 4 chars (e.g. "GABCDEFG…WXYZ"), which is enough | ||
| * for session correlation without storing the full address. | ||
| */ | ||
| const truncatePublicKey = (publicKey: string): string => |
There was a problem hiding this comment.
we actually already have a helper for this one in freighter/extension/src/helpers/stellar.ts called truncatedPublicKey
|
|
||
| // Initialize the snapshot from localStorage so the debug panel shows | ||
| // persisted events immediately after a page refresh (dev only). | ||
| let recentEventsSnapshot: DebugEvent[] = isDev ? readPersistedEvents() : []; |
There was a problem hiding this comment.
I see that we're adding a debug screen for dev environments that records the last 50 analytics calls. Can I ask what problem we're solving by implementing this? I don't necessarily think it's wrong! It just seems like we're adding a lot of code for a feature that we haven't discussed or prioritized as a team
| // We manage the user ID ourselves via `getUserId()` + localStorage so that | ||
| // we control the identifier format and lifecycle. Amplitude's default | ||
| // identity storage would create a second, SDK-managed identifier that could | ||
| // conflict with ours and is unnecessary given we call setUserId() manually. |
There was a problem hiding this comment.
hm, what is the benefit to us handling this ourselves rather than letting the SDK do it for us?
|
|
||
| // Firefox extensions (browser.* API) | ||
| const browserVersion = g?.browser?.runtime?.getManifest?.()?.version; | ||
| if (browserVersion) return browserVersion; |
There was a problem hiding this comment.
the browser lib should work for all browsers (including Chrome). You shouldn't need to distinguish between Chrome and Firefox
| if (browserVersion) return browserVersion; | ||
|
|
||
| // Dev server or unknown environment — use build-time constant | ||
| return APP_VERSION; |
There was a problem hiding this comment.
Why not try this first? There should be an APP_VERSION in almost all scenarios
| [STEPS.AMOUNT]: METRIC_NAMES.swapAmount, | ||
| [STEPS.CONFIRM_AMOUNT]: METRIC_NAMES.swapAmountReview, | ||
| [STEPS.SET_FROM_ASSET]: METRIC_NAMES.swapFrom, | ||
| }; |
| - run: > | ||
| yarn && yarn build:freighter-api && yarn build:extension:production | ||
| --env AMPLITUDE_KEY="${{ secrets.AMPLITUDE_KEY }}" SENTRY_KEY="${{ | ||
| secrets.SENTRY_KEY }}" |
There was a problem hiding this comment.
If we were going to add analytics/Sentry to Beta, I don't think we should use the Prod keys here.
IMO, I don't think we need Sentry tracking at all in Beta.
I can see an argument for being able to test Amplitude in Beta, but we should use a key specific to the beta environment for this so we don't pollute Production data
| /** | ||
| * Build type derived from webpack flags at compile time. | ||
| * - "development" — `yarn start` (dev server) | ||
| * - "beta" — `yarn build` (non-production extension build) |
There was a problem hiding this comment.
this actually isn't accurate. You'll see that submitBeta uses the yarn:build:production command. The reason for this is that we want the build to be as close as possible to the production build when we're QA'ing
#2538
Screen.Recording.2026-03-23.at.12.07.09.mov
Screen.Recording.2026-03-23.at.12.08.00.mov