docs(sdk): add database query params to data-collection spec #18570
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,12 +2,15 @@ | |
| title: Data Collection | ||
| description: Configuration for what data SDKs collect by default, including technical context, PII, and sensitive data. | ||
| spec_id: sdk/foundations/client/data-collection | ||
| spec_version: 0.6.0 | ||
| spec_status: candidate | ||
| spec_depends_on: | ||
| - id: sdk/foundations/client | ||
| version: ">=1.0.0" | ||
| spec_changelog: | ||
| - version: 0.6.0 | ||
| date: 2026-06-29 | ||
| summary: Include configuration for database queries. | ||
| - version: 0.5.0 | ||
| date: 2026-06-26 | ||
| summary: Include configuration options for controlling the inclusion of graphql documents and variables. | ||
|
|
@@ -73,7 +76,7 @@ Personally Identifiable Information (PII) or user-linked data. Examples include, | |
| - Contact (email, phone number, address) | ||
| - IP address | ||
| - Cookies and headers that identify the user or session | ||
| - HTTP request data or database query parameters (TBD) | ||
|
|
||
| For context types that may carry PII fields (e.g. `device_unique_identifier` in [Device Context](/sdk/foundations/transport/event-payloads/contexts/#device-context), or fields in the [User Interface](/sdk/foundations/transport/event-payloads/user/)), see the linked specs. | ||
|
|
||
|
|
@@ -537,6 +540,9 @@ init({ | |
| inputs?: boolean, // default: true | ||
| outputs?: boolean, // default: true | ||
| }, | ||
| database?: { | ||
| queryParams?: boolean // default: true | ||
| }, | ||
| stackFrameVariables?: boolean, // default: true | ||
| frameContextLines?: integer, // default: 5 (see boolean fallback below) | ||
| }, | ||
|
|
@@ -552,6 +558,7 @@ init({ | |
| | `queryParams` | Key-value collection | `{ mode: "denyList" }` | 0.1.0 | Collect URL query parameters. All key names are always included; the SDK scrubs values for keys matching the sensitive denylist or custom allow/deny terms. | | ||
| | `graphql` | `{ document?, variables? }` | Both `true` | 0.5.0 | For `document`: Collect the GraphQL document. <br /><br /> For `variables`: Collect the variables that are passed to GraphQL operations. | | ||
| | `genAI` | `{ inputs?, outputs? }` | Both `true` | 0.1.0 | For `inputs`: Include the content of generative AI inputs (e.g. prompt text, tool call arguments). <br /><br /> For `outputs`: Include the content of generative AI outputs (e.g. completion text, tool call results). Metadata such as model name and token counts is always collected regardless of these settings. | | ||
| | `database` | `{ queryParams? }` | `true` | 0.6.0 | Include parameters/arguments passed to database queries. Setting this to false will either omit the value altogether, or replace the value with '[Filtered]'. | | ||
|
Contributor
There was a problem hiding this comment. Boolean false behavior contradicts specMedium Severity The new   Reviewed by Cursor Bugbot for commit d1e4b2b. Configure here.
Contributor
There was a problem hiding this comment. Bug: The description for Suggested FixUpdate the description for Prompt for AI Agent |
||
| | `stackFrameVariables` | Boolean | `true` | 0.1.0 | Include local variable values captured within stack frames. | | ||
| | `frameContextLines` | Integer (`Boolean` fallback) | `5` (`true`) | 0.1.0 | Number of source code lines to include above and below each stack frame. <br/> **`Boolean` fallback:** Not all platforms support integer configuration values. SDKs **MAY** accept a boolean, where `true` is equivalent to the platform default (typically `5`) and `false` is equivalent to `0` (no context lines). SDKs **SHOULD** prefer accepting an integer when their platform supports it. | | ||
|
|
||
|
|
@@ -655,6 +662,9 @@ init({ | |
| inputs: false, | ||
| outputs: false, | ||
| }, | ||
| database: { | ||
| queryParams: false, | ||
| }, | ||
|
Comment on lines
+665
to
+667
Member
There was a problem hiding this comment. If we add this, this should also be a required part of the commented out docs/on-boarding snippet. We should add a section to this page for this, currently it's For naming,
Member
Author
There was a problem hiding this comment.
I considered something like this but opted for the dict to make it easier to extend in the future should we need to for whatever reason - I didn't want to take the chance and require us to introduce an unnecessary breaking change if something needed to e added when we could've done this at the beginning.
Member
Author
There was a problem hiding this comment. @cleptric could you give me some more clarification on which sections you're referring to in:
The
Is there anything else? |
||
| httpHeaders: { deny: ["forwarded", "-ip", "remote-", "via", "-user"] }, | ||
| cookies: { deny: ["forwarded", "-ip", "remote-", "via", "-user"] }, | ||
| queryParams: { deny: ["forwarded", "-ip", "remote-", "via", "-user"] }, | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bug: The default value for the
databaseoption is documented astrue, which is inconsistent and ambiguous compared to other nested options likegraphql.Severity: LOW
Suggested Fix
Update the default value column for the
databaseoption to be consistent with other nested options. For example, changetruetoqueryParams: trueto clarify the default applies to the nested field. Also, clarify the description to explicitly mentionqueryParams.Prompt for AI Agent
Did we get this right? 👍 / 👎 to inform future reviews.