Skip to content

walkerOS v4.2.1

Latest

Choose a tag to compare

@github-actions github-actions released this 18 Jun 13:26
5ffd9d1

Changes

The BigQuery destination now applies config.credentials to the Storage Write
client that performs event writes, not just the query client. Event writes from
the configured service account now succeed on non-Google Cloud runtimes instead
of failing with a credentials error. Both clients resolve credentials the same
way, so a destination always authenticates as a single identity.

walkeros deploy now waits long enough to cover a full server deploy by
default, so a slow but healthy deploy is no longer aborted early and reported as
a failure. Each run sends a fresh idempotency key, so retrying after a failure
starts a new deploy instead of replaying the previous result. Failures print a
stable, machine-readable error code (with a Retry-After hint on rate limits),
and deploy create no longer prints an empty token placeholder.

The managed flow runner now retries its bundle, config, and secret fetches on
transient failures (timeouts, network errors, 5xx) with bounded, jittered
backoff capped well inside the container health window, and the secret fetch is
now bounded by a timeout. A brief outage while a flow container starts no longer
hard-fails the run.

The managed flow runner now reports its recent errors and recent log output in
its heartbeat, so deployed flows can surface runtime errors and logs in the app
without any external log tooling. Secrets are redacted before leaving the
runner.

walkeros run reads two new environment variables. WALKEROS_OBSERVE_LEVEL
sets the runtime's baseline telemetry level (off, standard, or trace).
WALKEROS_CONFIG_FROZEN (1 or true) serves the bundle as an immutable
snapshot: secrets are still injected at boot, but config hot-swap and heartbeat
are disabled.

All four simulate functions (simulateSource, simulateTransformer,
simulateCollector, simulateDestination) accept a new data option to run an
existing bundle with updated configuration values, without rebundling. The new
buildDataPayload, classifyStepProperties, and containsCodeMarkers exports
build and inspect that payload. Destination simulation results now include
mappingKey, the entity-action key of the matched mapping rule.

Enforce consent gating on destination initialization. A destination that
declares a consent requirement is never initialized while that consent is
denied, including the path that flushes queued on (consent) signals.
Initialization is now fail-closed: it requires an affirmative consent decision
from the caller, so a destination cannot load or send under denied consent.

Trace-level telemetry now carries the inbound event on every pipeline hop, so
per-step observers can show what each collector, transformer, and destination
actually received. The destination's outbound frame now reports the delivered
event as its payload, and the raw delivery response moves to meta.response.

Simulation step results gain an optional mappingKey field reporting the
entity-action key of the mapping rule a destination matched during simulation.
The field is additive and present only when a rule matched.

getId now draws from the platform's cryptographic random source
(crypto.getRandomValues) when available, with unbiased character sampling and
a Math.random fallback. Session and device ids generated by the session source
are now longer for a much wider collision margin.

The deploy_manage tool now matches its real behavior: deploy honors wait,
delete removes an active deployment, and list accepts cursor and limit
for pagination. A failed deployment surfaces its error reason so an assistant
can report why a deploy did not succeed.

The collector now stamps a run-scoped trace id (event.source.trace) and a
per-run sequence number (event.source.count) onto every event, minted fresh on
each run. These group all events of a page load or run and are preserved
unchanged when events are forwarded from web to server, giving a stable
correlation id across the pipeline. Adds getTraceId, and getSpanId now uses
the cryptographic random source.

Fix session start being dropped when the collector starts with run: false
and no consent requirement. Without a consent rule the source emitted during
init, before the collector was allowed, so the event never reached destinations.
The emit now waits for the run lifecycle, matching the browser source's page
view timing, so it lands reliably once the collector runs.

Add an optional async option to the source config (Source.Config.async) for
respond-first acknowledgement on response-producing server sources. The express
source now reads config.async (default true): a 2xx response means the event
was accepted, not yet delivered.

The runner registers its process-error guards before startup and degrades its
readiness check after repeated out-of-band errors, so a wedged container is
recycled instead of silently hot-looping. Heartbeats now flush immediately on a
new error and on shutdown, persist errors to disk so a failure cause survives a
restart, and report their configured interval.

Add a per-destination circuit breaker that skips a destination after consecutive
transport failures and probes once after a cooldown, so a persistently failing
destination stops retrying on every event. Out-of-band reportError calls are
routed to the dead-letter queue (when an event is in hand) or counted as
connection errors and surfaced in status.

Add an optional reportError callback to the step context so any source,
transformer, store, or destination can report an out-of-band error (for example
from an SDK's event emitter) into the pipeline's failure handling. Add an
optional per-destination breaker config to skip a destination after repeated
transport failures.

Capture BigQuery Storage Write stream errors so a broken writer routes events to
the dead-letter queue instead of crashing the process, and re-open a broken
writer automatically on the next event.

Use the official Usercentrics events (UC_UI_INITIALIZED, UC_UI_CMP_EVENT) and
consent getters so a returning visitor's prior choice is applied on load and
first-visit defaults stay suppressed under explicitOnly. The configurable
eventName data-layer setting is removed; the source now uses the always-emitted
official events. Fixes consent-change events being dropped on the current
Usercentrics Web CMP.

Published Packages