Skip to content

Telemetry

Volidator collects request context automatically when you pass req to log(). This page explains how to control what is collected.

Set a preset in the constructor to apply a default policy across all logs.

const volidator = new VolidatorClient({
apiKey: process.env.VOLIDATOR_API_KEY!,
encryptionKey: process.env.VOLIDATOR_ENCRYPTION_KEY!,
telemetry: { preset: 'standard' },
});
Preset IP User-Agent Location
strict Not collected Not collected Not collected
standard Anonymized (HMAC hash) Browser/OS parsed, raw string not stored Country + region
full Raw IP stored Raw user-agent string stored Country + region + city

standard is the default when telemetry is not specified.

Under standard, the raw IP is never stored. The SDK computes an HMAC-SHA256 of the IP using your encryptionKey as the salt. The result is a one-way hash: you can determine whether two events came from the same IP, but you cannot recover the original address.

Override the preset for a single log call by passing telemetry in the payload.

// Log a deletion with full IP tracking for compliance
await volidator.log({
actor: session.userId,
action: 'record.delete',
target: recordId,
req: request,
telemetry: { preset: 'full' },
});
// Log a read with no tracking at all
await volidator.log({
actor: session.userId,
action: 'record.view',
target: recordId,
req: request,
telemetry: { preset: 'strict' },
});

Per-log settings override the constructor preset. They do not affect other logs in the same session.

If you are not passing req, you can provide context manually.

await volidator.log({
actor: session.userId,
action: 'api.call',
context: {
ip: clientIp,
userAgent: userAgentString,
location: {
country: 'US',
region: 'CA',
},
},
});

Fields provided in context take precedence over fields extracted from req.