Instrument Your Code
Adding the Sailfish SDK to your backend and frontend gives you the deepest level of visibility — function traces, exceptions, network requests, console logs, and user interactions. This is what powers the AI-activated debugger and enables Sailfish to reconstruct issues without guessing.
Enterprise Setup Overview
Enterprise instrumentation runs in two modes:
- Local development — Sends telemetry to the Desktop App's local collector (
http://localhost:6776/graphql/). No API key required. - Staging / Production — Sends telemetry to the Sailfish cloud platform (
https://api-service.sailfish.ai/graphql/). Requires your company's API key.
Getting Your API Key
- Open the Sailfish dashboard
- Navigate to Settings → API Keys
- Copy your company's API key
GIT_SHA Environment Variable
Set the GIT_SHA environment variable during your build process so Sailfish can correlate issues with specific deployments:
# Docker build
docker build --build-arg GIT_SHA=$(git rev-parse HEAD) .
# CI/CD pipeline
export GIT_SHA=$(git rev-parse HEAD)
Most Sailfish SDK libraries read GIT_SHA from the environment automatically.
SDK Setup Guides
For detailed, language-specific setup instructions, see the SDK documentation:
Backend
| Language | Guide |
|---|---|
| JavaScript / TypeScript (Node.js) | Setup guide |
| Python (Django, FastAPI, Flask) | Setup guide |
| Go (net/http, Gin, Echo, Fiber) | Setup guide |
| Java (Spring Boot, Quarkus) | Setup guide |
| C# (.NET) | Setup guide |
| PHP (Laravel) | Setup guide |
| Ruby (Rails) | Setup guide |
Frontend
| Framework | Guide |
|---|---|
| JavaScript / TypeScript (React, Vue, Angular) | Setup guide |
Look for the Enterprise Setup section at the bottom of each guide. It covers dual-mode configuration, API key setup, and production deployment.
After Merging Auto-Installation PRs
If you connected GitHub and received Auto-Installation PRs, you may need to make these adjustments:
Backend PRs
- CORS headers — Allow the
X-Sf3-Ridheader in your CORS configuration (e.g., add toALLOWED_HEADERSin Django'ssettings.py) - Lock files — Run your package manager's lock command (
poetry lock,npm install, etc.) - Domain filtering — If external API calls return 400 errors, add those domains to the
domains_to_not_propagate_headers_toparameter
Frontend PRs
- Domain filtering — Use
domainsToPropagateHeaderToto allowlist only your backend domains, or add problematic external domains todomainsToNotPropagateHeaderTo - User identification — Add the
identifycall where your app authenticates users:
import { identify } from "@sailfish-ai/recorder";
identify(user.email);
- Domain whitelisting — Allow
https://api-service.sailfish.ai/graphql/so the Report Issue modal works - Sanitization — See Privacy & Sanitization below for masking sensitive UI elements
Data Filters
Sailfish lets you filter incoming backend logs using regex rules so noisy or irrelevant log lines never appear in the platform.
Setup
- Open the Data Filters settings
- Add one or more Log Filter rules
- Each rule is a regular expression — any log line matching the pattern will be dropped before storage
Examples
| Pattern | What it filters |
|---|---|
healthcheck|health_check|/health | Health check endpoint logs |
DEBUG: | All debug-level log lines |
password|secret|token | Lines containing sensitive keywords |
^\\[webpack | Webpack build noise |
Filters are applied to all incoming backend logs for your company. They do not affect frontend console logs, exceptions, or network requests.
Privacy & Sanitization
Sailfish provides controls for protecting sensitive data in session recordings. Configure these in Settings > Recording > Privacy.
The sailfishSanitize CSS Class
Add the sailfishSanitize class to any HTML element to completely exclude it and all of its children from session recording data. When an element has this class:
- All text content is redacted — nothing is captured or stored
- All input values are hidden — keystrokes and form data are not recorded
- All click targets within the element report no data — interactions are logged as events but with no content
- Child elements inherit the exclusion — everything inside the sanitized element is protected
<!-- This entire section will be excluded from Sailfish recordings -->
<div class="sailfishSanitize">
<input type="password" />
<span>Credit card: 4242-XXXX-XXXX-1234</span>
<button>Submit Payment</button>
</div>
Sanitized elements create blind spots in your session recordings. Sailfish cannot capture any debugging context from sanitized regions — errors, user confusion, and interaction issues within them will be invisible. Only apply sailfishSanitize to elements that genuinely contain sensitive data (payment forms, PII fields, medical records). Do not apply it broadly to entire pages or layout containers.