Expose ComfyUI telemetry bridge

src/main/lib/ipc/registerTelemetryHandlers.ts

@@ -34,17 +34,31 @@ function isTelemetryValue(v: unknown): v is mainTelemetry.TelemetryValue {
   )
 }
 
-// Per-key filter to the TelemetryValue contract; renderer payloads cross a
-// trust boundary, so non-primitives (incl. arrays) are dropped per-key.
-function asProps(value: unknown): Record<string, mainTelemetry.TelemetryValue> {
+function isTelemetryValueArray(v: unknown): v is mainTelemetry.TelemetryValue[] {
+  return Array.isArray(v) && v.every(isTelemetryValue)
+}
+
+// Per-key filter to the TelemetryContext contract.
+function asProps(value: unknown): mainTelemetry.TelemetryContext {
   if (!value || typeof value !== 'object' || Array.isArray(value)) return {}
-  const out: Record<string, mainTelemetry.TelemetryValue> = {}
+  const out: mainTelemetry.TelemetryContext = {}
   for (const [key, raw] of Object.entries(value)) {
     if (typeof key !== 'string') continue
     if (isTelemetryValue(raw)) {
       out[key] = raw
+    } else if (isTelemetryValueArray(raw)) {
+      out[key] = raw
     }
-    // Drop anything else (objects, arrays, functions, symbols, etc.) silently.
+  }
+  return out
+}
+
+function asPersonProps(value: unknown): Record<string, mainTelemetry.TelemetryValue> {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) return {}
+  const out: Record<string, mainTelemetry.TelemetryValue> = {}
+  for (const [key, raw] of Object.entries(value)) {
+    if (typeof key !== 'string') continue
+    if (isTelemetryValue(raw)) out[key] = raw
   }
   return out
 }
@@ -65,7 +79,7 @@ export function registerTelemetryHandlers(): void {
   })
 
   ipcMain.on('telemetry:registerProperties', (_event, properties: unknown) => {
-    const props = asProps(properties)
+    const props = asPersonProps(properties)
     if (Object.keys(props).length === 0) return
     mainTelemetry.registerPersonProperties(props)
   })
@@ -76,7 +90,7 @@ export function registerTelemetryHandlers(): void {
     if (!payload || typeof payload !== 'object') return
     const userId = asString((payload as Record<string, unknown>).userId)
     if (!userId) return
-    const properties = asProps((payload as Record<string, unknown>).properties)
+    const properties = asPersonProps((payload as Record<string, unknown>).properties)
     mainTelemetry.bindUserId(userId, properties)
   })
 

src/main/lib/telemetry.test.ts

@@ -366,6 +366,18 @@ describe('telemetry SDK-level privacy safety nets', () => {
     expect(msg).not.toContain('64911')
   })
 
+  it('scrubs string array entries as a last-resort safety net', () => {
+    captured.length = 0
+    telemetry.capture('comfy.desktop.execution.error', {
+      model_paths: ['C:\\Users\\64911\\Documents\\model.safetensors', 'LoadImage']
+    })
+    expect(captured).toHaveLength(1)
+    const paths = captured[0]!.properties?.model_paths as string[]
+    expect(paths[0]).toContain('[REDACTED]')
+    expect(paths[0]).not.toContain('64911')
+    expect(paths[1]).toBe('LoadImage')
+  })
+
   it('leaves non-string property types untouched', () => {
     captured.length = 0
     telemetry.capture('comfy.desktop.execution.completed', {

src/main/lib/telemetry.ts

@@ -700,11 +700,17 @@ function scrubProperties(properties: TelemetryContext): TelemetryContext {
   let mutated: TelemetryContext | null = null
   for (const key of Object.keys(properties)) {
     const value = properties[key]
-    if (typeof value !== 'string') continue
-    const cleaned = scrubAll(value)
-    if (cleaned === value) continue
-    if (!mutated) mutated = { ...properties }
-    mutated[key] = cleaned
+    if (typeof value === 'string') {
+      const cleaned = scrubAll(value)
+      if (cleaned === value) continue
+      if (!mutated) mutated = { ...properties }
+      mutated[key] = cleaned
+    } else if (Array.isArray(value)) {
+      const cleaned = value.map((entry) => (typeof entry === 'string' ? scrubAll(entry) : entry))
+      if (cleaned.every((entry, index) => entry === value[index])) continue
+      if (!mutated) mutated = { ...properties }
+      mutated[key] = cleaned
+    }
   }
   return mutated ?? properties
 }

src/preload/comfyPreload.ts

@@ -49,16 +49,15 @@ const Terminal = {
    *  the inline injection doesn't need to know its own ID. */
   openPopout: (): Promise<void> => ipcRenderer.invoke('terminal-popout-open', null),
   onOutput: (callback: (data: string) => void): (() => void) => {
-    const handler = (_event: IpcRendererEvent, payload: { data: string }) =>
-      callback(payload.data)
+    const handler = (_event: IpcRendererEvent, payload: { data: string }) => callback(payload.data)
     ipcRenderer.on('terminal-output', handler)
     return () => ipcRenderer.removeListener('terminal-output', handler)
   },
   onExited: (callback: () => void): (() => void) => {
     const handler = () => callback()
     ipcRenderer.on('terminal-exited', handler)
     return () => ipcRenderer.removeListener('terminal-exited', handler)
-  },
+  }
 }
 
 export interface LogsRestore {
@@ -71,6 +70,9 @@ export interface LogsOutputMsg {
   text: string
 }
 
+type TelemetryPrimitive = string | number | boolean | null
+type TelemetryProperties = Record<string, TelemetryPrimitive | TelemetryPrimitive[]>
+
 /**
  * Read-only logs bridge. Subscribes to the shared per-install log
  * broadcast that mirrors every `comfy-output` IPC send. Used by the
@@ -90,19 +92,39 @@ const Logs = {
    *  so the inline injection doesn't need to know its own ID. */
   openPopout: (): Promise<void> => ipcRenderer.invoke('logs-popout-open', null),
   onOutput: (callback: (msg: LogsOutputMsg) => void): (() => void) => {
-    const handler = (_event: IpcRendererEvent, payload: LogsOutputMsg) =>
-      callback(payload)
+    const handler = (_event: IpcRendererEvent, payload: LogsOutputMsg) => callback(payload)
     ipcRenderer.on('logs-output', handler)
     return () => ipcRenderer.removeListener('logs-output', handler)
-  },
+  }
+}
+
+const Telemetry = {
+  capture: (event: string, properties?: TelemetryProperties): void => {
+    // Telemetry must never break the caller. `ipcRenderer.send` throws
+    // synchronously on non-structured-cloneable values (functions, DOM
+    // nodes, symbols, circular refs); since this surface is exposed to
+    // the hosted ComfyUI frontend, a stray bad payload would otherwise
+    // propagate into unrelated frontend code. Mirrors the same
+    // try/catch contract as `window.api.captureTelemetry` in
+    // `src/preload/api.ts`.
+    try {
+      ipcRenderer.send('telemetry:capture', { event, properties })
+    } catch {
+      // ignore: telemetry must never break the renderer
+    }
+  }
 }
 
 contextBridge.exposeInMainWorld('__comfyDesktop2', {
   downloadModel: (url: string, filename: string, directory: string): Promise<boolean> => {
     return ipcRenderer.invoke('desktop2-download-model', { url, filename, directory })
   },
   downloadAsset: (url: string, filename: string, authToken?: string): Promise<boolean> => {
-    return ipcRenderer.invoke('desktop2-download-asset', { url, filename, authToken: authToken || undefined })
+    return ipcRenderer.invoke('desktop2-download-asset', {
+      url,
+      filename,
+      authToken: authToken || undefined
+    })
   },
   pauseDownload: (url: string): Promise<boolean> => {
     return ipcRenderer.invoke('model-download-pause', { url })
@@ -113,9 +135,7 @@ contextBridge.exposeInMainWorld('__comfyDesktop2', {
   cancelDownload: (url: string): Promise<boolean> => {
     return ipcRenderer.invoke('model-download-cancel', { url })
   },
-  onDownloadProgress: (
-    callback: (data: ComfyDownloadProgress) => void
-  ): (() => void) => {
+  onDownloadProgress: (callback: (data: ComfyDownloadProgress) => void): (() => void) => {
     const handler = (_event: IpcRendererEvent, data: unknown) =>
       callback(data as ComfyDownloadProgress)
     ipcRenderer.on('desktop2-download-progress', handler)
@@ -126,4 +146,5 @@ contextBridge.exposeInMainWorld('__comfyDesktop2', {
   },
   Terminal,
   Logs,
+  Telemetry
 })