Skip to content

fix(license): Attribute vendored AndroidX Compose UI code in Session Replay#5516

Open
romtsn wants to merge 1 commit into
mainfrom
rz/fix/boundsinwindow-attribution
Open

fix(license): Attribute vendored AndroidX Compose UI code in Session Replay#5516
romtsn wants to merge 1 commit into
mainfrom
rz/fix/boundsinwindow-attribution

Conversation

@romtsn
Copy link
Copy Markdown
Member

@romtsn romtsn commented Jun 8, 2026
edited
Loading

📜 Description

sentry-android-replay's Nodes.kt vendors code from AndroidX Compose UI (Apache-2.0, The Android Open Source Project) without attribution:

  • boundsInWindow is an adapted ("faster copy") of LayoutCoordinates.boundsInWindow.
  • fastMinOf / fastMaxOf / fastCoerceIn / fastCoerceAtLeast / fastCoerceAtMost are copied from androidx.compose.ui.util.MathHelpers.

This PR adds:

  • a source-file attribution header to Nodes.kt (vendoring origin, both source URLs, copyright, Apache-2.0 license);
  • a THIRD_PARTY_NOTICES.md entry (both Source URLs, License, Copyright, Scope, full Apache-2.0 text).

This is pre-existing vendored code on main; the sentry-warden[bot] check-code-attribution finding surfaced it on #5507 (which modifies boundsInWindow). Splitting the attribution fix out so it can land independently.

💡 Motivation and Context

Addresses the check-code-attribution finding (LL3-2QU) reported by Warden. Apache-2.0 is permissive/compatible per https://open.sentry.io/licensing/ — this PR only adds the legally-required attribution, no behavior change.

💚 How did you test it?

Not applicable — attribution/licensing only (header comment + THIRD_PARTY_NOTICES.md). Verified the module still compiles and spotlessApply apiDump produced no API changes.

📝 Checklist

  • I added GH Issue ID & Linear ID
  • I added tests to verify the changes.
  • No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled.
  • I updated the docs if needed.
  • I updated the wizard if needed.
  • Review from the native team if needed.
  • No breaking change or entry added to the changelog.
  • No breaking change for hybrid SDKs or communicated to hybrid SDKs.

🔮 Next steps

#skip-changelog

@sentry
Copy link
Copy Markdown

sentry Bot commented Jun 8, 2026
edited
Loading

📲 Install Builds

Android

🔗 App Name App ID Version Configuration
SDK Size io.sentry.tests.size 8.43.1 (1) release

⚙️ sentry-android Build Distribution Settings

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Jun 8, 2026
edited
Loading

Performance metrics 🚀

  Plain With Sentry Diff
Startup time 387.67 ms 470.34 ms 82.67 ms
Size 0 B 0 B 0 B

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
2387c2c 317.04 ms 354.60 ms 37.56 ms
91bb874 310.68 ms 359.24 ms 48.56 ms
cf708bd 408.35 ms 458.98 ms 50.63 ms
2195398 321.31 ms 391.66 ms 70.35 ms
e2dce0b 315.85 ms 369.20 ms 53.35 ms
991b33b 326.08 ms 397.82 ms 71.73 ms
4c04bb8 350.71 ms 413.63 ms 62.92 ms
3699cd5 423.60 ms 495.52 ms 71.92 ms
70118e9 380.00 ms 475.72 ms 95.72 ms
694d587 312.37 ms 402.77 ms 90.41 ms

App size

Revision Plain With Sentry Diff
2387c2c 1.58 MiB 2.13 MiB 559.54 KiB
91bb874 1.58 MiB 2.13 MiB 559.07 KiB
cf708bd 1.58 MiB 2.11 MiB 539.71 KiB
2195398 0 B 0 B 0 B
e2dce0b 0 B 0 B 0 B
991b33b 0 B 0 B 0 B
4c04bb8 0 B 0 B 0 B
3699cd5 1.58 MiB 2.10 MiB 533.45 KiB
70118e9 1.58 MiB 2.29 MiB 719.84 KiB
694d587 1.58 MiB 2.19 MiB 620.06 KiB

Previous results on branch: rz/fix/boundsinwindow-attribution

Startup times

Revision Plain With Sentry Diff
0bcd658 331.69 ms 387.22 ms 55.54 ms

App size

Revision Plain With Sentry Diff
0bcd658 0 B 0 B 0 B

@romtsn @claude
license: Attribute vendored AndroidX Compose UI code in Session Replay
1e8fd79 
sentry-android-replay's Nodes.kt vendors code from AndroidX Compose UI
(Apache 2.0, The Android Open Source Project) without attribution:
- boundsInWindow is a faster copy of LayoutCoordinates.boundsInWindow
- fastMinOf/fastMaxOf/fastCoerceIn/fastCoerceAtLeast/fastCoerceAtMost are
  copied from androidx.compose.ui.util.MathHelpers

Add the required source-file attribution header and a THIRD_PARTY_NOTICES.md
entry covering both source files.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@romtsn romtsn force-pushed the rz/fix/boundsinwindow-attribution branch from 5eeba1f to 1e8fd79 Compare June 8, 2026 15:36
@romtsn romtsn changed the title license: Attribute vendored AndroidX boundsInWindow in Session Replay license: Attribute vendored AndroidX Compose UI code in Session Replay Jun 8, 2026
@romtsn romtsn marked this pull request as ready for review June 8, 2026 15:46
@romtsn romtsn changed the title license: Attribute vendored AndroidX Compose UI code in Session Replay fix(license): Attribute vendored AndroidX Compose UI code in Session Replay Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adinauer adinauer Awaiting requested review from adinauer adinauer is a code owner

@markushi markushi Awaiting requested review from markushi markushi is a code owner

@runningcode runningcode Awaiting requested review from runningcode runningcode is a code owner

@0xadam-brown 0xadam-brown Awaiting requested review from 0xadam-brown 0xadam-brown is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@romtsn