better_auth-telemetry 0.8.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7f696d840e8f9fb96751e211c5ad327bf255c3460b99c7adfccab3cbb9c10a1d
-  data.tar.gz: 3b513054876f4c07d8ecfd2bca1705a94b3406226c3270815b084fa5450429fe
+  metadata.gz: c6795c847c337c646d429b2864c222edeadd7e5562e8bd475e6036da5795096d
+  data.tar.gz: 8892aaff5026e90b664a99793e77470d4aa6f8e4dfeef12cb2e4d67268938b8b
 SHA512:
-  metadata.gz: b17c3cebcaae59c8a9cc0d4b936ec2f793fa4004cadf6599aacdaa806b407e6fcd1631036d0039c1746f4dcb43641731a8221deb226eaf6e31fc6dfecb6b52c7
-  data.tar.gz: 437bd20b0f121eb0fa8d9f884545e2f0b1978a4c3f73c4bf6d1de9261d1f8d2cf3d410c188a03f1967f17d3c22c687315bcb97fd65300258a80b846ca42faaff
+  metadata.gz: 99a180b67dfa37a42eb2870b36ac371bca99badcfd6c159687160296ed2e17bc0550950280041b237d45f867e4ee82d66cea7eb8e52618c3ad80938c1685aee4
+  data.tar.gz: aad2e4e3b2eea17b81bd1d34c6ff7dc4acec635b54f1d3e0a6e39574e79aca5f899ed5dde67e3994c8b63f844bd762a714eda89c03b98120133caccfd099c3e3

data/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 0.10.0
+
+- Improved database detection, including MongoDB adapter metadata.
+- Updated telemetry docs for the current package set.
+
 ## 0.8.0
 
 - Initial release. Ports the upstream `@better-auth/telemetry` package

data/README.md

@@ -71,8 +71,9 @@ export BETTER_AUTH_TELEMETRY_ENDPOINT=https://telemetry.example.com/ingest
 
 ## Test environment skip
 
-When `RACK_ENV`, `RAILS_ENV`, or `APP_ENV` equals `"test"`, telemetry is skipped
-even if it is otherwise opted in. Bypass this skip by setting
+When `RACK_ENV`, `RAILS_ENV`, or `APP_ENV` equals `"test"`, or `TEST` is set to
+a truthy value, telemetry is skipped even if it is otherwise opted in. Bypass
+this skip by setting
 `context[:skip_test_check] = true`. `skip_test_check` only bypasses the test
 gate; it does not opt telemetry in on its own.
 
@@ -100,11 +101,13 @@ auth = BetterAuth.auth(
 ```
 
 When neither debug mode nor `custom_track` is configured and an endpoint is
-set, the publisher starts a short-lived background thread that POSTs JSON
-events to the endpoint via `Net::HTTP` with a 5-second open + read timeout.
-HTTP telemetry is fire-and-forget, so constructing `BetterAuth.auth` is not
-blocked by a slow or unavailable endpoint. Any `StandardError` raised during
-HTTP delivery is rescued and logged at error level rather than propagated.
+set, the publisher enqueues events into a bounded in-process dispatcher. A
+single short-lived worker POSTs JSON events to the endpoint via `Net::HTTP` with
+5-second open, read, and write timeouts. HTTP telemetry is fire-and-forget, so
+constructing `BetterAuth.auth` and request-time `#publish` calls are not blocked
+by a slow or unavailable endpoint. If the queue is full, the event is dropped
+and a payload-free error is logged. Any `StandardError` raised during HTTP
+delivery is rescued and logged at error level rather than propagated.
 
 ## The `custom_track` injection seam
 
@@ -174,10 +177,27 @@ The intentional Ruby-specific deviations are:
   to `Gem.loaded_specs` for `sequel`, `pg`, `mysql2`, `sqlite3`,
   `activerecord`, `mongoid`, `mongo`, `rom-sql` (in that order) when no
   context override or `BetterAuth::Adapters::*` adapter class match is found.
-- **Standard library only HTTP.** HTTP delivery uses `Net::HTTP` with a
-  5-second open + read timeout inside a short-lived background thread. No
+  Known Better Auth adapter classes are reported as `memory`, `postgres`,
+  `mysql`, `sqlite`, `mssql`, or `mongodb`. When core passes the generic
+  `"adapter"` database marker for an external adapter, telemetry refines it
+  from `context.adapter` only when the adapter class is known; unknown
+  namespaced adapters remain the generic `"adapter"` marker.
+- **Telemetry tests validate metadata only.** This package does not boot real
+  Rails, Sinatra, Hanami, or database-backed applications, and it does not run
+  rate-limit behavior against every storage backend. Those behaviors belong to
+  the framework, adapter, and core packages. Telemetry coverage is intentionally
+  limited to detector precedence, redaction shape, opt-in decisions, and
+  delivery behavior.
+- **Standard library only HTTP.** HTTP delivery uses `Net::HTTP` with 5-second
+  open, read, and write timeouts behind a bounded single-worker dispatcher. No
   external HTTP-client gem is required at runtime, and HTTP delivery does not
-  block `BetterAuth.auth` construction.
+  block `BetterAuth.auth` construction or request-time `#publish` calls.
+- **Safer Ruby telemetry redaction.** Ruby object values that JavaScript would
+  omit or stringify unsafely are reduced before delivery. Field maps,
+  additional-field maps, trusted-provider lists, custom cookie/header lists,
+  `advanced.database.generateId`, `onAPIError.errorURL`, and unknown namespaced
+  adapter class names are emitted as counts, booleans, or the generic
+  `"adapter"` marker instead of raw app-specific values.
 - **Explicit false is a strong opt-out.** `telemetry: { enabled: false }`
   disables telemetry even when `BETTER_AUTH_TELEMETRY` or `OPEN_AUTH_TELEMETRY`
   is truthy. This is intentionally stricter than upstream so application
@@ -191,6 +211,10 @@ The intentional Ruby-specific deviations are:
   `BetterAuth::Telemetry.project_id` to derive the `anonymousId` but is
   intentionally not emitted as a payload field, since it can be
   user-identifying.
+- **Project IDs are keyed by derivation input.** A process hosting multiple
+  auth instances can derive distinct anonymous IDs for distinct
+  `app_name`/`base_url` pairs. When no app name is configured, the Ruby fallback
+  uses the Bundler root directory name rather than the first locked dependency.
 - **Public `BetterAuth::Telemetry.reset_project_id!` testing helper.** A
   module-level helper is exposed for resetting the memoized
   `anonymous_id` between tests. It has no effect on production behavior and

data/lib/better_auth/telemetry/create.rb

@@ -4,6 +4,7 @@ require "json"
 
 require_relative "env"
 require_relative "http_client"
+require_relative "http_dispatcher"
 require_relative "noop_publisher"
 require_relative "options"
 require_relative "project_id"
@@ -161,7 +162,7 @@ module BetterAuth
 
     # @api private
     def self.in_test_env?
-      TEST_ENV_VARS.any? { |k| ENV[k] == "test" }
+      TEST_ENV_VARS.any? { |k| ENV[k] == "test" } || Env.truthy?(ENV["TEST"])
     end
 
     # Decide whether debug mode is active. The option-layer flag wins
@@ -184,9 +185,9 @@ module BetterAuth
     #    requiring `BETTER_AUTH_TELEMETRY_ENDPOINT` to be set.
     # 2. Debug mode active — log the JSON-pretty event via
     #    `logger.info(...)` and skip HTTP entirely (Requirement 5.9).
-    # 3. Default — fire-and-forget JSON `POST` through a short-lived
-    #    background thread calling {HttpClient.post_json}, which
-    #    already swallows transport errors.
+    # 3. Default — fire-and-forget JSON `POST` through a bounded
+    #    {HttpDispatcher}, which calls {HttpClient.post_json} from a
+    #    single short-lived worker.
     #
     # Every branch wraps its dispatch in a `rescue StandardError` that
     # routes the failure through `logger.error(...)`, so callable /
@@ -217,12 +218,9 @@ module BetterAuth
           nil
         end
       else
+        dispatcher = HttpDispatcher.new(endpoint: endpoint, logger: logger)
         lambda do |event|
-          Thread.new do
-            HttpClient.post_json(endpoint, event, logger: logger)
-          rescue => e
-            logger.error("[better-auth.telemetry] http dispatch failed: #{e.class}: #{e.message}")
-          end
+          dispatcher.call(event)
           nil
         rescue => e
           logger.error("[better-auth.telemetry] http dispatch failed: #{e.class}: #{e.message}")

data/lib/better_auth/telemetry/detectors/auth_config.rb

@@ -77,7 +77,7 @@ module BetterAuth
         def call(options, context)
           {
             database: context_value(context, :database),
-            adapter: context_value(context, :adapter),
+            adapter: sanitize_adapter(context_value(context, :adapter)),
             emailVerification: redact_email_verification(options),
             emailAndPassword: redact_email_and_password(options),
             socialProviders: redact_social_providers(options),
@@ -147,6 +147,13 @@ module BetterAuth
           Array(array).length
         end
 
+        def count_metadata(value)
+          return nil if value.nil?
+          return value.length if value.is_a?(Hash) || value.is_a?(Array)
+
+          raw(value)
+        end
+
         # ------------------------------------------------------------------
         # Unified accessor
         # ------------------------------------------------------------------
@@ -335,8 +342,8 @@ module BetterAuth
         def redact_user(opts)
           {
             modelName: raw(fetch_path(opts, [:user, :model_name])),
-            fields: raw(fetch_path(opts, [:user, :fields])),
-            additionalFields: raw(fetch_path(opts, [:user, :additional_fields])),
+            fields: count_metadata(fetch_path(opts, [:user, :fields])),
+            additionalFields: count_metadata(fetch_path(opts, [:user, :additional_fields])),
             changeEmail: {
               enabled: raw(fetch_path(opts, [:user, :change_email, :enabled])),
               sendChangeEmailConfirmation: bool(fetch_path(opts, [:user, :change_email, :send_change_email_confirmation]))
@@ -353,7 +360,7 @@ module BetterAuth
           {
             modelName: raw(fetch_path(opts, [:verification, :model_name])),
             disableCleanup: raw(fetch_path(opts, [:verification, :disable_cleanup])),
-            fields: raw(fetch_path(opts, [:verification, :fields]))
+            fields: count_metadata(fetch_path(opts, [:verification, :fields]))
           }
         end
 
@@ -367,7 +374,7 @@ module BetterAuth
         def redact_session(opts)
           {
             modelName: raw(fetch_path(opts, [:session, :model_name])),
-            additionalFields: raw(fetch_path(opts, [:session, :additional_fields])),
+            additionalFields: count_metadata(fetch_path(opts, [:session, :additional_fields])),
             cookieCache: {
               enabled: raw(fetch_path(opts, [:session, :cookie_cache, :enabled])),
               maxAge: raw(fetch_path(opts, [:session, :cookie_cache, :max_age])),
@@ -375,7 +382,7 @@ module BetterAuth
             },
             disableSessionRefresh: raw(fetch_path(opts, [:session, :disable_session_refresh])),
             expiresIn: raw(fetch_path(opts, [:session, :expires_in])),
-            fields: raw(fetch_path(opts, [:session, :fields])),
+            fields: count_metadata(fetch_path(opts, [:session, :fields])),
             freshAge: raw(fetch_path(opts, [:session, :fresh_age])),
             preserveSessionInDatabase: raw(fetch_path(opts, [:session, :preserve_session_in_database])),
             storeSessionInDatabase: raw(fetch_path(opts, [:session, :store_session_in_database])),
@@ -393,12 +400,12 @@ module BetterAuth
         def redact_account(opts)
           {
             modelName: raw(fetch_path(opts, [:account, :model_name])),
-            fields: raw(fetch_path(opts, [:account, :fields])),
+            fields: count_metadata(fetch_path(opts, [:account, :fields])),
             encryptOAuthTokens: raw(fetch_path(opts, [:account, :encrypt_oauth_tokens])),
             updateAccountOnSignIn: raw(fetch_path(opts, [:account, :update_account_on_sign_in])),
             accountLinking: {
               enabled: raw(fetch_path(opts, [:account, :account_linking, :enabled])),
-              trustedProviders: raw(fetch_path(opts, [:account, :account_linking, :trusted_providers])),
+              trustedProviders: count_metadata(fetch_path(opts, [:account, :account_linking, :trusted_providers])),
               updateUserInfoOnLink: raw(fetch_path(opts, [:account, :account_linking, :update_user_info_on_link])),
               allowUnlinkingAll: raw(fetch_path(opts, [:account, :account_linking, :allow_unlinking_all]))
             }
@@ -464,16 +471,16 @@ module BetterAuth
             crossSubDomainCookies: {
               domain: bool(fetch_path(opts, [:advanced, :cross_sub_domain_cookies, :domain])),
               enabled: raw(fetch_path(opts, [:advanced, :cross_sub_domain_cookies, :enabled])),
-              additionalCookies: raw(fetch_path(opts, [:advanced, :cross_sub_domain_cookies, :additional_cookies]))
+              additionalCookies: count_metadata(fetch_path(opts, [:advanced, :cross_sub_domain_cookies, :additional_cookies]))
             },
             database: {
-              generateId: raw(fetch_path(opts, [:advanced, :database, :generate_id])),
+              generateId: bool(fetch_path(opts, [:advanced, :database, :generate_id])),
               defaultFindManyLimit: raw(fetch_path(opts, [:advanced, :database, :default_find_many_limit]))
             },
             useSecureCookies: raw(fetch_path(opts, [:advanced, :use_secure_cookies])),
             ipAddress: {
               disableIpTracking: raw(fetch_path(opts, [:advanced, :ip_address, :disable_ip_tracking])),
-              ipAddressHeaders: raw(fetch_path(opts, [:advanced, :ip_address, :ip_address_headers]))
+              ipAddressHeaders: count_metadata(fetch_path(opts, [:advanced, :ip_address, :ip_address_headers]))
             },
             disableCSRFCheck: raw(fetch_path(opts, [:advanced, :disable_csrf_check])),
             cookieAttributes: {
@@ -540,7 +547,7 @@ module BetterAuth
         # @return [Hash{Symbol => Object}]
         def redact_on_api_error(opts)
           {
-            errorURL: raw(fetch_path(opts, [:on_api_error, :error_url])),
+            errorURL: bool_present(fetch_path(opts, [:on_api_error, :error_url])),
             onError: bool(fetch_path(opts, [:on_api_error, :on_error])),
             throw: raw(fetch_path(opts, [:on_api_error, :throw]))
           }
@@ -621,6 +628,14 @@ module BetterAuth
           nil
         end
 
+        def sanitize_adapter(value)
+          return "adapter" if value.is_a?(String) && value.include?("::")
+
+          value
+        rescue
+          nil
+        end
+
         # Read the root (first segment) of a `fetch_path` lookup.
         # For a {BetterAuth::Configuration} we call the snake_case
         # reader; for a Hash we look up the key under both symbol

data/lib/better_auth/telemetry/detectors/database.rb

@@ -21,8 +21,9 @@ module BetterAuth
       #
       # 1. **Context override** — when the caller supplied a non-empty
       #    `context.database` string, return it verbatim with
-      #    `version: nil`. This is the upstream `context.database`
-      #    seam.
+      #    `version: nil`. The generic `"adapter"` marker is refined
+      #    from `context.adapter` when it names a known
+      #    `BetterAuth::Adapters::*` class.
       # 2. **Configuration adapter** — when `options` is a
       #    {BetterAuth::Configuration} (or a hash with a `:database`
       #    key) and the value is a known adapter symbol
@@ -62,7 +63,8 @@ module BetterAuth
           "BetterAuth::Adapters::MySQL" => "mysql",
           "BetterAuth::Adapters::SQLite" => "sqlite",
           "BetterAuth::Adapters::MSSQL" => "mssql",
-          "BetterAuth::Adapters::Memory" => "memory"
+          "BetterAuth::Adapters::Memory" => "memory",
+          "BetterAuth::Adapters::MongoDB" => "mongodb"
         }.freeze
 
         # Map from a known {BetterAuth::Configuration#database} symbol
@@ -108,8 +110,10 @@ module BetterAuth
 
         # Read `database` from a {NormalizedContext}-like or hash-like
         # context. Returns the raw string when present and non-empty,
-        # otherwise `nil`. Non-string values (e.g. a symbol set
-        # accidentally) are ignored to keep the wire shape stable.
+        # otherwise `nil`. The generic `"adapter"` marker is refined
+        # from a known `context.adapter` class name when possible.
+        # Non-string values (e.g. a symbol set accidentally) are
+        # ignored to keep the wire shape stable.
         #
         # @param context [#database, Hash, nil]
         # @return [String, nil]
@@ -126,9 +130,33 @@ module BetterAuth
           return nil unless value.is_a?(String)
           return nil if value.empty?
 
+          return context_adapter_identifier(context) || value if value == "adapter"
+
           value
         end
 
+        # Read `adapter` from a {NormalizedContext}-like or hash-like
+        # context and map known `BetterAuth::Adapters::*` class names to
+        # their database identifiers. Unknown names stay generic by
+        # returning `nil` so the caller can preserve `"adapter"`.
+        #
+        # @param context [#adapter, Hash, nil]
+        # @return [String, nil]
+        def context_adapter_identifier(context)
+          return nil if context.nil?
+
+          value =
+            if context.respond_to?(:adapter)
+              context.adapter
+            elsif context.respond_to?(:[])
+              context[:adapter] || context["adapter"]
+            end
+
+          return nil unless value.is_a?(String)
+
+          ADAPTER_CLASS_MAP[value]
+        end
+
         # Translate the configuration's `database` value into a short
         # identifier when it matches a known adapter symbol or a known
         # `BetterAuth::Adapters::*` class.
@@ -170,7 +198,19 @@ module BetterAuth
             return ADAPTER_SYMBOLS[value]
           end
 
-          ADAPTER_CLASS_MAP[value.class.name]
+          ADAPTER_CLASS_MAP[adapter_class_name(value)]
+        end
+
+        # Resolve an object's class name without requiring the class
+        # constant to exist. Some tests and external adapters expose a
+        # class-like singleton object whose `#name` carries the adapter
+        # identifier.
+        #
+        # @param value [Object]
+        # @return [String, nil]
+        def adapter_class_name(value)
+          klass = value.class
+          klass.name if klass.respond_to?(:name)
         end
 
         # Walk {GEM_FALLBACKS} in order and return the first

data/lib/better_auth/telemetry/http_client.rb

@@ -60,6 +60,10 @@ module BetterAuth
       # Bounded `read_timeout` for `Net::HTTP.start`. See Requirement 5.8.
       READ_TIMEOUT_SECONDS = 5
 
+      # Bounded `write_timeout` for request-body writes when supported by
+      # the active Ruby runtime.
+      WRITE_TIMEOUT_SECONDS = 5
+
       # Issue a synchronous JSON `POST` to `url`. Always returns `nil` and
       # never raises a `StandardError`.
       #
@@ -84,9 +88,15 @@ module BetterAuth
           uri.port,
           use_ssl: uri.scheme == "https",
           open_timeout: OPEN_TIMEOUT_SECONDS,
-          read_timeout: READ_TIMEOUT_SECONDS
+          read_timeout: READ_TIMEOUT_SECONDS,
+          write_timeout: WRITE_TIMEOUT_SECONDS
         ) do |http|
-          http.request(request)
+          response = http.request(request)
+          unless response.is_a?(Net::HTTPSuccess)
+            logger.error(
+              "[better-auth.telemetry] http delivery failed: HTTP #{response.code} #{response.message}"
+            )
+          end
         end
 
         nil

data/lib/better_auth/telemetry/http_dispatcher.rb

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+
+module BetterAuth
+  module Telemetry
+    class HttpDispatcher
+      DEFAULT_QUEUE_SIZE = 100
+      IDLE_TIMEOUT_SECONDS = 1.0
+      EMPTY_SLEEP_SECONDS = 0.01
+
+      def initialize(endpoint:, logger:, queue_size: DEFAULT_QUEUE_SIZE)
+        @endpoint = endpoint
+        @logger = logger
+        @queue = SizedQueue.new(queue_size)
+        @mutex = Mutex.new
+        @worker = nil
+      end
+
+      def call(event)
+        enqueue(event)
+        start_worker
+        nil
+      rescue => e
+        @logger.error("[better-auth.telemetry] http dispatch failed: #{e.class}: #{e.message}")
+        nil
+      end
+
+      private
+
+      def enqueue(event)
+        @queue.push(event, true)
+      rescue ThreadError
+        @logger.error("[better-auth.telemetry] http dispatch dropped: queue full")
+      end
+
+      def start_worker
+        @mutex.synchronize do
+          return if @worker&.alive?
+
+          @worker = Thread.new { worker_loop }
+          @worker.report_on_exception = false if @worker.respond_to?(:report_on_exception=)
+        end
+      end
+
+      def worker_loop
+        idle_deadline = monotonic_now + IDLE_TIMEOUT_SECONDS
+
+        loop do
+          event = pop_nonblocking
+          if event
+            idle_deadline = monotonic_now + IDLE_TIMEOUT_SECONDS
+            deliver(event)
+          elsif monotonic_now >= idle_deadline
+            break
+          else
+            sleep EMPTY_SLEEP_SECONDS
+          end
+        end
+      ensure
+        restart = false
+        @mutex.synchronize do
+          @worker = nil if @worker == Thread.current
+          restart = !@queue.empty?
+        end
+        start_worker if restart
+      end
+
+      def pop_nonblocking
+        @queue.pop(true)
+      rescue ThreadError
+        nil
+      end
+
+      def deliver(event)
+        HttpClient.post_json(@endpoint, event, logger: @logger)
+      rescue => e
+        @logger.error("[better-auth.telemetry] http dispatch failed: #{e.class}: #{e.message}")
+      end
+
+      def monotonic_now
+        Process.clock_gettime(Process::CLOCK_MONOTONIC)
+      end
+    end
+  end
+end

data/lib/better_auth/telemetry/project_id.rb

@@ -16,7 +16,7 @@ module BetterAuth
     # `BetterAuth::Telemetry.create` sets `app_name` for the duration of
     # an init flow via {.with_app_name}; outside of that scope the reader
     # returns `nil` and the project-name resolver falls through to the
-    # next rule in the chain (Bundler.locked_gems → Bundler.root).
+    # Bundler root directory name.
     #
     # The store is per-thread so concurrent `create` calls in different
     # threads don't clobber each other.
@@ -59,10 +59,8 @@ module BetterAuth
     #
     # 1. {CurrentOptions.app_name} — when set and not the default
     #    `"Better Auth"`.
-    # 2. The first entry of `Bundler.locked_gems.specs` — the
-    #    Gemfile.lock-pinned name of the current project.
-    # 3. `File.basename(Bundler.root)` — the directory name of the
-    #    Gemfile root, used when the lockfile yields nothing useful.
+    # 2. `File.basename(Bundler.root)` — the directory name of the
+    #    Gemfile root.
     #
     # Every fallback is wrapped in `rescue StandardError; nil` so that a
     # missing Bundler load, an unreadable lockfile, or any unrelated
@@ -78,7 +76,7 @@ module BetterAuth
       # @return [String, nil] the resolved project name, or `nil` when
       #   no rule produced a non-empty string.
       def resolve_project_name
-        from_app_name || from_locked_gems || from_bundler_root
+        from_app_name || from_bundler_root
       rescue
         nil
       end
@@ -100,10 +98,9 @@ module BetterAuth
         nil
       end
 
-      # First gemspec in `Bundler.locked_gems.specs`. Mirrors the
-      # upstream `package.json#name` lookup. Returns `nil` when Bundler
-      # is not loaded, no lockfile is locatable, or the spec list is
-      # empty.
+      # Legacy helper retained as a test seam for older specs. The
+      # resolver no longer uses the first locked dependency as project
+      # identity because that can collide across unrelated apps.
       #
       # @return [String, nil]
       def from_locked_gems
@@ -142,15 +139,14 @@ module BetterAuth
       end
     end
 
-    @project_id_cache = nil
+    @project_id_cache = {}
     @project_id_mutex = Mutex.new
 
     # Resolve a stable, anonymous project id for telemetry.
     #
-    # The id is derived once per process and memoized; subsequent calls
-    # — regardless of the `base_url` they pass — return the cached
-    # value (Requirement 14.6). This mirrors the upstream
-    # `projectIdCached` module-scope variable.
+    # The id is memoized by normalized `(base_url, project_name)` input
+    # so multi-app Ruby processes do not collapse every auth instance
+    # into the first derived anonymous id.
     #
     # ## Derivation chain (Requirements 14.2 – 14.5)
     #
@@ -163,22 +159,26 @@ module BetterAuth
     # 4. Otherwise: a random 32-character `[a-zA-Z0-9]` id from
     #    `SecureRandom`, matching upstream `generateId(32)`.
     #
-    # The Bundler/lockfile probes inside {ProjectId.resolve_project_name}
-    # never raise out of this method (Requirement 14.8); a failed probe
-    # collapses to "no project name" and the chain continues at rule 3
-    # or rule 4.
+    # The Bundler probe inside {ProjectId.resolve_project_name} never
+    # raises out of this method; a failed probe collapses to "no project
+    # name" and the chain continues at rule 3 or rule 4.
     #
     # @param base_url [String, nil] the host's configured base URL.
     # @return [String] the memoized anonymous project id.
     def self.project_id(base_url)
-      cached = @project_id_cache
+      url = normalize_base_url(base_url)
+      name = ProjectId.resolve_project_name
+      name = nil if name.is_a?(String) && name.empty?
+      cache_key = [url, name]
+
+      cached = @project_id_cache[cache_key]
       return cached if cached
 
       @project_id_mutex.synchronize do
-        cached = @project_id_cache
+        cached = @project_id_cache[cache_key]
         return cached if cached
 
-        @project_id_cache = derive_project_id(base_url)
+        @project_id_cache[cache_key] = derive_project_id(url, name)
       end
     end
 
@@ -192,19 +192,13 @@ module BetterAuth
     # @return [nil]
     def self.reset_project_id!
       @project_id_mutex.synchronize do
-        @project_id_cache = nil
+        @project_id_cache = {}
       end
       nil
     end
 
     # @api private
-    def self.derive_project_id(base_url)
-      url = base_url.is_a?(String) ? base_url : nil
-      url = nil if url && url.empty?
-
-      name = ProjectId.resolve_project_name
-      name = nil if name.is_a?(String) && name.empty?
-
+    def self.derive_project_id(url, name)
       if name && url
         hash_to_base64(url + name)
       elsif name
@@ -216,6 +210,12 @@ module BetterAuth
       end
     end
 
+    # @api private
+    def self.normalize_base_url(base_url)
+      url = base_url.is_a?(String) ? base_url : nil
+      (url && url.empty?) ? nil : url
+    end
+
     # @api private
     def self.hash_to_base64(input)
       Base64.strict_encode64(Digest::SHA256.digest(input.to_s))

data/lib/better_auth/telemetry/publisher.rb

@@ -31,9 +31,9 @@ module BetterAuth
     #    never escape `#publish`.
     #
     # The publisher is intentionally stateless beyond the cached
-    # `anonymous_id`: there is no internal queue and no batching. It calls
-    # the supplied `track` lambda synchronously; the HTTP track implementation
-    # may then hand the actual POST to a short-lived background thread.
+    # `anonymous_id`: delivery mode is owned by the supplied `track`
+    # lambda. The HTTP track implementation enqueues into a bounded
+    # background dispatcher.
     #
     # @example wiring with a `RecordingTrack` (test seam)
     #   recorder = BetterAuth::Telemetry::Test::RecordingTrack.new

data/lib/better_auth/telemetry/version.rb

@@ -2,6 +2,6 @@
 
 module BetterAuth
   module Telemetry
-    VERSION = "0.8.0"
+    VERSION = "0.10.0"
   end
 end

data/lib/better_auth/telemetry.rb

@@ -45,6 +45,7 @@ require_relative "telemetry/logger_adapter"
 require_relative "telemetry/options"
 require_relative "telemetry/env"
 require_relative "telemetry/http_client"
+require_relative "telemetry/http_dispatcher"
 require_relative "telemetry/project_id"
 require_relative "telemetry/publisher"
 require_relative "telemetry/create"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: better_auth-telemetry
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Sebastian Sala
@@ -103,20 +103,21 @@ files:
 - lib/better_auth/telemetry/detectors/system_info.rb
 - lib/better_auth/telemetry/env.rb
 - lib/better_auth/telemetry/http_client.rb
+- lib/better_auth/telemetry/http_dispatcher.rb
 - lib/better_auth/telemetry/logger_adapter.rb
 - lib/better_auth/telemetry/noop_publisher.rb
 - lib/better_auth/telemetry/options.rb
 - lib/better_auth/telemetry/project_id.rb
 - lib/better_auth/telemetry/publisher.rb
 - lib/better_auth/telemetry/version.rb
-homepage: https://github.com/sebasxsala/better-auth
+homepage: https://github.com/sebasxsala/better-auth-rb
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/sebasxsala/better-auth
-  source_code_uri: https://github.com/sebasxsala/better-auth
-  changelog_uri: https://github.com/sebasxsala/better-auth/blob/main/packages/better_auth-telemetry/CHANGELOG.md
-  bug_tracker_uri: https://github.com/sebasxsala/better-auth/issues
+  homepage_uri: https://github.com/sebasxsala/better-auth-rb
+  source_code_uri: https://github.com/sebasxsala/better-auth-rb
+  changelog_uri: https://github.com/sebasxsala/better-auth-rb/blob/main/packages/better_auth-telemetry/CHANGELOG.md
+  bug_tracker_uri: https://github.com/sebasxsala/better-auth-rb/issues
 rdoc_options: []
 require_paths:
 - lib