@01.software/sdk 0.12.1 → 0.14.0

package/README.md

@@ -21,10 +21,18 @@ pnpm add @01.software/sdk
 - Automatic retry with exponential backoff (non-retryable: 401, 403, 404, 422)
 - Webhook handling with HMAC-SHA256 signature verification
 - Sub-path imports (`./webhook`, `./realtime`, `./ui/*`) for tree-shaking
-- Type-safe read-only `from()` for Client (compile-time write prevention)
+- Type-safe read-only `collections.from()` for Client (compile-time write prevention)
 
 ### Sub-path Imports
 
+```typescript
+// Analytics — browser pageview tracking + custom events
+import { createAnalytics } from '@01.software/sdk/analytics'
+const analytics = createAnalytics({ publishableKey: 'pk_xxx' })
+// auto-tracks pageviews; call analytics.pageview('/custom-path') manually if needed
+analytics.track('signup', { plan: 'pro', trial: false }) // custom event with optional props
+```
+
 ```typescript
 // Main entry - clients, query builder, hooks, utilities
 import { createClient, createServerClient } from '@01.software/sdk'
@@ -59,7 +67,7 @@ const client = createClient({
 })
 
 // Query data (returns Payload native response)
-const { docs } = await client.from('products').find({
+const { docs } = await client.collections.from('products').find({
   limit: 10,
   where: { status: { equals: 'published' } },
 })
@@ -76,18 +84,18 @@ const client = createServerClient({
 })
 
 // Create order (server only)
-const order = await client.api.createOrder({
+const order = await server.commerce.orders.create({
   orderNumber: generateOrderNumber(),
   customerSnapshot: { email: 'user@example.com' },
   shippingAddress: { recipientName: 'John', phone: '010-1234-5678', postalCode: '12345', address1: 'Seoul', address2: 'Apt 101' },
-  orderProducts: [...],
+  orderItems: [...],
   totalAmount: 10000,
-  paymentId: 'pay_123', // optional (omit for free orders)
+  pgPaymentId: 'pay_123', // optional (omit for free orders)
   discountCode: 'WELCOME10', // optional
 })
 
 // SSR prefetch (server)
-await client.query.prefetchQuery({
+await server.query.prefetchQuery({
   collection: 'products',
   options: { limit: 10 },
 })
@@ -101,6 +109,12 @@ await client.query.prefetchQuery({
 const client = createClient({
   publishableKey: string, // Required
 })
+
+const server = createServerClient({
+  publishableKey: string,
+  secretKey: string,      // sk01_... or pat01_...
+  tenantId: string,       // required when secretKey is pat01_
+})
 ```
 
 | Option           | Type     | Description                  |
@@ -115,13 +129,13 @@ API URL은 환경변수로 오버라이드 가능합니다:
 
 ### Query Builder
 
-Access collections via `client.from(collection)` method.
+Access collections via `client.collections.from(slug)`.
 
-> **Note:** `Client.from()` returns a `ReadOnlyQueryBuilder` (only `find`, `findById`, `count`, `findMetadata`, `findMetadataById`). Write operations (`create`, `update`, `remove`, `updateMany`, `removeMany`) are only available on `ServerClient.from()`.
+> **Note:** `client.collections.from()` returns a `ReadOnlyQueryBuilder` (only `find`, `findById`, `count`, `findMetadata`, `findMetadataById`). Write operations (`create`, `update`, `remove`, `updateMany`, `removeMany`) are only available on `server.collections.from()`.
 
 ```typescript
 // List query - returns PayloadFindResponse
-const { docs, totalDocs, hasNextPage } = await client.from('products').find({
+const { docs, totalDocs, hasNextPage } = await client.collections.from('products').find({
   limit: 20,
   page: 1,
   sort: '-createdAt',
@@ -131,57 +145,57 @@ const { docs, totalDocs, hasNextPage } = await client.from('products').find({
 })
 
 // Query with populate/joins control
-const { docs } = await client.from('products').find({
+const { docs } = await client.collections.from('products').find({
   select: { title: true, slug: true, price: true, thumbnail: true },
   joins: false, // disable joins for lightweight list
 })
 
 // Override relationship populate
-const product = await client.from('products').findById(id, {
+const product = await client.collections.from('products').findById(id, {
   populate: { brands: { name: true, logo: true } },
   joins: { variants: { limit: 50 } },
 })
 
 // Single item query - returns document directly
-const product = await client.from('products').findById('id')
+const product = await client.collections.from('products').findById('id')
 
 // Create (server only) - returns PayloadMutationResponse
-const { doc, message } = await client
+const { doc, message } = await server.collections
   .from('products')
   .create({ name: 'Product' })
 
 // Create with file upload (server only) - uses multipart/form-data
-const { doc } = await client
+const { doc } = await server.collections
   .from('images')
   .create({ alt: 'Hero image' }, { file: imageFile, filename: 'hero.jpg' })
 
 // Update (server only) - returns PayloadMutationResponse
-const { doc } = await client.from('products').update('id', { name: 'Updated' })
+const { doc } = await server.collections.from('products').update('id', { name: 'Updated' })
 
 // Update with file replacement (server only)
-await client.from('images').update('id', { alt: 'New alt' }, { file: newFile })
+await server.collections.from('images').update('id', { alt: 'New alt' }, { file: newFile })
 
 // Delete (server only) - returns document directly
-const deletedDoc = await client.from('products').remove('id')
+const deletedDoc = await server.collections.from('products').remove('id')
 
 // Count
-const { totalDocs } = await client.from('products').count()
+const { totalDocs } = await client.collections.from('products').count()
 
 // SEO Metadata (fetch + generate in one call, depth: 1 auto-applied)
-const metadata = await client
+const metadata = await client.collections
   .from('products')
   .findMetadata(
     { where: { slug: { equals: 'my-product' } } },
     { siteName: 'My Store' },
   )
 
-const metadataById = await client.from('products').findMetadataById('id', {
+const metadataById = await client.collections.from('products').findMetadataById('id', {
   siteName: 'My Store',
 })
 
 // Bulk operations (server only)
-await client.from('products').updateMany(where, data)
-await client.from('products').removeMany(where)
+await server.collections.from('products').updateMany(where, data)
+await server.collections.from('products').removeMany(where)
 ```
 
 ### API Response Types (Payload Native)
@@ -303,7 +317,7 @@ client.query.setCustomerData(profile)
 
 ### Customer Auth
 
-Available on Client via `client.customer.*`.
+Available on Client via `client.customer.auth.*`.
 
 ```typescript
 const client = createClient({
@@ -312,83 +326,114 @@ const client = createClient({
 })
 
 // Register & login
-const { customer } = await client.customer.register({
+const { customer } = await client.customer.auth.register({
   name: 'John',
   email: 'john@example.com',
   password: 'secure123',
 })
-const { token, customer } = await client.customer.login({
+const { token, customer } = await client.customer.auth.login({
   email: 'john@example.com',
   password: 'secure123',
 })
 
 // Profile & token management
-const profile = await client.customer.me()
-client.customer.isAuthenticated()
-client.customer.logout()
+const profile = await client.customer.auth.me()
+client.customer.auth.isAuthenticated()
+client.customer.auth.logout()
 
-// Orders
-const orders = await client.customer.getMyOrders({
+// Authenticated customer's own orders (Client-only)
+const orders = await client.commerce.orders.listMine({
   page: 1,
   limit: 10,
   status: 'paid',
 })
 
 // Password & email
-await client.customer.forgotPassword('john@example.com')
-await client.customer.resetPassword(token, newPassword)
-await client.customer.changePassword(currentPassword, newPassword)
-await client.customer.verifyEmail(verificationToken)
+await client.customer.auth.forgotPassword('john@example.com')
+await client.customer.auth.resetPassword(token, newPassword)
+await client.customer.auth.changePassword(currentPassword, newPassword)
+await client.customer.auth.verifyEmail(verificationToken)
 ```
 
-### Server API
+### Commerce Orders (ServerClient-only writes)
 
-Available only in ServerClient via `client.api.*`.
+Available on ServerClient via `server.commerce.orders.*`. Only `checkout` and `listMine` are also on Client.
 
 ```typescript
 // Orders
-await client.api.createOrder(params)
-await client.api.updateOrder({ orderNumber, status })
-await client.api.getOrder({ orderNumber })
-await client.api.checkout({ cartId, paymentId, orderNumber, customerSnapshot, discountCode? })
+await server.commerce.orders.create(params)
+await server.commerce.orders.update({ orderNumber, status })
+await server.commerce.orders.checkout({ cartId, pgPaymentId?, orderNumber, customerSnapshot, discountCode? })
+
+// Single-order lookup (getOrder endpoint removed — use collection find)
+const { docs: [order] } = await server.collections.from('orders').find({
+  where: { orderNumber: { equals: 'ORD-...' } },
+  limit: 1,
+  depth: 1,
+})
 
 // Fulfillment & transactions
-await client.api.createFulfillment({ orderNumber, carrier, trackingNumber, items })
-await client.api.updateTransaction({ paymentId, status, paymentMethod, receiptUrl })
+await server.commerce.orders.createFulfillment({ orderNumber, carrier, trackingNumber, items })
+await server.commerce.orders.bulkImportFulfillments({ items: [{ orderNumber, carrier?, trackingNumber? }] })
+await server.commerce.orders.updateTransaction({ pgPaymentId, status, paymentMethod, receiptUrl })
 
 // Returns
-await client.api.createReturn({ orderNumber, returnProducts, refundAmount, reason? })
-await client.api.updateReturn({ returnId, status })
-await client.api.returnWithRefund({ orderNumber, returnProducts, refundAmount, paymentId })
+await server.commerce.orders.createReturn({ orderNumber, returnItems, refundAmount, reason? })
+await server.commerce.orders.updateReturn({ returnId, status })
+await server.commerce.orders.returnWithRefund({ orderNumber, returnItems, refundAmount, pgPaymentId })
 ```
 
-### Product API
+### Commerce Discounts / Shipping
 
-Available only in ServerClient via `client.product.*`.
+Available on both Client (customer JWT) and ServerClient (secretKey).
 
 ```typescript
-// Batch stock check
-const { results, allAvailable } = await client.product.stockCheck({
+await client.commerce.discounts.validate({ code, orderAmount })
+await client.commerce.shipping.calculate({ shippingPolicyId?, orderAmount, postalCode? })
+// calculateShipping returns: { shippingAmount, baseShippingAmount, extraShippingAmount, freeShipping, freeShippingMinAmount, isJeju, isRemoteIsland }
+```
+
+### Commerce Product
+
+Available on both Client and ServerClient via `commerce.product.*`.
+
+```typescript
+// Batch stock check (point-in-time read, NOT a reservation)
+const { results, allAvailable } = await client.commerce.product.stockCheck({
   items: [
-    { optionId: 1, quantity: 2 },
-    { optionId: 3, quantity: 1 },
+    { variantId: '...', quantity: 2 },
   ],
 })
 ```
 
-### Cart API
+### Commerce Cart
 
-Available in both ServerClient and Client via `client.cart.*`.
+Available on both Client and ServerClient via `commerce.cart.*`.
 
 ```typescript
 // Add item to cart
-await client.cart.addItem({ cartId, product, variant, option, quantity })
+await client.commerce.cart.addItem({ cartId, product, variant, option, quantity })
 
 // Update item quantity
-await client.cart.updateItem({ cartItemId, quantity })
+await client.commerce.cart.updateItem({ cartItemId, quantity })
 
 // Remove item from cart
-await client.cart.removeItem({ cartItemId })
+await client.commerce.cart.removeItem({ cartItemId })
+
+// Other cart operations
+await client.commerce.cart.get(cartId)
+await client.commerce.cart.applyDiscount({ cartId, discountCode })
+await client.commerce.cart.removeDiscount({ cartId })
+await client.commerce.cart.clear({ cartId })
+```
+
+### Community Moderation (ServerClient-only)
+
+Available only on ServerClient via `server.community.moderation.*`.
+
+```typescript
+await server.community.moderation.banCustomer({ customerId, isPermanent?, bannedUntil?, reason? })
+await server.community.moderation.unbanCustomer({ customerId })
 ```
 
 ### Webhook
@@ -520,7 +565,7 @@ The SDK throws typed errors instead of returning error responses:
 import { isNetworkError, isApiError, isValidationError } from '@01.software/sdk'
 
 try {
-  const { docs } = await client.from('products').find()
+  const { docs } = await client.collections.from('products').find()
 } catch (error) {
   if (isNetworkError(error)) {
     console.error('Network issue:', error.message)

package/dist/analytics.cjs

@@ -0,0 +1,207 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/analytics.ts
+var analytics_exports = {};
+__export(analytics_exports, {
+  createAnalytics: () => createAnalytics
+});
+module.exports = __toCommonJS(analytics_exports);
+
+// src/core/client/types.ts
+function resolveApiUrl() {
+  if (typeof process !== "undefined" && process.env) {
+    const envUrl = process.env.SOFTWARE_API_URL || process.env.NEXT_PUBLIC_SOFTWARE_API_URL;
+    if (envUrl) {
+      return envUrl.replace(/\/$/, "");
+    }
+  }
+  return "https://api.01.software";
+}
+
+// src/analytics.ts
+function createAnalytics(config) {
+  if (typeof window === "undefined") {
+    return { pageview() {
+    }, track() {
+    }, destroy() {
+    } };
+  }
+  const endpoint = config.endpoint ?? `${resolveApiUrl()}/api/analytics/collect`;
+  const respectDnt = config.respectDnt !== false;
+  function isDntActive() {
+    if (!respectDnt) return false;
+    const nav = navigator;
+    return nav.doNotTrack === "1" || nav.globalPrivacyControl === true;
+  }
+  let lastPath = null;
+  let lastAt = 0;
+  const autoTrack = config.autoTrack !== false;
+  const originalPushState = history.pushState;
+  const originalReplaceState = history.replaceState;
+  let destroyed = false;
+  function newEventId() {
+    return typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : String(Date.now()) + String(Math.random());
+  }
+  function sendBeaconOrFetch(body) {
+    try {
+      if (typeof navigator.sendBeacon === "function") {
+        const blob = new Blob([body], { type: "text/plain" });
+        const sent = navigator.sendBeacon(endpoint, blob);
+        if (sent) return;
+      }
+      fetch(endpoint, {
+        method: "POST",
+        keepalive: true,
+        headers: { "Content-Type": "application/json" },
+        body
+      }).catch(() => {
+      });
+    } catch {
+    }
+  }
+  function sendPageview(pathname) {
+    if (isDntActive()) return;
+    const doc = document;
+    if (doc.prerendering === true || document.visibilityState === "prerender") return;
+    const now = Date.now();
+    if (pathname === lastPath && now - lastAt < 500) return;
+    lastPath = pathname;
+    lastAt = now;
+    const body = JSON.stringify({
+      publishableKey: config.publishableKey,
+      pathname,
+      referrer: document.referrer || "",
+      eventId: newEventId()
+    });
+    sendBeaconOrFetch(body);
+  }
+  function trackCurrentPath() {
+    if (destroyed) return;
+    sendPageview(location.pathname);
+  }
+  function patchedPushState(data, unused, url) {
+    originalPushState.apply(this, [data, unused, url]);
+    if (!destroyed) setTimeout(trackCurrentPath, 0);
+  }
+  function patchedReplaceState(data, unused, url) {
+    originalReplaceState.apply(this, [data, unused, url]);
+    if (!destroyed) setTimeout(trackCurrentPath, 0);
+  }
+  if (autoTrack) {
+    history.pushState = patchedPushState;
+    history.replaceState = patchedReplaceState;
+    window.addEventListener("popstate", trackCurrentPath);
+    if (document.readyState === "complete") {
+      trackCurrentPath();
+    } else {
+      window.addEventListener("load", trackCurrentPath, { once: true });
+    }
+  }
+  const isProduction = (() => {
+    try {
+      const hostname = location.hostname;
+      return hostname !== "localhost" && hostname !== "127.0.0.1" && !hostname.endsWith(".local");
+    } catch {
+      return true;
+    }
+  })();
+  const warnedReasons = /* @__PURE__ */ new Set();
+  function devWarn(name, reason) {
+    if (isProduction) return;
+    if (warnedReasons.has(reason)) return;
+    warnedReasons.add(reason);
+    console.warn(`[01 analytics] dropped event ${name}: ${reason}`);
+  }
+  const EVENT_NAME_RE = /^[a-zA-Z][a-zA-Z0-9_:-]{0,49}$/;
+  const RESERVED_PREFIXES = ["__", "_pv_"];
+  function validateEventName(name) {
+    if (!name || typeof name !== "string") return "name-empty";
+    for (const prefix of RESERVED_PREFIXES) {
+      if (name.startsWith(prefix)) return "name-reserved";
+    }
+    if (!EVENT_NAME_RE.test(name)) return "name-regex";
+    return null;
+  }
+  const PROP_KEY_RE = /^[a-zA-Z_][a-zA-Z0-9_]{0,31}$/;
+  function validateEventProps(props) {
+    if (props === void 0 || props === null) return null;
+    if (typeof props !== "object" || Array.isArray(props)) return "props-value-type";
+    const keys = Object.keys(props);
+    if (keys.length > 10) return "props-too-many-keys";
+    for (const k of keys) {
+      const v = props[k];
+      if (!PROP_KEY_RE.test(k)) return "props-key-regex";
+      if (typeof v === "string") {
+        if (v.length > 80) return "props-value-too-long";
+      } else if (typeof v === "number") {
+        if (!isFinite(v)) return "props-value-not-finite";
+      } else if (typeof v === "boolean") {
+      } else {
+        return "props-value-type";
+      }
+    }
+    return null;
+  }
+  return {
+    pageview(path) {
+      if (destroyed) return;
+      sendPageview(path ?? location.pathname);
+    },
+    track(name, props) {
+      if (destroyed) return;
+      if (isDntActive()) return;
+      const doc = document;
+      if (doc.prerendering === true || document.visibilityState === "prerender") return;
+      const nameErr = validateEventName(name);
+      if (nameErr) {
+        devWarn(name, nameErr);
+        return;
+      }
+      if (props !== void 0) {
+        const propsErr = validateEventProps(props);
+        if (propsErr) {
+          devWarn(name, propsErr);
+          return;
+        }
+      }
+      const body = JSON.stringify({
+        publishableKey: config.publishableKey,
+        pathname: location.pathname,
+        referrer: document.referrer || "",
+        eventId: newEventId(),
+        eventName: name,
+        eventProps: props
+      });
+      sendBeaconOrFetch(body);
+    },
+    destroy() {
+      if (destroyed) return;
+      destroyed = true;
+      if (autoTrack) {
+        history.pushState = originalPushState;
+        history.replaceState = originalReplaceState;
+        window.removeEventListener("popstate", trackCurrentPath);
+      }
+      lastPath = null;
+      lastAt = 0;
+    }
+  };
+}
+//# sourceMappingURL=analytics.cjs.map

package/dist/analytics.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/analytics.ts","../src/core/client/types.ts"],"sourcesContent":["/**\n * @01.software/sdk — Analytics Helper\n */\n\n/* ANALYTICS INVARIANTS START\n * @01.software/sdk — Analytics Helper\n *\n * ANALYTICS INVARIANTS\n * ====================\n * These invariants are the single source of truth for observable behavior.\n * They are mirrored verbatim in apps/console/src/app/api/analytics/script.js/route.ts.\n * Any change here MUST be reflected there, and vice versa.\n *\n * 1. DNT/GPC respect: when config.respectDnt !== false (default true) AND\n *    (navigator.doNotTrack === '1' OR navigator.globalPrivacyControl === true),\n *    all methods become no-ops. Zero network requests are made.\n *\n * 2. Prerender skip: when document.prerendering === true OR\n *    document.visibilityState === 'prerender', pageview() sends zero requests.\n *\n * 3. 500ms same-path dedup: a pageview for the same pathname within 500ms of\n *    the previous send is silently dropped. After 500ms the next call sends.\n *\n * 4. Transport: sendBeacon → fetch keepalive fallback.\n *    Primary: navigator.sendBeacon(endpoint, new Blob([json], { type: 'text/plain' })).\n *    Fallback (sendBeacon unavailable OR returns false):\n *      fetch(endpoint, { method: 'POST', keepalive: true,\n *        headers: { 'Content-Type': 'application/json' }, body: json }).catch(() => {})\n *\n * 5. Body-only publishableKey: publishableKey is always in the request body,\n *    never in any HTTP header.\n *\n * 6. SSR no-op: when typeof window === 'undefined', createAnalytics() returns\n *    a stub where all methods are no-ops. No side effects occur.\n *\n * 7. Error swallowing: all transport errors are caught and swallowed.\n *    createAnalytics() and all returned methods never throw into the caller.\n * ANALYTICS INVARIANTS END */\n\nimport { resolveApiUrl } from './core/client/types'\n\n// ============================================================================\n// Public Types\n// ============================================================================\n\nexport interface AnalyticsConfig {\n  publishableKey: string\n  /** Override the collect endpoint URL. Defaults to {SDK_BASE_URL}/api/analytics/collect */\n  endpoint?: string\n  /** Auto-patch history.pushState/replaceState and listen to popstate. Default: true */\n  autoTrack?: boolean\n  /** Respect navigator.doNotTrack and navigator.globalPrivacyControl. Default: true */\n  respectDnt?: boolean\n}\n\nexport interface Analytics {\n  pageview(path?: string): void\n  track(name: string, props?: Record<string, string | number | boolean>): void\n  destroy(): void\n}\n\n// ============================================================================\n// Implementation\n// ============================================================================\n\nexport function createAnalytics(config: AnalyticsConfig): Analytics {\n  // INVARIANT 6: SSR no-op\n  if (typeof window === 'undefined') {\n    return { pageview() {}, track() {}, destroy() {} }\n  }\n\n  const endpoint =\n    config.endpoint ?? `${resolveApiUrl()}/api/analytics/collect`\n\n  // INVARIANT 1: DNT/GPC check (evaluated once at init; stays as closure)\n  const respectDnt = config.respectDnt !== false\n  function isDntActive(): boolean {\n    if (!respectDnt) return false\n    const nav = navigator as Navigator & { globalPrivacyControl?: boolean }\n    return nav.doNotTrack === '1' || nav.globalPrivacyControl === true\n  }\n\n  // INVARIANT 3: 500ms same-path dedup state\n  let lastPath: string | null = null\n  let lastAt = 0\n\n  // autoTrack state — save originals for destroy()\n  const autoTrack = config.autoTrack !== false\n  const originalPushState = history.pushState\n  const originalReplaceState = history.replaceState\n  let destroyed = false\n\n  // -------------------------------------------------------------------------\n  // Core send logic\n  // -------------------------------------------------------------------------\n\n  // Generate a unique event ID (crypto.randomUUID when available, Date+Math.random fallback)\n  function newEventId(): string {\n    return typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function'\n      ? crypto.randomUUID()\n      : String(Date.now()) + String(Math.random())\n  }\n\n  // INVARIANT 4: sendBeacon → fetch keepalive fallback\n  // INVARIANT 5: publishableKey in body only\n  function sendBeaconOrFetch(body: string): void {\n    try {\n      if (typeof navigator.sendBeacon === 'function') {\n        const blob = new Blob([body], { type: 'text/plain' })\n        const sent = navigator.sendBeacon(endpoint, blob)\n        if (sent) return\n        // sent === false → fall through to fetch\n      }\n      // Fetch fallback\n      fetch(endpoint, {\n        method: 'POST',\n        keepalive: true,\n        headers: { 'Content-Type': 'application/json' },\n        body,\n      }).catch(() => {})\n    } catch {\n      // INVARIANT 7: swallow all errors\n    }\n  }\n\n  function sendPageview(pathname: string): void {\n    // INVARIANT 1: DNT/GPC\n    if (isDntActive()) return\n\n    // INVARIANT 2: prerender skip\n    const doc = document as Document & { prerendering?: boolean }\n    // visibilityState cast to string to accommodate non-standard 'prerender' value\n    if (doc.prerendering === true || (document.visibilityState as string) === 'prerender') return\n\n    // INVARIANT 3: 500ms same-path dedup\n    const now = Date.now()\n    if (pathname === lastPath && now - lastAt < 500) return\n    lastPath = pathname\n    lastAt = now\n\n    const body = JSON.stringify({\n      publishableKey: config.publishableKey,\n      pathname,\n      referrer: document.referrer || '',\n      eventId: newEventId(),\n    })\n\n    sendBeaconOrFetch(body)\n  }\n\n  // -------------------------------------------------------------------------\n  // autoTrack: patch history methods + listen to popstate\n  // -------------------------------------------------------------------------\n  function trackCurrentPath(): void {\n    if (destroyed) return\n    sendPageview(location.pathname)\n  }\n\n  function patchedPushState(\n    this: History,\n    data: unknown,\n    unused: string,\n    url?: string | URL | null,\n  ): void {\n    originalPushState.apply(this, [data, unused, url] as Parameters<typeof history.pushState>)\n    if (!destroyed) setTimeout(trackCurrentPath, 0)\n  }\n\n  function patchedReplaceState(\n    this: History,\n    data: unknown,\n    unused: string,\n    url?: string | URL | null,\n  ): void {\n    originalReplaceState.apply(this, [data, unused, url] as Parameters<typeof history.replaceState>)\n    if (!destroyed) setTimeout(trackCurrentPath, 0)\n  }\n\n  if (autoTrack) {\n    history.pushState = patchedPushState\n    history.replaceState = patchedReplaceState\n    window.addEventListener('popstate', trackCurrentPath)\n\n    // Initial pageview\n    if (document.readyState === 'complete') {\n      trackCurrentPath()\n    } else {\n      window.addEventListener('load', trackCurrentPath, { once: true })\n    }\n  }\n\n  // -------------------------------------------------------------------------\n  // track() — client-side validation + send\n  // -------------------------------------------------------------------------\n\n  // Dev-mode detection: warn in dev, silent in production.\n  // process.env.NODE_ENV is unreliable in browser bundles (tsup does not replace it\n  // by default). Instead we detect production at runtime via hostname heuristics.\n  // SSR (window undefined) is caught at the top of createAnalytics and returns a\n  // stub, so window is always defined here.\n  const isProduction: boolean = (() => {\n    try {\n      const hostname = location.hostname\n      return (\n        hostname !== 'localhost' &&\n        hostname !== '127.0.0.1' &&\n        !hostname.endsWith('.local')\n      )\n    } catch {\n      // hostname access failed (non-browser) — default to silent\n      return true\n    }\n  })()\n\n  // One-shot warn dedup per reason per page load (keyed by reason only)\n  const warnedReasons = new Set<string>()\n\n  function devWarn(name: string, reason: string): void {\n    if (isProduction) return\n    if (warnedReasons.has(reason)) return\n    warnedReasons.add(reason)\n    console.warn(`[01 analytics] dropped event ${name}: ${reason}`)\n  }\n\n  const EVENT_NAME_RE = /^[a-zA-Z][a-zA-Z0-9_:-]{0,49}$/\n  const RESERVED_PREFIXES = ['__', '_pv_']\n\n  function validateEventName(name: string): string | null {\n    if (!name || typeof name !== 'string') return 'name-empty'\n    for (const prefix of RESERVED_PREFIXES) {\n      if (name.startsWith(prefix)) return 'name-reserved'\n    }\n    if (!EVENT_NAME_RE.test(name)) return 'name-regex'\n    return null\n  }\n\n  const PROP_KEY_RE = /^[a-zA-Z_][a-zA-Z0-9_]{0,31}$/\n\n  function validateEventProps(\n    props: Record<string, string | number | boolean> | undefined,\n  ): string | null {\n    if (props === undefined || props === null) return null\n    if (typeof props !== 'object' || Array.isArray(props)) return 'props-value-type'\n    const keys = Object.keys(props)\n    if (keys.length > 10) return 'props-too-many-keys'\n    for (const k of keys) {\n      const v = props[k]\n      if (!PROP_KEY_RE.test(k)) return 'props-key-regex'\n      if (typeof v === 'string') {\n        if (v.length > 80) return 'props-value-too-long'\n      } else if (typeof v === 'number') {\n        if (!isFinite(v)) return 'props-value-not-finite'\n      } else if (typeof v === 'boolean') {\n        // ok\n      } else {\n        return 'props-value-type'\n      }\n    }\n    return null\n  }\n\n  // -------------------------------------------------------------------------\n  // Public API\n  // -------------------------------------------------------------------------\n  return {\n    pageview(path?: string): void {\n      if (destroyed) return\n      sendPageview(path ?? location.pathname)\n    },\n\n    track(name: string, props?: Record<string, string | number | boolean>): void {\n      if (destroyed) return\n\n      // INVARIANT 1: DNT/GPC (same as pageview)\n      if (isDntActive()) return\n\n      // INVARIANT 2: prerender skip\n      const doc = document as Document & { prerendering?: boolean }\n      if (doc.prerendering === true || (document.visibilityState as string) === 'prerender') return\n\n      // Client-side validation\n      const nameErr = validateEventName(name)\n      if (nameErr) {\n        devWarn(name, nameErr)\n        return\n      }\n\n      if (props !== undefined) {\n        const propsErr = validateEventProps(props)\n        if (propsErr) {\n          devWarn(name, propsErr)\n          return\n        }\n      }\n\n      // Build body — no dedup for track() events\n      const body = JSON.stringify({\n        publishableKey: config.publishableKey,\n        pathname: location.pathname,\n        referrer: document.referrer || '',\n        eventId: newEventId(),\n        eventName: name,\n        eventProps: props,\n      })\n\n      sendBeaconOrFetch(body)\n    },\n\n    destroy(): void {\n      if (destroyed) return\n      destroyed = true\n\n      if (autoTrack) {\n        // Restore original history methods\n        history.pushState = originalPushState\n        history.replaceState = originalReplaceState\n        window.removeEventListener('popstate', trackCurrentPath)\n      }\n\n      // Null out dedup state\n      lastPath = null\n      lastAt = 0\n    },\n  }\n}\n","import type { Sort, Where } from 'payload'\n\nimport type { Collection, PublicCollection } from '../collection/const'\n\nexport type { Collection, PublicCollection }\n\n// ============================================================================\n// API URL Configuration\n// ============================================================================\n\ndeclare const __DEFAULT_API_URL__: string\n\nexport function resolveApiUrl(): string {\n  if (typeof process !== 'undefined' && process.env) {\n    const envUrl =\n      process.env.SOFTWARE_API_URL || process.env.NEXT_PUBLIC_SOFTWARE_API_URL\n    if (envUrl) {\n      return envUrl.replace(/\\/$/, '')\n    }\n  }\n  return __DEFAULT_API_URL__\n}\n\n// ============================================================================\n// Client Configuration\n// ============================================================================\n\nexport interface ClientConfig {\n  publishableKey: string\n  /**\n   * Customer authentication options.\n   * Used to initialize CustomerAuth on Client.\n   */\n  customer?: {\n    /**\n     * Persist token in localStorage. Defaults to `true`.\n     * - `true` (default): uses key `'customer-token'`\n     * - `string`: uses the given string as localStorage key\n     * - `false`: disables persistence (token/onTokenChange used instead)\n     *\n     * Handles SSR safely (no-op on server).\n     * When enabled, `token` and `onTokenChange` are ignored.\n     */\n    persist?: boolean | string\n    /** Initial token (e.g. from SSR cookie) */\n    token?: string\n    /** Called when token changes (login/logout) — use to persist in localStorage/cookie */\n    onTokenChange?: (token: string | null) => void\n  }\n}\n\n// Server client: requires both publishableKey (for CDN routing + rate limit +\n// monthly quota enforcement via the edge proxy) and secretKey (sk01_ opaque\n// bearer token, the authentication credential).\n// The proxy keys its tenant lookup off `X-Publishable-Key`, so omitting\n// publishableKey would silently bypass rate limiting and plan-based quota\n// enforcement.\nexport interface ClientServerConfig extends ClientConfig {\n  secretKey: string\n  /**\n   * Tenant ID for pat01_ API keys. When provided alongside a pat01_ key,\n   * every server request includes X-Tenant-Id so the API can scope the\n   * request to the correct tenant. Not needed for sk01_ keys (tenant is\n   * encoded in the key itself).\n   */\n  tenantId?: string\n}\n\n\nexport interface ClientMetadata {\n  userAgent?: string\n  timestamp: number\n}\n\nexport interface ClientState {\n  metadata: ClientMetadata\n}\n\nexport interface PaginationMeta {\n  page: number\n  limit: number\n  totalDocs: number\n  totalPages: number\n  hasNextPage: boolean\n  hasPrevPage: boolean\n  pagingCounter: number\n  prevPage: number | null\n  nextPage: number | null\n}\n\n// ============================================================================\n// Payload CMS Native Response Types\n// ============================================================================\n\n/**\n * Payload CMS Find (List) Response\n * GET /api/{collection}\n */\nexport interface PayloadFindResponse<T = unknown> {\n  docs: T[]\n  totalDocs: number\n  limit: number\n  totalPages: number\n  page: number\n  pagingCounter: number\n  hasPrevPage: boolean\n  hasNextPage: boolean\n  prevPage: number | null\n  nextPage: number | null\n}\n\n/**\n * Payload CMS Create/Update Response\n * POST /api/{collection}\n * PATCH /api/{collection}/{id}\n */\nexport interface PayloadMutationResponse<T = unknown> {\n  message: string\n  doc: T\n  errors?: unknown[]\n}\n\n// ============================================================================\n// Query Options\n// ============================================================================\n\n/**\n * Do NOT replace with `Pick<FindOptions>` from `payload`. Payload's generic\n * types (`JoinQuery<TSlug>`, `PopulateType`) depend on `PayloadTypes` module\n * augmentation; external SDK consumers who skip that get degenerate types\n * (`never` / `{}`). Only non-generic `Sort`/`Where` are safe to import.\n * Excluded vs native: Local-API-only fields, `locale`/`fallbackLocale`.\n */\nexport interface ApiQueryOptions {\n  page?: number\n  limit?: number\n  sort?: Sort\n  where?: Where\n  depth?: number\n  select?: Record<string, boolean>\n  /** Per-collection field selection for populated relationships (keyed by collection slug) */\n  populate?: Record<string, boolean | Record<string, boolean>>\n  /** Join field control: pagination/filter per join, or false to disable */\n  joins?:\n    | Record<\n        string,\n        | {\n            limit?: number\n            page?: number\n            sort?: string\n            where?: Where\n            count?: boolean\n          }\n        | false\n      >\n    | false\n  /** Set to `false` to skip the count query — returns docs without totalDocs/totalPages */\n  pagination?: boolean\n  /** Include draft versions (access control still applies on the server) */\n  draft?: boolean\n  /** Include soft-deleted documents (requires `trash` enabled on the collection) */\n  trash?: boolean\n}\n\n// ============================================================================\n// Debug & Retry Configuration\n// ============================================================================\n\nexport interface DebugConfig {\n  logRequests?: boolean\n  logResponses?: boolean\n  logErrors?: boolean\n}\n\nexport interface RetryConfig {\n  maxRetries?: number\n  retryableStatuses?: number[]\n  retryDelay?: (attempt: number) => number\n}\n\n\n// ============================================================================\n// Type Utilities\n// ============================================================================\n\nexport type DeepPartial<T> = {\n  [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P]\n}\n\nexport type ExtractArrayType<T> = T extends (infer U)[] ? U : never\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACYO,SAAS,gBAAwB;AACtC,MAAI,OAAO,YAAY,eAAe,QAAQ,KAAK;AACjD,UAAM,SACJ,QAAQ,IAAI,oBAAoB,QAAQ,IAAI;AAC9C,QAAI,QAAQ;AACV,aAAO,OAAO,QAAQ,OAAO,EAAE;AAAA,IACjC;AAAA,EACF;AACA,SAAO;AACT;;;AD4CO,SAAS,gBAAgB,QAAoC;AAElE,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,EAAE,WAAW;AAAA,IAAC,GAAG,QAAQ;AAAA,IAAC,GAAG,UAAU;AAAA,IAAC,EAAE;AAAA,EACnD;AAEA,QAAM,WACJ,OAAO,YAAY,GAAG,cAAc,CAAC;AAGvC,QAAM,aAAa,OAAO,eAAe;AACzC,WAAS,cAAuB;AAC9B,QAAI,CAAC,WAAY,QAAO;AACxB,UAAM,MAAM;AACZ,WAAO,IAAI,eAAe,OAAO,IAAI,yBAAyB;AAAA,EAChE;AAGA,MAAI,WAA0B;AAC9B,MAAI,SAAS;AAGb,QAAM,YAAY,OAAO,cAAc;AACvC,QAAM,oBAAoB,QAAQ;AAClC,QAAM,uBAAuB,QAAQ;AACrC,MAAI,YAAY;AAOhB,WAAS,aAAqB;AAC5B,WAAO,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aACjE,OAAO,WAAW,IAClB,OAAO,KAAK,IAAI,CAAC,IAAI,OAAO,KAAK,OAAO,CAAC;AAAA,EAC/C;AAIA,WAAS,kBAAkB,MAAoB;AAC7C,QAAI;AACF,UAAI,OAAO,UAAU,eAAe,YAAY;AAC9C,cAAM,OAAO,IAAI,KAAK,CAAC,IAAI,GAAG,EAAE,MAAM,aAAa,CAAC;AACpD,cAAM,OAAO,UAAU,WAAW,UAAU,IAAI;AAChD,YAAI,KAAM;AAAA,MAEZ;AAEA,YAAM,UAAU;AAAA,QACd,QAAQ;AAAA,QACR,WAAW;AAAA,QACX,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C;AAAA,MACF,CAAC,EAAE,MAAM,MAAM;AAAA,MAAC,CAAC;AAAA,IACnB,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,WAAS,aAAa,UAAwB;AAE5C,QAAI,YAAY,EAAG;AAGnB,UAAM,MAAM;AAEZ,QAAI,IAAI,iBAAiB,QAAS,SAAS,oBAA+B,YAAa;AAGvF,UAAM,MAAM,KAAK,IAAI;AACrB,QAAI,aAAa,YAAY,MAAM,SAAS,IAAK;AACjD,eAAW;AACX,aAAS;AAET,UAAM,OAAO,KAAK,UAAU;AAAA,MAC1B,gBAAgB,OAAO;AAAA,MACvB;AAAA,MACA,UAAU,SAAS,YAAY;AAAA,MAC/B,SAAS,WAAW;AAAA,IACtB,CAAC;AAED,sBAAkB,IAAI;AAAA,EACxB;AAKA,WAAS,mBAAyB;AAChC,QAAI,UAAW;AACf,iBAAa,SAAS,QAAQ;AAAA,EAChC;AAEA,WAAS,iBAEP,MACA,QACA,KACM;AACN,sBAAkB,MAAM,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAyC;AACzF,QAAI,CAAC,UAAW,YAAW,kBAAkB,CAAC;AAAA,EAChD;AAEA,WAAS,oBAEP,MACA,QACA,KACM;AACN,yBAAqB,MAAM,MAAM,CAAC,MAAM,QAAQ,GAAG,CAA4C;AAC/F,QAAI,CAAC,UAAW,YAAW,kBAAkB,CAAC;AAAA,EAChD;AAEA,MAAI,WAAW;AACb,YAAQ,YAAY;AACpB,YAAQ,eAAe;AACvB,WAAO,iBAAiB,YAAY,gBAAgB;AAGpD,QAAI,SAAS,eAAe,YAAY;AACtC,uBAAiB;AAAA,IACnB,OAAO;AACL,aAAO,iBAAiB,QAAQ,kBAAkB,EAAE,MAAM,KAAK,CAAC;AAAA,IAClE;AAAA,EACF;AAWA,QAAM,gBAAyB,MAAM;AACnC,QAAI;AACF,YAAM,WAAW,SAAS;AAC1B,aACE,aAAa,eACb,aAAa,eACb,CAAC,SAAS,SAAS,QAAQ;AAAA,IAE/B,QAAQ;AAEN,aAAO;AAAA,IACT;AAAA,EACF,GAAG;AAGH,QAAM,gBAAgB,oBAAI,IAAY;AAEtC,WAAS,QAAQ,MAAc,QAAsB;AACnD,QAAI,aAAc;AAClB,QAAI,cAAc,IAAI,MAAM,EAAG;AAC/B,kBAAc,IAAI,MAAM;AACxB,YAAQ,KAAK,gCAAgC,IAAI,KAAK,MAAM,EAAE;AAAA,EAChE;AAEA,QAAM,gBAAgB;AACtB,QAAM,oBAAoB,CAAC,MAAM,MAAM;AAEvC,WAAS,kBAAkB,MAA6B;AACtD,QAAI,CAAC,QAAQ,OAAO,SAAS,SAAU,QAAO;AAC9C,eAAW,UAAU,mBAAmB;AACtC,UAAI,KAAK,WAAW,MAAM,EAAG,QAAO;AAAA,IACtC;AACA,QAAI,CAAC,cAAc,KAAK,IAAI,EAAG,QAAO;AACtC,WAAO;AAAA,EACT;AAEA,QAAM,cAAc;AAEpB,WAAS,mBACP,OACe;AACf,QAAI,UAAU,UAAa,UAAU,KAAM,QAAO;AAClD,QAAI,OAAO,UAAU,YAAY,MAAM,QAAQ,KAAK,EAAG,QAAO;AAC9D,UAAM,OAAO,OAAO,KAAK,KAAK;AAC9B,QAAI,KAAK,SAAS,GAAI,QAAO;AAC7B,eAAW,KAAK,MAAM;AACpB,YAAM,IAAI,MAAM,CAAC;AACjB,UAAI,CAAC,YAAY,KAAK,CAAC,EAAG,QAAO;AACjC,UAAI,OAAO,MAAM,UAAU;AACzB,YAAI,EAAE,SAAS,GAAI,QAAO;AAAA,MAC5B,WAAW,OAAO,MAAM,UAAU;AAChC,YAAI,CAAC,SAAS,CAAC,EAAG,QAAO;AAAA,MAC3B,WAAW,OAAO,MAAM,WAAW;AAAA,MAEnC,OAAO;AACL,eAAO;AAAA,MACT;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAKA,SAAO;AAAA,IACL,SAAS,MAAqB;AAC5B,UAAI,UAAW;AACf,mBAAa,QAAQ,SAAS,QAAQ;AAAA,IACxC;AAAA,IAEA,MAAM,MAAc,OAAyD;AAC3E,UAAI,UAAW;AAGf,UAAI,YAAY,EAAG;AAGnB,YAAM,MAAM;AACZ,UAAI,IAAI,iBAAiB,QAAS,SAAS,oBAA+B,YAAa;AAGvF,YAAM,UAAU,kBAAkB,IAAI;AACtC,UAAI,SAAS;AACX,gBAAQ,MAAM,OAAO;AACrB;AAAA,MACF;AAEA,UAAI,UAAU,QAAW;AACvB,cAAM,WAAW,mBAAmB,KAAK;AACzC,YAAI,UAAU;AACZ,kBAAQ,MAAM,QAAQ;AACtB;AAAA,QACF;AAAA,MACF;AAGA,YAAM,OAAO,KAAK,UAAU;AAAA,QAC1B,gBAAgB,OAAO;AAAA,QACvB,UAAU,SAAS;AAAA,QACnB,UAAU,SAAS,YAAY;AAAA,QAC/B,SAAS,WAAW;AAAA,QACpB,WAAW;AAAA,QACX,YAAY;AAAA,MACd,CAAC;AAED,wBAAkB,IAAI;AAAA,IACxB;AAAA,IAEA,UAAgB;AACd,UAAI,UAAW;AACf,kBAAY;AAEZ,UAAI,WAAW;AAEb,gBAAQ,YAAY;AACpB,gBAAQ,eAAe;AACvB,eAAO,oBAAoB,YAAY,gBAAgB;AAAA,MACzD;AAGA,iBAAW;AACX,eAAS;AAAA,IACX;AAAA,EACF;AACF;","names":[]}

package/dist/analytics.d.cts

@@ -0,0 +1,20 @@
+/**
+ * @01.software/sdk — Analytics Helper
+ */
+interface AnalyticsConfig {
+    publishableKey: string;
+    /** Override the collect endpoint URL. Defaults to {SDK_BASE_URL}/api/analytics/collect */
+    endpoint?: string;
+    /** Auto-patch history.pushState/replaceState and listen to popstate. Default: true */
+    autoTrack?: boolean;
+    /** Respect navigator.doNotTrack and navigator.globalPrivacyControl. Default: true */
+    respectDnt?: boolean;
+}
+interface Analytics {
+    pageview(path?: string): void;
+    track(name: string, props?: Record<string, string | number | boolean>): void;
+    destroy(): void;
+}
+declare function createAnalytics(config: AnalyticsConfig): Analytics;
+
+export { type Analytics, type AnalyticsConfig, createAnalytics };

package/dist/analytics.d.ts

@@ -0,0 +1,20 @@
+/**
+ * @01.software/sdk — Analytics Helper
+ */
+interface AnalyticsConfig {
+    publishableKey: string;
+    /** Override the collect endpoint URL. Defaults to {SDK_BASE_URL}/api/analytics/collect */
+    endpoint?: string;
+    /** Auto-patch history.pushState/replaceState and listen to popstate. Default: true */
+    autoTrack?: boolean;
+    /** Respect navigator.doNotTrack and navigator.globalPrivacyControl. Default: true */
+    respectDnt?: boolean;
+}
+interface Analytics {
+    pageview(path?: string): void;
+    track(name: string, props?: Record<string, string | number | boolean>): void;
+    destroy(): void;
+}
+declare function createAnalytics(config: AnalyticsConfig): Analytics;
+
+export { type Analytics, type AnalyticsConfig, createAnalytics };