@01.software/sdk 0.32.0 → 0.34.0

package/README.md

@@ -168,8 +168,9 @@ const preview = await server.preview.detail(
 ```
 
 For product pages, `server.commerce.product.previewDetail({ id }, {
-previewToken })` returns the same shaped product detail as `detail()`, but allows
-the saved draft/unpublished record addressed by the preview token.
+previewToken })` returns the raw product detail payload for the saved
+draft/unpublished record addressed by the preview token. `detail()` wraps the
+published storefront payload in a `{ found, product | reason }` result.
 
 ## Getting product detail
 
@@ -179,19 +180,64 @@ The recommended way to fetch a single product is the shaped helper:
 import { createClient } from '@01.software/sdk'
 
 const client = createClient({
-  publishableKey: process.env.NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY!,
+  publishableKey: '<publishable-key>',
 })
 
-const product = await client.commerce.product.detail({
+const result = await client.commerce.product.detail({
   slug: 'every-peach-tee',
 })
-if (!product) {
-  return notFound() // returned null — product missing, unpublished, or not in this tenant
+if (!result.found) {
+  return notFound()
 }
+
+const { product } = result
 // product: { product, variants, options, brand, categories, tags, images, videos, listing }
 ```
 
-`detail()` returns `ProductDetail | null`. A `null` result covers every "no result" reason: `not_found`, `not_published`, `feature_disabled`. Render the same "not available" UI for all three. To recover the exact reason for triage, `404` maps to `null` rather than a thrown error — inspect `client.lastRequestId` and match against backend logs.
+`detail()` returns `ProductDetailResult`, a discriminated union:
+`{ found: true, product: ProductDetail } | { found: false, reason }`. The
+`reason` value is one of `not_found`, `not_published`, or
+`feature_disabled`, so storefronts can choose between a standard 404, preview
+CTA, or feature gating UI. Permission/auth errors, including 403 tenant
+mismatches, still throw
+typed `SDKError` subclasses and preserve request IDs through the existing
+`lastRequestId` / `onRequestId` path.
+
+The successful product payload exposes inventory rollups without sentinel
+values: `product.totalInventory` is the tracked stock sum across non-unlimited
+variants, `null` when no variants are tracked, and
+`product.hasUnlimitedVariant` signals whether any variant is unlimited.
+
+### Edge-cached catalog + live stock (storefront migration)
+
+When a PDP or listing UI is served behind the Console Edge CDN, prefer the
+catalog/stock split instead of reading `variant.stock` from a cached
+`detail()` response (inventory in that payload can lag for the catalog TTL).
+
+```typescript
+import {
+  createClient,
+  mergeProductDetailWithStock,
+} from '@01.software/sdk'
+
+const client = createClient({ publishableKey: '<publishable-key>' })
+
+const catalog = await client.commerce.product.detailCatalog({ slug: 'every-peach-tee' })
+if (!catalog.found) return notFound()
+
+const variantIds = catalog.product.variants.map((v) => v.id)
+const snapshot = await client.commerce.product.stockSnapshot({ variantIds })
+const { product, stockMergeStatus } = mergeProductDetailWithStock(
+  catalog.product,
+  snapshot,
+)
+// stockMergeStatus: 'complete' | 'partial' — partial when a variant id is missing from snapshot
+```
+
+Listing groups use the same pattern: `listingGroupsCatalog()` for the cacheable
+shell, then `stockSnapshot()` (or `stock-check` at cart/checkout) for live
+availability. `detail()` and POST detail/listing endpoints are unchanged during
+the migration window; see ADR 0012 addendum in `docs/decisions/0012-sdk-public-commerce-contract.md`.
 
 ### Product selection helpers
 
@@ -224,9 +270,23 @@ media first, then matching variant media, before falling back to listing or
 product media. This keeps listing-card selection links and detail-page images
 aligned without rebuilding media priority in storefront code.
 
+### Commerce media note (pool + galleries)
+
+For new storefront work, prefer pool-pointer and gallery-aware resolution from
+`commerce.product.detail()` + `resolveProductSelection()` (and
+`getProductSelectionImages()` when a list is needed). Direct legacy fields like
+`variant.thumbnail` and option-value direct `images` are still accepted as
+compatibility input, but are deprecated as primary storefront media sources.
+
 `availableValuesByOptionSlug` / `availableValuesByOptionId` include
 `availableStock`, `isUnlimited`, and `availableForSale` per value so option UIs
-can render stock state without recalculating from variants.
+can render stock state without recalculating from variants. Each entry also
+exposes handoff-aligned aliases (`exists` == `available`, `label` == `value`) and
+an optional Shopify-shaped `swatch: { color, image }` alongside flat `thumbnail`
+and `images`. Only `swatch.image` falls back to the first entry in `images` when
+`thumbnail` is absent; flat `thumbnail` and `images` on the value object are
+unchanged from the matrix source. Option-value upsert and detail/matrix shapes use
+nested `swatch` only (`swatch.color` for hex); flat `swatchColor` is rejected.
 
 ### With React Query
 
@@ -242,10 +302,11 @@ Cache key is `['products', 'detail', { slug }]`. Mutations on products, product-
 ### Selection URL contract
 
 Use `createProductSelectionCodec(detail)` when product pages need to keep option
-selection in the URL. Complete selections use `variant=<variantId>`; partial
-selections use `opt.<optionId>=<valueId>`. Older
-`opt.<optionSlug>=<valueSlug>` URLs still parse during Stage 1, but slugs are
-compatibility metadata rather than canonical identity.
+selection in the URL. By default, complete selections emit `variant=<variantId>`
+and partial selections emit slug-compat params such as `?opt.color=ivory`.
+Inbound canonical ID params (`?opt.<optionId>=<valueId>`) and compatibility slug
+params (`?opt.<optionSlug>=<valueSlug>`) still parse. Plain bare keys such as
+`?color=ivory` are rejected.
 
 ```typescript
 import {
@@ -254,26 +315,73 @@ import {
 } from '@01.software/sdk'
 
 const codec = createProductSelectionCodec(product)
-const normalizedSelection = codec.parse('?opt.option-color=color-black')
+const normalizedSelection = codec.parse('?opt.color=ivory')
 const selection = resolveProductSelection(product, normalizedSelection)
 const selectionQuery = codec.stringify(normalizedSelection)
-// selectionQuery === 'opt.option-color=color-black' for partial selections
-// selectionQuery === 'variant=variant-black-large' once a complete variant is selected
+// selectionQuery === 'opt.color=ivory' for partial selections
+// selectionQuery === 'variant=variant-black-s' once a complete variant is selected
 // selection.selectedVariant, selection.price, selection.stock, selection.media
 ```
 
-Use IDs from `detail.options[].id` and `detail.options[].values[].id` when
-building selection state. Slugs remain useful for display and old inbound URLs,
-but new outbound URLs should use the codec output.
+#### Empty vs partial selection
+
+When selection input is omitted, `resolveProductSelection()` applies
+`listing.selectionHintVariant` so PDP defaults match listing cards. That is
+separate from `fillDefaults` and is not gated by a flag.
+
+```typescript
+// PDP default (uses listing.selectionHintVariant when selection is omitted)
+resolveProductSelection(product)
+
+// Catalog: keep price range / no concrete variant
+resolveProductSelection(product, { valueIds: [] })
+```
+
+By default, partial selections (for example color only) leave
+`selectedVariant` as `null`. Opt in to Shopify-style
+`selectedOrFirstAvailableVariant` behavior with `fillDefaults: true`:
+
+```typescript
+const resolution = resolveProductSelection(product, codec.parse('?opt.color=ivory'), {
+  fillDefaults: true,
+})
+// resolution.selectedVariant is concrete; unselected options are filled
+// using the same available-by-order rules as listing selectionHintVariant.
+```
+
+For option-click handlers, use `selectNext()` to apply a slug transition,
+keep compatible prior selections, and re-default incompatible ones.
+`selectNext()` already fills missing options internally:
+
+```typescript
+import { resolveProductSelection, selectNext } from '@01.software/sdk'
+
+const nextSelection = selectNext(product, currentSelection, 'color', 'ivory')
+const resolution = resolveProductSelection(product, nextSelection)
+```
+
+Use `fillDefaults: true` on `resolveProductSelection()` when you have a
+partial URL or selection state and need a concrete variant without calling
+`selectNext()`. It does not change codec parse/stringify behavior.
+
+Opt out of slug-compat outbound URLs with
+`createProductSelectionCodec(product, { emit: 'canonical-id' })`.
+
+Normalized selection state uses stable option/value/variant IDs internally.
+Slugs in URLs are a compatibility/readability layer, not the identity source.
 
 For listing cards, pass the listing group returned by
 `buildProductListingGroupsByOption()` or the listing-groups endpoint into
-`buildProductHref(product, group, { detail })`. The detail object lets the SDK
-emit canonical `variant=<variantId>` or `opt.<optionId>=<valueId>` params. When
-full detail is not available on a product-list page, pass the group without
+`buildProductHref(product, group, { detail })`. Listing swatch hrefs emit
+partial slug-compat hints such as `?opt.color=ivory` by default. When full
+detail is not available on a product-list page, pass the group without
 `detail`; `buildProductHref()` still emits the best available selection hint and
 the detail page can resolve it through `resolveProductSelection()`.
 
+Use `preferCompleteVariantFromHint: true` on `buildProductHref()` only when a
+listing card should deep-link a complete hint variant instead of a color-only
+partial hint.
+
 Do not use bare option query keys such as `?size=large`. The SDK rejects them
 as ambiguous because product pages commonly share URLs with unrelated search,
 filter, analytics, or framework parameters. Namespacing selection keys under
@@ -281,22 +389,32 @@ filter, analytics, or framework parameters. Namespacing selection keys under
 parameters while still allowing unrelated parameters such as `utm_campaign` to
 coexist without being interpreted as selection state.
 
+For SEO, treat the product path without selection params as the canonical URL.
+Selection query params are share/deep-link state, not index targets.
+
 ### Product listing card helper
 
 `buildProductListingCard(item, options?)` turns a single
 `commerce.product.listingGroups()` response item into a render-ready
 `ProductListingCard`. Each item includes `listingGroupingState` (`grouped`,
-`no_primary_option`, or `empty`), and each group includes public-safe
+`no_primary_option`, or `empty`) and, when empty, `listingGroupingEmptyReason`
+(`primary_option_not_linked`, `primary_option_has_no_values`, or
+`no_variants_for_primary_option`). Each group includes public-safe
 `variants[]` alongside `variantIds`/`variantCount` so storefronts can render or
 inspect grouped variant fields without a follow-up fetch. The by-ids response
 also returns `missing: string[]` for requested product IDs that were not found,
 not published, or not accessible; `docs` preserve the input `productIds` order
-for returned products. The card carries product-level hero media
-(`product.thumbnail` -> first `product.images` -> `null`), an aggregated
-price range across all option-value groups, and a `swatches[]` array
-derived from groups when there is more than one. Single-group products
-emit `swatches: []`; storefronts that disagree can read `item.groups`
-directly.
+for returned products. The helper populates optional `representativeVariant`, a
+PDP-seeded `href`, representative media (`product.thumbnail` -> first
+`product.images` -> representative variant media -> `null`), an aggregated price
+range across all option-value groups, and a `swatches[]` array derived from
+groups when there is more than one. Single-group products emit `swatches: []`;
+storefronts that disagree can read `item.groups` directly.
+
+`buildProductListingCard()` derives card swatches from listing-group
+`optionValueSwatch`. Image swatches use `swatch.mediaItemId`; color swatches use
+`swatch.color`. Option-value thumbnail/gallery fields are no longer part of the
+public listing-group or product-detail contract.
 
 ```ts
 import {
@@ -309,9 +427,28 @@ const cards: ProductListingCard[] = response.docs.map((item) =>
 )
 ```
 
-Each swatch carries a hint-only option-value href
-(`?opt.<optionId>=<valueId>`); the detail page resolves it through
-`resolveProductSelection(detail, { search })`.
+The card href is the product path by default; the PDP resolves the
+representative variant through `resolveProductSelection(detail)` without a
+selection param. Each swatch carries a hint-only slug-compat href such as
+`?opt.color=ivory`; the detail page resolves it through
+`resolveProductSelection(detail, { search })`. Use
+`preferCompleteVariantFromHint: true` on `buildProductListingCard()` only when
+the card should deep-link a complete hint variant.
+
+## Storefront performance defaults
+
+- **PLP:** prefer `useProductListingGroupsCatalogQuery()` (GET `/api/products/listing-groups/query/catalog`, CDN-cacheable) or `commerce.product.listingGroupsCatalog()` + `buildProductListingCard()`. Use `useProductListingGroupsQuery()` when you need the full POST `/query` response shape. Avoid fetching a product list and then calling `detail()` per card.
+- **PDP:** prefer `useProductDetailBySlug()` / `commerce.product.detail()`. Override `staleTime` / `retry` on the hook when you need fresher catalog data or faster failure on errors.
+- **CDN-friendly reads:** server/edge code can use `detailCatalog()` and `listingGroupsCatalog()` (GET, cacheable) plus batched `stockSnapshot()` for live inventory.
+- **React Query in the browser:** default `getQueryClient()` keeps SSR data fresh forever (`staleTime: Infinity`). For client-only storefronts, use `getStorefrontQueryClient()` (~1 minute staleTime) when creating query hooks:
+
+```ts
+import { createClient } from '@01.software/sdk'
+import { createQueryHooks, getStorefrontQueryClient } from '@01.software/sdk/query'
+
+const client = createClient({ publishableKey: '...' })
+const query = createQueryHooks(client, getStorefrontQueryClient())
+```
 
 ## Advanced: direct Payload queries (escape hatch)
 
@@ -401,10 +538,11 @@ export const revalidate = 60 // ISR — adjust per page freshness need
 
 export default async function ProductPage({ params }) {
   const client = createClient({
-    publishableKey: process.env.NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY!,
+    publishableKey: '<publishable-key>',
   })
-  const product = await client.commerce.product.detail({ slug: params.slug })
-  if (!product) return notFound()
+  const result = await client.commerce.product.detail({ slug: params.slug })
+  if (!result.found) return notFound()
+  const { product } = result
   // ...
 }
 ```
@@ -739,7 +877,13 @@ await server.commerce.orders.updateTransaction({ pgPaymentId, status, paymentMet
 // Returns
 await server.commerce.orders.createReturn({ orderNumber, returnItems, refundAmount, reason? })
 await server.commerce.orders.updateReturn({ returnId, status })
-await server.commerce.orders.returnWithRefund({ orderNumber, returnItems, refundAmount, pgPaymentId })
+await server.commerce.orders.returnWithRefund({
+  orderNumber,
+  returnItems: [{ orderItem, quantity, restockingFee? }],
+  refundAmount,
+  returnShippingFee?,
+  pgPaymentId,
+})
 ```
 
 ### Commerce Discounts / Shipping
@@ -761,6 +905,20 @@ options, option values, and variants. It is the tenant-admin safe path because
 it applies the product/option/variant transaction that raw collection writes do
 not provide.
 
+`commerce.product.upsert()` is a graph-write API. For Admin Panel product
+documents, Payload saves product fields first; upsert receives `productId`,
+`graphRevision` (required when updating an existing product via `productId` -
+load from `GET /api/products/:id/composer-draft`), options, and variants. Do
+not send removed legacy media inputs (`optionValue.thumbnail`,
+`optionValue.images`, `variant.thumbnail`); use `swatch.mediaItemId` and
+variant `images[]`. Unknown keys are not part of the published upsert contract.
+
+| Payload | Valid | Invalid |
+| ------- | ----- | ------- |
+| Create | `product: { title, ... }` + graph | `productId` on create; missing `product.title` |
+| Edit graph | `productId` + `graphRevision?` + graph | `product.title` / SEO on upsert; conflicting `productId` vs `product.id` |
+| Edit (legacy) | `product: { id }` + graph only | `product: { id, title }` on edit |
+
 ```typescript
 const result = await server.commerce.product.upsert({
   product: {
@@ -773,8 +931,16 @@ const result = await server.commerce.product.upsert({
       title: 'Color',
       slug: 'color',
       values: [
-        { value: 'Black', slug: 'black', swatchColor: '#111111' },
-        { value: 'White', slug: 'white', swatchColor: '#ffffff' },
+        {
+          value: 'Black',
+          slug: 'black',
+          swatch: { type: 'color', color: '#111111' },
+        },
+        {
+          value: 'White',
+          slug: 'white',
+          swatch: { type: 'color', color: '#ffffff' },
+        },
       ],
     },
     {
@@ -809,6 +975,18 @@ if (!result.ok) {
 }
 ```
 
+Existing product graph edits send the saved product id and the composer draft
+baseline, without product document fields:
+
+```ts
+await client.commerce.product.upsert({
+  productId: 'prod_123',
+  graphRevision: draft.graphRevision,
+  options: draft.options,
+  variants: draft.variants,
+})
+```
+
 For updates to existing options or option-values, prefer `id` / `valueId` when
 available so rename-safe updates do not depend on slugs.
 
@@ -869,6 +1047,18 @@ await server.community.moderation.unbanCustomer({ customerId })
 
 ### Webhook
 
+Create or open the endpoint in Console → Integrations → Webhooks. After saving,
+use **Reveal signing secret** once for the initial value, or **Rotate secret** to
+invalidate the previous secret and receive a new one-time plaintext value. Set the
+copied value in the receiver environment as `WEBHOOK_SECRET`.
+
+`Webhook` list/read responses do not include plaintext signing secrets — only
+the Console reveal/rotate flows return them. Use `WebhookWithoutSecret` and
+`WebhookSigningSecretReveal` from `@01.software/sdk/webhook` for typed clients.
+This value is not
+`SOFTWARE_SECRET_KEY`; multiple webhook endpoints may require multiple receiver
+secrets.
+
 Use HMAC-SHA256 signature verification:
 
 ```typescript
@@ -1097,12 +1287,37 @@ API keys created without explicit scopes use the default `['read', 'write']`. Co
 
 ### v0.23.0 (Product option-value visuals)
 
-- Added reusable option-value visuals (`swatchColor`, `thumbnail`, `images`) to Payload types and ecommerce utility shapes.
+- Added reusable option-value visuals (nested `swatch`, `thumbnail`, `images`) to Payload types and ecommerce utility shapes.
 - Listing group summaries now include option-value visual metadata and can use one colorway image across every size variant.
 - Product/listing sellability now uses `stock - reservedStock`, matching checkout stock checks.
 
+### v0.34.0 (Breaking — swatch-only option-value visuals)
+
+**Breaking change.** Option-value visual fields were collapsed into nested
+`swatch` (`type`, `color`, `mediaItemId`). Legacy public fields are removed
+from SDK input/output helpers and from listing/detail contracts.
+
+| Surface | Removed | Replacement |
+| ------- | ------- | ----------- |
+| Upsert option value | `swatchColor`, `thumbnail`, `images` | `swatch.type`, `swatch.color`, `swatch.mediaItemId` |
+| Listing groups | `optionValueSwatchColor`, `optionValueThumbnail`, `optionValueImages` | `optionValueSwatch` |
+| Product detail option value | `swatchColor`, `thumbnail`, `images` | `swatch` |
+
+Migration steps:
+
+1. Replace color-only values with `swatch: { type: 'color', color: '#111111' }`.
+2. Replace thumbnail/gallery values with `swatch: { type: 'media', mediaItemId: '<product-pool-image-id>' }`.
+3. Ensure media swatches reference an image already attached to the parent product (`products.images` / `products.thumbnail`).
+4. Remove reads of legacy response fields; consume `optionValueSwatch` / `optionValue.swatch` instead.
+
 ## Migration Guide
 
+### v0.34.0 (Product option-value visuals — breaking)
+
+See the v0.34.0 changelog entry above for the field mapping table and migration
+steps. There is no compatibility alias window for removed option-value visual
+fields; callers must migrate to nested `swatch` before upgrading.
+
 ### v0.16.0 (Phase 1–7 sync — additive)
 
 New error codes propagated via `SDKError.code` (no breaking change; existing callers ignore unknown codes safely):

package/dist/analytics/react.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/analytics/react.tsx","../../src/core/client/types.ts","../../src/analytics.ts","../../src/analytics/env.ts"],"sourcesContent":["'use client'\n\nimport { useEffect } from 'react'\nimport { createAnalytics, type AnalyticsConfig } from '../analytics'\nimport { resolveAnalyticsPublishableKey } from './env'\n\nexport type AnalyticsProps = Omit<AnalyticsConfig, 'publishableKey'> & {\n  publishableKey?: string\n}\n\nexport function Analytics({\n  autoTrack,\n  endpoint,\n  publishableKey,\n  respectDnt,\n}: AnalyticsProps) {\n  useEffect(() => {\n    const resolvedPublishableKey =\n      resolveAnalyticsPublishableKey(publishableKey)\n    if (!resolvedPublishableKey) return\n\n    const analytics = createAnalytics({\n      autoTrack,\n      endpoint,\n      publishableKey: resolvedPublishableKey,\n      respectDnt,\n    })\n\n    return () => analytics.destroy()\n  }, [autoTrack, endpoint, publishableKey, respectDnt])\n\n  return null\n}\n\nexport default Analytics\n","import type {\n  Collection,\n  PublicCollection,\n  ServerCollection,\n  ServerOnlyCollection,\n} from '../collection/const'\nimport type { CollectionType } from '../collection/types'\nimport type { CommunityClient } from '../community/community-client'\nimport type {\n  BanCustomerParams,\n  CommunityBan,\n  UnbanCustomerParams,\n} from '../community/moderation-api'\nimport type { CommerceClient } from '../commerce/commerce-client'\nimport type { ServerCommerceClient } from '../commerce/server-commerce-client'\nimport type { CustomerNamespace } from '../customer/customer-namespace'\nimport type { TenantIntrospectionClient } from '../api/tenant-introspection-api'\n\nexport type {\n  Collection,\n  PublicCollection,\n  ServerCollection,\n  ServerOnlyCollection,\n}\n\n// ============================================================================\n// API URL Configuration\n// ============================================================================\n\ndeclare const __DEFAULT_API_URL__: string\n\nexport function resolveApiUrl(apiUrl?: string): string {\n  if (apiUrl) {\n    return apiUrl.replace(/\\/$/, '')\n  }\n\n  if (typeof process !== 'undefined' && process.env) {\n    const envUrl =\n      process.env.SOFTWARE_API_URL || process.env.NEXT_PUBLIC_SOFTWARE_API_URL\n    if (envUrl) {\n      return envUrl.replace(/\\/$/, '')\n    }\n  }\n  return __DEFAULT_API_URL__\n}\n\n// ============================================================================\n// Client Configuration\n// ============================================================================\n\nexport interface ClientConfig {\n  publishableKey: string\n  /** API base URL for staging, self-hosted, preview, or proxy deployments. */\n  apiUrl?: string\n  /**\n   * Customer authentication options.\n   * Used to initialize CustomerAuth on Client.\n   */\n  customer?: {\n    /**\n     * Persist token in localStorage. Defaults to `true`.\n     * - `true` (default): uses key `'customer-token'`\n     * - `string`: uses the given string as localStorage key\n     * - `false`: disables persistence (token/onTokenChange used instead)\n     *\n     * Handles SSR safely (no-op on server).\n     * When enabled, `token` and `onTokenChange` are ignored.\n     */\n    persist?: boolean | string\n    /** Initial token (e.g. from SSR cookie) */\n    token?: string\n    /** Called when token changes (login/logout) — use to persist in localStorage/cookie */\n    onTokenChange?: (token: string | null) => void\n  }\n}\n\n// Server client: requires both publishableKey (for CDN routing + rate limit +\n// monthly quota enforcement via the edge proxy) and secretKey (sk01_ opaque\n// bearer token, the authentication credential).\n// The proxy keys its tenant lookup off `X-Publishable-Key`, so omitting\n// publishableKey would silently bypass rate limiting and plan-based quota\n// enforcement.\nexport interface ClientServerConfig extends ClientConfig {\n  secretKey: string\n}\n\nexport interface ClientMetadata {\n  userAgent?: string\n  timestamp: number\n}\n\nexport interface ClientState {\n  metadata: ClientMetadata\n}\n\nexport interface PaginationMeta {\n  page: number\n  limit: number\n  totalDocs: number\n  totalPages: number\n  hasNextPage: boolean\n  hasPrevPage: boolean\n  pagingCounter: number\n  prevPage: number | null\n  nextPage: number | null\n}\n\n// ============================================================================\n// Payload CMS Native Response Types\n// ============================================================================\n\n/**\n * Payload CMS Find (List) Response\n * GET /api/{collection}\n */\nexport interface PayloadFindResponse<T = unknown> {\n  docs: T[]\n  totalDocs: number\n  limit: number\n  totalPages: number\n  page: number\n  pagingCounter: number\n  hasPrevPage: boolean\n  hasNextPage: boolean\n  prevPage: number | null\n  nextPage: number | null\n}\n\n/**\n * Payload CMS Create/Update Response\n * POST /api/{collection}\n * PATCH /api/{collection}/{id}\n */\nexport interface PayloadMutationResponse<T = unknown> {\n  message: string\n  doc: T\n  errors?: unknown[]\n}\n\n// ============================================================================\n// Query Options\n// ============================================================================\n\nexport type Sort = string | string[]\nexport type Where = Record<string, unknown>\n\n/**\n * Do NOT replace with `Pick<FindOptions>` from `payload` or import Payload\n * types here. Payload's generic query types depend on `PayloadTypes` module\n * augmentation; external SDK consumers who only use `createClient` should not\n * install Payload just to type REST query objects. Excluded vs native:\n * Local-API-only fields, `locale`/`fallbackLocale`.\n */\nexport interface ApiQueryOptions {\n  page?: number\n  limit?: number\n  sort?: Sort\n  /**\n   * Filter documents. Id-based relation filters (`where: { product: { equals: id } }`) are the\n   * most reliable pattern. Dotted-path relation filters (`where: { 'product.slug': { equals } }`)\n   * are Payload-native but may silently return empty when access control restricts the related\n   * document or when the relation is polymorphic. String shorthand (`where: { slug: 'x' }`)\n   * silently matches nothing — always use `{ slug: { equals: 'x' } }`.\n   */\n  where?: Where\n  /**\n   * Controls how deeply relationship fields are populated. This is the primary control for\n   * populating relationships like `category`, `images`, `brand`. The configured Payload default\n   * applies when unset.\n   */\n  depth?: number\n  select?: Record<string, boolean>\n  /**\n   * Controls which fields are returned for already-populated relationships, keyed by collection\n   * slug. Does NOT control which relationships to populate — that is `depth`.\n   *\n   * @example\n   * // depth: 2 populates category; populate trims which fields come back\n   * populate: { categories: { title: true, slug: true } }\n   */\n  populate?: Record<string, boolean | Record<string, boolean>>\n  /**\n   * Controls Payload `type: 'join'` virtual reverse-relation fields only (pagination, sort,\n   * filter, count per join field, or `false` to disable all join-field population).\n   *\n   * Does NOT populate normal relationship fields like `category`, `images`, or `brand`.\n   * For normal relationship population use `depth` (and optionally `populate` for field\n   * selection).\n   *\n   * Pass `joins: false` to disable all join-field population — useful for lightweight list\n   * queries where join fields are not needed.\n   *\n   * @example\n   * // `article-authors` has a `type: 'join'` field `articles` (reverse-relation)\n   * joins: { articles: { limit: 10, sort: '-publishedAt' } }\n   *\n   * // depth: 2 populates product.category — joins has no effect on this\n   * depth: 2\n   *\n   * // Disable all join-field population\n   * joins: false\n   */\n  joins?:\n    | Record<\n        string,\n        | {\n            limit?: number\n            page?: number\n            sort?: string\n            where?: Where\n            count?: boolean\n          }\n        | false\n      >\n    | false\n  /** Set to `false` to skip the count query — returns docs without totalDocs/totalPages */\n  pagination?: boolean\n  /** Include draft versions (access control still applies on the server) */\n  draft?: boolean\n  /** Include soft-deleted documents (requires `trash` enabled on the collection) */\n  trash?: boolean\n}\n\n// ============================================================================\n// Debug & Retry Configuration\n// ============================================================================\n\nexport interface DebugConfig {\n  logRequests?: boolean\n  logResponses?: boolean\n  logErrors?: boolean\n}\n\nexport interface RetryConfig {\n  maxRetries?: number\n  retryableStatuses?: number[]\n  retryDelay?: (attempt: number) => number\n}\n\n// ============================================================================\n// Lightweight root entry contracts\n// ============================================================================\n\ninterface RootQueryLookup<T extends string> {\n  find(options?: ApiQueryOptions): Promise<PayloadFindResponse<CollectionType<T>>>\n  findById(\n    id: string | number,\n    options?: ApiQueryOptions,\n  ): Promise<CollectionType<T>>\n  count(options?: ApiQueryOptions): Promise<{ totalDocs: number }>\n}\n\nexport type RootReadOnlyQueryBuilder<T extends PublicCollection> =\n  RootQueryLookup<T>\n\nexport interface RootServerQueryBuilder<T extends ServerCollection>\n  extends RootQueryLookup<T> {\n  create(\n    data: Partial<CollectionType<T>>,\n    options?: { file?: File | Blob; filename?: string },\n  ): Promise<PayloadMutationResponse<CollectionType<T>>>\n  update(\n    id: string,\n    data: Partial<CollectionType<T>>,\n    options?: { file?: File | Blob; filename?: string },\n  ): Promise<PayloadMutationResponse<CollectionType<T>>>\n  updateMany(\n    where: ApiQueryOptions['where'],\n    data: Partial<CollectionType<T>>,\n  ): Promise<PayloadFindResponse<CollectionType<T>>>\n  remove(id: string): Promise<CollectionType<T>>\n  removeMany(\n    where: ApiQueryOptions['where'],\n  ): Promise<PayloadFindResponse<CollectionType<T>>>\n}\n\nexport interface RootCollectionClient {\n  from<T extends PublicCollection>(collection: T): RootReadOnlyQueryBuilder<T>\n}\n\nexport interface RootServerCollectionClient {\n  from<T extends ServerCollection>(collection: T): RootServerQueryBuilder<T>\n}\n\nexport interface RootClient {\n  commerce: CommerceClient\n  community: CommunityClient\n  customer: CustomerNamespace\n  collections: RootCollectionClient\n  lastRequestId: string | null\n  getState(): ClientState\n  getConfig(): ClientConfig\n}\n\nexport interface RootServerClient {\n  commerce: ServerCommerceClient\n  tenant: TenantIntrospectionClient\n  community: CommunityClient & {\n    moderation: {\n      banCustomer: (p: BanCustomerParams) => Promise<CommunityBan>\n      unbanCustomer: (p: UnbanCustomerParams) => Promise<{ success: true }>\n    }\n  }\n  collections: RootServerCollectionClient\n  lastRequestId: string | null\n  getState(): ClientState\n  getConfig(): Omit<ClientServerConfig, 'secretKey'>\n}\n\n// ============================================================================\n// Type Utilities\n// ============================================================================\n\nexport type DeepPartial<T> = {\n  [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P]\n}\n\nexport type ExtractArrayType<T> = T extends (infer U)[] ? U : never\n","/**\n * @01.software/sdk — Analytics Helper\n */\n\n/* ANALYTICS INVARIANTS START\n * @01.software/sdk — Analytics Helper\n *\n * ANALYTICS INVARIANTS\n * ====================\n * These invariants are the single source of truth for observable behavior.\n * They are mirrored verbatim in apps/console/src/app/api/analytics/script.js/route.ts.\n * Any change here MUST be reflected there, and vice versa.\n *\n * 1. DNT/GPC respect: when config.respectDnt !== false (default true) AND\n *    (navigator.doNotTrack === '1' OR navigator.globalPrivacyControl === true),\n *    all methods become no-ops. Zero network requests are made.\n *\n * 2. Prerender skip: when document.prerendering === true OR\n *    document.visibilityState === 'prerender', pageview() sends zero requests.\n *\n * 3. 500ms same-path dedup: a pageview for the same pathname within 500ms of\n *    the previous send is silently dropped. After 500ms the next call sends.\n *\n * 4. Transport: sendBeacon → fetch keepalive fallback.\n *    Primary: navigator.sendBeacon(endpoint, new Blob([json], { type: 'text/plain' })).\n *    Fallback (sendBeacon unavailable OR returns false):\n *      fetch(endpoint, { method: 'POST', keepalive: true,\n *        headers: { 'Content-Type': 'application/json' }, body: json }).catch(() => {})\n *\n * 5. Body-only publishableKey: publishableKey is always in the request body,\n *    never in any HTTP header.\n *\n * 6. SSR no-op: when typeof window === 'undefined', createAnalytics() returns\n *    a stub where all methods are no-ops. No side effects occur.\n *\n * 7. Error swallowing: all transport errors are caught and swallowed.\n *    createAnalytics() and all returned methods never throw into the caller.\n *\n * 8. Client timestamp: every send carries eventTs (milliseconds since epoch)\n *    captured with Date.now() immediately before transport. The collect\n *    endpoint uses eventTs (a) to bucket the event into the client's\n *    tenant-local day and (b) to enforce the late-arrival cutoff; events\n *    submitted after the local-day-end grace window are dropped with\n *    reason \"late\".\n * ANALYTICS INVARIANTS END */\n\nimport { resolveApiUrl } from './core/client/types'\n\n// ============================================================================\n// Public Types\n// ============================================================================\n\nexport interface AnalyticsConfig {\n  publishableKey: string\n  /** Override the collect endpoint URL. Defaults to {SDK_BASE_URL}/api/analytics/collect */\n  endpoint?: string\n  /** Auto-patch history.pushState/replaceState and listen to popstate. Default: true */\n  autoTrack?: boolean\n  /** Respect navigator.doNotTrack and navigator.globalPrivacyControl. Default: true */\n  respectDnt?: boolean\n}\n\nexport interface Analytics {\n  pageview(path?: string): void\n  track(name: string, props?: Record<string, string | number | boolean>): void\n  destroy(): void\n}\n\n// ============================================================================\n// Implementation\n// ============================================================================\n\nexport function createAnalytics(config: AnalyticsConfig): Analytics {\n  // INVARIANT 6: SSR no-op\n  if (typeof window === 'undefined') {\n    return { pageview() {}, track() {}, destroy() {} }\n  }\n\n  const endpoint =\n    config.endpoint ?? `${resolveApiUrl()}/api/analytics/collect`\n\n  // INVARIANT 1: DNT/GPC check (evaluated once at init; stays as closure)\n  const respectDnt = config.respectDnt !== false\n  function isDntActive(): boolean {\n    if (!respectDnt) return false\n    const nav = navigator as Navigator & { globalPrivacyControl?: boolean }\n    return nav.doNotTrack === '1' || nav.globalPrivacyControl === true\n  }\n\n  // INVARIANT 3: 500ms same-path dedup state\n  let lastPath: string | null = null\n  let lastAt = 0\n\n  // autoTrack state — save originals for destroy()\n  const autoTrack = config.autoTrack !== false\n  const originalPushState = history.pushState\n  const originalReplaceState = history.replaceState\n  let destroyed = false\n\n  // -------------------------------------------------------------------------\n  // Core send logic\n  // -------------------------------------------------------------------------\n\n  // Generate a unique event ID (crypto.randomUUID when available, Date+Math.random fallback)\n  function newEventId(): string {\n    return typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function'\n      ? crypto.randomUUID()\n      : String(Date.now()) + String(Math.random())\n  }\n\n  // INVARIANT 4: sendBeacon → fetch keepalive fallback\n  // INVARIANT 5: publishableKey in body only\n  function sendBeaconOrFetch(body: string): void {\n    try {\n      if (typeof navigator.sendBeacon === 'function') {\n        const blob = new Blob([body], { type: 'text/plain' })\n        const sent = navigator.sendBeacon(endpoint, blob)\n        if (sent) return\n        // sent === false → fall through to fetch\n      }\n      // Fetch fallback\n      fetch(endpoint, {\n        method: 'POST',\n        keepalive: true,\n        headers: { 'Content-Type': 'application/json' },\n        body,\n      }).catch(() => {})\n    } catch {\n      // INVARIANT 7: swallow all errors\n    }\n  }\n\n  function sendPageview(pathname: string): void {\n    // INVARIANT 1: DNT/GPC\n    if (isDntActive()) return\n\n    // INVARIANT 2: prerender skip\n    const doc = document as Document & { prerendering?: boolean }\n    // visibilityState cast to string to accommodate non-standard 'prerender' value\n    if (doc.prerendering === true || (document.visibilityState as string) === 'prerender') return\n\n    // INVARIANT 3: 500ms same-path dedup\n    const now = Date.now()\n    if (pathname === lastPath && now - lastAt < 500) return\n    lastPath = pathname\n    lastAt = now\n\n    const body = JSON.stringify({\n      publishableKey: config.publishableKey,\n      pathname,\n      referrer: document.referrer || '',\n      eventId: newEventId(),\n      eventTs: Date.now(),\n    })\n\n    sendBeaconOrFetch(body)\n  }\n\n  // -------------------------------------------------------------------------\n  // autoTrack: patch history methods + listen to popstate\n  // -------------------------------------------------------------------------\n  function trackCurrentPath(): void {\n    if (destroyed) return\n    sendPageview(location.pathname)\n  }\n\n  function patchedPushState(\n    this: History,\n    data: unknown,\n    unused: string,\n    url?: string | URL | null,\n  ): void {\n    originalPushState.apply(this, [data, unused, url] as Parameters<typeof history.pushState>)\n    if (!destroyed) setTimeout(trackCurrentPath, 0)\n  }\n\n  function patchedReplaceState(\n    this: History,\n    data: unknown,\n    unused: string,\n    url?: string | URL | null,\n  ): void {\n    originalReplaceState.apply(this, [data, unused, url] as Parameters<typeof history.replaceState>)\n    if (!destroyed) setTimeout(trackCurrentPath, 0)\n  }\n\n  if (autoTrack) {\n    history.pushState = patchedPushState\n    history.replaceState = patchedReplaceState\n    window.addEventListener('popstate', trackCurrentPath)\n\n    // Initial pageview\n    if (document.readyState === 'complete') {\n      trackCurrentPath()\n    } else {\n      window.addEventListener('load', trackCurrentPath, { once: true })\n    }\n  }\n\n  // -------------------------------------------------------------------------\n  // track() — client-side validation + send\n  // -------------------------------------------------------------------------\n\n  // Dev-mode detection: warn in dev, silent in production.\n  // process.env.NODE_ENV is unreliable in browser bundles (tsup does not replace it\n  // by default). Instead we detect production at runtime via hostname heuristics.\n  // SSR (window undefined) is caught at the top of createAnalytics and returns a\n  // stub, so window is always defined here.\n  const isProduction: boolean = (() => {\n    try {\n      const hostname = location.hostname\n      return (\n        hostname !== 'localhost' &&\n        hostname !== '127.0.0.1' &&\n        !hostname.endsWith('.local')\n      )\n    } catch {\n      // hostname access failed (non-browser) — default to silent\n      return true\n    }\n  })()\n\n  // One-shot warn dedup per reason per page load (keyed by reason only)\n  const warnedReasons = new Set<string>()\n\n  function devWarn(name: string, reason: string): void {\n    if (isProduction) return\n    if (warnedReasons.has(reason)) return\n    warnedReasons.add(reason)\n    console.warn(`[01 analytics] dropped event ${name}: ${reason}`)\n  }\n\n  const EVENT_NAME_RE = /^[a-zA-Z][a-zA-Z0-9_:-]{0,49}$/\n  const RESERVED_PREFIXES = ['__', '_pv_']\n\n  function validateEventName(name: string): string | null {\n    if (!name || typeof name !== 'string') return 'name-empty'\n    for (const prefix of RESERVED_PREFIXES) {\n      if (name.startsWith(prefix)) return 'name-reserved'\n    }\n    if (!EVENT_NAME_RE.test(name)) return 'name-regex'\n    return null\n  }\n\n  const PROP_KEY_RE = /^[a-zA-Z_][a-zA-Z0-9_]{0,31}$/\n\n  function validateEventProps(\n    props: Record<string, string | number | boolean> | undefined,\n  ): string | null {\n    if (props === undefined || props === null) return null\n    if (typeof props !== 'object' || Array.isArray(props)) return 'props-value-type'\n    const keys = Object.keys(props)\n    if (keys.length > 10) return 'props-too-many-keys'\n    for (const k of keys) {\n      const v = props[k]\n      if (!PROP_KEY_RE.test(k)) return 'props-key-regex'\n      if (typeof v === 'string') {\n        if (v.length > 80) return 'props-value-too-long'\n      } else if (typeof v === 'number') {\n        if (!isFinite(v)) return 'props-value-not-finite'\n      } else if (typeof v === 'boolean') {\n        // ok\n      } else {\n        return 'props-value-type'\n      }\n    }\n    return null\n  }\n\n  // -------------------------------------------------------------------------\n  // Public API\n  // -------------------------------------------------------------------------\n  return {\n    pageview(path?: string): void {\n      if (destroyed) return\n      sendPageview(path ?? location.pathname)\n    },\n\n    track(name: string, props?: Record<string, string | number | boolean>): void {\n      if (destroyed) return\n\n      // INVARIANT 1: DNT/GPC (same as pageview)\n      if (isDntActive()) return\n\n      // INVARIANT 2: prerender skip\n      const doc = document as Document & { prerendering?: boolean }\n      if (doc.prerendering === true || (document.visibilityState as string) === 'prerender') return\n\n      // Client-side validation\n      const nameErr = validateEventName(name)\n      if (nameErr) {\n        devWarn(name, nameErr)\n        return\n      }\n\n      if (props !== undefined) {\n        const propsErr = validateEventProps(props)\n        if (propsErr) {\n          devWarn(name, propsErr)\n          return\n        }\n      }\n\n      // Build body — no dedup for track() events\n      const body = JSON.stringify({\n        publishableKey: config.publishableKey,\n        pathname: location.pathname,\n        referrer: document.referrer || '',\n        eventId: newEventId(),\n        eventName: name,\n        eventProps: props,\n        eventTs: Date.now(),\n      })\n\n      sendBeaconOrFetch(body)\n    },\n\n    destroy(): void {\n      if (destroyed) return\n      destroyed = true\n\n      if (autoTrack) {\n        // Restore original history methods\n        history.pushState = originalPushState\n        history.replaceState = originalReplaceState\n        window.removeEventListener('popstate', trackCurrentPath)\n      }\n\n      // Null out dedup state\n      lastPath = null\n      lastAt = 0\n    },\n  }\n}\n","export type AnalyticsRuntimeEnv = {\n  nextPublicKey?: string\n  vitePublicKey?: string\n}\n\nexport function readAnalyticsRuntimeEnv(): AnalyticsRuntimeEnv {\n  const nextPublicKey =\n    typeof process !== 'undefined'\n      ? process.env?.NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY\n      : undefined\n\n  const viteEnv = (\n    import.meta as ImportMeta & {\n      env?: Record<string, string | undefined>\n    }\n  ).env\n\n  return {\n    nextPublicKey,\n    vitePublicKey: viteEnv?.VITE_SOFTWARE_PUBLISHABLE_KEY,\n  }\n}\n\nexport function resolveAnalyticsPublishableKey(\n  explicit?: string,\n  env: AnalyticsRuntimeEnv = readAnalyticsRuntimeEnv(),\n): string | undefined {\n  if (explicit !== undefined) return explicit || undefined\n\n  return env.nextPublicKey || env.vitePublicKey\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,mBAA0B;;;AC6BnB,SAAS,cAAc,QAAyB;AACrD,MAAI,QAAQ;AACV,WAAO,OAAO,QAAQ,OAAO,EAAE;AAAA,EACjC;AAEA,MAAI,OAAO,YAAY,eAAe,QAAQ,KAAK;AACjD,UAAM,SACJ,QAAQ,IAAI,oBAAoB,QAAQ,IAAI;AAC9C,QAAI,QAAQ;AACV,aAAO,OAAO,QAAQ,OAAO,EAAE;AAAA,IACjC;AAAA,EACF;AACA,SAAO;AACT;;;AC4BO,SAAS,gBAAgB,QAAoC;AAElE,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,EAAE,WAAW;AAAA,IAAC,GAAG,QAAQ;AAAA,IAAC,GAAG,UAAU;AAAA,IAAC,EAAE;AAAA,EACnD;AAEA,QAAM,WACJ,OAAO,YAAY,GAAG,cAAc,CAAC;AAGvC,QAAM,aAAa,OAAO,eAAe;AACzC,WAAS,cAAuB;AAC9B,QAAI,CAAC,WAAY,QAAO;AACxB,UAAM,MAAM;AACZ,WAAO,IAAI,eAAe,OAAO,IAAI,yBAAyB;AAAA,EAChE;AAGA,MAAI,WAA0B;AAC9B,MAAI,SAAS;AAGb,QAAM,YAAY,OAAO,cAAc;AACvC,QAAM,oBAAoB,QAAQ;AAClC,QAAM,uBAAuB,QAAQ;AACrC,MAAI,YAAY;AAOhB,WAAS,aAAqB;AAC5B,WAAO,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aACjE,OAAO,WAAW,IAClB,OAAO,KAAK,IAAI,CAAC,IAAI,OAAO,KAAK,OAAO,CAAC;AAAA,EAC/C;AAIA,WAAS,kBAAkB,MAAoB;AAC7C,QAAI;AACF,UAAI,OAAO,UAAU,eAAe,YAAY;AAC9C,cAAM,OAAO,IAAI,KAAK,CAAC,IAAI,GAAG,EAAE,MAAM,aAAa,CAAC;AACpD,cAAM,OAAO,UAAU,WAAW,UAAU,IAAI;AAChD,YAAI,KAAM;AAAA,MAEZ;AAEA,YAAM,UAAU;AAAA,QACd,QAAQ;AAAA,QACR,WAAW;AAAA,QACX,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C;AAAA,MACF,CAAC,EAAE,MAAM,MAAM;AAAA,MAAC,CAAC;AAAA,IACnB,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,WAAS,aAAa,UAAwB;AAE5C,QAAI,YAAY,EAAG;AAGnB,UAAM,MAAM;AAEZ,QAAI,IAAI,iBAAiB,QAAS,SAAS,oBAA+B,YAAa;AAGvF,UAAM,MAAM,KAAK,IAAI;AACrB,QAAI,aAAa,YAAY,MAAM,SAAS,IAAK;AACjD,eAAW;AACX,aAAS;AAET,UAAM,OAAO,KAAK,UAAU;AAAA,MAC1B,gBAAgB,OAAO;AAAA,MACvB;AAAA,MACA,UAAU,SAAS,YAAY;AAAA,MAC/B,SAAS,WAAW;AAAA,MACpB,SAAS,KAAK,IAAI;AAAA,IACpB,CAAC;AAED,sBAAkB,IAAI;AAAA,EACxB;AAKA,WAAS,mBAAyB;AAChC,QAAI,UAAW;AACf,iBAAa,SAAS,QAAQ;AAAA,EAChC;AAEA,WAAS,iBAEP,MACA,QACA,KACM;AACN,sBAAkB,MAAM,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAyC;AACzF,QAAI,CAAC,UAAW,YAAW,kBAAkB,CAAC;AAAA,EAChD;AAEA,WAAS,oBAEP,MACA,QACA,KACM;AACN,yBAAqB,MAAM,MAAM,CAAC,MAAM,QAAQ,GAAG,CAA4C;AAC/F,QAAI,CAAC,UAAW,YAAW,kBAAkB,CAAC;AAAA,EAChD;AAEA,MAAI,WAAW;AACb,YAAQ,YAAY;AACpB,YAAQ,eAAe;AACvB,WAAO,iBAAiB,YAAY,gBAAgB;AAGpD,QAAI,SAAS,eAAe,YAAY;AACtC,uBAAiB;AAAA,IACnB,OAAO;AACL,aAAO,iBAAiB,QAAQ,kBAAkB,EAAE,MAAM,KAAK,CAAC;AAAA,IAClE;AAAA,EACF;AAWA,QAAM,gBAAyB,MAAM;AACnC,QAAI;AACF,YAAM,WAAW,SAAS;AAC1B,aACE,aAAa,eACb,aAAa,eACb,CAAC,SAAS,SAAS,QAAQ;AAAA,IAE/B,QAAQ;AAEN,aAAO;AAAA,IACT;AAAA,EACF,GAAG;AAGH,QAAM,gBAAgB,oBAAI,IAAY;AAEtC,WAAS,QAAQ,MAAc,QAAsB;AACnD,QAAI,aAAc;AAClB,QAAI,cAAc,IAAI,MAAM,EAAG;AAC/B,kBAAc,IAAI,MAAM;AACxB,YAAQ,KAAK,gCAAgC,IAAI,KAAK,MAAM,EAAE;AAAA,EAChE;AAEA,QAAM,gBAAgB;AACtB,QAAM,oBAAoB,CAAC,MAAM,MAAM;AAEvC,WAAS,kBAAkB,MAA6B;AACtD,QAAI,CAAC,QAAQ,OAAO,SAAS,SAAU,QAAO;AAC9C,eAAW,UAAU,mBAAmB;AACtC,UAAI,KAAK,WAAW,MAAM,EAAG,QAAO;AAAA,IACtC;AACA,QAAI,CAAC,cAAc,KAAK,IAAI,EAAG,QAAO;AACtC,WAAO;AAAA,EACT;AAEA,QAAM,cAAc;AAEpB,WAAS,mBACP,OACe;AACf,QAAI,UAAU,UAAa,UAAU,KAAM,QAAO;AAClD,QAAI,OAAO,UAAU,YAAY,MAAM,QAAQ,KAAK,EAAG,QAAO;AAC9D,UAAM,OAAO,OAAO,KAAK,KAAK;AAC9B,QAAI,KAAK,SAAS,GAAI,QAAO;AAC7B,eAAW,KAAK,MAAM;AACpB,YAAM,IAAI,MAAM,CAAC;AACjB,UAAI,CAAC,YAAY,KAAK,CAAC,EAAG,QAAO;AACjC,UAAI,OAAO,MAAM,UAAU;AACzB,YAAI,EAAE,SAAS,GAAI,QAAO;AAAA,MAC5B,WAAW,OAAO,MAAM,UAAU;AAChC,YAAI,CAAC,SAAS,CAAC,EAAG,QAAO;AAAA,MAC3B,WAAW,OAAO,MAAM,WAAW;AAAA,MAEnC,OAAO;AACL,eAAO;AAAA,MACT;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAKA,SAAO;AAAA,IACL,SAAS,MAAqB;AAC5B,UAAI,UAAW;AACf,mBAAa,QAAQ,SAAS,QAAQ;AAAA,IACxC;AAAA,IAEA,MAAM,MAAc,OAAyD;AAC3E,UAAI,UAAW;AAGf,UAAI,YAAY,EAAG;AAGnB,YAAM,MAAM;AACZ,UAAI,IAAI,iBAAiB,QAAS,SAAS,oBAA+B,YAAa;AAGvF,YAAM,UAAU,kBAAkB,IAAI;AACtC,UAAI,SAAS;AACX,gBAAQ,MAAM,OAAO;AACrB;AAAA,MACF;AAEA,UAAI,UAAU,QAAW;AACvB,cAAM,WAAW,mBAAmB,KAAK;AACzC,YAAI,UAAU;AACZ,kBAAQ,MAAM,QAAQ;AACtB;AAAA,QACF;AAAA,MACF;AAGA,YAAM,OAAO,KAAK,UAAU;AAAA,QAC1B,gBAAgB,OAAO;AAAA,QACvB,UAAU,SAAS;AAAA,QACnB,UAAU,SAAS,YAAY;AAAA,QAC/B,SAAS,WAAW;AAAA,QACpB,WAAW;AAAA,QACX,YAAY;AAAA,QACZ,SAAS,KAAK,IAAI;AAAA,MACpB,CAAC;AAED,wBAAkB,IAAI;AAAA,IACxB;AAAA,IAEA,UAAgB;AACd,UAAI,UAAW;AACf,kBAAY;AAEZ,UAAI,WAAW;AAEb,gBAAQ,YAAY;AACpB,gBAAQ,eAAe;AACvB,eAAO,oBAAoB,YAAY,gBAAgB;AAAA,MACzD;AAGA,iBAAW;AACX,eAAS;AAAA,IACX;AAAA,EACF;AACF;;;AC7UA;AAKO,SAAS,0BAA+C;AAC7D,QAAM,gBACJ,OAAO,YAAY,cACf,QAAQ,KAAK,uCACb;AAEN,QAAM,UACJ,YAGA;AAEF,SAAO;AAAA,IACL;AAAA,IACA,eAAe,SAAS;AAAA,EAC1B;AACF;AAEO,SAAS,+BACd,UACA,MAA2B,wBAAwB,GAC/B;AACpB,MAAI,aAAa,OAAW,QAAO,YAAY;AAE/C,SAAO,IAAI,iBAAiB,IAAI;AAClC;;;AHpBO,SAAS,UAAU;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAAmB;AACjB,8BAAU,MAAM;AACd,UAAM,yBACJ,+BAA+B,cAAc;AAC/C,QAAI,CAAC,uBAAwB;AAE7B,UAAM,YAAY,gBAAgB;AAAA,MAChC;AAAA,MACA;AAAA,MACA,gBAAgB;AAAA,MAChB;AAAA,IACF,CAAC;AAED,WAAO,MAAM,UAAU,QAAQ;AAAA,EACjC,GAAG,CAAC,WAAW,UAAU,gBAAgB,UAAU,CAAC;AAEpD,SAAO;AACT;AAEA,IAAO,gBAAQ;","names":[]}
+{"version":3,"sources":["../../src/analytics/react.tsx","../../src/core/client/types.ts","../../src/analytics.ts","../../src/analytics/env.ts"],"sourcesContent":["'use client'\n\nimport { useEffect } from 'react'\nimport { createAnalytics, type AnalyticsConfig } from '../analytics'\nimport { resolveAnalyticsPublishableKey } from './env'\n\nexport type AnalyticsProps = Omit<AnalyticsConfig, 'publishableKey'> & {\n  publishableKey?: string\n}\n\nexport function Analytics({\n  autoTrack,\n  endpoint,\n  publishableKey,\n  respectDnt,\n}: AnalyticsProps) {\n  useEffect(() => {\n    const resolvedPublishableKey =\n      resolveAnalyticsPublishableKey(publishableKey)\n    if (!resolvedPublishableKey) return\n\n    const analytics = createAnalytics({\n      autoTrack,\n      endpoint,\n      publishableKey: resolvedPublishableKey,\n      respectDnt,\n    })\n\n    return () => analytics.destroy()\n  }, [autoTrack, endpoint, publishableKey, respectDnt])\n\n  return null\n}\n\nexport default Analytics\n","import type {\n  Collection,\n  PublicCollection,\n  ServerCollection,\n  ServerOnlyCollection,\n} from '../collection/const'\nimport type { CollectionType } from '../collection/types'\nimport type { CommunityClient } from '../community/community-client'\nimport type {\n  BanCustomerParams,\n  CommunityBan,\n  UnbanCustomerParams,\n} from '../community/moderation-api'\nimport type { CommerceClient } from '../commerce/commerce-client'\nimport type { ServerCommerceClient } from '../commerce/server-commerce-client'\nimport type { CustomerNamespace } from '../customer/customer-namespace'\nimport type { EventsClient } from '../events/events-client'\nimport type { TenantIntrospectionClient } from '../api/tenant-introspection-api'\n\nexport type {\n  Collection,\n  PublicCollection,\n  ServerCollection,\n  ServerOnlyCollection,\n}\n\n// ============================================================================\n// API URL Configuration\n// ============================================================================\n\ndeclare const __DEFAULT_API_URL__: string\n\nexport function resolveApiUrl(apiUrl?: string): string {\n  if (apiUrl) {\n    return apiUrl.replace(/\\/$/, '')\n  }\n\n  if (typeof process !== 'undefined' && process.env) {\n    const envUrl =\n      process.env.SOFTWARE_API_URL || process.env.NEXT_PUBLIC_SOFTWARE_API_URL\n    if (envUrl) {\n      return envUrl.replace(/\\/$/, '')\n    }\n  }\n  return __DEFAULT_API_URL__\n}\n\n// ============================================================================\n// Client Configuration\n// ============================================================================\n\nexport interface ClientConfig {\n  publishableKey: string\n  /** API base URL for staging, self-hosted, preview, or proxy deployments. */\n  apiUrl?: string\n  /**\n   * Customer authentication options.\n   * Used to initialize CustomerAuth on Client.\n   */\n  customer?: {\n    /**\n     * Persist token in localStorage. Defaults to `true`.\n     * - `true` (default): uses key `'customer-token'`\n     * - `string`: uses the given string as localStorage key\n     * - `false`: disables persistence (token/onTokenChange used instead)\n     *\n     * Handles SSR safely (no-op on server).\n     * When enabled, `token` and `onTokenChange` are ignored.\n     */\n    persist?: boolean | string\n    /** Initial token (e.g. from SSR cookie) */\n    token?: string\n    /** Called when token changes (login/logout) — use to persist in localStorage/cookie */\n    onTokenChange?: (token: string | null) => void\n  }\n}\n\n// Server client: requires both publishableKey (for CDN routing + rate limit +\n// monthly quota enforcement via the edge proxy) and secretKey (sk01_ opaque\n// bearer token, the authentication credential).\n// The proxy keys its tenant lookup off `X-Publishable-Key`, so omitting\n// publishableKey would silently bypass rate limiting and plan-based quota\n// enforcement.\nexport interface ClientServerConfig extends ClientConfig {\n  secretKey: string\n}\n\nexport interface ClientMetadata {\n  userAgent?: string\n  timestamp: number\n}\n\nexport interface ClientState {\n  metadata: ClientMetadata\n}\n\nexport interface PaginationMeta {\n  page: number\n  limit: number\n  totalDocs: number\n  totalPages: number\n  hasNextPage: boolean\n  hasPrevPage: boolean\n  pagingCounter: number\n  prevPage: number | null\n  nextPage: number | null\n}\n\n// ============================================================================\n// Payload CMS Native Response Types\n// ============================================================================\n\n/**\n * Payload CMS Find (List) Response\n * GET /api/{collection}\n */\nexport interface PayloadFindResponse<T = unknown> {\n  docs: T[]\n  totalDocs: number\n  limit: number\n  totalPages: number\n  page: number\n  pagingCounter: number\n  hasPrevPage: boolean\n  hasNextPage: boolean\n  prevPage: number | null\n  nextPage: number | null\n}\n\n/**\n * Payload CMS Create/Update Response\n * POST /api/{collection}\n * PATCH /api/{collection}/{id}\n */\nexport interface PayloadMutationResponse<T = unknown> {\n  message: string\n  doc: T\n  errors?: unknown[]\n}\n\n// ============================================================================\n// Query Options\n// ============================================================================\n\nexport type Sort = string | string[]\nexport type Where = Record<string, unknown>\n\n/**\n * Do NOT replace with `Pick<FindOptions>` from `payload` or import Payload\n * types here. Payload's generic query types depend on `PayloadTypes` module\n * augmentation; external SDK consumers who only use `createClient` should not\n * install Payload just to type REST query objects. Excluded vs native:\n * Local-API-only fields, `locale`/`fallbackLocale`.\n */\nexport interface ApiQueryOptions {\n  page?: number\n  limit?: number\n  sort?: Sort\n  /**\n   * Filter documents. Id-based relation filters (`where: { product: { equals: id } }`) are the\n   * most reliable pattern. Dotted-path relation filters (`where: { 'product.slug': { equals } }`)\n   * are Payload-native but may silently return empty when access control restricts the related\n   * document or when the relation is polymorphic. String shorthand (`where: { slug: 'x' }`)\n   * silently matches nothing — always use `{ slug: { equals: 'x' } }`.\n   */\n  where?: Where\n  /**\n   * Controls how deeply relationship fields are populated. This is the primary control for\n   * populating relationships like `category`, `images`, `brand`. The configured Payload default\n   * applies when unset.\n   */\n  depth?: number\n  select?: Record<string, boolean>\n  /**\n   * Controls which fields are returned for already-populated relationships, keyed by collection\n   * slug. Does NOT control which relationships to populate — that is `depth`.\n   *\n   * @example\n   * // depth: 2 populates category; populate trims which fields come back\n   * populate: { categories: { title: true, slug: true } }\n   */\n  populate?: Record<string, boolean | Record<string, boolean>>\n  /**\n   * Controls Payload `type: 'join'` virtual reverse-relation fields only (pagination, sort,\n   * filter, count per join field, or `false` to disable all join-field population).\n   *\n   * Does NOT populate normal relationship fields like `category`, `images`, or `brand`.\n   * For normal relationship population use `depth` (and optionally `populate` for field\n   * selection).\n   *\n   * Pass `joins: false` to disable all join-field population — useful for lightweight list\n   * queries where join fields are not needed.\n   *\n   * @example\n   * // `article-authors` has a `type: 'join'` field `articles` (reverse-relation)\n   * joins: { articles: { limit: 10, sort: '-publishedAt' } }\n   *\n   * // depth: 2 populates product.category — joins has no effect on this\n   * depth: 2\n   *\n   * // Disable all join-field population\n   * joins: false\n   */\n  joins?:\n    | Record<\n        string,\n        | {\n            limit?: number\n            page?: number\n            sort?: string\n            where?: Where\n            count?: boolean\n          }\n        | false\n      >\n    | false\n  /** Set to `false` to skip the count query — returns docs without totalDocs/totalPages */\n  pagination?: boolean\n  /** Include draft versions (access control still applies on the server) */\n  draft?: boolean\n  /** Include soft-deleted documents (requires `trash` enabled on the collection) */\n  trash?: boolean\n}\n\n// ============================================================================\n// Debug & Retry Configuration\n// ============================================================================\n\nexport interface DebugConfig {\n  logRequests?: boolean\n  logResponses?: boolean\n  logErrors?: boolean\n}\n\nexport interface RetryConfig {\n  maxRetries?: number\n  retryableStatuses?: number[]\n  retryDelay?: (attempt: number) => number\n}\n\n// ============================================================================\n// Lightweight root entry contracts\n// ============================================================================\n\ninterface RootQueryLookup<T extends string> {\n  find(\n    options?: ApiQueryOptions,\n  ): Promise<PayloadFindResponse<CollectionType<T>>>\n  findById(\n    id: string | number,\n    options?: ApiQueryOptions,\n  ): Promise<CollectionType<T>>\n  count(options?: ApiQueryOptions): Promise<{ totalDocs: number }>\n}\n\nexport type RootReadOnlyQueryBuilder<T extends PublicCollection> =\n  RootQueryLookup<T>\n\nexport interface RootServerQueryBuilder<\n  T extends ServerCollection,\n> extends RootQueryLookup<T> {\n  create(\n    data: Partial<CollectionType<T>>,\n    options?: { file?: File | Blob; filename?: string },\n  ): Promise<PayloadMutationResponse<CollectionType<T>>>\n  update(\n    id: string,\n    data: Partial<CollectionType<T>>,\n    options?: { file?: File | Blob; filename?: string },\n  ): Promise<PayloadMutationResponse<CollectionType<T>>>\n  updateMany(\n    where: ApiQueryOptions['where'],\n    data: Partial<CollectionType<T>>,\n  ): Promise<PayloadFindResponse<CollectionType<T>>>\n  remove(id: string): Promise<CollectionType<T>>\n  removeMany(\n    where: ApiQueryOptions['where'],\n  ): Promise<PayloadFindResponse<CollectionType<T>>>\n}\n\nexport interface RootCollectionClient {\n  from<T extends PublicCollection>(collection: T): RootReadOnlyQueryBuilder<T>\n}\n\nexport interface RootServerCollectionClient {\n  from<T extends ServerCollection>(collection: T): RootServerQueryBuilder<T>\n}\n\nexport interface RootClient {\n  commerce: CommerceClient\n  community: CommunityClient\n  /** Set on {@link createClient} return values; optional for structural mocks. */\n  events?: EventsClient\n  customer: CustomerNamespace\n  collections: RootCollectionClient\n  lastRequestId: string | null\n  getState(): ClientState\n  getConfig(): ClientConfig\n}\n\nexport interface RootServerClient {\n  commerce: ServerCommerceClient\n  tenant: TenantIntrospectionClient\n  /** Set on {@link createServerClient} return values; optional for structural mocks. */\n  events?: EventsClient\n  community: CommunityClient & {\n    moderation: {\n      banCustomer: (p: BanCustomerParams) => Promise<CommunityBan>\n      unbanCustomer: (p: UnbanCustomerParams) => Promise<{ success: true }>\n    }\n  }\n  collections: RootServerCollectionClient\n  lastRequestId: string | null\n  getState(): ClientState\n  getConfig(): Omit<ClientServerConfig, 'secretKey'>\n}\n\nexport type RootClientWithEvents = RootClient & { events: EventsClient }\n\nexport type RootServerClientWithEvents = RootServerClient & { events: EventsClient }\n\n// ============================================================================\n// Type Utilities\n// ============================================================================\n\nexport type DeepPartial<T> = {\n  [P in keyof T]?: T[P] extends object ? DeepPartial<T[P]> : T[P]\n}\n\nexport type ExtractArrayType<T> = T extends (infer U)[] ? U : never\n","/**\n * @01.software/sdk — Analytics Helper\n */\n\n/* ANALYTICS INVARIANTS START\n * @01.software/sdk — Analytics Helper\n *\n * ANALYTICS INVARIANTS\n * ====================\n * These invariants are the single source of truth for observable behavior.\n * They are mirrored verbatim in apps/console/src/app/api/analytics/script.js/route.ts.\n * Any change here MUST be reflected there, and vice versa.\n *\n * 1. DNT/GPC respect: when config.respectDnt !== false (default true) AND\n *    (navigator.doNotTrack === '1' OR navigator.globalPrivacyControl === true),\n *    all methods become no-ops. Zero network requests are made.\n *\n * 2. Prerender skip: when document.prerendering === true OR\n *    document.visibilityState === 'prerender', pageview() sends zero requests.\n *\n * 3. 500ms same-path dedup: a pageview for the same pathname within 500ms of\n *    the previous send is silently dropped. After 500ms the next call sends.\n *\n * 4. Transport: sendBeacon → fetch keepalive fallback.\n *    Primary: navigator.sendBeacon(endpoint, new Blob([json], { type: 'text/plain' })).\n *    Fallback (sendBeacon unavailable OR returns false):\n *      fetch(endpoint, { method: 'POST', keepalive: true,\n *        headers: { 'Content-Type': 'application/json' }, body: json }).catch(() => {})\n *\n * 5. Body-only publishableKey: publishableKey is always in the request body,\n *    never in any HTTP header.\n *\n * 6. SSR no-op: when typeof window === 'undefined', createAnalytics() returns\n *    a stub where all methods are no-ops. No side effects occur.\n *\n * 7. Error swallowing: all transport errors are caught and swallowed.\n *    createAnalytics() and all returned methods never throw into the caller.\n *\n * 8. Client timestamp: every send carries eventTs (milliseconds since epoch)\n *    captured with Date.now() immediately before transport. The collect\n *    endpoint uses eventTs (a) to bucket the event into the client's\n *    tenant-local day and (b) to enforce the late-arrival cutoff; events\n *    submitted after the local-day-end grace window are dropped with\n *    reason \"late\".\n * ANALYTICS INVARIANTS END */\n\nimport { resolveApiUrl } from './core/client/types'\n\n// ============================================================================\n// Public Types\n// ============================================================================\n\nexport interface AnalyticsConfig {\n  publishableKey: string\n  /** Override the collect endpoint URL. Defaults to {SDK_BASE_URL}/api/analytics/collect */\n  endpoint?: string\n  /** Auto-patch history.pushState/replaceState and listen to popstate. Default: true */\n  autoTrack?: boolean\n  /** Respect navigator.doNotTrack and navigator.globalPrivacyControl. Default: true */\n  respectDnt?: boolean\n}\n\nexport interface Analytics {\n  pageview(path?: string): void\n  track(name: string, props?: Record<string, string | number | boolean>): void\n  destroy(): void\n}\n\n// ============================================================================\n// Implementation\n// ============================================================================\n\nexport function createAnalytics(config: AnalyticsConfig): Analytics {\n  // INVARIANT 6: SSR no-op\n  if (typeof window === 'undefined') {\n    return { pageview() {}, track() {}, destroy() {} }\n  }\n\n  const endpoint =\n    config.endpoint ?? `${resolveApiUrl()}/api/analytics/collect`\n\n  // INVARIANT 1: DNT/GPC check (evaluated once at init; stays as closure)\n  const respectDnt = config.respectDnt !== false\n  function isDntActive(): boolean {\n    if (!respectDnt) return false\n    const nav = navigator as Navigator & { globalPrivacyControl?: boolean }\n    return nav.doNotTrack === '1' || nav.globalPrivacyControl === true\n  }\n\n  // INVARIANT 3: 500ms same-path dedup state\n  let lastPath: string | null = null\n  let lastAt = 0\n\n  // autoTrack state — save originals for destroy()\n  const autoTrack = config.autoTrack !== false\n  const originalPushState = history.pushState\n  const originalReplaceState = history.replaceState\n  let destroyed = false\n\n  // -------------------------------------------------------------------------\n  // Core send logic\n  // -------------------------------------------------------------------------\n\n  // Generate a unique event ID (crypto.randomUUID when available, Date+Math.random fallback)\n  function newEventId(): string {\n    return typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function'\n      ? crypto.randomUUID()\n      : String(Date.now()) + String(Math.random())\n  }\n\n  // INVARIANT 4: sendBeacon → fetch keepalive fallback\n  // INVARIANT 5: publishableKey in body only\n  function sendBeaconOrFetch(body: string): void {\n    try {\n      if (typeof navigator.sendBeacon === 'function') {\n        const blob = new Blob([body], { type: 'text/plain' })\n        const sent = navigator.sendBeacon(endpoint, blob)\n        if (sent) return\n        // sent === false → fall through to fetch\n      }\n      // Fetch fallback\n      fetch(endpoint, {\n        method: 'POST',\n        keepalive: true,\n        headers: { 'Content-Type': 'application/json' },\n        body,\n      }).catch(() => {})\n    } catch {\n      // INVARIANT 7: swallow all errors\n    }\n  }\n\n  function sendPageview(pathname: string): void {\n    // INVARIANT 1: DNT/GPC\n    if (isDntActive()) return\n\n    // INVARIANT 2: prerender skip\n    const doc = document as Document & { prerendering?: boolean }\n    // visibilityState cast to string to accommodate non-standard 'prerender' value\n    if (doc.prerendering === true || (document.visibilityState as string) === 'prerender') return\n\n    // INVARIANT 3: 500ms same-path dedup\n    const now = Date.now()\n    if (pathname === lastPath && now - lastAt < 500) return\n    lastPath = pathname\n    lastAt = now\n\n    const body = JSON.stringify({\n      publishableKey: config.publishableKey,\n      pathname,\n      referrer: document.referrer || '',\n      eventId: newEventId(),\n      eventTs: Date.now(),\n    })\n\n    sendBeaconOrFetch(body)\n  }\n\n  // -------------------------------------------------------------------------\n  // autoTrack: patch history methods + listen to popstate\n  // -------------------------------------------------------------------------\n  function trackCurrentPath(): void {\n    if (destroyed) return\n    sendPageview(location.pathname)\n  }\n\n  function patchedPushState(\n    this: History,\n    data: unknown,\n    unused: string,\n    url?: string | URL | null,\n  ): void {\n    originalPushState.apply(this, [data, unused, url] as Parameters<typeof history.pushState>)\n    if (!destroyed) setTimeout(trackCurrentPath, 0)\n  }\n\n  function patchedReplaceState(\n    this: History,\n    data: unknown,\n    unused: string,\n    url?: string | URL | null,\n  ): void {\n    originalReplaceState.apply(this, [data, unused, url] as Parameters<typeof history.replaceState>)\n    if (!destroyed) setTimeout(trackCurrentPath, 0)\n  }\n\n  if (autoTrack) {\n    history.pushState = patchedPushState\n    history.replaceState = patchedReplaceState\n    window.addEventListener('popstate', trackCurrentPath)\n\n    // Initial pageview\n    if (document.readyState === 'complete') {\n      trackCurrentPath()\n    } else {\n      window.addEventListener('load', trackCurrentPath, { once: true })\n    }\n  }\n\n  // -------------------------------------------------------------------------\n  // track() — client-side validation + send\n  // -------------------------------------------------------------------------\n\n  // Dev-mode detection: warn in dev, silent in production.\n  // process.env.NODE_ENV is unreliable in browser bundles (tsup does not replace it\n  // by default). Instead we detect production at runtime via hostname heuristics.\n  // SSR (window undefined) is caught at the top of createAnalytics and returns a\n  // stub, so window is always defined here.\n  const isProduction: boolean = (() => {\n    try {\n      const hostname = location.hostname\n      return (\n        hostname !== 'localhost' &&\n        hostname !== '127.0.0.1' &&\n        !hostname.endsWith('.local')\n      )\n    } catch {\n      // hostname access failed (non-browser) — default to silent\n      return true\n    }\n  })()\n\n  // One-shot warn dedup per reason per page load (keyed by reason only)\n  const warnedReasons = new Set<string>()\n\n  function devWarn(name: string, reason: string): void {\n    if (isProduction) return\n    if (warnedReasons.has(reason)) return\n    warnedReasons.add(reason)\n    console.warn(`[01 analytics] dropped event ${name}: ${reason}`)\n  }\n\n  const EVENT_NAME_RE = /^[a-zA-Z][a-zA-Z0-9_:-]{0,49}$/\n  const RESERVED_PREFIXES = ['__', '_pv_']\n\n  function validateEventName(name: string): string | null {\n    if (!name || typeof name !== 'string') return 'name-empty'\n    for (const prefix of RESERVED_PREFIXES) {\n      if (name.startsWith(prefix)) return 'name-reserved'\n    }\n    if (!EVENT_NAME_RE.test(name)) return 'name-regex'\n    return null\n  }\n\n  const PROP_KEY_RE = /^[a-zA-Z_][a-zA-Z0-9_]{0,31}$/\n\n  function validateEventProps(\n    props: Record<string, string | number | boolean> | undefined,\n  ): string | null {\n    if (props === undefined || props === null) return null\n    if (typeof props !== 'object' || Array.isArray(props)) return 'props-value-type'\n    const keys = Object.keys(props)\n    if (keys.length > 10) return 'props-too-many-keys'\n    for (const k of keys) {\n      const v = props[k]\n      if (!PROP_KEY_RE.test(k)) return 'props-key-regex'\n      if (typeof v === 'string') {\n        if (v.length > 80) return 'props-value-too-long'\n      } else if (typeof v === 'number') {\n        if (!isFinite(v)) return 'props-value-not-finite'\n      } else if (typeof v === 'boolean') {\n        // ok\n      } else {\n        return 'props-value-type'\n      }\n    }\n    return null\n  }\n\n  // -------------------------------------------------------------------------\n  // Public API\n  // -------------------------------------------------------------------------\n  return {\n    pageview(path?: string): void {\n      if (destroyed) return\n      sendPageview(path ?? location.pathname)\n    },\n\n    track(name: string, props?: Record<string, string | number | boolean>): void {\n      if (destroyed) return\n\n      // INVARIANT 1: DNT/GPC (same as pageview)\n      if (isDntActive()) return\n\n      // INVARIANT 2: prerender skip\n      const doc = document as Document & { prerendering?: boolean }\n      if (doc.prerendering === true || (document.visibilityState as string) === 'prerender') return\n\n      // Client-side validation\n      const nameErr = validateEventName(name)\n      if (nameErr) {\n        devWarn(name, nameErr)\n        return\n      }\n\n      if (props !== undefined) {\n        const propsErr = validateEventProps(props)\n        if (propsErr) {\n          devWarn(name, propsErr)\n          return\n        }\n      }\n\n      // Build body — no dedup for track() events\n      const body = JSON.stringify({\n        publishableKey: config.publishableKey,\n        pathname: location.pathname,\n        referrer: document.referrer || '',\n        eventId: newEventId(),\n        eventName: name,\n        eventProps: props,\n        eventTs: Date.now(),\n      })\n\n      sendBeaconOrFetch(body)\n    },\n\n    destroy(): void {\n      if (destroyed) return\n      destroyed = true\n\n      if (autoTrack) {\n        // Restore original history methods\n        history.pushState = originalPushState\n        history.replaceState = originalReplaceState\n        window.removeEventListener('popstate', trackCurrentPath)\n      }\n\n      // Null out dedup state\n      lastPath = null\n      lastAt = 0\n    },\n  }\n}\n","export type AnalyticsRuntimeEnv = {\n  nextPublicKey?: string\n  vitePublicKey?: string\n}\n\nexport function readAnalyticsRuntimeEnv(): AnalyticsRuntimeEnv {\n  const nextPublicKey =\n    typeof process !== 'undefined'\n      ? process.env?.NEXT_PUBLIC_SOFTWARE_PUBLISHABLE_KEY\n      : undefined\n\n  const viteEnv = (\n    import.meta as ImportMeta & {\n      env?: Record<string, string | undefined>\n    }\n  ).env\n\n  return {\n    nextPublicKey,\n    vitePublicKey: viteEnv?.VITE_SOFTWARE_PUBLISHABLE_KEY,\n  }\n}\n\nexport function resolveAnalyticsPublishableKey(\n  explicit?: string,\n  env: AnalyticsRuntimeEnv = readAnalyticsRuntimeEnv(),\n): string | undefined {\n  if (explicit !== undefined) return explicit || undefined\n\n  return env.nextPublicKey || env.vitePublicKey\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEA,mBAA0B;;;AC8BnB,SAAS,cAAc,QAAyB;AACrD,MAAI,QAAQ;AACV,WAAO,OAAO,QAAQ,OAAO,EAAE;AAAA,EACjC;AAEA,MAAI,OAAO,YAAY,eAAe,QAAQ,KAAK;AACjD,UAAM,SACJ,QAAQ,IAAI,oBAAoB,QAAQ,IAAI;AAC9C,QAAI,QAAQ;AACV,aAAO,OAAO,QAAQ,OAAO,EAAE;AAAA,IACjC;AAAA,EACF;AACA,SAAO;AACT;;;AC2BO,SAAS,gBAAgB,QAAoC;AAElE,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,EAAE,WAAW;AAAA,IAAC,GAAG,QAAQ;AAAA,IAAC,GAAG,UAAU;AAAA,IAAC,EAAE;AAAA,EACnD;AAEA,QAAM,WACJ,OAAO,YAAY,GAAG,cAAc,CAAC;AAGvC,QAAM,aAAa,OAAO,eAAe;AACzC,WAAS,cAAuB;AAC9B,QAAI,CAAC,WAAY,QAAO;AACxB,UAAM,MAAM;AACZ,WAAO,IAAI,eAAe,OAAO,IAAI,yBAAyB;AAAA,EAChE;AAGA,MAAI,WAA0B;AAC9B,MAAI,SAAS;AAGb,QAAM,YAAY,OAAO,cAAc;AACvC,QAAM,oBAAoB,QAAQ;AAClC,QAAM,uBAAuB,QAAQ;AACrC,MAAI,YAAY;AAOhB,WAAS,aAAqB;AAC5B,WAAO,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aACjE,OAAO,WAAW,IAClB,OAAO,KAAK,IAAI,CAAC,IAAI,OAAO,KAAK,OAAO,CAAC;AAAA,EAC/C;AAIA,WAAS,kBAAkB,MAAoB;AAC7C,QAAI;AACF,UAAI,OAAO,UAAU,eAAe,YAAY;AAC9C,cAAM,OAAO,IAAI,KAAK,CAAC,IAAI,GAAG,EAAE,MAAM,aAAa,CAAC;AACpD,cAAM,OAAO,UAAU,WAAW,UAAU,IAAI;AAChD,YAAI,KAAM;AAAA,MAEZ;AAEA,YAAM,UAAU;AAAA,QACd,QAAQ;AAAA,QACR,WAAW;AAAA,QACX,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C;AAAA,MACF,CAAC,EAAE,MAAM,MAAM;AAAA,MAAC,CAAC;AAAA,IACnB,QAAQ;AAAA,IAER;AAAA,EACF;AAEA,WAAS,aAAa,UAAwB;AAE5C,QAAI,YAAY,EAAG;AAGnB,UAAM,MAAM;AAEZ,QAAI,IAAI,iBAAiB,QAAS,SAAS,oBAA+B,YAAa;AAGvF,UAAM,MAAM,KAAK,IAAI;AACrB,QAAI,aAAa,YAAY,MAAM,SAAS,IAAK;AACjD,eAAW;AACX,aAAS;AAET,UAAM,OAAO,KAAK,UAAU;AAAA,MAC1B,gBAAgB,OAAO;AAAA,MACvB;AAAA,MACA,UAAU,SAAS,YAAY;AAAA,MAC/B,SAAS,WAAW;AAAA,MACpB,SAAS,KAAK,IAAI;AAAA,IACpB,CAAC;AAED,sBAAkB,IAAI;AAAA,EACxB;AAKA,WAAS,mBAAyB;AAChC,QAAI,UAAW;AACf,iBAAa,SAAS,QAAQ;AAAA,EAChC;AAEA,WAAS,iBAEP,MACA,QACA,KACM;AACN,sBAAkB,MAAM,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAyC;AACzF,QAAI,CAAC,UAAW,YAAW,kBAAkB,CAAC;AAAA,EAChD;AAEA,WAAS,oBAEP,MACA,QACA,KACM;AACN,yBAAqB,MAAM,MAAM,CAAC,MAAM,QAAQ,GAAG,CAA4C;AAC/F,QAAI,CAAC,UAAW,YAAW,kBAAkB,CAAC;AAAA,EAChD;AAEA,MAAI,WAAW;AACb,YAAQ,YAAY;AACpB,YAAQ,eAAe;AACvB,WAAO,iBAAiB,YAAY,gBAAgB;AAGpD,QAAI,SAAS,eAAe,YAAY;AACtC,uBAAiB;AAAA,IACnB,OAAO;AACL,aAAO,iBAAiB,QAAQ,kBAAkB,EAAE,MAAM,KAAK,CAAC;AAAA,IAClE;AAAA,EACF;AAWA,QAAM,gBAAyB,MAAM;AACnC,QAAI;AACF,YAAM,WAAW,SAAS;AAC1B,aACE,aAAa,eACb,aAAa,eACb,CAAC,SAAS,SAAS,QAAQ;AAAA,IAE/B,QAAQ;AAEN,aAAO;AAAA,IACT;AAAA,EACF,GAAG;AAGH,QAAM,gBAAgB,oBAAI,IAAY;AAEtC,WAAS,QAAQ,MAAc,QAAsB;AACnD,QAAI,aAAc;AAClB,QAAI,cAAc,IAAI,MAAM,EAAG;AAC/B,kBAAc,IAAI,MAAM;AACxB,YAAQ,KAAK,gCAAgC,IAAI,KAAK,MAAM,EAAE;AAAA,EAChE;AAEA,QAAM,gBAAgB;AACtB,QAAM,oBAAoB,CAAC,MAAM,MAAM;AAEvC,WAAS,kBAAkB,MAA6B;AACtD,QAAI,CAAC,QAAQ,OAAO,SAAS,SAAU,QAAO;AAC9C,eAAW,UAAU,mBAAmB;AACtC,UAAI,KAAK,WAAW,MAAM,EAAG,QAAO;AAAA,IACtC;AACA,QAAI,CAAC,cAAc,KAAK,IAAI,EAAG,QAAO;AACtC,WAAO;AAAA,EACT;AAEA,QAAM,cAAc;AAEpB,WAAS,mBACP,OACe;AACf,QAAI,UAAU,UAAa,UAAU,KAAM,QAAO;AAClD,QAAI,OAAO,UAAU,YAAY,MAAM,QAAQ,KAAK,EAAG,QAAO;AAC9D,UAAM,OAAO,OAAO,KAAK,KAAK;AAC9B,QAAI,KAAK,SAAS,GAAI,QAAO;AAC7B,eAAW,KAAK,MAAM;AACpB,YAAM,IAAI,MAAM,CAAC;AACjB,UAAI,CAAC,YAAY,KAAK,CAAC,EAAG,QAAO;AACjC,UAAI,OAAO,MAAM,UAAU;AACzB,YAAI,EAAE,SAAS,GAAI,QAAO;AAAA,MAC5B,WAAW,OAAO,MAAM,UAAU;AAChC,YAAI,CAAC,SAAS,CAAC,EAAG,QAAO;AAAA,MAC3B,WAAW,OAAO,MAAM,WAAW;AAAA,MAEnC,OAAO;AACL,eAAO;AAAA,MACT;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAKA,SAAO;AAAA,IACL,SAAS,MAAqB;AAC5B,UAAI,UAAW;AACf,mBAAa,QAAQ,SAAS,QAAQ;AAAA,IACxC;AAAA,IAEA,MAAM,MAAc,OAAyD;AAC3E,UAAI,UAAW;AAGf,UAAI,YAAY,EAAG;AAGnB,YAAM,MAAM;AACZ,UAAI,IAAI,iBAAiB,QAAS,SAAS,oBAA+B,YAAa;AAGvF,YAAM,UAAU,kBAAkB,IAAI;AACtC,UAAI,SAAS;AACX,gBAAQ,MAAM,OAAO;AACrB;AAAA,MACF;AAEA,UAAI,UAAU,QAAW;AACvB,cAAM,WAAW,mBAAmB,KAAK;AACzC,YAAI,UAAU;AACZ,kBAAQ,MAAM,QAAQ;AACtB;AAAA,QACF;AAAA,MACF;AAGA,YAAM,OAAO,KAAK,UAAU;AAAA,QAC1B,gBAAgB,OAAO;AAAA,QACvB,UAAU,SAAS;AAAA,QACnB,UAAU,SAAS,YAAY;AAAA,QAC/B,SAAS,WAAW;AAAA,QACpB,WAAW;AAAA,QACX,YAAY;AAAA,QACZ,SAAS,KAAK,IAAI;AAAA,MACpB,CAAC;AAED,wBAAkB,IAAI;AAAA,IACxB;AAAA,IAEA,UAAgB;AACd,UAAI,UAAW;AACf,kBAAY;AAEZ,UAAI,WAAW;AAEb,gBAAQ,YAAY;AACpB,gBAAQ,eAAe;AACvB,eAAO,oBAAoB,YAAY,gBAAgB;AAAA,MACzD;AAGA,iBAAW;AACX,eAAS;AAAA,IACX;AAAA,EACF;AACF;;;AC7UA;AAKO,SAAS,0BAA+C;AAC7D,QAAM,gBACJ,OAAO,YAAY,cACf,QAAQ,KAAK,uCACb;AAEN,QAAM,UACJ,YAGA;AAEF,SAAO;AAAA,IACL;AAAA,IACA,eAAe,SAAS;AAAA,EAC1B;AACF;AAEO,SAAS,+BACd,UACA,MAA2B,wBAAwB,GAC/B;AACpB,MAAI,aAAa,OAAW,QAAO,YAAY;AAE/C,SAAO,IAAI,iBAAiB,IAAI;AAClC;;;AHpBO,SAAS,UAAU;AAAA,EACxB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAAmB;AACjB,8BAAU,MAAM;AACd,UAAM,yBACJ,+BAA+B,cAAc;AAC/C,QAAI,CAAC,uBAAwB;AAE7B,UAAM,YAAY,gBAAgB;AAAA,MAChC;AAAA,MACA;AAAA,MACA,gBAAgB;AAAA,MAChB;AAAA,IACF,CAAC;AAED,WAAO,MAAM,UAAU,QAAQ;AAAA,EACjC,GAAG,CAAC,WAAW,UAAU,gBAAgB,UAAU,CAAC;AAEpD,SAAO;AACT;AAEA,IAAO,gBAAQ;","names":[]}