@active-reach/web-sdk 1.10.0 → 1.11.1

package/dist/{analytics-Cc4-QQBf.mjs → analytics-6PR9ERDS.mjs}

@@ -2034,6 +2034,187 @@ class NameGovernor {
     };
   }
 }
+const RESERVED_PREFIXES = [
+  "system.",
+  "user.",
+  "loyalty.",
+  "review.",
+  "cart.",
+  "checkout.",
+  "product.",
+  "pos.",
+  "bill.",
+  "feedback.",
+  "chat.",
+  "delivery.",
+  "event.",
+  "$",
+  "_"
+];
+const KEY_SOFT_VALUE_CAP = 512;
+const KEY_HARD_VALUE_CAP = 1e4;
+const CAMEL_BOUNDARY_1 = /(.)([A-Z][a-z]+)/g;
+const CAMEL_BOUNDARY_2 = /([a-z0-9])([A-Z])/g;
+const NON_SNAKE = /[\s\-.]+/g;
+const DUPE_UNDERSCORE = /_+/g;
+const ISO_8601 = /^\d{4}-\d{2}-\d{2}(T\d{2}:\d{2}(:\d{2}(\.\d+)?)?(Z|[+-]\d{2}:?\d{2})?)?$/;
+const DATE_KEY_HINTS = /* @__PURE__ */ new Set([
+  "at",
+  "on",
+  "date",
+  "time",
+  "timestamp",
+  "dob",
+  "birthday",
+  "joined",
+  "expired",
+  "expires",
+  "created",
+  "updated",
+  "started",
+  "ended"
+]);
+function normalizeKey(key) {
+  if (!key) return null;
+  const stage1 = key.replace(CAMEL_BOUNDARY_1, "$1_$2").replace(CAMEL_BOUNDARY_2, "$1_$2");
+  const stage2 = stage1.replace(NON_SNAKE, "_").toLowerCase();
+  const result = stage2.replace(DUPE_UNDERSCORE, "_").replace(/^_+|_+$/g, "");
+  return result || null;
+}
+function startsWithReserved(key) {
+  const lower = key.toLowerCase();
+  for (const prefix of RESERVED_PREFIXES) {
+    if (lower.startsWith(prefix)) return prefix;
+  }
+  return null;
+}
+function looksLikeDateKey(key) {
+  for (const part of key.toLowerCase().split(/[_\-.\s]+/)) {
+    if (DATE_KEY_HINTS.has(part)) return true;
+  }
+  return false;
+}
+function parseDateValue(value) {
+  if (typeof value === "number" && Number.isFinite(value)) {
+    return value < 1e11 ? Math.floor(value * 1e3) : Math.floor(value);
+  }
+  if (typeof value === "string" && value) {
+    const s = value.trim();
+    if (ISO_8601.test(s)) {
+      const ms = Date.parse(s);
+      if (!Number.isNaN(ms)) return ms;
+    }
+    const asNum = Number(s);
+    if (Number.isFinite(asNum)) {
+      return asNum < 1e11 ? Math.floor(asNum * 1e3) : Math.floor(asNum);
+    }
+  }
+  return null;
+}
+function warnOnConsole(message) {
+  if (typeof console === "undefined" || typeof console.warn !== "function") return;
+  console.warn(message);
+}
+const _TraitGovernor = class _TraitGovernor {
+  constructor() {
+    this.warnCounts = /* @__PURE__ */ new Map();
+  }
+  /**
+   * Apply all guards to a traits object. Returns the sanitized payload
+   * to send + a list of drops/modifications.
+   *
+   * Pass `workspace_id` so warning rate-limits scope per workspace; an
+   * agency user switching workspaces won't have their warning budget
+   * consumed cross-workspace.
+   */
+  process(traits, workspace_id) {
+    const sanitized = {};
+    const drops = [];
+    if (!traits || typeof traits !== "object") {
+      return { sanitized, drops };
+    }
+    for (const rawKey of Object.keys(traits)) {
+      const prefix = startsWithReserved(rawKey);
+      if (prefix !== null) {
+        drops.push({
+          originalKey: rawKey,
+          verdict: "reserved_prefix",
+          reason: `key uses reserved namespace ${JSON.stringify(prefix)}`
+        });
+        continue;
+      }
+      const normalizedKey = normalizeKey(rawKey);
+      if (normalizedKey === null) {
+        drops.push({
+          originalKey: rawKey,
+          verdict: "bad_key_format",
+          reason: `key reduced to empty after normalization`
+        });
+        continue;
+      }
+      if (startsWithReserved(normalizedKey) !== null) {
+        drops.push({
+          originalKey: rawKey,
+          verdict: "reserved_prefix",
+          reason: `normalized key ${JSON.stringify(normalizedKey)} still uses a reserved namespace`
+        });
+        continue;
+      }
+      let value = traits[rawKey];
+      if (typeof value === "string") {
+        if (value.length > KEY_HARD_VALUE_CAP) {
+          drops.push({
+            originalKey: rawKey,
+            verdict: "value_too_long",
+            reason: `value length ${value.length} exceeds hard cap ${KEY_HARD_VALUE_CAP}`
+          });
+          continue;
+        }
+        if (value.length > KEY_SOFT_VALUE_CAP) {
+          drops.push({
+            originalKey: rawKey,
+            verdict: "value_too_long",
+            reason: `value truncated from ${value.length} to ${KEY_SOFT_VALUE_CAP} chars`
+          });
+          value = value.slice(0, KEY_SOFT_VALUE_CAP);
+        }
+      }
+      if (looksLikeDateKey(normalizedKey) && typeof value === "string") {
+        const parsed = parseDateValue(value);
+        if (parsed === null) {
+          drops.push({
+            originalKey: rawKey,
+            verdict: "bad_date_format",
+            reason: `value ${JSON.stringify(value)} on date-keyed field ${JSON.stringify(normalizedKey)} didn't parse as ISO-8601 / epoch`
+          });
+          continue;
+        }
+        value = parsed;
+      }
+      sanitized[normalizedKey] = value;
+    }
+    for (const drop of drops) {
+      this.maybeWarn(workspace_id ?? null, drop);
+    }
+    return { sanitized, drops };
+  }
+  maybeWarn(workspace_id, drop) {
+    const ws = workspace_id ?? "__no_workspace__";
+    let perVerdict = this.warnCounts.get(ws);
+    if (!perVerdict) {
+      perVerdict = /* @__PURE__ */ new Map();
+      this.warnCounts.set(ws, perVerdict);
+    }
+    const count = perVerdict.get(drop.verdict) ?? 0;
+    if (count >= _TraitGovernor.WARN_CAP) return;
+    perVerdict.set(drop.verdict, count + 1);
+    warnOnConsole(
+      `[Aegis SDK] trait ${drop.verdict}: ${drop.reason} (original key: ${JSON.stringify(drop.originalKey)}). Backend will reject; fix the SDK call to silence this warning.`
+    );
+  }
+};
+_TraitGovernor.WARN_CAP = 3;
+let TraitGovernor = _TraitGovernor;
 class Aegis {
   constructor() {
     this.config = null;
@@ -2046,6 +2227,7 @@ class Aegis {
     this._ecommerce = null;
     this.rateLimiter = null;
     this.nameGovernor = new NameGovernor();
+    this.traitGovernor = new TraitGovernor();
     this._lastPageUrl = null;
     this._popstateHandler = null;
     this._originalPushState = null;
@@ -2238,10 +2420,12 @@ class Aegis {
   }
   identify(userId, traits) {
     if (!this.assertInitialized()) return;
-    this.identity.setUserId(userId, traits);
+    const wsForGovernor = this.config.workspace_id || null;
+    const { sanitized: governedTraits } = this.traitGovernor.process(traits, wsForGovernor);
+    this.identity.setUserId(userId, governedTraits);
     const event = {
       type: "identify",
-      traits: traits || {},
+      traits: governedTraits,
       messageId: generateMessageId(),
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       anonymousId: this.identity.getAnonymousId(),
@@ -2270,10 +2454,12 @@ class Aegis {
   }
   group(groupId, traits) {
     if (!this.assertInitialized()) return;
+    const wsForGovernor = this.config.workspace_id || null;
+    const { sanitized: governedTraits } = this.traitGovernor.process(traits, wsForGovernor);
     const event = {
       type: "group",
       groupId,
-      traits: traits || {},
+      traits: governedTraits,
       messageId: generateMessageId(),
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       anonymousId: this.identity.getAnonymousId(),
@@ -2597,4 +2783,4 @@ export {
   logger as l,
   murmurhash3_x86_32 as m
 };
-//# sourceMappingURL=analytics-Cc4-QQBf.mjs.map
+//# sourceMappingURL=analytics-6PR9ERDS.mjs.map