@active-reach/web-sdk 1.11.1 → 1.13.0

package/dist/{analytics-6PR9ERDS.mjs → analytics-Mh4H4ekQ.mjs}

@@ -2215,6 +2215,134 @@ const _TraitGovernor = class _TraitGovernor {
 };
 _TraitGovernor.WARN_CAP = 3;
 let TraitGovernor = _TraitGovernor;
+const VALID_CHANNELS = /* @__PURE__ */ new Set([
+  "email",
+  "sms",
+  "push",
+  "webpush",
+  "whatsapp",
+  "rcs",
+  "inapp"
+]);
+const EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+const PHONE_RE = /^\+[1-9]\d{7,14}$/;
+const SHA256_HEX_RE = /^[a-f0-9]{64}$/i;
+const ISO_DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
+class UserNamespace {
+  constructor(aegis) {
+    this.pendingTraits = {};
+    this.aegis = aegis;
+  }
+  /**
+   * Authoritative identity write. Flushes any pending pre-login traits
+   * along with the supplied `traits` argument as a single identify call.
+   */
+  login(userId, traits) {
+    if (typeof userId !== "string" || userId.length === 0) {
+      logger.warn("[user.login] userId must be a non-empty string");
+      return;
+    }
+    const merged = { ...this.pendingTraits, ...traits || {} };
+    this.pendingTraits = {};
+    this.aegis.identify(userId, merged);
+  }
+  /**
+   * Drops the current userId and any pending pre-login traits. Does NOT
+   * fire a server-side logout event — that's a separate explicit `track`.
+   */
+  logout() {
+    this.pendingTraits = {};
+    this.aegis.reset();
+  }
+  setAttribute(key, value) {
+    if (typeof key !== "string" || key.length === 0) {
+      logger.warn("[user.setAttribute] key must be a non-empty string");
+      return;
+    }
+    this.writeTraits({ [key]: value });
+  }
+  setAttributes(map) {
+    if (!map || typeof map !== "object") {
+      logger.warn("[user.setAttributes] map must be an object");
+      return;
+    }
+    this.writeTraits(map);
+  }
+  setEmail(email) {
+    if (!EMAIL_RE.test(email)) {
+      logger.warn("[user.setEmail] invalid email format");
+      return;
+    }
+    this.writeTraits({ email: email.toLowerCase() });
+  }
+  setPhone(phone) {
+    if (!PHONE_RE.test(phone)) {
+      logger.warn("[user.setPhone] phone must be E.164 (e.g. +15551234567)");
+      return;
+    }
+    this.writeTraits({ phone });
+  }
+  setHashedEmail(sha256Hex) {
+    if (!SHA256_HEX_RE.test(sha256Hex)) {
+      logger.warn("[user.setHashedEmail] expected 64-char hex SHA-256");
+      return;
+    }
+    this.writeTraits({ email_sha256: sha256Hex.toLowerCase() });
+  }
+  setHashedPhone(sha256Hex) {
+    if (!SHA256_HEX_RE.test(sha256Hex)) {
+      logger.warn("[user.setHashedPhone] expected 64-char hex SHA-256");
+      return;
+    }
+    this.writeTraits({ phone_sha256: sha256Hex.toLowerCase() });
+  }
+  setBirthDate(iso) {
+    if (!ISO_DATE_RE.test(iso)) {
+      logger.warn("[user.setBirthDate] expected YYYY-MM-DD");
+      return;
+    }
+    this.writeTraits({ birth_date: iso });
+  }
+  setOptIn(channel, granted) {
+    if (!VALID_CHANNELS.has(channel)) {
+      logger.warn(`[user.setOptIn] unknown channel: ${channel}`);
+      return;
+    }
+    if (typeof granted !== "boolean") {
+      logger.warn("[user.setOptIn] granted must be a boolean");
+      return;
+    }
+    this.writeTraits({ [`opt_in_${channel}`]: granted });
+  }
+  /**
+   * HMAC-signed identity token. Ingress-side verification not yet wired —
+   * the trait is forwarded as-is and persisted on the contact record
+   * until that lands.
+   */
+  setSecureToken(token) {
+    if (typeof token !== "string" || token.length === 0) {
+      logger.warn("[user.setSecureToken] token must be a non-empty string");
+      return;
+    }
+    this.writeTraits({ _secure_token: token });
+  }
+  /**
+   * Test/inspection hook — returns a copy of the pending traits buffer.
+   * Used by the e2e smoke test to assert pre-login accumulation.
+   */
+  _getPendingTraits() {
+    return { ...this.pendingTraits };
+  }
+  // ---------------------------------------------------------------------------
+  writeTraits(traits) {
+    const userId = this.aegis.getUserId();
+    if (userId) {
+      this.aegis.identify(userId, traits);
+      return;
+    }
+    Object.assign(this.pendingTraits, traits);
+  }
+}
 class Aegis {
   constructor() {
     this.config = null;
@@ -2225,6 +2353,7 @@ class Aegis {
     this.initPromise = null;
     this.consent = null;
     this._ecommerce = null;
+    this._user = null;
     this.rateLimiter = null;
     this.nameGovernor = new NameGovernor();
     this.traitGovernor = new TraitGovernor();
@@ -2400,6 +2529,20 @@ class Aegis {
       });
     }
   }
+  /**
+   * Symmetric counterpart to `use(plugin)`. Calls the plugin's `destroy()`
+   * hook (if defined) and removes it from the registry so its hooks no
+   * longer fire on subsequent events. Safe to call with a name that
+   * isn't registered — logs a warning and returns.
+   *
+   * Primary use case: React components that register a plugin in
+   * `useEffect` and need to unregister in the cleanup function so HMR /
+   * provider remount doesn't leak listeners. See cashier-portal's
+   * MetaPixelInjector for an example.
+   */
+  removePlugin(name) {
+    this.plugins.unregister(name);
+  }
   track(eventName, properties) {
     if (!this.assertInitialized()) return;
     const messageId = generateMessageId();
@@ -2484,6 +2627,31 @@ class Aegis {
     };
     this.captureEvent(event);
   }
+  /**
+   * SPA-logical screen view. Distinct from `page()` (URL-bound) — fires
+   * when the user enters a logical surface like cart / checkout / drawer
+   * without a URL change. Gateway maps `screen` → `engagement.screen_view`.
+   */
+  screen(name, properties) {
+    if (!this.assertInitialized()) return;
+    if (typeof name !== "string" || name.length === 0) {
+      logger.warn("aegis.screen: name must be a non-empty string");
+      return;
+    }
+    const event = {
+      type: "screen",
+      name,
+      properties: properties || {},
+      messageId: generateMessageId(),
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      anonymousId: this.identity.getAnonymousId(),
+      userId: this.identity.getUserId() || void 0,
+      sessionId: this.session.getSessionId(),
+      workspace_id: this.config.workspace_id || void 0,
+      context: buildContext(this.config, this.session)
+    };
+    this.captureEvent(event);
+  }
   async captureEvent(event) {
     var _a;
     if (((_a = this.config) == null ? void 0 : _a.enable_consent_mode) && this.consent) {
@@ -2570,6 +2738,7 @@ class Aegis {
   reset() {
     if (!this.assertInitialized()) return;
     this.identity.reset();
+    this._user = null;
     logger.info("User identity reset");
   }
   /**
@@ -2754,6 +2923,12 @@ class Aegis {
     }
     return this._ecommerce;
   }
+  get user() {
+    if (!this._user) {
+      this._user = new UserNamespace(this);
+    }
+    return this._user;
+  }
   destroy() {
     this.stopSPATracking();
     if (this.queue) {
@@ -2780,7 +2955,8 @@ export {
   NameGovernor as N,
   RateLimiter as R,
   Storage as S,
+  UserNamespace as U,
   logger as l,
   murmurhash3_x86_32 as m
 };
-//# sourceMappingURL=analytics-6PR9ERDS.mjs.map
+//# sourceMappingURL=analytics-Mh4H4ekQ.mjs.map