@c15t/backend 2.0.0-rc.4 → 2.0.0-rc.5

package/dist/edge.js

@@ -0,0 +1,1069 @@
+import { createLogger } from "@c15t/logger";
+import { inspectPolicies, resolvePolicyDecision, resolvePolicySync, validatePolicyI18nConfig } from "@c15t/schema/types";
+import { SpanKind as api_SpanKind, SpanStatusCode as api_SpanStatusCode, context, metrics, trace as api_trace } from "@opentelemetry/api";
+import { SignJWT } from "jose";
+import { deepMergeTranslations, selectLanguage } from "@c15t/translations";
+import { baseTranslations } from "@c15t/translations/all";
+function policy_inspectPolicies(policies, options) {
+    return inspectPolicies(policies, options);
+}
+async function policy_resolvePolicyDecision(params) {
+    return resolvePolicyDecision({
+        policies: params.policies,
+        countryCode: params.countryCode,
+        regionCode: params.regionCode,
+        jurisdiction: params.jurisdiction,
+        iabEnabled: params.iabEnabled
+    });
+}
+function policy_resolvePolicySync(params) {
+    return resolvePolicySync({
+        policies: params.policies,
+        countryCode: params.countryCode,
+        regionCode: params.regionCode,
+        jurisdiction: params.jurisdiction,
+        iabEnabled: params.iabEnabled
+    });
+}
+function extractErrorMessage(error) {
+    if (error instanceof AggregateError && error.errors?.length > 0) {
+        const inner = error.errors.map((e)=>e instanceof Error ? e.message : String(e)).join('; ');
+        return `AggregateError: ${inner}`;
+    }
+    if (error instanceof Error) return error.message || error.name;
+    return String(error);
+}
+let cachedConfig = null;
+let cachedDefaultAttributes = {};
+function create_telemetry_options_isTelemetryEnabled(options) {
+    if (options) return options.telemetry?.enabled === true;
+    return cachedConfig?.enabled === true;
+}
+const create_telemetry_options_getTracer = (options)=>{
+    if (!create_telemetry_options_isTelemetryEnabled(options)) return api_trace.getTracer('c15t-noop');
+    const tracer = options?.telemetry?.tracer ?? cachedConfig?.tracer;
+    if (tracer) return tracer;
+    return api_trace.getTracer(options?.appName ?? 'c15t');
+};
+const getMeter = (options)=>{
+    if (!create_telemetry_options_isTelemetryEnabled(options)) return metrics.getMeter('c15t-noop');
+    const meter = options?.telemetry?.meter ?? cachedConfig?.meter;
+    if (meter) return meter;
+    return metrics.getMeter(options?.appName ?? 'c15t');
+};
+function getDefaultAttributes() {
+    return cachedDefaultAttributes;
+}
+const handleSpanError = (span, error)=>{
+    span.setStatus({
+        code: api_SpanStatusCode.ERROR,
+        message: extractErrorMessage(error)
+    });
+    if (error instanceof Error) span.setAttribute('error.type', error.name);
+};
+const withSpanContext = async (span, operation)=>context["with"](api_trace.setSpan(context.active(), span), operation);
+async function executeWithSpan(span, operation) {
+    try {
+        const result = await withSpanContext(span, operation);
+        span.setStatus({
+            code: api_SpanStatusCode.OK
+        });
+        return result;
+    } catch (error) {
+        handleSpanError(span, error);
+        throw error;
+    } finally{
+        span.end();
+    }
+}
+function resolveDefaultAttributes(options) {
+    return options?.telemetry?.defaultAttributes || getDefaultAttributes();
+}
+async function withExternalSpan(attributes, operation, options) {
+    if (!create_telemetry_options_isTelemetryEnabled(options)) return operation();
+    const tracer = create_telemetry_options_getTracer(options);
+    const url = new URL(attributes.url);
+    const spanName = `HTTP ${attributes.method} ${url.hostname}`;
+    const span = tracer.startSpan(spanName, {
+        kind: api_SpanKind.CLIENT,
+        attributes: {
+            'http.method': attributes.method,
+            'http.url': `${url.origin}${url.pathname}`,
+            'http.host': url.hostname,
+            ...resolveDefaultAttributes(options),
+            ...Object.fromEntries(Object.entries(attributes).filter(([key])=>![
+                    'url',
+                    'method'
+                ].includes(key)))
+        }
+    });
+    return executeWithSpan(span, operation);
+}
+async function withCacheSpan(operation, layer, fn, options) {
+    if (!create_telemetry_options_isTelemetryEnabled(options)) return fn();
+    const tracer = create_telemetry_options_getTracer(options);
+    const spanName = `cache.${layer}.${operation}`;
+    const span = tracer.startSpan(spanName, {
+        kind: api_SpanKind.CLIENT,
+        attributes: {
+            'cache.operation': operation,
+            'cache.layer': layer,
+            ...resolveDefaultAttributes(options)
+        }
+    });
+    return executeWithSpan(span, fn);
+}
+function sanitizeAttributes(attrs) {
+    return Object.fromEntries(Object.entries(attrs).filter(([_, v])=>null != v));
+}
+function createMetrics(meter) {
+    const consentCreated = meter.createCounter('c15t.consent.created', {
+        description: 'Number of consent submissions',
+        unit: '1'
+    });
+    const consentAccepted = meter.createCounter('c15t.consent.accepted', {
+        description: 'Number of consents accepted',
+        unit: '1'
+    });
+    const consentRejected = meter.createCounter('c15t.consent.rejected', {
+        description: 'Number of consents rejected',
+        unit: '1'
+    });
+    const subjectCreated = meter.createCounter('c15t.subject.created', {
+        description: 'Number of new subjects created',
+        unit: '1'
+    });
+    const subjectLinked = meter.createCounter('c15t.subject.linked', {
+        description: 'Number of subjects linked to external ID',
+        unit: '1'
+    });
+    const consentCheckCount = meter.createCounter('c15t.consent_check.count', {
+        description: 'Number of cross-device consent checks',
+        unit: '1'
+    });
+    const initCount = meter.createCounter('c15t.init.count', {
+        description: 'Number of init endpoint calls',
+        unit: '1'
+    });
+    const httpRequestDuration = meter.createHistogram('c15t.http.request.duration', {
+        description: 'HTTP request latency',
+        unit: 'ms'
+    });
+    const httpRequestCount = meter.createCounter('c15t.http.request.count', {
+        description: 'Number of HTTP requests',
+        unit: '1'
+    });
+    const httpErrorCount = meter.createCounter('c15t.http.error.count', {
+        description: 'Number of HTTP errors',
+        unit: '1'
+    });
+    const dbQueryDuration = meter.createHistogram('c15t.db.query.duration', {
+        description: 'Database query latency',
+        unit: 'ms'
+    });
+    const dbQueryCount = meter.createCounter('c15t.db.query.count', {
+        description: 'Number of database queries',
+        unit: '1'
+    });
+    const dbErrorCount = meter.createCounter('c15t.db.error.count', {
+        description: 'Number of database errors',
+        unit: '1'
+    });
+    const cacheHit = meter.createCounter('c15t.cache.hit', {
+        description: 'Number of cache hits',
+        unit: '1'
+    });
+    const cacheMiss = meter.createCounter('c15t.cache.miss', {
+        description: 'Number of cache misses',
+        unit: '1'
+    });
+    const cacheLatency = meter.createHistogram('c15t.cache.latency', {
+        description: 'Cache operation latency',
+        unit: 'ms'
+    });
+    const gvlFetchDuration = meter.createHistogram('c15t.gvl.fetch.duration', {
+        description: 'GVL fetch latency',
+        unit: 'ms'
+    });
+    const gvlFetchCount = meter.createCounter('c15t.gvl.fetch.count', {
+        description: 'Number of GVL fetches',
+        unit: '1'
+    });
+    const gvlFetchError = meter.createCounter('c15t.gvl.fetch.error', {
+        description: 'Number of GVL fetch errors',
+        unit: '1'
+    });
+    return {
+        consentCreated,
+        consentAccepted,
+        consentRejected,
+        subjectCreated,
+        subjectLinked,
+        consentCheckCount,
+        initCount,
+        httpRequestDuration,
+        httpRequestCount,
+        httpErrorCount,
+        dbQueryDuration,
+        dbQueryCount,
+        dbErrorCount,
+        cacheHit,
+        cacheMiss,
+        cacheLatency,
+        gvlFetchDuration,
+        gvlFetchCount,
+        gvlFetchError,
+        recordConsentCreated (attributes) {
+            consentCreated.add(1, sanitizeAttributes(attributes));
+        },
+        recordConsentAccepted (attributes) {
+            consentAccepted.add(1, sanitizeAttributes(attributes));
+        },
+        recordConsentRejected (attributes) {
+            consentRejected.add(1, sanitizeAttributes(attributes));
+        },
+        recordSubjectCreated (attributes) {
+            subjectCreated.add(1, sanitizeAttributes(attributes));
+        },
+        recordSubjectLinked (identityProvider) {
+            subjectLinked.add(1, {
+                identityProvider: identityProvider || 'unknown'
+            });
+        },
+        recordConsentCheck (type, found) {
+            consentCheckCount.add(1, {
+                type,
+                found: String(found)
+            });
+        },
+        recordInit (attributes) {
+            initCount.add(1, sanitizeAttributes(attributes));
+        },
+        recordHttpRequest (attributes, durationMs) {
+            const attrs = sanitizeAttributes(attributes);
+            httpRequestCount.add(1, attrs);
+            httpRequestDuration.record(durationMs, attrs);
+            if (attributes.status >= 400) httpErrorCount.add(1, attrs);
+        },
+        recordDbQuery (attributes, durationMs) {
+            const attrs = sanitizeAttributes(attributes);
+            dbQueryCount.add(1, attrs);
+            dbQueryDuration.record(durationMs, attrs);
+        },
+        recordDbError (attributes) {
+            dbErrorCount.add(1, sanitizeAttributes(attributes));
+        },
+        recordCacheHit (layer) {
+            cacheHit.add(1, {
+                layer
+            });
+        },
+        recordCacheMiss (layer) {
+            cacheMiss.add(1, {
+                layer
+            });
+        },
+        recordCacheLatency (attributes, durationMs) {
+            cacheLatency.record(durationMs, sanitizeAttributes(attributes));
+        },
+        recordGvlFetch (attributes, durationMs) {
+            const attrs = sanitizeAttributes(attributes);
+            gvlFetchCount.add(1, attrs);
+            gvlFetchDuration.record(durationMs, attrs);
+        },
+        recordGvlError (attributes) {
+            gvlFetchError.add(1, sanitizeAttributes(attributes));
+        }
+    };
+}
+let metricsInstance = null;
+function getMetrics(options) {
+    if (metricsInstance) return metricsInstance;
+    if (!create_telemetry_options_isTelemetryEnabled(options)) return null;
+    metricsInstance = createMetrics(getMeter(options));
+    return metricsInstance;
+}
+const GVL_TTL_MS = 259200000;
+const memory_memoryCache = new Map();
+function createMemoryCacheAdapter() {
+    return {
+        async get (key) {
+            const entry = memory_memoryCache.get(key);
+            if (!entry) return null;
+            if (Date.now() > entry.expiresAt) {
+                memory_memoryCache.delete(key);
+                return null;
+            }
+            return entry.value;
+        },
+        async set (key, value, ttlMs = 300000) {
+            memory_memoryCache.set(key, {
+                value,
+                expiresAt: Date.now() + ttlMs
+            });
+        },
+        async delete (key) {
+            memory_memoryCache.delete(key);
+        },
+        async has (key) {
+            const entry = memory_memoryCache.get(key);
+            if (!entry) return false;
+            if (Date.now() > entry.expiresAt) {
+                memory_memoryCache.delete(key);
+                return false;
+            }
+            return true;
+        }
+    };
+}
+function createGVLCacheKey(appName, language, vendorIds) {
+    const sortedIds = vendorIds ? [
+        ...vendorIds
+    ].sort((a, b)=>a - b).join(',') : 'all';
+    return `${appName}:gvl:${language}:${sortedIds}`;
+}
+const GVL_ENDPOINT = 'https://gvl.consent.io';
+const inflightRequests = new Map();
+async function fetchGVLWithLanguage(language, vendorIds, endpoint = GVL_ENDPOINT) {
+    const sortedVendorIds = vendorIds ? [
+        ...vendorIds
+    ].sort((a, b)=>a - b) : [];
+    const dedupeKey = `${endpoint}|${language}|${sortedVendorIds.join(',')}`;
+    const existingRequest = inflightRequests.get(dedupeKey);
+    if (existingRequest) return existingRequest;
+    const url = new URL(endpoint);
+    if (sortedVendorIds.length > 0) url.searchParams.set('vendorIds', sortedVendorIds.join(','));
+    const promise = (async ()=>{
+        const fetchStart = Date.now();
+        try {
+            const gvl = await withExternalSpan({
+                url: url.toString(),
+                method: 'GET'
+            }, async ()=>{
+                const response = await fetch(url.toString(), {
+                    headers: {
+                        'Accept-Language': language
+                    }
+                });
+                if (204 === response.status) return null;
+                if (!response.ok) throw new Error(`Failed to fetch GVL: ${response.status} ${response.statusText}`);
+                const text = await response.text();
+                const trimmed = text.trim().replace(/^\uFEFF/, '');
+                let parsed;
+                try {
+                    parsed = JSON.parse(trimmed);
+                } catch  {
+                    let depth = 0;
+                    let end = -1;
+                    const start = trimmed.indexOf('{');
+                    if (start >= 0) for(let i = start; i < trimmed.length; i++){
+                        const c = trimmed[i];
+                        if ('{' === c) depth++;
+                        else if ('}' === c) {
+                            depth--;
+                            if (0 === depth) {
+                                end = i + 1;
+                                break;
+                            }
+                        }
+                    }
+                    if (end > 0) parsed = JSON.parse(trimmed.slice(0, end));
+                    else throw new SyntaxError('Invalid GVL response: not valid JSON');
+                }
+                if (!parsed.vendorListVersion || !parsed.purposes || !parsed.vendors) throw new Error('Invalid GVL response: missing required fields');
+                return parsed;
+            });
+            getMetrics()?.recordGvlFetch({
+                language,
+                source: 'fetch',
+                status: 200
+            }, Date.now() - fetchStart);
+            return gvl;
+        } catch (error) {
+            getMetrics()?.recordGvlError({
+                language,
+                errorType: error instanceof Error ? error.name : 'UnknownError'
+            });
+            throw error;
+        } finally{
+            inflightRequests.delete(dedupeKey);
+        }
+    })();
+    inflightRequests.set(dedupeKey, promise);
+    return promise;
+}
+function createGVLResolver(options) {
+    const { appName, bundled, cacheAdapter, vendorIds, endpoint } = options;
+    const memoryCache = createMemoryCacheAdapter();
+    return {
+        async get (language) {
+            const cacheKey = createGVLCacheKey(appName, language, vendorIds);
+            if (bundled?.[language]) return bundled[language];
+            const memoryHit = await withCacheSpan('get', 'memory', ()=>memoryCache.get(cacheKey));
+            if (memoryHit) {
+                getMetrics()?.recordCacheHit('memory');
+                return memoryHit;
+            }
+            getMetrics()?.recordCacheMiss('memory');
+            if (cacheAdapter) {
+                const externalHit = await withCacheSpan('get', 'external', ()=>cacheAdapter.get(cacheKey));
+                if (externalHit) {
+                    getMetrics()?.recordCacheHit('external');
+                    await withCacheSpan('set', 'memory', ()=>memoryCache.set(cacheKey, externalHit, 300000));
+                    return externalHit;
+                }
+                getMetrics()?.recordCacheMiss('external');
+            }
+            const gvl = await fetchGVLWithLanguage(language, vendorIds, endpoint);
+            if (gvl) {
+                await withCacheSpan('set', 'memory', ()=>memoryCache.set(cacheKey, gvl, 300000));
+                if (cacheAdapter) await withCacheSpan('set', 'external', ()=>cacheAdapter.set(cacheKey, gvl, GVL_TTL_MS));
+            }
+            return gvl;
+        }
+    };
+}
+const POLICY_SNAPSHOT_JWT_HEADER = {
+    alg: 'HS256',
+    typ: 'JWT'
+};
+const DEFAULT_POLICY_SNAPSHOT_ISSUER = 'c15t';
+const DEFAULT_POLICY_SNAPSHOT_AUDIENCE = 'c15t-policy-snapshot';
+function resolveSnapshotIssuer(options) {
+    return options?.issuer?.trim() || DEFAULT_POLICY_SNAPSHOT_ISSUER;
+}
+function resolveSnapshotAudience(params) {
+    const configuredAudience = params.options?.audience?.trim();
+    if (configuredAudience) return configuredAudience;
+    return params.tenantId ? `${DEFAULT_POLICY_SNAPSHOT_AUDIENCE}:${params.tenantId}` : DEFAULT_POLICY_SNAPSHOT_AUDIENCE;
+}
+function getSigningKey(secret) {
+    return new TextEncoder().encode(secret);
+}
+async function createPolicySnapshotToken(params) {
+    const { options } = params;
+    if (!options?.signingKey) return;
+    const iat = Math.floor(Date.now() / 1000);
+    const ttlSeconds = options.ttlSeconds ?? 1800;
+    const exp = iat + ttlSeconds;
+    const iss = resolveSnapshotIssuer(options);
+    const aud = resolveSnapshotAudience({
+        options,
+        tenantId: params.tenantId
+    });
+    const payload = {
+        iss,
+        aud,
+        sub: params.policyId,
+        tenantId: params.tenantId,
+        policyId: params.policyId,
+        fingerprint: params.fingerprint,
+        matchedBy: params.matchedBy,
+        country: params.country,
+        region: params.region,
+        jurisdiction: params.jurisdiction,
+        language: params.language,
+        model: params.model,
+        policyI18n: params.policyI18n,
+        expiryDays: params.expiryDays,
+        scopeMode: params.scopeMode,
+        uiMode: params.uiMode,
+        bannerUi: params.bannerUi,
+        dialogUi: params.dialogUi,
+        categories: params.categories,
+        preselectedCategories: params.preselectedCategories,
+        gpc: params.gpc,
+        proofConfig: params.proofConfig,
+        iat,
+        exp
+    };
+    const token = await new SignJWT(payload).setProtectedHeader(POLICY_SNAPSHOT_JWT_HEADER).setIssuedAt(iat).setExpirationTime(exp).sign(getSigningKey(options.signingKey));
+    return {
+        token,
+        payload
+    };
+}
+function normalizeHeader(value) {
+    if (!value) return null;
+    return Array.isArray(value) ? value[0] ?? null : value;
+}
+function getGeoHeaders(headers) {
+    const countryCode = normalizeHeader(headers.get('x-c15t-country')) ?? normalizeHeader(headers.get('cf-ipcountry')) ?? normalizeHeader(headers.get('x-vercel-ip-country')) ?? normalizeHeader(headers.get('x-amz-cf-ipcountry')) ?? normalizeHeader(headers.get('x-country-code'));
+    const regionCode = normalizeHeader(headers.get('x-c15t-region')) ?? normalizeHeader(headers.get('x-vercel-ip-country-region')) ?? normalizeHeader(headers.get('x-region-code'));
+    return {
+        countryCode,
+        regionCode
+    };
+}
+function checkJurisdiction(countryCode, regionCode) {
+    const jurisdictions = {
+        EU: new Set([
+            'AT',
+            'BE',
+            'BG',
+            'HR',
+            'CY',
+            'CZ',
+            'DK',
+            'EE',
+            'FI',
+            'FR',
+            'DE',
+            'GR',
+            'HU',
+            'IE',
+            'IT',
+            'LV',
+            'LT',
+            'LU',
+            'MT',
+            'NL',
+            'PL',
+            'PT',
+            'RO',
+            'SK',
+            'SI',
+            'ES',
+            'SE'
+        ]),
+        EEA: new Set([
+            'IS',
+            'NO',
+            'LI'
+        ]),
+        UK: new Set([
+            'GB'
+        ]),
+        CH: new Set([
+            'CH'
+        ]),
+        BR: new Set([
+            'BR'
+        ]),
+        CA: new Set([
+            'CA'
+        ]),
+        AU: new Set([
+            'AU'
+        ]),
+        JP: new Set([
+            'JP'
+        ]),
+        KR: new Set([
+            'KR'
+        ]),
+        US_CCPA_REGIONS: new Set([
+            'CA'
+        ]),
+        CA_QC_REGIONS: new Set([
+            'QC'
+        ])
+    };
+    let jurisdiction = 'NONE';
+    if (countryCode) {
+        const normalizedCountryCode = countryCode.toUpperCase();
+        const normalizedRegionCode = regionCode && 'string' == typeof regionCode ? (regionCode.includes('-') ? regionCode.split('-').pop() : regionCode).toUpperCase() : null;
+        if ('US' === normalizedCountryCode && normalizedRegionCode && jurisdictions.US_CCPA_REGIONS.has(normalizedRegionCode)) return 'CCPA';
+        if ('CA' === normalizedCountryCode && normalizedRegionCode && jurisdictions.CA_QC_REGIONS.has(normalizedRegionCode)) return 'QC_LAW25';
+        const jurisdictionMap = [
+            {
+                sets: [
+                    jurisdictions.UK
+                ],
+                code: 'UK_GDPR'
+            },
+            {
+                sets: [
+                    jurisdictions.EU,
+                    jurisdictions.EEA
+                ],
+                code: 'GDPR'
+            },
+            {
+                sets: [
+                    jurisdictions.CH
+                ],
+                code: 'CH'
+            },
+            {
+                sets: [
+                    jurisdictions.BR
+                ],
+                code: 'BR'
+            },
+            {
+                sets: [
+                    jurisdictions.CA
+                ],
+                code: 'PIPEDA'
+            },
+            {
+                sets: [
+                    jurisdictions.AU
+                ],
+                code: 'AU'
+            },
+            {
+                sets: [
+                    jurisdictions.JP
+                ],
+                code: 'APPI'
+            },
+            {
+                sets: [
+                    jurisdictions.KR
+                ],
+                code: 'PIPA'
+            }
+        ];
+        for (const { sets, code } of jurisdictionMap)if (sets.some((set)=>set.has(normalizedCountryCode))) {
+            jurisdiction = code;
+            break;
+        }
+    }
+    return jurisdiction;
+}
+async function getLocation(request, options) {
+    if (options.disableGeoLocation) return {
+        countryCode: null,
+        regionCode: null
+    };
+    const { countryCode, regionCode } = getGeoHeaders(request.headers);
+    return {
+        countryCode,
+        regionCode
+    };
+}
+function getJurisdiction(location, options) {
+    if (options.disableGeoLocation) return 'GDPR';
+    return checkJurisdiction(location.countryCode, location.regionCode);
+}
+const DEFAULT_PROFILE = 'default';
+const warnedKeys = new Set();
+function isSupportedBaseLanguage(lang) {
+    return lang in baseTranslations;
+}
+function warnOnce(logger, key, message, metadata) {
+    if (!logger || warnedKeys.has(key)) return;
+    warnedKeys.add(key);
+    logger.warn(message, metadata);
+}
+function normalizeLanguage(value) {
+    if (!value) return;
+    const normalized = value.split(',')[0]?.split(';')[0]?.trim().toLowerCase();
+    if (!normalized) return;
+    return normalized.split('-')[0] ?? void 0;
+}
+function normalizeProfiles(params) {
+    const profiles = params.i18n?.messages;
+    const legacy = params.customTranslations;
+    if (profiles && Object.keys(profiles).length > 0) {
+        if (legacy && Object.keys(legacy).length > 0) warnOnce(params.logger, 'i18n.customTranslations.ignored', '`customTranslations` is deprecated and ignored when `i18n.messages` is configured.');
+        return profiles;
+    }
+    if (legacy && Object.keys(legacy).length > 0) {
+        warnOnce(params.logger, 'i18n.customTranslations.deprecated', '`customTranslations` is deprecated. Use `i18n.messages` instead.');
+        return {
+            [DEFAULT_PROFILE]: {
+                translations: legacy
+            }
+        };
+    }
+    return {};
+}
+function buildCandidates(input) {
+    const raw = [
+        {
+            language: input.language,
+            reason: 'profile_language'
+        },
+        {
+            language: input.fallbackLanguage,
+            reason: 'profile_fallback'
+        }
+    ];
+    const dedupe = new Set();
+    return raw.filter((candidate)=>{
+        const key = candidate.language;
+        if (dedupe.has(key)) return false;
+        dedupe.add(key);
+        return true;
+    });
+}
+function getProfileLanguages(profiles, profile) {
+    return Object.keys(profiles[profile]?.translations ?? {}).sort();
+}
+function getSelectableLanguages(input) {
+    return getProfileLanguages(input.profiles, input.profile);
+}
+function resolveFallbackLanguage(input) {
+    const configuredFallbackLanguage = normalizeLanguage(input.profile?.fallbackLanguage) ?? 'en';
+    const profileLanguages = Object.keys(input.profile?.translations ?? {}).sort();
+    if (profileLanguages.includes(configuredFallbackLanguage)) return configuredFallbackLanguage;
+    if (profileLanguages.includes('en')) return 'en';
+    return profileLanguages[0] ?? configuredFallbackLanguage;
+}
+function resolveActiveProfile(input) {
+    const requestedProfile = input.policyProfile ?? input.defaultProfile;
+    if (input.profiles[requestedProfile]) return requestedProfile;
+    if (input.policyProfile) warnOnce(input.logger, `i18n.profile.missing:${requestedProfile}`, `Policy i18n profile '${requestedProfile}' does not exist. Falling back to default profile '${input.defaultProfile}'.`);
+    return input.defaultProfile;
+}
+function validateMessages(options) {
+    return validatePolicyI18nConfig({
+        customTranslations: options.customTranslations,
+        i18n: options.i18n,
+        policies: options.policies
+    });
+}
+function getTranslationsData(acceptLanguage, customTranslations, options) {
+    const profiles = normalizeProfiles({
+        customTranslations,
+        i18n: options?.i18n,
+        logger: options?.logger
+    });
+    const defaultProfile = options?.i18n?.defaultProfile ?? DEFAULT_PROFILE;
+    const profile = resolveActiveProfile({
+        profiles,
+        defaultProfile,
+        policyProfile: options?.policyI18n?.messageProfile,
+        logger: options?.logger
+    });
+    const configuredLanguages = Object.keys(profiles).length > 0 ? getSelectableLanguages({
+        profiles,
+        profile
+    }) : Object.keys(baseTranslations);
+    const fallbackLanguage = Object.keys(profiles).length > 0 ? resolveFallbackLanguage({
+        profile: profiles[profile]
+    }) : 'en';
+    const policyLanguage = normalizeLanguage(options?.policyI18n?.language);
+    const requestedLanguage = policyLanguage ?? selectLanguage(configuredLanguages, {
+        header: acceptLanguage,
+        fallback: fallbackLanguage
+    });
+    const candidates = buildCandidates({
+        language: requestedLanguage,
+        fallbackLanguage
+    });
+    const selectedCandidate = candidates.find((candidate)=>!!profiles[profile]?.translations[candidate.language]);
+    if (selectedCandidate && 'profile_language' !== selectedCandidate.reason) warnOnce(options?.logger, `i18n.fallback:${profile}:${requestedLanguage}:${selectedCandidate.language}`, `Policy translation fallback used (${selectedCandidate.reason}).`, {
+        requestedProfile: profile,
+        requestedLanguage,
+        resolvedProfile: profile,
+        resolvedLanguage: selectedCandidate.language
+    });
+    let language = selectedCandidate?.language ?? requestedLanguage;
+    if (!selectedCandidate && !isSupportedBaseLanguage(language)) {
+        warnOnce(options?.logger, `i18n.base-fallback:${language}`, `No translation found for '${language}'. Falling back to base English translations.`);
+        language = 'en';
+    }
+    const base = isSupportedBaseLanguage(language) ? baseTranslations[language] : baseTranslations.en;
+    const custom = selectedCandidate ? profiles[profile]?.translations[selectedCandidate.language] : void 0;
+    const translations = custom ? deepMergeTranslations(base, custom) : base;
+    return {
+        translations: translations,
+        language
+    };
+}
+function stripIabTranslations(translations) {
+    const { iab: _iab, ...rest } = translations;
+    return rest;
+}
+function resolveNoPolicyFallback() {
+    return {
+        id: 'no_banner',
+        model: 'none',
+        ui: {
+            mode: 'none'
+        }
+    };
+}
+async function resolveInitPayload(request, options, logger) {
+    const acceptLanguage = request.headers.get('accept-language') || 'en';
+    const location = await getLocation(request, options);
+    const jurisdiction = getJurisdiction(location, options);
+    const hasExplicitPolicyPack = void 0 !== options.policyPacks;
+    const isExplicitEmptyPolicyPack = hasExplicitPolicyPack && (options.policyPacks?.length ?? 0) === 0;
+    const policyDecision = isExplicitEmptyPolicyPack ? void 0 : await policy_resolvePolicyDecision({
+        policies: options.policyPacks,
+        countryCode: location.countryCode,
+        regionCode: location.regionCode,
+        jurisdiction,
+        iabEnabled: options.iab?.enabled === true
+    });
+    if (hasExplicitPolicyPack && !isExplicitEmptyPolicyPack && !policyDecision) logger?.warn('Policy packs configured but no policy matched', {
+        country: location.countryCode,
+        region: location.regionCode
+    });
+    const resolvedPolicy = hasExplicitPolicyPack ? policyDecision?.policy ?? resolveNoPolicyFallback() : void 0;
+    const iabOptions = options.iab;
+    const shouldIncludeIabPayload = iabOptions?.enabled === true && (!hasExplicitPolicyPack || resolvedPolicy?.model === 'iab');
+    const translationsResult = getTranslationsData(acceptLanguage, options.customTranslations, {
+        i18n: options.i18n,
+        policyI18n: resolvedPolicy?.i18n,
+        logger
+    });
+    const responseTranslations = shouldIncludeIabPayload ? translationsResult : {
+        ...translationsResult,
+        translations: stripIabTranslations(translationsResult.translations)
+    };
+    let gvl = null;
+    if (shouldIncludeIabPayload && iabOptions) {
+        const language = translationsResult.language.split('-')[0] || 'en';
+        const gvlResolver = createGVLResolver({
+            appName: options.appName || 'c15t',
+            bundled: iabOptions.bundled,
+            cacheAdapter: options.cache?.adapter,
+            vendorIds: iabOptions.vendorIds,
+            endpoint: iabOptions.endpoint
+        });
+        gvl = await gvlResolver.get(language);
+    }
+    const customVendors = shouldIncludeIabPayload ? iabOptions?.customVendors : void 0;
+    const snapshot = policyDecision ? await createPolicySnapshotToken({
+        options: options.policySnapshot,
+        tenantId: options.tenantId,
+        policyId: policyDecision.policy.id,
+        fingerprint: policyDecision.fingerprint,
+        matchedBy: policyDecision.matchedBy,
+        country: location?.countryCode ?? null,
+        region: location?.regionCode ?? null,
+        jurisdiction,
+        language: translationsResult.language,
+        model: policyDecision.policy.model,
+        policyI18n: policyDecision.policy.i18n,
+        expiryDays: policyDecision.policy.consent?.expiryDays,
+        scopeMode: policyDecision.policy.consent?.scopeMode,
+        uiMode: policyDecision.policy.ui?.mode,
+        bannerUi: policyDecision.policy.ui?.banner,
+        dialogUi: policyDecision.policy.ui?.dialog,
+        categories: policyDecision.policy.consent?.categories,
+        preselectedCategories: policyDecision.policy.consent?.preselectedCategories,
+        gpc: policyDecision.policy.consent?.gpc,
+        proofConfig: policyDecision.policy.proof
+    }) : void 0;
+    const gpc = '1' === request.headers.get('sec-gpc');
+    getMetrics()?.recordInit({
+        jurisdiction,
+        country: location?.countryCode ?? void 0,
+        region: location?.regionCode ?? void 0,
+        gpc
+    });
+    return {
+        jurisdiction,
+        location,
+        translations: responseTranslations,
+        branding: options.branding || 'c15t',
+        ...shouldIncludeIabPayload && {
+            gvl,
+            customVendors
+        },
+        ...resolvedPolicy && {
+            policy: resolvedPolicy
+        },
+        ...policyDecision && {
+            policyDecision: {
+                policyId: policyDecision.policy.id,
+                fingerprint: policyDecision.fingerprint,
+                matchedBy: policyDecision.matchedBy,
+                country: location.countryCode,
+                region: location.regionCode,
+                jurisdiction
+            }
+        },
+        ...snapshot?.token && {
+            policySnapshotToken: snapshot.token
+        },
+        ...shouldIncludeIabPayload && iabOptions?.cmpId != null && {
+            cmpId: iabOptions.cmpId
+        }
+    };
+}
+const STRIP_REGEX = /^(?:https?:\/\/)|^(?:wss?:\/\/)|(?:\/+$)|(?::\d+$)/g;
+function matchesWildcard(hostname, wildcardPattern, logger) {
+    const wildcardDomain = wildcardPattern.slice(2);
+    const isValid = hostname !== wildcardDomain && hostname.endsWith(`.${wildcardDomain}`);
+    logger?.debug(`Wildcard match result: ${isValid} ${hostname} ends with .${wildcardDomain}`);
+    return isValid;
+}
+function isOriginTrusted(origin, trustedDomains, logger) {
+    try {
+        if (0 === trustedDomains.length) throw new Error('No trusted domains');
+        logger?.debug(`Checking if origin ${origin} is trusted in ${trustedDomains}`);
+        if (trustedDomains.includes('*')) {
+            logger?.debug('Allowing all origins');
+            return true;
+        }
+        const url = new URL(origin);
+        const originHostname = url.hostname.toLowerCase();
+        logger?.debug(`Parsed origin hostname: ${originHostname}`);
+        return trustedDomains.some((domain)=>{
+            if (!domain || '' === domain.trim()) {
+                logger?.debug('Skipping empty domain');
+                return false;
+            }
+            const strippedDomain = domain.replace(STRIP_REGEX, '').toLowerCase();
+            logger?.debug(`Checking against stripped domain: ${strippedDomain}`);
+            if (strippedDomain.startsWith('*.')) return matchesWildcard(originHostname, strippedDomain, logger);
+            const isMatch = originHostname === strippedDomain;
+            logger?.debug(`Exact match result: ${isMatch} ${originHostname} === ${strippedDomain}`);
+            return isMatch;
+        });
+    } catch (error) {
+        logger?.error('Error validating origin:', error);
+        return false;
+    }
+}
+function c15tEdgeInit(options) {
+    const logger = createLogger(options.logger);
+    const validation = validateMessages({
+        customTranslations: options.customTranslations,
+        i18n: options.i18n,
+        policies: options.policyPacks
+    });
+    if (validation.errors.length > 0) throw new Error(`Edge init validation failed: ${validation.errors.join(', ')}`);
+    for (const warning of validation.warnings)logger.warn(warning);
+    if (options.policyPacks) policy_inspectPolicies(options.policyPacks, {
+        iabEnabled: options.iab?.enabled === true
+    });
+    return async (request)=>{
+        if ('OPTIONS' === request.method) return new Response(null, {
+            status: 204,
+            headers: buildCorsHeaders(request, options.trustedOrigins, logger)
+        });
+        try {
+            const payload = await resolveInitPayload(request, options, logger);
+            const headers = new Headers({
+                'content-type': 'application/json'
+            });
+            applyCorsHeaders(headers, request, options.trustedOrigins, logger);
+            return new Response(JSON.stringify(payload), {
+                status: 200,
+                headers
+            });
+        } catch (error) {
+            logger.error('Edge init handler error', error);
+            const errorHeaders = new Headers({
+                'content-type': 'application/json'
+            });
+            applyCorsHeaders(errorHeaders, request, options.trustedOrigins, logger);
+            return new Response(JSON.stringify({
+                code: 'INTERNAL_SERVER_ERROR',
+                message: 'Internal server error',
+                status: 500
+            }), {
+                status: 500,
+                headers: errorHeaders
+            });
+        }
+    };
+}
+function buildCorsHeaders(request, trustedOrigins, logger) {
+    const origin = request.headers.get('origin');
+    const headers = {
+        'access-control-allow-methods': 'GET, OPTIONS',
+        'access-control-allow-headers': 'content-type, accept-language',
+        'access-control-max-age': '86400'
+    };
+    if (origin && isTrusted(origin, trustedOrigins, logger)) {
+        headers['access-control-allow-origin'] = origin;
+        headers.vary = 'Origin';
+    }
+    return headers;
+}
+function applyCorsHeaders(headers, request, trustedOrigins, logger) {
+    const origin = request.headers.get('origin');
+    if (origin && isTrusted(origin, trustedOrigins, logger)) {
+        headers.set('access-control-allow-origin', origin);
+        headers.set('vary', 'Origin');
+    }
+}
+function isTrusted(origin, trustedOrigins, logger) {
+    if (0 === trustedOrigins.length) return false;
+    return isOriginTrusted(origin, trustedOrigins, logger);
+}
+function getLocationFromHeaders(headers) {
+    const countryCode = headers.get('x-c15t-country') ?? headers.get('cf-ipcountry') ?? headers.get('x-vercel-ip-country') ?? headers.get('x-amz-cf-ipcountry') ?? headers.get('x-country-code');
+    const regionCode = headers.get('x-c15t-region') ?? headers.get('x-vercel-ip-country-region') ?? headers.get('x-region-code');
+    return {
+        countryCode,
+        regionCode
+    };
+}
+function resolve_consent_resolveNoPolicyFallback() {
+    return {
+        id: 'no_banner',
+        model: 'none',
+        ui: {
+            mode: 'none'
+        }
+    };
+}
+function resolveDefaultConsent(policy, gpc) {
+    const model = policy.model;
+    const categories = policy.consent?.categories ?? [];
+    const preselected = new Set(policy.consent?.preselectedCategories ?? []);
+    const respectsGpc = policy.consent?.gpc === true && gpc;
+    const defaults = {};
+    defaults.necessary = {
+        granted: true,
+        required: true
+    };
+    if ('none' === model) {
+        for (const category of categories)if ('*' !== category && 'necessary' !== category) defaults[category] = {
+            granted: true,
+            required: false
+        };
+        return defaults;
+    }
+    if ('opt-out' === model) {
+        for (const category of categories){
+            if ('*' === category || 'necessary' === category) continue;
+            const gpcOverride = respectsGpc && ('marketing' === category || 'measurement' === category);
+            defaults[category] = {
+                granted: !gpcOverride,
+                required: false
+            };
+        }
+        return defaults;
+    }
+    for (const category of categories)if ('*' !== category && 'necessary' !== category) defaults[category] = {
+        granted: preselected.has(category),
+        required: false
+    };
+    return defaults;
+}
+function resolveConsent(request, options, logger) {
+    const location = options.disableGeoLocation ? {
+        countryCode: null,
+        regionCode: null
+    } : getLocationFromHeaders(request.headers);
+    const jurisdiction = options.disableGeoLocation ? 'GDPR' : checkJurisdiction(location.countryCode, location.regionCode);
+    const gpc = '1' === request.headers.get('sec-gpc');
+    const hasExplicitPolicyPack = void 0 !== options.policyPacks;
+    const isExplicitEmptyPolicyPack = hasExplicitPolicyPack && (options.policyPacks?.length ?? 0) === 0;
+    const policyMatch = isExplicitEmptyPolicyPack ? void 0 : policy_resolvePolicySync({
+        policies: options.policyPacks,
+        countryCode: location.countryCode,
+        regionCode: location.regionCode,
+        jurisdiction
+    });
+    if (hasExplicitPolicyPack && !isExplicitEmptyPolicyPack && !policyMatch) logger?.warn('Policy packs configured but no policy matched', {
+        country: location.countryCode,
+        region: location.regionCode
+    });
+    const resolvedPolicy = hasExplicitPolicyPack ? policyMatch?.policy ?? resolve_consent_resolveNoPolicyFallback() : resolve_consent_resolveNoPolicyFallback();
+    const model = resolvedPolicy.model;
+    const showBanner = 'none' !== model && resolvedPolicy.ui?.mode !== 'none';
+    const defaults = resolveDefaultConsent(resolvedPolicy, gpc);
+    return {
+        jurisdiction,
+        location,
+        model,
+        policyId: resolvedPolicy.id,
+        defaults,
+        showBanner,
+        gpc
+    };
+}
+export { c15tEdgeInit, resolveConsent };