@createcms/core 0.1.1

package/dist/plugins/ab-test/client.js

@@ -0,0 +1,684 @@
+import { useState, useRef, useCallback, useEffect } from 'react';
+import { createConsentGate, startConsentAutoRead, CONSENT_WAIT_MS, resolveVisitorKey } from '../consent/index.js';
+
+function safeSend(sink, event) {
+    try {
+        sink.send(event);
+    } catch  {
+    // A sink must never break the page or its sibling sinks.
+    }
+}
+/**
+ * Fan one event out to every sink, honoring each sink's consent requirement.
+ * Consent-free sinks fire immediately; gated sinks go through the gate's
+ * buffer-then-flush and only fire once analytics consent resolves to granted.
+ */ function dispatchEvent(event, sinks, gate) {
+    for (const sink of sinks){
+        if (!sink.requires) {
+            safeSend(sink, event);
+            continue;
+        }
+        const purpose = sink.requires;
+        gate.run(()=>{
+            if (gate.isGranted(purpose)) safeSend(sink, event);
+        });
+    }
+}
+// ============================================================================
+// Built-in sinks
+// ============================================================================
+/**
+ * The A/B store leg — the keepalive POST to the CMS event ingest. CONSENT-FREE
+ * (no `requires`): it records the anonymous aggregate count that drives the A/B
+ * winner. The identity-bearing unique-visitor leg is a separate, gated concern.
+ */ function createAbTestStoreSink($fetch) {
+    return {
+        id: 'abTestStore',
+        send (event) {
+            $fetch('/abTest/trackEvent', {
+                method: 'POST',
+                // keepalive: a goal beacon often fires on a CTA click that navigates
+                // away — without this the browser cancels the in-flight POST and the
+                // count is lost (and the per-session dedup already marked it sent).
+                keepalive: true,
+                body: {
+                    eventType: event.name,
+                    anonymous: event.anonymous,
+                    ...event.ab?.testId ? {
+                        testId: event.ab.testId
+                    } : {},
+                    ...event.ab?.branchId ? {
+                        branchId: event.ab.branchId
+                    } : {},
+                    ...event.ab?.variantId ? {
+                        variantId: event.ab.variantId
+                    } : {},
+                    ...event.visitorId ? {
+                        visitorId: event.visitorId
+                    } : {},
+                    ...event.source ? {
+                        source: event.source
+                    } : {},
+                    ...event.interactionId ? {
+                        interactionId: event.interactionId
+                    } : {},
+                    ...event.transport ? {
+                        transport: event.transport
+                    } : {},
+                    ...event.consent ? {
+                        consent: event.consent
+                    } : {},
+                    ...event.metadata ? {
+                        metadata: event.metadata
+                    } : {}
+                }
+            }).catch(()=>{});
+        }
+    };
+}
+/**
+ * The GA4/GTM client sink — a single `window.dataLayer.push`. CONSENT-GATED on
+ * `analytics_storage`: this is the GA4-forwarding path (the only M3 sink that
+ * needs consent). GTM's own Consent Mode is a second line of defence; gating
+ * here keeps the one auditable consent decision on our side too.
+ */ function createGtmClientSink() {
+    return {
+        id: 'gtm',
+        requires: 'analytics_storage',
+        send (event) {
+            if (typeof window === 'undefined') return;
+            const w = window;
+            const dataLayer = w.dataLayer = w.dataLayer ?? [];
+            dataLayer.push({
+                event: event.name,
+                ...event.ab ? {
+                    ab_test_id: event.ab.testId,
+                    ab_variant: event.ab.branchId ?? event.ab.variantId
+                } : {},
+                ...event.source?.handle ? {
+                    tracking_id: event.source.handle
+                } : {},
+                ...event.source?.type ? {
+                    block_type: event.source.type
+                } : {},
+                ...event.interactionId ? {
+                    interaction_id: event.interactionId
+                } : {},
+                ...event.params
+            });
+        }
+    };
+}
+
+const $ERROR_CODES = {
+    AB_TEST_NOT_FOUND: {
+        status: 404,
+        message: 'A/B test not found'
+    },
+    AB_TEST_INVALID_STATUS: {
+        status: 400,
+        message: 'Invalid status transition for this A/B test'
+    },
+    AB_TEST_WEIGHTS_INVALID: {
+        status: 400,
+        message: 'Variant weights must sum to 100'
+    },
+    AB_TEST_DUPLICATE_RUNNING: {
+        status: 409,
+        message: 'Another test is already running for this root'
+    },
+    AB_TEST_CROSS_EMBED_CONFLICT: {
+        status: 409,
+        message: 'Cannot run: a co-rendering root (an embedded reusable block or its host page) already has a running test — at most one A/B axis may vary per render'
+    },
+    AB_TEST_BRANCH_NOT_PUBLISHED: {
+        status: 400,
+        message: 'All variant branches must be published'
+    },
+    AB_TEST_NO_CONTEXT: {
+        status: 400,
+        message: 'No visitor context set. Call identify() first.'
+    },
+    AB_TEST_FLUSH_NOT_SUPPORTED: {
+        status: 400,
+        message: 'Flush is not supported by the current analytics adapter'
+    },
+    AB_TEST_VARIANT_NOT_FOUND: {
+        status: 404,
+        message: 'A/B test variant not found'
+    },
+    AB_TEST_TRACKING_ID_MISSING: {
+        status: 400,
+        message: 'A functional block (one that declares events) is missing its trackingId — every such block must have a non-empty trackingId before the branch can be published'
+    },
+    AB_TEST_TRACKING_ID_DUPLICATE: {
+        status: 400,
+        message: 'Duplicate trackingId in this branch — each functional block must have a unique trackingId'
+    },
+    AB_TEST_TRACKING_ID_DRIFT: {
+        status: 409,
+        message: 'trackingId drift across A/B variant branches — the set of functional trackingIds must be identical across all variant branches of a root, so a chosen goal exists in every arm'
+    }
+};
+
+const PLUGIN_ID = 'abTest';
+const LS_CONTEXT_KEY = 'ab_test_context';
+const LS_ASSIGNMENTS_KEY = 'ab_test_assignments';
+const SS_IMPRESSIONS_KEY = 'ab_test_impressions';
+const COOKIE_VID = 'ab_test_vid';
+const ONE_YEAR_SEC = 31_536_000;
+// ============================================================================
+// Storage / cookie helpers (browser; all no-op under SSR)
+// ============================================================================
+function safeLocalStorageGet(key) {
+    try {
+        return localStorage.getItem(key);
+    } catch  {
+        return null;
+    }
+}
+function safeLocalStorageSet(key, value) {
+    try {
+        localStorage.setItem(key, value);
+    } catch  {
+    // localStorage unavailable (SSR, private browsing, etc.)
+    }
+}
+function safeLocalStorageRemove(key) {
+    try {
+        localStorage.removeItem(key);
+    } catch  {
+    // noop
+    }
+}
+function safeSessionStorageGet(key) {
+    try {
+        return sessionStorage.getItem(key);
+    } catch  {
+        return null;
+    }
+}
+function safeSessionStorageSet(key, value) {
+    try {
+        sessionStorage.setItem(key, value);
+    } catch  {
+    // noop
+    }
+}
+function safeSessionStorageRemove(key) {
+    try {
+        sessionStorage.removeItem(key);
+    } catch  {
+    // noop
+    }
+}
+function getCookie(name) {
+    if (typeof document === 'undefined') return null;
+    const match = document.cookie.match(new RegExp('(?:^|; )' + name + '=([^;]*)'));
+    return match ? decodeURIComponent(match[1]) : null;
+}
+/** The GA4 client_id from the `_ga` cookie (`GA1.1.<id>.<ts>` → `<id>.<ts>`). */ function parseGaClientId() {
+    const raw = getCookie('_ga');
+    const m = raw?.match(/^GA\d\.\d\.(.+)$/);
+    return m ? m[1] : undefined;
+}
+/**
+ * GA4 session_id from a `_ga_<stream>` cookie (`GS1.1.<session_id>.…`).
+ *
+ * Single-stream assumption: this matches the FIRST `_ga_<stream>` cookie it
+ * finds. With one GA4 data stream on the page (the common case) that is the
+ * right one. If a page runs MULTIPLE GA4 streams, the picked session_id may
+ * belong to a different stream than the server-MP `measurementId` — session
+ * stitching could then be off. We don't thread a stream hint because the
+ * measurementId is server-only config the client can't see; session_id is
+ * optional for the MP hit, so a mismatch degrades stitching, never the forward.
+ */ function parseGaSessionId() {
+    if (typeof document === 'undefined') return undefined;
+    const m = document.cookie.match(/_ga_[A-Z0-9]+=GS\d\.\d\.(\d+)/);
+    return m ? m[1] : undefined;
+}
+function setCookie(name, value, maxAgeSec) {
+    if (typeof document === 'undefined') return;
+    const secure = typeof location !== 'undefined' && location.protocol === 'https:' ? '; Secure' : '';
+    document.cookie = `${name}=${encodeURIComponent(value)}; Path=/; Max-Age=${maxAgeSec}; SameSite=Lax${secure}`;
+}
+function removeCookie(name) {
+    if (typeof document === 'undefined') return;
+    document.cookie = `${name}=; Path=/; Max-Age=0; SameSite=Lax`;
+}
+function generateAnonKey() {
+    const chars = '0123456789abcdefghijklmnopqrstuvwxyz';
+    let result = '';
+    for(let i = 0; i < 24; i++){
+        result += chars[Math.floor(Math.random() * chars.length)];
+    }
+    return `anon_${result}`;
+}
+function readStoredAssignments() {
+    const raw = safeLocalStorageGet(LS_ASSIGNMENTS_KEY);
+    if (!raw) return {};
+    try {
+        return JSON.parse(raw);
+    } catch  {
+        return {};
+    }
+}
+function readStoredImpressions() {
+    const raw = safeSessionStorageGet(SS_IMPRESSIONS_KEY);
+    if (!raw) return [];
+    try {
+        return JSON.parse(raw);
+    } catch  {
+        return [];
+    }
+}
+function abTestClient(options) {
+    return {
+        id: PLUGIN_ID,
+        $ERROR_CODES,
+        async init (_$fetch, _$store) {
+            // Identity/context is hydrated lazily AFTER consent is granted — never
+            // read device storage before then (ePrivacy Art. 5(3) covers reads too).
+            return {
+                context: {
+                    [`${PLUGIN_ID}:context`]: null
+                }
+            };
+        },
+        getActions ($fetch, _$store, baseURL) {
+            const gate = createConsentGate();
+            // M3a — client-side event-bus. A fired event fans to these sinks; each
+            // gates on its own consent requirement (see client-sinks.ts). The store
+            // leg is consent-free (anonymous aggregate count); the GA4/GTM leg is
+            // gated on analytics_storage.
+            const sinks = [
+                createAbTestStoreSink($fetch),
+                // The dataLayer leg is dropped when goals are forwarded server-side
+                // (server-MP) to avoid GA4 double-counting — see disableDataLayerSink.
+                ...options?.disableDataLayerSink ? [] : [
+                    createGtmClientSink()
+                ]
+            ];
+            let context = null;
+            let memKey = null;
+            // In-memory until consent is granted; hydrated from storage on grant.
+            const assignmentCache = {};
+            const impressionsSent = new Set(); // confirmed emitted
+            const impressionsQueued = new Set(); // buffered, not yet decided
+            let hydrated = false;
+            // Seed the per-session impression dedup from sessionStorage at init
+            // (consent-free — see persistImpressions). Without this, the anonymous
+            // beacon re-fires on every hard reload / fresh document load (the
+            // in-memory Set only survives soft SPA navigations), over-counting exactly
+            // the no-consent ad traffic this path measures.
+            for (const id of readStoredImpressions())impressionsSent.add(id);
+            const analyticsGranted = ()=>gate.isGranted('analytics_storage');
+            /**
+       * GA4 stitching ids for the server-MP forward (M5). Read the `_ga` cookie
+       * ONLY when analytics_storage is granted (it's an identifier) + a `_ga`
+       * exists (gtag loaded). Returns undefined otherwise → the server never
+       * forwards (the consent-free aggregate path stays identifier-less).
+       */ function gaTransport() {
+                if (!analyticsGranted()) return undefined;
+                const clientId = parseGaClientId();
+                if (!clientId) return undefined;
+                const sessionId = parseGaSessionId();
+                return {
+                    clientId,
+                    ...sessionId ? {
+                        sessionId
+                    } : {},
+                    engagementTimeMsec: 1
+                };
+            }
+            function persistAssignments() {
+                if (!analyticsGranted()) return;
+                safeLocalStorageSet(LS_ASSIGNMENTS_KEY, JSON.stringify(assignmentCache));
+            }
+            function persistImpressions() {
+                // CONSENT-FREE: the per-session impression markers are test ids (which
+                // tests this tab already counted), session-only, client-only, never
+                // transmitted — not an identifier. Persisting them is what makes the
+                // anonymous beacon dedup survive a hard reload, so it must NOT be gated
+                // on consent (unlike the identity-bearing assignment/context persists).
+                safeSessionStorageSet(SS_IMPRESSIONS_KEY, JSON.stringify([
+                    ...impressionsSent
+                ]));
+            }
+            function persistContext() {
+                if (!analyticsGranted() || !context) return;
+                safeLocalStorageSet(LS_CONTEXT_KEY, JSON.stringify(context));
+            }
+            /** Resolve (and consent-gated persist) the visitor key. */ function visitorKey() {
+                const resolved = resolveVisitorKey({
+                    granted: analyticsGranted(),
+                    cookieKey: analyticsGranted() ? getCookie(COOKIE_VID) : null,
+                    memKey,
+                    generate: generateAnonKey
+                });
+                memKey = resolved.memKey;
+                if (resolved.persist) setCookie(COOKIE_VID, resolved.key, ONE_YEAR_SEC);
+                return resolved.key;
+            }
+            /** One-time hydrate of prior identity + caches once consent is granted. */ function hydrateOnGrant() {
+                if (!hydrated) {
+                    hydrated = true;
+                    const storedAssignments = readStoredAssignments();
+                    for (const [testId, a] of Object.entries(storedAssignments)){
+                        if (!assignmentCache[testId]) assignmentCache[testId] = a;
+                    }
+                    for (const id of readStoredImpressions())impressionsSent.add(id);
+                    if (!context) {
+                        const saved = safeLocalStorageGet(LS_CONTEXT_KEY);
+                        if (saved) {
+                            try {
+                                context = JSON.parse(saved);
+                                if (context) memKey = context.key;
+                            } catch  {
+                            // corrupted
+                            }
+                        }
+                    }
+                }
+                // Promote the in-memory key to the cookie so a buffered impression and
+                // later events share one identity.
+                if (memKey && !getCookie(COOKIE_VID)) {
+                    setCookie(COOKIE_VID, memKey, ONE_YEAR_SEC);
+                }
+                persistContext();
+                persistAssignments();
+                persistImpressions();
+            }
+            gate.onChange((state, resolved)=>{
+                if (resolved && state.analytics_storage === 'granted') hydrateOnGrant();
+            });
+            // Zero-config Consent Mode read + a wait-window fallback. Render never
+            // waits on this; only event emission is buffered behind it.
+            startConsentAutoRead(gate);
+            if (typeof window !== 'undefined') {
+                setTimeout(()=>gate.resolve(), CONSENT_WAIT_MS);
+            }
+            function getContext() {
+                if (context) return context;
+                throw new Error($ERROR_CODES.AB_TEST_NO_CONTEXT.message);
+            }
+            /** POST an event, stamping the live consent state at send time. */ function postEvent(body) {
+                $fetch('/abTest/trackEvent', {
+                    method: 'POST',
+                    // keepalive: conversion beacons frequently fire on a navigating click;
+                    // survive the unload so the count is not lost.
+                    keepalive: true,
+                    body: {
+                        ...body,
+                        consent: gate.getState()
+                    }
+                }).catch(()=>{});
+            }
+            function fireImpression(testId, variantId) {
+                // Dedup on "queued or sent" to avoid double-buffering; the dedup mark is
+                // committed only when the effect actually runs, and released on drop so
+                // a later grant can still fire (no permanent suppression).
+                if (impressionsSent.has(testId) || impressionsQueued.has(testId)) return;
+                impressionsQueued.add(testId);
+                const ctx = getContext();
+                const body = {
+                    testId,
+                    variantId,
+                    visitorId: ctx.key,
+                    anonymous: ctx.anonymous ?? false,
+                    eventType: 'impression'
+                };
+                gate.run(()=>{
+                    impressionsQueued.delete(testId);
+                    if (impressionsSent.has(testId)) return;
+                    impressionsSent.add(testId);
+                    persistImpressions();
+                    postEvent(body);
+                }, ()=>{
+                    impressionsQueued.delete(testId);
+                });
+            }
+            /**
+       * Pattern A impression: report the SERVER-rendered variant by branch (the
+       * edge already chose it — no client re-bucketing). ANONYMOUS + CONSENT-FREE
+       * by design: it sends NO visitor id and is NOT consent-gated, because an
+       * aggregate variant impression count carries no identifier and no PII (the
+       * variant came from the URL). It is deduped per SESSION via sessionStorage
+       * (client-only, never sent), so the count is ~per-session without storing
+       * anything linkable. The consent-gated legs (GA4/dataLayer forwarding,
+       * unique-visitor identity) are separate. trackEvent resolves the variant id
+       * from the branch.
+       */ function recordImpression(testId, branchId) {
+                if (typeof document === 'undefined') return; // SSR no-op
+                if (impressionsSent.has(testId)) return; // per-session dedup
+                impressionsSent.add(testId);
+                persistImpressions();
+                // Fan out through the M3a event-bus. The on-mount impression is OWNED by
+                // the consent-free A/B store (the experiment's source of truth) and is
+                // deliberately NOT server-MP-forwarded: it fires before consent resolves,
+                // so no `transport`/`consent` is stamped — which also keeps the anonymous
+                // aggregate count clear of the server's denied-consent guard. GA4 still
+                // receives the impression via the dataLayer leg (buffered, fires on
+                // grant) when that sink is enabled; server-MP forwards the post-consent
+                // goal/conversion events (see dispatchEvent). Read impression rates from
+                // the dashboard (getResults / useLiveResults), not GA4.
+                dispatchEvent({
+                    name: 'impression',
+                    ab: {
+                        testId,
+                        branchId
+                    },
+                    anonymous: true
+                }, sinks, gate);
+            }
+            return {
+                abTest: {
+                    /**
+           * Tell the CMS about the visitor's consent (Consent Mode v2) — a real
+           * decision (treated like a Consent Mode `update`). Optional: the gate
+           * also auto-reads Consent Mode commands off the dataLayer. That
+           * auto-read is best-effort (a `push`-hook fast path plus a re-scan
+           * poll); when running GTM, calling this from the CMP's Consent Mode
+           * update callback is the most reliable path.
+           */ setConsent (consent) {
+                        gate.applyUpdate(consent);
+                    },
+                    /** Read the current resolved consent state. */ getConsent () {
+                        return gate.getState();
+                    },
+                    /**
+           * Report the impression for a SERVER-rendered variant (AB_FANOUT
+           * Pattern A). Call with the served branch (the `/<branchId>/` URL
+           * segment). ANONYMOUS + consent-free: sends no visitor id, not
+           * consent-gated, deduped per session via sessionStorage. Reach it from
+           * the variant route via {@link useImpression}.
+           */ recordImpression,
+                    /**
+           * React hook: fire the Pattern A impression once per (testId, branchId)
+           * on mount. Render a tiny `'use client'` beacon from the variant-coded
+           * route: `cmsClient.abTest.useImpression(testId, branchId)`.
+           */ useImpression (testId, branchId) {
+                        useEffect(()=>{
+                            recordImpression(testId, branchId);
+                        }, [
+                            testId,
+                            branchId
+                        ]);
+                    },
+                    /**
+           * Fire a raw client event through the M3a sink pipeline (the SAME
+           * sinks + consent gate as recordImpression — so consent state never
+           * diverges). The M3c `<TrackingRuntimeProvider>` wires this as its
+           * `dispatch`; functional blocks reach it via `useTrackedBlock().fire`.
+           * Anonymous aggregate legs are consent-free; the GA4/gtm leg is gated.
+           */ dispatchEvent (event) {
+                        // Attach GA4 stitching ids (consent-gated) so a block/funnel event
+                        // can also forward to the server-MP — unless the caller already set
+                        // transport. The anonymous store leg ignores it; the forward needs it.
+                        // Stamp consent ALONGSIDE transport (both imply analytics granted) so
+                        // the server can authorize the forward; leave both absent otherwise so
+                        // the consent-free leg never trips the server's denied-consent guard.
+                        const transport = event.transport ?? gaTransport();
+                        dispatchEvent({
+                            ...event,
+                            ...transport ? {
+                                transport,
+                                consent: event.consent ?? gate.getState()
+                            } : {}
+                        }, sinks, gate);
+                    },
+                    identify (ctx) {
+                        if (ctx.anonymous && !ctx.key) {
+                            context = {
+                                key: visitorKey(),
+                                anonymous: true
+                            };
+                        } else {
+                            context = {
+                                key: ctx.key,
+                                anonymous: ctx.anonymous ?? false
+                            };
+                            memKey = ctx.key;
+                        }
+                        persistContext();
+                    },
+                    async getVariant (testId) {
+                        const cached = assignmentCache[testId];
+                        if (cached) {
+                            fireImpression(testId, cached.variantId);
+                            return cached;
+                        }
+                        // Functional, visitor-independent assignment — allowed pre-consent
+                        // (renders the right variant; persists no identifier server-side).
+                        const result = await $fetch('/abTest/assignVariant', {
+                            method: 'POST',
+                            body: {
+                                testId,
+                                context: getContext()
+                            }
+                        });
+                        const assignment = {
+                            variantId: result.variantId,
+                            branchId: result.branchId,
+                            assignedAt: Date.now()
+                        };
+                        assignmentCache[testId] = assignment;
+                        persistAssignments();
+                        fireImpression(testId, result.variantId);
+                        return assignment;
+                    },
+                    reset () {
+                        context = null;
+                        memKey = null;
+                        hydrated = false;
+                        for (const key of Object.keys(assignmentCache)){
+                            delete assignmentCache[key];
+                        }
+                        impressionsSent.clear();
+                        impressionsQueued.clear();
+                        safeLocalStorageRemove(LS_CONTEXT_KEY);
+                        safeLocalStorageRemove(LS_ASSIGNMENTS_KEY);
+                        safeSessionStorageRemove(SS_IMPRESSIONS_KEY);
+                        removeCookie(COOKIE_VID);
+                        // Revoke consent in-session — stops any further fan-out.
+                        gate.reset();
+                    },
+                    /**
+           * React hook for live dashboard results.
+           * Connects to the auto-registered realtime SSE route.
+           */ useLiveResults (opts) {
+                        const [results, setResults] = useState(opts.initial);
+                        const [isLive, setIsLive] = useState(false);
+                        const esRef = useRef(null);
+                        const applyDelta = useCallback((delta)=>{
+                            setResults((prev)=>{
+                                const variants = prev.variants.map((v)=>{
+                                    if (v.variantId !== delta.variantId) return v;
+                                    const updated = {
+                                        ...v
+                                    };
+                                    if (delta.eventType === 'impression') {
+                                        updated.impressions += delta.count;
+                                    } else if (delta.eventType === 'conversion') {
+                                        updated.conversions += delta.count;
+                                    }
+                                    const breakdown = {
+                                        ...updated.eventBreakdown
+                                    };
+                                    const entry = breakdown[delta.eventType] ?? {
+                                        count: 0,
+                                        uniqueVisitors: 0,
+                                        distinctInteractions: 0
+                                    };
+                                    breakdown[delta.eventType] = {
+                                        count: entry.count + delta.count,
+                                        uniqueVisitors: entry.uniqueVisitors,
+                                        // Live deltas don't carry interaction ids; the funnel
+                                        // refreshes on the next getResults poll.
+                                        distinctInteractions: entry.distinctInteractions
+                                    };
+                                    updated.eventBreakdown = breakdown;
+                                    updated.conversionRate = updated.impressions > 0 ? Math.round(updated.conversions / updated.impressions * 10000) / 100 : 0;
+                                    return updated;
+                                });
+                                return {
+                                    ...prev,
+                                    variants,
+                                    totalImpressions: variants.reduce((s, v)=>s + v.impressions, 0),
+                                    totalConversions: variants.reduce((s, v)=>s + v.conversions, 0)
+                                };
+                            });
+                        }, []);
+                        useEffect(()=>{
+                            const url = `${baseURL}/abTest/realtime?channels=ab:live:${opts.testId}`;
+                            let es;
+                            try {
+                                es = new EventSource(url);
+                            } catch  {
+                                return;
+                            }
+                            esRef.current = es;
+                            es.onopen = ()=>setIsLive(true);
+                            es.onmessage = (event)=>{
+                                try {
+                                    const delta = JSON.parse(event.data);
+                                    applyDelta(delta);
+                                } catch  {
+                                // Ignore malformed messages
+                                }
+                            };
+                            es.onerror = ()=>{
+                                setIsLive(false);
+                                $fetch('/abTest/getResults', {
+                                    method: 'GET',
+                                    query: {
+                                        testId: opts.testId
+                                    }
+                                }).then((fresh)=>setResults(fresh)).catch(()=>{});
+                            };
+                            return ()=>{
+                                es.close();
+                                esRef.current = null;
+                                setIsLive(false);
+                            };
+                        }, [
+                            opts.testId,
+                            applyDelta
+                        ]);
+                        return {
+                            results,
+                            isLive
+                        };
+                    }
+                }
+            };
+        },
+        pathMethods: {
+            '/abTest/assignVariant': 'POST',
+            '/abTest/trackEvent': 'POST',
+            '/abTest/getResults': 'GET'
+        }
+    };
+}
+
+export { abTestClient };