@cross-deck/web 0.7.0 → 1.0.0

package/CHANGELOG.md

@@ -2,6 +2,203 @@
 
 All notable changes to `@cross-deck/web` will be documented here. The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.0] — 2026-05-11
+
+**Error capture — the third pillar.** Closes the trio: analytics +
+revenue/entitlements + errors all ship in one SDK. After this
+release the SDK covers every USP the platform sells. Bumped to
+`1.0.0` because every pillar is now in the box.
+
+Backwards-compatible: every Wave 1-4 API is unchanged. New error
+APIs are additive. Source-compatible with 0.10.x — existing
+`Crossdeck.init({...})` callsites work exactly the same.
+
+### Added
+
+- **Automatic uncaught-error capture.** Global `window.onerror` listener
+  catches every uncaught synchronous error. Stack traces parsed into
+  normalised frames (Chrome / Firefox / Safari). Reported as
+  `error.unhandled` Crossdeck events through the same durable +
+  retried + idempotent queue as analytics.
+- **Automatic promise-rejection capture.** Global
+  `window.onunhandledrejection` listener catches unhandled async
+  failures. Reported as `error.unhandledrejection`.
+- **Automatic HTTP-failure capture.** `fetch()` and
+  `XMLHttpRequest` are wrapped to detect 5xx + network failures the
+  app code didn't catch. Reported as `error.http`. Crossdeck's own
+  API calls are explicitly excluded so a Crossdeck outage doesn't
+  self-amplify into the queue.
+- **`Crossdeck.captureError(err, { context, tags, level })`** — manual
+  capture from try/catch blocks. Sentry pattern.
+- **`Crossdeck.captureMessage(message, level)`** — non-error signals
+  ("we hit the deprecated path", "soft warning"). Reported as
+  `error.message`.
+- **`Crossdeck.setTag(key, value)` / `Crossdeck.setTags(tags)`** —
+  flat key/value labels attached to every subsequent error report.
+- **`Crossdeck.setContext(name, data)`** — structured named context
+  attached to every subsequent error report (Sentry pattern).
+- **`Crossdeck.addBreadcrumb(crumb)`** — custom breadcrumb for the
+  rolling buffer.
+- **`Crossdeck.setErrorBeforeSend(hook)`** — pre-send filter; return
+  null to drop, or a modified `CapturedError` to scrub fields. The
+  only way to redact app-specific PII (auth tokens in URLs, etc.)
+  before the report leaves the browser.
+- **Breadcrumb ring buffer.** Every analytics event auto-emits a
+  breadcrumb. The last 50 are attached to every error report so the
+  engineer reading the error sees exactly how the user got into the
+  broken state. Cleared on `reset()` / `forget()`.
+- **Fingerprinting.** Every error gets a stable 8-character hex
+  fingerprint (`djb2` of message + top 3 in-app frames). Dashboard
+  uses this to group identical errors so 1,000 occurrences of the
+  same bug show as 1 issue, not 1,000.
+- **Rate limiting.** Per fingerprint: max 5 reports per minute.
+  Defends against runaway loops (e.g. error in `setInterval`).
+  Hard session cap: 100 errors total. After that, capture stops
+  until the next session — the developer is told via Sentry
+  receiving "1 unique error" instead of "1 million events".
+- **Noise filtering.** Default `ignoreErrors` strips well-known
+  browser noise (`ResizeObserver loop limit exceeded`, `Script
+  error.`, etc.). Default `denyUrls` strips browser-extension
+  frames (`chrome-extension://`, `moz-extension://`, etc.).
+- **`autoTrack.errors: boolean`** flag (default true). Disable if
+  you have a separate error tracker (Sentry, Bugsnag) and don't
+  want duplicates.
+- **`consent.errors`** dimension (already in 0.10.0 for Web Vitals)
+  now ALSO gates error reporting. `consent({ errors: false })`
+  silently drops every error event.
+- **PII scrub** runs on every error payload (stack strings, URLs,
+  context blobs) before they leave the browser — same regex pass
+  as the analytics path.
+- **New error code** in `CROSSDECK_ERROR_CODES` for the
+  request_timeout / fetch_failed family already covered.
+- **47 new tests** (306 total, up from 260):
+    - `tests/breadcrumbs.test.ts` — 6 cases.
+    - `tests/stack-parser.test.ts` — 13 cases covering Chrome /
+      Firefox / Safari formats + in-app detection + fingerprinting.
+    - `tests/error-capture.test.ts` — 21 cases covering captureError,
+      captureMessage, filtering, rate limiting, sampling, beforeSend
+      hook, context/tags attachment, breadcrumb snapshot, consent
+      gating.
+    - `tests/crossdeck.test.ts` — 7 new integration cases.
+    - `tests/dist-loading.test.ts` — extended to assert the new
+      public methods exist on the built artefact.
+    - `e2e/smoke.spec.ts` — 5 new Playwright cases covering real-
+      browser error capture (manual captureError, uncaught
+      window.onerror, captureMessage, breadcrumb attachment,
+      consent gate).
+
+### Changed
+
+- **Bundle-size budgets bumped** to account for the new pillar:
+  core ESM / CJS / React / Vue from 28 KB → 32 KB; UMD from
+  16 KB → 18 KB. The full SDK now ships at ~30 KB gz —
+  comparable to Sentry's `@sentry/browser` *alone* (which doesn't
+  include analytics or revenue). All three pillars in one bundle.
+- `AutoTrackOptions` extended with `errors: boolean`.
+- `track()` now gates `error.*` events on `consent.errors` (in
+  addition to the existing `webvitals.*` gate); everything else
+  continues to gate on `consent.analytics`.
+
+### Compatibility
+
+Source-compatible with 0.10.x. No public API removed. The new error
+capture is on by default — applications that already have Sentry
+installed should set `autoTrack: { errors: false }` to avoid
+duplicate reporting.
+
+## [0.10.0] — 2026-05-11
+
+**Privacy + compliance + operational pass (Waves 3 + 4).** Locks down GDPR / CCPA support, ships the CDN + framework story, and publishes the error-code surface that Stripe-style integrators depend on. Backwards-compatible — every new field defaults to "don't change behaviour". Source-compatible with 0.9.x.
+
+### Added
+
+- **`Crossdeck.consent({ analytics, marketing, errors })`** — three independent consent dimensions, each defaulting to `true` (granted). Gates `track()`, `identify()`, paid-traffic click IDs, referrer URLs, and Web Vitals appropriately. `Crossdeck.consentStatus()` returns the current snapshot.
+- **`respectDnt: true`** in `init()` — opt-in DNT support. When the browser exposes `navigator.doNotTrack === "1"`, ALL three consent dimensions are locked OFF permanently (no subsequent `consent()` call can flip them back on).
+- **`scrubPii: true`** (default-on) in `init()` — Stripe-grade regex pass over every event property value, URL path, and title before flush. Email-shaped → `[email]`, card-number-shaped → `[card]`. Caller's input is never mutated. Disable for pipelines that do their own redaction.
+- **`Crossdeck.forget(): Promise<void>`** — GDPR / CCPA right to be forgotten. Calls the new `/v1/identity/forget` endpoint and wipes ALL local state. Idempotent. Server-side failure does NOT block local wipe.
+- **`@cross-deck/web/vue` subpackage** — Vue 3 composables (`useEntitlement(key)` → `Ref<boolean>`, `useEntitlements()` → `Ref<string[]>`) that mirror the React subpackage's contract. Subscribes to the entitlement cache via `onEntitlementsChange`. SSR-safe.
+- **UMD CDN bundle** — `dist/crossdeck.umd.min.js`, registered via `unpkg` / `jsdelivr` package.json fields. Exposes `window.Crossdeck` for no-build-step consumers (plain HTML, Webflow, docs). 13 KB gzipped.
+- **`CROSSDECK_ERROR_CODES` + `getErrorCode(code)`** — machine-readable index of every error code the SDK can throw, with `description`, `resolution`, and `retryable` flag. Also emitted as `dist/error-codes.json` sidecar. Stripe pattern.
+- **Bundle-size budget enforcement** — `npm run size` (also runs in `prepublishOnly`) fails the release if any artefact exceeds its gzipped budget. Current ceilings: 28 KB for core / framework subpackages, 16 KB for UMD.
+- **New debug signals:** `sdk.consent_changed`, `sdk.consent_denied`, `sdk.consent_dnt_applied`, `sdk.pii_scrubbed`.
+
+### Backend changes (paired)
+
+- **`POST /v1/identity/forget`** — new endpoint. Resolves the customer from any identity hint, sets `forgottenAt: now` on the customer record, queues a `forgetRequests` row for the retention-cleanup worker to drain.
+- **`POST /v1/identity/alias`** — now accepts optional `traits` in the body and persists them under `customers/{cdcust}.traits` additively (per-key merge). Defence-in-depth sanitisation server-side: max 32 keys, 1 KB per value, primitives only.
+
+### Compatibility
+
+Source-compatible with 0.9.x. The new defaults (`scrubPii: true`, `respectDnt: false`) preserve existing analytics shape for current consumers. The Vue subpackage adds an optional peer dependency declared in `peerDependenciesMeta` — non-Vue consumers don't install it.
+
+## [0.9.0] — 2026-05-11
+
+**Data completeness pass (Wave 2).** Closes the gap between Crossdeck's event surface and Mixpanel / Segment / Amplitude. Backwards-compatible — `Crossdeck.init({...})` callsites don't need to change; the new APIs are additive.
+
+### Added
+
+- **`Crossdeck.identify(userId, { traits })`** — accept profile traits (name, plan, signupDate, role) alongside the email field. Traits are sanitised at the SDK boundary and persisted server-side on the customer record under `customers/{cdcust}.traits` (per-key merge, additive — a later identify call with `{ plan: "pro" }` doesn't wipe a prior call's `{ name: "Wes" }`). Defence-in-depth server validation: max 32 keys, 1 KB per value, primitives only.
+- **`Crossdeck.register(properties)` + `unregister(key)` + `getSuperProperties()`** — Mixpanel "super properties" pattern. Set keys once, attached to every subsequent event of this SDK instance. Null value deletes a key. Persists across page reloads via the identity storage; cleared on `reset()` / `forget()`.
+- **`Crossdeck.group(type, id, traits?)` + `getGroups()`** — Mixpanel / Segment "Group Analytics". Each event carries `$groups.<type>: id` for B2B SaaS dashboards. Multiple types coexist (`org` + `team` + `plan`). Pass `id: null` to clear a group membership.
+- **Paid-traffic click ID capture** — `gclid` (Google Ads), `fbclid` (Meta), `msclkid` (Microsoft), `ttclid` (TikTok), `li_fat_id` (LinkedIn), `twclid` (X / Twitter). Captured at session start alongside UTMs, attached to every event of the session.
+- **`pageviewId`** — stable per-page-view identifier minted on every `page.viewed` and attached to every subsequent event until the next `page.viewed`. Mixpanel's `$current_url`-style correlation — lets dashboards answer "user clicked X on page Y" without timestamp arithmetic.
+- **Web Vitals capture** — `webvitals.lcp`, `webvitals.inp`, `webvitals.cls`, `webvitals.fcp`, `webvitals.ttfb` events emitted via `PerformanceObserver`. LCP / CLS / INP flush at page hidden (final values only known after user activity stops). New `autoTrack.webVitals` flag (default true). Hand-rolled (~120 lines), zero runtime deps.
+
+### Changed
+
+- `IdentifyOptions` extended with `traits?: Record<string, unknown>`. Existing `email`-only callers unaffected.
+- `AutoTrackOptions` extended with `webVitals: boolean`. Existing `init()` callsites without `autoTrack` get it default-on.
+- `SessionAcquisition` extended with the six paid-traffic click-ID fields. Existing acquisition consumers unaffected — fields are empty strings when not present.
+
+### Compatibility
+
+Source-compatible with 0.8.x. No public API removed. Every new field defaults to a sensible value that preserves the previous behaviour for existing callsites.
+
+## [0.8.0] — 2026-05-11
+
+**Bank-grade plumbing pass (Wave 1).** Six closely-coupled hardenings that bring the SDK's reliability surface up to Stripe / Segment / Mixpanel standards. Backwards-compatible: no public API removed, every new option has a sensible default, every behaviour change is additive. Source-compatible with 0.7.x — `Crossdeck.init({...})` callsites do not need to change.
+
+### Added
+
+- **Durable event queue.** Queued events are now written through to the SDK's identity store (typically `localStorage`) so a hard browser crash, power loss, or terminal-flush `keepalive: true` cap exceedance (64 KB) doesn't lose data. On the next SDK boot the persisted queue is rehydrated and replayed. Backend dedupes by `eventId` so a replayed event already on the wire when the tab crashed is safe — `ReplacingMergeTree` handles it. New module `event-storage.ts` (`PersistentEventStore`). Skipped when `persistIdentity: false` (strict-consent flows).
+- **Exponential backoff with full jitter on flush failures.** Replaces the prior "retry on the next idle window" policy which hot-looped a flapping endpoint. Defaults: `baseMs=1000`, `factor=2`, `maxMs=60000`. Each failure schedules the next flush at `min(maxMs, baseMs * 2^attempts) * Math.random()` ms out. Reset on success. Surface via `diagnostics().events.consecutiveFailures` + `nextRetryAt`. New module `retry-policy.ts` (`RetryPolicy`, `computeNextDelay`).
+- **`Retry-After` header support on 429 / 503.** The HTTP layer now parses the header (delta-seconds or HTTP-date per RFC 7231 §7.1.3) onto `CrossdeckError.retryAfterMs`, and the retry policy honours it when it's longer than the computed backoff. Stripe pattern — the server is the authority on its own pressure.
+- **`Idempotency-Key` header per batch.** Every `/v1/events` POST now carries `Idempotency-Key: batch_<rand>`. Retries of the SAME logical batch reuse the SAME key so a future server-side idempotency layer can short-circuit duplicate work without inspecting bodies. Per-event `eventId` dedup remains in place — this is belt-and-suspenders.
+- **Request timeout via `AbortController`.** New `timeoutMs` option on `CrossdeckOptions` and per-request `options.timeoutMs` on `HttpClient.request()`. Default 15 000 ms. Without this, a captive portal / DNS hang / satellite link could leave a request open for the browser's default (5+ minutes on Chrome) and lock the queue forever. Pass `timeoutMs: 0` to disable (useful for tests). New error: `CrossdeckError({ type: "network_error", code: "request_timeout" })`.
+- **Property validation at enqueue.** `track(name, properties)` now sanitises `properties` BEFORE the event lands in the queue. New module `event-validation.ts`. Behaviour:
+    - **Drops** functions, symbols, undefined values (with a debug warning).
+    - **Coerces** `Date` → ISO string, `BigInt` → string, `Error` → `{ name, message, stack }`, `Map` → plain object, `Set` → array.
+    - **Truncates** string values longer than `maxStringLength` (default 1024) with an ellipsis.
+    - **Replaces** circular refs with `"[circular]"` and depth > 5 nesting with `"[depth-exceeded]"`.
+    - **Caps** total per-event property byte size at `maxBatchPropertyBytes` (default 8 KB); past the cap, largest properties drop first and a `__truncated: true` marker is added.
+    - Caller's input is never mutated — sanitisation always produces a defensive copy.
+    - Output is guaranteed `JSON.stringify`-safe. One bad property can no longer poison the entire batch indefinitely.
+- **Listener-error counter on `EntitlementCache`.** Listener exceptions are still swallowed (a buggy consumer must not crash the SDK) but the cumulative count is now surfaced as `diagnostics().entitlements.listenerErrors` so a broken subscriber can be spotted without a debug session.
+- **Clock-skew diagnostics.** `Crossdeck.heartbeat()` now captures the server's `serverTime` and the local `Date.now()` at the same moment. Surfaces via `diagnostics().clock.{lastServerTime, lastClientTime, skewMs}` so a wrong-system-clock problem (kid changed the date, dev machine bad NTP) surfaces in dashboards before it corrupts a day of analytics.
+- **New debug signals:** `sdk.property_coerced`, `sdk.queue_persisted`, `sdk.queue_restored`, `sdk.flush_retry_scheduled`. Fire in debug mode only — quiet by default.
+- **65 new tests** (203 total, up from 138):
+    - `tests/event-validation.test.ts` — 19 cases covering every coercion / drop / truncation / depth / size-cap path + JSON-roundtrip + no-mutation guarantee.
+    - `tests/event-storage.test.ts` — 8 cases covering load / save round-trip, debouncing, malformed-blob recovery, version sentinel, throwing-storage degradation.
+    - `tests/retry-policy.test.ts` — 12 cases covering backoff math, jitter, Retry-After precedence, attempt overflow safety, counter reset.
+    - `tests/event-queue.test.ts` — 9 new cases covering Idempotency-Key uniqueness, retry scheduling, server Retry-After honouring, durable rehydration, write-through, persistent clear on success, reset() wipe.
+    - `tests/http.test.ts` — 5 new cases covering Idempotency-Key passthrough, abort-timeout behaviour, per-call timeout override, 0-disables-timeout, Retry-After parse onto `retryAfterMs`.
+    - `tests/errors.test.ts` — 9 new cases covering `parseRetryAfterHeader` for delta-seconds, HTTP-date, past dates, malformed input.
+    - `tests/entitlement-cache.test.ts` — 1 new case covering the listener-error counter.
+    - `tests/crossdeck.test.ts` — 1 new case asserting the full Wave-1 diagnostic surface.
+
+### Changed
+
+- `CrossdeckError` now carries an optional `retryAfterMs` field, populated from the response's `Retry-After` header on 4xx/5xx.
+- `Diagnostics` shape extended with:
+    - `clock: { lastServerTime, lastClientTime, skewMs }`
+    - `entitlements.listenerErrors: number`
+    - `events.consecutiveFailures: number`, `events.nextRetryAt: number | null`
+- Existing `Diagnostics` fields and their semantics are unchanged.
+
+### Migration
+
+No callsite changes required. New options (`timeoutMs`, retry tuning) default to sensible bank-grade values. To opt out of property validation, pass already-clean property objects — there's no escape hatch, and there shouldn't be: an SDK that lets one bad event poison the whole batch isn't bank-grade.
+
 ## [0.6.0] — 2026-05-10
 
 Bank-grade analytics enrichment. Two additive changes that close the gap between Crossdeck's analytics surface and Google Analytics 4 / Google Ads dashboards: identity continuity that survives cleared storage, and first-touch acquisition attribution attached to every event of a session. No public API changes — `Crossdeck.init({...})` callsites do not need to change.

package/dist/crossdeck.umd.min.js

@@ -0,0 +1,3 @@
+"use strict";var Crossdeck=(()=>{var te=Object.defineProperty;var Ce=Object.getOwnPropertyDescriptor;var Ie=Object.getOwnPropertyNames;var xe=Object.prototype.hasOwnProperty;var Re=(r,e)=>{for(var t in e)te(r,t,{get:e[t],enumerable:!0})},Pe=(r,e,t,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of Ie(e))!xe.call(r,s)&&s!==t&&te(r,s,{get:()=>e[s],enumerable:!(n=Ce(e,s))||n.enumerable});return r};var Ae=r=>Pe(te({},"__esModule",{value:!0}),r);var lt={};Re(lt,{CROSSDECK_ERROR_CODES:()=>le,Crossdeck:()=>Se,CrossdeckClient:()=>L,CrossdeckError:()=>b,DEFAULT_BASE_URL:()=>N,MemoryStorage:()=>w,SDK_NAME:()=>x,SDK_VERSION:()=>$,getErrorCode:()=>Te});var b=class r extends Error{constructor(e){super(e.message),this.name="CrossdeckError",this.type=e.type,this.code=e.code,this.requestId=e.requestId,this.status=e.status,this.retryAfterMs=e.retryAfterMs,Object.setPrototypeOf(this,r.prototype)}};async function pe(r){let e=r.headers.get("x-request-id")??void 0,t=De(r.headers.get("retry-after")),n;try{n=await r.json()}catch{n=null}let s=n?.error;return s&&typeof s.type=="string"&&typeof s.code=="string"?new b({type:s.type,code:s.code,message:s.message??`HTTP ${r.status}`,requestId:s.request_id??e,status:r.status,retryAfterMs:t}):new b({type:Fe(r.status),code:`http_${r.status}`,message:`HTTP ${r.status} ${r.statusText||""}`.trim(),requestId:e,status:r.status,retryAfterMs:t})}function De(r){if(!r)return;let e=r.trim();if(!e)return;if(/^\d+(\.\d+)?$/.test(e)){let s=Number(e);return!Number.isFinite(s)||s<0?void 0:Math.round(s*1e3)}if(!/[a-zA-Z,/:]/.test(e))return;let t=Date.parse(e);if(!Number.isFinite(t))return;let n=t-Date.now();return n>0?n:0}function Fe(r){return r===401?"authentication_error":r===403?"permission_error":r===429?"rate_limit_error":r>=400&&r<500?"invalid_request_error":"internal_error"}var x="@cross-deck/web",$="1.0.0",N="https://api.cross-deck.com/v1",Le=15e3,q=class{constructor(e){this.config=e}async request(e,t,n={}){if(this.config.localDevMode)return Oe(t);let s=this.buildUrl(t,n.query),i={Authorization:`Bearer ${this.config.publicKey}`,"Crossdeck-Sdk-Version":`${x}@${this.config.sdkVersion}`,Accept:"application/json"};n.idempotencyKey&&(i["Idempotency-Key"]=n.idempotencyKey);let c;n.body!==void 0&&(i["Content-Type"]="application/json",c=JSON.stringify(n.body));let a=n.timeoutMs??this.config.timeoutMs??Le,o=typeof AbortController<"u"&&a>0?new AbortController:null,p=null;o&&a>0&&(p=setTimeout(()=>o.abort(),a));let u;try{u=await fetch(s,{method:e,headers:i,body:c,keepalive:n.keepalive===!0,signal:o?.signal})}catch(d){let l=o?.signal?.aborted===!0;throw new b({type:"network_error",code:l?"request_timeout":"fetch_failed",message:l?`Request to ${t} aborted after ${a}ms`:d instanceof Error?d.message:"fetch failed"})}finally{p!==null&&clearTimeout(p)}if(!u.ok)throw await pe(u);if(u.status!==204)try{return await u.json()}catch{throw new b({type:"internal_error",code:"invalid_json_response",message:"Server returned a 2xx with an unparseable body.",requestId:u.headers.get("x-request-id")??void 0,status:u.status})}}get isLocalDevMode(){return this.config.localDevMode===!0}buildUrl(e,t){let n=this.config.baseUrl.replace(/\/+$/,""),s=e.startsWith("/")?e:`/${e}`,i=n+s;if(t){let c=new URLSearchParams;for(let[o,p]of Object.entries(t))typeof p=="string"&&p.length>0&&c.append(o,p);let a=c.toString();a&&(i+=(i.includes("?")?"&":"?")+a)}return i}},V=null;function Oe(r){return r.startsWith("/sdk/heartbeat")?{object:"heartbeat",ok:!0,projectId:"proj_local_dev",appId:"app_local_dev",platform:"web",env:"sandbox",serverTime:Date.now()}:r.startsWith("/identity/alias")?(V||(V=`cdcust_local_${typeof crypto<"u"&&"randomUUID"in crypto?crypto.randomUUID().replace(/-/g,"").slice(0,16):Math.random().toString(36).slice(2,18)}`),{object:"alias_result",crossdeckCustomerId:V,linked:[],mergePending:!1,env:"sandbox"}):r.startsWith("/entitlements")?{object:"list",data:[],crossdeckCustomerId:V??"",env:"sandbox"}:r.startsWith("/events")?{object:"list",received:0,env:"sandbox"}:{}}var R="anon_id",P="cdcust_id",B=class{constructor(e,t,n){this.primary=e;this.prefix=t;this.secondary=n??null;let s=e.getItem(t+R),i=e.getItem(t+P),c=this.secondary?.getItem(t+R)??null,a=this.secondary?.getItem(t+P)??null,o=s??c,p=i??a;this.state={anonymousId:o??this.mintAnonymousId(),crossdeckCustomerId:p},(!s||!c)&&this.writeBoth(t+R,this.state.anonymousId),p&&(!i||!a)&&this.writeBoth(t+P,p)}get anonymousId(){return this.state.anonymousId}get crossdeckCustomerId(){return this.state.crossdeckCustomerId}setCrossdeckCustomerId(e){this.state.crossdeckCustomerId=e,this.writeBoth(this.prefix+P,e)}reset(){this.deleteBoth(this.prefix+R),this.deleteBoth(this.prefix+P),this.state={anonymousId:this.mintAnonymousId(),crossdeckCustomerId:null},this.writeBoth(this.prefix+R,this.state.anonymousId)}mintAnonymousId(){let e=Date.now().toString(36),t=k(10);return`anon_${e}${t}`}writeBoth(e,t){try{this.primary.setItem(e,t)}catch{}if(this.secondary)try{this.secondary.setItem(e,t)}catch{}}deleteBoth(e){try{this.primary.removeItem(e)}catch{}if(this.secondary)try{this.secondary.removeItem(e)}catch{}}};function k(r){let e="0123456789abcdefghijklmnopqrstuvwxyz",t=[],n=globalThis.crypto;if(n?.getRandomValues){let s=new Uint8Array(r);n.getRandomValues(s);for(let i=0;i<r;i++)t.push(e[s[i]%e.length]??"0")}else for(let s=0;s<r;s++)t.push(e[Math.floor(Math.random()*e.length)]??"0");return t.join("")}var W=class{constructor(){this.active=new Set;this.all=[];this.lastUpdated=0;this.listeners=new Set;this.listenerErrorCount=0}isEntitled(e){return this.active.has(e)}list(){return this.all.slice()}get freshness(){return this.lastUpdated}get listenerErrors(){return this.listenerErrorCount}setFromList(e){this.all=e.slice(),this.active=new Set(e.filter(t=>t.isActive).map(t=>t.key)),this.lastUpdated=Date.now(),this.notify()}clear(){this.active.clear(),this.all=[],this.lastUpdated=0,this.notify()}subscribe(e){this.listeners.add(e);let t=!1;return()=>{t||(t=!0,this.listeners.delete(e))}}notify(){if(this.listeners.size===0)return;let e=this.all.slice(),t=[...this.listeners];for(let n of t)try{n(e)}catch{this.listenerErrorCount+=1}}};function Me(r,e,t={},n=Math.random){let s=t.baseMs??1e3,i=t.maxMs??6e4,c=t.factor??2,a=Math.min(r,30),p=Math.min(i,s*Math.pow(c,a))*n();return e!==void 0&&e>p?Math.min(i,e):Math.max(0,Math.round(p))}var H=class{constructor(e={}){this.options=e;this.attempts=0}get consecutiveFailures(){return this.attempts}get isWarning(){return this.attempts>=(this.options.failuresBeforeWarn??8)}nextDelay(e,t=Math.random){let n=Me(this.attempts,e,this.options,t);return this.attempts+=1,n}recordSuccess(){this.attempts=0}};var A=1e3,j=class{constructor(e){this.cfg=e;this.buffer=[];this.dropped=0;this.inFlight=0;this.lastFlushAt=0;this.lastError=null;this.cancelTimer=null;this.firstFlushFired=!1;this.nextRetryAt=null;if(this.retry=new H(e.retry??{}),this.persistent=e.persistentStore??null,this.persistent){let t=this.persistent.load();t.length>0&&(t.length>A?(this.dropped+=t.length-A,this.buffer=t.slice(t.length-A)):this.buffer=t,this.cfg.onBufferChange?.(this.buffer.length),this.scheduleIdleFlush())}}enqueue(e){if(this.buffer.push(e),this.buffer.length>A){let t=this.buffer.length-A;this.buffer.splice(0,t),this.dropped+=t,this.cfg.onDrop?.(t)}this.cfg.onBufferChange?.(this.buffer.length),this.persistent?.save(this.buffer),this.buffer.length>=this.cfg.batchSize?this.flush():this.scheduleIdleFlush()}async flush(e={}){if(this.buffer.length===0)return null;this.cancelTimerIfSet(),this.nextRetryAt=null;let t=this.buffer.splice(0),n=this.mintBatchId();this.inFlight+=t.length,this.persistent?.save(this.buffer),this.cfg.onBufferChange?.(this.buffer.length);try{let s=this.cfg.envelope(),i=await this.cfg.http.request("POST","/events",{body:{appId:s.appId,environment:s.environment,sdk:s.sdk,events:t},keepalive:e.keepalive===!0,idempotencyKey:n});return this.lastFlushAt=Date.now(),this.lastError=null,this.inFlight-=t.length,this.retry.recordSuccess(),this.persistent?.save(this.buffer),this.firstFlushFired||(this.firstFlushFired=!0,this.cfg.onFirstFlushSuccess?.()),i}catch(s){this.buffer.unshift(...t),this.inFlight-=t.length;let i=s instanceof Error?s.message:String(s);this.lastError=i,this.persistent?.save(this.buffer),this.cfg.onBufferChange?.(this.buffer.length);let c=Ue(s),a=this.retry.nextDelay(c);return this.scheduleRetry(a),this.cfg.onRetryScheduled?.({delayMs:a,consecutiveFailures:this.retry.consecutiveFailures,retryAfterMs:c,lastError:i}),null}}reset(){this.cancelTimerIfSet(),this.nextRetryAt=null,this.buffer=[],this.dropped=0,this.inFlight=0,this.lastError=null,this.retry.recordSuccess(),this.persistent?.clear(),this.cfg.onBufferChange?.(0)}getStats(){return{buffered:this.buffer.length,dropped:this.dropped,inFlight:this.inFlight,lastFlushAt:this.lastFlushAt,lastError:this.lastError,consecutiveFailures:this.retry.consecutiveFailures,nextRetryAt:this.nextRetryAt}}scheduleIdleFlush(){this.cancelTimerIfSet();let e=this.cfg.scheduler??fe;this.cancelTimer=e(()=>{this.flush()},this.cfg.intervalMs)}scheduleRetry(e){this.cancelTimerIfSet(),this.nextRetryAt=Date.now()+e;let t=this.cfg.scheduler??fe;this.cancelTimer=t(()=>{this.flush()},e)}cancelTimerIfSet(){this.cancelTimer&&(this.cancelTimer(),this.cancelTimer=null)}mintBatchId(){return`batch_${Date.now().toString(36)}${k(10)}`}};function Ue(r){if(r&&typeof r=="object"&&"retryAfterMs"in r){let e=r.retryAfterMs;return typeof e=="number"&&Number.isFinite(e)&&e>=0?e:void 0}}function fe(r,e){let t=setTimeout(r,e);if(typeof t.unref=="function")try{t.unref()}catch{}return()=>clearTimeout(t)}var K=class{constructor(e){this.options=e;this.writeScheduled=!1;this.pendingSnapshot=null;this.key=`${e.prefix}queue.v1`}load(){let e;try{e=this.options.storage.getItem(this.key)}catch{return[]}if(!e)return[];try{let t=JSON.parse(e);return!t||t.version!==1||!Array.isArray(t.events)?[]:t.events}catch{return[]}}save(e){this.pendingSnapshot=e.slice(),!this.writeScheduled&&(this.writeScheduled=!0,queueMicrotask(()=>this.flushWrite()))}saveSync(e){this.pendingSnapshot=e.slice(),this.flushWrite()}clear(){this.pendingSnapshot=null,this.writeScheduled=!1;try{this.options.storage.removeItem(this.key)}catch{}}flushWrite(){this.writeScheduled=!1;let e=this.pendingSnapshot;if(this.pendingSnapshot=null,e===null)return;if(e.length===0){try{this.options.storage.removeItem(this.key)}catch{}return}let t={version:1,events:e};try{this.options.storage.setItem(this.key,JSON.stringify(t))}catch{}}};var w=class{constructor(){this.store=new Map}getItem(e){return this.store.get(e)??null}setItem(e,t){this.store.set(e,t)}removeItem(e){this.store.delete(e)}},z=class{constructor(e){this.maxAgeSec=e?.maxAgeSec??63072e3,this.secure=e?.secure??Ve(),this.sameSite=e?.sameSite??"Lax"}getItem(e){if(!re())return null;let t=globalThis.document,n=t.cookie?t.cookie.split(/;\s*/):[],s=encodeURIComponent(e)+"=";for(let i of n)if(i.startsWith(s))try{return decodeURIComponent(i.slice(s.length))}catch{return null}return null}setItem(e,t){if(!re())return;let n=globalThis.document,s=[`${encodeURIComponent(e)}=${encodeURIComponent(t)}`,"Path=/",`Max-Age=${this.maxAgeSec}`,`SameSite=${this.sameSite}`];this.secure&&s.push("Secure");try{n.cookie=s.join("; ")}catch{}}removeItem(e){if(!re())return;let t=globalThis.document,n=[`${encodeURIComponent(e)}=`,"Path=/","Max-Age=0",`SameSite=${this.sameSite}`];this.secure&&n.push("Secure");try{t.cookie=n.join("; ")}catch{}}};function he(){try{let r=globalThis.localStorage;if(r){let e="__crossdeck_probe__";return r.setItem(e,"1"),r.removeItem(e),r}}catch{}return new w}function Ve(){try{return globalThis.location?.protocol==="https:"}catch{return!1}}function re(){return typeof globalThis.document<"u"}function qe(){return typeof globalThis.window<"u"&&typeof globalThis.document<"u"&&typeof globalThis.navigator<"u"}function me(r){let e={};if(r?.appVersion&&(e.appVersion=r.appVersion),!qe())return e;let t=globalThis.window,n=globalThis.navigator,s=globalThis.document;try{typeof n.language=="string"&&(e.locale=n.language)}catch{}try{e.timezone=Intl.DateTimeFormat().resolvedOptions().timeZone}catch{}try{t.screen&&(e.screenWidth=t.screen.width,e.screenHeight=t.screen.height),e.viewportWidth=t.innerWidth,e.viewportHeight=t.innerHeight,e.devicePixelRatio=t.devicePixelRatio}catch{}try{let i=n.userAgent??"",c=$e(i);Object.assign(e,c)}catch{}try{let i=n.userAgentData;if(i?.platform&&!e.os&&(e.os=i.platform),i?.brands&&!e.browser){let c=i.brands.find(a=>!/Not[ .;A]*Brand/i.test(a.brand)&&!/Chromium/i.test(a.brand));c&&(e.browser=c.brand,e.browserVersion=c.version)}}catch{}return e}function $e(r){let e={};if(/iPad|iPhone|iPod/.test(r)){e.os="iOS";let t=r.match(/OS (\d+[._]\d+(?:[._]\d+)?)/);t?.[1]&&(e.osVersion=t[1].replace(/_/g,"."))}else if(/Android/.test(r)){e.os="Android";let t=r.match(/Android (\d+(?:\.\d+)*)/);t?.[1]&&(e.osVersion=t[1])}else if(/Windows/.test(r)){e.os="Windows";let t=r.match(/Windows NT (\d+\.\d+)/);t?.[1]&&(e.osVersion=t[1])}else if(/Mac OS X|Macintosh/.test(r)){e.os="macOS";let t=r.match(/Mac OS X (\d+[._]\d+(?:[._]\d+)?)/);t?.[1]&&(e.osVersion=t[1].replace(/_/g,"."))}else/Linux/.test(r)&&(e.os="Linux");return/Edg\/(\d+(?:\.\d+)*)/.test(r)?(e.browser="Edge",e.browserVersion=r.match(/Edg\/(\d+(?:\.\d+)*)/)?.[1]):/Firefox\/(\d+(?:\.\d+)*)/.test(r)?(e.browser="Firefox",e.browserVersion=r.match(/Firefox\/(\d+(?:\.\d+)*)/)?.[1]):/OPR\/(\d+(?:\.\d+)*)/.test(r)?(e.browser="Opera",e.browserVersion=r.match(/OPR\/(\d+(?:\.\d+)*)/)?.[1]):/Chrome\/(\d+(?:\.\d+)*)/.test(r)?(e.browser="Chrome",e.browserVersion=r.match(/Chrome\/(\d+(?:\.\d+)*)/)?.[1]):/Version\/(\d+(?:\.\d+)*).*Safari/.test(r)&&(e.browser="Safari",e.browserVersion=r.match(/Version\/(\d+(?:\.\d+)*)/)?.[1]),e}var _={sessions:!0,pageViews:!0,deviceInfo:!0,clicks:!0,webVitals:!0,errors:!0},Ne=1800*1e3,ne={utm_source:"",utm_medium:"",utm_campaign:"",utm_content:"",utm_term:"",referrer:"",gclid:"",fbclid:"",msclkid:"",ttclid:"",li_fat_id:"",twclid:""},D=class{constructor(e,t){this.cfg=e;this.track=t;this.session=null;this.cleanups=[];this.pageviewId=null}install(){ge()&&(this.cfg.sessions&&this.installSessionTracking(),this.cfg.pageViews&&this.installPageViewTracking(),this.cfg.clicks&&this.installClickTracking())}uninstall(){for(;this.cleanups.length;){let e=this.cleanups.pop();try{e?.()}catch{}}this.session&&!this.session.endedSent&&this.emitSessionEnd(),this.session=null}resetSession(){this.session&&!this.session.endedSent&&this.emitSessionEnd(),this.session=this.startNewSession(),this.emitSessionStart()}get currentSessionId(){return this.session?.sessionId??null}get currentPageviewId(){return this.pageviewId}get currentAcquisition(){return this.session?.acquisition??ne}installSessionTracking(){this.session=this.startNewSession(),this.emitSessionStart();let e=()=>{if(!this.session)return;let i=globalThis.document;i.visibilityState==="hidden"?this.session.hiddenAt=Date.now():i.visibilityState==="visible"&&((this.session.hiddenAt?Date.now()-this.session.hiddenAt:0)>=Ne?(this.emitSessionEnd(),this.session=this.startNewSession(),this.emitSessionStart()):this.session.hiddenAt=null)},t=()=>this.emitSessionEnd(),n=globalThis.window,s=globalThis.document;s.addEventListener("visibilitychange",e),n.addEventListener("pagehide",t),n.addEventListener("beforeunload",t),this.cleanups.push(()=>{s.removeEventListener("visibilitychange",e),n.removeEventListener("pagehide",t),n.removeEventListener("beforeunload",t)})}startNewSession(){return{sessionId:Ge(),startedAt:Date.now(),hiddenAt:null,endedSent:!1,acquisition:Je()}}emitSessionStart(){this.session&&this.track("session.started",{sessionId:this.session.sessionId})}emitSessionEnd(){if(!this.session||this.session.endedSent)return;let e=Date.now()-this.session.startedAt;this.track("session.ended",{sessionId:this.session.sessionId,durationMs:e}),this.session.endedSent=!0}installPageViewTracking(){let e=globalThis.window,t=globalThis.document,n=0,s="",i=250,c=(l=!1)=>{let h=e.location,f=h.href,g=Date.now();!l&&f===s&&g-n<i||(n=g,s=f,this.pageviewId=`pv_${Date.now().toString(36)}${k(10)}`,this.track("page.viewed",{pageviewId:this.pageviewId,path:h.pathname,url:f,search:h.search||void 0,hash:h.hash||void 0,title:t.title,referrer:t.referrer||void 0}))};c();let a=e.history.pushState,o=e.history.replaceState;function p(l,h,f){a.apply(this,[l,h,f]),queueMicrotask(c)}function u(l,h,f){o.apply(this,[l,h,f]),queueMicrotask(c)}e.history.pushState=p,e.history.replaceState=u;let d=()=>c(!0);e.addEventListener("popstate",d),this.cleanups.push(()=>{e.history.pushState===p&&(e.history.pushState=a),e.history.replaceState===u&&(e.history.replaceState=o),e.removeEventListener("popstate",d)})}installClickTracking(){let e=globalThis.window,t=globalThis.document,n=0,s=null,i=100,c=64,a=o=>{let p=o.target;if(!p||!(p instanceof Element))return;let u=Date.now();if(p===s&&u-n<i)return;n=u,s=p;let l=Be(p)||p;if(We(l)||He(l)||je(l))return;let h=l.tagName.toLowerCase(),f=ze(Ke(l),c),g=l.href||void 0,m=l.target||void 0,v=l.id||void 0,S=l.getAttribute("role")||void 0,O=l.getAttribute("aria-label")||void 0,M=Xe(l),y=Qe(l),E=h==="a"&&!!g,I=l.getAttribute("data-cd-event"),T={selector:M,tag:h,text:f,elementId:v,role:S,ariaLabel:O,href:g,isLink:E,linkTarget:m,viewportX:o.clientX,viewportY:o.clientY,pageX:o.pageX,pageY:o.pageY,...y};for(let U of Object.keys(T))(T[U]===void 0||T[U]===null||T[U]==="")&&delete T[U];this.track(I||"element.clicked",T)};t.addEventListener("click",a,{capture:!0,passive:!0}),this.cleanups.push(()=>{t.removeEventListener("click",a,{capture:!0})})}};function Be(r){return r.closest("[data-cd-event]")||r.closest("[data-cd-noTrack]")||r.closest("button, a, [role='button'], [role='link'], input[type='button'], input[type='submit']")||null}function We(r){if(!(r instanceof HTMLElement))return!1;let e=r.tagName.toLowerCase();if(e==="textarea"||e==="select")return!0;if(e==="input"){let t=(r.type||"").toLowerCase();return t!=="button"&&t!=="submit"&&t!=="image"&&t!=="reset"}return!1}function He(r){return!!r.closest("[data-cd-noTrack], [data-cd-no-track], .cd-noTrack, .cd-no-track")}function je(r){return!!r.closest('input[type="password"]')}function Ke(r){let e=r.getAttribute("aria-label");return e?e.replace(/\s+/g," ").trim():r instanceof HTMLInputElement&&r.value?r.value:(r.textContent||"").replace(/\s+/g," ").trim()}function ze(r,e){return r.length<=e?r:r.slice(0,e-1)+"\u2026"}function Xe(r){let e=[],t=r,n=0;for(;t&&t.nodeName.toLowerCase()!=="body"&&n<5;){let s=t.nodeName.toLowerCase();if(t.id){e.unshift(`${s}#${t.id}`);break}if(t.classList.length>0){let i=Array.from(t.classList).filter(c=>!c.startsWith("cd-")).slice(0,2).join(".");i&&(s+=`.${i}`)}e.unshift(s),t=t.parentElement,n++}return e.join(" > ")}function Qe(r){let e={};if(!(r instanceof HTMLElement))return e;for(let t of r.getAttributeNames()){if(!t.startsWith("data-")||t==="data-cd-noTrack"||t==="data-cd-no-track"||t==="data-cd-event")continue;let n=r.getAttribute(t)||"",s=t.replace(/^data-cd-prop-/,"").replace(/^data-/,"");e[s]=n}return e}function ge(){return typeof globalThis.window<"u"&&typeof globalThis.document<"u"}function Ge(){return`sess_${Date.now().toString(36)}${k(10)}`}function Je(){if(!ge())return{...ne};let r={...ne};try{let e=globalThis.window,t=new URLSearchParams(e.location.search??"");r.utm_source=t.get("utm_source")??"",r.utm_medium=t.get("utm_medium")??"",r.utm_campaign=t.get("utm_campaign")??"",r.utm_content=t.get("utm_content")??"",r.utm_term=t.get("utm_term")??"",r.gclid=t.get("gclid")??"",r.fbclid=t.get("fbclid")??"",r.msclkid=t.get("msclkid")??"",r.ttclid=t.get("ttclid")??"",r.li_fat_id=t.get("li_fat_id")??"",r.twclid=t.get("twclid")??""}catch{}try{let e=globalThis.document;typeof e.referrer=="string"&&(r.referrer=e.referrer)}catch{}return r}var Ye=[/^email$/i,/^password$/i,/^token$/i,/^secret$/i,/^card$/i,/^phone$/i,/password/i,/credit_?card/i];function be(r){if(!r)return[];let e=[];for(let t of Object.keys(r))Ye.some(n=>n.test(t))&&e.push(t);return e}var X=class{constructor(){this.enabled=!1;this.seen=new Set}emit(e,t,n){if(!this.enabled)return;if(Ze.has(e)){if(this.seen.has(e))return;this.seen.add(e)}let s=n?` ${et(n)}`:"";console.info(`[crossdeck:${e}] ${t}${s}`)}},Ze=new Set(["sdk.configured","sdk.first_event_sent","sdk.environment_mismatch"]);function et(r){try{return JSON.stringify(r)}catch{return"[unserialisable context]"}}function F(r,e={}){let t=[];if(!r)return{properties:{},warnings:t};let n=e.maxStringLength??1024,s=e.maxBatchPropertyBytes??8192,i=e.maxDepth??5,c=new WeakSet,a=(u,d,l)=>{if(l>i)return t.push({kind:"depth_exceeded",key:d}),{keep:!0,value:"[depth-exceeded]"};if(u===null)return{keep:!0,value:null};let h=typeof u;if(h==="string"){let f=u;return f.length>n?(t.push({kind:"truncated_string",key:d}),{keep:!0,value:f.slice(0,n-1)+"\u2026"}):{keep:!0,value:f}}if(h==="number")return Number.isFinite(u)?{keep:!0,value:u}:(t.push({kind:"non_serialisable",key:d}),{keep:!0,value:null});if(h==="boolean")return{keep:!0,value:u};if(h==="bigint")return t.push({kind:"coerced_bigint",key:d}),{keep:!0,value:u.toString()};if(h==="function")return t.push({kind:"dropped_function",key:d}),{keep:!1,value:void 0};if(h==="symbol")return t.push({kind:"dropped_symbol",key:d}),{keep:!1,value:void 0};if(h==="undefined")return t.push({kind:"dropped_undefined",key:d}),{keep:!1,value:void 0};if(u instanceof Date)return t.push({kind:"coerced_date",key:d}),{keep:!0,value:Number.isFinite(u.getTime())?u.toISOString():null};if(u instanceof Error)return t.push({kind:"coerced_error",key:d}),{keep:!0,value:{name:u.name,message:u.message,stack:typeof u.stack=="string"?u.stack.slice(0,n):void 0}};if(u instanceof Map){t.push({kind:"coerced_map",key:d});let f={};for(let[g,m]of u.entries()){let v=typeof g=="string"?g:String(g),S=a(m,`${d}.${v}`,l+1);S.keep&&(f[v]=S.value)}return{keep:!0,value:f}}if(u instanceof Set){t.push({kind:"coerced_set",key:d});let f=[],g=0;for(let m of u.values()){let v=a(m,`${d}[${g}]`,l+1);v.keep&&f.push(v.value),g++}return{keep:!0,value:f}}if(Array.isArray(u)){if(c.has(u))return t.push({kind:"circular_reference",key:d}),{keep:!0,value:"[circular]"};c.add(u);let f=[];for(let g=0;g<u.length;g++){let m=a(u[g],`${d}[${g}]`,l+1);m.keep&&f.push(m.value)}return{keep:!0,value:f}}if(h==="object"){let f=u;if(c.has(f))return t.push({kind:"circular_reference",key:d}),{keep:!0,value:"[circular]"};c.add(f);let g={};for(let m of Object.keys(f)){let v=a(f[m],`${d}.${m}`,l+1);v.keep&&(g[m]=v.value)}return{keep:!0,value:g}}t.push({kind:"non_serialisable",key:d});try{return{keep:!0,value:String(u)}}catch{return{keep:!1,value:void 0}}},o={};for(let u of Object.keys(r)){let d=a(r[u],u,0);d.keep&&(o[u]=d.value)}let p=ye(o);if(p&&se(p)>s){t.push({kind:"size_cap_exceeded",key:"*"});let u=Object.keys(o).map(l=>({k:l,size:se(ye(o[l])??"")})).sort((l,h)=>h.size-l.size),d=se(p);for(let{k:l}of u){if(d<=s)break;d-=u.find(h=>h.k===l).size,delete o[l]}o.__truncated=!0}return{properties:o,warnings:t}}function ye(r){try{return JSON.stringify(r)??null}catch{return null}}function se(r){return typeof TextEncoder<"u"?new TextEncoder().encode(r).length:r.length*4}var Q="super_props",ie="groups",G=class{constructor(e,t){this.storage=e;this.prefix=t;this.superProps={};this.groups={};this.superProps=ve(e,t+Q)??{},this.groups=ve(e,t+ie)??{}}register(e){for(let[t,n]of Object.entries(e))n===null?delete this.superProps[t]:n!==void 0&&(this.superProps[t]=n);return oe(this.storage,this.prefix+Q,this.superProps),{...this.superProps}}unregister(e){e in this.superProps&&(delete this.superProps[e],oe(this.storage,this.prefix+Q,this.superProps))}getSuperProperties(){return{...this.superProps}}setGroup(e,t,n){t===null?delete this.groups[e]:this.groups[e]=n!==void 0?{id:t,traits:n}:{id:t},oe(this.storage,this.prefix+ie,this.groups)}getGroups(){return JSON.parse(JSON.stringify(this.groups))}getGroupIds(){let e={};for(let[t,n]of Object.entries(this.groups))e[t]=n.id;return e}clear(){this.superProps={},this.groups={};try{this.storage.removeItem(this.prefix+Q)}catch{}try{this.storage.removeItem(this.prefix+ie)}catch{}}};function ve(r,e){let t;try{t=r.getItem(e)}catch{return null}if(!t)return null;try{return JSON.parse(t)}catch{return null}}function oe(r,e,t){try{r.setItem(e,JSON.stringify(t))}catch{}}var J=class{constructor(e,t){this.cfg=e;this.report=t;this.observers=[];this.flushed=new Set;this.cls=0;this.clsEntries=[];this.inp=0;this.cleanups=[]}install(){if(!this.cfg.enabled||typeof PerformanceObserver>"u"||typeof globalThis>"u"||!("document"in globalThis))return;let e=globalThis.document;try{let i=new PerformanceObserver(c=>{for(let a of c.getEntries()){let o=a;o.responseStart>0&&!this.flushed.has("ttfb")&&(this.flushed.add("ttfb"),this.report("webvitals.ttfb",{valueMs:Math.round(o.responseStart-o.startTime)}))}});i.observe({type:"navigation",buffered:!0}),this.observers.push(i)}catch{}try{let i=new PerformanceObserver(c=>{for(let a of c.getEntries())a.name==="first-contentful-paint"&&!this.flushed.has("fcp")&&(this.flushed.add("fcp"),this.report("webvitals.fcp",{valueMs:Math.round(a.startTime)}))});i.observe({type:"paint",buffered:!0}),this.observers.push(i)}catch{}let t=0;try{let i=new PerformanceObserver(c=>{let a=c.getEntries(),o=a[a.length-1];o&&(t=o.startTime)});i.observe({type:"largest-contentful-paint",buffered:!0}),this.observers.push(i)}catch{}try{let i=new PerformanceObserver(c=>{for(let a of c.getEntries()){let o=a;typeof o.value=="number"&&!o.hadRecentInput&&(this.cls+=o.value,this.clsEntries.push(a))}});i.observe({type:"layout-shift",buffered:!0}),this.observers.push(i)}catch{}try{let i=new PerformanceObserver(c=>{for(let a of c.getEntries()){let o=a;o.interactionId&&o.duration>this.inp&&(this.inp=o.duration)}});try{i.observe({type:"event",buffered:!0,durationThreshold:16})}catch{i.observe({type:"first-input",buffered:!0})}this.observers.push(i)}catch{}let n=()=>{t>0&&!this.flushed.has("lcp")&&(this.flushed.add("lcp"),this.report("webvitals.lcp",{valueMs:Math.round(t)})),this.cls>0&&!this.flushed.has("cls")&&(this.flushed.add("cls"),this.report("webvitals.cls",{value:Math.round(this.cls*1e3)/1e3})),this.inp>0&&!this.flushed.has("inp")&&(this.flushed.add("inp"),this.report("webvitals.inp",{valueMs:Math.round(this.inp)}))},s=()=>{e.visibilityState==="hidden"&&n()};e.addEventListener("visibilitychange",s),globalThis.window.addEventListener("pagehide",n),this.cleanups.push(()=>{e.removeEventListener("visibilitychange",s),globalThis.window.removeEventListener("pagehide",n)})}uninstall(){for(let e of this.observers)try{e.disconnect()}catch{}this.observers=[];for(let e of this.cleanups.splice(0))try{e()}catch{}}};var tt={analytics:!0,marketing:!0,errors:!0},Y=class{constructor(e){this.state={...tt};this.dntDenied=!1;e?.respectDnt&&this.detectDnt()&&(this.dntDenied=!0,this.state={analytics:!1,marketing:!1,errors:!1})}set(e){if(this.dntDenied)return{...this.state};for(let t of Object.keys(e)){let n=e[t];typeof n=="boolean"&&(this.state[t]=n)}return{...this.state}}get(){return{...this.state}}get analytics(){return this.state.analytics}get marketing(){return this.state.marketing}get errors(){return this.state.errors}get isDntDenied(){return this.dntDenied}detectDnt(){try{let e=globalThis.navigator;return e?[e.doNotTrack,e.msDoNotTrack,globalThis.doNotTrack].some(n=>n==="1"||n==="yes"):!1}catch{return!1}}},ae=/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/g,ce=/\b\d(?:[ -]?\d){12,18}\b/g,rt="[email]",nt="[card]";function ke(r){if(!r)return r;let e=r;return ae.test(e)&&(e=e.replace(ae,rt)),ae.lastIndex=0,ce.test(e)&&(e=e.replace(ce,nt)),ce.lastIndex=0,e}function we(r){let e={};for(let t of Object.keys(r)){let n=r[t];typeof n=="string"?e[t]=ke(n):Array.isArray(n)?e[t]=n.map(s=>typeof s=="string"?ke(s):s):e[t]=n}return e}var Z=class{constructor(e=50){this.maxSize=e;this.items=[]}add(e){this.items.push(e),this.items.length>this.maxSize&&this.items.shift()}snapshot(){return this.items.slice()}clear(){this.items=[]}get size(){return this.items.length}};function de(r){if(!r||typeof r!="string")return[];let e=r.split(`
+`),t=[];for(let n of e){let s=n.trim();if(!s)continue;let i=st(s);i&&t.push(i)}return t}function st(r){let e=/^at\s+(.+?)\s+\((.+?):(\d+):(\d+)\)$/.exec(r);return e?ue({function:e[1],filename:e[2],lineno:parseInt(e[3],10),colno:parseInt(e[4],10),raw:r}):(e=/^at\s+(.+?):(\d+):(\d+)$/.exec(r),e?ue({function:"?",filename:e[1],lineno:parseInt(e[2],10),colno:parseInt(e[3],10),raw:r}):(e=/^(.*?)@(.+?):(\d+):(\d+)$/.exec(r),e?ue({function:e[1]||"?",filename:e[2],lineno:parseInt(e[3],10),colno:parseInt(e[4],10),raw:r}):/^\w*Error/.test(r)||!r.includes(":")?null:{function:"?",filename:"",lineno:0,colno:0,in_app:!0,raw:r}))}function ue(r){return{function:r.function||"?",filename:r.filename,lineno:Number.isFinite(r.lineno)?r.lineno:0,colno:Number.isFinite(r.colno)?r.colno:0,in_app:it(r.filename),raw:r.raw}}function it(r){return r?!(/^(?:chrome|moz|safari|webkit)-extension:\/\//.test(r)||/\bcdn\.jsdelivr\.net\b/.test(r)||/\bunpkg\.com\b/.test(r)||/\bgoogletagmanager\.com\b/.test(r)||/\bgoogle-analytics\.com\b/.test(r)||/\b@cross-deck\/web\b/.test(r)||/\/crossdeck\.umd\.min\.js$/.test(r)):!0}function C(r,e){let t=e.filter(s=>s.in_app).slice(0,3),n=[(r||"").slice(0,200),...t.map(s=>`${s.function}@${s.filename}:${s.lineno}`)].join("|");return ot(n)}function ot(r){let e=5381;for(let t=0;t<r.length;t++)e=(e<<5)+e+r.charCodeAt(t)|0;return(e>>>0).toString(16).padStart(8,"0")}var Ee={enabled:!0,onError:!0,onUnhandledRejection:!0,wrapFetch:!0,wrapXhr:!0,captureConsole:!1,ignoreErrors:["ResizeObserver loop limit exceeded","ResizeObserver loop completed with undelivered notifications","Non-Error promise rejection captured","Script error.","Script error"],allowUrls:[],denyUrls:[/^chrome-extension:\/\//,/^moz-extension:\/\//,/^safari-extension:\/\//,/^webkit-extension:\/\//,/^safari-web-extension:\/\//],sampleRate:1,maxPerFingerprintPerMinute:5,maxPerSession:100},ee=class{constructor(e){this.opts=e;this.installed=!1;this.cleanups=[];this._reporting=!1;this.sessionCount=0;this.fingerprintWindow=new Map}install(){if(this.installed||!this.opts.config.enabled||typeof globalThis>"u"||!("window"in globalThis))return;let e=globalThis.window;this.opts.config.onError&&this.installOnErrorListener(e),this.opts.config.onUnhandledRejection&&this.installRejectionListener(e),this.opts.config.wrapFetch&&this.installFetchWrap(e),this.opts.config.wrapXhr&&this.installXhrWrap(e),this.opts.config.captureConsole&&this.installConsoleWrap(),this.installed=!0}uninstall(){for(let e of this.cleanups.splice(0))try{e()}catch{}this.installed=!1}captureError(e,t){if(this.opts.isConsented())try{let n=this.buildFromUnknown(e,"error.handled",t?.level??"error");t?.context&&(n.context={...n.context,...t.context}),t?.tags&&(n.tags={...n.tags,...t.tags}),this.maybeReport(n)}catch{}}captureMessage(e,t="info"){if(this.opts.isConsented())try{let n={timestamp:Date.now(),kind:"error.message",level:t,message:e,errorType:null,frames:[],rawStack:null,filename:null,lineno:null,colno:null,fingerprint:C(e,[]),breadcrumbs:this.opts.breadcrumbs.snapshot(),context:this.opts.getContext(),tags:this.opts.getTags()};this.maybeReport(n)}catch{}}installOnErrorListener(e){let t=n=>{if(!this._reporting&&this.opts.isConsented())try{this._reporting=!0;let s=this.buildFromErrorEvent(n);this.maybeReport(s)}catch{}finally{this._reporting=!1}};e.addEventListener("error",t,!0),this.cleanups.push(()=>e.removeEventListener("error",t,!0))}installRejectionListener(e){let t=n=>{if(!this._reporting&&this.opts.isConsented())try{this._reporting=!0;let s=this.buildFromUnknown(n.reason,"error.unhandledrejection","error");this.maybeReport(s)}catch{}finally{this._reporting=!1}};e.addEventListener("unhandledrejection",t),this.cleanups.push(()=>e.removeEventListener("unhandledrejection",t))}installFetchWrap(e){let t=e.fetch?.bind(e);if(!t)return;let n=async(...s)=>{let i=s[0],c=s[1]??{},a=typeof i=="string"?i:i?.url??"",o=(c.method||"GET").toUpperCase(),p=Date.now();this.opts.breadcrumbs.add({timestamp:p,category:"http",message:`${o} ${a}`,data:{url:a,method:o}});try{let u=await t(...s);return u.status>=500&&this.opts.isConsented()&&(a.includes("api.cross-deck.com")||this.captureHttp({url:a,method:o,status:u.status,statusText:u.statusText})),u}catch(u){throw this.opts.isConsented()&&!a.includes("api.cross-deck.com")&&this.captureHttp({url:a,method:o,status:0,statusText:u instanceof Error?u.message:"network error"}),u}};e.fetch=n,this.cleanups.push(()=>{e.fetch===n&&(e.fetch=t)})}installXhrWrap(e){let n=e.XMLHttpRequest?.prototype;if(!n)return;let s=n.open,i=n.send,c=this;n.open=function(a,o,...p){return this._cdMethod=a,this._cdUrl=o,s.apply(this,[a,o,...p])},n.send=function(a){let o=this,p=()=>{try{if(o.status>=500&&c.opts.isConsented()){let u=o._cdUrl??"";u.includes("api.cross-deck.com")||c.captureHttp({url:u,method:(o._cdMethod??"GET").toUpperCase(),status:o.status,statusText:o.statusText})}}catch{}};return o.addEventListener("loadend",p),i.apply(this,[a??null])},this.cleanups.push(()=>{n.open=s,n.send=i})}installConsoleWrap(){let e=globalThis.console;if(!e)return;let t=e.error.bind(e);e.error=(...n)=>{try{this.opts.isConsented()&&this.captureMessage(n.map(s=>_e(s)).join(" "),"error")}catch{}return t(...n)},this.cleanups.push(()=>{e.error=t})}buildFromErrorEvent(e){let t=e.error,n=e.message||(t instanceof Error?t.message:"Unknown error"),s=t instanceof Error?t.stack??null:null,i=de(s);return{timestamp:Date.now(),kind:"error.unhandled",level:"error",message:String(n).slice(0,1024),errorType:t instanceof Error?t.name:null,frames:i,rawStack:s,filename:e.filename||null,lineno:typeof e.lineno=="number"?e.lineno:null,colno:typeof e.colno=="number"?e.colno:null,fingerprint:C(n,i),breadcrumbs:this.opts.breadcrumbs.snapshot(),context:this.opts.getContext(),tags:this.opts.getTags()}}buildFromUnknown(e,t,n){if(e instanceof Error){let i=de(e.stack);return{timestamp:Date.now(),kind:t,level:n,message:String(e.message).slice(0,1024),errorType:e.name,frames:i,rawStack:e.stack??null,filename:null,lineno:null,colno:null,fingerprint:C(e.message,i),breadcrumbs:this.opts.breadcrumbs.snapshot(),context:this.opts.getContext(),tags:this.opts.getTags()}}let s=_e(e).slice(0,1024);return{timestamp:Date.now(),kind:t,level:n,message:s,errorType:null,frames:[],rawStack:null,filename:null,lineno:null,colno:null,fingerprint:C(s,[]),breadcrumbs:this.opts.breadcrumbs.snapshot(),context:this.opts.getContext(),tags:this.opts.getTags()}}captureHttp(e){try{let t=`HTTP ${e.status} ${e.method} ${e.url}`,n={timestamp:Date.now(),kind:"error.http",level:"error",message:t,errorType:"HTTPError",frames:[],rawStack:null,filename:e.url,lineno:null,colno:null,fingerprint:C(`HTTP ${e.status} ${e.method}`,[]),breadcrumbs:this.opts.breadcrumbs.snapshot(),context:this.opts.getContext(),tags:this.opts.getTags(),http:e};this.maybeReport(n)}catch{}}maybeReport(e){if(this.sessionCount>=this.opts.config.maxPerSession||this.shouldIgnore(e)||!this.passesUrlGate(e)||!this.passesSample(e)||!this.passesRateLimit(e))return;let t=e;if(this.opts.beforeSend){try{t=this.opts.beforeSend(e)}catch{t=e}if(!t)return}this.sessionCount+=1;try{this.opts.report(t)}catch{}}shouldIgnore(e){for(let t of this.opts.config.ignoreErrors)if(typeof t=="string"&&e.message.includes(t)||t instanceof RegExp&&t.test(e.message))return!0;return!1}passesUrlGate(e){let n=(e.frames.find(s=>s.filename)??null)?.filename??e.filename??"";if(!n)return!0;for(let s of this.opts.config.denyUrls)if(typeof s=="string"&&n.includes(s)||s instanceof RegExp&&s.test(n))return!1;if(this.opts.config.allowUrls.length>0){for(let s of this.opts.config.allowUrls)if(typeof s=="string"&&n.includes(s)||s instanceof RegExp&&s.test(n))return!0;return!1}return!0}passesSample(e){return this.opts.config.sampleRate>=1?!0:this.opts.config.sampleRate<=0?!1:parseInt(e.fingerprint.slice(0,2),16)/255<this.opts.config.sampleRate}passesRateLimit(e){let n=Date.now(),s=this.opts.config.maxPerFingerprintPerMinute,c=(this.fingerprintWindow.get(e.fingerprint)??[]).filter(a=>n-a<6e4);return c.length>=s?(this.fingerprintWindow.set(e.fingerprint,c),!1):(c.push(n),this.fingerprintWindow.set(e.fingerprint,c),!0)}};function _e(r){if(r==null)return String(r);if(typeof r=="string")return r;if(typeof r=="number"||typeof r=="boolean")return String(r);try{return JSON.stringify(r)}catch{return Object.prototype.toString.call(r)}}var L=class{constructor(){this.state=null}init(e){if(!e.publicKey||!e.publicKey.startsWith("cd_pub_"))throw new b({type:"configuration_error",code:"invalid_public_key",message:"Crossdeck.init requires a publishable key starting with cd_pub_."});if(!e.appId)throw new b({type:"configuration_error",code:"missing_app_id",message:"Crossdeck.init requires an appId. Find yours in the Crossdeck dashboard."});if(e.environment!=="production"&&e.environment!=="sandbox")throw new b({type:"configuration_error",code:"invalid_environment",message:'Crossdeck.init requires environment: "production" | "sandbox".'});let t=at(e.publicKey);if(t&&t!==e.environment)throw new b({type:"configuration_error",code:"environment_mismatch",message:`Crossdeck.init: environment "${e.environment}" disagrees with key prefix (${t}). Reconcile the publishable key with the environment declaration.`});let n=ct(),s=e.storage??he(),i=e.persistIdentity??!0,c=ut(e.autoTrack),a={appId:e.appId,publicKey:e.publicKey,environment:e.environment,baseUrl:e.baseUrl??N,persistIdentity:i,storagePrefix:e.storagePrefix??"crossdeck:",autoHeartbeat:e.autoHeartbeat??!0,eventFlushBatchSize:e.eventFlushBatchSize??20,eventFlushIntervalMs:e.eventFlushIntervalMs??1500,sdkVersion:e.sdkVersion??$,autoTrack:c,appVersion:e.appVersion??null},o=new X;o.enabled=e.debug===!0;let p=new q({publicKey:a.publicKey,baseUrl:a.baseUrl,sdkVersion:a.sdkVersion,localDevMode:n});n&&console.log("[crossdeck] Localhost detected \u2014 running in dev mode (no network calls). Set publicKey: 'cd_pub_test_\u2026' and deploy to a real domain to test against the Crossdeck Sandbox.");let u=i?s:new w,l=i&&!e.storage&&typeof globalThis.document<"u"?new z:void 0,h=new B(u,a.storagePrefix,l),f=new W,g=i?new K({storage:u,prefix:a.storagePrefix}):null;g&&o.emit("sdk.queue_restored","Restored persisted event queue from a prior session.");let m=new j({http:p,batchSize:a.eventFlushBatchSize,intervalMs:a.eventFlushIntervalMs,envelope:()=>({appId:a.appId,environment:a.environment,sdk:{name:x,version:a.sdkVersion}}),persistentStore:g??void 0,onFirstFlushSuccess:()=>{o.emit("sdk.first_event_sent","First telemetry event received. View it in Live Events.",{appId:a.appId,environment:a.environment})},onRetryScheduled:y=>{o.emit("sdk.flush_retry_scheduled",`Event flush failed (${y.lastError}). Retrying in ${y.delayMs}ms (attempt ${y.consecutiveFailures}).`,{...y})}}),v=c.deviceInfo?me({appVersion:a.appVersion??void 0}):a.appVersion?{appVersion:a.appVersion}:{},S=new G(i?u:new w,a.storagePrefix),O=new Y({respectDnt:e.respectDnt===!0});O.isDntDenied&&o.emit("sdk.consent_dnt_applied","Do Not Track detected \u2014 all tracking dimensions denied at init.");let M=new Z(50);if(this.state={http:p,identity:h,entitlements:f,events:m,autoTracker:null,webVitals:null,errors:null,breadcrumbs:M,errorContext:{},errorTags:{},errorBeforeSend:null,superProps:S,consent:O,scrubPii:e.scrubPii!==!1,deviceInfo:v,options:a,debug:o,developerUserId:null,uninstallUnloadFlush:null,lastServerTime:null,lastClientTime:null},o.emit("sdk.configured",`Crossdeck connected to ${a.appId} in ${a.environment} mode.`,{appId:a.appId,environment:a.environment,sdkVersion:a.sdkVersion}),c.sessions||c.pageViews){let y=new D(c,(E,I)=>this.track(E,I));this.state.autoTracker=y,y.install()}if(c.webVitals){let y=new J({enabled:!0},(E,I)=>this.track(E,I));this.state.webVitals=y,y.install()}if(c.errors){let y=new ee({config:{...Ee,enabled:!0},breadcrumbs:M,report:E=>this.reportError(E),getContext:()=>({...this.state.errorContext}),getTags:()=>({...this.state.errorTags}),beforeSend:this.state.errorBeforeSend,isConsented:()=>this.state.consent.errors});this.state.errors=y,y.install()}this.state.uninstallUnloadFlush=dt(()=>{this.flush({keepalive:!0}).catch(()=>{})}),a.autoHeartbeat&&!n&&this.heartbeat().catch(()=>{})}start(e){typeof console<"u"&&console.warn("[crossdeck] Crossdeck.start() is deprecated \u2014 use Crossdeck.init() instead. The signature is the same."),this.init(e)}async identify(e,t){let n=this.requireStarted();if(!e)throw new b({type:"invalid_request_error",code:"missing_user_id",message:"identify(userId) requires a non-empty userId."});if(!n.consent.analytics)return n.debug.emit("sdk.consent_denied","identify() skipped \u2014 consent denied for analytics."),{object:"alias_result",crossdeckCustomerId:n.identity.crossdeckCustomerId??"",linked:[],mergePending:!1,env:n.options.environment};let s=t?.traits!==void 0?F(t.traits):null,i=s&&Object.keys(s.properties).length>0?s.properties:void 0;if(n.debug.enabled&&s&&s.warnings.length>0)for(let o of s.warnings)n.debug.emit("sdk.property_coerced",`identify() traits key ${JSON.stringify(o.key)} was ${o.kind.replace(/_/g," ")} during validation.`,{key:o.key,kind:o.kind});let c={userId:e,anonymousId:n.identity.anonymousId};t?.email&&(c.email=t.email),i&&(c.traits=i);let a=await n.http.request("POST","/identity/alias",{body:c});return n.identity.setCrossdeckCustomerId(a.crossdeckCustomerId),n.developerUserId=e,a}register(e){let t=this.requireStarted(),n=F(e);return t.superProps.register(n.properties)}unregister(e){this.requireStarted().superProps.unregister(e)}getSuperProperties(){return this.state?this.state.superProps.getSuperProperties():{}}group(e,t,n){let s=this.requireStarted();if(!e)throw new b({type:"invalid_request_error",code:"missing_group_type",message:"group(type, id) requires a non-empty type."});let i=n?F(n).properties:void 0;s.superProps.setGroup(e,t,i)}getGroups(){return this.state?this.state.superProps.getGroups():{}}consent(e){let t=this.requireStarted(),n=t.consent.set(e);return t.debug.emit("sdk.consent_changed","Consent state updated.",{...n}),n}consentStatus(){return this.state?this.state.consent.get():{analytics:!0,marketing:!0,errors:!0}}captureError(e,t){this.state?.errors&&this.state.errors.captureError(e,t)}captureMessage(e,t="info"){this.state?.errors&&this.state.errors.captureMessage(e,t)}setTag(e,t){this.state&&(this.state.errorTags[e]=t)}setTags(e){this.state&&Object.assign(this.state.errorTags,e)}setContext(e,t){this.state&&(this.state.errorContext[e]=t)}addBreadcrumb(e){this.state&&this.state.breadcrumbs.add(e)}setErrorBeforeSend(e){this.state&&(this.state.errorBeforeSend=e)}reportError(e){let t={fingerprint:e.fingerprint,level:e.level,errorType:e.errorType,message:e.message,stack:e.rawStack??void 0,frames:e.frames,filename:e.filename??void 0,lineno:e.lineno??void 0,colno:e.colno??void 0,tags:e.tags,context:e.context,breadcrumbs:e.breadcrumbs,http:e.http};for(let n of Object.keys(t))t[n]===void 0&&delete t[n];this.track(e.kind,t)}async forget(){let e=this.requireStarted(),t=this.identityQueryParams();try{await e.http.request("POST","/identity/forget",{body:{...t}})}catch(n){e.debug.emit("sdk.consent_denied",`forget() server call failed (${n instanceof Error?n.message:String(n)}). Local state wiped anyway.`)}this.reset()}async getEntitlements(){let e=this.requireStarted(),t=this.identityQueryParams(),n=await e.http.request("GET","/entitlements",{query:t});return n.crossdeckCustomerId&&e.identity.setCrossdeckCustomerId(n.crossdeckCustomerId),e.entitlements.setFromList(n.data),n.data}isEntitled(e){return this.requireStarted().entitlements.isEntitled(e)}listEntitlements(){return this.requireStarted().entitlements.list()}onEntitlementsChange(e){return this.requireStarted().entitlements.subscribe(e)}track(e,t){let n=this.requireStarted();if(!e)throw new b({type:"invalid_request_error",code:"missing_event_name",message:"track(name) requires a non-empty name."});let s=e.startsWith("error."),i=e.startsWith("webvitals.");if(!(s||i?n.consent.errors:n.consent.analytics)){n.debug.enabled&&n.debug.emit("sdk.consent_denied",`Dropped event "${e}" \u2014 consent denied for ${i?"errors":"analytics"}.`);return}if(n.debug.enabled&&t){let m=be(t);m.length>0&&n.debug.emit("sdk.sensitive_property_warning",`Event "${e}" has potentially sensitive property names: ${m.join(", ")}. Crossdeck is privacy-first \u2014 avoid sending PII unless intentional.`,{eventName:e,flagged:m})}n.debug.enabled&&!n.developerUserId&&!n.identity.crossdeckCustomerId&&n.debug.emit("sdk.no_identity","Using anonymous user until identify(userId) is called.");let a=F(t);if(n.debug.enabled&&a.warnings.length>0)for(let m of a.warnings)n.debug.emit("sdk.property_coerced",`Event "${e}" property ${JSON.stringify(m.key)} was ${m.kind.replace(/_/g," ")} during validation.`,{eventName:e,key:m.key,kind:m.kind});let o={...n.deviceInfo},p=n.autoTracker?.currentSessionId;p&&(o.sessionId=p);let u=n.autoTracker?.currentPageviewId;u&&(o.pageviewId=u);let d=n.autoTracker?.currentAcquisition;d&&(d.utm_source&&(o.utm_source=d.utm_source),d.utm_medium&&(o.utm_medium=d.utm_medium),d.utm_campaign&&(o.utm_campaign=d.utm_campaign),d.utm_content&&(o.utm_content=d.utm_content),d.utm_term&&(o.utm_term=d.utm_term),d.referrer&&n.consent.marketing&&(o.referrer=d.referrer),n.consent.marketing&&(d.gclid&&(o.gclid=d.gclid),d.fbclid&&(o.fbclid=d.fbclid),d.msclkid&&(o.msclkid=d.msclkid),d.ttclid&&(o.ttclid=d.ttclid),d.li_fat_id&&(o.li_fat_id=d.li_fat_id),d.twclid&&(o.twclid=d.twclid)));let l=n.superProps.getSuperProperties();for(let m of Object.keys(l))m in o||(o[m]=l[m]);let h=n.superProps.getGroupIds();Object.keys(h).length>0&&(o.$groups=h),Object.assign(o,a.properties);let f=n.scrubPii?we(o):o,g={eventId:this.mintEventId(),name:e,timestamp:Date.now(),properties:f};if(Object.assign(g,this.identityHintForEvent()),n.events.enqueue(g),!s&&!i){let m=e.startsWith("page.")?"navigation":e.startsWith("element.")||e==="session.started"?"ui.click":"custom";n.breadcrumbs.add({timestamp:g.timestamp,category:m,message:e,data:t?{...t}:void 0})}}async flush(e={}){await this.requireStarted().events.flush(e)}async flushEvents(){return this.flush()}async syncPurchases(e){let t=this.requireStarted();if(!e.signedTransactionInfo)throw new b({type:"invalid_request_error",code:"missing_signed_transaction_info",message:"syncPurchases requires a signedTransactionInfo string from StoreKit 2."});let n=await t.http.request("POST","/purchases/sync",{body:{rail:e.rail??"apple",...e}});return t.identity.setCrossdeckCustomerId(n.crossdeckCustomerId),t.entitlements.setFromList(n.entitlements),t.debug.emit("sdk.purchase_evidence_sent","StoreKit transaction forwarded. Waiting for backend verification.",{rail:e.rail??"apple"}),n}async purchaseApple(e){return this.syncPurchases({rail:"apple",...e})}setDebugMode(e){let t=this.requireStarted();t.debug.enabled=e,e&&t.debug.emit("sdk.configured",`Debug mode enabled for ${t.options.appId} in ${t.options.environment} mode.`,{appId:t.options.appId,environment:t.options.environment})}async heartbeat(){let e=this.requireStarted(),t=await e.http.request("GET","/sdk/heartbeat");return typeof t?.serverTime=="number"&&Number.isFinite(t.serverTime)&&(e.lastServerTime=t.serverTime,e.lastClientTime=Date.now()),t}reset(){if(this.state){if(this.state.developerUserId)try{this.track("user.signed_out",{auto:!0})}catch{}if(this.state.autoTracker?.uninstall(),this.state.identity.reset(),this.state.entitlements.clear(),this.state.events.reset(),this.state.superProps.clear(),this.state.breadcrumbs.clear(),this.state.errorContext={},this.state.errorTags={},this.state.developerUserId=null,this.state.autoTracker){let e=new D(this.state.options.autoTrack,(t,n)=>this.track(t,n));this.state.autoTracker=e,e.install()}}}diagnostics(){if(!this.state)return{started:!1,anonymousId:null,crossdeckCustomerId:null,developerUserId:null,sdkVersion:null,baseUrl:null,clock:{lastServerTime:null,lastClientTime:null,skewMs:null},entitlements:{count:0,lastUpdated:0,listenerErrors:0},events:{buffered:0,dropped:0,inFlight:0,lastFlushAt:0,lastError:null,consecutiveFailures:0,nextRetryAt:null}};let e=this.state,t=e.lastServerTime!==null&&e.lastClientTime!==null?e.lastClientTime-e.lastServerTime:null;return{started:!0,anonymousId:e.identity.anonymousId,crossdeckCustomerId:e.identity.crossdeckCustomerId,developerUserId:e.developerUserId,sdkVersion:e.options.sdkVersion,baseUrl:e.options.baseUrl,clock:{lastServerTime:e.lastServerTime,lastClientTime:e.lastClientTime,skewMs:t},entitlements:{count:e.entitlements.list().length,lastUpdated:e.entitlements.freshness,listenerErrors:e.entitlements.listenerErrors},events:e.events.getStats()}}requireStarted(){if(!this.state)throw new b({type:"configuration_error",code:"not_initialized",message:"Call Crossdeck.init({ appId, publicKey, environment }) before any other method."});return this.state}identityQueryParams(){let e=this.requireStarted();return e.identity.crossdeckCustomerId?{customerId:e.identity.crossdeckCustomerId}:e.developerUserId?{userId:e.developerUserId}:{anonymousId:e.identity.anonymousId}}identityHintForEvent(){let e=this.requireStarted(),t={anonymousId:e.identity.anonymousId};return e.developerUserId&&(t.developerUserId=e.developerUserId),e.identity.crossdeckCustomerId&&(t.crossdeckCustomerId=e.identity.crossdeckCustomerId),t}mintEventId(){return`evt_${Date.now().toString(36)}${k(8)}`}},Se=new L;function at(r){return r.startsWith("cd_pub_test_")?"sandbox":r.startsWith("cd_pub_live_")?"production":null}function ct(){let r=globalThis.window;if(r?.__CROSSDECK_FORCE_LIVE__===!0)return!1;let e=r?.location?.hostname;return e?!!(e==="localhost"||e==="127.0.0.1"||e==="::1"||e==="[::1]"||e.endsWith(".local")||/^10\./.test(e)||/^192\.168\./.test(e)||/^172\.(1[6-9]|2\d|3[0-1])\./.test(e)):!1}function ut(r){return r===!1?{sessions:!1,pageViews:!1,deviceInfo:!1,clicks:!1,webVitals:!1,errors:!1}:r===void 0||r===!0?{..._}:{sessions:r.sessions??_.sessions,pageViews:r.pageViews??_.pageViews,deviceInfo:r.deviceInfo??_.deviceInfo,clicks:r.clicks??_.clicks,webVitals:r.webVitals??_.webVitals,errors:r.errors??_.errors}}function dt(r){let e=globalThis.window,t=globalThis.document;if(!e||!t)return()=>{};let n=()=>{t.visibilityState==="hidden"&&r()},s=()=>r();return t.addEventListener("visibilitychange",n),e.addEventListener("pagehide",s),e.addEventListener("beforeunload",s),()=>{t.removeEventListener("visibilitychange",n),e.removeEventListener("pagehide",s),e.removeEventListener("beforeunload",s)}}var le=Object.freeze([{code:"invalid_public_key",type:"configuration_error",description:"The publishable key passed to Crossdeck.init() doesn't start with cd_pub_.",resolution:"Copy the key from your Crossdeck dashboard \u2192 API keys page.",retryable:!1},{code:"missing_app_id",type:"configuration_error",description:"Crossdeck.init() was called without an appId.",resolution:"Add appId to your init options \u2014 find it in the dashboard's Apps page.",retryable:!1},{code:"invalid_environment",type:"configuration_error",description:"Crossdeck.init() requires environment: 'production' | 'sandbox'.",resolution:'Pass the literal string "production" or "sandbox" \u2014 no other values are accepted.',retryable:!1},{code:"environment_mismatch",type:"configuration_error",description:"The publishable key's env prefix doesn't match the declared environment option.",resolution:"Either change `environment` to match the key prefix (cd_pub_test_ \u2194 sandbox, cd_pub_live_ \u2194 production), or swap the key for one minted in the right env.",retryable:!1},{code:"not_initialized",type:"configuration_error",description:"An SDK method was called before Crossdeck.init().",resolution:"Call Crossdeck.init({ appId, publicKey, environment }) once at app startup before any other method.",retryable:!1},{code:"missing_user_id",type:"invalid_request_error",description:"identify() was called with an empty userId.",resolution:"Pass a stable, non-empty user identifier from your auth layer \u2014 never a hardcoded placeholder.",retryable:!1},{code:"missing_event_name",type:"invalid_request_error",description:"track() was called without an event name.",resolution:"Pass a non-empty string as the first argument.",retryable:!1},{code:"missing_group_type",type:"invalid_request_error",description:"group() was called without a group type.",resolution:'Pass a non-empty type (e.g. "org", "team") as the first argument.',retryable:!1},{code:"missing_signed_transaction_info",type:"invalid_request_error",description:"syncPurchases() was called without StoreKit 2 signed transaction info.",resolution:"Pass the JWS string from Transaction.currentEntitlements / Transaction.updates.",retryable:!1},{code:"fetch_failed",type:"network_error",description:"The underlying fetch() call failed (typically a network outage or DNS issue).",resolution:"Check the user's network. The SDK will retry automatically with exponential backoff.",retryable:!0},{code:"request_timeout",type:"network_error",description:"A request was aborted after the configured timeoutMs (default 15s).",resolution:"Check the user's connection. Increase timeoutMs in init options if the user is on a known-slow network.",retryable:!0},{code:"invalid_json_response",type:"internal_error",description:"The server returned a 2xx with an unparseable body.",resolution:"Likely a transient backend bug. Retry; if it persists, contact support with the requestId.",retryable:!0}]);function Te(r){return le.find(e=>e.code===r)}return Ae(lt);})();
+//# sourceMappingURL=crossdeck.umd.min.js.map