@formo/analytics 1.28.2 → 1.28.4

package/dist/esm/src/queue/EventQueue.js

@@ -118,12 +118,12 @@ var EventQueue = /** @class */ (function () {
             });
             // Catches the page being hidden, including scenarios like closing the tab.
             document.addEventListener("pagehide", function () {
-                isAccessible = document.visibilityState === "hidden";
+                isAccessible = document.visibilityState !== "hidden";
                 handleOnLeave();
             });
             // Catches visibility changes, such as switching tabs or minimizing the browser.
             document.addEventListener("visibilitychange", function () {
-                isAccessible = true;
+                isAccessible = document.visibilityState !== "hidden";
                 if (document.visibilityState === "hidden") {
                     handleOnLeave();
                 }
@@ -149,7 +149,7 @@ var EventQueue = /** @class */ (function () {
                 switch (_a.label) {
                     case 0:
                         if (!(isAccessible === false)) return [3 /*break*/, 2];
-                        return [4 /*yield*/, this.flush()];
+                        return [4 /*yield*/, this.flush(undefined, true)];
                     case 1:
                         _a.sent();
                         _a.label = 2;
@@ -179,10 +179,8 @@ var EventQueue = /** @class */ (function () {
                         return [4 /*yield*/, this.generateMessageId(event)];
                     case 1:
                         message_id = _a.sent();
-                        return [4 /*yield*/, this.isDuplicate(message_id)];
-                    case 2:
                         // check if the message already exists
-                        if (_a.sent()) {
+                        if (this.isDuplicate(message_id)) {
                             logger.warn("Event already enqueued, try again after ".concat(millisecondsToSecond(this.flushIntervalMs), " seconds."));
                             return [2 /*return*/];
                         }
@@ -211,10 +209,11 @@ var EventQueue = /** @class */ (function () {
             });
         });
     };
-    EventQueue.prototype.flush = function (callback) {
-        return __awaiter(this, void 0, void 0, function () {
-            var items, sentAt, data, batches;
+    EventQueue.prototype.flush = function (callback_1) {
+        return __awaiter(this, arguments, void 0, function (callback, drainAll) {
+            var items, _i, items_1, item, sentAt, data, batches;
             var _this = this;
+            if (drainAll === void 0) { drainAll = false; }
             return __generator(this, function (_a) {
                 switch (_a.label) {
                     case 0:
@@ -228,13 +227,19 @@ var EventQueue = /** @class */ (function () {
                             return [2 /*return*/, Promise.resolve()];
                         }
                         if (!this.pendingFlush) return [3 /*break*/, 2];
+                        if (!!drainAll) return [3 /*break*/, 2];
                         return [4 /*yield*/, this.pendingFlush];
                     case 1:
                         _a.sent();
                         _a.label = 2;
                     case 2:
-                        items = this.queue.splice(0, this.flushAt);
-                        this.payloadHashes.clear();
+                        items = this.queue.splice(0, drainAll ? this.queue.length : this.flushAt);
+                        // Only remove hashes for flushed items so duplicate detection remains
+                        // active for events still in the queue.
+                        for (_i = 0, items_1 = items; _i < items_1.length; _i++) {
+                            item = items_1[_i];
+                            this.payloadHashes.delete(item.message.message_id);
+                        }
                         sentAt = new Date().toISOString();
                         data = items.map(function (item) { return (__assign(__assign({}, item.message), { sent_at: sentAt })); });
                         batches = this.splitIntoBatches(items, data);
@@ -396,15 +401,11 @@ var EventQueue = /** @class */ (function () {
         return false;
     };
     EventQueue.prototype.isDuplicate = function (eventId) {
-        return __awaiter(this, void 0, void 0, function () {
-            return __generator(this, function (_a) {
-                // check if exists a message with identical payload within 1 minute
-                if (this.payloadHashes.has(eventId))
-                    return [2 /*return*/, true];
-                this.payloadHashes.add(eventId);
-                return [2 /*return*/, false];
-            });
-        });
+        // check if exists a message with identical payload within 1 minute
+        if (this.payloadHashes.has(eventId))
+            return true;
+        this.payloadHashes.add(eventId);
+        return false;
     };
     return EventQueue;
 }());

package/dist/esm/src/session/index.d.ts

@@ -38,15 +38,6 @@ export interface IFormoAnalyticsSession {
      */
     markWalletIdentified(address: string, rdns: string): void;
 }
-/**
- * Implementation of session management using cookies
- *
- * Tracks:
- * - Detected wallets (by RDNS) - to prevent duplicate detection events
- * - Identified wallet-address pairs - to prevent duplicate identification events
- *
- * Session data expires at end of day (86400 seconds).
- */
 export declare class FormoAnalyticsSession implements IFormoAnalyticsSession {
     /**
      * Generate a unique key for wallet identification tracking

package/dist/esm/src/session/index.js

@@ -22,6 +22,7 @@ export var SESSION_WALLET_IDENTIFIED_KEY = "wallet-identified";
  *
  * Session data expires at end of day (86400 seconds).
  */
+var MAX_SESSION_ENTRIES = 20;
 var FormoAnalyticsSession = /** @class */ (function () {
     function FormoAnalyticsSession() {
     }
@@ -59,6 +60,9 @@ var FormoAnalyticsSession = /** @class */ (function () {
         var rdnses = ((_a = cookie().get(SESSION_WALLET_DETECTED_KEY)) === null || _a === void 0 ? void 0 : _a.split(",")) || [];
         if (!rdnses.includes(rdns)) {
             rdnses.push(rdns);
+            if (rdnses.length > MAX_SESSION_ENTRIES) {
+                rdnses.splice(0, rdnses.length - MAX_SESSION_ENTRIES);
+            }
             cookie().set(SESSION_WALLET_DETECTED_KEY, rdnses.join(","), {
                 // Expires by the end of the day
                 expires: new Date(Date.now() + 86400 * 1000).toUTCString(),
@@ -99,6 +103,9 @@ var FormoAnalyticsSession = /** @class */ (function () {
         var alreadyExists = identifiedWallets.includes(identifiedKey);
         if (!alreadyExists) {
             identifiedWallets.push(identifiedKey);
+            if (identifiedWallets.length > MAX_SESSION_ENTRIES) {
+                identifiedWallets.splice(0, identifiedWallets.length - MAX_SESSION_ENTRIES);
+            }
             var newValue = identifiedWallets.join(",");
             cookie().set(SESSION_WALLET_IDENTIFIED_KEY, newValue, {
                 // Expires by the end of the day

package/dist/esm/src/solana/SolanaAdapter.d.ts

@@ -26,11 +26,10 @@ export declare class SolanaAdapter {
      */
     private pendingTransactions;
     /**
-     * Original adapter methods that we wrap for tracking
+     * Per-adapter original methods stored in a WeakMap to prevent routing
+     * to the wrong wallet after switching adapters.
      */
-    private originalAdapterSendTransaction?;
-    private originalAdapterSignMessage?;
-    private originalAdapterSignTransaction?;
+    private adapterOriginals;
     /**
      * Bound wrapper references — used to detect when external code (e.g. StandardWalletAdapter._reset())
      * overwrites our wraps so we can re-apply them.

package/dist/esm/src/solana/SolanaAdapter.js

@@ -115,6 +115,11 @@ var SolanaAdapter = /** @class */ (function () {
          * Key: transaction signature, Value: transaction details
          */
         this.pendingTransactions = new Map();
+        /**
+         * Per-adapter original methods stored in a WeakMap to prevent routing
+         * to the wrong wallet after switching adapters.
+         */
+        this.adapterOriginals = new WeakMap();
         /**
          * Track active polling timeout IDs for cleanup
          */
@@ -144,21 +149,22 @@ var SolanaAdapter = /** @class */ (function () {
     SolanaAdapter.prototype.restoreOriginalMethods = function () {
         // Restore adapter methods
         if (this.wrappedAdapter) {
-            if (this.originalAdapterSendTransaction) {
-                this.wrappedAdapter.sendTransaction = this.originalAdapterSendTransaction;
-            }
-            if (this.originalAdapterSignMessage) {
-                this.wrappedAdapter.signMessage = this.originalAdapterSignMessage;
-            }
-            if (this.originalAdapterSignTransaction) {
-                this.wrappedAdapter.signTransaction = this.originalAdapterSignTransaction;
+            var originals = this.adapterOriginals.get(this.wrappedAdapter);
+            if (originals) {
+                if (originals.sendTransaction) {
+                    this.wrappedAdapter.sendTransaction = originals.sendTransaction;
+                }
+                if (originals.signMessage) {
+                    this.wrappedAdapter.signMessage = originals.signMessage;
+                }
+                if (originals.signTransaction) {
+                    this.wrappedAdapter.signTransaction = originals.signTransaction;
+                }
+                this.adapterOriginals.delete(this.wrappedAdapter);
             }
             this.wrappedAdapter = undefined;
         }
-        // Clear original and bound wrapper references
-        this.originalAdapterSendTransaction = undefined;
-        this.originalAdapterSignMessage = undefined;
-        this.originalAdapterSignTransaction = undefined;
+        // Clear bound wrapper references
         this.boundWrappedSendTransaction = undefined;
         this.boundWrappedSignMessage = undefined;
         this.boundWrappedSignTransaction = undefined;
@@ -387,24 +393,26 @@ var SolanaAdapter = /** @class */ (function () {
         }
         // Store reference to adapter for cleanup
         this.wrappedAdapter = adapter;
+        var originals = {};
         // Wrap sendTransaction
         if (adapter.sendTransaction) {
-            this.originalAdapterSendTransaction = adapter.sendTransaction.bind(adapter);
+            originals.sendTransaction = adapter.sendTransaction.bind(adapter);
             this.boundWrappedSendTransaction = this.wrappedSendTransaction.bind(this);
             adapter.sendTransaction = this.boundWrappedSendTransaction;
         }
         // Wrap signMessage
         if (adapter.signMessage) {
-            this.originalAdapterSignMessage = adapter.signMessage.bind(adapter);
+            originals.signMessage = adapter.signMessage.bind(adapter);
             this.boundWrappedSignMessage = this.wrappedSignMessage.bind(this);
             adapter.signMessage = this.boundWrappedSignMessage;
         }
         // Wrap signTransaction
         if (adapter.signTransaction) {
-            this.originalAdapterSignTransaction = adapter.signTransaction.bind(adapter);
+            originals.signTransaction = adapter.signTransaction.bind(adapter);
             this.boundWrappedSignTransaction = this.wrappedSignTransaction.bind(this);
             adapter.signTransaction = this.boundWrappedSignTransaction;
         }
+        this.adapterOriginals.set(adapter, originals);
     };
     /**
      * Re-wrap methods that were overwritten by external code.
@@ -416,9 +424,10 @@ var SolanaAdapter = /** @class */ (function () {
      */
     SolanaAdapter.prototype.rewrapOverwrittenMethods = function (adapter) {
         var rewrapped = false;
+        var originals = this.adapterOriginals.get(adapter) || {};
         // signMessage
         if (adapter.signMessage && adapter.signMessage !== this.boundWrappedSignMessage) {
-            this.originalAdapterSignMessage = adapter.signMessage.bind(adapter);
+            originals.signMessage = adapter.signMessage.bind(adapter);
             if (!this.boundWrappedSignMessage) {
                 this.boundWrappedSignMessage = this.wrappedSignMessage.bind(this);
             }
@@ -426,11 +435,11 @@ var SolanaAdapter = /** @class */ (function () {
             rewrapped = true;
         }
         else if (!adapter.signMessage && this.boundWrappedSignMessage) {
-            this.originalAdapterSignMessage = undefined;
+            originals.signMessage = undefined;
         }
         // signTransaction
         if (adapter.signTransaction && adapter.signTransaction !== this.boundWrappedSignTransaction) {
-            this.originalAdapterSignTransaction = adapter.signTransaction.bind(adapter);
+            originals.signTransaction = adapter.signTransaction.bind(adapter);
             if (!this.boundWrappedSignTransaction) {
                 this.boundWrappedSignTransaction = this.wrappedSignTransaction.bind(this);
             }
@@ -438,17 +447,18 @@ var SolanaAdapter = /** @class */ (function () {
             rewrapped = true;
         }
         else if (!adapter.signTransaction && this.boundWrappedSignTransaction) {
-            this.originalAdapterSignTransaction = undefined;
+            originals.signTransaction = undefined;
         }
         // sendTransaction — unlikely to be overwritten but check for completeness
         if (adapter.sendTransaction && adapter.sendTransaction !== this.boundWrappedSendTransaction) {
-            this.originalAdapterSendTransaction = adapter.sendTransaction.bind(adapter);
+            originals.sendTransaction = adapter.sendTransaction.bind(adapter);
             if (!this.boundWrappedSendTransaction) {
                 this.boundWrappedSendTransaction = this.wrappedSendTransaction.bind(this);
             }
             adapter.sendTransaction = this.boundWrappedSendTransaction;
             rewrapped = true;
         }
+        this.adapterOriginals.set(adapter, originals);
         if (rewrapped) {
             logger.debug("SolanaAdapter: Re-wrapped overwritten adapter methods");
         }
@@ -458,12 +468,13 @@ var SolanaAdapter = /** @class */ (function () {
      */
     SolanaAdapter.prototype.wrappedSendTransaction = function (transaction, connection, options) {
         return __awaiter(this, void 0, void 0, function () {
-            var chainId, address, signature, error_1;
+            var originals, chainId, address, signature, error_1;
             return __generator(this, function (_a) {
                 switch (_a.label) {
                     case 0:
                         this.checkAndRebindContextAdapter();
-                        if (!this.originalAdapterSendTransaction) {
+                        originals = this.wrappedAdapter ? this.adapterOriginals.get(this.wrappedAdapter) : undefined;
+                        if (!(originals === null || originals === void 0 ? void 0 : originals.sendTransaction)) {
                             throw new Error("sendTransaction not available");
                         }
                         chainId = this.chainId;
@@ -472,7 +483,7 @@ var SolanaAdapter = /** @class */ (function () {
                         _a.label = 1;
                     case 1:
                         _a.trys.push([1, 3, , 4]);
-                        return [4 /*yield*/, this.originalAdapterSendTransaction(transaction, connection, options)];
+                        return [4 /*yield*/, originals.sendTransaction(transaction, connection, options)];
                     case 2:
                         signature = _a.sent();
                         this.emitTransactionEvent(TransactionStatus.BROADCASTED, address, chainId, signature);
@@ -498,12 +509,13 @@ var SolanaAdapter = /** @class */ (function () {
      */
     SolanaAdapter.prototype.wrappedSignMessage = function (message) {
         return __awaiter(this, void 0, void 0, function () {
-            var chainId, address, messageString, signature, signatureHex, error_2;
+            var originals, chainId, address, messageString, signature, signatureHex, error_2;
             return __generator(this, function (_a) {
                 switch (_a.label) {
                     case 0:
                         this.checkAndRebindContextAdapter();
-                        if (!this.originalAdapterSignMessage) {
+                        originals = this.wrappedAdapter ? this.adapterOriginals.get(this.wrappedAdapter) : undefined;
+                        if (!(originals === null || originals === void 0 ? void 0 : originals.signMessage)) {
                             throw new Error("signMessage not available");
                         }
                         chainId = this.chainId;
@@ -513,7 +525,7 @@ var SolanaAdapter = /** @class */ (function () {
                         _a.label = 1;
                     case 1:
                         _a.trys.push([1, 3, , 4]);
-                        return [4 /*yield*/, this.originalAdapterSignMessage(message)];
+                        return [4 /*yield*/, originals.signMessage(message)];
                     case 2:
                         signature = _a.sent();
                         signatureHex = uint8ArrayToHex(signature);
@@ -533,12 +545,13 @@ var SolanaAdapter = /** @class */ (function () {
      */
     SolanaAdapter.prototype.wrappedSignTransaction = function (transaction) {
         return __awaiter(this, void 0, void 0, function () {
-            var chainId, address, message, signedTx, error_3;
+            var originals, chainId, address, message, signedTx, error_3;
             return __generator(this, function (_a) {
                 switch (_a.label) {
                     case 0:
                         this.checkAndRebindContextAdapter();
-                        if (!this.originalAdapterSignTransaction) {
+                        originals = this.wrappedAdapter ? this.adapterOriginals.get(this.wrappedAdapter) : undefined;
+                        if (!(originals === null || originals === void 0 ? void 0 : originals.signTransaction)) {
                             throw new Error("signTransaction not available");
                         }
                         chainId = this.chainId;
@@ -548,7 +561,7 @@ var SolanaAdapter = /** @class */ (function () {
                         _a.label = 1;
                     case 1:
                         _a.trys.push([1, 3, , 4]);
-                        return [4 /*yield*/, this.originalAdapterSignTransaction(transaction)];
+                        return [4 /*yield*/, originals.signTransaction(transaction)];
                     case 2:
                         signedTx = _a.sent();
                         this.emitSignatureEvent(SignatureStatus.CONFIRMED, address, chainId, message);

package/dist/esm/src/storage/StorageManager.js

@@ -17,11 +17,19 @@ var StorageManager = /** @class */ (function () {
     StorageManager.prototype.getStorage = function (type) {
         if (!this.storages.has(type)) {
             var storage = this.createStorage(type);
+            var currentType = type;
             // If storage is not available, try next
             while (!storage.isAvailable()) {
-                var index = TYPES.indexOf(type);
-                logger.warn("Storage ".concat(type, " is not available, trying ").concat(TYPES[index + 1]));
-                storage = this.createStorage(TYPES[index + 1]);
+                var index = TYPES.indexOf(currentType);
+                if (index === -1 || index + 1 >= TYPES.length) {
+                    // No more fallbacks, use memory storage as last resort
+                    storage = this.createStorage("memoryStorage");
+                    break;
+                }
+                var prevType = currentType;
+                currentType = TYPES[index + 1];
+                logger.warn("Storage ".concat(prevType, " is not available, trying ").concat(currentType));
+                storage = this.createStorage(currentType);
             }
             // Add to cache
             this.storages.set(type, storage);

package/dist/esm/src/storage/built-in/cookie.js

@@ -14,6 +14,7 @@ var __extends = (this && this.__extends) || (function () {
     };
 })();
 import StorageBlueprint from "./blueprint";
+import { getApexDomain } from "../../utils/domain";
 var CookieStorage = /** @class */ (function (_super) {
     __extends(CookieStorage, _super);
     function CookieStorage() {
@@ -26,10 +27,27 @@ var CookieStorage = /** @class */ (function (_super) {
         var expires = options === null || options === void 0 ? void 0 : options.expires;
         var maxAge = options === null || options === void 0 ? void 0 : options.maxAge;
         var path = (options === null || options === void 0 ? void 0 : options.path) || "/";
-        var domain = options === null || options === void 0 ? void 0 : options.domain;
+        var domain = (options === null || options === void 0 ? void 0 : options.domain) || "";
         var sameSite = options === null || options === void 0 ? void 0 : options.sameSite;
         var secure = (options === null || options === void 0 ? void 0 : options.secure) || false;
-        var cookie = "".concat(encodeURIComponent(this.getKey(key)), "=").concat(encodeURIComponent(value));
+        var encodedKey = encodeURIComponent(this.getKey(key));
+        // When writing a domain-wide cookie, expire any legacy host-only cookie
+        // on the current host so it doesn't shadow the domain-wide cookie in
+        // document.cookie reads. This only clears the cookie on the current host;
+        // host-only cookies on sibling hosts are not visible and cannot be cleared.
+        if (domain) {
+            document.cookie = "".concat(encodedKey, "=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=").concat(path, ";");
+        }
+        else {
+            // When writing a host-only cookie (no domain), expire any previously
+            // written apex-domain cookie so it doesn't shadow the new host cookie.
+            // This handles the transition from crossSubdomainCookies: true to false.
+            var apexDomain = getApexDomain();
+            if (apexDomain) {
+                document.cookie = "".concat(encodedKey, "=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=").concat(path, "; domain=.").concat(apexDomain);
+            }
+        }
+        var cookie = "".concat(encodedKey, "=").concat(encodeURIComponent(value));
         if (maxAge) {
             cookie += "; max-age=" + maxAge;
         }
@@ -55,7 +73,15 @@ var CookieStorage = /** @class */ (function (_super) {
         return match ? decodeURIComponent(match[1]) : null;
     };
     CookieStorage.prototype.remove = function (key) {
-        document.cookie = "".concat(encodeURIComponent(this.getKey(key)), "=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT");
+        var encodedKey = encodeURIComponent(this.getKey(key));
+        // Always expire host-only cookie
+        document.cookie = "".concat(encodedKey, "=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT");
+        // Also expire apex-domain cookie if a valid apex domain exists,
+        // so that remove() works regardless of crossSubdomainCookies.
+        var domain = getApexDomain();
+        if (domain) {
+            document.cookie = "".concat(encodedKey, "=; path=/; domain=.").concat(domain, "; expires=Thu, 01 Jan 1970 00:00:00 GMT");
+        }
     };
     return CookieStorage;
 }(StorageBlueprint));

package/dist/esm/src/storage/cookiePolicy.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Returns the domain attribute string for identity cookies.
+ * - false → "" (no domain attribute, host-only)
+ * - true  → ".example.com" when a valid apex domain is detected,
+ *            or "" on localhost / IP / single-label hosts
+ *
+ * @param crossSubdomain Whether cookies should be shared across subdomains.
+ */
+export declare function getIdentityCookieDomain(crossSubdomain?: boolean): string;
+//# sourceMappingURL=cookiePolicy.d.ts.map

package/dist/esm/src/storage/cookiePolicy.js

@@ -0,0 +1,24 @@
+/**
+ * Cookie domain policy — centralizes the decision of whether identity
+ * cookies should be host-scoped or apex-scoped.
+ *
+ * - true (default): domain set to .apexDomain → shared across subdomains
+ * - false: no domain attribute → cookie scoped to current host
+ */
+import { getApexDomain } from "../utils/domain";
+/**
+ * Returns the domain attribute string for identity cookies.
+ * - false → "" (no domain attribute, host-only)
+ * - true  → ".example.com" when a valid apex domain is detected,
+ *            or "" on localhost / IP / single-label hosts
+ *
+ * @param crossSubdomain Whether cookies should be shared across subdomains.
+ */
+export function getIdentityCookieDomain(crossSubdomain) {
+    if (crossSubdomain === void 0) { crossSubdomain = true; }
+    if (!crossSubdomain)
+        return "";
+    var domain = getApexDomain();
+    return domain ? ".".concat(domain) : "";
+}
+//# sourceMappingURL=cookiePolicy.js.map

package/dist/esm/src/types/base.d.ts

@@ -144,6 +144,18 @@ export interface WagmiOptions {
 export interface Options {
     provider?: EIP1193Provider;
     tracking?: boolean | TrackingOptions;
+    /**
+     * When `true`, identity cookies (anonymous ID, user ID) are set on the
+     * apex/root domain (e.g. `.example.com`), enabling cross-subdomain identity
+     * sharing between app.example.com and www.example.com.
+     *
+     * When `false`, cookies are scoped to the current host only.
+     *
+     * Session cookies (wallet detection, current URL) always remain host-scoped.
+     * Consent cookies are always apex-scoped independently for compliance.
+     * @default true
+     */
+    crossSubdomainCookies?: boolean;
     /**
      * Control wallet event autocapture
      * - `false`: Disable all wallet autocapture

package/dist/esm/src/utils/address.js

@@ -46,15 +46,13 @@ export var getValidAddress = function (address) {
  * @returns true if the address is blocked, false otherwise
  */
 export var isBlockedAddress = function (address) {
-    if (!address)
+    if (!address || typeof address !== 'string')
         return false;
-    var validAddress = getValidAddress(address);
-    if (!validAddress)
+    var normalized = address.trim().toLowerCase();
+    if (!normalized || !normalized.startsWith('0x') || normalized.length !== 42)
         return false;
-    // Normalize to checksum format for comparison
-    var checksumAddress = toChecksumAddress(validAddress);
     return BLOCKED_ADDRESSES.some(function (blockedAddr) {
-        return toChecksumAddress(blockedAddr) === checksumAddress;
+        return blockedAddr.toLowerCase() === normalized;
     });
 };
 export var toChecksumAddress = function (address) {

package/dist/esm/src/utils/domain.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Domain utilities for cross-subdomain cookie sharing.
+ *
+ * Uses a cookie-probe approach: tries setting a test cookie on progressively
+ * shorter domain candidates until the browser accepts one. This is
+ * self-maintaining — no hardcoded public suffix lists to keep up to date.
+ * The browser itself is the authority on which domains accept cookies.
+ */
+/**
+ * Extract the apex (registrable) domain for cookie sharing across subdomains.
+ *
+ * Walks up the hostname labels from shortest candidate to longest, probing
+ * with a test cookie. The shortest domain the browser accepts is the apex.
+ *
+ * Returns null for localhost, IP addresses, single-label hosts, SSR, or
+ * when no candidate domain accepts cookies (e.g. public suffix hosts like
+ * vercel.app or github.io).
+ *
+ * Results are cached for the lifetime of the page.
+ */
+export declare function getApexDomain(): string | null;
+/**
+ * Reset the cached apex domain. Exposed for testing only.
+ * @internal
+ */
+export declare function _resetApexDomainCache(): void;
+//# sourceMappingURL=domain.d.ts.map

package/dist/esm/src/utils/domain.js

@@ -0,0 +1,70 @@
+/**
+ * Domain utilities for cross-subdomain cookie sharing.
+ *
+ * Uses a cookie-probe approach: tries setting a test cookie on progressively
+ * shorter domain candidates until the browser accepts one. This is
+ * self-maintaining — no hardcoded public suffix lists to keep up to date.
+ * The browser itself is the authority on which domains accept cookies.
+ */
+var TEST_COOKIE_NAME = '__formo_domain_probe';
+/** Cached result so we only probe once per page load. */
+var cachedApexDomain;
+/**
+ * Try to set a test cookie on the given domain. Returns true if the browser
+ * accepted it (i.e. the cookie is readable back).
+ */
+function canSetCookieOnDomain(domain) {
+    var cookieVal = 'probe';
+    document.cookie = "".concat(TEST_COOKIE_NAME, "=").concat(cookieVal, "; domain=.").concat(domain, "; path=/; max-age=10");
+    var accepted = document.cookie.indexOf("".concat(TEST_COOKIE_NAME, "=").concat(cookieVal)) !== -1;
+    // Clean up regardless of result
+    document.cookie = "".concat(TEST_COOKIE_NAME, "=; domain=.").concat(domain, "; path=/; max-age=0");
+    return accepted;
+}
+/**
+ * Extract the apex (registrable) domain for cookie sharing across subdomains.
+ *
+ * Walks up the hostname labels from shortest candidate to longest, probing
+ * with a test cookie. The shortest domain the browser accepts is the apex.
+ *
+ * Returns null for localhost, IP addresses, single-label hosts, SSR, or
+ * when no candidate domain accepts cookies (e.g. public suffix hosts like
+ * vercel.app or github.io).
+ *
+ * Results are cached for the lifetime of the page.
+ */
+export function getApexDomain() {
+    if (typeof window === 'undefined')
+        return null;
+    if (cachedApexDomain !== undefined)
+        return cachedApexDomain;
+    var hostname = window.location.hostname;
+    if (hostname === 'localhost' || /^\d+\.\d+\.\d+\.\d+$/.test(hostname)) {
+        cachedApexDomain = null;
+        return null;
+    }
+    var parts = hostname.split('.');
+    if (parts.length < 2) {
+        cachedApexDomain = null;
+        return null;
+    }
+    // Walk from the shortest candidate (last 2 labels) to the full hostname.
+    // The shortest domain the browser accepts is the apex domain.
+    for (var i = 2; i <= parts.length; i++) {
+        var candidate = parts.slice(-i).join('.');
+        if (canSetCookieOnDomain(candidate)) {
+            cachedApexDomain = candidate;
+            return candidate;
+        }
+    }
+    cachedApexDomain = null;
+    return null;
+}
+/**
+ * Reset the cached apex domain. Exposed for testing only.
+ * @internal
+ */
+export function _resetApexDomainCache() {
+    cachedApexDomain = undefined;
+}
+//# sourceMappingURL=domain.js.map