@gurulu/node 0.1.2 → 1.0.1

package/dist/index.js

@@ -1,28 +1,947 @@
-"use strict";
-/**
- * @gurulu/node — public entry point.
- *
- * Phase 10 W4.2: server SDK hardening adds batch+retry, deterministic
- * idempotency keys, dead-letter callbacks, and business event emitters.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.leadCaptured = exports.orderPlaced = exports.subscriptionStarted = exports.paymentSucceeded = exports.userCreated = exports.honoErrorHandler = exports.guruluFastifyPlugin = exports.expressHandler = exports.expressErrorHandler = exports.setDefaultInstance = exports.addBreadcrumb = exports.captureException = exports.createIdempotencyKey = exports.Gurulu = void 0;
-var client_1 = require("./client");
-Object.defineProperty(exports, "Gurulu", { enumerable: true, get: function () { return client_1.Gurulu; } });
-Object.defineProperty(exports, "createIdempotencyKey", { enumerable: true, get: function () { return client_1.createIdempotencyKey; } });
-Object.defineProperty(exports, "captureException", { enumerable: true, get: function () { return client_1.captureException; } });
-Object.defineProperty(exports, "addBreadcrumb", { enumerable: true, get: function () { return client_1.addBreadcrumb; } });
-Object.defineProperty(exports, "setDefaultInstance", { enumerable: true, get: function () { return client_1.setDefaultInstance; } });
-// Framework error-handler middleware.
-var middleware_1 = require("./middleware");
-Object.defineProperty(exports, "expressErrorHandler", { enumerable: true, get: function () { return middleware_1.expressErrorHandler; } });
-Object.defineProperty(exports, "expressHandler", { enumerable: true, get: function () { return middleware_1.expressHandler; } });
-Object.defineProperty(exports, "guruluFastifyPlugin", { enumerable: true, get: function () { return middleware_1.guruluFastifyPlugin; } });
-Object.defineProperty(exports, "honoErrorHandler", { enumerable: true, get: function () { return middleware_1.honoErrorHandler; } });
-// Business event emitters (W4.2).
-var business_events_1 = require("./business-events");
-Object.defineProperty(exports, "userCreated", { enumerable: true, get: function () { return business_events_1.userCreated; } });
-Object.defineProperty(exports, "paymentSucceeded", { enumerable: true, get: function () { return business_events_1.paymentSucceeded; } });
-Object.defineProperty(exports, "subscriptionStarted", { enumerable: true, get: function () { return business_events_1.subscriptionStarted; } });
-Object.defineProperty(exports, "orderPlaced", { enumerable: true, get: function () { return business_events_1.orderPlaced; } });
-Object.defineProperty(exports, "leadCaptured", { enumerable: true, get: function () { return business_events_1.leadCaptured; } });
+// src/context.ts
+import { AsyncLocalStorage } from "node:async_hooks";
+var contextStorage = new AsyncLocalStorage;
+function runWithContext(ctx, fn) {
+  return contextStorage.run(ctx, fn);
+}
+function getContext() {
+  return contextStorage.getStore();
+}
+function mergeContext(explicit) {
+  const stored = contextStorage.getStore();
+  if (!stored && !explicit)
+    return {};
+  if (!stored)
+    return explicit ?? {};
+  if (!explicit)
+    return stored;
+  return {
+    ...stored,
+    ...explicit,
+    source_context: { ...stored.source_context, ...explicit.source_context },
+    consent_state: explicit.consent_state ?? stored.consent_state
+  };
+}
+function generateRequestId() {
+  return crypto.randomUUID();
+}
+
+// src/middleware/express.ts
+function createExpressMiddleware(options = {}) {
+  const cookieName = options.anonymousIdCookie ?? "gurulu_aid";
+  const headerName = options.anonymousIdHeader ?? "x-gurulu-anonymous-id";
+  const emit = options.emitResponseHeader ?? true;
+  return function guruluExpressMiddleware(req, res, next) {
+    const headerVal = req.headers[headerName];
+    const headerAid = Array.isArray(headerVal) ? headerVal[0] : headerVal;
+    const cookieAid = req.cookies?.[cookieName];
+    const requestId = pickHeader(req.headers["x-request-id"]) ?? generateRequestId();
+    const traceId = pickHeader(req.headers["x-trace-id"]) ?? pickHeader(req.headers.traceparent);
+    const ctx = {
+      request_id: requestId
+    };
+    if (headerAid || cookieAid)
+      ctx.anonymous_id = headerAid ?? cookieAid;
+    if (traceId)
+      ctx.trace_id = traceId;
+    if (req.ip || req.socket?.remoteAddress)
+      ctx.ip = req.ip ?? req.socket?.remoteAddress;
+    const ua = pickHeader(req.headers["user-agent"]);
+    if (ua)
+      ctx.user_agent = ua;
+    if (req.hostname)
+      ctx.domain = req.hostname;
+    if (emit)
+      res.setHeader("x-gurulu-request-id", requestId);
+    runWithContext(ctx, () => next());
+  };
+}
+function pickHeader(v) {
+  if (Array.isArray(v))
+    return v[0];
+  return v;
+}
+
+// src/middleware/fastify.ts
+function createFastifyPlugin(options = {}) {
+  const cookieName = options.anonymousIdCookie ?? "gurulu_aid";
+  const headerName = options.anonymousIdHeader ?? "x-gurulu-anonymous-id";
+  const emit = options.emitResponseHeader ?? true;
+  return async function guruluFastifyPlugin(fastify) {
+    fastify.addHook("onRequest", (req, reply) => {
+      return new Promise((resolve) => {
+        const headerVal = req.headers[headerName];
+        const headerAid = Array.isArray(headerVal) ? headerVal[0] : headerVal;
+        const cookieAid = req.cookies?.[cookieName];
+        const requestId = pickHeader2(req.headers["x-request-id"]) ?? generateRequestId();
+        const traceId = pickHeader2(req.headers["x-trace-id"]) ?? pickHeader2(req.headers.traceparent);
+        const ctx = { request_id: requestId };
+        if (headerAid || cookieAid)
+          ctx.anonymous_id = headerAid ?? cookieAid;
+        if (traceId)
+          ctx.trace_id = traceId;
+        if (req.ip)
+          ctx.ip = req.ip;
+        const ua = pickHeader2(req.headers["user-agent"]);
+        if (ua)
+          ctx.user_agent = ua;
+        if (req.hostname)
+          ctx.domain = req.hostname;
+        if (emit)
+          reply.header("x-gurulu-request-id", requestId);
+        runWithContext(ctx, () => resolve());
+      });
+    });
+  };
+}
+function pickHeader2(v) {
+  if (Array.isArray(v))
+    return v[0];
+  return v;
+}
+
+// src/middleware/next.ts
+function createNextHandler(options = {}) {
+  const cookieName = options.anonymousIdCookie ?? "gurulu_aid";
+  const headerName = options.anonymousIdHeader ?? "x-gurulu-anonymous-id";
+  return function wrap(handler) {
+    return async function nextRouteHandler(req) {
+      const headerAid = req.headers.get(headerName) ?? undefined;
+      const cookieAid = readCookie(req.headers.get("cookie"), cookieName);
+      const requestId = req.headers.get("x-request-id") ?? generateRequestId();
+      const traceId = req.headers.get("x-trace-id") ?? req.headers.get("traceparent") ?? undefined;
+      const ctx = { request_id: requestId };
+      if (headerAid || cookieAid)
+        ctx.anonymous_id = headerAid ?? cookieAid;
+      if (traceId)
+        ctx.trace_id = traceId;
+      const ip = req.headers.get("x-forwarded-for")?.split(",")[0]?.trim();
+      if (ip)
+        ctx.ip = ip;
+      const ua = req.headers.get("user-agent") ?? undefined;
+      if (ua)
+        ctx.user_agent = ua;
+      try {
+        ctx.domain = new URL(req.url).host;
+      } catch {}
+      return await runWithContext(ctx, async () => handler(req, ctx));
+    };
+  };
+}
+function readCookie(cookieHeader, name) {
+  if (!cookieHeader)
+    return;
+  for (const part of cookieHeader.split(";")) {
+    const [k, v] = part.trim().split("=", 2);
+    if (k === name)
+      return v;
+  }
+  return;
+}
+
+// src/webhooks/custom.ts
+import { createHmac, timingSafeEqual } from "node:crypto";
+
+// src/errors.ts
+class GuruluSDKError extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "GuruluSDKError";
+    this.code = code;
+  }
+}
+
+class NotInitializedError extends GuruluSDKError {
+  constructor() {
+    super("SDK_NOT_INITIALIZED", "Gurulu.init() must be called before track/identify");
+  }
+}
+
+class InvalidWorkspaceKeyError extends GuruluSDKError {
+  constructor(message) {
+    super("SDK_INVALID_WORKSPACE_KEY", message);
+  }
+}
+
+class WebhookSignatureError extends GuruluSDKError {
+  constructor(message) {
+    super("WEBHOOK_SIGNATURE_INVALID", message);
+  }
+}
+
+class WebhookMappingNotFoundError extends GuruluSDKError {
+  constructor(message) {
+    super("WEBHOOK_MAPPING_NOT_FOUND", message);
+  }
+}
+
+class TransportError extends GuruluSDKError {
+  status;
+  attempts;
+  constructor(message, attempts, status) {
+    super("SDK_TRANSPORT_ERROR", message);
+    this.attempts = attempts;
+    this.status = status;
+  }
+}
+
+class QueueOverflowError extends GuruluSDKError {
+  dropped;
+  constructor(dropped) {
+    super("SDK_QUEUE_OVERFLOW", `Queue overflow — dropped ${dropped} oldest events`);
+    this.dropped = dropped;
+  }
+}
+
+// src/webhooks/custom.ts
+function defaultVerify(rawBody, signature, secret) {
+  const expected = createHmac("sha256", secret).update(rawBody, "utf8").digest("hex");
+  const actualBuf = Buffer.from(signature, "hex");
+  const expectedBuf = Buffer.from(expected, "hex");
+  if (actualBuf.length !== expectedBuf.length)
+    return false;
+  return timingSafeEqual(actualBuf, expectedBuf);
+}
+function toOutgoing(result) {
+  if (!result.event_key) {
+    throw new WebhookMappingNotFoundError("Custom mapPayload returned no event_key");
+  }
+  const consent = {
+    analytics: true,
+    marketing: true,
+    functional: true,
+    personalization: false,
+    source: "webhook"
+  };
+  const event = {
+    anonymous_id: result.anonymous_id ?? `custom_anon_${result.event_id ?? Date.now()}`,
+    event_id: result.event_id,
+    event_key: result.event_key,
+    event_type: "outcome",
+    occurred_at: result.occurred_at ?? new Date().toISOString(),
+    producer: "webhook",
+    producer_version: "0.1.0",
+    properties: result.properties ?? {},
+    consent_state: consent
+  };
+  if (result.person_id)
+    event.person_id = result.person_id;
+  return event;
+}
+function createCustomWebhook(config, enqueue, options) {
+  const headerName = options.signatureHeader.toLowerCase();
+  const verifier = options.verifySignature ?? defaultVerify;
+  return {
+    verify(rawBody, signature) {
+      return verifier(rawBody, signature, options.secret);
+    },
+    async handle(req) {
+      const sigRaw = req.headers[headerName];
+      const sig = Array.isArray(sigRaw) ? sigRaw[0] : sigRaw;
+      if (!sig) {
+        throw new WebhookSignatureError(`Header '${options.signatureHeader}' missing`);
+      }
+      if (!verifier(req.body, sig, options.secret)) {
+        throw new WebhookSignatureError("Custom webhook signature mismatch");
+      }
+      const payload = JSON.parse(req.body);
+      const mapped = options.mapPayload(payload);
+      const results = Array.isArray(mapped) ? mapped : [mapped];
+      const events = results.map(toOutgoing);
+      for (const e of events)
+        enqueue(e);
+      return {
+        events_emitted: events.length,
+        vendor: "custom",
+        event_keys: events.map((e) => e.event_key)
+      };
+    }
+  };
+}
+
+// src/webhooks/lemonsqueezy.ts
+import { createHmac as createHmac2, timingSafeEqual as timingSafeEqual2 } from "node:crypto";
+var LEMONSQUEEZY_DEFAULT_MAPPING = {
+  order_created: "purchase_completed",
+  order_refunded: "refund_processed",
+  subscription_created: "subscription_started",
+  subscription_updated: "subscription_updated",
+  subscription_cancelled: "subscription_cancelled",
+  subscription_payment_success: "payment_succeeded"
+};
+function verifyLemonSqueezy(rawBody, signatureHeader, secret) {
+  if (!signatureHeader)
+    throw new WebhookSignatureError("X-Signature header missing");
+  const expected = createHmac2("sha256", secret).update(rawBody, "utf8").digest("hex");
+  const actualBuf = Buffer.from(signatureHeader, "hex");
+  const expectedBuf = Buffer.from(expected, "hex");
+  if (actualBuf.length !== expectedBuf.length || !timingSafeEqual2(actualBuf, expectedBuf)) {
+    throw new WebhookSignatureError("Lemon Squeezy signature mismatch");
+  }
+}
+function mapLemonSqueezyEvent(payload, options = {}) {
+  const eventName = payload.meta?.event_name ?? "";
+  const mapping = { ...LEMONSQUEEZY_DEFAULT_MAPPING, ...options.customMapping ?? {} };
+  const eventKey = mapping[eventName];
+  if (!eventKey) {
+    throw new WebhookMappingNotFoundError(`Lemon Squeezy event_name '${eventName}' has no Gurulu mapping`);
+  }
+  const attr = payload.data?.attributes ?? {};
+  const objectId = payload.data?.id ?? "unknown";
+  const occurredAt = typeof attr.updated_at === "string" ? attr.updated_at : typeof attr.created_at === "string" ? attr.created_at : new Date().toISOString();
+  const customerId = typeof attr.customer_id === "string" || typeof attr.customer_id === "number" ? String(attr.customer_id) : undefined;
+  const props = {
+    lemonsqueezy_event_name: eventName,
+    lemonsqueezy_object_id: objectId,
+    lemonsqueezy_object_type: payload.data?.type
+  };
+  if (typeof attr.total === "number")
+    props.amount = attr.total / 100;
+  if (typeof attr.currency === "string")
+    props.currency = attr.currency;
+  if (typeof attr.status === "string")
+    props.status = attr.status;
+  const consent = {
+    analytics: true,
+    marketing: true,
+    functional: true,
+    personalization: false,
+    source: "webhook"
+  };
+  return {
+    anonymous_id: customerId ? `lemonsqueezy_${customerId}` : `lemonsqueezy_anon_${objectId}`,
+    event_id: `lemonsqueezy_${eventName}_${objectId}`,
+    event_key: eventKey,
+    event_type: "outcome",
+    occurred_at: occurredAt,
+    producer: "webhook",
+    producer_version: "0.1.0",
+    properties: props,
+    consent_state: consent
+  };
+}
+function createLemonSqueezyHandler(config, enqueue) {
+  return {
+    verify: verifyLemonSqueezy,
+    map: mapLemonSqueezyEvent,
+    async handle(req, secret, options) {
+      const sigHeader = req.headers["x-signature"];
+      const sig = Array.isArray(sigHeader) ? sigHeader[0] : sigHeader;
+      verifyLemonSqueezy(req.body, sig, secret);
+      const payload = JSON.parse(req.body);
+      const event = mapLemonSqueezyEvent(payload, options);
+      enqueue(event);
+      return {
+        events_emitted: 1,
+        vendor: "lemonsqueezy",
+        event_keys: [event.event_key]
+      };
+    }
+  };
+}
+
+// src/webhooks/shopify.ts
+import { createHmac as createHmac3, timingSafeEqual as timingSafeEqual3 } from "node:crypto";
+var SHOPIFY_DEFAULT_MAPPING = {
+  "orders/create": "purchase_completed",
+  "orders/paid": "purchase_completed",
+  "orders/fulfilled": "order_fulfilled",
+  "orders/cancelled": "order_cancelled",
+  "customers/create": "signup_completed",
+  "carts/create": "cart_started",
+  "carts/update": "cart_updated",
+  "checkouts/create": "checkout_started"
+};
+function verifyShopify(rawBody, signatureHeader, secret) {
+  if (!signatureHeader)
+    throw new WebhookSignatureError("X-Shopify-Hmac-Sha256 header missing");
+  const expected = createHmac3("sha256", secret).update(rawBody, "utf8").digest("base64");
+  const actualBuf = Buffer.from(signatureHeader, "base64");
+  const expectedBuf = Buffer.from(expected, "base64");
+  if (actualBuf.length !== expectedBuf.length || !timingSafeEqual3(actualBuf, expectedBuf)) {
+    throw new WebhookSignatureError("Shopify HMAC mismatch");
+  }
+}
+function mapShopifyEvent(topic, payload, options = {}) {
+  if (!topic)
+    throw new WebhookMappingNotFoundError("X-Shopify-Topic header required");
+  const mapping = { ...SHOPIFY_DEFAULT_MAPPING, ...options.customMapping ?? {} };
+  const eventKey = mapping[topic];
+  if (!eventKey) {
+    throw new WebhookMappingNotFoundError(`Shopify topic '${topic}' has no Gurulu mapping`);
+  }
+  const occurredAt = typeof payload.updated_at === "string" ? payload.updated_at : typeof payload.created_at === "string" ? payload.created_at : new Date().toISOString();
+  const customer = typeof payload.customer === "object" && payload.customer !== null ? payload.customer.id : undefined;
+  const props = {
+    shopify_topic: topic,
+    shopify_object_id: payload.id
+  };
+  if (typeof payload.total_price === "string")
+    props.amount = Number(payload.total_price);
+  if (typeof payload.currency === "string")
+    props.currency = payload.currency;
+  if (typeof payload.financial_status === "string")
+    props.status = payload.financial_status;
+  const consent = {
+    analytics: true,
+    marketing: true,
+    functional: true,
+    personalization: false,
+    source: "webhook"
+  };
+  return {
+    anonymous_id: customer ? `shopify_${customer}` : `shopify_anon_${payload.id ?? "unknown"}`,
+    event_id: typeof payload.id === "string" || typeof payload.id === "number" ? `shopify_${topic.replace("/", "_")}_${payload.id}` : undefined,
+    event_key: eventKey,
+    event_type: "outcome",
+    occurred_at: occurredAt,
+    producer: "webhook",
+    producer_version: "0.1.0",
+    properties: props,
+    consent_state: consent
+  };
+}
+function createShopifyHandler(config, enqueue) {
+  return {
+    verify: verifyShopify,
+    map: mapShopifyEvent,
+    async handle(req, secret, options) {
+      const sigHeader = req.headers["x-shopify-hmac-sha256"];
+      const topicHeader = req.headers["x-shopify-topic"];
+      const sig = Array.isArray(sigHeader) ? sigHeader[0] : sigHeader;
+      const topic = Array.isArray(topicHeader) ? topicHeader[0] : topicHeader;
+      verifyShopify(req.body, sig, secret);
+      const payload = JSON.parse(req.body);
+      const event = mapShopifyEvent(topic, payload, options);
+      enqueue(event);
+      return {
+        events_emitted: 1,
+        vendor: "shopify",
+        event_keys: [event.event_key]
+      };
+    }
+  };
+}
+
+// src/webhooks/stripe.ts
+import { createHmac as createHmac4, timingSafeEqual as timingSafeEqual4 } from "node:crypto";
+var STRIPE_REPLAY_TOLERANCE_SECONDS = 300;
+var STRIPE_DEFAULT_MAPPING = {
+  "charge.succeeded": "purchase_completed",
+  "charge.refunded": "refund_processed",
+  "payment_intent.succeeded": "payment_succeeded",
+  "invoice.paid": "payment_succeeded",
+  "invoice.payment_failed": "payment_failed",
+  "customer.subscription.created": "subscription_started",
+  "customer.subscription.updated": "subscription_updated",
+  "customer.subscription.deleted": "subscription_cancelled",
+  "checkout.session.completed": "checkout_completed"
+};
+function verifyStripe(rawBody, signatureHeader, secret, now = () => new Date) {
+  if (!signatureHeader)
+    throw new WebhookSignatureError("Stripe-Signature header missing");
+  let timestamp = null;
+  let v1 = null;
+  for (const part of signatureHeader.split(",").map((s) => s.trim())) {
+    const [k, v] = part.split("=", 2);
+    if (k === "t")
+      timestamp = Number(v);
+    if (k === "v1")
+      v1 = v ?? null;
+  }
+  if (!timestamp || !v1)
+    throw new WebhookSignatureError("Stripe-Signature missing t= or v1=");
+  if (Math.abs(now().getTime() / 1000 - timestamp) > STRIPE_REPLAY_TOLERANCE_SECONDS) {
+    throw new WebhookSignatureError("Stripe-Signature timestamp out of tolerance");
+  }
+  const expected = createHmac4("sha256", secret).update(`${timestamp}.${rawBody}`).digest("hex");
+  const actualBuf = Buffer.from(v1, "hex");
+  const expectedBuf = Buffer.from(expected, "hex");
+  if (actualBuf.length !== expectedBuf.length || !timingSafeEqual4(actualBuf, expectedBuf)) {
+    throw new WebhookSignatureError("Stripe-Signature mismatch");
+  }
+}
+function mapStripeEvent(payload, options = {}) {
+  const type = payload.type ?? "";
+  const mapping = { ...STRIPE_DEFAULT_MAPPING, ...options.customMapping ?? {} };
+  const eventKey = mapping[type];
+  if (!eventKey) {
+    throw new WebhookMappingNotFoundError(`Stripe event type '${type}' has no Gurulu mapping`);
+  }
+  const obj = payload.data?.object ?? {};
+  const customer = typeof obj.customer === "string" ? obj.customer : undefined;
+  const occurredAt = payload.created ? new Date(payload.created * 1000).toISOString() : new Date().toISOString();
+  const props = {
+    stripe_event_id: payload.id,
+    stripe_event_type: type
+  };
+  if (typeof obj.amount === "number")
+    props.amount = obj.amount / 100;
+  if (typeof obj.currency === "string")
+    props.currency = obj.currency.toUpperCase();
+  if (typeof obj.id === "string")
+    props.stripe_object_id = obj.id;
+  if (typeof obj.status === "string")
+    props.status = obj.status;
+  const consent = {
+    analytics: true,
+    marketing: true,
+    functional: true,
+    personalization: false,
+    source: "webhook"
+  };
+  const event = {
+    anonymous_id: customer ? `stripe_${customer}` : `stripe_anon_${payload.id ?? "unknown"}`,
+    event_id: payload.id,
+    event_key: eventKey,
+    event_type: "outcome",
+    occurred_at: occurredAt,
+    producer: "webhook",
+    producer_version: "0.1.0",
+    properties: props,
+    consent_state: consent
+  };
+  return event;
+}
+function createStripeHandler(config, enqueue) {
+  return {
+    verify: verifyStripe,
+    map: mapStripeEvent,
+    async handle(req, secret, options) {
+      const sigHeader = req.headers["stripe-signature"];
+      const sig = Array.isArray(sigHeader) ? sigHeader[0] : sigHeader;
+      verifyStripe(req.body, sig, secret, options?.now);
+      const payload = JSON.parse(req.body);
+      const event = mapStripeEvent(payload, options);
+      enqueue(event);
+      return {
+        events_emitted: 1,
+        vendor: "stripe",
+        event_keys: [event.event_key]
+      };
+    }
+  };
+}
+// src/identify.ts
+function buildIdentify(input) {
+  const ctx = mergeContext(input.explicitContext);
+  const traits = input.traits ?? {};
+  const { email, phone, ...rest } = traits;
+  const payload = {
+    anonymous_id: ctx.anonymous_id ?? `srv_anon_${input.externalUserId}`,
+    external_user_id: input.externalUserId,
+    traits: rest
+  };
+  if (typeof email === "string" && email.length > 0)
+    payload.email = email;
+  if (typeof phone === "string" && phone.length > 0)
+    payload.phone = phone;
+  const consent = ctx.consent_state ?? input.config.defaultConsent;
+  if (ctx.domain || consent) {
+    payload.context = {};
+    if (ctx.domain)
+      payload.context.domain = ctx.domain;
+    if (consent)
+      payload.context.consent_state = consent;
+  }
+  return payload;
+}
+
+// src/transport.ts
+var USER_AGENT = `gurulu-node/0.1.0 (${process.platform}; node ${process.version})`;
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function shouldRetry(status, attempt, maxAttempts) {
+  if (attempt >= maxAttempts)
+    return false;
+  if (status === undefined)
+    return true;
+  if (status === 429)
+    return true;
+  if (status >= 500 && status < 600)
+    return true;
+  return false;
+}
+async function postWithRetry(config, input) {
+  const url = `${config.endpoint.replace(/\/$/, "")}${input.path}`;
+  const payload = JSON.stringify(input.body);
+  let lastStatus;
+  let lastErr;
+  for (let attempt = 1;attempt <= config.retryMaxAttempts; attempt++) {
+    try {
+      const res = await config.fetchImpl(url, {
+        method: "POST",
+        headers: {
+          "content-type": "application/json",
+          "user-agent": USER_AGENT,
+          "x-gurulu-key": config.workspaceKey
+        },
+        body: payload
+      });
+      lastStatus = res.status;
+      const text = await res.text();
+      const parsed = text ? safeJsonParse(text) : null;
+      if (res.ok) {
+        return { ok: true, status: res.status, body: parsed };
+      }
+      if (!shouldRetry(res.status, attempt, config.retryMaxAttempts)) {
+        return { ok: false, status: res.status, body: parsed };
+      }
+    } catch (err) {
+      lastErr = err;
+      if (!shouldRetry(undefined, attempt, config.retryMaxAttempts)) {
+        throw new TransportError(err instanceof Error ? err.message : String(err), attempt, undefined);
+      }
+    }
+    const backoffMs = config.retryBackoffBaseMs * 2 ** (attempt - 1);
+    await sleep(backoffMs);
+  }
+  throw new TransportError(lastErr instanceof Error ? lastErr.message : `Transport failed status=${lastStatus}`, config.retryMaxAttempts, lastStatus);
+}
+function safeJsonParse(text) {
+  try {
+    return JSON.parse(text);
+  } catch {
+    return text;
+  }
+}
+async function sendBatch(config, events) {
+  if (events.length === 0)
+    return;
+  if (config.testMode) {
+    console.log("[gurulu:test_mode] batch", JSON.stringify({ count: events.length, events }));
+    return;
+  }
+  await postWithRetry(config, {
+    path: "/v1/ingest/batch",
+    body: { events }
+  });
+}
+async function sendIdentify(config, payload) {
+  if (config.testMode) {
+    console.log("[gurulu:test_mode] identify", JSON.stringify(payload));
+    return { ok: true, status: 200, body: { test_mode: true } };
+  }
+  return postWithRetry(config, { path: "/v1/ingest/identify", body: payload });
+}
+
+// src/queue.ts
+class EventQueue {
+  config;
+  buffer = [];
+  timer = null;
+  flushing = false;
+  droppedTotal = 0;
+  closed = false;
+  constructor(config) {
+    this.config = config;
+  }
+  enqueue(event) {
+    if (this.closed)
+      return { queued: false, dropped: 0 };
+    let dropped = 0;
+    if (this.buffer.length >= this.config.maxQueueSize) {
+      const removed = this.buffer.shift();
+      if (removed) {
+        dropped = 1;
+        this.droppedTotal += 1;
+        console.warn("[gurulu] queue overflow — dropped oldest event", JSON.stringify({ event_key: removed.event_key, dropped_total: this.droppedTotal }));
+      }
+    }
+    this.buffer.push(event);
+    this.scheduleFlush();
+    if (this.buffer.length >= this.config.maxBatchSize) {
+      this.flush();
+    }
+    return { queued: true, dropped };
+  }
+  size() {
+    return this.buffer.length;
+  }
+  scheduleFlush() {
+    if (this.timer || this.closed)
+      return;
+    this.timer = setTimeout(() => {
+      this.timer = null;
+      this.flush();
+    }, this.config.flushIntervalMs);
+    if (typeof this.timer.unref === "function")
+      this.timer.unref();
+  }
+  async flush() {
+    if (this.flushing)
+      return { attempted: 0, succeeded: 0, dropped: 0 };
+    this.flushing = true;
+    if (this.timer) {
+      clearTimeout(this.timer);
+      this.timer = null;
+    }
+    const batch = this.buffer.splice(0, this.config.maxBatchSize);
+    if (batch.length === 0) {
+      this.flushing = false;
+      return { attempted: 0, succeeded: 0, dropped: 0 };
+    }
+    try {
+      await sendBatch(this.config, batch);
+      this.flushing = false;
+      if (this.buffer.length > 0)
+        this.scheduleFlush();
+      return { attempted: batch.length, succeeded: batch.length, dropped: 0 };
+    } catch (err) {
+      this.flushing = false;
+      console.error("[gurulu] batch flush failed (dropping batch)", err instanceof Error ? err.message : String(err));
+      this.droppedTotal += batch.length;
+      return { attempted: batch.length, succeeded: 0, dropped: batch.length };
+    }
+  }
+  async drain(timeoutMs = 1e4) {
+    this.closed = true;
+    if (this.timer) {
+      clearTimeout(this.timer);
+      this.timer = null;
+    }
+    const deadline = Date.now() + timeoutMs;
+    let attempted = 0;
+    let succeeded = 0;
+    let dropped = 0;
+    while (this.buffer.length > 0 && Date.now() < deadline) {
+      const res = await this.flush();
+      attempted += res.attempted;
+      succeeded += res.succeeded;
+      dropped += res.dropped;
+      if (res.attempted === 0)
+        break;
+    }
+    if (this.buffer.length > 0) {
+      dropped += this.buffer.length;
+      console.warn("[gurulu] shutdown timeout — dropped events", this.buffer.length);
+      this.buffer.length = 0;
+    }
+    return { attempted, succeeded, dropped };
+  }
+}
+
+// src/track.ts
+var counter = 0;
+function genEventId() {
+  counter = (counter + 1) % 65535;
+  return `${Date.now().toString(36)}-${counter.toString(36)}-${crypto.randomUUID().slice(0, 12)}`;
+}
+function buildEvent(input) {
+  const ctx = mergeContext(input.explicitContext);
+  const eventType = input.eventType ?? "outcome";
+  const utm = ctx.source_context;
+  const hasUtm = utm && Object.keys(utm).length > 0;
+  const event = {
+    anonymous_id: ctx.anonymous_id ?? `srv_anon_${genEventId()}`,
+    event_id: genEventId(),
+    event_key: input.eventKey,
+    event_type: eventType,
+    occurred_at: new Date().toISOString(),
+    producer: "sdk_server",
+    producer_version: "0.1.0",
+    properties: input.properties ?? {},
+    consent_state: ctx.consent_state ?? input.config.defaultConsent
+  };
+  if (ctx.person_id)
+    event.person_id = ctx.person_id;
+  if (ctx.session_id)
+    event.session_id = ctx.session_id;
+  const ctxObj = {};
+  if (ctx.ip)
+    ctxObj.ip = ctx.ip;
+  if (ctx.user_agent)
+    ctxObj.user_agent = ctx.user_agent;
+  if (ctx.domain)
+    ctxObj.domain = ctx.domain;
+  if (ctx.request_id)
+    ctxObj.request_id = ctx.request_id;
+  if (ctx.trace_id)
+    ctxObj.trace_id = ctx.trace_id;
+  if (hasUtm && utm)
+    ctxObj.utm = utm;
+  if (Object.keys(ctxObj).length > 0)
+    event.context = ctxObj;
+  return event;
+}
+
+// src/core.ts
+var DEFAULT_ENDPOINT = "https://ingest.gurulu.io";
+var DEFAULT_CONSENT = {
+  analytics: true,
+  marketing: true,
+  functional: true,
+  personalization: false,
+  source: "api"
+};
+function resolveConfig(input) {
+  if (!input.workspaceKey || typeof input.workspaceKey !== "string") {
+    throw new InvalidWorkspaceKeyError("workspaceKey required (sk_xxx format)");
+  }
+  if (!input.workspaceKey.startsWith("sk_")) {
+    throw new InvalidWorkspaceKeyError(`workspaceKey must start with 'sk_' (got prefix ${input.workspaceKey.slice(0, 3)})`);
+  }
+  const fetchImpl = input.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error("No fetch implementation available. Use Node 20+ or pass `fetchImpl` (e.g. undici).");
+  }
+  return {
+    workspaceKey: input.workspaceKey,
+    endpoint: input.endpoint ?? DEFAULT_ENDPOINT,
+    flushIntervalMs: input.flushIntervalMs ?? 2000,
+    maxBatchSize: input.maxBatchSize ?? 100,
+    maxQueueSize: input.maxQueueSize ?? 1000,
+    retryMaxAttempts: input.retryMaxAttempts ?? 5,
+    retryBackoffBaseMs: input.retryBackoffBaseMs ?? 100,
+    testMode: input.testMode ?? false,
+    defaultConsent: input.defaultConsent ?? DEFAULT_CONSENT,
+    fetchImpl: fetchImpl.bind(globalThis)
+  };
+}
+
+class Gurulu {
+  config = null;
+  queue = null;
+  sigtermBound = false;
+  sigtermHandler = null;
+  constructor(initial) {
+    if (initial)
+      this.init(initial);
+  }
+  init(input) {
+    if (this.config)
+      return;
+    this.config = resolveConfig(input);
+    this.queue = new EventQueue(this.config);
+    this.bindSignals();
+  }
+  requireConfig() {
+    if (!this.config || !this.queue)
+      throw new NotInitializedError;
+    return this.config;
+  }
+  async identify(externalUserId, traits, explicitContext) {
+    const config = this.requireConfig();
+    const payload = buildIdentify({ config, externalUserId, traits, explicitContext });
+    const res = await sendIdentify(config, payload);
+    return { ok: res.ok, status: res.status, body: res.body };
+  }
+  track(eventKey, properties, explicitContext, eventType = "outcome") {
+    const config = this.requireConfig();
+    const event = buildEvent({
+      config,
+      eventKey,
+      eventType,
+      properties,
+      explicitContext
+    });
+    const res = this.queue?.enqueue(event) ?? { queued: false, dropped: 0 };
+    return { queued: res.queued, queueSize: this.queue?.size() ?? 0 };
+  }
+  async flush() {
+    this.requireConfig();
+    return await this.queue?.flush() ?? { attempted: 0, succeeded: 0, dropped: 0 };
+  }
+  async shutdown(timeoutMs = 1e4) {
+    if (!this.queue)
+      return { attempted: 0, succeeded: 0, dropped: 0 };
+    const result = await this.queue.drain(timeoutMs);
+    this.unbindSignals();
+    this.queue = null;
+    this.config = null;
+    return result;
+  }
+  bindSignals() {
+    if (this.sigtermBound)
+      return;
+    if (typeof process === "undefined" || typeof process.once !== "function")
+      return;
+    this.sigtermHandler = () => {
+      this.shutdown();
+    };
+    process.once("SIGTERM", this.sigtermHandler);
+    process.once("SIGINT", this.sigtermHandler);
+    this.sigtermBound = true;
+  }
+  unbindSignals() {
+    if (!this.sigtermBound || !this.sigtermHandler)
+      return;
+    if (typeof process !== "undefined" && typeof process.off === "function") {
+      process.off("SIGTERM", this.sigtermHandler);
+      process.off("SIGINT", this.sigtermHandler);
+    }
+    this.sigtermBound = false;
+    this.sigtermHandler = null;
+  }
+  get webhooks() {
+    const config = this.requireConfig();
+    const enqueue = (event) => {
+      this.queue?.enqueue(event);
+    };
+    return {
+      stripe: createStripeHandler(config, enqueue),
+      shopify: createShopifyHandler(config, enqueue),
+      lemonsqueezy: createLemonSqueezyHandler(config, enqueue),
+      custom: (options) => createCustomWebhook(config, enqueue, options)
+    };
+  }
+  get express() {
+    return { middleware: (opts) => createExpressMiddleware(opts) };
+  }
+  get fastify() {
+    return { plugin: (opts) => createFastifyPlugin(opts) };
+  }
+  get next() {
+    return { handler: createNextHandler };
+  }
+}
+function createGurulu(config) {
+  return new Gurulu(config);
+}
+var singleton = null;
+function getDefault() {
+  if (!singleton)
+    singleton = new Gurulu;
+  return singleton;
+}
+function initDefault(config) {
+  const inst = getDefault();
+  inst.init(config);
+  return inst;
+}
+
+// src/index.ts
+var VERSION = "0.1.0";
+export {
+  verifyStripe,
+  verifyShopify,
+  verifyLemonSqueezy,
+  runWithContext,
+  mergeContext,
+  mapStripeEvent,
+  mapShopifyEvent,
+  mapLemonSqueezyEvent,
+  initDefault,
+  getDefault,
+  getContext,
+  createNextHandler,
+  createGurulu,
+  createFastifyPlugin,
+  createExpressMiddleware,
+  contextStorage,
+  WebhookSignatureError,
+  WebhookMappingNotFoundError,
+  VERSION,
+  TransportError,
+  STRIPE_REPLAY_TOLERANCE_SECONDS,
+  STRIPE_DEFAULT_MAPPING,
+  SHOPIFY_DEFAULT_MAPPING,
+  QueueOverflowError,
+  NotInitializedError,
+  LEMONSQUEEZY_DEFAULT_MAPPING,
+  InvalidWorkspaceKeyError,
+  GuruluSDKError,
+  Gurulu
+};