@ianmenethil/zp-observer 6.0.0 → 6.1.0

package/dist/runtime/session-manager.js

@@ -0,0 +1,45 @@
+import { assertTransition } from "../client/state-machine.js";
+import { generateCorrelationId, generateEventId } from "../utils/ids.js";
+export function createSessionManager(options) {
+  const now = options.now ?? Date.now;
+  const sessionId = options.sessionId;
+  const correlationId = options.correlationId ?? generateCorrelationId();
+  let state = "idle";
+  let sequence = 0;
+  let startedAt = null;
+  let stoppedAt = null;
+  return {
+    sessionId,
+    correlationId,
+    nextSequence() {
+      sequence += 1;
+      return sequence;
+    },
+    nextEventId() {
+      return generateEventId(sequence);
+    },
+    transition(next) {
+      assertTransition(state, next);
+      state = next;
+      if (next === "starting" && startedAt === null) {
+        startedAt = now();
+      }
+      if (next === "closed") {
+        stoppedAt = now();
+      }
+    },
+    snapshot() {
+      const currentNow = now();
+      const elapsedMs = startedAt === null ? 0 : (stoppedAt ?? currentNow) - startedAt;
+      return {
+        state,
+        sessionId,
+        correlationId,
+        startedAt,
+        stoppedAt,
+        eventCount: sequence,
+        elapsedMs
+      };
+    }
+  };
+}

package/dist/transport/beacon.cjs

@@ -0,0 +1,14 @@
+const JSON_CONTENT_TYPE = "application/json";
+function postJsonBeacon(url, body) {
+  if (typeof navigator === "undefined" || typeof navigator.sendBeacon !== "function") {
+    return false;
+  }
+  try {
+    const blob = new Blob([JSON.stringify(body)], { type: JSON_CONTENT_TYPE });
+    return navigator.sendBeacon(url, blob);
+  } catch {
+    return false;
+  }
+}
+
+exports.postJsonBeacon = postJsonBeacon;

package/dist/transport/beacon.js

@@ -0,0 +1,12 @@
+const JSON_CONTENT_TYPE = "application/json";
+export function postJsonBeacon(url, body) {
+  if (typeof navigator === "undefined" || typeof navigator.sendBeacon !== "function") {
+    return false;
+  }
+  try {
+    const blob = new Blob([JSON.stringify(body)], { type: JSON_CONTENT_TYPE });
+    return navigator.sendBeacon(url, blob);
+  } catch {
+    return false;
+  }
+}

package/dist/transport/callback-transport.cjs

@@ -0,0 +1,19 @@
+function callbackTransport(options = {}) {
+  return {
+    async send(envelope) {
+      if (!options.onSend) {
+        return { ok: true };
+      }
+      try {
+        return await options.onSend(envelope) ?? { ok: true };
+      } catch (error) {
+        return {
+          ok: false,
+          error: error instanceof Error ? error.message : String(error)
+        };
+      }
+    }
+  };
+}
+
+exports.callbackTransport = callbackTransport;

package/dist/transport/callback-transport.js

@@ -0,0 +1,17 @@
+export function callbackTransport(options = {}) {
+  return {
+    async send(envelope) {
+      if (!options.onSend) {
+        return { ok: true };
+      }
+      try {
+        return await options.onSend(envelope) ?? { ok: true };
+      } catch (error) {
+        return {
+          ok: false,
+          error: error instanceof Error ? error.message : String(error)
+        };
+      }
+    }
+  };
+}

package/dist/transport/http-transport.cjs

@@ -0,0 +1,62 @@
+const {postJsonBeacon} = require('./beacon.cjs');
+function resolveHeaders(headers) {
+  if (!headers) {
+    return {};
+  }
+  return typeof headers === "function" ? headers() : headers;
+}
+function httpTransport(options) {
+  if (!options?.endpoint) {
+    throw new Error("httpTransport requires endpoint");
+  }
+  const fetchImpl = options.fetch ?? (typeof fetch === "undefined" ? undefined : fetch.bind(globalThis));
+  const timeoutMs = options.timeoutMs ?? 8000;
+  const credentials = options.credentials ?? "include";
+  return {
+    async send(envelope) {
+      if (!fetchImpl) {
+        return {
+          ok: false,
+          error: "Fetch is not available in this runtime."
+        };
+      }
+      if (envelope.kind !== "transport.heartbeat" && postJsonBeacon(options.endpoint, envelope)) {
+        return {
+          ok: true
+        };
+      }
+      const controller = typeof AbortController === "undefined" ? undefined : new AbortController;
+      const timer = controller === undefined ? undefined : setTimeout(() => {
+        controller.abort();
+      }, timeoutMs);
+      try {
+        const response = await fetchImpl(options.endpoint, {
+          method: "POST",
+          headers: {
+            "content-type": "application/json",
+            ...resolveHeaders(options.headers)
+          },
+          body: JSON.stringify(envelope),
+          credentials,
+          ...controller ? { signal: controller.signal } : {}
+        });
+        return {
+          ok: response.ok,
+          status: response.status,
+          ...response.ok ? {} : { error: `HTTP ${response.status}` }
+        };
+      } catch (error) {
+        return {
+          ok: false,
+          error: error instanceof Error ? error.message : String(error)
+        };
+      } finally {
+        if (timer !== undefined) {
+          clearTimeout(timer);
+        }
+      }
+    }
+  };
+}
+
+exports.httpTransport = httpTransport;

package/dist/transport/http-transport.js

@@ -0,0 +1,60 @@
+import { postJsonBeacon } from "./beacon.js";
+function resolveHeaders(headers) {
+  if (!headers) {
+    return {};
+  }
+  return typeof headers === "function" ? headers() : headers;
+}
+export function httpTransport(options) {
+  if (!options?.endpoint) {
+    throw new Error("httpTransport requires endpoint");
+  }
+  const fetchImpl = options.fetch ?? (typeof fetch === "undefined" ? undefined : fetch.bind(globalThis));
+  const timeoutMs = options.timeoutMs ?? 8000;
+  const credentials = options.credentials ?? "include";
+  return {
+    async send(envelope) {
+      if (!fetchImpl) {
+        return {
+          ok: false,
+          error: "Fetch is not available in this runtime."
+        };
+      }
+      if (envelope.kind !== "transport.heartbeat" && postJsonBeacon(options.endpoint, envelope)) {
+        return {
+          ok: true
+        };
+      }
+      const controller = typeof AbortController === "undefined" ? undefined : new AbortController;
+      const timer = controller === undefined ? undefined : setTimeout(() => {
+        controller.abort();
+      }, timeoutMs);
+      try {
+        const response = await fetchImpl(options.endpoint, {
+          method: "POST",
+          headers: {
+            "content-type": "application/json",
+            ...resolveHeaders(options.headers)
+          },
+          body: JSON.stringify(envelope),
+          credentials,
+          ...controller ? { signal: controller.signal } : {}
+        });
+        return {
+          ok: response.ok,
+          status: response.status,
+          ...response.ok ? {} : { error: `HTTP ${response.status}` }
+        };
+      } catch (error) {
+        return {
+          ok: false,
+          error: error instanceof Error ? error.message : String(error)
+        };
+      } finally {
+        if (timer !== undefined) {
+          clearTimeout(timer);
+        }
+      }
+    }
+  };
+}

package/dist/types/internal.cjs

@@ -0,0 +1,3 @@
+
+
+

package/dist/types/public.cjs

@@ -0,0 +1,3 @@
+
+
+

package/dist/utils/ids.cjs

@@ -0,0 +1,20 @@
+function randomChunk() {
+  if (typeof crypto !== "undefined" && typeof crypto.getRandomValues === "function") {
+    const buffer = new Uint32Array(2);
+    crypto.getRandomValues(buffer);
+    return `${buffer[0].toString(36)}${buffer[1].toString(36)}`;
+  }
+  return `${Math.floor(Math.random() * 4294967295).toString(36)}${Math.floor(Math.random() * 4294967295).toString(36)}`;
+}
+function generateCorrelationId() {
+  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+    return crypto.randomUUID();
+  }
+  return `cid_${Date.now().toString(36)}_${randomChunk()}`;
+}
+function generateEventId(sequence) {
+  return `evt_${sequence.toString(36)}_${randomChunk()}`;
+}
+
+exports.generateCorrelationId = generateCorrelationId;
+exports.generateEventId = generateEventId;

package/dist/utils/ids.js

@@ -0,0 +1,17 @@
+function randomChunk() {
+  if (typeof crypto !== "undefined" && typeof crypto.getRandomValues === "function") {
+    const buffer = new Uint32Array(2);
+    crypto.getRandomValues(buffer);
+    return `${buffer[0].toString(36)}${buffer[1].toString(36)}`;
+  }
+  return `${Math.floor(Math.random() * 4294967295).toString(36)}${Math.floor(Math.random() * 4294967295).toString(36)}`;
+}
+export function generateCorrelationId() {
+  if (typeof crypto !== "undefined" && typeof crypto.randomUUID === "function") {
+    return crypto.randomUUID();
+  }
+  return `cid_${Date.now().toString(36)}_${randomChunk()}`;
+}
+export function generateEventId(sequence) {
+  return `evt_${sequence.toString(36)}_${randomChunk()}`;
+}

package/dist/utils/safe-globals.cjs

@@ -0,0 +1,11 @@
+function readDefaultContext() {
+  return {
+    pageUrl: typeof location === "undefined" ? undefined : location.href,
+    referrer: typeof document === "undefined" ? undefined : document.referrer,
+    userAgent: typeof navigator === "undefined" ? undefined : navigator.userAgent,
+    visibilityState: typeof document === "undefined" ? undefined : document.visibilityState,
+    online: typeof navigator === "undefined" ? null : navigator.onLine
+  };
+}
+
+exports.readDefaultContext = readDefaultContext;

package/dist/utils/safe-globals.js

@@ -0,0 +1,9 @@
+export function readDefaultContext() {
+  return {
+    pageUrl: typeof location === "undefined" ? undefined : location.href,
+    referrer: typeof document === "undefined" ? undefined : document.referrer,
+    userAgent: typeof navigator === "undefined" ? undefined : navigator.userAgent,
+    visibilityState: typeof document === "undefined" ? undefined : document.visibilityState,
+    online: typeof navigator === "undefined" ? null : navigator.onLine
+  };
+}

package/dist/version.cjs

@@ -0,0 +1,5 @@
+const VERSION = "0.1.0";
+const SCHEMA_VERSION = 1;
+
+exports.VERSION = VERSION;
+exports.SCHEMA_VERSION = SCHEMA_VERSION;

package/dist/version.js

@@ -0,0 +1,2 @@
+export const VERSION = "0.1.0";
+export const SCHEMA_VERSION = 1;

package/package.json

@@ -1,91 +1,31 @@
 {
-	"name": "@ianmenethil/zp-observer",
-	"version": "6.0.0",
-	"description": "Telemetry bridge for Zenith Payments hosted checkout. Tracks modal open, close, tab dismissal, idle, and network abandonment.",
-	"license": "MIT",
-	"author": "Zenith Payments",
-	"homepage": "https://www.zenithpayments.com.au",
-	"type": "module",
-	"main": "./dist/zp-observer.min.js",
-	"types": "./dist/types/index.d.ts",
-	"exports": {
-		".": {
-			"types": "./dist/types/index.d.ts",
-			"import": "./dist/zp-observer.mjs",
-			"require": "./dist/zp-observer.cjs",
-			"default": "./dist/zp-observer.min.js"
-		},
-		"./auto-patch": {
-			"types": "./dist/types/auto-patch.d.ts",
-			"import": "./dist/auto-patch.mjs",
-			"require": "./dist/auto-patch.cjs"
-		},
-		"./session": {
-			"types": "./dist/types/session.d.ts",
-			"import": "./dist/session.mjs",
-			"require": "./dist/session.cjs"
-		}
-	},
-	"unpkg": "./dist/zp-observer.min.js",
-	"jsdelivr": "./dist/zp-observer.min.js",
-	"files": [
-		"dist/zp-observer.js",
-		"dist/zp-observer.min.js",
-		"dist/zp-observer.min.obf.js",
-		"dist/zp-observer.mjs",
-		"dist/zp-observer.cjs",
-		"dist/auto-patch.mjs",
-		"dist/auto-patch.cjs",
-		"dist/session.mjs",
-		"dist/session.cjs",
-		"dist/*.map",
-		"dist/types/",
-		"README.md",
-		"PRIVACY.md",
-		"LICENSE"
-	],
-	"engines": {
-		"node": ">=22"
-	},
-	"scripts": {
-		"build": "npm run check && bun run scripts/build.ts && npm run build:types",
-		"build:types": "tsc -p tsconfig.build.json",
-		"build:local": "npm run build && bun run scripts/deploy-local.ts",
-		"typecheck": "tsc -p tsconfig.json --noEmit",
-		"lint": "eslint -c eslint.config.js .",
-		"lint:fix": "eslint -c eslint.config.js . --fix",
-		"knip": "knip --config knip.json",
-		"jscpd": "jscpd src/ test/",
-		"check": "npm run typecheck && npm run lint && npm run knip && npm run jscpd && npm run test",
-		"prepack": "npm run build",
-		"publish:npm": "npm publish --access public",
-		"test": "vitest run",
-		"test:watch": "vitest"
-	},
-	"devDependencies": {
-		"@eslint/js": "^9.18.0",
-		"@types/jsdom": "^21.1.7",
-		"@types/node": "^22.10.0",
-		"esbuild": "^0.25.0",
-		"eslint": "^9.18.0",
-		"javascript-obfuscator": "^4.1.1",
-		"jscpd": "^4.0.9",
-		"jsdom": "^25.0.1",
-		"knip": "^6.6.0",
-		"typescript": "^5.7.0",
-		"typescript-eslint": "^8.21.0",
-		"vitest": "^2.1.0"
-	},
-	"keywords": [
-		"zenith-payments",
-		"zenpay",
-		"telemetry",
-		"observer",
-		"payments",
-		"hosted-checkout",
-		"iframe"
-	],
-	"publishConfig": {
-		"access": "public"
-	}
+  "name": "@ianmenethil/zp-observer",
+  "version": "6.1.0",
+  "description": "Telemetry runtime for Zenith hosted checkout — session lifecycle, fingerprint, HPP, heartbeat, and outcome events.",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "bun run ./scripts/build.mjs",
+    "test": "bun test",
+    "check": "bun test && bun run ./scripts/build.mjs",
+    "prepublishOnly": "npm run check"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "license": "MIT"
 }

package/PRIVACY.md

@@ -1,67 +0,0 @@
-# Privacy notice — @ianmenethil/zp-observer
-
-This library collects a small, fixed set of fields for each payment session. It does **not** read form values, iframe contents, cookies, or arbitrary DOM state.
-
-## Fields collected
-
-### `open` event (once per session)
-
-| Field | Purpose |
-|---|---|
-| `sessionId` | Identifier you pass in; typically the merchant unique payment id |
-| `timestamp` | When the modal iframe was first detected |
-| `iframeSrc` | The iframe's `src` URL (Zenith-hosted origin) |
-| `userAgent` | `navigator.userAgent` — for debugging browser-specific issues |
-| `screenWidth` / `screenHeight` | Screen size — for mobile vs desktop bucketing |
-| `navigationType` | `performance.getEntriesByType('navigation')[0].type` |
-| `metadata` | Whatever you pass into `createObserver({ metadata: ... })` |
-
-### `heartbeat` event (every `heartbeatMs`, default 5s)
-
-| Field | Purpose |
-|---|---|
-| `sessionId`, `timestamp`, `metadata` | as above |
-| `sequence` | Monotonic counter for deduplication |
-| `missedBeats` | How many consecutive failures we've seen |
-
-### `close` event (once per session)
-
-| Field | Purpose |
-|---|---|
-| `sessionId`, `timestamp`, `metadata` | as above |
-| `reason` | One of seven documented reasons (see README) |
-| `elapsedMs` | How long the session lasted |
-| `heartbeatCount` | Total heartbeats sent |
-| `missedBeats` | Consecutive failures at close time |
-| `wasPersisted` | `pagehide.persisted` — true if page went into bfcache |
-
-## Fields **not** collected
-
-- No form field values or payment card data (cross-origin blocks this anyway)
-- No cookies or storage contents
-- No click / keystroke events
-- No page URL beyond what you pass in `metadata`
-- No IP address (your server records that when it receives the request)
-
-## Scrubbing
-
-Use `beforeSend` to mutate or drop events before they leave the browser:
-
-```ts
-createObserver({
-  sessionId: mUPID,
-  transport: httpTransport({ ... }),
-  beforeSend: (ev) => {
-    if (ev.kind === 'open') {
-      return { ...ev, userAgent: '' };
-    }
-    return ev;
-  },
-});
-```
-
-Return `null` to drop an event entirely.
-
-## Cross-origin note
-
-The ZenPay payment iframe is on a Zenith-controlled domain. Browser same-origin policy means this library **cannot** read anything inside the iframe — no form values, no DOM, no keystrokes. It only observes the iframe element itself (presence, size, visibility) from the parent page.