@proveanything/smartlinks 1.11.5 → 1.11.7

package/dist/api/interactions.d.ts

@@ -1,4 +1,4 @@
-import type { AdminInteractionsCountsByOutcomeRequest, AdminInteractionsQueryRequest, AdminInteractionsAggregateRequest, AdminInteractionsAggregateResponse, AppendInteractionBody, UpdateInteractionBody, OutcomeCount, InteractionEventRow, PublicInteractionsCountsByOutcomeRequest, PublicInteractionsByUserRequest, CreateInteractionTypeBody, UpdateInteractionTypeBody, ListInteractionTypesQuery, InteractionTypeRecord, InteractionTypeList } from "../types/interaction";
+import type { AdminInteractionsCountsByOutcomeRequest, AdminInteractionsQueryRequest, AdminInteractionsAggregateRequest, AdminInteractionsAggregateResponse, AppendInteractionBody, UpdateInteractionBody, OutcomeCount, InteractionEventRow, PublicInteractionsCountsByOutcomeRequest, PublicInteractionsByUserRequest, SubmitInteractionResponse, SubmitInteractionError, CreateInteractionTypeBody, UpdateInteractionTypeBody, ListInteractionTypesQuery, InteractionTypeRecord, InteractionTypeList } from "../types/interaction";
 export declare namespace interactions {
     /**
      * POST /admin/collection/:collectionId/interactions/query
@@ -30,11 +30,14 @@ export declare namespace interactions {
         success: true;
     }>;
     /**
-       * Appends one interaction event from a public source.
+       * POST /api/v1/public/collection/:collectionId/interactions/submit
+       *
+       * Submits an interaction event from a public/client-side context.
+       * When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor
+       * `contactId` is required. Pass `anonId` inside `metadata` to enable
+       * device-level deduplication via `uniquePerAnonId`.
        */
-    function submitPublicEvent(collectionId: string, body: AppendInteractionBody): Promise<{
-        success: true;
-    }>;
+    function submitPublicEvent(collectionId: string, body: AppendInteractionBody): Promise<SubmitInteractionResponse | SubmitInteractionError>;
     function create(collectionId: string, body: CreateInteractionTypeBody): Promise<InteractionTypeRecord>;
     function list(collectionId: string, query?: ListInteractionTypesQuery): Promise<InteractionTypeList>;
     function get(collectionId: string, id: string): Promise<InteractionTypeRecord>;

package/dist/api/interactions.js

@@ -73,12 +73,14 @@ export var interactions;
     }
     interactions.updateEvent = updateEvent;
     /**
-       * Appends one interaction event from a public source.
+       * POST /api/v1/public/collection/:collectionId/interactions/submit
+       *
+       * Submits an interaction event from a public/client-side context.
+       * When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor
+       * `contactId` is required. Pass `anonId` inside `metadata` to enable
+       * device-level deduplication via `uniquePerAnonId`.
        */
     async function submitPublicEvent(collectionId, body) {
-        if (!body.userId && !body.contactId) {
-            throw new Error("AppendInteractionBody must include one of userId or contactId");
-        }
         const path = `/public/collection/${encodeURIComponent(collectionId)}/interactions/submit`;
         return post(path, body);
     }

package/dist/docs/API_SUMMARY.md

@@ -1,6 +1,6 @@
 # Smartlinks API Summary
 
-Version: 1.11.5  |  Generated: 2026-04-30T16:31:53.616Z
+Version: 1.11.7  |  Generated: 2026-05-02T09:06:52.034Z
 
 This is a concise summary of all available API functions and types.
 
@@ -5153,6 +5153,10 @@ interface InteractionPermissions {
   * Authenticated summary visibility (counts, aggregates) when user is signed in.
   allowAuthenticatedSummary?: boolean
   allowOwnRead?: boolean
+  uniquePerAnonId?: boolean
+  * Time window in seconds for `uniquePerAnonId` enforcement.
+  * `0` or omitted means all-time deduplication.
+  uniquePerAnonIdWindowSeconds?: number
 }
 ```
 
@@ -5220,6 +5224,30 @@ interface ListInteractionTypesQuery {
 }
 ```
 
+**SubmitInteractionResponse** (interface)
+```typescript
+interface SubmitInteractionResponse {
+  success: true
+  eventId: string
+}
+```
+
+**SubmitInteractionError** (interface)
+```typescript
+interface SubmitInteractionError {
+  error: 'FORBIDDEN'
+  reason:
+  | 'not_public'
+  | 'auth_required'
+  | 'duplicate'
+  | 'duplicate_anon'
+  | 'disabled'
+  | 'before_start'
+  | 'after_end'
+  | 'origin_forbidden'
+}
+```
+
 ### jobs
 
 **Job** (interface)
@@ -8333,47 +8361,47 @@ POST /admin/collection/:collectionId/interactions/append Appends one interaction
 POST /admin/collection/:collectionId/interactions/append Appends one interaction event.
 
 **submitPublicEvent**(collectionId: string,
-    body: AppendInteractionBody) → `Promise<`
-Appends one interaction event from a public source.
+    body: AppendInteractionBody) → `Promise<SubmitInteractionResponse | SubmitInteractionError>`
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **create**(collectionId: string,
     body: CreateInteractionTypeBody) → `Promise<InteractionTypeRecord>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **list**(collectionId: string,
     query: ListInteractionTypesQuery = {}) → `Promise<InteractionTypeList>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **get**(collectionId: string,
     id: string) → `Promise<InteractionTypeRecord>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **update**(collectionId: string,
     id: string,
     patchBody: UpdateInteractionTypeBody) → `Promise<InteractionTypeRecord>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **remove**(collectionId: string,
     id: string) → `Promise<void>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **publicCountsByOutcome**(collectionId: string,
     body: PublicInteractionsCountsByOutcomeRequest,
     authToken?: string) → `Promise<OutcomeCount[]>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **publicMyInteractions**(collectionId: string,
     body: PublicInteractionsByUserRequest,
     authToken?: string) → `Promise<InteractionEventRow[]>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **publicList**(collectionId: string,
     query: ListInteractionTypesQuery = {}) → `Promise<InteractionTypeList>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **publicGet**(collectionId: string,
     id: string) → `Promise<InteractionTypeRecord>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 ### jobs
 

package/dist/docs/app-objects.md

@@ -85,6 +85,7 @@ Zones are **automatically filtered** based on the caller's role:
 ### Zone Writing Rules
 
 - **Non-admin callers** attempting to write to the `admin` zone are silently ignored
+- **Authenticated record owners** can write to `data` and `owner` by default; individual keys can be restricted via the `ownerEdit` app config policy (see [Owner Edit Policy](#owner-edit-policy) below)
 - **Public callers** can write to `data` and `owner` (if visibility allows)
 - **Admins** can write to all three zones
 
@@ -1098,6 +1099,61 @@ The `enforce` values are **merged over** the caller's request body, so you can l
 
 ---
 
+## Owner Edit Policy
+
+Gives per-zone, field-level control over what an **authenticated record owner** can update via `PATCH /api/v1/public/collection/:collectionId/app/:appId/records/:recordId`.
+
+Set the policy in the same app config document used for `publicCreate` (stored at `sites/{collectionId}/apps/{appId}`):
+
+```json
+{
+  "ownerEdit": {
+    "records": {
+      "data":  { "allow": ["paypalEmail"] },
+      "owner": { "allow": ["paypalEmail", "paypalEmailUpdatedAt"] }
+    }
+  }
+}
+```
+
+### Zone visibility and write access
+
+| Zone    | Who can read           | Who can write (owner)                                    |
+|---------|------------------------|----------------------------------------------------------|
+| `data`  | public                 | Allow-listed keys only (if policy set); all keys if not  |
+| `owner` | owner + admin          | Allow-listed keys only (if policy set); all keys if not  |
+| `admin` | admin                  | Never — admin zone is always immutable to owners         |
+
+### Allow-list semantics
+
+| Config                     | Behaviour                                                                     |
+|----------------------------|-------------------------------------------------------------------------------|
+| No `ownerEdit` key         | Default-allow — both zones fully writable (no change to existing behaviour)   |
+| `allow` array with keys    | Only the listed keys are accepted from the PATCH body; the rest are silently ignored and their existing values preserved |
+| `allow: []` (empty array)  | Zone is effectively read-only for the owner                                   |
+
+Accepted keys are **merged** onto the existing zone blob — you do not need to re-send unchanged values.
+
+### Example: commission record with protected fields
+
+An app that lets owners update their payout email but not their commission total:
+
+```json
+{
+  "ownerEdit": {
+    "records": {
+      "owner": { "allow": ["paypalEmail", "paypalEmailUpdatedAt"] }
+    }
+  }
+}
+```
+
+A PATCH body of `{ "owner": { "paypalEmail": "x@y.com", "totalCommission": 99 } }` will update `paypalEmail` only. `totalCommission` is silently ignored and its existing value is preserved.
+
+> **App design note:** If your app creates records with sensitive fields that owners should never modify (e.g. computed totals, server-assigned fields), add an `ownerEdit` policy from the start. It is significantly easier to relax restrictions later than to tighten them after data has been mutated.
+
+---
+
 ## Anonymous Edit Tokens
 
 Enables an anonymous caller to amend a record they just created — without authentication — by presenting a short-lived secret token.

package/dist/docs/interactions.md

@@ -119,18 +119,37 @@ await SL.interactions.appendEvent(collectionId, {
 
 ### Public Event Submit
 
-Use in client-side app code. Same body shape as `appendEvent` but hits the public endpoint (respects interaction permissions like `allowPublicSubmit`, `requireAuth`).
+Use in client-side app code. Hits the public endpoint and respects interaction permissions (`allowPublicSubmit`, `allowAnonymousSubmit`, `requireAuth`, etc.).
 
 ```typescript
+// Authenticated submission
 await SL.interactions.submitPublicEvent(collectionId, {
   appId: 'my-app',
   interactionId: 'competition-entry',
   outcome: 'entered',
-  userId: currentUser.id,
+  contactId: currentUser.contactId,
   metadata: { answer: 'Paris' },
 });
+
+// Anonymous submission (interaction must have allowAnonymousSubmit: true)
+const response = await SL.interactions.submitPublicEvent(collectionId, {
+  appId: 'my-app',
+  interactionId: 'nps-score',
+  outcome: '9',
+  metadata: {
+    anonId: SL.utils.getAnonId(),  // device-level dedup signal
+  },
+});
+
+if (!response.success) {
+  if (response.reason === 'duplicate_anon') {
+    // this device has already submitted
+  }
+}
 ```
 
+> **Anonymous submissions** — when `allowAnonymousSubmit: true` is set on the interaction, neither `userId` nor `contactId` is required. Use `utils.getAnonId()` to generate a stable browser-local UUID and pass it as `metadata.anonId`; the server will enforce `uniquePerAnonId` if configured.
+
 ### Update an Existing Event
 
 ```typescript
@@ -237,6 +256,8 @@ Set on the interaction type definition via `permissions`:
 | `uniquePerUser` | boolean | Prevent duplicate submissions per user |
 | `uniquePerUserWindowSeconds` | number | Time window for uniqueness (e.g., `86400` = 1 day) |
 | `uniqueOutcome` | string | Outcome tag to check for duplicates (e.g., `"submitted"`) |
+| `uniquePerAnonId` | boolean | Reject a second submission that carries the same `anonId` in metadata |
+| `uniquePerAnonIdWindowSeconds` | number | Time window for `uniquePerAnonId` enforcement; `0` or omitted = all-time |
 | `allowPublicSummary` | boolean | Show counts/aggregates to unauthenticated users |
 | `allowAuthenticatedSummary` | boolean | Show counts/aggregates to authenticated users |
 | `allowOwnRead` | boolean | Let users read their own event history via public API |
@@ -263,8 +284,10 @@ When defining a journey trigger, reference the `interactionId` that should fire
 
 ```typescript
 import type {
-  AppendInteractionBody,          // Event body for appendEvent / submitPublicEvent
+  AppendInteractionBody,          // Event body for appendEvent and submitPublicEvent
   UpdateInteractionBody,          // Event body for updateEvent
+  SubmitInteractionResponse,      // { success: true; eventId: string }
+  SubmitInteractionError,         // { error: 'FORBIDDEN'; reason: string }
   InteractionEventRow,            // Raw event record returned by query()
   OutcomeCount,                   // { outcome: string | null; count: number }
   InteractionPermissions,         // Full permissions config shape

package/dist/openapi.yaml

@@ -10355,6 +10355,40 @@ paths:
           application/json:
             schema:
               $ref: "#/components/schemas/PublicInteractionsCountsByOutcomeRequest"
+  /public/collection/{collectionId}/interactions/submit:
+    post:
+      tags:
+        - interactions
+      summary: "POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context."
+      operationId: interactions_submitPublicEvent
+      security: []
+      parameters:
+        - name: collectionId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                oneOf:
+                  - $ref: "#/components/schemas/SubmitInteractionResponse"
+                  - $ref: "#/components/schemas/SubmitInteractionError"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/AppendInteractionBody"
   /public/collection/{collectionId}/interactions/{id}:
     get:
       tags:
@@ -20187,6 +20221,10 @@ components:
           type: boolean
         allowOwnRead:
           type: boolean
+        uniquePerAnonId:
+          type: boolean
+        uniquePerAnonIdWindowSeconds:
+          type: number
     InteractionDisplay:
       type: object
       properties:
@@ -20275,6 +20313,26 @@ components:
           type: number
         offset:
           type: number
+    SubmitInteractionResponse:
+      type: object
+      properties:
+        success:
+          type: object
+          additionalProperties: true
+        eventId:
+          type: string
+      required:
+        - success
+        - eventId
+    SubmitInteractionError:
+      type: object
+      properties:
+        error:
+          type: string
+          enum:
+            - FORBIDDEN
+      required:
+        - error
     Job:
       type: object
       properties:

package/dist/types/interaction.d.ts

@@ -162,6 +162,13 @@ export interface InteractionPermissions {
     allowAuthenticatedSummary?: boolean;
     /** Allow an authenticated user to read their own interaction history via the public API. */
     allowOwnRead?: boolean;
+    /** Reject a second submission that carries the same `anonId` in metadata. */
+    uniquePerAnonId?: boolean;
+    /**
+     * Time window in seconds for `uniquePerAnonId` enforcement.
+     * `0` or omitted means all-time deduplication.
+     */
+    uniquePerAnonIdWindowSeconds?: number;
 }
 export interface InteractionDisplay {
     title?: string;
@@ -203,3 +210,11 @@ export interface ListInteractionTypesQuery {
     limit?: number;
     offset?: number;
 }
+export interface SubmitInteractionResponse {
+    success: true;
+    eventId: string;
+}
+export interface SubmitInteractionError {
+    error: 'FORBIDDEN';
+    reason: 'not_public' | 'auth_required' | 'duplicate' | 'duplicate_anon' | 'disabled' | 'before_start' | 'after_end' | 'origin_forbidden';
+}

package/dist/utils/anonId.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Returns a stable anonymous device ID stored in `localStorage`.
+ *
+ * On first call a random UUID is generated and persisted. All subsequent calls
+ * from the same browser return the same value. Returns `null` during SSR or in
+ * any environment without `window` (safe to call universally).
+ *
+ * The value is scoped to the browser's `localStorage` and is cleared if the
+ * user clears site data. It does **not** create any contact or user record on
+ * the server.
+ *
+ * Pass the result in `metadata.anonId` when submitting interactions to enable
+ * device-level deduplication via `uniquePerAnonId`.
+ *
+ * @example
+ * ```ts
+ * import { utils } from '@proveanything/smartlinks'
+ *
+ * const response = await interactions.submitPublicEvent(collectionId, {
+ *   appId: 'my-app',
+ *   interactionId: 'nps-score',
+ *   outcome: '9',
+ *   metadata: { anonId: utils.getAnonId() },
+ * })
+ * ```
+ */
+export declare function getAnonId(): string | null;

package/dist/utils/anonId.js

@@ -0,0 +1,38 @@
+// src/utils/anonId.ts
+const ANON_ID_KEY = '_pa_anon_id';
+/**
+ * Returns a stable anonymous device ID stored in `localStorage`.
+ *
+ * On first call a random UUID is generated and persisted. All subsequent calls
+ * from the same browser return the same value. Returns `null` during SSR or in
+ * any environment without `window` (safe to call universally).
+ *
+ * The value is scoped to the browser's `localStorage` and is cleared if the
+ * user clears site data. It does **not** create any contact or user record on
+ * the server.
+ *
+ * Pass the result in `metadata.anonId` when submitting interactions to enable
+ * device-level deduplication via `uniquePerAnonId`.
+ *
+ * @example
+ * ```ts
+ * import { utils } from '@proveanything/smartlinks'
+ *
+ * const response = await interactions.submitPublicEvent(collectionId, {
+ *   appId: 'my-app',
+ *   interactionId: 'nps-score',
+ *   outcome: '9',
+ *   metadata: { anonId: utils.getAnonId() },
+ * })
+ * ```
+ */
+export function getAnonId() {
+    if (typeof window === 'undefined')
+        return null;
+    let id = window.localStorage.getItem(ANON_ID_KEY);
+    if (!id) {
+        id = crypto.randomUUID();
+        window.localStorage.setItem(ANON_ID_KEY, id);
+    }
+    return id;
+}

package/dist/utils/index.d.ts

@@ -4,3 +4,4 @@
  */
 export * from './paths';
 export * from './conditions';
+export * from './anonId';

package/dist/utils/index.js

@@ -5,3 +5,4 @@
  */
 export * from './paths';
 export * from './conditions';
+export * from './anonId';

package/docs/API_SUMMARY.md

@@ -1,6 +1,6 @@
 # Smartlinks API Summary
 
-Version: 1.11.5  |  Generated: 2026-04-30T16:31:53.616Z
+Version: 1.11.7  |  Generated: 2026-05-02T09:06:52.034Z
 
 This is a concise summary of all available API functions and types.
 
@@ -5153,6 +5153,10 @@ interface InteractionPermissions {
   * Authenticated summary visibility (counts, aggregates) when user is signed in.
   allowAuthenticatedSummary?: boolean
   allowOwnRead?: boolean
+  uniquePerAnonId?: boolean
+  * Time window in seconds for `uniquePerAnonId` enforcement.
+  * `0` or omitted means all-time deduplication.
+  uniquePerAnonIdWindowSeconds?: number
 }
 ```
 
@@ -5220,6 +5224,30 @@ interface ListInteractionTypesQuery {
 }
 ```
 
+**SubmitInteractionResponse** (interface)
+```typescript
+interface SubmitInteractionResponse {
+  success: true
+  eventId: string
+}
+```
+
+**SubmitInteractionError** (interface)
+```typescript
+interface SubmitInteractionError {
+  error: 'FORBIDDEN'
+  reason:
+  | 'not_public'
+  | 'auth_required'
+  | 'duplicate'
+  | 'duplicate_anon'
+  | 'disabled'
+  | 'before_start'
+  | 'after_end'
+  | 'origin_forbidden'
+}
+```
+
 ### jobs
 
 **Job** (interface)
@@ -8333,47 +8361,47 @@ POST /admin/collection/:collectionId/interactions/append Appends one interaction
 POST /admin/collection/:collectionId/interactions/append Appends one interaction event.
 
 **submitPublicEvent**(collectionId: string,
-    body: AppendInteractionBody) → `Promise<`
-Appends one interaction event from a public source.
+    body: AppendInteractionBody) → `Promise<SubmitInteractionResponse | SubmitInteractionError>`
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **create**(collectionId: string,
     body: CreateInteractionTypeBody) → `Promise<InteractionTypeRecord>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **list**(collectionId: string,
     query: ListInteractionTypesQuery = {}) → `Promise<InteractionTypeList>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **get**(collectionId: string,
     id: string) → `Promise<InteractionTypeRecord>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **update**(collectionId: string,
     id: string,
     patchBody: UpdateInteractionTypeBody) → `Promise<InteractionTypeRecord>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **remove**(collectionId: string,
     id: string) → `Promise<void>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **publicCountsByOutcome**(collectionId: string,
     body: PublicInteractionsCountsByOutcomeRequest,
     authToken?: string) → `Promise<OutcomeCount[]>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **publicMyInteractions**(collectionId: string,
     body: PublicInteractionsByUserRequest,
     authToken?: string) → `Promise<InteractionEventRow[]>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **publicList**(collectionId: string,
     query: ListInteractionTypesQuery = {}) → `Promise<InteractionTypeList>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 **publicGet**(collectionId: string,
     id: string) → `Promise<InteractionTypeRecord>`
-Appends one interaction event from a public source.
+POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context. When the interaction has `allowAnonymousSubmit: true`, neither `userId` nor `contactId` is required. Pass `anonId` inside `metadata` to enable device-level deduplication via `uniquePerAnonId`.
 
 ### jobs
 

package/docs/app-objects.md

@@ -85,6 +85,7 @@ Zones are **automatically filtered** based on the caller's role:
 ### Zone Writing Rules
 
 - **Non-admin callers** attempting to write to the `admin` zone are silently ignored
+- **Authenticated record owners** can write to `data` and `owner` by default; individual keys can be restricted via the `ownerEdit` app config policy (see [Owner Edit Policy](#owner-edit-policy) below)
 - **Public callers** can write to `data` and `owner` (if visibility allows)
 - **Admins** can write to all three zones
 
@@ -1098,6 +1099,61 @@ The `enforce` values are **merged over** the caller's request body, so you can l
 
 ---
 
+## Owner Edit Policy
+
+Gives per-zone, field-level control over what an **authenticated record owner** can update via `PATCH /api/v1/public/collection/:collectionId/app/:appId/records/:recordId`.
+
+Set the policy in the same app config document used for `publicCreate` (stored at `sites/{collectionId}/apps/{appId}`):
+
+```json
+{
+  "ownerEdit": {
+    "records": {
+      "data":  { "allow": ["paypalEmail"] },
+      "owner": { "allow": ["paypalEmail", "paypalEmailUpdatedAt"] }
+    }
+  }
+}
+```
+
+### Zone visibility and write access
+
+| Zone    | Who can read           | Who can write (owner)                                    |
+|---------|------------------------|----------------------------------------------------------|
+| `data`  | public                 | Allow-listed keys only (if policy set); all keys if not  |
+| `owner` | owner + admin          | Allow-listed keys only (if policy set); all keys if not  |
+| `admin` | admin                  | Never — admin zone is always immutable to owners         |
+
+### Allow-list semantics
+
+| Config                     | Behaviour                                                                     |
+|----------------------------|-------------------------------------------------------------------------------|
+| No `ownerEdit` key         | Default-allow — both zones fully writable (no change to existing behaviour)   |
+| `allow` array with keys    | Only the listed keys are accepted from the PATCH body; the rest are silently ignored and their existing values preserved |
+| `allow: []` (empty array)  | Zone is effectively read-only for the owner                                   |
+
+Accepted keys are **merged** onto the existing zone blob — you do not need to re-send unchanged values.
+
+### Example: commission record with protected fields
+
+An app that lets owners update their payout email but not their commission total:
+
+```json
+{
+  "ownerEdit": {
+    "records": {
+      "owner": { "allow": ["paypalEmail", "paypalEmailUpdatedAt"] }
+    }
+  }
+}
+```
+
+A PATCH body of `{ "owner": { "paypalEmail": "x@y.com", "totalCommission": 99 } }` will update `paypalEmail` only. `totalCommission` is silently ignored and its existing value is preserved.
+
+> **App design note:** If your app creates records with sensitive fields that owners should never modify (e.g. computed totals, server-assigned fields), add an `ownerEdit` policy from the start. It is significantly easier to relax restrictions later than to tighten them after data has been mutated.
+
+---
+
 ## Anonymous Edit Tokens
 
 Enables an anonymous caller to amend a record they just created — without authentication — by presenting a short-lived secret token.

package/docs/interactions.md

@@ -119,18 +119,37 @@ await SL.interactions.appendEvent(collectionId, {
 
 ### Public Event Submit
 
-Use in client-side app code. Same body shape as `appendEvent` but hits the public endpoint (respects interaction permissions like `allowPublicSubmit`, `requireAuth`).
+Use in client-side app code. Hits the public endpoint and respects interaction permissions (`allowPublicSubmit`, `allowAnonymousSubmit`, `requireAuth`, etc.).
 
 ```typescript
+// Authenticated submission
 await SL.interactions.submitPublicEvent(collectionId, {
   appId: 'my-app',
   interactionId: 'competition-entry',
   outcome: 'entered',
-  userId: currentUser.id,
+  contactId: currentUser.contactId,
   metadata: { answer: 'Paris' },
 });
+
+// Anonymous submission (interaction must have allowAnonymousSubmit: true)
+const response = await SL.interactions.submitPublicEvent(collectionId, {
+  appId: 'my-app',
+  interactionId: 'nps-score',
+  outcome: '9',
+  metadata: {
+    anonId: SL.utils.getAnonId(),  // device-level dedup signal
+  },
+});
+
+if (!response.success) {
+  if (response.reason === 'duplicate_anon') {
+    // this device has already submitted
+  }
+}
 ```
 
+> **Anonymous submissions** — when `allowAnonymousSubmit: true` is set on the interaction, neither `userId` nor `contactId` is required. Use `utils.getAnonId()` to generate a stable browser-local UUID and pass it as `metadata.anonId`; the server will enforce `uniquePerAnonId` if configured.
+
 ### Update an Existing Event
 
 ```typescript
@@ -237,6 +256,8 @@ Set on the interaction type definition via `permissions`:
 | `uniquePerUser` | boolean | Prevent duplicate submissions per user |
 | `uniquePerUserWindowSeconds` | number | Time window for uniqueness (e.g., `86400` = 1 day) |
 | `uniqueOutcome` | string | Outcome tag to check for duplicates (e.g., `"submitted"`) |
+| `uniquePerAnonId` | boolean | Reject a second submission that carries the same `anonId` in metadata |
+| `uniquePerAnonIdWindowSeconds` | number | Time window for `uniquePerAnonId` enforcement; `0` or omitted = all-time |
 | `allowPublicSummary` | boolean | Show counts/aggregates to unauthenticated users |
 | `allowAuthenticatedSummary` | boolean | Show counts/aggregates to authenticated users |
 | `allowOwnRead` | boolean | Let users read their own event history via public API |
@@ -263,8 +284,10 @@ When defining a journey trigger, reference the `interactionId` that should fire
 
 ```typescript
 import type {
-  AppendInteractionBody,          // Event body for appendEvent / submitPublicEvent
+  AppendInteractionBody,          // Event body for appendEvent and submitPublicEvent
   UpdateInteractionBody,          // Event body for updateEvent
+  SubmitInteractionResponse,      // { success: true; eventId: string }
+  SubmitInteractionError,         // { error: 'FORBIDDEN'; reason: string }
   InteractionEventRow,            // Raw event record returned by query()
   OutcomeCount,                   // { outcome: string | null; count: number }
   InteractionPermissions,         // Full permissions config shape

package/openapi.yaml

@@ -10355,6 +10355,40 @@ paths:
           application/json:
             schema:
               $ref: "#/components/schemas/PublicInteractionsCountsByOutcomeRequest"
+  /public/collection/{collectionId}/interactions/submit:
+    post:
+      tags:
+        - interactions
+      summary: "POST /api/v1/public/collection/:collectionId/interactions/submit Submits an interaction event from a public/client-side context."
+      operationId: interactions_submitPublicEvent
+      security: []
+      parameters:
+        - name: collectionId
+          in: path
+          required: true
+          schema:
+            type: string
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                oneOf:
+                  - $ref: "#/components/schemas/SubmitInteractionResponse"
+                  - $ref: "#/components/schemas/SubmitInteractionError"
+        400:
+          description: Bad request
+        401:
+          description: Unauthorized
+        404:
+          description: Not found
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: "#/components/schemas/AppendInteractionBody"
   /public/collection/{collectionId}/interactions/{id}:
     get:
       tags:
@@ -20187,6 +20221,10 @@ components:
           type: boolean
         allowOwnRead:
           type: boolean
+        uniquePerAnonId:
+          type: boolean
+        uniquePerAnonIdWindowSeconds:
+          type: number
     InteractionDisplay:
       type: object
       properties:
@@ -20275,6 +20313,26 @@ components:
           type: number
         offset:
           type: number
+    SubmitInteractionResponse:
+      type: object
+      properties:
+        success:
+          type: object
+          additionalProperties: true
+        eventId:
+          type: string
+      required:
+        - success
+        - eventId
+    SubmitInteractionError:
+      type: object
+      properties:
+        error:
+          type: string
+          enum:
+            - FORBIDDEN
+      required:
+        - error
     Job:
       type: object
       properties:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@proveanything/smartlinks",
-  "version": "1.11.5",
+  "version": "1.11.7",
   "description": "Official JavaScript/TypeScript SDK for the Smartlinks API",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",