@rovela-ai/sdk 0.4.3 → 0.5.2

package/dist/analytics/api/track.js

@@ -0,0 +1,233 @@
+/**
+ * @rovela-ai/sdk/analytics/api/track
+ *
+ * POST /api/analytics/track
+ *
+ * Public endpoint — no auth (events are pseudonymous). Mounted by the store
+ * template via `export { POST } from '@rovela-ai/sdk/analytics/api/track'`.
+ *
+ * Discipline:
+ *  - Bot UA → 204 (silent drop)
+ *  - Admin-cookie present → 204 (no self-bias from merchant)
+ *  - Validation failure → 400 (still safe; only thing it leaks is "bad shape")
+ *  - DB insert failure → 204 (analytics MUST NEVER break the visitor flow;
+ *    recordEvent swallows internally)
+ *
+ * sendBeacon() from the client sends Content-Type: text/plain by default;
+ * we parse JSON manually rather than rely on Next.js request.json().
+ */
+import { NextResponse } from 'next/server';
+import { recordEvent } from '../server/queries';
+import { isBotUserAgent, deviceFromUserAgent, referrerHost, normalizePath, clip, safeCountry, } from '../server/normalize';
+// =============================================================================
+// Inline validation (no Zod dep — keep SDK lean; the rules are explicit and
+// the surface is bounded by AnalyticsEventKind)
+// =============================================================================
+const VALID_KINDS = new Set([
+    'page_view',
+    'session_start',
+    'session_heartbeat',
+    'session_end',
+    'view_item_list',
+    'view_item',
+    'select_item',
+    'add_to_cart',
+    'view_cart',
+    'begin_checkout',
+    'add_shipping_info',
+    'purchase',
+    'refund',
+]);
+const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function isString(v) {
+    return typeof v === 'string' && v.length > 0;
+}
+function isUuid(v) {
+    return isString(v) && UUID_RE.test(v);
+}
+function isNumber(v) {
+    return typeof v === 'number' && Number.isFinite(v);
+}
+function validate(raw) {
+    if (!raw || typeof raw !== 'object')
+        return { ok: false, error: 'body must be an object' };
+    const o = raw;
+    if (!isUuid(o.visitor_id))
+        return { ok: false, error: 'visitor_id must be a uuid' };
+    if (!isUuid(o.session_id))
+        return { ok: false, error: 'session_id must be a uuid' };
+    if (!isString(o.event) || !VALID_KINDS.has(o.event)) {
+        return { ok: false, error: 'event must be a known kind' };
+    }
+    if (!isString(o.path))
+        return { ok: false, error: 'path must be a non-empty string' };
+    // Per-kind required fields (skip server-side fields like ts/device/country)
+    const kind = o.event;
+    switch (kind) {
+        case 'view_item':
+        case 'view_cart':
+        case 'begin_checkout':
+        case 'add_shipping_info':
+            if (!isNumber(o.value_cents) || !isString(o.currency)) {
+                return { ok: false, error: `${kind} requires value_cents + currency` };
+            }
+            if (kind === 'view_item' && !isUuid(o.product_id)) {
+                return { ok: false, error: 'view_item requires product_id' };
+            }
+            break;
+        case 'view_item_list':
+            if (!isUuid(o.category_id)) {
+                return { ok: false, error: 'view_item_list requires category_id' };
+            }
+            break;
+        case 'select_item':
+            if (!isUuid(o.product_id)) {
+                return { ok: false, error: 'select_item requires product_id' };
+            }
+            break;
+        case 'add_to_cart':
+            if (!isUuid(o.product_id) ||
+                !isNumber(o.quantity) ||
+                !isNumber(o.value_cents) ||
+                !isString(o.currency)) {
+                return {
+                    ok: false,
+                    error: 'add_to_cart requires product_id, quantity, value_cents, currency',
+                };
+            }
+            break;
+        case 'purchase':
+        case 'refund':
+            // Server-fired only — client posts to track are rejected. Stripe webhook
+            // wrapper calls recordEvent() directly, bypassing this validation path.
+            return { ok: false, error: `${kind} is server-fired only` };
+        // page_view + session_start — identity + path is enough
+    }
+    // Build the validated event with explicit field selection.
+    const base = {
+        visitor_id: o.visitor_id,
+        session_id: o.session_id,
+        path: normalizePath(o.path),
+        referrer: referrerHost(o.referrer ?? null),
+        utm_source: clip(o.utm_source, 100),
+        utm_medium: clip(o.utm_medium, 100),
+        utm_campaign: clip(o.utm_campaign, 200),
+    };
+    let payload;
+    switch (kind) {
+        case 'page_view':
+        case 'session_start':
+        case 'session_heartbeat':
+        case 'session_end':
+            payload = { event: kind, ...base };
+            break;
+        case 'view_item_list':
+            payload = {
+                event: 'view_item_list',
+                category_id: o.category_id,
+                ...base,
+            };
+            break;
+        case 'view_item':
+            payload = {
+                event: 'view_item',
+                product_id: o.product_id,
+                value_cents: Math.round(o.value_cents),
+                currency: o.currency.slice(0, 3).toUpperCase(),
+                ...base,
+            };
+            break;
+        case 'select_item':
+            payload = {
+                event: 'select_item',
+                product_id: o.product_id,
+                category_id: isUuid(o.category_id) ? o.category_id : null,
+                ...base,
+            };
+            break;
+        case 'add_to_cart':
+            payload = {
+                event: 'add_to_cart',
+                product_id: o.product_id,
+                variant_id: isUuid(o.variant_id) ? o.variant_id : null,
+                quantity: Math.round(o.quantity),
+                value_cents: Math.round(o.value_cents),
+                currency: o.currency.slice(0, 3).toUpperCase(),
+                ...base,
+            };
+            break;
+        case 'view_cart':
+            payload = {
+                event: 'view_cart',
+                value_cents: Math.round(o.value_cents),
+                currency: o.currency.slice(0, 3).toUpperCase(),
+                ...base,
+            };
+            break;
+        case 'begin_checkout':
+            payload = {
+                event: 'begin_checkout',
+                value_cents: Math.round(o.value_cents),
+                currency: o.currency.slice(0, 3).toUpperCase(),
+                ...base,
+            };
+            break;
+        case 'add_shipping_info':
+            payload = {
+                event: 'add_shipping_info',
+                value_cents: Math.round(o.value_cents),
+                currency: o.currency.slice(0, 3).toUpperCase(),
+                ...base,
+            };
+            break;
+        default:
+            // Exhaustiveness — purchase/refund handled above
+            return { ok: false, error: 'unsupported kind' };
+    }
+    return { ok: true, event: { ...base, ...payload } };
+}
+// =============================================================================
+// Admin-cookie sniff (exclude merchant self-traffic)
+// =============================================================================
+const ADMIN_COOKIE_NAMES = [
+    '__Secure-rovela.admin.session-token',
+    'rovela.admin.session-token',
+];
+function hasAdminSession(cookieHeader) {
+    if (!cookieHeader)
+        return false;
+    return ADMIN_COOKIE_NAMES.some((n) => cookieHeader.includes(`${n}=`));
+}
+// =============================================================================
+// Handler
+// =============================================================================
+export async function POST(request) {
+    // sendBeacon defaults to text/plain; parse JSON manually.
+    let raw;
+    try {
+        const text = await request.text();
+        raw = text ? JSON.parse(text) : null;
+    }
+    catch {
+        return new NextResponse(null, { status: 204 });
+    }
+    // Bot check — silent drop
+    const ua = request.headers.get('user-agent');
+    if (isBotUserAgent(ua)) {
+        return new NextResponse(null, { status: 204 });
+    }
+    // Admin-cookie sniff — silent drop (don't bias merchant's own metrics)
+    if (hasAdminSession(request.headers.get('cookie'))) {
+        return new NextResponse(null, { status: 204 });
+    }
+    const validation = validate(raw);
+    if (!validation.ok) {
+        return NextResponse.json({ error: validation.error }, { status: 400 });
+    }
+    const device = deviceFromUserAgent(ua);
+    const country = safeCountry(request.headers.get('x-vercel-ip-country'));
+    // Best-effort insert — recordEvent swallows errors internally.
+    await recordEvent({ event: validation.event, device, country });
+    return new NextResponse(null, { status: 204 });
+}
+//# sourceMappingURL=track.js.map

package/dist/analytics/api/track.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"track.js","sourceRoot":"","sources":["../../../src/analytics/api/track.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,YAAY,EACZ,aAAa,EACb,IAAI,EACJ,WAAW,GACZ,MAAM,qBAAqB,CAAA;AAO5B,gFAAgF;AAChF,4EAA4E;AAC5E,gDAAgD;AAChD,gFAAgF;AAEhF,MAAM,WAAW,GAAG,IAAI,GAAG,CAAqB;IAC9C,WAAW;IACX,eAAe;IACf,mBAAmB;IACnB,aAAa;IACb,gBAAgB;IAChB,WAAW;IACX,aAAa;IACb,aAAa;IACb,WAAW;IACX,gBAAgB;IAChB,mBAAmB;IACnB,UAAU;IACV,QAAQ;CACT,CAAC,CAAA;AAEF,MAAM,OAAO,GAAG,iEAAiE,CAAA;AAWjF,SAAS,QAAQ,CAAC,CAAU;IAC1B,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAA;AAC9C,CAAC;AACD,SAAS,MAAM,CAAC,CAAU;IACxB,OAAO,QAAQ,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACvC,CAAC;AACD,SAAS,QAAQ,CAAC,CAAU;IAC1B,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAA;AACpD,CAAC;AAED,SAAS,QAAQ,CAAC,GAAY;IAC5B,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAA;IAC1F,MAAM,CAAC,GAAG,GAA8B,CAAA;IAExC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAA;IACnF,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAA;IACnF,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,KAA2B,CAAC,EAAE,CAAC;QAC1E,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAA;IAC3D,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iCAAiC,EAAE,CAAA;IAErF,4EAA4E;IAC5E,MAAM,IAAI,GAAG,CAAC,CAAC,KAA2B,CAAA;IAC1C,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC;QACjB,KAAK,WAAW,CAAC;QACjB,KAAK,gBAAgB,CAAC;QACtB,KAAK,mBAAmB;YACtB,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACtD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,IAAI,kCAAkC,EAAE,CAAA;YACxE,CAAC;YACD,IAAI,IAAI,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC;gBAClD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAA;YAC9D,CAAC;YACD,MAAK;QACP,KAAK,gBAAgB;YACnB,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAA;YACpE,CAAC;YACD,MAAK;QACP,KAAK,aAAa;YAChB,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC1B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iCAAiC,EAAE,CAAA;YAChE,CAAC;YACD,MAAK;QACP,KAAK,aAAa;YAChB,IACE,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC;gBACrB,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC;gBACrB,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC;gBACxB,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,EACrB,CAAC;gBACD,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,KAAK,EAAE,kEAAkE;iBAC1E,CAAA;YACH,CAAC;YACD,MAAK;QACP,KAAK,UAAU,CAAC;QAChB,KAAK,QAAQ;YACX,yEAAyE;YACzE,wEAAwE;YACxE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,IAAI,uBAAuB,EAAE,CAAA;QAC7D,wDAAwD;IAC1D,CAAC;IAED,2DAA2D;IAC3D,MAAM,IAAI,GAAG;QACX,UAAU,EAAE,CAAC,CAAC,UAAoB;QAClC,UAAU,EAAE,CAAC,CAAC,UAAoB;QAClC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,IAAc,CAAC;QACrC,QAAQ,EAAE,YAAY,CAAE,CAAC,CAAC,QAA+B,IAAI,IAAI,CAAC;QAClE,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,UAAgC,EAAE,GAAG,CAAC;QACzD,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,UAAgC,EAAE,GAAG,CAAC;QACzD,YAAY,EAAE,IAAI,CAAC,CAAC,CAAC,YAAkC,EAAE,GAAG,CAAC;KAC9D,CAAA;IAED,IAAI,OAAyB,CAAA;IAC7B,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,WAAW,CAAC;QACjB,KAAK,eAAe,CAAC;QACrB,KAAK,mBAAmB,CAAC;QACzB,KAAK,aAAa;YAChB,OAAO,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,IAAI,EAAE,CAAA;YAClC,MAAK;QACP,KAAK,gBAAgB;YACnB,OAAO,GAAG;gBACR,KAAK,EAAE,gBAAgB;gBACvB,WAAW,EAAE,CAAC,CAAC,WAAqB;gBACpC,GAAG,IAAI;aACR,CAAA;YACD,MAAK;QACP,KAAK,WAAW;YACd,OAAO,GAAG;gBACR,KAAK,EAAE,WAAW;gBAClB,UAAU,EAAE,CAAC,CAAC,UAAoB;gBAClC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,WAAqB,CAAC;gBAChD,QAAQ,EAAG,CAAC,CAAC,QAAmB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE;gBAC1D,GAAG,IAAI;aACR,CAAA;YACD,MAAK;QACP,KAAK,aAAa;YAChB,OAAO,GAAG;gBACR,KAAK,EAAE,aAAa;gBACpB,UAAU,EAAE,CAAC,CAAC,UAAoB;gBAClC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC,WAAsB,CAAC,CAAC,CAAC,IAAI;gBACrE,GAAG,IAAI;aACR,CAAA;YACD,MAAK;QACP,KAAK,aAAa;YAChB,OAAO,GAAG;gBACR,KAAK,EAAE,aAAa;gBACpB,UAAU,EAAE,CAAC,CAAC,UAAoB;gBAClC,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC,UAAqB,CAAC,CAAC,CAAC,IAAI;gBAClE,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,QAAkB,CAAC;gBAC1C,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,WAAqB,CAAC;gBAChD,QAAQ,EAAG,CAAC,CAAC,QAAmB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE;gBAC1D,GAAG,IAAI;aACR,CAAA;YACD,MAAK;QACP,KAAK,WAAW;YACd,OAAO,GAAG;gBACR,KAAK,EAAE,WAAW;gBAClB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,WAAqB,CAAC;gBAChD,QAAQ,EAAG,CAAC,CAAC,QAAmB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE;gBAC1D,GAAG,IAAI;aACR,CAAA;YACD,MAAK;QACP,KAAK,gBAAgB;YACnB,OAAO,GAAG;gBACR,KAAK,EAAE,gBAAgB;gBACvB,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,WAAqB,CAAC;gBAChD,QAAQ,EAAG,CAAC,CAAC,QAAmB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE;gBAC1D,GAAG,IAAI;aACR,CAAA;YACD,MAAK;QACP,KAAK,mBAAmB;YACtB,OAAO,GAAG;gBACR,KAAK,EAAE,mBAAmB;gBAC1B,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,WAAqB,CAAC;gBAChD,QAAQ,EAAG,CAAC,CAAC,QAAmB,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE;gBAC1D,GAAG,IAAI;aACR,CAAA;YACD,MAAK;QACP;YACE,iDAAiD;YACjD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAA;IACnD,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,EAAwB,EAAE,CAAA;AAC3E,CAAC;AAED,gFAAgF;AAChF,qDAAqD;AACrD,gFAAgF;AAEhF,MAAM,kBAAkB,GAAG;IACzB,qCAAqC;IACrC,4BAA4B;CAC7B,CAAA;AAED,SAAS,eAAe,CAAC,YAA2B;IAClD,IAAI,CAAC,YAAY;QAAE,OAAO,KAAK,CAAA;IAC/B,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAA;AACvE,CAAC;AAED,gFAAgF;AAChF,UAAU;AACV,gFAAgF;AAEhF,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,OAAgB;IACzC,0DAA0D;IAC1D,IAAI,GAAY,CAAA;IAChB,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAA;QACjC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IACtC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAChD,CAAC;IAED,0BAA0B;IAC1B,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;IAC5C,IAAI,cAAc,CAAC,EAAE,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAChD,CAAC;IAED,uEAAuE;IACvE,IAAI,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;QACnD,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAA;IAChC,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;QACnB,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IACxE,CAAC;IAED,MAAM,MAAM,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAA;IACtC,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAA;IAEvE,+DAA+D;IAC/D,MAAM,WAAW,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAA;IAE/D,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;AAChD,CAAC"}

package/dist/analytics/api/visitors.d.ts

@@ -0,0 +1,19 @@
+/**
+ * @rovela-ai/sdk/analytics/api/visitors
+ *
+ * GET /api/admin/analytics/visitors
+ *
+ * Offset-paginated per-visitor aggregate. Admin-gated, settings.read.
+ *
+ * Query params:
+ *   period:  today | 7d | 30d | 90d (default 30d)
+ *   cursor:  stringified offset from previous page's nextCursor
+ *   limit:   1–200 (default 50)
+ *   sortBy:  last_seen | first_seen | sessions | pageviews | country (default last_seen)
+ *   sortDir: asc | desc (default desc)
+ */
+import { NextRequest, NextResponse } from 'next/server';
+import type { AnalyticsVisitorsPage } from '../types';
+import type { AdminApiError } from '../../admin/types';
+export declare function GET(request: NextRequest): Promise<NextResponse<AnalyticsVisitorsPage | AdminApiError>>;
+//# sourceMappingURL=visitors.d.ts.map

package/dist/analytics/api/visitors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"visitors.d.ts","sourceRoot":"","sources":["../../../src/analytics/api/visitors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,aAAa,CAAA;AAGvD,OAAO,KAAK,EAGV,qBAAqB,EACtB,MAAM,UAAU,CAAA;AACjB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AAUtD,wBAAsB,GAAG,CACvB,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,YAAY,CAAC,qBAAqB,GAAG,aAAa,CAAC,CAAC,CAoC9D"}

package/dist/analytics/api/visitors.js

@@ -0,0 +1,49 @@
+/**
+ * @rovela-ai/sdk/analytics/api/visitors
+ *
+ * GET /api/admin/analytics/visitors
+ *
+ * Offset-paginated per-visitor aggregate. Admin-gated, settings.read.
+ *
+ * Query params:
+ *   period:  today | 7d | 30d | 90d (default 30d)
+ *   cursor:  stringified offset from previous page's nextCursor
+ *   limit:   1–200 (default 50)
+ *   sortBy:  last_seen | first_seen | sessions | pageviews | country (default last_seen)
+ *   sortDir: asc | desc (default desc)
+ */
+import { NextResponse } from 'next/server';
+import { requireAdmin } from '../../admin/server/admin-session';
+import { getVisitorsList } from '../server/queries';
+const VALID_PERIODS = new Set(['today', '7d', '30d', '90d']);
+function parsePeriod(raw) {
+    return raw && VALID_PERIODS.has(raw)
+        ? raw
+        : '30d';
+}
+export async function GET(request) {
+    const guard = await requireAdmin({ permission: 'settings.read' });
+    if (!guard.ok) {
+        return guard.response;
+    }
+    try {
+        const sp = request.nextUrl.searchParams;
+        const limitParam = sp.get('limit');
+        const limit = limitParam ? Math.max(1, Number(limitParam)) : 50;
+        const sortBy = sp.get('sortBy') ?? 'last_seen';
+        const sortDir = sp.get('sortDir') === 'asc' ? 'asc' : 'desc';
+        const payload = await getVisitorsList({
+            period: parsePeriod(sp.get('period')),
+            cursor: sp.get('cursor'),
+            limit,
+            sortBy,
+            sortDir,
+        });
+        return NextResponse.json(payload);
+    }
+    catch (error) {
+        console.error('[Analytics Visitors API] GET error:', error);
+        return NextResponse.json({ error: 'Failed to fetch visitors list', code: 'INTERNAL_ERROR' }, { status: 500 });
+    }
+}
+//# sourceMappingURL=visitors.js.map

package/dist/analytics/api/visitors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"visitors.js","sourceRoot":"","sources":["../../../src/analytics/api/visitors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAe,YAAY,EAAE,MAAM,aAAa,CAAA;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAA;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAQnD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAkB,CAAC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAA;AAE7E,SAAS,WAAW,CAAC,GAAkB;IACrC,OAAO,GAAG,IAAI,aAAa,CAAC,GAAG,CAAC,GAAsB,CAAC;QACrD,CAAC,CAAE,GAAuB;QAC1B,CAAC,CAAC,KAAK,CAAA;AACX,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,GAAG,CACvB,OAAoB;IAEpB,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC,CAAA;IACjE,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC;QACd,OAAO,KAAK,CAAC,QAAQ,CAAA;IACvB,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,YAAY,CAAA;QACvC,MAAM,UAAU,GAAG,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAClC,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QAC/D,MAAM,MAAM,GACT,EAAE,CAAC,GAAG,CAAC,QAAQ,CAMP,IAAI,WAAW,CAAA;QAC1B,MAAM,OAAO,GACX,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAA;QAE9C,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC;YACpC,MAAM,EAAE,WAAW,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACrC,MAAM,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC;YACxB,KAAK;YACL,MAAM;YACN,OAAO;SACR,CAAC,CAAA;QACF,OAAO,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACnC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qCAAqC,EAAE,KAAK,CAAC,CAAA;QAC3D,OAAO,YAAY,CAAC,IAAI,CACtB,EAAE,KAAK,EAAE,+BAA+B,EAAE,IAAI,EAAE,gBAAgB,EAAE,EAClE,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAA;IACH,CAAC;AACH,CAAC"}

package/dist/analytics/client/tracker.d.ts

@@ -0,0 +1,51 @@
+/**
+ * @rovela-ai/sdk/analytics/client/tracker
+ *
+ * Browser-side analytics primitives — pseudonymous identity + transport.
+ * No React, no hooks; safe to import from anywhere on the client (cart store,
+ * checkout flow, server-component-rendered client islands).
+ *
+ * Identity model:
+ *   - visitor_id: persistent UUID in localStorage. Never expires.
+ *   - session_id: per-tab UUID in sessionStorage. Rotates after 30 min of
+ *     inactivity (matches GA4's default session boundary).
+ *
+ * Transport:
+ *   - sendBeacon() when available (survives page unload, fire-and-forget).
+ *   - fetch({keepalive:true}) fallback for browsers without sendBeacon.
+ *   - Both are unblocking; the call returns synchronously, the network
+ *     happens in the background, errors are swallowed.
+ *
+ * SSR safety:
+ *   - Every helper short-circuits when `typeof window === 'undefined'`. Safe
+ *     to call from a Server Component import chain that incidentally pulls
+ *     this file in.
+ */
+import type { AnalyticsPayload } from '../types';
+/** Read or mint the visitor UUID. Persisted in localStorage. */
+export declare function getVisitorId(): string;
+/** Read or mint the session UUID; rotate after 30 min idle. */
+export declare function getSessionId(): {
+    id: string;
+    isNew: boolean;
+};
+interface Utm {
+    utm_source: string | null;
+    utm_medium: string | null;
+    utm_campaign: string | null;
+}
+export declare function getUtm(): Utm;
+/**
+ * Fire a single event. Identity (visitor/session ids), UTM, and path are
+ * derived automatically from the browser; the caller supplies only the
+ * event-specific payload.
+ *
+ * Returns immediately — network happens in the background.
+ *
+ * Caller is responsible for consent gating (`useCookieConsent().analytics`)
+ * before calling this. The track endpoint also drops events from admin
+ * sessions + bots as a server-side safety net.
+ */
+export declare function emitEvent(payload: AnalyticsPayload): void;
+export {};
+//# sourceMappingURL=tracker.d.ts.map

package/dist/analytics/client/tracker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tracker.d.ts","sourceRoot":"","sources":["../../../src/analytics/client/tracker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAsB,MAAM,UAAU,CAAA;AAiCpE,gEAAgE;AAChE,wBAAgB,YAAY,IAAI,MAAM,CAcrC;AAOD,+DAA+D;AAC/D,wBAAgB,YAAY,IAAI;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,OAAO,CAAA;CAAE,CAwB7D;AAMD,UAAU,GAAG;IACX,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;CAC5B;AAED,wBAAgB,MAAM,IAAI,GAAG,CAY5B;AAuED;;;;;;;;;;GAUG;AACH,wBAAgB,SAAS,CAAC,OAAO,EAAE,gBAAgB,GAAG,IAAI,CA2BzD"}

package/dist/analytics/client/tracker.js

@@ -0,0 +1,208 @@
+/**
+ * @rovela-ai/sdk/analytics/client/tracker
+ *
+ * Browser-side analytics primitives — pseudonymous identity + transport.
+ * No React, no hooks; safe to import from anywhere on the client (cart store,
+ * checkout flow, server-component-rendered client islands).
+ *
+ * Identity model:
+ *   - visitor_id: persistent UUID in localStorage. Never expires.
+ *   - session_id: per-tab UUID in sessionStorage. Rotates after 30 min of
+ *     inactivity (matches GA4's default session boundary).
+ *
+ * Transport:
+ *   - sendBeacon() when available (survives page unload, fire-and-forget).
+ *   - fetch({keepalive:true}) fallback for browsers without sendBeacon.
+ *   - Both are unblocking; the call returns synchronously, the network
+ *     happens in the background, errors are swallowed.
+ *
+ * SSR safety:
+ *   - Every helper short-circuits when `typeof window === 'undefined'`. Safe
+ *     to call from a Server Component import chain that incidentally pulls
+ *     this file in.
+ */
+const VISITOR_KEY = 'rovela:av'; // localStorage
+const SESSION_KEY = 'rovela:as'; // sessionStorage — { id, ts }
+const TRACK_ENDPOINT = '/api/analytics/track';
+const SESSION_TTL_MS = 30 * 60 * 1000;
+const SSR = typeof window === 'undefined';
+// =============================================================================
+// UUID — prefer crypto.randomUUID, fall back to a v4 from getRandomValues
+// =============================================================================
+function uuidv4() {
+    if (!SSR && typeof crypto !== 'undefined') {
+        if (typeof crypto.randomUUID === 'function')
+            return crypto.randomUUID();
+        // Fallback: RFC 4122 v4 from getRandomValues
+        const bytes = new Uint8Array(16);
+        crypto.getRandomValues(bytes);
+        bytes[6] = (bytes[6] & 0x0f) | 0x40;
+        bytes[8] = (bytes[8] & 0x3f) | 0x80;
+        const hex = Array.from(bytes, (b) => b.toString(16).padStart(2, '0')).join('');
+        return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
+    }
+    // Server-side never gets here for an outbound event, but the API needs a
+    // type-safe string return. This is unreachable in practice.
+    return '00000000-0000-4000-8000-000000000000';
+}
+// =============================================================================
+// Visitor + session identity
+// =============================================================================
+/** Read or mint the visitor UUID. Persisted in localStorage. */
+export function getVisitorId() {
+    if (SSR)
+        return '';
+    try {
+        const existing = localStorage.getItem(VISITOR_KEY);
+        if (existing && /^[0-9a-f-]{36}$/i.test(existing))
+            return existing;
+        const fresh = uuidv4();
+        localStorage.setItem(VISITOR_KEY, fresh);
+        return fresh;
+    }
+    catch {
+        // localStorage blocked (Safari private mode, third-party iframe).
+        // Fall back to a per-pageload UUID so events still flow with sane
+        // session-level grouping (will be uniqued per page, never aggregated).
+        return uuidv4();
+    }
+}
+/** Read or mint the session UUID; rotate after 30 min idle. */
+export function getSessionId() {
+    if (SSR)
+        return { id: '', isNew: false };
+    try {
+        const now = Date.now();
+        const raw = sessionStorage.getItem(SESSION_KEY);
+        if (raw) {
+            const parsed = JSON.parse(raw);
+            if (parsed?.id &&
+                /^[0-9a-f-]{36}$/i.test(parsed.id) &&
+                typeof parsed.ts === 'number' &&
+                now - parsed.ts < SESSION_TTL_MS) {
+                // Bump the activity timestamp on every access.
+                sessionStorage.setItem(SESSION_KEY, JSON.stringify({ id: parsed.id, ts: now }));
+                return { id: parsed.id, isNew: false };
+            }
+        }
+        const fresh = uuidv4();
+        sessionStorage.setItem(SESSION_KEY, JSON.stringify({ id: fresh, ts: now }));
+        return { id: fresh, isNew: true };
+    }
+    catch {
+        return { id: uuidv4(), isNew: true };
+    }
+}
+export function getUtm() {
+    if (SSR)
+        return { utm_source: null, utm_medium: null, utm_campaign: null };
+    try {
+        const params = new URLSearchParams(window.location.search);
+        return {
+            utm_source: params.get('utm_source'),
+            utm_medium: params.get('utm_medium'),
+            utm_campaign: params.get('utm_campaign'),
+        };
+    }
+    catch {
+        return { utm_source: null, utm_medium: null, utm_campaign: null };
+    }
+}
+/**
+ * Read the persisted consent from localStorage and return whether analytics
+ * is granted. Returns `true` when the key is missing — the CookieConsent
+ * provider grants analytics by default when the banner is disabled (non-EU
+ * stores), and storefronts that DO show the banner write the persisted
+ * value as soon as the user clicks anything. The window between mount and
+ * first click is rare and brief; defaulting to true here preserves data
+ * from real visitors while EU-enabled stores' banner blocks events at the
+ * provider level (AnalyticsProvider only mounts `track` when consent is
+ * granted via useCookieConsent()).
+ *
+ * This second gate exists for callers OUTSIDE React (cart Zustand store,
+ * checkout hook) that can't reach useCookieConsent(). For React components,
+ * prefer useAnalytics() which composes both gates.
+ */
+function hasAnalyticsConsent() {
+    if (SSR)
+        return false;
+    try {
+        const raw = localStorage.getItem('rovela-cookie-consent');
+        if (!raw)
+            return true; // banner disabled OR not yet decided — see comment
+        const parsed = JSON.parse(raw);
+        return parsed.analytics === true;
+    }
+    catch {
+        return true;
+    }
+}
+// =============================================================================
+// Transport — fire-and-forget, never throws
+// =============================================================================
+function postEvent(event) {
+    if (SSR)
+        return;
+    const body = JSON.stringify(event);
+    try {
+        if (navigator.sendBeacon) {
+            // sendBeacon needs a Blob to set Content-Type; the API parses text/plain
+            // either way, but using a JSON blob keeps DevTools readable.
+            const blob = new Blob([body], { type: 'application/json' });
+            navigator.sendBeacon(TRACK_ENDPOINT, blob);
+            return;
+        }
+        // Fallback: fetch with keepalive so the request survives page unload.
+        void fetch(TRACK_ENDPOINT, {
+            method: 'POST',
+            body,
+            headers: { 'Content-Type': 'application/json' },
+            keepalive: true,
+        }).catch(() => undefined);
+    }
+    catch {
+        // Defensive — never bubble. Analytics MUST NEVER break customer flows.
+    }
+}
+// =============================================================================
+// Public API — emit a typed event
+// =============================================================================
+/**
+ * Fire a single event. Identity (visitor/session ids), UTM, and path are
+ * derived automatically from the browser; the caller supplies only the
+ * event-specific payload.
+ *
+ * Returns immediately — network happens in the background.
+ *
+ * Caller is responsible for consent gating (`useCookieConsent().analytics`)
+ * before calling this. The track endpoint also drops events from admin
+ * sessions + bots as a server-side safety net.
+ */
+export function emitEvent(payload) {
+    if (SSR)
+        return;
+    // Belt-and-suspenders consent gate — useAnalytics already gates React
+    // callers, but emitEvent is also called from the cart Zustand store and
+    // the checkout hook (non-React surfaces).
+    if (!hasAnalyticsConsent())
+        return;
+    const visitorId = getVisitorId();
+    const { id: sessionId } = getSessionId();
+    const utm = getUtm();
+    const fallbackPath = window.location.pathname || '/';
+    const fallbackReferrer = typeof document !== 'undefined' && document.referrer ? document.referrer : null;
+    // Caller-supplied path / referrer / utm win (e.g. AnalyticsProvider's
+    // per-route path); fall through to browser defaults otherwise.
+    const wire = {
+        visitor_id: visitorId,
+        session_id: sessionId,
+        ...payload,
+        path: payload.path ?? fallbackPath,
+        referrer: payload.referrer ?? fallbackReferrer,
+        utm_source: payload.utm_source ?? utm.utm_source,
+        utm_medium: payload.utm_medium ?? utm.utm_medium,
+        utm_campaign: payload.utm_campaign ?? utm.utm_campaign,
+    };
+    postEvent(wire);
+}
+//# sourceMappingURL=tracker.js.map

package/dist/analytics/client/tracker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tracker.js","sourceRoot":"","sources":["../../../src/analytics/client/tracker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAIH,MAAM,WAAW,GAAG,WAAW,CAAA,CAAC,eAAe;AAC/C,MAAM,WAAW,GAAG,WAAW,CAAA,CAAC,8BAA8B;AAC9D,MAAM,cAAc,GAAG,sBAAsB,CAAA;AAC7C,MAAM,cAAc,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;AAErC,MAAM,GAAG,GAAG,OAAO,MAAM,KAAK,WAAW,CAAA;AAEzC,gFAAgF;AAChF,0EAA0E;AAC1E,gFAAgF;AAEhF,SAAS,MAAM;IACb,IAAI,CAAC,GAAG,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAC1C,IAAI,OAAO,MAAM,CAAC,UAAU,KAAK,UAAU;YAAE,OAAO,MAAM,CAAC,UAAU,EAAE,CAAA;QACvE,6CAA6C;QAC7C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA;QAChC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;QAC7B,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAA;QACnC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,IAAI,CAAA;QACnC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;QAC9E,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAA;IAC5G,CAAC;IACD,yEAAyE;IACzE,4DAA4D;IAC5D,OAAO,sCAAsC,CAAA;AAC/C,CAAC;AAED,gFAAgF;AAChF,6BAA6B;AAC7B,gFAAgF;AAEhF,gEAAgE;AAChE,MAAM,UAAU,YAAY;IAC1B,IAAI,GAAG;QAAE,OAAO,EAAE,CAAA;IAClB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;QAClD,IAAI,QAAQ,IAAI,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC;YAAE,OAAO,QAAQ,CAAA;QAClE,MAAM,KAAK,GAAG,MAAM,EAAE,CAAA;QACtB,YAAY,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,CAAC,CAAA;QACxC,OAAO,KAAK,CAAA;IACd,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,kEAAkE;QAClE,uEAAuE;QACvE,OAAO,MAAM,EAAE,CAAA;IACjB,CAAC;AACH,CAAC;AAOD,+DAA+D;AAC/D,MAAM,UAAU,YAAY;IAC1B,IAAI,GAAG;QAAE,OAAO,EAAE,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA;IACxC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACtB,MAAM,GAAG,GAAG,cAAc,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;QAC/C,IAAI,GAAG,EAAE,CAAC;YACR,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAkB,CAAA;YAC/C,IACE,MAAM,EAAE,EAAE;gBACV,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClC,OAAO,MAAM,CAAC,EAAE,KAAK,QAAQ;gBAC7B,GAAG,GAAG,MAAM,CAAC,EAAE,GAAG,cAAc,EAChC,CAAC;gBACD,+CAA+C;gBAC/C,cAAc,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;gBAC/E,OAAO,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA;YACxC,CAAC;QACH,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,EAAE,CAAA;QACtB,cAAc,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAA;QAC3E,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAA;IACtC,CAAC;AACH,CAAC;AAYD,MAAM,UAAU,MAAM;IACpB,IAAI,GAAG;QAAE,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAA;IAC1E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;QAC1D,OAAO;YACL,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YACpC,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC;YACpC,YAAY,EAAE,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC;SACzC,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,CAAA;IACnE,CAAC;AACH,CAAC;AAaD;;;;;;;;;;;;;;GAcG;AACH,SAAS,mBAAmB;IAC1B,IAAI,GAAG;QAAE,OAAO,KAAK,CAAA;IACrB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,YAAY,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAA;QACzD,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAA,CAAC,mDAAmD;QACzE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAA;QAClD,OAAO,MAAM,CAAC,SAAS,KAAK,IAAI,CAAA;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,4CAA4C;AAC5C,gFAAgF;AAEhF,SAAS,SAAS,CAAC,KAAyB;IAC1C,IAAI,GAAG;QAAE,OAAM;IACf,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;IAClC,IAAI,CAAC;QACH,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;YACzB,yEAAyE;YACzE,6DAA6D;YAC7D,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,CAAC,CAAA;YAC3D,SAAS,CAAC,UAAU,CAAC,cAAc,EAAE,IAAI,CAAC,CAAA;YAC1C,OAAM;QACR,CAAC;QACD,sEAAsE;QACtE,KAAK,KAAK,CAAC,cAAc,EAAE;YACzB,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,SAAS,EAAE,IAAI;SAChB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAA;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;IACzE,CAAC;AACH,CAAC;AAED,gFAAgF;AAChF,kCAAkC;AAClC,gFAAgF;AAEhF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,SAAS,CAAC,OAAyB;IACjD,IAAI,GAAG;QAAE,OAAM;IACf,sEAAsE;IACtE,wEAAwE;IACxE,0CAA0C;IAC1C,IAAI,CAAC,mBAAmB,EAAE;QAAE,OAAM;IAClC,MAAM,SAAS,GAAG,YAAY,EAAE,CAAA;IAChC,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,YAAY,EAAE,CAAA;IACxC,MAAM,GAAG,GAAG,MAAM,EAAE,CAAA;IACpB,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,IAAI,GAAG,CAAA;IACpD,MAAM,gBAAgB,GACpB,OAAO,QAAQ,KAAK,WAAW,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAA;IAEjF,sEAAsE;IACtE,+DAA+D;IAC/D,MAAM,IAAI,GAAG;QACX,UAAU,EAAE,SAAS;QACrB,UAAU,EAAE,SAAS;QACrB,GAAG,OAAO;QACV,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,YAAY;QAClC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,gBAAgB;QAC9C,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,GAAG,CAAC,UAAU;QAChD,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,GAAG,CAAC,UAAU;QAChD,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,GAAG,CAAC,YAAY;KACjC,CAAA;IAEvB,SAAS,CAAC,IAAI,CAAC,CAAA;AACjB,CAAC"}

package/dist/analytics/components/AnalyticsDashboard.d.ts

@@ -0,0 +1,2 @@
+export declare function AnalyticsDashboard(): import("react/jsx-runtime").JSX.Element;
+//# sourceMappingURL=AnalyticsDashboard.d.ts.map

package/dist/analytics/components/AnalyticsDashboard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AnalyticsDashboard.d.ts","sourceRoot":"","sources":["../../../src/analytics/components/AnalyticsDashboard.tsx"],"names":[],"mappings":"AAwBA,wBAAgB,kBAAkB,4CAWjC"}

package/dist/analytics/components/AnalyticsDashboard.js

@@ -0,0 +1,26 @@
+'use client';
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+/**
+ * @rovela-ai/sdk/analytics/components/AnalyticsDashboard
+ *
+ * Back-compat shim. The original single-page dashboard has been split into
+ * a tab shell (AnalyticsTabNav) + three views (DashboardsView, EventsView,
+ * VisitorsView) wired to route-per-tab pages.
+ *
+ * This component still works — it renders the AnalyticsTabNav + the
+ * DashboardsView. Templates that haven't migrated to the route-per-tab
+ * layout get the Dashboards tab content with the tab navigation visible.
+ *
+ * New templates should mount `<DashboardsView period={period} />` directly
+ * from the route page and `<AnalyticsTabNav baseHref="/admin/analytics" />`
+ * from the shared layout.
+ */
+import { useState } from 'react';
+import { AnalyticsTabNav } from './AnalyticsTabNav';
+import { PeriodSelector } from '../../admin/components/PeriodSelector';
+import { DashboardsView } from '../views/DashboardsView';
+export function AnalyticsDashboard() {
+    const [period, setPeriod] = useState('30d');
+    return (_jsxs("div", { className: "space-y-6", children: [_jsx(AnalyticsTabNav, { baseHref: "/admin/analytics", trailing: _jsx(PeriodSelector, { value: period, onChange: setPeriod }) }), _jsx(DashboardsView, { period: period })] }));
+}
+//# sourceMappingURL=AnalyticsDashboard.js.map

package/dist/analytics/components/AnalyticsDashboard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AnalyticsDashboard.js","sourceRoot":"","sources":["../../../src/analytics/components/AnalyticsDashboard.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAA;;AAEZ;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAA;AAChC,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,uCAAuC,CAAA;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAA;AAGxD,MAAM,UAAU,kBAAkB;IAChC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,QAAQ,CAAkB,KAAK,CAAC,CAAA;IAC5D,OAAO,CACL,eAAK,SAAS,EAAC,WAAW,aACxB,KAAC,eAAe,IACd,QAAQ,EAAC,kBAAkB,EAC3B,QAAQ,EAAE,KAAC,cAAc,IAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,GAAI,GAChE,EACF,KAAC,cAAc,IAAC,MAAM,EAAE,MAAM,GAAI,IAC9B,CACP,CAAA;AACH,CAAC"}

package/dist/analytics/components/AnalyticsPeriodContext.d.ts

@@ -0,0 +1,13 @@
+import type { AnalyticsPeriod } from '../types';
+interface AnalyticsPeriodContextValue {
+    period: AnalyticsPeriod;
+    setPeriod: (p: AnalyticsPeriod) => void;
+}
+export interface AnalyticsPeriodProviderProps {
+    children: React.ReactNode;
+    defaultPeriod?: AnalyticsPeriod;
+}
+export declare function AnalyticsPeriodProvider({ children, defaultPeriod, }: AnalyticsPeriodProviderProps): import("react/jsx-runtime").JSX.Element;
+export declare function useAnalyticsPeriod(): AnalyticsPeriodContextValue;
+export {};
+//# sourceMappingURL=AnalyticsPeriodContext.d.ts.map

package/dist/analytics/components/AnalyticsPeriodContext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AnalyticsPeriodContext.d.ts","sourceRoot":"","sources":["../../../src/analytics/components/AnalyticsPeriodContext.tsx"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAE/C,UAAU,2BAA2B;IACnC,MAAM,EAAE,eAAe,CAAA;IACvB,SAAS,EAAE,CAAC,CAAC,EAAE,eAAe,KAAK,IAAI,CAAA;CACxC;AAMD,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAA;IACzB,aAAa,CAAC,EAAE,eAAe,CAAA;CAChC;AAED,wBAAgB,uBAAuB,CAAC,EACtC,QAAQ,EACR,aAAqB,GACtB,EAAE,4BAA4B,2CAO9B;AAED,wBAAgB,kBAAkB,IAAI,2BAA2B,CAShE"}