@shipeasy/sdk 4.3.0 → 4.4.0

package/dist/client/index.js

@@ -729,17 +729,40 @@ function installAutoGuardrails(buffer, userId, anonId, groups, reportSee, ignore
     });
   }
 }
-function getOrCreateAnonId() {
+function readAnonCookie() {
   try {
-    const stored = localStorage.getItem(ANON_ID_KEY);
-    if (stored) return stored;
+    const m = ("; " + document.cookie).match(/; __se_anon_id=([^;]+)/);
+    return m ? decodeURIComponent(m[1]) : null;
   } catch {
+    return null;
+  }
+}
+function writeAnonCookie(id) {
+  try {
+    const secure = location.protocol === "https:" ? ";secure" : "";
+    document.cookie = `${ANON_ID_KEY}=${id};path=/;max-age=31536000;samesite=lax${secure}`;
+  } catch {
+  }
+}
+function getOrCreateAnonId() {
+  let id = readAnonCookie();
+  if (!id && typeof window !== "undefined") {
+    id = window.__SE_BOOTSTRAP?.anonId ?? null;
+  }
+  if (!id) {
+    try {
+      id = localStorage.getItem(ANON_ID_KEY);
+    } catch {
+    }
+  }
+  if (!id) {
+    id = typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : `anon_${Math.random().toString(36).slice(2)}`;
   }
-  const id = typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : `anon_${Math.random().toString(36).slice(2)}`;
   try {
     localStorage.setItem(ANON_ID_KEY, id);
   } catch {
   }
+  writeAnonCookie(id);
   return id;
 }
 function collectBrowserAttrs() {

package/dist/client/index.mjs

@@ -681,17 +681,40 @@ function installAutoGuardrails(buffer, userId, anonId, groups, reportSee, ignore
     });
   }
 }
-function getOrCreateAnonId() {
+function readAnonCookie() {
   try {
-    const stored = localStorage.getItem(ANON_ID_KEY);
-    if (stored) return stored;
+    const m = ("; " + document.cookie).match(/; __se_anon_id=([^;]+)/);
+    return m ? decodeURIComponent(m[1]) : null;
   } catch {
+    return null;
+  }
+}
+function writeAnonCookie(id) {
+  try {
+    const secure = location.protocol === "https:" ? ";secure" : "";
+    document.cookie = `${ANON_ID_KEY}=${id};path=/;max-age=31536000;samesite=lax${secure}`;
+  } catch {
+  }
+}
+function getOrCreateAnonId() {
+  let id = readAnonCookie();
+  if (!id && typeof window !== "undefined") {
+    id = window.__SE_BOOTSTRAP?.anonId ?? null;
+  }
+  if (!id) {
+    try {
+      id = localStorage.getItem(ANON_ID_KEY);
+    } catch {
+    }
+  }
+  if (!id) {
+    id = typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : `anon_${Math.random().toString(36).slice(2)}`;
   }
-  const id = typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : `anon_${Math.random().toString(36).slice(2)}`;
   try {
     localStorage.setItem(ANON_ID_KEY, id);
   } catch {
   }
+  writeAnonCookie(id);
   return id;
 }
 function collectBrowserAttrs() {

package/dist/server/index.d.mts

@@ -134,6 +134,7 @@ interface BootstrapPayload {
     experiments: Record<string, ExperimentResult<Record<string, unknown>>>;
     killswitches: Record<string, boolean | Record<string, boolean>>;
 }
+declare const ANON_ID_COOKIE = "__se_anon_id";
 type FlagsClientEnv = "dev" | "staging" | "prod";
 interface FlagsClientOptions {
     apiKey: string;
@@ -291,6 +292,14 @@ interface BootstrapHtmlOptions {
     i18nProfile?: string;
     /** When true, tEl() embeds label markers so the devtools can highlight them. */
     editLabels?: boolean;
+    /**
+     * Stable anonymous bucketing id the server evaluated against. Emitted into
+     * window.__SE_BOOTSTRAP and persisted (pre-paint) to the first-party
+     * `__se_anon_id` cookie, so the browser SDK buckets identically to SSR.
+     * Normally minted by edge middleware; this write is the fallback for routes
+     * middleware doesn't cover. See experiment-platform/18-identity-bucketing.md.
+     */
+    anonId?: string;
 }
 /**
  * Returns a vanilla-JS string for a single inline <script> tag. Handles
@@ -380,4 +389,4 @@ interface SeeApi {
  */
 declare const see: SeeApi;
 
-export { type BootstrapHtmlOptions, type BootstrapPayload, type Consequence, type ExperimentResult, type FetchLabelsOptions, FlagsClient, type FlagsClientEnv, type FlagsClientOptions, type I18nForRequest, type LabelFile, type SeeApi, type SeeChain, type SeeErrorEvent, type SeeExtras, type SeeKind, type SeeViolationChain, type ShipeasyServerConfig, type ShipeasyServerHandle, type User, type Violation, _resetShipeasyServerForTests, configureShipeasyServer, fetchLabelsForSSR, flags, getBootstrapHtml, getShipeasyServerClient, i18n, isExpected, see, seeContext, shipeasy, version };
+export { ANON_ID_COOKIE, type BootstrapHtmlOptions, type BootstrapPayload, type Consequence, type ExperimentResult, type FetchLabelsOptions, FlagsClient, type FlagsClientEnv, type FlagsClientOptions, type I18nForRequest, type LabelFile, type SeeApi, type SeeChain, type SeeErrorEvent, type SeeExtras, type SeeKind, type SeeViolationChain, type ShipeasyServerConfig, type ShipeasyServerHandle, type User, type Violation, _resetShipeasyServerForTests, configureShipeasyServer, fetchLabelsForSSR, flags, getBootstrapHtml, getShipeasyServerClient, i18n, isExpected, see, seeContext, shipeasy, version };

package/dist/server/index.d.ts

@@ -134,6 +134,7 @@ interface BootstrapPayload {
     experiments: Record<string, ExperimentResult<Record<string, unknown>>>;
     killswitches: Record<string, boolean | Record<string, boolean>>;
 }
+declare const ANON_ID_COOKIE = "__se_anon_id";
 type FlagsClientEnv = "dev" | "staging" | "prod";
 interface FlagsClientOptions {
     apiKey: string;
@@ -291,6 +292,14 @@ interface BootstrapHtmlOptions {
     i18nProfile?: string;
     /** When true, tEl() embeds label markers so the devtools can highlight them. */
     editLabels?: boolean;
+    /**
+     * Stable anonymous bucketing id the server evaluated against. Emitted into
+     * window.__SE_BOOTSTRAP and persisted (pre-paint) to the first-party
+     * `__se_anon_id` cookie, so the browser SDK buckets identically to SSR.
+     * Normally minted by edge middleware; this write is the fallback for routes
+     * middleware doesn't cover. See experiment-platform/18-identity-bucketing.md.
+     */
+    anonId?: string;
 }
 /**
  * Returns a vanilla-JS string for a single inline <script> tag. Handles
@@ -380,4 +389,4 @@ interface SeeApi {
  */
 declare const see: SeeApi;
 
-export { type BootstrapHtmlOptions, type BootstrapPayload, type Consequence, type ExperimentResult, type FetchLabelsOptions, FlagsClient, type FlagsClientEnv, type FlagsClientOptions, type I18nForRequest, type LabelFile, type SeeApi, type SeeChain, type SeeErrorEvent, type SeeExtras, type SeeKind, type SeeViolationChain, type ShipeasyServerConfig, type ShipeasyServerHandle, type User, type Violation, _resetShipeasyServerForTests, configureShipeasyServer, fetchLabelsForSSR, flags, getBootstrapHtml, getShipeasyServerClient, i18n, isExpected, see, seeContext, shipeasy, version };
+export { ANON_ID_COOKIE, type BootstrapHtmlOptions, type BootstrapPayload, type Consequence, type ExperimentResult, type FetchLabelsOptions, FlagsClient, type FlagsClientEnv, type FlagsClientOptions, type I18nForRequest, type LabelFile, type SeeApi, type SeeChain, type SeeErrorEvent, type SeeExtras, type SeeKind, type SeeViolationChain, type ShipeasyServerConfig, type ShipeasyServerHandle, type User, type Violation, _resetShipeasyServerForTests, configureShipeasyServer, fetchLabelsForSSR, flags, getBootstrapHtml, getShipeasyServerClient, i18n, isExpected, see, seeContext, shipeasy, version };

package/dist/server/index.js

@@ -30,6 +30,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/server/index.ts
 var server_exports = {};
 __export(server_exports, {
+  ANON_ID_COOKIE: () => ANON_ID_COOKIE,
   FlagsClient: () => FlagsClient,
   _resetShipeasyServerForTests: () => _resetShipeasyServerForTests,
   configureShipeasyServer: () => configureShipeasyServer,
@@ -442,6 +443,11 @@ function matchRule(rule, user) {
       return false;
   }
 }
+var ANON_ID_COOKIE = "__se_anon_id";
+var ANON_ID_RX = /^[A-Za-z0-9_-]{1,64}$/;
+function mintAnonId() {
+  return typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : `anon_${Math.random().toString(36).slice(2)}`;
+}
 function evalGateInternal(gate, user) {
   if (isEnabled(gate.killswitch)) return false;
   if (!isEnabled(gate.enabled)) return false;
@@ -449,7 +455,7 @@ function evalGateInternal(gate, user) {
     if (!matchRule(rule, user)) return false;
   }
   const uid = user.user_id ?? user.anonymous_id;
-  if (!uid) return false;
+  if (!uid) return gate.rolloutPct >= 1e4;
   return murmur3(`${gate.salt}:${uid}`) % 1e4 < gate.rolloutPct;
 }
 var TRUE_RX = /^(true|on|1|yes)$/i;
@@ -885,7 +891,23 @@ async function shipeasy(opts) {
     serverKey ? flags.initOnce() : Promise.resolve(),
     serverKey ? i18n.init(serverKey, profile) : Promise.resolve()
   ]);
-  const bootstrap = flags.evaluate(opts.user ?? {}, resolvedUrlOverrides);
+  let anonId;
+  if (!opts.user?.user_id) {
+    if (opts.user?.anonymous_id) {
+      anonId = opts.user.anonymous_id;
+    } else {
+      try {
+        const { cookies } = await import("next/headers");
+        const c = await Promise.resolve(cookies());
+        const raw = c.get?.(ANON_ID_COOKIE)?.value;
+        if (raw && ANON_ID_RX.test(raw)) anonId = raw;
+      } catch {
+      }
+      if (!anonId) anonId = mintAnonId();
+    }
+  }
+  const effectiveUser = anonId ? { anonymous_id: anonId, ...opts.user } : { ...opts.user };
+  const bootstrap = flags.evaluate(effectiveUser, resolvedUrlOverrides);
   const i18nData = i18n.getForRequest();
   return {
     flags: bootstrap.flags,
@@ -894,7 +916,8 @@ async function shipeasy(opts) {
     getBootstrapHtml() {
       return getBootstrapHtml(bootstrap, i18nData, {
         editLabels,
-        i18nProfile: profile
+        i18nProfile: profile,
+        anonId
       });
     }
   };
@@ -914,10 +937,16 @@ function getBootstrapHtml(bootstrap, i18nData, opts) {
   };
   if (i18nData) payload.i18n = i18nData;
   if (opts.editLabels) payload.editLabels = true;
+  if (opts.anonId) payload.anonId = opts.anonId;
   parts.push(
     `(function(){var Q=new URLSearchParams(location.search).has('se_edit_labels');var C=/(?:^|;\\s*)se_edit_labels=1(?:;|$)/.test(document.cookie);if(!Q&&!C)return;if(Q){try{document.cookie='se_edit_labels=1;path=/;max-age=86400;samesite=lax';}catch(_){}}var R;function P(v){if(!v||typeof v.t!=='function'||v.__sePatched)return;var O=v.t.bind(v);v.__sePatched=true;window._sei18n_t=O;v.t=function(k,vars){var r=O(k,vars);if(r===k)return k;var V='';try{if(vars&&typeof vars==='object'){var hasKey=false;for(var _k in vars){hasKey=true;break;}if(hasKey)V=JSON.stringify(vars);}}catch(_){V='';}return '\\uFFF9'+k+'\\uFFFA'+V+'\\uFFFA'+r+'\\uFFFB';};}Object.defineProperty(window,'i18n',{configurable:true,get:function(){return R;},set:function(v){P(v);R=v;}});})();`
   );
   parts.push(`window.__SE_BOOTSTRAP=${JSON.stringify(payload)};`);
+  if (opts.anonId) {
+    parts.push(
+      `(function(){try{var k=${JSON.stringify(ANON_ID_COOKIE)},v=${JSON.stringify(opts.anonId)};if(('; '+document.cookie).indexOf('; '+k+'=')===-1){document.cookie=k+'='+v+';path=/;max-age=31536000;samesite=lax'+(location.protocol==='https:'?';secure':'');}}catch(_){}})();`
+    );
+  }
   if (i18nData?.strings && Object.keys(i18nData.strings).length > 0) {
     parts.push(
       `(function(){var d=window.__SE_BOOTSTRAP.i18n;if(!d)return;window.i18n={locale:d.locale,t:function(k,v){var r=d.strings[k];if(!r)return k;return v?r.replace(/\\{\\{(\\w+)\\}\\}/g,function(_,p){return v[p]!==undefined?String(v[p]):'{{'+p+'}}'}):r;},on:function(){return function(){};}};})();`
@@ -1003,6 +1032,7 @@ var see = Object.assign(
 );
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  ANON_ID_COOKIE,
   FlagsClient,
   _resetShipeasyServerForTests,
   configureShipeasyServer,

package/dist/server/index.mjs

@@ -396,6 +396,11 @@ function matchRule(rule, user) {
       return false;
   }
 }
+var ANON_ID_COOKIE = "__se_anon_id";
+var ANON_ID_RX = /^[A-Za-z0-9_-]{1,64}$/;
+function mintAnonId() {
+  return typeof crypto !== "undefined" && typeof crypto.randomUUID === "function" ? crypto.randomUUID() : `anon_${Math.random().toString(36).slice(2)}`;
+}
 function evalGateInternal(gate, user) {
   if (isEnabled(gate.killswitch)) return false;
   if (!isEnabled(gate.enabled)) return false;
@@ -403,7 +408,7 @@ function evalGateInternal(gate, user) {
     if (!matchRule(rule, user)) return false;
   }
   const uid = user.user_id ?? user.anonymous_id;
-  if (!uid) return false;
+  if (!uid) return gate.rolloutPct >= 1e4;
   return murmur3(`${gate.salt}:${uid}`) % 1e4 < gate.rolloutPct;
 }
 var TRUE_RX = /^(true|on|1|yes)$/i;
@@ -839,7 +844,23 @@ async function shipeasy(opts) {
     serverKey ? flags.initOnce() : Promise.resolve(),
     serverKey ? i18n.init(serverKey, profile) : Promise.resolve()
   ]);
-  const bootstrap = flags.evaluate(opts.user ?? {}, resolvedUrlOverrides);
+  let anonId;
+  if (!opts.user?.user_id) {
+    if (opts.user?.anonymous_id) {
+      anonId = opts.user.anonymous_id;
+    } else {
+      try {
+        const { cookies } = await import("next/headers");
+        const c = await Promise.resolve(cookies());
+        const raw = c.get?.(ANON_ID_COOKIE)?.value;
+        if (raw && ANON_ID_RX.test(raw)) anonId = raw;
+      } catch {
+      }
+      if (!anonId) anonId = mintAnonId();
+    }
+  }
+  const effectiveUser = anonId ? { anonymous_id: anonId, ...opts.user } : { ...opts.user };
+  const bootstrap = flags.evaluate(effectiveUser, resolvedUrlOverrides);
   const i18nData = i18n.getForRequest();
   return {
     flags: bootstrap.flags,
@@ -848,7 +869,8 @@ async function shipeasy(opts) {
     getBootstrapHtml() {
       return getBootstrapHtml(bootstrap, i18nData, {
         editLabels,
-        i18nProfile: profile
+        i18nProfile: profile,
+        anonId
       });
     }
   };
@@ -868,10 +890,16 @@ function getBootstrapHtml(bootstrap, i18nData, opts) {
   };
   if (i18nData) payload.i18n = i18nData;
   if (opts.editLabels) payload.editLabels = true;
+  if (opts.anonId) payload.anonId = opts.anonId;
   parts.push(
     `(function(){var Q=new URLSearchParams(location.search).has('se_edit_labels');var C=/(?:^|;\\s*)se_edit_labels=1(?:;|$)/.test(document.cookie);if(!Q&&!C)return;if(Q){try{document.cookie='se_edit_labels=1;path=/;max-age=86400;samesite=lax';}catch(_){}}var R;function P(v){if(!v||typeof v.t!=='function'||v.__sePatched)return;var O=v.t.bind(v);v.__sePatched=true;window._sei18n_t=O;v.t=function(k,vars){var r=O(k,vars);if(r===k)return k;var V='';try{if(vars&&typeof vars==='object'){var hasKey=false;for(var _k in vars){hasKey=true;break;}if(hasKey)V=JSON.stringify(vars);}}catch(_){V='';}return '\\uFFF9'+k+'\\uFFFA'+V+'\\uFFFA'+r+'\\uFFFB';};}Object.defineProperty(window,'i18n',{configurable:true,get:function(){return R;},set:function(v){P(v);R=v;}});})();`
   );
   parts.push(`window.__SE_BOOTSTRAP=${JSON.stringify(payload)};`);
+  if (opts.anonId) {
+    parts.push(
+      `(function(){try{var k=${JSON.stringify(ANON_ID_COOKIE)},v=${JSON.stringify(opts.anonId)};if(('; '+document.cookie).indexOf('; '+k+'=')===-1){document.cookie=k+'='+v+';path=/;max-age=31536000;samesite=lax'+(location.protocol==='https:'?';secure':'');}}catch(_){}})();`
+    );
+  }
   if (i18nData?.strings && Object.keys(i18nData.strings).length > 0) {
     parts.push(
       `(function(){var d=window.__SE_BOOTSTRAP.i18n;if(!d)return;window.i18n={locale:d.locale,t:function(k,v){var r=d.strings[k];if(!r)return k;return v?r.replace(/\\{\\{(\\w+)\\}\\}/g,function(_,p){return v[p]!==undefined?String(v[p]):'{{'+p+'}}'}):r;},on:function(){return function(){};}};})();`
@@ -956,6 +984,7 @@ var see = Object.assign(
   }
 );
 export {
+  ANON_ID_COOKIE,
   FlagsClient,
   _resetShipeasyServerForTests,
   configureShipeasyServer,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shipeasy/sdk",
-  "version": "4.3.0",
+  "version": "4.4.0",
   "description": "Shipeasy SDK — feature gates, runtime configs, experiments, and metrics for the Shipeasy hosted service.",
   "license": "SEE LICENSE IN LICENSE",
   "homepage": "https://shipeasy.ai",