@syntrologie/runtime-sdk 2.8.0-canary.183 → 2.8.0-canary.185

package/dist/index.js

@@ -9577,7 +9577,7 @@ function error(prefix, message, data) {
 }
 
 // src/version.ts
-var SDK_VERSION = "2.8.0-canary.183";
+var SDK_VERSION = "2.8.0-canary.185";
 
 // src/types.ts
 var SDK_SCHEMA_VERSION = "2.0";
@@ -13916,6 +13916,306 @@ function getDerivedCdnBase() {
   return derivedCdnBase;
 }
 
+// src/defaults/clickIds.ts
+var CLICK_ID_KEYS = [
+  "fbclid",
+  // Meta (Facebook + Instagram)
+  "ttclid",
+  // TikTok
+  "gclid",
+  // Google Ads
+  "gbraid",
+  // Google Ads (iOS app web)
+  "wbraid",
+  // Google Ads (web app)
+  "msclkid",
+  // Microsoft / Bing Ads
+  "twclid",
+  // X / Twitter
+  "li_fat_id",
+  // LinkedIn
+  "epik",
+  // Pinterest
+  "ScCid",
+  // Snapchat
+  "yclid",
+  // Yandex
+  "_kx",
+  // Klaviyo
+  "mc_eid",
+  // Mailchimp recipient
+  "mc_cid"
+  // Mailchimp campaign
+];
+function promoteClickIds(telemetry) {
+  if (typeof window === "undefined") return;
+  if (!telemetry.setPersonPropertiesOnce) return;
+  const params = new URLSearchParams(window.location.search);
+  const captured = {};
+  for (const key of CLICK_ID_KEYS) {
+    const value = params.get(key);
+    if (value) {
+      captured[`$initial_${key}`] = value;
+    }
+  }
+  if (Object.keys(captured).length > 0) {
+    telemetry.setPersonPropertiesOnce(captured);
+  }
+}
+
+// src/defaults/identifyOnEmail.ts
+var ANONYMOUS_UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+var EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+var DENYLIST_PATTERNS = [
+  /@yopmail\.com$/i,
+  /@mailinator\.com$/i,
+  /@guerrillamail\.(com|info|net|org|biz)$/i,
+  /@10minutemail\.com$/i,
+  /^test@/i,
+  /^noreply@/i,
+  /^no-reply@/i
+];
+function isValidEmail(value) {
+  if (!value) return false;
+  return EMAIL_RE.test(value);
+}
+function isEmailDenylisted(value) {
+  return DENYLIST_PATTERNS.some((re2) => re2.test(value));
+}
+function isEmailLikeInput(el) {
+  if (el.type === "email") return true;
+  const name = (el.name || "").toLowerCase();
+  const id = (el.id || "").toLowerCase();
+  if (/email/.test(name) || /email/.test(id)) return true;
+  return false;
+}
+function isOptedOut(el) {
+  return el.closest("[data-syntro-no-identify]") !== null;
+}
+function isAnonymous(distinctId) {
+  if (!distinctId) return true;
+  return ANONYMOUS_UUID_RE.test(distinctId);
+}
+function installEmailIdentifyListener(telemetry, consentGate) {
+  if (typeof document === "undefined") return () => {
+  };
+  if (!telemetry.identify && !telemetry.alias) return () => {
+  };
+  const seenThisSession = /* @__PURE__ */ new Set();
+  const fireIdentifyOrAlias = (value) => {
+    var _a3, _b, _c;
+    const currentId = (_a3 = telemetry.getDistinctId) == null ? void 0 : _a3.call(telemetry);
+    if (currentId === value) {
+      seenThisSession.add(value);
+      return;
+    }
+    if (isAnonymous(currentId)) {
+      (_b = telemetry.identify) == null ? void 0 : _b.call(telemetry, value, { email: value });
+    } else {
+      (_c = telemetry.alias) == null ? void 0 : _c.call(telemetry, value);
+    }
+    seenThisSession.add(value);
+  };
+  const handler = (e) => {
+    var _a3;
+    const target = e.target;
+    if (!(target instanceof HTMLInputElement)) return;
+    if (isOptedOut(target)) return;
+    if (!isEmailLikeInput(target)) return;
+    const value = ((_a3 = target.value) != null ? _a3 : "").trim().toLowerCase();
+    if (!isValidEmail(value)) return;
+    if (isEmailDenylisted(value)) return;
+    if (seenThisSession.has(value)) return;
+    if (!consentGate) {
+      fireIdentifyOrAlias(value);
+      return;
+    }
+    const status = consentGate.getStatus();
+    if (status === "granted") {
+      fireIdentifyOrAlias(value);
+      return;
+    }
+    if (status === "denied") {
+      return;
+    }
+    consentGate.resolvePending().then((resolved) => {
+      if (resolved === "granted") fireIdentifyOrAlias(value);
+    });
+  };
+  document.addEventListener("change", handler, true);
+  return () => {
+    document.removeEventListener("change", handler, true);
+    seenThisSession.clear();
+  };
+}
+
+// src/defaults/identifyOnUrlParam.ts
+var SYNTRO_UID_PARAM = "_syu";
+var ANONYMOUS_UUID_RE2 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function isAnonymous2(distinctId) {
+  if (!distinctId) return true;
+  return ANONYMOUS_UUID_RE2.test(distinctId);
+}
+function identifyFromUrlParam(telemetry, consentGate) {
+  if (typeof window === "undefined") return;
+  if (!telemetry.identify && !telemetry.alias) return;
+  const value = new URLSearchParams(window.location.search).get(SYNTRO_UID_PARAM);
+  if (!value) return;
+  const trimmed = value.trim();
+  if (!trimmed) return;
+  const fire = () => {
+    var _a3, _b, _c;
+    const currentId = (_a3 = telemetry.getDistinctId) == null ? void 0 : _a3.call(telemetry);
+    if (currentId === trimmed) return;
+    const properties = isValidEmail(trimmed) ? { email: trimmed } : void 0;
+    if (isAnonymous2(currentId)) {
+      (_b = telemetry.identify) == null ? void 0 : _b.call(telemetry, trimmed, properties);
+    } else {
+      (_c = telemetry.alias) == null ? void 0 : _c.call(telemetry, trimmed);
+    }
+  };
+  if (!consentGate) {
+    fire();
+    return;
+  }
+  if (consentGate.getStatus() === "granted") {
+    fire();
+    return;
+  }
+  let fired = false;
+  const unsub = consentGate.subscribe((status) => {
+    if (fired) return;
+    if (status !== "granted") return;
+    fired = true;
+    unsub();
+    fire();
+  });
+}
+
+// src/defaults/initialProperties.ts
+var UTM_KEYS = ["utm_source", "utm_medium", "utm_campaign", "utm_content", "utm_term"];
+function isStrictRegion(geo) {
+  if (geo.is_eu === "true") return true;
+  if (geo.country_code === "GB" || geo.country_code === "CH") return true;
+  if (!geo.is_eu && !geo.country_code) return true;
+  return false;
+}
+function safeReferringDomain(referrer) {
+  if (!referrer) return "";
+  try {
+    return new URL(referrer).hostname;
+  } catch {
+    return "";
+  }
+}
+function safeOriginPathname() {
+  if (typeof window === "undefined") return "";
+  return `${window.location.origin}${window.location.pathname}`;
+}
+function captureInitialProperties(telemetry, geoPromise) {
+  if (typeof window === "undefined" || typeof document === "undefined") return;
+  if (!telemetry.setPersonPropertiesOnce) return;
+  const referrer = document.referrer || "";
+  const params = new URLSearchParams(window.location.search);
+  const props = {
+    $initial_pathname: window.location.pathname,
+    $initial_referrer: referrer,
+    $initial_referring_domain: safeReferringDomain(referrer)
+  };
+  for (const key of UTM_KEYS) {
+    const value = params.get(key);
+    if (value) {
+      props[`$initial_${key}`] = value;
+    }
+  }
+  telemetry.setPersonPropertiesOnce(props);
+  if (!geoPromise) {
+    telemetry.setPersonPropertiesOnce({ $initial_url: safeOriginPathname() });
+    return;
+  }
+  geoPromise.then((geo) => {
+    var _a3;
+    const url = isStrictRegion(geo) ? safeOriginPathname() : window.location.href;
+    (_a3 = telemetry.setPersonPropertiesOnce) == null ? void 0 : _a3.call(telemetry, { $initial_url: url });
+  }).catch(() => {
+    var _a3;
+    (_a3 = telemetry.setPersonPropertiesOnce) == null ? void 0 : _a3.call(telemetry, { $initial_url: safeOriginPathname() });
+  });
+}
+
+// src/defaults/jsonLd.ts
+var PII_KEYS = /* @__PURE__ */ new Set([
+  "email",
+  "telephone",
+  "streetAddress",
+  "addressLocality",
+  "addressRegion",
+  "postalCode",
+  "givenName",
+  "familyName"
+]);
+var MAX_DESCRIPTION_LENGTH = 500;
+var MAX_IMAGE_ARRAY_LENGTH = 3;
+function stripPii(obj) {
+  if (Array.isArray(obj)) return obj.map(stripPii);
+  if (obj && typeof obj === "object") {
+    const out = {};
+    for (const [k2, v2] of Object.entries(obj)) {
+      if (PII_KEYS.has(k2)) continue;
+      out[k2] = stripPii(v2);
+    }
+    return out;
+  }
+  return obj;
+}
+function stripBloat(obj) {
+  if (Array.isArray(obj)) return obj.map(stripBloat);
+  if (obj && typeof obj === "object") {
+    const out = {};
+    for (const [k2, v2] of Object.entries(obj)) {
+      if (k2 === "description" && typeof v2 === "string" && v2.length > MAX_DESCRIPTION_LENGTH) {
+        continue;
+      }
+      if (k2 === "image" && Array.isArray(v2) && v2.length > MAX_IMAGE_ARRAY_LENGTH) {
+        out[k2] = v2.slice(0, MAX_IMAGE_ARRAY_LENGTH);
+        continue;
+      }
+      out[k2] = stripBloat(v2);
+    }
+    return out;
+  }
+  return obj;
+}
+function extractJsonLdBlocks() {
+  if (typeof document === "undefined") return [];
+  return Array.from(document.querySelectorAll('script[type="application/ld+json"]')).filter((el) => !el.hasAttribute("data-syntro-no-jsonld")).map((el) => {
+    var _a3;
+    try {
+      return JSON.parse((_a3 = el.textContent) != null ? _a3 : "");
+    } catch {
+      return null;
+    }
+  }).filter((parsed) => parsed !== null);
+}
+function extractAndRegisterJsonLd(telemetry) {
+  if (!telemetry.register) return;
+  const blocks = extractJsonLdBlocks().map(stripBloat).map(stripPii);
+  if (blocks.length === 0) return;
+  telemetry.register({ json_ld: blocks });
+}
+
+// src/defaults/index.ts
+function installDefaults(telemetry, consentGate, options = {}) {
+  captureInitialProperties(telemetry, options.geoPromise);
+  promoteClickIds(telemetry);
+  extractAndRegisterJsonLd(telemetry);
+  identifyFromUrlParam(telemetry, consentGate);
+  const teardownEmail = installEmailIdentifyListener(telemetry, consentGate);
+  return () => {
+    teardownEmail();
+  };
+}
+
 // src/events/validation.ts
 var APP_PREFIX = "app:";
 var RESERVED_PREFIX = "syntro:";
@@ -16879,6 +17179,353 @@ function createSmartCanvasRuntime(options = {}) {
   return runtime5;
 }
 
+// src/telemetry/consent/adapters/gtmConsentMode.ts
+function mapStorage(value) {
+  if (value === "granted") return "granted";
+  if (value === "denied") return "denied";
+  return "pending";
+}
+function extractAnalyticsStorage(entry) {
+  var _a3, _b;
+  if (!entry) return null;
+  if (Array.isArray(entry) && entry[0] === "consent") {
+    const payload = entry[2];
+    return (_a3 = payload == null ? void 0 : payload.analytics_storage) != null ? _a3 : null;
+  }
+  if (typeof entry === "object" && entry.event === "consent_update") {
+    const payload = entry;
+    return (_b = payload.analytics_storage) != null ? _b : null;
+  }
+  return null;
+}
+var GtmConsentModeAdapter = class {
+  constructor() {
+    __publicField(this, "name", "gtm-consent-mode-v2");
+  }
+  detect() {
+    if (typeof window === "undefined") return false;
+    const dl = window.dataLayer;
+    if (!Array.isArray(dl)) return false;
+    for (const entry of dl) {
+      if (extractAnalyticsStorage(entry) !== null) return true;
+    }
+    return false;
+  }
+  initialize(callback) {
+    if (typeof window === "undefined") {
+      callback("pending");
+      return () => {
+      };
+    }
+    if (!Array.isArray(window.dataLayer)) {
+      window.dataLayer = [];
+    }
+    callback(this.readCurrentState());
+    const dl = window.dataLayer;
+    const original = dl.push.bind(dl);
+    const wrappedPush = (...args) => {
+      const result = original(...args);
+      for (const arg of args) {
+        const storage = extractAnalyticsStorage(arg);
+        if (storage !== null) {
+          callback(mapStorage(storage));
+        }
+      }
+      return result;
+    };
+    dl.push = wrappedPush;
+    return () => {
+      if (dl.push === wrappedPush) {
+        dl.push = original;
+      }
+    };
+  }
+  readCurrentState() {
+    if (typeof window === "undefined") return "pending";
+    const dl = window.dataLayer;
+    if (!Array.isArray(dl)) return "pending";
+    for (let i = dl.length - 1; i >= 0; i--) {
+      const storage = extractAnalyticsStorage(dl[i]);
+      if (storage !== null) return mapStorage(storage);
+    }
+    return "pending";
+  }
+};
+
+// src/telemetry/consent/adapters/iabTcf.ts
+var PURPOSE_STORAGE = "1";
+var PURPOSE_ANALYTICS = "8";
+var IabTcfAdapter = class {
+  constructor() {
+    __publicField(this, "name", "iab-tcf-v2");
+  }
+  detect() {
+    if (typeof window === "undefined") return false;
+    return typeof window.__tcfapi === "function";
+  }
+  initialize(callback) {
+    callback("pending");
+    if (typeof window === "undefined") return () => {
+    };
+    const tcfapi = window.__tcfapi;
+    if (typeof tcfapi !== "function") return () => {
+    };
+    let listenerId;
+    tcfapi("addEventListener", 2, (tcData, success) => {
+      var _a3, _b;
+      if (!success || !tcData) return;
+      if (listenerId === void 0 && typeof tcData.listenerId === "number") {
+        listenerId = tcData.listenerId;
+      }
+      const ready = tcData.eventStatus === "tcloaded" || tcData.eventStatus === "useractioncomplete";
+      if (!ready) return;
+      if (tcData.gdprApplies === false) {
+        callback("granted");
+        return;
+      }
+      const consents = (_b = (_a3 = tcData.purpose) == null ? void 0 : _a3.consents) != null ? _b : {};
+      const p1 = consents[PURPOSE_STORAGE] === true;
+      const p8 = consents[PURPOSE_ANALYTICS] === true;
+      callback(p1 && p8 ? "granted" : "denied");
+    });
+    return () => {
+      if (listenerId !== void 0) {
+        try {
+          tcfapi("removeEventListener", 2, () => {
+          }, listenerId);
+        } catch {
+        }
+      }
+    };
+  }
+};
+
+// src/telemetry/consent/adapters/shopify.ts
+var VISITOR_CONSENT_EVENT = "visitorConsentCollected";
+var ShopifyCustomerPrivacyAdapter = class {
+  constructor() {
+    __publicField(this, "name", "shopify-customer-privacy");
+  }
+  detect() {
+    if (typeof window === "undefined") return false;
+    const shopify = window.Shopify;
+    return typeof (shopify == null ? void 0 : shopify.loadFeatures) === "function";
+  }
+  initialize(callback) {
+    callback("pending");
+    if (typeof window === "undefined") return () => {
+    };
+    const shopify = window.Shopify;
+    if (!(shopify == null ? void 0 : shopify.loadFeatures)) return () => {
+    };
+    let visitorEventHandler;
+    shopify.loadFeatures([{ name: "consent-tracking-api", version: "0.1" }], (error2) => {
+      var _a3, _b;
+      if (error2) {
+        return;
+      }
+      const allowed = (_b = (_a3 = shopify.customerPrivacy) == null ? void 0 : _a3.userCanBeTracked()) != null ? _b : true;
+      callback(allowed ? "granted" : "denied");
+      visitorEventHandler = (event) => {
+        const detail = event.detail;
+        callback((detail == null ? void 0 : detail.analyticsAllowed) ? "granted" : "denied");
+      };
+      document.addEventListener(VISITOR_CONSENT_EVENT, visitorEventHandler);
+    });
+    return () => {
+      if (visitorEventHandler) {
+        document.removeEventListener(VISITOR_CONSENT_EVENT, visitorEventHandler);
+      }
+    };
+  }
+};
+
+// src/telemetry/consent/ConsentDetector.ts
+var ConsentDetector = class {
+  constructor(options) {
+    this.options = options;
+  }
+  /**
+   * Start the detector. Probes adapters in array order; first match wins.
+   * Returns a teardown function that unsubscribes the active adapter.
+   *
+   * Async because adapters may need async initialization. Bootstrap
+   * should NOT await this — feature flags and anonymous telemetry
+   * should keep flowing while the detector probes.
+   */
+  async start(gate) {
+    var _a3, _b, _c, _d;
+    for (const adapter of this.options.adapters) {
+      let detected = false;
+      try {
+        detected = adapter.detect();
+      } catch {
+        continue;
+      }
+      if (!detected) continue;
+      try {
+        const teardown = adapter.initialize((status) => gate.setStatus(status));
+        (_b = (_a3 = this.options).onAdapterSelected) == null ? void 0 : _b.call(_a3, adapter.name);
+        return teardown;
+      } catch (err) {
+        console.warn(`[Syntro consent] Adapter "${adapter.name}" failed:`, err);
+      }
+    }
+    (_d = (_c = this.options).onAdapterSelected) == null ? void 0 : _d.call(_c, null);
+    const fallback = await this.resolveFallback();
+    gate.setStatus(fallback);
+    return () => {
+    };
+  }
+  async resolveFallback() {
+    if (!this.options.fallbackStatus) return "pending";
+    try {
+      return await this.options.fallbackStatus();
+    } catch {
+      return "pending";
+    }
+  }
+};
+
+// src/telemetry/consent/ConsentGate.ts
+var ConsentGate = class {
+  constructor(config = {}) {
+    __publicField(this, "status");
+    __publicField(this, "listeners", /* @__PURE__ */ new Set());
+    __publicField(this, "configCallback");
+    __publicField(this, "gtmEnabled");
+    __publicField(this, "destroyed", false);
+    __publicField(this, "pendingResolverFn");
+    var _a3, _b;
+    this.status = (_a3 = config.initialStatus) != null ? _a3 : "pending";
+    this.configCallback = config.onConsentChange;
+    this.gtmEnabled = (_b = config.readFromGtmConsentMode) != null ? _b : false;
+    this.pendingResolverFn = config.pendingResolver;
+  }
+  /**
+   * Grant consent — enables telemetry collection.
+   */
+  grant() {
+    this.setStatus("granted");
+  }
+  /**
+   * Deny consent — disables telemetry collection.
+   */
+  deny() {
+    this.setStatus("denied");
+  }
+  /**
+   * Get the current consent status.
+   */
+  getStatus() {
+    return this.status;
+  }
+  /**
+   * Subscribe to consent status changes.
+   * Returns an unsubscribe function.
+   */
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
+  }
+  /**
+   * Subscribe to the next definitive (granted | denied) status change,
+   * then auto-unsubscribe. If status is already definitive, fires
+   * synchronously (next microtask) with current status.
+   *
+   * Used by D-2 (URL-param identify) to defer the identify() call
+   * until consent is decided.
+   */
+  subscribeOnce(listener) {
+    if (this.status !== "pending") {
+      queueMicrotask(() => listener(this.status));
+      return () => {
+      };
+    }
+    const unsub = this.subscribe((status) => {
+      if (status === "pending") return;
+      unsub();
+      listener(status);
+    });
+    return unsub;
+  }
+  /**
+   * Resolve what the current 'pending' state should be treated as,
+   * via the configured pendingResolver. Returns the current status
+   * directly if it's already 'granted' or 'denied'.
+   *
+   * Defaults to 'denied' if no resolver is configured (conservative).
+   */
+  async resolvePending() {
+    if (this.status !== "pending") return this.status;
+    if (!this.pendingResolverFn) return "denied";
+    try {
+      return await this.pendingResolverFn();
+    } catch {
+      return "denied";
+    }
+  }
+  /**
+   * Public setter — used by ConsentDetector / adapters to push state changes.
+   */
+  setStatus(newStatus) {
+    this.applyStatus(newStatus);
+  }
+  /**
+   * Poll GTM's dataLayer for consent state.
+   * Scans for the most recent consent update event with analytics_storage.
+   */
+  pollGtmConsent() {
+    if (!this.gtmEnabled || typeof window === "undefined") return;
+    const dataLayer = window.dataLayer;
+    if (!Array.isArray(dataLayer)) return;
+    for (let i = dataLayer.length - 1; i >= 0; i--) {
+      const entry = dataLayer[i];
+      if (!entry) continue;
+      const isConsentUpdate = entry[0] === "consent" && entry[1] === "update" && entry[2];
+      if (isConsentUpdate) {
+        const storage = entry[2].analytics_storage;
+        if (storage === "granted") {
+          this.setStatus("granted");
+        } else if (storage === "denied") {
+          this.setStatus("denied");
+        }
+        return;
+      }
+    }
+  }
+  /**
+   * Clean up listeners and stop responding to changes.
+   */
+  destroy() {
+    this.destroyed = true;
+    this.listeners.clear();
+  }
+  // ─── Private ─────────────────────────────────────────────────────
+  applyStatus(newStatus) {
+    if (this.destroyed) return;
+    if (this.status === newStatus) return;
+    this.status = newStatus;
+    this.notify(newStatus);
+  }
+  notify(status) {
+    if (this.configCallback) {
+      try {
+        this.configCallback(status);
+      } catch {
+      }
+    }
+    for (const listener of this.listeners) {
+      try {
+        listener(status);
+      } catch {
+      }
+    }
+  }
+};
+
 // src/telemetry/InterventionTracker.ts
 var InterventionTracker = class {
   constructor(telemetry, variantId) {
@@ -16981,6 +17628,14 @@ var NoopAdapter = class {
   }
   track(_eventName, _properties) {
   }
+  identify(_distinctId, _properties) {
+  }
+  alias(_newDistinctId, _oldDistinctId) {
+  }
+  optInCapturing() {
+  }
+  optOutCapturing() {
+  }
 };
 function createNoopClient() {
   return new NoopAdapter();
@@ -17058,6 +17713,9 @@ var PostHogAdapter = class {
       // Enable web vitals
       enable_recording_console_log: true
     };
+    if (options.cookieless_mode) {
+      initOptions.cookieless_mode = options.cookieless_mode;
+    }
     const result = posthog.init(
       options.apiKey,
       initOptions,
@@ -17168,6 +17826,24 @@ var PostHogAdapter = class {
     var _a3;
     (_a3 = this.client) == null ? void 0 : _a3.alias(id, aliasId);
   }
+  /**
+   * Opt the current visitor INTO capturing. Drives the granted-state
+   * transition from the consent gate. When previously cookieless or
+   * opted-out, switches to full identified capture.
+   */
+  optInCapturing() {
+    var _a3;
+    (_a3 = this.client) == null ? void 0 : _a3.opt_in_capturing();
+  }
+  /**
+   * Opt the current visitor OUT of capturing. Drives the denied-state
+   * transition from the consent gate. Stops sending events; existing
+   * cookieless/anonymous events remain in the data warehouse.
+   */
+  optOutCapturing() {
+    var _a3;
+    (_a3 = this.client) == null ? void 0 : _a3.opt_out_capturing();
+  }
   track(eventName, payload) {
     var _a3;
     (_a3 = this.client) == null ? void 0 : _a3.capture(eventName, payload);
@@ -17436,6 +18112,11 @@ async function _initCore(options) {
       // Enable PostHog feature flags for segment membership
       enableFeatureFlags: true,
       sessionRecording: true,
+      // Cookieless mode: anonymous baseline until consent decision.
+      // PostHog captures behavioral data with privacy-preserving session
+      // hashes during pending; switches to cookied tracking on grant;
+      // continues cookielessly on reject.
+      cookieless_mode: "on_reject",
       // Wire up callback for when flags are loaded (Phase 2)
       onFeatureFlagsLoaded,
       // Wire up event capture to feed into event processor
@@ -17457,6 +18138,53 @@ async function _initCore(options) {
       var _a4;
       (_a4 = telemetryForCapture.track) == null ? void 0 : _a4.call(telemetryForCapture, name, props);
     });
+    const telemetryForGate = telemetry;
+    const resolveGeoStatus = async () => {
+      const geo = await geoPromise;
+      const isStrictRegion2 = geo.is_eu === "true" || geo.country_code === "GB" || geo.country_code === "CH";
+      return isStrictRegion2 ? "denied" : "granted";
+    };
+    const consentGate = new ConsentGate({
+      initialStatus: "pending",
+      pendingResolver: resolveGeoStatus,
+      // Drive PostHog opt-in/opt-out from gate transitions.
+      onConsentChange: (status) => {
+        var _a4, _b2;
+        if (status === "granted") {
+          (_a4 = telemetryForGate.optInCapturing) == null ? void 0 : _a4.call(telemetryForGate);
+        } else if (status === "denied") {
+          (_b2 = telemetryForGate.optOutCapturing) == null ? void 0 : _b2.call(telemetryForGate);
+        }
+      }
+    });
+    try {
+      installDefaults(telemetry, consentGate, { geoPromise });
+      debug("Syntro Bootstrap", "SDK defaults installed (D-1..D-5) with consent gate");
+    } catch (err) {
+      warn("Syntro Bootstrap", "installDefaults failed", err);
+    }
+    try {
+      const detector = new ConsentDetector({
+        adapters: [
+          new ShopifyCustomerPrivacyAdapter(),
+          new IabTcfAdapter(),
+          new GtmConsentModeAdapter()
+        ],
+        fallbackStatus: resolveGeoStatus,
+        onAdapterSelected: (name) => {
+          var _a4;
+          (_a4 = telemetryForGate.track) == null ? void 0 : _a4.call(telemetryForGate, "syntro_consent_adapter_selected", {
+            adapter: name != null ? name : "none"
+          });
+          debug("Syntro Bootstrap", `Consent adapter selected: ${name != null ? name : "none"}`);
+        }
+      });
+      detector.start(consentGate).catch((err) => {
+        warn("Syntro Bootstrap", "Consent detector failed to start", err);
+      });
+    } catch (err) {
+      warn("Syntro Bootstrap", "Consent detector setup failed", err);
+    }
     if ((platformAdapter == null ? void 0 : platformAdapter.name) === "shopify" && telemetryHost) {
       try {
         shopifyPixelBridge = new ShopifyPixelBridge({