mindbricks-analytics-shared 0.1.0

package/dist/auth.d.ts

@@ -0,0 +1,14 @@
+export interface AuthUser {
+    id: string;
+    email?: string;
+    fullname?: string;
+    roleId?: string;
+    isActive?: boolean;
+    isAdmin: boolean;
+}
+export interface ProjectMembership {
+    projectId: string;
+    userId: string;
+    roleId?: string;
+}
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB"}

package/dist/auth.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":""}

package/dist/eventNames.d.ts

@@ -0,0 +1,66 @@
+/**
+ * Mindbricks-standard system event names. All auto-emitted events use a
+ * `$` prefix so they're trivially distinguishable from user/business events
+ * like `payment_completed` or `cart_updated`.
+ *
+ * The seven canonical events the dashboards rely on:
+ *   $page_view, $session_start, $session_end, $click,
+ *   $form_submit, $error, $performance
+ *
+ * Supplementary events ($page_enter, $scroll_depth, $rage_click, …) are
+ * kept on the same prefix for consistency. They are richer signals that
+ * deeper product-analytics views can opt into.
+ */
+export declare const AUTO_EVENTS: {
+    readonly PAGE_VIEW: "$page_view";
+    readonly SESSION_START: "$session_start";
+    readonly SESSION_END: "$session_end";
+    readonly CLICK: "$click";
+    readonly FORM_SUBMIT: "$form_submit";
+    readonly ERROR: "$error";
+    readonly PERFORMANCE: "$performance";
+    readonly PAGE_ENTER: "$page_enter";
+    readonly PAGE_LEAVE: "$page_leave";
+    readonly TAB_HIDDEN: "$tab_hidden";
+    readonly TAB_VISIBLE: "$tab_visible";
+    readonly FORM_START: "$form_start";
+    readonly FORM_ABANDON: "$form_abandon";
+    readonly INPUT_FOCUS: "$input_focus";
+    readonly SCROLL_DEPTH: "$scroll_depth";
+    readonly RAGE_CLICK: "$rage_click";
+    readonly DEAD_CLICK: "$dead_click";
+    readonly NETWORK_ONLINE: "$network_online";
+    readonly NETWORK_OFFLINE: "$network_offline";
+    readonly IDENTIFY: "$identify";
+};
+export type AutoEventName = (typeof AUTO_EVENTS)[keyof typeof AUTO_EVENTS];
+/**
+ * Critical business events. The ingestion API rejects these on the
+ * untrusted (frontend) endpoint — they may only arrive via the trusted
+ * server-side endpoint, signed with the project's secretKey.
+ *
+ * Business events deliberately do NOT use the `$` prefix; that prefix is
+ * reserved for SDK-emitted system events.
+ */
+export declare const SERVER_ONLY_EVENTS: ReadonlySet<string>;
+export declare const TRAFFIC_SOURCE: {
+    readonly DIRECT: "direct";
+    readonly REFERRAL: "referral";
+    readonly ORGANIC_SEARCH: "organic_search";
+    readonly PAID_SEARCH: "paid_search";
+    readonly SOCIAL: "social";
+    readonly EMAIL: "email";
+    readonly UNKNOWN: "unknown";
+};
+export type TrafficSource = (typeof TRAFFIC_SOURCE)[keyof typeof TRAFFIC_SOURCE];
+/** Web Vitals metric names emitted as the `metric` property of $performance. */
+export declare const PERFORMANCE_METRICS: {
+    readonly LCP: "lcp";
+    readonly FID: "fid";
+    readonly CLS: "cls";
+    readonly TTFB: "ttfb";
+    readonly INP: "inp";
+    readonly FCP: "fcp";
+};
+export type PerformanceMetric = (typeof PERFORMANCE_METRICS)[keyof typeof PERFORMANCE_METRICS];
+//# sourceMappingURL=eventNames.d.ts.map

package/dist/eventNames.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"eventNames.d.ts","sourceRoot":"","sources":["../src/eventNames.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;CAwBd,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC;AAE3E;;;;;;;GAOG;AACH,eAAO,MAAM,kBAAkB,EAAE,WAAW,CAAC,MAAM,CAQjD,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;;;;CAQjB,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,OAAO,cAAc,CAAC,CAAC;AAEjF,gFAAgF;AAChF,eAAO,MAAM,mBAAmB;;;;;;;CAOtB,CAAC;AAEX,MAAM,MAAM,iBAAiB,GAAG,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC"}

package/dist/eventNames.js

@@ -0,0 +1,73 @@
+/**
+ * Mindbricks-standard system event names. All auto-emitted events use a
+ * `$` prefix so they're trivially distinguishable from user/business events
+ * like `payment_completed` or `cart_updated`.
+ *
+ * The seven canonical events the dashboards rely on:
+ *   $page_view, $session_start, $session_end, $click,
+ *   $form_submit, $error, $performance
+ *
+ * Supplementary events ($page_enter, $scroll_depth, $rage_click, …) are
+ * kept on the same prefix for consistency. They are richer signals that
+ * deeper product-analytics views can opt into.
+ */
+export const AUTO_EVENTS = {
+    // --- canonical 7 ---------------------------------------------------------
+    PAGE_VIEW: "$page_view",
+    SESSION_START: "$session_start",
+    SESSION_END: "$session_end",
+    CLICK: "$click",
+    FORM_SUBMIT: "$form_submit",
+    ERROR: "$error",
+    PERFORMANCE: "$performance",
+    // --- supplementary signals ----------------------------------------------
+    PAGE_ENTER: "$page_enter",
+    PAGE_LEAVE: "$page_leave",
+    TAB_HIDDEN: "$tab_hidden",
+    TAB_VISIBLE: "$tab_visible",
+    FORM_START: "$form_start",
+    FORM_ABANDON: "$form_abandon",
+    INPUT_FOCUS: "$input_focus",
+    SCROLL_DEPTH: "$scroll_depth",
+    RAGE_CLICK: "$rage_click",
+    DEAD_CLICK: "$dead_click",
+    NETWORK_ONLINE: "$network_online",
+    NETWORK_OFFLINE: "$network_offline",
+    IDENTIFY: "$identify",
+};
+/**
+ * Critical business events. The ingestion API rejects these on the
+ * untrusted (frontend) endpoint — they may only arrive via the trusted
+ * server-side endpoint, signed with the project's secretKey.
+ *
+ * Business events deliberately do NOT use the `$` prefix; that prefix is
+ * reserved for SDK-emitted system events.
+ */
+export const SERVER_ONLY_EVENTS = new Set([
+    "payment_completed",
+    "order_created",
+    "subscription_started",
+    "user_registered",
+    "plan_upgraded",
+    "credit_spent",
+    "quota_used",
+]);
+export const TRAFFIC_SOURCE = {
+    DIRECT: "direct",
+    REFERRAL: "referral",
+    ORGANIC_SEARCH: "organic_search",
+    PAID_SEARCH: "paid_search",
+    SOCIAL: "social",
+    EMAIL: "email",
+    UNKNOWN: "unknown",
+};
+/** Web Vitals metric names emitted as the `metric` property of $performance. */
+export const PERFORMANCE_METRICS = {
+    LCP: "lcp",
+    FID: "fid",
+    CLS: "cls",
+    TTFB: "ttfb",
+    INP: "inp",
+    FCP: "fcp",
+};
+//# sourceMappingURL=eventNames.js.map

package/dist/eventNames.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"eventNames.js","sourceRoot":"","sources":["../src/eventNames.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,4EAA4E;IAC5E,SAAS,EAAE,YAAY;IACvB,aAAa,EAAE,gBAAgB;IAC/B,WAAW,EAAE,cAAc;IAC3B,KAAK,EAAE,QAAQ;IACf,WAAW,EAAE,cAAc;IAC3B,KAAK,EAAE,QAAQ;IACf,WAAW,EAAE,cAAc;IAE3B,2EAA2E;IAC3E,UAAU,EAAE,aAAa;IACzB,UAAU,EAAE,aAAa;IACzB,UAAU,EAAE,aAAa;IACzB,WAAW,EAAE,cAAc;IAC3B,UAAU,EAAE,aAAa;IACzB,YAAY,EAAE,eAAe;IAC7B,WAAW,EAAE,cAAc;IAC3B,YAAY,EAAE,eAAe;IAC7B,UAAU,EAAE,aAAa;IACzB,UAAU,EAAE,aAAa;IACzB,cAAc,EAAE,iBAAiB;IACjC,eAAe,EAAE,kBAAkB;IACnC,QAAQ,EAAE,WAAW;CACb,CAAC;AAIX;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAwB,IAAI,GAAG,CAAC;IAC7D,mBAAmB;IACnB,eAAe;IACf,sBAAsB;IACtB,iBAAiB;IACjB,eAAe;IACf,cAAc;IACd,YAAY;CACb,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,MAAM,EAAE,QAAQ;IAChB,QAAQ,EAAE,UAAU;IACpB,cAAc,EAAE,gBAAgB;IAChC,WAAW,EAAE,aAAa;IAC1B,MAAM,EAAE,QAAQ;IAChB,KAAK,EAAE,OAAO;IACd,OAAO,EAAE,SAAS;CACV,CAAC;AAIX,gFAAgF;AAChF,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,GAAG,EAAE,KAAK;IACV,GAAG,EAAE,KAAK;IACV,GAAG,EAAE,KAAK;IACV,IAAI,EAAE,MAAM;IACZ,GAAG,EAAE,KAAK;IACV,GAAG,EAAE,KAAK;CACF,CAAC"}

package/dist/hmac.d.ts

@@ -0,0 +1,22 @@
+export interface SignedRequest {
+    timestamp: string;
+    body: string;
+    signature: string;
+}
+/**
+ * Sign a request body with the project's secretKey. The timestamp is part
+ * of the signed payload so the receiver can reject replays beyond a skew.
+ *
+ * Format used in headers:
+ *   X-Analytics-Timestamp: <iso8601>
+ *   X-Analytics-Signature: <hex hmac-sha256>
+ */
+export declare function signRequest(secretKey: string, timestamp: string, body: string): string;
+export declare function verifyRequest(secretKey: string, timestamp: string, body: string, signature: string): boolean;
+/**
+ * The DB stores only a hash of the secretKey (defence-in-depth: a leaked
+ * row dump must not reveal usable keys). The hash is salted with a stable
+ * project-scoped salt so we can still do a cheap lookup.
+ */
+export declare function hashSecretKey(secretKey: string, salt: string): string;
+//# sourceMappingURL=hmac.d.ts.map

package/dist/hmac.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hmac.d.ts","sourceRoot":"","sources":["../src/hmac.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAMtF;AAED,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAM5G;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAErE"}

package/dist/hmac.js

@@ -0,0 +1,33 @@
+import { createHmac, timingSafeEqual } from "node:crypto";
+/**
+ * Sign a request body with the project's secretKey. The timestamp is part
+ * of the signed payload so the receiver can reject replays beyond a skew.
+ *
+ * Format used in headers:
+ *   X-Analytics-Timestamp: <iso8601>
+ *   X-Analytics-Signature: <hex hmac-sha256>
+ */
+export function signRequest(secretKey, timestamp, body) {
+    const h = createHmac("sha256", secretKey);
+    h.update(timestamp);
+    h.update("\n");
+    h.update(body);
+    return h.digest("hex");
+}
+export function verifyRequest(secretKey, timestamp, body, signature) {
+    const expected = signRequest(secretKey, timestamp, body);
+    const a = Buffer.from(expected, "hex");
+    const b = Buffer.from(signature, "hex");
+    if (a.length !== b.length || a.length === 0)
+        return false;
+    return timingSafeEqual(a, b);
+}
+/**
+ * The DB stores only a hash of the secretKey (defence-in-depth: a leaked
+ * row dump must not reveal usable keys). The hash is salted with a stable
+ * project-scoped salt so we can still do a cheap lookup.
+ */
+export function hashSecretKey(secretKey, salt) {
+    return createHmac("sha256", salt).update(secretKey).digest("hex");
+}
+//# sourceMappingURL=hmac.js.map

package/dist/hmac.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hmac.js","sourceRoot":"","sources":["../src/hmac.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAQ1D;;;;;;;GAOG;AACH,MAAM,UAAU,WAAW,CAAC,SAAiB,EAAE,SAAiB,EAAE,IAAY;IAC5E,MAAM,CAAC,GAAG,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAC1C,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpB,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACf,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACf,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,SAAiB,EAAE,SAAiB,EAAE,IAAY,EAAE,SAAiB;IACjG,MAAM,QAAQ,GAAG,WAAW,CAAC,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;IACzD,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IACvC,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACxC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1D,OAAO,eAAe,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,SAAiB,EAAE,IAAY;IAC3D,OAAO,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACpE,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+export * from "./types.js";
+export * from "./eventNames.js";
+export * from "./schemas.js";
+export * from "./hmac.js";
+export * from "./limits.js";
+export * from "./auth.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,iBAAiB,CAAC;AAChC,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC;AAC5B,cAAc,WAAW,CAAC"}

package/dist/index.js

@@ -0,0 +1,7 @@
+export * from "./types.js";
+export * from "./eventNames.js";
+export * from "./schemas.js";
+export * from "./hmac.js";
+export * from "./limits.js";
+export * from "./auth.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,iBAAiB,CAAC;AAChC,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC;AAC1B,cAAc,aAAa,CAAC;AAC5B,cAAc,WAAW,CAAC"}

package/dist/limits.d.ts

@@ -0,0 +1,14 @@
+export declare const LIMITS: {
+    readonly EVENT_NAME_MAX_LEN: 64;
+    readonly PROPERTY_KEY_MAX_LEN: 64;
+    readonly PROPERTY_VALUE_MAX_LEN: number;
+    readonly PROPERTY_COUNT_MAX: 128;
+    readonly BATCH_SIZE_MAX: 200;
+    readonly PAYLOAD_BYTES_MAX: 512000;
+    readonly USER_ID_MAX_LEN: 128;
+    readonly ANON_ID_MAX_LEN: 64;
+    readonly SESSION_ID_MAX_LEN: 64;
+    readonly EVENT_ID_MAX_LEN: 64;
+    readonly URL_MAX_LEN: 2048;
+};
+//# sourceMappingURL=limits.d.ts.map

package/dist/limits.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"limits.d.ts","sourceRoot":"","sources":["../src/limits.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,MAAM;;;;;;;;;;;;CAYT,CAAC"}

package/dist/limits.js

@@ -0,0 +1,14 @@
+export const LIMITS = {
+    EVENT_NAME_MAX_LEN: 64,
+    PROPERTY_KEY_MAX_LEN: 64,
+    PROPERTY_VALUE_MAX_LEN: 8 * 1024,
+    PROPERTY_COUNT_MAX: 128,
+    BATCH_SIZE_MAX: 200,
+    PAYLOAD_BYTES_MAX: 512_000,
+    USER_ID_MAX_LEN: 128,
+    ANON_ID_MAX_LEN: 64,
+    SESSION_ID_MAX_LEN: 64,
+    EVENT_ID_MAX_LEN: 64,
+    URL_MAX_LEN: 2048,
+};
+//# sourceMappingURL=limits.js.map

package/dist/limits.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"limits.js","sourceRoot":"","sources":["../src/limits.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,kBAAkB,EAAE,EAAE;IACtB,oBAAoB,EAAE,EAAE;IACxB,sBAAsB,EAAE,CAAC,GAAG,IAAI;IAChC,kBAAkB,EAAE,GAAG;IACvB,cAAc,EAAE,GAAG;IACnB,iBAAiB,EAAE,OAAO;IAC1B,eAAe,EAAE,GAAG;IACpB,eAAe,EAAE,EAAE;IACnB,kBAAkB,EAAE,EAAE;IACtB,gBAAgB,EAAE,EAAE;IACpB,WAAW,EAAE,IAAI;CACT,CAAC"}