npm - zubbl-sdk - Versions diffs - 1.1.14 → 1.1.16 - Mend

zubbl-sdk 1.1.14 → 1.1.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/types/core/config.d.ts +14 -0
package/dist/types/core/context.d.ts +4 -0
package/dist/types/core/geo.d.ts +13 -0
package/dist/types/core/http.d.ts +4 -0
package/dist/types/core/signing.d.ts +3 -0
package/dist/types/core/storage.d.ts +6 -0
package/dist/types/core/telemetry.d.ts +4 -0
package/dist/types/features/getTiles.d.ts +23 -0
package/dist/types/features/identifyUser.d.ts +11 -0
package/dist/types/index.d.ts +28 -0
package/dist/zubbl-sdk.cjs.js +690 -221
package/dist/zubbl-sdk.cjs.js.map +1 -0
package/dist/zubbl-sdk.esm.js +688 -219
package/dist/zubbl-sdk.esm.js.map +1 -0
package/dist/zubbl-sdk.umd.js +698 -229
package/dist/zubbl-sdk.umd.js.map +1 -0
package/package.json +7 -3

package/dist/zubbl-sdk.esm.js CHANGED Viewed

@@ -1,241 +1,710 @@
-import axios from 'axios';
+import crypto from 'crypto';
+// src/core/config.ts
+// -----------------------------------------------------------
+// Universal environment detection + SDK configuration
+// -----------------------------------------------------------
+const isBrowser = typeof window !== "undefined" && typeof window.document !== "undefined";
+const isNode = typeof process !== "undefined" &&
+    !!process.versions?.node &&
+    !isBrowser;
+const isWorker = typeof self !== "undefined" &&
+    typeof self.importScripts === "function" &&
+    !isNode;
 let config = {
-  apiKey: null,
-  tenantId: null,
-  appId: null,
-  baseUrl: "https://api.zubbl.com/api",
-  injectWorkerHeaders: false,
-  workerSecret: null,
+    apiKey: null,
+    tenantId: null,
+    appId: null,
+    baseUrl: "https://api.zubbl.com/api",
+    injectWorkerHeaders: false,
+    workerSecret: null,
 };
-// ---- Telemetry State ----
-let sampleRatio = 0.1; // default 1 in 10
-let endpointBuffer = [];
-let debounceTimer = null;
-function shouldSample() {
-  return Math.random() < sampleRatio;
+// -----------------------------------------------------------
+// Browser safety check
+// -----------------------------------------------------------
+function assertBrowserSafety(config) {
+    if (isBrowser || isWorker) {
+        const key = config.apiKey ?? "";
+        // Simple rule: if the key looks like a secret (sk_ or very long)
+        const looksSecret = key.startsWith("sk_") || key.length > 40;
+        if (looksSecret) {
+            throw new Error("[Zubbl SDK] Secret or server key detected in browser environment. " +
+                "Use a public SDK key instead (prefix pk_).");
+        }
+    }
 }
-function setSamplingRatio(ratio) {
-  if (ratio < 0 || ratio > 1) throw new Error("Sampling ratio must be between 0 and 1");
-  sampleRatio = ratio;
+// -----------------------------------------------------------
+// Public API
+// -----------------------------------------------------------
+function init$1(partial) {
+    config = { ...config, ...partial };
+    assertBrowserSafety(config); // 🔒 check that key is safe in browser
 }
-function emitEndpoint(payload) {
-  if (!shouldSample()) return;
-  const enriched = { ...payload, ts: Date.now(), source: "sdk" };
-  endpointBuffer.push(enriched);
-  console.log("[Zubbl SDK][Telemetry] Queued endpoint:", enriched);
-  if (!debounceTimer) {
-    debounceTimer = setTimeout(flushEndpointBuffer, 200);
-  }
+function getConfig() {
+    return config;
+}
+// -----------------------------------------------------------
+// Header builder (used by HTTP layer)
+// -----------------------------------------------------------
+function buildHeaders(extra = {}) {
+    if (!config.apiKey || !config.tenantId || !config.appId) {
+        throw new Error("[Zubbl SDK] Not initialized – call init() first.");
+    }
+    return {
+        Authorization: `Bearer ${config.apiKey}`,
+        "X-Tenant-Id": config.tenantId,
+        "X-App-Id": config.appId,
+        "Content-Type": "application/json",
+        ...extra,
+    };
 }
-async function flushEndpointBuffer() {
-  if (endpointBuffer.length === 0) {
-    debounceTimer = null;
-    return;
-  }
-  const batch = [...endpointBuffer];
-  endpointBuffer = [];
-  debounceTimer = null;
-  const telemetryUrl =
-    process.env.ZUBBL_TELEMETRY_URL || `${config.baseUrl.replace(/\/$/, "")}/sdk/log`;
-  const headers = {
-    "Content-Type": "application/json",
-    Authorization: `Bearer ${config.apiKey}`,
-    "X-Tenant-Id": config.tenantId,
-    "X-App-Id": config.appId,
-  };
-  console.log("[Zubbl SDK][Telemetry] Flushing batch:", {
-    url: telemetryUrl,
-    count: batch.length,
-    sampleRatio,
-    payload: batch,
-    headers,
-  });
-  try {
-    const resp = await fetch(telemetryUrl, {
-      method: "POST",
-      headers,
-      body: JSON.stringify(batch),
-    });
+// src/core/context.ts
+// -----------------------------------------------------------
+// Adaptive Context Engine — Geo + Stability Enrichment + Persistence
+// -----------------------------------------------------------
+const MAX_HISTORY = 100;
+const CACHE_KEY = "zubbl-stability";
+let state = loadStability() ?? {
+    routes: [],
+    geo: "unknown",
+    stability: 1.0,
+    lastGeoChange: Date.now(),
+};
+// -----------------------------------------------------------
+// 💾 Persistence Helpers
+// -----------------------------------------------------------
+function loadStability() {
+    if (!isBrowser || typeof localStorage === "undefined")
+        return null;
+    try {
+        const raw = localStorage.getItem(CACHE_KEY);
+        if (!raw)
+            return null;
+        const parsed = JSON.parse(raw);
+        if (!parsed.geo || !parsed.stability)
+            return null;
+        return { ...parsed, routes: [] };
+    }
+    catch {
+        return null;
+    }
+}
+function saveStability() {
+    if (!isBrowser || typeof localStorage === "undefined")
+        return;
+    try {
+        const payload = {
+            geo: state.geo,
+            stability: state.stability,
+            lastGeoChange: state.lastGeoChange,
+        };
+        localStorage.setItem(CACHE_KEY, JSON.stringify(payload));
+    }
+    catch {
+        /* ignore */
+    }
+}
+// -----------------------------------------------------------
+// 🌍 Geo Detection (Node, Browser, Worker)
+// -----------------------------------------------------------
+function detectGeo() {
+    try {
+        if (isBrowser && typeof window !== "undefined" && window.navigator?.language) {
+            return window.navigator.language.split("-")[1] || "unknown";
+        }
+        if (isWorker && typeof self !== "undefined" && self.navigator?.language) {
+            return self.navigator.language.split("-")[1] || "unknown";
+        }
+        if (isNode && typeof process !== "undefined") {
+            const envGeo = process.env.ZUBBL_GEO || process.env.GEO;
+            if (envGeo && /^[A-Z]{2}$/i.test(envGeo))
+                return envGeo.toUpperCase();
+            return "GB";
+        }
+        return "unknown";
+    }
+    catch (err) {
+        console.warn("[Zubbl SDK][Geo Detect] Failed:", err);
+        return "unknown";
+    }
+}
+// -----------------------------------------------------------
+// 🧭 Update Geo & Stability (with persistence)
+// -----------------------------------------------------------
+function updateGeo(geoHint) {
+    const newGeo = geoHint || detectGeo();
+    if (newGeo !== state.geo) {
+        const now = Date.now();
+        const elapsed = (now - state.lastGeoChange) / 1000;
+        state.stability = Math.max(0.5, Math.min(1.0, elapsed / 3600));
+        state.geo = newGeo;
+        state.lastGeoChange = now;
+        saveStability();
+    }
+    else {
+        state.stability = Math.min(1.0, state.stability + 0.01);
+        saveStability();
+    }
+}
+// -----------------------------------------------------------
+// 🧮 Record Context Samples
+// -----------------------------------------------------------
+function recordContextSample(path, method, status, latency) {
+    state.routes.push({ path, method, ts: Date.now(), status, latency });
+    if (state.routes.length > MAX_HISTORY)
+        state.routes.shift();
+    updateGeo(); // auto-refresh geo info
+}
+// -----------------------------------------------------------
+// 📦 Get Adaptive Headers
+// -----------------------------------------------------------
+function getAdaptiveHeaders() {
+    const currentGeo = detectGeo();
+    updateGeo(currentGeo);
+    const summary = btoa(JSON.stringify({
+        env: isNode ? "node" : isBrowser ? "browser" : "worker",
+        routeCount: state.routes.length,
+        lastGeo: state.geo,
+        avgLatency: state.routes.reduce((a, b) => a + b.latency, 0) /
+            Math.max(1, state.routes.length),
+    }));
+    return {
+        "X-Zubbl-Context-Summary": summary,
+        "X-Zubbl-Geo-Stability": `${state.geo}/${state.stability.toFixed(2)}`,
+    };
+}
+// -----------------------------------------------------------
+// 🌍 Initialize Geo Context Immediately
+// -----------------------------------------------------------
+updateGeo(process.env.ZUBBL_GEO);
-    const text = await resp.text();
-    console.log("[Zubbl SDK][Telemetry] Response:", {
-      status: resp.status,
-      body: text,
+// -----------------------------------------------------------
+// 🔐 Secure Signing & Nonce Generator
+// -----------------------------------------------------------
+// -----------------------------------------------------------
+// Generate UUIDv4 Nonce
+// -----------------------------------------------------------
+function generateNonce() {
+    return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, c => {
+        const r = (Math.random() * 16) | 0;
+        const v = c === "x" ? r : (r & 0x3) | 0x8;
+        return v.toString(16);
     });
-  } catch (err) {
-    console.error("[Zubbl SDK][Telemetry] Failed to send batch:", err);
-  }
+}
+// -----------------------------------------------------------
+// Compute SHA256 HMAC signature
+// -----------------------------------------------------------
+async function signPayload(payload, secret) {
+    if (isNode) {
+        // ✅ Node.js native HMAC
+        return crypto.createHmac("sha256", secret).update(payload).digest("hex");
+    }
+    // ✅ Browser / Worker using WebCrypto
+    if (typeof window !== "undefined" && window.crypto?.subtle) {
+        const key = await window.crypto.subtle.importKey("raw", new TextEncoder().encode(secret), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+        const sig = await window.crypto.subtle.sign("HMAC", key, new TextEncoder().encode(payload));
+        return Array.from(new Uint8Array(sig))
+            .map(b => b.toString(16).padStart(2, "0"))
+            .join("");
+    }
+    throw new Error("No crypto implementation available in this environment");
+}
+// -----------------------------------------------------------
+// Attach signing headers to a request
+// -----------------------------------------------------------
+async function attachSigningHeaders(method, url, body, secretKey) {
+    const nonce = generateNonce();
+    // Compute canonical string (deterministic)
+    const bodyHash = body
+        ? crypto.createHash("sha256").update(body).digest("hex")
+        : "";
+    const canonical = `${method.toUpperCase()}\n${url}\n${nonce}\n${bodyHash}`;
+    // ⚙️ Always include nonce even if secret is missing
+    if (!secretKey) {
+        return { "X-Zubbl-Nonce": nonce };
+    }
+    const signature = await signPayload(canonical, secretKey);
+    return {
+        "X-Zubbl-Nonce": nonce,
+        "X-Zubbl-Signature": signature,
+    };
 }
-async function zubblFetch(input, init = {}, context = {}) {
-  const start = performance.now();
-  let response;
-  try {
-    response = await fetch(input, init);
-    return response;
-  } finally {
-    const latency_ms = performance.now() - start;
+// src/core/http.ts
+// -----------------------------------------------------------
+// Isomorphic HTTP transport for Node, Browser, and Workers
+// Includes adaptive context, telemetry, signing & safety timeout
+// -----------------------------------------------------------
+async function httpRequest(url, options = {}) {
+    // 🔧 Default timeout lowered for SDK-12 hardening
+    const { timeoutMs = 250, ...fetchOpts } = options;
+    // ---------------------------------------------------------
+    // Polyfill fetch for Node
+    // ---------------------------------------------------------
+    let fetchImpl;
+    if (isNode) {
+        const { fetch } = await import('undici');
+        // @ts-expect-error Node native fetch lacks duplex definition in undici types
+        fetchImpl = fetch;
+    }
+    else if (isBrowser || isWorker) {
+        fetchImpl = fetch;
+    }
+    else {
+        console.warn("[Zubbl SDK][HTTP] Unsupported runtime environment");
+        return null;
+    }
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+    const start = performance.now();
     try {
-      const url = new URL(input, window.location.origin);
-      emitEndpoint({
-        tenant_id: context.tenant_id || config.tenantId,
-        app_id: context.app_id || config.appId,
-        external_user_id: context.external_user_id,
-        method: init.method || "GET",
-        path: url.pathname, // fixed to "path"
-        status: response?.status ?? 0,
-        latency_ms,
-      });
-    } catch (e) {
-      console.warn("[Zubbl SDK] Failed to record endpoint telemetry", e);
-    }
-  }
+        const config = getConfig();
+        const bodyText = fetchOpts.body && typeof fetchOpts.body === "string"
+            ? fetchOpts.body
+            : fetchOpts.body
+                ? JSON.stringify(fetchOpts.body)
+                : "";
+        // ---------------------------------------------------------
+        // 🔐 Signing headers (adds X-Zubbl-Nonce and X-Zubbl-Signature)
+        // ---------------------------------------------------------
+        const signingHeaders = await attachSigningHeaders(fetchOpts.method ?? "GET", url, bodyText, config.workerSecret ?? null);
+        // ---------------------------------------------------------
+        // 🧠 Adaptive context headers
+        // ---------------------------------------------------------
+        const adaptiveHeaders = getAdaptiveHeaders();
+        // ✅ Merge headers cleanly — final order matters
+        fetchOpts.headers = {
+            ...(fetchOpts.headers || {}),
+            ...adaptiveHeaders,
+            ...signingHeaders,
+        };
+        // ---------------------------------------------------------
+        // Perform request
+        // ---------------------------------------------------------
+        const response = await fetchImpl(url, { ...fetchOpts, signal: controller.signal });
+        const latencyMs = performance.now() - start;
+        const status = response?.status ?? 0;
+        // -----------------------------------------------------
+        // Telemetry hook — record runtime discovery + metrics
+        // -----------------------------------------------------
+        await Promise.resolve().then(function () { return telemetry; }).then(({ recordRequestTelemetry, logRuntimeDiscovery }) => {
+            logRuntimeDiscovery(url);
+            recordRequestTelemetry(url, fetchOpts.method ?? "GET", status, latencyMs);
+        });
+        // -----------------------------------------------------
+        // Adaptive context sample recording
+        // -----------------------------------------------------
+        recordContextSample(url, fetchOpts.method ?? "GET", status, latencyMs);
+        // -----------------------------------------------------
+        // Error handling / Soft fail behaviour
+        // -----------------------------------------------------
+        if (!response.ok) {
+            const text = await response.text().catch(() => "");
+            console.warn(`[Zubbl SDK][HTTP] Non-OK response ${status}: ${text}`);
+            return response; // still return so host can inspect
+        }
+        return response;
+    }
+    catch (err) {
+        const latencyMs = performance.now() - start;
+        const reason = err?.name === "AbortError"
+            ? `timeout (${timeoutMs}ms)`
+            : err?.message || "unknown network error";
+        console.warn(`[Zubbl SDK][HTTP] Request failed: ${reason}`, { url, latencyMs });
+        return null; // 🧩 Never throw to host app
+    }
+    finally {
+        clearTimeout(timeout);
+    }
 }
-/**
- * Initialize SDK with API credentials.
- */
-function init({
-  apiKey,
-  tenantId,
-  appId,
-  baseUrl,
-  injectWorkerHeaders = false,
-  workerSecret = null,
-}) {
-  if (!apiKey || !tenantId || !appId) {
-    throw new Error("apiKey, tenantId, and appId are required");
-  }
-  config = {
-    apiKey,
-    tenantId,
-    appId,
-    baseUrl: baseUrl || "https://api.zubbl.com/api",
-    injectWorkerHeaders,
-    workerSecret,
-  };
+// src/core/storage.ts
+// ------------------------------------------------------
+// Node (in-memory) implementation
+// ------------------------------------------------------
+class NodeStorage {
+    constructor() {
+        this.store = new Map();
+    }
+    get(key) {
+        const entry = this.store.get(key);
+        if (!entry)
+            return null;
+        if (entry.expiresAt && entry.expiresAt < Date.now()) {
+            this.store.delete(key);
+            return null;
+        }
+        return entry.value;
+    }
+    set(key, value, ttlSeconds) {
+        const expiresAt = ttlSeconds ? Date.now() + ttlSeconds * 1000 : undefined;
+        this.store.set(key, { value, expiresAt });
+    }
+    remove(key) {
+        this.store.delete(key);
+    }
 }
-/**
- * Identify a user by email (and optional name).
- * Backend will return or generate a valid UUID for external_user_id.
- */
-async function identifyUser({ email, name }) {
-  if (!config.apiKey || !config.tenantId || !config.appId) {
-    throw new Error("Zubbl SDK not initialized");
-  }
-  if (!email) throw new Error("email is required");
-  const headers = {
-    Authorization: `Bearer ${config.apiKey}`,
-    "X-Tenant-Id": config.tenantId,
-    "X-App-Id": config.appId,
-    "Content-Type": "application/json",
-  };
-  if (config.injectWorkerHeaders && config.workerSecret) {
-    headers["X-Zubbl-Worker-Secret"] = config.workerSecret;
-    headers["X-Zubbl-Internal-Call"] = "true";
-  }
-  const response = await axios.post(
-    `${config.baseUrl}/sdk/identify`,
-    { email, name },
-    { headers }
-  );
-  const { external_user_id } = response.data;
-  if (!external_user_id) {
-    throw new Error("Backend did not return external_user_id");
-  }
-  // ✅ Ensure UUID format
-  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
-  if (!uuidRegex.test(external_user_id)) {
-    throw new Error(`Invalid external_user_id received: ${external_user_id}`);
-  }
-  return response.data;
+// ------------------------------------------------------
+// Browser (localStorage) implementation
+// ------------------------------------------------------
+class BrowserStorage {
+    constructor() {
+        this.prefix = "zubbl_sdk_";
+    }
+    get(key) {
+        try {
+            const raw = localStorage.getItem(this.prefix + key);
+            if (!raw)
+                return null;
+            const { value, expiresAt } = JSON.parse(raw);
+            if (expiresAt && expiresAt < Date.now()) {
+                localStorage.removeItem(this.prefix + key);
+                return null;
+            }
+            return value;
+        }
+        catch {
+            return null;
+        }
+    }
+    set(key, value, ttlSeconds) {
+        try {
+            const expiresAt = ttlSeconds ? Date.now() + ttlSeconds * 1000 : undefined;
+            localStorage.setItem(this.prefix + key, JSON.stringify({ value, expiresAt }));
+        }
+        catch (err) {
+            // localStorage quota exceeded → silently ignore
+            console.warn("[Zubbl SDK][Storage] Failed to persist item:", err);
+        }
+    }
+    remove(key) {
+        localStorage.removeItem(this.prefix + key);
+    }
 }
-/**
- * Fetch effective tiles for a given user.
- * Requires valid external_user_id (UUID).
- */
-async function getTiles({ external_user_id, app_id = null }) {
-  if (!config.apiKey || !config.tenantId || !config.appId) {
-    throw new Error("Zubbl SDK not initialized");
-  }
-  if (!external_user_id) throw new Error("external_user_id is required");
-  // ✅ Validate UUID format
-  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
-  if (!uuidRegex.test(external_user_id)) {
-    throw new Error(`Invalid external_user_id: ${external_user_id}. Must be UUID.`);
-  }
-  const headers = {
-    Authorization: `Bearer ${config.apiKey}`,
-    "X-Tenant-Id": config.tenantId,
-    "X-App-Id": config.appId,
-    "X-External-User-Id": external_user_id,
-  };
-  if (config.injectWorkerHeaders && config.workerSecret) {
-    headers["X-Zubbl-Worker-Secret"] = config.workerSecret;
-    headers["X-Zubbl-Internal-Call"] = "true";
-  }
-  const params = new URLSearchParams({ external_user_id });
-  params.set("app_id", app_id || config.appId);
-  const response = await axios.get(
-    `${config.baseUrl.replace(/\/$/, "")}/tiles/effective?${params.toString()}`,
-    { headers }
-  );
-  return response.data;
+// ------------------------------------------------------
+// Factory
+// ------------------------------------------------------
+function createStorage() {
+    if (isNode)
+        return new NodeStorage();
+    if (isBrowser)
+        return new BrowserStorage();
+    // Fallback: safe no-op storage for tests / fake environments
+    return {
+        get: () => null,
+        set: () => { },
+        remove: () => { },
+    };
 }
-async function enforce({ external_user_id, app_id = null }) {
-  if (!config.apiKey || !config.tenantId || !config.appId) {
-    throw new Error("Zubbl SDK not initialized");
-  }
-  if (!external_user_id) throw new Error("external_user_id is required");
+// -----------------------------------------------------------
+// 🌍 Zubbl Geo Engine — Multi-Provider Fallback + 15min Cache
+// -----------------------------------------------------------
+// Fully typed, aligns with Zubbl GEO Enforcement Policy
+// -----------------------------------------------------------
+const GEO_CACHE_KEY = "zubbl-geo-cache";
+const GEO_TTL_MS = 15 * 60 * 1000; // 15 minutes
+// -----------------------------------------------------------
+// 🗃 Cache Helpers
+// -----------------------------------------------------------
+function loadGeoCache() {
+    try {
+        if (!isBrowser || typeof localStorage === "undefined")
+            return null;
+        const raw = localStorage.getItem(GEO_CACHE_KEY);
+        if (!raw)
+            return null;
+        const parsed = JSON.parse(raw);
+        if (!parsed.data?.ip || Date.now() - parsed.timestamp > GEO_TTL_MS)
+            return null;
+        return parsed.data;
+    }
+    catch {
+        return null;
+    }
+}
+function saveGeoCache(data) {
+    try {
+        if (!isBrowser || typeof localStorage === "undefined")
+            return;
+        localStorage.setItem(GEO_CACHE_KEY, JSON.stringify({ data, timestamp: Date.now() }));
+    }
+    catch { }
+}
+// -----------------------------------------------------------
+// 🌐 Provider Wrappers
+// -----------------------------------------------------------
+async function fetchJSON(url, timeoutMs = 3000) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        const resp = await fetch(url, { signal: controller.signal });
+        clearTimeout(timeout);
+        if (!resp.ok)
+            throw new Error(`HTTP ${resp.status}`);
+        return await resp.json();
+    }
+    catch (err) {
+        clearTimeout(timeout);
+        throw err;
+    }
+}
+async function providerIpInfo() {
+    const d = await fetchJSON("https://ipinfo.io/json?token=public");
+    return {
+        ip: d.ip || null,
+        country: d.country || "unknown",
+        asn: d.org?.replace(/^AS/, "") || null,
+        privacy: { vpn: false, hosting: false },
+    };
+}
+async function providerIpApi() {
+    const d = await fetchJSON("https://ipapi.co/json/");
+    return {
+        ip: d.ip || null,
+        country: d.country_code || "unknown",
+        asn: d.asn?.replace(/^AS/, "") || null,
+        privacy: { vpn: false, hosting: false },
+    };
+}
+async function providerGeoJs() {
+    const d = await fetchJSON("https://get.geojs.io/v1/ip/geo.json");
+    return {
+        ip: d.ip || null,
+        country: d.country_code || "unknown",
+        asn: null,
+        privacy: { vpn: false, hosting: false },
+    };
+}
+// -----------------------------------------------------------
+// 🧠 Fallback Resolver
+// -----------------------------------------------------------
+async function getGeoInfo() {
+    const cached = loadGeoCache();
+    if (cached)
+        return cached;
+    const providers = [providerIpInfo, providerIpApi, providerGeoJs];
+    for (const fn of providers) {
+        try {
+            const result = await fn();
+            if (result?.country && result.country !== "unknown") {
+                saveGeoCache(result);
+                return result;
+            }
+        }
+        catch (err) {
+            console.warn("[Zubbl SDK][Geo] Provider failed:", fn.name, "-", err.message);
+        }
+    }
+    const fallback = {
+        ip: null,
+        country: "unknown",
+        asn: null,
+        privacy: { vpn: false, hosting: false },
+    };
+    saveGeoCache(fallback);
+    return fallback;
+}
+async function getGeoHeaders() {
+    const geo = await getGeoInfo();
+    return {
+        "X-Zubbl-Geo-Country": geo.country || "unknown",
+        "X-Zubbl-ASN": geo.asn || "unknown",
+        "X-Zubbl-IP": geo.ip || "",
+        "X-Zubbl-Privacy-VPN": String(geo.privacy?.vpn ?? false),
+        "X-Zubbl-Privacy-Hosting": String(geo.privacy?.hosting ?? false),
+    };
+}
-  const headers = {
-    Authorization: `Bearer ${config.apiKey}`,
-    "X-Tenant-Id": config.tenantId,
-    "X-App-Id": app_id || config.appId,
-    "X-External-User-Id": external_user_id,
-    "Content-Type": "application/json",
-  };
-  if (config.injectWorkerHeaders && config.workerSecret) {
-    headers["X-Zubbl-Worker-Secret"] = config.workerSecret;
-    headers["X-Zubbl-Internal-Call"] = "true";
-  }
+// ---------------------------------------------------------
+// Zubbl SDK — Unified Bootstrap (Adaptive + GEO Aware)
+// ---------------------------------------------------------
+// ---------------------------------------------------------
+// Initialization
+// ---------------------------------------------------------
+async function init({ apiKey, tenantId, appId, baseUrl = "https://api.zubbl.com/api", injectWorkerHeaders = false, workerSecret = null, }) {
+    // Initialize core configuration
+    init$1({ apiKey, tenantId, appId, baseUrl, injectWorkerHeaders, workerSecret });
+    // Prime GEO context cache
+    try {
+        const geo = await getGeoInfo();
+        console.log(`[Zubbl SDK] 🌍 GEO detected: ${geo.country} (ASN ${geo.asn || "?"})`);
+    }
+    catch (err) {
+        console.warn("[Zubbl SDK] GEO init failed:", err?.message);
+    }
+}
+// ---------------------------------------------------------
+// Identify User
+// ---------------------------------------------------------
+async function identifyUser({ email, name }) {
+    const config = getConfig();
+    if (!config.apiKey || !config.tenantId || !config.appId) {
+        throw new Error("Zubbl SDK not initialized");
+    }
+    const adaptiveHeaders = getAdaptiveHeaders();
+    const geoHeaders = await getGeoHeaders();
+    const headers = buildHeaders({
+        "Content-Type": "application/json",
+        ...adaptiveHeaders,
+        ...geoHeaders,
+    });
+    const body = JSON.stringify({ email, name });
+    const resp = await httpRequest(`${config.baseUrl}/sdk/identify`, {
+        method: "POST",
+        headers,
+        body,
+    });
+    const data = await resp.json().catch(() => ({}));
+    if (!data.external_user_id) {
+        console.warn("[Zubbl SDK] identifyUser: missing external_user_id");
+    }
+    return data;
+}
+// ---------------------------------------------------------
+// Fetch Effective Tiles
+// ---------------------------------------------------------
+async function getTiles({ external_user_id, app_id = null, }) {
+    const config = getConfig();
+    if (!config.apiKey || !config.tenantId || !config.appId) {
+        throw new Error("Zubbl SDK not initialized");
+    }
+    if (!external_user_id)
+        throw new Error("external_user_id is required");
+    const adaptiveHeaders = getAdaptiveHeaders();
+    const geoHeaders = await getGeoHeaders();
+    const headers = buildHeaders({
+        "X-External-User-Id": external_user_id,
+        ...adaptiveHeaders,
+        ...geoHeaders,
+    });
+    const params = new URLSearchParams({ external_user_id });
+    params.set("app_id", app_id || config.appId);
+    const resp = await httpRequest(`${config.baseUrl.replace(/\/$/, "")}/tiles/effective?${params.toString()}`, { method: "GET", headers });
+    return resp.json();
+}
+// ---------------------------------------------------------
+// Policy Enforcement
+// ---------------------------------------------------------
+async function enforce({ external_user_id, app_id = null, }) {
+    const config = getConfig();
+    if (!config.apiKey || !config.tenantId || !config.appId) {
+        throw new Error("Zubbl SDK not initialized");
+    }
+    const adaptiveHeaders = getAdaptiveHeaders();
+    const geoHeaders = await getGeoHeaders();
+    const headers = buildHeaders({
+        "X-External-User-Id": external_user_id,
+        ...adaptiveHeaders,
+        ...geoHeaders,
+    });
+    const resp = await httpRequest(`${config.baseUrl.replace(/\/$/, "")}/sdk/test-enforcement`, { method: "POST", headers });
+    const json = await resp.json().catch(() => ({}));
+    return { decision: "allow", status: resp.status, data: json };
+}
+// ---------------------------------------------------------
+// Exposed Helpers
+// ---------------------------------------------------------
+const storage = createStorage();
-  try {
-    const resp = await axios.post(
-      `${config.baseUrl.replace(/\/$/, "")}/sdk/test-enforcement`,
-      {},
-      { headers }
-    );
-    return { decision: "allow", status: resp.status, data: resp.data };
-  } catch (e) {
-    if (e.response && e.response.status === 429) {
-      return { decision: "block", status: 429, data: e.response.data };
-    }
-    throw e;
-  }
+// -----------------------------------------------------------
+// Zubbl Telemetry Core (Endpoint Discovery)
+// -----------------------------------------------------------
+// Local telemetry buffer
+let sampleRatio = 0.1; // 1 in 10 by default
+let buffer = [];
+let debounceTimer = null;
+function shouldSample() {
+    return Math.random() < sampleRatio;
 }
+// -----------------------------------------------------------
+// Emit telemetry events
+// -----------------------------------------------------------
+function emitEndpoint(payload) {
+    if (!shouldSample())
+        return;
+    const enriched = {
+        ...payload,
+        ts: Date.now(),
+        source: isBrowser ? "browser" : isNode ? "node" : "worker",
+    };
+    buffer.push(enriched);
+    if (!debounceTimer) {
+        debounceTimer = setTimeout(flushBuffer, 200);
+    }
+}
+// -----------------------------------------------------------
+// Flush logic (batch send)
+// -----------------------------------------------------------
+async function flushBuffer() {
+    if (buffer.length === 0) {
+        debounceTimer = null;
+        return;
+    }
+    const batch = [...buffer];
+    buffer = [];
+    debounceTimer = null;
+    const config = getConfig();
+    const url = `${config.baseUrl.replace(/\/$/, "")}/sdk/log`;
+    const headers = {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${config.apiKey}`,
+        "X-Tenant-Id": config.tenantId ?? "",
+        "X-App-Id": config.appId ?? "",
+    };
+    try {
+        const resp = await fetch(url, {
+            method: "POST",
+            headers,
+            body: JSON.stringify(batch),
+        });
+        const text = await resp.text();
+        console.log("[Zubbl SDK][Telemetry] Flushed", batch.length, "events →", resp.status, text);
+    }
+    catch (err) {
+        console.warn("[Zubbl SDK][Telemetry] Failed to send batch:", err.message);
+    }
+}
+// -----------------------------------------------------------
+// Helper for HTTP wrapping
+// -----------------------------------------------------------
+async function recordRequestTelemetry(url, method, status, latency, extra = {}) {
+    try {
+        const path = new URL(url).pathname;
+        emitEndpoint({
+            path,
+            method,
+            status,
+            latency,
+            ...extra,
+        });
+    }
+    catch (err) {
+        console.warn("[Zubbl SDK][Telemetry] Failed to record telemetry", err);
+    }
+}
+// -----------------------------------------------------------
+// Runtime Endpoint Discovery
+// -----------------------------------------------------------
+let hasLoggedDiscovery = false;
+function logRuntimeDiscovery(url) {
+    if (hasLoggedDiscovery)
+        return; // only once per runtime
+    hasLoggedDiscovery = true;
+    const runtime = isNode ? "Node" : isBrowser ? "Browser" : isWorker ? "Worker" : "Unknown";
+    const time = new Date().toISOString();
+    console.log(`[Zubbl SDK][Discovery] Runtime: ${runtime}`);
+    console.log(`[Zubbl SDK][Discovery] Timestamp: ${time}`);
+    console.log(`[Zubbl SDK][Discovery] Initial endpoint: ${url}`);
+}
+var telemetry = /*#__PURE__*/Object.freeze({
+    __proto__: null,
+    emitEndpoint: emitEndpoint,
+    logRuntimeDiscovery: logRuntimeDiscovery,
+    recordRequestTelemetry: recordRequestTelemetry
+});
-export { emitEndpoint, enforce, getTiles, identifyUser, init, setSamplingRatio, zubblFetch };
+export { enforce, getConfig, getTiles, httpRequest, identifyUser, init, storage };
+//# sourceMappingURL=zubbl-sdk.esm.js.map