feat: privacy-first analytics swap and legal page rewrite#566
Merged
Conversation
- Remove @vercel/analytics and @vercel/speed-insights entirely - Add self-hosted Plausible (analytics.librechat.ai) using the outbound-links + tagged-events + hash combined script variant - Add env-gated next-cwv-monitor for Core Web Vitals (LCP, INP, CLS, FCP, TTFB), driven by NEXT_PUBLIC_CWV_PROJECT_ID and NEXT_PUBLIC_CWV_ENDPOINT, with optional NEXT_PUBLIC_CWV_SAMPLE_RATE - Migrate TrackedLink card_click and link_click events from Vercel track() to window.plausible(...) with a Window.plausible global declaration; outbound-link auto-tracking complements them - Rewrite /tos, /privacy, /cookie as enterprise-grade, GDPR/CCPA aware policies that accurately disclose the new cookieless analytics stack, lawful basis, retention, sub-processors, and data-subject rights; the site remains banner-free under ePrivacy 5(3) since no terminal-equipment storage is used - Fix footer label: "Terms of services" -> "Terms of Service"
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
…rhaul # Conflicts: # app/layout.tsx
📦 Next.js Bundle Analysis for librechat.aiThis analysis was generated by the Next.js Bundle Analysis action. 🤖 This PR introduced no changes to the JavaScript bundle! 🙌 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
@vercel/analytics+@vercel/speed-insights) with a self-hosted, cookieless analytics stack: Plausible atplausible.librechat.aiplus a React 18-compatible Core Web Vitals collector powered byweb-vitals./tos,/privacy, and/cookieso the public legal pages accurately disclose Plausible, Core Web Vitals, Scarf, local browser storage, operational logs, and no-cookie/no-banner posture.TrackedLinkcustom events (card_click,link_click) from Verceltrack()towindow.plausible(...).origin/mainand preserve the newOPENROUTER_API_KEYgate forAskAILoader.Analytics changes
Removed
@vercel/analyticspackage, imports,<Analytics />, andtrack()calls.@vercel/speed-insightspackage, imports, and<SpeedInsights />.next-cwv-monitorafter review found the published App Router bundle importsReact.use, which is unavailable in the repo's currentreact@18.3.1.Added
app/layout.tsxusing the actual hosted script:components/analytics/CoreWebVitalsMonitor.ts, a small App Router client collector that:web-vitalsdirectly for LCP, INP, CLS, FCP, and TTFB;next-cwv-monitor/api/ingestcontract;localStorage, orsessionStorage;NEXT_PUBLIC_CWV_SAMPLE_RATEwhile always sending$page_viewevents when enabled.Configuration
NEXT_PUBLIC_CWV_PROJECT_IDdefaults/documented as64ddab45-756f-474b-a8c9-266d264c93d8.NEXT_PUBLIC_CWV_SAMPLE_RATEdefaults/documented as0.5.NEXT_PUBLIC_CWV_ENDPOINTis intentionally required before CWV renders; the current site does not serve/api/ingest, so this avoids noisy 404s until the self-hosted CWV backend endpoint is provisioned.Privacy posture
Legal pages
Three full rewrites at the docs site root:
/privacy— 17 sections covering controller/contact, Plausible, CWV, Scarf, server logs, lawful basis, retention, sub-processors, user rights, browser controls, local storage, children's privacy, security, external links, OSS transparency, and contact./cookie— 8 sections covering no cookies, cookieless analytics, CWV monitoring, local browser storage, third-party links/content, browser controls, changes, and contact./tos— 18 sections covering site scope, demo/app separation, open-source licensing, acceptable use, privacy incorporation, third-party links, user contributions, IP, warranty/liability, indemnification, availability, governing-law fallback, severability, and contact.Footer label fix: "Terms of services" → "Terms of Service" in
components/FooterMenu.tsx.Verification
eslint --no-cache app/layout.tsx components/analytics/CoreWebVitalsMonitor.ts components/TrackedLink.tsx app/privacy/page.tsx app/cookie/page.tsx app/tos/page.tsxtsc --noEmit --pretty falsepnpm buildgit diff --check origin/main...HEAD200 application/javascript./api/ingestroute and kept CWV endpoint-gated because it is not currently served by this app.Test plan
origin/main.next-cwv-monitor.NEXT_PUBLIC_CWV_ENDPOINTin production to the deployed self-hosted CWV backend and confirm Web Vitals events appear.plausible.librechat.aiafter deploy.TrackedLinkcard and outbound link after deploy and confirmcard_click/link_clickevents appear in Plausible.