refactor(audience): lift session, attribution, and consent into core

Move session management, attribution tracking, and consent state machine
from @imtbl/pixel into @imtbl/audience-core so the web SDK can share them.

- session.ts: use SESSION_COOKIE from core config instead of duplicating
- attribution.ts: UTM params, click IDs, referrer, sessionStorage caching
- consent.ts: three-level state machine with DNT/GPC, queue purge/transform
- Remove pixel re-exports of core modules (no backwards compat needed yet)
- Add SESSION_MAX_AGE constant to core config
- Pixel now imports everything from @imtbl/audience-core

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: bkbooth

…s/audience/pixel/src/attribution.test.ts …es/audience/core/src/attribution.test.tspackages/audience/pixel/src/attribution.test.ts renamed to packages/audience/core/src/attribution.test.ts packages/audience/pixel/src/attribution.test.ts renamed to packages/audience/core/src/attribution.test.ts

@@ -15,5 +15,6 @@ export const FLUSH_SIZE = 20;
 export const COOKIE_NAME = 'imtbl_anon_id';
 export const SESSION_COOKIE = '_imtbl_sid';
 export const COOKIE_MAX_AGE_SECONDS = 365 * 24 * 60 * 60 * 2; // 2 years
+export const SESSION_MAX_AGE = 30 * 60; // 30 minutes in seconds
 
 export const getBaseUrl = (environment: Environment): string => BASE_URLS[environment];

…ckages/audience/pixel/src/attribution.ts packages/audience/core/src/attribution.tspackages/audience/pixel/src/attribution.ts renamed to packages/audience/core/src/attribution.ts packages/audience/pixel/src/attribution.ts renamed to packages/audience/core/src/attribution.ts

@@ -1,12 +1,5 @@
 import { createConsentManager } from './consent';
 
-// Mock audience-core
-jest.mock('@imtbl/audience-core', () => ({
-  httpSend: jest.fn().mockResolvedValue(true),
-  CONSENT_PATH: '/v1/audience/tracking-consent',
-  getBaseUrl: jest.fn().mockReturnValue('https://api.dev.immutable.com'),
-}));
-
 // Mock fetch globally
 const mockFetch = jest.fn().mockResolvedValue({ ok: true });
 global.fetch = mockFetch;

packages/audience/core/src/config.ts

@@ -1,14 +1,13 @@
-import type {
-  ConsentLevel, Message, Environment, MessageQueue,
-} from '@imtbl/audience-core';
-import { CONSENT_PATH, getBaseUrl } from '@imtbl/audience-core';
+import type { ConsentLevel, Message, Environment } from './types';
+import type { MessageQueue } from './queue';
+import { CONSENT_PATH, getBaseUrl } from './config';
 
 export interface ConsentManager {
   level: ConsentLevel;
   setLevel(next: ConsentLevel): void;
 }
 
-function detectDoNotTrack(): boolean {
+export function detectDoNotTrack(): boolean {
   if (typeof navigator === 'undefined') return false;
   // DNT header
   if (navigator.doNotTrack === '1') return true;
@@ -22,7 +21,7 @@ function detectDoNotTrack(): boolean {
  *
  * - Default level is `'none'` (no collection).
  * - If DNT or GPC is detected and no explicit consent is provided, stays `'none'`.
- * - On downgrade (e.g. full → anonymous), strips `userId` from queued messages.
+ * - On downgrade (e.g. full -> anonymous), strips `userId` from queued messages.
  * - On downgrade to `'none'`, purges the queue entirely.
  * - Fires PUT to `/v1/audience/tracking-consent` on every state change.
  */

…kages/audience/pixel/src/consent.test.ts …ckages/audience/core/src/consent.test.tspackages/audience/pixel/src/consent.test.ts renamed to packages/audience/core/src/consent.test.ts packages/audience/pixel/src/consent.test.ts renamed to packages/audience/core/src/consent.test.ts

@@ -32,6 +32,7 @@ export {
   FLUSH_SIZE,
   COOKIE_NAME,
   SESSION_COOKIE,
+  SESSION_MAX_AGE,
 } from './config';
 
 export { generateId, getTimestamp, isBrowser } from './utils';
@@ -46,3 +47,12 @@ export {
   truncate,
   truncateSource,
 } from './validation';
+
+export { getOrCreateSession, getOrCreateSessionId, getSessionId } from './session';
+export type { SessionResult } from './session';
+
+export { collectAttribution, clearAttribution } from './attribution';
+export type { Attribution } from './attribution';
+
+export { createConsentManager, detectDoNotTrack } from './consent';
+export type { ConsentManager } from './consent';

packages/audience/pixel/src/consent.ts packages/audience/core/src/consent.tspackages/audience/pixel/src/consent.ts renamed to packages/audience/core/src/consent.ts

@@ -1,15 +1,18 @@
 import { getOrCreateSession, getOrCreateSessionId, getSessionId } from './session';
 
-const SESSION_COOKIE_NAME = '_imtbl_sid';
+const SESSION_COOKIE = '_imtbl_sid';
 
-// Mock audience-core cookie helpers
+// Mock internal modules
 const mockGetCookie = jest.fn();
 const mockSetCookie = jest.fn();
 const mockGenerateId = jest.fn();
 
-jest.mock('@imtbl/audience-core', () => ({
+jest.mock('./cookie', () => ({
   getCookie: (...args: unknown[]) => mockGetCookie(...args),
   setCookie: (...args: unknown[]) => mockSetCookie(...args),
+}));
+
+jest.mock('./utils', () => ({
   generateId: (...args: unknown[]) => mockGenerateId(...args),
 }));
 
@@ -25,7 +28,7 @@ describe('getOrCreateSession', () => {
     const result = getOrCreateSession();
     expect(result.sessionId).toBe('new-session-id');
     expect(result.isNew).toBe(true);
-    expect(mockSetCookie).toHaveBeenCalledWith(SESSION_COOKIE_NAME, 'new-session-id', 1800, undefined);
+    expect(mockSetCookie).toHaveBeenCalledWith(SESSION_COOKIE, 'new-session-id', 1800, undefined);
   });
 
   it('returns existing session and refreshes expiry', () => {
@@ -34,15 +37,15 @@ describe('getOrCreateSession', () => {
     const result = getOrCreateSession();
     expect(result.sessionId).toBe('existing-sid');
     expect(result.isNew).toBe(false);
-    expect(mockSetCookie).toHaveBeenCalledWith(SESSION_COOKIE_NAME, 'existing-sid', 1800, undefined);
+    expect(mockSetCookie).toHaveBeenCalledWith(SESSION_COOKIE, 'existing-sid', 1800, undefined);
     expect(mockGenerateId).not.toHaveBeenCalled();
   });
 
   it('passes domain to setCookie', () => {
     mockGetCookie.mockReturnValue(undefined);
 
     getOrCreateSession('.example.com');
-    expect(mockSetCookie).toHaveBeenCalledWith(SESSION_COOKIE_NAME, 'new-session-id', 1800, '.example.com');
+    expect(mockSetCookie).toHaveBeenCalledWith(SESSION_COOKIE, 'new-session-id', 1800, '.example.com');
   });
 });
 

packages/audience/core/src/index.ts

@@ -1,7 +1,6 @@
-import { getCookie, setCookie, generateId } from '@imtbl/audience-core';
-
-const SESSION_COOKIE_NAME = '_imtbl_sid';
-const SESSION_MAX_AGE = 30 * 60; // 30 minutes in seconds
+import { getCookie, setCookie } from './cookie';
+import { generateId } from './utils';
+import { SESSION_COOKIE, SESSION_MAX_AGE } from './config';
 
 export interface SessionResult {
   sessionId: string;
@@ -15,15 +14,15 @@ export interface SessionResult {
  * Returns whether the session is new so the caller can fire a `session_start` event.
  */
 export function getOrCreateSession(domain?: string): SessionResult {
-  const existing = getCookie(SESSION_COOKIE_NAME);
+  const existing = getCookie(SESSION_COOKIE);
   if (existing) {
     // Refresh the rolling expiry
-    setCookie(SESSION_COOKIE_NAME, existing, SESSION_MAX_AGE, domain);
+    setCookie(SESSION_COOKIE, existing, SESSION_MAX_AGE, domain);
     return { sessionId: existing, isNew: false };
   }
 
   const id = generateId();
-  setCookie(SESSION_COOKIE_NAME, id, SESSION_MAX_AGE, domain);
+  setCookie(SESSION_COOKIE, id, SESSION_MAX_AGE, domain);
   return { sessionId: id, isNew: true };
 }
 
@@ -33,5 +32,5 @@ export function getOrCreateSessionId(domain?: string): string {
 }
 
 export function getSessionId(): string | undefined {
-  return getCookie(SESSION_COOKIE_NAME);
+  return getCookie(SESSION_COOKIE);
 }

…kages/audience/pixel/src/session.test.ts …ckages/audience/core/src/session.test.tspackages/audience/pixel/src/session.test.ts renamed to packages/audience/core/src/session.test.ts packages/audience/pixel/src/session.test.ts renamed to packages/audience/core/src/session.test.ts

@@ -1,15 +1,6 @@
 export { Pixel } from './pixel';
 export type { PixelInitOptions } from './pixel';
 
-export { createConsentManager } from './consent';
-export type { ConsentManager } from './consent';
-
-export { getOrCreateSession, getOrCreateSessionId, getSessionId } from './session';
-export type { SessionResult } from './session';
-
-export { collectAttribution, clearAttribution } from './attribution';
-export type { Attribution } from './attribution';
-
 export { createLoader } from './loader';
 export type { Command, ImtblGlobal } from './loader';
 

packages/audience/pixel/src/session.ts packages/audience/core/src/session.tspackages/audience/pixel/src/session.ts renamed to packages/audience/core/src/session.ts

@@ -6,6 +6,7 @@ const mockStart = jest.fn();
 const mockDestroy = jest.fn();
 const mockPurge = jest.fn();
 const mockTransform = jest.fn();
+const mockGetOrCreateSession = jest.fn().mockReturnValue({ sessionId: 'session-abc', isNew: true });
 
 jest.mock('@imtbl/audience-core', () => ({
   MessageQueue: jest.fn().mockImplementation(() => ({
@@ -38,27 +39,25 @@ jest.mock('@imtbl/audience-core', () => ({
   isBrowser: jest.fn().mockReturnValue(true),
   getCookie: jest.fn(),
   setCookie: jest.fn(),
-}));
-
-// Mock internal modules
-jest.mock('./attribution', () => ({
   collectAttribution: jest.fn().mockReturnValue({
     utm_source: 'google',
     landing_page: 'https://example.com',
   }),
-}));
-
-jest.mock('./session', () => ({
-  getOrCreateSession: jest.fn().mockReturnValue({ sessionId: 'session-abc', isNew: true }),
-  getOrCreateSessionId: jest.fn().mockReturnValue('session-abc'),
+  getOrCreateSession: (...args: unknown[]) => mockGetOrCreateSession(...args),
+  createConsentManager: jest.fn().mockImplementation(
+    (_queue: unknown, _key: unknown, _anonId: unknown, _env: unknown, level?: string) => {
+      let current = level ?? 'none';
+      return {
+        get level() { return current; },
+        setLevel(next: string) { current = next; },
+      };
+    },
+  ),
 }));
 
 // Mock fetch globally
 global.fetch = jest.fn().mockResolvedValue({ ok: true });
 
-// Access the mock to change return values per test
-const mockGetOrCreateSession = jest.requireMock('./session').getOrCreateSession;
-
 let activePixel: Pixel | null = null;
 
 beforeEach(() => {