Production hardening, deployment docs, and dead signal cleanup (#16)

* Add cookieSecure option and privacy documentation

Add cookieSecure option to all four middleware packages, allowing the
Secure flag to be set on the session cookie. Defaults to false for
local dev compatibility; set to true for HTTPS deployments.

Add privacy and cookie consent section to getting-started guide covering
GDPR, ePrivacy Directive, UK GDPR, CCPA/CPRA, and Brazil LGPD
implications of collecting device capability signals.

* Add deployment guide for Docker, Cloudflare Workers, and serverless

* Document streaming response limitation for probe auto-injection

* Handle Redis connection failures and corrupted JSON gracefully

RedisStorageAdapter now catches errors on all methods instead of letting
them propagate. get() and exists() return safe defaults (null/false),
set() and delete() silently degrade.

* Strip userAgent from stored profiles

userAgent is collected by the probe for bot/crawler filtering but serves
no purpose after that check. All four endpoints now strip it before
persisting to storage. JSON schema and docs updated to reflect.

* Strip viewport from stored profiles and expand isValidSignals tests

Viewport is only used for bot detection (presence check), not
classification. Strip it alongside userAgent before persisting.
Remove orphaned Viewport definition from JSON schema.

Add comprehensive unit tests for isValidSignals covering all
validation branches (was only testing battery paths).

* Document Redis error handling and add missing changelog entries

* Prepare v0.3.0 release

Bump all packages to 0.3.0, finalize changelog, and switch publish
workflow to extract release notes from CHANGELOG.md via
ffurrer2/extract-release-notes@v3.

Author: SimplyLiz

.github/workflows/publish.yml

@@ -46,6 +46,10 @@ jobs:
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
+      - name: Extract release notes from changelog
+        id: release-notes
+        uses: ffurrer2/extract-release-notes@v3
+
       - uses: softprops/action-gh-release@v2
         with:
-          generate_release_notes: true
+          body: ${{ steps.release-notes.outputs.release_notes }}

CHANGELOG.md

@@ -2,8 +2,24 @@
 
 ## Unreleased
 
+## 0.3.0 (2026-02-23)
+
+### Breaking Changes
+
+- **userAgent and viewport stripped from stored profiles** — `userAgent` and `viewport` are no longer persisted in device profiles. They are still collected by the probe and used for bot/crawler filtering at the endpoint, but stripped before storage. Stored `RawSignals` no longer contain `userAgent` or `viewport` fields
+
+### Bug Fixes
+
+- **Redis error handling** — `RedisStorageAdapter` now catches connection failures and corrupted JSON on all methods. `get()`/`exists()` return safe defaults (`null`/`false`), `set()`/`delete()` silently degrade instead of throwing unhandled errors
+
+### Documentation
+
+- **Deployment guide** — New `docs/deployment.md` covering Docker (Node.js + Redis), Cloudflare Workers (Hono + KV), and serverless platforms (Lambda, Vercel). Includes Dockerfiles, docker-compose, custom StorageAdapter examples for edge runtimes, and production checklists
+- **Streaming injection limitation** — Documented that probe auto-injection requires a string response body; streaming responses are silently skipped (or buffered on Hono). Added framework-specific notes to all package READMEs and getting-started guide
+
 ### Features
 
+- **Secure cookie option** — New `cookieSecure` option on all middleware packages sets the `Secure` flag on the session cookie. Set `cookieSecure: true` for HTTPS deployments
 - **Threshold validation** — `createDeviceRouter()` now validates custom thresholds at startup: rejects inverted bounds (e.g. `lowUpperBound >= midUpperBound`), non-positive values, and non-RegExp GPU patterns. Fails fast with descriptive errors instead of silently producing wrong classifications
 - **First-request fallback** — Opt-in strategies to provide a classified profile on the very first page load, before the probe has run
 - **Header-based classification** — `classifyFromHeaders: true` classifies devices from User-Agent and Client Hints headers (`Sec-CH-UA-Mobile`, `Device-Memory`, `Save-Data`), sets `Accept-CH` response header to request hints from Chromium browsers

README.md

@@ -97,6 +97,8 @@ app.get('/', (req, res) => {
 
 All signals are optional — the probe gracefully degrades based on what the browser supports.
 
+> **Note:** The probe also collects `navigator.userAgent` and viewport dimensions for [bot/crawler filtering](docs/getting-started.md). They are used during probe submission and stripped before the profile is stored.
+
 ## Tier Classification
 
 Devices are classified across three dimensions:
@@ -228,6 +230,7 @@ Open http://localhost:3000 — the probe runs on first load, refresh to see your
 ## Documentation
 
 - [Getting Started](docs/getting-started.md)
+- [Deployment Guide](docs/deployment.md) — Docker, Cloudflare Workers, serverless
 - [Profile Schema Reference](docs/profile-schema.md)
 - API Reference: [types](docs/api/types.md) | [probe](docs/api/probe.md) | [storage](docs/api/storage.md) | [express](docs/api/middleware-express.md) | [fastify](docs/api/middleware-fastify.md) | [hono](docs/api/middleware-hono.md) | [koa](docs/api/middleware-koa.md)
 

docs/api/middleware-express.md

@@ -26,6 +26,7 @@ app.use(middleware);
 | `storage`             | `StorageAdapter`                       | required                 | Storage backend                                              |
 | `cookieName`          | `string`                               | `'dr_session'`           | Session cookie name                                          |
 | `cookiePath`          | `string`                               | `'/'`                    | Cookie path                                                  |
+| `cookieSecure`        | `boolean`                              | `false`                  | Set `Secure` flag on the session cookie                      |
 | `ttl`                 | `number`                               | `86400`                  | Profile TTL in seconds                                       |
 | `rejectBots`          | `boolean`                              | `true`                   | Reject bot/crawler probe submissions (returns 403)           |
 | `thresholds`          | `TierThresholds`                       | built-in defaults        | Custom tier classification thresholds (validated at startup) |

docs/api/middleware-fastify.md

@@ -28,6 +28,7 @@ await app.register(plugin, pluginOptions);
 | `storage`             | `StorageAdapter`                              | required                 | Storage backend                                              |
 | `cookieName`          | `string`                                      | `'dr_session'`           | Session cookie name                                          |
 | `cookiePath`          | `string`                                      | `'/'`                    | Cookie path                                                  |
+| `cookieSecure`        | `boolean`                                     | `false`                  | Set `Secure` flag on the session cookie                      |
 | `ttl`                 | `number`                                      | `86400`                  | Profile TTL in seconds                                       |
 | `rejectBots`          | `boolean`                                     | `true`                   | Reject bot/crawler probe submissions (returns 403)           |
 | `thresholds`          | `TierThresholds`                              | built-in defaults        | Custom tier classification thresholds (validated at startup) |

docs/api/middleware-hono.md

@@ -27,6 +27,7 @@ app.use('*', middleware);
 | `storage`             | `StorageAdapter`                     | required                 | Storage backend                                              |
 | `cookieName`          | `string`                             | `'dr_session'`           | Session cookie name                                          |
 | `cookiePath`          | `string`                             | `'/'`                    | Cookie path                                                  |
+| `cookieSecure`        | `boolean`                            | `false`                  | Set `Secure` flag on the session cookie                      |
 | `ttl`                 | `number`                             | `86400`                  | Profile TTL in seconds                                       |
 | `rejectBots`          | `boolean`                            | `true`                   | Reject bot/crawler probe submissions (returns 403)           |
 | `thresholds`          | `TierThresholds`                     | built-in defaults        | Custom tier classification thresholds (validated at startup) |

docs/api/middleware-koa.md

@@ -34,6 +34,7 @@ app.use(middleware);
 | `storage`             | `StorageAdapter`                       | required                 | Storage backend                                              |
 | `cookieName`          | `string`                               | `'dr_session'`           | Session cookie name                                          |
 | `cookiePath`          | `string`                               | `'/'`                    | Cookie path                                                  |
+| `cookieSecure`        | `boolean`                              | `false`                  | Set `Secure` flag on the session cookie                      |
 | `ttl`                 | `number`                               | `86400`                  | Profile TTL in seconds                                       |
 | `rejectBots`          | `boolean`                              | `true`                   | Reject bot/crawler probe submissions (returns 403)           |
 | `thresholds`          | `TierThresholds`                       | built-in defaults        | Custom tier classification thresholds (validated at startup) |

docs/api/storage.md

@@ -45,3 +45,14 @@ const storage = new RedisStorageAdapter({
 | ----------- | ----------------------- | --------------- | -------------------------------------------- |
 | `client`    | Redis-compatible client | required        | Must implement `get`, `set`, `del`, `exists` |
 | `keyPrefix` | `string`                | `'dr:profile:'` | Key prefix for Redis keys                    |
+
+### Error handling
+
+All methods catch errors gracefully instead of throwing. If Redis is unavailable or returns corrupted data:
+
+- `get()` returns `null` (treated as no stored profile)
+- `exists()` returns `false`
+- `set()` silently fails (the probe will re-run next session)
+- `delete()` silently fails (the key will expire via TTL)
+
+This ensures middleware continues to work when Redis is temporarily down — requests proceed without a device profile rather than crashing.

docs/deployment.md

@@ -0,0 +1,291 @@
+# Deployment Guide
+
+This guide covers deploying DeviceRouter in three environments: Docker (Node.js + Redis), Cloudflare Workers (edge), and serverless platforms (Lambda, Vercel, etc.).
+
+## Docker (Node.js + Redis)
+
+A production setup running Express with Redis storage behind a multi-stage Docker build.
+
+### Dockerfile
+
+```dockerfile
+# -- Build stage --
+FROM node:20-slim AS build
+RUN corepack enable
+WORKDIR /app
+
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY packages ./packages
+RUN pnpm install --frozen-lockfile
+RUN pnpm build
+
+# -- Runtime stage --
+FROM node:20-slim
+RUN corepack enable
+WORKDIR /app
+
+COPY --from=build /app/package.json /app/pnpm-lock.yaml /app/pnpm-workspace.yaml ./
+COPY --from=build /app/packages ./packages
+COPY --from=build /app/node_modules ./node_modules
+COPY server.ts ./
+
+ENV NODE_ENV=production
+ENV PORT=3000
+EXPOSE 3000
+
+CMD ["node", "--import", "tsx", "server.ts"]
+```
+
+### docker-compose.yml
+
+```yaml
+services:
+  app:
+    build: .
+    ports:
+      - '3000:3000'
+    environment:
+      PORT: 3000
+      REDIS_URL: redis://redis:6379
+    depends_on:
+      redis:
+        condition: service_healthy
+
+  redis:
+    image: redis:7-alpine
+    ports:
+      - '6379:6379'
+    volumes:
+      - redis-data:/data
+    healthcheck:
+      test: ['CMD', 'redis-cli', 'ping']
+      interval: 5s
+      timeout: 3s
+      retries: 5
+
+volumes:
+  redis-data:
+```
+
+### Application entry point
+
+```typescript
+// server.ts
+import express from 'express';
+import cookieParser from 'cookie-parser';
+import Redis from 'ioredis';
+import { createDeviceRouter } from '@device-router/middleware-express';
+import { RedisStorageAdapter } from '@device-router/storage';
+
+const redis = new Redis(process.env.REDIS_URL ?? 'redis://localhost:6379');
+const storage = new RedisStorageAdapter({ client: redis });
+
+const { middleware, probeEndpoint, injectionMiddleware } = createDeviceRouter({
+  storage,
+  cookieSecure: true,
+  injectProbe: true,
+});
+
+const app = express();
+app.use(cookieParser());
+app.use(express.json());
+
+app.post('/device-router/probe', probeEndpoint);
+app.use(injectionMiddleware!);
+app.use(middleware);
+
+app.get('/', (req, res) => {
+  const profile = req.deviceProfile;
+  if (profile?.hints.preferServerRendering) {
+    return res.send('<html><body>Server-rendered page</body></html>');
+  }
+  res.send('<html><body>Full interactive experience</body></html>');
+});
+
+const port = parseInt(process.env.PORT ?? '3000', 10);
+app.listen(port, () => console.log(`Listening on :${port}`));
+```
+
+### Production checklist
+
+- **`cookieSecure: true`** — always enable when serving over HTTPS. The session cookie is never sent over plain HTTP.
+- **Redis persistence** — the `redis-data` volume in the compose file persists data across restarts. For production, configure Redis AOF or RDB snapshots.
+- **Health checks** — add a `/healthz` endpoint that verifies Redis connectivity.
+- **Reverse proxy** — run behind nginx or a load balancer that handles TLS termination. DeviceRouter does not serve HTTPS itself.
+- **TTL** — the default session TTL is 24 hours. Lower it if you want profiles to refresh more frequently.
+
+## Cloudflare Workers (Edge)
+
+The Hono middleware is edge-compatible — it uses no Node.js-specific APIs at runtime. However, there are two things to handle differently on Workers: storage and probe injection.
+
+### Storage: Cloudflare KV adapter
+
+Redis is not available on Cloudflare Workers. Implement a `StorageAdapter` backed by Cloudflare KV:
+
+```typescript
+// kv-storage.ts
+import type { StorageAdapter, DeviceProfile } from '@device-router/types';
+
+export class KVStorageAdapter implements StorageAdapter {
+  constructor(private kv: KVNamespace) {}
+
+  async get(sessionToken: string): Promise<DeviceProfile | null> {
+    const value = await this.kv.get(sessionToken, 'json');
+    return value as DeviceProfile | null;
+  }
+
+  async set(sessionToken: string, profile: DeviceProfile, ttlSeconds: number): Promise<void> {
+    await this.kv.put(sessionToken, JSON.stringify(profile), { expirationTtl: ttlSeconds });
+  }
+
+  async delete(sessionToken: string): Promise<void> {
+    await this.kv.delete(sessionToken);
+  }
+
+  async exists(sessionToken: string): Promise<boolean> {
+    const value = await this.kv.get(sessionToken);
+    return value !== null;
+  }
+}
+```
+
+### Worker entry point
+
+```typescript
+// src/index.ts
+import { Hono } from 'hono';
+import { createDeviceRouter } from '@device-router/middleware-hono';
+import type { DeviceRouterEnv } from '@device-router/middleware-hono';
+import { KVStorageAdapter } from './kv-storage';
+
+type Bindings = { DEVICE_PROFILES: KVNamespace };
+type Env = DeviceRouterEnv & { Bindings: Bindings };
+
+const app = new Hono<Env>();
+
+// Initialize per-request because KV binding comes from the request context
+app.use('*', async (c, next) => {
+  const storage = new KVStorageAdapter(c.env.DEVICE_PROFILES);
+  const { middleware, probeEndpoint } = createDeviceRouter({ storage });
+
+  if (c.req.path === '/device-router/probe' && c.req.method === 'POST') {
+    return probeEndpoint(c, next);
+  }
+
+  return middleware(c, next);
+});
+
+app.get('/', (c) => {
+  const profile = c.get('deviceProfile');
+  return c.json({ tier: profile?.tiers.cpu ?? null });
+});
+
+export default app;
+```
+
+### wrangler.toml
+
+```toml
+name = "device-router-app"
+main = "src/index.ts"
+compatibility_date = "2024-01-01"
+
+[[kv_namespaces]]
+binding = "DEVICE_PROFILES"
+id = "your-kv-namespace-id"
+```
+
+Create the KV namespace:
+
+```bash
+npx wrangler kv namespace create DEVICE_PROFILES
+```
+
+### Probe injection on Workers
+
+The `injectProbe: true` option does **not** work on Cloudflare Workers. It uses `readFileSync` at initialization to load the bundled probe script, which is a Node.js API unavailable on Workers.
+
+Instead, inline the probe script tag in your HTML responses:
+
+```typescript
+app.get('/', (c) => {
+  const profile = c.get('deviceProfile');
+  return c.html(`
+    <html>
+      <head>
+        <script src="https://unpkg.com/@device-router/probe/dist/device-router-probe.min.js"></script>
+      </head>
+      <body>
+        <p>CPU tier: ${profile?.tiers.cpu ?? 'unknown'}</p>
+      </body>
+    </html>
+  `);
+});
+```
+
+Or serve the probe script from a static asset and reference it directly.
+
+## Serverless (Lambda, Vercel, etc.)
+
+DeviceRouter works on serverless platforms with one constraint: **use external storage**.
+
+### Why MemoryStorageAdapter won't work
+
+Serverless functions are stateless. Each invocation may run in a fresh container. `MemoryStorageAdapter` stores profiles in process memory, which is lost between invocations (or across concurrent instances). Profiles will never be found on subsequent requests.
+
+### Recommended: Upstash Redis
+
+[Upstash](https://upstash.com) provides HTTP-based Redis that works in any serverless environment — no persistent TCP connections required.
+
+```typescript
+import { Redis } from '@upstash/redis';
+import { RedisStorageAdapter } from '@device-router/storage';
+import IORedis from 'ioredis';
+
+// Option 1: Use Upstash's REST-based client with ioredis compatibility
+const redis = new IORedis(process.env.REDIS_URL!);
+const storage = new RedisStorageAdapter({ client: redis });
+
+// Then use `storage` in createDeviceRouter as usual
+```
+
+If `@device-router/storage`'s `RedisStorageAdapter` expects an `ioredis`-compatible client and your serverless runtime doesn't support TCP connections (like Cloudflare Workers), implement a custom `StorageAdapter` using the Upstash REST client directly:
+
+```typescript
+import { Redis } from '@upstash/redis';
+import type { StorageAdapter, DeviceProfile } from '@device-router/types';
+
+export class UpstashStorageAdapter implements StorageAdapter {
+  constructor(private redis: Redis) {}
+
+  async get(sessionToken: string): Promise<DeviceProfile | null> {
+    return this.redis.get<DeviceProfile>(sessionToken);
+  }
+
+  async set(sessionToken: string, profile: DeviceProfile, ttlSeconds: number): Promise<void> {
+    await this.redis.set(sessionToken, profile, { ex: ttlSeconds });
+  }
+
+  async delete(sessionToken: string): Promise<void> {
+    await this.redis.del(sessionToken);
+  }
+
+  async exists(sessionToken: string): Promise<boolean> {
+    const result = await this.redis.exists(sessionToken);
+    return result === 1;
+  }
+}
+```
+
+### Cold starts
+
+Not a concern. DeviceRouter middleware is lightweight — no heavy initialization, no large dependency trees. The probe script is ~1 KB. Classification and hint derivation are pure synchronous functions with no I/O.
+
+### General pattern
+
+Regardless of platform:
+
+1. Use `RedisStorageAdapter` or a custom `StorageAdapter` with external persistence
+2. Set `cookieSecure: true` (serverless platforms typically terminate TLS)
+3. The middleware, probe endpoint, and classification logic are all stateless — they work identically across invocations
+4. If your platform doesn't support `readFileSync` (edge runtimes), skip `injectProbe` and add the probe script tag manually