🎉 feat(consent): Add cross-SDK consent and profile-continuity controls#304
Merged
Merged
Conversation
Charles Hudson (phobetron)
requested a review
from Lotfi Anwar L Arif (Lotfi-Arif)
as a code owner
Charles Hudson (phobetron)
force-pushed
the
NT-3282_consent-concept-doc
branch
from
59b41f5 to
8710627
Compare
Wiz Scan Summary
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension. |
Charles Hudson (phobetron)
force-pushed
the
NT-3282_consent-concept-doc
branch
3 times, most recently
from
2188be9 to
58ced15
Compare
Charles Hudson (phobetron)
requested a review
from François (Lp-Francois)
as a code owner
**Summary**
Adds consent-management support across the Optimization SDK Suite and documents how applications should map privacy policy decisions into SDK behavior.
- Adds split consent handling for event emission vs durable profile continuity with `consent({ events, persistence })`, while preserving boolean `consent(true | false)` as a shorthand for both.
- Exposes `states.persistenceConsent`, adds `PERSISTENCE_CONSENT_KEY`, and gates profile, anonymous ID, selected optimization, and changes persistence behind persistence consent.
- Refactors stateless Core/Node event calls behind `forRequest(...)`, so each request binds consent, profile, shared event context, and Experience options before calling `page`, `identify`, `trackView`, etc.
- Updates Web, React Web, React Native, iOS, Android, and the native JS bridge to restore profile continuity only when permitted, clear durable continuity when denied, and support split consent APIs.
- Updates hybrid Node/Web and Next.js reference implementations to use application-owned consent cookies, render baselines before consent, and persist shared anonymous IDs only when continuity consent allows it.
- Adds a cross-SDK consent concept guide and refreshes package READMEs/guides with default-on, strict opt-in, split-consent, revocation, and server/browser alignment guidance.
- Expands test coverage for consent gating, storage restore/clear behavior, request-bound stateless calls, native storage, and baseline-before-consent flows.
**Notable API/behavior changes**
- New/updated exports include `ConsentInput`, `CoreStatelessRequest`, request-scoped stateless types, `EventType`, `PERSISTENCE_CONSENT_KEY`, and `states.persistenceConsent`.
- Node/stateless direct event methods now use `forRequest(...).page()/identify()/...`.
- Core now fails closed by default; platform SDKs provide their runtime-specific pre-consent allowlists.
[[NT-3282](https://contentful.atlassian.net/browse/NT-3282)]
Charles Hudson (phobetron)
force-pushed
the
NT-3282_consent-concept-doc
branch
from
58ced15 to
55f8038
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds consent-management support across the Optimization SDK Suite and documents how applications should map privacy policy decisions into SDK behavior. Also streamlines
AGENTS.mdfiles to reduce context overhead.consent({ events, persistence }), while preserving booleanconsent(true | false)as a shorthand for both.states.persistenceConsent, addsPERSISTENCE_CONSENT_KEY, and gates profile, anonymous ID, selected optimization, and changes persistence behind persistence consent.forRequest(...), so each request binds consent, profile, shared event context, and Experience options before callingpage,identify,trackView, etc.Notable API/behavior changes
ConsentInput,CoreStatelessRequest, request-scoped stateless types,EventType,PERSISTENCE_CONSENT_KEY, andstates.persistenceConsent.forRequest(...).page()/identify()/....[NT-3282]