init rivet support

.claude/settings.json

@@ -1,12 +1,11 @@
 {
 	"hooks": {
-		"PostToolUse": [
+		"Stop": [
 			{
-				"matcher": "Edit|MultiEdit|Write",
 				"hooks": [
 					{
 						"type": "command",
-						"command": "jq -r '.tool_input.file_path' | { read file_path; yarn run -T prettier --write \"$file_path\"; }"
+						"command": "git diff --name-only --diff-filter=ACMR | grep -E '\\.(ts|tsx|js|jsx|json|md)$' | xargs -r yarn run -T prettier --write"
 					}
 				]
 			}

.github/workflows/add-framer-rewrites.yml

@@ -0,0 +1,70 @@
+name: Add Framer Rewrites
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+env:
+  CI: 1
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  add-rewrites:
+    name: 'Add Framer Rewrites'
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Run our setup
+        uses: ./.github/actions/setup
+
+      - name: Check for changes before running script
+        id: before
+        run: |
+          echo "BEFORE_HASH=$(md5sum apps/docs/next.config.js | cut -d' ' -f1)" >> $GITHUB_OUTPUT
+
+      - name: Run add-framer-rewrites script
+        run: yarn add-framer-rewrites
+
+      - name: Check for changes after running script
+        id: after
+        run: |
+          echo "AFTER_HASH=$(md5sum apps/docs/next.config.js | cut -d' ' -f1)" >> $GITHUB_OUTPUT
+
+      - name: Create PR if changes detected
+        if: steps.before.outputs.BEFORE_HASH != steps.after.outputs.AFTER_HASH
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          BRANCH_NAME="framer-rewrites-$(date +%Y%m%d-%H%M%S)"
+
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          git checkout -b "$BRANCH_NAME"
+          git add apps/docs/next.config.js
+          git commit -m "Add missing Framer rewrites to next.config.js"
+          git push origin "$BRANCH_NAME"
+
+          gh pr create \
+            --title "Add missing Framer rewrites" \
+            --body "Adds missing rewrites for new Framer marketing pages to \`apps/docs/next.config.js\`.
+
+          ### Change type
+
+          - [x] \`improvement\`" \
+            --label "docs-hotfix-please"
+
+      - name: No changes detected
+        if: steps.before.outputs.BEFORE_HASH == steps.after.outputs.AFTER_HASH
+        run: |
+          echo "✔ No changes detected. All Framer paths already have rewrites configured."

.github/workflows/deploy-analytics.yml

@@ -0,0 +1,49 @@
+name: Deploy analytics worker
+permissions:
+  contents: read
+  deployments: write
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - production
+
+env:
+  CI: 1
+  PRINT_GITHUB_ANNOTATIONS: 1
+  TLDRAW_ENV: ${{ (github.ref == 'refs/heads/production' && 'production') || (github.ref == 'refs/heads/main' && 'staging') || 'preview'  }}
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  deploy:
+    name: Deploy analytics worker to ${{ (github.ref == 'refs/heads/production' && 'production') || (github.ref == 'refs/heads/main' && 'staging') || 'preview'  }}
+    timeout-minutes: 10
+    runs-on: ubuntu-latest
+    environment: ${{ github.ref == 'refs/heads/production' && 'deploy-production' || 'deploy-staging' }}
+    concurrency: analytics-worker-${{ github.ref == 'refs/heads/production' && 'deploy-production' || github.ref }}
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+
+      - uses: ./.github/actions/setup
+
+      - name: Build types
+        run: yarn build-types
+
+      - name: Deploy
+        run: yarn tsx internal/scripts/deploy-analytics.ts
+        env:
+          RELEASE_COMMIT_HASH: ${{ github.sha }}
+          GH_TOKEN: ${{ github.token }}
+
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          DISCORD_DEPLOY_WEBHOOK_URL: ${{ secrets.DISCORD_DEPLOY_WEBHOOK_URL }}

.github/workflows/deploy-dotcom.yml

@@ -68,7 +68,7 @@ jobs:
           fi
 
       - name: Delete Neon Branch
-        uses: neondatabase/delete-branch-action@v3.1.3
+        uses: neondatabase/delete-branch-action@v3.2.0
         if: contains(github.event.pull_request.labels.*.name, 'reset-preview-db')
         with:
           project_id: ${{ vars.NEON_PROJECT_ID }}
@@ -158,3 +158,4 @@ jobs:
           VITE_GA4_MEASUREMENT_ID: ${{ secrets.VITE_GA4_MEASUREMENT_ID }}
           WORKER_SENTRY_DSN: ${{ secrets.WORKER_SENTRY_DSN }}
           FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+          PIERRE_KEY: ${{ secrets.PIERRE_KEY }}

.github/workflows/i18n-download-strings.yml

@@ -43,18 +43,25 @@ jobs:
         run: 'yarn i18n-check -f react-intl --locales ./apps/dotcom/client/public/tla/locales/ --source en'
 
       - name: Commit and push changes
-        if: always()
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
           git config --global user.name 'huppy-bot[bot]'
           git config --global user.email '128400622+huppy-bot[bot]@users.noreply.github.com'
-          git checkout -b update-i18n-strings
-          git add "*.json"
-          if git diff-index --quiet HEAD --; then
+
+          # Check if there are any changes to JSON files
+          if ! git diff --quiet '*.json' || ! git diff --cached --quiet '*.json'; then
+            echo "Changes detected, creating PR..."
+          else
             echo "No changes to commit"
             exit 0
           fi
+
+          # Delete the branch if it already exists
+          git push origin --delete update-i18n-strings 2>/dev/null || true
+
+          git checkout -b update-i18n-strings
+          git add "*.json"
           git commit --no-verify -m '[automated] update i18n strings'
           git push --set-upstream origin update-i18n-strings
           gh pr create --title "[automated] update i18n strings" --body "This PR updates the i18n strings.

.prettierignore

@@ -30,6 +30,7 @@ apps/docs/content/reference/**/*
 **/.out/*
 **/.temp/*
 apps/dotcom/client/public/**/*.*
+apps/analytics/public/**/*
 
 **/.clasp.json
 

apps/analytics-worker/.gitignore

@@ -0,0 +1,2 @@
+build
+.wrangler

apps/analytics-worker/CONTEXT.md

@@ -0,0 +1,127 @@
+# Analytics worker
+
+A Cloudflare Worker that determines whether users require explicit cookie consent based on their geographic location.
+
+## Purpose
+
+This worker supports the tldraw analytics system by providing geographic consent checking. It helps ensure compliance with privacy regulations like GDPR, UK PECR, FADP, and LGPD by identifying users in regions that require explicit opt-in for tracking.
+
+The worker is deployed to `tldraw-consent.workers.dev` and is called by the analytics app (`apps/analytics/`) during initialization.
+
+## How it works
+
+1. Receives GET request from analytics client
+2. Reads user's country code from CloudFlare's `CF-IPCountry` header
+3. Checks if country requires explicit consent
+4. Returns JSON response indicating whether consent is required
+5. Includes CORS headers for allowed tldraw origins
+
+## API
+
+**Endpoint**: `https://tldraw-consent.workers.dev` (or environment-specific variants)
+
+**Method**: `GET`
+
+**Response**:
+
+```json
+{
+  "requires_consent": boolean,
+  "country_code": string | null
+}
+```
+
+**Caching**: Responses are cached for 1 hour (`Cache-Control: public, max-age=3600`)
+
+## Geographic consent rules
+
+Users in the following countries/regions require explicit consent:
+
+**EU Member States (GDPR)**:
+
+- Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden
+
+**EEA/EFTA (GDPR)**:
+
+- Iceland, Liechtenstein, Norway
+
+**Other regions**:
+
+- United Kingdom (UK PECR)
+- Switzerland (FADP)
+- Brazil (LGPD)
+
+**Default behavior**: If country code cannot be determined, the worker defaults to requiring consent (conservative approach for privacy compliance).
+
+## CORS configuration
+
+The worker allows cross-origin requests from:
+
+- `http://localhost:3000` - Local development
+- `http://localhost:5420` - Local development
+- `https://meet.google.com` - Google Meet integration
+- `*.tldraw.com` - Production domains
+- `*.tldraw.dev` - Development domains
+- `*.tldraw.club` - Alternative domains
+- `*.tldraw.xyz` - Alternative domains
+- `*.tldraw.workers.dev` - Worker preview domains
+- `*-tldraw.vercel.app` - Vercel preview deployments
+
+## Development
+
+### Running locally
+
+```bash
+yarn dev              # Start local development server
+```
+
+### Testing
+
+```bash
+yarn test             # Run tests
+yarn test-ci          # Run tests in CI mode
+```
+
+### Deployment
+
+The worker is deployed via GitHub Actions (`.github/workflows/deploy-analytics.yml`) which runs `internal/scripts/deploy-analytics.ts`.
+
+**Environments**:
+
+- **dev**: `tldraw-consent-dev` (for testing)
+- **staging**: `tldraw-consent-staging` (deployed on push to `main`)
+- **production**: `tldraw-consent` (deployed on push to `production`)
+
+## File structure
+
+- `src/worker.ts` - Main worker code
+- `wrangler.toml` - Cloudflare Worker configuration
+- `package.json` - Package configuration and scripts
+- `tsconfig.json` - TypeScript configuration
+- `vitest.config.ts` - Test configuration
+
+## Integration
+
+This worker is called by the analytics app during initialization:
+
+1. Analytics app loads in user's browser
+2. If no existing consent preference is stored
+3. App calls this worker to check if consent is required
+4. Based on response, app either:
+   - Shows consent banner (requires_consent: true)
+   - Assumes implicit consent (requires_consent: false)
+
+See `apps/analytics/src/utils/consent-check.ts` for the client-side integration.
+
+## Dependencies
+
+- `@cloudflare/workers-types` - TypeScript types for Cloudflare Workers
+- `wrangler` - Cloudflare Workers CLI tool
+
+## Notes
+
+- This is a standalone worker (not part of the analytics app bundle)
+- Uses CloudFlare's edge network for low-latency responses worldwide
+- Conservative default (require consent) ensures compliance even if geo-detection fails
+- CORS preflight requests are handled with 24-hour cache
+- Responses are cached to reduce load and improve performance

apps/analytics-worker/package.json

@@ -0,0 +1,28 @@
+{
+	"name": "@tldraw/analytics-worker",
+	"description": "tldraw infinite canvas SDK (analytics worker).",
+	"version": "0.0.0",
+	"private": true,
+	"author": {
+		"name": "tldraw GB Ltd.",
+		"email": "hello@tldraw.com"
+	},
+	"main": "./src/worker.ts",
+	"/* GOTCHA */": "files will include ./dist and index.d.ts by default, add any others you want to include in here",
+	"files": [],
+	"scripts": {
+		"dev": "yarn run -T tsx ../../internal/scripts/workers/dev.ts",
+		"test-ci": "yarn run -T vitest run --passWithNoTests",
+		"test": "yarn run -T vitest --passWithNoTests",
+		"test-coverage": "yarn run -T vitest run --coverage --passWithNoTests",
+		"check-bundle-size": "yarn run -T tsx ../../internal/scripts/check-worker-bundle.ts --entry src/worker.ts --size-limit-bytes 350000",
+		"lint": "yarn run -T tsx ../../internal/scripts/lint.ts"
+	},
+	"devDependencies": {
+		"@cloudflare/workers-types": "^4.20250913.0",
+		"esbuild": "^0.25.6",
+		"lazyrepo": "0.0.0-alpha.27",
+		"typescript": "^5.8.3",
+		"wrangler": "^4.37.1"
+	}
+}