From c72ca922447fc682e38b3bb545eb9c17a2becd7a Mon Sep 17 00:00:00 2001
From: Charles Ewert <cewert@gmail.com>
Date: Sun, 31 May 2026 08:56:27 -0400
Subject: [PATCH] feat(analytics): load Umami first-party via /_a (ADR-0006
 Phase 2c)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Switch the api.jellyrock.app footer tracker from cross-origin
analytics.jellyrock.app/script.js to the same-origin /_a proxy (live since
infra #27):

  <script defer src="/_a/script.js" data-website-id="…"
          data-host-url="https://api.jellyrock.app/_a"></script>

Events POST to /_a/api/send → Caddy strips to umami's /api/send. Works under the
current CSP (/_a/script.js is 'self'); shared CSP tightens in the final infra
phase. analytics.jellyrock.app stays live as rollback (Bridge scope).

Verified: jsdoc.json is valid JSON; footer embeds /_a/script.js + data-host-url
with zero analytics.jellyrock.app references.
---
 jsdoc.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jsdoc.json b/jsdoc.json
index e3aee69c..535d2f0c 100644
--- a/jsdoc.json
+++ b/jsdoc.json
@@ -49,7 +49,7 @@
           "id": "jellyfin-link"
         }
       ],
-      "footer": "<span class=\"jsdoc-message\">Automatically generated using <a href=\"https://github.com/jsdoc/jsdoc\" target=\"_blank\">JSDoc</a> and the <a href=\"https://github.com/ankitskvmdam/clean-jsdoc-theme\" target=\"_blank\">clean-jsdoc-theme</a>.</span><script defer src=\"https://analytics.jellyrock.app/script.js\" data-website-id=\"07139597-641c-42e6-8f5a-cbb0d9182a20\"></script>"
+      "footer": "<span class=\"jsdoc-message\">Automatically generated using <a href=\"https://github.com/jsdoc/jsdoc\" target=\"_blank\">JSDoc</a> and the <a href=\"https://github.com/ankitskvmdam/clean-jsdoc-theme\" target=\"_blank\">clean-jsdoc-theme</a>.</span><script defer src=\"/_a/script.js\" data-website-id=\"07139597-641c-42e6-8f5a-cbb0d9182a20\" data-host-url=\"https://api.jellyrock.app/_a\"></script>"
     }
   },
   "markdown": {