Consent

Pass a consent.getCategories callback to enable @segment/analytics-consent-tools wrapping. Every event flowing through analytics.track/page/identify is stamped with context.consent.categoryPreferences, and the plugin’s own engagement beacons carry the same stamp.

How observation works

The plugin passively observes consent stamps via a source middleware — it does not subscribe to CMP change events (there is no such API in analytics-consent-tools). The practical consequence:

Fire an event to re-stamp

When CMP state changes, fire any analytics.track/page/identify event to re-stamp. Otherwise plugin beacons carry the last-observed stamp until the next AJS event flows through. Server-side enforcement is authoritative, so a stale client stamp is reconciled server-side and never needs a client-side fix.

Custom React banner

analytics.ts

import { AnalyticsBrowser } from "@adpharm/silo-analytics";

let consent: Record<string, boolean> | undefined;

export const analytics = AnalyticsBrowser.load({
  writeKey: "your-write-key",
  env: "production",
  consent: {
    getCategories: () => consent ?? { analytics: false },
  },
});

// On accept, update the categories and fire any event to nudge the wrapper
// to re-stamp. The plugin observes the stamp passively — it does not subscribe
// to CMP change events.
export function onAccept() {
  consent = { analytics: true };
  analytics.track("Consent Granted");
}

OneTrust

analytics.ts

import { AnalyticsBrowser } from "@adpharm/silo-analytics";

export const analytics = AnalyticsBrowser.load({
  writeKey: "your-write-key",
  env: "production",
  consent: {
    getCategories: () => ({
      analytics: window.OnetrustActiveGroups?.includes("C0002") ?? false,
      advertising: window.OnetrustActiveGroups?.includes("C0004") ?? false,
    }),
  },
});

// Re-stamp whenever OneTrust consent changes.
window.OneTrust?.OnConsentChanged(() => {
  analytics.track("OneTrust Consent Changed");
});

TCF / IAB

analytics.ts

import { AnalyticsBrowser } from "@adpharm/silo-analytics";

export const analytics = AnalyticsBrowser.load({
  writeKey: "your-write-key",
  env: "production",
  consent: {
    getCategories: () => {
      if (typeof window.__tcfapi !== "function") return { analytics: false };
      let result: Record<string, boolean> = { analytics: false };
      window.__tcfapi("getTCData", 2, (data, success) => {
        if (success && data.cmpStatus === "loaded") {
          result = { analytics: data.purpose.consents[8] === true };
        }
      });
      return result;
    },
  },
});

// Re-stamp when the user completes a TCF consent action.
window.__tcfapi?.("addEventListener", 2, (data, success) => {
  if (success && data.eventStatus === "useractioncomplete") {
    analytics.track("TCF Consent Updated");
  }
});

Server-side responsibility

The plugin sends; the server enforces. For events with rejected categories or a missing stamp, the server is expected to:

• Drop the IP from logs and storage
• Skip cross-event joining
• Skip enrichment

Without that server discipline, the client-side stamping is theatre. The stamp is a signal for the server to act on — not, by itself, a privacy control.