--- status: in-progress title: "GDPR Analytics Sync + Error Reporting Hardening" story: 4.1-gdpr-analytics-sync epic: 4 priority: high blast_radius: medium --- # Spec: GDPR Analytics Sync + Error Reporting Hardening ## Context Deferred work from Story 4.1 (GDPR Cookie Consent): - AC5 anonymousAnalytics DB sync was not implemented - Original constraint: "zero DB writes in 4.1, 100% client consent" - Now removing constraint to implement proper sync ## Goals 1. **Primary**: Sync cookie consent `anonymousAnalytics` to database for authenticated users 2. **Secondary**: Verify error reporting is properly wired (legitimate interest, no consent needed) ## Acceptance Criteria ### AC1: Authenticated user consent syncs to DB - When a logged-in user accepts/rejects analytics via banner or preferences, `UserAISettings.anonymousAnalytics` is updated in DB - Guest users (no session) continue using localStorage only ### AC2: Cross-device consistency - User's analytics consent persists across devices when logged in - Initial consent load prefers DB value when local storage is empty ### AC3: Error reporting verification - Existing error reporting continues to work without consent (legitimate interest) - Verify `/api/debug/client-error` route exists and is wired ## Tasks - [ ] Task 1: Create server action for consent sync - [ ] Task 2: Update cookie consent utilities - [ ] Task 3: Update banner and dialog components - [ ] Task 4: Verify error reporting route ## Code Map ### New/Modified Files | File | Change | |------|--------| | `lib/consent/cookie-consent.ts` | Add `saveConsentWithSync()` client wrapper | | `app/actions/cookie-consent.ts` | NEW - Server action for DB sync | | `components/legal/cookie-consent-banner.tsx` | Use new sync action | | `components/legal/cookie-preferences-dialog.tsx` | Use new sync action | | `app/api/debug/client-error/route.ts` | Verify exists | ### Design Notes - Server action calls `updateAISettings({ anonymousAnalytics: boolean })` - Client-side: combine `setConsent()` + server action in parallel - Server action silently succeeds for guests (no session) — component ignores result - Error reporting uses `/api/debug/client-error` — already exists, no consent gate needed ## Spec Change Log - 2026-05-30: Created spec for deferred AC5 implementation - 2026-05-30: Added error reporting verification as secondary goal ## Dev Agent Record ### Agent Model Used Claude Opus 4.8 ### Completion Notes List