chore: Implement analytics for Checkout Components

[borisprimer]

Overview

This PR implements a comprehensive analytics system for CheckoutComponents following the event definitions specification. The analytics system tracks all key lifecycle events throughout the checkout
and payment flow, providing crucial insights into user behavior and system performance.

What Changed

Initial Implementation

Built the complete analytics infrastructure from the ground up:

Core Components

• AnalyticsEventService: HTTP-based service for sending events to analytics backend
• DefaultAnalyticsInteractor: Domain layer coordinator for analytics operations
• DeviceInfoProvider: Comprehensive device information extraction (model, OS version, device type)
• AnalyticsEnvironmentProvider: Environment detection (production vs sandbox)
• UUIDGenerator: V7 UUID generation for event IDs

Data Models

• AnalyticsEventType: Enum defining all 13 trackable events
• AnalyticsEventMetadata: Metadata container for optional event attributes
• AnalyticsPayload: Complete payload structure for backend submission
• AnalyticsSessionConfig: Session configuration with account/client token info

Event Integration

Integrated analytics tracking across the CheckoutComponents flow:

• SDK initialization lifecycle (SDK_INIT_START, SDK_INIT_END)
• Checkout flow tracking (CHECKOUT_FLOW_STARTED)
• Payment method selection (PAYMENT_METHOD_SELECTION)
• Card form interactions (PAYMENT_DETAILS_ENTERED, PAYMENT_SUBMITTED)
• Payment processing (PAYMENT_PROCESSING_STARTED)
• 3DS challenges (PAYMENT_THREEDS)
• Third-party redirects (PAYMENT_REDIRECT_TO_THIRD_PARTY)
• Payment outcomes (PAYMENT_SUCCESS, PAYMENT_FAILURE)
• Flow exits (PAYMENT_FLOW_EXITED)

Dependency Injection

Registered analytics components in the DI container with proper lifecycle management

Tests

Added comprehensive test coverage:

• AnalyticsEventServiceTests (267 tests)
• DeviceInfoProviderTests (579 tests)
• AnalyticsModelsTests (409 tests)
• CheckoutComponentsAnalyticsInteractorTests (217 tests)
• AnalyticsEnvironmentProviderTests (234 tests)
• UUIDGeneratorTests (189 tests)

Discriminated Union Refactoring (Based on Review Feedback)

Context: Following code review feedback from @NQuinn27, refactored AnalyticsEventMetadata from an optional-heavy struct to a type-safe discriminated union.

Problem: The original struct design had 10 optional fields, allowing invalid combinations like 3DS metadata on general events.

Solution: Implemented Swift enum with associated values for each event category:

public enum AnalyticsEventMetadata {
    case general(GeneralEvent)      // Checkout flow, SDK lifecycle
    case payment(PaymentEvent)      // Payment events with method + ID
    case threeDS(ThreeDSEvent)      // 3DS with provider + response
    case redirect(RedirectEvent)    // Third-party redirects with URL
}

Benefits:

• ✅ Type Safety: Compiler prevents invalid field combinations
• ✅ No Optional Pollution: Each event has only its relevant fields (no more paymentId on 3DS events)
• ✅ Self-Documenting: Clear what each event type requires
• ✅ Compile-Time Guarantees: Missing required fields = build error
• ✅ Future-Proof: New event types don't bloat existing ones

Event Coverage

Implemented Events ✅

• SDK_INIT_START - SDK initialization begins
• SDK_INIT_END - SDK initialization completes
• CHECKOUT_FLOW_STARTED - UI becomes interactive
• PAYMENT_METHOD_SELECTION - User selects payment method
• PAYMENT_DETAILS_ENTERED - Payment details validated
• PAYMENT_SUBMITTED - User taps Pay
• PAYMENT_PROCESSING_STARTED - Payment processing begins
• PAYMENT_REDIRECT_TO_THIRD_PARTY - Redirect to third-party initiated
• PAYMENT_THREEDS - 3DS challenge presented
• PAYMENT_SUCCESS - Payment completes successfully
• PAYMENT_FAILURE - Payment fails
• PAYMENT_FLOW_EXITED - User exits checkout

Not Implemented ⏸️

• PAYMENT_REATTEMPTED - Requires retry feature (not yet available)

Technical Details

Architecture

• Clean Architecture with domain/data/presentation layers
• Dependency injection for testability
• Protocol-based design for flexibility
• AsyncStream for state observation

Event Flow

SDK Init → Checkout Ready → Payment Method Selection →
Details Entry → Submit → Processing → [3DS/Redirect] →
Success/Failure → Exit

Metadata Schema

All events include:

• Required: id, eventName, timestamp, checkoutSessionId, clientSessionId, sdkType, sdkVersion, primerAccountId
• Optional: userLocale, paymentMethod, paymentId, redirectDestinationUrl, threedsProvider, threedsResponse, device, deviceType

Testing

• ✅ 1,895+ new unit tests added
• ✅ All analytics components have 100% test coverage
• ✅ Event metadata validation tests included
• ✅ Device info extraction tested across all iOS versions

References

• 📋 Ticket: ACC-5729
• 📖 Spec: Event Definitions
• 🏗️ Architecture: CheckoutComponents (iOS 15+)

Notes

• Events follow snake_case naming convention per documentation
• Device information auto-filled by analytics service
• Analytics gracefully handles nil container scenarios

[github-actions]

	Warnings
⚠️	> Pull Request size seems relatively large. If this Pull Request contains multiple changes, please split each into separate PR will helps faster, easier review.

Generated by 🚫 Danger Swift against dff6019

[github-actions]

Appetize link: https://appetize.io/app/qhkawl3zzxsmmzgz5dcktoxkdq

[borisprimer]

Not related to this task. Just a quick SwiftLint warning cleanup.

[NQuinn27]

We have a very similar file in the SDK UIDeviceExtension.swift. May be premature, but if we need both, this could be in a shared utils space

[borisprimer]

I know, I separated it intentionally because of future (let's hear from Henry) modularisation. But to add my 2 cents, the first thing that should be extracted to some kind of Util module is LogReporter, DeviceInfoProvider, and similar.

[henry-cooper-primer]

I think we should point any device info calls to the existing Device and Model objects and modularise that one when the time comes and avoid duplicating here.

Device info it's often, but not strictly the domain of analytics. Any analytics-specific properties can, in their domain, extend the current Device.swift or Model.swift

[henry-cooper-primer]

This object has a few too many responsibilities. You could certainly delegate the constructing of the payload, networking out of here and perhaps also the buffering

[henry-cooper-primer]

I think we should point any device info calls to the existing Device and Model objects and modularise that one when the time comes and avoid duplicating here.

Device info it's often, but not strictly the domain of analytics. Any analytics-specific properties can, in their domain, extend the current Device.swift or Model.swift

[henry-cooper-primer]

Associated values can have default values, eg case general(GeneralEvent = GeneralEvent()) so you could just do metadata: .general()

[henry-cooper-primer]

There's a few superfluous comments here

[henry-cooper-primer]

private func isLikelyURL(_ string: String) -> Bool {
    ["http://", "https://"].contains { string.lowercased().hasPrefix($0) }
}

[henry-cooper-primer]

probably more appropriate as a computed property

[henry-cooper-primer]

Why doesn't this have a type?

[borisprimer]

Slip. Good catch.

[gitguardian]

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
While these secrets were previously flagged, we no longer have a reference to the
specific commits where they were detected. Once a secret has been leaked into a git
repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

---

^{_{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}}

[henry-cooper-primer]

is this assignment necessary?

[borisprimer]

removed.

[henry-cooper-primer]

This identical-to-above logic could be extracted into a private helper

[henry-cooper-primer]

can be shortened to use the default value

[henry-cooper-primer]

A lot of the tests in this and the next files aren't asserting anything, they are just firing the events, is this deliberate?

[borisprimer]

These are intentional smoke tests for fire-and-forget patterns. This is deliberate but not ideal. Let me improve it...

[henry-cooper-primer]

There is a static extension on string uuid that avoids having to create a new object which maybe worth a consideration here

[sonarqubecloud]

Quality Gate failed

Failed conditions
57.4% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud