GrowSurf iOS SDK 0.3.0

0.3.0

Public API cleanup. Clean break from 0.2.1 (no shipped consumers, no back-compat shims).

• Participant-scoped methods no longer take a participantId argument. The SDK now decodes the participantId from the stored participant JWT and fills the URL path internally, so the participant token and participantId can no longer drift out of sync. Affected: getParticipant, updateParticipant, getParticipantReferrals, getParticipantRewards, sendInvites, updateVanityLinks, getParticipantCommissions, markParticipantCommissionsRead, getParticipantPayouts, markParticipantPayoutsRead, getParticipantAffiliateSummary, getParticipantReferralSummary, requestPaypalConfirmEmail, markParticipantRewardsRead, trackShare, triggerReferral.
• Adds func currentParticipantId() async throws -> String? returning the participantId from the stored participant JWT, or nil if none.
• Removes the public createParticipant(_:) method; use addParticipant(_:).
• Removes the updateParticipant(with: GrowSurfParticipantInput) convenience overload; use the GrowSurfParticipantUpdateInput form.
• Collapses updateVanityLink + updateVanityLinks into a single updateVanityLinks(vanityKeys: [String]).
• createSession() and recordAttribution(_:) are now internal.
• onParticipantCreated in GrowSurfWindowCallbacks is now (GrowSurfParticipant, String?) -> Void, passing the new participant token alongside the participant.
• The four in-memory store classes (GrowSurfMemoryTokenStore, GrowSurfMemoryAttributionStore, GrowSurfMemoryMobileInstanceIdStore, GrowSurfMemoryWindowCacheStore) now use package access. Protocols and production defaults stay public.
• presentGrowSurfWindow now returns a public GrowSurfWindowController with a close() method for programmatic dismissal of the presented window.
• Server contract is unchanged; URL paths still carry :participantId, now filled locally from the JWT.
• POST /session now includes the device's mobileInstanceId in the request body so the server can scope the session rate limit per device instead of per IP. Multiple devices behind one NAT (office Wi-Fi, dev box + simulator + phone, CGNAT carrier) no longer share a single bucket. The SDK also retries /session once after a 1.5 s delay on a 429 response so a single hairline trip is absorbed silently instead of surfacing the raw rate-limit message in the GrowSurf window UI. Older servers that don't read mobileInstanceId ignore the field and continue per-IP limiting.