@bbearai/core 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.d.mts +1 -0
  2. package/dist/index.d.ts +1 -0
  3. package/dist/index.js +13 -3
  4. package/dist/index.mjs +13 -3
  5. package/package.json +1 -1
package/dist/index.d.mts CHANGED
@@ -620,6 +620,7 @@ declare class BugBearClient {
620
620
  private supabase;
621
621
  private config;
622
622
  private navigationHistory;
623
+ private reportSubmitInFlight;
623
624
  constructor(config: BugBearConfig);
624
625
  /**
625
626
  * Track navigation for context.
package/dist/index.d.ts CHANGED
@@ -620,6 +620,7 @@ declare class BugBearClient {
620
620
  private supabase;
621
621
  private config;
622
622
  private navigationHistory;
623
+ private reportSubmitInFlight;
623
624
  constructor(config: BugBearConfig);
624
625
  /**
625
626
  * Track navigation for context.
package/dist/index.js CHANGED
@@ -292,6 +292,7 @@ var HOSTED_BUGBEAR_ANON_KEY = getEnvVar("BUGBEAR_ANON_KEY") || getEnvVar("NEXT_P
292
292
  var BugBearClient = class {
293
293
  constructor(config) {
294
294
  this.navigationHistory = [];
295
+ this.reportSubmitInFlight = false;
295
296
  this.config = config;
296
297
  this.supabase = (0, import_supabase_js.createClient)(
297
298
  config.supabaseUrl || DEFAULT_SUPABASE_URL,
@@ -352,6 +353,10 @@ var BugBearClient = class {
352
353
  * Submit a report
353
354
  */
354
355
  async submitReport(report) {
356
+ if (this.reportSubmitInFlight) {
357
+ return { success: false, error: "A report is already being submitted" };
358
+ }
359
+ this.reportSubmitInFlight = true;
355
360
  try {
356
361
  const validationError = this.validateReport(report);
357
362
  if (validationError) {
@@ -403,6 +408,8 @@ var BugBearClient = class {
403
408
  } catch (err) {
404
409
  const message = err instanceof Error ? err.message : "Unknown error";
405
410
  return { success: false, error: message };
411
+ } finally {
412
+ this.reportSubmitInFlight = false;
406
413
  }
407
414
  }
408
415
  /**
@@ -911,8 +918,8 @@ var BugBearClient = class {
911
918
  return "Maximum 10 screenshots allowed";
912
919
  }
913
920
  for (const url of report.screenshots) {
914
- if (typeof url !== "string" || url.length > 2e3) {
915
- return "Invalid screenshot URL";
921
+ if (typeof url !== "string" || url.length > 2e3 || !/^https?:\/\//i.test(url)) {
922
+ return "Invalid screenshot URL (must be an HTTP/HTTPS URL)";
916
923
  }
917
924
  }
918
925
  }
@@ -1301,7 +1308,10 @@ var BugBearClient = class {
1301
1308
  content
1302
1309
  };
1303
1310
  if (attachments && attachments.length > 0) {
1304
- insertData.attachments = attachments;
1311
+ const safeAttachments = attachments.filter((a) => /^https?:\/\//i.test(a.url));
1312
+ if (safeAttachments.length > 0) {
1313
+ insertData.attachments = safeAttachments;
1314
+ }
1305
1315
  }
1306
1316
  const { error } = await this.supabase.from("discussion_messages").insert(insertData);
1307
1317
  if (error) {
package/dist/index.mjs CHANGED
@@ -263,6 +263,7 @@ var HOSTED_BUGBEAR_ANON_KEY = getEnvVar("BUGBEAR_ANON_KEY") || getEnvVar("NEXT_P
263
263
  var BugBearClient = class {
264
264
  constructor(config) {
265
265
  this.navigationHistory = [];
266
+ this.reportSubmitInFlight = false;
266
267
  this.config = config;
267
268
  this.supabase = createClient(
268
269
  config.supabaseUrl || DEFAULT_SUPABASE_URL,
@@ -323,6 +324,10 @@ var BugBearClient = class {
323
324
  * Submit a report
324
325
  */
325
326
  async submitReport(report) {
327
+ if (this.reportSubmitInFlight) {
328
+ return { success: false, error: "A report is already being submitted" };
329
+ }
330
+ this.reportSubmitInFlight = true;
326
331
  try {
327
332
  const validationError = this.validateReport(report);
328
333
  if (validationError) {
@@ -374,6 +379,8 @@ var BugBearClient = class {
374
379
  } catch (err) {
375
380
  const message = err instanceof Error ? err.message : "Unknown error";
376
381
  return { success: false, error: message };
382
+ } finally {
383
+ this.reportSubmitInFlight = false;
377
384
  }
378
385
  }
379
386
  /**
@@ -882,8 +889,8 @@ var BugBearClient = class {
882
889
  return "Maximum 10 screenshots allowed";
883
890
  }
884
891
  for (const url of report.screenshots) {
885
- if (typeof url !== "string" || url.length > 2e3) {
886
- return "Invalid screenshot URL";
892
+ if (typeof url !== "string" || url.length > 2e3 || !/^https?:\/\//i.test(url)) {
893
+ return "Invalid screenshot URL (must be an HTTP/HTTPS URL)";
887
894
  }
888
895
  }
889
896
  }
@@ -1272,7 +1279,10 @@ var BugBearClient = class {
1272
1279
  content
1273
1280
  };
1274
1281
  if (attachments && attachments.length > 0) {
1275
- insertData.attachments = attachments;
1282
+ const safeAttachments = attachments.filter((a) => /^https?:\/\//i.test(a.url));
1283
+ if (safeAttachments.length > 0) {
1284
+ insertData.attachments = safeAttachments;
1285
+ }
1276
1286
  }
1277
1287
  const { error } = await this.supabase.from("discussion_messages").insert(insertData);
1278
1288
  if (error) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bbearai/core",
3
- "version": "0.4.0",
3
+ "version": "0.4.1",
4
4
  "description": "Core utilities and types for BugBear QA platform",
5
5
  "main": "./dist/index.js",
6
6
  "module": "./dist/index.mjs",