@botim/mp-debug-sdk 0.6.2 → 0.7.0

package/dist/index.d.cts

@@ -1,4 +1,4 @@
-import { EventType, EventLevel, ConsolePayload, NetworkPayload, ErrorPayload, CommandHandler, BotimConfig, ConsentInput, DeviceInfo } from './types.cjs';
+import { ConsentPromptCopy, EventType, EventLevel, ConsolePayload, NetworkPayload, ErrorPayload, CommandHandler, BotimConfig, ConsentInput, DeviceInfo } from './types.cjs';
 export { AttachRequest, AttachResponse, BotimEnv, BridgePayload, CommandAckPayload, CommandContext, CommandPollResponse, CommandRejectedPayload, CommandRequest, DebugEvent, DebugEventBase, ErrorSource, EventMeta, LifecycleEvent, LifecyclePayload, NetworkPhase, PerfPayload, SCHEMA_VERSION, SerializedValue, StreamFrame, UploadAck, UploadBatch } from './types.cjs';
 
 /**
@@ -27,6 +27,62 @@ declare class BotimConsentError extends Error {
     constructor(message: string);
 }
 
+/**
+ * In-app consent modal for the debug SDK.
+ *
+ * Shown on first load when the host opts in via `consent.promptUser:
+ * true`. Persists the user's choice in `localStorage` so subsequent
+ * loads attach silently (or stay disabled, if declined).
+ *
+ * Why hand-rolled DOM/CSS instead of pulling in a UI library:
+ *   • The SDK ships into BOTIM mini-programs whose own bundles already
+ *     include framework code — adding React/Vue/Lit just for this one
+ *     dialog would inflate the SDK by an order of magnitude.
+ *   • The modal must work on any host (Angular, vanilla, Web
+ *     Components, future frameworks). Plain DOM is the universal
+ *     baseline.
+ *   • Style isolation via inline styles + a unique class prefix
+ *     (`__botim-debug-consent-`) avoids collisions with whatever
+ *     stylesheet the host has loaded. We deliberately avoid the
+ *     simpler `style=""` attribute on every element — bundles using
+ *     CSP `style-src` directives without `'unsafe-inline'` would
+ *     reject those, breaking the very debug flow we're trying to
+ *     enable. Instead we inject one <style> with `!important` rules
+ *     into <head>, which CSP `style-src 'self'` allows.
+ *
+ * Trust model: this UI is for user-facing transparency, NOT a
+ * cryptographic gate. A motivated attacker who controls the page can
+ * trivially write to `localStorage` and fake `granted`. The actual
+ * defence against unauthorized debug attach is "the SDK isn't shipped
+ * in production builds." Treat the consent record like a "remember
+ * me" cookie, not a session token.
+ */
+
+type ConsentDecision = 'granted' | 'denied';
+/**
+ * Read the cached consent decision for this mp_id. Returns `null` when
+ * no decision has been recorded — the caller should prompt.
+ *
+ * `localStorage.getItem` can throw in some sandboxed contexts (Safari
+ * Private Mode historically; some embedded WebViews). Failures are
+ * coerced to `null` so the prompt re-shows rather than crashing the
+ * SDK on storage hiccups.
+ */
+declare function readConsentDecision(mpId: string): ConsentDecision | null;
+/**
+ * Persist a decision. Failures are swallowed for the same reason as
+ * `readConsentDecision` — on storage-hostile platforms the SDK should
+ * still function for the current session, even if the prompt re-shows
+ * next time.
+ */
+declare function writeConsentDecision(mpId: string, decision: ConsentDecision): void;
+/**
+ * Clear the cached decision for an mp_id. Exposed so a host can wire
+ * a "Revoke debug consent" button into its own settings UI.
+ */
+declare function clearConsentDecision(mpId: string): void;
+declare function promptForConsent(mpId: string, copy?: ConsentPromptCopy): Promise<ConsentDecision>;
+
 /**
  * Built-in commands registered automatically when `enableRemoteDebug` runs.
  *
@@ -242,4 +298,4 @@ declare const DEFAULT_BUFFER_SIZE = 1000;
 declare const DEFAULT_MAX_BATCH_SIZE = 50;
 declare function enableRemoteDebug(options: RemoteDebugOptions): Promise<RemoteDebugHandle>;
 
-export { type AppInfo, BotimConfig, BotimConfigError, BotimConsentError, type BuiltinHostHooks, CommandHandler, ConsentInput, ConsolePayload, DEFAULT_BODY_PATTERNS, DEFAULT_BUFFER_SIZE, DEFAULT_FLUSH_INTERVAL_MS, DEFAULT_MAX_BATCH_SIZE, DEFAULT_MAX_BODY_BYTES, DEFAULT_REDACT_HEADERS, type DedupOptions, DeviceInfo, ErrorPayload, EventLevel, EventType, type ExecOptions, NetworkPayload, type RedactionConfig, type RemoteDebugHandle, type RemoteDebugOptions, type SamplingConfig, type SuppressionSummary, enableRemoteDebug, getBOT };
+export { type AppInfo, BotimConfig, BotimConfigError, BotimConsentError, type BuiltinHostHooks, CommandHandler, type ConsentDecision, ConsentInput, ConsentPromptCopy, ConsolePayload, DEFAULT_BODY_PATTERNS, DEFAULT_BUFFER_SIZE, DEFAULT_FLUSH_INTERVAL_MS, DEFAULT_MAX_BATCH_SIZE, DEFAULT_MAX_BODY_BYTES, DEFAULT_REDACT_HEADERS, type DedupOptions, DeviceInfo, ErrorPayload, EventLevel, EventType, type ExecOptions, NetworkPayload, type RedactionConfig, type RemoteDebugHandle, type RemoteDebugOptions, type SamplingConfig, type SuppressionSummary, clearConsentDecision, enableRemoteDebug, getBOT, promptForConsent, readConsentDecision, writeConsentDecision };

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { EventType, EventLevel, ConsolePayload, NetworkPayload, ErrorPayload, CommandHandler, BotimConfig, ConsentInput, DeviceInfo } from './types.js';
+import { ConsentPromptCopy, EventType, EventLevel, ConsolePayload, NetworkPayload, ErrorPayload, CommandHandler, BotimConfig, ConsentInput, DeviceInfo } from './types.js';
 export { AttachRequest, AttachResponse, BotimEnv, BridgePayload, CommandAckPayload, CommandContext, CommandPollResponse, CommandRejectedPayload, CommandRequest, DebugEvent, DebugEventBase, ErrorSource, EventMeta, LifecycleEvent, LifecyclePayload, NetworkPhase, PerfPayload, SCHEMA_VERSION, SerializedValue, StreamFrame, UploadAck, UploadBatch } from './types.js';
 
 /**
@@ -27,6 +27,62 @@ declare class BotimConsentError extends Error {
     constructor(message: string);
 }
 
+/**
+ * In-app consent modal for the debug SDK.
+ *
+ * Shown on first load when the host opts in via `consent.promptUser:
+ * true`. Persists the user's choice in `localStorage` so subsequent
+ * loads attach silently (or stay disabled, if declined).
+ *
+ * Why hand-rolled DOM/CSS instead of pulling in a UI library:
+ *   • The SDK ships into BOTIM mini-programs whose own bundles already
+ *     include framework code — adding React/Vue/Lit just for this one
+ *     dialog would inflate the SDK by an order of magnitude.
+ *   • The modal must work on any host (Angular, vanilla, Web
+ *     Components, future frameworks). Plain DOM is the universal
+ *     baseline.
+ *   • Style isolation via inline styles + a unique class prefix
+ *     (`__botim-debug-consent-`) avoids collisions with whatever
+ *     stylesheet the host has loaded. We deliberately avoid the
+ *     simpler `style=""` attribute on every element — bundles using
+ *     CSP `style-src` directives without `'unsafe-inline'` would
+ *     reject those, breaking the very debug flow we're trying to
+ *     enable. Instead we inject one <style> with `!important` rules
+ *     into <head>, which CSP `style-src 'self'` allows.
+ *
+ * Trust model: this UI is for user-facing transparency, NOT a
+ * cryptographic gate. A motivated attacker who controls the page can
+ * trivially write to `localStorage` and fake `granted`. The actual
+ * defence against unauthorized debug attach is "the SDK isn't shipped
+ * in production builds." Treat the consent record like a "remember
+ * me" cookie, not a session token.
+ */
+
+type ConsentDecision = 'granted' | 'denied';
+/**
+ * Read the cached consent decision for this mp_id. Returns `null` when
+ * no decision has been recorded — the caller should prompt.
+ *
+ * `localStorage.getItem` can throw in some sandboxed contexts (Safari
+ * Private Mode historically; some embedded WebViews). Failures are
+ * coerced to `null` so the prompt re-shows rather than crashing the
+ * SDK on storage hiccups.
+ */
+declare function readConsentDecision(mpId: string): ConsentDecision | null;
+/**
+ * Persist a decision. Failures are swallowed for the same reason as
+ * `readConsentDecision` — on storage-hostile platforms the SDK should
+ * still function for the current session, even if the prompt re-shows
+ * next time.
+ */
+declare function writeConsentDecision(mpId: string, decision: ConsentDecision): void;
+/**
+ * Clear the cached decision for an mp_id. Exposed so a host can wire
+ * a "Revoke debug consent" button into its own settings UI.
+ */
+declare function clearConsentDecision(mpId: string): void;
+declare function promptForConsent(mpId: string, copy?: ConsentPromptCopy): Promise<ConsentDecision>;
+
 /**
  * Built-in commands registered automatically when `enableRemoteDebug` runs.
  *
@@ -242,4 +298,4 @@ declare const DEFAULT_BUFFER_SIZE = 1000;
 declare const DEFAULT_MAX_BATCH_SIZE = 50;
 declare function enableRemoteDebug(options: RemoteDebugOptions): Promise<RemoteDebugHandle>;
 
-export { type AppInfo, BotimConfig, BotimConfigError, BotimConsentError, type BuiltinHostHooks, CommandHandler, ConsentInput, ConsolePayload, DEFAULT_BODY_PATTERNS, DEFAULT_BUFFER_SIZE, DEFAULT_FLUSH_INTERVAL_MS, DEFAULT_MAX_BATCH_SIZE, DEFAULT_MAX_BODY_BYTES, DEFAULT_REDACT_HEADERS, type DedupOptions, DeviceInfo, ErrorPayload, EventLevel, EventType, type ExecOptions, NetworkPayload, type RedactionConfig, type RemoteDebugHandle, type RemoteDebugOptions, type SamplingConfig, type SuppressionSummary, enableRemoteDebug, getBOT };
+export { type AppInfo, BotimConfig, BotimConfigError, BotimConsentError, type BuiltinHostHooks, CommandHandler, type ConsentDecision, ConsentInput, ConsentPromptCopy, ConsolePayload, DEFAULT_BODY_PATTERNS, DEFAULT_BUFFER_SIZE, DEFAULT_FLUSH_INTERVAL_MS, DEFAULT_MAX_BATCH_SIZE, DEFAULT_MAX_BODY_BYTES, DEFAULT_REDACT_HEADERS, type DedupOptions, DeviceInfo, ErrorPayload, EventLevel, EventType, type ExecOptions, NetworkPayload, type RedactionConfig, type RemoteDebugHandle, type RemoteDebugOptions, type SamplingConfig, type SuppressionSummary, clearConsentDecision, enableRemoteDebug, getBOT, promptForConsent, readConsentDecision, writeConsentDecision };

package/dist/index.js

@@ -20,6 +20,214 @@ var BotimConsentError = class extends Error {
   }
 };
 
+// src/consent-ui.ts
+var STORAGE_PREFIX = "__botim_debug_consent_";
+var CSS_PREFIX = "__botim-debug-consent";
+var STYLE_ELEMENT_ID = `${CSS_PREFIX}-styles`;
+var DEFAULT_COPY = {
+  title: "Enable BOTIM debug logging?",
+  body: [
+    "This shares your screen content, console logs, and network calls with the BOTIM team to help debug this mini-program.",
+    "No data leaves your device unless you agree. You can revoke this anytime by clearing site data or via developer tools."
+  ],
+  acceptLabel: "Allow",
+  declineLabel: "Skip"
+};
+function readConsentDecision(mpId) {
+  if (typeof localStorage === "undefined") return null;
+  try {
+    const raw = localStorage.getItem(STORAGE_PREFIX + mpId);
+    if (raw === "granted" || raw === "denied") return raw;
+    return null;
+  } catch {
+    return null;
+  }
+}
+function writeConsentDecision(mpId, decision) {
+  if (typeof localStorage === "undefined") return;
+  try {
+    localStorage.setItem(STORAGE_PREFIX + mpId, decision);
+  } catch {
+  }
+}
+function clearConsentDecision(mpId) {
+  if (typeof localStorage === "undefined") return;
+  try {
+    localStorage.removeItem(STORAGE_PREFIX + mpId);
+  } catch {
+  }
+}
+var inflightPrompt = null;
+async function promptForConsent(mpId, copy = {}) {
+  if (inflightPrompt) return inflightPrompt;
+  if (typeof document === "undefined" || typeof window === "undefined") {
+    return "denied";
+  }
+  const merged = {
+    title: copy.title ?? DEFAULT_COPY.title,
+    body: copy.body ?? DEFAULT_COPY.body,
+    acceptLabel: copy.acceptLabel ?? DEFAULT_COPY.acceptLabel,
+    declineLabel: copy.declineLabel ?? DEFAULT_COPY.declineLabel
+  };
+  inflightPrompt = new Promise((resolve) => {
+    injectStylesheet();
+    const overlay = buildOverlay(merged, (decision) => {
+      writeConsentDecision(mpId, decision);
+      try {
+        overlay.remove();
+      } catch {
+      }
+      inflightPrompt = null;
+      resolve(decision);
+    });
+    document.body.appendChild(overlay);
+  });
+  return inflightPrompt;
+}
+function injectStylesheet() {
+  if (document.getElementById(STYLE_ELEMENT_ID)) return;
+  const style = document.createElement("style");
+  style.id = STYLE_ELEMENT_ID;
+  style.textContent = `
+    .${CSS_PREFIX}-overlay {
+      position: fixed !important;
+      inset: 0 !important;
+      z-index: 2147483647 !important;
+      display: flex !important;
+      align-items: flex-end !important;
+      justify-content: center !important;
+      background: rgba(0, 0, 0, 0.45) !important;
+      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI",
+                   Roboto, "Helvetica Neue", sans-serif !important;
+      animation: ${CSS_PREFIX}-fade-in 160ms ease-out !important;
+      box-sizing: border-box !important;
+      padding: 16px !important;
+    }
+    @media (min-width: 480px) {
+      .${CSS_PREFIX}-overlay {
+        align-items: center !important;
+      }
+    }
+    @keyframes ${CSS_PREFIX}-fade-in {
+      from { opacity: 0; }
+      to   { opacity: 1; }
+    }
+    .${CSS_PREFIX}-card {
+      background: #ffffff !important;
+      color: #0e1116 !important;
+      border-radius: 16px !important;
+      max-width: 420px !important;
+      width: 100% !important;
+      padding: 20px 20px 16px !important;
+      box-shadow: 0 12px 40px rgba(0, 0, 0, 0.18) !important;
+      box-sizing: border-box !important;
+    }
+    .${CSS_PREFIX}-title {
+      font-size: 17px !important;
+      font-weight: 600 !important;
+      margin: 0 0 12px !important;
+      line-height: 1.3 !important;
+    }
+    .${CSS_PREFIX}-body {
+      font-size: 14px !important;
+      line-height: 1.5 !important;
+      color: #4a5160 !important;
+      margin: 0 0 8px !important;
+    }
+    .${CSS_PREFIX}-actions {
+      display: flex !important;
+      justify-content: flex-end !important;
+      gap: 8px !important;
+      margin-top: 16px !important;
+    }
+    .${CSS_PREFIX}-btn {
+      font-family: inherit !important;
+      font-size: 14px !important;
+      font-weight: 500 !important;
+      padding: 9px 16px !important;
+      border-radius: 10px !important;
+      border: none !important;
+      cursor: pointer !important;
+      line-height: 1 !important;
+      min-height: 36px !important;
+      box-sizing: border-box !important;
+    }
+    .${CSS_PREFIX}-btn-decline {
+      background: transparent !important;
+      color: #4a5160 !important;
+    }
+    .${CSS_PREFIX}-btn-decline:hover {
+      background: #f3f4f6 !important;
+    }
+    .${CSS_PREFIX}-btn-accept {
+      background: #0066ff !important;
+      color: #ffffff !important;
+    }
+    .${CSS_PREFIX}-btn-accept:hover {
+      background: #0055d4 !important;
+    }
+    @media (prefers-color-scheme: dark) {
+      .${CSS_PREFIX}-card {
+        background: #1c1f24 !important;
+        color: #e8eaed !important;
+      }
+      .${CSS_PREFIX}-body {
+        color: #b9bec7 !important;
+      }
+      .${CSS_PREFIX}-btn-decline {
+        color: #b9bec7 !important;
+      }
+      .${CSS_PREFIX}-btn-decline:hover {
+        background: #2a2e35 !important;
+      }
+    }
+  `;
+  document.head.appendChild(style);
+}
+function buildOverlay(copy, onDecision) {
+  const overlay = document.createElement("div");
+  overlay.className = `${CSS_PREFIX}-overlay`;
+  overlay.setAttribute("role", "dialog");
+  overlay.setAttribute("aria-modal", "true");
+  overlay.setAttribute("aria-labelledby", `${CSS_PREFIX}-title`);
+  const card = document.createElement("div");
+  card.className = `${CSS_PREFIX}-card`;
+  const title = document.createElement("h2");
+  title.id = `${CSS_PREFIX}-title`;
+  title.className = `${CSS_PREFIX}-title`;
+  title.textContent = copy.title;
+  card.appendChild(title);
+  for (const para of copy.body) {
+    const p = document.createElement("p");
+    p.className = `${CSS_PREFIX}-body`;
+    p.textContent = para;
+    card.appendChild(p);
+  }
+  const actions = document.createElement("div");
+  actions.className = `${CSS_PREFIX}-actions`;
+  const declineBtn = document.createElement("button");
+  declineBtn.type = "button";
+  declineBtn.className = `${CSS_PREFIX}-btn ${CSS_PREFIX}-btn-decline`;
+  declineBtn.textContent = copy.declineLabel;
+  declineBtn.addEventListener("click", () => onDecision("denied"));
+  const acceptBtn = document.createElement("button");
+  acceptBtn.type = "button";
+  acceptBtn.className = `${CSS_PREFIX}-btn ${CSS_PREFIX}-btn-accept`;
+  acceptBtn.textContent = copy.acceptLabel;
+  acceptBtn.addEventListener("click", () => onDecision("granted"));
+  actions.appendChild(declineBtn);
+  actions.appendChild(acceptBtn);
+  card.appendChild(actions);
+  overlay.appendChild(card);
+  requestAnimationFrame(() => {
+    try {
+      acceptBtn.focus();
+    } catch {
+    }
+  });
+  return overlay;
+}
+
 // src/buffer.ts
 var RingBuffer = class {
   constructor(opts) {
@@ -1406,6 +1614,21 @@ function assertConfig(config) {
 async function enableRemoteDebug(options) {
   if (options.enabled === false) return NOOP_HANDLE;
   assertConfig(options.config);
+  if (options.consent?.promptUser) {
+    const cached = readConsentDecision(options.config.miniProgramId);
+    let decision = cached;
+    if (decision === null) {
+      decision = await promptForConsent(
+        options.config.miniProgramId,
+        options.consent.promptCopy
+      );
+    }
+    if (decision === "denied") return NOOP_HANDLE;
+    options = {
+      ...options,
+      consent: { ...options.consent, userOptIn: true }
+    };
+  }
   assertConsent(options.config, options.consent);
   const onError = options.onError ?? (() => {
   });
@@ -1599,6 +1822,6 @@ async function enableRemoteDebug(options) {
   };
 }
 
-export { BotimConfigError, BotimConsentError, DEFAULT_BODY_PATTERNS, DEFAULT_BUFFER_SIZE, DEFAULT_FLUSH_INTERVAL_MS, DEFAULT_MAX_BATCH_SIZE, DEFAULT_MAX_BODY_BYTES, DEFAULT_REDACT_HEADERS, SCHEMA_VERSION, enableRemoteDebug, getBOT };
+export { BotimConfigError, BotimConsentError, DEFAULT_BODY_PATTERNS, DEFAULT_BUFFER_SIZE, DEFAULT_FLUSH_INTERVAL_MS, DEFAULT_MAX_BATCH_SIZE, DEFAULT_MAX_BODY_BYTES, DEFAULT_REDACT_HEADERS, SCHEMA_VERSION, clearConsentDecision, enableRemoteDebug, getBOT, promptForConsent, readConsentDecision, writeConsentDecision };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map