@bugport.ai/widget 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 BugPort
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,157 @@
1
+ # `@bugport.ai/widget`
2
+
3
+ Install the BugPort customer-facing bug reporting widget:
4
+
5
+ ```bash
6
+ npm install @bugport.ai/widget
7
+ ```
8
+
9
+ React usage:
10
+
11
+ ```tsx
12
+ import { BugPortWidget } from '@bugport.ai/widget'
13
+
14
+ export function App() {
15
+ return (
16
+ <BugPortWidget
17
+ projectKey='bp_pub_xxxxx'
18
+ environment='staging'
19
+ apiBaseUrl='http://localhost:8000/v1'
20
+ user={{
21
+ id: 'user_123',
22
+ email: 'qa@example.com',
23
+ name: 'QA Reviewer',
24
+ }}
25
+ />
26
+ )
27
+ }
28
+ ```
29
+
30
+ `publicKey` is also accepted as an alias for `projectKey` when you want the prop name to match the dashboard/widget-key terminology.
31
+
32
+ Imperative mounting:
33
+
34
+ ```ts
35
+ import { initBugPortWidget } from '@bugport.ai/widget'
36
+
37
+ const widget = initBugPortWidget({
38
+ projectKey: 'bp_pub_xxxxx',
39
+ environment: 'staging',
40
+ apiBaseUrl: 'http://localhost:8000/v1',
41
+ })
42
+
43
+ // later
44
+ widget.destroy()
45
+ ```
46
+
47
+ `window.BugPort.init(...)` is also registered automatically when the package runs in a browser bundle.
48
+
49
+ > A CDN/IIFE single-file build is not published yet — the package targets bundler (ESM/CJS) consumers.
50
+
51
+ ## Project key setup
52
+
53
+ 1. In the BugPort dashboard, open your project → **Widget keys**.
54
+ 2. Create a key for the environment you are embedding in (e.g. `staging`,
55
+ `production`).
56
+ 3. Copy the public key (`bp_pub_…`) and pass it as `projectKey`.
57
+
58
+ ## Allowed origins
59
+
60
+ Widget keys are origin-restricted. Add every site origin that will load the
61
+ widget (e.g. `https://app.yourcompany.com`) to the key's **allowed origins** in
62
+ the dashboard, or submissions will be rejected.
63
+
64
+ ## Configuration
65
+
66
+ | Prop | Type | Default | Notes |
67
+ |------|------|---------|-------|
68
+ | `projectKey` / `publicKey` | `string` | — | Public widget key (`bp_pub_…`). Required. |
69
+ | `environment` | `string` | key default | Matches the widget key environment. |
70
+ | `apiBaseUrl` | `string` | `https://api.bugport.ai/v1` | Override for local/self-hosted API. |
71
+ | `user` | `{ id?, email?, name?, role? }` | — | Optional reporter identity. `role` is a staff hint (see accessibility scan below). |
72
+ | `projectId` | `string` | — | BugPort project id — required only for the staff accessibility scan. |
73
+ | `diagnostics` | `BugPortDiagnosticsConfig` | disabled | Optional in-page console/network capture (see below). |
74
+
75
+ ## Events / callbacks
76
+
77
+ | Callback | Fires when |
78
+ |----------|-----------|
79
+ | `onSubmitted(result)` | A bug was successfully submitted (`result` includes the dashboard URL). |
80
+ | `onError(error)` | Submission or capture failed. |
81
+ | `onSubmitPayload(payload)` | Before submit — inspect/augment the outgoing payload. |
82
+
83
+ ## Privacy / captured data
84
+
85
+ The widget captures only what the reporter triggers: feedback text,
86
+ annotations, an optional screenshot, and page context (URL, viewport, user
87
+ agent). Screenshots are optional. Provide a `user` only if you want to
88
+ attribute reports.
89
+
90
+ ## Diagnostics (console & network capture)
91
+
92
+ Optionally attach in-page diagnostics — console logs, runtime errors, and
93
+ fetch/XHR network activity — so a bug report carries the context an engineer
94
+ needs. **Off by default**; nothing is instrumented until you opt in.
95
+
96
+ ```tsx
97
+ <BugPortWidget
98
+ projectKey="bp_pub_xxxxx"
99
+ diagnostics={{
100
+ enabled: true,
101
+ console: true,
102
+ runtimeErrors: true,
103
+ network: true, // fetch + XHR
104
+ requestBodies: false, // bodies are off by default (privacy)
105
+ responseBodies: false,
106
+ userControlled: true, // show end-user attach toggles in the report form
107
+ deniedUrls: [/\/auth\//, 'https://api.stripe.com'],
108
+ }}
109
+ />
110
+ ```
111
+
112
+ Privacy safeguards: request/response bodies are **opt-in**; common secrets
113
+ (auth headers, tokens, password-like values) are **redacted** by default
114
+ (`redactHeaders` / `redactPatterns` extend this); `allowedUrls` / `deniedUrls`
115
+ scope what network traffic is captured; and `userControlled` lets the reporter
116
+ decide what to attach. Buffer sizes are bounded via the `max*Events` options.
117
+
118
+ The collector lifecycle is managed for you — instrumentation installs on mount
119
+ and is fully removed on unmount. Lower-level helpers (`DiagnosticsCollector`,
120
+ `buildDiagnosticsPayload`, the `redact*` utilities) are also exported for
121
+ advanced use.
122
+
123
+ ## Accessibility
124
+
125
+ **WCAG picker.** The report form includes a collapsed, optional "Accessibility
126
+ (WCAG)" section where reporters can tag a bug with a WCAG 2.2 success
127
+ criterion and conformance level. Level A and AA criteria are listed (grouped
128
+ by POUR principle); AAA or future criteria can be entered via the free-text
129
+ "Other criterion" option. The picked values are submitted as
130
+ `wcagCriterion` / `wcagLevel`.
131
+
132
+ **Staff page scan.** When `user.role` is one of `qa`, `qa_tester`, `staff`,
133
+ `admin`, `owner`, or `internal` (case-insensitive) and a `projectId` is
134
+ configured, the panel shows a staff-only "Scan this page" action that runs an
135
+ axe-core accessibility check of the live page and files the findings to
136
+ BugPort. Notes:
137
+
138
+ - The role hint is a **UX gate only** — it is spoofable by design and is never
139
+ sent to the server. The API authenticates with the widget key and enforces a
140
+ rate limit of 10 scans per hour per key regardless of role.
141
+ - axe-core is **not** in the widget's base bundle. It is declared as a regular
142
+ dependency and loaded through a dynamic `import("axe-core")` only when a
143
+ staff user activates the scan, so your bundler emits it as a separate lazy
144
+ chunk that end users never download.
145
+
146
+ ## Troubleshooting
147
+
148
+ - **Submissions rejected (403/origin)** → add your site origin to the widget
149
+ key's allowed origins.
150
+ - **Requests 404** → check `apiBaseUrl`; it must resolve to a BugPort API base
151
+ ending in `/v1`.
152
+ - **Nothing renders** → ensure React 18+ is installed (peer dependency) and the
153
+ component is mounted client-side.
154
+
155
+ ## License
156
+
157
+ MIT © BugPort. See [LICENSE](./LICENSE).