@bugspotter/sdk 0.3.1 → 1.1.0

package/dist/index.js

@@ -313,3 +313,5 @@ function sanitize(text) {
     });
     return sanitizer.sanitize(text);
 }
+// Default export for convenience
+exports.default = BugSpotter;

package/dist/utils/config-validator.js

@@ -6,6 +6,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.validateAuthConfig = validateAuthConfig;
 exports.validateDeduplicationConfig = validateDeduplicationConfig;
+const url_helpers_1 = require("./url-helpers");
 /**
  * Validate authentication configuration
  * @throws Error if configuration is invalid
@@ -14,6 +15,11 @@ function validateAuthConfig(context) {
     if (!context.endpoint) {
         throw new Error('No endpoint configured for bug report submission');
     }
+    // SECURITY: Ensure endpoint uses HTTPS
+    // This prevents credentials and sensitive data from being sent over plain HTTP
+    if (!(0, url_helpers_1.isSecureEndpoint)(context.endpoint)) {
+        throw new url_helpers_1.InsecureEndpointError(context.endpoint);
+    }
     if (!context.auth) {
         throw new Error('API key authentication is required');
     }

package/dist/utils/sanitize-patterns.d.ts

@@ -1,42 +1,9 @@
 /**
  * PII Pattern Definitions
- * Configurable regex patterns for detecting sensitive data (PII + credentials)
+ * Re-exports from @bugspotter/common + SDK-specific extensions
  */
-export type PIIPatternName = 'email' | 'phone' | 'creditcard' | 'ssn' | 'iin' | 'ip' | 'apikey' | 'token' | 'password';
-/**
- * Pattern definition with metadata
- */
-export interface PatternDefinition {
-    /** Pattern name/identifier */
-    name: PIIPatternName;
-    /** Regular expression for detection */
-    regex: RegExp;
-    /** Human-readable description */
-    description: string;
-    /** Examples of data this pattern matches */
-    examples: string[];
-    /** Priority order (lower = higher priority, checked first) */
-    priority: number;
-}
-/**
- * Default built-in patterns
- */
-export declare const DEFAULT_PATTERNS: Record<PIIPatternName, PatternDefinition>;
-/**
- * Pattern categories for grouping
- */
-export declare const PATTERN_CATEGORIES: {
-    readonly financial: PIIPatternName[];
-    readonly contact: PIIPatternName[];
-    readonly identification: PIIPatternName[];
-    readonly network: PIIPatternName[];
-    readonly credentials: PIIPatternName[];
-    readonly kazakhstan: PIIPatternName[];
-};
-/**
- * Get patterns sorted by priority
- */
-export declare function getPatternsByPriority(patterns: PatternDefinition[]): PatternDefinition[];
+export { type PIIPatternName, type PatternDefinition, type PatternPresetName, DEFAULT_PATTERNS, PATTERN_CATEGORIES, PATTERN_PRESETS, getAllPatternNames, getPatternsByPriority, getPatternsByPreset, createPatternConfig, validatePattern, } from '@bugspotter/common';
+import { type PIIPatternName, type PatternDefinition, PATTERN_CATEGORIES } from '@bugspotter/common';
 /**
  * Get pattern by name
  */
@@ -45,10 +12,6 @@ export declare function getPattern(name: PIIPatternName): PatternDefinition;
  * Get patterns by category
  */
 export declare function getPatternsByCategory(category: keyof typeof PATTERN_CATEGORIES): PatternDefinition[];
-/**
- * Get all pattern names
- */
-export declare function getAllPatternNames(): PIIPatternName[];
 /**
  * Custom pattern builder for advanced use cases
  */
@@ -61,42 +24,6 @@ export declare class PatternBuilder {
     priority(priority: number): this;
     build(): PatternDefinition;
 }
-/**
- * Pre-configured pattern sets for common use cases
- */
-export declare const PATTERN_PRESETS: {
-    /** All patterns enabled (PII + credentials) - default */
-    readonly all: PIIPatternName[];
-    /** Minimal - only most critical PII */
-    readonly minimal: PIIPatternName[];
-    /** Financial data only */
-    readonly financial: PIIPatternName[];
-    /** Contact information only */
-    readonly contact: PIIPatternName[];
-    /** Identification numbers only */
-    readonly identification: PIIPatternName[];
-    /** Credentials and secrets only */
-    readonly credentials: PIIPatternName[];
-    /** Kazakhstan-specific patterns */
-    readonly kazakhstan: PIIPatternName[];
-    /** GDPR compliance recommended set */
-    readonly gdpr: PIIPatternName[];
-    /** PCI DSS compliance required */
-    readonly pci: PIIPatternName[];
-    /** Security-focused: PII + credentials */
-    readonly security: PIIPatternName[];
-};
-/**
- * Create custom pattern configuration
- */
-export declare function createPatternConfig(preset: keyof typeof PATTERN_PRESETS | PIIPatternName[]): PatternDefinition[];
-/**
- * Validate pattern regex
- */
-export declare function validatePattern(pattern: PatternDefinition): {
-    valid: boolean;
-    errors: string[];
-};
 /**
  * Merge pattern configurations
  */

package/dist/utils/sanitize-patterns.js

@@ -1,156 +1,39 @@
 "use strict";
 /**
  * PII Pattern Definitions
- * Configurable regex patterns for detecting sensitive data (PII + credentials)
+ * Re-exports from @bugspotter/common + SDK-specific extensions
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.PATTERN_PRESETS = exports.PatternBuilder = exports.PATTERN_CATEGORIES = exports.DEFAULT_PATTERNS = void 0;
-exports.getPatternsByPriority = getPatternsByPriority;
+exports.PatternBuilder = exports.validatePattern = exports.createPatternConfig = exports.getPatternsByPreset = exports.getPatternsByPriority = exports.getAllPatternNames = exports.PATTERN_PRESETS = exports.PATTERN_CATEGORIES = exports.DEFAULT_PATTERNS = void 0;
 exports.getPattern = getPattern;
 exports.getPatternsByCategory = getPatternsByCategory;
-exports.getAllPatternNames = getAllPatternNames;
-exports.createPatternConfig = createPatternConfig;
-exports.validatePattern = validatePattern;
 exports.mergePatternConfigs = mergePatternConfigs;
-/**
- * Default built-in patterns
- */
-exports.DEFAULT_PATTERNS = {
-    email: {
-        name: 'email',
-        regex: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g,
-        description: 'Email addresses',
-        examples: [
-            'user@example.com',
-            'john.doe+tag@company.co.uk',
-            'test_user@sub.domain.com',
-        ],
-        priority: 1, // Highest priority - most specific
-    },
-    creditcard: {
-        name: 'creditcard',
-        regex: /\b(?:\d{4}[-\s]){3}\d{4}\b|\b\d{4}[-\s]\d{6}[-\s]\d{5}\b|\b\d{13,19}\b/g,
-        description: 'Credit card numbers (Visa, MC, Amex, Discover, etc.)',
-        examples: [
-            '4532-1488-0343-6467',
-            '4532148803436467',
-            '5425 2334 3010 9903',
-            '3782 822463 10005',
-        ],
-        priority: 2,
-    },
-    ssn: {
-        name: 'ssn',
-        regex: /\b\d{3}-\d{2}-\d{4}\b|\b(?<!\d)\d{9}(?!\d)\b/g,
-        description: 'US Social Security Numbers',
-        examples: ['123-45-6789', '987654321'],
-        priority: 3,
-    },
-    iin: {
-        name: 'iin',
-        regex: /\b[0-9]{2}(?:0[1-9]|1[0-2])(?:0[1-9]|[12][0-9]|3[01])\d{6}\b/g,
-        description: 'Kazakhstan IIN/BIN (12 digits with date validation)',
-        examples: ['950315300123', '880612500456', '021225123456'],
-        priority: 4,
-    },
-    ip: {
-        name: 'ip',
-        regex: /\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b|(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b/g,
-        description: 'IPv4 and IPv6 addresses',
-        examples: [
-            '192.168.1.100',
-            '127.0.0.1',
-            '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
-        ],
-        priority: 5,
-    },
-    phone: {
-        name: 'phone',
-        regex: /\+\d{1,3}[-.\s]\d{3}[-.\s]\d{4}\b|\+\d{1,3}[-.\s]\d{3}[-.\s]\d{3}[-.\s]\d{4}\b|\(\d{3}\)\s*\d{3}[-.\s]\d{4}\b|\b\d{3}[-.\s]\d{3}[-.\s]\d{4}\b/g,
-        description: 'International phone numbers',
-        examples: [
-            '+1-555-1234',
-            '+1-555-123-4567',
-            '(555) 123-4567',
-            '555-123-4567',
-            '+7 777 123 4567',
-        ],
-        priority: 6,
-    },
-    apikey: {
-        name: 'apikey',
-        regex: /\b(?:sk|pk)_(?:live|test)_[a-zA-Z0-9]{24,}\b|AIza[a-zA-Z0-9_-]{35}|ya29\.[a-zA-Z0-9_-]+|AKIA[a-zA-Z0-9]{16}\b/g,
-        description: 'API keys (Stripe, Google, AWS, etc.)',
-        examples: [
-            'sk_live_abc123def456ghi789jkl',
-            'pk_test_xyz789abc123def456',
-            'AIzaSyD1234567890abcdefghijklmnopqrst',
-            'AKIAIOSFODNN7EXAMPLE',
-        ],
-        priority: 7,
-    },
-    token: {
-        name: 'token',
-        regex: /\b(?:Bearer\s+)?[a-zA-Z0-9_-]{32,}\b|ghp_[a-zA-Z0-9]{36}|gho_[a-zA-Z0-9]{36}|github_pat_[a-zA-Z0-9_]{82}/g,
-        description: 'Authentication tokens (Bearer, GitHub, JWT-like)',
-        examples: [
-            'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9',
-            'ghp_abc123def456ghi789jkl012mno345pqr',
-            'gho_xyz789abc123def456ghi789jkl012mno',
-        ],
-        priority: 8,
-    },
-    password: {
-        name: 'password',
-        regex: /(?:password|passwd|pwd)[\s:=]+[^\s]{6,}|(?:password|passwd|pwd)["']?\s*[:=]\s*["']?[^\s"']{6,}/gi,
-        description: 'Password fields in text (password=..., pwd:...)',
-        examples: [
-            'password: MySecret123!',
-            'passwd=SecurePass456',
-            'pwd: "MyP@ssw0rd"',
-        ],
-        priority: 9,
-    },
-};
-/**
- * Pattern categories for grouping
- */
-exports.PATTERN_CATEGORIES = {
-    financial: ['creditcard', 'ssn'],
-    contact: ['email', 'phone'],
-    identification: ['ssn', 'iin'],
-    network: ['ip', 'email'],
-    credentials: ['apikey', 'token', 'password'],
-    kazakhstan: ['iin'],
-};
-/**
- * Get patterns sorted by priority
- */
-function getPatternsByPriority(patterns) {
-    return [...patterns].sort((a, b) => {
-        return a.priority - b.priority;
-    });
-}
+// Re-export everything from @bugspotter/common
+var common_1 = require("@bugspotter/common");
+Object.defineProperty(exports, "DEFAULT_PATTERNS", { enumerable: true, get: function () { return common_1.DEFAULT_PATTERNS; } });
+Object.defineProperty(exports, "PATTERN_CATEGORIES", { enumerable: true, get: function () { return common_1.PATTERN_CATEGORIES; } });
+Object.defineProperty(exports, "PATTERN_PRESETS", { enumerable: true, get: function () { return common_1.PATTERN_PRESETS; } });
+Object.defineProperty(exports, "getAllPatternNames", { enumerable: true, get: function () { return common_1.getAllPatternNames; } });
+Object.defineProperty(exports, "getPatternsByPriority", { enumerable: true, get: function () { return common_1.getPatternsByPriority; } });
+Object.defineProperty(exports, "getPatternsByPreset", { enumerable: true, get: function () { return common_1.getPatternsByPreset; } });
+Object.defineProperty(exports, "createPatternConfig", { enumerable: true, get: function () { return common_1.createPatternConfig; } });
+Object.defineProperty(exports, "validatePattern", { enumerable: true, get: function () { return common_1.validatePattern; } });
+const common_2 = require("@bugspotter/common");
+// SDK-specific extensions
 /**
  * Get pattern by name
  */
 function getPattern(name) {
-    return exports.DEFAULT_PATTERNS[name];
+    return common_2.DEFAULT_PATTERNS[name];
 }
 /**
  * Get patterns by category
  */
 function getPatternsByCategory(category) {
-    return exports.PATTERN_CATEGORIES[category].map((name) => {
-        return exports.DEFAULT_PATTERNS[name];
+    return common_2.PATTERN_CATEGORIES[category].map((name) => {
+        return common_2.DEFAULT_PATTERNS[name];
     });
 }
-/**
- * Get all pattern names
- */
-function getAllPatternNames() {
-    return Object.keys(exports.DEFAULT_PATTERNS);
-}
 /**
  * Custom pattern builder for advanced use cases
  */
@@ -163,7 +46,6 @@ class PatternBuilder {
         return this;
     }
     regex(regex) {
-        // Ensure global flag
         if (!regex.global) {
             const flags = regex.flags.includes('g') ? regex.flags : regex.flags + 'g';
             this.pattern.regex = new RegExp(regex.source, flags);
@@ -200,85 +82,6 @@ class PatternBuilder {
     }
 }
 exports.PatternBuilder = PatternBuilder;
-/**
- * Pre-configured pattern sets for common use cases
- */
-exports.PATTERN_PRESETS = {
-    /** All patterns enabled (PII + credentials) - default */
-    all: getAllPatternNames(),
-    /** Minimal - only most critical PII */
-    minimal: ['email', 'creditcard', 'ssn'],
-    /** Financial data only */
-    financial: exports.PATTERN_CATEGORIES.financial,
-    /** Contact information only */
-    contact: exports.PATTERN_CATEGORIES.contact,
-    /** Identification numbers only */
-    identification: exports.PATTERN_CATEGORIES.identification,
-    /** Credentials and secrets only */
-    credentials: exports.PATTERN_CATEGORIES.credentials,
-    /** Kazakhstan-specific patterns */
-    kazakhstan: ['email', 'phone', 'iin'],
-    /** GDPR compliance recommended set */
-    gdpr: ['email', 'phone', 'ip'],
-    /** PCI DSS compliance required */
-    pci: ['creditcard'],
-    /** Security-focused: PII + credentials */
-    security: [
-        'email',
-        'phone',
-        'creditcard',
-        'ssn',
-        'apikey',
-        'token',
-        'password',
-    ],
-};
-/**
- * Create custom pattern configuration
- */
-function createPatternConfig(preset) {
-    const names = typeof preset === 'string' ? exports.PATTERN_PRESETS[preset] : preset;
-    return names.map((name) => {
-        return exports.DEFAULT_PATTERNS[name];
-    });
-}
-/**
- * Validate pattern regex
- */
-function validatePattern(pattern) {
-    const errors = [];
-    if (!pattern.name) {
-        errors.push('Pattern must have a name');
-    }
-    if (!pattern.regex) {
-        errors.push('Pattern must have a regex');
-    }
-    else {
-        if (!pattern.regex.global) {
-            errors.push('Pattern regex must have global flag');
-        }
-        // Test regex doesn't cause catastrophic backtracking
-        try {
-            const testString = 'a'.repeat(1000);
-            const start = Date.now();
-            testString.match(pattern.regex);
-            const duration = Date.now() - start;
-            if (duration > 100) {
-                errors.push(`Pattern regex may cause performance issues (took ${duration}ms on test)`);
-            }
-        }
-        catch (error) {
-            errors.push(`Pattern regex error: ${error.message}`);
-        }
-    }
-    if (pattern.priority < 0) {
-        errors.push('Pattern priority must be non-negative');
-    }
-    return {
-        valid: errors.length === 0,
-        errors,
-    };
-}
 /**
  * Merge pattern configurations
  */
@@ -286,9 +89,8 @@ function mergePatternConfigs(...configs) {
     const merged = new Map();
     configs.forEach((config) => {
         config.forEach((pattern) => {
-            // Later configs override earlier ones
             merged.set(pattern.name, pattern);
         });
     });
-    return getPatternsByPriority([...merged.values()]);
+    return (0, common_2.getPatternsByPriority)([...merged.values()]);
 }

package/dist/utils/url-helpers.d.ts

@@ -1,28 +1,5 @@
 /**
  * URL Helper Utilities
- * Extract base API URL from endpoint configuration
+ * Re-exports from @bugspotter/common
  */
-/**
- * Custom error for invalid endpoint URLs
- */
-export declare class InvalidEndpointError extends Error {
-    readonly endpoint: string;
-    readonly reason: string;
-    constructor(endpoint: string, reason: string);
-}
-/**
- * Strip known endpoint suffixes from path
- * Removes /api/v1/reports path
- */
-export declare function stripEndpointSuffix(path: string): string;
-/**
- * Extract base API URL from endpoint
- * Returns scheme + host + base path (without /api/v1/reports suffix)
- *
- * @example
- * getApiBaseUrl('https://api.example.com/api/v1/reports')
- * // Returns: 'https://api.example.com'
- *
- * @throws InvalidEndpointError if endpoint is not a valid absolute URL
- */
-export declare function getApiBaseUrl(endpoint: string): string;
+export { InvalidEndpointError, InsecureEndpointError, stripEndpointSuffix, getApiBaseUrl, isSecureEndpoint, } from '@bugspotter/common';

package/dist/utils/url-helpers.js

@@ -1,64 +1,13 @@
 "use strict";
-/**
- * URL Helper Utilities
- * Extract base API URL from endpoint configuration
- */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InvalidEndpointError = void 0;
-exports.stripEndpointSuffix = stripEndpointSuffix;
-exports.getApiBaseUrl = getApiBaseUrl;
-const logger_1 = require("./logger");
-const logger = (0, logger_1.getLogger)();
-/**
- * Custom error for invalid endpoint URLs
- */
-class InvalidEndpointError extends Error {
-    constructor(endpoint, reason) {
-        super(`Invalid endpoint URL: ${endpoint}. ${reason}`);
-        this.endpoint = endpoint;
-        this.reason = reason;
-        this.name = 'InvalidEndpointError';
-    }
-}
-exports.InvalidEndpointError = InvalidEndpointError;
+exports.isSecureEndpoint = exports.getApiBaseUrl = exports.stripEndpointSuffix = exports.InsecureEndpointError = exports.InvalidEndpointError = void 0;
 /**
- * Strip known endpoint suffixes from path
- * Removes /api/v1/reports path
- */
-function stripEndpointSuffix(path) {
-    // Use lastIndexOf to handle paths like '/prefix/api/v1/reports'
-    const reportsIndex = path.lastIndexOf('/api/v1/reports');
-    if (reportsIndex !== -1) {
-        return path.substring(0, reportsIndex);
-    }
-    // Remove trailing slash
-    return path.replace(/\/$/, '') || '';
-}
-/**
- * Extract base API URL from endpoint
- * Returns scheme + host + base path (without /api/v1/reports suffix)
- *
- * @example
- * getApiBaseUrl('https://api.example.com/api/v1/reports')
- * // Returns: 'https://api.example.com'
- *
- * @throws InvalidEndpointError if endpoint is not a valid absolute URL
- */
-function getApiBaseUrl(endpoint) {
-    if (!endpoint) {
-        throw new InvalidEndpointError('', 'No endpoint configured');
-    }
-    try {
-        const url = new URL(endpoint);
-        const basePath = stripEndpointSuffix(url.pathname);
-        return url.origin + basePath;
-    }
-    catch (error) {
-        const errorMessage = error instanceof Error ? error.message : String(error);
-        logger.error('Invalid endpoint URL - must be a valid absolute URL', {
-            endpoint,
-            error: errorMessage,
-        });
-        throw new InvalidEndpointError(endpoint, 'Must be a valid absolute URL (e.g., https://api.example.com/api/v1/reports)');
-    }
-}
+ * URL Helper Utilities
+ * Re-exports from @bugspotter/common
+ */
+var common_1 = require("@bugspotter/common");
+Object.defineProperty(exports, "InvalidEndpointError", { enumerable: true, get: function () { return common_1.InvalidEndpointError; } });
+Object.defineProperty(exports, "InsecureEndpointError", { enumerable: true, get: function () { return common_1.InsecureEndpointError; } });
+Object.defineProperty(exports, "stripEndpointSuffix", { enumerable: true, get: function () { return common_1.stripEndpointSuffix; } });
+Object.defineProperty(exports, "getApiBaseUrl", { enumerable: true, get: function () { return common_1.getApiBaseUrl; } });
+Object.defineProperty(exports, "isSecureEndpoint", { enumerable: true, get: function () { return common_1.isSecureEndpoint; } });

package/dist/version.d.ts

@@ -5,4 +5,4 @@
  * This file is automatically generated during the build process.
  * To update the version, modify package.json
  */
-export declare const VERSION = "0.3.1";
+export declare const VERSION = "1.1.0";

package/dist/version.js

@@ -8,4 +8,4 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = void 0;
-exports.VERSION = '0.3.1';
+exports.VERSION = '1.1.0';

package/dist/widget/button.d.ts

@@ -21,6 +21,16 @@ export declare class FloatingButton {
     private eventHandlers;
     constructor(options?: FloatingButtonOptions);
     private createButton;
+    /**
+     * Safely inject HTML content by parsing and validating SVG elements
+     * Prevents XSS attacks by only allowing safe SVG elements and attributes
+     */
+    private setSafeHTMLContent;
+    /**
+     * Recursively sanitize SVG elements by removing dangerous tags and attributes
+     * Uses whitelists to ensure only safe SVG content is preserved
+     */
+    private sanitizeSVGElement;
     private getButtonStyles;
     private getPositionStyles;
     private handleMouseEnter;