@bugspotter/sdk 1.1.0 → 2.0.5

package/dist/core/bug-reporter.js

@@ -137,7 +137,7 @@ class BugReporter {
         var _a;
         (0, config_validator_1.validateAuthConfig)({
             endpoint: this.config.endpoint,
-            auth: this.config.auth,
+            apiKey: this.config.apiKey,
         });
         const dedupContext = createDeduplicationContext(payload);
         if (this.deduplicator.isDuplicate(dedupContext.title, dedupContext.description, dedupContext.errorStacks)) {
@@ -165,8 +165,10 @@ class BugReporter {
                 network: report.network,
                 metadata: report.metadata,
             }, hasScreenshot: fileAnalysis.hasScreenshot, hasReplay: fileAnalysis.hasReplay });
-        const response = await (0, transport_1.submitWithAuth)(this.config.endpoint, JSON.stringify(createPayload), { 'Content-Type': 'application/json' }, {
-            auth: this.config.auth,
+        const apiBaseUrl = (0, url_helpers_1.getApiBaseUrl)(this.config.endpoint);
+        const submitUrl = `${apiBaseUrl}/api/v1/reports`;
+        const response = await (0, transport_1.submitWithAuth)(submitUrl, JSON.stringify(createPayload), { 'Content-Type': 'application/json' }, {
+            auth: { apiKey: this.config.apiKey },
             retry: this.config.retry,
             offline: this.config.offline,
         });
@@ -218,7 +220,7 @@ class BugReporter {
             throw new Error('Server did not provide presigned URLs for file uploads. Check backend configuration.');
         }
         const apiEndpoint = (0, url_helpers_1.getApiBaseUrl)(this.config.endpoint);
-        const uploadHandler = new file_upload_handler_1.FileUploadHandler(apiEndpoint, this.config.auth.apiKey);
+        const uploadHandler = new file_upload_handler_1.FileUploadHandler(apiEndpoint, this.config.apiKey);
         try {
             await uploadHandler.uploadFiles(bugId, report, bugReportData.presignedUrls);
             logger.debug('File uploads completed successfully', { bugId });

package/dist/core/transport.d.ts

@@ -16,12 +16,11 @@ export declare class AuthenticationError extends Error {
     constructor(message: string);
 }
 /**
- * Authentication configuration - API key only
+ * Authentication configuration - API key only.
+ * The API key is scoped to specific projects server-side.
  */
 export type AuthConfig = {
-    type: 'api-key';
     apiKey: string;
-    projectId: string;
 };
 export interface RetryConfig {
     /** Maximum number of retry attempts (default: 3) */

package/dist/core/uploader.d.ts

@@ -5,7 +5,6 @@
 export interface DirectUploadConfig {
     apiEndpoint: string;
     apiKey: string;
-    projectId: string;
     bugId: string;
 }
 export interface UploadProgress {

package/dist/core/uploader.js

@@ -97,7 +97,6 @@ class DirectUploader {
                     'x-api-key': this.config.apiKey,
                 },
                 body: JSON.stringify({
-                    projectId: this.config.projectId,
                     bugId: this.config.bugId,
                     fileType,
                     filename,

package/dist/index.d.ts

@@ -1,7 +1,7 @@
 import type { BrowserMetadata } from './capture/metadata';
 import { type FloatingButtonOptions } from './widget/button';
 import type { eventWithTime } from '@rrweb/types';
-import type { AuthConfig, RetryConfig } from './core/transport';
+import type { RetryConfig } from './core/transport';
 import type { OfflineConfig } from './core/offline-queue';
 import { VERSION } from './version';
 import { type DeduplicationConfig } from './utils/deduplicator';
@@ -39,14 +39,12 @@ export declare class BugSpotter {
     destroy(): void;
 }
 export interface BugSpotterConfig {
+    /** Base URL of BugSpotter API (e.g., https://api.example.com). SDK appends paths internally. */
     endpoint?: string;
+    /** API key for authentication (starts with 'bgs_'). Required. */
+    apiKey: string;
     showWidget?: boolean;
     widgetOptions?: FloatingButtonOptions;
-    /**
-     * Authentication configuration (required)
-     * API key authentication with project ID
-     */
-    auth: AuthConfig;
     /** Retry configuration for failed requests */
     retry?: RetryConfig;
     /** Offline queue configuration */
@@ -133,7 +131,7 @@ export { CircularBuffer } from './core/buffer';
 export type { CircularBufferConfig } from './core/buffer';
 export { compressData, decompressData, compressImage, estimateSize, getCompressionRatio, } from './core/compress';
 export { submitWithAuth, getAuthHeaders, clearOfflineQueue, } from './core/transport';
-export type { AuthConfig, TransportOptions, RetryConfig, } from './core/transport';
+export type { TransportOptions, RetryConfig } from './core/transport';
 export type { OfflineConfig } from './core/offline-queue';
 export type { Logger, LogLevel, LoggerConfig } from './utils/logger';
 export { getLogger, configureLogger, createLogger } from './utils/logger';

package/dist/index.esm.js

@@ -2944,14 +2944,14 @@ const MAX_RECOMMENDED_REPLAY_DURATION_SECONDS = 30;
  * This file is automatically generated during the build process.
  * To update the version, modify package.json
  */
-const VERSION = '1.1.0';
+const VERSION = '2.0.5';
 
 /**
  * Configuration Validation Utilities
  * Validates BugSpotter configuration before use
  */
 /**
- * Validate authentication configuration
+ * Validate configuration before submitting a bug report
  * @throws Error if configuration is invalid
  */
 function validateAuthConfig(context) {
@@ -2959,21 +2959,11 @@ function validateAuthConfig(context) {
         throw new Error('No endpoint configured for bug report submission');
     }
     // SECURITY: Ensure endpoint uses HTTPS
-    // This prevents credentials and sensitive data from being sent over plain HTTP
     if (!isSecureEndpoint(context.endpoint)) {
         throw new InsecureEndpointError(context.endpoint);
     }
-    if (!context.auth) {
-        throw new Error('API key authentication is required');
-    }
-    if (context.auth.type !== 'api-key') {
-        throw new Error('API key authentication is required');
-    }
-    if (!context.auth.apiKey) {
-        throw new Error('API key is required in auth configuration');
-    }
-    if (!context.auth.projectId) {
-        throw new Error('Project ID is required in auth configuration');
+    if (!context.apiKey) {
+        throw new Error('API key is required');
     }
 }
 /**
@@ -16748,7 +16738,7 @@ class BugReporter {
         var _a;
         validateAuthConfig({
             endpoint: this.config.endpoint,
-            auth: this.config.auth,
+            apiKey: this.config.apiKey,
         });
         const dedupContext = createDeduplicationContext(payload);
         if (this.deduplicator.isDuplicate(dedupContext.title, dedupContext.description, dedupContext.errorStacks)) {
@@ -16777,8 +16767,10 @@ class BugReporter {
                     network: report.network,
                     metadata: report.metadata,
                 }, hasScreenshot: fileAnalysis.hasScreenshot, hasReplay: fileAnalysis.hasReplay });
-            const response = yield submitWithAuth(this.config.endpoint, JSON.stringify(createPayload), { 'Content-Type': 'application/json' }, {
-                auth: this.config.auth,
+            const apiBaseUrl = getApiBaseUrl(this.config.endpoint);
+            const submitUrl = `${apiBaseUrl}/api/v1/reports`;
+            const response = yield submitWithAuth(submitUrl, JSON.stringify(createPayload), { 'Content-Type': 'application/json' }, {
+                auth: { apiKey: this.config.apiKey },
                 retry: this.config.retry,
                 offline: this.config.offline,
             });
@@ -16832,7 +16824,7 @@ class BugReporter {
                 throw new Error('Server did not provide presigned URLs for file uploads. Check backend configuration.');
             }
             const apiEndpoint = getApiBaseUrl(this.config.endpoint);
-            const uploadHandler = new FileUploadHandler(apiEndpoint, this.config.auth.apiKey);
+            const uploadHandler = new FileUploadHandler(apiEndpoint, this.config.apiKey);
             try {
                 yield uploadHandler.uploadFiles(bugId, report, bugReportData.presignedUrls);
                 logger$1.debug('File uploads completed successfully', { bugId });
@@ -16960,7 +16952,6 @@ class DirectUploader {
                         'x-api-key': this.config.apiKey,
                     },
                     body: JSON.stringify({
-                        projectId: this.config.projectId,
                         bugId: this.config.bugId,
                         fileType,
                         filename,
@@ -17290,17 +17281,20 @@ class BugSpotter {
      */
     static createInstance(config) {
         return __awaiter$1(this, void 0, void 0, function* () {
-            var _a, _b, _c;
+            var _a, _b;
             // Fetch replay quality settings from backend if replay is enabled
             let backendSettings = null;
             const replayEnabled = (_b = (_a = config.replay) === null || _a === void 0 ? void 0 : _a.enabled) !== null && _b !== void 0 ? _b : true;
             if (replayEnabled && config.endpoint) {
-                // Validate auth is configured before attempting fetch
-                if (!((_c = config.auth) === null || _c === void 0 ? void 0 : _c.apiKey)) {
+                // SECURITY: Don't send API key over insecure connection
+                if (!isSecureEndpoint(config.endpoint)) {
+                    logger.warn('Insecure endpoint — skipping backend settings fetch to protect API key.');
+                }
+                else if (!config.apiKey) {
                     logger.warn('Endpoint provided but no API key configured. Skipping backend settings fetch.');
                 }
                 else {
-                    backendSettings = yield fetchReplaySettings(config.endpoint, config.auth.apiKey);
+                    backendSettings = yield fetchReplaySettings(config.endpoint, config.apiKey);
                 }
             }
             // Merge backend settings with user config (user config takes precedence)