@bugspotter/sdk 2.0.0 → 2.1.0

package/dist/index.js

@@ -91,13 +91,20 @@ async function fetchReplaySettings(endpoint, apiKey) {
     }
 }
 class BugSpotter {
-    constructor(config) {
+    constructor(config, sampled = true) {
         var _a, _b, _c, _d, _e, _f;
         // Validate deduplication configuration if provided
         if (config.deduplication) {
             (0, config_validator_1.validateDeduplicationConfig)(config.deduplication);
         }
         this.config = config;
+        this._sampled = sampled;
+        this.bugReporter = new bug_reporter_1.BugReporter(config);
+        // If not sampled, skip all capture initialization — true zero overhead
+        // No console/network interception, no DOM recording, no widget
+        if (!sampled) {
+            return;
+        }
         // Initialize sanitizer (enabled by default)
         const sanitizeEnabled = (_b = (_a = config.sanitize) === null || _a === void 0 ? void 0 : _a.enabled) !== null && _b !== void 0 ? _b : true;
         if (sanitizeEnabled) {
@@ -110,8 +117,6 @@ class BugSpotter {
         }
         // Initialize capture manager
         this.captureManager = new capture_manager_1.CaptureManager(Object.assign(Object.assign({ sanitizer: this.sanitizer }, (config.endpoint && { apiEndpoint: (0, url_helpers_1.getApiBaseUrl)(config.endpoint) })), { replay: config.replay }));
-        // Initialize bug reporter
-        this.bugReporter = new bug_reporter_1.BugReporter(config);
         // Initialize widget (enabled by default)
         const widgetEnabled = (_f = config.showWidget) !== null && _f !== void 0 ? _f : true;
         if (widgetEnabled) {
@@ -149,17 +154,33 @@ class BugSpotter {
      * Fetches replay settings from backend before initialization
      */
     static async createInstance(config) {
-        var _a, _b, _c;
+        var _a, _b;
+        // Check sampling rate — if this session is not sampled, disable all capture
+        if (config.sampleRate !== undefined) {
+            if (typeof config.sampleRate !== 'number' ||
+                !Number.isFinite(config.sampleRate) ||
+                config.sampleRate < 0 ||
+                config.sampleRate > 1) {
+                throw new Error('sampleRate must be a finite number between 0 and 1');
+            }
+            if (Math.random() >= config.sampleRate) {
+                // Create a lightweight no-op instance — zero overhead (no console/network interception)
+                return new BugSpotter(config, /* sampled */ false);
+            }
+        }
         // Fetch replay quality settings from backend if replay is enabled
         let backendSettings = null;
         const replayEnabled = (_b = (_a = config.replay) === null || _a === void 0 ? void 0 : _a.enabled) !== null && _b !== void 0 ? _b : true;
         if (replayEnabled && config.endpoint) {
-            // Validate auth is configured before attempting fetch
-            if (!((_c = config.auth) === null || _c === void 0 ? void 0 : _c.apiKey)) {
+            // SECURITY: Don't send API key over insecure connection
+            if (!(0, url_helpers_1.isSecureEndpoint)(config.endpoint)) {
+                logger.warn('Insecure endpoint — skipping backend settings fetch to protect API key.');
+            }
+            else if (!config.apiKey) {
                 logger.warn('Endpoint provided but no API key configured. Skipping backend settings fetch.');
             }
             else {
-                backendSettings = await fetchReplaySettings(config.endpoint, config.auth.apiKey);
+                backendSettings = await fetchReplaySettings(config.endpoint, config.apiKey);
             }
         }
         // Merge backend settings with user config (user config takes precedence)
@@ -174,7 +195,28 @@ class BugSpotter {
      * Note: Screenshot is captured for modal preview only (_screenshotPreview)
      * File uploads use presigned URLs returned from the backend
      */
+    /** Whether this session was sampled for capture */
+    get isSampled() {
+        return this._sampled;
+    }
     async capture() {
+        if (!this.captureManager) {
+            // Unsampled session — return minimal valid report
+            return {
+                console: [],
+                network: [],
+                metadata: {
+                    userAgent: typeof navigator !== 'undefined' ? navigator.userAgent : '',
+                    url: typeof window !== 'undefined' ? window.location.href : '',
+                    timestamp: Date.now(),
+                    viewport: typeof window !== 'undefined'
+                        ? { width: window.innerWidth, height: window.innerHeight }
+                        : { width: 0, height: 0 },
+                    browser: 'unknown',
+                    os: 'unknown',
+                },
+            };
+        }
         return await this.captureManager.captureAll();
     }
     async handleBugReport() {
@@ -213,9 +255,9 @@ class BugSpotter {
         return Object.assign({}, this.config);
     }
     destroy() {
-        var _a;
-        this.captureManager.destroy();
-        (_a = this.widget) === null || _a === void 0 ? void 0 : _a.destroy();
+        var _a, _b;
+        (_a = this.captureManager) === null || _a === void 0 ? void 0 : _a.destroy();
+        (_b = this.widget) === null || _b === void 0 ? void 0 : _b.destroy();
         this.bugReporter.destroy();
         BugSpotter.instance = undefined;
         BugSpotter.initPromise = undefined;

package/dist/utils/config-validator.d.ts

@@ -2,14 +2,13 @@
  * Configuration Validation Utilities
  * Validates BugSpotter configuration before use
  */
-import type { AuthConfig } from '../core/transport';
 import type { DeduplicationConfig } from './deduplicator';
 export interface ValidationContext {
     endpoint?: string;
-    auth?: AuthConfig;
+    apiKey?: string;
 }
 /**
- * Validate authentication configuration
+ * Validate configuration before submitting a bug report
  * @throws Error if configuration is invalid
  */
 export declare function validateAuthConfig(context: ValidationContext): void;

package/dist/utils/config-validator.js

@@ -8,7 +8,7 @@ exports.validateAuthConfig = validateAuthConfig;
 exports.validateDeduplicationConfig = validateDeduplicationConfig;
 const url_helpers_1 = require("./url-helpers");
 /**
- * Validate authentication configuration
+ * Validate configuration before submitting a bug report
  * @throws Error if configuration is invalid
  */
 function validateAuthConfig(context) {
@@ -16,15 +16,11 @@ function validateAuthConfig(context) {
         throw new Error('No endpoint configured for bug report submission');
     }
     // SECURITY: Ensure endpoint uses HTTPS
-    // This prevents credentials and sensitive data from being sent over plain HTTP
     if (!(0, url_helpers_1.isSecureEndpoint)(context.endpoint)) {
         throw new url_helpers_1.InsecureEndpointError(context.endpoint);
     }
-    if (!context.auth) {
-        throw new Error('API key authentication is required');
-    }
-    if (!context.auth.apiKey) {
-        throw new Error('API key is required in auth configuration');
+    if (!context.apiKey) {
+        throw new Error('API key is required');
     }
 }
 /**

package/dist/utils/sanitize.js

@@ -80,6 +80,7 @@ class StringSanitizer {
 class ValueSanitizer {
     constructor(stringSanitizer) {
         this.stringSanitizer = stringSanitizer;
+        this.seen = new WeakSet();
     }
     sanitize(value) {
         // Handle null/undefined
@@ -90,26 +91,40 @@ class ValueSanitizer {
         if (typeof value === 'string') {
             return this.stringSanitizer.sanitize(value);
         }
-        // Handle arrays
+        // Handle arrays (with circular reference protection)
         if (Array.isArray(value)) {
-            return value.map((item) => {
-                return this.sanitize(item);
-            });
+            if (this.seen.has(value))
+                return '[Circular]';
+            this.seen.add(value);
+            try {
+                return value.map((item) => this.sanitize(item));
+            }
+            finally {
+                this.seen.delete(value);
+            }
         }
-        // Handle objects
+        // Handle objects (with circular reference protection)
         if (typeof value === 'object') {
+            if (this.seen.has(value))
+                return '[Circular]';
             return this.sanitizeObject(value);
         }
         // Return primitives as-is
         return value;
     }
     sanitizeObject(obj) {
-        const sanitized = {};
-        for (const [key, val] of Object.entries(obj)) {
-            const sanitizedKey = this.stringSanitizer.sanitize(key);
-            sanitized[sanitizedKey] = this.sanitize(val);
+        this.seen.add(obj);
+        try {
+            const sanitized = {};
+            for (const [key, val] of Object.entries(obj)) {
+                const sanitizedKey = this.stringSanitizer.sanitize(key);
+                sanitized[sanitizedKey] = this.sanitize(val);
+            }
+            return sanitized;
+        }
+        finally {
+            this.seen.delete(obj);
         }
-        return sanitized;
     }
 }
 /**

package/dist/version.d.ts

@@ -5,4 +5,4 @@
  * This file is automatically generated during the build process.
  * To update the version, modify package.json
  */
-export declare const VERSION = "2.0.0";
+export declare const VERSION = "2.1.0";

package/dist/version.js

@@ -8,4 +8,4 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = void 0;
-exports.VERSION = '2.0.0';
+exports.VERSION = '2.1.0';

package/docs/CDN.md

@@ -140,7 +140,7 @@ If our primary CDN is unavailable, you can also use:
 Check available versions:
 
 - [npm package page](https://www.npmjs.com/package/@bugspotter/sdk?activeTab=versions)
-- [GitHub releases](https://github.com/apexbridge-tech/bugspotter/releases)
+- [GitHub releases](https://github.com/apex-bridge/bugspotter-sdk/releases)
 
 ## ⚙️ Configuration
 
@@ -208,6 +208,6 @@ If updates aren't showing:
 
 ## 🆘 Support
 
-- **Issues:** [GitHub Issues](https://github.com/apexbridge-tech/bugspotter/issues)
-- **Discussions:** [GitHub Discussions](https://github.com/apexbridge-tech/bugspotter/discussions)
+- **Issues:** [GitHub Issues](https://github.com/apex-bridge/bugspotter-sdk/issues)
+- **Discussions:** [GitHub Discussions](https://github.com/apex-bridge/bugspotter-sdk/discussions)
 - **Security:** security@bugspotter.io

package/docs/FRAMEWORK_INTEGRATION.md

@@ -1101,4 +1101,4 @@ script-src 'self';
 
 ---
 
-**Need Help?** Open an issue on [GitHub](https://github.com/apexbridge-tech/bugspotter) or contact support.
+**Need Help?** Open an issue on [GitHub](https://github.com/apex-bridge/bugspotter-sdk) or contact support.

package/eslint.config.js

@@ -62,6 +62,13 @@ export default [
         Console: 'readonly',
         BlobPart: 'readonly',
         BodyInit: 'readonly',
+        RequestInfo: 'readonly',
+        RequestInit: 'readonly',
+        MutationObserver: 'readonly',
+        MutationRecord: 'readonly',
+        DocumentFragment: 'readonly',
+        performance: 'readonly',
+        atob: 'readonly',
       },
     },
     plugins: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bugspotter/sdk",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "Professional bug reporting SDK with screenshots, session replay, and automatic error capture for web applications",
   "packageManager": "pnpm@9.15.0",
   "main": "dist/index.js",
@@ -56,12 +56,12 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/apexbridge-tech/bugspotter-sdk.git"
+    "url": "https://github.com/apex-bridge/bugspotter-sdk.git"
   },
   "bugs": {
-    "url": "https://github.com/apexbridge-tech/bugspotter-sdk/issues"
+    "url": "https://github.com/apex-bridge/bugspotter-sdk/issues"
   },
-  "homepage": "https://github.com/apexbridge-tech/bugspotter-sdk#readme",
+  "homepage": "https://github.com/apex-bridge/bugspotter-sdk#readme",
   "engines": {
     "node": ">=16.0.0"
   },

package/release_notes.md

@@ -1,4 +1,4 @@
-## Release 2.0.0
+## Release 2.1.0
 
 ### Changes