@crownpeak/dqm-react-component-dev-mcp 1.2.0

package/data/README.md

@@ -0,0 +1,315 @@
+# Crownpeak DQM React Component
+
+[![npm version](https://img.shields.io/npm/v/@crownpeak/dqm-react-component.svg)](https://www.npmjs.com/package/@crownpeak/dqm-react-component)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+[![TypeScript](https://img.shields.io/badge/TypeScript-5.6-blue)](https://www.typescriptlang.org/)
+[![React](https://img.shields.io/badge/React-18%2B-blue)](https://reactjs.org/)
+
+A React component library for integrating [Crownpeak Digital Quality Management (DQM)](https://www.crownpeak.com/) into
+your React applications. Display quality analysis, accessibility violations, and checkpoint errors with visual
+highlighting capabilities.
+
+## 🌟 Features
+
+- **🤖 AI-Powered Translation & Summary** - Automatically translate analysis results into your language and generate intelligent summaries using OpenAI
+- **📊 Quality Analysis** - Comprehensive quality metrics and scores
+- **♿ Accessibility Checks** - WCAG compliance validation
+- **🎯 Error Highlighting** - Visual highlighting of issues in HTML
+- **🎨 Material-UI Design** - Beautiful, responsive sidebar interface
+- **🔐 Secure Authentication** - Backend session management with secure credential storage
+- **⚡ Real-time Analysis** - Live quality assessment as you edit
+- **📱 Responsive** - Works on desktop, tablet, and mobile
+- **🌍 Internationalization** - Supports English, German, and Spanish
+- **🔧 TypeScript Support** - Full type definitions included
+
+## 📦 Installation
+
+```bash
+npm install @crownpeak/dqm-react-component
+```
+
+## 🚀 Quick Start
+
+```tsx
+import React, {useState} from 'react';
+import {DQMSidebar} from '@crownpeak/dqm-react-component';
+
+function App() {
+    const [open, setOpen] = useState(false);
+
+    const customHtml = `<html>
+                <head><title>Test Page</title></head>
+                <body>
+                    <h1>Hello World</h1>
+                    <img src="image.jpg" />
+                </body>`
+
+    return (
+        <div>
+            <button onClick={() => setOpen(true)}>Check Quality</button>
+
+            <DQMSidebar
+                open={sidebarOpen}
+                onOpen={() => setOpen(true)}
+                onClose={() => setOpen(false)}
+                debugHtml={customHtml}
+                config={{
+                    // ... authentication options here
+                    // look for "🔑 Authentication Setup" below
+                }}
+            />
+        </div>
+    );
+}
+
+export default App;
+```
+
+### AI-Powered Translation & Summary (Quick Example)
+
+```typescript
+import {DQMSidebar} from '@crownpeak/dqm-react-component';
+
+<DQMSidebar
+    open={isOpen}
+    onClose={() => setIsOpen(false)}
+    onOpen={() => setIsOpen(true)}
+    config={{
+        websiteId: 'your-website-id',
+        apiKey: 'your-api-key',
+        // Enable AI Translation (API key via localStorage: dqm_openai_apiKey)
+        translation: {
+            enabledByDefault: true,
+            computeBudgetMs: 15000,   // 15s timeout for 'fast' mode
+        },
+        // Enable AI Summary (uses same OpenAI API key)
+        summary: {
+            timeoutMs: 30000,         // 30s timeout
+        }
+    }}
+/>
+```
+
+See **[AI Features Guide](./docs/AI-FEATURES.md)** for complete documentation including caching strategies and performance tuning.
+
+## 📖 Documentation
+
+### Core Documentation
+- **[Quick Start Guide](./docs/QUICKSTART.md)** - Get up and running in 5 minutes
+- **[Examples](./docs/EXAMPLES.md)** - Integration examples for React, Next.js, TypeScript
+- **[Authentication Guide](./docs/AUTHENTICATION.md)** - Setup and configuration
+
+### AI Features
+- **[AI Features Guide](./docs/AI-FEATURES.md)** - Translation & Summary with OpenAI
+- **[API Reference](./docs/API-REFERENCE.md)** - Full TypeScript API documentation
+- **[Migration Guide](./docs/MIGRATION-GUIDE.md)** - Upgrade from v1.1 to v1.2
+
+### Advanced
+- **[Widget Guide](./docs/WIDGET-GUIDE.md)** - Standalone IIFE/ESM bundle usage
+- **[Backend API](./docs/BACKEND-API.md)** - Backend server endpoints and usage
+- **[Development Guide](./docs/DEVELOPMENT.md)** - Contributing and local development
+- **[Troubleshooting](./docs/TROUBLESHOOTING.md)** - Common issues and solutions
+
+## 🔑 Authentication Setup
+
+The component requires authentication with Crownpeak DQM. Two options are available:
+
+```tsx
+import {DQMSidebar} from '@crownpeak/dqm-react-component';
+
+<DQMSidebar
+    {/* ... */}
+    config={{
+        // Option 1: Direct API Key and Website ID (not recommended for production)
+        // websiteId: 'your-website-id',
+        // apiKey: 'your-api-key',
+
+        // Option 2: Auth Backend for API Key management (recommended)
+        authBackendUrl: '', // Dev: empty (same origin) | Prod: 'https://your-backend.com'
+        useLocalStorage: true,
+    }}
+```
+
+### Direct Backend Integration
+
+Run the included backend server for session management:
+
+```bash
+npm run server
+```
+
+See [AUTHENTICATION.md](./AUTHENTICATION.md) for detailed setup instructions.
+
+## 🛠️ Development Server
+
+For local development with test harness:
+
+```bash
+npm install
+npm run dev
+```
+
+This starts:
+
+- Frontend + Backend on `http://localhost:5173` (Vite dev server with integrated backend)
+- Backend routes (`/auth/*`, `/dqm/*`) handled by Vite plugin
+
+### Standalone Server (Optional)
+
+If using the included backend server:
+
+- Node.js 18+ or 20+
+- Redis (for session storage)
+
+See [REDIS-SETUP.md](./REDIS-SETUP.md) for Redis installation.
+
+## 📊 API Reference
+
+### DQMSidebar Props
+
+| Prop        | Type         | Required | Description                  |
+|-------------|--------------|----------|------------------------------|
+| `open`      | `boolean`    | ✅        | Controls sidebar visibility  |
+| `onClose`   | `() => void` | ✅        | Callback when sidebar closes |
+| `onOpen`    | `() => void` | ✅        | Callback when sidebar opens  |
+| `debugHtml` | `string`     | ❌        | HTML for testing (dev only)  |
+| `config`    | `DQMConfig`  | ❌        | Configuration options        |
+
+### DQMConfig Options
+
+| Option            | Type            | Default | Description                                    |
+|-------------------|-----------------|---------|------------------------------------------------|
+| `apiKey`          | `string`        | -       | Direct API key (not for production)            |
+| `websiteId`       | `string`        | -       | Website ID for DQM                             |
+| `authBackendUrl`  | `string`        | -       | Backend URL for session management             |
+| `useLocalStorage` | `boolean`       | `true`  | Persist credentials in localStorage            |
+| `disabled`        | `boolean`       | `false` | Disable DQM completely                         |
+| `disableLogout`   | `boolean`       | `false` | Hide the logout control (host manages session) |
+| `shadowDomMode`   | `boolean`       | `false` | Enable for Shadow DOM embedding                |
+| `overlayConfig`   | `OverlayConfig` | -       | Overlay/toolbar detection config               |
+
+### OverlayConfig (for Toolbars & Overlays)
+
+Configure how the sidebar adapts to fixed overlays (e.g., admin toolbars):
+
+```tsx
+<DQMSidebar
+    config={{
+        overlayConfig: {
+            // CSS selector for the overlay element
+            selector: 'iframe#MyToolbar',
+
+            // Validate iFrame has contentWindow (default: true)
+            validateIframe: true,
+
+            // Polling interval in ms for cross-origin iFrames (default: 1000)
+            pollMs: 1000,
+
+            // OR: Manual offset when auto-detection doesn't work
+            // (e.g., for iFrames that fill screen but have smaller internal content)
+            manualOffset: {
+                position: 'top', // 'top' | 'bottom' | 'left' | 'right'
+                pixels: 50
+            }
+        }
+    }}
+/>
+```
+
+**Common overlay configurations:**
+
+[//]: # (@formatter:off)
+```tsx
+// Disable overlay detection
+overlayConfig: {
+    selector: null
+}
+
+// Manual 50px offset from top
+overlayConfig: {
+    manualOffset: {
+        position: 'top', pixels: 50
+    }
+}
+
+// Custom selector without iFrame validation
+overlayConfig: {
+    selector: '.admin-toolbar', validateIframe: false
+}
+```
+[//]: # (@formatter:on)
+
+### Exported Types
+
+```typescript
+import type {
+    AnalysisState,
+    Checkpoint,
+    AnalysisData,
+    DQMSidebarProps,
+    DQMConfig,
+    OverlayConfig,
+    OverlayOffsetPosition
+} from '@crownpeak/dqm-react-component';
+
+// For advanced overlay handling
+import {useOverlayResistant} from '@crownpeak/dqm-react-component';
+import type {OverlayInfo, OverlayPosition} from '@crownpeak/dqm-react-component';
+```
+
+See [TypeScript examples](./EXAMPLES.md#typescript-configuration) for full type definitions.
+
+## 🧪 Testing
+
+```bash
+# Lint code
+npm run lint
+
+# Build library
+npm run build:lib
+
+# Test as package
+npm pack
+npm install ./crownpeak-dqm-react-component-1.0.0.tgz
+```
+
+## 🤝 Contributing
+
+We welcome contributions! Please see our [Contributing Guide](./CONTRIBUTING.md) for details.
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b feature/amazing-feature`)
+3. Commit your changes (`git commit -m 'feat: Add amazing feature'`)
+4. Push to the branch (`git push origin feature/amazing-feature`)
+5. Open a Pull Request
+
+## 📜 License
+
+MIT © [Crownpeak Technology GmbH](https://www.crownpeak.com/)
+
+See [LICENSE](./LICENSE) file for details.
+
+## 🐛 Issues
+
+Found a bug or have a feature request?
+Please [open an issue](https://github.com/Crownpeak/dqm-react-component/issues/new/choose).
+
+## 📞 Support
+
+- **Documentation**: Check the [docs folder](.)
+- **Issues**: [GitHub Issues](https://github.com/Crownpeak/dqm-react-component/issues)
+- **Website**: [crownpeak.com](https://www.crownpeak.com/)
+
+## 🔗 Links
+
+- [NPM Package](https://www.npmjs.com/package/@crownpeak/dqm-react-component)
+- [GitHub Repository](https://github.com/Crownpeak/dqm-react-component)
+- [Material-UI Documentation](https://mui.com/)
+
+## 📝 Changelog
+
+See [CHANGELOG.md](./CHANGELOG.md) for release history.
+
+---
+
+Made with ❤️ by the Crownpeak team

package/data/SECURITY.md

@@ -0,0 +1,125 @@
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities for the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+We take security vulnerabilities seriously. If you discover a security issue in this project, please report it responsibly.
+
+### How to Report
+
+**Please do NOT report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them via email to: **security@crownpeak.com**
+
+Include the following information in your report:
+
+1. **Description** - A clear description of the vulnerability
+2. **Impact** - What an attacker could achieve by exploiting this vulnerability
+3. **Steps to Reproduce** - Detailed steps to reproduce the issue
+4. **Affected Versions** - Which versions are affected
+5. **Possible Fix** - If you have suggestions for fixing the vulnerability
+6. **Your Contact Info** - So we can follow up with questions if needed
+
+### What to Expect
+
+- **Acknowledgment** - We'll acknowledge receipt of your report within 48 hours
+- **Investigation** - We'll investigate and validate the vulnerability
+- **Status Updates** - We'll keep you informed of our progress
+- **Resolution** - We'll work on a fix and release a patched version
+- **Credit** - With your permission, we'll credit you in the security advisory
+
+### Security Best Practices
+
+When using this component:
+
+1. **Keep Dependencies Updated**
+   ```bash
+   npm audit
+   npm audit fix
+   ```
+
+2. **Use Environment Variables** - Never hardcode API keys or credentials
+   ```bash
+   # .env file (never commit this)
+   DQM_API_KEY=your_api_key_here
+   DQM_WEBSITE_ID=your_website_id
+   ```
+
+3. **Secure Backend** - If using the included backend server:
+   - Use HTTPS in production
+   - Set secure Redis password
+   - Use environment variables for secrets
+   - Enable CORS only for trusted domains
+
+4. **Session Management**
+   - Sessions expire after 24 hours
+   - Clear localStorage on logout
+   - Validate tokens on backend
+
+5. **Content Security Policy** - Configure CSP headers:
+   ```
+   Content-Security-Policy: 
+     default-src 'self';
+     connect-src 'self' https://api.crownpeak.net;
+     style-src 'self' 'unsafe-inline';
+   ```
+
+### Known Security Considerations
+
+1. **HTML Rendering**
+   - Component uses DOMPurify to sanitize rendered HTML
+   - Shadow DOM isolation prevents style leakage
+   - Be cautious when using `debugHtml` prop (dev only)
+
+2. **Session Storage**
+   - Redis sessions expire after 24 hours
+   - Tokens stored in localStorage (consider security implications)
+   - Clear sensitive data on logout
+
+3. **API Keys**
+   - Never expose API keys in client-side code
+   - Use backend proxy for API calls
+   - Rotate keys regularly
+
+### Third-Party Dependencies
+
+We regularly monitor and update dependencies for security vulnerabilities:
+
+- React 18+
+- Material-UI 5+
+- Axios (HTTP client)
+- DOMPurify (HTML sanitization)
+- Express (backend server)
+- Redis (session storage)
+
+Run `npm audit` to check for known vulnerabilities in dependencies.
+
+### Security Updates
+
+Security patches will be released as soon as possible:
+
+- **Critical** - Within 24-48 hours
+- **High** - Within 1 week
+- **Medium** - Within 2 weeks
+- **Low** - In next scheduled release
+
+### Disclosure Policy
+
+- We follow responsible disclosure practices
+- Security issues will be disclosed after a fix is available
+- We'll publish a security advisory on GitHub
+
+### Security Hall of Fame
+
+We recognize security researchers who help improve our security:
+
+<!-- Security researchers will be listed here after disclosure -->
+
+Thank you for helping keep Crownpeak DQM React Component secure! 🔒