@discloai/core 0.1.0

package/src/init.ts

@@ -0,0 +1,56 @@
+// @lighthouse-budget: TTI delta < 100ms
+
+import { resolveConfig } from "./config.js";
+import type { DiscloAIConfig, DiscloAIInitOptions } from "./config.js";
+import { renderAIContentLabel } from "./components/AIContentLabel.js";
+import { renderDeepfakeLabel } from "./components/DeepfakeLabel.js";
+import { renderChatbotDisclosure } from "./components/ChatbotDisclosure.js";
+import { renderBiometricNotice } from "./components/BiometricNotice.js";
+
+export { resolveLocale, t, SUPPORTED_LOCALES } from "./i18n/index.js";
+
+/**
+ * Initialise DiscloAI EU AI Act Article 50 disclosure widgets.
+ *
+ * Non-blocking contract:
+ * - init() itself is synchronous and returns immediately
+ * - Config resolution (remote fetch + merge) is fire-and-forget
+ * - Component injection is always deferred — never blocks DOMContentLoaded
+ *
+ * @param options - Init options including siteId and per-component config
+ */
+export function init(options?: Partial<DiscloAIInitOptions>): void {
+  if (!options?.siteId) {
+    console.warn("[DiscloAI] siteId is required");
+    return;
+  }
+
+  const cspNonce = options.cspNonce;
+
+  // Fire-and-forget: resolveConfig is async (remote fetch + merge).
+  // Using void to explicitly discard the promise — never block render.
+  void resolveConfig(options as DiscloAIInitOptions).then((config) => {
+    injectComponents(config, cspNonce);
+  });
+}
+
+/**
+ * Inject configured disclosure components after config is resolved.
+ * Always called asynchronously — never on the critical render path.
+ */
+function injectComponents(config: DiscloAIConfig, cspNonce?: string): void {
+  const { siteId } = config;
+
+  if (config.aiContentLabel?.enabled !== false) {
+    renderAIContentLabel(siteId, config.aiContentLabel ?? {}, cspNonce);
+  }
+  if (config.deepfakeLabel?.enabled !== false) {
+    renderDeepfakeLabel(siteId, config.deepfakeLabel ?? {}, cspNonce);
+  }
+  if (config.chatbotDisclosure?.enabled !== false) {
+    renderChatbotDisclosure(siteId, config.chatbotDisclosure ?? {}, cspNonce);
+  }
+  if (config.biometricNotice?.enabled !== false) {
+    renderBiometricNotice(siteId, config.biometricNotice ?? {}, cspNonce);
+  }
+}

package/src/vendors.ts

@@ -0,0 +1,29 @@
+/**
+ * Built-in chatbot vendor selector presets.
+ * Used by ChatbotDisclosure to locate the widget element automatically.
+ * When no selector matches, the component falls back to global banner mode.
+ */
+export const VENDOR_PRESETS = {
+  intercom: "#intercom-frame, .intercom-launcher",
+  crisp: ".crisp-client, #crisp-chatbox",
+  tidio: "#tidio-chat, #tidio-chat-iframe",
+  zendesk: "#launcher, .zEWidget-launcher",
+  drift: "#drift-widget, .drift-widget-welcome",
+  livechat: "#chat-widget-container, .livechat-widget",
+} as const;
+
+export type VendorPreset = keyof typeof VENDOR_PRESETS;
+
+/**
+ * Resolve the CSS selector for a given vendor preset key.
+ * Returns null if the key is not a known preset.
+ *
+ * SECURITY: The returned selector string must never be passed to eval() or
+ * used in a way that allows script injection. Use only with querySelector().
+ */
+export function resolveVendorSelector(vendor: string): string | null {
+  if (vendor in VENDOR_PRESETS) {
+    return VENDOR_PRESETS[vendor as VendorPreset];
+  }
+  return null;
+}

package/src/version.ts

@@ -0,0 +1 @@
+export const VERSION = "0.1.0";

package/src/wcag.ts

@@ -0,0 +1,46 @@
+// WCAG 2.1 AA ARIA helpers for disclosure components.
+// Full axe-core test suite implemented in Wave 3 (task 1.12).
+
+/**
+ * Set the accessible label on an element.
+ * Uses aria-label (not innerHTML) — safe against XSS.
+ */
+export function setAriaLabel(element: HTMLElement, label: string): void {
+  element.setAttribute("aria-label", label);
+}
+
+/**
+ * Set the aria-live region politeness on an element.
+ * Use 'polite' for disclosure widgets (role="alert" uses 'assertive' implicitly).
+ */
+export function setAriaLive(
+  element: HTMLElement,
+  value: "polite" | "assertive" | "off",
+): void {
+  element.setAttribute("aria-live", value);
+}
+
+/** Set the ARIA role on an element. */
+export function setRole(element: HTMLElement, role: string): void {
+  element.setAttribute("role", role);
+}
+
+/**
+ * Apply a nonce attribute to a <style> element for CSP compliance.
+ * Only applied when a nonce string is provided.
+ */
+export function applyNonce(styleElement: HTMLElement, nonce?: string): void {
+  if (nonce !== undefined && nonce.length > 0) {
+    styleElement.setAttribute("nonce", nonce);
+  }
+}
+
+/**
+ * Trap focus within a container element (for modal disclosure overlays).
+ * Returns a cleanup function that removes the trap.
+ * STUB — full implementation in Wave 3.
+ */
+export function trapFocus(_container: HTMLElement): () => void {
+  // STUB — implementation pending Wave 3
+  return () => {};
+}