@embeddedcanvas/embed-sdk 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Embedded Canvas
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,156 @@
+# @embeddedcanvas/embed-sdk
+
+Embedded Canvas integrator SDK — mint workspace JWTs server-side, fetch embed sessions, mount white-label analytics dashboards.
+
+## Install
+
+```bash
+npm install @embeddedcanvas/embed-sdk @superset-ui/embedded-sdk
+# React helper (optional):
+npm install react
+```
+
+Monorepo: `"@embeddedcanvas/embed-sdk": "workspace:*"`.
+
+### Migrating from `@kepler/embed-sdk`
+
+The package was renamed in v1.0.0 with **identical exports**. Update imports only:
+
+```diff
+- import { mintEmbedJwt } from "@kepler/embed-sdk/jwt";
++ import { mintEmbedJwt } from "@embeddedcanvas/embed-sdk/jwt";
+```
+
+---
+
+## Path A — Analytics dashboard (recommended)
+
+### 1. Server: mint workspace JWT
+
+Store the signing key from `POST /workspaces/me/signing-key` in your backend env (`EMBEDDED_CANVAS_SIGNING_KEY`).
+
+```ts
+import { mintEmbedJwt } from "@embeddedcanvas/embed-sdk/jwt";
+
+const jwt = mintEmbedJwt({
+  sub: DASHBOARD_ROW_ID, // control-plane id, not Superset uuid
+  signingKey: process.env.EMBEDDED_CANVAS_SIGNING_KEY!,
+  ttlSeconds: 900,
+  customerId: user.customerId,
+});
+```
+
+Pass `jwt` to the browser (HttpOnly cookie, BFF, or short-lived inline bootstrap — never expose the signing key).
+
+### 2. Browser: React component
+
+```tsx
+import { EmbeddedAnalytics } from "@embeddedcanvas/embed-sdk/react";
+
+<EmbeddedAnalytics
+  apiBaseUrl="https://api.example.com"
+  embedToken="EMBED_TOKEN_FROM_ANALYTICS_PAGE"
+  customerId={user.customerId}
+  jwt={jwtFromYourBackend}
+/>
+```
+
+### 3. Browser: vanilla / custom framework
+
+```ts
+import { mountAnalyticsEmbed } from "@embeddedcanvas/embed-sdk";
+
+await mountAnalyticsEmbed({
+  apiBaseUrl: "https://api.example.com",
+  embedToken: "…",
+  customerId: "1000",
+  jwt,
+  mountPoint: document.getElementById("analytics")!,
+});
+```
+
+Handles session API → guest token refresh → `@superset-ui/embedded-sdk` with white-label UI defaults.
+
+### 4. Hosted iframe (no SDK)
+
+```ts
+import { analyticsHostedEmbedUrl } from "@embeddedcanvas/embed-sdk";
+
+const src = analyticsHostedEmbedUrl("https://app.example.com", embedToken, {
+  customerId: "1000",
+  jwt,
+});
+// <iframe src={src} />
+```
+
+Use your workspace **custom embed domain** as `appBaseUrl` when configured.
+
+---
+
+## Session API (direct)
+
+```ts
+import {
+  fetchAnalyticsEmbedSession,
+  createEmbedSessionFetcher,
+  EmbedSessionError,
+} from "@embeddedcanvas/embed-sdk";
+
+const session = await fetchAnalyticsEmbedSession({
+  apiBaseUrl: "https://api.example.com",
+  embedToken: "…",
+  customerId: "1000",
+  jwt,
+});
+// session.guestToken, session.supersetDomain, session.embedUiConfig, …
+
+const fetchGuestToken = createEmbedSessionFetcher({
+  apiBaseUrl: "https://api.example.com",
+  embedToken: "…",
+  customerId: "1000",
+  getJwt: () => jwt,
+});
+```
+
+`EmbedSessionError` includes `status` and optional `code` (e.g. `embed_view_limit`).
+
+---
+
+## Embed API keys (no JWT on your backend)
+
+If you use `ec_live_…` keys from the control plane, call `POST /public/embed/v1/sessions` from your server instead of `mintEmbedJwt`. See your operator docs for `EMBED_API_KEYS`.
+
+---
+
+## Legacy chart embeds
+
+Chart embeds use the same JWT helper with a chart id as `sub`:
+
+```ts
+const jwt = mintEmbedJwt({
+  sub: chartId,
+  signingKey: process.env.EMBEDDED_CANVAS_SIGNING_KEY!,
+  ttlSeconds: 900,
+  claims: { tenant_id: user.tenantId },
+});
+```
+
+Iframe: `https://app.example.com/embed/{embedToken}?jwt=…`
+
+---
+
+## Security
+
+- Signing key: **backend only**, never in frontend bundles.
+- JWT `sub` must match the dashboard/chart row id in the control plane.
+- `customer_id` in query must match JWT when both are present (RLS binding).
+- Production requires JWT on session API (`isPublic` is dev-only).
+
+---
+
+## Related docs
+
+- [docs/embed/SDK.md](../../docs/embed/SDK.md) — full integration guide
+- [docs/embed/NPM_SDK.md](../../docs/embed/NPM_SDK.md) — publish / release
+- [docs/embed/EMBED_GATEWAY.md](../../docs/embed/EMBED_GATEWAY.md)
+- [docs/embed/WHITE_LABEL_EMBED.md](../../docs/embed/WHITE_LABEL_EMBED.md)

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Browser-safe Embedded Canvas SDK (session API, mount, URLs).
+ * Server-side JWT minting: import from `@embeddedcanvas/embed-sdk/jwt`.
+ */
+export { fetchAnalyticsEmbedSession, createEmbedSessionFetcher, EmbedSessionError, type AnalyticsEmbedSession, type EmbedSessionFetcherOptions, } from "./session.js";
+export { analyticsSessionApiPath, analyticsSessionApiUrl, analyticsHostedEmbedPath, analyticsHostedEmbedUrl, type EmbedUrlParams, } from "./urls.js";
+export { DEFAULT_EMBEDDED_DASHBOARD_UI_CONFIG, type EmbeddedDashboardUiConfig, } from "./ui.js";
+export { mountAnalyticsEmbed, mountEmbeddedAnalyticsDashboard, type MountAnalyticsEmbedInput, type AnalyticsEmbedController, type EmbedDashboardArgs, } from "./mount.js";

package/dist/index.js

@@ -0,0 +1,8 @@
+/**
+ * Browser-safe Embedded Canvas SDK (session API, mount, URLs).
+ * Server-side JWT minting: import from `@embeddedcanvas/embed-sdk/jwt`.
+ */
+export { fetchAnalyticsEmbedSession, createEmbedSessionFetcher, EmbedSessionError, } from "./session.js";
+export { analyticsSessionApiPath, analyticsSessionApiUrl, analyticsHostedEmbedPath, analyticsHostedEmbedUrl, } from "./urls.js";
+export { DEFAULT_EMBEDDED_DASHBOARD_UI_CONFIG, } from "./ui.js";
+export { mountAnalyticsEmbed, mountEmbeddedAnalyticsDashboard, } from "./mount.js";

package/dist/jwt.d.ts

@@ -0,0 +1,20 @@
+export type MintEmbedJwtInput = {
+    /** Control-plane resource id — dashboard row id (Path A) or chart id (legacy). JWT `sub`. */
+    sub: string;
+    /** Workspace signing key (hex) from POST /workspaces/me/signing-key — server-side only. */
+    signingKey: string;
+    ttlSeconds: number;
+    /** End-customer tenant key — bound into RLS as `customer_id` when present. */
+    customerId?: string;
+    /** Extra claims under the JWT `jwt` object (e.g. role, user_id). */
+    claims?: Record<string, string | number | boolean | null>;
+};
+/** @deprecated Use `MintEmbedJwtInput` with `sub`. */
+export type MintInput = {
+    chartId: string;
+    signingKey: string;
+    ttlSeconds: number;
+    claims?: Record<string, string | number | boolean | null>;
+};
+export declare function mintEmbedJwt(input: MintEmbedJwtInput): string;
+export declare function mintEmbedJwt(input: MintInput): string;

package/dist/jwt.js

@@ -0,0 +1,38 @@
+import { createHmac } from "crypto";
+const HEADER_B64 = b64url(JSON.stringify({ alg: "HS256", typ: "JWT" }));
+export function mintEmbedJwt(input) {
+    const sub = "sub" in input ? input.sub : input.chartId;
+    const jwtClaims = {
+        ...(input.claims ?? {}),
+    };
+    if ("customerId" in input && input.customerId) {
+        jwtClaims.customer_id = input.customerId;
+    }
+    const now = Math.floor(Date.now() / 1000);
+    const payload = {
+        sub,
+        jwt: jwtClaims,
+        iat: now,
+        exp: now + input.ttlSeconds,
+    };
+    const payloadB64 = b64url(JSON.stringify(payload));
+    const signingInput = `${HEADER_B64}.${payloadB64}`;
+    const sigBytes = createHmac("sha256", Buffer.from(input.signingKey, "hex"))
+        .update(signingInput)
+        .digest();
+    return `${signingInput}.${b64urlBytes(sigBytes)}`;
+}
+function b64url(s) {
+    return Buffer.from(s, "utf8")
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}
+function b64urlBytes(buf) {
+    return buf
+        .toString("base64")
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}

package/dist/mount.d.ts

@@ -0,0 +1,27 @@
+import { type EmbeddedDashboardUiConfig } from "./ui.js";
+export type MountAnalyticsEmbedInput = {
+    apiBaseUrl: string;
+    embedToken: string;
+    customerId: string;
+    mountPoint: HTMLElement;
+    jwt?: string;
+    getJwt?: () => Promise<string | undefined> | string | undefined;
+    uiConfig?: EmbeddedDashboardUiConfig;
+};
+export type AnalyticsEmbedController = {
+    destroy: () => void;
+    refreshGuestToken: () => Promise<string>;
+};
+/**
+ * Fetch session + mount white-label analytics dashboard (requires `@superset-ui/embedded-sdk`).
+ */
+export declare function mountAnalyticsEmbed(input: MountAnalyticsEmbedInput): Promise<AnalyticsEmbedController>;
+export type EmbedDashboardArgs = {
+    embeddedDashboardId: string;
+    supersetDomain: string;
+    mountPoint: HTMLElement;
+    fetchGuestToken: () => Promise<string>;
+    uiConfig?: EmbeddedDashboardUiConfig;
+};
+/** Low-level mount when you already have session fields. */
+export declare function mountEmbeddedAnalyticsDashboard(args: EmbedDashboardArgs): Promise<void>;

package/dist/mount.js

@@ -0,0 +1,90 @@
+import { createEmbedSessionFetcher, fetchAnalyticsEmbedSession } from "./session.js";
+import { DEFAULT_EMBEDDED_DASHBOARD_UI_CONFIG, } from "./ui.js";
+/**
+ * Fetch session + mount white-label analytics dashboard (requires `@superset-ui/embedded-sdk`).
+ */
+export async function mountAnalyticsEmbed(input) {
+    const jwt = input.getJwt ? await input.getJwt() : input.jwt;
+    const session = await fetchAnalyticsEmbedSession({
+        apiBaseUrl: input.apiBaseUrl,
+        embedToken: input.embedToken,
+        customerId: input.customerId,
+        jwt,
+    });
+    const fetchGuestToken = createEmbedSessionFetcher({
+        apiBaseUrl: input.apiBaseUrl,
+        embedToken: input.embedToken,
+        customerId: input.customerId,
+        getJwt: input.getJwt ?? (input.jwt ? () => input.jwt : undefined),
+    });
+    await mountEmbeddedAnalyticsDashboard({
+        embeddedDashboardId: session.embeddedDashboardId,
+        supersetDomain: session.supersetDomain,
+        mountPoint: input.mountPoint,
+        fetchGuestToken,
+        uiConfig: input.uiConfig ?? session.embedUiConfig,
+    });
+    return {
+        destroy: () => {
+            input.mountPoint.innerHTML = "";
+        },
+        refreshGuestToken: fetchGuestToken,
+    };
+}
+/** @superset-ui/embedded-sdk often leaves the iframe at 300×150 unless sized explicitly. */
+function sizeEmbeddedIframe(mountPoint) {
+    const apply = () => {
+        const iframe = mountPoint.querySelector("iframe");
+        if (!iframe)
+            return false;
+        const { width, height } = mountPoint.getBoundingClientRect();
+        iframe.style.border = "0";
+        iframe.style.display = "block";
+        iframe.removeAttribute("width");
+        iframe.removeAttribute("height");
+        if (width > 0 && height > 0) {
+            iframe.style.width = `${Math.floor(width)}px`;
+            iframe.style.height = `${Math.floor(height)}px`;
+        }
+        else {
+            iframe.style.width = "100%";
+            iframe.style.height = "100%";
+            iframe.style.minHeight = "100%";
+        }
+        return true;
+    };
+    const bindResize = () => {
+        apply();
+        const ro = new ResizeObserver(() => apply());
+        ro.observe(mountPoint);
+        mountPoint.dataset.ecEmbedResize = "1";
+    };
+    if (apply()) {
+        bindResize();
+        return;
+    }
+    const observer = new MutationObserver(() => {
+        if (apply()) {
+            observer.disconnect();
+            bindResize();
+        }
+    });
+    observer.observe(mountPoint, { childList: true, subtree: true });
+    window.setTimeout(() => observer.disconnect(), 15_000);
+}
+/** Low-level mount when you already have session fields. */
+export async function mountEmbeddedAnalyticsDashboard(args) {
+    const { embedDashboard } = await import("@superset-ui/embedded-sdk");
+    const ui = args.uiConfig ?? DEFAULT_EMBEDDED_DASHBOARD_UI_CONFIG;
+    const mountPoint = args.mountPoint;
+    mountPoint.style.width = mountPoint.style.width || "100%";
+    mountPoint.style.height = mountPoint.style.height || "100%";
+    await embedDashboard({
+        id: args.embeddedDashboardId,
+        supersetDomain: args.supersetDomain.replace(/\/$/, ""),
+        mountPoint,
+        fetchGuestToken: args.fetchGuestToken,
+        dashboardUiConfig: ui,
+    });
+    sizeEmbeddedIframe(mountPoint);
+}

package/dist/node.d.ts

@@ -0,0 +1,3 @@
+/** Server-side entry — JWT mint + all browser-safe exports. Do not import from Next.js client bundles. */
+export { mintEmbedJwt, type MintEmbedJwtInput, type MintInput } from "./jwt.js";
+export * from "./index.js";

package/dist/node.js

@@ -0,0 +1,3 @@
+/** Server-side entry — JWT mint + all browser-safe exports. Do not import from Next.js client bundles. */
+export { mintEmbedJwt } from "./jwt.js";
+export * from "./index.js";

package/dist/react.d.ts

@@ -0,0 +1,17 @@
+import type { EmbeddedDashboardUiConfig } from "./ui.js";
+export type EmbeddedAnalyticsProps = {
+    apiBaseUrl: string;
+    embedToken: string;
+    customerId: string;
+    jwt?: string;
+    getJwt?: () => Promise<string | undefined> | string | undefined;
+    uiConfig?: EmbeddedDashboardUiConfig;
+    className?: string;
+    onError?: (error: Error) => void;
+    onReady?: () => void;
+};
+/**
+ * React shell for Path A analytics embeds.
+ * Requires `react`, `@superset-ui/embedded-sdk` (pulled in by mount helper).
+ */
+export declare function EmbeddedAnalytics({ apiBaseUrl, embedToken, customerId, jwt, getJwt, uiConfig, className, onError, onReady, }: EmbeddedAnalyticsProps): import("react/jsx-runtime").JSX.Element;

package/dist/react.js

@@ -0,0 +1,48 @@
+"use client";
+import { jsx as _jsx } from "react/jsx-runtime";
+import { useEffect, useRef, useState } from "react";
+import { mountAnalyticsEmbed } from "./mount.js";
+/**
+ * React shell for Path A analytics embeds.
+ * Requires `react`, `@superset-ui/embedded-sdk` (pulled in by mount helper).
+ */
+export function EmbeddedAnalytics({ apiBaseUrl, embedToken, customerId, jwt, getJwt, uiConfig, className = "h-[480px] w-full min-h-[320px] [&_iframe]:h-full [&_iframe]:w-full [&_iframe]:border-0", onError, onReady, }) {
+    const mountRef = useRef(null);
+    const [error, setError] = useState(null);
+    useEffect(() => {
+        const el = mountRef.current;
+        if (!el || !embedToken || !customerId)
+            return;
+        let cancelled = false;
+        el.innerHTML = "";
+        setError(null);
+        void mountAnalyticsEmbed({
+            apiBaseUrl,
+            embedToken,
+            customerId,
+            mountPoint: el,
+            jwt,
+            getJwt,
+            uiConfig,
+        })
+            .then(() => {
+            if (!cancelled)
+                onReady?.();
+        })
+            .catch((err) => {
+            if (cancelled)
+                return;
+            const message = err instanceof Error ? err.message : "Failed to load embed";
+            setError(message);
+            onError?.(err instanceof Error ? err : new Error(message));
+        });
+        return () => {
+            cancelled = true;
+            el.innerHTML = "";
+        };
+    }, [apiBaseUrl, embedToken, customerId, jwt, getJwt, uiConfig, onError, onReady]);
+    if (error) {
+        return (_jsx("div", { className: className, role: "alert", children: _jsx("p", { className: "p-4 text-sm text-red-600", children: error }) }));
+    }
+    return _jsx("div", { ref: mountRef, className: className, "aria-label": "Embedded analytics dashboard" });
+}

package/dist/session.d.ts

@@ -0,0 +1,35 @@
+import type { EmbeddedDashboardUiConfig } from "./ui.js";
+export type AnalyticsEmbedSession = {
+    embedUrl: string;
+    guestToken: string;
+    embeddedDashboardId: string;
+    supersetDomain: string;
+    expiresInSeconds: number;
+    customerId: string;
+    tenantColumn: string;
+    rlsClause?: string;
+    embedUiConfig?: EmbeddedDashboardUiConfig;
+    hostedEmbedBaseUrl?: string;
+    hostedEmbedPath?: string;
+};
+export declare class EmbedSessionError extends Error {
+    readonly status: number;
+    readonly code?: string;
+    constructor(message: string, status: number, code?: string);
+}
+export declare function fetchAnalyticsEmbedSession(input: {
+    apiBaseUrl: string;
+    embedToken: string;
+    customerId: string;
+    jwt?: string;
+    signal?: AbortSignal;
+}): Promise<AnalyticsEmbedSession>;
+export type EmbedSessionFetcherOptions = {
+    apiBaseUrl: string;
+    embedToken: string;
+    customerId: string;
+    /** Mint or return a workspace JWT (server-minted in Acme backend, passed to browser). */
+    getJwt?: () => Promise<string | undefined> | string | undefined;
+};
+/** Guest-token refresh callback for `@superset-ui/embedded-sdk`. */
+export declare function createEmbedSessionFetcher(options: EmbedSessionFetcherOptions): () => Promise<string>;

package/dist/session.js

@@ -0,0 +1,43 @@
+import { analyticsSessionApiUrl } from "./urls.js";
+export class EmbedSessionError extends Error {
+    status;
+    code;
+    constructor(message, status, code) {
+        super(message);
+        this.name = "EmbedSessionError";
+        this.status = status;
+        this.code = code;
+    }
+}
+export async function fetchAnalyticsEmbedSession(input) {
+    const url = analyticsSessionApiUrl(input.apiBaseUrl, input.embedToken, {
+        customerId: input.customerId,
+        jwt: input.jwt,
+    });
+    const res = await fetch(url, {
+        method: "GET",
+        cache: "no-store",
+        signal: input.signal,
+    });
+    const data = (await res.json());
+    if (!res.ok) {
+        throw new EmbedSessionError(data.error || `Session request failed (${res.status})`, res.status, data.code);
+    }
+    if (!data.guestToken) {
+        throw new EmbedSessionError("Session response missing guestToken", 502);
+    }
+    return data;
+}
+/** Guest-token refresh callback for `@superset-ui/embedded-sdk`. */
+export function createEmbedSessionFetcher(options) {
+    return async () => {
+        const jwt = options.getJwt ? await options.getJwt() : undefined;
+        const session = await fetchAnalyticsEmbedSession({
+            apiBaseUrl: options.apiBaseUrl,
+            embedToken: options.embedToken,
+            customerId: options.customerId,
+            jwt,
+        });
+        return session.guestToken;
+    };
+}

package/dist/ui.d.ts

@@ -0,0 +1,12 @@
+/** White-label iframe chrome (matches control plane `embedUiConfig`). */
+export type EmbeddedDashboardUiConfig = {
+    hideTitle: boolean;
+    hideTab: boolean;
+    hideChartControls: boolean;
+    filters: {
+        visible: boolean;
+        expanded: boolean;
+    };
+    urlParams?: Record<string, string>;
+};
+export declare const DEFAULT_EMBEDDED_DASHBOARD_UI_CONFIG: EmbeddedDashboardUiConfig;

package/dist/ui.js

@@ -0,0 +1,11 @@
+export const DEFAULT_EMBEDDED_DASHBOARD_UI_CONFIG = {
+    hideTitle: true,
+    hideTab: true,
+    hideChartControls: true,
+    filters: { visible: false, expanded: false },
+    urlParams: {
+        standalone: "3",
+        show_filters: "0",
+        expand_filters: "0",
+    },
+};

package/dist/urls.d.ts

@@ -0,0 +1,8 @@
+export type EmbedUrlParams = {
+    customerId?: string;
+    jwt?: string;
+};
+export declare function analyticsSessionApiPath(embedToken: string, params?: EmbedUrlParams): string;
+export declare function analyticsSessionApiUrl(apiBaseUrl: string, embedToken: string, params?: EmbedUrlParams): string;
+export declare function analyticsHostedEmbedPath(embedToken: string, params?: EmbedUrlParams): string;
+export declare function analyticsHostedEmbedUrl(appBaseUrl: string, embedToken: string, params?: EmbedUrlParams): string;

package/dist/urls.js

@@ -0,0 +1,26 @@
+export function analyticsSessionApiPath(embedToken, params) {
+    const q = new URLSearchParams();
+    if (params?.customerId)
+        q.set("customer_id", params.customerId);
+    if (params?.jwt)
+        q.set("jwt", params.jwt);
+    const qs = q.toString();
+    return `/embed/superset/${encodeURIComponent(embedToken)}/session${qs ? `?${qs}` : ""}`;
+}
+export function analyticsSessionApiUrl(apiBaseUrl, embedToken, params) {
+    const base = apiBaseUrl.replace(/\/$/, "");
+    return `${base}${analyticsSessionApiPath(embedToken, params)}`;
+}
+export function analyticsHostedEmbedPath(embedToken, params) {
+    const q = new URLSearchParams();
+    if (params?.customerId)
+        q.set("customer_id", params.customerId);
+    if (params?.jwt)
+        q.set("jwt", params.jwt);
+    const qs = q.toString();
+    return `/embed/analytics/${encodeURIComponent(embedToken)}${qs ? `?${qs}` : ""}`;
+}
+export function analyticsHostedEmbedUrl(appBaseUrl, embedToken, params) {
+    const base = appBaseUrl.replace(/\/$/, "");
+    return `${base}${analyticsHostedEmbedPath(embedToken, params)}`;
+}

package/package.json

@@ -0,0 +1,72 @@
+{
+  "name": "@embeddedcanvas/embed-sdk",
+  "version": "1.0.0",
+  "description": "Embedded Canvas SDK — JWT minting, session API, and analytics embed helpers for B2B SaaS integrators.",
+  "type": "module",
+  "sideEffects": false,
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./jwt": {
+      "types": "./dist/jwt.d.ts",
+      "import": "./dist/jwt.js"
+    },
+    "./node": {
+      "types": "./dist/node.d.ts",
+      "import": "./dist/node.js"
+    },
+    "./react": {
+      "types": "./dist/react.d.ts",
+      "import": "./dist/react.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepack": "npm run build",
+    "prepublishOnly": "npm run build",
+    "test": "node --experimental-vm-modules --test dist/jwt.test.js 2>/dev/null || echo 'run build first'"
+  },
+  "keywords": [
+    "embedded-analytics",
+    "embeddedcanvas",
+    "superset",
+    "dashboard",
+    "embed",
+    "b2b-saas"
+  ],
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "peerDependencies": {
+    "@superset-ui/embedded-sdk": "^0.3.0",
+    "react": ">=18"
+  },
+  "peerDependenciesMeta": {
+    "@superset-ui/embedded-sdk": {
+      "optional": true
+    },
+    "react": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "@superset-ui/embedded-sdk": "^0.3.0",
+    "@types/node": "^20",
+    "@types/react": "^19",
+    "react": "19.2.3",
+    "typescript": "^5"
+  }
+}