@eshal-bot/chat-widget 0.1.40 → 0.1.41

package/dist/chat-widget.js

@@ -8664,94 +8664,102 @@
     return (_ONBOARDING_FIELD_ORD = ONBOARDING_FIELD_ORDER[key]) !== null && _ONBOARDING_FIELD_ORD !== void 0 ? _ONBOARDING_FIELD_ORD : 99;
   };
 
-  const createSession = async config => {
-    // Initialize chat session if needed
-    if (config.sessionUrl) {
-      try {
-        const response = await fetch(config.sessionUrl, {
-          method: "POST",
-          headers: _objectSpread2({
-            "Content-Type": "application/json"
-          }, config.apiKey && {
-            Authorization: "Bearer ".concat(config.apiKey)
-          }),
-          body: JSON.stringify({
-            userId: config.userId,
-            userName: config.userName,
-            userEmail: config.userEmail
-          }),
-          credentials: "include"
-        });
-        const data = await response.json();
-        return data.sessionId;
-      } catch (error) {
-        console.error("Session creation error:", error);
-        return null;
-      }
-    }
-    return null;
-  };
+  const SESSION_KEY$1 = 'eshal_chat_session';
+  const SESSION_MSG_KEY = 'eshal_chat_session_messages';
+
+  // Defaults used when the deploy-agent payload hasn't resolved yet (first paint
+  // race) or doesn't include `messageLimits` (older backend). The authoritative
+  // values come from the backend via `WIDGET_CONFIG.MESSAGE_LIMITS`.
+  const DEFAULT_MESSAGE_CAP = 200;
+  const DEFAULT_MESSAGE_TRIM_BATCH = 50;
 
   /**
-   * Fetches conversation history for a given org and conversation
-   * @param {string} apiBaseUrl - Base URL for the API
-   * @param {string} orgId - Organization ID
-   * @param {string} conversationId - Conversation ID
-   * @returns {Promise<Array>} Array of messages
-   */
-  const fetchConversationHistory = async (apiBaseUrl, orgId, conversationId) => {
-    if (!apiBaseUrl || !orgId || !conversationId) {
-      throw new Error("apiBaseUrl, orgId, and conversationId are required");
-    }
-    const url = "".concat(apiBaseUrl.replace(/\/$/, ''), "/api/v1/conversations/").concat(orgId, "/").concat(conversationId);
-    const response = await fetch(url, {
-      method: "GET",
-      headers: {
-        "Content-Type": "application/json"
-      },
-      credentials: "include"
+   * Sliding-window trim. Once the transcript exceeds `cap`, slice off the
+   * oldest `trimBatch` messages — when both surfaces are at steady state the
+   * loop runs at most once; the `while` is defensive against bursts (e.g. a
+   * voice turn that lands several transcription chunks in one tick) that
+   * push length far past the cap in a single render.
+   */
+  function applyMessageCap(messages) {
+    let cap = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : DEFAULT_MESSAGE_CAP;
+    let trimBatch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : DEFAULT_MESSAGE_TRIM_BATCH;
+    if (!Array.isArray(messages)) return [];
+    if (typeof cap !== 'number' || cap <= 0) cap = DEFAULT_MESSAGE_CAP;
+    if (typeof trimBatch !== 'number' || trimBatch <= 0 || trimBatch >= cap) {
+      trimBatch = Math.min(DEFAULT_MESSAGE_TRIM_BATCH, cap - 1);
+    }
+    let m = messages;
+    while (m.length > cap) m = m.slice(trimBatch);
+    return m;
+  }
+
+  // Strip transient fields (in-flight streaming flags, Date objects) so the
+  // persisted shape is stable across React re-mounts. Keep the bits the UI
+  // needs to render a faithful replay: role + content + timestamp + per-message
+  // metadata (sources, feedback, prompt suggestions, content type).
+  //
+  // The welcome message is INTENTIONALLY excluded. It's client-side display
+  // state generated from `widgetConfig.welcomeMessage` on every mount; the
+  // hydrate path always prepends a fresh welcome above the restored history.
+  // Persisting it would cause a duplicate-welcome render on reload because the
+  // stored copy lacks the `isWelcome` flag (sanitize would strip it) and gets
+  // rendered as a regular assistant message alongside the freshly-added one.
+  function sanitizeMessagesForStorage(messages) {
+    if (!Array.isArray(messages)) return [];
+    return messages.filter(m => m && !m.isWelcome && (m.content || Array.isArray(m.sources) && m.sources.length > 0)).map(m => {
+      var _m$type;
+      return _objectSpread2(_objectSpread2(_objectSpread2({
+        id: m.id,
+        role: m.role,
+        content: m.content,
+        timestamp: m.timestamp instanceof Date ? m.timestamp.toISOString() : typeof m.timestamp === 'string' ? m.timestamp : new Date().toISOString(),
+        type: (_m$type = m.type) !== null && _m$type !== void 0 ? _m$type : null
+      }, Array.isArray(m.sources) && m.sources.length > 0 ? {
+        sources: m.sources
+      } : {}), m.feedback !== undefined ? {
+        feedback: m.feedback
+      } : {}), Array.isArray(m.prompts) && m.prompts.length > 0 ? {
+        prompts: m.prompts
+      } : {});
     });
-    if (response.status === 404) {
-      return []; // No history for this conversation yet
-    }
-    if (!response.ok) {
-      throw new Error("HTTP error! status: ".concat(response.status));
+  }
+  const saveSessionMessages = (orgId, conversationId, messages, limits) => {
+    if (!orgId || !conversationId) return;
+    try {
+      const cap = limits === null || limits === void 0 ? void 0 : limits.cap;
+      const trimBatch = limits === null || limits === void 0 ? void 0 : limits.trimBatch;
+      const trimmed = applyMessageCap(messages, cap, trimBatch);
+      const sanitized = sanitizeMessagesForStorage(trimmed);
+      localStorage.setItem("".concat(SESSION_MSG_KEY, "_").concat(orgId, "_").concat(conversationId), JSON.stringify(sanitized));
+    } catch (_unused) {
+      // Quota / private-mode / serialization failure — drop silently. The
+      // user-visible chat is unaffected; only the post-reload replay is lost.
     }
-    const data = await response.json();
-    return data.messages || [];
   };
-
-  /**
-   * Fetches agent configuration from the deploy-agent endpoint
-   * @param {string} apiBaseUrl - Base URL for the API
-   * @param {string} orgId - Organization ID
-   * @returns {Promise<object>} Agent configuration object
-   */
-  const fetchAgentConfig = async (apiBaseUrl, orgId) => {
-    if (!apiBaseUrl || !orgId) {
-      throw new Error("apiBaseUrl and orgId are required");
+  const getSessionMessages = (orgId, conversationId) => {
+    if (!orgId || !conversationId) return [];
+    try {
+      const raw = localStorage.getItem("".concat(SESSION_MSG_KEY, "_").concat(orgId, "_").concat(conversationId));
+      if (!raw) return [];
+      const parsed = JSON.parse(raw);
+      if (!Array.isArray(parsed)) return [];
+      // Restore Date objects so MessageList timestamp formatting works without
+      // every downstream consumer doing the conversion itself.
+      return parsed.map(m => _objectSpread2(_objectSpread2({}, m), {}, {
+        timestamp: m.timestamp ? new Date(m.timestamp) : new Date()
+      }));
+    } catch (_unused2) {
+      return [];
     }
+  };
+  const clearSessionMessages = (orgId, conversationId) => {
+    if (!orgId || !conversationId) return;
     try {
-      const url = "".concat(apiBaseUrl.replace(/\/$/, ''), "/api/v1/deploy-agent/").concat(orgId);
-      const response = await fetch(url, {
-        method: "GET",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        credentials: "include"
-      });
-      if (!response.ok) {
-        throw new Error("HTTP error! status: ".concat(response.status));
-      }
-      const data = await response.json();
-      return data;
-    } catch (error) {
-      console.error("Failed to fetch agent configuration:", error);
-      throw error;
+      localStorage.removeItem("".concat(SESSION_MSG_KEY, "_").concat(orgId, "_").concat(conversationId));
+    } catch (_unused3) {
+      // ignore
     }
   };
-
-  const SESSION_KEY$1 = 'eshal_chat_session';
   const getTimeoutMs = (value, unit) => {
     if (value === undefined || value === null || !unit) return null;
     const multipliers = {
@@ -8772,7 +8780,7 @@
       const raw = localStorage.getItem("".concat(SESSION_KEY$1, "_").concat(orgId));
       if (!raw) return null;
       return JSON.parse(raw);
-    } catch (_unused) {
+    } catch (_unused4) {
       return null;
     }
   };
@@ -8822,7 +8830,7 @@
         createdAt: now,
         firstInteractionAt: null
       }, extra)));
-    } catch (_unused2) {}
+    } catch (_unused5) {}
   };
   const updateActivity = orgId => {
     try {
@@ -8836,7 +8844,7 @@
         session.firstInteractionAt = now;
       }
       localStorage.setItem("".concat(SESSION_KEY$1, "_").concat(orgId), JSON.stringify(session));
-    } catch (_unused3) {}
+    } catch (_unused6) {}
   };
   const markOnboardingCompleted = orgId => {
     try {
@@ -8844,7 +8852,7 @@
       if (!session) return;
       session.onboardingCompleted = true;
       localStorage.setItem("".concat(SESSION_KEY$1, "_").concat(orgId), JSON.stringify(session));
-    } catch (_unused4) {}
+    } catch (_unused7) {}
   };
   const markCsatSubmitted = orgId => {
     try {
@@ -8852,12 +8860,21 @@
       if (!session) return;
       session.csatSubmitted = true;
       localStorage.setItem("".concat(SESSION_KEY$1, "_").concat(orgId), JSON.stringify(session));
-    } catch (_unused5) {}
+    } catch (_unused8) {}
   };
   const clearSession$2 = orgId => {
     try {
+      // Read the session BEFORE removing it so we know which messages bucket to
+      // clear. Inactivity sweepers / explicit resets call this path; leaving the
+      // messages bucket behind would resurrect the prior transcript when a new
+      // session happens to land on the same conversationId (extremely rare, but
+      // free to defend against).
+      const existing = getSession(orgId);
       localStorage.removeItem("".concat(SESSION_KEY$1, "_").concat(orgId));
-    } catch (_unused6) {}
+      if (existing !== null && existing !== void 0 && existing.conversationId) {
+        clearSessionMessages(orgId, existing.conversationId);
+      }
+    } catch (_unused9) {}
   };
   const savePromptSuggestions = (orgId, prompts) => {
     try {
@@ -8867,14 +8884,14 @@
         return;
       }
       localStorage.setItem("".concat(SESSION_KEY$1, "_prompts_").concat(orgId), JSON.stringify(prompts));
-    } catch (_unused7) {}
+    } catch (_unused0) {}
   };
   const getPromptSuggestions = orgId => {
     try {
       const raw = localStorage.getItem("".concat(SESSION_KEY$1, "_prompts_").concat(orgId));
       if (!raw) return [];
       return JSON.parse(raw) || [];
-    } catch (_unused8) {
+    } catch (_unused1) {
       return [];
     }
   };
@@ -8920,8 +8937,17 @@
       onboardingEnabled = false,
       collectionPrompt,
       inactivityTimeoutValue,
-      inactivityTimeoutUnit
+      inactivityTimeoutUnit,
+      // Sliding-window limits for the persisted transcript. Sourced from the
+      // backend's `messageLimits` field on the deploy-agent payload so per-env
+      // configuration ships through one channel. Falls back to module defaults
+      // during the brief mount window before the deploy-agent fetch resolves.
+      messageLimits
     } = _ref2;
+    const resolvedMessageLimits = reactExports.useMemo(() => ({
+      cap: typeof (messageLimits === null || messageLimits === void 0 ? void 0 : messageLimits.cap) === 'number' && messageLimits.cap > 0 ? messageLimits.cap : DEFAULT_MESSAGE_CAP,
+      trimBatch: typeof (messageLimits === null || messageLimits === void 0 ? void 0 : messageLimits.trimBatch) === 'number' && messageLimits.trimBatch > 0 ? messageLimits.trimBatch : DEFAULT_MESSAGE_TRIM_BATCH
+    }), [messageLimits === null || messageLimits === void 0 ? void 0 : messageLimits.cap, messageLimits === null || messageLimits === void 0 ? void 0 : messageLimits.trimBatch]);
     const [isOpen, setIsOpen] = reactExports.useState(autoOpen);
     const [isMinimized, setIsMinimized] = reactExports.useState(false);
     const [isDark, setIsDark] = reactExports.useState(darkMode);
@@ -9140,91 +9166,62 @@
           return;
         }
 
-        // Restore session — fetch conversation history once
-        if (!historyLoadedRef.current && apiBaseUrl) {
+        // Restore session — hydrate from localStorage only. We no longer hit
+        // `GET /api/v1/conversations/:orgId/:conversationId` because orgs with
+        // the Eshal Inbox conversation route turned OFF never get rows written
+        // (`isInboxRouteEnabled` gates persistence) and the empty backend reply
+        // was wiping the on-screen transcript on every reload. localStorage is
+        // now the only source of session replay; inbox-on orgs still see their
+        // full transcript because every settled message is mirrored locally.
+        if (!historyLoadedRef.current) {
           historyLoadedRef.current = true;
-          setIsConversationLoading(true);
-          fetchConversationHistory(apiBaseUrl, organizationId, bidiSessionId).then(msgs => {
-            // Filter out onboarding field messages (name/email/phone) so they don't appear as chat bubbles
-            const ONBOARDING_TYPES = ['userName', 'email', 'phone', 'fullname', 'mobileno', 'name'];
-            const chatMsgs = msgs.filter(msg => {
-              const msgType = msg.type || msg.messageType;
-              if (msgType && ONBOARDING_TYPES.includes(msgType)) return false;
-              return true;
-            });
-            if (chatMsgs.length > 0) {
-              historyHasMessagesRef.current = true;
-              const historyMessages = chatMsgs.map((msg, index) => {
-                var _msg$Sources;
-                // Normalize sources — backend may store them as "Sources" (capital) with
-                // "sourceid" (no underscore). Map to the shape MessageSources expects.
-                const rawSources = (_msg$Sources = msg.Sources) !== null && _msg$Sources !== void 0 ? _msg$Sources : msg.sources;
-                const sources = Array.isArray(rawSources) ? rawSources.map(s => {
-                  var _ref3, _s$source_type, _s$source_id, _ref4, _s$source_name;
-                  return {
-                    source_type: (_ref3 = (_s$source_type = s.source_type) !== null && _s$source_type !== void 0 ? _s$source_type : s.sourceType) !== null && _ref3 !== void 0 ? _ref3 : 'website',
-                    source_id: (_s$source_id = s.source_id) !== null && _s$source_id !== void 0 ? _s$source_id : s.sourceid,
-                    source_name: (_ref4 = (_s$source_name = s.source_name) !== null && _s$source_name !== void 0 ? _s$source_name : s.sourceName) !== null && _ref4 !== void 0 ? _ref4 : '',
-                    url: s.url
-                  };
-                }).filter(s => s.source_id || s.url) : [];
-                return _objectSpread2(_objectSpread2(_objectSpread2({}, createMessage({
-                  id: msg.id || "history-".concat(index, "-").concat(Date.now()),
-                  role: msg.role || (msg.sender === 'user' ? 'user' : 'assistant'),
-                  content: msg.message || msg.content || ''
-                })), {}, {
-                  timestamp: msg.time ? new Date(msg.time) : new Date()
-                }, Array.isArray(msg.prompts) && msg.prompts.length > 0 ? {
-                  prompts: msg.prompts
-                } : {}), sources.length > 0 ? {
-                  sources
-                } : {});
+          const stored = getSessionMessages(organizationId, bidiSessionId);
+          if (stored.length > 0) {
+            historyHasMessagesRef.current = true;
+            // Prepend the welcome message so reloads still lead with it,
+            // matching the pre-localStorage replay behaviour. The welcome
+            // message is client-only, never written to the messages bucket,
+            // so it needs to be reattached on every hydrate.
+            if (welcomeMessage) {
+              var _stored$;
+              const firstTs = (_stored$ = stored[0]) === null || _stored$ === void 0 ? void 0 : _stored$.timestamp;
+              const firstTsMs = firstTs instanceof Date ? firstTs.getTime() : firstTs ? new Date(firstTs).getTime() : Date.now();
+              const welcomeMsg = _objectSpread2(_objectSpread2({}, createMessage({
+                id: 'welcome-restored',
+                role: 'assistant',
+                content: welcomeMessage
+              })), {}, {
+                isWelcome: true,
+                timestamp: new Date(firstTsMs - 1)
               });
+              setMessages([welcomeMsg, ...stored]);
+            } else {
+              setMessages(stored);
+            }
 
-              // If the API didn't return prompts on any message, restore from localStorage
-              const hasAnyPrompts = historyMessages.some(m => m.role === 'assistant' && Array.isArray(m.prompts) && m.prompts.length > 0);
-              if (!hasAnyPrompts) {
-                const savedPrompts = getPromptSuggestions(organizationId);
-                if (savedPrompts.length > 0) {
-                  // Attach saved prompts to the last assistant message
-                  for (let i = historyMessages.length - 1; i >= 0; i -= 1) {
-                    if (historyMessages[i].role === 'assistant') {
-                      historyMessages[i] = _objectSpread2(_objectSpread2({}, historyMessages[i]), {}, {
+            // If no message in the restored transcript carries prompt
+            // suggestions, fall back to the legacy per-org bucket. Preserves
+            // the "prompts survive refresh" UX even when the persistence layer
+            // hasn't seen an assistant turn yet.
+            const hasAnyPrompts = stored.some(m => m.role === 'assistant' && Array.isArray(m.prompts) && m.prompts.length > 0);
+            if (!hasAnyPrompts) {
+              const savedPrompts = getPromptSuggestions(organizationId);
+              if (savedPrompts.length > 0) {
+                setMessages(prev => {
+                  const next = [...prev];
+                  for (let i = next.length - 1; i >= 0; i -= 1) {
+                    if (next[i].role === 'assistant') {
+                      next[i] = _objectSpread2(_objectSpread2({}, next[i]), {}, {
                         prompts: savedPrompts
                       });
                       break;
                     }
                   }
-                }
-              }
-
-              // Always prepend the welcome message so it shows at the top after refresh,
-              // matching chatbot-preview behaviour (welcome message is client-side only
-              // and is not stored in server history).
-              // Use a timestamp before the first history message so it sorts first
-              // (activeMessages is sorted by timestamp before being passed to the UI).
-              if (welcomeMessage) {
-                var _historyMessages$;
-                const firstTs = (_historyMessages$ = historyMessages[0]) === null || _historyMessages$ === void 0 ? void 0 : _historyMessages$.timestamp;
-                const firstTsMs = firstTs instanceof Date ? firstTs.getTime() : firstTs ? new Date(firstTs).getTime() : Date.now();
-                const welcomeMsg = _objectSpread2(_objectSpread2({}, createMessage({
-                  id: 'welcome-restored',
-                  role: 'assistant',
-                  content: welcomeMessage
-                })), {}, {
-                  isWelcome: true,
-                  timestamp: new Date(firstTsMs - 1)
+                  return next;
                 });
-                setMessages([welcomeMsg, ...historyMessages]);
-              } else {
-                setMessages(historyMessages);
               }
             }
-          }).catch(err => {
-            console.error('[Session] History fetch failed:', err);
-          }).finally(() => {
-            setIsConversationLoading(false);
-          });
+          }
         }
       } else {
         // Session is expired, invalid, or non-existent
@@ -9236,9 +9233,27 @@
         if (existing && bidiSessionId === existing.conversationId) {
           const newId = "widget-session-".concat(Math.random().toString(36).slice(2, 9));
           console.warn("[Session] Rotating expired ID ".concat(bidiSessionId, " -> ").concat(newId));
+          // Drop the expired conversation's localStorage transcript before
+          // rotating — otherwise the bucket sticks around forever (the key
+          // includes the conversationId, so it'd never get hit again but
+          // would still occupy origin storage on the customer's site).
+          clearSessionMessages(organizationId, bidiSessionId);
           setBidiSessionId(newId);
           // Note: saveSession will be called on the next run with the newId
         } else {
+          // Cold-start cleanup: the `useState` initializer above generates a
+          // FRESH `bidiSessionId` when it can't reuse the stored session (timeout
+          // expired before reload, settings snapshot mismatched, or the deploy-
+          // agent payload was still loading at first paint so it couldn't run
+          // `isSessionValid`). In that case `existing.conversationId` points to
+          // a now-stale conversation whose messages bucket would otherwise be
+          // orphaned forever — `clearSession` runs in `resetConversation` (which
+          // we never hit here) and the rotate-id branch above only fires when
+          // the IDs match. Mirror the frontend `useSessionManager` hydrate
+          // effect: clean up the stale bucket before we save the new session.
+          if (existing !== null && existing !== void 0 && existing.conversationId && existing.conversationId !== bidiSessionId) {
+            clearSessionMessages(organizationId, existing.conversationId);
+          }
           // We have a fresh ID (either from initializer or rotation), persist it if not already there
           if (!existing || existing.conversationId !== bidiSessionId) {
             saveSession(organizationId, bidiSessionId, {
@@ -9264,6 +9279,29 @@
       }
     }, [messages, organizationId]);
 
+    // ── Sliding-window trim: drop the oldest TRIM_BATCH messages when state
+    // exceeds CAP. Runs only when no message is mid-stream so we never slice
+    // through a partial assistant token. Mutates React state (matches the
+    // intended UX — old scrollback drops in front of the user once the cap is
+    // hit, keeping what's on screen identical to what's in localStorage).
+    reactExports.useEffect(() => {
+      if (isConversationLoading || isLoading) return;
+      if (messages.length <= resolvedMessageLimits.cap) return;
+      setMessages(prev => applyMessageCap(prev, resolvedMessageLimits.cap, resolvedMessageLimits.trimBatch));
+    }, [messages.length, isConversationLoading, isLoading, resolvedMessageLimits.cap, resolvedMessageLimits.trimBatch]);
+
+    // ── Persist a settled snapshot of the transcript. We write only when
+    // streaming/voice traffic has quiesced so a partial assistant message
+    // never lands in localStorage — on reload the next snapshot will reflect
+    // the completed turn. Skipped while history is hydrating (initial mount
+    // race) so the first restore isn't immediately overwritten by an empty
+    // pre-hydrate state.
+    reactExports.useEffect(() => {
+      if (!organizationId || !bidiSessionId) return;
+      if (isConversationLoading || isLoading) return;
+      saveSessionMessages(organizationId, bidiSessionId, messages, resolvedMessageLimits);
+    }, [messages, organizationId, bidiSessionId, isConversationLoading, isLoading, resolvedMessageLimits]);
+
     // Show the onboarding form on first load; bypass it if already completed (persisted in session)
     reactExports.useEffect(() => {
       if (!onboardingEnabled || onboardingCompleted) return;
@@ -10252,11 +10290,11 @@
       const rawSources = (_event$sources = event.sources) !== null && _event$sources !== void 0 ? _event$sources : event.Sources;
       if (Array.isArray(rawSources) && rawSources.length > 0) {
         const normalizedSources = rawSources.map(s => {
-          var _ref5, _s$source_type2, _ref6, _s$source_id2, _ref7, _s$source_name2;
+          var _ref3, _s$source_type, _ref4, _s$source_id, _ref5, _s$source_name;
           return {
-            source_type: (_ref5 = (_s$source_type2 = s.source_type) !== null && _s$source_type2 !== void 0 ? _s$source_type2 : s.sourceType) !== null && _ref5 !== void 0 ? _ref5 : 'file',
-            source_id: (_ref6 = (_s$source_id2 = s.source_id) !== null && _s$source_id2 !== void 0 ? _s$source_id2 : s.sourceid) !== null && _ref6 !== void 0 ? _ref6 : s.sourceId,
-            source_name: (_ref7 = (_s$source_name2 = s.source_name) !== null && _s$source_name2 !== void 0 ? _s$source_name2 : s.sourceName) !== null && _ref7 !== void 0 ? _ref7 : '',
+            source_type: (_ref3 = (_s$source_type = s.source_type) !== null && _s$source_type !== void 0 ? _s$source_type : s.sourceType) !== null && _ref3 !== void 0 ? _ref3 : 'file',
+            source_id: (_ref4 = (_s$source_id = s.source_id) !== null && _s$source_id !== void 0 ? _s$source_id : s.sourceid) !== null && _ref4 !== void 0 ? _ref4 : s.sourceId,
+            source_name: (_ref5 = (_s$source_name = s.source_name) !== null && _s$source_name !== void 0 ? _s$source_name : s.sourceName) !== null && _ref5 !== void 0 ? _ref5 : '',
             url: s.url
           };
         }).filter(s => s.source_id || s.url);
@@ -10563,6 +10601,10 @@
       setMessages([]);
       setBidiMessages([]);
 
+      // Drop the localStorage transcript for the conversation we're abandoning
+      // BEFORE we rotate to a fresh sessionId, otherwise the old bucket leaks.
+      clearSessionMessages(organizationId, bidiSessionId);
+
       // Reset onboarding
       setOnboardingActive(false);
       setOnboardingCompleted(false);
@@ -10601,7 +10643,7 @@
           setOnboardingActive(true);
         }
       }
-    }, [organizationId, welcomeMessage, onboardingEnabled, onboardingQuestions]);
+    }, [organizationId, bidiSessionId, welcomeMessage, onboardingEnabled, onboardingQuestions, inactivityTimeoutValue, inactivityTimeoutUnit]);
 
     // Keep a stable ref to resetConversation so the timer effect does not need to
     // list it as a dependency (avoids spurious re-runs — and spurious updateActivity
@@ -60277,6 +60319,64 @@
     });
   };
 
+  const createSession = async config => {
+    // Initialize chat session if needed
+    if (config.sessionUrl) {
+      try {
+        const response = await fetch(config.sessionUrl, {
+          method: "POST",
+          headers: _objectSpread2({
+            "Content-Type": "application/json"
+          }, config.apiKey && {
+            Authorization: "Bearer ".concat(config.apiKey)
+          }),
+          body: JSON.stringify({
+            userId: config.userId,
+            userName: config.userName,
+            userEmail: config.userEmail
+          }),
+          credentials: "include"
+        });
+        const data = await response.json();
+        return data.sessionId;
+      } catch (error) {
+        console.error("Session creation error:", error);
+        return null;
+      }
+    }
+    return null;
+  };
+
+  /**
+   * Fetches agent configuration from the deploy-agent endpoint
+   * @param {string} apiBaseUrl - Base URL for the API
+   * @param {string} orgId - Organization ID
+   * @returns {Promise<object>} Agent configuration object
+   */
+  const fetchAgentConfig = async (apiBaseUrl, orgId) => {
+    if (!apiBaseUrl || !orgId) {
+      throw new Error("apiBaseUrl and orgId are required");
+    }
+    try {
+      const url = "".concat(apiBaseUrl.replace(/\/$/, ''), "/api/v1/deploy-agent/").concat(orgId);
+      const response = await fetch(url, {
+        method: "GET",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        credentials: "include"
+      });
+      if (!response.ok) {
+        throw new Error("HTTP error! status: ".concat(response.status));
+      }
+      const data = await response.json();
+      return data;
+    } catch (error) {
+      console.error("Failed to fetch agent configuration:", error);
+      throw error;
+    }
+  };
+
   const ChatWidget = _ref => {
     var _agentConfig$concierg;
     let {
@@ -60528,7 +60628,13 @@
       onboardingEnabled: widgetConfig.onboardingEnabled,
       collectionPrompt: widgetConfig.collectionPrompt,
       inactivityTimeoutValue: widgetConfig.inactivityTimeoutValue,
-      inactivityTimeoutUnit: widgetConfig.inactivityTimeoutUnit
+      inactivityTimeoutUnit: widgetConfig.inactivityTimeoutUnit,
+      // Sliding-window cap for the localStorage transcript. Comes from
+      // GET /deploy-agent/:orgId → agentConfig.messageLimits (single
+      // source of truth across surfaces). When the field is missing
+      // (older backend / fetch in flight) the hook falls back to its
+      // module-level defaults so chat never blocks on this.
+      messageLimits: agentConfig === null || agentConfig === void 0 ? void 0 : agentConfig.messageLimits
     } : defaultConfig);
 
     // Feedback handler — POST to /api/v1/support/feedback