npm - @eshal-bot/chat-widget - Versions diffs - 0.1.40 → 0.1.42 - Mend

@eshal-bot/chat-widget 0.1.40 → 0.1.42

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/chat-widget.esm.js +5 -5
package/dist/chat-widget.js +301 -190
package/dist/chat-widget.min.js +6 -6
package/dist/chat-widget.umd.js +5 -5
package/package.json +1 -1
package/dist/chat-widget.esm.js.map +0 -1
package/dist/chat-widget.js.map +0 -1
package/dist/chat-widget.umd.js.map +0 -1

package/dist/chat-widget.js CHANGED Viewed

@@ -8582,31 +8582,34 @@
   };
   /**
-   * Constructs the WebSocket URL.
-   * @param {string} apiBaseUrl - The base URL of the API (used when wsBaseUrl is not provided).
-   * @param {string} [wsBaseUrl] - Explicit WebSocket base URL (e.g. wss://knowledge-api-prod.eshal.ai/ws).
-   *                               When provided, it is returned directly without any transformation.
-   * @returns {string} The WebSocket base URL.
+   * Constructs the voice WebSocket base URL — ALWAYS derived from the API
+   * base URL the widget is embedded with, as `wss://{host}/voice/ws`.
+   *
+   * `/voice/ws/{org}/{session}` is terminated by the frontend custom server
+   * (packages/frontend/server.js), which proxies it in-cluster to
+   * knowledge-api on `/ws`. The widget always talks to the same origin it
+   * loaded its config from, so the WS endpoint is fully determined by
+   * `apiBaseUrl`. There is intentionally NO override parameter: voice can
+   * never be pointed at the (no-longer-public) knowledge-api LoadBalancer by
+   * a stale embed option or backend config value.
+   *
+   * @param {string} apiBaseUrl - Frontend base URL, e.g. https://demo.eshal.ai
+   * @returns {string} Voice WS base, e.g. wss://demo.eshal.ai/voice/ws
    */
-  const getWebSocketUrl = (apiBaseUrl, wsBaseUrl) => {
-    if (wsBaseUrl) {
-      return wsBaseUrl.replace(/\/$/, '');
-    }
+  const getWebSocketUrl = apiBaseUrl => {
     if (!apiBaseUrl) {
-      // Default fallback if no API base URL is provided
+      // No base URL yet (config still loading) — safe public default.
       return 'wss://dev.eshal.ai/voice/ws';
     }
     try {
       const url = new URL(apiBaseUrl);
-      // Replace http/https with ws/wss
+      // http→ws, https→wss; point at the frontend voice-proxy path.
       url.protocol = url.protocol.replace(/^http/, 'ws');
-      // Append the WebSocket specific path
       url.pathname = '/voice/ws';
-      // Ensure it returns a clean URL without extra slashes
+      // Clean URL without a trailing slash.
       return url.toString().replace(/\/$/, '');
     } catch (error) {
       console.error("Invalid API base URL provided for WebSocket:", error);
-      // Fallback to default if URL parsing fails
       return 'wss://dev.eshal.ai/voice/ws';
     }
   };
@@ -8664,94 +8667,102 @@
     return (_ONBOARDING_FIELD_ORD = ONBOARDING_FIELD_ORDER[key]) !== null && _ONBOARDING_FIELD_ORD !== void 0 ? _ONBOARDING_FIELD_ORD : 99;
   };
-  const createSession = async config => {
-    // Initialize chat session if needed
-    if (config.sessionUrl) {
-      try {
-        const response = await fetch(config.sessionUrl, {
-          method: "POST",
-          headers: _objectSpread2({
-            "Content-Type": "application/json"
-          }, config.apiKey && {
-            Authorization: "Bearer ".concat(config.apiKey)
-          }),
-          body: JSON.stringify({
-            userId: config.userId,
-            userName: config.userName,
-            userEmail: config.userEmail
-          }),
-          credentials: "include"
-        });
-        const data = await response.json();
-        return data.sessionId;
-      } catch (error) {
-        console.error("Session creation error:", error);
-        return null;
-      }
-    }
-    return null;
-  };
+  const SESSION_KEY$1 = 'eshal_chat_session';
+  const SESSION_MSG_KEY = 'eshal_chat_session_messages';
+  // Defaults used when the deploy-agent payload hasn't resolved yet (first paint
+  // race) or doesn't include `messageLimits` (older backend). The authoritative
+  // values come from the backend via `WIDGET_CONFIG.MESSAGE_LIMITS`.
+  const DEFAULT_MESSAGE_CAP = 200;
+  const DEFAULT_MESSAGE_TRIM_BATCH = 50;
   /**
-   * Fetches conversation history for a given org and conversation
-   * @param {string} apiBaseUrl - Base URL for the API
-   * @param {string} orgId - Organization ID
-   * @param {string} conversationId - Conversation ID
-   * @returns {Promise<Array>} Array of messages
-   */
-  const fetchConversationHistory = async (apiBaseUrl, orgId, conversationId) => {
-    if (!apiBaseUrl || !orgId || !conversationId) {
-      throw new Error("apiBaseUrl, orgId, and conversationId are required");
-    }
-    const url = "".concat(apiBaseUrl.replace(/\/$/, ''), "/api/v1/conversations/").concat(orgId, "/").concat(conversationId);
-    const response = await fetch(url, {
-      method: "GET",
-      headers: {
-        "Content-Type": "application/json"
-      },
-      credentials: "include"
+   * Sliding-window trim. Once the transcript exceeds `cap`, slice off the
+   * oldest `trimBatch` messages — when both surfaces are at steady state the
+   * loop runs at most once; the `while` is defensive against bursts (e.g. a
+   * voice turn that lands several transcription chunks in one tick) that
+   * push length far past the cap in a single render.
+   */
+  function applyMessageCap(messages) {
+    let cap = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : DEFAULT_MESSAGE_CAP;
+    let trimBatch = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : DEFAULT_MESSAGE_TRIM_BATCH;
+    if (!Array.isArray(messages)) return [];
+    if (typeof cap !== 'number' || cap <= 0) cap = DEFAULT_MESSAGE_CAP;
+    if (typeof trimBatch !== 'number' || trimBatch <= 0 || trimBatch >= cap) {
+      trimBatch = Math.min(DEFAULT_MESSAGE_TRIM_BATCH, cap - 1);
+    }
+    let m = messages;
+    while (m.length > cap) m = m.slice(trimBatch);
+    return m;
+  }
+  // Strip transient fields (in-flight streaming flags, Date objects) so the
+  // persisted shape is stable across React re-mounts. Keep the bits the UI
+  // needs to render a faithful replay: role + content + timestamp + per-message
+  // metadata (sources, feedback, prompt suggestions, content type).
+  //
+  // The welcome message is INTENTIONALLY excluded. It's client-side display
+  // state generated from `widgetConfig.welcomeMessage` on every mount; the
+  // hydrate path always prepends a fresh welcome above the restored history.
+  // Persisting it would cause a duplicate-welcome render on reload because the
+  // stored copy lacks the `isWelcome` flag (sanitize would strip it) and gets
+  // rendered as a regular assistant message alongside the freshly-added one.
+  function sanitizeMessagesForStorage(messages) {
+    if (!Array.isArray(messages)) return [];
+    return messages.filter(m => m && !m.isWelcome && (m.content || Array.isArray(m.sources) && m.sources.length > 0)).map(m => {
+      var _m$type;
+      return _objectSpread2(_objectSpread2(_objectSpread2({
+        id: m.id,
+        role: m.role,
+        content: m.content,
+        timestamp: m.timestamp instanceof Date ? m.timestamp.toISOString() : typeof m.timestamp === 'string' ? m.timestamp : new Date().toISOString(),
+        type: (_m$type = m.type) !== null && _m$type !== void 0 ? _m$type : null
+      }, Array.isArray(m.sources) && m.sources.length > 0 ? {
+        sources: m.sources
+      } : {}), m.feedback !== undefined ? {
+        feedback: m.feedback
+      } : {}), Array.isArray(m.prompts) && m.prompts.length > 0 ? {
+        prompts: m.prompts
+      } : {});
     });
-    if (response.status === 404) {
-      return []; // No history for this conversation yet
-    }
-    if (!response.ok) {
-      throw new Error("HTTP error! status: ".concat(response.status));
+  }
+  const saveSessionMessages = (orgId, conversationId, messages, limits) => {
+    if (!orgId || !conversationId) return;
+    try {
+      const cap = limits === null || limits === void 0 ? void 0 : limits.cap;
+      const trimBatch = limits === null || limits === void 0 ? void 0 : limits.trimBatch;
+      const trimmed = applyMessageCap(messages, cap, trimBatch);
+      const sanitized = sanitizeMessagesForStorage(trimmed);
+      localStorage.setItem("".concat(SESSION_MSG_KEY, "_").concat(orgId, "_").concat(conversationId), JSON.stringify(sanitized));
+    } catch (_unused) {
+      // Quota / private-mode / serialization failure — drop silently. The
+      // user-visible chat is unaffected; only the post-reload replay is lost.
     }
-    const data = await response.json();
-    return data.messages || [];
   };
-  /**
-   * Fetches agent configuration from the deploy-agent endpoint
-   * @param {string} apiBaseUrl - Base URL for the API
-   * @param {string} orgId - Organization ID
-   * @returns {Promise<object>} Agent configuration object
-   */
-  const fetchAgentConfig = async (apiBaseUrl, orgId) => {
-    if (!apiBaseUrl || !orgId) {
-      throw new Error("apiBaseUrl and orgId are required");
+  const getSessionMessages = (orgId, conversationId) => {
+    if (!orgId || !conversationId) return [];
+    try {
+      const raw = localStorage.getItem("".concat(SESSION_MSG_KEY, "_").concat(orgId, "_").concat(conversationId));
+      if (!raw) return [];
+      const parsed = JSON.parse(raw);
+      if (!Array.isArray(parsed)) return [];
+      // Restore Date objects so MessageList timestamp formatting works without
+      // every downstream consumer doing the conversion itself.
+      return parsed.map(m => _objectSpread2(_objectSpread2({}, m), {}, {
+        timestamp: m.timestamp ? new Date(m.timestamp) : new Date()
+      }));
+    } catch (_unused2) {
+      return [];
     }
+  };
+  const clearSessionMessages = (orgId, conversationId) => {
+    if (!orgId || !conversationId) return;
     try {
-      const url = "".concat(apiBaseUrl.replace(/\/$/, ''), "/api/v1/deploy-agent/").concat(orgId);
-      const response = await fetch(url, {
-        method: "GET",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        credentials: "include"
-      });
-      if (!response.ok) {
-        throw new Error("HTTP error! status: ".concat(response.status));
-      }
-      const data = await response.json();
-      return data;
-    } catch (error) {
-      console.error("Failed to fetch agent configuration:", error);
-      throw error;
+      localStorage.removeItem("".concat(SESSION_MSG_KEY, "_").concat(orgId, "_").concat(conversationId));
+    } catch (_unused3) {
+      // ignore
     }
   };
-  const SESSION_KEY$1 = 'eshal_chat_session';
   const getTimeoutMs = (value, unit) => {
     if (value === undefined || value === null || !unit) return null;
     const multipliers = {
@@ -8772,7 +8783,7 @@
       const raw = localStorage.getItem("".concat(SESSION_KEY$1, "_").concat(orgId));
       if (!raw) return null;
       return JSON.parse(raw);
-    } catch (_unused) {
+    } catch (_unused4) {
       return null;
     }
   };
@@ -8822,7 +8833,7 @@
         createdAt: now,
         firstInteractionAt: null
       }, extra)));
-    } catch (_unused2) {}
+    } catch (_unused5) {}
   };
   const updateActivity = orgId => {
     try {
@@ -8836,7 +8847,7 @@
         session.firstInteractionAt = now;
       }
       localStorage.setItem("".concat(SESSION_KEY$1, "_").concat(orgId), JSON.stringify(session));
-    } catch (_unused3) {}
+    } catch (_unused6) {}
   };
   const markOnboardingCompleted = orgId => {
     try {
@@ -8844,7 +8855,7 @@
       if (!session) return;
       session.onboardingCompleted = true;
       localStorage.setItem("".concat(SESSION_KEY$1, "_").concat(orgId), JSON.stringify(session));
-    } catch (_unused4) {}
+    } catch (_unused7) {}
   };
   const markCsatSubmitted = orgId => {
     try {
@@ -8852,12 +8863,21 @@
       if (!session) return;
       session.csatSubmitted = true;
       localStorage.setItem("".concat(SESSION_KEY$1, "_").concat(orgId), JSON.stringify(session));
-    } catch (_unused5) {}
+    } catch (_unused8) {}
   };
   const clearSession$2 = orgId => {
     try {
+      // Read the session BEFORE removing it so we know which messages bucket to
+      // clear. Inactivity sweepers / explicit resets call this path; leaving the
+      // messages bucket behind would resurrect the prior transcript when a new
+      // session happens to land on the same conversationId (extremely rare, but
+      // free to defend against).
+      const existing = getSession(orgId);
       localStorage.removeItem("".concat(SESSION_KEY$1, "_").concat(orgId));
-    } catch (_unused6) {}
+      if (existing !== null && existing !== void 0 && existing.conversationId) {
+        clearSessionMessages(orgId, existing.conversationId);
+      }
+    } catch (_unused9) {}
   };
   const savePromptSuggestions = (orgId, prompts) => {
     try {
@@ -8867,14 +8887,14 @@
         return;
       }
       localStorage.setItem("".concat(SESSION_KEY$1, "_prompts_").concat(orgId), JSON.stringify(prompts));
-    } catch (_unused7) {}
+    } catch (_unused0) {}
   };
   const getPromptSuggestions = orgId => {
     try {
       const raw = localStorage.getItem("".concat(SESSION_KEY$1, "_prompts_").concat(orgId));
       if (!raw) return [];
       return JSON.parse(raw) || [];
-    } catch (_unused8) {
+    } catch (_unused1) {
       return [];
     }
   };
@@ -8909,7 +8929,6 @@
       welcomeMessage,
       quickQuestions = [],
       apiBaseUrl,
-      wsBaseUrl,
       apiKey,
       organizationId,
       autoOpen,
@@ -8920,8 +8939,17 @@
       onboardingEnabled = false,
       collectionPrompt,
       inactivityTimeoutValue,
-      inactivityTimeoutUnit
+      inactivityTimeoutUnit,
+      // Sliding-window limits for the persisted transcript. Sourced from the
+      // backend's `messageLimits` field on the deploy-agent payload so per-env
+      // configuration ships through one channel. Falls back to module defaults
+      // during the brief mount window before the deploy-agent fetch resolves.
+      messageLimits
     } = _ref2;
+    const resolvedMessageLimits = reactExports.useMemo(() => ({
+      cap: typeof (messageLimits === null || messageLimits === void 0 ? void 0 : messageLimits.cap) === 'number' && messageLimits.cap > 0 ? messageLimits.cap : DEFAULT_MESSAGE_CAP,
+      trimBatch: typeof (messageLimits === null || messageLimits === void 0 ? void 0 : messageLimits.trimBatch) === 'number' && messageLimits.trimBatch > 0 ? messageLimits.trimBatch : DEFAULT_MESSAGE_TRIM_BATCH
+    }), [messageLimits === null || messageLimits === void 0 ? void 0 : messageLimits.cap, messageLimits === null || messageLimits === void 0 ? void 0 : messageLimits.trimBatch]);
     const [isOpen, setIsOpen] = reactExports.useState(autoOpen);
     const [isMinimized, setIsMinimized] = reactExports.useState(false);
     const [isDark, setIsDark] = reactExports.useState(darkMode);
@@ -9051,8 +9079,9 @@
     const visitorProfileRef = reactExports.useRef(null);
     const websocketUrl = reactExports.useMemo(() => {
       if (!organizationId) return null;
-      // Construct WebSocket URL from the API base URL
-      const resolvedWsBaseUrl = getWebSocketUrl(apiBaseUrl, wsBaseUrl);
+      // Voice WS base is always derived from apiBaseUrl (the frontend origin
+      // the widget is embedded with) → wss://{host}/voice/ws. No override.
+      const resolvedWsBaseUrl = getWebSocketUrl(apiBaseUrl);
       return "".concat(resolvedWsBaseUrl, "/").concat(organizationId, "/").concat(bidiSessionId);
     }, [apiBaseUrl, organizationId, bidiSessionId]);
     const getNextMessageId = reactExports.useCallback(() => {
@@ -9140,91 +9169,62 @@
           return;
         }
-        // Restore session — fetch conversation history once
-        if (!historyLoadedRef.current && apiBaseUrl) {
+        // Restore session — hydrate from localStorage only. We no longer hit
+        // `GET /api/v1/conversations/:orgId/:conversationId` because orgs with
+        // the Eshal Inbox conversation route turned OFF never get rows written
+        // (`isInboxRouteEnabled` gates persistence) and the empty backend reply
+        // was wiping the on-screen transcript on every reload. localStorage is
+        // now the only source of session replay; inbox-on orgs still see their
+        // full transcript because every settled message is mirrored locally.
+        if (!historyLoadedRef.current) {
           historyLoadedRef.current = true;
-          setIsConversationLoading(true);
-          fetchConversationHistory(apiBaseUrl, organizationId, bidiSessionId).then(msgs => {
-            // Filter out onboarding field messages (name/email/phone) so they don't appear as chat bubbles
-            const ONBOARDING_TYPES = ['userName', 'email', 'phone', 'fullname', 'mobileno', 'name'];
-            const chatMsgs = msgs.filter(msg => {
-              const msgType = msg.type || msg.messageType;
-              if (msgType && ONBOARDING_TYPES.includes(msgType)) return false;
-              return true;
-            });
-            if (chatMsgs.length > 0) {
-              historyHasMessagesRef.current = true;
-              const historyMessages = chatMsgs.map((msg, index) => {
-                var _msg$Sources;
-                // Normalize sources — backend may store them as "Sources" (capital) with
-                // "sourceid" (no underscore). Map to the shape MessageSources expects.
-                const rawSources = (_msg$Sources = msg.Sources) !== null && _msg$Sources !== void 0 ? _msg$Sources : msg.sources;
-                const sources = Array.isArray(rawSources) ? rawSources.map(s => {
-                  var _ref3, _s$source_type, _s$source_id, _ref4, _s$source_name;
-                  return {
-                    source_type: (_ref3 = (_s$source_type = s.source_type) !== null && _s$source_type !== void 0 ? _s$source_type : s.sourceType) !== null && _ref3 !== void 0 ? _ref3 : 'website',
-                    source_id: (_s$source_id = s.source_id) !== null && _s$source_id !== void 0 ? _s$source_id : s.sourceid,
-                    source_name: (_ref4 = (_s$source_name = s.source_name) !== null && _s$source_name !== void 0 ? _s$source_name : s.sourceName) !== null && _ref4 !== void 0 ? _ref4 : '',
-                    url: s.url
-                  };
-                }).filter(s => s.source_id || s.url) : [];
-                return _objectSpread2(_objectSpread2(_objectSpread2({}, createMessage({
-                  id: msg.id || "history-".concat(index, "-").concat(Date.now()),
-                  role: msg.role || (msg.sender === 'user' ? 'user' : 'assistant'),
-                  content: msg.message || msg.content || ''
-                })), {}, {
-                  timestamp: msg.time ? new Date(msg.time) : new Date()
-                }, Array.isArray(msg.prompts) && msg.prompts.length > 0 ? {
-                  prompts: msg.prompts
-                } : {}), sources.length > 0 ? {
-                  sources
-                } : {});
+          const stored = getSessionMessages(organizationId, bidiSessionId);
+          if (stored.length > 0) {
+            historyHasMessagesRef.current = true;
+            // Prepend the welcome message so reloads still lead with it,
+            // matching the pre-localStorage replay behaviour. The welcome
+            // message is client-only, never written to the messages bucket,
+            // so it needs to be reattached on every hydrate.
+            if (welcomeMessage) {
+              var _stored$;
+              const firstTs = (_stored$ = stored[0]) === null || _stored$ === void 0 ? void 0 : _stored$.timestamp;
+              const firstTsMs = firstTs instanceof Date ? firstTs.getTime() : firstTs ? new Date(firstTs).getTime() : Date.now();
+              const welcomeMsg = _objectSpread2(_objectSpread2({}, createMessage({
+                id: 'welcome-restored',
+                role: 'assistant',
+                content: welcomeMessage
+              })), {}, {
+                isWelcome: true,
+                timestamp: new Date(firstTsMs - 1)
               });
+              setMessages([welcomeMsg, ...stored]);
+            } else {
+              setMessages(stored);
+            }
-              // If the API didn't return prompts on any message, restore from localStorage
-              const hasAnyPrompts = historyMessages.some(m => m.role === 'assistant' && Array.isArray(m.prompts) && m.prompts.length > 0);
-              if (!hasAnyPrompts) {
-                const savedPrompts = getPromptSuggestions(organizationId);
-                if (savedPrompts.length > 0) {
-                  // Attach saved prompts to the last assistant message
-                  for (let i = historyMessages.length - 1; i >= 0; i -= 1) {
-                    if (historyMessages[i].role === 'assistant') {
-                      historyMessages[i] = _objectSpread2(_objectSpread2({}, historyMessages[i]), {}, {
+            // If no message in the restored transcript carries prompt
+            // suggestions, fall back to the legacy per-org bucket. Preserves
+            // the "prompts survive refresh" UX even when the persistence layer
+            // hasn't seen an assistant turn yet.
+            const hasAnyPrompts = stored.some(m => m.role === 'assistant' && Array.isArray(m.prompts) && m.prompts.length > 0);
+            if (!hasAnyPrompts) {
+              const savedPrompts = getPromptSuggestions(organizationId);
+              if (savedPrompts.length > 0) {
+                setMessages(prev => {
+                  const next = [...prev];
+                  for (let i = next.length - 1; i >= 0; i -= 1) {
+                    if (next[i].role === 'assistant') {
+                      next[i] = _objectSpread2(_objectSpread2({}, next[i]), {}, {
                         prompts: savedPrompts
                       });
                       break;
                     }
                   }
-                }
-              }
-              // Always prepend the welcome message so it shows at the top after refresh,
-              // matching chatbot-preview behaviour (welcome message is client-side only
-              // and is not stored in server history).
-              // Use a timestamp before the first history message so it sorts first
-              // (activeMessages is sorted by timestamp before being passed to the UI).
-              if (welcomeMessage) {
-                var _historyMessages$;
-                const firstTs = (_historyMessages$ = historyMessages[0]) === null || _historyMessages$ === void 0 ? void 0 : _historyMessages$.timestamp;
-                const firstTsMs = firstTs instanceof Date ? firstTs.getTime() : firstTs ? new Date(firstTs).getTime() : Date.now();
-                const welcomeMsg = _objectSpread2(_objectSpread2({}, createMessage({
-                  id: 'welcome-restored',
-                  role: 'assistant',
-                  content: welcomeMessage
-                })), {}, {
-                  isWelcome: true,
-                  timestamp: new Date(firstTsMs - 1)
+                  return next;
                 });
-                setMessages([welcomeMsg, ...historyMessages]);
-              } else {
-                setMessages(historyMessages);
               }
             }
-          }).catch(err => {
-            console.error('[Session] History fetch failed:', err);
-          }).finally(() => {
-            setIsConversationLoading(false);
-          });
+          }
         }
       } else {
         // Session is expired, invalid, or non-existent
@@ -9236,9 +9236,27 @@
         if (existing && bidiSessionId === existing.conversationId) {
           const newId = "widget-session-".concat(Math.random().toString(36).slice(2, 9));
           console.warn("[Session] Rotating expired ID ".concat(bidiSessionId, " -> ").concat(newId));
+          // Drop the expired conversation's localStorage transcript before
+          // rotating — otherwise the bucket sticks around forever (the key
+          // includes the conversationId, so it'd never get hit again but
+          // would still occupy origin storage on the customer's site).
+          clearSessionMessages(organizationId, bidiSessionId);
           setBidiSessionId(newId);
           // Note: saveSession will be called on the next run with the newId
         } else {
+          // Cold-start cleanup: the `useState` initializer above generates a
+          // FRESH `bidiSessionId` when it can't reuse the stored session (timeout
+          // expired before reload, settings snapshot mismatched, or the deploy-
+          // agent payload was still loading at first paint so it couldn't run
+          // `isSessionValid`). In that case `existing.conversationId` points to
+          // a now-stale conversation whose messages bucket would otherwise be
+          // orphaned forever — `clearSession` runs in `resetConversation` (which
+          // we never hit here) and the rotate-id branch above only fires when
+          // the IDs match. Mirror the frontend `useSessionManager` hydrate
+          // effect: clean up the stale bucket before we save the new session.
+          if (existing !== null && existing !== void 0 && existing.conversationId && existing.conversationId !== bidiSessionId) {
+            clearSessionMessages(organizationId, existing.conversationId);
+          }
           // We have a fresh ID (either from initializer or rotation), persist it if not already there
           if (!existing || existing.conversationId !== bidiSessionId) {
             saveSession(organizationId, bidiSessionId, {
@@ -9264,6 +9282,29 @@
       }
     }, [messages, organizationId]);
+    // ── Sliding-window trim: drop the oldest TRIM_BATCH messages when state
+    // exceeds CAP. Runs only when no message is mid-stream so we never slice
+    // through a partial assistant token. Mutates React state (matches the
+    // intended UX — old scrollback drops in front of the user once the cap is
+    // hit, keeping what's on screen identical to what's in localStorage).
+    reactExports.useEffect(() => {
+      if (isConversationLoading || isLoading) return;
+      if (messages.length <= resolvedMessageLimits.cap) return;
+      setMessages(prev => applyMessageCap(prev, resolvedMessageLimits.cap, resolvedMessageLimits.trimBatch));
+    }, [messages.length, isConversationLoading, isLoading, resolvedMessageLimits.cap, resolvedMessageLimits.trimBatch]);
+    // ── Persist a settled snapshot of the transcript. We write only when
+    // streaming/voice traffic has quiesced so a partial assistant message
+    // never lands in localStorage — on reload the next snapshot will reflect
+    // the completed turn. Skipped while history is hydrating (initial mount
+    // race) so the first restore isn't immediately overwritten by an empty
+    // pre-hydrate state.
+    reactExports.useEffect(() => {
+      if (!organizationId || !bidiSessionId) return;
+      if (isConversationLoading || isLoading) return;
+      saveSessionMessages(organizationId, bidiSessionId, messages, resolvedMessageLimits);
+    }, [messages, organizationId, bidiSessionId, isConversationLoading, isLoading, resolvedMessageLimits]);
     // Show the onboarding form on first load; bypass it if already completed (persisted in session)
     reactExports.useEffect(() => {
       if (!onboardingEnabled || onboardingCompleted) return;
@@ -10252,11 +10293,11 @@
       const rawSources = (_event$sources = event.sources) !== null && _event$sources !== void 0 ? _event$sources : event.Sources;
       if (Array.isArray(rawSources) && rawSources.length > 0) {
         const normalizedSources = rawSources.map(s => {
-          var _ref5, _s$source_type2, _ref6, _s$source_id2, _ref7, _s$source_name2;
+          var _ref3, _s$source_type, _ref4, _s$source_id, _ref5, _s$source_name;
           return {
-            source_type: (_ref5 = (_s$source_type2 = s.source_type) !== null && _s$source_type2 !== void 0 ? _s$source_type2 : s.sourceType) !== null && _ref5 !== void 0 ? _ref5 : 'file',
-            source_id: (_ref6 = (_s$source_id2 = s.source_id) !== null && _s$source_id2 !== void 0 ? _s$source_id2 : s.sourceid) !== null && _ref6 !== void 0 ? _ref6 : s.sourceId,
-            source_name: (_ref7 = (_s$source_name2 = s.source_name) !== null && _s$source_name2 !== void 0 ? _s$source_name2 : s.sourceName) !== null && _ref7 !== void 0 ? _ref7 : '',
+            source_type: (_ref3 = (_s$source_type = s.source_type) !== null && _s$source_type !== void 0 ? _s$source_type : s.sourceType) !== null && _ref3 !== void 0 ? _ref3 : 'file',
+            source_id: (_ref4 = (_s$source_id = s.source_id) !== null && _s$source_id !== void 0 ? _s$source_id : s.sourceid) !== null && _ref4 !== void 0 ? _ref4 : s.sourceId,
+            source_name: (_ref5 = (_s$source_name = s.source_name) !== null && _s$source_name !== void 0 ? _s$source_name : s.sourceName) !== null && _ref5 !== void 0 ? _ref5 : '',
             url: s.url
           };
         }).filter(s => s.source_id || s.url);
@@ -10563,6 +10604,10 @@
       setMessages([]);
       setBidiMessages([]);
+      // Drop the localStorage transcript for the conversation we're abandoning
+      // BEFORE we rotate to a fresh sessionId, otherwise the old bucket leaks.
+      clearSessionMessages(organizationId, bidiSessionId);
       // Reset onboarding
       setOnboardingActive(false);
       setOnboardingCompleted(false);
@@ -10601,7 +10646,7 @@
           setOnboardingActive(true);
         }
       }
-    }, [organizationId, welcomeMessage, onboardingEnabled, onboardingQuestions]);
+    }, [organizationId, bidiSessionId, welcomeMessage, onboardingEnabled, onboardingQuestions, inactivityTimeoutValue, inactivityTimeoutUnit]);
     // Keep a stable ref to resetConversation so the timer effect does not need to
     // list it as a dependency (avoids spurious re-runs — and spurious updateActivity
@@ -31781,7 +31826,7 @@
             if (typeof document === 'undefined') {
               return null;
             }
-            if ('currentScript' in document && 1 < 2 /* hack to trip TS' flow analysis */) {
+            if (document.currentScript && document.currentScript.tagName === 'SCRIPT' && 1 < 2 /* hack to trip TS' flow analysis */) {
               return /** @type {any} */document.currentScript;
             }
@@ -60277,13 +60322,70 @@
     });
   };
+  const createSession = async config => {
+    // Initialize chat session if needed
+    if (config.sessionUrl) {
+      try {
+        const response = await fetch(config.sessionUrl, {
+          method: "POST",
+          headers: _objectSpread2({
+            "Content-Type": "application/json"
+          }, config.apiKey && {
+            Authorization: "Bearer ".concat(config.apiKey)
+          }),
+          body: JSON.stringify({
+            userId: config.userId,
+            userName: config.userName,
+            userEmail: config.userEmail
+          }),
+          credentials: "include"
+        });
+        const data = await response.json();
+        return data.sessionId;
+      } catch (error) {
+        console.error("Session creation error:", error);
+        return null;
+      }
+    }
+    return null;
+  };
+  /**
+   * Fetches agent configuration from the deploy-agent endpoint
+   * @param {string} apiBaseUrl - Base URL for the API
+   * @param {string} orgId - Organization ID
+   * @returns {Promise<object>} Agent configuration object
+   */
+  const fetchAgentConfig = async (apiBaseUrl, orgId) => {
+    if (!apiBaseUrl || !orgId) {
+      throw new Error("apiBaseUrl and orgId are required");
+    }
+    try {
+      const url = "".concat(apiBaseUrl.replace(/\/$/, ''), "/api/v1/deploy-agent/").concat(orgId);
+      const response = await fetch(url, {
+        method: "GET",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        credentials: "include"
+      });
+      if (!response.ok) {
+        throw new Error("HTTP error! status: ".concat(response.status));
+      }
+      const data = await response.json();
+      return data;
+    } catch (error) {
+      console.error("Failed to fetch agent configuration:", error);
+      throw error;
+    }
+  };
   const ChatWidget = _ref => {
     var _agentConfig$concierg;
     let {
       // Required props for dynamic config
       orgId,
       apiBaseUrl,
-      wsBaseUrl,
       // Optional override props (will override fetched config if provided)
       darkMode,
       primaryColor,
@@ -60466,7 +60568,6 @@
       welcomeMessage: "Hi! How can we help?",
       quickQuestions: [],
       apiBaseUrl: apiBaseUrl || "",
-      wsBaseUrl: agentConfig === null || agentConfig === void 0 ? void 0 : agentConfig.wsBaseUrl,
       apiKey: apiKey || "",
       organizationId: orgId || "",
       autoOpen: false,
@@ -60476,7 +60577,7 @@
       onboardingQuestions: [],
       onboardingEnabled: false,
       collectionPrompt: undefined
-    }), [apiBaseUrl, wsBaseUrl, apiKey, orgId]);
+    }), [apiBaseUrl, apiKey, orgId]);
     // ALWAYS call hooks before any early returns (Rules of Hooks)
     const {
@@ -60517,7 +60618,11 @@
       welcomeMessage: widgetConfig.welcomeMessage,
       quickQuestions: widgetConfig.quickQuestions,
       apiBaseUrl,
-      wsBaseUrl: agentConfig === null || agentConfig === void 0 ? void 0 : agentConfig.wsBaseUrl,
+      // Voice WS endpoint is derived entirely from apiBaseUrl inside
+      // useChatState (→ wss://{host}/voice/ws, the frontend voice proxy).
+      // Nothing is forwarded/overridable here, so a stale backend or embed
+      // wsBaseUrl can't point voice at the old (now non-public)
+      // knowledge-api LoadBalancer.
       apiKey,
       organizationId: widgetConfig.organizationId,
       autoOpen,
@@ -60528,7 +60633,13 @@
       onboardingEnabled: widgetConfig.onboardingEnabled,
       collectionPrompt: widgetConfig.collectionPrompt,
       inactivityTimeoutValue: widgetConfig.inactivityTimeoutValue,
-      inactivityTimeoutUnit: widgetConfig.inactivityTimeoutUnit
+      inactivityTimeoutUnit: widgetConfig.inactivityTimeoutUnit,
+      // Sliding-window cap for the localStorage transcript. Comes from
+      // GET /deploy-agent/:orgId → agentConfig.messageLimits (single
+      // source of truth across surfaces). When the field is missing
+      // (older backend / fetch in flight) the hook falls back to its
+      // module-level defaults so chat never blocks on this.
+      messageLimits: agentConfig === null || agentConfig === void 0 ? void 0 : agentConfig.messageLimits
     } : defaultConfig);
     // Feedback handler — POST to /api/v1/support/feedback