@mcp-b/embedded-agent 1.2.8 → 1.2.10

package/dist/web-component.d.ts

@@ -1,45 +1,99 @@
+import { TicketAuth, TicketAuth as TicketAuth$1 } from "@char-ai/auth";
+
 //#region src/web-component.d.ts
+
 /**
- * Char Agent
- *
- * An Intercom-like AI chat widget with MCP tool support and voice mode.
- * Drop it into your app and you're done - uses your existing SSO token.
- *
- * Styles are isolated by default using Shadow DOM. Customize appearance
- * via CSS variables on the host element.
- *
- * @example SSO-First (production usage)
- * ```tsx
- * // Use your existing IDP token - no additional login needed
- * const { session } = useOktaAuth() // or Azure, Auth0, Google, etc.
- *
- * <webmcp-agent auth-token={session.idToken} />
- * ```
- *
- * @example React
- * ```tsx
- * import '@anthropic/char-embedded-agent/web-component'
+ * Connection options for the imperative connect() method.
+ * Supports two authentication methods:
+ * - `idToken`: Direct IDP token authentication (SPA-friendly)
+ * - `ticketAuth`: Pre-fetched ticket authentication (SSR-friendly)
+ */
+interface ConnectOptions {
+  /**
+   * IDP token (ID token) for authentication.
+   * Token is stored as a JavaScript property (not as a DOM attribute),
+   * preventing exposure to DOM inspection and session replay tools.
+   *
+   * Either `idToken` or `ticketAuth` must be provided, but not both.
+   */
+  idToken?: string;
+  /**
+   * Pre-fetched ticket for SSR-friendly authentication.
+   * Use this when your server has already exchanged the IDP token for a ticket.
+   *
+   * Benefits:
+   * - IDP token never exposed to browser (in SSR mode)
+   * - No JWKS fetch on every connection (validation done once)
+   * - Ticket is short-lived (60s default) and single-use
+   *
+   * Either `idToken` or `ticketAuth` must be provided, but not both.
+   */
+  ticketAuth?: TicketAuth$1;
+}
+/**
+ * Base Web Component from r2wc
  *
- * function App() {
- *   const { session } = useOktaAuth()
- *   return <webmcp-agent auth-token={session.idToken} />
- * }
- * ```
+ * Converts EmbeddedAgent to a <webmcp-agent> custom element.
+ * Attributes map to props in kebab-case (e.g., dev-mode -> devMode).
+ * Note: Auth props (authToken, ticketAuth) are internal only - use connect() method.
+ */
+declare const BaseWebMCPAgentElement: CustomElementConstructor;
+/**
+ * Extended Web Component with secure connect() method
  *
- * @example Anonymous (dev mode - localhost only)
- * ```tsx
- * // No auth token = anonymous mode (requires API key, localhost only)
- * <webmcp-agent dev-mode='{"anthropicApiKey":"sk-..."}' />
- * ```
+ * The connect() method allows passing the auth token imperatively without
+ * exposing it as a DOM attribute. This prevents token leakage via:
+ * - Session replay tools (e.g., FullStory, LogRocket)
+ * - Error monitoring (e.g., Sentry, DataDog)
+ * - DOM snapshots and inspection
+ * - Browser extensions
  *
- * @example CSS variable theming
- * ```css
- * webmcp-agent {
- *   --char-color-primary: #0f766e;
- *   --char-radius: 12px;
- * }
+ * @example
+ * ```ts
+ * const agent = document.querySelector('webmcp-agent')
+ * agent.connect({ idToken: 'eyJhbGciOi...' })
  * ```
  */
+declare class WebMCPAgentElement extends BaseWebMCPAgentElement {
+  /**
+   * Connect to the Char agent with authentication.
+   *
+   * The token is stored as a JavaScript property (not as a DOM attribute),
+   * preventing exposure to DOM inspection and session replay tools.
+   * This is the recommended way to authenticate.
+   *
+   * @param options.idToken - IDP token (ID token) for authentication
+   * @returns true if connection was initiated, false if idToken was missing
+   *
+   * @example
+   * ```ts
+   * // Vanilla JS
+   * const agent = document.querySelector('webmcp-agent')
+   * const success = agent.connect({ idToken: session.idToken })
+   * if (!success) {
+   *   console.error('Failed to connect - missing token')
+   * }
+   *
+   * // React with ref
+   * const agentRef = useRef(null)
+   * useEffect(() => {
+   *   agentRef.current?.connect({ idToken: session.idToken })
+   * }, [session.idToken])
+   * ```
+   */
+  connect(options: ConnectOptions): boolean;
+  /**
+   * Disconnect from the Char agent.
+   * Clears the authentication token.
+   * @returns true if disconnection succeeded, false if an error occurred
+   */
+  disconnect(): boolean;
+}
+/**
+ * Type declaration for the WebMCP Agent custom element.
+ * Useful for TypeScript consumers using refs.
+ */
+
 /**
  * Register the <webmcp-agent> custom element
  *
@@ -48,5 +102,5 @@
  */
 declare function registerWebMCPAgent(tagName?: string): void;
 //#endregion
-export { registerWebMCPAgent };
+export { ConnectOptions, type TicketAuth, type WebMCPAgentElement, registerWebMCPAgent };
 //# sourceMappingURL=web-component.d.ts.map

package/dist/web-component.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"web-component.d.ts","names":[],"sources":["../src/web-component.tsx"],"sourcesContent":[],"mappings":";;AAiPA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAAgB,mBAAA"}
+{"version":3,"file":"web-component.d.ts","names":[],"sources":["../src/web-component.tsx"],"sourcesContent":[],"mappings":";;;;;;;;;;UA0EiB,cAAA;;;;;;;;;;;;;;;;;;;;eAqBH;;;;;;;;;cA6KR,wBAAsB;;;;;;;;;;;;;;;;;cAqCtB,kBAAA,SAA2B,sBAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;mBA2Bf;;;;;;;;;;;;;;;;;;;iBAoEF,mBAAA"}