@mhosaic/feedback-cli 0.13.0 → 0.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,151 @@
1
+ # Verify install — live smoke test
2
+
3
+ After the consumer has installed the widget, run this end-to-end smoke test to confirm everything actually works. Don't claim "done" until this is green.
4
+
5
+ ---
6
+
7
+ ## Step 1 — Run the CLI verify
8
+
9
+ ```bash
10
+ npx @mhosaic/feedback-cli@latest verify \
11
+ --origin <consumer-dev-origin> \
12
+ --with-test-report
13
+ ```
14
+
15
+ `<consumer-dev-origin>` is the URL where the consumer's app runs locally — `http://localhost:5173` for Vite, `http://localhost:3000` for Next/Remix, etc.
16
+
17
+ Expected output (all green):
18
+
19
+ ```
20
+ ✓ .env.local exists with both keys
21
+ ✓ API key starts with pk_proj_
22
+ ✓ Endpoint is a valid http(s) URL
23
+ ✓ Endpoint reachable over network
24
+ ✓ CORS allows POST from <origin>
25
+ ✓ POST /api/feedback/v1/reports/ accepts the public key (submitted (report id: …) — delete it from /reports if you don't want noise)
26
+
27
+ All checks passed.
28
+ ```
29
+
30
+ If any check is red, **STOP**. Don't proceed to step 2 until they're all green. The hint column tells you what to fix; the diagnostic table at the bottom of this doc covers every failure mode.
31
+
32
+ ---
33
+
34
+ ## Step 2 — Start the consumer's dev server
35
+
36
+ In the consumer's repo:
37
+
38
+ ```bash
39
+ pnpm dev # or npm run dev / yarn dev / bun dev
40
+ ```
41
+
42
+ Wait for the server to print its URL (e.g. `Local: http://localhost:5173`).
43
+
44
+ ---
45
+
46
+ ## Step 3 — Drive Chrome to the dev URL
47
+
48
+ ```
49
+ mcp__claude-in-chrome__tabs_create_mcp # or reuse an existing tab
50
+ mcp__claude-in-chrome__navigate(tabId, url=<dev-url>)
51
+ mcp__claude-in-chrome__computer(action="screenshot")
52
+ ```
53
+
54
+ Inspect the screenshot. You should see:
55
+
56
+ 1. The consumer's actual UI rendered (their app loaded successfully)
57
+ 2. A small floating action button (FAB) in the bottom-right corner — a circle with a chat-bubble or megaphone icon
58
+
59
+ If the FAB is missing, see the diagnostic table at the bottom.
60
+
61
+ ---
62
+
63
+ ## Step 4 — Open DevTools console; verify no widget errors
64
+
65
+ ```
66
+ mcp__claude-in-chrome__read_console_messages(pattern="mhosaic|feedback|widget")
67
+ ```
68
+
69
+ Acceptable: a "widget mounted" or "init complete" debug line. Not acceptable: any `error` or `unhandledrejection` mentioning `@mhosaic/feedback`, `pk_proj_`, CORS, or fingerprint.
70
+
71
+ If errors appear, surface them to the user before clicking the FAB — they may already explain a failure that the visual test wouldn't catch.
72
+
73
+ ---
74
+
75
+ ## Step 5 — Click the FAB and submit a test report
76
+
77
+ Use `mcp__claude-in-chrome__find(query="feedback FAB or feedback button")` to locate the element. Click it.
78
+
79
+ A modal/sheet should open inviting the user to write a description. Fill in:
80
+
81
+ > `[INTEGRATE-FEEDBACK SMOKE TEST] integration verified at <ISO timestamp>`
82
+
83
+ …and submit. The widget should close itself + show a success toast.
84
+
85
+ If the form rejects the submit with a 4xx error, capture the network response via:
86
+
87
+ ```
88
+ mcp__claude-in-chrome__read_network_requests(urlPattern="/api/feedback/v1/reports/")
89
+ ```
90
+
91
+ and surface the status code + response body.
92
+
93
+ ---
94
+
95
+ ## Step 6 — Confirm the report landed in admin
96
+
97
+ Drive Chrome to `https://software-factory-3tbbu.ondigitalocean.app/reports`. You may need to log in if the operator's session expired.
98
+
99
+ Filter by description containing `[INTEGRATE-FEEDBACK SMOKE TEST]`. The new report should appear at the top of the list.
100
+
101
+ Click into it. Verify:
102
+ - Project = the project the operator just provisioned
103
+ - Submitter = whatever identity was wired (anonymous-id, real user, etc.)
104
+ - Page URL = the consumer's dev URL
105
+ - Status = new
106
+
107
+ Screenshot this to give the user proof-of-life.
108
+
109
+ ---
110
+
111
+ ## Step 7 — (Optional cleanup) delete the smoke-test reports
112
+
113
+ After confirming, the operator (not the consumer) can clean up the noise:
114
+
115
+ 1. Admin SPA `/reports`, filter by description containing `[INTEGRATE-FEEDBACK SMOKE TEST]` and `[mhosaic-feedback verify]`
116
+ 2. Bulk select and delete
117
+
118
+ Skip this step if the consumer wants to keep the smoke-test reports as a paper trail.
119
+
120
+ ---
121
+
122
+ ## Diagnostic table — when checks fail
123
+
124
+ | Symptom | Likely cause | Fix |
125
+ |---|---|---|
126
+ | `✗ .env.local exists with both keys` | CLI init never ran, or ran in a different directory | Re-run `mhosaic-feedback init` from the project root |
127
+ | `✗ API key starts with pk_proj_` | Operator pasted the wrong key (e.g. `sk_proj_…`, an MCP key) | Operator mints a *public* widget key (`kind: "public"`) in admin SPA |
128
+ | `✗ Endpoint reachable over network` (network error) | DNS, firewall, offline, or wrong endpoint URL | Verify the URL in `.env.local`; try `curl -I <endpoint>/admin/login/` |
129
+ | `✗ Endpoint reachable` (5xx) | Backend is down or mid-deploy | Wait 1–2 minutes; check DO App Platform deploy status |
130
+ | `✗ CORS allows POST from <origin>` | Operator forgot to add this origin to `allowed_origins` | Operator opens admin SPA → Edit project → adds the dev URL (e.g. `http://localhost:5173`) |
131
+ | `✗ POST /api/feedback/v1/reports/` returns 401 | Key invalid or revoked | Operator mints a new key |
132
+ | `✗ POST /api/feedback/v1/reports/` returns 403 with "origin not allowed" | Same as CORS row above | Operator adds the origin |
133
+ | FAB doesn't render in dev | `identify()` not called with a non-empty `id` | Wire identify per `identify-snippets.md`, OR for testing pass `{id: 'test-user'}` |
134
+ | FAB renders but form submit fails with 403 | Origin not in `allowed_origins` (Vite dev URL differs from prod URL) | Operator adds the dev URL |
135
+ | FAB renders but form submit fails with 400 | Serializer rejected the payload (description empty, env unknown, etc.) | Read DevTools network response — usually a clear field-level error |
136
+ | Console error: `Failed to load module` for `@mhosaic/feedback` | Vite cache mismatch | Stop dev server, delete `node_modules/.vite`, restart |
137
+ | Console error: `Unhandled CORS preflight failure` | Origin not allowlisted on the backend side | Operator adds the origin; consumer hard-reloads |
138
+ | Widget submits anonymous reports despite identify() running | identify() called in a stale closure (effect dep array missing the user) | Re-read identify-snippets.md — every snippet has the right deps |
139
+ | `verify --with-test-report` succeeds but the report doesn't appear in admin | Browser cache; report is filtered by default (e.g. `synthetic=true` hides it) | Refresh admin /reports; toggle "show synthetic" filter |
140
+
141
+ ---
142
+
143
+ ## When to escalate
144
+
145
+ If after 3 fix-iterations the smoke test still fails, escalate to the operator with:
146
+
147
+ 1. The CLI verify output (full text)
148
+ 2. A DevTools network request showing the actual server response
149
+ 3. A screenshot of the dev UI showing FAB state
150
+
151
+ The operator can correlate the failure against the project's `allowed_origins`, key status, and `share_reports_with_widget` flag in the admin SPA — that catches >90% of "weird" failures the consumer can't debug on their own.