@microsoft/omnichannel-chat-widget 1.8.4-main.cbab5fc → 1.8.4-main.cd79f08

package/README.md

@@ -177,7 +177,7 @@ Header's and Footer's child components consist of three parts:
 1. "middleGroup" - adding child components in the middle of the Header/Footer
 1. "rightGroup" - adding child components at the right of the Header/Footer
 
-By default Header has the header icon and title on the left and minimize and close buttons on the right, and Footer has Download Transcript and Email Transcript buttons on the left and audio notification button on the right. These components can be overriden with [ComponentOverrides](#ComponentOverrides). In addition, other custom child components can be added to both Header and Footer by creating custom react nodes and adding them to attributes "leftGroup", "middleGroup" or "rightGroup" of "controlProps".
+By default Header has the header icon and title on the left and minimize and close buttons on the right, and Footer has Download Transcript and Email Transcript buttons on the left and audio notification button on the right. These components can be overriden with [ComponentOverrides](#componentoverrides). In addition, other custom child components can be added to both Header and Footer by creating custom react nodes and adding them to attributes "leftGroup", "middleGroup" or "rightGroup" of "controlProps".
 
 ```js
 const buttonStyleProps: IButtonStyles = {
@@ -224,8 +224,10 @@ const customizedFooterProp: IFooterProps = {
 > :pushpin: Note that [WebChat hooks](https://github.com/microsoft/BotFramework-WebChat/blob/main/docs/HOOKS.md) can also be used in any custom components.
 
 #### Bidirectional Custom Events
+
 - Sending events from a hosting web page to bots/agents
-    - Register a function to post event
+  - Register a function to post event
+
         ```js
         //define sendCustomEvent function
         const sendCustomEvent = (payload) => {
@@ -253,7 +255,9 @@ const customizedFooterProp: IFooterProps = {
             }
         })
         ```
-    - Receiving events from bots/agents
+
+  - Receiving events from bots/agents
+
         ```js
         //define setOnCustomEvent function
         const setOnCustomEvent = (callback) => {
@@ -269,8 +273,10 @@ const customizedFooterProp: IFooterProps = {
         ```
 
 #### Trigger initiateEndChat event
+
 Customer can trigger the initiateEndChat event via BroadcastService to end a chat session.
 When needed, the payload below could be triggered:
+
 ```js
 const endChatEvent = {
     eventName: "InitiateEndChat",
@@ -283,18 +289,21 @@ BroadcastService.postMessage(endChatEvent);
 
 The payload of the event is optional, only needed when force closing of a persistent chat session is not required.
 When chat widget receives the event without any payload, it will:
+
 1. set the widget to closed state, the widget panel will be minimized. Post chat survey will not be displayed.
 2. trigger a sessionclose service network request to OmniChannel services.
 
 If skipSessionCloseForPersistentChat is set to true. The session close network request will not be triggered, instead, if postChat survey is available, post chat survey will be displayed.
 
 After successfully processed initiateEndChat event. The CloseChat event is broadcasted.
+
 ```js
 BroadcastService.getMessageByEventName("CloseChat").subscribe(async (msg) => {
     console.log("close chat received: ", msg);
     //more actions to unmount component and resources
 })
 ```
+
 ## See Also
 
 [Customizations Dev Guide](https://github.com/microsoft/omnichannel-chat-widget/blob/main/docs/customizations/getstarted.md)\

package/lib/cjs/common/Constants.js

@@ -82,6 +82,8 @@ _defineProperty(Constants, "audioMediaRegex", /(\.)(aac|aiff|alac|amr|flac|mp2|m
 _defineProperty(Constants, "videoMediaRegex", /(\.)(avchd|avi|flv|mpe|mpeg|mpg|mpv|mp4|m4p|m4v|mov|qt|swf|webm|wmv)$/i);
 _defineProperty(Constants, "chromeSupportedInlineMediaRegex", /(\.)(aac|mp3|wav|mp4)$/i);
 _defineProperty(Constants, "firefoxSupportedInlineMediaRegex", /(\.)(aac|flac|mp3|wav|mp4|mov)$/i);
+_defineProperty(Constants, "AdaptiveCardType", "adaptivecard");
+_defineProperty(Constants, "SuggestedActionsType", "suggestedactions");
 // calling container event names
 _defineProperty(Constants, "CallAdded", "callAdded");
 _defineProperty(Constants, "LocalVideoStreamAdded", "localVideoStreamAdded");

package/lib/cjs/common/facades/FacadeChatSDK.js

@@ -26,6 +26,8 @@ let FacadeChatSDK = /*#__PURE__*/function () {
     _defineProperty(this, "getAuthToken", void 0);
     _defineProperty(this, "sdkMocked", void 0);
     _defineProperty(this, "disableReauthentication", void 0);
+    // Stays true so CASE 1 re-triggers on every startChat to set deferInitialAuth
+    _defineProperty(this, "pendingMidAuthUnauthenticatedState", false);
     this.chatSDK = input.chatSDK;
     this.chatConfig = input.chatConfig;
     this.getAuthToken = input.getAuthToken;
@@ -50,6 +52,12 @@ let FacadeChatSDK = /*#__PURE__*/function () {
     value: function destroy() {
       this.token = null;
       this.expiration = 0;
+      if ((0, _authHelper.isMidAuthEnabled)(this.chatConfig)) {
+        this.pendingMidAuthUnauthenticatedState = false;
+        this.isAuthenticated = true;
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        this.chatSDK.deferInitialAuth = false;
+      }
     }
   }, {
     key: "isTokenSet",
@@ -214,6 +222,10 @@ let FacadeChatSDK = /*#__PURE__*/function () {
           message: "Token is valid"
         };
       }
+
+      // Token missing or expired - need to get a new one via getAuthToken
+      // For mid-auth: getAuthToken receives { isMidAuthEnabled: true } so customer implementations
+      // can check portal state and return null for logged-out users
       _TelemetryHelper.TelemetryHelper.logFacadeChatSDKEventToAllTelemetry(_TelemetryConstants.LogLevel.INFO, {
         Event: _TelemetryConstants.TelemetryEvent.NewTokenValidationStarted,
         Description: "Token validation started."
@@ -234,6 +246,7 @@ let FacadeChatSDK = /*#__PURE__*/function () {
       this.token = "";
       this.expiration = 0;
       try {
+        var _ring$error, _ring$error2;
         const ring = await (0, _authHelper.handleAuthentication)(this.chatSDK, this.chatConfig, this.getAuthToken);
         if ((ring === null || ring === void 0 ? void 0 : ring.result) === true && ring !== null && ring !== void 0 && ring.token) {
           await this.setToken(ring.token);
@@ -248,18 +261,35 @@ let FacadeChatSDK = /*#__PURE__*/function () {
             result: true,
             message: "New Token obtained"
           };
-        } else {
-          var _ring$error, _ring$error2;
-          _TelemetryHelper.TelemetryHelper.logFacadeChatSDKEventToAllTelemetry(_TelemetryConstants.LogLevel.ERROR, {
-            Event: _TelemetryConstants.TelemetryEvent.NewTokenValidationFailed,
-            Description: (_ring$error = ring.error) === null || _ring$error === void 0 ? void 0 : _ring$error.message,
-            ExceptionDetails: ring === null || ring === void 0 ? void 0 : ring.error
+        }
+
+        // Mid-auth: no token available - set pending flag for startChat to handle
+        const isEmptyTokenWithoutError = (0, _utils.isNullOrEmptyString)(ring === null || ring === void 0 ? void 0 : ring.token) && ((ring === null || ring === void 0 ? void 0 : ring.result) === true || (ring === null || ring === void 0 ? void 0 : ring.result) === false && !(ring !== null && ring !== void 0 && ring.error));
+        if ((0, _authHelper.isMidAuthEnabled)(this.chatConfig) && isEmptyTokenWithoutError) {
+          // Clear Facade and SDK token state so API calls use unauthenticated endpoints
+          this.token = "";
+          this.expiration = 0;
+          // eslint-disable-next-line @typescript-eslint/no-explicit-any
+          this.chatSDK.authenticatedUserToken = null;
+          this.pendingMidAuthUnauthenticatedState = true;
+          _TelemetryHelper.TelemetryHelper.logFacadeChatSDKEventToAllTelemetry(_TelemetryConstants.LogLevel.INFO, {
+            Event: _TelemetryConstants.TelemetryEvent.NewTokenValidationCompleted,
+            Description: "Mid-auth enabled: no token returned; proceeding as unauthenticated"
           });
           return {
-            result: false,
-            message: (ring === null || ring === void 0 ? void 0 : (_ring$error2 = ring.error) === null || _ring$error2 === void 0 ? void 0 : _ring$error2.message) || "Failed to get token"
+            result: true,
+            message: "Mid-auth: proceeding as unauthenticated"
           };
         }
+        _TelemetryHelper.TelemetryHelper.logFacadeChatSDKEventToAllTelemetry(_TelemetryConstants.LogLevel.ERROR, {
+          Event: _TelemetryConstants.TelemetryEvent.NewTokenValidationFailed,
+          Description: (_ring$error = ring.error) === null || _ring$error === void 0 ? void 0 : _ring$error.message,
+          ExceptionDetails: ring === null || ring === void 0 ? void 0 : ring.error
+        });
+        return {
+          result: false,
+          message: (ring === null || ring === void 0 ? void 0 : (_ring$error2 = ring.error) === null || _ring$error2 === void 0 ? void 0 : _ring$error2.message) || "Failed to get token"
+        };
       } catch (e) {
         console.error("Unexpected error while getting token", e);
         _TelemetryHelper.TelemetryHelper.logFacadeChatSDKEventToAllTelemetry(_TelemetryConstants.LogLevel.ERROR, {
@@ -273,6 +303,155 @@ let FacadeChatSDK = /*#__PURE__*/function () {
         };
       }
     }
+
+    /**
+     * Sets unauthenticated state for mid-auth flow.
+     * Clears SDK internal state to prevent reconnection to previous authenticated session.
+     */
+  }, {
+    key: "setMidAuthUnauthenticatedState",
+    value: function setMidAuthUnauthenticatedState() {
+      var _sdk$chatToken, _sdk$chatToken2;
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const sdk = this.chatSDK;
+      const hadExistingChat = !!((_sdk$chatToken = sdk.chatToken) !== null && _sdk$chatToken !== void 0 && _sdk$chatToken.chatId);
+      const previousChatId = (_sdk$chatToken2 = sdk.chatToken) === null || _sdk$chatToken2 === void 0 ? void 0 : _sdk$chatToken2.chatId;
+      this.clearAuthState();
+
+      // Clear SDK internal state for fresh unauthenticated chat
+      sdk.chatToken = {};
+      sdk.reconnectId = null;
+      sdk.requestId = null;
+      sdk.sessionId = null;
+      sdk.conversation = null;
+      _TelemetryHelper.TelemetryHelper.logFacadeChatSDKEventToAllTelemetry(_TelemetryConstants.LogLevel.INFO, {
+        Event: _TelemetryConstants.TelemetryEvent.MidConversationAuthReset,
+        Description: hadExistingChat ? "Mid-auth without token: local state cleared" : "Mid-auth: initialized as unauthenticated (no prior chat)",
+        Data: hadExistingChat ? {
+          previousChatId
+        } : undefined
+      });
+    }
+
+    /** Clears authentication state in both FacadeChatSDK and underlying SDK */
+  }, {
+    key: "clearAuthState",
+    value: function clearAuthState() {
+      this.token = "";
+      this.expiration = 0;
+      this.isAuthenticated = false;
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      this.chatSDK.authenticatedUserToken = null;
+    }
+
+    /**
+     * Migrates conversation from unauthenticated to authenticated via authenticateChat.
+     * Called after startChat() when user has a valid token but the backend conversation
+     * was started as unauthenticated.
+     */
+  }, {
+    key: "migrateConversationToAuthenticated",
+    value: async function migrateConversationToAuthenticated() {
+      try {
+        await this.chatSDK.authenticateChat(this.token, {
+          refreshChatToken: true
+        });
+        this.isAuthenticated = true;
+        _TelemetryHelper.TelemetryHelper.logFacadeChatSDKEventToAllTelemetry(_TelemetryConstants.LogLevel.INFO, {
+          Event: _TelemetryConstants.TelemetryEvent.MidConversationAuthSucceeded,
+          Description: "Mid-auth: authenticateChat completed, conversation migrated to authenticated"
+        });
+      } catch (e) {
+        // Non-fatal: Chat is already active via startChat, will retry on next reconnect
+        _TelemetryHelper.TelemetryHelper.logFacadeChatSDKEventToAllTelemetry(_TelemetryConstants.LogLevel.WARN, {
+          Event: _TelemetryConstants.TelemetryEvent.MidConversationAuthFailed,
+          Description: "Mid-auth: authenticateChat returned error after startChat, chat still active",
+          ExceptionDetails: {
+            message: e === null || e === void 0 ? void 0 : e.message
+          }
+        });
+      }
+    }
+
+    /**
+     * Configures SDK auth state before startChat.
+     * CASE 1: Pending unauthenticated (no token) - sets deferInitialAuth=true
+     * CASE 2: Authenticated with valid token - sets SDK token and deferInitialAuth based on scenario
+     */
+  }, {
+    key: "configureMidAuthState",
+    value: function configureMidAuthState(isReconnect, wasPreviousSessionAuthenticated) {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const sdk = this.chatSDK;
+
+      // CASE 1: No token available (user not logged in)
+      // pendingMidAuthUnauthenticatedState stays true until user logs in (cleared in tokenRing)
+      if (this.pendingMidAuthUnauthenticatedState) {
+        const shouldClear = this.handlePendingUnauthenticatedState(wasPreviousSessionAuthenticated);
+        sdk.deferInitialAuth = true;
+        _TelemetryHelper.TelemetryHelper.logFacadeChatSDKEventToAllTelemetry(_TelemetryConstants.LogLevel.INFO, {
+          Event: _TelemetryConstants.TelemetryEvent.MidConversationAuthReset,
+          Description: "Mid-auth configureMidAuthState: CASE 1 - unauthenticated, deferInitialAuth=true",
+          Data: {
+            isReconnect: String(isReconnect),
+            wasPreviousSessionAuthenticated: String(wasPreviousSessionAuthenticated),
+            shouldClearReconnectParams: String(shouldClear)
+          }
+        });
+        return {
+          shouldClearReconnectParams: shouldClear
+        };
+      }
+
+      // CASE 2: Authenticated with valid token
+      if (this.isTokenSet() && !this.isTokenExpired()) {
+        this.handleAuthenticatedState(isReconnect, wasPreviousSessionAuthenticated);
+      }
+      return {
+        shouldClearReconnectParams: false
+      };
+    }
+
+    /**
+     * CASE 1 handler: Returns true if reconnect params should be cleared (Auth -> Unauth transition)
+     */
+  }, {
+    key: "handlePendingUnauthenticatedState",
+    value: function handlePendingUnauthenticatedState(wasPreviousSessionAuthenticated) {
+      if (wasPreviousSessionAuthenticated) {
+        // Auth -> Unauth: user logged out, clear state for fresh chat
+        this.setMidAuthUnauthenticatedState();
+        return true;
+      }
+
+      // Unauth -> Unauth: keep liveChatContext for reconnection
+      this.isAuthenticated = false;
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      this.chatSDK.authenticatedUserToken = null;
+      return false;
+    }
+
+    /**
+     * CASE 2 handler: Sets deferInitialAuth only for reconnects to unauthenticated sessions (need migration).
+     * For new chats or reconnects to authenticated sessions, SDK handles auth internally.
+     */
+  }, {
+    key: "handleAuthenticatedState",
+    value: function handleAuthenticatedState(isReconnect, wasPreviousSessionAuthenticated) {
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const sdk = this.chatSDK;
+      sdk.authenticatedUserToken = this.token;
+      if (isReconnect && !wasPreviousSessionAuthenticated) {
+        sdk.deferInitialAuth = true;
+        _TelemetryHelper.TelemetryHelper.logFacadeChatSDKEventToAllTelemetry(_TelemetryConstants.LogLevel.INFO, {
+          Event: _TelemetryConstants.TelemetryEvent.MidConversationAuthSucceeded,
+          Description: "Mid-auth handleAuthenticatedState: CASE 2 - reconnect to unauth session, deferInitialAuth=true (migration needed)"
+        });
+      } else {
+        // Reset to prevent inheriting deferInitialAuth=true from a previous unauthenticated chat
+        sdk.deferInitialAuth = false;
+      }
+    }
   }, {
     key: "validateAndExecuteCall",
     value: async function validateAndExecuteCall(functionName, fn) {
@@ -307,7 +486,53 @@ let FacadeChatSDK = /*#__PURE__*/function () {
     key: "startChat",
     value: async function startChat() {
       let optionalParams = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-      return this.validateAndExecuteCall("startChat", () => this.chatSDK.startChat(optionalParams));
+      const midAuthEnabled = (0, _authHelper.isMidAuthEnabled)(this.chatConfig);
+      const isReconnect = !!optionalParams.liveChatContext || !!optionalParams.reconnectId;
+      const wasPreviousSessionAuthenticated = optionalParams.wasAuthenticated === true;
+      return this.validateAndExecuteCall("startChat", async () => {
+        if (midAuthEnabled) {
+          const {
+            shouldClearReconnectParams
+          } = this.configureMidAuthState(isReconnect, wasPreviousSessionAuthenticated);
+          if (shouldClearReconnectParams) {
+            delete optionalParams.liveChatContext;
+            delete optionalParams.reconnectId;
+          }
+        }
+        await this.chatSDK.startChat(optionalParams);
+
+        // Migrate to authenticated if needed (reconnects to unauthenticated sessions only)
+        if (midAuthEnabled) {
+          const shouldMigrateToAuth = isReconnect && this.isTokenSet() && !this.isTokenExpired() && !wasPreviousSessionAuthenticated;
+          if (shouldMigrateToAuth) {
+            _TelemetryHelper.TelemetryHelper.logFacadeChatSDKEventToAllTelemetry(_TelemetryConstants.LogLevel.INFO, {
+              Event: _TelemetryConstants.TelemetryEvent.MidConversationAuthSucceeded,
+              Description: "Mid-auth startChat: initiating migration to authenticated",
+              Data: {
+                isReconnect: String(isReconnect),
+                wasPreviousSessionAuthenticated: String(wasPreviousSessionAuthenticated)
+              }
+            });
+            await this.migrateConversationToAuthenticated();
+          }
+        }
+
+        // Broadcast final auth state after startChat completes (only on state change)
+        if (midAuthEnabled) {
+          const isAuthenticatedAfterStart = this.isTokenSet() && !this.isTokenExpired();
+          const authStateChanged = !isReconnect || isAuthenticatedAfterStart !== wasPreviousSessionAuthenticated;
+          if (authStateChanged) {
+            _omnichannelChatComponents.BroadcastService.postMessage({
+              eventName: isAuthenticatedAfterStart ? _TelemetryConstants.BroadcastEvent.MidConversationAuthSucceeded : _TelemetryConstants.BroadcastEvent.MidConversationAuthReset,
+              payload: {
+                isAuthenticated: isAuthenticatedAfterStart,
+                isStartChatComplete: true,
+                isReconnect
+              }
+            });
+          }
+        }
+      });
     }
   }, {
     key: "endChat",
@@ -445,6 +670,7 @@ let FacadeChatSDK = /*#__PURE__*/function () {
       let optionalParams = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
       return this.validateAndExecuteCall("getAgentAvailability", () => this.chatSDK.getAgentAvailability(optionalParams));
     }
+
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
   }, {
     key: "getReconnectableChats",

package/lib/cjs/common/telemetry/TelemetryConstants.js

@@ -74,6 +74,8 @@ exports.BroadcastEvent = BroadcastEvent;
   BroadcastEvent["FMLTrackingCompletedAck"] = "FMLTrackingCompletedAck";
   BroadcastEvent["FMLTrackingCompleted"] = "FMLTrackingCompleted";
   BroadcastEvent["PersistentConversationReset"] = "PersistentConversationReset";
+  BroadcastEvent["MidConversationAuthSucceeded"] = "MidConversationAuthSucceeded";
+  BroadcastEvent["MidConversationAuthReset"] = "MidConversationAuthReset";
 })(BroadcastEvent || (exports.BroadcastEvent = BroadcastEvent = {}));
 let TelemetryEvent;
 exports.TelemetryEvent = TelemetryEvent;
@@ -108,6 +110,9 @@ exports.TelemetryEvent = TelemetryEvent;
   TelemetryEvent["CallingSDKInitFailed"] = "CallingSDKInitFailed";
   TelemetryEvent["CallingSDKLoadSuccess"] = "CallingSDKLoadSuccess";
   TelemetryEvent["CallingSDKLoadFailed"] = "CallingSDKLoadFailed";
+  TelemetryEvent["MidConversationAuthSucceeded"] = "MidConversationAuthSucceeded";
+  TelemetryEvent["MidConversationAuthFailed"] = "MidConversationAuthFailed";
+  TelemetryEvent["MidConversationAuthReset"] = "MidConversationAuthReset";
   TelemetryEvent["GetConversationDetailsCallStarted"] = "GetConversationDetailsCallStarted";
   TelemetryEvent["GetConversationDetailsCallFailed"] = "GetConversationDetailsCallFailed";
   TelemetryEvent["EndChatSDKCallFailed"] = "EndChatSDKCallFailed";
@@ -318,10 +323,16 @@ exports.TelemetryEvent = TelemetryEvent;
   TelemetryEvent["LCWLazyLoadNoMoreHistory"] = "LCWLazyLoadNoMoreHistory";
   TelemetryEvent["LCWLazyLoadHistoryError"] = "LCWLazyLoadHistoryError";
   TelemetryEvent["LCWLazyLoadDestroyed"] = "LCWLazyLoadDestroyed";
+  TelemetryEvent["LCWLazyLoadTriggerFired"] = "LCWLazyLoadTriggerFired";
+  TelemetryEvent["LCWLazyLoadBatchReceived"] = "LCWLazyLoadBatchReceived";
+  TelemetryEvent["LCWLazyLoadInitialLoadComplete"] = "LCWLazyLoadInitialLoadComplete";
+  TelemetryEvent["LCWLazyLoadScrollAnchorApplied"] = "LCWLazyLoadScrollAnchorApplied";
   TelemetryEvent["SecureEventBusUnauthorizedDispatch"] = "SecureEventBusUnauthorizedDispatch";
   TelemetryEvent["SecureEventBusListenerError"] = "SecureEventBusListenerError";
   TelemetryEvent["SecureEventBusDispatchError"] = "SecureEventBusDispatchError";
   TelemetryEvent["StartChatComplete"] = "StartChatComplete";
+  TelemetryEvent["AgentJoinedConversation"] = "AgentJoinedConversation";
+  TelemetryEvent["BrowserTabHidden"] = "BrowserTabHidden";
 })(TelemetryEvent || (exports.TelemetryEvent = TelemetryEvent = {}));
 let TelemetryConstants = /*#__PURE__*/function () {
   function TelemetryConstants() {
@@ -392,6 +403,8 @@ let TelemetryConstants = /*#__PURE__*/function () {
         case TelemetryEvent.SecureEventBusUnauthorizedDispatch:
         case TelemetryEvent.SecureEventBusListenerError:
         case TelemetryEvent.SecureEventBusDispatchError:
+        case TelemetryEvent.AgentJoinedConversation:
+        case TelemetryEvent.BrowserTabHidden:
           return ScenarioType.ACTIONS;
         case TelemetryEvent.StartChatSDKCall:
         case TelemetryEvent.StartChatEventReceived:

package/lib/cjs/common/telemetry/loggers/appInsightsLogger.js

@@ -14,11 +14,11 @@ function _getRequireWildcardCache(nodeInterop) { if (typeof WeakMap !== "functio
 function _interopRequireWildcard(obj, nodeInterop) { if (!nodeInterop && obj && obj.__esModule) { return obj; } if (obj === null || typeof obj !== "object" && typeof obj !== "function") { return { default: obj }; } var cache = _getRequireWildcardCache(nodeInterop); if (cache && cache.has(obj)) { return cache.get(obj); } var newObj = {}; var hasPropertyDescriptor = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var key in obj) { if (key !== "default" && Object.prototype.hasOwnProperty.call(obj, key)) { var desc = hasPropertyDescriptor ? Object.getOwnPropertyDescriptor(obj, key) : null; if (desc && (desc.get || desc.set)) { Object.defineProperty(newObj, key, desc); } else { newObj[key] = obj[key]; } } } newObj.default = obj; if (cache) { cache.set(obj, newObj); } return newObj; }
 var AllowedKeys;
 (function (AllowedKeys) {
-  AllowedKeys["OrganizationId"] = "OrganizationId";
-  AllowedKeys["ConversationId"] = "LiveWorkItemId";
+  AllowedKeys["OrganizationId"] = "powerplatform.analytics.resource.organization.id";
+  AllowedKeys["ConversationId"] = "powerplatform.analytics.resource.id";
   AllowedKeys["ElapsedTimeInMilliseconds"] = "Duration";
-  AllowedKeys["Description"] = "Description";
-  AllowedKeys["ChannelId"] = "ChannelType";
+  AllowedKeys["Description"] = "omnichannel.description";
+  AllowedKeys["ChannelId"] = "omnichannel.channel.type";
   AllowedKeys["LCWRuntimeId"] = "ClientSessionId";
 })(AllowedKeys || (AllowedKeys = {}));
 let initializationPromise = null;
@@ -95,8 +95,8 @@ const appInsightsLogger = appInsightsKey => {
         if (eventName) {
           const trackingEventName = getTrackingEventName(logLevel, eventName);
           const eventProperties = setEventProperties(trackingEventName, telemetryInfo);
-          _logger.trackEvent({
-            name: trackingEventName,
+          _logger.trackTrace({
+            message: trackingEventName,
             properties: eventProperties
           });
         }
@@ -142,7 +142,7 @@ const appInsightsLogger = appInsightsKey => {
     // Additional properties
     eventProperties["ConversationStage"] = customProperties.ConversationStage ?? _TelemetryConstants.ConversationStage.CSREngagement;
     eventProperties["Scenario"] = "Conversation Diagnostics";
-    eventProperties["OperationName"] = eventName.includes(": ") ? eventName.split(": ")[1] : eventName;
+    eventProperties["powerplatform.analytics.subscenario"] = eventName.includes(": ") ? eventName.split(": ")[1] : eventName;
     return eventProperties;
   }
   function getTrackingEventName(logLevel, eventName) {

package/lib/cjs/common/utils/xssUtils.js

@@ -7,70 +7,42 @@ exports.detectAndCleanXSS = void 0;
 var _dompurify = _interopRequireDefault(require("dompurify"));
 function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
 /**
- * Detects potential Cross-Site Scripting (XSS) attacks in text input and sanitizes the content.
+ * Sanitizes text input and detects XSS attack patterns.
  * 
- * This function performs comprehensive XSS detection using pattern matching for common attack vectors
- * and then sanitizes the input using DOMPurify with strict configuration. It's designed to protect
- * against various XSS techniques including script injection, event handler injection, style-based
- * attacks, and encoded payloads.
+ * Sanitizes first with DOMPurify, then checks for malicious patterns in both
+ * the original and sanitized text to catch mutation XSS attacks.
  * 
- * Security patterns detected:
- * - JavaScript protocol URLs (javascript:)
- * - HTML event handlers (onmouseover, onclick, etc.)
- * - Script tags (<script>)
- * - CSS expression() functions
- * - CSS url() functions
- * - Position-based CSS attacks (position: fixed/absolute)
- * - VBScript protocol URLs
- * - Data URLs with HTML content
- * - Fragment identifiers with escaped quotes
- * - HTML entity-encoded angle brackets
- * 
- * @param text - The input text to be analyzed and sanitized
- * @returns An object containing:
- *   - cleanText: The sanitized version of the input text with all HTML tags and attributes removed
- *   - isXSSDetected: Boolean flag indicating whether potential XSS patterns were found in the original text
+ * @param text - Input text to sanitize
+ * @returns Object with cleanText (sanitized) and isXSSDetected flag
  */
 const detectAndCleanXSS = text => {
-  // Comprehensive array of regular expressions to detect common XSS attack patterns
-  const xssPatterns = [/javascript\s*:/gi,
-  // JavaScript protocol URLs (with optional spaces)
-  /vbscript\s*:/gi,
-  // VBScript protocol URLs (with optional spaces)
-  /on\w+\s*=/gi,
-  // HTML event handlers (onmouseover, onclick, onload, etc.)
-  /<\s*script/gi,
-  // Script tag opening (with optional spaces)
-  /expression\s*\(/gi,
-  // CSS expression() function (IE-specific)
-  /url\s*\(/gi,
-  // CSS url() function
-  /style\s*=.*position\s*:\s*fixed/gi,
-  // CSS position fixed attacks
-  /style\s*=.*position\s*:\s*absolute/gi,
-  // CSS position absolute attacks
-  /data\s*:\s*text\s*\/\s*html/gi,
-  // Data URLs containing HTML
-  /#.*\\"/gi,
-  // Fragment identifiers with escaped quotes
-  /&gt;.*&lt;/gi // HTML entity-encoded angle brackets indicating tag structure
-  ];
-
-  // Check if any XSS patterns are detected in the input text
-  const isXSSDetected = xssPatterns.some(pattern => pattern.test(text));
-
-  // Clean the text using DOMPurify with strict config
+  // Sanitize first to prevent mutation XSS (e.g., "s<iframe></iframe>tyle" → "style")
   const cleanText = _dompurify.default.sanitize(text, {
     ALLOWED_TAGS: [],
-    // No HTML tags allowed in title
     ALLOWED_ATTR: [],
     KEEP_CONTENT: true,
-    // Keep text content
     ALLOW_DATA_ATTR: false,
     ALLOW_UNKNOWN_PROTOCOLS: false,
     SANITIZE_DOM: true,
     FORCE_BODY: false
   });
+  const contentChanged = text !== cleanText;
+
+  // Non-global regex patterns to avoid stateful .test() issues
+  const xssPatterns = [/javascript\s*:/i, /vbscript\s*:/i, /on\w+\s*=/i,
+  // Event handlers
+  /<\s*script/i, /<\s*iframe/i, /<\s*object/i, /<\s*embed/i, /<\s*svg/i, /expression\s*\(/i,
+  // IE CSS expressions
+  /style\s*=.*position\s*:\s*(fixed|absolute)/i, /data\s*:\s*text\s*\/\s*html/i, /#.*\\"/i, /&(lt|gt|#x3c|#60|#x3e|#62);/i,
+  // HTML entities
+  /&#x?[0-9a-f]+;.*</i, /\u003c.*\u003e/i,
+  // Unicode escapes
+  /src\s*=\s*["']?\s*javascript:/i, /href\s*=\s*["']?\s*javascript:/i];
+  const hasXSSPattern = xssPatterns.some(pattern => {
+    return pattern.test(text) || pattern.test(cleanText);
+  });
+  const hasHTMLStructure = /<[^>]+>/.test(text) && !/<[^>]+>/.test(cleanText);
+  const isXSSDetected = contentChanged || hasXSSPattern || hasHTMLStructure;
   return {
     cleanText,
     isXSSDetected

package/lib/cjs/common/utils.js

@@ -7,7 +7,9 @@ exports.getCustomEventValue = exports.getConversationDetailsCall = exports.getBr
 exports.getDeviceType = getDeviceType;
 exports.getWidgetEndChatEventName = exports.getWidgetCacheIdfromProps = exports.getWidgetCacheId = exports.getTimestampHourMinute = exports.getStateFromCache = exports.getLocaleDirection = exports.getIconText = exports.getDomain = void 0;
 exports.isEndConversationDueToOverflowActivity = isEndConversationDueToOverflowActivity;
-exports.setTabIndices = exports.setOcUserAgent = exports.setFocusOnSendBox = exports.setFocusOnElement = exports.preventFocusToMoveOutOfElement = exports.parseLowerCaseString = exports.parseAdaptiveCardPayload = exports.newGuid = exports.isValidCustomEvent = exports.isUndefinedOrEmpty = exports.isThisSessionPopout = exports.isNullOrUndefined = exports.isNullOrEmptyString = void 0;
+exports.parseAdaptiveCardPayload = exports.newGuid = exports.isValidCustomEvent = exports.isUndefinedOrEmpty = exports.isThisSessionPopout = exports.isNullOrUndefined = exports.isNullOrEmptyString = void 0;
+exports.parseBooleanFromConfig = parseBooleanFromConfig;
+exports.setTabIndices = exports.setOcUserAgent = exports.setFocusOnSendBox = exports.setFocusOnElement = exports.preventFocusToMoveOutOfElement = exports.parseLowerCaseString = void 0;
 var _Constants = require("./Constants");
 var _TelemetryConstants = require("./telemetry/TelemetryConstants");
 var _omnichannelChatComponents = require("@microsoft/omnichannel-chat-components");
@@ -478,7 +480,7 @@ const setOcUserAgent = chatSDK => {
   // eslint-disable-line @typescript-eslint/no-explicit-any
   if ((_chatSDK$OCClient = chatSDK.OCClient) !== null && _chatSDK$OCClient !== void 0 && _chatSDK$OCClient.ocUserAgent && !((_chatSDK$OCClient2 = chatSDK.OCClient) !== null && _chatSDK$OCClient2 !== void 0 && _chatSDK$OCClient2.ocUserAgent.join(" ").includes("omnichannel-chat-widget/"))) {
     try {
-      const version = require("../../../package.json").version; // eslint-disable-line @typescript-eslint/no-var-requires
+      const version = require("../../package.json").version; // eslint-disable-line @typescript-eslint/no-var-requires
       const userAgent = `omnichannel-chat-widget/${version}`;
       chatSDK.OCClient.ocUserAgent = [userAgent, ...chatSDK.OCClient.ocUserAgent];
     } catch (error) {
@@ -519,4 +521,15 @@ exports.getCustomEventValue = getCustomEventValue;
 function isEndConversationDueToOverflowActivity(activity) {
   var _activity$channelData, _activity$channelData2;
   return (activity === null || activity === void 0 ? void 0 : (_activity$channelData = activity.channelData) === null || _activity$channelData === void 0 ? void 0 : _activity$channelData.tags) && Array.isArray(activity === null || activity === void 0 ? void 0 : (_activity$channelData2 = activity.channelData) === null || _activity$channelData2 === void 0 ? void 0 : _activity$channelData2.tags) && activity.channelData.tags.includes(_Constants.Constants.EndConversationDueToOverflow);
+}
+
+/**
+ * Parses a value that can be boolean or string ("true"/"false") into a boolean.
+ * Handles null/undefined by returning false.
+ * 
+ * @param value - The value to parse (can be boolean, string, null, or undefined)
+ * @returns true if value is true or "true" (case-insensitive), false otherwise
+ */
+function parseBooleanFromConfig(value) {
+  return value === true || (value === null || value === void 0 ? void 0 : value.toString().toLowerCase()) === "true";
 }

package/lib/cjs/components/errorboundary/ErrorBoundary.js

@@ -19,11 +19,12 @@ function _possibleConstructorReturn(self, call) { if (call && (typeof call === "
 function _assertThisInitialized(self) { if (self === void 0) { throw new ReferenceError("this hasn't been initialised - super() hasn't been called"); } return self; }
 function _isNativeReflectConstruct() { if (typeof Reflect === "undefined" || !Reflect.construct) return false; if (Reflect.construct.sham) return false; if (typeof Proxy === "function") return true; try { Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); return true; } catch (e) { return false; } }
 function _getPrototypeOf(o) { _getPrototypeOf = Object.setPrototypeOf ? Object.getPrototypeOf.bind() : function _getPrototypeOf(o) { return o.__proto__ || Object.getPrototypeOf(o); }; return _getPrototypeOf(o); }
+// eslint-disable-next-line @typescript-eslint/ban-types
 const RenderChildrenFunction = _ref => {
   let {
     children
   } = _ref;
-  return typeof children === 'function' ? children() : children;
+  return typeof children === "function" ? children() : children;
 };
 let ErrorBoundary = /*#__PURE__*/function (_Component) {
   _inherits(ErrorBoundary, _Component);

package/lib/cjs/components/livechatwidget/LiveChatWidget.js

@@ -35,8 +35,16 @@ const LiveChatWidget = props => {
     throw new Error("chatConfig is required");
   }
 
+  // Check configuration flags
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  const isAuthenticatedChat = !!((_props$chatConfig = props.chatConfig) !== null && _props$chatConfig !== void 0 && (_props$chatConfig$Liv = _props$chatConfig.LiveChatConfigAuthSettings) !== null && _props$chatConfig$Liv !== void 0 && _props$chatConfig$Liv.msdyn_javascriptclientfunction) || (0, _liveChatConfigUtils.isPersistentChatEnabled)((_props$chatConfig2 = props.chatConfig) === null || _props$chatConfig2 === void 0 ? void 0 : (_props$chatConfig2$Li = _props$chatConfig2.LiveWSAndLiveChatEngJoin) === null || _props$chatConfig2$Li === void 0 ? void 0 : _props$chatConfig2$Li.msdyn_conversationmode);
+  const hasAuthClientFn = !!((_props$chatConfig = props.chatConfig) !== null && _props$chatConfig !== void 0 && (_props$chatConfig$Liv = _props$chatConfig.LiveChatConfigAuthSettings) !== null && _props$chatConfig$Liv !== void 0 && _props$chatConfig$Liv.msdyn_javascriptclientfunction);
+  const persistentChatEnabled = (0, _liveChatConfigUtils.isPersistentChatEnabled)((_props$chatConfig2 = props.chatConfig) === null || _props$chatConfig2 === void 0 ? void 0 : (_props$chatConfig2$Li = _props$chatConfig2.LiveWSAndLiveChatEngJoin) === null || _props$chatConfig2$Li === void 0 ? void 0 : _props$chatConfig2$Li.msdyn_conversationmode);
+
+  // isAuthenticatedChat determines if FacadeChatSDK should require authentication:
+  // REGULAR AUTH FLOW (config-based):
+  // - Persistent chat enabled ? always authenticated
+  // - Auth settings exist ? authenticated from start
+  const isAuthenticatedChat = persistentChatEnabled || hasAuthClientFn;
   if (!facadeChatSDK) {
     var _props$mock;
     setFacadeChatSDK(new _FacadeChatSDK.FacadeChatSDK({