npm - @mushi-mushi/core - Versions diffs - 0.7.0 → 0.9.0 - Mend

@mushi-mushi/core 0.7.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -7,7 +7,7 @@ Core types, API client, and utilities for the Mushi Mushi SDK.
 ## What's Inside
 - **Types**: `MushiConfig`, `MushiReport`, `MushiEnvironment`, and all shared interfaces
-- **API Client**: Fetch-based HTTP client with retry and exponential backoff
+- **API Client**: Fetch-based HTTP client with retry and exponential backoff. Tags every internal request with `X-Mushi-Internal: <kind>` so framework SDKs can filter their own traffic out of network capture and `apiCascade`. Ships HMAC-signed reporter helpers (`getLatestSdkVersion`, `listReporterReports`, `listReporterComments`, `replyToReporterReport`) for the two-way reply pipeline, plus `postDiscoveryEvent` (v2.1) for the passive inventory channel
 - **Pre-Filter**: On-device Stage 0 spam/gibberish filter (runs client-side, zero server cost)
 - **Offline Queue**: IndexedDB-backed queue with auto-sync on reconnect
 - **Environment Capture**: Browser/device snapshot (viewport, user agent, connection info)
@@ -15,10 +15,37 @@ Core types, API client, and utilities for the Mushi Mushi SDK.
 - **Session ID**: Tab-scoped session correlation
 - **Rate Limiter**: Token bucket self-throttle to prevent API flooding
+## Public types added in 0.7 → 0.11
+| Type                       | Purpose                                                                                       |
+|----------------------------|-----------------------------------------------------------------------------------------------|
+| `MushiPreset`              | `'production-calm' \| 'beta-loud' \| 'internal-debug' \| 'manual-only'` posture bundles.      |
+| `MushiWidgetAnchor`        | Raw-CSS positioning (`top` / `right` / `bottom` / `left`) for the widget launcher.            |
+| `MushiPrivacyConfig`       | `maskSelectors`, `blockSelectors`, `allowUserRemoveScreenshot` for screenshot redaction.       |
+| `MushiUrlMatcher`          | `string \| RegExp` element used by `capture.ignoreUrls` and `apiCascade.ignoreUrls`.          |
+| `MushiApiCascadeConfig`    | Object form of `proactive.apiCascade` so URL filters can be declared per-host-app.            |
+| `MushiDiagnosticsResult`   | Return shape of `Mushi.diagnose()` (CSP, runtime-config, capture, widget health).             |
+| `MushiSdkVersionInfo`      | Response shape for `getLatestSdkVersion(packageName)`; powers the outdated-banner UI.         |
+| `MushiTimelineEntry`       | `{ ts, kind: 'route' \| 'click' \| 'request' \| 'log' \| 'screen', payload }` repro entries. |
+| `MushiReporterReport`      | Reporter-facing report row (HMAC-authed) with `unread_count` for the widget badge.            |
+| `MushiReporterComment`     | Reporter-facing comment row (HMAC-authed) tagged `author_kind: 'admin' \| 'reporter'`.        |
+| `MushiDiscoverInventoryConfig` | Mushi v2.1 — fine-grained controls for `capture.discoverInventory` (`enabled`, `throttleMs`, `routeTemplates`, `userIdSource`, `captureDomSummary`). Pass `true` for defaults. |
+| `MushiDiscoveryEventPayload`   | Mushi v2.1 — wire shape for `POST /v1/sdk/discovery`. Mirrored server-side by `_shared/schemas.ts::discoveryEventSchema`; route + page title + testids + network paths + query-param **keys only** + sha256 user id hash. |
+Constants: `MUSHI_INTERNAL_HEADER` (`'X-Mushi-Internal'`),
+`MUSHI_INTERNAL_INIT_MARKER`, and the `MushiInternalRequestKind` literal union
+are re-exported so framework adapters can build their own self-noise filters.
 ## Usage
 ```typescript
-import { createApiClient, createPreFilter, captureEnvironment, createRateLimiter } from '@mushi-mushi/core';
+import {
+  createApiClient,
+  createPreFilter,
+  captureEnvironment,
+  createRateLimiter,
+  MUSHI_INTERNAL_HEADER,
+} from '@mushi-mushi/core';
 ```
 This package is used internally by `@mushi-mushi/web` and `@mushi-mushi/react`. Most consumers should use those packages instead.

package/dist/index.cjs CHANGED Viewed

@@ -2,6 +2,8 @@
 // src/api-client.ts
 var DEFAULT_API_ENDPOINT = "https://dxptnwrhwsqckaftyymj.supabase.co/functions/v1/api";
+var MUSHI_INTERNAL_HEADER = "X-Mushi-Internal";
+var MUSHI_INTERNAL_INIT_MARKER = "__mushiInternal";
 var DEFAULT_TIMEOUT = 1e4;
 var DEFAULT_MAX_RETRIES = 2;
 function createApiClient(options) {
@@ -13,7 +15,7 @@ function createApiClient(options) {
     maxRetries = DEFAULT_MAX_RETRIES
   } = options;
   let baseUrl = apiEndpoint.replace(/\/$/, "");
-  async function request(method, path, body, retries = maxRetries) {
+  async function request(method, path, body, retries = maxRetries, internalKind) {
     const url = `${baseUrl}${path}`;
     const controller = new AbortController();
     const timer = setTimeout(() => controller.abort(), timeout);
@@ -23,10 +25,12 @@ function createApiClient(options) {
         headers: {
           "Content-Type": "application/json",
           "X-Mushi-Api-Key": apiKey,
-          "X-Mushi-Project": projectId
+          "X-Mushi-Project": projectId,
+          ...internalKind ? { [MUSHI_INTERNAL_HEADER]: internalKind } : {}
         },
         body: body ? JSON.stringify(body) : void 0,
-        signal: controller.signal
+        signal: controller.signal,
+        ...internalKind ? { [MUSHI_INTERNAL_INIT_MARKER]: internalKind } : {}
       });
       clearTimeout(timer);
       if (response.status === 307 || response.status === 308) {
@@ -35,7 +39,7 @@ function createApiClient(options) {
           const targetBase = target.replace(/\/v1\/.*$/, "").replace(/\/$/, "");
           if (targetBase !== baseUrl) {
             baseUrl = targetBase;
-            return request(method, path, body, retries - 1);
+            return request(method, path, body, retries - 1, internalKind);
           }
         }
       }
@@ -43,7 +47,7 @@ function createApiClient(options) {
         const errorBody = await response.json().catch(() => ({}));
         if (response.status >= 500 && retries > 0) {
           await sleep(getBackoffDelay(maxRetries - retries));
-          return request(method, path, body, retries - 1);
+          return request(method, path, body, retries - 1, internalKind);
         }
         return {
           ok: false,
@@ -60,7 +64,7 @@ function createApiClient(options) {
       clearTimeout(timer);
       if (retries > 0 && isRetryable(error)) {
         await sleep(getBackoffDelay(maxRetries - retries));
-        return request(method, path, body, retries - 1);
+        return request(method, path, body, retries - 1, internalKind);
       }
       return {
         ok: false,
@@ -71,18 +75,96 @@ function createApiClient(options) {
       };
     }
   }
+  async function requestForReporter(method, path, reporterToken, body) {
+    const tokenHash = await sha256Hex(reporterToken);
+    const ts = String(Date.now());
+    const hmac = await hmacSha256Hex(apiKey, `${projectId}.${ts}.${tokenHash}`);
+    const url = `${baseUrl}${path}`;
+    const response = await fetch(url, {
+      method,
+      headers: {
+        "Content-Type": "application/json",
+        "X-Mushi-Api-Key": apiKey,
+        "X-Mushi-Project": projectId,
+        [MUSHI_INTERNAL_HEADER]: "reporter-poll",
+        "X-Reporter-Token-Hash": tokenHash,
+        "X-Reporter-Ts": ts,
+        "X-Reporter-Hmac": hmac
+      },
+      body: body ? JSON.stringify(body) : void 0,
+      [MUSHI_INTERNAL_INIT_MARKER]: "reporter-poll"
+    });
+    if (!response.ok) {
+      const errorBody = await response.json().catch(() => ({}));
+      return {
+        ok: false,
+        error: {
+          code: `HTTP_${response.status}`,
+          message: errorBody.error?.message ?? errorBody.message ?? `HTTP ${response.status} error`
+        }
+      };
+    }
+    const payload = await response.json();
+    return { ok: true, data: payload.data ?? payload };
+  }
   return {
     async submitReport(report) {
-      return request("POST", "/v1/reports", report);
+      return request("POST", "/v1/reports", report, maxRetries, "report-submit");
     },
     async getReportStatus(reportId) {
-      return request("GET", `/v1/reports/${reportId}/status`);
+      return request("GET", `/v1/reports/${reportId}/status`, void 0, maxRetries, "report-status");
     },
     async getSdkConfig() {
-      return request("GET", "/v1/sdk/config");
+      return request("GET", "/v1/sdk/config", void 0, maxRetries, "sdk-config");
+    },
+    async getLatestSdkVersion(packageName) {
+      const query = new URLSearchParams({ package: packageName }).toString();
+      return request("GET", `/v1/sdk/latest-version?${query}`, void 0, maxRetries, "sdk-config");
+    },
+    async postDiscoveryEvent(event) {
+      return request(
+        "POST",
+        "/v1/sdk/discovery",
+        event,
+        1,
+        "discovery"
+      );
+    },
+    async listReporterReports(reporterToken) {
+      return requestForReporter("GET", "/v1/reporter/reports", reporterToken);
+    },
+    async listReporterComments(reportId, reporterToken) {
+      return requestForReporter(
+        "GET",
+        `/v1/reporter/reports/${reportId}/comments`,
+        reporterToken
+      );
+    },
+    async replyToReporterReport(reportId, reporterToken, body) {
+      return requestForReporter(
+        "POST",
+        `/v1/reporter/reports/${reportId}/reply`,
+        reporterToken,
+        { body }
+      );
     }
   };
 }
+async function sha256Hex(value) {
+  const buffer = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(value));
+  return Array.from(new Uint8Array(buffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function hmacSha256Hex(secret, value) {
+  const key = await crypto.subtle.importKey(
+    "raw",
+    new TextEncoder().encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"]
+  );
+  const buffer = await crypto.subtle.sign("HMAC", key, new TextEncoder().encode(value));
+  return Array.from(new Uint8Array(buffer)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
@@ -722,9 +804,23 @@ function captureEnvironment() {
       rtt: connection.rtt
     } : void 0,
     deviceMemory: nav?.deviceMemory,
-    hardwareConcurrency: nav?.hardwareConcurrency
+    hardwareConcurrency: nav?.hardwareConcurrency,
+    route: win?.location?.pathname,
+    nearestTestid: findNearestTestidFromActive(doc)
   };
 }
+function findNearestTestidFromActive(doc) {
+  if (!doc) return void 0;
+  let cur = doc.activeElement ?? null;
+  let hops = 0;
+  while (cur && hops < 20) {
+    const tid = cur.getAttribute?.("data-testid");
+    if (tid) return tid;
+    cur = cur.parentElement;
+    hops++;
+  }
+  return void 0;
+}
 // src/reporter-token.ts
 var STORAGE_KEY = "mushi_reporter_token";
@@ -776,7 +872,7 @@ function collectInputs() {
     hardwareConcurrency: nav?.hardwareConcurrency
   };
 }
-async function sha256Hex(input) {
+async function sha256Hex2(input) {
   if (typeof crypto !== "undefined" && crypto.subtle) {
     const buf = new TextEncoder().encode(input);
     const digest = await crypto.subtle.digest("SHA-256", buf);
@@ -796,7 +892,7 @@ async function getDeviceFingerprintHash() {
   }
   const inputs = collectInputs();
   const serialised = JSON.stringify(inputs);
-  const hash = await sha256Hex(serialised);
+  const hash = await sha256Hex2(serialised);
   if (typeof localStorage !== "undefined") {
     try {
       localStorage.setItem(CACHE_KEY, hash);
@@ -933,6 +1029,8 @@ function scrubPii(text, config) {
 }
 exports.DEFAULT_API_ENDPOINT = DEFAULT_API_ENDPOINT;
+exports.MUSHI_INTERNAL_HEADER = MUSHI_INTERNAL_HEADER;
+exports.MUSHI_INTERNAL_INIT_MARKER = MUSHI_INTERNAL_INIT_MARKER;
 exports.REGION_ENDPOINTS = REGION_ENDPOINTS;
 exports.captureEnvironment = captureEnvironment;
 exports.createApiClient = createApiClient;