@mushi-mushi/core 1.11.0 → 1.12.0

package/dist/index.cjs

@@ -1,5 +1,47 @@
 'use strict';
 
+// src/payload-guard.ts
+var MAX_REPORT_PAYLOAD_BYTES = 4 * 1024 * 1024;
+var MAX_SCREENSHOT_DATA_URL_BYTES = 1.5 * 1024 * 1024;
+function safeStringify(value) {
+  try {
+    return JSON.stringify(value);
+  } catch {
+    return null;
+  }
+}
+function estimateJsonBytes(value) {
+  const json = safeStringify(value);
+  return json === null ? Number.MAX_SAFE_INTEGER : new TextEncoder().encode(json).length;
+}
+function checkReportPayloadSize(payload, maxBytes = MAX_REPORT_PAYLOAD_BYTES) {
+  const json = safeStringify(payload);
+  if (json === null) {
+    return {
+      ok: false,
+      bytes: 0,
+      maxBytes,
+      serializeFailed: true,
+      reason: "Report could not be serialized (circular reference in metadata?)"
+    };
+  }
+  const bytes = new TextEncoder().encode(json).length;
+  if (bytes <= maxBytes) {
+    return { ok: true, bytes, maxBytes };
+  }
+  return {
+    ok: false,
+    bytes,
+    maxBytes,
+    reason: `Report payload ${formatBytes(bytes)} exceeds limit ${formatBytes(maxBytes)}`
+  };
+}
+function formatBytes(n) {
+  if (n < 1024) return `${n} B`;
+  if (n < 1024 * 1024) return `${(n / 1024).toFixed(1)} KB`;
+  return `${(n / (1024 * 1024)).toFixed(2)} MB`;
+}
+
 // src/api-client.ts
 var DEFAULT_API_ENDPOINT = "https://dxptnwrhwsqckaftyymj.supabase.co/functions/v1/api";
 var MUSHI_INTERNAL_HEADER = "X-Mushi-Internal";
@@ -109,6 +151,16 @@ function createApiClient(options) {
   }
   return {
     async submitReport(report) {
+      const guard = checkReportPayloadSize(report);
+      if (!guard.ok) {
+        return {
+          ok: false,
+          error: {
+            code: guard.serializeFailed ? "SERIALIZE_FAILED" : "PAYLOAD_TOO_LARGE",
+            message: guard.reason ?? "Report payload exceeds size limit"
+          }
+        };
+      }
       return request("POST", "/v1/reports", report, maxRetries, "report-submit");
     },
     async getReportStatus(reportId) {
@@ -156,6 +208,40 @@ function createApiClient(options) {
         { note: note ?? "" }
       );
     },
+    async listNotifications(reporterToken, opts) {
+      const qs = new URLSearchParams();
+      if (opts?.since) qs.set("since", opts.since);
+      if (opts?.limit) qs.set("limit", String(opts.limit));
+      const suffix = qs.size ? `?${qs.toString()}` : "";
+      return requestForReporter(
+        "GET",
+        `/v1/notifications${suffix}`,
+        reporterToken
+      );
+    },
+    async markNotificationRead(notificationId, reporterToken) {
+      return requestForReporter(
+        "POST",
+        `/v1/notifications/${notificationId}/read`,
+        reporterToken,
+        {}
+      );
+    },
+    async listReporterFeatureBoard(reporterToken) {
+      return requestForReporter(
+        "GET",
+        "/v1/reporter/feature-board",
+        reporterToken
+      );
+    },
+    async voteReporterFeatureBoard(requestId, reporterToken) {
+      return requestForReporter(
+        "POST",
+        `/v1/reporter/feature-board/${requestId}/vote`,
+        reporterToken,
+        {}
+      );
+    },
     // ─── Rewards program (P1) ──────────────────────────────────
     async submitActivity(userId, events, opts) {
       return request(
@@ -798,7 +884,11 @@ function createOfflineQueue(config = {}) {
         }
         sent++;
       } else {
-        const permanent = result.error?.code === "HTTP_400" || result.error?.code === "HTTP_422" || result.error?.code === "INGEST_ERROR" || result.error?.code === "VALIDATION_ERROR" || typeof result.error?.message === "string" && /invalid payload|description must be at least|validation/i.test(
+        const permanent = result.error?.code === "HTTP_400" || result.error?.code === "HTTP_413" || result.error?.code === "HTTP_422" || result.error?.code === "INGEST_ERROR" || result.error?.code === "VALIDATION_ERROR" || // A payload that exceeds the size guard will never shrink on its own;
+        // retrying re-serialises the multi-MB body every sync tick and wedges
+        // the queue (it matches neither permanent nor transient otherwise).
+        // SERIALIZE_FAILED (circular ref) is likewise unrecoverable on retry.
+        result.error?.code === "PAYLOAD_TOO_LARGE" || result.error?.code === "SERIALIZE_FAILED" || typeof result.error?.message === "string" && /invalid payload|description must be at least|validation/i.test(
           result.error.message
         );
         const transient = !permanent && (result.error?.code === "NETWORK_ERROR" || result.error?.code === "HTTP_403" || result.error?.code === "HTTP_429" || result.error?.code === "HTTP_502" || result.error?.code === "HTTP_503" || result.error?.code === "HTTP_504" || typeof result.error?.code === "string" && result.error.code.startsWith("HTTP_5"));
@@ -1339,10 +1429,13 @@ function normaliseThrown(thrown) {
 }
 
 exports.DEFAULT_API_ENDPOINT = DEFAULT_API_ENDPOINT;
+exports.MAX_REPORT_PAYLOAD_BYTES = MAX_REPORT_PAYLOAD_BYTES;
+exports.MAX_SCREENSHOT_DATA_URL_BYTES = MAX_SCREENSHOT_DATA_URL_BYTES;
 exports.MUSHI_INTERNAL_HEADER = MUSHI_INTERNAL_HEADER;
 exports.MUSHI_INTERNAL_INIT_MARKER = MUSHI_INTERNAL_INIT_MARKER;
 exports.REGION_ENDPOINTS = REGION_ENDPOINTS;
 exports.captureEnvironment = captureEnvironment;
+exports.checkReportPayloadSize = checkReportPayloadSize;
 exports.createApiClient = createApiClient;
 exports.createBreadcrumbBuffer = createBreadcrumbBuffer;
 exports.createLogger = createLogger;
@@ -1350,6 +1443,8 @@ exports.createOfflineQueue = createOfflineQueue;
 exports.createPiiScrubber = createPiiScrubber;
 exports.createPreFilter = createPreFilter;
 exports.createRateLimiter = createRateLimiter;
+exports.estimateJsonBytes = estimateJsonBytes;
+exports.formatBytes = formatBytes;
 exports.getDeviceFingerprintHash = getDeviceFingerprintHash;
 exports.getReporterToken = getReporterToken;
 exports.getSessionId = getSessionId;