npm - @sylergydigital/issue-pin-sdk - Versions diffs - 0.6.1 → 0.6.2 - Mend

@sylergydigital/issue-pin-sdk 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -15,10 +15,16 @@ npm install @sylergydigital/issue-pin-sdk
 Ensure these are installed in your app:
 ```bash
-npm install react react-dom @supabase/supabase-js html2canvas lucide-react
+npm install react react-dom @supabase/supabase-js html2canvas-pro lucide-react
 ```
-The public GitHub repo at `sylergydigital/issue-pin-sdk` is a read-only mirror. Source changes should be made in the private source repo and will sync across automatically.
+The public GitHub repo at `https://github.com/sylergydigital/issue-pin-sdk` is a read-only mirror of the publishable SDK package.
+The package is published publicly on npm, so no `.npmrc` or GitHub Packages token setup is required for installation.
+npm package page: `https://www.npmjs.com/package/@sylergydigital/issue-pin-sdk`
+Source changes should still be made in the private source repo and will sync across automatically.
 `react-router-dom` is **not** required. The SDK tracks `window.location` for thread fetching and `?highlight_thread=` without router context.
@@ -290,14 +296,15 @@ import { supabase } from "./lib/supabase";
 <IssuePin apiKey="ew_live_..." supabaseClient={supabase} enabled={feedbackOn} />
 ```
-No backend code, edge functions, or sync secrets needed. The SDK handles everything transparently.
+No backend code or sync secrets are needed in the host app. On the first successful federation call, Issue Pin verifies the external Supabase JWT against its issuer JWKS and bootstraps the workspace trust mapping automatically.
 ### How auto-federation works
 When a user is detected via `supabaseClient`:
 1. The SDK calls the `sdk-federate` endpoint with the API key + user identity
-2. The endpoint validates the API key, resolves the workspace, and upserts the user as a `client_federated` workspace member with `commenter` role
-3. An identity source (`sdk:<workspace-slug>`) is auto-created if it doesn't exist
+2. The endpoint validates the API key, resolves the workspace, verifies the external Supabase JWT against the issuer JWKS, and derives the external project ref from the token issuer
+3. If the workspace has no active Supabase issuer mapping yet, Issue Pin auto-creates the matching `identity_sources` and `workspace_identity_sources` records for that issuer
+4. The endpoint upserts the user as a `client_federated` workspace member with `commenter` role
 ```mermaid
 sequenceDiagram
@@ -311,6 +318,8 @@ sequenceDiagram
     SDK->>EF: POST { apiKey, externalId, email, displayName }
     EF->>DB: SHA-256(apiKey) → resolve_api_key()
     DB-->>EF: workspace_id
+    EF->>DB: verify JWT via issuer JWKS
+    EF->>DB: bootstrap issuer mapping if missing
     EF->>DB: Upsert user_identities
     EF->>DB: Upsert workspace_members (commenter role)
     DB-->>EF: OK
@@ -319,6 +328,8 @@ sequenceDiagram
     Note over SDK: Result cached — runs once per session
 ```
+The first verified Supabase issuer becomes the workspace's default SDK federation issuer. If you later need to trust a different or additional issuer, add it explicitly in the Federation UI.
 ### Other auth providers (manual)
 For non-Supabase auth systems, pass identity props directly:
@@ -353,11 +364,7 @@ Paste this into **Claude Code**, **Cursor**, or **Codex** to integrate the SDK a
 Add the Issue Pin feedback SDK to this React app.
 Install: npm install @sylergydigital/issue-pin-sdk
-Peer deps: npm install @supabase/supabase-js html2canvas lucide-react
-.npmrc setup (required for GitHub Packages):
-//npm.pkg.github.com/:_authToken=${GITHUB_TOKEN}
-@sylergydigital:registry=https://npm.pkg.github.com
+Peer deps: npm install react react-dom @supabase/supabase-js html2canvas-pro lucide-react
 Integration:
 1. Import { IssuePin } from "@sylergydigital/issue-pin-sdk"

package/dist/index.cjs CHANGED Viewed

@@ -52,7 +52,7 @@ var import_react11 = require("react");
 // src/FeedbackProvider.tsx
 var import_react2 = require("react");
 var import_supabase_js = require("@supabase/supabase-js");
-var import_html2canvas = __toESM(require("html2canvas"), 1);
+var import_html2canvas_pro = __toESM(require("html2canvas-pro"), 1);
 // src/useDocumentPathname.ts
 var import_react = require("react");
@@ -680,7 +680,7 @@ function FeedbackProviderInner({
     if (!client) return;
     try {
       await new Promise((resolve) => setTimeout(resolve, 300));
-      const canvas = await (0, import_html2canvas.default)(document.body, {
+      const canvas = await (0, import_html2canvas_pro.default)(document.body, {
         useCORS: true,
         allowTaint: true,
         logging: false,
@@ -712,7 +712,7 @@ function FeedbackProviderInner({
     setMenuOpen(false);
     setScreenshotCapturing(true);
     try {
-      const canvas = await (0, import_html2canvas.default)(document.body, {
+      const canvas = await (0, import_html2canvas_pro.default)(document.body, {
         useCORS: true,
         scale: window.devicePixelRatio,
         logging: false,