npm - @syntrologie/adapt-chatbot - Versions diffs - 2.26.0 → 2.27.0 - Mend

@syntrologie/adapt-chatbot 2.26.0 → 2.27.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/ChatAssistantLit.d.ts +42 -12
package/dist/ChatAssistantLit.d.ts.map +1 -1
package/dist/ChatAssistantLit.js +1 -1
package/dist/{chunk-O7RWNUVU.js → chunk-W457NMGD.js} +104 -17
package/dist/{chunk-O7RWNUVU.js.map → chunk-W457NMGD.js.map} +2 -2
package/dist/runtime.js +1 -1
package/package.json +1 -1

package/dist/ChatAssistantLit.d.ts CHANGED Viewed

@@ -11,13 +11,21 @@
  *    `window.__SYNTRO_CONFIG__.token` (set by runtime-config.js) — we read
  *    it at mount time and forward it via `Authorization: Bearer` header.
  *
- * 2. Cloudflare Turnstile bot-check token. When `TURNSTILE_SITEKEY` is set
- *    (hardcoded at the top of this file — operator updates after running
- *    terraform apply on cloudflare/turnstile in the infra repo), the
- *    widget dynamically loads Cloudflare's Turnstile JS, renders an
- *    invisible widget, and acquires a token before the first message.
- *    The token is forwarded via `CF-Turnstile-Token` header.
- *    If sitekey is empty (default), this step is skipped entirely.
+ * 2. Cloudflare Turnstile bot-check token (two-phase). When
+ *    `TURNSTILE_SITEKEY` is set:
+ *      a. Try invisible first — passive fingerprints, no UI. Clean
+ *         traffic resolves in milliseconds. Token forwarded via
+ *         `CF-Turnstile-Token`.
+ *      b. If CF declines to grant silently (datacenter IP, automation
+ *         signals, strict-privacy browser), render a visible managed
+ *         widget inside the chat container so CF can present the
+ *         "I am human" checkbox. On solve, swap to the chat UI.
+ *      c. If both phases fail, fall through with no token; backend
+ *         enforcement returns 403 and the existing fallback card
+ *         renders. The widget mode must be `managed` on the CF side
+ *         for the visible escalation to work — see
+ *         cloudflare/turnstile/main.tf in syntro-infra.
+ *    If sitekey is empty, this step is skipped entirely.
  *
  * 3. Fallback card. If the first agent run fails (Cloudflare Turnstile
  *    bot-check failure, CORS / network error, or a server-side rejection),
@@ -37,6 +45,28 @@ export interface ChatAssistantLitProps {
     runtime: ChatbotWidgetRuntime;
     tileId?: string;
 }
+export interface AcquireTurnstileOptions {
+    /**
+     * Widget size. `invisible` for the silent first attempt; `flexible`
+     * (or `normal`) for the visible managed checkbox after silent failure.
+     */
+    size: 'invisible' | 'flexible' | 'normal' | 'compact';
+    /**
+     * Where to mount the widget. For `invisible` this is an off-screen
+     * host; for the visible sizes it must be a container that's actually
+     * in the layout so CF can render the challenge UI. When omitted, an
+     * off-screen div is created and removed automatically (suitable for
+     * `invisible` only — visible sizes need a real host).
+     */
+    host?: HTMLElement;
+    /**
+     * Cancels an in-flight acquisition. On abort, the promise resolves to
+     * `null`, the CF widget is removed from the registry, and any owned
+     * host is torn down. Required for cleanup-during-challenge — without
+     * it, a user dismissing the tile mid-checkbox leaks the widget.
+     */
+    signal?: AbortSignal;
+}
 /**
  * Acquire a Cloudflare Turnstile token. Returns null when:
  *   • TURNSTILE_SITEKEY is empty (Turnstile disabled at build time)
@@ -44,14 +74,14 @@ export interface ChatAssistantLitProps {
  *   • the render callback doesn't fire within TURNSTILE_ACQUIRE_TIMEOUT_MS
  *   • Cloudflare returns an error-callback (e.g., rate-limited, bad sitekey)
  *
- * When null is returned, the widget proceeds WITHOUT a Turnstile token.
- * If backend enforcement is on, the request 403s and the fallback card
- * renders via the existing failure-detection path. If enforcement is off,
- * the request succeeds.
+ * Calls `turnstile.remove(widgetId)` on settle so CF's internal widget
+ * registry doesn't leak across re-mounts (CF will otherwise log
+ * `Cannot find Widget ...` when subsequent renders look up the old
+ * widget by id and find the host gone).
  *
  * Exported for tests; the production code path goes through `mount()`.
  */
-export declare function acquireTurnstileToken(): Promise<string | null>;
+export declare function acquireTurnstileToken(opts?: AcquireTurnstileOptions): Promise<string | null>;
 export declare const ChatAssistantLitMountable: {
     mount(container: HTMLElement, mountConfig?: Record<string, unknown>): () => void;
 };

package/dist/ChatAssistantLit.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"ChatAssistantLit.d.ts","sourceRoot":"","sources":["../src/ChatAssistantLit.ts"],"names":[],"mappings":"AAAA~~;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG~~;AAGH,OAAO,mBAAmB,CAAC;AAK3B,OAAO,KAAK,EAAE,aAAa,EAAmB,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAEvF,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,aAAa,CAAC;IACtB,OAAO,EAAE,oBAAoB,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAqGD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,~~CAkDpE~~;~~AAiGD~~,eAAO,MAAM,yBAAyB;qBACnB,WAAW,gBAAgB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;~~CA2LpE~~,CAAC"}
1	+ {"version":3,"file":"ChatAssistantLit.d.ts","sourceRoot":"","sources":["../src/ChatAssistantLit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAGH,OAAO,mBAAmB,CAAC;AAK3B,OAAO,KAAK,EAAE,aAAa,EAAmB,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAEvF,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,aAAa,CAAC;IACtB,OAAO,EAAE,oBAAoB,CAAC;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAqGD,MAAM,WAAW,uBAAuB;IACtC;;;OAGG;IACH,IAAI,EAAE,WAAW,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;IACtD;;;;;;OAMG;IACH,IAAI,CAAC,EAAE,WAAW,CAAC;IACnB;;;;;OAKG;IACH,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,qBAAqB,CACzC,IAAI,GAAE,uBAA+C,GACpD,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAkFxB;AAqGD,eAAO,MAAM,yBAAyB;qBACnB,WAAW,gBAAgB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;CAwPpE,CAAC"}

package/dist/ChatAssistantLit.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import {
   ChatAssistantLitMountable,
   acquireTurnstileToken
-} from "./chunk-O7RWNUVU.js";
+} from "./chunk-W457NMGD.js";
 import "./chunk-UVKRO5ER.js";
 export {
   ChatAssistantLitMountable,

package/dist/{chunk-O7RWNUVU.js → chunk-W457NMGD.js} RENAMED Viewed

@@ -10741,7 +10741,7 @@ function loadTurnstileScript() {
     document.head.appendChild(script);
   });
 }
-async function acquireTurnstileToken() {
+async function acquireTurnstileToken(opts = { size: "invisible" }) {
   if (!TURNSTILE_SITEKEY) return null;
   if (typeof window === "undefined" || typeof document === "undefined") return null;
   let turnstile;
@@ -10755,24 +10755,44 @@ async function acquireTurnstileToken() {
   } catch {
     return null;
   }
+  const ownsHost = !opts.host;
+  const host = opts.host ?? (() => {
+    const h = document.createElement("div");
+    h.style.cssText = "position:absolute;top:-9999px;left:-9999px;width:0;height:0;overflow:hidden;";
+    h.setAttribute("data-adaptive-chatbot-turnstile-host", "true");
+    document.body.appendChild(h);
+    return h;
+  })();
   return new Promise((resolve) => {
-    const host = document.createElement("div");
-    host.style.cssText = "position:absolute;top:-9999px;left:-9999px;width:0;height:0;overflow:hidden;";
-    host.setAttribute("data-adaptive-chatbot-turnstile-host", "true");
-    document.body.appendChild(host);
     let settled = false;
+    let widgetId = null;
     const settle = (value) => {
       if (settled) return;
       settled = true;
       clearTimeout(timer);
-      setTimeout(() => host.remove(), 0);
+      if (typeof widgetId === "string") {
+        try {
+          turnstile.remove?.(widgetId);
+        } catch {
+        }
+      }
+      if (ownsHost) {
+        setTimeout(() => host.remove(), 0);
+      }
       resolve(value);
     };
     const timer = setTimeout(() => settle(null), TURNSTILE_ACQUIRE_TIMEOUT_MS);
+    if (opts.signal) {
+      if (opts.signal.aborted) {
+        settle(null);
+        return;
+      }
+      opts.signal.addEventListener("abort", () => settle(null), { once: true });
+    }
     try {
-      turnstile.render(host, {
+      widgetId = turnstile.render(host, {
         sitekey: TURNSTILE_SITEKEY,
-        size: "invisible",
+        size: opts.size,
         callback: (token) => settle(token),
         "error-callback": () => settle(null),
         "timeout-callback": () => settle(null),
@@ -10833,8 +10853,10 @@ function renderFallbackHtml(fallback) {
         return "&gt;";
       case '"':
         return "&quot;";
-      default:
+      case "'":
         return "&#39;";
+      default:
+        return ch;
     }
   });
   const ctaHtml = ctaHref && /^https?:\/\//.test(ctaHref) ? `<a href="${escapeHtml(ctaHref)}" target="_blank" rel="noopener noreferrer" style="${ctaStyle}">${escapeHtml(ctaLabel)}</a>` : "";
@@ -10893,6 +10915,7 @@ var ChatAssistantLitMountable = {
       }
     };
     let hadTurnstileToken = null;
+    let botCheckOutcome = "disabled";
     const swapToFallback = (reason) => {
       if (isUnmounted || hasSucceeded || fallbackRendered) return;
       fallbackRendered = true;
@@ -10900,7 +10923,8 @@ var ChatAssistantLitMountable = {
       const payload = {
         tileId: resolvedTileId,
         reason,
-        hadTurnstileToken
+        hadTurnstileToken,
+        botCheckOutcome
       };
       runtime.events.publish("chatbot.fallback_rendered", payload);
       console.warn("[adaptive-chatbot] fallback rendered", payload);
@@ -10946,14 +10970,45 @@ var ChatAssistantLitMountable = {
       });
       container.appendChild(el);
     };
+    let visiblePanel = null;
+    const acquireAbort = new AbortController();
+    const acquireWithEscalation = async () => {
+      const silent = await acquireTurnstileToken({
+        size: "invisible",
+        signal: acquireAbort.signal
+      });
+      if (isUnmounted) return null;
+      if (silent !== null) {
+        botCheckOutcome = "invisible_succeeded";
+        return silent;
+      }
+      visiblePanel = renderVerifyPanel(container);
+      const widgetHost = visiblePanel.querySelector(
+        '[data-adaptive-chatbot-turnstile-host="true"]'
+      );
+      if (!widgetHost) return null;
+      const interactive = await acquireTurnstileToken({
+        size: "flexible",
+        host: widgetHost,
+        signal: acquireAbort.signal
+      });
+      if (isUnmounted) return null;
+      visiblePanel.remove();
+      visiblePanel = null;
+      if (interactive !== null) {
+        botCheckOutcome = "visible_succeeded";
+        return interactive;
+      }
+      botCheckOutcome = "visible_failed";
+      console.warn(
+        "[adaptive-chatbot] turnstile token acquisition failed (visible challenge also rejected) \u2014 connecting without a bot-check token; backend may 403"
+      );
+      return null;
+    };
     if (TURNSTILE_SITEKEY) {
-      void acquireTurnstileToken().then((cft) => {
+      void acquireWithEscalation().then((cft) => {
+        if (isUnmounted) return;
         hadTurnstileToken = cft !== null;
-        if (!hadTurnstileToken) {
-          console.warn(
-            "[adaptive-chatbot] turnstile token acquisition failed \u2014 connecting without a bot-check token; backend may 403"
-          );
-        }
         setupTransport(cft);
       });
     } else {
@@ -10962,10 +11017,15 @@ var ChatAssistantLitMountable = {
     return () => {
       isUnmounted = true;
       clearTimers();
+      acquireAbort.abort();
       if (unsubscribe) {
         unsubscribe();
         unsubscribe = null;
       }
+      if (visiblePanel) {
+        visiblePanel.remove();
+        visiblePanel = null;
+      }
       if (!fallbackRendered) {
         transport?.disconnect();
         el.remove();
@@ -10973,6 +11033,33 @@ var ChatAssistantLitMountable = {
     };
   }
 };
+function renderVerifyPanel(container) {
+  const panel = document.createElement("div");
+  panel.setAttribute("data-adaptive-chatbot-turnstile-visible", "true");
+  panel.style.cssText = [
+    "display:flex",
+    "flex-direction:column",
+    "align-items:center",
+    "justify-content:center",
+    "gap:14px",
+    "padding:20px",
+    "height:100%",
+    "width:100%",
+    "background:var(--sc-content-background,'transparent')",
+    "color:var(--sc-content-text-color,'#1a1a1a')",
+    "font-family:var(--sc-font-family,'system-ui')",
+    "text-align:center"
+  ].join(";");
+  const heading = document.createElement("div");
+  heading.style.cssText = "font-size:14px;font-weight:500;line-height:1.4;";
+  heading.textContent = "Quick check before we start chatting";
+  const widgetHost = document.createElement("div");
+  widgetHost.setAttribute("data-adaptive-chatbot-turnstile-host", "true");
+  panel.appendChild(heading);
+  panel.appendChild(widgetHost);
+  container.appendChild(panel);
+  return panel;
+}
 export {
   acquireTurnstileToken,
@@ -10997,4 +11084,4 @@ fast-json-patch/module/duplex.mjs:
    * MIT license
    *)
 */
-//# sourceMappingURL=chunk-O7RWNUVU.js.map
+//# sourceMappingURL=chunk-W457NMGD.js.map