@thoughtspot/visual-embed-sdk 1.47.3 → 1.48.0

package/lib/src/visual-embed-sdk.d.ts

@@ -1902,9 +1902,10 @@ export interface BaseViewConfig extends ApiInterceptFlags {
 	styleSheet__unstable?: string;
 	/**
 	 * The list of actions to disable from the primary menu, more menu
-	 * (...), and the contextual menu. These actions will be disabled
-	 * for the user.
-	 * Use this to disable actions.
+	 * (...), and the contextual menu. Disabled actions are grayed out
+	 * and still visible to the user, but cannot be clicked.
+	 * Use this when you want to disable an action (keep it visible but non-interactive).
+	 * To completely remove an action from the UI, use {@link hiddenActions} instead.
 	 *
 	 * Supported embed types: `AppEmbed`, `LiveboardEmbed`, `SearchEmbed`, `SpotterAgentEmbed`, `SpotterEmbed`, `SearchBarEmbed`
 	 * @version SDK: 1.6.0 | ThoughtSpot: ts8.nov.cl, 8.4.1.sw
@@ -1935,9 +1936,10 @@ export interface BaseViewConfig extends ApiInterceptFlags {
 	 */
 	disabledActionReason?: string;
 	/**
-	 * The list of actions to hide from the embedded view.
-	 * These actions will be hidden from the user.
-	 * Use this to hide an action.
+	 * The list of actions to completely remove from the embedded view.
+	 * Hidden actions are not visible to the user at all (fully removed from the UI).
+	 * Use this when you want to remove an action entirely.
+	 * To keep an action visible but non-interactive (grayed out), use {@link disabledActions} instead.
 	 *
 	 * Supported embed types: `AppEmbed`, `LiveboardEmbed`, `SearchEmbed`, `SpotterAgentEmbed`, `SpotterEmbed`, `SearchBarEmbed`
 	 * @version SDK: 1.6.0 | ThoughtSpot: ts8.nov.cl, 8.4.1.sw
@@ -1956,9 +1958,8 @@ export interface BaseViewConfig extends ApiInterceptFlags {
 	 * The list of actions to display from the primary menu, more menu
 	 * (...), and the contextual menu. These will be only actions that
 	 * are visible to the user.
-	 * Use this to hide all actions except the ones you want to show.
-	 *
-	 * Use either this or hiddenActions.
+	 * Use this as an allowlist — only the actions listed here will be shown.
+	 * All other actions will be hidden. Use either this or {@link hiddenActions}, not both.
 	 *
 	 * Supported embed types: `AppEmbed`, `LiveboardEmbed`, `SearchEmbed`, `SpotterAgentEmbed`, `SpotterEmbed`, `SearchBarEmbed`
 	 * @version SDK: 1.6.0 | ThoughtSpot: ts8.nov.cl, 8.4.1.sw
@@ -2412,6 +2413,7 @@ export interface BaseViewConfig extends ApiInterceptFlags {
 	/**
 	 * Refresh the auth token when the token is near expiry.
 	 * @version SDK: 1.45.2 | ThoughtSpot: 26.3.0.cl
+	 * @default true
 	 * @example
 	 * ```js
 	 * const embed = new AppEmbed('#tsEmbed', {
@@ -6719,10 +6721,14 @@ export enum DataSourceVisualMode {
 /**
  * ThoughtSpot application pages include actions and menu commands
  * for various user-initiated operations. These actions are represented
- * as enumeration members in the SDK. To show, hide, or disable
- * specific actions in the embedded view, define the Action
- * enumeration members in the `disabledActions`, `visibleActions`,
- * or `hiddenActions` array.
+ * as enumeration members in the SDK. To control actions in the embedded view:
+ * - disabledActions — the action is grayed out and still visible, but non-interactive (user can see but not click).
+ * - hiddenActions — the action is completely removed from the UI (user cannot see it at all).
+ * - visibleActions — allowlist, only these actions are shown; all others are hidden.
+ *
+ * Use disabledActions to disable (gray out) an action.
+ * Use hiddenActions to hide (fully remove) an action.
+ * Use visibleActions to show only specific actions.
  * @example
  * ```js
  * const embed = new LiveboardEmbed('#tsEmbed', {
@@ -7569,6 +7575,26 @@ export enum Action {
 	 * @version SDK: 1.21.0 | ThoughtSpot: 9.2.0.cl, 9.5.1.sw
 	 */
 	AxisMenuRemove = "axisMenuRemove",
+	/**
+	 * The **Compare with** action in the chart axis customization menu.
+	 * Allows comparing data across dimensions or measures.
+	 * @example
+	 * ```js
+	 * disabledActions: [Action.AxisMenuCompare]
+	 * ```
+	 * @version SDK: 1.50.0 | ThoughtSpot: 26.7.0.cl
+	 */
+	AxisMenuCompare = "axisMenuCompare",
+	/**
+	 * The **Merge with** action in the chart axis customization menu.
+	 * Allows merging data across dimensions or measures.
+	 * @example
+	 * ```js
+	 * disabledActions: [Action.AxisMenuMerge]
+	 * ```
+	 * @version SDK: 1.50.0 | ThoughtSpot: 26.7.0.cl
+	 */
+	AxisMenuMerge = "axisMenuMerge",
 	/**
 	 * @hidden
 	 */
@@ -8791,6 +8817,9 @@ export interface DefaultAppInitData {
 	customActions: CustomAction[];
 	interceptTimeout: number | undefined;
 	interceptUrls: (string | InterceptedApiType)[];
+	embedExpiryInAuthToken: boolean;
+	shouldBypassPayloadValidation?: boolean;
+	useHostEventsV2?: boolean;
 }
 /**
  * Enum for the type of API intercepted
@@ -11043,7 +11072,7 @@ export interface AppViewConfig extends AllEmbedViewConfig {
 	/**
 	 * Enables the 'what you see is what you get' PDF export for Liveboards. Each tab is rendered on a single page
 	 * following the exact UI layout, instead of splitting visualizations across multiple A4 pages.
-	 * This feature is GA from version 26.5.0.cl and is enabled by default on embed deployments.
+	 * This feature is GA from version 26.5.0.cl. It is disabled by default in embed deployments.
 	 *
 	 * Supported embed types: `AppEmbed`, `LiveboardEmbed`
 	 * @type {boolean}
@@ -11986,7 +12015,7 @@ export interface LiveboardViewConfig extends BaseViewConfig, SearchLiveboardComm
 	/**
 	 * Enables the 'what you see is what you get' PDF export for Liveboards. Each tab is rendered on a single page
 	 * following the exact UI layout, instead of splitting visualizations across multiple A4 pages.
-	 * This feature is GA from version 26.5.0.cl and is enabled by default on embed deployments.
+	 * This feature is GA from version 26.5.0.cl. It is disabled by default in embed deployments.
 	 *
 	 * Supported embed types: `AppEmbed`, `LiveboardEmbed`
 	 * @type {boolean}

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@thoughtspot/visual-embed-sdk",
-    "version": "1.47.3",
+    "version": "1.48.0",
     "description": "ThoughtSpot Embed SDK",
     "module": "lib/src/index.js",
     "main": "dist/tsembed.js",

package/src/auth.spec.ts

@@ -450,7 +450,7 @@ describe('Unit test for auth', () => {
 
         it('should support emitting SAML_POPUP_CLOSED_NO_AUTH event', () => {
             const emitSpy = jest.fn();
-            const mockEventEmitter = { 
+            const mockEventEmitter = {
                 emit: emitSpy,
                 once: jest.fn()
             };
@@ -460,6 +460,60 @@ describe('Unit test for auth', () => {
             authInstance.setAuthEE(null);
         });
 
+        it('should set loggedInStatus from cachedAuthToken without calling isLoggedIn again after popup flow', async () => {
+            Object.defineProperty(window, 'location', { value: { href: '', hash: '' } });
+            checkReleaseVersionInBetaInstance.storeValueInWindow('cachedAuthToken', 'test-cached-token');
+            (authInstance as any).samlCompletionPromise = Promise.resolve();
+            global.window.open = jest.fn();
+
+            jest.spyOn(tokenAuthService, 'isActiveService')
+                .mockReturnValueOnce(Promise.resolve(false));
+
+            await authInstance.doSamlAuth({ ...embedConfig.doSamlAuthNoRedirect });
+
+            expect(authInstance.loggedInStatus).toBe(true);
+            expect(tokenAuthService.isActiveService).toHaveBeenCalledTimes(1);
+        });
+
+        it('should store decoded accessToken in window when SAMLComplete event includes accessToken', async () => {
+            Object.defineProperty(window, 'location', { value: { href: '', hash: '' } });
+            global.window.open = jest.fn().mockReturnValue({ closed: false, focus: jest.fn(), close: jest.fn() });
+
+            (authInstance as any).samlCompletionPromise = null;
+
+            let capturedMessageHandler: ((e: any) => void) | null = null;
+            jest.spyOn(window, 'addEventListener').mockImplementation((type: any, handler: any) => {
+                if (type === 'message') {
+                    capturedMessageHandler = handler;
+                }
+            });
+
+            jest.spyOn(tokenAuthService, 'isActiveService')
+                .mockReturnValueOnce(Promise.resolve(false));
+
+            const authPromise = authInstance.doSamlAuth({ ...embedConfig.doSamlAuthNoRedirect });
+
+            await new Promise<void>((resolve) => setTimeout(resolve, 0));
+
+            expect(capturedMessageHandler).not.toBeNull();
+
+            const accessToken = 'my-access-token';
+            capturedMessageHandler!({
+                data: {
+                    type: EmbedEvent.SAMLComplete,
+                    accessToken: encodeURIComponent(accessToken),
+                },
+                source: { close: jest.fn() },
+            });
+
+            await authPromise;
+
+            expect(
+                checkReleaseVersionInBetaInstance.getValueFromWindow('cachedAuthToken'),
+            ).toBe(accessToken);
+            expect(authInstance.loggedInStatus).toBe(true);
+        });
+
     });
 
     describe('doOIDCAuth', () => {

package/src/auth.ts

@@ -1,5 +1,5 @@
 import EventEmitter from 'eventemitter3';
-import { getAuthenticationToken } from './authToken';
+import { getAuthenticationToken, storeAuthTokenInCache, getCacheAuthToken } from './authToken';
 import { getEmbedConfig } from './embed/embedConfig';
 import { initMixpanel } from './mixpanel-service';
 import {
@@ -462,6 +462,10 @@ async function samlPopupFlow(ssoURL: string, triggerContainer: DOMSelector, trig
     samlCompletionPromise = samlCompletionPromise || new Promise<void>((resolve, reject) => {
         window.addEventListener('message', (e) => {
             if (e.data.type === EmbedEvent.SAMLComplete) {
+                if (e.data.accessToken) {
+                    const decodedToken = decodeURIComponent(e.data.accessToken);
+                    storeAuthTokenInCache(decodedToken);
+                }
                 samlCompletionResolved = true;
                 if (popupClosedCheck) {
                     clearInterval(popupClosedCheck);
@@ -503,7 +507,12 @@ const doSSOAuth = async (embedConfig: EmbedConfig, ssoEndPoint: string): Promise
     const ssoURL = `${thoughtSpotHost}${ssoEndPoint}`;
     if (embedConfig.inPopup) {
         await samlPopupFlow(ssoURL, embedConfig.authTriggerContainer, embedConfig.authTriggerText);
-        loggedInStatus = await isLoggedIn(thoughtSpotHost);
+        const cachedToken = getCacheAuthToken();
+        if (cachedToken) {
+            loggedInStatus = true;
+        } else {
+            loggedInStatus = await isLoggedIn(thoughtSpotHost);
+        }
         return;
     }
 

package/src/authToken.ts

@@ -6,8 +6,8 @@ import { logger } from './utils/logger';
 
 const cacheAuthTokenKey = 'cachedAuthToken';
 
-const getCacheAuthToken = (): string | null => getValueFromWindow(cacheAuthTokenKey);
-const storeAuthTokenInCache = (token: string): void => {
+export const getCacheAuthToken = (): string | null => getValueFromWindow(cacheAuthTokenKey);
+export const storeAuthTokenInCache = (token: string): void => {
     storeValueInWindow(cacheAuthTokenKey, token);
 };
 

package/src/embed/app.spec.ts

@@ -480,6 +480,19 @@ describe('App embed tests', () => {
         });
     });
 
+    test('should disable isWYSIWYGLiveboardPDFEnabled by default in url', async () => {
+        const appEmbed = new AppEmbed(getRootEl(), {
+            ...defaultViewConfig,
+        } as AppViewConfig);
+        appEmbed.render();
+        await executeAfterWait(() => {
+            expectUrlMatchesWithParams(
+                getIFrameSrc(),
+                `http://${thoughtSpotHost}/?embedApp=true&profileAndHelpInNavBarHidden=false&isWYSIWYGLiveboardPDFEnabled=false${defaultParamsPost}#/home`,
+            );
+        });
+    });
+
     test('should set isLinkParametersEnabled to true in url', async () => {
         const appEmbed = new AppEmbed(getRootEl(), {
             ...defaultViewConfig,

package/src/embed/app.ts

@@ -590,7 +590,7 @@ export interface AppViewConfig extends AllEmbedViewConfig {
     /**
      * Enables the 'what you see is what you get' PDF export for Liveboards. Each tab is rendered on a single page
      * following the exact UI layout, instead of splitting visualizations across multiple A4 pages.
-     * This feature is GA from version 26.5.0.cl and is enabled by default on embed deployments.
+     * This feature is GA from version 26.5.0.cl. It is disabled by default in embed deployments.
      *
      * Supported embed types: `AppEmbed`, `LiveboardEmbed`
      * @type {boolean}
@@ -914,7 +914,7 @@ export class AppEmbed extends V1Embed {
             minimumHeight,
             isThisPeriodInDateFiltersEnabled,
             enableHomepageAnnouncement = false,
-            isContinuousLiveboardPDFEnabled,
+            isContinuousLiveboardPDFEnabled = false,
             enableLiveboardDataCache,
         } = this.viewConfig;
 

package/src/embed/liveboard.spec.ts

@@ -275,6 +275,20 @@ describe('Liveboard/viz embed tests', () => {
         });
     });
 
+    test('should disable isWYSIWYGLiveboardPDFEnabled by default in url', async () => {
+        const liveboardEmbed = new LiveboardEmbed(getRootEl(), {
+            ...defaultViewConfig,
+            liveboardId,
+        } as LiveboardViewConfig);
+        liveboardEmbed.render();
+        await executeAfterWait(() => {
+            expectUrlMatchesWithParams(
+                getIFrameSrc(),
+                `http://${thoughtSpotHost}/?embedApp=true${defaultParams}&isWYSIWYGLiveboardPDFEnabled=false${prefixParams}#/embed/viz/${liveboardId}`,
+            );
+        });
+    });
+
     test('should set isLiveboardXLSXCSVDownloadEnabled to true in url', async () => {
         const liveboardEmbed = new LiveboardEmbed(getRootEl(), {
             isLiveboardXLSXCSVDownloadEnabled: true,

package/src/embed/liveboard.ts

@@ -388,9 +388,9 @@ export interface LiveboardViewConfig extends BaseViewConfig, LiveboardOtherViewC
      */
     isPNGInScheduledEmailsEnabled?: boolean;
     /**
-     * Enables the 'what you see is what you get' PDF export for Liveboards. Each tab is rendered on a single page 
-     * following the exact UI layout, instead of splitting visualizations across multiple A4 pages. 
-     * This feature is GA from version 26.5.0.cl and is enabled by default on embed deployments.
+     * Enables the 'what you see is what you get' PDF export for Liveboards. Each tab is rendered on a single page
+     * following the exact UI layout, instead of splitting visualizations across multiple A4 pages.
+     * This feature is GA from version 26.5.0.cl. It is disabled by default in embed deployments.
      *
      * Supported embed types: `AppEmbed`, `LiveboardEmbed`
      * @type {boolean}
@@ -640,7 +640,7 @@ export class LiveboardEmbed extends V1Embed {
             enableStopAnswerGenerationEmbed,
             spotterChatConfig,
             isThisPeriodInDateFiltersEnabled,
-            isContinuousLiveboardPDFEnabled,
+            isContinuousLiveboardPDFEnabled = false,
             enableLiveboardDataCache,
         } = this.viewConfig;
 

package/src/embed/ts-embed.spec.ts

@@ -97,6 +97,7 @@ beforeAll(() => {
 const customisations = {
     style: {
         customCSS: {},
+        customCSSUrl: undefined as string | undefined,
     },
     content: {},
 };
@@ -132,6 +133,9 @@ const getMockAppInitPayload = (data: any) => {
         customVariablesForThirdPartyTools,
         interceptTimeout: undefined,
         interceptUrls: [],
+        shouldBypassPayloadValidation:undefined,
+        useHostEventsV2:undefined,
+        embedExpiryInAuthToken:true
     };
     return {
         type: EmbedEvent.APP_INIT,
@@ -641,6 +645,37 @@ describe('Unit test case for ts embed', () => {
             });
         });
 
+        test.each([
+            ['not set', undefined, true],
+            ['false', false, false],
+            ['true', true, true],
+        ] as [string, boolean | undefined, boolean][])(
+            'embedExpiryInAuthToken is %s when refreshAuthTokenOnNearExpiry is %s',
+            async (_label, refreshAuthTokenOnNearExpiry, expectedEmbedExpiry) => {
+                const mockEmbedEventPayload = {
+                    type: EmbedEvent.APP_INIT,
+                    data: {},
+                };
+                const searchEmbed = new AppEmbed(getRootEl(), {
+                    ...defaultViewConfig,
+                    refreshAuthTokenOnNearExpiry,
+                });
+                searchEmbed.render();
+                const mockPort: any = {
+                    postMessage: jest.fn(),
+                };
+                await executeAfterWait(() => {
+                    const iframe = getIFrameEl();
+                    postMessageToParent(iframe.contentWindow, mockEmbedEventPayload, mockPort);
+                });
+                await executeAfterWait(() => {
+                    expect(mockPort.postMessage).toHaveBeenCalledWith(
+                        getMockAppInitPayload({ embedExpiryInAuthToken: expectedEmbedExpiry }),
+                    );
+                });
+            },
+        );
+
         test('when Embed event status have start status', (done) => {
             const mockEmbedEventPayload = {
                 type: EmbedEvent.Save,

package/src/embed/ts-embed.ts

@@ -481,7 +481,7 @@ export class TsEmbed {
                 this.embedConfig.customVariablesForThirdPartyTools || {},
             hiddenListColumns: this.viewConfig.hiddenListColumns || [],
             customActions: customActionsResult.actions,
-            embedExpiryInAuthToken: this.viewConfig.refreshAuthTokenOnNearExpiry,
+            embedExpiryInAuthToken: this.viewConfig.refreshAuthTokenOnNearExpiry ?? true,
             ...getInterceptInitData(this.viewConfig),
             ...getHostEventsConfig(this.viewConfig),
         };

package/src/tokenizedFetch.spec.ts

@@ -0,0 +1,81 @@
+import 'jest-fetch-mock';
+import * as embedConfigModule from './embed/embedConfig';
+import * as authTokenModule from './authToken';
+import { AuthType } from './types';
+import { tokenizedFetch } from './tokenizedFetch';
+
+jest.mock('./embed/embedConfig');
+jest.mock('./authToken');
+
+const mockGetEmbedConfig = embedConfigModule.getEmbedConfig as jest.Mock;
+const mockGetAuthenticationToken = authTokenModule.getAuthenticationToken as jest.Mock;
+const mockGetCacheAuthToken = authTokenModule.getCacheAuthToken as jest.Mock;
+
+describe('tokenizedFetch', () => {
+    beforeEach(() => {
+        jest.clearAllMocks();
+        fetchMock.resetMocks();
+    });
+
+    describe('non-cookieless auth', () => {
+        beforeEach(() => {
+            mockGetEmbedConfig.mockReturnValue({ authType: AuthType.TrustedAuthToken });
+        });
+
+        it('should add Authorization Bearer header when cachedAuthToken exists', async () => {
+            mockGetCacheAuthToken.mockReturnValue('my-cached-token');
+            fetchMock.mockResponseOnce(JSON.stringify({}));
+
+            await tokenizedFetch('https://example.com/api', { method: 'GET' });
+
+            expect(fetchMock).toHaveBeenCalledTimes(1);
+            const request = fetchMock.mock.calls[0][0] as Request;
+            expect(request).toBeInstanceOf(Request);
+            expect(request.headers.get('Authorization')).toBe('Bearer my-cached-token');
+        });
+
+        it('should fetch with credentials include when no cachedAuthToken', async () => {
+            mockGetCacheAuthToken.mockReturnValue(null);
+            fetchMock.mockResponseOnce(JSON.stringify({}));
+
+            await tokenizedFetch('https://example.com/api', { method: 'GET' });
+
+            expect(fetchMock).toHaveBeenCalledWith('https://example.com/api', {
+                credentials: 'include',
+                method: 'GET',
+            });
+        });
+    });
+
+    describe('cookieless auth (TrustedAuthTokenCookieless)', () => {
+        beforeEach(() => {
+            mockGetEmbedConfig.mockReturnValue({
+                authType: AuthType.TrustedAuthTokenCookieless,
+                thoughtSpotHost: 'https://example.com',
+            });
+        });
+
+        it('should add Authorization Bearer header from getAuthenticationToken', async () => {
+            mockGetAuthenticationToken.mockResolvedValue('cookieless-token');
+            fetchMock.mockResponseOnce(JSON.stringify({}));
+
+            await tokenizedFetch('https://example.com/api', { method: 'POST' });
+
+            expect(mockGetAuthenticationToken).toHaveBeenCalled();
+            const request = fetchMock.mock.calls[0][0] as Request;
+            expect(request).toBeInstanceOf(Request);
+            expect(request.headers.get('Authorization')).toBe('Bearer cookieless-token');
+        });
+
+        it('should not add Authorization header when getAuthenticationToken returns null', async () => {
+            mockGetAuthenticationToken.mockResolvedValue(null);
+            fetchMock.mockResponseOnce(JSON.stringify({}));
+
+            await tokenizedFetch('https://example.com/api', { method: 'POST' });
+
+            const request = fetchMock.mock.calls[0][0] as Request;
+            expect(request).toBeInstanceOf(Request);
+            expect(request.headers.get('Authorization')).toBeNull();
+        });
+    });
+});

package/src/tokenizedFetch.ts

@@ -1,4 +1,4 @@
-import { getAuthenticationToken } from './authToken';
+import { getAuthenticationToken, getCacheAuthToken } from './authToken';
 import { getEmbedConfig } from './embed/embedConfig';
 
 import { AuthType } from './types';
@@ -20,18 +20,21 @@ import { AuthType } from './types';
  */
 export const tokenizedFetch: typeof fetch = async (input, init): Promise<Response> => {
     const embedConfig = getEmbedConfig();
+    const options: RequestInit = { ...init };
+    let token: string | undefined;
     if (embedConfig.authType !== AuthType.TrustedAuthTokenCookieless) {
-        return fetch(input, {
-            // ensure cookies are included for the non cookie-less api calls.
-            credentials: 'include',
-            ...init,
-        });
+        token = getCacheAuthToken();
+        if (!token) {
+            return fetch(input, { ...options, credentials: 'include' });
+        }
+    } else {
+        token = await getAuthenticationToken(embedConfig);
     }
+    const req = new Request(input, options);
 
-    const req = new Request(input, init);
-    const authToken = await getAuthenticationToken(embedConfig);
-    if (authToken) {
-        req.headers.append('Authorization', `Bearer ${authToken}`);
+    if (token) {
+        req.headers.append('Authorization', `Bearer ${token}`);
     }
+
     return fetch(req);
-};
+};

package/src/types.ts

@@ -926,9 +926,10 @@ export interface BaseViewConfig extends ApiInterceptFlags {
     styleSheet__unstable?: string;
     /**
      * The list of actions to disable from the primary menu, more menu
-     * (...), and the contextual menu. These actions will be disabled
-     * for the user.
-     * Use this to disable actions.
+     * (...), and the contextual menu. Disabled actions are grayed out
+     * and still visible to the user, but cannot be clicked.
+     * Use this when you want to disable an action (keep it visible but non-interactive).
+     * To completely remove an action from the UI, use {@link hiddenActions} instead.
      *
      * Supported embed types: `AppEmbed`, `LiveboardEmbed`, `SearchEmbed`, `SpotterAgentEmbed`, `SpotterEmbed`, `SearchBarEmbed`
      * @version SDK: 1.6.0 | ThoughtSpot: ts8.nov.cl, 8.4.1.sw
@@ -959,9 +960,10 @@ export interface BaseViewConfig extends ApiInterceptFlags {
      */
     disabledActionReason?: string;
     /**
-     * The list of actions to hide from the embedded view.
-     * These actions will be hidden from the user.
-     * Use this to hide an action.
+     * The list of actions to completely remove from the embedded view.
+     * Hidden actions are not visible to the user at all (fully removed from the UI).
+     * Use this when you want to remove an action entirely.
+     * To keep an action visible but non-interactive (grayed out), use {@link disabledActions} instead.
      *
      * Supported embed types: `AppEmbed`, `LiveboardEmbed`, `SearchEmbed`, `SpotterAgentEmbed`, `SpotterEmbed`, `SearchBarEmbed`
      * @version SDK: 1.6.0 | ThoughtSpot: ts8.nov.cl, 8.4.1.sw
@@ -980,9 +982,8 @@ export interface BaseViewConfig extends ApiInterceptFlags {
      * The list of actions to display from the primary menu, more menu
      * (...), and the contextual menu. These will be only actions that
      * are visible to the user.
-     * Use this to hide all actions except the ones you want to show.
-     *
-     * Use either this or hiddenActions.
+     * Use this as an allowlist — only the actions listed here will be shown.
+     * All other actions will be hidden. Use either this or {@link hiddenActions}, not both.
      *
      * Supported embed types: `AppEmbed`, `LiveboardEmbed`, `SearchEmbed`, `SpotterAgentEmbed`, `SpotterEmbed`, `SearchBarEmbed`
      * @version SDK: 1.6.0 | ThoughtSpot: ts8.nov.cl, 8.4.1.sw
@@ -1437,6 +1438,7 @@ export interface BaseViewConfig extends ApiInterceptFlags {
     /**
      * Refresh the auth token when the token is near expiry.
      * @version SDK: 1.45.2 | ThoughtSpot: 26.3.0.cl
+     * @default true
      * @example
      * ```js
      * const embed = new AppEmbed('#tsEmbed', {
@@ -5960,10 +5962,14 @@ export enum Param {
 /**
  * ThoughtSpot application pages include actions and menu commands
  * for various user-initiated operations. These actions are represented
- * as enumeration members in the SDK. To show, hide, or disable
- * specific actions in the embedded view, define the Action
- * enumeration members in the `disabledActions`, `visibleActions`,
- * or `hiddenActions` array.
+ * as enumeration members in the SDK. To control actions in the embedded view:
+ * - disabledActions — the action is grayed out and still visible, but non-interactive (user can see but not click).
+ * - hiddenActions — the action is completely removed from the UI (user cannot see it at all).
+ * - visibleActions — allowlist, only these actions are shown; all others are hidden.
+ *
+ * Use disabledActions to disable (gray out) an action.
+ * Use hiddenActions to hide (fully remove) an action.
+ * Use visibleActions to show only specific actions.
  * @example
  * ```js
  * const embed = new LiveboardEmbed('#tsEmbed', {
@@ -6814,6 +6820,26 @@ export enum Action {
      * @version SDK: 1.21.0 | ThoughtSpot: 9.2.0.cl, 9.5.1.sw
      */
     AxisMenuRemove = 'axisMenuRemove',
+    /**
+     * The **Compare with** action in the chart axis customization menu.
+     * Allows comparing data across dimensions or measures.
+     * @example
+     * ```js
+     * disabledActions: [Action.AxisMenuCompare]
+     * ```
+     * @version SDK: 1.50.0 | ThoughtSpot: 26.7.0.cl
+     */
+    AxisMenuCompare = 'axisMenuCompare',
+    /**
+     * The **Merge with** action in the chart axis customization menu.
+     * Allows merging data across dimensions or measures.
+     * @example
+     * ```js
+     * disabledActions: [Action.AxisMenuMerge]
+     * ```
+     * @version SDK: 1.50.0 | ThoughtSpot: 26.7.0.cl
+     */
+    AxisMenuMerge = 'axisMenuMerge',
     /**
      * @hidden
      */
@@ -8093,6 +8119,9 @@ export interface DefaultAppInitData {
     customActions: CustomAction[];
     interceptTimeout: number | undefined;
     interceptUrls: (string | InterceptedApiType)[];
+    embedExpiryInAuthToken:boolean;
+    shouldBypassPayloadValidation?:boolean
+    useHostEventsV2?:boolean
 }
 
 /**