checkpoint-cli 1.0.2 → 1.0.3

package/dist/index.js

@@ -106,10 +106,33 @@ async function getAuthenticatedClient() {
 }
 /* ── Injection Proxy ── */
 function startInjectionProxy(targetPort) {
-    const scriptBody = (0, tracking_script_minimal_js_1.buildMinimalTrackingScript)().replace(/<\/script/gi, '<\\/script');
-    const SCRIPT = `<script data-checkpoint-script="minimal-v1">\n${scriptBody}\n</script>`;
+    const AGENT_PATH = '/__checkpoint/agent.min.js';
+    const agentScript = (0, tracking_script_minimal_js_1.buildMinimalTrackingScript)();
+    const extractNonce = (html) => {
+        const nonceMatch = html.match(/<script\b[^>]*\bnonce=(?:"([^"]+)"|'([^']+)'|([^\s>]+))/i);
+        return nonceMatch?.[1] ?? nonceMatch?.[2] ?? nonceMatch?.[3] ?? null;
+    };
+    const buildInjectionTag = (html) => {
+        const nonce = extractNonce(html);
+        const nonceAttr = nonce ? ` nonce="${nonce.replace(/"/g, '&quot;')}"` : '';
+        return `<script data-checkpoint-script="minimal-v1" src="${AGENT_PATH}"${nonceAttr} defer></script>`;
+    };
     return new Promise((resolve, reject) => {
         const server = http_1.default.createServer((req, res) => {
+            const pathname = new URL(req.url || '/', 'http://checkpoint.local').pathname;
+            if (pathname === AGENT_PATH) {
+                res.writeHead(200, {
+                    'content-type': 'application/javascript; charset=utf-8',
+                    'cache-control': 'no-store, max-age=0',
+                    'x-content-type-options': 'nosniff',
+                });
+                if (req.method === 'HEAD') {
+                    res.end();
+                    return;
+                }
+                res.end(agentScript);
+                return;
+            }
             const fwdHeaders = { ...req.headers, host: `localhost:${targetPort}` };
             delete fwdHeaders['accept-encoding'];
             const proxyReq = http_1.default.request({
@@ -130,15 +153,16 @@ function startInjectionProxy(targetPort) {
                 proxyRes.on('data', (chunk) => chunks.push(chunk));
                 proxyRes.on('end', () => {
                     let body = Buffer.concat(chunks).toString('utf-8');
+                    const scriptTag = buildInjectionTag(body);
                     if (!body.includes('data-checkpoint-script="minimal-v1"')) {
                         if (body.includes('</head>')) {
-                            body = body.replace('</head>', () => SCRIPT + '\n</head>');
+                            body = body.replace('</head>', () => scriptTag + '\n</head>');
                         }
                         else if (body.includes('</body>')) {
-                            body = body.replace('</body>', () => SCRIPT + '\n</body>');
+                            body = body.replace('</body>', () => scriptTag + '\n</body>');
                         }
                         else {
-                            body += SCRIPT;
+                            body += scriptTag;
                         }
                     }
                     const headers = { ...proxyRes.headers };

package/dist/tracking-script-minimal.js

@@ -18,6 +18,23 @@ function buildMinimalTrackingScript() {
   var lastPath='';
   var mutationTick=false;
   var pendingPickCommit=false;
+  var parentTargetOrigin='*';
+
+  function initParentOrigin(){
+    try{
+      if(!document.referrer) return;
+      var parsed=new URL(document.referrer);
+      if(parsed.protocol==='http:'||parsed.protocol==='https:') parentTargetOrigin=parsed.origin;
+    }catch(e){}
+  }
+
+  function postToParent(payload){
+    try{
+      window.parent.postMessage(payload,parentTargetOrigin);
+      return;
+    }catch(e){}
+    try{ window.parent.postMessage(payload,'*'); }catch(e){}
+  }
 
   function getMetrics(){
     var de=document.documentElement;
@@ -31,6 +48,27 @@ function buildMinimalTrackingScript() {
     };
   }
 
+  function reportReady(){
+    try{
+      postToParent({
+        type:'checkpoint:ready',
+        path:location.pathname+location.search+location.hash,
+        version:'minimal-v1',
+        capabilities:{ pickMode:true, resolveAnchors:true, sourceAnchors:true }
+      });
+    }catch(e){}
+  }
+
+  function reportDiagnostic(code,detail){
+    try{
+      postToParent({
+        type:'checkpoint:diagnostic',
+        code:code||'unknown',
+        detail:detail||''
+      });
+    }catch(e){}
+  }
+
   function clampPercent(v){
     if(v<0) return 0;
     if(v>100) return 100;
@@ -732,7 +770,7 @@ inspectBox.style.border='2px solid #F26522';
 
   function postPickResult(target,clientX,clientY){
     var payload=buildAnchorPayload(target,clientX,clientY);
-    window.parent.postMessage({
+    postToParent({
       type:'checkpoint:pickResult',
       path:location.pathname+location.search+location.hash,
       anchorPayload:payload,
@@ -742,7 +780,7 @@ inspectBox.style.border='2px solid #F26522';
         scrollY:payload.coord_fallback&&typeof payload.coord_fallback.scroll_y==='number'?payload.coord_fallback.scroll_y:0,
         viewHeight:payload.coord_fallback&&typeof payload.coord_fallback.viewport_height==='number'?payload.coord_fallback.viewport_height:0
       }
-    },'*');
+    });
   }
 
   function setPickMode(enabled){
@@ -854,7 +892,7 @@ inspectBox.style.border='2px solid #F26522';
   function reportScroll(){
     try{
       var m=getMetrics();
-      window.parent.postMessage({
+      postToParent({
         type:'checkpoint:scroll',
         scrollX:m.scrollX,
         scrollY:m.scrollY,
@@ -862,7 +900,7 @@ inspectBox.style.border='2px solid #F26522';
         docHeight:m.docHeight,
         viewWidth:m.viewWidth,
         viewHeight:m.viewHeight
-      },'*');
+      });
     }catch(e){}
   }
 
@@ -871,7 +909,7 @@ inspectBox.style.border='2px solid #F26522';
       var p=location.pathname+location.search+location.hash;
       if(p===lastPath) return;
       lastPath=p;
-      window.parent.postMessage({ type:'checkpoint:navigate', path:p },'*');
+      postToParent({ type:'checkpoint:navigate', path:p });
       reportScroll();
     }catch(e){}
   }
@@ -881,11 +919,11 @@ inspectBox.style.border='2px solid #F26522';
     mutationTick=true;
     requestAnimationFrame(function(){
       mutationTick=false;
-      window.parent.postMessage({
+      postToParent({
         type:'checkpoint:domMutation',
         reason:'mutation',
         path:location.pathname+location.search+location.hash
-      },'*');
+      });
     });
   }
 
@@ -895,9 +933,13 @@ inspectBox.style.border='2px solid #F26522';
       var observer=new MutationObserver(function(){ reportDomMutation(); });
       observer.observe(document.documentElement,{ childList:true, subtree:true, attributes:true });
       window.addEventListener('beforeunload',function(){ try{observer.disconnect();}catch(e){}; });
-    }catch(e){}
+    }catch(e){
+      reportDiagnostic('mutation_observer_failed',String(e&&e.message?e.message:e));
+    }
   }
 
+  initParentOrigin();
+  reportReady();
   reportNav();
   reportScroll();
   setupMutationObserver();
@@ -912,6 +954,7 @@ inspectBox.style.border='2px solid #F26522';
 
   window.addEventListener('message',function(e){
     try{
+      if(e.source!==window.parent) return;
       var d=e.data;
       if(!d||typeof d!=='object') return;
       if(d.type==='checkpoint:scrollTo'&&typeof d.y==='number'){
@@ -937,11 +980,11 @@ inspectBox.style.border='2px solid #F26522';
             coordFallback:result.coordFallback||null
           });
         }
-        window.parent.postMessage({
+        postToParent({
           type:'checkpoint:anchorsResolved',
           path:location.pathname+location.search+location.hash,
           positions:positions
-        },'*');
+        });
       }
     }catch(ex){}
   });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "checkpoint-cli",
-  "version": "1.0.2",
+  "version": "1.0.3",
   "description": "Share your localhost with reviewers — get visual feedback directly on the page",
   "keywords": [
     "checkpoint",