From d0650023271737bcc9a37278bd5651712d3a5741 Mon Sep 17 00:00:00 2001 From: Brent Rager Date: Sat, 27 Jun 2026 09:15:21 -0400 Subject: [PATCH 1/3] =?UTF-8?q?SMOODEV-2129e:=20chat-widget=200.7.0=20?= =?UTF-8?q?=E2=80=94=20identity/persistence/consent=20client=20layer?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add the ADR-048 identity, persistence, and consent client layer to @smooai/chat-widget (vanilla TS + Shadow DOM): - Persisted Zustand (zustand/vanilla + persist) store keyed per agent (smoo-chat-widget:). Persists ONLY the session pointer + identity + consent + verifiedEmail + browserFingerprint — never the transcript (server is source of truth). version drives persist.migrate; storage adapter tolerates missing/locked-down localStorage. - browserFingerprint computed once + cached, sent on every createConversationSession. Lightweight UUID-anchored fingerprint with a non-invasive signal-hash suffix instead of heavyweight ThumbmarkJS — keeps the embed bundle small + privacy-light (tradeoff noted in the changeset). - Same-session resume (no engine change): get_session on load → if not ended, reuse sessionId + hydrate history via get_conversation_messages (newest-first reversed to chronological); ended/404 clears only the pointer (identity/consent survive) and starts fresh. - Pre-chat form: phone field shown by default (rides metadata.userPhone); explicit, default-unchecked email + SMS marketing-consent checkboxes that stamp consentAt and thread a consent record into session metadata. New config flags collectPhone/collectConsent/allowChatRestore (default true). - Cross-device "Restore my chats": explicit footer affordance (not a mid-turn pause) runs request_identity_otp → verify_identity_otp → resolve_identity over a shared transport (raw frames for verbs the engine client doesn't yet model), reusing the OTP UI; resolved list lets the user pick a conversation to replay; verifiedEmail persisted on success. All server-supplied strings rendered via textContent (0.6.0 XSS guarantees intact); Aurora-Glass styling. Zustand bundled into the IIFE global so the