Merge pull request #6 from Short-io/ci/tests-and-workflow

Ci/tests and workflow

Author: nrjinua

.github/workflows/test.yml

@@ -0,0 +1,23 @@
+name: test
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+      - run: npm ci
+      - run: npx playwright install chromium --with-deps
+      - run: npm run typecheck
+      - run: npm run lint
+      - run: npm test
+      - run: npm run build

CLAUDE.md

@@ -0,0 +1,44 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project
+
+Browser SDK for Short.io API (`@short.io/client-browser`). Zero runtime dependencies, browser-first, public key auth only.
+
+## Commands
+
+```bash
+npm run build        # Rollup build → CJS, ESM, UMD in dist/
+npm run dev          # Rollup watch mode
+npm test             # Vitest with jsdom
+npm run test:watch   # Vitest watch mode
+npm run typecheck    # tsc --noEmit
+npm run lint         # eslint src/**/*.ts
+```
+
+Run a single test: `npx vitest run --testPathPattern='shortio.test'`
+
+## Architecture
+
+Four source files in `src/`:
+
+- **types.ts** — All TypeScript interfaces (`ShortioConfig`, `CreateLinkRequest/Response`, `ExpandLinkRequest/Response`, `ConversionTrackingOptions/Result`, `ApiError`)
+- **shortio.ts** — Core implementation: `ShortioClient` class and `createSecure()` encryption utility
+- **index.ts** — Public API surface: re-exports `ShortioClient`, `createClient()` factory, and all types
+- **`__tests__/shortio.test.ts`** — Full test suite with mocked `fetch`, `navigator.sendBeacon`, and `crypto.subtle`
+
+### Key patterns
+
+- `ShortioClient` wraps all HTTP calls with public key auth via `Authorization` header
+- Encrypted links use Web Crypto API (AES-GCM) — key goes in URL fragment, not sent to server
+- Conversion tracking uses `navigator.sendBeacon()` with `clid` query parameter from current URL
+- Three build outputs via Rollup: CJS (`dist/index.js`), ESM (`dist/index.esm.js`), UMD (`dist/index.umd.js` as global `ShortioClient`)
+
+## Conventions
+
+- TypeScript strict mode with `noUnusedLocals` and `noUnusedParameters`
+- ESLint v9 config requires nullish coalescing (`??`) and optional chaining (`?.`)
+- Explicit return types on functions (warning level)
+- No `any` usage (warning level, relaxed in tests)
+- Tests mock browser APIs (fetch, crypto.subtle, sendBeacon, TextEncoder) since Vitest runs in jsdom

README.md

@@ -1,14 +1,6 @@
 # Short.io Browser SDK
 
-A lightweight TypeScript/JavaScript SDK for Short.io's URL shortening API, designed specifically for browser environments with public key authentication.
-
-## Features
-
-- 🌐 **Browser-first**: Optimized for client-side applications
-- 🔑 **Public Key Auth**: Works with Short.io public API keys
-- 📦 **Lightweight**: Minimal dependencies, small bundle size
-- 🎯 **TypeScript**: Full type safety with TypeScript support
-- 🚀 **Modern**: Uses fetch API and ES modules
+A lightweight TypeScript/JavaScript SDK for [Short.io](https://short.io)'s URL shortening API, designed for browser environments with public key authentication. Zero runtime dependencies.
 
 ## Installation
 
@@ -21,7 +13,6 @@ npm install @short.io/client-browser
 ```typescript
 import { createClient } from '@short.io/client-browser';
 
-// Initialize the client with your public API key
 const client = createClient({
   publicKey: 'your-public-api-key'
 });
@@ -31,15 +22,13 @@ const link = await client.createLink({
   originalURL: 'https://example.com/very-long-url',
   domain: 'your-domain.com'
 });
-
 console.log(link.shortURL); // https://your-domain.com/abc123
 
 // Expand a short link
 const expanded = await client.expandLink({
   domain: 'your-domain.com',
   path: 'abc123'
 });
-
 console.log(expanded.originalURL); // https://example.com/very-long-url
 ```
 
@@ -49,97 +38,161 @@ console.log(expanded.originalURL); // https://example.com/very-long-url
 
 Creates a new Short.io client instance.
 
-**Parameters:**
-- `config.publicKey` (string): Your Short.io public API key
-- `config.baseUrl` (string, optional): Custom API base URL (defaults to `https://api.short.io/links`)
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| `config.publicKey` | `string` | Yes | Your Short.io public API key |
+| `config.baseUrl` | `string` | No | Custom API base URL (default: `https://api.short.io`) |
 
 ### `client.createLink(request)`
 
 Creates a new short link.
 
-**Parameters:**
-- `request.originalURL` (string): The URL to shorten
-- `request.domain` (string): Your Short.io domain
-- `request.path` (string, optional): Custom path for the short link
-- `request.title` (string, optional): Title for the link
-- `request.tags` (string[], optional): Tags for organization
-- `request.allowDuplicates` (boolean, optional): Allow duplicate links
-
-**Returns:** Promise<CreateLinkResponse>
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| `domain` | `string` | Yes | Your Short.io domain |
+| `originalURL` | `string` | Yes | The URL to shorten |
+| `path` | `string` | No | Custom path for the short link |
+| `title` | `string` | No | Link title |
+| `tags` | `string[]` | No | Tags for organization |
+| `folderId` | `string` | No | Folder ID |
+| `cloaking` | `boolean` | No | Enable link cloaking |
+| `password` | `string` | No | Password-protect the link |
+| `passwordContact` | `boolean` | No | Require contact info with password |
+| `redirectType` | `301 \| 302 \| 307 \| 308` | No | HTTP redirect status code |
+| `utmSource` | `string` | No | UTM source parameter |
+| `utmMedium` | `string` | No | UTM medium parameter |
+| `utmCampaign` | `string` | No | UTM campaign parameter |
+| `utmContent` | `string` | No | UTM content parameter |
+| `utmTerm` | `string` | No | UTM term parameter |
+| `androidURL` | `string` | No | Redirect URL for Android devices |
+| `iphoneURL` | `string` | No | Redirect URL for iPhones |
+| `clicksLimit` | `number` | No | Maximum number of clicks allowed |
+| `skipQS` | `boolean` | No | Skip query string forwarding |
+| `archived` | `boolean` | No | Create link as archived |
+| `splitURL` | `string` | No | A/B test destination URL |
+| `splitPercent` | `number` | No | A/B test traffic split percentage |
+| `integrationAdroll` | `string` | No | AdRoll integration pixel |
+| `integrationFB` | `string` | No | Facebook integration pixel |
+| `integrationGA` | `string` | No | Google Analytics integration |
+| `integrationGTM` | `string` | No | Google Tag Manager integration |
+
+Returns `Promise<CreateLinkResponse>` with the full link object including `shortURL`, `secureShortURL`, `id`, and all configured properties.
 
 ### `client.expandLink(request)`
 
 Expands a short link to get its details.
 
-**Parameters:**
-- `request.domain` (string): The Short.io domain
-- `request.path` (string): The path of the short link
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| `domain` | `string` | Yes | The Short.io domain |
+| `path` | `string` | Yes | The path of the short link |
+
+Returns `Promise<ExpandLinkResponse>` (same shape as `CreateLinkResponse`).
 
-**Returns:** Promise<ExpandLinkResponse>
+### `client.createEncryptedLink(request)`
 
-## Usage Examples
+Creates an encrypted short link using AES-GCM encryption. The original URL is encrypted client-side before being sent to the API; the decryption key is placed in the URL fragment (hash) and never sent to the server.
 
-### Basic Link Creation
+Takes the same parameters as `createLink`. Returns `Promise<CreateLinkResponse>` where `shortURL` includes the `#key` fragment for decryption.
 
 ```typescript
-const link = await client.createLink({
-  originalURL: 'https://github.com/Short-io/client-browser',
-  domain: 'your-domain.com',
-  title: 'Short.io Browser SDK'
+const link = await client.createEncryptedLink({
+  originalURL: 'https://sensitive-content.example.com/private',
+  domain: 'your-domain.com'
 });
+// link.shortURL → https://your-domain.com/abc123#<base64-key>
 ```
 
-### Custom Path
+### `client.trackConversion(options)`
+
+Tracks a conversion event using `navigator.sendBeacon()`. Reads the `clid` (click ID) query parameter from the current page URL to attribute the conversion.
+
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| `domain` | `string` | Yes | Your Short.io domain |
+| `conversionId` | `string` | No | Custom conversion identifier |
+| `value` | `number` | No | Monetary or numeric value for the conversion |
+
+Returns `ConversionTrackingResult`:
 
 ```typescript
-const link = await client.createLink({
-  originalURL: 'https://docs.short.io',
-  domain: 'your-domain.com',
-  path: 'docs'
-});
+{
+  success: boolean;    // true if clid was found and beacon sent
+  conversionId?: string;
+  clid?: string;
+  domain: string;
+  value?: number;
+}
 ```
 
-### With Tags
-
 ```typescript
-const link = await client.createLink({
-  originalURL: 'https://example.com',
+const result = client.trackConversion({
   domain: 'your-domain.com',
-  tags: ['marketing', 'campaign-2024']
+  conversionId: 'purchase',
+  value: 49.99
 });
+
+if (result.success) {
+  console.log('Conversion tracked for click:', result.clid);
+}
 ```
 
-### Error Handling
+### `client.getClickId()`
+
+Returns the `clid` query parameter from the current page URL, or `null` if not present.
 
 ```typescript
-try {
-  const link = await client.createLink({
-    originalURL: 'https://example.com',
-    domain: 'your-domain.com'
-  });
-} catch (error) {
-  console.error('Failed to create link:', error.message);
-}
+const clickId = client.getClickId();
 ```
 
-## Browser Support
+### `client.observeConversions(options)`
 
-This SDK works in all modern browsers that support:
-- Fetch API
-- ES2018 features
-- Promises/async-await
+Enables declarative conversion tracking via HTML `data-` attributes. Scans the DOM for elements with `data-shortio-conversion` and automatically binds event listeners. Also watches for dynamically added elements using a `MutationObserver`.
 
-For older browsers, you may need polyfills for the fetch API.
+| Parameter | Type | Required | Description |
+|-----------|------|----------|-------------|
+| `domain` | `string` | Yes | Your Short.io domain |
 
-## Bundle Formats
+Returns a `ConversionObserver` with a `disconnect()` method to remove all listeners and stop observing.
 
-The SDK is available in multiple formats:
+**HTML attributes:**
 
-- **ES Modules**: `dist/index.esm.js` (recommended for modern bundlers)
-- **CommonJS**: `dist/index.js` (Node.js compatibility)
-- **UMD**: `dist/index.umd.js` (direct browser usage)
+| Attribute | Description |
+|-----------|-------------|
+| `data-shortio-conversion` | Conversion identifier (empty string for no ID) |
+| `data-shortio-conversion-value` | Numeric value for the conversion (ignored if not a valid number) |
 
-### Direct Browser Usage
+**Event binding by element type:**
+
+| Element | Event |
+|---------|-------|
+| `<form>` | `submit` |
+| `<input>` (non-submit) | `change` |
+| `<button>`, `<a>`, `<input type="submit">` | `click` |
+
+```html
+<!-- Declarative conversion tracking -->
+<form data-shortio-conversion="signup">...</form>
+<button data-shortio-conversion="purchase" data-shortio-conversion-value="29.99">Buy Now</button>
+<a href="/pricing" data-shortio-conversion="cta-click">View Pricing</a>
+```
+
+```typescript
+const observer = client.observeConversions({ domain: 'your-domain.com' });
+
+// Later, to stop tracking:
+observer.disconnect();
+```
+
+## Bundle Formats
+
+| Format | File | Use case |
+|--------|------|----------|
+| ES Modules | `dist/index.esm.js` | Modern bundlers (Vite, webpack, etc.) |
+| CommonJS | `dist/index.js` | Node.js / legacy bundlers |
+| UMD | `dist/index.umd.js` | Direct `<script>` tag usage |
+
+### Direct Browser Usage (UMD)
 
 ```html
 <script src="https://unpkg.com/@short.io/client-browser/dist/index.umd.js"></script>
@@ -150,33 +203,56 @@ The SDK is available in multiple formats:
 </script>
 ```
 
-## Getting Your API Key
+## TypeScript
 
-1. Visit your [Short.io dashboard](https://app.short.io)
-2. Go to Integrations & API
-3. Create a new public API key for your domain
+Full type definitions are included. All types are exported:
 
-⚠️ **Security Note**: Public keys are safe to use in browser environments but have limited permissions. Never use private API keys in client-side code.
+```typescript
+import type {
+  ShortioConfig,
+  CreateLinkRequest,
+  CreateLinkResponse,
+  ExpandLinkRequest,
+  ExpandLinkResponse,
+  ConversionTrackingOptions,
+  ConversionTrackingResult,
+  ObserveConversionsOptions,
+  ConversionObserver,
+  ApiError
+} from '@short.io/client-browser';
+```
 
-## TypeScript Support
+## Error Handling
 
-The SDK includes full TypeScript definitions. All methods and responses are fully typed:
+API errors throw a standard `Error` with the message from the Short.io API response:
 
 ```typescript
-import type { CreateLinkRequest, CreateLinkResponse } from '@short.io/client-browser';
+try {
+  const link = await client.createLink({
+    originalURL: 'https://example.com',
+    domain: 'your-domain.com'
+  });
+} catch (error) {
+  console.error('Failed to create link:', error.message);
+}
+```
 
-const request: CreateLinkRequest = {
-  originalURL: 'https://example.com',
-  domain: 'your-domain.com'
-};
+## Getting Your API Key
 
-const response: CreateLinkResponse = await client.createLink(request);
-```
+1. Visit your [Short.io dashboard](https://app.short.io)
+2. Go to **Integrations & API**
+3. Create a new **public** API key for your domain
+
+> **Security:** Public keys are safe to use in browser environments but have limited permissions. Never use private API keys in client-side code.
 
-## Contributing
+## Browser Support
 
-Contributions are welcome! Please feel free to submit a Pull Request.
+Requires browsers supporting:
+- [Fetch API](https://caniuse.com/fetch)
+- [Web Crypto API](https://caniuse.com/cryptography) (for encrypted links)
+- [Beacon API](https://caniuse.com/beacon) (for conversion tracking)
+- [MutationObserver](https://caniuse.com/mutationobserver) (for declarative conversion tracking)
 
 ## License
 
-MIT © Short.io
+MIT