chore: updates

Author: ryanbas21

e2e/journey-app/main.ts

@@ -7,6 +7,7 @@
 import './style.css';
 
 import { journey } from '@forgerock/journey-client';
+import { attachJourneyBridge } from '@forgerock/devtools-bridge';
 
 import type { JourneyClient, RequestMiddleware } from '@forgerock/journey-client/types';
 
@@ -65,6 +66,7 @@ if (searchParams.get('middleware') === 'true') {
   let journeyClient: JourneyClient;
   try {
     journeyClient = await journey({ config: config, requestMiddleware });
+    attachJourneyBridge(journeyClient, config);
   } catch (error) {
     const message = error instanceof Error ? error.message : 'Unknown error';
     console.error('Failed to initialize journey client:', message);

e2e/journey-app/package.json

@@ -11,6 +11,7 @@
     "serve": "pnpm nx nxServe"
   },
   "dependencies": {
+    "@forgerock/devtools-bridge": "workspace:*",
     "@forgerock/journey-client": "workspace:*",
     "@forgerock/oidc-client": "workspace:*",
     "@forgerock/protect": "workspace:*",

e2e/journey-app/tsconfig.app.json

@@ -15,14 +15,17 @@
   ],
   "references": [
     {
-      "path": "../../packages/sdk-effects/logger/tsconfig.lib.json"
+      "path": "../../packages/device-client/tsconfig.lib.json"
     },
     {
-      "path": "../../packages/device-client/tsconfig.lib.json"
+      "path": "../../packages/sdk-effects/logger/tsconfig.lib.json"
     },
     {
       "path": "../../packages/oidc-client/tsconfig.lib.json"
     },
+    {
+      "path": "../../packages/devtools-bridge/tsconfig.lib.json"
+    },
     {
       "path": "../../packages/protect/tsconfig.lib.json"
     },

e2e/oidc-app/package.json

@@ -9,6 +9,7 @@
     "serve": "pnpm nx nxServe"
   },
   "dependencies": {
+    "@forgerock/devtools-bridge": "workspace:*",
     "@forgerock/oidc-client": "workspace:*"
   },
   "nx": {

e2e/oidc-app/src/utils/oidc-app.ts

@@ -6,6 +6,7 @@
  * of the MIT license. See the LICENSE file for details.
  *
  */
+import { attachOidcBridge } from '@forgerock/devtools-bridge';
 import { oidc } from '@forgerock/oidc-client';
 import type {
   AuthorizationError,
@@ -54,6 +55,7 @@ export async function oidcApp({ config, urlParams }) {
   if ('error' in oidcClient) {
     displayError(oidcClient);
   }
+  attachOidcBridge(oidcClient, config);
 
   document.getElementById('login-background').addEventListener('click', async () => {
     const authorizeOptions: GetAuthorizationUrlOptions =

e2e/oidc-app/tsconfig.app.json

@@ -21,6 +21,9 @@
   "references": [
     {
       "path": "../../packages/oidc-client/tsconfig.lib.json"
+    },
+    {
+      "path": "../../packages/devtools-bridge/tsconfig.lib.json"
     }
   ]
 }

packages/devtools-bridge/README.md

@@ -0,0 +1,198 @@
+# @forgerock/devtools-bridge
+
+Opt-in SDK adapter that connects your Ping Identity / ForgeRock application to the [Ping DevTools extension](../devtools-extension). Add it to your app in one line — it is a no-op when the extension is not installed, so it is safe to ship in production builds.
+
+## Contents
+
+- [Installation](#installation)
+- [Bridges](#bridges)
+  - [DaVinci — `attachDevToolsBridge`](#davinci--attachdevtoolsbridge)
+  - [AM Journey — `attachJourneyBridge`](#am-journey--attachjourneybridge)
+  - [OIDC / OAuth — `attachOidcBridge`](#oidc--oauth--attachoidcbridge)
+- [Low-level API](#low-level-api)
+- [How it works](#how-it-works)
+- [Safety](#safety)
+
+---
+
+## Installation
+
+```bash
+pnpm add @forgerock/devtools-bridge
+```
+
+`effect` is a peer dependency. `@forgerock/davinci-client` is an optional peer dependency required only if you use `attachDevToolsBridge`.
+
+---
+
+## Bridges
+
+### DaVinci — `attachDevToolsBridge`
+
+Subscribes to a DaVinci client store and emits `sdk:node-change` on every node status transition, plus `session:cookie` / `session:storage` diffs after each transition.
+
+```ts
+import { davinci } from '@forgerock/davinci-client';
+import { attachDevToolsBridge } from '@forgerock/devtools-bridge';
+
+const client = await davinci({ config });
+
+// Pass config as the second argument — emitted once as sdk:config on the first transition
+const bridge = attachDevToolsBridge(client, config);
+
+// Unsubscribe when the component unmounts
+bridge.detach();
+```
+
+**What it captures per node transition:**
+
+| Field            | Source                                        |
+| ---------------- | --------------------------------------------- |
+| `nodeStatus`     | DaVinci node `.status`                        |
+| `previousStatus` | Previous status (tracked locally)             |
+| `interactionId`  | `server.interactionId`                        |
+| `nodeName`       | `client.name`                                 |
+| `collectors`     | `client.collectors` (full objects)            |
+| `error`          | `error.code / message / type`                 |
+| `session`        | `server.session` (DaVinci session token)      |
+| `responseBody`   | Full DaVinci server response (from RTK cache) |
+
+The bridge only emits when `nodeStatus` actually changes, so rapid store updates that don't advance the node do not generate noise.
+
+---
+
+### AM Journey — `attachJourneyBridge`
+
+Subscribes to a Journey RTK store and emits `sdk:journey-step` for each mutation that settles (`fulfilled` or `rejected`). Each event carries the full AM step response including all callbacks with their `input`/`output` arrays.
+
+```ts
+import { journey } from '@forgerock/journey-client'; // your RTK-based journey client
+import { attachJourneyBridge } from '@forgerock/devtools-bridge';
+
+const client = await journey({ config });
+
+attachJourneyBridge(client, config);
+```
+
+**`JourneySubscribable` interface** — any object with this shape works:
+
+```ts
+interface JourneySubscribable {
+  subscribe: (listener: () => void) => () => void;
+  getState: () => unknown; // must expose { journeyReducer: { mutations: Record<string, MutationEntry> } }
+}
+```
+
+**Emitted events by step type:**
+
+| `stepType`     | When                              | Notable fields                             |
+| -------------- | --------------------------------- | ------------------------------------------ |
+| `Step`         | AM returns `authId`               | `callbacks`, `authId`, `stage`, `header`   |
+| `LoginSuccess` | AM returns `tokenId`              | `tokenId`, `successUrl`                    |
+| `LoginFailure` | AM returns an error / RTK rejects | `errorCode`, `errorMessage`, `errorReason` |
+
+---
+
+### OIDC / OAuth — `attachOidcBridge`
+
+Subscribes to an OIDC client RTK store and emits `sdk:oidc-state` for each settled mutation. Maps RTK endpoint names to human-readable phases.
+
+```ts
+import { oidcClient } from '@forgerock/oidc-client'; // your RTK-based OIDC client
+import { attachOidcBridge } from '@forgerock/devtools-bridge';
+
+const client = oidcClient({ config });
+
+attachOidcBridge(client, config);
+```
+
+**`OidcSubscribable` interface:**
+
+```ts
+interface OidcSubscribable {
+  subscribe: (listener: () => void) => () => void;
+  getState: () => unknown; // must expose { oidc: { mutations: Record<string, MutationEntry> } }
+}
+```
+
+**Endpoint → phase mapping:**
+
+| RTK endpoint name | Emitted phase |
+| ----------------- | ------------- |
+| `authorizeFetch`  | `authorize`   |
+| `authorizeIframe` | `authorize`   |
+| `exchange`        | `exchange`    |
+| `revoke`          | `revoke`      |
+| `userInfo`        | `userinfo`    |
+| `endSession`      | `logout`      |
+
+Pass `config.clientId` to surface it in the extension's node detail card:
+
+```ts
+attachOidcBridge(client, { clientId: 'my-spa-client', ...rest });
+```
+
+---
+
+## Low-level API
+
+If you need to emit events from outside a supported client, use the primitives directly.
+
+```ts
+import { emitAuthEvent, emitConfigEvent, DEVTOOLS_EVENT_NAME } from '@forgerock/devtools-bridge';
+
+emitAuthEvent({
+  id: crypto.randomUUID(),
+  timestamp: performance.now(),
+  type: 'sdk:node-change',
+  source: 'sdk',
+  flowId: null,
+  causedBy: null,
+  data: { _tag: 'sdk', nodeStatus: 'next' },
+  flags: { isCors: false, isError: false, isAuthRelated: true },
+});
+
+emitConfigEvent({ clientId: 'my-app', environment: 'dev' });
+```
+
+Both functions dispatch a `CustomEvent` named `DEVTOOLS_EVENT_NAME` (`'pingDevtools'`) on `window`. The content script picks this up and forwards it to the extension service worker.
+
+---
+
+## How it works
+
+```
+Your app
+  ├── attachDevToolsBridge(davinciClient)   ─┐
+  ├── attachJourneyBridge(journeyClient)    ─┤─ emitAuthEvent()
+  └── attachOidcBridge(oidcClient)          ─┘
+            │
+            │  window.dispatchEvent(new CustomEvent('pingDevtools', { detail: event }))
+            ▼
+      content-script.js
+            │
+            │  chrome.runtime.sendMessage({ type: 'SDK_EVENT', payload: event })
+            ▼
+      service-worker.ts  ──(validates via AuthEventSchema)──▶  EventStore
+            │
+            │  chrome.runtime.sendMessage({ type: 'EVENTS_UPDATED' })
+            ▼
+      panel (Elm)  ──  Timeline view + Flow view
+```
+
+Each bridge function:
+
+1. Subscribes to the client store
+2. Validates the current state with an Effect Schema decoder (returns `Option.none` on mismatch — never throws)
+3. Deduplicates by tracking already-emitted request IDs in a `Set`
+4. Trims that `Set` to only IDs still present in the store, bounding memory use
+5. Dispatches the event only when `window.__PING_DEVTOOLS_EXTENSION__` is present
+
+---
+
+## Safety
+
+- **No-op without the extension** — all bridges check for `window.__PING_DEVTOOLS_EXTENSION__` before dispatching. If the marker is absent, nothing is emitted.
+- **No-op in SSR / Node** — all bridges return `{ detach: () => undefined }` immediately when `typeof window === 'undefined'`.
+- **Tree-shakeable** — `sideEffects: false` in `package.json`; unused bridges are eliminated by your bundler.
+- **No sensitive data leakage** — the bridge never reads passwords or form values; it only observes the client's Redux/RTK state.

packages/devtools-bridge/src/index.ts

@@ -1,3 +1,7 @@
 export { attachDevToolsBridge } from './lib/bridge.js';
 export type { BridgeHandle } from './lib/bridge.js';
-export { DEVTOOLS_EVENT_NAME, emitAuthEvent } from './lib/emit.js';
+export { attachJourneyBridge } from './lib/journey-bridge.js';
+export type { JourneyBridgeHandle } from './lib/journey-bridge.js';
+export { attachOidcBridge } from './lib/oidc-bridge.js';
+export type { OidcBridgeHandle } from './lib/oidc-bridge.js';
+export { DEVTOOLS_EVENT_NAME, emitAuthEvent, emitConfigEvent } from './lib/emit.js';

packages/devtools-bridge/src/lib/bridge.ts

@@ -1,7 +1,7 @@
 import { Schema, Option, pipe } from 'effect';
 import type { SdkData } from '@forgerock/devtools-types';
 import { SdkErrorSchema, SdkAuthorizationSchema } from '@forgerock/devtools-types';
-import { emitAuthEvent } from './emit.js';
+import { emitAuthEvent, emitConfigEvent } from './emit.js';
 
 interface Subscribable {
   subscribe: (listener: () => void) => () => void;
@@ -147,19 +147,6 @@ function emitSessionDiffs(
 // Event builders
 // ---------------------------------------------------------------------------
 
-function emitConfigEvent(config: object): void {
-  emitAuthEvent({
-    id: crypto.randomUUID(),
-    timestamp: performance.now(),
-    type: 'sdk:config',
-    source: 'sdk',
-    flowId: null,
-    causedBy: null,
-    data: { _tag: 'sdk-config', config },
-    flags: { isCors: false, isError: false, isAuthRelated: true },
-  });
-}
-
 function emitNodeChange(data: SdkData): void {
   emitAuthEvent({
     id: crypto.randomUUID(),

packages/devtools-bridge/src/lib/emit.ts

@@ -6,3 +6,16 @@ export function emitAuthEvent(event: AuthEvent): void {
   if (typeof window === 'undefined') return;
   window.dispatchEvent(new CustomEvent(DEVTOOLS_EVENT_NAME, { detail: event }));
 }
+
+export function emitConfigEvent(config: object): void {
+  emitAuthEvent({
+    id: crypto.randomUUID(),
+    timestamp: performance.now(),
+    type: 'sdk:config',
+    source: 'sdk',
+    flowId: null,
+    causedBy: null,
+    data: { _tag: 'sdk-config', config },
+    flags: { isCors: false, isError: false, isAuthRelated: true },
+  });
+}