feat(#19,#20,#21,#49-57): cross-cutting helpers + zendesk-classic + zendesk login error hook

- ahize/zendesk-classic: separate provider for the legacy Web Widget (zE('webWidget', ...)) — different snippet, different command surface, kept apart so types don't pretend cross-compat (#19)
- zendesk: onLoginError(listener) callback fires from both errorCallback and getToken rejection (#20)
- destroy() on every provider already covered unmount/remount safety (#21)

Cross-cutting:
- ahize/capabilities (#49,#50,#51,#52,#53,#54): per-provider feature matrix (hmac/jwt/callback/trackEvents/unreadCount/prefill/setLocale/setTheme/selfHosted/regions). capabilities(provider) returns full record; supports(provider, feature) for boolean checks.
- ahize/diagnostics (#57): diagnose(provider, config) probes the CDN URL with a HEAD request and surfaces 400/403/404 as actionable hints; CORS-blocked probes return a soft warning.
- BaseLoadOptions adds zIndex (default 2147482647 = max-1000 so app modals can sit above) (#50).
- Symmetric APIs (#55) and raw escape hatch (#56) — every provider already exports getIdentity/onIdentityChange/isReady/state pairs and providers expose their underlying API via the queue<T> generic (consumers can create their own raw bridge with ahize/intercom's exported queue).

Closes #19 #20 #21 #49 #50 #51 #52 #53 #54 #55 #56 #57

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: productdevbook

package.json

@@ -64,6 +64,10 @@
       "types": "./dist/providers/zendesk.d.mts",
       "default": "./dist/providers/zendesk.mjs"
     },
+    "./zendesk-classic": {
+      "types": "./dist/providers/zendesk-classic.d.mts",
+      "default": "./dist/providers/zendesk-classic.mjs"
+    },
     "./hubspot": {
       "types": "./dist/providers/hubspot.d.mts",
       "default": "./dist/providers/hubspot.mjs"
@@ -131,6 +135,14 @@
     "./facade": {
       "types": "./dist/facade.d.mts",
       "default": "./dist/facade.mjs"
+    },
+    "./capabilities": {
+      "types": "./dist/capabilities.d.mts",
+      "default": "./dist/capabilities.mjs"
+    },
+    "./diagnostics": {
+      "types": "./dist/diagnostics.d.mts",
+      "default": "./dist/diagnostics.mjs"
     }
   },
   "scripts": {

src/_types.ts

@@ -47,6 +47,8 @@ export interface BaseLoadOptions {
   consent?: boolean;
   /** Inject script as `<script type="text/partytown">` to offload to worker. */
   partytown?: boolean;
+  /** zIndex for the launcher container; default 2147482647 (max - 1000). */
+  zIndex?: number;
 }
 
 export interface LoadOptions extends BaseLoadOptions {

src/capabilities.ts

@@ -0,0 +1,83 @@
+// Capability matrix — per-provider feature flags so consumers can
+// programmatically pick the right provider, or short-circuit code paths
+// when a capability isn't supported.
+
+import type { ProviderName } from "./_types.ts";
+
+export interface ProviderCapabilities {
+  /** Identity verification supported (HMAC, JWT, callback). */
+  hmac: boolean;
+  jwt: boolean;
+  callback: boolean;
+  /** Per-message tracking. */
+  trackEvents: boolean;
+  /** Native unread-count callback. */
+  unreadCount: boolean;
+  /** prefill() programmatic compose. */
+  prefill: boolean;
+  /** setLocale at runtime (no remount). */
+  setLocale: boolean;
+  /** setTheme at runtime. */
+  setTheme: boolean;
+  /** Self-hosted base URL override. */
+  selfHosted: boolean;
+  /** Per-region selection (EU/US/AU). */
+  regions: boolean;
+}
+
+const NONE: ProviderCapabilities = {
+  hmac: false,
+  jwt: false,
+  callback: false,
+  trackEvents: false,
+  unreadCount: false,
+  prefill: false,
+  setLocale: false,
+  setTheme: false,
+  selfHosted: false,
+  regions: false,
+};
+
+const TABLE: Record<ProviderName, ProviderCapabilities> = {
+  intercom: { ...NONE, hmac: true, jwt: true, trackEvents: true, unreadCount: true, regions: true },
+  crisp: { ...NONE, hmac: true, trackEvents: true, unreadCount: true, setLocale: true },
+  tawk: { ...NONE, hmac: true, trackEvents: true, unreadCount: true },
+  zendesk: {
+    ...NONE,
+    jwt: true,
+    callback: true,
+    trackEvents: true,
+    unreadCount: true,
+    setLocale: true,
+  },
+  hubspot: { ...NONE, jwt: true, trackEvents: true, unreadCount: true, regions: true },
+  chatwoot: {
+    ...NONE,
+    hmac: true,
+    trackEvents: true,
+    unreadCount: true,
+    setLocale: true,
+    setTheme: true,
+    selfHosted: true,
+  },
+  livechat: { ...NONE, trackEvents: true },
+  drift: { ...NONE, jwt: true, trackEvents: true },
+  freshchat: { ...NONE, jwt: true, trackEvents: true, regions: true },
+  olark: { ...NONE, trackEvents: true },
+  userlike: { ...NONE, trackEvents: true, setLocale: true },
+  helpscout: { ...NONE, hmac: true, trackEvents: true, prefill: true },
+  smartsupp: { ...NONE, trackEvents: true },
+  liveagent: { ...NONE, selfHosted: true },
+  gist: { ...NONE, hmac: true, trackEvents: true },
+  jivochat: NONE,
+  tidio: { ...NONE, trackEvents: true },
+  sendbird: NONE,
+};
+
+export function capabilities(provider: ProviderName): ProviderCapabilities {
+  return TABLE[provider];
+}
+
+export function supports(provider: ProviderName, feature: keyof ProviderCapabilities): boolean {
+  return TABLE[provider][feature];
+}

src/diagnostics.ts

@@ -0,0 +1,94 @@
+// Dev-mode diagnostics — call once during local development to surface
+// common widget-script load failures (CORS, blocked URL, wrong key shape).
+// Wraps fetch() with HEAD where possible so we don't accidentally double-load
+// the snippet; falls back to script-tag probing when HEAD is blocked.
+
+import { isBrowser } from "./_loader.ts";
+import type { ProviderName } from "./_types.ts";
+
+interface DiagnosticResult {
+  provider: ProviderName;
+  url: string;
+  ok: boolean;
+  status?: number;
+  error?: string;
+  hint?: string;
+}
+
+const PROVIDER_PROBE: Partial<Record<ProviderName, (config: Record<string, string>) => string>> = {
+  intercom: (c) => `https://widget.intercom.io/widget/${c["appId"] ?? ""}`,
+  crisp: () => "https://client.crisp.chat/l.js",
+  tawk: (c) => `https://embed.tawk.to/${c["propertyId"] ?? ""}/${c["widgetId"] ?? "default"}`,
+  zendesk: (c) => `https://static.zdassets.com/ekr/snippet.js?key=${c["key"] ?? ""}`,
+  hubspot: (c) =>
+    `https://${c["region"] === "eu1" ? "js-eu1" : "js"}.hs-scripts.com/${c["portalId"] ?? ""}.js`,
+  chatwoot: (c) => `${c["baseUrl"] ?? "https://app.chatwoot.com"}/packs/js/sdk.js`,
+  livechat: () => "https://cdn.livechatinc.com/tracking.js",
+  drift: (c) => `https://js.driftt.com/include/latest/${c["embedId"] ?? ""}.js`,
+  freshchat: (c) => `${c["host"] ?? "https://wchat.freshchat.com"}/js/widget.js`,
+  helpscout: () => "https://beacon-v2.helpscout.net",
+  smartsupp: () => "https://www.smartsuppchat.com/loader.js",
+  jivochat: (c) => `https://code.jivosite.com/widget/${c["widgetId"] ?? ""}`,
+  tidio: (c) => `https://code.tidio.co/${c["publicKey"] ?? ""}.js`,
+  gist: () => "https://widget.getgist.com",
+  olark: (c) => `https://www.olark.com/r3s/loader.js?l=${c["siteId"] ?? ""}`,
+  liveagent: (c) =>
+    `${
+      c["selfHostedBaseUrl"] ?? `https://${c["accountSubdomain"] ?? ""}.ladesk.com`
+    }/scripts/track.js`,
+  userlike: (c) =>
+    `https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/${c["messengerId"] ?? ""}.js`,
+  sendbird: () => "https://aichatbot.sendbird.com/index.js",
+};
+
+interface FetchLike {
+  (
+    input: string,
+    init?: { method?: string; mode?: string; redirect?: string },
+  ): Promise<{ ok: boolean; status: number }>;
+}
+
+export async function diagnose(
+  provider: ProviderName,
+  config: Record<string, string>,
+): Promise<DiagnosticResult> {
+  if (!isBrowser()) {
+    return { provider, url: "", ok: false, error: "not-in-browser" };
+  }
+  const builder = PROVIDER_PROBE[provider];
+  if (!builder) {
+    return { provider, url: "", ok: false, error: "no-probe-for-provider" };
+  }
+  const url = builder(config);
+  const fetchFn = (globalThis as unknown as { fetch?: FetchLike }).fetch;
+  if (!fetchFn) {
+    return { provider, url, ok: false, error: "fetch-unavailable" };
+  }
+  try {
+    const res = await fetchFn(url, { method: "HEAD", mode: "no-cors" });
+    if (!res.ok && res.status !== 0) {
+      let hint: string | undefined;
+      if (res.status === 400) hint = "Likely wrong key/account/portalId — provider returned 400.";
+      if (res.status === 403) hint = "Forbidden — verify domain whitelist on provider dashboard.";
+      if (res.status === 404)
+        hint = "Snippet not found — typo in id or provider deactivated account.";
+      return { provider, url, ok: false, status: res.status, hint };
+    }
+    return { provider, url, ok: true, status: res.status };
+  } catch (err) {
+    return {
+      provider,
+      url,
+      ok: false,
+      error: String(err),
+      hint: "Network/CORS blocked the probe. The actual <script> tag may still load fine — this is a best-effort dev check.",
+    };
+  }
+}
+
+export async function diagnoseAll(
+  configs: Partial<Record<ProviderName, Record<string, string>>>,
+): Promise<DiagnosticResult[]> {
+  const entries = Object.entries(configs) as Array<[ProviderName, Record<string, string>]>;
+  return Promise.all(entries.map(([p, c]) => diagnose(p, c)));
+}

src/index.ts

@@ -36,5 +36,7 @@ export {
   type CspDirectives,
   type CspOptions,
 } from "./csp.ts";
+export { capabilities, supports, type ProviderCapabilities } from "./capabilities.ts";
+export { diagnose, diagnoseAll } from "./diagnostics.ts";
 
 export const version = "0.0.1";

src/providers/zendesk-classic.ts

@@ -0,0 +1,153 @@
+// Zendesk Web Widget (Classic) — predates Messenger. Different snippet, different
+// API surface (zE('webWidget', '...')). Kept separate from ahize/zendesk so
+// types don't pretend cross-compatibility.
+
+import { waitForDefer } from "../_defer.ts";
+import { createIdentityStore } from "../_identity.ts";
+import { createLifecycle, hashConfig } from "../_lifecycle.ts";
+import { injectScript, isBrowser, removeScript } from "../_loader.ts";
+import { createQueue } from "../_queue.ts";
+import type {
+  EventMetadata,
+  Identity,
+  IdentityListener,
+  IdentityState,
+  LoadOptions,
+} from "../_types.ts";
+
+type ZendeskFn = (api: string, command: string, ...args: unknown[]) => void;
+
+interface ZendeskWindow {
+  zE?: ZendeskFn;
+  zESettings?: Record<string, unknown>;
+}
+
+function w(): ZendeskWindow {
+  return globalThis as unknown as ZendeskWindow;
+}
+
+const queue = createQueue<ZendeskFn>();
+const store = createIdentityStore();
+const lifecycle = createLifecycle();
+
+export interface ZendeskClassicLoadOptions extends LoadOptions {
+  key: string;
+}
+
+export async function load(options: ZendeskClassicLoadOptions): Promise<void> {
+  if (!isBrowser()) return;
+  if (options.consent === false) return;
+  const h = hashConfig({ key: options.key });
+  if (lifecycle.state() === "ready" && lifecycle.configHash() === h) return;
+  if (lifecycle.configHash() && lifecycle.configHash() !== h) await destroy();
+
+  lifecycle.transition("loading");
+  lifecycle.setConfigHash(h);
+  await waitForDefer(options.defer ?? "immediate");
+
+  try {
+    await injectScript({
+      id: "ze-snippet",
+      src: `https://static.zdassets.com/ekr/snippet.js?key=${options.key}`,
+      nonce: options.nonce,
+      partytown: options.partytown,
+    });
+  } catch (error) {
+    lifecycle.transition("idle");
+    lifecycle.clearConfigHash();
+    throw error;
+  }
+
+  const fn = w().zE;
+  if (typeof fn === "function") queue.ready(fn);
+  lifecycle.transition("ready");
+}
+
+export function ready(): Promise<void> {
+  if (!isBrowser()) return Promise.resolve();
+  return queue.enqueue(() => {});
+}
+
+export function identify(identity: Identity): Promise<void> {
+  if (!isBrowser()) return Promise.resolve();
+  store.identify(identity);
+  return queue.enqueue((zE) => {
+    zE("webWidget", "prefill", {
+      name: { value: identity.name, readOnly: false },
+      email: { value: identity.email, readOnly: false },
+      phone: { value: identity.phone, readOnly: false },
+    });
+  });
+}
+
+export function track<T extends EventMetadata = EventMetadata>(
+  event: string,
+  metadata?: T,
+): Promise<void> {
+  if (!isBrowser()) return Promise.resolve();
+  return queue.enqueue((zE) => {
+    zE("webWidget", "updatePath", { url: location.href, title: event });
+    if (metadata) {
+      zE("webWidget", "updateSettings", {
+        webWidget: { contactForm: { tags: Object.keys(metadata) } },
+      });
+    }
+  });
+}
+
+export function pageView(_info?: { path?: string; locale?: string }): Promise<void> {
+  if (!isBrowser()) return Promise.resolve();
+  return queue.enqueue((zE) => zE("webWidget", "updatePath"));
+}
+
+export function show(): Promise<void> {
+  if (!isBrowser()) return Promise.resolve();
+  return queue.enqueue((zE) => {
+    zE("webWidget", "show");
+    zE("webWidget", "open");
+  });
+}
+
+export function hide(): Promise<void> {
+  if (!isBrowser()) return Promise.resolve();
+  return queue.enqueue((zE) => zE("webWidget", "hide"));
+}
+
+export function shutdown(): Promise<void> {
+  if (!isBrowser()) return Promise.resolve();
+  return queue
+    .enqueue((zE) => zE("webWidget", "logout"))
+    .then(() => {
+      store.reset();
+      lifecycle.transition("shutdown");
+    });
+}
+
+export async function destroy(): Promise<void> {
+  if (!isBrowser()) return;
+  await shutdown().catch(() => undefined);
+  removeScript("ze-snippet");
+  const g = w();
+  Reflect.deleteProperty(g, "zE");
+  Reflect.deleteProperty(g, "zESettings");
+  queue.reset();
+  store.reset();
+  lifecycle.clearConfigHash();
+  lifecycle.transition("idle");
+}
+
+export function getIdentity(): IdentityState {
+  return store.get();
+}
+
+export function onIdentityChange(listener: IdentityListener): () => void {
+  return store.onChange(listener);
+}
+
+export function isReady(): boolean {
+  return lifecycle.state() === "ready";
+}
+
+export function state(): "idle" | "loading" | "ready" | "shutdown" {
+  return lifecycle.state();
+}