feat(widget): improve stability, validation, and documentation across extension and core services

[InduwaraSMPN]

Summary

This pull request introduces several stability improvements and architectural cleanups across the Marketrix widget ecosystem. Key highlights include robust message handling in the Chrome extension, stricter tool validation in the WidgetProvider, increased schema constraints for QA requests, and a comprehensive consolidation of project documentation.

Type of Change

• Bug fix
• New feature
• Breaking change
• Refactoring
• Documentation update
• Performance improvement
• Test update

Changes

Chrome Extension

• Stability Fix: Updated content.js message listener to handle errors gracefully and ensure sendResponse is called synchronously to prevent "message port closed" errors.
• Cleanup: Refactored popup.js to use a fire-and-forget pattern for tab messaging, relying on the content script's improved reliability.
• Documentation: Extensively updated chrome-extension/README.md to include detailed configuration options, extended attributes, and troubleshooting steps.

Widget Core & Context

• Validation: Implemented an ALLOWED_TOOLS whitelist in WidgetContext to prevent the execution of unauthorized or unknown agent commands.
• Idempotency: Added a processedRequestIds management system with a rolling buffer (max 1000 IDs) to prevent duplicate processing of WebSocket messages.
• WebSocket Stability: Enhanced WebSocketClient with a 10-second connection timeout and converted the connection logic to a Promise-based flow for better error handling.
• Service Improvements: Added explicit type annotations to integration mapping and improved error handling for empty API responses in SessionManager.

SDK & Schema

• Constraint Update: Updated QADocumentEntitySchema and QADocumentCreateSchema to enforce a max(1000) character limit on additional_instructions.

CI/CD & Documentation

• Workflow Cleanup: Standardized quote usage in GitHub Actions workflow files.
• Doc Consolidation: Deleted redundant documentation files in /docs and the .cursorrules file, moving relevant technical details and debugging guides into the primary README.md.

Related Issues

N/A

Testing Checklist

• Unit tests pass
• Integration tests pass
• Manual testing completed
• New tests added for new functionality
• Existing tests updated if needed

Note: Manual testing was performed on the Chrome extension injection flow and the WebSocket reconnection logic.

Code Quality Checklist

• Code compiles (npm run build)
• Type checking passes (npm run type-check)
• Linting passes (npm run lint)
• Code formatted (npm run format)
• Unused imports removed (npm run imports:fix)
• All code quality checks pass (npm run code:check)

Breaking Changes

• Schema Constraints: The additional_instructions field now has a 1000-character maximum. While technically a narrowing of the type, it may affect users attempting to send extremely long instruction strings.

Additional Context

• Security: The introduction of the ALLOWED_TOOLS list in the WidgetContext significantly reduces the attack surface for malicious WebSocket messages.
• Documentation: The project structure and exported functions in the main README.md have been updated to reflect the current state of the SDK, including new recording control functions (startRecording, stopRecording).