@anton.andrusenko/shopify-mcp-admin 2.2.1 → 2.4.0

package/dist/{mcp-auth-F25V6FEY.js → mcp-auth-54BVOYFJ.js}

@@ -8,8 +8,8 @@ import {
   validateMcpApiKey,
   validateMcpBearerToken,
   validateOAuthAccessToken
-} from "./chunk-PQKNBYJN.js";
-import "./chunk-5QMYOO4B.js";
+} from "./chunk-H36XQ6QK.js";
+import "./chunk-CZJ7LSEO.js";
 import "./chunk-EGGOXEIC.js";
 export {
   MCP_AUTH_ERRORS,

package/dist/{security-44M6F2QU.js → security-6CNKRY2G.js}

@@ -1,6 +1,6 @@
 import {
   log
-} from "./chunk-5QMYOO4B.js";
+} from "./chunk-CZJ7LSEO.js";
 import "./chunk-EGGOXEIC.js";
 
 // src/middleware/security.ts
@@ -87,6 +87,9 @@ function createSecurityMiddleware(options) {
   return (_req, res, next) => {
     if (opts.enableSecurityHeaders) {
       for (const [header, value] of Object.entries(SECURITY_HEADERS)) {
+        if (header === "X-Frame-Options" && res.locals.allowIframeEmbedding) {
+          continue;
+        }
         res.setHeader(header, value);
       }
     }

package/dist/{store-JK2ZU6DR.js → store-5NJBYK45.js}

@@ -1,8 +1,8 @@
 import {
   SessionStore,
   sessionStore
-} from "./chunk-JU5IFCVJ.js";
-import "./chunk-5QMYOO4B.js";
+} from "./chunk-CJXPHNYT.js";
+import "./chunk-CZJ7LSEO.js";
 import "./chunk-EGGOXEIC.js";
 export {
   SessionStore,

package/dist/{tools-HVUCP53D.js → tools-SVKPHJYW.js}

@@ -37,8 +37,8 @@ import {
   variantIdSchema,
   webPresenceIdSchema,
   wrapToolHandler
-} from "./chunk-LMFNHULG.js";
-import "./chunk-5QMYOO4B.js";
+} from "./chunk-UMNIRP6T.js";
+import "./chunk-CZJ7LSEO.js";
 import "./chunk-EGGOXEIC.js";
 export {
   GID_PATTERN,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@anton.andrusenko/shopify-mcp-admin",
-  "version": "2.2.1",
+  "version": "2.4.0",
   "description": "MCP server for Shopify Admin API - enables AI agents to manage Shopify stores with 79 tools for products, inventory, collections, content, SEO, metafields, markets & translations",
   "type": "module",
   "main": "./dist/index.js",
@@ -22,6 +22,7 @@
     "typecheck": "tsc --noEmit",
     "test": "vitest --run",
     "test:watch": "vitest",
+    "test:react": "vitest --run --config vitest.react.config.ts",
     "test:coverage": "vitest run --coverage",
     "test:integration": "vitest run tests/integration/*.test.ts --testTimeout=60000",
     "test:e2e": "playwright test",
@@ -84,6 +85,7 @@
     "@radix-ui/react-dropdown-menu": "^2.1.16",
     "@radix-ui/react-hover-card": "^1.1.15",
     "@radix-ui/react-label": "^2.1.8",
+    "@radix-ui/react-popover": "^1.1.15",
     "@radix-ui/react-progress": "^1.1.8",
     "@radix-ui/react-scroll-area": "^1.2.10",
     "@radix-ui/react-select": "^2.2.6",
@@ -96,18 +98,21 @@
     "@sentry/node": "^10.29.0",
     "@shopify/shopify-api": "^11.14.1",
     "@tanstack/react-query": "^5.90.11",
+    "@tanstack/react-table": "^8.21.3",
     "bcrypt": "^5.1.1",
     "class-variance-authority": "^0.7.1",
     "clsx": "^2.1.1",
     "cmdk": "^1.1.1",
     "cookie-parser": "^1.4.7",
     "cors": "^2.8.5",
+    "date-fns": "^4.1.0",
     "express": "^5.1.0",
     "express-rate-limit": "^8.2.1",
     "lucide-react": "^0.555.0",
     "pino": "^9.14.0",
     "prom-client": "^15.1.3",
     "react": "^19.2.1",
+    "react-day-picker": "^9.13.0",
     "react-dom": "^19.2.1",
     "react-hook-form": "^7.67.0",
     "react-router-dom": "^7.10.0",
@@ -122,6 +127,9 @@
     "@biomejs/biome": "^1.9.4",
     "@playwright/test": "^1.57.0",
     "@tailwindcss/vite": "^4.1.17",
+    "@testing-library/jest-dom": "^6.9.1",
+    "@testing-library/react": "^16.3.1",
+    "@testing-library/user-event": "^14.6.1",
     "@types/bcrypt": "^5.0.2",
     "@types/cookie-parser": "^1.4.10",
     "@types/cors": "^2.8.19",
@@ -133,6 +141,7 @@
     "@vitejs/plugin-react": "^5.1.1",
     "@vitest/coverage-v8": "^3.2.4",
     "autoprefixer": "^10.4.22",
+    "jsdom": "^27.3.0",
     "pino-pretty": "^11.3.0",
     "postcss": "^8.5.6",
     "prisma": "^6.0.0",

package/dist/chunk-5QMYOO4B.js

@@ -1,146 +0,0 @@
-import {
-  configSchema,
-  isDebugEnabled
-} from "./chunk-EGGOXEIC.js";
-
-// src/config/index.ts
-var _config = null;
-function getConfig() {
-  if (_config !== null) {
-    return _config;
-  }
-  const result = configSchema.safeParse(process.env);
-  if (!result.success) {
-    const errors = result.error.errors.map((err) => {
-      const path = err.path.join(".");
-      return `  - ${path}: ${err.message}`;
-    });
-    console.error("Configuration error:");
-    console.error(errors.join("\n"));
-    process.exit(1);
-  }
-  _config = result.data;
-  return _config;
-}
-
-// src/utils/logger.ts
-var SANITIZATION_PATTERNS = [
-  { pattern: /shpat_[a-zA-Z0-9]+/g, replacement: "[REDACTED]" },
-  { pattern: /shpua_[a-zA-Z0-9]+/g, replacement: "[REDACTED]" },
-  { pattern: /Bearer\s+[a-zA-Z0-9_-]+/g, replacement: "Bearer [REDACTED]" },
-  { pattern: /access_token[=:]\s*[a-zA-Z0-9_-]+/gi, replacement: "access_token=[REDACTED]" },
-  { pattern: /client_secret[=:]\s*[a-zA-Z0-9_-]+/gi, replacement: "client_secret=[REDACTED]" }
-];
-function sanitizeLogMessage(message) {
-  let result = message;
-  for (const { pattern, replacement } of SANITIZATION_PATTERNS) {
-    result = result.replace(pattern, replacement);
-  }
-  return result;
-}
-function sanitizeObject(obj, seen = /* @__PURE__ */ new WeakSet()) {
-  if (typeof obj === "string") {
-    return sanitizeLogMessage(obj);
-  }
-  if (obj === null || typeof obj !== "object") {
-    return obj;
-  }
-  if (seen.has(obj)) {
-    return "[Circular]";
-  }
-  seen.add(obj);
-  if (Array.isArray(obj)) {
-    return obj.map((item) => sanitizeObject(item, seen));
-  }
-  const result = {};
-  for (const [key, value] of Object.entries(obj)) {
-    result[key] = sanitizeObject(value, seen);
-  }
-  return result;
-}
-function safeStringify(data) {
-  try {
-    const seen = /* @__PURE__ */ new WeakSet();
-    return JSON.stringify(data, (_key, value) => {
-      if (typeof value === "object" && value !== null) {
-        if (seen.has(value)) {
-          return "[Circular]";
-        }
-        seen.add(value);
-      }
-      return value;
-    });
-  } catch {
-    return "[Unable to stringify]";
-  }
-}
-var log = {
-  /**
-   * Debug level logging - only outputs when DEBUG=1 or DEBUG=true
-   *
-   * @param msg - Debug message
-   * @param data - Optional data object to include (JSON-stringified)
-   */
-  debug: (msg, data) => {
-    if (isDebugEnabled(process.env.DEBUG)) {
-      const sanitizedMsg = sanitizeLogMessage(msg);
-      if (data) {
-        const sanitizedData = sanitizeObject(data);
-        const dataStr = safeStringify(sanitizedData);
-        console.error(`[DEBUG] ${sanitizedMsg} ${dataStr}`);
-      } else {
-        console.error(`[DEBUG] ${sanitizedMsg}`);
-      }
-    }
-  },
-  /**
-   * Info level logging
-   *
-   * @param msg - Info message
-   * @param data - Optional data object to include (JSON-stringified)
-   */
-  info: (msg, data) => {
-    const sanitizedMsg = sanitizeLogMessage(msg);
-    if (data) {
-      const sanitizedData = sanitizeObject(data);
-      const dataStr = safeStringify(sanitizedData);
-      console.error(`[INFO] ${sanitizedMsg} ${dataStr}`);
-    } else {
-      console.error(`[INFO] ${sanitizedMsg}`);
-    }
-  },
-  /**
-   * Warning level logging
-   *
-   * @param msg - Warning message
-   * @param data - Optional data object to include (JSON-stringified)
-   */
-  warn: (msg, data) => {
-    const sanitizedMsg = sanitizeLogMessage(msg);
-    if (data) {
-      const sanitizedData = sanitizeObject(data);
-      const dataStr = safeStringify(sanitizedData);
-      console.error(`[WARN] ${sanitizedMsg} ${dataStr}`);
-    } else {
-      console.error(`[WARN] ${sanitizedMsg}`);
-    }
-  },
-  /**
-   * Error level logging
-   *
-   * @param msg - Error message
-   * @param err - Optional Error object (stack trace shown when DEBUG enabled)
-   */
-  error: (msg, err) => {
-    console.error(`[ERROR] ${sanitizeLogMessage(msg)}`);
-    if (err && isDebugEnabled(process.env.DEBUG)) {
-      console.error(sanitizeLogMessage(err.stack || err.message));
-    }
-  }
-};
-
-export {
-  getConfig,
-  sanitizeLogMessage,
-  log
-};