@bleedingdev/modern-js-create 3.2.0-ultramodern.119 → 3.2.0-ultramodern.120

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +50 -11
  2. package/dist/cjs/ultramodern-workspace.cjs +1651 -476
  3. package/dist/esm/ultramodern-workspace.js +1651 -476
  4. package/dist/esm-node/ultramodern-workspace.js +1651 -476
  5. package/package.json +7 -7
  6. package/template-workspace/AGENTS.md +5 -3
  7. package/template-workspace/README.md.handlebars +45 -9
package/README.md CHANGED
@@ -89,14 +89,28 @@ Cloudflare Worker output. The shell consumes vertical UI through Module
89
89
  Federation manifests and vertical APIs through generated Effect clients
90
90
  exported by the vertical packages.
91
91
 
92
- Route metadata is route-owned. Each app writes
93
- `src/routes/ultramodern-route-metadata` and passes
94
- `ultramodernLocalisedUrls` into `@modern-js/plugin-i18n`. Locale JSON is served
95
- from `/locales/{{lng}}/{{ns}}.json`; Czech and English routes are generated
96
- from the route owner, not from shell rewrites. Routes default to
97
- `privateByDefault: true` and `publicnessDefault: private-app-screen`; generated
98
- public files use only explicit `public && indexable` route metadata, so private
99
- app screens publish only a disallowing `robots.txt` by default.
92
+ Route metadata is route-owned and colocated in
93
+ `src/routes/**/route.meta.ts`. The scaffold regenerates
94
+ `src/routes/ultramodern-route-metadata.ts` as a compatibility manifest for
95
+ Modern.js config, i18n, public head, and public surface contracts; authors
96
+ should not hand-maintain it. Locale JSON is served from
97
+ `/locales/{{lng}}/{{ns}}.json`; Czech and English routes are generated from the
98
+ route owner, not from shell rewrites.
99
+
100
+ Routes default to `privateByDefault: true` and
101
+ `publicnessDefault: private-app-screen`. Public web artifacts are build/deploy
102
+ outputs generated by `scripts/generate-public-surface-assets.mjs` into
103
+ `dist/public` and `.output/public`, not source files under `config/public`.
104
+ Generated public files use only explicit `public && indexable` route metadata,
105
+ so private app screens publish only a disallowing `robots.txt` by default.
106
+
107
+ Dynamic public routes can expand sitemap entries through route-owned,
108
+ Node-safe ESM providers, normally `route.sitemap.mjs` beside the route
109
+ metadata. The public-surface generator discovers those providers for dynamic
110
+ public routes and still honors explicit `routes.publicSurface.contentSources`
111
+ entries in the generated compatibility manifest. Providers may export
112
+ `entries`, `entries()`, or a default entries/loader returning sitemap entries;
113
+ draft entries and `indexable: false` entries are omitted.
100
114
 
101
115
  CSS federation is explicit:
102
116
 
@@ -109,6 +123,28 @@ CSS federation is explicit:
109
123
  - Duplicate base styles are forbidden; SSR first paint depends on shared token
110
124
  CSS plus Modern/Rspack-emitted app CSS.
111
125
 
126
+ ## Public URL Environment Variables
127
+
128
+ Generated apps no longer bake absolute `http://localhost:<port>` URLs into
129
+ asset configuration. Two environment variables now have distinct roles in
130
+ controlling where assets are served from and where SEO output links point.
131
+
132
+ | Variable | Role | Feeds |
133
+ | --- | --- | --- |
134
+ | `ULTRAMODERN_PUBLIC_URL_<APP_ID>` | Per-app deployment and asset origin | `output.assetPrefix`, Module Federation remote URLs |
135
+ | `MODERN_PUBLIC_SITE_URL` | Site-wide public origin for SEO output | Canonical, hreflang, sitemap `<loc>`, robots `Sitemap:` |
136
+
137
+ Asset URLs use this precedence: `ULTRAMODERN_PUBLIC_URL_<APP_ID>` →
138
+ `MODERN_PUBLIC_SITE_URL` → inferred workers.dev URL → origin-relative `/`.
139
+ SEO and site origin prefer: `MODERN_PUBLIC_SITE_URL` →
140
+ `ULTRAMODERN_PUBLIC_URL_<APP_ID>` → inferred workers.dev → `http://localhost:<port>`.
141
+
142
+ Without public URLs configured, asset paths are origin-relative (`/`), and the
143
+ dev server uses `dev.assetPrefix: '/'` — so apps work through tunnels and
144
+ reverse proxies (ngrok, cloudflared) without triggering Chrome's Local Network
145
+ Access prompt or mixed-content errors. Shell-only workspaces can set just
146
+ `MODERN_PUBLIC_SITE_URL` for SEO output.
147
+
112
148
  ## Cloudflare And Zephyr Proof
113
149
 
114
150
  Each generated workspace app has:
@@ -120,9 +156,12 @@ Each generated workspace app has:
120
156
  - `zephyr-rspack-plugin` wired through the generated Modern.js Rspack bridge.
121
157
 
122
158
  Deploy first, then pass each deployed app's generated public URL env key into
123
- the proof step. Shell-only workspaces only need the shell URL; added verticals
124
- use the same `ULTRAMODERN_PUBLIC_URL_<APP_ID>` pattern with hyphens converted
125
- to underscores and uppercased:
159
+ the proof step. The proof script reads the generated contract and checks the
160
+ Cloudflare Worker surface, including public-route sitemap/robots consistency,
161
+ preview noindex behavior, unknown-route status, asset headers, byte budgets,
162
+ and public sourcemap exposure. Shell-only workspaces only need the shell URL;
163
+ added verticals use the same `ULTRAMODERN_PUBLIC_URL_<APP_ID>` pattern with
164
+ hyphens converted to underscores and uppercased:
126
165
 
127
166
  ```bash
128
167
  pnpm cloudflare:deploy