@brainerce/mcp-server 3.6.0 → 3.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -948,6 +948,175 @@ function ProductPage({ product, storeInfo }: { product: Product; storeInfo: Stor
948
948
  }
949
949
  \`\`\`
950
950
 
951
+ ### Variant Attribute Selector with Swatches (color + size **mix**)
952
+
953
+ The simple text-button picker above works, but loses the merchant-configured
954
+ **swatch metadata**. A single product often mixes one attribute that should
955
+ render as **color swatches** (e.g. \`Color\`) and another that should render
956
+ as **text buttons** (e.g. \`Size\`). The product response includes everything
957
+ you need:
958
+
959
+ - \`product.productAttributeOptions[]\` \u2014 the swatch definitions: \`attribute.name\`,
960
+ \`attribute.displayType\` (the \`AttributeDisplayType\` enum: \`DEFAULT\` | \`COLOR_SWATCH\` | \`IMAGE_SWATCH\` | \`MIXED_SWATCH\`),
961
+ \`attributeOption.name\`, \`swatchColor\` (hex), \`swatchColor2\` (hex \u2014 used for dual-color swatches
962
+ like Black & White), \`swatchImageUrl\` (for fabric / pattern thumbnails).
963
+ \`MIXED_SWATCH\` means each option in the group can independently pick image OR color
964
+ (the merchant decides per option). Treat any unrecognized value as \`DEFAULT\`.
965
+ - \`variant.attributes\` \u2014 the selected value per attribute on each variant.
966
+
967
+ Use \`getProductSwatches(product)\` to get a render-ready, grouped structure:
968
+
969
+ \`\`\`typescript
970
+ import { getProductSwatches } from 'brainerce';
971
+
972
+ const groups = getProductSwatches(product);
973
+ // [
974
+ // { attributeName: 'color', displayType: 'COLOR_SWATCH', options: [
975
+ // { name: 'Full Color', swatchColor: '#1D9435', swatchColor2: null, swatchImageUrl: null },
976
+ // { name: 'Black & White', swatchColor: '#000000', swatchColor2: '#FFFFFF', swatchImageUrl: null },
977
+ // ]},
978
+ // { attributeName: 'size', displayType: 'DEFAULT', options: [
979
+ // { name: '16" \xD7 20"' }, { name: '24" \xD7 32"' }, { name: '36" \xD7 48"' },
980
+ // ]},
981
+ // ]
982
+ \`\`\`
983
+
984
+ Render one branch per \`displayType\`. The same loop handles all-swatch, all-text,
985
+ and the mix case:
986
+
987
+ \`\`\`typescript
988
+ function VariantPicker({
989
+ product,
990
+ selections,
991
+ onSelect,
992
+ }: {
993
+ product: Product;
994
+ selections: Record<string, string>; // { color: 'Full Color', size: '24" \xD7 32"' }
995
+ onSelect: (attrName: string, value: string) => void;
996
+ }) {
997
+ const groups = getProductSwatches(product);
998
+ if (groups.length === 0) return null;
999
+
1000
+ return (
1001
+ <div className="space-y-4">
1002
+ {groups.map((group) => (
1003
+ <div key={group.attributeName}>
1004
+ <label className="block mb-2 text-sm font-medium">
1005
+ {group.attributeName}: <span className="text-gray-500">{selections[group.attributeName] ?? ''}</span>
1006
+ </label>
1007
+ <div className="flex flex-wrap gap-2">
1008
+ {group.options.map((opt) => {
1009
+ const isSelected = selections[group.attributeName] === opt.name;
1010
+
1011
+ // COLOR_SWATCH \u2014 round button; dual-color uses a 50/50 gradient.
1012
+ if (group.displayType === 'COLOR_SWATCH' && opt.swatchColor) {
1013
+ const bg = opt.swatchColor2
1014
+ ? \`linear-gradient(135deg, \${opt.swatchColor} 50%, \${opt.swatchColor2} 50%)\`
1015
+ : opt.swatchColor;
1016
+ return (
1017
+ <button
1018
+ key={opt.name}
1019
+ type="button"
1020
+ title={opt.name}
1021
+ aria-pressed={isSelected}
1022
+ onClick={() => onSelect(group.attributeName, opt.name)}
1023
+ className={\`h-9 w-9 rounded-full border-2 \${isSelected ? 'border-black ring-2 ring-black/30' : 'border-gray-300 hover:border-black'}\`}
1024
+ style={{ background: bg }}
1025
+ />
1026
+ );
1027
+ }
1028
+
1029
+ // IMAGE_SWATCH \u2014 square thumbnail (fabric/pattern preview).
1030
+ if (group.displayType === 'IMAGE_SWATCH' && opt.swatchImageUrl) {
1031
+ return (
1032
+ <button
1033
+ key={opt.name}
1034
+ type="button"
1035
+ aria-pressed={isSelected}
1036
+ onClick={() => onSelect(group.attributeName, opt.name)}
1037
+ className={\`h-10 w-10 overflow-hidden rounded border-2 \${isSelected ? 'border-black' : 'border-gray-300'}\`}
1038
+ >
1039
+ <img src={opt.swatchImageUrl} alt={opt.name} className="h-full w-full object-cover" />
1040
+ </button>
1041
+ );
1042
+ }
1043
+
1044
+ // MIXED_SWATCH \u2014 each option is independently image OR color (image wins if present).
1045
+ if (group.displayType === 'MIXED_SWATCH') {
1046
+ if (opt.swatchImageUrl) {
1047
+ return (
1048
+ <button
1049
+ key={opt.name}
1050
+ type="button"
1051
+ aria-pressed={isSelected}
1052
+ onClick={() => onSelect(group.attributeName, opt.name)}
1053
+ className={\`h-10 w-10 overflow-hidden rounded border-2 \${isSelected ? 'border-black' : 'border-gray-300'}\`}
1054
+ >
1055
+ <img src={opt.swatchImageUrl} alt={opt.name} className="h-full w-full object-cover" />
1056
+ </button>
1057
+ );
1058
+ }
1059
+ if (opt.swatchColor) {
1060
+ const bg = opt.swatchColor2
1061
+ ? \`linear-gradient(135deg, \${opt.swatchColor} 50%, \${opt.swatchColor2} 50%)\`
1062
+ : opt.swatchColor;
1063
+ return (
1064
+ <button
1065
+ key={opt.name}
1066
+ type="button"
1067
+ title={opt.name}
1068
+ aria-pressed={isSelected}
1069
+ onClick={() => onSelect(group.attributeName, opt.name)}
1070
+ className={\`h-9 w-9 rounded-full border-2 \${isSelected ? 'border-black ring-2 ring-black/30' : 'border-gray-300 hover:border-black'}\`}
1071
+ style={{ background: bg }}
1072
+ />
1073
+ );
1074
+ }
1075
+ // option has neither image nor color \u2192 fall through to text button below.
1076
+ }
1077
+
1078
+ // DEFAULT (or any swatch type missing its data) \u2014 plain text button.
1079
+ return (
1080
+ <button
1081
+ key={opt.name}
1082
+ type="button"
1083
+ aria-pressed={isSelected}
1084
+ onClick={() => onSelect(group.attributeName, opt.name)}
1085
+ className={\`rounded border px-3 py-1.5 text-sm \${isSelected ? 'bg-black text-white border-black' : 'border-gray-300 hover:border-black'}\`}
1086
+ >
1087
+ {opt.name}
1088
+ </button>
1089
+ );
1090
+ })}
1091
+ </div>
1092
+ </div>
1093
+ ))}
1094
+ </div>
1095
+ );
1096
+ }
1097
+ \`\`\`
1098
+
1099
+ Wire it up in the product page: keep \`selections\` in state, find the matching
1100
+ variant after each pick, and update price / image / stock from it.
1101
+
1102
+ \`\`\`typescript
1103
+ const [selections, setSelections] = useState<Record<string, string>>({});
1104
+
1105
+ const matchedVariant = useMemo(() => (
1106
+ product.variants?.find((v) =>
1107
+ Object.entries(selections).every(([k, val]) => v.attributes?.[k] === val)
1108
+ ) ?? null
1109
+ ), [product.variants, selections]);
1110
+
1111
+ // Greying-out unavailable combinations: for each candidate value, run
1112
+ // the same find() and check \`inventory.canPurchase\`. Disable the button
1113
+ // if no purchasable variant exists under that selection.
1114
+ \`\`\`
1115
+
1116
+ **i18n:** \`getProductSwatches\` returns translated \`attributeName\` and
1117
+ \`option.name\` automatically when \`client.setLocale()\` is active. No
1118
+ client-side overlay needed. Swatch colors are language-agnostic.
1119
+
951
1120
  ### Description Rendering (handles HTML vs text)
952
1121
 
953
1122
  \`\`\`typescript
@@ -1582,17 +1751,28 @@ Allergens (informational chips), scheduled availability windows, nested combos (
1582
1751
  function getProductReviewsSection() {
1583
1752
  return `## Product Reviews (\u2605 ratings + JSON-LD for SEO)
1584
1753
 
1585
- Reviews publish immediately on submit. Merchants hide individual reviews via the admin surface \u2014 no PENDING queue.
1754
+ **Purchaser-only.** Only authenticated customers who purchased the product can submit. Each customer writes one review per product and can edit/delete it. Reviews publish immediately \u2014 no PENDING queue.
1586
1755
 
1587
1756
  \`\`\`typescript
1588
- // PDP \u2014 list visible reviews
1589
- const { data, meta } = await client.listProductReviews(productId, { page: 1, limit: 20 });
1590
- data.forEach(r => render(r.authorName, r.rating, r.body, r.verifiedPurchase));
1757
+ // PDP \u2014 list visible reviews (public)
1758
+ const { data } = await getClient().listProductReviews(productId, { page: 1, limit: 20 });
1759
+
1760
+ // Decide which UI to render for the current customer
1761
+ getClient().setCustomerToken(authToken); // after login
1762
+ const { eligible, reason, myReview } = await getClient().getMyProductReview(productId);
1763
+
1764
+ if (!eligible) {
1765
+ // reason: 'no_eligible_order' | 'reviews_disabled' | 'product_not_found'
1766
+ // \u2192 "only customers who purchased this product can leave a review"
1767
+ } else if (myReview) {
1768
+ // \u2192 edit form prefilled with myReview.rating + myReview.body
1769
+ } else {
1770
+ // \u2192 submit form (rating + body only \u2014 name/email come from customer profile)
1771
+ }
1591
1772
 
1592
- // PDP \u2014 submit form
1593
- await client.submitProductReview(productId, {
1594
- authorName, authorEmail, rating: 5, body,
1595
- });
1773
+ await getClient().submitProductReview(productId, { rating: 5, body: 'Loved it!' });
1774
+ await getClient().updateMyProductReview(productId, { rating: 4, body: 'Updated.' });
1775
+ await getClient().deleteMyProductReview(productId); // can submit a new one after
1596
1776
  \`\`\`
1597
1777
 
1598
1778
  Each \`Product\` carries denormalized rollups: \`product.avgRating\`, \`product.reviewCount\`. Use these on PLP cards.
@@ -1621,9 +1801,10 @@ const productJsonLd = {
1621
1801
 
1622
1802
  ### Rules
1623
1803
  - Rating must be an integer 1-5 (DB constraint).
1624
- - Duplicate from same email \u2192 409 Conflict.
1625
- - Submit endpoint is throttled to 3 / 60s / IP \u2014 surface a friendly "please wait" on 429.
1626
- - \`verifiedPurchase\` is derived server-side from DELIVERED orders \u2014 DO NOT try to set it.
1804
+ - Customer must be logged in AND have purchased the product (\`SHIPPED+\` for physical, \`PAID+\` for downloadable).
1805
+ - One review per (productId, customerId). Duplicate submit \u2192 409 \u2014 use updateMyProductReview instead.
1806
+ - Submit throttled 3 / 60s / IP; edit/delete 5 / 60s / IP.
1807
+ - \`verifiedPurchase\` is always true for customer-submitted reviews.
1627
1808
  - Stores with \`reviewsEnabled = false\` return 403 on storefront endpoints.`;
1628
1809
  }
1629
1810
  function getInventorySection() {
@@ -2045,9 +2226,12 @@ export async function generateMetadata({ params }: Props): Promise<Metadata> {
2045
2226
  const client = getServerClient();
2046
2227
  client.setLocale(locale);
2047
2228
  const product = await client.getProductBySlug(slug);
2229
+ // NEVER feed raw HTML into <meta name="description"> \u2014 product.description
2230
+ // is often rich-text HTML. Strip tags first, then truncate on a word
2231
+ // boundary. See buildMetaDescription() in lib/seo.ts.
2048
2232
  return {
2049
2233
  title: product.seoTitle || product.name,
2050
- description: product.seoDescription || product.description?.slice(0, 160),
2234
+ description: product.seoDescription || buildMetaDescription(product.description) || product.name,
2051
2235
  };
2052
2236
  }
2053
2237
  \`\`\`
@@ -2163,11 +2347,25 @@ Because the backend already overlays everything, UI code is just:
2163
2347
 
2164
2348
  ### RTL handling
2165
2349
 
2166
- For RTL locales (\`he\`, \`ar\`), set \`<html dir="rtl">\` in the root layout and
2167
- let flexbox reverse automatically. Do NOT add \`flex-row-reverse\` on top of
2168
- \`dir="rtl"\` \u2014 that's a double-swap. DO swap directional icons (chevrons,
2169
- arrows) manually. Use logical CSS properties (\`ms-*\`/\`me-*\`) instead of
2170
- \`ml-*\`/\`mr-*\`.
2350
+ Resolve direction with \`client.getStoreDirection(locale)\` \u2014 it returns
2351
+ \`'ltr' | 'rtl'\` for any BCP-47 tag (Arabic, Hebrew, Persian, Urdu, Yiddish
2352
+ today; future RTL locales added by the platform are picked up automatically).
2353
+ Do NOT maintain your own RTL locale set.
2354
+
2355
+ \`\`\`tsx
2356
+ // app/[locale]/layout.tsx
2357
+ const dir = client.getStoreDirection(locale);
2358
+ return <html lang={locale} dir={dir}>...</html>;
2359
+ \`\`\`
2360
+
2361
+ For static rendering, \`storeInfo.i18n.defaultDirection\` carries the store's
2362
+ default direction, and each entry in \`storeInfo.i18n.supportedLocaleObjects\`
2363
+ includes its own \`direction\`.
2364
+
2365
+ Let flexbox reverse automatically once \`<html dir="rtl">\` is set. Do NOT add
2366
+ \`flex-row-reverse\` on top \u2014 that's a double-swap. DO swap directional icons
2367
+ (chevrons, arrows) manually. Use logical CSS properties (\`ms-*\`/\`me-*\`)
2368
+ instead of \`ml-*\`/\`mr-*\`.
2171
2369
 
2172
2370
  ### Language switcher
2173
2371
 
@@ -2544,6 +2742,141 @@ and a \`newsletter\` form embedded in the footer), render each form from its
2544
2742
  own \`contactForms.get(key, locale)\` call. The \`formKey\` you pass to
2545
2743
  \`createInquiry\` must match.`;
2546
2744
  }
2745
+ function getContentSection() {
2746
+ return `## Content \u2014 typed merchant content store
2747
+
2748
+ Brainerce ships a typed content store so merchants can edit site chrome, FAQ,
2749
+ static pages, and inline rich-text blocks in the dashboard \u2014 without
2750
+ re-prompting the AI that built their storefront. Every row has a \`type\` +
2751
+ \`key\` + typed \`data\` payload + free-form \`customFields\`.
2752
+
2753
+ **Six content types.** Each one has a fixed \`data\` shape; the SDK's TypeScript
2754
+ generics keep them in lockstep:
2755
+
2756
+ | Type | Use for | \`data\` shape (abbreviated) |
2757
+ | -------------- | -------------------------------------- | --------------------------- |
2758
+ | \`FAQ\` | Q/A accordions | \`{ items: { question, answer }[] }\` |
2759
+ | \`FOOTER\` | Site footer (chrome) | \`{ columns, copyright?, social? }\` |
2760
+ | \`HEADER\` | Top nav + logo + CTA (chrome) | \`{ logo?, navItems, cta? }\` |
2761
+ | \`ANNOUNCEMENT\`| Banners; time-bound by \`startsAt/endsAt\` | \`{ message, severity, dismissible, ... }\` |
2762
+ | \`RICH_TEXT\` | Free-form HTML blocks embedded inline | \`{ html }\` |
2763
+ | \`PAGE\` | Static pages with slug + SEO | \`{ slug, title, html, seo? }\` |
2764
+
2765
+ Run \`get-type-definitions\` with \`domain: 'content'\` for the full interfaces.
2766
+
2767
+ ### Default key
2768
+
2769
+ Every type has \`'main'\` as its universal default key. \`client.content.faq.get()\`
2770
+ with no arguments resolves to \`key='main'\`. Topical keys (\`'shipping'\`,
2771
+ \`'holiday-2026'\`, \`'about'\`) are merchant-named.
2772
+
2773
+ ### Reading content (any SDK mode)
2774
+
2775
+ Public reads work in vibe-coded mode, storefront mode, and admin mode. They
2776
+ return \`null\` on 404 \u2014 render hard-coded fallbacks so the page never crashes
2777
+ when the merchant hasn't seeded yet.
2778
+
2779
+ \`\`\`ts
2780
+ // Single entry, default key 'main', resolved to a locale
2781
+ const faq = await client.content.faq.get('main', locale);
2782
+ if (faq) {
2783
+ faq.data.items.forEach(({ question, answer }) => {
2784
+ // Render question + sanitize(answer)
2785
+ });
2786
+ }
2787
+
2788
+ // All entries of a type
2789
+ const allFaqs = await client.content.faq.list(locale);
2790
+
2791
+ // Page by URL slug \u2014 for app/[slug]/page.tsx
2792
+ const page = await client.content.page.getBySlug(slug, locale);
2793
+ if (!page) notFound();
2794
+ \`\`\`
2795
+
2796
+ ### Security \u2014 sanitize HTML before rendering
2797
+
2798
+ \`FAQ.items[i].answer\`, \`RICH_TEXT.html\`, and \`PAGE.html\` carry
2799
+ MERCHANT-AUTHORED HTML. The server does NOT pre-sanitize \u2014 some merchants
2800
+ embed iframes (e.g. YouTube) which strict sanitizers would strip. ALWAYS
2801
+ sanitize on the storefront before injecting:
2802
+
2803
+ \`\`\`ts
2804
+ // Recommended: isomorphic-dompurify
2805
+ import DOMPurify from 'isomorphic-dompurify';
2806
+ const safe = DOMPurify.sanitize(rawHtml);
2807
+ <div dangerouslySetInnerHTML={{ __html: safe }} />;
2808
+ \`\`\`
2809
+
2810
+ Skipping this is XSS.
2811
+
2812
+ ### Custom fields
2813
+
2814
+ Every Content row carries a free-form \`customFields: Record<string, string>\`.
2815
+ Merchants add arbitrary key-value extras (\`helpEmail\`, \`phoneNumber\`,
2816
+ \`foundedYear\`) that you can opt into reading:
2817
+
2818
+ \`\`\`ts
2819
+ const faq = await client.content.faq.get('shipping');
2820
+ <a href={\`mailto:\${faq.customFields.helpEmail}\`}>Need help?</a>
2821
+ \`\`\`
2822
+
2823
+ The shape is whatever the merchant entered. Read keys you expect; ignore the rest.
2824
+
2825
+ ### Locale resolution
2826
+
2827
+ All public reads accept a \`locale\` argument. The server resolves
2828
+ \`translations[locale]\` server-side and returns the resolved \`data\` payload \u2014
2829
+ the storefront does NOT need to do its own overlay. Empty / missing translations
2830
+ fall through to the default-locale value.
2831
+
2832
+ ### Cache
2833
+
2834
+ Public reads carry \`Cache-Control: public, max-age=300, stale-while-revalidate=60\`.
2835
+ Merchant edits propagate within ~5 minutes. Don't layer extra client-side
2836
+ caching beyond Next.js's default fetch cache.
2837
+
2838
+ ### Admin writes (apiKey mode)
2839
+
2840
+ \`\`\`ts
2841
+ const adminClient = new BrainerceClient({ apiKey: process.env.BRAINERCE_API_KEY });
2842
+
2843
+ // Create \u2014 always starts in DRAFT
2844
+ const faq = await adminClient.content.faq.create({
2845
+ key: 'shipping',
2846
+ name: 'Shipping FAQ',
2847
+ data: { items: [{ question: 'How long?', answer: 'Most orders ship in 2 days.' }] },
2848
+ });
2849
+
2850
+ // Update (data replaces wholesale; last-write-wins on the data field)
2851
+ await adminClient.content.update(faq.id, {
2852
+ data: { items: [{ question: 'How long?', answer: 'Updated answer.' }] },
2853
+ });
2854
+
2855
+ // Publish / unpublish
2856
+ await adminClient.content.publish(faq.id);
2857
+ await adminClient.content.unpublish(faq.id);
2858
+
2859
+ // Hard delete
2860
+ await adminClient.content.remove(faq.id);
2861
+ \`\`\`
2862
+
2863
+ Write operations throw if called from vibe-coded or storefront mode.
2864
+
2865
+ ### Reserved key convention
2866
+
2867
+ \`'main'\` is reserved as the universal default. Don't use it for topical
2868
+ entries \u2014 pick a descriptive slug (\`'shipping'\`, \`'returns'\`, \`'about'\`,
2869
+ \`'holiday-2026'\`). The validation rule is \`^[a-z][a-z0-9-]*$\`, max 64 chars.
2870
+
2871
+ ### See also
2872
+
2873
+ - \`get-business-flows\` with \`flow: 'content-bootstrap'\` for the full
2874
+ layout / FAQ / page recipe.
2875
+ - \`get-required-features\` lists each Content surface (\`site-header\`,
2876
+ \`site-footer\`, \`announcement-bar\`, \`faq-page\`, \`static-pages\`).
2877
+ - \`get-type-definitions\` with \`domain: 'content'\` for the TypeScript
2878
+ interfaces.`;
2879
+ }
2547
2880
  function getSectionByTopic(topic, connectionId, currency) {
2548
2881
  const cid = connectionId || "vc_YOUR_CONNECTION_ID";
2549
2882
  const cur = currency || "USD";
@@ -2590,6 +2923,8 @@ function getSectionByTopic(topic, connectionId, currency) {
2590
2923
  return getAdminApiSection();
2591
2924
  case "inquiries":
2592
2925
  return getContactInquiriesSection();
2926
+ case "content":
2927
+ return getContentSection();
2593
2928
  case "all":
2594
2929
  return [
2595
2930
  "# Brainerce SDK \u2014 full topic dump",
@@ -2678,10 +3013,14 @@ function getSectionByTopic(topic, connectionId, currency) {
2678
3013
  "",
2679
3014
  "---",
2680
3015
  "",
2681
- getContactInquiriesSection()
3016
+ getContactInquiriesSection(),
3017
+ "",
3018
+ "---",
3019
+ "",
3020
+ getContentSection()
2682
3021
  ].join("\n");
2683
3022
  default:
2684
- return `Unknown topic: "${topic}". Available topics: setup, products, cart, checkout, checkout-custom-fields, payment, auth, order-confirmation, inventory, discounts, recommendations, product-customization-fields, tax, i18n, critical-rules, type-reference, admin, inquiries, all`;
3023
+ return `Unknown topic: "${topic}". Available topics: setup, products, cart, checkout, checkout-custom-fields, payment, auth, order-confirmation, inventory, discounts, recommendations, product-customization-fields, tax, i18n, critical-rules, type-reference, admin, inquiries, content, all`;
2685
3024
  }
2686
3025
  }
2687
3026
 
@@ -2709,6 +3048,7 @@ var GET_SDK_DOCS_SCHEMA = {
2709
3048
  "i18n",
2710
3049
  "admin",
2711
3050
  "inquiries",
3051
+ "content",
2712
3052
  "all"
2713
3053
  ]).describe("The SDK documentation topic to retrieve"),
2714
3054
  salesChannelId: import_zod.z.string().optional().describe("Sales channel ID (starts with vc_). Used to personalize setup code."),
@@ -2719,9 +3059,7 @@ var GET_SDK_DOCS_SCHEMA = {
2719
3059
  async function handleGetSdkDocs(args) {
2720
3060
  const id = args.salesChannelId ?? args.connectionId;
2721
3061
  if (!args.salesChannelId && args.connectionId) {
2722
- console.warn(
2723
- "get-sdk-docs: `connectionId` is deprecated \u2014 use `salesChannelId` instead"
2724
- );
3062
+ console.warn("get-sdk-docs: `connectionId` is deprecated \u2014 use `salesChannelId` instead");
2725
3063
  }
2726
3064
  const content = getSectionByTopic(args.topic, id, args.currency);
2727
3065
  return {
@@ -3453,11 +3791,16 @@ interface ProductReviewAdmin extends ProductReview {
3453
3791
  updatedAt: string;
3454
3792
  }
3455
3793
 
3456
- interface SubmitProductReviewInput {
3457
- authorName: string;
3458
- authorEmail?: string; // recommended \u2014 used for guest dedupe + verified-purchase derivation
3794
+ interface WriteProductReviewInput {
3459
3795
  rating: number; // 1-5
3460
- body?: string; // optional
3796
+ body?: string; // optional, max 5000 chars
3797
+ }
3798
+
3799
+ interface MyProductReview {
3800
+ eligible: boolean;
3801
+ // Machine-readable reason when not eligible. null when eligible=true.
3802
+ reason: 'no_eligible_order' | 'reviews_disabled' | 'product_not_found' | null;
3803
+ myReview: ProductReview | null;
3461
3804
  }
3462
3805
 
3463
3806
  // Each Product carries denormalized review stats:
@@ -3698,6 +4041,156 @@ export interface ModifierValidationError {
3698
4041
  // The cart line then carries:
3699
4042
  // cart.items[i].modifiers \u2014 CartItemModifierLine[]
3700
4043
  // cart.items[i].modifiersTotal \u2014 decimal string of the paid (non-free) deltas`;
4044
+ var CONTENT_TYPES = `// ---- Content (typed merchant content store) ----
4045
+ // Brainerce ships a typed content store so merchants can edit FAQ, footer,
4046
+ // header, announcements, rich text, and static pages in the dashboard
4047
+ // without re-prompting the AI that built the storefront. Every row has a
4048
+ // 'type' + 'key' + typed 'data' payload + free-form 'customFields'.
4049
+ //
4050
+ // SECURITY (read carefully):
4051
+ // RICH_TEXT.html, PAGE.html, and FAQ answers are MERCHANT-AUTHORED HTML.
4052
+ // ALWAYS sanitize with isomorphic-dompurify (or equivalent) before
4053
+ // injecting via dangerouslySetInnerHTML. The server does NOT pre-sanitize
4054
+ // because some merchants embed iframes (e.g. YouTube) which strict
4055
+ // sanitizers would strip; the storefront chooses the policy.
4056
+ //
4057
+ // 404 contract: client.content.<type>.get(key) returns null when no
4058
+ // PUBLISHED row exists. Always render a hard-coded fallback on null so
4059
+ // the page never crashes when the merchant hasn't seeded yet.
4060
+ //
4061
+ // Default key: every type has 'main' as its universal default. Pass no
4062
+ // argument to fetch the main entry; pass a custom key ('shipping',
4063
+ // 'holiday-2026', 'about') for topical entries.
4064
+
4065
+ export type ContentType = 'FAQ' | 'FOOTER' | 'HEADER' | 'ANNOUNCEMENT' | 'RICH_TEXT' | 'PAGE';
4066
+ export type ContentStatus = 'DRAFT' | 'PUBLISHED';
4067
+
4068
+ export interface FaqItem {
4069
+ question: string;
4070
+ /** Sanitized HTML \u2014 sanitize before rendering. */
4071
+ answer: string;
4072
+ }
4073
+ export interface FaqContent { items: FaqItem[] }
4074
+
4075
+ export interface FooterLink { label: string; url: string }
4076
+ export interface FooterColumn { title: string; links: FooterLink[] }
4077
+ export interface FooterSocialLink { platform: string; url: string } // 'instagram' | 'facebook' | 'x' | ...
4078
+ export interface FooterContent {
4079
+ columns: FooterColumn[];
4080
+ copyright?: string;
4081
+ social?: FooterSocialLink[];
4082
+ }
4083
+
4084
+ export interface HeaderLogo { src: string; alt: string }
4085
+ export interface HeaderNavItem { label: string; url: string }
4086
+ export interface HeaderCta { label: string; url: string }
4087
+ export interface HeaderContent {
4088
+ logo?: HeaderLogo;
4089
+ navItems: HeaderNavItem[];
4090
+ cta?: HeaderCta;
4091
+ }
4092
+
4093
+ export type AnnouncementSeverity = 'info' | 'warning' | 'success';
4094
+ export interface AnnouncementContent {
4095
+ message: string;
4096
+ severity: AnnouncementSeverity;
4097
+ dismissible: boolean;
4098
+ /** ISO 8601 \u2014 filter client-side. */
4099
+ startsAt?: string;
4100
+ endsAt?: string;
4101
+ ctaLabel?: string;
4102
+ ctaHref?: string;
4103
+ }
4104
+
4105
+ export interface RichTextContent {
4106
+ /** Raw HTML \u2014 sanitize before rendering. */
4107
+ html: string;
4108
+ }
4109
+
4110
+ export interface PageSeo {
4111
+ title?: string;
4112
+ description?: string;
4113
+ ogImage?: string;
4114
+ }
4115
+ export interface PageContent {
4116
+ /** URL slug, lower-kebab. */
4117
+ slug: string;
4118
+ title: string;
4119
+ /** Raw HTML \u2014 sanitize before rendering. */
4120
+ html: string;
4121
+ seo?: PageSeo;
4122
+ }
4123
+
4124
+ export interface ContentSummary {
4125
+ id: string;
4126
+ type: ContentType;
4127
+ key: string;
4128
+ name: string;
4129
+ status: ContentStatus;
4130
+ position: number;
4131
+ updatedAt: string;
4132
+ }
4133
+
4134
+ export interface Content<T extends ContentType = ContentType> extends ContentSummary {
4135
+ type: T;
4136
+ data: T extends 'FAQ' ? FaqContent
4137
+ : T extends 'FOOTER' ? FooterContent
4138
+ : T extends 'HEADER' ? HeaderContent
4139
+ : T extends 'ANNOUNCEMENT' ? AnnouncementContent
4140
+ : T extends 'RICH_TEXT' ? RichTextContent
4141
+ : T extends 'PAGE' ? PageContent
4142
+ : never;
4143
+ /** Free-form merchant-defined extras. Read keys the merchant told you to expect. */
4144
+ customFields: Record<string, string>;
4145
+ salesChannelIds: string[];
4146
+ }
4147
+
4148
+ // ---- SDK usage examples ----
4149
+ //
4150
+ // FAQ \u2014 render an accordion from the main FAQ (or a topical one):
4151
+ // const faq = await client.content.faq.get('main', locale); // 'shipping', 'returns', ...
4152
+ // if (faq) {
4153
+ // faq.data.items.forEach(({ question, answer }) => {
4154
+ // // Render question + sanitize(answer) \u2014 never inject raw HTML.
4155
+ // });
4156
+ // }
4157
+ //
4158
+ // Footer \u2014 server component in root layout:
4159
+ // const footer = await client.content.footer.get('main', locale);
4160
+ // if (!footer) return <Fallback />;
4161
+ // // Render footer.data.columns, footer.data.social, footer.data.copyright
4162
+ //
4163
+ // Header \u2014 same pattern as footer:
4164
+ // const header = await client.content.header.get('main', locale);
4165
+ //
4166
+ // Announcement \u2014 multiple may be active; filter by date client-side:
4167
+ // const announcements = await client.content.announcement.list(locale);
4168
+ // const now = Date.now();
4169
+ // const active = announcements.filter((a) => {
4170
+ // const startOk = !a.data.startsAt || new Date(a.data.startsAt).getTime() <= now;
4171
+ // const endOk = !a.data.endsAt || new Date(a.data.endsAt).getTime() >= now;
4172
+ // return startOk && endOk;
4173
+ // });
4174
+ //
4175
+ // Rich text \u2014 inline block anywhere on a page:
4176
+ // const block = await client.content.richText.get('about-intro', locale);
4177
+ // <div dangerouslySetInnerHTML={{ __html: sanitize(block.data.html) }} />
4178
+ //
4179
+ // Page \u2014 catch-all route by slug (e.g. /about, /terms, /privacy):
4180
+ // // app/[slug]/page.tsx
4181
+ // const page = await client.content.page.getBySlug(params.slug, locale);
4182
+ // if (!page) notFound();
4183
+ // // page.data.title, page.data.html, page.data.seo
4184
+ // return <article dangerouslySetInnerHTML={{ __html: sanitize(page.data.html) }} />;
4185
+ //
4186
+ // Custom fields \u2014 every Content row carries a free-form Record<string, string>:
4187
+ // const faq = await client.content.faq.get('shipping');
4188
+ // <a href={\`mailto:\${faq.customFields.helpEmail}\`}>Need help?</a>
4189
+ //
4190
+ // Cache \u2014 public reads carry Cache-Control: public, max-age=300,
4191
+ // stale-while-revalidate=60. Storefront changes propagate within ~5 min
4192
+ // of the merchant publishing. Do not add extra client-side caching
4193
+ // beyond Next.js's default fetch cache.`;
3701
4194
  var TYPES_BY_DOMAIN = {
3702
4195
  products: PRODUCTS_TYPES,
3703
4196
  cart: CART_TYPES,
@@ -3708,7 +4201,8 @@ var TYPES_BY_DOMAIN = {
3708
4201
  helpers: HELPERS_TYPES,
3709
4202
  inquiries: INQUIRIES_TYPES,
3710
4203
  reviews: REVIEWS_TYPES,
3711
- "modifier-groups": MODIFIER_GROUPS_TYPES
4204
+ "modifier-groups": MODIFIER_GROUPS_TYPES,
4205
+ content: CONTENT_TYPES
3712
4206
  };
3713
4207
  function getTypesByDomain(domain) {
3714
4208
  if (domain === "all") {
@@ -3739,9 +4233,10 @@ var GET_TYPE_DEFINITIONS_SCHEMA = {
3739
4233
  "helpers",
3740
4234
  "inquiries",
3741
4235
  "reviews",
4236
+ "content",
3742
4237
  "all"
3743
4238
  ]).describe(
3744
- 'The domain of types to retrieve. Use "helpers" for helper function signatures and common types like StoreInfo, PaginatedResponse.'
4239
+ 'The domain of types to retrieve. Use "helpers" for helper function signatures and common types like StoreInfo, PaginatedResponse. Use "content" for FAQ / Footer / Header / Announcement / RichText / Page.'
3745
4240
  )
3746
4241
  };
3747
4242
  async function handleGetTypeDefinitions(args) {
@@ -3760,6 +4255,7 @@ var GET_CODE_EXAMPLE_SCHEMA = {
3760
4255
  "sdk-init",
3761
4256
  "cart-read-and-mutate",
3762
4257
  "variant-selection",
4258
+ "variant-selector-swatches",
3763
4259
  "checkout-address-and-shipping",
3764
4260
  "checkout-payment-providers",
3765
4261
  "checkout-stripe-confirm",
@@ -3829,28 +4325,148 @@ for (const item of cart.items) {
3829
4325
  const unitPrice = parseFloat(item.unitPrice); // prices are strings!
3830
4326
  }`,
3831
4327
  "variant-selection": `// Variant selection with live stock + price updates.
4328
+ // Variants expose attributes as a flat object: { color: 'Red', size: 'M' }.
4329
+ // NOT 'options' \u2014 that field does not exist on ProductVariant.
3832
4330
  import { getVariantPrice, getStockStatus, getVariantOptions } from 'brainerce';
3833
4331
  import type { Product, ProductVariant } from 'brainerce';
3834
4332
 
3835
4333
  function selectVariant(product: Product, selections: Record<string, string>) {
3836
- // selections = { Size: 'M', Color: 'Red' }
3837
- const variant = product.variants.find((v) =>
3838
- v.options.every((o) => selections[o.name] === o.value)
4334
+ // selections = { size: 'M', color: 'Red' } (keys match variant.attributes keys)
4335
+ const variant = product.variants?.find((v) =>
4336
+ Object.entries(selections).every(([k, val]) => v.attributes?.[k] === val)
3839
4337
  );
3840
4338
  if (!variant) return null;
3841
4339
 
3842
- const price = getVariantPrice(product, variant); // handles compare-at, currency
3843
- const stock = getStockStatus(variant); // 'IN_STOCK' | 'LOW_STOCK' | 'OUT_OF_STOCK'
3844
- const canPurchase = stock !== 'OUT_OF_STOCK';
4340
+ const price = getVariantPrice(variant, product.basePrice); // string, fallback-aware
4341
+ const stock = getStockStatus(variant.inventory); // 'in-stock' | 'low-stock' | 'out-of-stock' | 'unavailable'
4342
+ const canPurchase = variant.inventory?.canPurchase !== false;
3845
4343
 
3846
4344
  // Switch the main product image to the variant's image if it has one
3847
- const image = variant.image ?? product.images[0];
4345
+ const image = variant.image ?? product.images?.[0];
3848
4346
 
3849
4347
  return { variant, price, stock, canPurchase, image };
3850
4348
  }
3851
4349
 
3852
- // Build the option picker from getVariantOptions(product) \u2014 returns
3853
- // [{ name: 'Size', values: ['S','M','L'] }, ...]`,
4350
+ // Build the option picker by iterating product.variants and grouping
4351
+ // variant.attributes into { color: ['Red', 'Blue'], size: ['S','M','L'] }.
4352
+ // For each variant you can also call getVariantOptions(variant) which returns
4353
+ // the same key/value pairs as an array with translated names when setLocale() is active.
4354
+ // For swatch metadata (color hex, dual-color, image), use the
4355
+ // 'variant-selector-swatches' operation instead.`,
4356
+ "variant-selector-swatches": `// Variant picker that mixes color swatches and text buttons in one product.
4357
+ // Uses product.productAttributeOptions[] \u2014 the merchant-configured swatch
4358
+ // metadata. displayType is the AttributeDisplayType Prisma enum, one of:
4359
+ // 'DEFAULT' \u2014 plain text button
4360
+ // 'COLOR_SWATCH' \u2014 swatchColor (+ optional swatchColor2 dual-color gradient)
4361
+ // 'IMAGE_SWATCH' \u2014 swatchImageUrl thumbnail
4362
+ // 'MIXED_SWATCH' \u2014 per-option hybrid: image if swatchImageUrl is set,
4363
+ // otherwise fall back to swatchColor
4364
+ // getProductSwatches() groups options by attribute name so you can render each
4365
+ // attribute with its own displayType \u2014 a single product can have Color as
4366
+ // swatches AND Size as text buttons.
4367
+ import { getProductSwatches } from 'brainerce';
4368
+ import type { Product } from 'brainerce';
4369
+
4370
+ function VariantPicker({
4371
+ product,
4372
+ selections,
4373
+ onSelect,
4374
+ }: {
4375
+ product: Product;
4376
+ selections: Record<string, string>;
4377
+ onSelect: (attrName: string, value: string) => void;
4378
+ }) {
4379
+ const groups = getProductSwatches(product);
4380
+ // groups: [{ attributeName, displayType, options: [{ name, swatchColor, swatchColor2, swatchImageUrl }] }]
4381
+
4382
+ return (
4383
+ <>
4384
+ {groups.map((group) => (
4385
+ <div key={group.attributeName}>
4386
+ <label>{group.attributeName}: {selections[group.attributeName] ?? ''}</label>
4387
+ <div style={{ display: 'flex', gap: 8 }}>
4388
+ {group.options.map((opt) => {
4389
+ const selected = selections[group.attributeName] === opt.name;
4390
+ const onClick = () => onSelect(group.attributeName, opt.name);
4391
+
4392
+ // COLOR_SWATCH: round button. swatchColor2 = dual-color gradient.
4393
+ if (group.displayType === 'COLOR_SWATCH' && opt.swatchColor) {
4394
+ const bg = opt.swatchColor2
4395
+ ? \`linear-gradient(135deg, \${opt.swatchColor} 50%, \${opt.swatchColor2} 50%)\`
4396
+ : opt.swatchColor;
4397
+ return (
4398
+ <button
4399
+ key={opt.name}
4400
+ type="button"
4401
+ title={opt.name}
4402
+ aria-pressed={selected}
4403
+ onClick={onClick}
4404
+ style={{
4405
+ width: 36,
4406
+ height: 36,
4407
+ borderRadius: '50%',
4408
+ background: bg,
4409
+ outline: selected ? '2px solid black' : 'none',
4410
+ }}
4411
+ />
4412
+ );
4413
+ }
4414
+
4415
+ // IMAGE_SWATCH: square thumbnail.
4416
+ if (group.displayType === 'IMAGE_SWATCH' && opt.swatchImageUrl) {
4417
+ return (
4418
+ <button key={opt.name} type="button" onClick={onClick} aria-pressed={selected}>
4419
+ <img src={opt.swatchImageUrl} alt={opt.name} width={40} height={40} />
4420
+ </button>
4421
+ );
4422
+ }
4423
+
4424
+ // MIXED_SWATCH: per-option hybrid (image wins if present).
4425
+ if (group.displayType === 'MIXED_SWATCH') {
4426
+ if (opt.swatchImageUrl) {
4427
+ return (
4428
+ <button key={opt.name} type="button" onClick={onClick} aria-pressed={selected}>
4429
+ <img src={opt.swatchImageUrl} alt={opt.name} width={40} height={40} />
4430
+ </button>
4431
+ );
4432
+ }
4433
+ if (opt.swatchColor) {
4434
+ const bg = opt.swatchColor2
4435
+ ? \`linear-gradient(135deg, \${opt.swatchColor} 50%, \${opt.swatchColor2} 50%)\`
4436
+ : opt.swatchColor;
4437
+ return (
4438
+ <button
4439
+ key={opt.name}
4440
+ type="button"
4441
+ title={opt.name}
4442
+ aria-pressed={selected}
4443
+ onClick={onClick}
4444
+ style={{ width: 36, height: 36, borderRadius: '50%', background: bg }}
4445
+ />
4446
+ );
4447
+ }
4448
+ }
4449
+
4450
+ // DEFAULT (or any swatch type missing its data): text button.
4451
+ return (
4452
+ <button key={opt.name} type="button" onClick={onClick} aria-pressed={selected}>
4453
+ {opt.name}
4454
+ </button>
4455
+ );
4456
+ })}
4457
+ </div>
4458
+ </div>
4459
+ ))}
4460
+ </>
4461
+ );
4462
+ }
4463
+
4464
+ // After the user picks a value, find the matching ProductVariant:
4465
+ // product.variants?.find((v) =>
4466
+ // Object.entries(selections).every(([k, val]) => v.attributes?.[k] === val)
4467
+ // )
4468
+ // Then read variant.price, variant.image, variant.inventory.canPurchase
4469
+ // to update the rest of the PDP.`,
3854
4470
  "checkout-address-and-shipping": `// Step 1-3 of the checkout flow. Never reorder or skip.
3855
4471
  import { client } from './brainerce';
3856
4472
 
@@ -4167,8 +4783,10 @@ client.setLocale(locale);
4167
4783
  // order bumps, search suggestions, discount banners, nudges,
4168
4784
  // badges, order history.
4169
4785
 
4170
- // For RTL locales (he, ar), set the document direction.
4171
- // Framework-neutral: document.documentElement.setAttribute('dir', 'rtl');`,
4786
+ // For RTL direction, do not hardcode the locale list. Ask the SDK:
4787
+ // const dir = client.getStoreDirection(currentLocale); // 'ltr' | 'rtl'
4788
+ // document.documentElement.setAttribute('dir', dir);
4789
+ // (Or in React: <html dir={dir}>...</html>.)`,
4172
4790
  "order-history-full": `// Full "My Orders" account page. Render every piece of data the server
4173
4791
  // already returns \u2014 not just order number / total / status.
4174
4792
  //
@@ -4643,21 +5261,25 @@ function renderCartItem(item: CartItem): string {
4643
5261
  function lineTotal(item: CartItem): number {
4644
5262
  return item.unitPrice * item.quantity;
4645
5263
  }`,
4646
- "product-reviews": `// PDP: list visible reviews + submit form + JSON-LD aggregateRating
4647
- import { client } from '@/lib/brainerce';
4648
- import type { Product, ProductReview, SubmitProductReviewInput } from 'brainerce';
4649
-
5264
+ "product-reviews": `// Purchaser-only reviews. Customer must be logged in AND have purchased
5265
+ // the product. The component switches between sign-in CTA / not-eligible /
5266
+ // submit form / edit form based on getMyProductReview().
5267
+ import { getClient, getServerClient } from '@/lib/brainerce';
5268
+ import { checkAuthStatus } from '@/lib/auth';
5269
+ import type { Product, ProductReview, MyProductReview } from 'brainerce';
5270
+
5271
+ // Server component \u2014 fetches existing reviews + emits JSON-LD aggregateRating.
4650
5272
  export async function ProductReviewsSection({ product }: { product: Product }) {
4651
- const { data } = await client.listProductReviews(product.id, { page: 1, limit: 20 });
5273
+ const { data } = await getServerClient().listProductReviews(product.id, { page: 1, limit: 20 });
4652
5274
 
4653
5275
  return (
4654
5276
  <section>
4655
5277
  <h2>Reviews ({product.reviewCount ?? 0})</h2>
4656
- {data.length === 0 && <p>No reviews yet \u2014 be the first.</p>}
5278
+ {data.length === 0 && <p>No reviews yet.</p>}
4657
5279
  {data.map((r) => (
4658
5280
  <article key={r.id}>
4659
5281
  <strong>{r.authorName}</strong>
4660
- {r.verifiedPurchase && <span> \xB7 Verified</span>}
5282
+ {r.verifiedPurchase && <span> \xB7 Verified purchase</span>}
4661
5283
  <div>{'\u2605'.repeat(r.rating)}{'\u2606'.repeat(5 - r.rating)}</div>
4662
5284
  {r.body && <p>{r.body}</p>}
4663
5285
  </article>
@@ -4690,42 +5312,83 @@ function productJsonLd(product: Product, url: string) {
4690
5312
 
4691
5313
  // Client-side form
4692
5314
  'use client';
4693
- import { useState } from 'react';
5315
+ import { useEffect, useState } from 'react';
5316
+
5317
+ type Stage =
5318
+ | { kind: 'loading' }
5319
+ | { kind: 'signed_out' }
5320
+ | { kind: 'not_eligible'; reason: MyProductReview['reason'] }
5321
+ | { kind: 'submit' }
5322
+ | { kind: 'edit'; review: ProductReview };
4694
5323
 
4695
5324
  function ReviewForm({ productId }: { productId: string }) {
5325
+ const [stage, setStage] = useState<Stage>({ kind: 'loading' });
4696
5326
  const [rating, setRating] = useState(5);
4697
5327
  const [body, setBody] = useState('');
4698
- const [name, setName] = useState('');
4699
- const [email, setEmail] = useState('');
4700
5328
  const [error, setError] = useState<string | null>(null);
4701
5329
 
5330
+ useEffect(() => {
5331
+ (async () => {
5332
+ const auth = await checkAuthStatus();
5333
+ if (!auth.isLoggedIn) return setStage({ kind: 'signed_out' });
5334
+ const me = await getClient().getMyProductReview(productId);
5335
+ if (!me.eligible) return setStage({ kind: 'not_eligible', reason: me.reason });
5336
+ if (me.myReview) {
5337
+ setRating(me.myReview.rating);
5338
+ setBody(me.myReview.body ?? '');
5339
+ return setStage({ kind: 'edit', review: me.myReview });
5340
+ }
5341
+ setStage({ kind: 'submit' });
5342
+ })();
5343
+ }, [productId]);
5344
+
5345
+ if (stage.kind === 'loading') return <p>Loading\u2026</p>;
5346
+ if (stage.kind === 'signed_out')
5347
+ return <p><a href="/account/login">Sign in</a> to leave a review.</p>;
5348
+ if (stage.kind === 'not_eligible')
5349
+ return <p>Only customers who purchased this product can leave a review.</p>;
5350
+
4702
5351
  async function submit(e: React.FormEvent) {
4703
5352
  e.preventDefault();
4704
5353
  setError(null);
5354
+ const client = getClient();
5355
+ const input = { rating, body: body || undefined };
4705
5356
  try {
4706
- await client.submitProductReview(productId, {
4707
- authorName: name,
4708
- authorEmail: email,
4709
- rating,
4710
- body: body || undefined,
4711
- });
5357
+ if (stage.kind === 'edit') {
5358
+ await client.updateMyProductReview(productId, input);
5359
+ } else {
5360
+ await client.submitProductReview(productId, input);
5361
+ }
4712
5362
  window.location.reload();
4713
5363
  } catch (err: any) {
4714
- if (err?.status === 409) setError("You've already reviewed this product.");
5364
+ if (err?.status === 403) setError('Only customers who purchased this product can leave a review.');
5365
+ else if (err?.status === 409) setError('You already reviewed this product.');
4715
5366
  else if (err?.status === 429) setError('Too many submissions. Please wait a moment.');
4716
- else setError('Could not submit review. Please try again.');
5367
+ else setError('Could not save your review. Please try again.');
4717
5368
  }
4718
5369
  }
4719
5370
 
5371
+ async function remove() {
5372
+ if (!confirm('Delete your review?')) return;
5373
+ await getClient().deleteMyProductReview(productId);
5374
+ window.location.reload();
5375
+ }
5376
+
4720
5377
  return (
4721
5378
  <form onSubmit={submit}>
4722
- <input value={name} onChange={(e) => setName(e.target.value)} placeholder="Your name" required maxLength={100} />
4723
- <input type="email" value={email} onChange={(e) => setEmail(e.target.value)} placeholder="Email" />
4724
- <select value={rating} onChange={(e) => setRating(Number(e.target.value))}>
4725
- {[5,4,3,2,1].map(n => <option key={n} value={n}>{'\u2605'.repeat(n)}</option>)}
4726
- </select>
4727
- <textarea value={body} onChange={(e) => setBody(e.target.value)} maxLength={5000} placeholder="Tell us what you think (optional)" />
4728
- <button type="submit">Submit review</button>
5379
+ <h3>{stage.kind === 'edit' ? 'Edit your review' : 'Write a review'}</h3>
5380
+ <div>
5381
+ {[1,2,3,4,5].map(n => (
5382
+ <button type="button" key={n} onClick={() => setRating(n)}>
5383
+ {n <= rating ? '\u2605' : '\u2606'}
5384
+ </button>
5385
+ ))}
5386
+ </div>
5387
+ <textarea value={body} onChange={(e) => setBody(e.target.value)} maxLength={5000} />
5388
+ <button type="submit">{stage.kind === 'edit' ? 'Save changes' : 'Submit review'}</button>
5389
+ {stage.kind === 'edit' && (
5390
+ <button type="button" onClick={remove}>Delete review</button>
5391
+ )}
4729
5392
  {error && <p role="alert">{error}</p>}
4730
5393
  </form>
4731
5394
  );
@@ -5215,7 +5878,7 @@ var RULES = {
5215
5878
  body: `- NEVER hardcode currency, locale, or language strings. Read them from \`get-store-info\` / \`get-store-capabilities\` and use the configured values.
5216
5879
  - NEVER format prices with \`toFixed(2)\` or custom logic. Use \`formatPrice()\` from the SDK \u2014 it honors the store's currency and locale.
5217
5880
  - When the store has i18n enabled (\`capabilities.store.i18n.enabled === true\`), you MUST call \`client.setLocale(locale)\` at app init and include a language switcher. All SDK reads will then return localized content automatically.
5218
- - For RTL locales (\`he\`, \`ar\`), set the document direction to RTL. Do not manually reverse flex layouts \u2014 the platform's CSS reversal handles it.`
5881
+ - For RTL direction, do NOT maintain a local list of RTL locales. Call \`client.getStoreDirection(locale)\` \u2014 it returns \`'ltr' | 'rtl'\` for any BCP-47 tag (covers Arabic, Hebrew, Persian, Urdu, Yiddish, and any future RTL locales the platform adds). Set \`<html dir={...}>\` from this value. The platform's CSS reversal handles flex layouts \u2014 do not manually swap them.`
5219
5882
  },
5220
5883
  types: {
5221
5884
  title: "Type safety",
@@ -5263,6 +5926,7 @@ var GET_BUSINESS_FLOWS_SCHEMA = {
5263
5926
  "cart-persistence",
5264
5927
  "inventory-reservation",
5265
5928
  "product-customization",
5929
+ "content-bootstrap",
5266
5930
  "all"
5267
5931
  ]).describe('Which flow to retrieve. Use "all" to get every flow.')
5268
5932
  };
@@ -5453,6 +6117,76 @@ Server-side guardrails that WILL reject bad requests (so validate client-side to
5453
6117
  - More than 10 uploads per IP per minute \u2192 429.
5454
6118
 
5455
6119
  Never render customization fields without also wiring the upload + metadata flow \u2014 a form that submits nothing is worse than no form at all.`
6120
+ },
6121
+ "content-bootstrap": {
6122
+ title: "Content Bootstrap \u2014 site chrome & static content",
6123
+ body: `Every Brainerce storefront should render merchant-defined site chrome (header, footer, announcements, FAQ, static pages) from the Content API. The merchant edits these in the Brainerce dashboard; storefronts pick up changes within ~5 minutes (public reads carry \`Cache-Control: public, max-age=300, stale-while-revalidate=60\`).
6124
+
6125
+ 1. **Fetch chrome at the root layout** (server component if Next.js). All three return \`null\` on 404 \u2014 render hard-coded fallbacks so the page never crashes when the merchant hasn't seeded yet.
6126
+ \`\`\`ts
6127
+ const [header, footer, announcements] = await Promise.all([
6128
+ client.content.header.get('main', locale),
6129
+ client.content.footer.get('main', locale),
6130
+ client.content.announcement.list(locale),
6131
+ ]);
6132
+ \`\`\`
6133
+
6134
+ 2. **FAQ \u2014 fetch lazily on the FAQ page.** Default key is \`'main'\`; pass a topical key (\`'shipping'\`, \`'returns'\`) for sub-FAQs.
6135
+ \`\`\`ts
6136
+ const faq = await client.content.faq.get('main', locale);
6137
+ if (faq) {
6138
+ faq.data.items.forEach(({ question, answer }) => {
6139
+ // sanitize(answer) \u2014 see step 4
6140
+ });
6141
+ }
6142
+ \`\`\`
6143
+
6144
+ 3. **Static pages \u2014 catch-all route by slug:**
6145
+ \`\`\`tsx
6146
+ // app/[slug]/page.tsx
6147
+ export default async function Page({ params }) {
6148
+ const page = await client.content.page.getBySlug(params.slug, locale);
6149
+ if (!page) notFound();
6150
+ return (
6151
+ <article dangerouslySetInnerHTML={{ __html: sanitize(page.data.html) }} />
6152
+ );
6153
+ }
6154
+ \`\`\`
6155
+
6156
+ 4. **SECURITY \u2014 sanitize HTML before rendering.** \`FAQ.items[i].answer\`, \`PAGE.html\`, and \`RICH_TEXT.html\` are merchant-authored HTML. The server does NOT pre-sanitize because some merchants embed iframes (e.g. YouTube). Always sanitize at the edge of your render:
6157
+ \`\`\`ts
6158
+ import DOMPurify from 'isomorphic-dompurify';
6159
+ const safe = DOMPurify.sanitize(rawHtml);
6160
+ <div dangerouslySetInnerHTML={{ __html: safe }} />;
6161
+ \`\`\`
6162
+ Skipping this is XSS.
6163
+
6164
+ 5. **Announcements \u2014 multiple may be active; filter by date client-side:**
6165
+ \`\`\`ts
6166
+ const now = Date.now();
6167
+ const visible = announcements.filter((a) => {
6168
+ const startOk = !a.data.startsAt || new Date(a.data.startsAt).getTime() <= now;
6169
+ const endOk = !a.data.endsAt || new Date(a.data.endsAt).getTime() >= now;
6170
+ return startOk && endOk;
6171
+ });
6172
+ \`\`\`
6173
+
6174
+ 6. **RTL direction \u2014 call \`client.getStoreDirection(locale)\`:**
6175
+ \`\`\`tsx
6176
+ const dir = client.getStoreDirection(locale);
6177
+ <html lang={locale} dir={dir}>...</html>
6178
+ \`\`\`
6179
+ Do NOT maintain a local RTL locale set \u2014 the SDK helper covers Arabic / Hebrew / Persian / Urdu / Yiddish today and picks up any future RTL locale automatically.
6180
+
6181
+ 7. **Custom fields \u2014 every Content row has free-form \`customFields: Record<string, string>\`.** Read keys the merchant told you to expect:
6182
+ \`\`\`ts
6183
+ const faq = await client.content.faq.get('shipping');
6184
+ <a href={\`mailto:\${faq.customFields.helpEmail}\`}>Need help?</a>
6185
+ \`\`\`
6186
+
6187
+ 8. **Cache:** public reads carry \`Cache-Control: public, max-age=300, stale-while-revalidate=60\`. Don't add extra client-side caching beyond Next.js's default fetch cache \u2014 merchants expect their edits to appear within ~5 minutes.
6188
+
6189
+ **Translations.** All public reads accept a \`locale\` argument; the server resolves \`translations[locale]\` server-side. Empty / missing overlays fall through to the default-locale value. The storefront does NOT need to do its own per-field overlay \u2014 call with the active locale and render what comes back.`
5456
6190
  }
5457
6191
  };
5458
6192
  var FLOW_ORDER = [
@@ -5464,7 +6198,8 @@ var FLOW_ORDER = [
5464
6198
  "order-confirmation",
5465
6199
  "cart-persistence",
5466
6200
  "inventory-reservation",
5467
- "product-customization"
6201
+ "product-customization",
6202
+ "content-bootstrap"
5468
6203
  ];
5469
6204
  async function handleGetBusinessFlows(args) {
5470
6205
  const header = "# Brainerce Business Flows\n\nThese sequences are framework-neutral and non-negotiable. Your framework and file layout are your choice \u2014 the order of SDK calls and the error handling is not.";
@@ -5533,9 +6268,9 @@ var FEATURES = [
5533
6268
  },
5534
6269
  {
5535
6270
  id: "product-reviews",
5536
- title: "Display + collect product reviews with stars + JSON-LD",
5537
- description: 'On the PDP show a Reviews section: list of customer reviews with star rating, author name, verified-purchase badge, body, and date. Include a submit form (name + email + 1-5 stars + optional body). On PLP cards show \u2605 avgRating and (reviewCount). Emit Product JSON-LD with aggregateRating ONLY when product.reviewCount > 0 \u2014 this is what unlocks the star rich snippet in Google. Reviews publish immediately; the merchant moderates from the admin surface. Rate-limited to 3 submits / 60s / IP. Show a friendly "you already reviewed this" message on 409.',
5538
- sdk: "client.listProductReviews(productId), client.submitProductReview(productId, { authorName, authorEmail, rating, body }). Product.avgRating + Product.reviewCount are denormalized rollups returned on every product fetch.",
6271
+ title: "Display + collect product reviews (purchaser-only) with stars + JSON-LD",
6272
+ description: 'On the PDP show a Reviews section: list of customer reviews with star rating, author name (from customer profile), verified-purchase badge, body, and date \u2014 public, no login needed. Below the list, a form that adapts to the current customer: signed-in + purchased + no review yet \u2192 submit form (rating 1-5 + optional body, no name/email \u2014 those are derived from the customer profile); signed-in + purchased + already has review \u2192 edit form prefilled with rating/body plus a delete button; signed-in but did NOT purchase \u2192 "only customers who purchased this product can leave a review"; not signed in \u2192 sign-in CTA. Eligibility: physical products require an order in SHIPPED+; downloadable products additionally accept PAID/PROCESSING. On PLP cards show \u2605 avgRating and (reviewCount). Emit Product JSON-LD with aggregateRating ONLY when product.reviewCount > 0 \u2014 this is what unlocks the star rich snippet in Google. Reviews publish immediately; merchants moderate (hide/show) from the admin surface. Rate-limited 3 submits / 60s / IP.',
6273
+ sdk: "client.listProductReviews(productId) for the public list; client.getMyProductReview(productId) for the form-state decision; client.submitProductReview / updateMyProductReview / deleteMyProductReview for the three customer actions. All four customer methods require setCustomerToken(...) after login. Product.avgRating + Product.reviewCount are denormalized rollups returned on every product fetch.",
5539
6274
  mandatory: "mandatory"
5540
6275
  },
5541
6276
  {
@@ -5676,11 +6411,57 @@ var FEATURES = [
5676
6411
  {
5677
6412
  id: "i18n",
5678
6413
  title: "Serve multiple languages with a language switcher",
5679
- description: "When i18n is enabled, the experience routes by locale, sets the SDK locale (client.setLocale), includes a language switcher in the header, and renders RTL locales (he, ar) with the correct document direction.",
5680
- sdk: "client.setLocale(locale). Read supported locales from get-store-capabilities.store.i18n.",
6414
+ description: "When i18n is enabled, the experience routes by locale, sets the SDK locale (client.setLocale), includes a language switcher in the header, and renders the correct document direction by reading client.getStoreDirection(locale) \u2014 do not hardcode an RTL locale set.",
6415
+ sdk: "client.setLocale(locale). client.getStoreDirection(locale) for <html dir>. Read supported locales from get-store-capabilities.store.i18n.",
5681
6416
  mandatory: "conditional",
5682
6417
  capabilityFlag: "i18n",
5683
6418
  whenDisabledNote: "This store is single-language. Do not build the language switcher."
6419
+ },
6420
+ {
6421
+ id: "site-header",
6422
+ title: "Site header from merchant content (logo + nav + CTA)",
6423
+ description: 'Fetch client.content.header.get("main", locale) in the root layout. Returns null when the merchant has not seeded yet \u2014 render a hard-coded fallback so the page never crashes. Renders header.data.logo, header.data.navItems[], header.data.cta if present.',
6424
+ sdk: 'client.content.header.get("main", locale)',
6425
+ flowRef: "content-bootstrap",
6426
+ mandatory: "mandatory"
6427
+ },
6428
+ {
6429
+ id: "site-footer",
6430
+ title: "Site footer from merchant content (columns + social + copyright)",
6431
+ description: 'Fetch client.content.footer.get("main", locale) in the root layout. Returns null when unseeded \u2014 render a hard-coded fallback. Render footer.data.columns[].links, footer.data.social[], footer.data.copyright.',
6432
+ sdk: 'client.content.footer.get("main", locale)',
6433
+ flowRef: "content-bootstrap",
6434
+ mandatory: "mandatory"
6435
+ },
6436
+ {
6437
+ id: "announcement-bar",
6438
+ title: "Announcement bar at the top of every page",
6439
+ description: "Fetch client.content.announcement.list(locale) in the root layout. Filter by data.startsAt / data.endsAt client-side. Render a dismissible bar when data.dismissible=true. Build the UI anyway \u2014 it auto-hides when no announcements exist.",
6440
+ sdk: "client.content.announcement.list(locale)",
6441
+ flowRef: "content-bootstrap",
6442
+ mandatory: "conditional",
6443
+ capabilityFlag: "hasContent",
6444
+ whenDisabledNote: "Store has no published Content rows yet. Build the announcement bar anyway \u2014 it auto-hides on empty."
6445
+ },
6446
+ {
6447
+ id: "faq-page",
6448
+ title: "FAQ page rendered from merchant content",
6449
+ description: 'Build /faq as an accordion fed by client.content.faq.get("main", locale). For topical FAQs, use a key parameter (shipping, returns, ...). Always sanitize answer HTML before injecting via dangerouslySetInnerHTML. Build the page anyway \u2014 it auto-hides or 404s when no FAQ rows exist.',
6450
+ sdk: 'client.content.faq.get("main", locale), client.content.faq.list(locale)',
6451
+ flowRef: "content-bootstrap",
6452
+ mandatory: "conditional",
6453
+ capabilityFlag: "hasContent",
6454
+ whenDisabledNote: "No FAQ content yet. Build /faq anyway \u2014 it auto-hides on empty."
6455
+ },
6456
+ {
6457
+ id: "static-pages",
6458
+ title: "Static pages from merchant content (About, Terms, Privacy, \u2026)",
6459
+ description: "Mount a catch-all app/[slug]/page.tsx route. Inside, call client.content.page.getBySlug(params.slug, locale). On null \u2192 notFound(). On hit, sanitize page.data.html before injecting via dangerouslySetInnerHTML. Generate <Metadata> from page.data.seo. Build the route anyway \u2014 it 404s on unknown slugs.",
6460
+ sdk: "client.content.page.getBySlug(slug, locale), client.content.page.list(locale)",
6461
+ flowRef: "content-bootstrap",
6462
+ mandatory: "conditional",
6463
+ capabilityFlag: "hasContent",
6464
+ whenDisabledNote: "No static pages yet. Build the catch-all route anyway \u2014 it 404s on unknown slugs."
5684
6465
  }
5685
6466
  ];
5686
6467
  function isFeatureActive(feature, caps) {
@@ -5731,6 +6512,7 @@ function renderCapabilitiesSummary(caps) {
5731
6512
  );
5732
6513
  lines.push(`- Downloadable products: ${caps.features.hasDownloadableProducts ? "yes" : "no"}`);
5733
6514
  lines.push(`- Checkout custom fields: ${caps.features.hasCheckoutCustomFields ? "yes" : "no"}`);
6515
+ lines.push(`- Content (FAQ/footer/header/announcements/pages): ${caps.features.hasContent ? "seeded" : "none \u2014 build chrome UI with fallbacks"}`);
5734
6516
  lines.push(
5735
6517
  `- Email verification: ${caps.connection.requireEmailVerification ? "required" : "not required (still build the verify-email flow)"}`
5736
6518
  );