@brainerce/mcp-server 3.7.0 → 3.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.mjs CHANGED
@@ -2194,9 +2194,12 @@ export async function generateMetadata({ params }: Props): Promise<Metadata> {
2194
2194
  const client = getServerClient();
2195
2195
  client.setLocale(locale);
2196
2196
  const product = await client.getProductBySlug(slug);
2197
+ // NEVER feed raw HTML into <meta name="description"> \u2014 product.description
2198
+ // is often rich-text HTML. Strip tags first, then truncate on a word
2199
+ // boundary. See buildMetaDescription() in lib/seo.ts.
2197
2200
  return {
2198
2201
  title: product.seoTitle || product.name,
2199
- description: product.seoDescription || product.description?.slice(0, 160),
2202
+ description: product.seoDescription || buildMetaDescription(product.description) || product.name,
2200
2203
  };
2201
2204
  }
2202
2205
  \`\`\`
@@ -2312,11 +2315,25 @@ Because the backend already overlays everything, UI code is just:
2312
2315
 
2313
2316
  ### RTL handling
2314
2317
 
2315
- For RTL locales (\`he\`, \`ar\`), set \`<html dir="rtl">\` in the root layout and
2316
- let flexbox reverse automatically. Do NOT add \`flex-row-reverse\` on top of
2317
- \`dir="rtl"\` \u2014 that's a double-swap. DO swap directional icons (chevrons,
2318
- arrows) manually. Use logical CSS properties (\`ms-*\`/\`me-*\`) instead of
2319
- \`ml-*\`/\`mr-*\`.
2318
+ Resolve direction with \`client.getStoreDirection(locale)\` \u2014 it returns
2319
+ \`'ltr' | 'rtl'\` for any BCP-47 tag (Arabic, Hebrew, Persian, Urdu, Yiddish
2320
+ today; future RTL locales added by the platform are picked up automatically).
2321
+ Do NOT maintain your own RTL locale set.
2322
+
2323
+ \`\`\`tsx
2324
+ // app/[locale]/layout.tsx
2325
+ const dir = client.getStoreDirection(locale);
2326
+ return <html lang={locale} dir={dir}>...</html>;
2327
+ \`\`\`
2328
+
2329
+ For static rendering, \`storeInfo.i18n.defaultDirection\` carries the store's
2330
+ default direction, and each entry in \`storeInfo.i18n.supportedLocaleObjects\`
2331
+ includes its own \`direction\`.
2332
+
2333
+ Let flexbox reverse automatically once \`<html dir="rtl">\` is set. Do NOT add
2334
+ \`flex-row-reverse\` on top \u2014 that's a double-swap. DO swap directional icons
2335
+ (chevrons, arrows) manually. Use logical CSS properties (\`ms-*\`/\`me-*\`)
2336
+ instead of \`ml-*\`/\`mr-*\`.
2320
2337
 
2321
2338
  ### Language switcher
2322
2339
 
@@ -2693,6 +2710,141 @@ and a \`newsletter\` form embedded in the footer), render each form from its
2693
2710
  own \`contactForms.get(key, locale)\` call. The \`formKey\` you pass to
2694
2711
  \`createInquiry\` must match.`;
2695
2712
  }
2713
+ function getContentSection() {
2714
+ return `## Content \u2014 typed merchant content store
2715
+
2716
+ Brainerce ships a typed content store so merchants can edit site chrome, FAQ,
2717
+ static pages, and inline rich-text blocks in the dashboard \u2014 without
2718
+ re-prompting the AI that built their storefront. Every row has a \`type\` +
2719
+ \`key\` + typed \`data\` payload + free-form \`customFields\`.
2720
+
2721
+ **Six content types.** Each one has a fixed \`data\` shape; the SDK's TypeScript
2722
+ generics keep them in lockstep:
2723
+
2724
+ | Type | Use for | \`data\` shape (abbreviated) |
2725
+ | -------------- | -------------------------------------- | --------------------------- |
2726
+ | \`FAQ\` | Q/A accordions | \`{ items: { question, answer }[] }\` |
2727
+ | \`FOOTER\` | Site footer (chrome) | \`{ columns, copyright?, social? }\` |
2728
+ | \`HEADER\` | Top nav + logo + CTA (chrome) | \`{ logo?, navItems, cta? }\` |
2729
+ | \`ANNOUNCEMENT\`| Banners; time-bound by \`startsAt/endsAt\` | \`{ message, severity, dismissible, ... }\` |
2730
+ | \`RICH_TEXT\` | Free-form HTML blocks embedded inline | \`{ html }\` |
2731
+ | \`PAGE\` | Static pages with slug + SEO | \`{ slug, title, html, seo? }\` |
2732
+
2733
+ Run \`get-type-definitions\` with \`domain: 'content'\` for the full interfaces.
2734
+
2735
+ ### Default key
2736
+
2737
+ Every type has \`'main'\` as its universal default key. \`client.content.faq.get()\`
2738
+ with no arguments resolves to \`key='main'\`. Topical keys (\`'shipping'\`,
2739
+ \`'holiday-2026'\`, \`'about'\`) are merchant-named.
2740
+
2741
+ ### Reading content (any SDK mode)
2742
+
2743
+ Public reads work in vibe-coded mode, storefront mode, and admin mode. They
2744
+ return \`null\` on 404 \u2014 render hard-coded fallbacks so the page never crashes
2745
+ when the merchant hasn't seeded yet.
2746
+
2747
+ \`\`\`ts
2748
+ // Single entry, default key 'main', resolved to a locale
2749
+ const faq = await client.content.faq.get('main', locale);
2750
+ if (faq) {
2751
+ faq.data.items.forEach(({ question, answer }) => {
2752
+ // Render question + sanitize(answer)
2753
+ });
2754
+ }
2755
+
2756
+ // All entries of a type
2757
+ const allFaqs = await client.content.faq.list(locale);
2758
+
2759
+ // Page by URL slug \u2014 for app/[slug]/page.tsx
2760
+ const page = await client.content.page.getBySlug(slug, locale);
2761
+ if (!page) notFound();
2762
+ \`\`\`
2763
+
2764
+ ### Security \u2014 sanitize HTML before rendering
2765
+
2766
+ \`FAQ.items[i].answer\`, \`RICH_TEXT.html\`, and \`PAGE.html\` carry
2767
+ MERCHANT-AUTHORED HTML. The server does NOT pre-sanitize \u2014 some merchants
2768
+ embed iframes (e.g. YouTube) which strict sanitizers would strip. ALWAYS
2769
+ sanitize on the storefront before injecting:
2770
+
2771
+ \`\`\`ts
2772
+ // Recommended: isomorphic-dompurify
2773
+ import DOMPurify from 'isomorphic-dompurify';
2774
+ const safe = DOMPurify.sanitize(rawHtml);
2775
+ <div dangerouslySetInnerHTML={{ __html: safe }} />;
2776
+ \`\`\`
2777
+
2778
+ Skipping this is XSS.
2779
+
2780
+ ### Custom fields
2781
+
2782
+ Every Content row carries a free-form \`customFields: Record<string, string>\`.
2783
+ Merchants add arbitrary key-value extras (\`helpEmail\`, \`phoneNumber\`,
2784
+ \`foundedYear\`) that you can opt into reading:
2785
+
2786
+ \`\`\`ts
2787
+ const faq = await client.content.faq.get('shipping');
2788
+ <a href={\`mailto:\${faq.customFields.helpEmail}\`}>Need help?</a>
2789
+ \`\`\`
2790
+
2791
+ The shape is whatever the merchant entered. Read keys you expect; ignore the rest.
2792
+
2793
+ ### Locale resolution
2794
+
2795
+ All public reads accept a \`locale\` argument. The server resolves
2796
+ \`translations[locale]\` server-side and returns the resolved \`data\` payload \u2014
2797
+ the storefront does NOT need to do its own overlay. Empty / missing translations
2798
+ fall through to the default-locale value.
2799
+
2800
+ ### Cache
2801
+
2802
+ Public reads carry \`Cache-Control: public, max-age=300, stale-while-revalidate=60\`.
2803
+ Merchant edits propagate within ~5 minutes. Don't layer extra client-side
2804
+ caching beyond Next.js's default fetch cache.
2805
+
2806
+ ### Admin writes (apiKey mode)
2807
+
2808
+ \`\`\`ts
2809
+ const adminClient = new BrainerceClient({ apiKey: process.env.BRAINERCE_API_KEY });
2810
+
2811
+ // Create \u2014 always starts in DRAFT
2812
+ const faq = await adminClient.content.faq.create({
2813
+ key: 'shipping',
2814
+ name: 'Shipping FAQ',
2815
+ data: { items: [{ question: 'How long?', answer: 'Most orders ship in 2 days.' }] },
2816
+ });
2817
+
2818
+ // Update (data replaces wholesale; last-write-wins on the data field)
2819
+ await adminClient.content.update(faq.id, {
2820
+ data: { items: [{ question: 'How long?', answer: 'Updated answer.' }] },
2821
+ });
2822
+
2823
+ // Publish / unpublish
2824
+ await adminClient.content.publish(faq.id);
2825
+ await adminClient.content.unpublish(faq.id);
2826
+
2827
+ // Hard delete
2828
+ await adminClient.content.remove(faq.id);
2829
+ \`\`\`
2830
+
2831
+ Write operations throw if called from vibe-coded or storefront mode.
2832
+
2833
+ ### Reserved key convention
2834
+
2835
+ \`'main'\` is reserved as the universal default. Don't use it for topical
2836
+ entries \u2014 pick a descriptive slug (\`'shipping'\`, \`'returns'\`, \`'about'\`,
2837
+ \`'holiday-2026'\`). The validation rule is \`^[a-z][a-z0-9-]*$\`, max 64 chars.
2838
+
2839
+ ### See also
2840
+
2841
+ - \`get-business-flows\` with \`flow: 'content-bootstrap'\` for the full
2842
+ layout / FAQ / page recipe.
2843
+ - \`get-required-features\` lists each Content surface (\`site-header\`,
2844
+ \`site-footer\`, \`announcement-bar\`, \`faq-page\`, \`static-pages\`).
2845
+ - \`get-type-definitions\` with \`domain: 'content'\` for the TypeScript
2846
+ interfaces.`;
2847
+ }
2696
2848
  function getSectionByTopic(topic, connectionId, currency) {
2697
2849
  const cid = connectionId || "vc_YOUR_CONNECTION_ID";
2698
2850
  const cur = currency || "USD";
@@ -2739,6 +2891,8 @@ function getSectionByTopic(topic, connectionId, currency) {
2739
2891
  return getAdminApiSection();
2740
2892
  case "inquiries":
2741
2893
  return getContactInquiriesSection();
2894
+ case "content":
2895
+ return getContentSection();
2742
2896
  case "all":
2743
2897
  return [
2744
2898
  "# Brainerce SDK \u2014 full topic dump",
@@ -2827,10 +2981,14 @@ function getSectionByTopic(topic, connectionId, currency) {
2827
2981
  "",
2828
2982
  "---",
2829
2983
  "",
2830
- getContactInquiriesSection()
2984
+ getContactInquiriesSection(),
2985
+ "",
2986
+ "---",
2987
+ "",
2988
+ getContentSection()
2831
2989
  ].join("\n");
2832
2990
  default:
2833
- return `Unknown topic: "${topic}". Available topics: setup, products, cart, checkout, checkout-custom-fields, payment, auth, order-confirmation, inventory, discounts, recommendations, product-customization-fields, tax, i18n, critical-rules, type-reference, admin, inquiries, all`;
2991
+ return `Unknown topic: "${topic}". Available topics: setup, products, cart, checkout, checkout-custom-fields, payment, auth, order-confirmation, inventory, discounts, recommendations, product-customization-fields, tax, i18n, critical-rules, type-reference, admin, inquiries, content, all`;
2834
2992
  }
2835
2993
  }
2836
2994
 
@@ -2858,6 +3016,7 @@ var GET_SDK_DOCS_SCHEMA = {
2858
3016
  "i18n",
2859
3017
  "admin",
2860
3018
  "inquiries",
3019
+ "content",
2861
3020
  "all"
2862
3021
  ]).describe("The SDK documentation topic to retrieve"),
2863
3022
  salesChannelId: z.string().optional().describe("Sales channel ID (starts with vc_). Used to personalize setup code."),
@@ -3850,6 +4009,156 @@ export interface ModifierValidationError {
3850
4009
  // The cart line then carries:
3851
4010
  // cart.items[i].modifiers \u2014 CartItemModifierLine[]
3852
4011
  // cart.items[i].modifiersTotal \u2014 decimal string of the paid (non-free) deltas`;
4012
+ var CONTENT_TYPES = `// ---- Content (typed merchant content store) ----
4013
+ // Brainerce ships a typed content store so merchants can edit FAQ, footer,
4014
+ // header, announcements, rich text, and static pages in the dashboard
4015
+ // without re-prompting the AI that built the storefront. Every row has a
4016
+ // 'type' + 'key' + typed 'data' payload + free-form 'customFields'.
4017
+ //
4018
+ // SECURITY (read carefully):
4019
+ // RICH_TEXT.html, PAGE.html, and FAQ answers are MERCHANT-AUTHORED HTML.
4020
+ // ALWAYS sanitize with isomorphic-dompurify (or equivalent) before
4021
+ // injecting via dangerouslySetInnerHTML. The server does NOT pre-sanitize
4022
+ // because some merchants embed iframes (e.g. YouTube) which strict
4023
+ // sanitizers would strip; the storefront chooses the policy.
4024
+ //
4025
+ // 404 contract: client.content.<type>.get(key) returns null when no
4026
+ // PUBLISHED row exists. Always render a hard-coded fallback on null so
4027
+ // the page never crashes when the merchant hasn't seeded yet.
4028
+ //
4029
+ // Default key: every type has 'main' as its universal default. Pass no
4030
+ // argument to fetch the main entry; pass a custom key ('shipping',
4031
+ // 'holiday-2026', 'about') for topical entries.
4032
+
4033
+ export type ContentType = 'FAQ' | 'FOOTER' | 'HEADER' | 'ANNOUNCEMENT' | 'RICH_TEXT' | 'PAGE';
4034
+ export type ContentStatus = 'DRAFT' | 'PUBLISHED';
4035
+
4036
+ export interface FaqItem {
4037
+ question: string;
4038
+ /** Sanitized HTML \u2014 sanitize before rendering. */
4039
+ answer: string;
4040
+ }
4041
+ export interface FaqContent { items: FaqItem[] }
4042
+
4043
+ export interface FooterLink { label: string; url: string }
4044
+ export interface FooterColumn { title: string; links: FooterLink[] }
4045
+ export interface FooterSocialLink { platform: string; url: string } // 'instagram' | 'facebook' | 'x' | ...
4046
+ export interface FooterContent {
4047
+ columns: FooterColumn[];
4048
+ copyright?: string;
4049
+ social?: FooterSocialLink[];
4050
+ }
4051
+
4052
+ export interface HeaderLogo { src: string; alt: string }
4053
+ export interface HeaderNavItem { label: string; url: string }
4054
+ export interface HeaderCta { label: string; url: string }
4055
+ export interface HeaderContent {
4056
+ logo?: HeaderLogo;
4057
+ navItems: HeaderNavItem[];
4058
+ cta?: HeaderCta;
4059
+ }
4060
+
4061
+ export type AnnouncementSeverity = 'info' | 'warning' | 'success';
4062
+ export interface AnnouncementContent {
4063
+ message: string;
4064
+ severity: AnnouncementSeverity;
4065
+ dismissible: boolean;
4066
+ /** ISO 8601 \u2014 filter client-side. */
4067
+ startsAt?: string;
4068
+ endsAt?: string;
4069
+ ctaLabel?: string;
4070
+ ctaHref?: string;
4071
+ }
4072
+
4073
+ export interface RichTextContent {
4074
+ /** Raw HTML \u2014 sanitize before rendering. */
4075
+ html: string;
4076
+ }
4077
+
4078
+ export interface PageSeo {
4079
+ title?: string;
4080
+ description?: string;
4081
+ ogImage?: string;
4082
+ }
4083
+ export interface PageContent {
4084
+ /** URL slug, lower-kebab. */
4085
+ slug: string;
4086
+ title: string;
4087
+ /** Raw HTML \u2014 sanitize before rendering. */
4088
+ html: string;
4089
+ seo?: PageSeo;
4090
+ }
4091
+
4092
+ export interface ContentSummary {
4093
+ id: string;
4094
+ type: ContentType;
4095
+ key: string;
4096
+ name: string;
4097
+ status: ContentStatus;
4098
+ position: number;
4099
+ updatedAt: string;
4100
+ }
4101
+
4102
+ export interface Content<T extends ContentType = ContentType> extends ContentSummary {
4103
+ type: T;
4104
+ data: T extends 'FAQ' ? FaqContent
4105
+ : T extends 'FOOTER' ? FooterContent
4106
+ : T extends 'HEADER' ? HeaderContent
4107
+ : T extends 'ANNOUNCEMENT' ? AnnouncementContent
4108
+ : T extends 'RICH_TEXT' ? RichTextContent
4109
+ : T extends 'PAGE' ? PageContent
4110
+ : never;
4111
+ /** Free-form merchant-defined extras. Read keys the merchant told you to expect. */
4112
+ customFields: Record<string, string>;
4113
+ salesChannelIds: string[];
4114
+ }
4115
+
4116
+ // ---- SDK usage examples ----
4117
+ //
4118
+ // FAQ \u2014 render an accordion from the main FAQ (or a topical one):
4119
+ // const faq = await client.content.faq.get('main', locale); // 'shipping', 'returns', ...
4120
+ // if (faq) {
4121
+ // faq.data.items.forEach(({ question, answer }) => {
4122
+ // // Render question + sanitize(answer) \u2014 never inject raw HTML.
4123
+ // });
4124
+ // }
4125
+ //
4126
+ // Footer \u2014 server component in root layout:
4127
+ // const footer = await client.content.footer.get('main', locale);
4128
+ // if (!footer) return <Fallback />;
4129
+ // // Render footer.data.columns, footer.data.social, footer.data.copyright
4130
+ //
4131
+ // Header \u2014 same pattern as footer:
4132
+ // const header = await client.content.header.get('main', locale);
4133
+ //
4134
+ // Announcement \u2014 multiple may be active; filter by date client-side:
4135
+ // const announcements = await client.content.announcement.list(locale);
4136
+ // const now = Date.now();
4137
+ // const active = announcements.filter((a) => {
4138
+ // const startOk = !a.data.startsAt || new Date(a.data.startsAt).getTime() <= now;
4139
+ // const endOk = !a.data.endsAt || new Date(a.data.endsAt).getTime() >= now;
4140
+ // return startOk && endOk;
4141
+ // });
4142
+ //
4143
+ // Rich text \u2014 inline block anywhere on a page:
4144
+ // const block = await client.content.richText.get('about-intro', locale);
4145
+ // <div dangerouslySetInnerHTML={{ __html: sanitize(block.data.html) }} />
4146
+ //
4147
+ // Page \u2014 catch-all route by slug (e.g. /about, /terms, /privacy):
4148
+ // // app/[slug]/page.tsx
4149
+ // const page = await client.content.page.getBySlug(params.slug, locale);
4150
+ // if (!page) notFound();
4151
+ // // page.data.title, page.data.html, page.data.seo
4152
+ // return <article dangerouslySetInnerHTML={{ __html: sanitize(page.data.html) }} />;
4153
+ //
4154
+ // Custom fields \u2014 every Content row carries a free-form Record<string, string>:
4155
+ // const faq = await client.content.faq.get('shipping');
4156
+ // <a href={\`mailto:\${faq.customFields.helpEmail}\`}>Need help?</a>
4157
+ //
4158
+ // Cache \u2014 public reads carry Cache-Control: public, max-age=300,
4159
+ // stale-while-revalidate=60. Storefront changes propagate within ~5 min
4160
+ // of the merchant publishing. Do not add extra client-side caching
4161
+ // beyond Next.js's default fetch cache.`;
3853
4162
  var TYPES_BY_DOMAIN = {
3854
4163
  products: PRODUCTS_TYPES,
3855
4164
  cart: CART_TYPES,
@@ -3860,7 +4169,8 @@ var TYPES_BY_DOMAIN = {
3860
4169
  helpers: HELPERS_TYPES,
3861
4170
  inquiries: INQUIRIES_TYPES,
3862
4171
  reviews: REVIEWS_TYPES,
3863
- "modifier-groups": MODIFIER_GROUPS_TYPES
4172
+ "modifier-groups": MODIFIER_GROUPS_TYPES,
4173
+ content: CONTENT_TYPES
3864
4174
  };
3865
4175
  function getTypesByDomain(domain) {
3866
4176
  if (domain === "all") {
@@ -3891,9 +4201,10 @@ var GET_TYPE_DEFINITIONS_SCHEMA = {
3891
4201
  "helpers",
3892
4202
  "inquiries",
3893
4203
  "reviews",
4204
+ "content",
3894
4205
  "all"
3895
4206
  ]).describe(
3896
- 'The domain of types to retrieve. Use "helpers" for helper function signatures and common types like StoreInfo, PaginatedResponse.'
4207
+ 'The domain of types to retrieve. Use "helpers" for helper function signatures and common types like StoreInfo, PaginatedResponse. Use "content" for FAQ / Footer / Header / Announcement / RichText / Page.'
3897
4208
  )
3898
4209
  };
3899
4210
  async function handleGetTypeDefinitions(args) {
@@ -4440,8 +4751,10 @@ client.setLocale(locale);
4440
4751
  // order bumps, search suggestions, discount banners, nudges,
4441
4752
  // badges, order history.
4442
4753
 
4443
- // For RTL locales (he, ar), set the document direction.
4444
- // Framework-neutral: document.documentElement.setAttribute('dir', 'rtl');`,
4754
+ // For RTL direction, do not hardcode the locale list. Ask the SDK:
4755
+ // const dir = client.getStoreDirection(currentLocale); // 'ltr' | 'rtl'
4756
+ // document.documentElement.setAttribute('dir', dir);
4757
+ // (Or in React: <html dir={dir}>...</html>.)`,
4445
4758
  "order-history-full": `// Full "My Orders" account page. Render every piece of data the server
4446
4759
  // already returns \u2014 not just order number / total / status.
4447
4760
  //
@@ -5533,7 +5846,7 @@ var RULES = {
5533
5846
  body: `- NEVER hardcode currency, locale, or language strings. Read them from \`get-store-info\` / \`get-store-capabilities\` and use the configured values.
5534
5847
  - NEVER format prices with \`toFixed(2)\` or custom logic. Use \`formatPrice()\` from the SDK \u2014 it honors the store's currency and locale.
5535
5848
  - When the store has i18n enabled (\`capabilities.store.i18n.enabled === true\`), you MUST call \`client.setLocale(locale)\` at app init and include a language switcher. All SDK reads will then return localized content automatically.
5536
- - For RTL locales (\`he\`, \`ar\`), set the document direction to RTL. Do not manually reverse flex layouts \u2014 the platform's CSS reversal handles it.`
5849
+ - For RTL direction, do NOT maintain a local list of RTL locales. Call \`client.getStoreDirection(locale)\` \u2014 it returns \`'ltr' | 'rtl'\` for any BCP-47 tag (covers Arabic, Hebrew, Persian, Urdu, Yiddish, and any future RTL locales the platform adds). Set \`<html dir={...}>\` from this value. The platform's CSS reversal handles flex layouts \u2014 do not manually swap them.`
5537
5850
  },
5538
5851
  types: {
5539
5852
  title: "Type safety",
@@ -5581,6 +5894,7 @@ var GET_BUSINESS_FLOWS_SCHEMA = {
5581
5894
  "cart-persistence",
5582
5895
  "inventory-reservation",
5583
5896
  "product-customization",
5897
+ "content-bootstrap",
5584
5898
  "all"
5585
5899
  ]).describe('Which flow to retrieve. Use "all" to get every flow.')
5586
5900
  };
@@ -5771,6 +6085,76 @@ Server-side guardrails that WILL reject bad requests (so validate client-side to
5771
6085
  - More than 10 uploads per IP per minute \u2192 429.
5772
6086
 
5773
6087
  Never render customization fields without also wiring the upload + metadata flow \u2014 a form that submits nothing is worse than no form at all.`
6088
+ },
6089
+ "content-bootstrap": {
6090
+ title: "Content Bootstrap \u2014 site chrome & static content",
6091
+ body: `Every Brainerce storefront should render merchant-defined site chrome (header, footer, announcements, FAQ, static pages) from the Content API. The merchant edits these in the Brainerce dashboard; storefronts pick up changes within ~5 minutes (public reads carry \`Cache-Control: public, max-age=300, stale-while-revalidate=60\`).
6092
+
6093
+ 1. **Fetch chrome at the root layout** (server component if Next.js). All three return \`null\` on 404 \u2014 render hard-coded fallbacks so the page never crashes when the merchant hasn't seeded yet.
6094
+ \`\`\`ts
6095
+ const [header, footer, announcements] = await Promise.all([
6096
+ client.content.header.get('main', locale),
6097
+ client.content.footer.get('main', locale),
6098
+ client.content.announcement.list(locale),
6099
+ ]);
6100
+ \`\`\`
6101
+
6102
+ 2. **FAQ \u2014 fetch lazily on the FAQ page.** Default key is \`'main'\`; pass a topical key (\`'shipping'\`, \`'returns'\`) for sub-FAQs.
6103
+ \`\`\`ts
6104
+ const faq = await client.content.faq.get('main', locale);
6105
+ if (faq) {
6106
+ faq.data.items.forEach(({ question, answer }) => {
6107
+ // sanitize(answer) \u2014 see step 4
6108
+ });
6109
+ }
6110
+ \`\`\`
6111
+
6112
+ 3. **Static pages \u2014 catch-all route by slug:**
6113
+ \`\`\`tsx
6114
+ // app/[slug]/page.tsx
6115
+ export default async function Page({ params }) {
6116
+ const page = await client.content.page.getBySlug(params.slug, locale);
6117
+ if (!page) notFound();
6118
+ return (
6119
+ <article dangerouslySetInnerHTML={{ __html: sanitize(page.data.html) }} />
6120
+ );
6121
+ }
6122
+ \`\`\`
6123
+
6124
+ 4. **SECURITY \u2014 sanitize HTML before rendering.** \`FAQ.items[i].answer\`, \`PAGE.html\`, and \`RICH_TEXT.html\` are merchant-authored HTML. The server does NOT pre-sanitize because some merchants embed iframes (e.g. YouTube). Always sanitize at the edge of your render:
6125
+ \`\`\`ts
6126
+ import DOMPurify from 'isomorphic-dompurify';
6127
+ const safe = DOMPurify.sanitize(rawHtml);
6128
+ <div dangerouslySetInnerHTML={{ __html: safe }} />;
6129
+ \`\`\`
6130
+ Skipping this is XSS.
6131
+
6132
+ 5. **Announcements \u2014 multiple may be active; filter by date client-side:**
6133
+ \`\`\`ts
6134
+ const now = Date.now();
6135
+ const visible = announcements.filter((a) => {
6136
+ const startOk = !a.data.startsAt || new Date(a.data.startsAt).getTime() <= now;
6137
+ const endOk = !a.data.endsAt || new Date(a.data.endsAt).getTime() >= now;
6138
+ return startOk && endOk;
6139
+ });
6140
+ \`\`\`
6141
+
6142
+ 6. **RTL direction \u2014 call \`client.getStoreDirection(locale)\`:**
6143
+ \`\`\`tsx
6144
+ const dir = client.getStoreDirection(locale);
6145
+ <html lang={locale} dir={dir}>...</html>
6146
+ \`\`\`
6147
+ Do NOT maintain a local RTL locale set \u2014 the SDK helper covers Arabic / Hebrew / Persian / Urdu / Yiddish today and picks up any future RTL locale automatically.
6148
+
6149
+ 7. **Custom fields \u2014 every Content row has free-form \`customFields: Record<string, string>\`.** Read keys the merchant told you to expect:
6150
+ \`\`\`ts
6151
+ const faq = await client.content.faq.get('shipping');
6152
+ <a href={\`mailto:\${faq.customFields.helpEmail}\`}>Need help?</a>
6153
+ \`\`\`
6154
+
6155
+ 8. **Cache:** public reads carry \`Cache-Control: public, max-age=300, stale-while-revalidate=60\`. Don't add extra client-side caching beyond Next.js's default fetch cache \u2014 merchants expect their edits to appear within ~5 minutes.
6156
+
6157
+ **Translations.** All public reads accept a \`locale\` argument; the server resolves \`translations[locale]\` server-side. Empty / missing overlays fall through to the default-locale value. The storefront does NOT need to do its own per-field overlay \u2014 call with the active locale and render what comes back.`
5774
6158
  }
5775
6159
  };
5776
6160
  var FLOW_ORDER = [
@@ -5782,7 +6166,8 @@ var FLOW_ORDER = [
5782
6166
  "order-confirmation",
5783
6167
  "cart-persistence",
5784
6168
  "inventory-reservation",
5785
- "product-customization"
6169
+ "product-customization",
6170
+ "content-bootstrap"
5786
6171
  ];
5787
6172
  async function handleGetBusinessFlows(args) {
5788
6173
  const header = "# Brainerce Business Flows\n\nThese sequences are framework-neutral and non-negotiable. Your framework and file layout are your choice \u2014 the order of SDK calls and the error handling is not.";
@@ -5994,11 +6379,57 @@ var FEATURES = [
5994
6379
  {
5995
6380
  id: "i18n",
5996
6381
  title: "Serve multiple languages with a language switcher",
5997
- description: "When i18n is enabled, the experience routes by locale, sets the SDK locale (client.setLocale), includes a language switcher in the header, and renders RTL locales (he, ar) with the correct document direction.",
5998
- sdk: "client.setLocale(locale). Read supported locales from get-store-capabilities.store.i18n.",
6382
+ description: "When i18n is enabled, the experience routes by locale, sets the SDK locale (client.setLocale), includes a language switcher in the header, and renders the correct document direction by reading client.getStoreDirection(locale) \u2014 do not hardcode an RTL locale set.",
6383
+ sdk: "client.setLocale(locale). client.getStoreDirection(locale) for <html dir>. Read supported locales from get-store-capabilities.store.i18n.",
5999
6384
  mandatory: "conditional",
6000
6385
  capabilityFlag: "i18n",
6001
6386
  whenDisabledNote: "This store is single-language. Do not build the language switcher."
6387
+ },
6388
+ {
6389
+ id: "site-header",
6390
+ title: "Site header from merchant content (logo + nav + CTA)",
6391
+ description: 'Fetch client.content.header.get("main", locale) in the root layout. Returns null when the merchant has not seeded yet \u2014 render a hard-coded fallback so the page never crashes. Renders header.data.logo, header.data.navItems[], header.data.cta if present.',
6392
+ sdk: 'client.content.header.get("main", locale)',
6393
+ flowRef: "content-bootstrap",
6394
+ mandatory: "mandatory"
6395
+ },
6396
+ {
6397
+ id: "site-footer",
6398
+ title: "Site footer from merchant content (columns + social + copyright)",
6399
+ description: 'Fetch client.content.footer.get("main", locale) in the root layout. Returns null when unseeded \u2014 render a hard-coded fallback. Render footer.data.columns[].links, footer.data.social[], footer.data.copyright.',
6400
+ sdk: 'client.content.footer.get("main", locale)',
6401
+ flowRef: "content-bootstrap",
6402
+ mandatory: "mandatory"
6403
+ },
6404
+ {
6405
+ id: "announcement-bar",
6406
+ title: "Announcement bar at the top of every page",
6407
+ description: "Fetch client.content.announcement.list(locale) in the root layout. Filter by data.startsAt / data.endsAt client-side. Render a dismissible bar when data.dismissible=true. Build the UI anyway \u2014 it auto-hides when no announcements exist.",
6408
+ sdk: "client.content.announcement.list(locale)",
6409
+ flowRef: "content-bootstrap",
6410
+ mandatory: "conditional",
6411
+ capabilityFlag: "hasContent",
6412
+ whenDisabledNote: "Store has no published Content rows yet. Build the announcement bar anyway \u2014 it auto-hides on empty."
6413
+ },
6414
+ {
6415
+ id: "faq-page",
6416
+ title: "FAQ page rendered from merchant content",
6417
+ description: 'Build /faq as an accordion fed by client.content.faq.get("main", locale). For topical FAQs, use a key parameter (shipping, returns, ...). Always sanitize answer HTML before injecting via dangerouslySetInnerHTML. Build the page anyway \u2014 it auto-hides or 404s when no FAQ rows exist.',
6418
+ sdk: 'client.content.faq.get("main", locale), client.content.faq.list(locale)',
6419
+ flowRef: "content-bootstrap",
6420
+ mandatory: "conditional",
6421
+ capabilityFlag: "hasContent",
6422
+ whenDisabledNote: "No FAQ content yet. Build /faq anyway \u2014 it auto-hides on empty."
6423
+ },
6424
+ {
6425
+ id: "static-pages",
6426
+ title: "Static pages from merchant content (About, Terms, Privacy, \u2026)",
6427
+ description: "Mount a catch-all app/[slug]/page.tsx route. Inside, call client.content.page.getBySlug(params.slug, locale). On null \u2192 notFound(). On hit, sanitize page.data.html before injecting via dangerouslySetInnerHTML. Generate <Metadata> from page.data.seo. Build the route anyway \u2014 it 404s on unknown slugs.",
6428
+ sdk: "client.content.page.getBySlug(slug, locale), client.content.page.list(locale)",
6429
+ flowRef: "content-bootstrap",
6430
+ mandatory: "conditional",
6431
+ capabilityFlag: "hasContent",
6432
+ whenDisabledNote: "No static pages yet. Build the catch-all route anyway \u2014 it 404s on unknown slugs."
6002
6433
  }
6003
6434
  ];
6004
6435
  function isFeatureActive(feature, caps) {
@@ -6049,6 +6480,7 @@ function renderCapabilitiesSummary(caps) {
6049
6480
  );
6050
6481
  lines.push(`- Downloadable products: ${caps.features.hasDownloadableProducts ? "yes" : "no"}`);
6051
6482
  lines.push(`- Checkout custom fields: ${caps.features.hasCheckoutCustomFields ? "yes" : "no"}`);
6483
+ lines.push(`- Content (FAQ/footer/header/announcements/pages): ${caps.features.hasContent ? "seeded" : "none \u2014 build chrome UI with fallbacks"}`);
6052
6484
  lines.push(
6053
6485
  `- Email verification: ${caps.connection.requireEmailVerification ? "required" : "not required (still build the verify-email flow)"}`
6054
6486
  );
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@brainerce/mcp-server",
3
- "version": "3.7.0",
3
+ "version": "3.8.0",
4
4
  "description": "Framework-agnostic domain knowledge API for Brainerce. Provides SDK docs, types, business flows, critical rules, and store capabilities to AI tools like Lovable, Cursor, Bolt, v0, and Claude Code. Does NOT provide framework-specific boilerplate — clients build in whatever framework fits.",
5
5
  "bin": {
6
6
  "brainerce-mcp": "dist/bin/stdio.js"