@brainerce/mcp-server 3.7.0 → 3.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -1179,6 +1179,8 @@ const material = getProductMetafieldValue(product, 'material');
1179
1179
 
1180
1180
  **Metafield fields:** \`definitionName\` (display label), \`definitionKey\` (lookup key), \`value\`, \`type\` (IMAGE, GALLERY, URL, COLOR, BOOLEAN, DATE, DATETIME, TEXT, TEXTAREA, NUMBER, DIMENSION, WEIGHT, JSON)
1181
1181
 
1182
+ **Translations:** When the store has i18n enabled and \`client.setLocale()\` is active, both the \`definitionName\` (the merchant-authored label like "Warranty Info" / "\u05DE\u05D9\u05D3\u05E2 \u05D0\u05D7\u05E8\u05D9\u05D5\u05EA") **and** free-text \`value\` come back already translated. No per-call locale param needed.
1183
+
1182
1184
  ### Product Customization Fields (Customer Input)
1183
1185
 
1184
1186
  Some products allow customers to provide input at purchase time (e.g., text on a cake, upload a logo). Check \`product.customizationFields\` and render input fields accordingly.
@@ -1312,6 +1314,8 @@ await client.removeCoupon(cartId);
1312
1314
  const totals = getCartTotals(cart); // { subtotal, discount, shipping, total }
1313
1315
  \`\`\`
1314
1316
 
1317
+ > **Region-restricted coupons:** a coupon may carry \`regionIds\`. If the buyer's checkout region isn't in that list, \`applyCoupon\` / \`applyCheckoutCoupon\` reject the code even when everything else matches. Empty/omitted \`regionIds\` = valid in all regions.
1318
+
1315
1319
  **On the checkout page** (after checkout session exists \u2014 ALWAYS use this when checkoutId is available):
1316
1320
  \`\`\`typescript
1317
1321
  // Applies to cart AND updates checkout totals in one call
@@ -1639,6 +1643,8 @@ const groups: ModifierGroup[] = product.modifierGroups ?? [];
1639
1643
 
1640
1644
  **Money fields are strings.** \`priceDelta\` is \`"5.00"\` (or \`"-2.00"\` for downsell modifiers \u2014 see below). Use \`parseFloat()\` for display arithmetic; never compute the line total client-side \u2014 the server runs the free-allocation policy and returns the final \`unitPrice\` snapshot on the cart line.
1641
1645
 
1646
+ **Translations are automatic.** Both \`group.name\`/\`group.description\` and each \`modifier.name\`/\`modifier.description\` are overlay-resolved by the server on every read. Call \`client.setLocale('he')\` once and the modifier picker renders in Hebrew with no extra code (\`"\u05EA\u05D5\u05E1\u05E4\u05D5\u05EA"\` / \`"\u05D6\u05D9\u05EA\u05D9\u05DD"\`). See the \`i18n\` topic for the full multi-language flow.
1647
+
1642
1648
  ### Render: SINGLE \u2192 radio, MULTIPLE \u2192 checkbox
1643
1649
 
1644
1650
  Walk \`groups\` and pick the input type by \`selectionType\`. Sort modifiers by \`position\`.
@@ -2040,19 +2046,24 @@ window.location.href = authorizationUrl;
2040
2046
  \`\`\`typescript
2041
2047
  const params = new URLSearchParams(window.location.search);
2042
2048
  if (params.get('oauth_success') === 'true') {
2043
- const token = params.get('token');
2044
- if (token) {
2045
- client.setCustomerToken(token);
2046
- localStorage.setItem('customerToken', token);
2047
- // Optional: read customer_id, customer_email, is_new from params
2049
+ // Single-use auth_code is exchanged for the JWT via POST \u2014 keeps the JWT
2050
+ // out of the URL (browser history, CDN logs, Referer header).
2051
+ const code = params.get('auth_code');
2052
+ if (code) {
2053
+ const result = await client.exchangeOAuthCode(code);
2054
+ client.setCustomerToken(result.token);
2055
+ localStorage.setItem('customerToken', result.token);
2056
+ // Optional: result.customer, result.isNewCustomer, result.redirectUrl
2048
2057
  // Link guest cart: await client.linkCart(cartId);
2049
- window.location.href = '/account';
2058
+ window.location.href = result.redirectUrl || '/account';
2050
2059
  }
2051
2060
  } else if (params.get('oauth_error')) {
2052
2061
  // Show error: params.get('oauth_error')
2053
2062
  }
2054
2063
  \`\`\`
2055
2064
 
2065
+ > The legacy redirect format placed the JWT directly in the URL as \`?token=\`. That format is still emitted for backward compatibility, but it will be removed in the next major release \u2014 migrate to \`auth_code\` + \`exchangeOAuthCode()\` now.
2066
+
2056
2067
  ### Account Page (/account) \u2014 uses getMyProfile() and getMyOrders()
2057
2068
 
2058
2069
  \`\`\`typescript
@@ -2226,9 +2237,12 @@ export async function generateMetadata({ params }: Props): Promise<Metadata> {
2226
2237
  const client = getServerClient();
2227
2238
  client.setLocale(locale);
2228
2239
  const product = await client.getProductBySlug(slug);
2240
+ // NEVER feed raw HTML into <meta name="description"> \u2014 product.description
2241
+ // is often rich-text HTML. Strip tags first, then truncate on a word
2242
+ // boundary. See buildMetaDescription() in lib/seo.ts.
2229
2243
  return {
2230
2244
  title: product.seoTitle || product.name,
2231
- description: product.seoDescription || product.description?.slice(0, 160),
2245
+ description: product.seoDescription || buildMetaDescription(product.description) || product.name,
2232
2246
  };
2233
2247
  }
2234
2248
  \`\`\`
@@ -2278,7 +2292,17 @@ overlay needed:
2278
2292
  - \`variants[].name\`
2279
2293
  - \`variant.attributes\` keys and values \u2014 \`getVariantOptions(variant)\` returns translated attribute names and option values automatically
2280
2294
  - \`productAttributeOptions[].attribute.name\`, \`attributeOption.name\`
2281
- - \`metafields[].value\`
2295
+ - \`metafields[].value\` (the free-text values customers submit)
2296
+ - \`metafields[].definition.name\`, \`metafields[].definition.description\` (the merchant-authored custom-field labels \u2014 "Warranty Info" / "\u05DE\u05D9\u05D3\u05E2 \u05D0\u05D7\u05E8\u05D9\u05D5\u05EA")
2297
+ - \`modifierGroups[].name\`, \`modifierGroups[].description\` (the group label shown on the PDP \u2014 e.g. "Toppings" / "\u05EA\u05D5\u05E1\u05E4\u05D5\u05EA")
2298
+ - \`modifierGroups[].modifiers[].name\`, \`modifierGroups[].modifiers[].description\` (each individual modifier \u2014 e.g. "Olives" / "\u05D6\u05D9\u05EA\u05D9\u05DD")
2299
+
2300
+ **Promotional surfaces:**
2301
+ - \`cart.bundles[].name\`, \`cart.bundles[].description\` (the bundle's own merchant-typed label, e.g. "Lunch Combo" / "\u05D0\u05E8\u05D5\u05D7\u05EA \u05E6\u05D4\u05E8\u05D9\u05D9\u05DD")
2302
+ - \`cart.bundles[].offeredProducts[].name\`, \`.slug\` (each product inside the bundle \u2014 fetched fresh from \`Product.translations\`)
2303
+ - \`checkout.bumps[].title\`, \`checkout.bumps[].description\` (the bump headline shown at checkout \u2014 falls back to the translated product name when merchant didn't override)
2304
+ - \`checkout.bumps[].bumpProduct.name\`, \`.slug\` (the underlying product)
2305
+ - Discount-rule names/descriptions (when surfaced as banner text via \`displayConfig\`)
2282
2306
 
2283
2307
  **Taxonomy (\`getCategories\`, \`getBrands\`, \`getTags\`):**
2284
2308
  - \`name\` on each item
@@ -2344,11 +2368,25 @@ Because the backend already overlays everything, UI code is just:
2344
2368
 
2345
2369
  ### RTL handling
2346
2370
 
2347
- For RTL locales (\`he\`, \`ar\`), set \`<html dir="rtl">\` in the root layout and
2348
- let flexbox reverse automatically. Do NOT add \`flex-row-reverse\` on top of
2349
- \`dir="rtl"\` \u2014 that's a double-swap. DO swap directional icons (chevrons,
2350
- arrows) manually. Use logical CSS properties (\`ms-*\`/\`me-*\`) instead of
2351
- \`ml-*\`/\`mr-*\`.
2371
+ Resolve direction with \`client.getStoreDirection(locale)\` \u2014 it returns
2372
+ \`'ltr' | 'rtl'\` for any BCP-47 tag (Arabic, Hebrew, Persian, Urdu, Yiddish
2373
+ today; future RTL locales added by the platform are picked up automatically).
2374
+ Do NOT maintain your own RTL locale set.
2375
+
2376
+ \`\`\`tsx
2377
+ // app/[locale]/layout.tsx
2378
+ const dir = client.getStoreDirection(locale);
2379
+ return <html lang={locale} dir={dir}>...</html>;
2380
+ \`\`\`
2381
+
2382
+ For static rendering, \`storeInfo.i18n.defaultDirection\` carries the store's
2383
+ default direction, and each entry in \`storeInfo.i18n.supportedLocaleObjects\`
2384
+ includes its own \`direction\`.
2385
+
2386
+ Let flexbox reverse automatically once \`<html dir="rtl">\` is set. Do NOT add
2387
+ \`flex-row-reverse\` on top \u2014 that's a double-swap. DO swap directional icons
2388
+ (chevrons, arrows) manually. Use logical CSS properties (\`ms-*\`/\`me-*\`)
2389
+ instead of \`ml-*\`/\`mr-*\`.
2352
2390
 
2353
2391
  ### Language switcher
2354
2392
 
@@ -2366,7 +2404,9 @@ const admin = new BrainerceClient({ apiKey: 'brainerce_...' });
2366
2404
 
2367
2405
  // Taxonomy: listCategories(), listBrands(), listTags(), listAttributes()
2368
2406
  // Shipping: listShippingZones(), createZoneShippingRate()
2369
- // Tax: getTaxRates(), createTaxRate()
2407
+ // Tax: getTaxRates(), createTaxRate() \u2014 a rate may target a tax class via taxClassId
2408
+ // Tax classes: getTaxClasses(), createTaxClass(), assignTaxClass(), mergeTaxClasses() (scope tax-classes:*)
2409
+ // Regions: getRegions(), createRegion(), setDefaultRegion(), updateRegionPaymentProviders() (scope regions:*)
2370
2410
  // Metafields: getMetafieldDefinitions(), setProductMetafield()
2371
2411
  // Team: getTeamMembers(), inviteTeamMember()
2372
2412
  // Email: getEmailTemplates(), createEmailTemplate()
@@ -2374,6 +2414,13 @@ const admin = new BrainerceClient({ apiKey: 'brainerce_...' });
2374
2414
  // OAuth: getOAuthProviders(), configureOAuthProvider()
2375
2415
  \`\`\`
2376
2416
 
2417
+ Store-level team management (\`inviteStoreMember\`, \`updateStoreMember\`) is the
2418
+ canonical replacement for the deprecated account-level helpers above. The
2419
+ invite accepts an optional \`salesChannelIds\` (vibe-coded \`connectionId\`s,
2420
+ \`vc_*\`) to restrict a member to specific channels \u2014 omit or pass \`[]\` for all
2421
+ channels. Use \`updateStoreMemberSalesChannels(storeId, memberId, { salesChannelIds })\`
2422
+ to change that scope later.
2423
+
2377
2424
  ### Per-Channel Publishing
2378
2425
 
2379
2426
  Categories, tags, brands, and metafield definitions are gated to specific
@@ -2405,7 +2452,70 @@ calls fail with \`404 Not Found\`.
2405
2452
 
2406
2453
  The vibe-coded read endpoints (used by storefront SDK calls in \`connectionId\`
2407
2454
  mode) automatically filter by these junction tables, so storefronts never see
2408
- entities that weren't published to their site.`;
2455
+ entities that weren't published to their site.
2456
+
2457
+ ### Tax classes (differential tax rates)
2458
+
2459
+ Charge different rates for different product types. A \`TaxRate\` may target a
2460
+ class via \`taxClassId\`; a rate with \`taxClassId: null\` is the **Standard
2461
+ fallback**. Checkout resolves each line's class **variant \u2192 product \u2192 category
2462
+ \u2192 store default \u2192 null**, then picks the matching rate (Standard if none).
2463
+ \`rate\` is a whole percentage (\`7.25\` = 7.25%). Requires the
2464
+ \`tax-classes:read\` / \`tax-classes:write\` scopes.
2465
+
2466
+ \`\`\`typescript
2467
+ const food = await admin.createTaxClass({ name: 'Food', slug: 'food' });
2468
+ await admin.assignTaxClass(food.id, { productIds: ['prod_1'], categoryIds: ['cat_food'] });
2469
+
2470
+ // class-specific rate \u2014 only food lines use it; everything else uses Standard
2471
+ await admin.createTaxRate({ name: 'VAT (Food)', rate: 0, country: 'GB', taxClassId: food.id });
2472
+
2473
+ // delete is blocked (409) while dependents exist \u2014 merge moves FKs then deletes:
2474
+ await admin.mergeTaxClasses(food.id, standardClassId);
2475
+ \`\`\`
2476
+
2477
+ Storefront (public, no apiKey \u2014 \`storeId\` mode): \`getStoreTaxClasses()\` lists
2478
+ the store's classes (storefront-safe fields only) for a transparency badge.
2479
+
2480
+ ### Regions (multi-currency / per-region providers)
2481
+
2482
+ A region binds countries \u2192 currency + tax-display mode + enabled payment
2483
+ providers. Manage them via the SDK (scopes \`regions:read\` / \`regions:write\`).
2484
+ \`detectRegion\` is a pure client-side helper to map a buyer's country to a
2485
+ region; pass the resolved \`regionId\` to \`createCheckout\` to associate the
2486
+ checkout with a region (recorded for reporting + provider scoping; currency
2487
+ follows the cart until FX price conversion lands).
2488
+
2489
+ \`\`\`typescript
2490
+ const eu = await admin.createRegion({
2491
+ name: 'EU', currency: 'EUR', countries: ['DE', 'FR'],
2492
+ taxInclusive: true, paymentProviderIds: ['app_inst_stripe'],
2493
+ });
2494
+ await admin.setDefaultRegion(eu.id);
2495
+
2496
+ const { data: regions } = await admin.getRegions();
2497
+ const region = admin.detectRegion('DE', regions); // \u2192 eu, else default, else null
2498
+ \`\`\`
2499
+
2500
+ Storefront (public, no apiKey \u2014 \`storeId\` mode): \`getStoreRegions()\` lists
2501
+ active regions, \`getStoreRegion(id)\` returns one region + its payment providers.
2502
+ Pair with \`detectRegion\` to pick the buyer's region for currency display.
2503
+
2504
+ \`\`\`typescript
2505
+ const store = new BrainerceClient({ storeId: 'store_123' });
2506
+ const { data: regions } = await store.getStoreRegions();
2507
+ const region = await store.getStoreRegion(regions[0].id);
2508
+ \`\`\`
2509
+
2510
+ A shipping zone can be limited to regions via \`regionIds\` \u2014 the zone is then
2511
+ only offered to checkouts that resolved to one of those regions. Empty/omitted =
2512
+ available for any region (default); each id must belong to the same store.
2513
+
2514
+ \`\`\`typescript
2515
+ await admin.createShippingZone({
2516
+ name: 'EU Express', countries: ['DE', 'FR', 'IT'], regionIds: [eu.id],
2517
+ });
2518
+ \`\`\``;
2409
2519
  }
2410
2520
  function getContactInquiriesSection() {
2411
2521
  return `## Contact Inquiries & Forms (optional)
@@ -2725,6 +2835,141 @@ and a \`newsletter\` form embedded in the footer), render each form from its
2725
2835
  own \`contactForms.get(key, locale)\` call. The \`formKey\` you pass to
2726
2836
  \`createInquiry\` must match.`;
2727
2837
  }
2838
+ function getContentSection() {
2839
+ return `## Content \u2014 typed merchant content store
2840
+
2841
+ Brainerce ships a typed content store so merchants can edit site chrome, FAQ,
2842
+ static pages, and inline rich-text blocks in the dashboard \u2014 without
2843
+ re-prompting the AI that built their storefront. Every row has a \`type\` +
2844
+ \`key\` + typed \`data\` payload + free-form \`customFields\`.
2845
+
2846
+ **Six content types.** Each one has a fixed \`data\` shape; the SDK's TypeScript
2847
+ generics keep them in lockstep:
2848
+
2849
+ | Type | Use for | \`data\` shape (abbreviated) |
2850
+ | -------------- | -------------------------------------- | --------------------------- |
2851
+ | \`FAQ\` | Q/A accordions | \`{ items: { question, answer }[] }\` |
2852
+ | \`FOOTER\` | Site footer (chrome) | \`{ columns, copyright?, social? }\` |
2853
+ | \`HEADER\` | Top nav + logo + CTA (chrome) | \`{ logo?, navItems, cta? }\` |
2854
+ | \`ANNOUNCEMENT\`| Banners; time-bound by \`startsAt/endsAt\` | \`{ message, severity, dismissible, ... }\` |
2855
+ | \`RICH_TEXT\` | Free-form HTML blocks embedded inline | \`{ html }\` |
2856
+ | \`PAGE\` | Static pages with slug + SEO | \`{ slug, title, html, seo? }\` |
2857
+
2858
+ Run \`get-type-definitions\` with \`domain: 'content'\` for the full interfaces.
2859
+
2860
+ ### Default key
2861
+
2862
+ Every type has \`'main'\` as its universal default key. \`client.content.faq.get()\`
2863
+ with no arguments resolves to \`key='main'\`. Topical keys (\`'shipping'\`,
2864
+ \`'holiday-2026'\`, \`'about'\`) are merchant-named.
2865
+
2866
+ ### Reading content (any SDK mode)
2867
+
2868
+ Public reads work in vibe-coded mode, storefront mode, and admin mode. They
2869
+ return \`null\` on 404 \u2014 render hard-coded fallbacks so the page never crashes
2870
+ when the merchant hasn't seeded yet.
2871
+
2872
+ \`\`\`ts
2873
+ // Single entry, default key 'main', resolved to a locale
2874
+ const faq = await client.content.faq.get('main', locale);
2875
+ if (faq) {
2876
+ faq.data.items.forEach(({ question, answer }) => {
2877
+ // Render question + sanitize(answer)
2878
+ });
2879
+ }
2880
+
2881
+ // All entries of a type
2882
+ const allFaqs = await client.content.faq.list(locale);
2883
+
2884
+ // Page by URL slug \u2014 for app/[slug]/page.tsx
2885
+ const page = await client.content.page.getBySlug(slug, locale);
2886
+ if (!page) notFound();
2887
+ \`\`\`
2888
+
2889
+ ### Security \u2014 sanitize HTML before rendering
2890
+
2891
+ \`FAQ.items[i].answer\`, \`RICH_TEXT.html\`, and \`PAGE.html\` carry
2892
+ MERCHANT-AUTHORED HTML. The server does NOT pre-sanitize \u2014 some merchants
2893
+ embed iframes (e.g. YouTube) which strict sanitizers would strip. ALWAYS
2894
+ sanitize on the storefront before injecting:
2895
+
2896
+ \`\`\`ts
2897
+ // Recommended: isomorphic-dompurify
2898
+ import DOMPurify from 'isomorphic-dompurify';
2899
+ const safe = DOMPurify.sanitize(rawHtml);
2900
+ <div dangerouslySetInnerHTML={{ __html: safe }} />;
2901
+ \`\`\`
2902
+
2903
+ Skipping this is XSS.
2904
+
2905
+ ### Custom fields
2906
+
2907
+ Every Content row carries a free-form \`customFields: Record<string, string>\`.
2908
+ Merchants add arbitrary key-value extras (\`helpEmail\`, \`phoneNumber\`,
2909
+ \`foundedYear\`) that you can opt into reading:
2910
+
2911
+ \`\`\`ts
2912
+ const faq = await client.content.faq.get('shipping');
2913
+ <a href={\`mailto:\${faq.customFields.helpEmail}\`}>Need help?</a>
2914
+ \`\`\`
2915
+
2916
+ The shape is whatever the merchant entered. Read keys you expect; ignore the rest.
2917
+
2918
+ ### Locale resolution
2919
+
2920
+ All public reads accept a \`locale\` argument. The server resolves
2921
+ \`translations[locale]\` server-side and returns the resolved \`data\` payload \u2014
2922
+ the storefront does NOT need to do its own overlay. Empty / missing translations
2923
+ fall through to the default-locale value.
2924
+
2925
+ ### Cache
2926
+
2927
+ Public reads carry \`Cache-Control: public, max-age=300, stale-while-revalidate=60\`.
2928
+ Merchant edits propagate within ~5 minutes. Don't layer extra client-side
2929
+ caching beyond Next.js's default fetch cache.
2930
+
2931
+ ### Admin writes (apiKey mode)
2932
+
2933
+ \`\`\`ts
2934
+ const adminClient = new BrainerceClient({ apiKey: process.env.BRAINERCE_API_KEY });
2935
+
2936
+ // Create \u2014 always starts in DRAFT
2937
+ const faq = await adminClient.content.faq.create({
2938
+ key: 'shipping',
2939
+ name: 'Shipping FAQ',
2940
+ data: { items: [{ question: 'How long?', answer: 'Most orders ship in 2 days.' }] },
2941
+ });
2942
+
2943
+ // Update (data replaces wholesale; last-write-wins on the data field)
2944
+ await adminClient.content.update(faq.id, {
2945
+ data: { items: [{ question: 'How long?', answer: 'Updated answer.' }] },
2946
+ });
2947
+
2948
+ // Publish / unpublish
2949
+ await adminClient.content.publish(faq.id);
2950
+ await adminClient.content.unpublish(faq.id);
2951
+
2952
+ // Hard delete
2953
+ await adminClient.content.remove(faq.id);
2954
+ \`\`\`
2955
+
2956
+ Write operations throw if called from vibe-coded or storefront mode.
2957
+
2958
+ ### Reserved key convention
2959
+
2960
+ \`'main'\` is reserved as the universal default. Don't use it for topical
2961
+ entries \u2014 pick a descriptive slug (\`'shipping'\`, \`'returns'\`, \`'about'\`,
2962
+ \`'holiday-2026'\`). The validation rule is \`^[a-z][a-z0-9-]*$\`, max 64 chars.
2963
+
2964
+ ### See also
2965
+
2966
+ - \`get-business-flows\` with \`flow: 'content-bootstrap'\` for the full
2967
+ layout / FAQ / page recipe.
2968
+ - \`get-required-features\` lists each Content surface (\`site-header\`,
2969
+ \`site-footer\`, \`announcement-bar\`, \`faq-page\`, \`static-pages\`).
2970
+ - \`get-type-definitions\` with \`domain: 'content'\` for the TypeScript
2971
+ interfaces.`;
2972
+ }
2728
2973
  function getSectionByTopic(topic, connectionId, currency) {
2729
2974
  const cid = connectionId || "vc_YOUR_CONNECTION_ID";
2730
2975
  const cur = currency || "USD";
@@ -2771,6 +3016,8 @@ function getSectionByTopic(topic, connectionId, currency) {
2771
3016
  return getAdminApiSection();
2772
3017
  case "inquiries":
2773
3018
  return getContactInquiriesSection();
3019
+ case "content":
3020
+ return getContentSection();
2774
3021
  case "all":
2775
3022
  return [
2776
3023
  "# Brainerce SDK \u2014 full topic dump",
@@ -2859,10 +3106,14 @@ function getSectionByTopic(topic, connectionId, currency) {
2859
3106
  "",
2860
3107
  "---",
2861
3108
  "",
2862
- getContactInquiriesSection()
3109
+ getContactInquiriesSection(),
3110
+ "",
3111
+ "---",
3112
+ "",
3113
+ getContentSection()
2863
3114
  ].join("\n");
2864
3115
  default:
2865
- return `Unknown topic: "${topic}". Available topics: setup, products, cart, checkout, checkout-custom-fields, payment, auth, order-confirmation, inventory, discounts, recommendations, product-customization-fields, tax, i18n, critical-rules, type-reference, admin, inquiries, all`;
3116
+ return `Unknown topic: "${topic}". Available topics: setup, products, cart, checkout, checkout-custom-fields, payment, auth, order-confirmation, inventory, discounts, recommendations, product-customization-fields, tax, i18n, critical-rules, type-reference, admin, inquiries, content, all`;
2866
3117
  }
2867
3118
  }
2868
3119
 
@@ -2890,6 +3141,7 @@ var GET_SDK_DOCS_SCHEMA = {
2890
3141
  "i18n",
2891
3142
  "admin",
2892
3143
  "inquiries",
3144
+ "content",
2893
3145
  "all"
2894
3146
  ]).describe("The SDK documentation topic to retrieve"),
2895
3147
  salesChannelId: import_zod.z.string().optional().describe("Sales channel ID (starts with vc_). Used to personalize setup code."),
@@ -2921,11 +3173,11 @@ interface Product {
2921
3173
  description?: string | null;
2922
3174
  descriptionFormat?: 'text' | 'html' | 'markdown' | null;
2923
3175
  sku: string;
2924
- basePrice: string; // Use parseFloat() for calculations
2925
- salePrice?: string | null;
3176
+ basePrice: string; // For VARIABLE products: MIN(variants.price). For SIMPLE: the parent price. parseFloat() for math.
3177
+ salePrice?: string | null; // For VARIABLE: MIN(variants.salePrice WHERE NOT NULL) \u2014 null iff no variant is on sale (WC is_on_sale() semantic). For SIMPLE: the parent sale price. Reliable "on sale?" check: product.salePrice !== null.
2926
3178
  costPrice?: string | null;
2927
- priceMin?: string | null; // Lowest variant price (VARIABLE products). Use for catalog/JSON-LD range display.
2928
- priceMax?: string | null; // Highest variant price (VARIABLE products).
3179
+ priceMin?: string | null; // Lowest variant price (VARIABLE products) \u2014 same as basePrice for VARIABLE, kept for back-compat and JSON-LD range display.
3180
+ priceMax?: string | null; // Highest variant price (VARIABLE products). Use with priceMin for "\u20AA49 \u2013 \u20AA199" range.
2929
3181
  priceVaries?: boolean; // true when variant prices differ \u2014 show "\u20AA49 \u2013 \u20AA199" range.
2930
3182
  status: string;
2931
3183
  type: 'SIMPLE' | 'VARIABLE';
@@ -3041,6 +3293,11 @@ interface ProductQueryParams {
3041
3293
  metafields?: Record<string, string | string[]>;
3042
3294
  sortBy?: 'name' | 'price' | 'createdAt';
3043
3295
  sortOrder?: 'asc' | 'desc';
3296
+ // PRD \xA722: resolve DISPLAY prices for this region. When set + valid, each
3297
+ // product/variant gains resolvedPrice/resolvedCurrency/priceSource (additive;
3298
+ // basePrice/salePrice untouched). Absent/invalid region \u2192 nothing attached.
3299
+ // Display-only. Ignored in vibe-coded (vc_*) mode (storefront/admin paths only).
3300
+ regionId?: string;
3044
3301
  }
3045
3302
 
3046
3303
  interface SearchSuggestions {
@@ -3166,6 +3423,7 @@ interface Checkout {
3166
3423
  status: CheckoutStatus;
3167
3424
  email?: string | null;
3168
3425
  customerId?: string | null;
3426
+ regionId?: string | null; // multi-region: recorded for reporting + provider scoping (currency follows the cart until FX lands)
3169
3427
  shippingAddress?: CheckoutAddress | null;
3170
3428
  billingAddress?: CheckoutAddress | null;
3171
3429
  shippingRateId?: string | null;
@@ -3242,6 +3500,7 @@ interface CreateCheckoutDto {
3242
3500
  cartId: string;
3243
3501
  customerId?: string;
3244
3502
  selectedItemIds?: string[]; // Partial checkout
3503
+ regionId?: string; // multi-region: associate the checkout with a region (must belong to the store; 400 if unknown)
3245
3504
  }
3246
3505
 
3247
3506
  // startGuestCheckout() return type \u2014 DISCRIMINATED UNION
@@ -3260,6 +3519,8 @@ interface TaxBreakdownItem {
3260
3519
  name: string;
3261
3520
  rate: number; // decimal: 0.17 = 17%
3262
3521
  amount: number;
3522
+ taxClassId?: string | null; // rate's tax class (null = Standard)
3523
+ taxClassSlug?: string | null; // class slug for attribution (null = Standard)
3263
3524
  }`;
3264
3525
  var ORDERS_TYPES = `// ---- Orders ----
3265
3526
 
@@ -3317,6 +3578,7 @@ interface OrderItem {
3317
3578
  // Snapshot of buyer-submitted customization values captured at checkout.
3318
3579
  // Keyed by metafield slug. \`value\` is string[] for MULTI_SELECT / GALLERY, string otherwise.
3319
3580
  customizations?: Record<string, { label: string; value: string | string[]; type: string }>;
3581
+ taxClassSlug?: string; // frozen slug of the line's resolved tax class (omitted = Standard fallback)
3320
3582
  }
3321
3583
 
3322
3584
  interface OrderCustomer {
@@ -3499,7 +3761,7 @@ function formatPrice(priceString: string | number | undefined | null, options?:
3499
3761
  function getProductPrice(product: Pick<Product, 'basePrice' | 'salePrice'>): number;
3500
3762
  function getProductPriceInfo(product: Pick<Product, 'basePrice' | 'salePrice' | 'discount' | 'priceMin' | 'priceVaries'>): {
3501
3763
  price: number; originalPrice: number; isOnSale: boolean; discountAmount: number; discountPercent: number;
3502
- }; // Falls back to priceMin when basePrice=0 (VARIABLE products)
3764
+ }; // For VARIABLE products, basePrice/salePrice are pre-aggregated (MIN of variants) \u2014 the helper just reads them. Use this whenever you need an "on sale?" badge or a "X% off" label.
3503
3765
  function getVariantPrice(variant: Pick<ProductVariant, 'price' | 'salePrice'>, productBasePrice: string): number;
3504
3766
 
3505
3767
  // Cart helpers
@@ -3882,6 +4144,245 @@ export interface ModifierValidationError {
3882
4144
  // The cart line then carries:
3883
4145
  // cart.items[i].modifiers \u2014 CartItemModifierLine[]
3884
4146
  // cart.items[i].modifiersTotal \u2014 decimal string of the paid (non-free) deltas`;
4147
+ var CONTENT_TYPES = `// ---- Content (typed merchant content store) ----
4148
+ // Brainerce ships a typed content store so merchants can edit FAQ, footer,
4149
+ // header, announcements, rich text, and static pages in the dashboard
4150
+ // without re-prompting the AI that built the storefront. Every row has a
4151
+ // 'type' + 'key' + typed 'data' payload + free-form 'customFields'.
4152
+ //
4153
+ // SECURITY (read carefully):
4154
+ // RICH_TEXT.html, PAGE.html, and FAQ answers are MERCHANT-AUTHORED HTML.
4155
+ // ALWAYS sanitize with isomorphic-dompurify (or equivalent) before
4156
+ // injecting via dangerouslySetInnerHTML. The server does NOT pre-sanitize
4157
+ // because some merchants embed iframes (e.g. YouTube) which strict
4158
+ // sanitizers would strip; the storefront chooses the policy.
4159
+ //
4160
+ // 404 contract: client.content.<type>.get(key) returns null when no
4161
+ // PUBLISHED row exists. Always render a hard-coded fallback on null so
4162
+ // the page never crashes when the merchant hasn't seeded yet.
4163
+ //
4164
+ // Default key: every type has 'main' as its universal default. Pass no
4165
+ // argument to fetch the main entry; pass a custom key ('shipping',
4166
+ // 'holiday-2026', 'about') for topical entries.
4167
+
4168
+ export type ContentType = 'FAQ' | 'FOOTER' | 'HEADER' | 'ANNOUNCEMENT' | 'RICH_TEXT' | 'PAGE';
4169
+ export type ContentStatus = 'DRAFT' | 'PUBLISHED';
4170
+
4171
+ export interface FaqItem {
4172
+ question: string;
4173
+ /** Sanitized HTML \u2014 sanitize before rendering. */
4174
+ answer: string;
4175
+ }
4176
+ export interface FaqContent { items: FaqItem[] }
4177
+
4178
+ export interface FooterLink { label: string; url: string }
4179
+ export interface FooterColumn { title: string; links: FooterLink[] }
4180
+ export interface FooterSocialLink { platform: string; url: string } // 'instagram' | 'facebook' | 'x' | ...
4181
+ export interface FooterContent {
4182
+ columns: FooterColumn[];
4183
+ copyright?: string;
4184
+ social?: FooterSocialLink[];
4185
+ }
4186
+
4187
+ export interface HeaderLogo { src: string; alt: string }
4188
+ export interface HeaderNavItem { label: string; url: string }
4189
+ export interface HeaderCta { label: string; url: string }
4190
+ export interface HeaderContent {
4191
+ logo?: HeaderLogo;
4192
+ navItems: HeaderNavItem[];
4193
+ cta?: HeaderCta;
4194
+ }
4195
+
4196
+ export type AnnouncementSeverity = 'info' | 'warning' | 'success';
4197
+ export interface AnnouncementContent {
4198
+ message: string;
4199
+ severity: AnnouncementSeverity;
4200
+ dismissible: boolean;
4201
+ /** ISO 8601 \u2014 filter client-side. */
4202
+ startsAt?: string;
4203
+ endsAt?: string;
4204
+ ctaLabel?: string;
4205
+ ctaHref?: string;
4206
+ }
4207
+
4208
+ export interface RichTextContent {
4209
+ /** Raw HTML \u2014 sanitize before rendering. */
4210
+ html: string;
4211
+ }
4212
+
4213
+ export interface PageSeo {
4214
+ title?: string;
4215
+ description?: string;
4216
+ ogImage?: string;
4217
+ }
4218
+ export interface PageContent {
4219
+ /** URL slug, lower-kebab. */
4220
+ slug: string;
4221
+ title: string;
4222
+ /** Raw HTML \u2014 sanitize before rendering. */
4223
+ html: string;
4224
+ seo?: PageSeo;
4225
+ }
4226
+
4227
+ export interface ContentSummary {
4228
+ id: string;
4229
+ type: ContentType;
4230
+ key: string;
4231
+ name: string;
4232
+ status: ContentStatus;
4233
+ position: number;
4234
+ updatedAt: string;
4235
+ }
4236
+
4237
+ export interface Content<T extends ContentType = ContentType> extends ContentSummary {
4238
+ type: T;
4239
+ data: T extends 'FAQ' ? FaqContent
4240
+ : T extends 'FOOTER' ? FooterContent
4241
+ : T extends 'HEADER' ? HeaderContent
4242
+ : T extends 'ANNOUNCEMENT' ? AnnouncementContent
4243
+ : T extends 'RICH_TEXT' ? RichTextContent
4244
+ : T extends 'PAGE' ? PageContent
4245
+ : never;
4246
+ /** Free-form merchant-defined extras. Read keys the merchant told you to expect. */
4247
+ customFields: Record<string, string>;
4248
+ salesChannelIds: string[];
4249
+ }
4250
+
4251
+ // ---- SDK usage examples ----
4252
+ //
4253
+ // FAQ \u2014 render an accordion from the main FAQ (or a topical one):
4254
+ // const faq = await client.content.faq.get('main', locale); // 'shipping', 'returns', ...
4255
+ // if (faq) {
4256
+ // faq.data.items.forEach(({ question, answer }) => {
4257
+ // // Render question + sanitize(answer) \u2014 never inject raw HTML.
4258
+ // });
4259
+ // }
4260
+ //
4261
+ // Footer \u2014 server component in root layout:
4262
+ // const footer = await client.content.footer.get('main', locale);
4263
+ // if (!footer) return <Fallback />;
4264
+ // // Render footer.data.columns, footer.data.social, footer.data.copyright
4265
+ //
4266
+ // Header \u2014 same pattern as footer:
4267
+ // const header = await client.content.header.get('main', locale);
4268
+ //
4269
+ // Announcement \u2014 multiple may be active; filter by date client-side:
4270
+ // const announcements = await client.content.announcement.list(locale);
4271
+ // const now = Date.now();
4272
+ // const active = announcements.filter((a) => {
4273
+ // const startOk = !a.data.startsAt || new Date(a.data.startsAt).getTime() <= now;
4274
+ // const endOk = !a.data.endsAt || new Date(a.data.endsAt).getTime() >= now;
4275
+ // return startOk && endOk;
4276
+ // });
4277
+ //
4278
+ // Rich text \u2014 inline block anywhere on a page:
4279
+ // const block = await client.content.richText.get('about-intro', locale);
4280
+ // <div dangerouslySetInnerHTML={{ __html: sanitize(block.data.html) }} />
4281
+ //
4282
+ // Page \u2014 catch-all route by slug (e.g. /about, /terms, /privacy):
4283
+ // // app/[slug]/page.tsx
4284
+ // const page = await client.content.page.getBySlug(params.slug, locale);
4285
+ // if (!page) notFound();
4286
+ // // page.data.title, page.data.html, page.data.seo
4287
+ // return <article dangerouslySetInnerHTML={{ __html: sanitize(page.data.html) }} />;
4288
+ //
4289
+ // Custom fields \u2014 every Content row carries a free-form Record<string, string>:
4290
+ // const faq = await client.content.faq.get('shipping');
4291
+ // <a href={\`mailto:\${faq.customFields.helpEmail}\`}>Need help?</a>
4292
+ //
4293
+ // Cache \u2014 public reads carry Cache-Control: public, max-age=300,
4294
+ // stale-while-revalidate=60. Storefront changes propagate within ~5 min
4295
+ // of the merchant publishing. Do not add extra client-side caching
4296
+ // beyond Next.js's default fetch cache.`;
4297
+ var REGIONS_TYPES = `// ---- Regions & Tax Classes (Admin mode, apiKey) ----
4298
+ // storeId is derived from the API key \u2014 never pass it on admin calls.
4299
+
4300
+ // ---- Regions ---- (scopes: regions:read / regions:write)
4301
+ // A region binds countries \u2192 currency + tax-display mode + payment providers.
4302
+ interface Region {
4303
+ id: string;
4304
+ accountId: string;
4305
+ storeId: string;
4306
+ name: string;
4307
+ slug: string;
4308
+ currency: string; // ISO 4217, e.g. "EUR"
4309
+ countries: string[]; // ISO 3166-1 alpha-2, e.g. ["DE","FR"]
4310
+ taxInclusive: boolean; // show prices tax-inclusive in this region?
4311
+ automaticTaxes: boolean;
4312
+ isDefault: boolean; // fallback when buyer's country maps to no region
4313
+ isActive: boolean;
4314
+ paymentProviders?: RegionPaymentProvider[];
4315
+ createdAt: string;
4316
+ updatedAt: string;
4317
+ }
4318
+
4319
+ interface RegionPaymentProvider {
4320
+ id: string;
4321
+ regionId: string;
4322
+ appInstallationId: string;
4323
+ isEnabled: boolean;
4324
+ createdAt: string;
4325
+ }
4326
+
4327
+ interface CreateRegionDto {
4328
+ name: string;
4329
+ currency: string; // ISO 4217
4330
+ countries: string[]; // ISO 3166-1 alpha-2
4331
+ taxInclusive?: boolean;
4332
+ automaticTaxes?: boolean;
4333
+ isDefault?: boolean;
4334
+ paymentProviderIds?: string[]; // AppInstallation IDs to enable here
4335
+ }
4336
+ interface UpdateRegionDto extends Partial<CreateRegionDto> { isActive?: boolean }
4337
+
4338
+ // client.detectRegion(country, regions): Region | null \u2014 pure, no network.
4339
+ // \u2192 region whose countries includes the code, else the default region, else null.
4340
+ // Pass the resolved regionId to createCheckout to associate the checkout with a
4341
+ // region (recorded for reporting + provider scoping; currency follows the cart
4342
+ // until FX price conversion lands).
4343
+ //
4344
+ // Storefront (public, no apiKey \u2014 storeId mode):
4345
+ interface PublicRegion {
4346
+ id: string; name: string; slug: string; currency: string;
4347
+ countries: string[]; taxInclusive: boolean; isDefault: boolean;
4348
+ }
4349
+ interface PublicRegionDetail extends PublicRegion {
4350
+ paymentProviders: Array<{ id: string; appId: string; name: string | null }>;
4351
+ }
4352
+ // getStoreRegions(): { data: PublicRegion[] } \u2014 active regions, default first.
4353
+ // getStoreRegion(regionId): PublicRegionDetail \u2014 one region + its providers.
4354
+
4355
+ // ---- Tax Classes ---- (scopes: tax-classes:read / tax-classes:write)
4356
+ // Charge differential rates by product type. A TaxRate may target a class via
4357
+ // taxClassId; a rate with taxClassId=null is the Standard fallback. Per-line
4358
+ // resolution: variant \u2192 product \u2192 category \u2192 store default \u2192 null.
4359
+ interface TaxClass {
4360
+ id: string;
4361
+ accountId: string;
4362
+ storeId: string;
4363
+ name: string;
4364
+ slug: string; // kebab-case, unique per store
4365
+ description?: string | null;
4366
+ isDefault: boolean; // auto-applied to products without an explicit class
4367
+ createdAt: string;
4368
+ updatedAt: string;
4369
+ }
4370
+ interface CreateTaxClassDto { name: string; slug: string; description?: string; isDefault?: boolean }
4371
+ type UpdateTaxClassDto = Partial<CreateTaxClassDto>;
4372
+ // Bulk-assign a class to entities:
4373
+ interface AssignTaxClassDto { productIds?: string[]; variantIds?: string[]; categoryIds?: string[] }
4374
+
4375
+ // TaxRate / CreateTaxRateDto carry an optional taxClassId (null = Standard).
4376
+ // rate is a WHOLE PERCENTAGE (7.25 = 7.25%).
4377
+ //
4378
+ // SDK methods (admin):
4379
+ // Regions: getRegions(), getRegion(id), createRegion(dto), updateRegion(id, dto),
4380
+ // deleteRegion(id), setDefaultRegion(id), updateRegionPaymentProviders(id, ids),
4381
+ // addRegionCountries(id, codes), removeRegionCountry(id, code),
4382
+ // getRegionCompatibleProviders(id), detectRegion(country, regions)
4383
+ // Tax classes: getTaxClasses(), getTaxClass(id), createTaxClass(dto), updateTaxClass(id, dto),
4384
+ // deleteTaxClass(id), setDefaultTaxClass(id), assignTaxClass(id, dto),
4385
+ // mergeTaxClasses(id, targetId)`;
3885
4386
  var TYPES_BY_DOMAIN = {
3886
4387
  products: PRODUCTS_TYPES,
3887
4388
  cart: CART_TYPES,
@@ -3892,7 +4393,9 @@ var TYPES_BY_DOMAIN = {
3892
4393
  helpers: HELPERS_TYPES,
3893
4394
  inquiries: INQUIRIES_TYPES,
3894
4395
  reviews: REVIEWS_TYPES,
3895
- "modifier-groups": MODIFIER_GROUPS_TYPES
4396
+ "modifier-groups": MODIFIER_GROUPS_TYPES,
4397
+ content: CONTENT_TYPES,
4398
+ regions: REGIONS_TYPES
3896
4399
  };
3897
4400
  function getTypesByDomain(domain) {
3898
4401
  if (domain === "all") {
@@ -3923,9 +4426,12 @@ var GET_TYPE_DEFINITIONS_SCHEMA = {
3923
4426
  "helpers",
3924
4427
  "inquiries",
3925
4428
  "reviews",
4429
+ "modifier-groups",
4430
+ "content",
4431
+ "regions",
3926
4432
  "all"
3927
4433
  ]).describe(
3928
- 'The domain of types to retrieve. Use "helpers" for helper function signatures and common types like StoreInfo, PaginatedResponse.'
4434
+ 'The domain of types to retrieve. Use "helpers" for helper function signatures and common types like StoreInfo, PaginatedResponse. Use "content" for FAQ / Footer / Header / Announcement / RichText / Page. Use "regions" for Region / TaxClass admin types.'
3929
4435
  )
3930
4436
  };
3931
4437
  async function handleGetTypeDefinitions(args) {
@@ -4472,8 +4978,10 @@ client.setLocale(locale);
4472
4978
  // order bumps, search suggestions, discount banners, nudges,
4473
4979
  // badges, order history.
4474
4980
 
4475
- // For RTL locales (he, ar), set the document direction.
4476
- // Framework-neutral: document.documentElement.setAttribute('dir', 'rtl');`,
4981
+ // For RTL direction, do not hardcode the locale list. Ask the SDK:
4982
+ // const dir = client.getStoreDirection(currentLocale); // 'ltr' | 'rtl'
4983
+ // document.documentElement.setAttribute('dir', dir);
4984
+ // (Or in React: <html dir={dir}>...</html>.)`,
4477
4985
  "order-history-full": `// Full "My Orders" account page. Render every piece of data the server
4478
4986
  // already returns \u2014 not just order number / total / status.
4479
4987
  //
@@ -5565,7 +6073,7 @@ var RULES = {
5565
6073
  body: `- NEVER hardcode currency, locale, or language strings. Read them from \`get-store-info\` / \`get-store-capabilities\` and use the configured values.
5566
6074
  - NEVER format prices with \`toFixed(2)\` or custom logic. Use \`formatPrice()\` from the SDK \u2014 it honors the store's currency and locale.
5567
6075
  - When the store has i18n enabled (\`capabilities.store.i18n.enabled === true\`), you MUST call \`client.setLocale(locale)\` at app init and include a language switcher. All SDK reads will then return localized content automatically.
5568
- - For RTL locales (\`he\`, \`ar\`), set the document direction to RTL. Do not manually reverse flex layouts \u2014 the platform's CSS reversal handles it.`
6076
+ - For RTL direction, do NOT maintain a local list of RTL locales. Call \`client.getStoreDirection(locale)\` \u2014 it returns \`'ltr' | 'rtl'\` for any BCP-47 tag (covers Arabic, Hebrew, Persian, Urdu, Yiddish, and any future RTL locales the platform adds). Set \`<html dir={...}>\` from this value. The platform's CSS reversal handles flex layouts \u2014 do not manually swap them.`
5569
6077
  },
5570
6078
  types: {
5571
6079
  title: "Type safety",
@@ -5613,6 +6121,7 @@ var GET_BUSINESS_FLOWS_SCHEMA = {
5613
6121
  "cart-persistence",
5614
6122
  "inventory-reservation",
5615
6123
  "product-customization",
6124
+ "content-bootstrap",
5616
6125
  "all"
5617
6126
  ]).describe('Which flow to retrieve. Use "all" to get every flow.')
5618
6127
  };
@@ -5712,11 +6221,16 @@ Build both steps EVEN IF the store has no email provider configured today \u2014
5712
6221
  });
5713
6222
  window.location.href = authorizationUrl; // full-page redirect, NOT a popup
5714
6223
  \`\`\`
5715
- 3. **On the callback page** the URL contains \`token\` + \`oauth_success\` (or \`oauth_error\`) query params. Extract and apply the token:
6224
+ 3. **On the callback page** the URL contains \`auth_code\` + \`oauth_success\` (or \`oauth_error\`) query params. Exchange the single-use code for the JWT \u2014 never read the token from the URL:
5716
6225
  \`\`\`ts
5717
- const token = new URLSearchParams(location.search).get('token');
5718
- if (token) client.setCustomerToken(token); // then redirect to account
6226
+ const params = new URLSearchParams(location.search);
6227
+ const code = params.get('auth_code');
6228
+ if (code) {
6229
+ const result = await client.exchangeOAuthCode(code);
6230
+ client.setCustomerToken(result.token); // then redirect to account
6231
+ }
5719
6232
  \`\`\`
6233
+ The legacy \`?token=\` URL param is still emitted for backward compatibility but will be removed in the next major release \u2014 migrate to \`auth_code\` now.
5720
6234
  4. **On \`oauth_error\`:** redirect to login with an error message.
5721
6235
 
5722
6236
  Build the OAuth button region AND the callback handler even when no providers are configured. They auto-hide.`
@@ -5803,6 +6317,76 @@ Server-side guardrails that WILL reject bad requests (so validate client-side to
5803
6317
  - More than 10 uploads per IP per minute \u2192 429.
5804
6318
 
5805
6319
  Never render customization fields without also wiring the upload + metadata flow \u2014 a form that submits nothing is worse than no form at all.`
6320
+ },
6321
+ "content-bootstrap": {
6322
+ title: "Content Bootstrap \u2014 site chrome & static content",
6323
+ body: `Every Brainerce storefront should render merchant-defined site chrome (header, footer, announcements, FAQ, static pages) from the Content API. The merchant edits these in the Brainerce dashboard; storefronts pick up changes within ~5 minutes (public reads carry \`Cache-Control: public, max-age=300, stale-while-revalidate=60\`).
6324
+
6325
+ 1. **Fetch chrome at the root layout** (server component if Next.js). All three return \`null\` on 404 \u2014 render hard-coded fallbacks so the page never crashes when the merchant hasn't seeded yet.
6326
+ \`\`\`ts
6327
+ const [header, footer, announcements] = await Promise.all([
6328
+ client.content.header.get('main', locale),
6329
+ client.content.footer.get('main', locale),
6330
+ client.content.announcement.list(locale),
6331
+ ]);
6332
+ \`\`\`
6333
+
6334
+ 2. **FAQ \u2014 fetch lazily on the FAQ page.** Default key is \`'main'\`; pass a topical key (\`'shipping'\`, \`'returns'\`) for sub-FAQs.
6335
+ \`\`\`ts
6336
+ const faq = await client.content.faq.get('main', locale);
6337
+ if (faq) {
6338
+ faq.data.items.forEach(({ question, answer }) => {
6339
+ // sanitize(answer) \u2014 see step 4
6340
+ });
6341
+ }
6342
+ \`\`\`
6343
+
6344
+ 3. **Static pages \u2014 catch-all route by slug:**
6345
+ \`\`\`tsx
6346
+ // app/[slug]/page.tsx
6347
+ export default async function Page({ params }) {
6348
+ const page = await client.content.page.getBySlug(params.slug, locale);
6349
+ if (!page) notFound();
6350
+ return (
6351
+ <article dangerouslySetInnerHTML={{ __html: sanitize(page.data.html) }} />
6352
+ );
6353
+ }
6354
+ \`\`\`
6355
+
6356
+ 4. **SECURITY \u2014 sanitize HTML before rendering.** \`FAQ.items[i].answer\`, \`PAGE.html\`, and \`RICH_TEXT.html\` are merchant-authored HTML. The server does NOT pre-sanitize because some merchants embed iframes (e.g. YouTube). Always sanitize at the edge of your render:
6357
+ \`\`\`ts
6358
+ import DOMPurify from 'isomorphic-dompurify';
6359
+ const safe = DOMPurify.sanitize(rawHtml);
6360
+ <div dangerouslySetInnerHTML={{ __html: safe }} />;
6361
+ \`\`\`
6362
+ Skipping this is XSS.
6363
+
6364
+ 5. **Announcements \u2014 multiple may be active; filter by date client-side:**
6365
+ \`\`\`ts
6366
+ const now = Date.now();
6367
+ const visible = announcements.filter((a) => {
6368
+ const startOk = !a.data.startsAt || new Date(a.data.startsAt).getTime() <= now;
6369
+ const endOk = !a.data.endsAt || new Date(a.data.endsAt).getTime() >= now;
6370
+ return startOk && endOk;
6371
+ });
6372
+ \`\`\`
6373
+
6374
+ 6. **RTL direction \u2014 call \`client.getStoreDirection(locale)\`:**
6375
+ \`\`\`tsx
6376
+ const dir = client.getStoreDirection(locale);
6377
+ <html lang={locale} dir={dir}>...</html>
6378
+ \`\`\`
6379
+ Do NOT maintain a local RTL locale set \u2014 the SDK helper covers Arabic / Hebrew / Persian / Urdu / Yiddish today and picks up any future RTL locale automatically.
6380
+
6381
+ 7. **Custom fields \u2014 every Content row has free-form \`customFields: Record<string, string>\`.** Read keys the merchant told you to expect:
6382
+ \`\`\`ts
6383
+ const faq = await client.content.faq.get('shipping');
6384
+ <a href={\`mailto:\${faq.customFields.helpEmail}\`}>Need help?</a>
6385
+ \`\`\`
6386
+
6387
+ 8. **Cache:** public reads carry \`Cache-Control: public, max-age=300, stale-while-revalidate=60\`. Don't add extra client-side caching beyond Next.js's default fetch cache \u2014 merchants expect their edits to appear within ~5 minutes.
6388
+
6389
+ **Translations.** All public reads accept a \`locale\` argument; the server resolves \`translations[locale]\` server-side. Empty / missing overlays fall through to the default-locale value. The storefront does NOT need to do its own per-field overlay \u2014 call with the active locale and render what comes back.`
5806
6390
  }
5807
6391
  };
5808
6392
  var FLOW_ORDER = [
@@ -5814,7 +6398,8 @@ var FLOW_ORDER = [
5814
6398
  "order-confirmation",
5815
6399
  "cart-persistence",
5816
6400
  "inventory-reservation",
5817
- "product-customization"
6401
+ "product-customization",
6402
+ "content-bootstrap"
5818
6403
  ];
5819
6404
  async function handleGetBusinessFlows(args) {
5820
6405
  const header = "# Brainerce Business Flows\n\nThese sequences are framework-neutral and non-negotiable. Your framework and file layout are your choice \u2014 the order of SDK calls and the error handling is not.";
@@ -6026,11 +6611,57 @@ var FEATURES = [
6026
6611
  {
6027
6612
  id: "i18n",
6028
6613
  title: "Serve multiple languages with a language switcher",
6029
- description: "When i18n is enabled, the experience routes by locale, sets the SDK locale (client.setLocale), includes a language switcher in the header, and renders RTL locales (he, ar) with the correct document direction.",
6030
- sdk: "client.setLocale(locale). Read supported locales from get-store-capabilities.store.i18n.",
6614
+ description: "When i18n is enabled, the experience routes by locale, sets the SDK locale (client.setLocale), includes a language switcher in the header, and renders the correct document direction by reading client.getStoreDirection(locale) \u2014 do not hardcode an RTL locale set.",
6615
+ sdk: "client.setLocale(locale). client.getStoreDirection(locale) for <html dir>. Read supported locales from get-store-capabilities.store.i18n.",
6031
6616
  mandatory: "conditional",
6032
6617
  capabilityFlag: "i18n",
6033
6618
  whenDisabledNote: "This store is single-language. Do not build the language switcher."
6619
+ },
6620
+ {
6621
+ id: "site-header",
6622
+ title: "Site header from merchant content (logo + nav + CTA)",
6623
+ description: 'Fetch client.content.header.get("main", locale) in the root layout. Returns null when the merchant has not seeded yet \u2014 render a hard-coded fallback so the page never crashes. Renders header.data.logo, header.data.navItems[], header.data.cta if present.',
6624
+ sdk: 'client.content.header.get("main", locale)',
6625
+ flowRef: "content-bootstrap",
6626
+ mandatory: "mandatory"
6627
+ },
6628
+ {
6629
+ id: "site-footer",
6630
+ title: "Site footer from merchant content (columns + social + copyright)",
6631
+ description: 'Fetch client.content.footer.get("main", locale) in the root layout. Returns null when unseeded \u2014 render a hard-coded fallback. Render footer.data.columns[].links, footer.data.social[], footer.data.copyright.',
6632
+ sdk: 'client.content.footer.get("main", locale)',
6633
+ flowRef: "content-bootstrap",
6634
+ mandatory: "mandatory"
6635
+ },
6636
+ {
6637
+ id: "announcement-bar",
6638
+ title: "Announcement bar at the top of every page",
6639
+ description: "Fetch client.content.announcement.list(locale) in the root layout. Filter by data.startsAt / data.endsAt client-side. Render a dismissible bar when data.dismissible=true. Build the UI anyway \u2014 it auto-hides when no announcements exist.",
6640
+ sdk: "client.content.announcement.list(locale)",
6641
+ flowRef: "content-bootstrap",
6642
+ mandatory: "conditional",
6643
+ capabilityFlag: "hasContent",
6644
+ whenDisabledNote: "Store has no published Content rows yet. Build the announcement bar anyway \u2014 it auto-hides on empty."
6645
+ },
6646
+ {
6647
+ id: "faq-page",
6648
+ title: "FAQ page rendered from merchant content",
6649
+ description: 'Build /faq as an accordion fed by client.content.faq.get("main", locale). For topical FAQs, use a key parameter (shipping, returns, ...). Always sanitize answer HTML before injecting via dangerouslySetInnerHTML. Build the page anyway \u2014 it auto-hides or 404s when no FAQ rows exist.',
6650
+ sdk: 'client.content.faq.get("main", locale), client.content.faq.list(locale)',
6651
+ flowRef: "content-bootstrap",
6652
+ mandatory: "conditional",
6653
+ capabilityFlag: "hasContent",
6654
+ whenDisabledNote: "No FAQ content yet. Build /faq anyway \u2014 it auto-hides on empty."
6655
+ },
6656
+ {
6657
+ id: "static-pages",
6658
+ title: "Static pages from merchant content (About, Terms, Privacy, \u2026)",
6659
+ description: "Mount a catch-all app/[slug]/page.tsx route. Inside, call client.content.page.getBySlug(params.slug, locale). On null \u2192 notFound(). On hit, sanitize page.data.html before injecting via dangerouslySetInnerHTML. Generate <Metadata> from page.data.seo. Build the route anyway \u2014 it 404s on unknown slugs.",
6660
+ sdk: "client.content.page.getBySlug(slug, locale), client.content.page.list(locale)",
6661
+ flowRef: "content-bootstrap",
6662
+ mandatory: "conditional",
6663
+ capabilityFlag: "hasContent",
6664
+ whenDisabledNote: "No static pages yet. Build the catch-all route anyway \u2014 it 404s on unknown slugs."
6034
6665
  }
6035
6666
  ];
6036
6667
  function isFeatureActive(feature, caps) {
@@ -6081,6 +6712,9 @@ function renderCapabilitiesSummary(caps) {
6081
6712
  );
6082
6713
  lines.push(`- Downloadable products: ${caps.features.hasDownloadableProducts ? "yes" : "no"}`);
6083
6714
  lines.push(`- Checkout custom fields: ${caps.features.hasCheckoutCustomFields ? "yes" : "no"}`);
6715
+ lines.push(
6716
+ `- Content (FAQ/footer/header/announcements/pages): ${caps.features.hasContent ? "seeded" : "none \u2014 build chrome UI with fallbacks"}`
6717
+ );
6084
6718
  lines.push(
6085
6719
  `- Email verification: ${caps.connection.requireEmailVerification ? "required" : "not required (still build the verify-email flow)"}`
6086
6720
  );