@brightspot/ui-builder 2.0.2 → 5.0.4-pre.20260624

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@brightspot/ui-builder",
-  "version": "2.0.2",
+  "version": "5.0.4-pre.20260624",
   "type": "module",
   "license": "UNLICENSED",
   "description": "Zero-config build toolkit for Brightspot CMS front-end development.",
@@ -8,6 +8,10 @@
     "brightspot-ui": "./dist/index.js"
   },
   "exports": {
+    "./vite": {
+      "types": "./dist/vite/vite-config.d.ts",
+      "default": "./dist/vite/vite-config.js"
+    },
     "./configs/tsconfig.base.json": "./configs/tsconfig.base.json",
     "./configs/eslint.config.mjs": "./configs/eslint.config.mjs",
     "./configs/prettier.config.mjs": "./configs/prettier.config.mjs"

package/dist/commands/_load-config.d.ts

@@ -1,2 +0,0 @@
-import { type BuilderConfig } from '../lib/resolve-config.js';
-export declare function loadOrExit(): BuilderConfig;

package/dist/commands/_load-config.js

@@ -1,23 +0,0 @@
-import { log } from '../lib/logger.js';
-import { ConfigError, resolveConfig } from '../lib/resolve-config.js';
-// CLI-side wrapper around resolveConfig: prints warnings + a one-line
-// summary, and on ConfigError logs the message and exits 1. Lives next
-// to commands so the lib module stays free of process termination.
-export function loadOrExit() {
-    try {
-        const { config, warnings } = resolveConfig();
-        for (const w of warnings)
-            log.warn(w);
-        log.info(`basePath: ${config.basePath}`);
-        log.info(`entry: ${config.entry}`);
-        log.info(`format: ${config.format}${config.format === 'iife' && config.name ? ` (name: ${config.name})` : ''}`);
-        return config;
-    }
-    catch (e) {
-        if (e instanceof ConfigError) {
-            log.error(e.message);
-            process.exit(1);
-        }
-        throw e;
-    }
-}

package/dist/commands/build.d.ts

@@ -1 +0,0 @@
-export declare function build(): Promise<void>;

package/dist/commands/build.js

@@ -1,11 +0,0 @@
-import { build as viteBuild } from 'vite';
-import { log } from '../lib/logger.js';
-import { createBuildConfig } from '../vite/vite-config.js';
-import { loadOrExit } from './_load-config.js';
-export async function build() {
-    const builder = loadOrExit();
-    log.info(`Building ${builder.format.toUpperCase()} bundle...`);
-    const config = await createBuildConfig({ builder });
-    await viteBuild(config);
-    log.success(`Build complete — output in ${builder.output.dir}/`);
-}

package/dist/commands/dev.d.ts

@@ -1,6 +0,0 @@
-interface DevOptions {
-    port?: number;
-    url?: string;
-}
-export declare function dev(opts: DevOptions): Promise<void>;
-export {};

package/dist/commands/dev.js

@@ -1,38 +0,0 @@
-import fs from 'node:fs';
-import os from 'node:os';
-import path from 'node:path';
-import { createServer } from 'vite';
-import { log } from '../lib/logger.js';
-import { createDevConfig } from '../vite/vite-config.js';
-import { loadOrExit } from './_load-config.js';
-const LOCAL_URL_PATH = path.join(os.homedir(), '.brightspot', 'local-url');
-const DEFAULT_TARGET = 'http://localhost';
-export async function dev(opts) {
-    const builder = loadOrExit();
-    const target = opts.url ?? readLocalTarget();
-    const config = await createDevConfig({ builder, target, port: opts.port });
-    const server = await createServer(config);
-    await server.listen();
-    // Proxy root rarely renders useful HTML; land cmd-click on the app path.
-    const openPath = builder.dev?.openPath ?? '/cms/';
-    if (server.resolvedUrls && openPath !== '/') {
-        const append = (u) => new URL(openPath, u).href;
-        server.resolvedUrls.local = server.resolvedUrls.local.map(append);
-        server.resolvedUrls.network = server.resolvedUrls.network.map(append);
-    }
-    server.printUrls();
-    log.success('Dev server running — proxying to ' + target);
-}
-function readLocalTarget() {
-    try {
-        const url = fs.readFileSync(LOCAL_URL_PATH, 'utf8').trim();
-        if (url) {
-            log.info(`Proxy target: ${url}`);
-            return url;
-        }
-    }
-    catch {
-        log.warn(`${LOCAL_URL_PATH} not found — falling back to ${DEFAULT_TARGET}`);
-    }
-    return DEFAULT_TARGET;
-}

package/dist/commands/init.d.ts

@@ -1 +0,0 @@
-export declare function init(): Promise<void>;

package/dist/commands/init.js

@@ -1,71 +0,0 @@
-import fs from 'node:fs';
-import path from 'node:path';
-import { log } from '../lib/logger.js';
-const cwd = process.cwd();
-export async function init() {
-    log.info('Initializing Brightspot UI project...');
-    writeTsConfig();
-    writeEslintConfig();
-    patchPackageJson();
-    scaffoldEntryPoint();
-    log.success('Project initialized. Run `brightspot-ui dev` to start developing.');
-}
-function writeTsConfig() {
-    const tsConfigPath = path.join(cwd, 'tsconfig.json');
-    if (fs.existsSync(tsConfigPath)) {
-        log.warn('tsconfig.json already exists — skipping');
-        return;
-    }
-    const config = {
-        extends: '@brightspot/ui-builder/configs/tsconfig.base.json',
-    };
-    fs.writeFileSync(tsConfigPath, JSON.stringify(config, null, 2) + '\n');
-    log.success('Created tsconfig.json');
-}
-function writeEslintConfig() {
-    const eslintConfigPath = path.join(cwd, 'eslint.config.mjs');
-    if (fs.existsSync(eslintConfigPath)) {
-        log.warn('eslint.config.mjs already exists — skipping');
-        return;
-    }
-    const content = `import config from '@brightspot/ui-builder/configs/eslint.config.mjs'
-
-export default [...config]
-`;
-    fs.writeFileSync(eslintConfigPath, content);
-    log.success('Created eslint.config.mjs');
-}
-function patchPackageJson() {
-    const pkgPath = path.join(cwd, 'package.json');
-    if (!fs.existsSync(pkgPath)) {
-        log.warn('No package.json found — skipping script injection');
-        return;
-    }
-    const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
-    pkg.scripts = pkg.scripts ?? {};
-    pkg.scripts.dev = 'brightspot-ui dev';
-    pkg.scripts.build = 'brightspot-ui build';
-    pkg.prettier = '@brightspot/ui-builder/configs/prettier.config.mjs';
-    fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2) + '\n');
-    log.success('Patched package.json (scripts + prettier)');
-}
-function scaffoldEntryPoint() {
-    const srcDir = path.join(cwd, 'src');
-    const entryPath = path.join(srcDir, 'index.ts');
-    if (fs.existsSync(entryPath)) {
-        log.warn('src/index.ts already exists — skipping');
-        return;
-    }
-    if (!fs.existsSync(srcDir)) {
-        fs.mkdirSync(srcDir, { recursive: true });
-    }
-    const template = `// Entry point for Brightspot CMS bundle
-// Import your styles:
-// import './styles/main.css'
-
-// Import your modules:
-// import './tour'
-`;
-    fs.writeFileSync(entryPath, template);
-    log.success('Created src/index.ts');
-}

package/dist/index.d.ts

@@ -1,2 +0,0 @@
-#!/usr/bin/env node
-export {};

package/dist/index.js

@@ -1,26 +0,0 @@
-#!/usr/bin/env node
-import { program } from 'commander';
-program.name('brightspot-ui').description('Zero-config build toolkit for Brightspot CMS front-end development.');
-program
-    .command('init')
-    .description('Scaffold config files for a new Brightspot front-end project')
-    .action(async () => {
-    const { init } = await import('./commands/init.js');
-    await init();
-});
-program
-    .command('dev [url]')
-    .description('Start Vite dev server with HTTPS proxy to Brightspot')
-    .option('--port <port>', 'Dev server port', parseInt)
-    .action(async (url, opts) => {
-    const { dev } = await import('./commands/dev.js');
-    await dev({ ...opts, url });
-});
-program
-    .command('build')
-    .description('Build production bundle')
-    .action(async () => {
-    const { build } = await import('./commands/build.js');
-    await build();
-});
-program.parse();

package/dist/lib/logger.d.ts

@@ -1,6 +0,0 @@
-export declare const log: {
-    info(msg: string): void;
-    success(msg: string): void;
-    warn(msg: string): void;
-    error(msg: string): void;
-};

package/dist/lib/logger.js

@@ -1,15 +0,0 @@
-import pc from 'picocolors';
-export const log = {
-    info(msg) {
-        console.log(pc.cyan('ℹ'), msg);
-    },
-    success(msg) {
-        console.log(pc.green('✔'), msg);
-    },
-    warn(msg) {
-        console.log(pc.yellow('⚠'), msg);
-    },
-    error(msg) {
-        console.error(pc.red('✖'), msg);
-    },
-};

package/dist/lib/resolve-config.d.ts

@@ -1,23 +0,0 @@
-export interface BuilderConfig {
-    basePath: string;
-    entry: string;
-    format: 'es' | 'iife';
-    name?: string;
-    output: {
-        dir: string;
-        jsName: string;
-        cssName: string;
-    };
-    dev?: {
-        /** Path appended to printed dev URLs. "/" disables. */
-        openPath: string;
-    };
-}
-export interface ResolveResult {
-    config: BuilderConfig;
-    warnings: string[];
-}
-export declare class ConfigError extends Error {
-    constructor(message: string);
-}
-export declare function resolveConfig(): ResolveResult;

package/dist/lib/resolve-config.js

@@ -1,128 +0,0 @@
-import fs from 'node:fs';
-import path from 'node:path';
-export class ConfigError extends Error {
-    constructor(message) {
-        super(message);
-        this.name = 'ConfigError';
-    }
-}
-const DEFAULTS = {
-    entry: 'src/index.ts',
-    format: 'es',
-    output: {
-        dir: 'dist',
-        jsName: 'bundle.js',
-        cssName: 'style.css',
-    },
-    dev: {
-        openPath: '/cms/',
-    },
-};
-export function resolveConfig() {
-    const pkgPath = path.resolve(process.cwd(), 'package.json');
-    let pkg;
-    try {
-        pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
-    }
-    catch {
-        throw new ConfigError(`Could not read ${pkgPath}.`);
-    }
-    const raw = pkg['brightspot-ui'] ?? {};
-    const warnings = [];
-    const pkgName = pkg.name;
-    const basePath = resolveBasePath(raw.basePath, pkgName, warnings);
-    // Normalize leading `./` so downstream consumers (the proxy regex,
-    // the dev-entry bootstrap import URL) get a canonical form.
-    const entry = (raw.entry ?? DEFAULTS.entry).replace(/^\.\//, '');
-    const format = resolveFormat(raw.format);
-    const name = resolveIifeName(raw.name, format, pkgName, warnings);
-    const output = {
-        dir: raw.output?.dir ?? DEFAULTS.output.dir,
-        jsName: raw.output?.jsName ?? DEFAULTS.output.jsName,
-        cssName: raw.output?.cssName ?? DEFAULTS.output.cssName,
-    };
-    const openPath = resolveOpenPath(raw.dev?.openPath);
-    return { config: { basePath, entry, format, name, output, dev: { openPath } }, warnings };
-}
-function resolveOpenPath(explicit) {
-    const value = explicit ?? DEFAULTS.dev.openPath;
-    // Reject protocol-relative ('//host/...') so a misconfigured openPath
-    // can't redirect the printed dev URL off-site.
-    if (!value.startsWith('/') || value.startsWith('//')) {
-        throw new ConfigError(`dev.openPath "${value}" must start with a single "/".`);
-    }
-    return value;
-}
-function resolveBasePath(explicit, pkgName, warnings) {
-    if (explicit) {
-        if (!explicit.startsWith('/') || !explicit.endsWith('/')) {
-            throw new ConfigError(`basePath "${explicit}" must start and end with "/".`);
-        }
-        return explicit;
-    }
-    if (!pkgName) {
-        // BREAKING (2.0): pre-2.0 builds silently fell back to /_resource/dist/
-        // when both knobs were absent. We now exit so misconfigured monorepo
-        // packages don't ship to the wrong URL. Migration paths below.
-        throw new ConfigError('No basePath set in package.json#brightspot-ui.basePath, and no package.json#name to derive one from. ' +
-            'To migrate from @brightspot/ui-builder 1.x: ' +
-            'either set "name": "<slug>" in package.json (basePath will be inferred as /_resource/<slug>/cms/dist/), ' +
-            'or set "brightspot-ui": { "basePath": "/_resource/<slug>/cms/dist/" } explicitly.');
-    }
-    const inferred = `/_resource/${stripScope(pkgName)}/cms/dist/`;
-    warnings.push(`basePath was not set — inferred "${inferred}" from package.json#name "${pkgName}". ` +
-        `Set "brightspot-ui": { "basePath": "..." } in package.json to silence this warning.`);
-    return inferred;
-}
-function resolveFormat(value) {
-    if (value === undefined)
-        return DEFAULTS.format;
-    if (value !== 'es' && value !== 'iife') {
-        throw new ConfigError(`format "${value}" must be "es" or "iife".`);
-    }
-    return value;
-}
-// Vite library mode requires `name` whenever formats include 'iife' or
-// 'umd' — it's a config-time check, not a function-of-whether-the-entry-
-// has-exports check. So when the consumer chooses iife and hasn't set
-// name, we derive a PascalCase identifier from package.json#name
-// (@brightspot/platform-tours -> PlatformTours) and warn. Returns
-// undefined when format is es (name is irrelevant). Throws when iife
-// is chosen but no valid identifier can be derived.
-function resolveIifeName(explicit, format, pkgName, warnings) {
-    if (explicit !== undefined) {
-        if (!isValidJsIdentifier(explicit)) {
-            throw new ConfigError(`name "${explicit}" is not a valid JavaScript identifier — Vite library mode emits ` +
-                `\`var ${explicit} = ...\` for iife output, which would produce a syntax error. ` +
-                `Set "brightspot-ui": { "name": "..." } to a PascalCase identifier (e.g. "PlatformTours").`);
-        }
-        return explicit;
-    }
-    if (format !== 'iife')
-        return undefined;
-    const derived = deriveIifeName(pkgName);
-    if (derived === null) {
-        throw new ConfigError(`format "iife" requires a "name" — could not derive a valid JavaScript identifier from package.json#name "${pkgName ?? '<unset>'}". ` +
-            `Set "brightspot-ui": { "name": "..." } in package.json (e.g. "PlatformTours").`);
-    }
-    warnings.push(`name was not set — derived "${derived}" from package.json#name "${pkgName}". ` +
-        `Set "brightspot-ui": { "name": "..." } in package.json to silence this warning.`);
-    return derived;
-}
-function deriveIifeName(pkgName) {
-    if (!pkgName)
-        return null;
-    const parts = stripScope(pkgName).split(/[-_.]/).filter(Boolean);
-    if (parts.length === 0)
-        return null;
-    const pascal = parts.map(p => p[0].toUpperCase() + p.slice(1)).join('');
-    return isValidJsIdentifier(pascal) ? pascal : null;
-}
-// ASCII-only by design: matches what minifiers and bundlers handle
-// without surprises. ECMAScript permits a wider Unicode range.
-function isValidJsIdentifier(s) {
-    return /^[A-Za-z_$][A-Za-z0-9_$]*$/.test(s);
-}
-function stripScope(pkgName) {
-    return pkgName.replace(/^@[^/]+\//, '');
-}

package/dist/lib/resolve-target.d.ts

@@ -1 +0,0 @@
-export declare function resolveTarget(): string;

package/dist/lib/resolve-target.js

@@ -1,19 +0,0 @@
-import fs from 'node:fs';
-import os from 'node:os';
-import path from 'node:path';
-import { log } from './logger.js';
-const LOCAL_URL_PATH = path.join(os.homedir(), '.brightspot', 'local-url');
-const DEFAULT_TARGET = 'http://localhost';
-export function resolveTarget() {
-    try {
-        const url = fs.readFileSync(LOCAL_URL_PATH, 'utf8').trim();
-        if (url) {
-            log.info(`Proxy target: ${url}`);
-            return url;
-        }
-    }
-    catch {
-        log.warn(`${LOCAL_URL_PATH} not found — falling back to ${DEFAULT_TARGET}`);
-    }
-    return DEFAULT_TARGET;
-}

package/dist/vite/auto-plugins.d.ts

@@ -1,2 +0,0 @@
-import type { PluginOption } from 'vite';
-export declare function loadAutoPlugins(cwd: string): Promise<PluginOption[]>;

package/dist/vite/auto-plugins.js

@@ -1,41 +0,0 @@
-import path from 'node:path';
-import { pathToFileURL } from 'node:url';
-import { resolve as resolveEsm } from 'import-meta-resolve';
-import { log } from '../lib/logger.js';
-export async function loadAutoPlugins(cwd) {
-    const candidates = await Promise.all([loadSveltePlugin(cwd)]);
-    return candidates.filter(p => p !== null);
-}
-// Resolve peer-optional plugins from the consumer's cwd, not the builder's
-// own location. A bare `await import(specifier)` resolves relative to this
-// file, which only works under npm flat hoisting. It breaks for yarn 1
-// link, yarn 2+ workspaces, and pnpm strict — exactly the layouts
-// consumers use during development. We use ESM resolution rooted at the
-// consumer's package.json so the `import` condition is honored, unlike CJS
-// require.resolve which trips on ESM-only packages with an `exports`
-// block. Node's native import.meta.resolve has a 2-arg form that does
-// exactly this, but it remains flag-gated behind
-// --experimental-import-meta-resolve in Node 22; the import-meta-resolve
-// polyfill mirrors the same semantics without the flag. Only
-// module-not-found resolution failures become silent skips; other
-// resolution failures (broken package.json#exports, malformed
-// node_modules) and factory errors propagate so the consumer sees a real
-// diagnostic instead of a confusing "plugin not installed".
-async function loadOptionalPlugin(specifier, cwd, detectedMessage, invoke) {
-    const parent = pathToFileURL(path.join(cwd, 'package.json')).href;
-    let resolved;
-    try {
-        resolved = resolveEsm(specifier, parent);
-    }
-    catch (e) {
-        if (e.code === 'ERR_MODULE_NOT_FOUND')
-            return null;
-        throw e;
-    }
-    log.info(detectedMessage);
-    const mod = (await import(resolved));
-    return invoke(mod);
-}
-function loadSveltePlugin(cwd) {
-    return loadOptionalPlugin('@sveltejs/vite-plugin-svelte', cwd, 'Detected @sveltejs/vite-plugin-svelte — registering Svelte plugin.', mod => mod.svelte());
-}

package/dist/vite/plugin-html-inject.d.ts

@@ -1,16 +0,0 @@
-import type { Plugin } from 'vite';
-export interface DevEntryOptions {
-    basePath: string;
-    entry: string;
-    jsName: string;
-    cssName: string;
-}
-/**
- * Serves a dev bootstrap script at the bundle path so that Vite's
- * HMR client and the real entry point are loaded as ES modules.
- * Also serves an empty stylesheet at the css path since Vite injects
- * CSS via JS in dev. Both filenames mirror the build output knobs
- * (output.jsName / output.cssName) so a consumer who renames them
- * keeps dev/build parity.
- */
-export declare function devEntryPlugin({ basePath, entry, jsName, cssName }: DevEntryOptions): Plugin;

package/dist/vite/plugin-html-inject.js

@@ -1,31 +0,0 @@
-/**
- * Serves a dev bootstrap script at the bundle path so that Vite's
- * HMR client and the real entry point are loaded as ES modules.
- * Also serves an empty stylesheet at the css path since Vite injects
- * CSS via JS in dev. Both filenames mirror the build output knobs
- * (output.jsName / output.cssName) so a consumer who renames them
- * keeps dev/build parity.
- */
-export function devEntryPlugin({ basePath, entry, jsName, cssName }) {
-    const bundlePath = `${basePath}${jsName}`;
-    const cssPath = `${basePath}${cssName}`;
-    return {
-        name: 'brightspot-dev-entry',
-        configureServer(server) {
-            server.middlewares.use((req, res, next) => {
-                const pathname = req.url?.split('?')[0];
-                if (pathname === bundlePath) {
-                    res.setHeader('Content-Type', 'application/javascript');
-                    res.end(`import('/@vite/client');import('/${entry}');`);
-                    return;
-                }
-                if (pathname === cssPath) {
-                    res.setHeader('Content-Type', 'text/css');
-                    res.end('');
-                    return;
-                }
-                next();
-            });
-        },
-    };
-}

package/dist/vite/proxy-html-rewrite.d.ts

@@ -1,19 +0,0 @@
-import type { IncomingMessage, ServerResponse } from 'node:http';
-/**
- * Build a `proxyRes` handler that strips occurrences of the upstream
- * origin from HTML response bodies. Brightspot embeds absolute URLs
- * (e.g. `https://localhost/storage/resource_resource/foo.js`) for
- * storage assets, generated from a CDN setting that ignores
- * X-Forwarded-* headers. Without rewriting, the browser at the proxy
- * origin (`https://localhost:5173`) would issue cross-origin requests
- * back to the upstream — module scripts then fail CORS, and mixed
- * content blocks plain-HTTP origins. Stripping the origin makes those
- * URLs relative, so the browser routes them through the dev proxy.
- *
- * Non-HTML responses pass through untouched. Empty / no-content
- * statuses pass through too.
- *
- * Requires `selfHandleResponse: true` on the proxy entry so the
- * response stream isn't already piped to the client.
- */
-export declare function rewriteHtmlBody(target: string): (proxyRes: IncomingMessage, _req: IncomingMessage, res: ServerResponse) => void;

package/dist/vite/proxy-html-rewrite.js

@@ -1,125 +0,0 @@
-import zlib from 'node:zlib';
-/**
- * Build a `proxyRes` handler that strips occurrences of the upstream
- * origin from HTML response bodies. Brightspot embeds absolute URLs
- * (e.g. `https://localhost/storage/resource_resource/foo.js`) for
- * storage assets, generated from a CDN setting that ignores
- * X-Forwarded-* headers. Without rewriting, the browser at the proxy
- * origin (`https://localhost:5173`) would issue cross-origin requests
- * back to the upstream — module scripts then fail CORS, and mixed
- * content blocks plain-HTTP origins. Stripping the origin makes those
- * URLs relative, so the browser routes them through the dev proxy.
- *
- * Non-HTML responses pass through untouched. Empty / no-content
- * statuses pass through too.
- *
- * Requires `selfHandleResponse: true` on the proxy entry so the
- * response stream isn't already piped to the client.
- */
-export function rewriteHtmlBody(target) {
-    const originPatterns = buildOriginPatterns(target);
-    return (proxyRes, _req, res) => {
-        const status = proxyRes.statusCode ?? 200;
-        const headers = sanitizeHeaders(proxyRes.headers);
-        // selfHandleResponse: true disables the proxy library's built-in
-        // autoRewrite/protocolRewrite, so redirect Location headers come
-        // through pointing at the upstream origin. Strip the upstream
-        // origin so the browser follows the redirect via the proxy, not
-        // directly to the upstream (which would be cross-origin / wrong
-        // port / wrong scheme).
-        const loc = headers['location'];
-        if (typeof loc === 'string') {
-            let rewritten = loc;
-            for (const re of originPatterns)
-                rewritten = rewritten.replace(re, '');
-            if (rewritten !== loc)
-                headers['location'] = rewritten;
-        }
-        const ct = String(headers['content-type'] ?? '').toLowerCase();
-        const isHtml = ct.includes('text/html');
-        const isEmpty = status === 204 || status === 304;
-        if (!isHtml || isEmpty) {
-            res.writeHead(status, headers);
-            proxyRes.pipe(res);
-            return;
-        }
-        const stream = decodeStream(proxyRes, String(proxyRes.headers['content-encoding'] ?? ''));
-        const chunks = [];
-        stream.on('data', c => chunks.push(c));
-        stream.on('error', err => {
-            res.writeHead(502, { 'content-type': 'text/plain' });
-            res.end(`proxy decode error: ${err.message}`);
-        });
-        stream.on('end', () => {
-            let body = Buffer.concat(chunks).toString('utf8');
-            for (const re of originPatterns)
-                body = body.replace(re, '');
-            const out = Buffer.from(body, 'utf8');
-            headers['content-length'] = String(out.length);
-            res.writeHead(status, headers);
-            res.end(out);
-        });
-    };
-}
-// Vite serves over HTTP/2 (mkcert), but the upstream speaks HTTP/1.1.
-// HTTP/2 forbids connection-specific headers and transfer-encoding;
-// passing them through triggers ERR_HTTP2_INVALID_CONNECTION_HEADERS
-// in node's writeHead. Also drop content-encoding because we always
-// decompress and re-emit identity. content-length is recomputed by
-// the caller after rewriting.
-function sanitizeHeaders(input) {
-    const dropped = new Set([
-        'connection',
-        'transfer-encoding',
-        'keep-alive',
-        'proxy-authenticate',
-        'proxy-authorization',
-        'te',
-        'trailer',
-        'upgrade',
-        'http2-settings',
-        'content-encoding',
-        'content-length',
-    ]);
-    const out = {};
-    for (const [k, v] of Object.entries(input)) {
-        if (v === undefined)
-            continue;
-        if (dropped.has(k.toLowerCase()))
-            continue;
-        out[k] = v;
-    }
-    return out;
-}
-function decodeStream(stream, encoding) {
-    switch (encoding.toLowerCase()) {
-        case 'gzip':
-            return stream.pipe(zlib.createGunzip());
-        case 'br':
-            return stream.pipe(zlib.createBrotliDecompress());
-        case 'deflate':
-            return stream.pipe(zlib.createInflate());
-        default:
-            return stream;
-    }
-}
-// Build regexes that match the upstream origin in a few common
-// forms — both `http://` and `https://` so an http target still
-// strips https variants the CMS may emit when X-Forwarded-Proto is
-// honored, and an explicit-port form so e.g. http://localhost:8080
-// strips both with and without :8080.
-function buildOriginPatterns(target) {
-    const escape = (s) => s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-    const u = new URL(target);
-    const host = u.hostname;
-    const explicitPort = u.port;
-    // Form: scheme://host(:port)? — only strip when followed by a path
-    // boundary so we don't eat unrelated strings that happen to share
-    // the prefix.
-    const patterns = [
-        new RegExp(`https?://${escape(host)}(?=[/'"\\)\\s])`, 'g'),
-        new RegExp(`https?://${escape(host)}:\\d+(?=[/'"\\)\\s])`, 'g'),
-    ];
-    void explicitPort;
-    return patterns;
-}

package/dist/vite/vite-config.d.ts

@@ -1,12 +0,0 @@
-import { type InlineConfig } from 'vite';
-import type { BuilderConfig } from '../lib/resolve-config.js';
-export interface DevConfigOptions {
-    builder: BuilderConfig;
-    target: string;
-    port?: number;
-}
-export declare function createDevConfig({ builder, target, port }: DevConfigOptions): Promise<InlineConfig>;
-export interface BuildConfigOptions {
-    builder: BuilderConfig;
-}
-export declare function createBuildConfig({ builder }: BuildConfigOptions): Promise<InlineConfig>;

package/dist/vite/vite-config.js

@@ -1,141 +0,0 @@
-import path from 'node:path';
-import { loadConfigFromFile, mergeConfig } from 'vite';
-import { log } from '../lib/logger.js';
-import { loadAutoPlugins } from './auto-plugins.js';
-import { devEntryPlugin } from './plugin-html-inject.js';
-// Mask define.amd around the IIFE so UMD-wrapped deps (e.g. loglevel) take
-// the global branch — host-page RequireJS rejects anonymous define() calls.
-// Namespaced var name reduces collision risk with bundled UMD code.
-const AMD_GUARD_INTRO = 'var __bsp_amd=typeof define!=="undefined"&&define&&define.amd;if(__bsp_amd)define.amd=void 0;try{';
-const AMD_GUARD_OUTRO = '}finally{if(__bsp_amd)define.amd=__bsp_amd;}';
-export async function createDevConfig({ builder, target, port }) {
-    const cwd = process.cwd();
-    const { basePath, entry, output: { jsName, cssName }, } = builder;
-    const escapeRegex = (s) => s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-    const escaped = escapeRegex(basePath.replace(/^\//, ''));
-    // entry.split('/')[0] yields the file itself (e.g. 'index.ts') for a
-    // root-level entry, which never matches a URL — skip the segment in
-    // that case so /index.ts isn't proxied to the upstream application.
-    const entryParts = entry.split('/');
-    const entryDirAlt = entryParts.length > 1 ? `|${escapeRegex(entryParts[0])}/` : '';
-    // x-forwarded-proto must match the upstream's scheme — otherwise an
-    // http CMS canonicalises to its toolUrlPrefix and autoRewrite loops
-    // the 302 back through the dev origin.
-    const targetScheme = new URL(target).protocol === 'https:' ? 'https' : 'http';
-    const [mkcert, autoPlugins] = await Promise.all([loadMkcertPlugin(), loadAutoPlugins(cwd)]);
-    const base = {
-        root: cwd,
-        base: '/',
-        plugins: [mkcert, devEntryPlugin({ basePath, entry, jsName, cssName }), ...autoPlugins],
-        resolve: {
-            preserveSymlinks: true,
-            // Vite 8 native: replaces the deprecated vite-tsconfig-paths plugin.
-            // Follows tsconfig `extends` chains and applies to all importers
-            // (including .svelte / .vue) without the plugin's loose-mode dance.
-            tsconfigPaths: true,
-        },
-        server: {
-            port,
-            // Default HMR path '/' falls through the proxy to the upstream CMS
-            // and 404s; '/@vite/*' is in the regex exclusion list below.
-            hmr: { path: '/@vite/hmr' },
-            proxy: {
-                [`^/(?!(${escaped}${entryDirAlt}|@vite|@fs|node_modules))`]: {
-                    target,
-                    // Local CMS dev servers use self-signed certs.
-                    secure: false,
-                    // protocolRewrite: Vite is mkcert-https only; http redirects would 404.
-                    autoRewrite: true,
-                    protocolRewrite: 'https',
-                    changeOrigin: true,
-                    configure: proxy => {
-                        proxy.on('proxyReq', proxyReq => {
-                            proxyReq.setHeader('x-forwarded-proto', targetScheme);
-                            proxyReq.setHeader('x-brightspot-dev', '1');
-                        });
-                    },
-                },
-            },
-        },
-    };
-    return applyUserConfig(base, cwd, 'serve');
-}
-export async function createBuildConfig({ builder }) {
-    const cwd = process.cwd();
-    const { basePath, entry, format, name, output } = builder;
-    const autoPlugins = await loadAutoPlugins(cwd);
-    const base = {
-        root: cwd,
-        // Lib mode doesn't replace process.env.NODE_ENV; pin it so deps with dev
-        // guards don't crash with `process is not defined`. Dev path skips this —
-        // Vite's optimizeDeps/esbuild substitutes it there.
-        define: {
-            'process.env.NODE_ENV': JSON.stringify('production'),
-        },
-        plugins: [...autoPlugins],
-        resolve: {
-            preserveSymlinks: true,
-            // Vite 8 native: replaces the deprecated vite-tsconfig-paths plugin.
-            // Follows tsconfig `extends` chains and applies to all importers
-            // (including .svelte / .vue) without the plugin's loose-mode dance.
-            tsconfigPaths: true,
-        },
-        build: {
-            cssCodeSplit: false,
-            // Vite 7's `build.lib` implied a single bundle. Vite 8 dropped that
-            // default, so any consumer with `await import(...)` in its graph
-            // emits sidecar `*-<hash>.mjs` chunks that the toolkit's promised
-            // two-file output (bundle.js + style.css) doesn't account for —
-            // and that the gradle processResources task doesn't pattern-match
-            // against, so chunks 404 in production. Default-off here restores
-            // the contract; consumers who want code-splitting can opt back in
-            // via Layer 3 (vite.config.ts → build.rollupOptions.output.
-            // codeSplitting = true). Note: Rolldown deprecated the equivalent
-            // `inlineDynamicImports: true` in favor of `codeSplitting: false`.
-            rollupOptions: {
-                output: {
-                    codeSplitting: false,
-                },
-            },
-        },
-    };
-    const knobs = {
-        base: basePath,
-        build: {
-            lib: {
-                entry: path.resolve(cwd, entry),
-                formats: [format],
-                fileName: () => output.jsName,
-                // Vite library mode requires `name` whenever format is 'iife'.
-                // resolveConfig guarantees this is set when format is iife (explicit
-                // or derived from package.json#name), so this guard is defensive
-                // against a manually-constructed BuilderConfig that violates the
-                // invariant — we propagate undefined to Vite rather than inject a
-                // silent default; Vite then surfaces its own clear error.
-                ...(format === 'iife' && name ? { name } : {}),
-            },
-            outDir: output.dir,
-            rollupOptions: {
-                output: {
-                    assetFileNames: () => output.cssName,
-                    ...(format === 'iife' ? { intro: AMD_GUARD_INTRO, outro: AMD_GUARD_OUTRO } : {}),
-                },
-            },
-        },
-    };
-    return applyUserConfig(mergeConfig(base, knobs), cwd, 'build');
-}
-async function applyUserConfig(merged, cwd, command) {
-    const loaded = await loadConfigFromFile({ command, mode: command === 'serve' ? 'development' : 'production' }, undefined, cwd);
-    if (loaded)
-        log.info(`Merging consumer Vite config from ${path.relative(cwd, loaded.path)}.`);
-    const base = loaded ? mergeConfig(merged, loaded.config) : merged;
-    // configFile: false prevents Vite from re-resolving + double-merging
-    // the consumer's vite.config when the InlineConfig is passed to
-    // viteBuild / createServer.
-    return { ...base, configFile: false };
-}
-async function loadMkcertPlugin() {
-    const mkcert = await import('vite-plugin-mkcert');
-    return mkcert.default();
-}