@brightspot/ui-builder 2.0.2 → 5.0.4-pre.20260626

package/dist/vite/vite-config.d.ts

@@ -1,5 +1,6 @@
 import { type InlineConfig } from 'vite';
 import type { BuilderConfig } from '../lib/resolve-config.js';
+export type { BuilderConfig } from '../lib/resolve-config.js';
 export interface DevConfigOptions {
     builder: BuilderConfig;
     target: string;

package/dist/vite/vite-config.js

@@ -105,7 +105,6 @@ export async function createBuildConfig({ builder }) {
             lib: {
                 entry: path.resolve(cwd, entry),
                 formats: [format],
-                fileName: () => output.jsName,
                 // Vite library mode requires `name` whenever format is 'iife'.
                 // resolveConfig guarantees this is set when format is iife (explicit
                 // or derived from package.json#name), so this guard is defensive
@@ -117,7 +116,19 @@ export async function createBuildConfig({ builder }) {
             outDir: output.dir,
             rollupOptions: {
                 output: {
-                    assetFileNames: () => output.cssName,
+                    // String form (not a function) so Rollup interpolates `[hash]`,
+                    // `[name]`, and other tokens in `output.jsName` / `output.cssName`.
+                    // Tokenless values pass through literally. `lib.fileName` is
+                    // deliberately omitted — when both are set, `entryFileNames`
+                    // takes precedence and tokens still don't interpolate inside
+                    // `lib.fileName`'s return value.
+                    entryFileNames: output.jsName,
+                    assetFileNames: output.cssName,
+                    // Hex (not Rollup's default base64) so emitted filenames match
+                    // `[a-f0-9]+` — URL-safe lowercase, the contract any downstream
+                    // caller that greps for hex hashes expects. No effect on
+                    // tokenless filenames.
+                    hashCharacters: 'hex',
                     ...(format === 'iife' ? { intro: AMD_GUARD_INTRO, outro: AMD_GUARD_OUTRO } : {}),
                 },
             },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@brightspot/ui-builder",
-  "version": "2.0.2",
+  "version": "5.0.4-pre.20260626",
   "type": "module",
   "license": "UNLICENSED",
   "description": "Zero-config build toolkit for Brightspot CMS front-end development.",
@@ -8,6 +8,10 @@
     "brightspot-ui": "./dist/index.js"
   },
   "exports": {
+    "./vite": {
+      "types": "./dist/vite/vite-config.d.ts",
+      "default": "./dist/vite/vite-config.js"
+    },
     "./configs/tsconfig.base.json": "./configs/tsconfig.base.json",
     "./configs/eslint.config.mjs": "./configs/eslint.config.mjs",
     "./configs/prettier.config.mjs": "./configs/prettier.config.mjs"
@@ -19,6 +23,8 @@
   "scripts": {
     "build": "tsc --noEmitOnError && chmod +x ./dist/index.js",
     "clean": "shx rm -rf ./dist/*",
+    "prepublishOnly": "yarn install --frozen-lockfile",
+    "prepack": "yarn build",
     "test": "vitest run",
     "test:watch": "vitest"
   },

package/dist/lib/resolve-target.d.ts

@@ -1 +0,0 @@
-export declare function resolveTarget(): string;

package/dist/lib/resolve-target.js

@@ -1,19 +0,0 @@
-import fs from 'node:fs';
-import os from 'node:os';
-import path from 'node:path';
-import { log } from './logger.js';
-const LOCAL_URL_PATH = path.join(os.homedir(), '.brightspot', 'local-url');
-const DEFAULT_TARGET = 'http://localhost';
-export function resolveTarget() {
-    try {
-        const url = fs.readFileSync(LOCAL_URL_PATH, 'utf8').trim();
-        if (url) {
-            log.info(`Proxy target: ${url}`);
-            return url;
-        }
-    }
-    catch {
-        log.warn(`${LOCAL_URL_PATH} not found — falling back to ${DEFAULT_TARGET}`);
-    }
-    return DEFAULT_TARGET;
-}

package/dist/vite/proxy-html-rewrite.d.ts

@@ -1,19 +0,0 @@
-import type { IncomingMessage, ServerResponse } from 'node:http';
-/**
- * Build a `proxyRes` handler that strips occurrences of the upstream
- * origin from HTML response bodies. Brightspot embeds absolute URLs
- * (e.g. `https://localhost/storage/resource_resource/foo.js`) for
- * storage assets, generated from a CDN setting that ignores
- * X-Forwarded-* headers. Without rewriting, the browser at the proxy
- * origin (`https://localhost:5173`) would issue cross-origin requests
- * back to the upstream — module scripts then fail CORS, and mixed
- * content blocks plain-HTTP origins. Stripping the origin makes those
- * URLs relative, so the browser routes them through the dev proxy.
- *
- * Non-HTML responses pass through untouched. Empty / no-content
- * statuses pass through too.
- *
- * Requires `selfHandleResponse: true` on the proxy entry so the
- * response stream isn't already piped to the client.
- */
-export declare function rewriteHtmlBody(target: string): (proxyRes: IncomingMessage, _req: IncomingMessage, res: ServerResponse) => void;

package/dist/vite/proxy-html-rewrite.js

@@ -1,125 +0,0 @@
-import zlib from 'node:zlib';
-/**
- * Build a `proxyRes` handler that strips occurrences of the upstream
- * origin from HTML response bodies. Brightspot embeds absolute URLs
- * (e.g. `https://localhost/storage/resource_resource/foo.js`) for
- * storage assets, generated from a CDN setting that ignores
- * X-Forwarded-* headers. Without rewriting, the browser at the proxy
- * origin (`https://localhost:5173`) would issue cross-origin requests
- * back to the upstream — module scripts then fail CORS, and mixed
- * content blocks plain-HTTP origins. Stripping the origin makes those
- * URLs relative, so the browser routes them through the dev proxy.
- *
- * Non-HTML responses pass through untouched. Empty / no-content
- * statuses pass through too.
- *
- * Requires `selfHandleResponse: true` on the proxy entry so the
- * response stream isn't already piped to the client.
- */
-export function rewriteHtmlBody(target) {
-    const originPatterns = buildOriginPatterns(target);
-    return (proxyRes, _req, res) => {
-        const status = proxyRes.statusCode ?? 200;
-        const headers = sanitizeHeaders(proxyRes.headers);
-        // selfHandleResponse: true disables the proxy library's built-in
-        // autoRewrite/protocolRewrite, so redirect Location headers come
-        // through pointing at the upstream origin. Strip the upstream
-        // origin so the browser follows the redirect via the proxy, not
-        // directly to the upstream (which would be cross-origin / wrong
-        // port / wrong scheme).
-        const loc = headers['location'];
-        if (typeof loc === 'string') {
-            let rewritten = loc;
-            for (const re of originPatterns)
-                rewritten = rewritten.replace(re, '');
-            if (rewritten !== loc)
-                headers['location'] = rewritten;
-        }
-        const ct = String(headers['content-type'] ?? '').toLowerCase();
-        const isHtml = ct.includes('text/html');
-        const isEmpty = status === 204 || status === 304;
-        if (!isHtml || isEmpty) {
-            res.writeHead(status, headers);
-            proxyRes.pipe(res);
-            return;
-        }
-        const stream = decodeStream(proxyRes, String(proxyRes.headers['content-encoding'] ?? ''));
-        const chunks = [];
-        stream.on('data', c => chunks.push(c));
-        stream.on('error', err => {
-            res.writeHead(502, { 'content-type': 'text/plain' });
-            res.end(`proxy decode error: ${err.message}`);
-        });
-        stream.on('end', () => {
-            let body = Buffer.concat(chunks).toString('utf8');
-            for (const re of originPatterns)
-                body = body.replace(re, '');
-            const out = Buffer.from(body, 'utf8');
-            headers['content-length'] = String(out.length);
-            res.writeHead(status, headers);
-            res.end(out);
-        });
-    };
-}
-// Vite serves over HTTP/2 (mkcert), but the upstream speaks HTTP/1.1.
-// HTTP/2 forbids connection-specific headers and transfer-encoding;
-// passing them through triggers ERR_HTTP2_INVALID_CONNECTION_HEADERS
-// in node's writeHead. Also drop content-encoding because we always
-// decompress and re-emit identity. content-length is recomputed by
-// the caller after rewriting.
-function sanitizeHeaders(input) {
-    const dropped = new Set([
-        'connection',
-        'transfer-encoding',
-        'keep-alive',
-        'proxy-authenticate',
-        'proxy-authorization',
-        'te',
-        'trailer',
-        'upgrade',
-        'http2-settings',
-        'content-encoding',
-        'content-length',
-    ]);
-    const out = {};
-    for (const [k, v] of Object.entries(input)) {
-        if (v === undefined)
-            continue;
-        if (dropped.has(k.toLowerCase()))
-            continue;
-        out[k] = v;
-    }
-    return out;
-}
-function decodeStream(stream, encoding) {
-    switch (encoding.toLowerCase()) {
-        case 'gzip':
-            return stream.pipe(zlib.createGunzip());
-        case 'br':
-            return stream.pipe(zlib.createBrotliDecompress());
-        case 'deflate':
-            return stream.pipe(zlib.createInflate());
-        default:
-            return stream;
-    }
-}
-// Build regexes that match the upstream origin in a few common
-// forms — both `http://` and `https://` so an http target still
-// strips https variants the CMS may emit when X-Forwarded-Proto is
-// honored, and an explicit-port form so e.g. http://localhost:8080
-// strips both with and without :8080.
-function buildOriginPatterns(target) {
-    const escape = (s) => s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
-    const u = new URL(target);
-    const host = u.hostname;
-    const explicitPort = u.port;
-    // Form: scheme://host(:port)? — only strip when followed by a path
-    // boundary so we don't eat unrelated strings that happen to share
-    // the prefix.
-    const patterns = [
-        new RegExp(`https?://${escape(host)}(?=[/'"\\)\\s])`, 'g'),
-        new RegExp(`https?://${escape(host)}:\\d+(?=[/'"\\)\\s])`, 'g'),
-    ];
-    void explicitPort;
-    return patterns;
-}