@certrev/cert-block 0.1.0

package/README.md

@@ -0,0 +1,154 @@
+# @certrev/cert-block
+
+The headless / `crypto_verify` render edge for the CertREV `CertDeliveryEnvelope`. Sign once in the portal, render everywhere: SSR-safe React components, a deterministic schema.org JSON-LD projector, a fail-closed verify layer over the shared `VerdictKernel`, and a framework-agnostic `<certrev-badge>` Web Component.
+
+This is the SDK the brand SSRs into a Hydrogen loader, a Next server component, a Builder client component, or a universal server-side include. It is the `headless_react` + `universal_embed` surface classes from the cross-platform delivery design.
+
+## What this is
+
+CertREV's durable asset is a portable, forgery-proof "this content was reviewed by a credentialed expert" credential — a single Ed25519-signed `CertDeliveryEnvelope`. Each delivery surface renders the visible UI + JSON-LD from that envelope and enforces its validity. The WordPress plugin does it in PHP; the Shopify Liquid extension does it in Liquid; **this package does it in TS/JS for any React or vanilla-JS surface that can run Node/WebCrypto.**
+
+The package gives a brand four things:
+
+1. **React components** — `<CertBadge>`, `<ExpertBio>`, `<CertRevBacklink>`, `<CertJsonLd>`, and the `<CertReview>` composite. SSR-safe (render-pure; no `useState`/`useEffect`/browser globals), theme-light, accessible, and they escape every field. Presentation is driven by the signed `content.display` config (`badgeStyle`, `accentColor`, `showExpertPhoto`, `showMemo`, `showAuthor`).
+2. **A deterministic JSON-LD projector** — `projectCertJsonLd(facts)` → a schema.org `Article` + `reviewedBy(Person)` + `Review` + `Organization` `@graph`, designed to **merge by `@id`** into the host page's existing Article graph (won't collide with Yoast / the theme's structured data). The JSON-LD is **projected from the facts at render time, never stored in the envelope.**
+3. **A thin verify layer** — `getVerifiedEnvelope(source)` fetches the signed envelope from **either a Shopify metafield OR the Delivery API** (`GET /api/cert/v1/delivery/{platform}/{externalId}`), runs the fail-closed `VerdictKernel`, and caches the verdict (TTL + single-flight) so concurrent SSR renders don't stampede the origin.
+4. **A Web Component** — `<certrev-badge>`, the `universal_embed` surface for sites with no native integration, wrapping the same render as `<CertBadge>` via a shared string renderer.
+
+## The contract shape (settled)
+
+A `CertDeliveryEnvelope = { payload, signature }`. The detached `signature` is **Ed25519 over RFC-8785 JCS(payload)**.
+
+```
+payload = {
+  contractVersion: 1,
+  certId,
+  subject:   { platform, externalId, logicalArticleId, canonicalUrls[], installationId, contentDigest },
+  content:   { expert{displayName,credentials[],profileUrl,photoUrl}, author{name,title},
+               memo, certifiedAt, contentModifiedAt, verifyUrl,
+               display{accentColor,showExpertPhoto,showAuthor,showMemo,badgeStyle} },
+  lifecycle: { issuedAt, expiresAt, revokedAt|null, revision },
+}
+```
+
+`content` is **structured FACTS**, not rendered JSON-LD — the JSON-LD is projected from these facts at render, never stored. The `VerdictKernel` (shared) verifies the signature, then checks subject (`platform`/`externalId`), lifecycle (`revokedAt`/`expiresAt`), and content drift (`contentDigest` vs the live hash), failing closed at every step.
+
+## Public API
+
+```ts
+// React components (SSR-safe)
+import { CertBadge, ExpertBio, CertRevBacklink, CertJsonLd, CertReview } from '@certrev/cert-block'
+
+// JSON-LD projector
+import { projectCertJsonLd, projectCertJsonLdString, serializeJsonLdForScript } from '@certrev/cert-block'
+
+// Verify layer
+import { getVerifiedEnvelope, invalidateVerdict, sharedVerdictCache, TtlCache } from '@certrev/cert-block'
+import { staticKidResolver, fetchingKidResolver } from '@certrev/cert-block'
+
+// Contract surface (re-exported from the binding point; → @certrev/cert-contract on publish)
+import type { CertDeliveryEnvelope, CertPayload, CertVerdict, RenderContext } from '@certrev/cert-block'
+import { verifyEnvelope, renderVerdict, verifySignatureOnly } from '@certrev/cert-block'
+
+// Web Component (separate subpath — does NOT touch customElements on import)
+import { defineCertRevBadge, setCertRevKidResolver } from '@certrev/cert-block/webcomponent'
+```
+
+## Usage — headless React (Hydrogen / Next server component)
+
+Fetch + verify in the **server** runtime (it can run Ed25519 over JCS — full `crypto_verify` parity), then render the badge + JSON-LD only on a `render` verdict.
+
+```tsx
+import { getVerifiedEnvelope, staticKidResolver, CertReview } from '@certrev/cert-block'
+
+const resolveKid = staticKidResolver({ 'certrev-2026-1': process.env.CERTREV_PUBKEY_PEM! })
+
+// In a Hydrogen loader / Next server component:
+const verdict = await getVerifiedEnvelope({
+  // PULL from the Delivery API (or { kind: 'metafield', value } for a Shopify metafield)
+  source: { kind: 'delivery_api', baseUrl: 'https://portal.certrev.com', platform: 'shopify', externalId: articleGid },
+  resolveKid,
+  context: { platform: 'shopify', externalId: articleGid, liveContentHash },
+})
+
+// <CertReview> is fail-closed: renders the badge + projected JSON-LD on `render`, NOTHING on `suppress`.
+return <CertReview verdict={verdict} pageUrl={canonicalUrl} />
+```
+
+For finer control, render the pieces independently from `verdict.payload`:
+
+```tsx
+{verdict.decision === 'render' && (
+  <>
+    <CertBadge payload={verdict.payload} badgeStyle="compact" />
+    <ExpertBio payload={verdict.payload} headingLevel="h2" />
+    <CertRevBacklink payload={verdict.payload} />
+    <CertJsonLd payload={verdict.payload} pageUrl={canonicalUrl} />
+  </>
+)}
+```
+
+## Usage — JSON-LD merge (don't collide with Yoast)
+
+The Article node carries the SAME `@id` the host page's primary Article uses (`{pageUrl}#article`, query + fragment stripped), so a consumer **merges** our `reviewedBy` / `dateModified` into the existing node instead of emitting a competing primary entity. Pass `wrapGraph: false` to get a bare node array to splice into a `@graph` you already own.
+
+```ts
+const graph = projectCertJsonLd(payload, { pageUrl: canonicalUrl })          // { '@context', '@graph' }
+const nodes = projectCertJsonLd(payload, { pageUrl: canonicalUrl, wrapGraph: false }) // bare node[]
+```
+
+## Usage — universal embed (Web Component)
+
+Preferred mode is **SSR + hydrate** (crawlable): a server-side include emits the badge HTML (via `renderBadgeHtml`) inside the element; the component leaves the server-rendered child alone. Client-fetch mode (not crawlable) is a documented fallback and is **fail-closed** — it renders nothing without a configured key resolver.
+
+```html
+<!-- SSR: server emits the badge markup inside the tag; crawler reads it -->
+<certrev-badge>{{ renderBadgeHtml(payload) }}</certrev-badge>
+
+<script type="module">
+  import { defineCertRevBadge, setCertRevKidResolver } from '@certrev/cert-block/webcomponent'
+  setCertRevKidResolver(myResolver) // only needed for the client-fetch fallback
+  defineCertRevBadge()
+</script>
+```
+
+## Fail-closed, everywhere
+
+The package never renders an unverified credential. Every error path — bad signature, unknown kid, wrong post, revoked, expired, content drift, network failure, malformed JSON, a throwing resolver — collapses to a `suppress` verdict (or a `null` render), never an exception that a caller could swallow into a render. `<CertReview>` and `<CertRevBacklink>` also fail closed at the component boundary (suppress / unsafe URL → render nothing). URLs pass through `safeHttpUrl` (drops `javascript:`/`data:`); accent colors through `safeCssColor`; the JSON-LD body neutralizes `<`/`>` so a hostile memo can't break out of the `<script>` tag.
+
+## Server-safe guarantee
+
+- The main entry never touches `customElements` / `window` — the Web Component ships from the `./webcomponent` subpath so importing `@certrev/cert-block` in an RSC/Node loader is side-effect-free. Registration only happens when you call `defineCertRevBadge()` in a browser.
+- The React components are render-pure (verified by `react-dom/server` SSR tests) so they work as Server Components and as client components that SSR identically — same crawlable output either way.
+- Date formatting is deterministic UTC (fixed English month abbreviations, not `toLocaleDateString`) so SSR output is byte-stable and never causes a hydration mismatch.
+
+## Integration TODOs (wire the real `@certrev/cert-contract`)
+
+The shared contract types + the `VerdictKernel` live in the published `@certrev/cert-contract` package, which is **not yet on a registry this workspace installs from**. Until it publishes, the SDK binds the contract surface through a **local stub** so everything builds + tests now. To cut over on publish:
+
+1. **Delete** `src/contract/kernel-contract.ts` (the type mirror) and `src/contract/kernel-stub.ts` (the faithful kernel impl).
+2. In `src/contract/kernel.ts` (the single binding point), **replace both re-export blocks** with one line: `export * from '@certrev/cert-contract'`. The exported names are deliberately identical, so nothing else in the SDK changes.
+3. In `package.json`, flip the `@certrev/cert-contract` peer dependency back to **`optional: false`** and **remove the root `.npmrc`** `auto-install-peers=false` line (it exists only so the workspace installs against the stub).
+4. Point `src/contract/fixtures.ts` at cert-contract's real `canonicalPayloadBytes` (RFC 8785) so the test fixtures sign bytes the published kernel verifies. (Today the stub + fixtures share a minimal JCS sufficient for the all-string/number/bool envelope shape.)
+5. Confirm `verifyEnvelope` / `renderVerdict` / `verifySignatureOnly` / `toEd25519PublicKey` resolve from the published package, then re-run `pnpm typecheck && pnpm test && pnpm build`.
+
+A WebCrypto verify path for the Web Component's client-fetch fallback lives in cert-contract; once published, wire it into `certrev-badge.ts` so the universal embed can verify in the browser without a pre-supplied resolver.
+
+## Current consumers
+
+- _None yet._ Target consumers: brand-owned Hydrogen / Next / Remix storefronts (`headless_react`), Builder.io spaces (`headless_visual_cms`), and any site dropping in `<certrev-badge>` (`universal_embed`). Add each here as it adopts the SDK.
+
+## Tests
+
+`pnpm test` (Vitest). Coverage:
+
+- **`__tests__/verify.test.ts`** — the kernel via the SDK binding with **real Ed25519 over JCS** (freshly-signed fixture envelopes, no mocked crypto): render, tamper → `invalid_signature`, unknown kid, platform/subject mismatch, revoked, expired, content drift; `getVerifiedEnvelope` over metafield (object + JSON-string) and Delivery API sources, 404/410 fail-closed, and the **single-flight** thundering-herd guard (N concurrent renders → one fetch).
+- **`__tests__/project.test.ts`** — the JSON-LD projector: `@graph` shape, Article `@id` host-merge alignment (query + fragment stripped), expert-as-`reviewedBy`, credentials → `hasCredential` + `honorificSuffix`, CertREV-namespaced node `@id`s, determinism, and `</script>` / HTML-comment neutralization.
+- **`__tests__/components.test.tsx`** — every React component rendered through `react-dom/server` with mock facts: structure, accessibility (`aria-label`, heading levels), accent theming, display-flag honoring, hostile-input escaping, `javascript:`-URL dropping, and fail-closed (`suppress` verdict / unsafe URL → nothing).
+- **`__tests__/webcomponent.test.tsx`** — the shared `renderBadgeHtml` string renderer (hand-escaping, unsafe-URL/color dropping, compact style) and the `<certrev-badge>` custom element (idempotent registration, SSR light-DOM preservation, client-mode fail-closed without a resolver).
+
+Facts are mocked via `makeMockPayload` / `makeSignedEnvelope` (`src/contract/fixtures.ts`).
+
+## Version
+
+`0.1.0` — initial scaffold against the settled contract shape, bound to the local contract stub. Publishes **publicly** to npm as `@certrev/cert-block` (`publishConfig.access: public`).

package/dist/components/CertBadge.d.ts

@@ -0,0 +1,29 @@
+/**
+ * <CertBadge> — the visible "Reviewed by a credentialed expert" badge.
+ *
+ * SSR-SAFE: a pure render component. No `useState`/`useEffect`/`useRef`, no browser-only
+ * calls, no event handlers — so it works as a React Server Component AND as a client
+ * component that SSRs identically (the crawlable output is the same either way). All
+ * presentation comes from `payload.content.display`; all text is React-escaped; every
+ * URL passes through `safeHttpUrl`.
+ *
+ * ACCESSIBILITY: rendered as a <section> with an accessible name, the accent applied via
+ * an inline custom property (no color-only meaning — the credential text carries it), an
+ * expert photo with meaningful alt text, and a verify link with a descriptive label.
+ *
+ * `badgeStyle: 'compact'` collapses to a single line (name + credentials + verify link);
+ * `'full'` shows the photo, certified/updated dates, and the memo (per display flags).
+ */
+import type { CertPayload } from '../contract/kernel.js';
+export interface CertBadgeProps {
+    /** The cryptographically-verified payload (from `getVerifiedEnvelope`). */
+    readonly payload: CertPayload;
+    /** Optional accent override (else `display.accentColor`, else CertREV default). */
+    readonly accentColor?: string;
+    /** Extra class names appended to the root element's class list. */
+    readonly className?: string;
+    /** Override the badge style independent of the signed display config. */
+    readonly badgeStyle?: 'full' | 'compact';
+}
+export declare function CertBadge(props: CertBadgeProps): import("react").JSX.Element;
+//# sourceMappingURL=CertBadge.d.ts.map

package/dist/components/CertBadge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertBadge.d.ts","sourceRoot":"","sources":["../../src/components/CertBadge.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAe,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAIrE,MAAM,WAAW,cAAc;IAC9B,2EAA2E;IAC3E,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAA;IAC7B,mFAAmF;IACnF,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,mEAAmE;IACnE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,yEAAyE;IACzE,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACxC;AAuCD,wBAAgB,SAAS,CAAC,KAAK,EAAE,cAAc,+BA8F9C"}

package/dist/components/CertBadge.js

@@ -0,0 +1,36 @@
+import { jsx as _jsx, jsxs as _jsxs, Fragment as _Fragment } from "react/jsx-runtime";
+import { safeHttpUrl } from './escape.js';
+import { credentialSuffix, expertNameWithCredentials, formatDate, resolveDisplay } from './format.js';
+const ROOT_CLASS = 'certrev-badge';
+/** Inline-SVG verified checkmark — no external asset, accent-tinted, decorative. */
+function VerifiedMark({ accent }) {
+    return (_jsxs("svg", { className: `${ROOT_CLASS}__mark`, width: "20", height: "20", viewBox: "0 0 24 24", fill: "none", "aria-hidden": "true", focusable: "false", children: [_jsx("title", { children: "Verified" }), _jsx("circle", { cx: "12", cy: "12", r: "11", fill: accent }), _jsx("path", { d: "M7 12.5l3.2 3.2L17 9", stroke: "#ffffff", strokeWidth: "2.2", strokeLinecap: "round", strokeLinejoin: "round" })] }));
+}
+function ExpertPhoto({ content, show }) {
+    const src = show ? safeHttpUrl(content.expert.photoUrl) : null;
+    if (!src)
+        return null;
+    return (_jsx("img", { className: `${ROOT_CLASS}__photo`, src: src, alt: `Photo of ${content.expert.displayName}`, width: 40, height: 40, loading: "lazy", decoding: "async" }));
+}
+export function CertBadge(props) {
+    const { payload } = props;
+    const content = payload.content;
+    const display = resolveDisplay(content.display, props.accentColor);
+    const style = props.badgeStyle ?? display.badgeStyle;
+    const verifyUrl = safeHttpUrl(content.verifyUrl);
+    const profileUrl = safeHttpUrl(content.expert.profileUrl);
+    const certifiedLabel = formatDate(content.certifiedAt);
+    const updatedLabel = formatDate(content.contentModifiedAt);
+    const suffix = credentialSuffix(content);
+    const accent = display.accentColor;
+    const rootClass = `${ROOT_CLASS} ${ROOT_CLASS}--${style}${props.className ? ` ${props.className}` : ''}`;
+    // Accent is exposed as a custom property so brand themes can read it, and applied
+    // directly to the accent border so the component is self-styling without a stylesheet.
+    const rootStyle = {
+        ['--certrev-accent']: accent,
+        borderInlineStartColor: accent,
+    };
+    const expertName = (_jsxs("span", { className: `${ROOT_CLASS}__expert-name`, children: [content.expert.displayName, suffix ? _jsxs("span", { className: `${ROOT_CLASS}__credentials`, children: [", ", suffix] }) : null] }));
+    return (_jsxs("section", { className: rootClass, style: rootStyle, "data-certrev-cert-id": payload.certId, "aria-label": `Content reviewed by ${expertNameWithCredentials(content)}`, children: [_jsxs("div", { className: `${ROOT_CLASS}__header`, children: [_jsx(VerifiedMark, { accent: accent }), style === 'full' ? _jsx(ExpertPhoto, { content: content, show: display.showExpertPhoto }) : null, _jsxs("div", { className: `${ROOT_CLASS}__heading`, children: [_jsx("span", { className: `${ROOT_CLASS}__eyebrow`, children: "Expert reviewed" }), _jsxs("span", { className: `${ROOT_CLASS}__byline`, children: ["Reviewed by", ' ', profileUrl ? (_jsx("a", { className: `${ROOT_CLASS}__expert-link`, href: profileUrl, rel: "noopener", children: expertName })) : (expertName)] })] })] }), style === 'full' ? (_jsxs(_Fragment, { children: [display.showMemo && content.memo ? _jsx("p", { className: `${ROOT_CLASS}__memo`, children: content.memo }) : null, display.showAuthor && content.author.name && content.author.name !== content.expert.displayName ? (_jsxs("p", { className: `${ROOT_CLASS}__author`, children: ["Written by ", content.author.name, content.author.title ? `, ${content.author.title}` : ''] })) : null, _jsxs("dl", { className: `${ROOT_CLASS}__dates`, children: [certifiedLabel ? (_jsxs("div", { className: `${ROOT_CLASS}__date`, children: [_jsx("dt", { children: "Certified" }), _jsx("dd", { children: _jsx("time", { dateTime: content.certifiedAt, children: certifiedLabel }) })] })) : null, updatedLabel ? (_jsxs("div", { className: `${ROOT_CLASS}__date`, children: [_jsx("dt", { children: "Last updated" }), _jsx("dd", { children: _jsx("time", { dateTime: content.contentModifiedAt ?? undefined, children: updatedLabel }) })] })) : null] })] })) : null, verifyUrl ? (_jsx("a", { className: `${ROOT_CLASS}__verify`, href: verifyUrl, rel: "noopener", "aria-label": "Verify this certification on CertREV", children: "Verify on CertREV" })) : null] }));
+}
+//# sourceMappingURL=CertBadge.js.map

package/dist/components/CertBadge.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertBadge.js","sourceRoot":"","sources":["../../src/components/CertBadge.tsx"],"names":[],"mappings":";AAkBA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,gBAAgB,EAAE,yBAAyB,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAarG,MAAM,UAAU,GAAG,eAAe,CAAA;AAElC,oFAAoF;AACpF,SAAS,YAAY,CAAC,EAAE,MAAM,EAAsB;IACnD,OAAO,CACN,eACC,SAAS,EAAE,GAAG,UAAU,QAAQ,EAChC,KAAK,EAAC,IAAI,EACV,MAAM,EAAC,IAAI,EACX,OAAO,EAAC,WAAW,EACnB,IAAI,EAAC,MAAM,iBACC,MAAM,EAClB,SAAS,EAAC,OAAO,aAEjB,uCAAuB,EACvB,iBAAQ,EAAE,EAAC,IAAI,EAAC,EAAE,EAAC,IAAI,EAAC,CAAC,EAAC,IAAI,EAAC,IAAI,EAAE,MAAM,GAAI,EAC/C,eAAM,CAAC,EAAC,sBAAsB,EAAC,MAAM,EAAC,SAAS,EAAC,WAAW,EAAC,KAAK,EAAC,aAAa,EAAC,OAAO,EAAC,cAAc,EAAC,OAAO,GAAG,IAC5G,CACN,CAAA;AACF,CAAC;AAED,SAAS,WAAW,CAAC,EAAE,OAAO,EAAE,IAAI,EAA2C;IAC9E,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC9D,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAA;IACrB,OAAO,CACN,cACC,SAAS,EAAE,GAAG,UAAU,SAAS,EACjC,GAAG,EAAE,GAAG,EACR,GAAG,EAAE,YAAY,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,EAC7C,KAAK,EAAE,EAAE,EACT,MAAM,EAAE,EAAE,EACV,OAAO,EAAC,MAAM,EACd,QAAQ,EAAC,OAAO,GACf,CACF,CAAA;AACF,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAqB;IAC9C,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,CAAA;IACzB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAA;IAC/B,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,WAAW,CAAC,CAAA;IAClE,MAAM,KAAK,GAAG,KAAK,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAA;IACpD,MAAM,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IAChD,MAAM,UAAU,GAAG,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IACzD,MAAM,cAAc,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;IACtD,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAA;IAC1D,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAA;IACxC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAA;IAElC,MAAM,SAAS,GAAG,GAAG,UAAU,IAAI,UAAU,KAAK,KAAK,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAA;IACxG,kFAAkF;IAClF,uFAAuF;IACvF,MAAM,SAAS,GAA2B;QACzC,CAAC,kBAAkB,CAAC,EAAE,MAAM;QAC5B,sBAAsB,EAAE,MAAM;KAC9B,CAAA;IAED,MAAM,UAAU,GAAG,CAClB,gBAAM,SAAS,EAAE,GAAG,UAAU,eAAe,aAC3C,OAAO,CAAC,MAAM,CAAC,WAAW,EAC1B,MAAM,CAAC,CAAC,CAAC,gBAAM,SAAS,EAAE,GAAG,UAAU,eAAe,mBAAK,MAAM,IAAQ,CAAC,CAAC,CAAC,IAAI,IAC3E,CACP,CAAA;IAED,OAAO,CACN,mBACC,SAAS,EAAE,SAAS,EACpB,KAAK,EAAE,SAAS,0BACM,OAAO,CAAC,MAAM,gBACxB,uBAAuB,yBAAyB,CAAC,OAAO,CAAC,EAAE,aAEvE,eAAK,SAAS,EAAE,GAAG,UAAU,UAAU,aACtC,KAAC,YAAY,IAAC,MAAM,EAAE,MAAM,GAAI,EAC/B,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,KAAC,WAAW,IAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,eAAe,GAAI,CAAC,CAAC,CAAC,IAAI,EAC3F,eAAK,SAAS,EAAE,GAAG,UAAU,WAAW,aACvC,eAAM,SAAS,EAAE,GAAG,UAAU,WAAW,gCAAwB,EACjE,gBAAM,SAAS,EAAE,GAAG,UAAU,UAAU,4BAC3B,GAAG,EACd,UAAU,CAAC,CAAC,CAAC,CACb,YAAG,SAAS,EAAE,GAAG,UAAU,eAAe,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAC,UAAU,YAC1E,UAAU,GACR,CACJ,CAAC,CAAC,CAAC,CACH,UAAU,CACV,IACK,IACF,IACD,EAEL,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,CACnB,8BACE,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,YAAG,SAAS,EAAE,GAAG,UAAU,QAAQ,YAAG,OAAO,CAAC,IAAI,GAAK,CAAC,CAAC,CAAC,IAAI,EACjG,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAClG,aAAG,SAAS,EAAE,GAAG,UAAU,UAAU,4BACxB,OAAO,CAAC,MAAM,CAAC,IAAI,EAC9B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,IACrD,CACJ,CAAC,CAAC,CAAC,IAAI,EACR,cAAI,SAAS,EAAE,GAAG,UAAU,SAAS,aACnC,cAAc,CAAC,CAAC,CAAC,CACjB,eAAK,SAAS,EAAE,GAAG,UAAU,QAAQ,aACpC,qCAAkB,EAClB,uBACC,eAAM,QAAQ,EAAE,OAAO,CAAC,WAAW,YAAG,cAAc,GAAQ,GACxD,IACA,CACN,CAAC,CAAC,CAAC,IAAI,EACP,YAAY,CAAC,CAAC,CAAC,CACf,eAAK,SAAS,EAAE,GAAG,UAAU,QAAQ,aACpC,wCAAqB,EACrB,uBACC,eAAM,QAAQ,EAAE,OAAO,CAAC,iBAAiB,IAAI,SAAS,YAAG,YAAY,GAAQ,GACzE,IACA,CACN,CAAC,CAAC,CAAC,IAAI,IACJ,IACH,CACH,CAAC,CAAC,CAAC,IAAI,EAEP,SAAS,CAAC,CAAC,CAAC,CACZ,YACC,SAAS,EAAE,GAAG,UAAU,UAAU,EAClC,IAAI,EAAE,SAAS,EACf,GAAG,EAAC,UAAU,gBACH,sCAAsC,kCAG9C,CACJ,CAAC,CAAC,CAAC,IAAI,IACC,CACV,CAAA;AACF,CAAC"}

package/dist/components/CertJsonLd.d.ts

@@ -0,0 +1,23 @@
+/**
+ * <CertJsonLd> — emits the projected schema.org graph as a
+ * `<script type="application/ld+json">`.
+ *
+ * The JSON-LD is PROJECTED from the verified facts (never stored in the envelope — see
+ * the projector). SSR-safe: it renders a single <script> whose body is the serialized
+ * graph with `<` neutralized so it can't break out of the script tag (standard
+ * dangerouslySetInnerHTML-for-JSON-LD pattern; the content is our own deterministic
+ * serialization of trusted-shape data, not arbitrary HTML).
+ *
+ * Place it inside the page <head> (Next: in a layout/head; Hydrogen: in the route
+ * component — React 19 hoists <script> in <head>) so crawlers read structured data
+ * without client JS.
+ */
+import type { CertPayload } from '../contract/kernel.js';
+import { type ProjectJsonLdOptions } from '../jsonld/project.js';
+export interface CertJsonLdProps extends ProjectJsonLdOptions {
+    readonly payload: CertPayload;
+    /** Optional id on the <script> so a page can find/replace it deterministically. */
+    readonly scriptId?: string;
+}
+export declare function CertJsonLd(props: CertJsonLdProps): import("react").JSX.Element;
+//# sourceMappingURL=CertJsonLd.d.ts.map

package/dist/components/CertJsonLd.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertJsonLd.d.ts","sourceRoot":"","sources":["../../src/components/CertJsonLd.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AACxD,OAAO,EAAqB,KAAK,oBAAoB,EAA4B,MAAM,sBAAsB,CAAA;AAE7G,MAAM,WAAW,eAAgB,SAAQ,oBAAoB;IAC5D,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAA;IAC7B,mFAAmF;IACnF,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAC1B;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,eAAe,+BAWhD"}

package/dist/components/CertJsonLd.js

@@ -0,0 +1,10 @@
+import { jsx as _jsx } from "react/jsx-runtime";
+import { projectCertJsonLd, serializeJsonLdForScript } from '../jsonld/project.js';
+export function CertJsonLd(props) {
+    const { payload, scriptId, ...opts } = props;
+    const json = serializeJsonLdForScript(projectCertJsonLd(payload, opts));
+    return (_jsx("script", { type: "application/ld+json", id: scriptId, 
+        // biome-ignore lint/security/noDangerouslySetInnerHtml: JSON-LD requires raw script body; the content is our deterministic serialization with `<` neutralized (serializeJsonLdForScript), not arbitrary HTML.
+        dangerouslySetInnerHTML: { __html: json } }));
+}
+//# sourceMappingURL=CertJsonLd.js.map

package/dist/components/CertJsonLd.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertJsonLd.js","sourceRoot":"","sources":["../../src/components/CertJsonLd.tsx"],"names":[],"mappings":";AAgBA,OAAO,EAAE,iBAAiB,EAA6B,wBAAwB,EAAE,MAAM,sBAAsB,CAAA;AAQ7G,MAAM,UAAU,UAAU,CAAC,KAAsB;IAChD,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,GAAG,KAAK,CAAA;IAC5C,MAAM,IAAI,GAAG,wBAAwB,CAAC,iBAAiB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAA;IACvE,OAAO,CACN,iBACC,IAAI,EAAC,qBAAqB,EAC1B,EAAE,EAAE,QAAQ;QACZ,8MAA8M;QAC9M,uBAAuB,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,GACxC,CACF,CAAA;AACF,CAAC"}

package/dist/components/CertRevBacklink.d.ts

@@ -0,0 +1,18 @@
+/**
+ * <CertRevBacklink> — the live "Verify on CertREV" link.
+ *
+ * The local badge is a bounded-stale snapshot; `content.verifyUrl` is ALWAYS the live
+ * source of truth. This standalone link lets brands place the verification entry point
+ * wherever they want, independent of the badge. SSR-safe + pure; URL through
+ * `safeHttpUrl`. Renders nothing if the verify URL is unsafe/absent (fail-closed).
+ */
+import type { CertPayload } from '../contract/kernel.js';
+export interface CertRevBacklinkProps {
+    readonly payload: CertPayload;
+    readonly accentColor?: string;
+    readonly className?: string;
+    /** Link text (default "Verify on CertREV"). */
+    readonly label?: string;
+}
+export declare function CertRevBacklink(props: CertRevBacklinkProps): import("react").JSX.Element | null;
+//# sourceMappingURL=CertRevBacklink.d.ts.map

package/dist/components/CertRevBacklink.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertRevBacklink.d.ts","sourceRoot":"","sources":["../../src/components/CertRevBacklink.tsx"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAIxD,MAAM,WAAW,oBAAoB;IACpC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAA;IAC7B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,+CAA+C;IAC/C,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CACvB;AAID,wBAAgB,eAAe,CAAC,KAAK,EAAE,oBAAoB,sCAuC1D"}

package/dist/components/CertRevBacklink.js

@@ -0,0 +1,16 @@
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import { safeHttpUrl } from './escape.js';
+import { resolveDisplay } from './format.js';
+const ROOT_CLASS = 'certrev-backlink';
+export function CertRevBacklink(props) {
+    const verifyUrl = safeHttpUrl(props.payload.content.verifyUrl);
+    if (!verifyUrl)
+        return null;
+    const display = resolveDisplay(props.payload.content.display, props.accentColor);
+    const rootClass = `${ROOT_CLASS}${props.className ? ` ${props.className}` : ''}`;
+    // Typed as a string record (not inline) so the `--certrev-accent` CSS custom property
+    // is accepted — React's CSSProperties rejects arbitrary custom props on an inline literal.
+    const rootStyle = { ['--certrev-accent']: display.accentColor, color: display.accentColor };
+    return (_jsxs("a", { className: rootClass, style: rootStyle, href: verifyUrl, rel: "noopener", "aria-label": "Verify this certification on CertREV", children: [_jsxs("svg", { className: `${ROOT_CLASS}__icon`, width: "14", height: "14", viewBox: "0 0 24 24", fill: "none", "aria-hidden": "true", focusable: "false", children: [_jsx("title", { children: "Verified" }), _jsx("path", { d: "M12 2l7 3v6c0 4.4-3 8.3-7 9-4-0.7-7-4.6-7-9V5l7-3z", fill: "none", stroke: "currentColor", strokeWidth: "1.8", strokeLinejoin: "round" }), _jsx("path", { d: "M8.5 12l2.3 2.3L15.5 9", stroke: "currentColor", strokeWidth: "1.8", strokeLinecap: "round", strokeLinejoin: "round" })] }), _jsx("span", { className: `${ROOT_CLASS}__label`, children: props.label ?? 'Verify on CertREV' })] }));
+}
+//# sourceMappingURL=CertRevBacklink.js.map

package/dist/components/CertRevBacklink.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertRevBacklink.js","sourceRoot":"","sources":["../../src/components/CertRevBacklink.tsx"],"names":[],"mappings":";AAUA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAU5C,MAAM,UAAU,GAAG,kBAAkB,CAAA;AAErC,MAAM,UAAU,eAAe,CAAC,KAA2B;IAC1D,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IAC9D,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAA;IAC3B,MAAM,OAAO,GAAG,cAAc,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,WAAW,CAAC,CAAA;IAChF,MAAM,SAAS,GAAG,GAAG,UAAU,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAA;IAChF,sFAAsF;IACtF,2FAA2F;IAC3F,MAAM,SAAS,GAA2B,EAAE,CAAC,kBAAkB,CAAC,EAAE,OAAO,CAAC,WAAW,EAAE,KAAK,EAAE,OAAO,CAAC,WAAW,EAAE,CAAA;IAEnH,OAAO,CACN,aACC,SAAS,EAAE,SAAS,EACpB,KAAK,EAAE,SAAS,EAChB,IAAI,EAAE,SAAS,EACf,GAAG,EAAC,UAAU,gBACH,sCAAsC,aAEjD,eACC,SAAS,EAAE,GAAG,UAAU,QAAQ,EAChC,KAAK,EAAC,IAAI,EACV,MAAM,EAAC,IAAI,EACX,OAAO,EAAC,WAAW,EACnB,IAAI,EAAC,MAAM,iBACC,MAAM,EAClB,SAAS,EAAC,OAAO,aAEjB,uCAAuB,EACvB,eACC,CAAC,EAAC,oDAAoD,EACtD,IAAI,EAAC,MAAM,EACX,MAAM,EAAC,cAAc,EACrB,WAAW,EAAC,KAAK,EACjB,cAAc,EAAC,OAAO,GACrB,EACF,eAAM,CAAC,EAAC,wBAAwB,EAAC,MAAM,EAAC,cAAc,EAAC,WAAW,EAAC,KAAK,EAAC,aAAa,EAAC,OAAO,EAAC,cAAc,EAAC,OAAO,GAAG,IACnH,EACN,eAAM,SAAS,EAAE,GAAG,UAAU,SAAS,YAAG,KAAK,CAAC,KAAK,IAAI,mBAAmB,GAAQ,IACjF,CACJ,CAAA;AACF,CAAC"}

package/dist/components/CertReview.d.ts

@@ -0,0 +1,23 @@
+/**
+ * <CertReview> — the one-line convenience composite.
+ *
+ * Most brand integrations want "render the badge + the JSON-LD from a verified
+ * envelope, or render nothing". This wraps that: pass a `CertVerdict` (the output of
+ * `getVerifiedEnvelope` / the kernel) and it renders the badge + projected JSON-LD on
+ * `render`, and NOTHING on `suppress` (fail-closed at the component boundary too). The
+ * expert bio + backlink remain separately placeable for brands that want finer control.
+ */
+import type { CertVerdict } from '../contract/kernel.js';
+export interface CertReviewProps {
+    /** The verdict from `getVerifiedEnvelope` (or a direct kernel call). */
+    readonly verdict: CertVerdict;
+    /** Canonical page URL for JSON-LD @id alignment (merge into the host article node). */
+    readonly pageUrl?: string;
+    readonly accentColor?: string;
+    readonly className?: string;
+    readonly badgeStyle?: 'full' | 'compact';
+    /** Omit the JSON-LD (e.g. the page already emits it elsewhere). Default false. */
+    readonly omitJsonLd?: boolean;
+}
+export declare function CertReview(props: CertReviewProps): import("react").JSX.Element | null;
+//# sourceMappingURL=CertReview.d.ts.map

package/dist/components/CertReview.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertReview.d.ts","sourceRoot":"","sources":["../../src/components/CertReview.tsx"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAIxD,MAAM,WAAW,eAAe;IAC/B,wEAAwE;IACxE,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAA;IAC7B,uFAAuF;IACvF,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACxC,kFAAkF;IAClF,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAA;CAC7B;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,eAAe,sCAehD"}

package/dist/components/CertReview.js

@@ -0,0 +1,11 @@
+import { jsx as _jsx, Fragment as _Fragment, jsxs as _jsxs } from "react/jsx-runtime";
+import { CertBadge } from './CertBadge.js';
+import { CertJsonLd } from './CertJsonLd.js';
+export function CertReview(props) {
+    // Fail-closed: a suppressed (or any non-render) verdict renders nothing.
+    if (props.verdict.decision !== 'render')
+        return null;
+    const payload = props.verdict.payload;
+    return (_jsxs(_Fragment, { children: [_jsx(CertBadge, { payload: payload, accentColor: props.accentColor, className: props.className, badgeStyle: props.badgeStyle }), props.omitJsonLd ? null : _jsx(CertJsonLd, { payload: payload, pageUrl: props.pageUrl })] }));
+}
+//# sourceMappingURL=CertReview.js.map

package/dist/components/CertReview.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CertReview.js","sourceRoot":"","sources":["../../src/components/CertReview.tsx"],"names":[],"mappings":";AAWA,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAc5C,MAAM,UAAU,UAAU,CAAC,KAAsB;IAChD,yEAAyE;IACzE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAA;IACpD,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAA;IACrC,OAAO,CACN,8BACC,KAAC,SAAS,IACT,OAAO,EAAE,OAAO,EAChB,WAAW,EAAE,KAAK,CAAC,WAAW,EAC9B,SAAS,EAAE,KAAK,CAAC,SAAS,EAC1B,UAAU,EAAE,KAAK,CAAC,UAAU,GAC3B,EACD,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAC,UAAU,IAAC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,GAAI,IACjF,CACH,CAAA;AACF,CAAC"}

package/dist/components/ExpertBio.d.ts

@@ -0,0 +1,17 @@
+/**
+ * <ExpertBio> — the reviewing expert's identity block (photo, name, credentials, link).
+ *
+ * Renders the E-E-A-T-bearing facts about WHO reviewed the content, separate from the
+ * compact badge. Brands place this near the article footer / author box. SSR-safe + pure
+ * like the rest; every field React-escaped; URLs through `safeHttpUrl`.
+ */
+import type { CertPayload } from '../contract/kernel.js';
+export interface ExpertBioProps {
+    readonly payload: CertPayload;
+    readonly accentColor?: string;
+    readonly className?: string;
+    /** Heading level for the expert name (default 'h3') so it slots into the page outline. */
+    readonly headingLevel?: 'h2' | 'h3' | 'h4';
+}
+export declare function ExpertBio(props: ExpertBioProps): import("react").JSX.Element;
+//# sourceMappingURL=ExpertBio.d.ts.map

package/dist/components/ExpertBio.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ExpertBio.d.ts","sourceRoot":"","sources":["../../src/components/ExpertBio.tsx"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAIxD,MAAM,WAAW,cAAc;IAC9B,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAA;IAC7B,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,0FAA0F;IAC1F,QAAQ,CAAC,YAAY,CAAC,EAAE,IAAI,GAAG,IAAI,GAAG,IAAI,CAAA;CAC1C;AAID,wBAAgB,SAAS,CAAC,KAAK,EAAE,cAAc,+BAsD9C"}

package/dist/components/ExpertBio.js

@@ -0,0 +1,17 @@
+import { jsxs as _jsxs, jsx as _jsx } from "react/jsx-runtime";
+import { safeHttpUrl } from './escape.js';
+import { resolveDisplay } from './format.js';
+const ROOT_CLASS = 'certrev-expert-bio';
+export function ExpertBio(props) {
+    const { payload } = props;
+    const { expert } = payload.content;
+    const display = resolveDisplay(payload.content.display, props.accentColor);
+    const profileUrl = safeHttpUrl(expert.profileUrl);
+    const photoUrl = display.showExpertPhoto ? safeHttpUrl(expert.photoUrl) : null;
+    const Heading = props.headingLevel ?? 'h3';
+    const rootClass = `${ROOT_CLASS}${props.className ? ` ${props.className}` : ''}`;
+    const rootStyle = { ['--certrev-accent']: display.accentColor };
+    const nameNode = (_jsxs(Heading, { className: `${ROOT_CLASS}__name`, children: [expert.displayName, expert.credentials.length > 0 ? (_jsxs("span", { className: `${ROOT_CLASS}__credentials`, children: [", ", expert.credentials.map((c) => c.abbreviation).join(', ')] })) : null] }));
+    return (_jsxs("aside", { className: rootClass, style: rootStyle, "aria-label": `About the reviewing expert, ${expert.displayName}`, children: [photoUrl ? (_jsx("img", { className: `${ROOT_CLASS}__photo`, src: photoUrl, alt: `Photo of ${expert.displayName}`, width: 64, height: 64, loading: "lazy", decoding: "async" })) : null, _jsxs("div", { className: `${ROOT_CLASS}__body`, children: [profileUrl ? (_jsx("a", { className: `${ROOT_CLASS}__name-link`, href: profileUrl, rel: "noopener", children: nameNode })) : (nameNode), expert.credentials.length > 0 ? (_jsx("ul", { className: `${ROOT_CLASS}__credential-list`, children: expert.credentials.map((c) => (_jsxs("li", { className: `${ROOT_CLASS}__credential`, children: [_jsx("abbr", { title: c.fullName, children: c.abbreviation }), _jsxs("span", { className: `${ROOT_CLASS}__credential-full`, children: [" \u2014 ", c.fullName] })] }, `${c.abbreviation}:${c.fullName}`))) })) : null, _jsx("p", { className: `${ROOT_CLASS}__role`, children: "Verified expert reviewer" })] })] }));
+}
+//# sourceMappingURL=ExpertBio.js.map

package/dist/components/ExpertBio.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ExpertBio.js","sourceRoot":"","sources":["../../src/components/ExpertBio.tsx"],"names":[],"mappings":";AASA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAU5C,MAAM,UAAU,GAAG,oBAAoB,CAAA;AAEvC,MAAM,UAAU,SAAS,CAAC,KAAqB;IAC9C,MAAM,EAAE,OAAO,EAAE,GAAG,KAAK,CAAA;IACzB,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAA;IAClC,MAAM,OAAO,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,CAAC,WAAW,CAAC,CAAA;IAC1E,MAAM,UAAU,GAAG,WAAW,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IACjD,MAAM,QAAQ,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAC9E,MAAM,OAAO,GAAG,KAAK,CAAC,YAAY,IAAI,IAAI,CAAA;IAC1C,MAAM,SAAS,GAAG,GAAG,UAAU,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAA;IAChF,MAAM,SAAS,GAA2B,EAAE,CAAC,kBAAkB,CAAC,EAAE,OAAO,CAAC,WAAW,EAAE,CAAA;IAEvF,MAAM,QAAQ,GAAG,CAChB,MAAC,OAAO,IAAC,SAAS,EAAE,GAAG,UAAU,QAAQ,aACvC,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAChC,gBAAM,SAAS,EAAE,GAAG,UAAU,eAAe,mBAAK,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAQ,CAClH,CAAC,CAAC,CAAC,IAAI,IACC,CACV,CAAA;IAED,OAAO,CACN,iBAAO,SAAS,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,gBAAc,+BAA+B,MAAM,CAAC,WAAW,EAAE,aAC5G,QAAQ,CAAC,CAAC,CAAC,CACX,cACC,SAAS,EAAE,GAAG,UAAU,SAAS,EACjC,GAAG,EAAE,QAAQ,EACb,GAAG,EAAE,YAAY,MAAM,CAAC,WAAW,EAAE,EACrC,KAAK,EAAE,EAAE,EACT,MAAM,EAAE,EAAE,EACV,OAAO,EAAC,MAAM,EACd,QAAQ,EAAC,OAAO,GACf,CACF,CAAC,CAAC,CAAC,IAAI,EACR,eAAK,SAAS,EAAE,GAAG,UAAU,QAAQ,aACnC,UAAU,CAAC,CAAC,CAAC,CACb,YAAG,SAAS,EAAE,GAAG,UAAU,aAAa,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAC,UAAU,YACxE,QAAQ,GACN,CACJ,CAAC,CAAC,CAAC,CACH,QAAQ,CACR,EACA,MAAM,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAChC,aAAI,SAAS,EAAE,GAAG,UAAU,mBAAmB,YAC7C,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAC9B,cAA4C,SAAS,EAAE,GAAG,UAAU,cAAc,aACjF,eAAM,KAAK,EAAE,CAAC,CAAC,QAAQ,YAAG,CAAC,CAAC,YAAY,GAAQ,EAChD,gBAAM,SAAS,EAAE,GAAG,UAAU,mBAAmB,yBAAM,CAAC,CAAC,QAAQ,IAAQ,KAFjE,GAAG,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,QAAQ,EAAE,CAGrC,CACL,CAAC,GACE,CACL,CAAC,CAAC,CAAC,IAAI,EACR,YAAG,SAAS,EAAE,GAAG,UAAU,QAAQ,yCAA8B,IAC5D,IACC,CACR,CAAA;AACF,CAAC"}

package/dist/components/escape.d.ts

@@ -0,0 +1,36 @@
+/**
+ * SSR-safe escaping + sanitization helpers.
+ *
+ * The components render certification FACTS that originate from brand / expert input
+ * (display names, memos, titles, URLs). React escapes text children + attribute values
+ * by default, so the JSX path is safe without extra work — but two surfaces need
+ * explicit defense:
+ *   1. URLs placed in href/src: a `javascript:` (or `data:`) scheme in a stored URL
+ *      becomes an XSS vector the moment it's clicked. `safeHttpUrl` allows only http(s).
+ *   2. The Web Component + JSON-LD paths build strings by hand (no JSX auto-escaping),
+ *      so they call `escapeHtml` / `escapeAttribute` directly.
+ *
+ * Everything here is pure and runtime-agnostic (no DOM, no Node APIs) so it runs in a
+ * server component, an edge runtime, and the Web Component identically.
+ */
+/** Escape text for safe inclusion in HTML element content or double-quoted attributes. */
+export declare function escapeHtml(input: string): string;
+/** Alias kept explicit at call sites where the value lands in an attribute. */
+export declare const escapeAttribute: typeof escapeHtml;
+/**
+ * Return the URL only if it is a safe absolute http(s) URL (or a protocol-relative or
+ * site-relative URL), else null. Anything with a `javascript:`/`data:`/`vbscript:`/etc.
+ * scheme — or that fails to parse — is rejected so it can never reach an href/src.
+ * Callers treat null as "omit the link".
+ */
+export declare function safeHttpUrl(input: string | null | undefined): string | null;
+/**
+ * Validate a CSS color token for inline `style`. We accept only a conservative set
+ * (`#rgb`/`#rgba`/`#rrggbb`/`#rrggbbaa` hex, `rgb()/rgba()/hsl()/hsla()` functions, and
+ * a bare CSS keyword) so a stored `accentColor` can't inject `expression(...)`,
+ * `url(...)`, or break out of the style attribute. Returns null on anything suspicious.
+ */
+export declare function safeCssColor(input: string | null | undefined): string | null;
+/** Collapse interior whitespace + trim. Used to normalize display text. */
+export declare function tidyText(input: string | null | undefined): string;
+//# sourceMappingURL=escape.d.ts.map

package/dist/components/escape.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"escape.d.ts","sourceRoot":"","sources":["../../src/components/escape.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAUH,0FAA0F;AAC1F,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED,+EAA+E;AAC/E,eAAO,MAAM,eAAe,mBAAa,CAAA;AAEzC;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,IAAI,CAY3E;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,IAAI,CAQ5E;AAED,2EAA2E;AAC3E,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,CAEjE"}

package/dist/components/escape.js

@@ -0,0 +1,76 @@
+/**
+ * SSR-safe escaping + sanitization helpers.
+ *
+ * The components render certification FACTS that originate from brand / expert input
+ * (display names, memos, titles, URLs). React escapes text children + attribute values
+ * by default, so the JSX path is safe without extra work — but two surfaces need
+ * explicit defense:
+ *   1. URLs placed in href/src: a `javascript:` (or `data:`) scheme in a stored URL
+ *      becomes an XSS vector the moment it's clicked. `safeHttpUrl` allows only http(s).
+ *   2. The Web Component + JSON-LD paths build strings by hand (no JSX auto-escaping),
+ *      so they call `escapeHtml` / `escapeAttribute` directly.
+ *
+ * Everything here is pure and runtime-agnostic (no DOM, no Node APIs) so it runs in a
+ * server component, an edge runtime, and the Web Component identically.
+ */
+const HTML_ESCAPES = {
+    '&': '&',
+    '<': '&lt;',
+    '>': '&gt;',
+    '"': '&quot;',
+    "'": '&#39;',
+};
+/** Escape text for safe inclusion in HTML element content or double-quoted attributes. */
+export function escapeHtml(input) {
+    return input.replace(/[&<>"']/g, (c) => HTML_ESCAPES[c] ?? c);
+}
+/** Alias kept explicit at call sites where the value lands in an attribute. */
+export const escapeAttribute = escapeHtml;
+/**
+ * Return the URL only if it is a safe absolute http(s) URL (or a protocol-relative or
+ * site-relative URL), else null. Anything with a `javascript:`/`data:`/`vbscript:`/etc.
+ * scheme — or that fails to parse — is rejected so it can never reach an href/src.
+ * Callers treat null as "omit the link".
+ */
+export function safeHttpUrl(input) {
+    if (!input)
+        return null;
+    const trimmed = input.trim();
+    if (trimmed === '')
+        return null;
+    // Site-relative or protocol-relative URLs are safe (no scheme to abuse).
+    if (trimmed.startsWith('/') || trimmed.startsWith('#') || trimmed.startsWith('?'))
+        return trimmed;
+    try {
+        const u = new URL(trimmed);
+        return u.protocol === 'http:' || u.protocol === 'https:' ? u.toString() : null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Validate a CSS color token for inline `style`. We accept only a conservative set
+ * (`#rgb`/`#rgba`/`#rrggbb`/`#rrggbbaa` hex, `rgb()/rgba()/hsl()/hsla()` functions, and
+ * a bare CSS keyword) so a stored `accentColor` can't inject `expression(...)`,
+ * `url(...)`, or break out of the style attribute. Returns null on anything suspicious.
+ */
+export function safeCssColor(input) {
+    if (!input)
+        return null;
+    const v = input.trim();
+    if (v === '')
+        return null;
+    if (/^#(?:[0-9a-fA-F]{3,4}|[0-9a-fA-F]{6}|[0-9a-fA-F]{8})$/.test(v))
+        return v;
+    if (/^(?:rgb|rgba|hsl|hsla)\(\s*[0-9.,%\s/]+\)$/.test(v))
+        return v;
+    if (/^[a-zA-Z]{1,32}$/.test(v))
+        return v;
+    return null;
+}
+/** Collapse interior whitespace + trim. Used to normalize display text. */
+export function tidyText(input) {
+    return (input ?? '').replace(/\s+/g, ' ').trim();
+}
+//# sourceMappingURL=escape.js.map

package/dist/components/escape.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"escape.js","sourceRoot":"","sources":["../../src/components/escape.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,MAAM,YAAY,GAA2B;IAC5C,GAAG,EAAE,OAAO;IACZ,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,MAAM;IACX,GAAG,EAAE,QAAQ;IACb,GAAG,EAAE,OAAO;CACZ,CAAA;AAED,0FAA0F;AAC1F,MAAM,UAAU,UAAU,CAAC,KAAa;IACvC,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;AAC9D,CAAC;AAED,+EAA+E;AAC/E,MAAM,CAAC,MAAM,eAAe,GAAG,UAAU,CAAA;AAEzC;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,KAAgC;IAC3D,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAA;IAC5B,IAAI,OAAO,KAAK,EAAE;QAAE,OAAO,IAAI,CAAA;IAC/B,yEAAyE;IACzE,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,OAAO,CAAA;IACjG,IAAI,CAAC;QACJ,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAA;QAC1B,OAAO,CAAC,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,IAAI,CAAA;IAC/E,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAA;IACZ,CAAC;AACF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,YAAY,CAAC,KAAgC;IAC5D,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE,CAAA;IACtB,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAA;IACzB,IAAI,uDAAuD,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IAC7E,IAAI,4CAA4C,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IAClE,IAAI,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,OAAO,CAAC,CAAA;IACxC,OAAO,IAAI,CAAA;AACZ,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,QAAQ,CAAC,KAAgC;IACxD,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;AACjD,CAAC"}

package/dist/components/format.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Presentation helpers shared by the React components + Web Component. Pure, no DOM,
+ * no React — so the same formatting drives JSX and the hand-built Web Component string.
+ */
+import type { CertContent, CertDisplayConfig } from '../contract/kernel.js';
+/** Default accent if the brand didn't pin one (CertREV teal). */
+export declare const DEFAULT_ACCENT = "#0f766e";
+export interface ResolvedDisplay {
+    readonly accentColor: string;
+    readonly showExpertPhoto: boolean;
+    readonly showAuthor: boolean;
+    readonly showMemo: boolean;
+    readonly badgeStyle: 'full' | 'compact';
+}
+/** Resolve the optional display config to concrete presentation flags + accent. */
+export declare function resolveDisplay(display: CertDisplayConfig | undefined, accentOverride?: string): ResolvedDisplay;
+export declare function formatDate(iso: string | null | undefined): string | null;
+/** "PhD, RD" — the expert's credential abbreviations, comma-joined. */
+export declare function credentialSuffix(content: CertContent): string;
+/** "Dr. Jane Doe, PhD, RD" — display name with credential suffix appended. */
+export declare function expertNameWithCredentials(content: CertContent): string;
+//# sourceMappingURL=format.d.ts.map

package/dist/components/format.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"format.d.ts","sourceRoot":"","sources":["../../src/components/format.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;AAE3E,iEAAiE;AACjE,eAAO,MAAM,cAAc,YAAY,CAAA;AAEvC,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAA;IACjC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAA;IAC5B,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,SAAS,CAAA;CACvC;AAED,mFAAmF;AACnF,wBAAgB,cAAc,CAAC,OAAO,EAAE,iBAAiB,GAAG,SAAS,EAAE,cAAc,CAAC,EAAE,MAAM,GAAG,eAAe,CAQ/G;AAUD,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,IAAI,CAMxE;AAED,uEAAuE;AACvE,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAE7D;AAED,8EAA8E;AAC9E,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,WAAW,GAAG,MAAM,CAGtE"}