@certrev/cert-block 0.1.1 → 0.1.2

package/dist/builder/index.d.ts

@@ -0,0 +1,73 @@
+/**
+ * @certrev/cert-block/builder — the Builder.io adapter for the cert-block render edge.
+ *
+ * Lets a Builder.io content editor place a "CertREV Review" block into a page; the
+ * headless app's loader (Hydrogen/Next/Remix) crypto-verifies that placement's signed
+ * envelope and supplies the verdict via React context; this block renders cert-block's
+ * <CertReview> from the VERIFIED verdict — and renders NOTHING (fail-closed) on any
+ * suppress or unknown placement.
+ *
+ * THE TRUST BOUNDARY: the credential is never trusted from CMS content. A Builder block
+ * only carries an opaque `placementId` pointer; the authority comes solely from the
+ * loader-side WebCrypto verdict supplied through <CertVerifyProvider>. So a revoked /
+ * tampered / expired / wrong-subject placement that an editor drops into Builder renders
+ * nothing, even though the block is present in the published content.
+ *
+ * cert-block carries NO dependency on `@builder.io/sdk-react` — the registration's shape is
+ * declared structurally below, so the emitted JS pulls no Builder code and the type resolves
+ * without Builder installed. The consumer (who already has Builder) passes
+ * `certReviewBuilderComponent` to Builder's `<Content customComponents={[...]}>`; it is
+ * assignable to Builder's `RegisteredComponent` there.
+ */
+import { type ReactNode } from 'react';
+import type { CertVerdict } from '../contract/kernel.js';
+/** A loader-verified placement: the verdict cert-block renders from, plus the canonical
+ *  page URL for JSON-LD @id alignment. */
+export interface VerifiedPlacement {
+    readonly verdict: CertVerdict;
+    readonly pageUrl?: string;
+}
+/** Map of `placementId` → the loader's verified result. Built server-side in the loader
+ *  (it crypto-verifies each placement) and handed to <CertVerifyProvider>. */
+export type VerifiedPlacements = Record<string, VerifiedPlacement>;
+/** Wraps Builder's <Content>; carries the loader's verified verdicts down to every
+ *  CertReview block, keyed by `placementId`. */
+export declare function CertVerifyProvider({ value, children, }: {
+    readonly value: VerifiedPlacements;
+    readonly children: ReactNode;
+}): import("react").JSX.Element;
+export interface CertReviewBlockProps {
+    /** The CertREV placement id the editor set on this Builder block. */
+    readonly placementId?: string;
+}
+/**
+ * The component Builder renders for a "CertREV Review" block. It pulls the loader-verified
+ * verdict for its `placementId` from context and renders <CertReview>. Unknown placement
+ * OR a non-`render` verdict → renders nothing. cert-block's <CertReview> ALSO suppresses on
+ * a non-render verdict, so the boundary fails closed twice over (defense in depth).
+ */
+export declare function CertReviewBlock({ placementId }: CertReviewBlockProps): import("react").JSX.Element | null;
+/**
+ * Structural shape of `@builder.io/sdk-react`'s `RegisteredComponent` — exactly the subset
+ * cert-block populates. Declared locally (not imported) so cert-block needs no Builder
+ * build- or runtime-dependency; the object below is assignable to Builder's
+ * `RegisteredComponent` at the consumer's `<Content customComponents={[...]}>` call site.
+ */
+export interface CertReviewBuilderRegistration {
+    component: typeof CertReviewBlock;
+    name: string;
+    inputs: Array<{
+        name: string;
+        type: 'string';
+        required?: boolean;
+        helperText?: string;
+    }>;
+}
+/**
+ * The registration object to pass to Builder's `<Content customComponents={[...]}>`.
+ * Editors see a "CertREV Review" component with one input — the placement id. Because the
+ * block is matched by NAME at render time, this also works for content created via the
+ * Builder Write API (no visual-editor registration required for rendering).
+ */
+export declare const certReviewBuilderComponent: CertReviewBuilderRegistration;
+//# sourceMappingURL=index.d.ts.map

package/dist/builder/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/builder/index.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,EAAiB,KAAK,SAAS,EAAc,MAAM,OAAO,CAAA;AAEjE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAExD;0CAC0C;AAC1C,MAAM,WAAW,iBAAiB;IACjC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAA;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CACzB;AAED;8EAC8E;AAC9E,MAAM,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAA;AAIlE;gDACgD;AAChD,wBAAgB,kBAAkB,CAAC,EAClC,KAAK,EACL,QAAQ,GACR,EAAE;IACF,QAAQ,CAAC,KAAK,EAAE,kBAAkB,CAAA;IAClC,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAA;CAC5B,+BAEA;AAED,MAAM,WAAW,oBAAoB;IACpC,qEAAqE;IACrE,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAC7B;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,EAAE,WAAW,EAAE,EAAE,oBAAoB,sCAKpE;AAED;;;;;GAKG;AACH,MAAM,WAAW,6BAA6B;IAC7C,SAAS,EAAE,OAAO,eAAe,CAAA;IACjC,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,QAAQ,CAAC;QAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CACxF;AAED;;;;;GAKG;AACH,eAAO,MAAM,0BAA0B,EAAE,6BAaxC,CAAA"}

package/dist/builder/index.js

@@ -0,0 +1,63 @@
+import { jsx as _jsx } from "react/jsx-runtime";
+/**
+ * @certrev/cert-block/builder — the Builder.io adapter for the cert-block render edge.
+ *
+ * Lets a Builder.io content editor place a "CertREV Review" block into a page; the
+ * headless app's loader (Hydrogen/Next/Remix) crypto-verifies that placement's signed
+ * envelope and supplies the verdict via React context; this block renders cert-block's
+ * <CertReview> from the VERIFIED verdict — and renders NOTHING (fail-closed) on any
+ * suppress or unknown placement.
+ *
+ * THE TRUST BOUNDARY: the credential is never trusted from CMS content. A Builder block
+ * only carries an opaque `placementId` pointer; the authority comes solely from the
+ * loader-side WebCrypto verdict supplied through <CertVerifyProvider>. So a revoked /
+ * tampered / expired / wrong-subject placement that an editor drops into Builder renders
+ * nothing, even though the block is present in the published content.
+ *
+ * cert-block carries NO dependency on `@builder.io/sdk-react` — the registration's shape is
+ * declared structurally below, so the emitted JS pulls no Builder code and the type resolves
+ * without Builder installed. The consumer (who already has Builder) passes
+ * `certReviewBuilderComponent` to Builder's `<Content customComponents={[...]}>`; it is
+ * assignable to Builder's `RegisteredComponent` there.
+ */
+import { createContext, useContext } from 'react';
+import { CertReview } from '../components/CertReview.js';
+const CertVerifyContext = createContext({});
+/** Wraps Builder's <Content>; carries the loader's verified verdicts down to every
+ *  CertReview block, keyed by `placementId`. */
+export function CertVerifyProvider({ value, children, }) {
+    return _jsx(CertVerifyContext.Provider, { value: value, children: children });
+}
+/**
+ * The component Builder renders for a "CertREV Review" block. It pulls the loader-verified
+ * verdict for its `placementId` from context and renders <CertReview>. Unknown placement
+ * OR a non-`render` verdict → renders nothing. cert-block's <CertReview> ALSO suppresses on
+ * a non-render verdict, so the boundary fails closed twice over (defense in depth).
+ */
+export function CertReviewBlock({ placementId }) {
+    const placements = useContext(CertVerifyContext);
+    const placement = placementId ? placements[placementId] : undefined;
+    if (!placement)
+        return null;
+    return _jsx(CertReview, { verdict: placement.verdict, pageUrl: placement.pageUrl });
+}
+/**
+ * The registration object to pass to Builder's `<Content customComponents={[...]}>`.
+ * Editors see a "CertREV Review" component with one input — the placement id. Because the
+ * block is matched by NAME at render time, this also works for content created via the
+ * Builder Write API (no visual-editor registration required for rendering).
+ */
+export const certReviewBuilderComponent = {
+    component: CertReviewBlock,
+    name: 'CertREV Review',
+    inputs: [
+        {
+            name: 'placementId',
+            type: 'string',
+            required: true,
+            helperText: 'CertREV placement id (which certified article this badge attests). The headless ' +
+                'loader verifies that placement’s signed envelope; only a render-verdict shows a badge.',
+        },
+    ],
+};
+//# sourceMappingURL=index.js.map

package/dist/builder/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/builder/index.tsx"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,EAAE,aAAa,EAAkB,UAAU,EAAE,MAAM,OAAO,CAAA;AACjE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AAcxD,MAAM,iBAAiB,GAAG,aAAa,CAAqB,EAAE,CAAC,CAAA;AAE/D;gDACgD;AAChD,MAAM,UAAU,kBAAkB,CAAC,EAClC,KAAK,EACL,QAAQ,GAIR;IACA,OAAO,KAAC,iBAAiB,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAAG,QAAQ,GAA8B,CAAA;AACzF,CAAC;AAOD;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,EAAE,WAAW,EAAwB;IACpE,MAAM,UAAU,GAAG,UAAU,CAAC,iBAAiB,CAAC,CAAA;IAChD,MAAM,SAAS,GAAG,WAAW,CAAC,CAAC,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;IACnE,IAAI,CAAC,SAAS;QAAE,OAAO,IAAI,CAAA;IAC3B,OAAO,KAAC,UAAU,IAAC,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,GAAI,CAAA;AAC9E,CAAC;AAcD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,0BAA0B,GAAkC;IACxE,SAAS,EAAE,eAAe;IAC1B,IAAI,EAAE,gBAAgB;IACtB,MAAM,EAAE;QACP;YACC,IAAI,EAAE,aAAa;YACnB,IAAI,EAAE,QAAQ;YACd,QAAQ,EAAE,IAAI;YACd,UAAU,EACT,kFAAkF;gBAClF,wFAAwF;SACzF;KACD;CACD,CAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@certrev/cert-block",
-	"version": "0.1.1",
+	"version": "0.1.2",
 	"description": "Headless / crypto_verify render edge for the CertREV CertDeliveryEnvelope. SSR-safe React components (<CertBadge>/<ExpertBio>/<CertRevBacklink>), a deterministic schema.org JSON-LD projector, a fail-closed verify layer over the shared VerdictKernel, and a framework-agnostic <certrev-badge> Web Component. Sign once (portal), render everywhere (Hydrogen / Next / Builder / universal embed).",
 	"type": "module",
 	"main": "./dist/index.js",
@@ -10,6 +10,10 @@
 			"types": "./dist/index.d.ts",
 			"default": "./dist/index.js"
 		},
+		"./builder": {
+			"types": "./dist/builder/index.d.ts",
+			"default": "./dist/builder/index.js"
+		},
 		"./webcomponent": {
 			"types": "./dist/webcomponent/certrev-badge.d.ts",
 			"default": "./dist/webcomponent/certrev-badge.js"

package/src/builder/__tests__/builder.test.tsx

@@ -0,0 +1,81 @@
+/**
+ * SSR-render tests for the Builder.io adapter (`@certrev/cert-block/builder`), exercised
+ * through `react-dom/server`'s `renderToStaticMarkup` — the same path Hydrogen/Next use to
+ * produce crawlable HTML on the edge. These prove the adapter's load-bearing contract:
+ *
+ *   • a render-verdict placement renders the in-DOM cert badge (crawlable);
+ *   • EVERY non-render path — suppress verdict, unknown placement, missing placementId —
+ *     renders NOTHING (fail-closed survives the CMS boundary);
+ *   • when one Content tree mixes a valid + a revoked placement (the /builder-cert proof
+ *     shape), only the valid one renders.
+ *
+ * Authority comes solely from the loader-supplied verdict in <CertVerifyProvider>; the
+ * `placementId` is an opaque pointer the CMS cannot use to manufacture a badge.
+ */
+import { renderToStaticMarkup } from 'react-dom/server'
+import { describe, expect, it } from 'vitest'
+import { makeMockPayload } from '../../contract/fixtures.js'
+import type { CertVerdict } from '../../contract/kernel.js'
+import { CertReviewBlock, CertVerifyProvider, certReviewBuilderComponent, type VerifiedPlacements } from '../index.js'
+
+const renderVerdict: CertVerdict = { decision: 'render', payload: makeMockPayload() }
+const suppressVerdict: CertVerdict = { decision: 'suppress', reason: 'revoked' }
+
+function renderBlock(placements: VerifiedPlacements, placementId?: string): string {
+	return renderToStaticMarkup(
+		<CertVerifyProvider value={placements}>
+			<CertReviewBlock placementId={placementId} />
+		</CertVerifyProvider>,
+	)
+}
+
+describe('Builder adapter — registration', () => {
+	it('registers as "CertREV Review" with a single required string `placementId` input', () => {
+		expect(certReviewBuilderComponent.name).toBe('CertREV Review')
+		expect(certReviewBuilderComponent.component).toBe(CertReviewBlock)
+		const input = certReviewBuilderComponent.inputs?.find((i) => i.name === 'placementId')
+		expect(input).toBeDefined()
+		expect(input?.required).toBe(true)
+		expect(input?.type).toBe('string')
+	})
+})
+
+describe('Builder adapter — CertReviewBlock render', () => {
+	it('renders the verified badge for a render-verdict placement (in-DOM, crawlable)', () => {
+		const html = renderBlock({ 'p-valid': { verdict: renderVerdict, pageUrl: 'https://brand.example.com/a' } }, 'p-valid')
+		expect(html).toContain('certrev-badge')
+		expect(html).toContain('Dr. Jane Doe')
+		expect(html).toContain('data-certrev-cert-id="cert_fixture_001"')
+	})
+
+	it('FAIL-CLOSED: a suppress-verdict placement renders nothing', () => {
+		expect(renderBlock({ 'p-revoked': { verdict: suppressVerdict } }, 'p-revoked')).toBe('')
+	})
+
+	it('FAIL-CLOSED: an unknown placementId renders nothing', () => {
+		expect(renderBlock({ 'p-valid': { verdict: renderVerdict } }, 'p-not-here')).toBe('')
+	})
+
+	it('FAIL-CLOSED: a missing placementId renders nothing', () => {
+		expect(renderBlock({ 'p-valid': { verdict: renderVerdict } }, undefined)).toBe('')
+	})
+
+	it('mixed content (valid + revoked in one Content tree): only the valid placement renders', () => {
+		const placements: VerifiedPlacements = {
+			'p-valid': { verdict: renderVerdict, pageUrl: 'https://brand.example.com/a' },
+			'p-revoked': { verdict: suppressVerdict },
+		}
+		const html = renderToStaticMarkup(
+			<CertVerifyProvider value={placements}>
+				<div id="valid-block">
+					<CertReviewBlock placementId="p-valid" />
+				</div>
+				<div id="revoked-block">
+					<CertReviewBlock placementId="p-revoked" />
+				</div>
+			</CertVerifyProvider>,
+		)
+		expect(html).toContain('certrev-badge') // valid rendered
+		expect(html).toContain('<div id="revoked-block"></div>') // revoked empty — fail-closed through the CMS
+	})
+})

package/src/builder/index.tsx

@@ -0,0 +1,100 @@
+/**
+ * @certrev/cert-block/builder — the Builder.io adapter for the cert-block render edge.
+ *
+ * Lets a Builder.io content editor place a "CertREV Review" block into a page; the
+ * headless app's loader (Hydrogen/Next/Remix) crypto-verifies that placement's signed
+ * envelope and supplies the verdict via React context; this block renders cert-block's
+ * <CertReview> from the VERIFIED verdict — and renders NOTHING (fail-closed) on any
+ * suppress or unknown placement.
+ *
+ * THE TRUST BOUNDARY: the credential is never trusted from CMS content. A Builder block
+ * only carries an opaque `placementId` pointer; the authority comes solely from the
+ * loader-side WebCrypto verdict supplied through <CertVerifyProvider>. So a revoked /
+ * tampered / expired / wrong-subject placement that an editor drops into Builder renders
+ * nothing, even though the block is present in the published content.
+ *
+ * cert-block carries NO dependency on `@builder.io/sdk-react` — the registration's shape is
+ * declared structurally below, so the emitted JS pulls no Builder code and the type resolves
+ * without Builder installed. The consumer (who already has Builder) passes
+ * `certReviewBuilderComponent` to Builder's `<Content customComponents={[...]}>`; it is
+ * assignable to Builder's `RegisteredComponent` there.
+ */
+import { createContext, type ReactNode, useContext } from 'react'
+import { CertReview } from '../components/CertReview.js'
+import type { CertVerdict } from '../contract/kernel.js'
+
+/** A loader-verified placement: the verdict cert-block renders from, plus the canonical
+ *  page URL for JSON-LD @id alignment. */
+export interface VerifiedPlacement {
+	readonly verdict: CertVerdict
+	readonly pageUrl?: string
+}
+
+/** Map of `placementId` → the loader's verified result. Built server-side in the loader
+ *  (it crypto-verifies each placement) and handed to <CertVerifyProvider>. */
+export type VerifiedPlacements = Record<string, VerifiedPlacement>
+
+const CertVerifyContext = createContext<VerifiedPlacements>({})
+
+/** Wraps Builder's <Content>; carries the loader's verified verdicts down to every
+ *  CertReview block, keyed by `placementId`. */
+export function CertVerifyProvider({
+	value,
+	children,
+}: {
+	readonly value: VerifiedPlacements
+	readonly children: ReactNode
+}) {
+	return <CertVerifyContext.Provider value={value}>{children}</CertVerifyContext.Provider>
+}
+
+export interface CertReviewBlockProps {
+	/** The CertREV placement id the editor set on this Builder block. */
+	readonly placementId?: string
+}
+
+/**
+ * The component Builder renders for a "CertREV Review" block. It pulls the loader-verified
+ * verdict for its `placementId` from context and renders <CertReview>. Unknown placement
+ * OR a non-`render` verdict → renders nothing. cert-block's <CertReview> ALSO suppresses on
+ * a non-render verdict, so the boundary fails closed twice over (defense in depth).
+ */
+export function CertReviewBlock({ placementId }: CertReviewBlockProps) {
+	const placements = useContext(CertVerifyContext)
+	const placement = placementId ? placements[placementId] : undefined
+	if (!placement) return null
+	return <CertReview verdict={placement.verdict} pageUrl={placement.pageUrl} />
+}
+
+/**
+ * Structural shape of `@builder.io/sdk-react`'s `RegisteredComponent` — exactly the subset
+ * cert-block populates. Declared locally (not imported) so cert-block needs no Builder
+ * build- or runtime-dependency; the object below is assignable to Builder's
+ * `RegisteredComponent` at the consumer's `<Content customComponents={[...]}>` call site.
+ */
+export interface CertReviewBuilderRegistration {
+	component: typeof CertReviewBlock
+	name: string
+	inputs: Array<{ name: string; type: 'string'; required?: boolean; helperText?: string }>
+}
+
+/**
+ * The registration object to pass to Builder's `<Content customComponents={[...]}>`.
+ * Editors see a "CertREV Review" component with one input — the placement id. Because the
+ * block is matched by NAME at render time, this also works for content created via the
+ * Builder Write API (no visual-editor registration required for rendering).
+ */
+export const certReviewBuilderComponent: CertReviewBuilderRegistration = {
+	component: CertReviewBlock,
+	name: 'CertREV Review',
+	inputs: [
+		{
+			name: 'placementId',
+			type: 'string',
+			required: true,
+			helperText:
+				'CertREV placement id (which certified article this badge attests). The headless ' +
+				'loader verifies that placement’s signed envelope; only a render-verdict shows a badge.',
+		},
+	],
+}