@certrev/cert-block 0.1.1 → 0.1.3

package/dist/builder/index.d.ts

@@ -0,0 +1,75 @@
+/**
+ * @certrev/cert-block/builder — Builder.io adapter, "ambient-URL anchor" model.
+ *
+ * Validated by an independent architecture panel (Codex gpt-5.5 + Gemini, blind): a visual
+ * page builder must NOT choose WHICH credential renders — that invites cross-article misuse and
+ * re-opens the wrong-subject surface. Instead:
+ *   • the CMS controls LAYOUT — an editor drags a ZERO-INPUT <CertRevAnchor/> to position the
+ *     badge on the page;
+ *   • the SYSTEM controls TRUTH — the headless loader resolves THIS page's credential from its
+ *     own URL (Track-1 delivery), crypto-verifies it (fail-closed VerdictKernel), and supplies
+ *     the verdict via context.
+ * The anchor renders the current page's verified badge or NOTHING. It cannot be pointed at
+ * another article, and there is no `placementId` input to forge or mis-select.
+ *
+ * JSON-LD is DECOUPLED (panel finding): the anchor renders the BADGE only (`omitJsonLd`). The
+ * article template emits the schema.org JSON-LD server-side from the same verified verdict, so a
+ * page builder can't duplicate, move, or omit structured data. (See the route example.)
+ *
+ * EDGE-CACHE DISCIPLINE (panel finding): the consumer's loader MUST verify per request as a
+ * dynamic edge subrequest and must NOT long-cache the rendered badge HTML — a revoked/expired
+ * credential sitting in a stale edge cache would defeat fail-closed. Bound any positive-verdict
+ * cache by min(expiry, revocation-TTL, content-version).
+ *
+ * cert-block carries no Builder dependency: the registration shape is declared structurally, and
+ * `isEditing` is a passed-in flag (the consumer supplies Builder's `isPreviewing()`).
+ */
+import { type ReactNode } from 'react';
+import type { CertVerdict } from '../contract/kernel.js';
+/** The current page's credential, resolved + verified by the loader (Track-1 delivery). */
+export interface CurrentCredential {
+    readonly verdict: CertVerdict;
+    /** Canonical page URL for JSON-LD @id alignment (used by the server-side JSON-LD, not the anchor). */
+    readonly pageUrl?: string;
+}
+/**
+ * Supplies THIS page's loader-verified credential to the anchor. `current` is the verdict for
+ * the current page (or null if the page has no delivered credential). `isEditing` is the
+ * consumer's Builder `isPreviewing()` result — it ONLY toggles a design-time placeholder and
+ * NEVER affects the published render.
+ */
+export declare function CertRevProvider({ current, isEditing, children, }: {
+    readonly current: CurrentCredential | null;
+    readonly isEditing?: boolean;
+    readonly children: ReactNode;
+}): import("react").JSX.Element;
+/**
+ * Design-time placeholder shown ONLY in the Builder editor when the current page has no live
+ * verified credential. Truthful (never a fake badge), emits NO JSON-LD, and never renders in
+ * production — so it cannot leak to or be crawled on the live site.
+ */
+export declare function CertRevEditorPlaceholder(): import("react").JSX.Element;
+/**
+ * The Builder block. ZERO inputs — a layout anchor only. Renders the current page's VERIFIED
+ * badge (badge only; JSON-LD is emitted server-side), the editor placeholder in design mode, or
+ * NOTHING in production (fail-closed). The credential is whatever Track-1 delivered + verified for
+ * THIS page; the editor can neither choose nor forge it.
+ */
+export declare function CertRevAnchor(): import("react").JSX.Element | null;
+/**
+ * Structural shape of `@builder.io/sdk-react`'s `RegisteredComponent` — the subset cert-block
+ * populates. Declared locally so cert-block needs no Builder build/runtime dependency; assignable
+ * to Builder's `RegisteredComponent` at the consumer's `<Content customComponents={[...]}>`.
+ */
+export interface CertRevBuilderRegistration {
+    component: typeof CertRevAnchor;
+    name: string;
+    inputs: never[];
+}
+/**
+ * The registration to pass to Builder's `<Content customComponents={[...]}>`. ZERO inputs by
+ * design — the editor places it (layout); the system resolves the credential from the page URL
+ * (truth). Matched by NAME at render, so Write-API content works without visual-editor setup.
+ */
+export declare const certRevAnchorComponent: CertRevBuilderRegistration;
+//# sourceMappingURL=index.d.ts.map

package/dist/builder/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/builder/index.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,OAAO,EAAiB,KAAK,SAAS,EAAc,MAAM,OAAO,CAAA;AAEjE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAExD,2FAA2F;AAC3F,MAAM,WAAW,iBAAiB;IACjC,QAAQ,CAAC,OAAO,EAAE,WAAW,CAAA;IAC7B,sGAAsG;IACtG,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CACzB;AASD;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,EAC/B,OAAO,EACP,SAAiB,EACjB,QAAQ,GACR,EAAE;IACF,QAAQ,CAAC,OAAO,EAAE,iBAAiB,GAAG,IAAI,CAAA;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,CAAA;IAC5B,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAA;CAC5B,+BAEA;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,gCAiBvC;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,uCAO5B;AAED;;;;GAIG;AACH,MAAM,WAAW,0BAA0B;IAC1C,SAAS,EAAE,OAAO,aAAa,CAAA;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,KAAK,EAAE,CAAA;CACf;AAED;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,EAAE,0BAIpC,CAAA"}

package/dist/builder/index.js

@@ -0,0 +1,80 @@
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+/**
+ * @certrev/cert-block/builder — Builder.io adapter, "ambient-URL anchor" model.
+ *
+ * Validated by an independent architecture panel (Codex gpt-5.5 + Gemini, blind): a visual
+ * page builder must NOT choose WHICH credential renders — that invites cross-article misuse and
+ * re-opens the wrong-subject surface. Instead:
+ *   • the CMS controls LAYOUT — an editor drags a ZERO-INPUT <CertRevAnchor/> to position the
+ *     badge on the page;
+ *   • the SYSTEM controls TRUTH — the headless loader resolves THIS page's credential from its
+ *     own URL (Track-1 delivery), crypto-verifies it (fail-closed VerdictKernel), and supplies
+ *     the verdict via context.
+ * The anchor renders the current page's verified badge or NOTHING. It cannot be pointed at
+ * another article, and there is no `placementId` input to forge or mis-select.
+ *
+ * JSON-LD is DECOUPLED (panel finding): the anchor renders the BADGE only (`omitJsonLd`). The
+ * article template emits the schema.org JSON-LD server-side from the same verified verdict, so a
+ * page builder can't duplicate, move, or omit structured data. (See the route example.)
+ *
+ * EDGE-CACHE DISCIPLINE (panel finding): the consumer's loader MUST verify per request as a
+ * dynamic edge subrequest and must NOT long-cache the rendered badge HTML — a revoked/expired
+ * credential sitting in a stale edge cache would defeat fail-closed. Bound any positive-verdict
+ * cache by min(expiry, revocation-TTL, content-version).
+ *
+ * cert-block carries no Builder dependency: the registration shape is declared structurally, and
+ * `isEditing` is a passed-in flag (the consumer supplies Builder's `isPreviewing()`).
+ */
+import { createContext, useContext } from 'react';
+import { CertReview } from '../components/CertReview.js';
+const CertRevContext = createContext({ current: null, isEditing: false });
+/**
+ * Supplies THIS page's loader-verified credential to the anchor. `current` is the verdict for
+ * the current page (or null if the page has no delivered credential). `isEditing` is the
+ * consumer's Builder `isPreviewing()` result — it ONLY toggles a design-time placeholder and
+ * NEVER affects the published render.
+ */
+export function CertRevProvider({ current, isEditing = false, children, }) {
+    return _jsx(CertRevContext.Provider, { value: { current, isEditing }, children: children });
+}
+/**
+ * Design-time placeholder shown ONLY in the Builder editor when the current page has no live
+ * verified credential. Truthful (never a fake badge), emits NO JSON-LD, and never renders in
+ * production — so it cannot leak to or be crawled on the live site.
+ */
+export function CertRevEditorPlaceholder() {
+    return (_jsxs("div", { "data-certrev-editor-placeholder": "", style: {
+            border: '1px dashed #e6007e',
+            borderRadius: 8,
+            padding: '10px 14px',
+            font: '13px system-ui',
+            color: '#6b7280',
+            background: '#fff5fa',
+        }, children: ["CertREV Review \u2014 ", _jsx("b", { children: "resolves at publish" }), " from issuer verification. The expert badge appears here once this page\u2019s article is certified, and only while the credential is valid."] }));
+}
+/**
+ * The Builder block. ZERO inputs — a layout anchor only. Renders the current page's VERIFIED
+ * badge (badge only; JSON-LD is emitted server-side), the editor placeholder in design mode, or
+ * NOTHING in production (fail-closed). The credential is whatever Track-1 delivered + verified for
+ * THIS page; the editor can neither choose nor forge it.
+ */
+export function CertRevAnchor() {
+    const { current, isEditing } = useContext(CertRevContext);
+    if (current && current.verdict.decision === 'render') {
+        return _jsx(CertReview, { verdict: current.verdict, pageUrl: current.pageUrl, omitJsonLd: true });
+    }
+    if (isEditing)
+        return _jsx(CertRevEditorPlaceholder, {});
+    return null;
+}
+/**
+ * The registration to pass to Builder's `<Content customComponents={[...]}>`. ZERO inputs by
+ * design — the editor places it (layout); the system resolves the credential from the page URL
+ * (truth). Matched by NAME at render, so Write-API content works without visual-editor setup.
+ */
+export const certRevAnchorComponent = {
+    component: CertRevAnchor,
+    name: 'CertREV Review',
+    inputs: [],
+};
+//# sourceMappingURL=index.js.map

package/dist/builder/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/builder/index.tsx"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,OAAO,EAAE,aAAa,EAAkB,UAAU,EAAE,MAAM,OAAO,CAAA;AACjE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AAexD,MAAM,cAAc,GAAG,aAAa,CAAsB,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAA;AAE9F;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,EAC/B,OAAO,EACP,SAAS,GAAG,KAAK,EACjB,QAAQ,GAKR;IACA,OAAO,KAAC,cAAc,CAAC,QAAQ,IAAC,KAAK,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,YAAG,QAAQ,GAA2B,CAAA;AACpG,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,wBAAwB;IACvC,OAAO,CACN,kDACiC,EAAE,EAClC,KAAK,EAAE;YACN,MAAM,EAAE,oBAAoB;YAC5B,YAAY,EAAE,CAAC;YACf,OAAO,EAAE,WAAW;YACpB,IAAI,EAAE,gBAAgB;YACtB,KAAK,EAAE,SAAS;YAChB,UAAU,EAAE,SAAS;SACrB,uCAEgB,8CAA0B,oJAEtC,CACN,CAAA;AACF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa;IAC5B,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,UAAU,CAAC,cAAc,CAAC,CAAA;IACzD,IAAI,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACtD,OAAO,KAAC,UAAU,IAAC,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,UAAU,SAAG,CAAA;IACrF,CAAC;IACD,IAAI,SAAS;QAAE,OAAO,KAAC,wBAAwB,KAAG,CAAA;IAClD,OAAO,IAAI,CAAA;AACZ,CAAC;AAaD;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAA+B;IACjE,SAAS,EAAE,aAAa;IACxB,IAAI,EAAE,gBAAgB;IACtB,MAAM,EAAE,EAAE;CACV,CAAA"}

package/package.json

@@ -1,74 +1,78 @@
 {
-	"name": "@certrev/cert-block",
-	"version": "0.1.1",
-	"description": "Headless / crypto_verify render edge for the CertREV CertDeliveryEnvelope. SSR-safe React components (<CertBadge>/<ExpertBio>/<CertRevBacklink>), a deterministic schema.org JSON-LD projector, a fail-closed verify layer over the shared VerdictKernel, and a framework-agnostic <certrev-badge> Web Component. Sign once (portal), render everywhere (Hydrogen / Next / Builder / universal embed).",
-	"type": "module",
-	"main": "./dist/index.js",
-	"types": "./dist/index.d.ts",
-	"exports": {
-		".": {
-			"types": "./dist/index.d.ts",
-			"default": "./dist/index.js"
-		},
-		"./webcomponent": {
-			"types": "./dist/webcomponent/certrev-badge.d.ts",
-			"default": "./dist/webcomponent/certrev-badge.js"
-		},
-		"./fixtures": {
-			"types": "./dist/contract/fixtures.d.ts",
-			"default": "./dist/contract/fixtures.js"
-		}
-	},
-	"files": [
-		"dist",
-		"src",
-		"README.md"
-	],
-	"publishConfig": {
-		"registry": "https://registry.npmjs.org",
-		"access": "public"
-	},
-	"publishTargets": [
-		"npmjs"
-	],
-	"scripts": {
-		"build": "tsc",
-		"typecheck": "tsc --noEmit",
-		"test": "vitest run"
-	},
-	"peerDependencies": {
-		"@certrev/cert-contract": ">=0.1.2",
-		"react": ">=18.0.0"
-	},
-	"peerDependenciesMeta": {
-		"react": {
-			"optional": false
-		}
-	},
-	"devDependencies": {
-		"@certrev/cert-contract": "workspace:*",
-		"@testing-library/react": "^16.1.0",
-		"@types/node": "^20.0.0",
-		"@types/react": "^18.3.0",
-		"@types/react-dom": "^18.3.0",
-		"jsdom": "^25.0.0",
-		"react": "^18.3.1",
-		"react-dom": "^18.3.1",
-		"typescript": "^6.0.3",
-		"vitest": "^4.1.5"
-	},
-	"keywords": [
-		"certrev",
-		"certification",
-		"react",
-		"server-components",
-		"hydrogen",
-		"shopify",
-		"json-ld",
-		"schema-org",
-		"web-component",
-		"ed25519",
-		"ssr"
-	],
-	"license": "MIT"
+  "name": "@certrev/cert-block",
+  "version": "0.1.3",
+  "description": "Headless / crypto_verify render edge for the CertREV CertDeliveryEnvelope. SSR-safe React components (<CertBadge>/<ExpertBio>/<CertRevBacklink>), a deterministic schema.org JSON-LD projector, a fail-closed verify layer over the shared VerdictKernel, and a framework-agnostic <certrev-badge> Web Component. Sign once (portal), render everywhere (Hydrogen / Next / Builder / universal embed).",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    },
+    "./builder": {
+      "types": "./dist/builder/index.d.ts",
+      "default": "./dist/builder/index.js"
+    },
+    "./webcomponent": {
+      "types": "./dist/webcomponent/certrev-badge.d.ts",
+      "default": "./dist/webcomponent/certrev-badge.js"
+    },
+    "./fixtures": {
+      "types": "./dist/contract/fixtures.d.ts",
+      "default": "./dist/contract/fixtures.js"
+    }
+  },
+  "files": [
+    "dist",
+    "src",
+    "README.md"
+  ],
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org",
+    "access": "public"
+  },
+  "publishTargets": [
+    "npmjs"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run"
+  },
+  "peerDependencies": {
+    "@certrev/cert-contract": ">=0.1.2",
+    "react": ">=18.0.0"
+  },
+  "peerDependenciesMeta": {
+    "react": {
+      "optional": false
+    }
+  },
+  "devDependencies": {
+    "@certrev/cert-contract": "workspace:*",
+    "@testing-library/react": "^16.1.0",
+    "@types/node": "^20.0.0",
+    "@types/react": "^18.3.0",
+    "@types/react-dom": "^18.3.0",
+    "jsdom": "^25.0.0",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1",
+    "typescript": "^6.0.3",
+    "vitest": "^4.1.5"
+  },
+  "keywords": [
+    "certrev",
+    "certification",
+    "react",
+    "server-components",
+    "hydrogen",
+    "shopify",
+    "json-ld",
+    "schema-org",
+    "web-component",
+    "ed25519",
+    "ssr"
+  ],
+  "license": "MIT"
 }

package/src/builder/__tests__/builder.test.tsx

@@ -0,0 +1,68 @@
+/**
+ * SSR-render tests for the Builder.io adapter (`@certrev/cert-block/builder`), the panel-validated
+ * "ambient-URL anchor" model — exercised through `renderToStaticMarkup` (the edge SSR path).
+ *
+ * Contract proved here:
+ *   • the anchor renders the CURRENT page's verified badge — and badge ONLY (JSON-LD is emitted
+ *     server-side, decoupled from the visual slot);
+ *   • EVERY non-render path (suppress verdict, no credential for the page) renders nothing in
+ *     production (fail-closed);
+ *   • in the Builder editor (`isEditing`) with no live credential, a truthful placeholder shows —
+ *     never a fake badge, and never any JSON-LD;
+ *   • the registration is ZERO-input: the editor cannot choose or forge which credential renders.
+ */
+import { renderToStaticMarkup } from 'react-dom/server'
+import { describe, expect, it } from 'vitest'
+import { makeMockPayload } from '../../contract/fixtures.js'
+import type { CertVerdict } from '../../contract/kernel.js'
+import { CertRevAnchor, CertRevProvider, certRevAnchorComponent, type CurrentCredential } from '../index.js'
+
+const renderVerdict: CertVerdict = { decision: 'render', payload: makeMockPayload() }
+const suppressVerdict: CertVerdict = { decision: 'suppress', reason: 'revoked' }
+
+function render(current: CurrentCredential | null, isEditing = false): string {
+	return renderToStaticMarkup(
+		<CertRevProvider current={current} isEditing={isEditing}>
+			<CertRevAnchor />
+		</CertRevProvider>,
+	)
+}
+
+describe('Builder adapter — registration (zero-input anchor)', () => {
+	it('registers "CertREV Review" with NO inputs (editor places it; system resolves the credential)', () => {
+		expect(certRevAnchorComponent.name).toBe('CertREV Review')
+		expect(certRevAnchorComponent.component).toBe(CertRevAnchor)
+		expect(certRevAnchorComponent.inputs).toEqual([])
+	})
+})
+
+describe('Builder adapter — CertRevAnchor render', () => {
+	it('renders the current page’s verified badge — and ONLY the badge (no JSON-LD; that is server-side)', () => {
+		const html = render({ verdict: renderVerdict, pageUrl: 'https://brand.example.com/a' })
+		expect(html).toContain('certrev-badge')
+		expect(html).toContain('Dr. Jane Doe')
+		expect(html).not.toContain('application/ld+json') // JSON-LD decoupled to the article template
+	})
+
+	it('FAIL-CLOSED: a suppress verdict renders nothing', () => {
+		expect(render({ verdict: suppressVerdict })).toBe('')
+	})
+
+	it('FAIL-CLOSED: no credential for this page renders nothing in production', () => {
+		expect(render(null, false)).toBe('')
+	})
+
+	it('EDITOR: no live credential + isEditing renders a truthful placeholder (no badge, no JSON-LD)', () => {
+		const html = render(null, true)
+		expect(html).toContain('data-certrev-editor-placeholder')
+		expect(html).toContain('resolves at publish')
+		expect(html).not.toContain('certrev-badge')
+		expect(html).not.toContain('application/ld+json')
+	})
+
+	it('EDITOR: a live verified credential renders the REAL badge even in editing mode (true draft-verify)', () => {
+		const html = render({ verdict: renderVerdict }, true)
+		expect(html).toContain('certrev-badge')
+		expect(html).not.toContain('data-certrev-editor-placeholder')
+	})
+})

package/src/builder/index.tsx

@@ -0,0 +1,122 @@
+/**
+ * @certrev/cert-block/builder — Builder.io adapter, "ambient-URL anchor" model.
+ *
+ * Validated by an independent architecture panel (Codex gpt-5.5 + Gemini, blind): a visual
+ * page builder must NOT choose WHICH credential renders — that invites cross-article misuse and
+ * re-opens the wrong-subject surface. Instead:
+ *   • the CMS controls LAYOUT — an editor drags a ZERO-INPUT <CertRevAnchor/> to position the
+ *     badge on the page;
+ *   • the SYSTEM controls TRUTH — the headless loader resolves THIS page's credential from its
+ *     own URL (Track-1 delivery), crypto-verifies it (fail-closed VerdictKernel), and supplies
+ *     the verdict via context.
+ * The anchor renders the current page's verified badge or NOTHING. It cannot be pointed at
+ * another article, and there is no `placementId` input to forge or mis-select.
+ *
+ * JSON-LD is DECOUPLED (panel finding): the anchor renders the BADGE only (`omitJsonLd`). The
+ * article template emits the schema.org JSON-LD server-side from the same verified verdict, so a
+ * page builder can't duplicate, move, or omit structured data. (See the route example.)
+ *
+ * EDGE-CACHE DISCIPLINE (panel finding): the consumer's loader MUST verify per request as a
+ * dynamic edge subrequest and must NOT long-cache the rendered badge HTML — a revoked/expired
+ * credential sitting in a stale edge cache would defeat fail-closed. Bound any positive-verdict
+ * cache by min(expiry, revocation-TTL, content-version).
+ *
+ * cert-block carries no Builder dependency: the registration shape is declared structurally, and
+ * `isEditing` is a passed-in flag (the consumer supplies Builder's `isPreviewing()`).
+ */
+import { createContext, type ReactNode, useContext } from 'react'
+import { CertReview } from '../components/CertReview.js'
+import type { CertVerdict } from '../contract/kernel.js'
+
+/** The current page's credential, resolved + verified by the loader (Track-1 delivery). */
+export interface CurrentCredential {
+	readonly verdict: CertVerdict
+	/** Canonical page URL for JSON-LD @id alignment (used by the server-side JSON-LD, not the anchor). */
+	readonly pageUrl?: string
+}
+
+interface CertRevContextValue {
+	readonly current: CurrentCredential | null
+	readonly isEditing: boolean
+}
+
+const CertRevContext = createContext<CertRevContextValue>({ current: null, isEditing: false })
+
+/**
+ * Supplies THIS page's loader-verified credential to the anchor. `current` is the verdict for
+ * the current page (or null if the page has no delivered credential). `isEditing` is the
+ * consumer's Builder `isPreviewing()` result — it ONLY toggles a design-time placeholder and
+ * NEVER affects the published render.
+ */
+export function CertRevProvider({
+	current,
+	isEditing = false,
+	children,
+}: {
+	readonly current: CurrentCredential | null
+	readonly isEditing?: boolean
+	readonly children: ReactNode
+}) {
+	return <CertRevContext.Provider value={{ current, isEditing }}>{children}</CertRevContext.Provider>
+}
+
+/**
+ * Design-time placeholder shown ONLY in the Builder editor when the current page has no live
+ * verified credential. Truthful (never a fake badge), emits NO JSON-LD, and never renders in
+ * production — so it cannot leak to or be crawled on the live site.
+ */
+export function CertRevEditorPlaceholder() {
+	return (
+		<div
+			data-certrev-editor-placeholder=""
+			style={{
+				border: '1px dashed #e6007e',
+				borderRadius: 8,
+				padding: '10px 14px',
+				font: '13px system-ui',
+				color: '#6b7280',
+				background: '#fff5fa',
+			}}
+		>
+			CertREV Review — <b>resolves at publish</b> from issuer verification. The expert badge appears here once this
+			page’s article is certified, and only while the credential is valid.
+		</div>
+	)
+}
+
+/**
+ * The Builder block. ZERO inputs — a layout anchor only. Renders the current page's VERIFIED
+ * badge (badge only; JSON-LD is emitted server-side), the editor placeholder in design mode, or
+ * NOTHING in production (fail-closed). The credential is whatever Track-1 delivered + verified for
+ * THIS page; the editor can neither choose nor forge it.
+ */
+export function CertRevAnchor() {
+	const { current, isEditing } = useContext(CertRevContext)
+	if (current && current.verdict.decision === 'render') {
+		return <CertReview verdict={current.verdict} pageUrl={current.pageUrl} omitJsonLd />
+	}
+	if (isEditing) return <CertRevEditorPlaceholder />
+	return null
+}
+
+/**
+ * Structural shape of `@builder.io/sdk-react`'s `RegisteredComponent` — the subset cert-block
+ * populates. Declared locally so cert-block needs no Builder build/runtime dependency; assignable
+ * to Builder's `RegisteredComponent` at the consumer's `<Content customComponents={[...]}>`.
+ */
+export interface CertRevBuilderRegistration {
+	component: typeof CertRevAnchor
+	name: string
+	inputs: never[]
+}
+
+/**
+ * The registration to pass to Builder's `<Content customComponents={[...]}>`. ZERO inputs by
+ * design — the editor places it (layout); the system resolves the credential from the page URL
+ * (truth). Matched by NAME at render, so Write-API content works without visual-editor setup.
+ */
+export const certRevAnchorComponent: CertRevBuilderRegistration = {
+	component: CertRevAnchor,
+	name: 'CertREV Review',
+	inputs: [],
+}