@cimplify/cli 0.7.11 → 0.7.14

package/dist/dispatcher.mjs

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
-import { TEMPLATES } from './chunk-DAE3YSKU.mjs';
-import { package_default } from './chunk-XB4MMPXC.mjs';
+import { TEMPLATES } from './chunk-V2MNBQ35.mjs';
+import { package_default } from './chunk-D2AUHLWS.mjs';
 
 // src/dispatcher.ts
 var VERSION = package_default.version ?? "unknown";
@@ -138,16 +138,16 @@ var COMMANDS = {
   logs: () => import('./logs-YNN2PQ24.mjs'),
   status: () => import('./status-JSYXM5RT.mjs'),
   dev: () => import('./dev-ONW2S77K.mjs'),
-  introspect: () => import('./introspect-2GJIQ6CP.mjs'),
+  introspect: () => import('./introspect-NJOPZP7H.mjs'),
   inspect: () => import('./inspect-CGYX4DDF.mjs'),
-  doctor: () => import('./doctor-A3YU5YOX.mjs'),
-  explain: () => import('./explain-WZQTCB3C.mjs'),
+  doctor: () => import('./doctor-J2Z4OLAV.mjs'),
+  explain: () => import('./explain-J2Z2L5M5.mjs'),
   assets: () => import('./assets-74SK63TR.mjs'),
   repo: () => import('./repo-KNQMSPVV.mjs'),
-  list: () => import('./list-F3LBI7HF.mjs'),
-  add: () => import('./add-3CEDUXNO.mjs'),
-  update: () => import('./update-PINBW3NG.mjs'),
-  upgrade: () => import('./update-PINBW3NG.mjs'),
+  list: () => import('./list-URTQL6PV.mjs'),
+  add: () => import('./add-Z5I2F43P.mjs'),
+  update: () => import('./update-IZFFRPX7.mjs'),
+  upgrade: () => import('./update-IZFFRPX7.mjs'),
   "auth-step-up": () => import('./auth-step-up-BIUYQJP6.mjs')
 };
 var COMMAND_PREFIXES = {

package/dist/{doctor-A3YU5YOX.mjs → doctor-J2Z4OLAV.mjs}

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
-import { gatherIntrospection } from './chunk-ZFCWAYK2.mjs';
+import { gatherIntrospection } from './chunk-27BN2J4V.mjs';
 import './chunk-K5464A3L.mjs';
 import './chunk-DBZ3UOQ2.mjs';
-import './chunk-XB4MMPXC.mjs';
+import './chunk-D2AUHLWS.mjs';
 import { parseArgs, flagBool } from './chunk-C4M3DXKC.mjs';
 import { ApiClient } from './chunk-MAOO6ZZ5.mjs';
 import { readAuthOrNull } from './chunk-UBAI443T.mjs';

package/dist/{explain-WZQTCB3C.mjs → explain-J2Z2L5M5.mjs}

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { package_default } from './chunk-XB4MMPXC.mjs';
+import { package_default } from './chunk-D2AUHLWS.mjs';
 import { parseArgs } from './chunk-C4M3DXKC.mjs';
 import { bold, dim, info, result, CliError, CLI_ERROR_CODE } from './chunk-E2T2SBP5.mjs';
 
@@ -10,7 +10,7 @@ var TOPICS = [
     "title": "Brand schema",
     "description": "Single source of truth for visible strings (lib/brand.ts)",
     "source_url": "https://cimplify.dev/docs/templates/brand",
-    "body": '## Field reference\n\n      \n        \n\n| Field | Required | Purpose |\n| --- | --- | --- |\n| `name` | yes | Full brand name; used in metadata, header, schema.org Organization |\n| `shortName` | yes | Compact form for tight spots (header, OG, app icons) |\n| `microTag` | yes | Tiny industry label shown beside the wordmark |\n| `description` | yes | Default OG / SEO description (\u2265 20 chars) |\n| `schemaType` | yes | schema.org Organization subtype (`Store`, `Bakery`, \u2026) |\n| `currency` | yes | ISO 4217 (e.g. `GHS`); used by every `formatPrice` |\n| `locale` | yes | BCP-47-ish, e.g. `en_GH` |\n| `contact` | yes | Address, email, phone, hours, country code |\n| `socials[]` | yes | Footer / contact chips with built-in icon keys |\n| `header.nav` | yes | Top nav links (label + href) |\n| `hero` | yes | Home hero: badge, title, subtitle, CTAs |\n| `trustItems?` | no | Hero trust strip (free shipping, warranty, \u2026) |\n| `brandStrip?` | no | "Authorised dealer for\u2026" strip |\n| `promo?` | no | Time-limited banner |\n| `terms` / `privacy` | yes | Standalone policy pages (eyebrow, sections, last updated) |\n| `shipping` / `returns` / `accessibility` | yes | Same shape as terms/privacy |\n| `newsletter` | yes | Footer signup copy |\n| `about` | yes | Eyebrow, title, paragraphs, sections |\n| `faq` | yes | Sectioned Q/A list |\n| `account` | yes | Login / signup / account eyebrows + titles (iframe owns the inputs) |\n| `contactPage` | yes | Eyebrow, title, body for `/contact` |\n| `trackOrder` | yes | Copy for the guest order lookup page |\n| `footer` | yes | Sitemap sections, blurb, optional "Powered by" |\n| `llms.summary` | yes | \u2265 20-char blurb that opens the `/llms.txt` index |\n| `mock.seed` | yes | Mock seed name (must match `SeedNameSchema`) |\n| `mock.businessId` | yes | Must start with `bus_` |\n\n      \n\n      \n\n## A complete example\n\n      \n        \n\n```ts title="lib/brand.ts (excerpt: the retail template)"\n\nexport const brand: Brand = {\n  name: "Currents Electronics",\n  shortName: "Currents",\n  microTag: "ELECTRONICS",\n  description:\n    "Authorised dealer for Apple, Samsung, Sony, Bose. Same-day Accra delivery, two-year warranty.",\n  schemaType: "Store",\n  currency: "GHS",\n  locale: "en_GH",\n\n  contact: {\n    email: "hello@currentselectronics.test",\n    phone: "+233 244 000 000",\n    phoneTel: "+233244000000",\n    streetAddress: "Atomic Junction, East Legon",\n    city: "Accra",\n    countryCode: "GH",\n    hours: "Mon\u2013Sat \xB7 9am\u20138pm",\n  },\n\n  socials: [\n    { label: "Instagram", href: "https://instagram.com/currentselectronics", icon: "instagram" },\n    { label: "WhatsApp",  href: "https://wa.me/233244000000",                icon: "whatsapp"  },\n  ],\n\n  header: { nav: [\n    { label: "Shop",   href: "/shop" },\n    { label: "Deals",  href: "/categories/deals" },\n    { label: "Support",href: "/faq" },\n  ]},\n\n  hero: {\n    badge: "LAPTOPS \xB7 PHONES \xB7 AUDIO",\n    title: "The tech you want, in stock today.",\n    subtitle: "Same-day delivery in Accra. Two-year warranty on every product.",\n    primaryCtaLabel: "Shop now",\n    secondaryCtaLabel: "See deals",\n    secondaryCtaHref: "/categories/deals",\n  },\n\n  // \u2026terms, privacy, shipping, returns, accessibility, about, faq, \u2026\n\n  newsletter: {\n    title: "New drops, real prices, in your inbox.",\n    body: "One email a week. No newsletter chaff.",\n    eyebrow: "The shortlist",\n  },\n  account: {\n    loginEyebrow: "Welcome back", loginTitle: "Sign in to Currents",\n    signupEyebrow: "Welcome",     signupTitle: "Create your Currents account",\n    accountEyebrow: "Your account", accountTitle: "Welcome back",\n  },\n  contactPage: { title: "Talk to a real human.", body: "We reply within a business day.", eyebrow: "Contact" },\n  trackOrder:  { title: "Where\'s my order?",     body: "Enter your order number and email.", eyebrow: "Track an order" },\n  footer:      { sitemap: [/* \u2026 */], poweredBy: { label: "Cimplify", href: "https://app.cimplify.io" } },\n  llms:        { summary: "Authorised dealer for Apple, Samsung, Sony, Bose. Two-year warranty." },\n\n  mock: { seed: "retail", businessId: "bus_currents_electronics" },\n};\n```\n\n      \n\n      \n\n## Validation: `assertBrand`\n\n      \n\nTemplates run `assertBrand(brand)` in their `brand.test.ts`. Failures list every offending field with its dot-path; drift between the template and the schema is impossible to ship by accident.\n\n      \n        \n\n```ts title="__tests__/brand.test.ts"\n\ncreateBrandSuite({ brand });\n```\n\n      \n\n      \n\n## Industry-specific extensions\n\n      \n\nNeed fields the base schema doesn\'t have (fashion\'s `lookbook`, services\' `bookingPolicy`)? Extend, don\'t fork. The base shape stays canonical and your custom fields type-check alongside it.\n\n      \n        \n\n```ts title="Extending BrandSchema"\n\nexport const FashionBrandSchema = BrandSchema.extend({\n  lookbook: z.object({\n    eyebrow: z.string(),\n    title: z.string().min(1),\n    drops: z.array(z.object({\n      slug: z.string(),\n      title: z.string(),\n      heroImage: z.string().url(),\n    })),\n  }),\n});\n\nexport type FashionBrand = z.infer<typeof FashionBrandSchema>;\n```\n\n      \n\n      \n\n## Next\n\n      \n        \n- [**Templates overview**](/docs/templates)\n  Six industry templates and what they ship\n\n        \n- [**Customizing**](/docs/templates/customizing)\n  Beyond brand: ejection and schema extensions\n'
+    "body": '## Field reference\n\n      \n        \n\n| Field | Required | Purpose |\n| --- | --- | --- |\n| `name` | yes | Full brand name; used in metadata, header, schema.org Organization |\n| `shortName` | yes | Compact form for tight spots (header, OG, app icons) |\n| `microTag` | yes | Tiny industry label shown beside the wordmark |\n| `description` | yes | Default OG / SEO description (\u2265 20 chars) |\n| `schemaType` | yes | schema.org Organization subtype (`Store`, `Bakery`, \u2026) |\n| `currency` | yes | ISO 4217 (e.g. `GHS`); used by every `formatPrice` |\n| `locale` | yes | BCP-47-ish, e.g. `en_GH` |\n| `contact` | yes | Address, email, phone, hours, country code |\n| `socials[]` | yes | Footer / contact chips with built-in icon keys |\n| `header.nav` | yes | Top nav links (label + href) |\n| `hero` | yes | Home hero: badge, title, subtitle, CTAs |\n| `trustItems?` | no | Hero trust strip (free shipping, warranty, \u2026) |\n| `brandStrip?` | no | "Authorised dealer for\u2026" strip |\n| `promo?` | no | Time-limited banner |\n| `terms` / `privacy` | yes | Standalone policy pages (eyebrow, sections, last updated) |\n| `shipping` / `returns` / `accessibility` | yes | Same shape as terms/privacy |\n| `newsletter` | yes | Footer signup copy |\n| `about` | yes | Eyebrow, title, paragraphs, sections |\n| `faq` | yes | Sectioned Q/A list |\n| `account` | yes | Login, signup, and account page copy for SDK-rendered account routes |\n| `contactPage` | yes | Eyebrow, title, body for `/contact` |\n| `trackOrder` | yes | Copy for the guest order lookup page |\n| `footer` | yes | Sitemap sections, blurb, optional "Powered by" |\n| `llms.summary` | yes | \u2265 20-char blurb that opens the `/llms.txt` index |\n| `mock.seed` | yes | Mock seed name (must match `SeedNameSchema`) |\n| `mock.businessId` | yes | Must start with `bus_` |\n\n      \n\n      \n\n## A complete example\n\n      \n        \n\n```ts title="lib/brand.ts (excerpt: the retail template)"\n\nexport const brand: Brand = {\n  name: "Currents Electronics",\n  shortName: "Currents",\n  microTag: "ELECTRONICS",\n  description:\n    "Authorised dealer for Apple, Samsung, Sony, Bose. Same-day Accra delivery, two-year warranty.",\n  schemaType: "Store",\n  currency: "GHS",\n  locale: "en_GH",\n\n  contact: {\n    email: "hello@currentselectronics.test",\n    phone: "+233 244 000 000",\n    phoneTel: "+233244000000",\n    streetAddress: "Atomic Junction, East Legon",\n    city: "Accra",\n    countryCode: "GH",\n    hours: "Mon\u2013Sat \xB7 9am\u20138pm",\n  },\n\n  socials: [\n    { label: "Instagram", href: "https://instagram.com/currentselectronics", icon: "instagram" },\n    { label: "WhatsApp",  href: "https://wa.me/233244000000",                icon: "whatsapp"  },\n  ],\n\n  header: { nav: [\n    { label: "Shop",   href: "/shop" },\n    { label: "Deals",  href: "/categories/deals" },\n    { label: "Support",href: "/faq" },\n  ]},\n\n  hero: {\n    badge: "LAPTOPS \xB7 PHONES \xB7 AUDIO",\n    title: "The tech you want, in stock today.",\n    subtitle: "Same-day delivery in Accra. Two-year warranty on every product.",\n    primaryCtaLabel: "Shop now",\n    secondaryCtaLabel: "See deals",\n    secondaryCtaHref: "/categories/deals",\n  },\n\n  // \u2026terms, privacy, shipping, returns, accessibility, about, faq, \u2026\n\n  newsletter: {\n    title: "New drops, real prices, in your inbox.",\n    body: "One email a week. No newsletter chaff.",\n    eyebrow: "The shortlist",\n  },\n  account: {\n    loginEyebrow: "Welcome back", loginTitle: "Sign in to Currents",\n    signupEyebrow: "Welcome",     signupTitle: "Create your Currents account",\n    accountEyebrow: "Your account", accountTitle: "Welcome back",\n  },\n  contactPage: { title: "Talk to a real human.", body: "We reply within a business day.", eyebrow: "Contact" },\n  trackOrder:  { title: "Where\'s my order?",     body: "Enter your order number and email.", eyebrow: "Track an order" },\n  footer:      { sitemap: [/* \u2026 */], poweredBy: { label: "Cimplify", href: "https://app.cimplify.io" } },\n  llms:        { summary: "Authorised dealer for Apple, Samsung, Sony, Bose. Two-year warranty." },\n\n  mock: { seed: "retail", businessId: "bus_currents_electronics" },\n};\n```\n\n      \n\n      \n\n## Validation: `assertBrand`\n\n      \n\nTemplates run `assertBrand(brand)` in their `brand.test.ts`. Failures list every offending field with its dot-path; drift between the template and the schema is impossible to ship by accident.\n\n      \n        \n\n```ts title="__tests__/brand.test.ts"\n\ncreateBrandSuite({ brand });\n```\n\n      \n\n      \n\n## Industry-specific extensions\n\n      \n\nNeed fields the base schema doesn\'t have (fashion\'s `lookbook`, services\' `bookingPolicy`)? Extend, don\'t fork. The base shape stays canonical and your custom fields type-check alongside it.\n\n      \n        \n\n```ts title="Extending BrandSchema"\n\nexport const FashionBrandSchema = BrandSchema.extend({\n  lookbook: z.object({\n    eyebrow: z.string(),\n    title: z.string().min(1),\n    drops: z.array(z.object({\n      slug: z.string(),\n      title: z.string(),\n      heroImage: z.string().url(),\n    })),\n  }),\n});\n\nexport type FashionBrand = z.infer<typeof FashionBrandSchema>;\n```\n\n      \n\n      \n\n## Next\n\n      \n        \n- [**Templates overview**](/docs/templates)\n  Six industry templates and what they ship\n\n        \n- [**Customizing**](/docs/templates/customizing)\n  Beyond brand: ejection and schema extensions\n'
   },
   {
     "name": "eject",

package/dist/{introspect-2GJIQ6CP.mjs → introspect-NJOPZP7H.mjs}

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
-export { run as default, extractMockSeed, gatherIntrospection, renderIntrospection } from './chunk-ZFCWAYK2.mjs';
+export { run as default, extractMockSeed, gatherIntrospection, renderIntrospection } from './chunk-27BN2J4V.mjs';
 import './chunk-K5464A3L.mjs';
 import './chunk-DBZ3UOQ2.mjs';
-import './chunk-XB4MMPXC.mjs';
+import './chunk-D2AUHLWS.mjs';
 import './chunk-C4M3DXKC.mjs';
 import './chunk-UBAI443T.mjs';
 import './chunk-E2T2SBP5.mjs';

package/dist/{list-F3LBI7HF.mjs → list-URTQL6PV.mjs}

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { REGISTRY_INDEX } from './chunk-DAE3YSKU.mjs';
+import { REGISTRY_INDEX } from './chunk-V2MNBQ35.mjs';
 import { parseArgs, flagBool } from './chunk-C4M3DXKC.mjs';
 import { CliError, CLI_ERROR_CODE, info, bold, dim, green, result } from './chunk-E2T2SBP5.mjs';
 

package/dist/{update-PINBW3NG.mjs → update-IZFFRPX7.mjs}

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { package_default } from './chunk-XB4MMPXC.mjs';
+import { package_default } from './chunk-D2AUHLWS.mjs';
 import { promptYesNo } from './chunk-ITAFAORS.mjs';
 import { parseArgs, flagBool, flagString } from './chunk-C4M3DXKC.mjs';
 import { success, bold, info, dim, result, failure, CliError, CLI_ERROR_CODE, step, isJsonMode } from './chunk-E2T2SBP5.mjs';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cimplify/cli",
-  "version": "0.7.11",
+  "version": "0.7.14",
   "description": "Cimplify CLI — deploy, manage env vars, link projects, and scaffold storefronts",
   "keywords": [
     "cimplify",
@@ -45,6 +45,6 @@
     "vitest": "^4.1.5"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.65.0"
+    "@cimplify/sdk": "^0.70.2"
   }
 }

package/templates/storefront-auto/middleware.ts

@@ -0,0 +1,39 @@
+import { NextResponse, type NextRequest } from "next/server";
+import { handleTokenRefresh, type OidcConfig } from "@cimplify/sdk/server";
+
+function oidcConfig(): OidcConfig | null {
+  const clientId =
+    process.env.CIMPLIFY_CLIENT_ID?.trim() ||
+    process.env.NEXT_PUBLIC_CIMPLIFY_CLIENT_ID?.trim() ||
+    "";
+  if (!clientId) return null;
+  return {
+    clientId,
+    issuer: process.env.CIMPLIFY_ISSUER?.trim() || undefined,
+    authUrl: process.env.CIMPLIFY_AUTH_URL?.trim() || undefined,
+  };
+}
+
+// Keeps the access token fresh before account pages render. Server Components
+// can't write cookies, so this is the one place the rotated token can be both
+// persisted (browser) and forwarded onto the current request (this render).
+export async function middleware(request: NextRequest) {
+  const cfg = oidcConfig();
+  if (!cfg) return NextResponse.next();
+
+  const { outcome, setCookies, cookies } = await handleTokenRefresh(request, cfg);
+  if (outcome === "noop") return NextResponse.next();
+
+  for (const { name, value } of cookies) {
+    request.cookies.set(name, value);
+  }
+  const response = NextResponse.next({ request });
+  for (const cookie of setCookies) {
+    response.headers.append("set-cookie", cookie);
+  }
+  return response;
+}
+
+export const config = {
+  matcher: ["/account/:path*"],
+};

package/templates/storefront-auto/package.json

@@ -17,7 +17,7 @@
     "check": "bun run typecheck && bun run test:run"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.65.0",
+    "@cimplify/sdk": "^0.70.2",
     "next": "^16.2.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"

package/templates/storefront-bakery/AGENTS.md

@@ -41,8 +41,8 @@ app/
   account/orders/page.tsx        <AccountOrdersPage /> (native)
   account/addresses/page.tsx     Native list + Server Actions for CRUD
   account/wallets/page.tsx       Native list + Server Actions for CRUD
-  login/page.tsx                 redirect → /account (iframe owns sign-in UI)
-  signup/page.tsx                redirect → /account (iframe owns sign-up UI)
+  login/page.tsx                 redirect → hosted OAuth, then /account
+  signup/page.tsx                redirect → hosted OAuth, then /account
 
   contact/page.tsx               Contact form (Server Action wiring TODO; currently fakes submit)
   track-order/page.tsx           Guest order lookup → /orders/[id]
@@ -78,7 +78,7 @@ app/
 | `app/accessibility/page.tsx` | `brand.accessibility` |
 | `app/contact/page.tsx` | `brand.contactPage`, `brand.contact` |
 | `app/track-order/page.tsx` | `brand.trackOrder` |
-| `app/account/*/page.tsx` | `brand.account` (eyebrows + titles only — Cimplify Link iframe owns the UI) |
+| `app/account/*/page.tsx` | `brand.account` (SDK account pages render the UI) |
 | `app/login/page.tsx`, `app/signup/page.tsx` | `brand.account` (metadata only — both redirect to `/account`) |
 | `app/llms.txt/route.ts` | `brand.llms`, contact, currency |
 | `app/opensearch.xml/route.ts` | `brand.shortName`, `brand.name` |

package/templates/storefront-bakery/middleware.ts

@@ -0,0 +1,39 @@
+import { NextResponse, type NextRequest } from "next/server";
+import { handleTokenRefresh, type OidcConfig } from "@cimplify/sdk/server";
+
+function oidcConfig(): OidcConfig | null {
+  const clientId =
+    process.env.CIMPLIFY_CLIENT_ID?.trim() ||
+    process.env.NEXT_PUBLIC_CIMPLIFY_CLIENT_ID?.trim() ||
+    "";
+  if (!clientId) return null;
+  return {
+    clientId,
+    issuer: process.env.CIMPLIFY_ISSUER?.trim() || undefined,
+    authUrl: process.env.CIMPLIFY_AUTH_URL?.trim() || undefined,
+  };
+}
+
+// Keeps the access token fresh before account pages render. Server Components
+// can't write cookies, so this is the one place the rotated token can be both
+// persisted (browser) and forwarded onto the current request (this render).
+export async function middleware(request: NextRequest) {
+  const cfg = oidcConfig();
+  if (!cfg) return NextResponse.next();
+
+  const { outcome, setCookies, cookies } = await handleTokenRefresh(request, cfg);
+  if (outcome === "noop") return NextResponse.next();
+
+  for (const { name, value } of cookies) {
+    request.cookies.set(name, value);
+  }
+  const response = NextResponse.next({ request });
+  for (const cookie of setCookies) {
+    response.headers.append("set-cookie", cookie);
+  }
+  return response;
+}
+
+export const config = {
+  matcher: ["/account/:path*"],
+};

package/templates/storefront-bakery/package.json

@@ -17,7 +17,7 @@
     "check": "bun run typecheck && bun run test:run"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.65.0",
+    "@cimplify/sdk": "^0.70.2",
     "next": "^16.2.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"

package/templates/storefront-fashion/AGENTS.md

@@ -70,7 +70,7 @@ app/
 | `app/terms/page.tsx`, `app/privacy/page.tsx` | `brand.terms`, `brand.privacy` |
 | `app/contact/page.tsx` | `brand.contactPage`, `brand.contact` |
 | `app/track-order/page.tsx` | `brand.trackOrder` |
-| `app/account/*/page.tsx` | `brand.account` (iframe owns UI) |
+| `app/account/*/page.tsx` | `brand.account` (SDK account pages render the UI) |
 | `app/products/[slug]/page.tsx` | `brand.name`, `brand.currency` (Product JSON-LD) |
 | `app/size-guide/page.tsx` | currently has its size charts inlined — hoist to `brand.sizeGuide` if you want agents to edit them |
 | `app/lookbook/page.tsx` | currently has the lookbook entries inlined (image URLs + drop names) — hoist to `brand.lookbook` for agent editing |

package/templates/storefront-fashion/middleware.ts

@@ -0,0 +1,39 @@
+import { NextResponse, type NextRequest } from "next/server";
+import { handleTokenRefresh, type OidcConfig } from "@cimplify/sdk/server";
+
+function oidcConfig(): OidcConfig | null {
+  const clientId =
+    process.env.CIMPLIFY_CLIENT_ID?.trim() ||
+    process.env.NEXT_PUBLIC_CIMPLIFY_CLIENT_ID?.trim() ||
+    "";
+  if (!clientId) return null;
+  return {
+    clientId,
+    issuer: process.env.CIMPLIFY_ISSUER?.trim() || undefined,
+    authUrl: process.env.CIMPLIFY_AUTH_URL?.trim() || undefined,
+  };
+}
+
+// Keeps the access token fresh before account pages render. Server Components
+// can't write cookies, so this is the one place the rotated token can be both
+// persisted (browser) and forwarded onto the current request (this render).
+export async function middleware(request: NextRequest) {
+  const cfg = oidcConfig();
+  if (!cfg) return NextResponse.next();
+
+  const { outcome, setCookies, cookies } = await handleTokenRefresh(request, cfg);
+  if (outcome === "noop") return NextResponse.next();
+
+  for (const { name, value } of cookies) {
+    request.cookies.set(name, value);
+  }
+  const response = NextResponse.next({ request });
+  for (const cookie of setCookies) {
+    response.headers.append("set-cookie", cookie);
+  }
+  return response;
+}
+
+export const config = {
+  matcher: ["/account/:path*"],
+};

package/templates/storefront-fashion/package.json

@@ -19,7 +19,7 @@
     "check": "bun run typecheck && bun run test:run"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.65.0",
+    "@cimplify/sdk": "^0.70.2",
     "next": "^16.2.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"

package/templates/storefront-grocery/AGENTS.md

@@ -58,7 +58,7 @@ app/
 | `app/terms/page.tsx`, `app/privacy/page.tsx` | `brand.terms`, `brand.privacy` |
 | `app/contact/page.tsx` | `brand.contactPage`, `brand.contact` |
 | `app/track-order/page.tsx` | `brand.trackOrder` |
-| `app/account/*/page.tsx` | `brand.account` (iframe owns UI) |
+| `app/account/*/page.tsx` | `brand.account` (SDK account pages render the UI) |
 | `app/llms.txt/route.ts` | `brand.llms`, contact, currency |
 | `components/header.tsx`, `footer.tsx` | `brand.header`, `brand.footer`, `brand.contact`, `brand.socials` |
 

package/templates/storefront-grocery/middleware.ts

@@ -0,0 +1,39 @@
+import { NextResponse, type NextRequest } from "next/server";
+import { handleTokenRefresh, type OidcConfig } from "@cimplify/sdk/server";
+
+function oidcConfig(): OidcConfig | null {
+  const clientId =
+    process.env.CIMPLIFY_CLIENT_ID?.trim() ||
+    process.env.NEXT_PUBLIC_CIMPLIFY_CLIENT_ID?.trim() ||
+    "";
+  if (!clientId) return null;
+  return {
+    clientId,
+    issuer: process.env.CIMPLIFY_ISSUER?.trim() || undefined,
+    authUrl: process.env.CIMPLIFY_AUTH_URL?.trim() || undefined,
+  };
+}
+
+// Keeps the access token fresh before account pages render. Server Components
+// can't write cookies, so this is the one place the rotated token can be both
+// persisted (browser) and forwarded onto the current request (this render).
+export async function middleware(request: NextRequest) {
+  const cfg = oidcConfig();
+  if (!cfg) return NextResponse.next();
+
+  const { outcome, setCookies, cookies } = await handleTokenRefresh(request, cfg);
+  if (outcome === "noop") return NextResponse.next();
+
+  for (const { name, value } of cookies) {
+    request.cookies.set(name, value);
+  }
+  const response = NextResponse.next({ request });
+  for (const cookie of setCookies) {
+    response.headers.append("set-cookie", cookie);
+  }
+  return response;
+}
+
+export const config = {
+  matcher: ["/account/:path*"],
+};

package/templates/storefront-grocery/package.json

@@ -17,7 +17,7 @@
     "check": "bun run typecheck && bun run test:run"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.65.0",
+    "@cimplify/sdk": "^0.70.2",
     "next": "^16.2.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"

package/templates/storefront-pharmacy/AGENTS.md

@@ -68,7 +68,7 @@ app/
 | `app/accessibility/page.tsx` | `brand.accessibility` |
 | `app/contact/page.tsx` | `brand.contactPage`, `brand.contact` |
 | `app/track-order/page.tsx` | `brand.trackOrder` |
-| `app/account/*/page.tsx` | `brand.account` (Cimplify Link iframe owns the UI) |
+| `app/account/*/page.tsx` | `brand.account` (SDK account pages render the UI) |
 | `app/products/[slug]/page.tsx` | `brand.name`, `brand.currency` (Product JSON-LD: brand, offer, availability) |
 | `app/llms.txt/route.ts` | `brand.llms`, contact, currency |
 | `app/opensearch.xml/route.ts` | `brand.shortName`, `brand.name` |

package/templates/storefront-pharmacy/middleware.ts

@@ -0,0 +1,39 @@
+import { NextResponse, type NextRequest } from "next/server";
+import { handleTokenRefresh, type OidcConfig } from "@cimplify/sdk/server";
+
+function oidcConfig(): OidcConfig | null {
+  const clientId =
+    process.env.CIMPLIFY_CLIENT_ID?.trim() ||
+    process.env.NEXT_PUBLIC_CIMPLIFY_CLIENT_ID?.trim() ||
+    "";
+  if (!clientId) return null;
+  return {
+    clientId,
+    issuer: process.env.CIMPLIFY_ISSUER?.trim() || undefined,
+    authUrl: process.env.CIMPLIFY_AUTH_URL?.trim() || undefined,
+  };
+}
+
+// Keeps the access token fresh before account pages render. Server Components
+// can't write cookies, so this is the one place the rotated token can be both
+// persisted (browser) and forwarded onto the current request (this render).
+export async function middleware(request: NextRequest) {
+  const cfg = oidcConfig();
+  if (!cfg) return NextResponse.next();
+
+  const { outcome, setCookies, cookies } = await handleTokenRefresh(request, cfg);
+  if (outcome === "noop") return NextResponse.next();
+
+  for (const { name, value } of cookies) {
+    request.cookies.set(name, value);
+  }
+  const response = NextResponse.next({ request });
+  for (const cookie of setCookies) {
+    response.headers.append("set-cookie", cookie);
+  }
+  return response;
+}
+
+export const config = {
+  matcher: ["/account/:path*"],
+};

package/templates/storefront-pharmacy/package.json

@@ -17,7 +17,7 @@
     "check": "bun run typecheck && bun run test:run"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.65.0",
+    "@cimplify/sdk": "^0.70.2",
     "next": "^16.2.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"

package/templates/storefront-restaurant/AGENTS.md

@@ -61,7 +61,7 @@ app/
 | `app/terms/page.tsx`, `app/privacy/page.tsx` | `brand.terms`, `brand.privacy` |
 | `app/contact/page.tsx` | `brand.contactPage`, `brand.contact` |
 | `app/track-order/page.tsx` | `brand.trackOrder` |
-| `app/account/*/page.tsx` | `brand.account` (iframe owns the UI) |
+| `app/account/*/page.tsx` | `brand.account` (SDK account pages render the UI) |
 | `app/reservations/*` | derives seating from service-type products in the catalogue |
 | `app/llms.txt/route.ts` | `brand.llms`, contact, currency |
 | `components/header.tsx`, `footer.tsx` | `brand.header`, `brand.footer`, `brand.contact`, `brand.socials` |

package/templates/storefront-restaurant/middleware.ts

@@ -0,0 +1,39 @@
+import { NextResponse, type NextRequest } from "next/server";
+import { handleTokenRefresh, type OidcConfig } from "@cimplify/sdk/server";
+
+function oidcConfig(): OidcConfig | null {
+  const clientId =
+    process.env.CIMPLIFY_CLIENT_ID?.trim() ||
+    process.env.NEXT_PUBLIC_CIMPLIFY_CLIENT_ID?.trim() ||
+    "";
+  if (!clientId) return null;
+  return {
+    clientId,
+    issuer: process.env.CIMPLIFY_ISSUER?.trim() || undefined,
+    authUrl: process.env.CIMPLIFY_AUTH_URL?.trim() || undefined,
+  };
+}
+
+// Keeps the access token fresh before account pages render. Server Components
+// can't write cookies, so this is the one place the rotated token can be both
+// persisted (browser) and forwarded onto the current request (this render).
+export async function middleware(request: NextRequest) {
+  const cfg = oidcConfig();
+  if (!cfg) return NextResponse.next();
+
+  const { outcome, setCookies, cookies } = await handleTokenRefresh(request, cfg);
+  if (outcome === "noop") return NextResponse.next();
+
+  for (const { name, value } of cookies) {
+    request.cookies.set(name, value);
+  }
+  const response = NextResponse.next({ request });
+  for (const cookie of setCookies) {
+    response.headers.append("set-cookie", cookie);
+  }
+  return response;
+}
+
+export const config = {
+  matcher: ["/account/:path*"],
+};

package/templates/storefront-restaurant/package.json

@@ -17,7 +17,7 @@
     "check": "bun run typecheck && bun run test:run"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.65.0",
+    "@cimplify/sdk": "^0.70.2",
     "next": "^16.2.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"

package/templates/storefront-retail/AGENTS.md

@@ -67,7 +67,7 @@ app/
 | `app/accessibility/page.tsx` | `brand.accessibility` |
 | `app/contact/page.tsx` | `brand.contactPage`, `brand.contact` |
 | `app/track-order/page.tsx` | `brand.trackOrder` |
-| `app/account/*/page.tsx` | `brand.account` (Cimplify Link iframe owns the UI) |
+| `app/account/*/page.tsx` | `brand.account` (SDK account pages render the UI) |
 | `app/products/[slug]/page.tsx` | `brand.name`, `brand.currency` (Product JSON-LD: brand, offer, availability) |
 | `app/llms.txt/route.ts` | `brand.llms`, contact, currency |
 | `app/opensearch.xml/route.ts` | `brand.shortName`, `brand.name` |

package/templates/storefront-retail/middleware.ts

@@ -0,0 +1,39 @@
+import { NextResponse, type NextRequest } from "next/server";
+import { handleTokenRefresh, type OidcConfig } from "@cimplify/sdk/server";
+
+function oidcConfig(): OidcConfig | null {
+  const clientId =
+    process.env.CIMPLIFY_CLIENT_ID?.trim() ||
+    process.env.NEXT_PUBLIC_CIMPLIFY_CLIENT_ID?.trim() ||
+    "";
+  if (!clientId) return null;
+  return {
+    clientId,
+    issuer: process.env.CIMPLIFY_ISSUER?.trim() || undefined,
+    authUrl: process.env.CIMPLIFY_AUTH_URL?.trim() || undefined,
+  };
+}
+
+// Keeps the access token fresh before account pages render. Server Components
+// can't write cookies, so this is the one place the rotated token can be both
+// persisted (browser) and forwarded onto the current request (this render).
+export async function middleware(request: NextRequest) {
+  const cfg = oidcConfig();
+  if (!cfg) return NextResponse.next();
+
+  const { outcome, setCookies, cookies } = await handleTokenRefresh(request, cfg);
+  if (outcome === "noop") return NextResponse.next();
+
+  for (const { name, value } of cookies) {
+    request.cookies.set(name, value);
+  }
+  const response = NextResponse.next({ request });
+  for (const cookie of setCookies) {
+    response.headers.append("set-cookie", cookie);
+  }
+  return response;
+}
+
+export const config = {
+  matcher: ["/account/:path*"],
+};

package/templates/storefront-retail/package.json

@@ -17,7 +17,7 @@
     "check": "bun run typecheck && bun run test:run"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.65.0",
+    "@cimplify/sdk": "^0.70.2",
     "next": "^16.2.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"

package/templates/storefront-services/AGENTS.md

@@ -62,7 +62,7 @@ app/
 | `app/terms/page.tsx`, `app/privacy/page.tsx` | `brand.terms`, `brand.privacy` |
 | `app/contact/page.tsx` | `brand.contactPage`, `brand.contact` |
 | `app/track-order/page.tsx` | `brand.trackOrder` ("find a booking") |
-| `app/account/*/page.tsx` | `brand.account` (iframe owns UI) |
+| `app/account/*/page.tsx` | `brand.account` (SDK account pages render the UI) |
 | `app/book/*` | derives bookable services from product list (`type: "service"`) |
 | `app/llms.txt/route.ts` | `brand.llms`, contact, currency |
 | `components/header.tsx`, `footer.tsx` | `brand.header`, `brand.footer`, `brand.contact`, `brand.socials` |

package/templates/storefront-services/middleware.ts

@@ -0,0 +1,39 @@
+import { NextResponse, type NextRequest } from "next/server";
+import { handleTokenRefresh, type OidcConfig } from "@cimplify/sdk/server";
+
+function oidcConfig(): OidcConfig | null {
+  const clientId =
+    process.env.CIMPLIFY_CLIENT_ID?.trim() ||
+    process.env.NEXT_PUBLIC_CIMPLIFY_CLIENT_ID?.trim() ||
+    "";
+  if (!clientId) return null;
+  return {
+    clientId,
+    issuer: process.env.CIMPLIFY_ISSUER?.trim() || undefined,
+    authUrl: process.env.CIMPLIFY_AUTH_URL?.trim() || undefined,
+  };
+}
+
+// Keeps the access token fresh before account pages render. Server Components
+// can't write cookies, so this is the one place the rotated token can be both
+// persisted (browser) and forwarded onto the current request (this render).
+export async function middleware(request: NextRequest) {
+  const cfg = oidcConfig();
+  if (!cfg) return NextResponse.next();
+
+  const { outcome, setCookies, cookies } = await handleTokenRefresh(request, cfg);
+  if (outcome === "noop") return NextResponse.next();
+
+  for (const { name, value } of cookies) {
+    request.cookies.set(name, value);
+  }
+  const response = NextResponse.next({ request });
+  for (const cookie of setCookies) {
+    response.headers.append("set-cookie", cookie);
+  }
+  return response;
+}
+
+export const config = {
+  matcher: ["/account/:path*"],
+};

package/templates/storefront-services/package.json

@@ -17,7 +17,7 @@
     "check": "bun run typecheck && bun run test:run"
   },
   "dependencies": {
-    "@cimplify/sdk": "^0.65.0",
+    "@cimplify/sdk": "^0.70.2",
     "next": "^16.2.6",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"