@doswiftly/storefront-operations 11.1.0 → 11.3.1

package/AGENTS.md

@@ -27,7 +27,7 @@ consumer's `codegen.ts` references this package's `.graphql` files as
 live in the consumer's repo.
 
 <!-- AUTOGEN:STATS:BEGIN — auto-regenerated, do not edit by hand -->
-- **Schema version**: 11.1.0
+- **Schema version**: 11.3.1
 - **Queries**: 48
 - **Mutations**: 40
 - **Fragments**: 100

package/CHANGELOG.md

@@ -1,5 +1,136 @@
 # Changelog
 
+## 11.3.1
+
+### Patch Changes
+
+- 9ca724e: Removes the `./schema` subpath export from `@doswiftly/storefront-sdk` — it was a duplicate of what `@doswiftly/storefront-operations` already publishes.
+
+  **Why:**
+
+  `@doswiftly/storefront-operations` is a linked package — it is always installed alongside `@doswiftly/storefront-sdk`. It exposes the GraphQL SDL as a raw `schema.graphql` file via the `./schema.graphql` subpath export, which is the format every codegen tool and IDE GraphQL plugin natively consumes. Bundling the same SDL again as an ESM string literal in `@doswiftly/storefront-sdk/schema` added ~128 KB to the npm tarball without giving consumers a meaningful capability that wasn't already there.
+
+  **Migration:**
+
+  Switch from:
+
+  ```ts
+  import { schema } from "@doswiftly/storefront-sdk/schema";
+  ```
+
+  to a direct path reference in your codegen config (or `graphql-config` for your IDE):
+
+  ```ts
+  // codegen.ts
+  const config = {
+    schema: "node_modules/@doswiftly/storefront-operations/schema.graphql",
+    // …
+  };
+  ```
+
+  The schema content is byte-for-byte identical — your codegen output does not change.
+
+  **Internal:**
+  - Removed `scripts/build-schema-export.cjs` and the matching `pnpm build` chain step.
+  - `pnpm build` is now plain `tsc` again.
+  - Removed the `dist/schema.js` + `dist/schema.d.ts` build artifacts and the `schema-export.test.ts` unit test.
+  - `pnpm run doctor` no longer checks for the schema bundle.
+
+  `@doswiftly/storefront-operations` is bumped in lockstep (no code change — required because the packages are linked and ship together).
+
+## 11.3.0
+
+### Minor Changes
+
+- 0a2dfd8: Phase 1 of the senior-level audit ships security hardening, dead-code cleanup, and a coverage gate.
+
+  **Security:**
+  - `createSetTokenHandler`, `createClearTokenHandler`, `createWhoamiHandler` now validate the `Origin` header against the `Host` header by parsed URL host (`new URL(origin).host === host`) instead of a substring `includes()` check. The previous implementation was bypassable by empty Host (`includes('')` is always true) and by Origin URLs that embedded the trusted host in their query string. Requests without both `Origin` and `Host` headers now respond with `403`.
+
+  **Removed:**
+  - `ServerClientOptions.getHeaders` (accepted by `getStorefrontClient()` but never wired through). Inject request-scoped headers via the `middleware` option — see updated JSDoc.
+
+  **Internal:**
+  - Inconsistent `setIsRenewingToken` setter in `useAuth` is renamed to `setIsRefreshingToken` to match the exposed `isRefreshingToken` flag.
+  - Removed an unused `callbackName` field in `TurnstileManager` and a pre-cookie-era `localStorage.removeItem('cart-storage')` call in `createCartStore`.
+
+  **Infrastructure:**
+  - `package.json` now declares `sideEffects: false` so consumer bundlers can tree-shake unused exports aggressively.
+  - Adds `test:coverage` script (`vitest run --coverage`) with a baseline threshold (60% statements / 50% branches / 55% functions / 60% lines). The floor will rise as later phases cover the React providers, auth/currency/language stores, and remaining hooks.
+  - Adds 102 new unit tests across `format`, `image`, `cookies`, `auth/handlers`, and additional `errorMiddleware`/`timeoutMiddleware`/`languageMiddleware` cases — including two regression tests for the origin-validation bypass vectors.
+
+  `@doswiftly/storefront-operations` is bumped in lockstep (no code change — required because the packages are linked and ship together).
+
+- 09c3744: Phase 2 of the SDK audit ships the developer-experience features external storefront builders have been writing by hand: pre-built React components, tagged-union mutation state, a bundled GraphQL schema export, and a focused-hook auth API.
+
+  **Pre-built React components** (from `@doswiftly/storefront-sdk/react`):
+
+  Six headless, accessibility-aware components — zero styling, framework-agnostic, no `next/image` dependency so they work in any React 18/19 environment.
+  - `<Money amount currency>` — locale-formatted price from minor units (wraps `formatPrice`).
+  - `<Image data sizes priority>` — `<img>` with thumbhash blur placeholder, lazy by default, `fetchpriority` hint.
+  - `<CartCount count label hideWhenEmpty>` — aria-live cart item count.
+  - `<AddToCartButton variantId quantity onSuccess onError>` — orchestrates `useCartManager.addItem` with loading state + sr-only error alert.
+  - `<PriceDisplay price compareAtPrice currency>` — current price + optional strikethrough sale price.
+  - `<CartTotals subtotal discount shipping tax total currency labels>` — `<dl>` breakdown that elides empty rows.
+
+  **Tagged-union status in `useCartManager`**:
+  - New `status` field on the hook return — `{ type: 'idle' | 'loading' | 'error' | 'success', operation? }` — enables exhaustive switching without juggling booleans.
+  - `isLoading` and `error` remain available as derived selectors (backward-compatible).
+  - `clearCart()` resets status to `idle`.
+
+  **Bundled GraphQL schema** (`@doswiftly/storefront-sdk/schema`):
+  - New export path ships the full GraphQL SDL (123 KB) as a string constant, regenerated from `@doswiftly/storefront-operations/schema.graphql` on each build.
+  - Wire GraphQL codegen / IDE plugins without a live backend — no extra `npm install`.
+
+  **`useAuth` split into focused hooks**:
+  - `useLogin({ onSetToken })` — login flow only, `{ login, isLoggingIn, error }`.
+  - `useLogout({ onClearToken })` — logout, always clears local store even on backend failure.
+  - `useRefreshToken({ onSetToken })` — token rotation, keeps existing customer.
+  - `useAuth(options)` is preserved as a thin facade composing the three (backward-compatible, no breaking change).
+
+  Prefer the focused hooks in new code — smaller bundles, isolated state, smaller dependency arrays.
+
+  **Docs**:
+  - README adds a 7-step Next.js 16 App Router setup, BFF route handler examples, components catalog, bundled schema usage.
+  - New `docs/storefront-developer/sdk/nextjs-setup.md` and `auth.md` with end-to-end recipes.
+
+  **Tests**: 476 → 494 unit tests (+18). New files: `components.test.tsx` (37 cases), `schema-export.test.ts` (5 cases), `use-auth.test.tsx` (13 cases). Build clean, 0-deps invariant preserved.
+
+  `@doswiftly/storefront-operations` is bumped in lockstep (no code change — required because the packages are linked and ship together).
+
+## 11.2.0
+
+### Minor Changes
+
+- 760f965: Added automatic stale-cart recovery to the core SDK so every consumer (React, Vue, mobile, CLI, SSR) gets the same protection against `CART_NOT_FOUND` / `ALREADY_COMPLETED` errors without re-implementing detection, cookie cleanup, and retry orchestration.
+
+  **What's new** (importable from `@doswiftly/storefront-sdk`):
+  - `isCartRecoverableError(err)` — type-safe predicate that inspects `err.userErrors[].code` (works across PL/EN/any backend locale, unlike message string matching).
+  - `CART_RECOVERABLE_ERROR_CODES` — readonly tuple of codes that warrant cart recreation; mirrored against the backend `CartErrorCode` enum by a drift test.
+  - `executeWithCartRecovery(opts)` — pure async orchestrator for any consumer.
+  - `createCartRecoveryRunner({ cartClient, cookieStore })` — DX-friendly factory that curries the dependencies, shares a Phase-0 concurrency mutex across operations, and exposes an `onExpired(listener)` subscription for global UI feedback.
+  - `CartCookieStore` — port interface (`get` / `set` / `clear`) the caller implements once per runtime. From `@doswiftly/storefront-sdk/react` we now also export `createBrowserCartCookieStore()` (SSR-safe).
+  - `CartRecoveryNotPossibleError` — thrown when an operation cannot be safely replayed (line-id / shipping-method references the dead cart). Carries `reason: 'state-dependent' | 'recreate-failed' | 'retry-also-failed'` for diagnostic UX.
+  - `recreateWithInput(input)` / `recreateWithLines(lines)` — sugar helpers for the most common atomic `cartCreate(payload)` recovery strategies.
+
+  **Per-operation taxonomy (decision is in the SDK, not in caller code):**
+
+  | Operation                                                                                    | Strategy                                                                                                                                         |
+  | -------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ |
+  | `addItems`, `updateBuyerIdentity`, `setShippingAddress`, `updateDiscountCodes`, `updateNote` | Auto-replay via a single atomic `cartCreate(input)` — recovery is invisible to the caller                                                        |
+  | `updateItems`, `removeItems`                                                                 | Bail with `CartRecoveryNotPossibleError` and emit a `cart-expired` event — replaying on a fresh empty cart would silently lose the user's intent |
+
+  **React updates:**
+  - `useCartManager` now uses the recovery runner internally. Detection is code-based (no more PL/EN regression — previous implementation matched `'cart not found'` in the error message, which never matched a Polish backend response). Recovery now covers all mutations exposed by the hook, not just `addItem`. New methods: `updateBuyerIdentity`, `setShippingAddress`. New API: `onExpired(listener)` returning an unsubscribe function.
+  - `createCartStore` now recovers `addToCart` automatically. New optional `CartActions.createCartWithLines(lines)` lets templates wire the atomic single-round-trip path; without it the store falls back to `createCart()` + `addLines()`. `updateQuantity` and `removeFromCart` bail with the `cart-expired` event when the cart is gone (previously the store kept its local id pointing at a dead cart). `CartStoreConfig.onExpired?(event)` lets the consumer subscribe.
+
+  **Migration:**
+  - No required code changes for existing React consumers — `useCartManager` and `createCartStore` keep their public surface.
+  - If you previously caught `StorefrontError` to detect stale carts via message string matching, switch to `isCartRecoverableError(err)` (code-based, locale-proof) or — preferably — subscribe to `runner.onExpired(...)` / `useCartManager().onExpired(...)` / `createCartStore({ onExpired })`.
+  - Non-React consumers should wrap their cart mutations in `createCartRecoveryRunner` and implement a `CartCookieStore` adapter for their environment (browser via `createBrowserCartCookieStore()`, server-side via `next/headers`, CLI via in-memory `Map`, mobile via AsyncStorage).
+
+  `@doswiftly/storefront-operations` is bumped in lockstep (no code change — required because the packages are linked and ship together).
+
 ## 11.1.0
 
 ### Minor Changes

package/llms-full.txt

@@ -1,6 +1,6 @@
 # DoSwiftly Storefront Operations — Full Reference
 
-> Schema version: **11.1.0**
+> Schema version: **11.3.1**
 > 48 queries · 40 mutations · 100 fragments
 
 Auto-generated from `.graphql` source files. Do not edit by hand — this file is

package/operations.json

@@ -1,5 +1,5 @@
 {
-  "schemaVersion": "11.1.0",
+  "schemaVersion": "11.3.1",
   "queries": [
     {
       "name": "Shop",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@doswiftly/storefront-operations",
-  "version": "11.1.0",
+  "version": "11.3.1",
   "description": "GraphQL operations for DoSwiftly Storefront - SSOT from backend",
   "homepage": "https://doswiftly.pl",
   "publishConfig": {