@doswiftly/storefront-sdk 19.0.0 → 19.2.0

package/CHANGELOG.md

@@ -1,5 +1,143 @@
 # Changelog
 
+## 19.2.0
+
+### Minor Changes
+
+- b60dcaf: Discount codes now report real per-code applicability and reasons on the cart and order.
+
+  **Why**: a recognised discount code previously always showed `isApplicable: true` even when it
+  reduced nothing — minimum-order not met, code expired, or no cart items within the code's product
+  scope — and `discountAllocations` only ever reflected the first code. The contract now tells the
+  truth per code, so a storefront can show the buyer exactly which codes apply and why the others do
+  not, and the order carries the same breakdown the buyer saw in the cart.
+
+  **Additive (backward-compatible)**:
+  1. `Cart.discountCodes[].isApplicable` is computed per code — `true` only when the code reduces the
+     price or grants free shipping — instead of being hard-coded to `true`.
+  2. `Cart.discountAllocations` contains one entry per applicable code, not just the first.
+  3. `cartDiscountCodesUpdate` returns a `warning` per non-applicable code
+     (`CartWarningCode.DISCOUNT_CODE_NOT_APPLICABLE`) whose localized message explains the reason. The
+     code stays on the cart, so adding a qualifying product can still activate it.
+  4. New `DiscountErrorCode.NOT_APPLICABLE_TO_CART` — the code is valid but no cart items fall within
+     its product/collection/category scope.
+  5. New `Order.discountAllocations` — the per-code breakdown frozen onto the order at checkout
+     (parity with `Cart.discountAllocations`), so a confirmation page renders the same rows.
+  6. `cartValidateDiscountCode` (the read-only preview) now mirrors the apply result: a code that is
+     recognised but out of scope for the cart returns `isValid: false` with
+     `error.code: NOT_APPLICABLE_TO_CART`. Inline "is this code valid?" feedback no longer reports a code
+     as valid when applying it would reduce nothing — preview and apply always agree.
+
+  **Usage example**:
+
+  ```ts
+  const { cart, warnings } = await cartDiscountCodesUpdate({
+    id,
+    discountCodes: ["SUMMER20"],
+  });
+
+  for (const entry of cart.discountCodes) {
+    if (!entry.isApplicable) {
+      // The code is recognised but not reducing the price — explain why.
+      const reason = warnings.find((w) => w.target === entry.code)?.message;
+      showInlineHint(entry.code, reason);
+    }
+  }
+  ```
+
+  **Migration checklist for existing storefronts**:
+  - [ ] If you render a discount chip, branch on `discountCodes[].isApplicable` instead of assuming the code applied.
+  - [ ] Surface `cartDiscountCodesUpdate.warnings` (code `DISCOUNT_CODE_NOT_APPLICABLE`) next to the chip to tell the buyer why a code is inactive.
+  - [ ] Sum `discountAllocations[].amount` to display a per-code discount breakdown; it equals the cart/order discount total.
+  - [ ] Optionally read `Order.discountAllocations` on the confirmation page for the same breakdown after checkout.
+  - [ ] If you preview codes with `cartValidateDiscountCode`, handle `isValid: false` + `NOT_APPLICABLE_TO_CART` — don't show "valid" for a scope-mismatch code (the preview now matches what apply returns).
+
+- d7b0185: Add `pickupConfig` to `AvailableShippingMethod` — render carrier pickup-point pickers at checkout
+
+  Shipping methods that deliver to a pickup point (`deliveryType` `LOCKER` or `PICKUP_POINT`) now expose a `pickupConfig` object with everything the storefront needs to let the buyer choose a collection point:
+  - `selectionMode: WIDGET` — render the carrier map widget. `widgetToken` (a public, domain-scoped browser token, e.g. the InPost Geowidget token — never a carrier API secret) and `scriptUrl` (the widget script to load) are provided.
+  - `selectionMode: SEARCH` — no browser widget; look points up server-side and render your own list. `widgetToken` and `scriptUrl` are `null` for this mode.
+
+  `pickupConfig` is `null` for `HOME` (street-address) delivery and when the merchant has not yet configured the carrier's public widget token — do not render a map in that case. The `AvailableShippingMethod` fragment now includes `pickupConfig`, so queries that spread it pick the new field up automatically once you regenerate your types.
+
+  Flow: render the picker from `pickupConfig`, then send the chosen point with `cartSetShippingAddress({ pickupPoint })` before `cartSelectShippingMethod` — the latter rejects a pickup method selected without a point (`PICKUP_POINT_REQUIRED`).
+
+- 88cd617: Expose pickup-point configuration on shipping methods, so a storefront can render the carrier point picker directly from the cart's available shipping methods.
+
+  `availableShippingMethods` now returns a `pickupConfig` for methods whose `deliveryType` is `PICKUP_POINT` or `LOCKER`:
+  - `provider` — carrier code the config belongs to (e.g. `"inpost"`).
+  - `selectionMode` — `WIDGET` (render the carrier map) or `SEARCH` (query points server-side and render your own list).
+  - `widgetToken` — public, domain-scoped widget token (e.g. the InPost Geowidget token) used to initialise the map. **Never** a carrier API secret. Null in `SEARCH` mode and when the merchant has not configured the public token.
+  - `scriptUrl` — CDN URL of the carrier widget script to load before rendering the map. Null in `SEARCH` mode.
+
+  `pickupConfig` is `null` for `HOME` delivery methods.
+
+  **Additive (backward-compatible)** — existing code that does not read `pickupConfig` keeps working unchanged.
+
+## 19.1.0
+
+### Minor Changes
+
+- 868894e: Add remote debug shipping for both GraphQL **and** cookie-lifecycle events, so you can trace a real shopper session end-to-end instead of reproducing it with DevTools open.
+
+  **Why**: the most useful checkout signal is often "when was the `cart-id` / currency / language cookie set or cleared?" (e.g. `cart-id` cleared by `complete()`), but debug output previously covered only GraphQL request/response. Now both flow through one channel keyed by a single `sessionId`, so one filter in your logs gives the full interleaved timeline.
+
+  **Additive (backward-compatible)** — everything is opt-in and off by default:
+  1. `DebugOptions.remote?: boolean | RemoteDebugOptions | RemoteDebugSink` — ship debug events to a backend ingest endpoint. Pass a pre-built transport (a `RemoteDebugSink`) to share **one** channel/`sessionId` across the client and the cookie stores.
+  2. New `createRemoteDebugTransport(...)` factory (+ `RemoteDebugTransport` / `RemoteDebugSink` / `RemoteDebugOptions` types).
+  3. Cookie stores emit a new `DebugEvent` with `phase: 'cookie'` (`{ name, action: 'set' | 'clear', value?, maxAge? }`) when wired with a sink:
+     - `createBrowserCartCookieStore({ onDebug })` — `cart-id` (when you own the cookie store).
+     - `useCartManager({ cookieDebug })` / `<CartManagerProvider cookieDebug={...}>` — `cart-id` when the cart manager owns the cookie store.
+     - `createCurrencyStore({ onDebug })` / `createLanguageStore(initial, { onDebug })` — currency / language.
+     - `<StorefrontProvider cookieDebug={...}>` forwards the sink to the currency + language stores.
+  4. `DebugOptions`, `DebugEvent`, `RemoteDebugOptions`, `RemoteDebugSink` are exported for typing.
+
+  **Usage example** (one shared channel across GraphQL + cookies):
+
+  ```ts
+  import {
+    createStorefrontClient,
+    createRemoteDebugTransport,
+    createBrowserCartCookieStore,
+  } from "@doswiftly/storefront-sdk";
+
+  const debugOn = process.env.NEXT_PUBLIC_SDK_DEBUG_REMOTE === "true";
+  const transport = debugOn
+    ? createRemoteDebugTransport({
+        endpoint: `${apiUrl}/storefront/debug-logs`,
+        shopSlug,
+        fetch: globalThis.fetch,
+      })
+    : null;
+
+  const client = createStorefrontClient({
+    apiUrl,
+    shopSlug,
+    debug: transport
+      ? { userErrors: true, response: true, timing: true, remote: transport }
+      : false,
+  });
+
+  // cart-id set/clear on the same channel:
+  const cartCookieStore = createBrowserCartCookieStore(
+    transport ? { onDebug: (e) => transport.capture(e) } : undefined,
+  );
+
+  // currency + language via the provider:
+  // <StorefrontProvider cookieDebug={transport ? (e) => transport.capture(e) : undefined} … />
+  ```
+
+  Behaviour:
+  - **Batched** (default 10 events / 5s); `keepalive` is used on page-hide/unload flushes so trailing events survive a navigation or payment-gateway redirect.
+  - **Fire-and-forget**: a failed send is swallowed — telemetry can never break the request that produced it.
+  - Cookies are **not** sent (`credentials: 'omit'`); the shop is identified by the `X-Shop-Slug` header.
+  - **Redaction**: the SDK masks `Authorization` / `customerAccessToken` in _headers_. It does **not** redact request `variables` or response bodies — the backend ingest endpoint masks emails + credential-named fields. Enable `response` / `headers` only for operations whose payload you're comfortable sending to your backend.
+  - Default endpoint is `${apiUrl}/storefront/debug-logs`; override via `RemoteDebugOptions.endpoint`.
+
+  **Migration checklist for existing storefronts**:
+  - [ ] No action required — all of the above is opt-in and defaults to off.
+  - [ ] To adopt: build one transport (gated behind an env flag), pass it to `createStorefrontClient`, the cart cookie store, and `<StorefrontProvider cookieDebug>`, then confirm requests to `/storefront/debug-logs`.
+
 ## 19.0.0
 
 ### Major Changes

package/dist/core/client/create-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"create-client.d.ts","sourceRoot":"","sources":["../../../src/core/client/create-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,sBAAsB,EACtB,gBAAgB,EAKjB,MAAM,SAAS,CAAC;AAOjB,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,sBAAsB,GAAG,gBAAgB,CA0GvF"}
+{"version":3,"file":"create-client.d.ts","sourceRoot":"","sources":["../../../src/core/client/create-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACV,sBAAsB,EACtB,gBAAgB,EAKjB,MAAM,SAAS,CAAC;AAQjB,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,sBAAsB,GAAG,gBAAgB,CAgHvF"}

package/dist/core/client/create-client.js

@@ -11,6 +11,7 @@
  * 0 runtime dependencies.
  */
 import { createExecute, resolveDebugOptions } from './execute';
+import { maybeAttachRemoteTransport } from './remote-debug-transport';
 import { compose } from './compose';
 import { dedupe } from './dedupe';
 import { hashQuery } from './hash';
@@ -24,7 +25,13 @@ export function createStorefrontClient(config) {
     // Normalise the public `boolean | 'verbose' | DebugOptions` union into the
     // canonical ResolvedDebugOptions shape (or null = no logging). Env var
     // fallback (`DOSWIFTLY_SDK_DEBUG`) applies only when `debug` is undefined.
-    const resolvedDebug = resolveDebugOptions(debug);
+    // When `debug.remote` is set, the resolved sink is wrapped so every event is
+    // also shipped to the backend ingest endpoint (default `${apiUrl}/storefront/debug-logs`).
+    const resolvedDebug = maybeAttachRemoteTransport(resolveDebugOptions(debug), debug, {
+        apiUrl,
+        shopSlug,
+        fetch: customFetch,
+    });
     // Create the innermost execute function (native fetch)
     const innerExecute = createExecute({ endpoint, fetch: customFetch, debug: resolvedDebug });
     /**

package/dist/core/client/remote-debug-transport.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Remote debug transport — batches debug events and ships them to a backend ingest
+ * endpoint over `fetch`. 0 runtime dependencies (only `fetch`, `Date`, `globalThis.crypto`).
+ *
+ * Fire-and-forget by contract: a failed flush is swallowed so telemetry can never break the
+ * storefront request that produced the event. The buffer flushes when it reaches `batchSize`,
+ * after `flushIntervalMs`, or when the page is hidden / unloading (browser only) — the last one
+ * matters for redirect-heavy flows (e.g. payment gateway hand-off) where trailing events would
+ * otherwise be lost. `fetch(..., { keepalive: true })` lets that final send complete during unload.
+ *
+ * Credentials are never sent (`credentials: 'omit'`) — this is telemetry, not an authenticated
+ * call. The shop is identified by the `X-Shop-Slug` header; the backend validates it.
+ */
+import type { DebugEvent, DebugOptions } from './types';
+import type { ResolvedDebugOptions } from './execute';
+export interface RemoteDebugTransportConfig {
+    /** Fully-resolved ingest endpoint URL. */
+    endpoint: string;
+    /** Shop slug sent as `X-Shop-Slug` so the backend can resolve the tenant. */
+    shopSlug: string;
+    /** Fetch implementation (the same one the client transport uses). */
+    fetch: typeof globalThis.fetch;
+    batchSize?: number;
+    flushIntervalMs?: number;
+    sessionId?: string;
+    sdkVersion?: string;
+}
+export interface RemoteDebugTransport {
+    /** Buffer one debug event; flushes automatically per the batching policy. */
+    capture(event: DebugEvent): void;
+}
+export declare function createRemoteDebugTransport(config: RemoteDebugTransportConfig): RemoteDebugTransport;
+/**
+ * Build a `phase: 'cookie'` {@link DebugEvent} for a cookie set/clear. Single construction point so
+ * the cart / currency / language stores emit an identical shape (`{ name, action, value?, maxAge? }`).
+ */
+export declare function cookieDebugEvent(name: string, action: 'set' | 'clear', value?: string, maxAge?: number): DebugEvent;
+/**
+ * If `debug.remote` is enabled, wrap the resolved debug sink so every event is also handed to a
+ * remote transport. Returns the input untouched when remote is off (or debug is disabled), so the
+ * local `log` behaviour is preserved exactly.
+ */
+export declare function maybeAttachRemoteTransport(resolved: ResolvedDebugOptions | null, debugConfig: boolean | 'verbose' | DebugOptions | undefined, context: {
+    apiUrl: string;
+    shopSlug: string;
+    fetch: typeof globalThis.fetch;
+}): ResolvedDebugOptions | null;
+//# sourceMappingURL=remote-debug-transport.d.ts.map

package/dist/core/client/remote-debug-transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"remote-debug-transport.d.ts","sourceRoot":"","sources":["../../../src/core/client/remote-debug-transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,YAAY,EAAuC,MAAM,SAAS,CAAC;AAC7F,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC;AAMtD,MAAM,WAAW,0BAA0B;IACzC,0CAA0C;IAC1C,QAAQ,EAAE,MAAM,CAAC;IACjB,6EAA6E;IAC7E,QAAQ,EAAE,MAAM,CAAC;IACjB,qEAAqE;IACrE,KAAK,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,oBAAoB;IACnC,6EAA6E;IAC7E,OAAO,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI,CAAC;CAClC;AAuDD,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,0BAA0B,GAAG,oBAAoB,CAmFnG;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,KAAK,GAAG,OAAO,EACvB,KAAK,CAAC,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,GACd,UAAU,CAKZ;AAOD;;;;GAIG;AACH,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,oBAAoB,GAAG,IAAI,EACrC,WAAW,EAAE,OAAO,GAAG,SAAS,GAAG,YAAY,GAAG,SAAS,EAC3D,OAAO,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,OAAO,UAAU,CAAC,KAAK,CAAA;CAAE,GAC5E,oBAAoB,GAAG,IAAI,CA0C7B"}

package/dist/core/client/remote-debug-transport.js

@@ -0,0 +1,198 @@
+/**
+ * Remote debug transport — batches debug events and ships them to a backend ingest
+ * endpoint over `fetch`. 0 runtime dependencies (only `fetch`, `Date`, `globalThis.crypto`).
+ *
+ * Fire-and-forget by contract: a failed flush is swallowed so telemetry can never break the
+ * storefront request that produced the event. The buffer flushes when it reaches `batchSize`,
+ * after `flushIntervalMs`, or when the page is hidden / unloading (browser only) — the last one
+ * matters for redirect-heavy flows (e.g. payment gateway hand-off) where trailing events would
+ * otherwise be lost. `fetch(..., { keepalive: true })` lets that final send complete during unload.
+ *
+ * Credentials are never sent (`credentials: 'omit'`) — this is telemetry, not an authenticated
+ * call. The shop is identified by the `X-Shop-Slug` header; the backend validates it.
+ */
+import { CART_COOKIE_NAME } from '../cart/cookie-config';
+const DEFAULT_BATCH_SIZE = 10;
+const DEFAULT_FLUSH_INTERVAL_MS = 5000;
+/**
+ * Pull identifying ids out of operation variables so the backend log is filterable by cart /
+ * order without parsing the whole payload. `cartId` comes from an explicit `cartId` variable, or
+ * from the `id` variable on cart operations (cart mutations pass the cart as `id: cartId`). The
+ * operation-name check is anchored (`^cart`) so only cart operations (`CartAddLines`, …) qualify —
+ * an unrelated op that merely contains "cart" (e.g. `ProductInCartBadge`) won't mislabel its `id`.
+ */
+function extractIdentifiers(event) {
+    // Cookie events carry the value directly — surface the cart-id so its set/clear correlates with
+    // the cart's GraphQL operations under one `cartId` filter.
+    if (event.phase === 'cookie') {
+        const cookie = event.data;
+        return cookie.name === CART_COOKIE_NAME && typeof cookie.value === 'string'
+            ? { cartId: cookie.value }
+            : {};
+    }
+    const variables = event.data.variables;
+    if (!variables || typeof variables !== 'object')
+        return {};
+    const v = variables;
+    const op = event.operationName ?? '';
+    const out = {};
+    const cartId = typeof v.cartId === 'string'
+        ? v.cartId
+        : /^cart/i.test(op) && typeof v.id === 'string'
+            ? v.id
+            : undefined;
+    if (cartId)
+        out.cartId = cartId;
+    if (typeof v.orderId === 'string')
+        out.orderId = v.orderId;
+    return out;
+}
+/**
+ * Generate a session correlation id. Prefers `crypto.randomUUID`; falls back to a
+ * timestamp + random suffix when unavailable (uniqueness within one client is all that is
+ * required here — there is no security property to preserve).
+ */
+function generateSessionId() {
+    const c = globalThis.crypto;
+    if (c && typeof c.randomUUID === 'function')
+        return c.randomUUID();
+    return `sdk-${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;
+}
+export function createRemoteDebugTransport(config) {
+    const { endpoint, shopSlug, fetch: fetchFn, batchSize = DEFAULT_BATCH_SIZE, flushIntervalMs = DEFAULT_FLUSH_INTERVAL_MS, sdkVersion, } = config;
+    const sessionId = config.sessionId ?? generateSessionId();
+    let buffer = [];
+    let timer = null;
+    function clearFlushTimer() {
+        if (timer !== null) {
+            clearTimeout(timer);
+            timer = null;
+        }
+    }
+    function flush(useKeepalive = false) {
+        if (buffer.length === 0)
+            return;
+        const events = buffer;
+        buffer = [];
+        clearFlushTimer();
+        // Fire-and-forget — a transport failure must never surface to the caller.
+        void Promise.resolve()
+            .then(() => fetchFn(endpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'X-Shop-Slug': shopSlug,
+            },
+            body: JSON.stringify({ sessionId, sdkVersion, events }),
+            // `keepalive` only for unload flushes — on a live page a large batch can exceed the
+            // browser's keepalive body quota (~64KB) and be rejected (then silently swallowed),
+            // whereas an ordinary fetch has no such cap. Unload flushes need it to survive navigation.
+            keepalive: useKeepalive,
+            credentials: 'omit',
+        }))
+            .catch(() => undefined);
+    }
+    // Flush on page hide / unload so trailing events survive a navigation or gateway redirect.
+    // Browser-only — guarded so the core stays usable in Node / Edge / Deno. These listeners live for
+    // the transport's lifetime (no teardown): the storefront client is expected to be created once per
+    // app (the SDK's singleton/Context convention), so they are registered once. Do not build a new
+    // client with `debug.remote` on every render — that would accumulate listeners.
+    const g = globalThis;
+    if (typeof g.addEventListener === 'function') {
+        g.addEventListener('pagehide', () => flush(true));
+        g.addEventListener('visibilitychange', () => {
+            if (g.document?.visibilityState === 'hidden')
+                flush(true);
+        });
+    }
+    return {
+        capture(event) {
+            buffer.push({
+                timestamp: new Date().toISOString(),
+                phase: event.phase,
+                operationName: event.operationName ?? null,
+                ...extractIdentifiers(event),
+                data: event.data,
+            });
+            if (buffer.length >= batchSize) {
+                flush();
+            }
+            else if (timer === null) {
+                timer = setTimeout(() => flush(), flushIntervalMs);
+                // Don't keep a Node/Edge event loop alive for a pending flush (browser timers are numbers
+                // with no `unref`; Node/Edge timers are objects that have it).
+                if (timer && typeof timer === 'object' && 'unref' in timer) {
+                    timer.unref();
+                }
+            }
+        },
+    };
+}
+/**
+ * Build a `phase: 'cookie'` {@link DebugEvent} for a cookie set/clear. Single construction point so
+ * the cart / currency / language stores emit an identical shape (`{ name, action, value?, maxAge? }`).
+ */
+export function cookieDebugEvent(name, action, value, maxAge) {
+    const data = { name, action };
+    if (value !== undefined)
+        data.value = value;
+    if (maxAge !== undefined)
+        data.maxAge = maxAge;
+    return { phase: 'cookie', operationName: undefined, data };
+}
+/** True when `remote` is a pre-built sink (has a callable `capture`) rather than options/boolean. */
+function isRemoteSink(remote) {
+    return typeof remote === 'object' && typeof remote.capture === 'function';
+}
+/**
+ * If `debug.remote` is enabled, wrap the resolved debug sink so every event is also handed to a
+ * remote transport. Returns the input untouched when remote is off (or debug is disabled), so the
+ * local `log` behaviour is preserved exactly.
+ */
+export function maybeAttachRemoteTransport(resolved, debugConfig, context) {
+    if (!resolved)
+        return resolved;
+    // `remote` only exists on the object form of `debug` (`DebugOptions`).
+    if (typeof debugConfig !== 'object' || !debugConfig.remote) {
+        return resolved;
+    }
+    const remote = debugConfig.remote;
+    // A pre-built sink (e.g. a transport shared with the cookie stores) is used as-is, so the whole
+    // app reports through one channel + sessionId. Otherwise build a transport from the options.
+    let transport;
+    if (isRemoteSink(remote)) {
+        transport = remote;
+    }
+    else {
+        const remoteOpts = remote === true ? {} : remote;
+        transport = createRemoteDebugTransport({
+            endpoint: remoteOpts.endpoint ?? `${context.apiUrl.replace(/\/$/, '')}/storefront/debug-logs`,
+            shopSlug: context.shopSlug,
+            fetch: context.fetch,
+            batchSize: remoteOpts.batchSize,
+            flushIntervalMs: remoteOpts.flushIntervalMs,
+            sessionId: remoteOpts.sessionId,
+            sdkVersion: remoteOpts.sdkVersion,
+        });
+    }
+    const originalLog = resolved.log;
+    return {
+        ...resolved,
+        // Telemetry must never break the request: `execute` calls `debug.log` synchronously outside any
+        // try/catch, so a throwing local sink or remote `capture` is swallowed here.
+        log: (event) => {
+            try {
+                originalLog(event);
+            }
+            catch {
+                /* local sink threw — ignore */
+            }
+            try {
+                transport.capture(event);
+            }
+            catch {
+                /* remote sink threw — ignore */
+            }
+        },
+    };
+}

package/dist/core/client/types.d.ts

@@ -110,14 +110,64 @@ export interface DebugOptions {
     userErrors?: boolean;
     /** Custom logger sink. Default `console.log('[StorefrontSDK]', event.phase, event.operationName, event.data)`. Use for routing into `pino` / `winston`. */
     log?: (event: DebugEvent) => void;
+    /**
+     * Ship debug events to a remote ingest endpoint, in addition to the local `log` sink.
+     *
+     * Pass `true` to use defaults, or a `RemoteDebugOptions` object to customise the endpoint and
+     * batching. Events are buffered and sent with `fetch` (with `keepalive` on page-unload flushes so
+     * trailing events survive a navigation); a failed send is swallowed so telemetry can never break
+     * the request that produced it. Cookies are not sent (`credentials: 'omit'`). Default `false`.
+     *
+     * Redaction note: the SDK masks `Authorization` / `customerAccessToken` in *headers*. It does NOT
+     * redact the request `variables` or response body it ships — the backend ingest endpoint is the
+     * safety net there (it masks emails and credential-named fields). Enable `response` / `headers`
+     * only for operations whose payload you are comfortable sending to your backend.
+     *
+     * Which events are shipped is governed by the other flags above — `remote: true` alone ships the
+     * minimal set (request variables + response status + `userErrors`); enable `response` / `headers`
+     * / `timing` to ship more.
+     *
+     * Pass a pre-built transport (a `RemoteDebugSink`, e.g. from `createRemoteDebugTransport`) to
+     * share ONE channel + sessionId across the GraphQL client and the cookie stores, so a single
+     * `sessionId` in your logs gives the full interleaved timeline (GraphQL + cookie set/clear).
+     */
+    remote?: boolean | RemoteDebugOptions | RemoteDebugSink;
+}
+/**
+ * Configuration for the remote debug transport (`DebugOptions.remote`). All fields optional.
+ */
+export interface RemoteDebugOptions {
+    /** Ingest endpoint URL. Default `${apiUrl}/storefront/debug-logs`. */
+    endpoint?: string;
+    /** Flush the buffer once this many events accumulate. Default `10`. */
+    batchSize?: number;
+    /** Flush the buffer after this many milliseconds even if `batchSize` is not reached. Default `5000`. */
+    flushIntervalMs?: number;
+    /** Correlation id grouping every event from one client instance. Default a generated id. */
+    sessionId?: string;
+    /** Optional client/build version label attached to every batch. */
+    sdkVersion?: string;
+}
+/**
+ * Minimal surface of a debug transport — accepts already-built `DebugEvent`s. A `RemoteDebugSink`
+ * created once (via `createRemoteDebugTransport`) and shared between the GraphQL client and the
+ * cookie stores forms a single debug channel with one `sessionId`.
+ */
+export interface RemoteDebugSink {
+    capture(event: DebugEvent): void;
 }
 /**
  * Structured event handed to a custom `DebugOptions.log` sink. Stable contract:
  * `phase` and `operationName` are always present; `data` carries the merged
  * payload selected by `DebugOptions` flags.
+ *
+ * `phase: 'cookie'` events come from the SDK cookie layer (cart / currency / language) rather than
+ * the GraphQL transport — `operationName` is `undefined` and `data` is
+ * `{ name, action: 'set' | 'clear', value?, maxAge? }`. They let you see exactly when a cookie was
+ * written or removed (e.g. `cart-id` cleared by `complete()`) alongside the GraphQL timeline.
  */
 export interface DebugEvent {
-    phase: 'request' | 'response';
+    phase: 'request' | 'response' | 'cookie';
     operationName: string | undefined;
     data: Record<string, unknown>;
 }

package/dist/core/client/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/client/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH;;;;;GAKG;AACH,qBAAa,mBAAmB,CAAC,OAAO,GAAG,OAAO,EAAE,UAAU,GAAG,OAAO,CAAE,SAAQ,MAAM;IAIpD,QAAQ,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE;IAH7D,+CAA+C;IAC/C,SAAS,CAAC,EAAE,CAAC,SAAS,EAAE,UAAU,KAAK,OAAO,CAAC;gBAEnC,KAAK,EAAE,MAAM,EAAS,QAAQ,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,YAAA;IAIpD,QAAQ,IAAI,MAAM;CAG5B;AAMD,MAAM,WAAW,cAAc;IAC7B,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,iDAAiD;IACjD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,+DAA+D;IAC/D,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,mCAAmC;IACnC,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,wDAAwD;IACxD,UAAU,EAAE,OAAO,CAAC;IACpB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,aAAa,CAAC;CACvB;AAED,MAAM,WAAW,eAAe,CAAC,CAAC,GAAG,OAAO;IAC1C,2BAA2B;IAC3B,IAAI,EAAE,CAAC,CAAC;IACR,8BAA8B;IAC9B,MAAM,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAC5B,uBAAuB;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,2BAA2B;IAC3B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpD,IAAI,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAMD,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAMD;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,cAAc,KAAK,OAAO,CAAC,eAAe,CAAC,CAAC;AAE9E;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,SAAS,KAAK,OAAO,CAAC,eAAe,CAAC,CAAC;AAMhG,MAAM,WAAW,YAAY;IAC3B,yBAAyB;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB;IACjB,IAAI,EAAE,QAAQ,GAAG,SAAS,GAAG,UAAU,CAAC;IACxC,6CAA6C;IAC7C,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,CAAC;AAMzC;;;;;;;GAOG;AACH,MAAM,WAAW,YAAY;IAC3B,2GAA2G;IAC3G,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,wGAAwG;IACxG,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gKAAgK;IAChK,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,8EAA8E;IAC9E,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,sIAAsI;IACtI,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,2JAA2J;IAC3J,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,IAAI,CAAC;CACnC;AAED;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,SAAS,GAAG,UAAU,CAAC;IAC9B,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,sBAAsB;IACrC,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,uCAAuC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,0BAA0B;IAC1B,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;IAC1B,+DAA+D;IAC/D,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC;;;;;;;;;;;;;;;;OAgBG;IACH,KAAK,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,YAAY,CAAC;CAC5C;AAMD,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,KAAK,CAAC,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5C,QAAQ,EAAE,mBAAmB,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,EAC5C,SAAS,CAAC,EAAE,CAAC,EACb,KAAK,CAAC,EAAE,aAAa,GACpB,OAAO,CAAC,CAAC,CAAC,CAAC;IAEd;;;;OAIG;IACH,MAAM,CAAC,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7C,QAAQ,EAAE,mBAAmB,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,EAC5C,SAAS,CAAC,EAAE,CAAC,GACZ,OAAO,CAAC,CAAC,CAAC,CAAC;IAEd;;;;OAIG;IACH,GAAG,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI,CAAC;CACnC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/client/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAMH;;;;;GAKG;AACH,qBAAa,mBAAmB,CAAC,OAAO,GAAG,OAAO,EAAE,UAAU,GAAG,OAAO,CAAE,SAAQ,MAAM;IAIpD,QAAQ,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE;IAH7D,+CAA+C;IAC/C,SAAS,CAAC,EAAE,CAAC,SAAS,EAAE,UAAU,KAAK,OAAO,CAAC;gBAEnC,KAAK,EAAE,MAAM,EAAS,QAAQ,CAAC,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,YAAA;IAIpD,QAAQ,IAAI,MAAM;CAG5B;AAMD,MAAM,WAAW,cAAc;IAC7B,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,0BAA0B;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,iDAAiD;IACjD,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,+DAA+D;IAC/D,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,mCAAmC;IACnC,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,wDAAwD;IACxD,UAAU,EAAE,OAAO,CAAC;IACpB,8BAA8B;IAC9B,KAAK,CAAC,EAAE,aAAa,CAAC;CACvB;AAED,MAAM,WAAW,eAAe,CAAC,CAAC,GAAG,OAAO;IAC1C,2BAA2B;IAC3B,IAAI,EAAE,CAAC,CAAC;IACR,8BAA8B;IAC9B,MAAM,CAAC,EAAE,gBAAgB,EAAE,CAAC;IAC5B,uBAAuB;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,2BAA2B;IAC3B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpD,IAAI,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAMD,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAMD;;GAEG;AACH,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,cAAc,KAAK,OAAO,CAAC,eAAe,CAAC,CAAC;AAE9E;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,cAAc,EAAE,IAAI,EAAE,SAAS,KAAK,OAAO,CAAC,eAAe,CAAC,CAAC;AAMhG,MAAM,WAAW,YAAY;IAC3B,yBAAyB;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,iBAAiB;IACjB,IAAI,EAAE,QAAQ,GAAG,SAAS,GAAG,UAAU,CAAC;IACxC,6CAA6C;IAC7C,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,MAAM,aAAa,GAAG,YAAY,CAAC;AAMzC;;;;;;;GAOG;AACH,MAAM,WAAW,YAAY;IAC3B,2GAA2G;IAC3G,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,wGAAwG;IACxG,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,gKAAgK;IAChK,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,8EAA8E;IAC9E,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,sIAAsI;IACtI,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,2JAA2J;IAC3J,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,IAAI,CAAC;IAClC;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,MAAM,CAAC,EAAE,OAAO,GAAG,kBAAkB,GAAG,eAAe,CAAC;CACzD;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,sEAAsE;IACtE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,uEAAuE;IACvE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wGAAwG;IACxG,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,4FAA4F;IAC5F,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI,CAAC;CAClC;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,SAAS,GAAG,UAAU,GAAG,QAAQ,CAAC;IACzC,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B;AAED,MAAM,WAAW,sBAAsB;IACrC,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,uCAAuC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,0BAA0B;IAC1B,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;IAC1B,+DAA+D;IAC/D,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAChC;;;;;;;;;;;;;;;;OAgBG;IACH,KAAK,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,YAAY,CAAC;CAC5C;AAMD,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,KAAK,CAAC,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC5C,QAAQ,EAAE,mBAAmB,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,EAC5C,SAAS,CAAC,EAAE,CAAC,EACb,KAAK,CAAC,EAAE,aAAa,GACpB,OAAO,CAAC,CAAC,CAAC,CAAC;IAEd;;;;OAIG;IACH,MAAM,CAAC,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7C,QAAQ,EAAE,mBAAmB,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,EAC5C,SAAS,CAAC,EAAE,CAAC,GACZ,OAAO,CAAC,CAAC,CAAC,CAAC;IAEd;;;;OAIG;IACH,GAAG,CAAC,UAAU,EAAE,UAAU,GAAG,IAAI,CAAC;CACnC"}

package/dist/core/generated/operation-types.d.ts

@@ -254,6 +254,8 @@ export type AvailableShippingMethod = {
     isFree: Scalars['Boolean']['output'];
     /** Display name of the method (e.g. "DPD Standard"). */
     name: Scalars['String']['output'];
+    /** Pickup-point selection config — present only for pickup methods (deliveryType LOCKER / PICKUP_POINT) whose carrier exposes a public pickup mechanism. Null for HOME delivery and when the merchant has not configured the carrier's public widget token. Carries only browser-safe data (e.g. the InPost Geowidget public token), never the carrier API secret. */
+    pickupConfig?: Maybe<ShippingPickupConfig>;
     /** Cost of the method for the current cart (in the buyer preferred currency). */
     price: Money;
     /** Merchant-configured display position — lower values come first in the picker. */
@@ -997,6 +999,7 @@ export type CartWarning = {
     target: Scalars['String']['output'];
 };
 export declare const CartWarningCode: {
+    readonly DiscountCodeNotApplicable: "DISCOUNT_CODE_NOT_APPLICABLE";
     readonly MerchandiseNotAvailable: "MERCHANDISE_NOT_AVAILABLE";
     readonly MerchandiseNotEnoughStock: "MERCHANDISE_NOT_ENOUGH_STOCK";
     readonly PaymentsAmountRegionMismatch: "PAYMENTS_AMOUNT_REGION_MISMATCH";
@@ -1587,6 +1590,7 @@ export declare const DiscountErrorCode: {
     readonly Inactive: "INACTIVE";
     readonly MinimumOrderNotMet: "MINIMUM_ORDER_NOT_MET";
     readonly MinimumQuantityNotMet: "MINIMUM_QUANTITY_NOT_MET";
+    readonly NotApplicableToCart: "NOT_APPLICABLE_TO_CART";
     readonly NotFound: "NOT_FOUND";
     readonly NotStarted: "NOT_STARTED";
     readonly ShopNotFound: "SHOP_NOT_FOUND";
@@ -2343,6 +2347,8 @@ export type Order = Node & {
     cancelledAt?: Maybe<Scalars['DateTime']['output']>;
     /** When the order was confirmed (e.g. payment authorised / approved). Null until confirmation. */
     confirmedAt?: Maybe<Scalars['DateTime']['output']>;
+    /** Per-code discount allocations on the order (parity with `Cart.discountAllocations`). One entry per code that reduced the price; empty when no discount applied. The sum of `amount` equals the order-level discount. */
+    discountAllocations: Array<OrderDiscountAllocation>;
     /** When the order expired (e.g. pending payment timed out). Null when not expired. */
     expiredAt?: Maybe<Scalars['DateTime']['output']>;
     /** Fulfillment progress (UNFULFILLED, PARTIALLY_FULFILLED, FULFILLED, IN_TRANSIT, DELIVERED, PARTIALLY_RETURNED, RETURNED, LOST). */
@@ -2380,6 +2386,12 @@ export type OrderConnection = {
     /** Total orders count */
     totalCount: Scalars['Int']['output'];
 };
+export type OrderDiscountAllocation = {
+    /** Amount discounted by this code on the order, in the order currency. */
+    amount: Money;
+    /** The discount code that produced this allocation. */
+    discountCode: Scalars['String']['output'];
+};
 export type OrderEdge = {
     /** Cursor */
     cursor: Scalars['String']['output'];
@@ -2637,6 +2649,13 @@ export type PickupPointInput = {
     /** Courier network code (e.g. inpost, orlen, dpd) */
     provider: Scalars['String']['input'];
 };
+export declare const PickupSelectionMode: {
+    /** No browser widget — query points server-side (by city / postal code) and render your own list. `widgetToken` / `scriptUrl` are null for this mode. */
+    readonly Search: "SEARCH";
+    /** Render the carrier map widget (e.g. InPost Geowidget) initialised with `pickupConfig.widgetToken` + `pickupConfig.scriptUrl`. The buyer picks a point on the map. */
+    readonly Widget: "WIDGET";
+};
+export type PickupSelectionMode = typeof PickupSelectionMode[keyof typeof PickupSelectionMode];
 export type PointsEstimate = {
     /** Base points to earn */
     basePoints: Scalars['Int']['output'];
@@ -3456,6 +3475,16 @@ export type ShippingCarrier = {
     /** Carrier service code as configured by the merchant (e.g. "inpost_paczkomat"). Useful when integrating carrier widgets. */
     serviceCode?: Maybe<Scalars['String']['output']>;
 };
+export type ShippingPickupConfig = {
+    /** Carrier code this config belongs to (e.g. "inpost"). Matches `carrier.serviceCode`'s provider. */
+    provider: Scalars['String']['output'];
+    /** CDN URL of the carrier widget script to load before rendering the map. Null for SEARCH mode. */
+    scriptUrl?: Maybe<Scalars['String']['output']>;
+    /** How to let the buyer pick a point — WIDGET (carrier map) or SEARCH (server-side point lookup). */
+    selectionMode: PickupSelectionMode;
+    /** PUBLIC widget token used to initialise the carrier map (InPost Geowidget domain-scoped token). Never the carrier API secret. Null for SEARCH mode and when the merchant has not configured the public token (do not render the map — offer SEARCH or hide the method). */
+    widgetToken?: Maybe<Scalars['String']['output']>;
+};
 export type Shop = {
     /** Shop physical address */
     address?: Maybe<ShopAddress>;
@@ -3980,6 +4009,7 @@ export type CartAvailableShippingMethodsQuery = {
     cart?: Maybe<(Pick<Cart, 'id' | 'requiresShipping'> & {
         availableShippingMethods: {
             methods: Array<(Pick<AvailableShippingMethod, 'id' | 'name' | 'description' | 'deliveryType' | 'isFree' | 'sortOrder'> & {
+                pickupConfig?: Maybe<Pick<ShippingPickupConfig, 'provider' | 'selectionMode' | 'widgetToken' | 'scriptUrl'>>;
                 carrier?: Maybe<(Pick<ShippingCarrier, 'id' | 'name' | 'serviceCode'> & {
                     logo?: Maybe<Pick<Image, 'id' | 'url' | 'altText' | 'width' | 'height' | 'thumbhash'>>;
                 })>;
@@ -5227,6 +5257,7 @@ export type PageInfoFragment = Pick<PageInfo, 'hasNextPage' | 'hasPreviousPage'
 export type UserErrorFragment = Pick<UserError, 'message' | 'code' | 'field'>;
 export type CartWarningFragment = Pick<CartWarning, 'message' | 'code' | 'target'>;
 export type AvailableShippingMethodFragment = (Pick<AvailableShippingMethod, 'id' | 'name' | 'description' | 'deliveryType' | 'isFree' | 'sortOrder'> & {
+    pickupConfig?: Maybe<Pick<ShippingPickupConfig, 'provider' | 'selectionMode' | 'widgetToken' | 'scriptUrl'>>;
     carrier?: Maybe<(Pick<ShippingCarrier, 'id' | 'name' | 'serviceCode'> & {
         logo?: Maybe<Pick<Image, 'id' | 'url' | 'altText' | 'width' | 'height' | 'thumbhash'>>;
     })>;