@doswiftly/storefront-sdk 19.1.0 → 20.0.0

package/dist/react/hooks/use-logout.js

@@ -1,11 +1,13 @@
 /**
  * useLogout — focused hook for the logout flow.
  *
- * Calls the auth client logout (which clears the backend's httpOnly cookie),
- * invokes the consumer's `onClearToken` callback (BFF), and resets the local
- * auth store. Even when the backend request fails, the local state is
- * cleared (defensive — better to log a user out than leave them in a half
- * state).
+ * Downgrades the active cart to guest (clearing the customer's contact details,
+ * addresses and saved-payment selection so they do not linger on a shared
+ * device), then calls the auth client logout (which clears the backend's
+ * httpOnly cookie), invokes the consumer's `onClearToken` callback (BFF), and
+ * resets the local auth store. Even when the backend request fails, the local
+ * state is cleared (defensive — better to log a user out than leave them in a
+ * half state).
  *
  * @example
  * ```tsx
@@ -18,8 +20,34 @@
 import { useCallback, useState } from 'react';
 import { useStorefrontClientContext } from '../providers/storefront-client-provider';
 import { useAuthStore } from '../stores/store-context';
+import { getCookie } from '../cookies';
+import { CART_COOKIE_NAME, parseCartCookieValue } from '../../core/cart/cookie-config';
+/**
+ * Downgrade the active cart to guest before logout so customer PII (contact
+ * details, addresses, saved-payment selection) does not linger on a shared
+ * device. Best-effort with a single retry: the buyer must always be able to
+ * sign out, so any failure is logged and swallowed — never rethrown. No-op
+ * when there is no cart cookie. The cart secret rides along automatically via
+ * the client's cart-secret middleware.
+ */
+async function downgradeCartBeforeLogout(cartClient) {
+    const cartId = parseCartCookieValue(getCookie(CART_COOKIE_NAME))?.cartId;
+    if (!cartId)
+        return;
+    for (let attempt = 0; attempt < 2; attempt++) {
+        try {
+            await cartClient.downgradeOnLogout(cartId);
+            return;
+        }
+        catch (err) {
+            if (attempt === 0)
+                continue; // one retry, then continue logout regardless
+            console.warn('[storefront-sdk] cart downgrade on logout failed; continuing logout', err);
+        }
+    }
+}
 export function useLogout(options = {}) {
-    const { authClient } = useStorefrontClientContext();
+    const { authClient, cartClient } = useStorefrontClientContext();
     const { clearAuth } = useAuthStore();
     const [isLoggingOut, setIsLoggingOut] = useState(false);
     const [error, setError] = useState(null);
@@ -27,6 +55,8 @@ export function useLogout(options = {}) {
         setError(null);
         setIsLoggingOut(true);
         try {
+            // Clear customer PII from the cart first (best-effort; never blocks logout).
+            await downgradeCartBeforeLogout(cartClient);
             // Auth context resolved server-side from cookie/Bearer — no token arg needed
             await authClient.logout();
             if (options.onClearToken) {
@@ -45,6 +75,6 @@ export function useLogout(options = {}) {
         finally {
             setIsLoggingOut(false);
         }
-    }, [authClient, clearAuth, options]);
+    }, [authClient, cartClient, clearAuth, options]);
     return { logout, isLoggingOut, error };
 }

package/dist/react/providers/cart-manager-provider.d.ts

@@ -34,6 +34,9 @@ export interface CartManagerProviderProps extends CartManagerLifecycleCallbacks
     /**
      * Server-known cart-id seed forwarded to `useCartManager`. Used only when the
      * `cart-id` cookie is empty on mount — the cookie always wins when present.
+     * Accepts a bare cart id or the composite `"<cartId>.<secret>"` cookie value;
+     * pass the composite when the cart secret is known server-side so the seeded
+     * cart stays reachable on reads and writes.
      */
     initialCartId?: string | null;
     /**

package/dist/react/providers/cart-manager-provider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cart-manager-provider.d.ts","sourceRoot":"","sources":["../../../src/react/providers/cart-manager-provider.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAIH,OAAO,EAA6B,KAAK,SAAS,EAAE,MAAM,OAAO,CAAC;AAClE,OAAO,EAEL,KAAK,6BAA6B,EAClC,KAAK,oBAAoB,EAC1B,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAK1D,MAAM,WAAW,wBAAyB,SAAQ,6BAA6B;IAC7E;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B;;;;OAIG;IACH,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,IAAI,CAAC;IAC1C,QAAQ,EAAE,SAAS,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,EAClC,aAAa,EACb,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,QAAQ,GACT,EAAE,wBAAwB,2CAU1B;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,oBAAoB,CAM5D"}
+{"version":3,"file":"cart-manager-provider.d.ts","sourceRoot":"","sources":["../../../src/react/providers/cart-manager-provider.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAIH,OAAO,EAA6B,KAAK,SAAS,EAAE,MAAM,OAAO,CAAC;AAClE,OAAO,EAEL,KAAK,6BAA6B,EAClC,KAAK,oBAAoB,EAC1B,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAK1D,MAAM,WAAW,wBAAyB,SAAQ,6BAA6B;IAC7E;;;;;;OAMG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B;;;;OAIG;IACH,WAAW,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,IAAI,CAAC;IAC1C,QAAQ,EAAE,SAAS,CAAC;CACrB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,EAClC,aAAa,EACb,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,QAAQ,GACT,EAAE,wBAAwB,2CAU1B;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,IAAI,oBAAoB,CAM5D"}

package/dist/react/providers/storefront-client-provider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"storefront-client-provider.d.ts","sourceRoot":"","sources":["../../../src/react/providers/storefront-client-provider.tsx"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAA6C,MAAM,OAAO,CAAC;AAElE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAIzD,OAAO,EAA2B,KAAK,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAKhH,OAAO,KAAK,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAEpG,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAE5E,MAAM,WAAW,4BAA4B;IAC3C,MAAM,EAAE,gBAAgB,CAAC;IACzB,UAAU,EAAE,UAAU,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;CACxB;AAID,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,EAAE,sBAAsB,CAAC;IAC/B;;;OAGG;IACH,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;IAC1B,oEAAoE;IACpE,aAAa,CAAC,EAAE,0BAA0B,GAAG,IAAI,CAAC;IAClD,+DAA+D;IAC/D,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,4HAA4H;IAC5H,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,wBAAgB,wBAAwB,CAAC,EACvC,QAAQ,EACR,MAAM,EACN,UAAU,EAAE,gBAAqB,EACjC,aAAa,EACb,uBAAuB,EACvB,qBAAqB,EACrB,YAAY,GACb,EAAE,6BAA6B,2CAyE/B;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,4BAA4B,CAMzE"}
+{"version":3,"file":"storefront-client-provider.d.ts","sourceRoot":"","sources":["../../../src/react/providers/storefront-client-provider.tsx"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAA6C,MAAM,OAAO,CAAC;AAElE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAOzD,OAAO,EAA2B,KAAK,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAKhH,OAAO,KAAK,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAEpG,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAE5E,MAAM,WAAW,4BAA4B;IAC3C,MAAM,EAAE,gBAAgB,CAAC;IACzB,UAAU,EAAE,UAAU,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;CACxB;AAID,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,EAAE,sBAAsB,CAAC;IAC/B;;;OAGG;IACH,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;IAC1B,oEAAoE;IACpE,aAAa,CAAC,EAAE,0BAA0B,GAAG,IAAI,CAAC;IAClD,+DAA+D;IAC/D,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,4HAA4H;IAC5H,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,wBAAgB,wBAAwB,CAAC,EACvC,QAAQ,EACR,MAAM,EACN,UAAU,EAAE,gBAAqB,EACjC,aAAa,EACb,uBAAuB,EACvB,qBAAqB,EACrB,YAAY,GACb,EAAE,6BAA6B,2CA8E/B;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,4BAA4B,CAMzE"}

package/dist/react/providers/storefront-client-provider.js

@@ -13,6 +13,9 @@ import { createStorefrontClient } from '../../core/client/create-client';
 import { CartClient } from '../../core/cart/cart-client';
 import { AuthClient } from '../../core/auth/auth-client';
 import { authMiddleware } from '../../core/middleware/auth';
+import { cartSecretMiddleware } from '../../core/middleware/cart-secret';
+import { CART_COOKIE_NAME, parseCartCookieValue } from '../../core/cart/cookie-config';
+import { getCookie } from '../cookies';
 import { currencyMiddleware } from '../../core/middleware/currency';
 import { languageMiddleware } from '../../core/middleware/language';
 import { botProtectionMiddleware } from '../../core/middleware/bot-protection';
@@ -62,6 +65,9 @@ export function StorefrontClientProvider({ children, config, middleware: customM
                     : []),
                 // Header middleware (runs first)
                 authMiddleware(() => authStore.getState().accessToken),
+                // Cart access secret — read lazily from the composite cart-id cookie so
+                // a rotated secret (recovery redeem) is picked up without rebuilding.
+                cartSecretMiddleware(() => parseCartCookieValue(getCookie(CART_COOKIE_NAME))?.cartSecret ?? null),
                 currencyMiddleware(() => currencyStore.getState().currency),
                 languageMiddleware(() => languageStore.getState().language),
                 // Bot protection (if configured)

package/dist/react/server/cookie-readers.d.ts

@@ -22,8 +22,28 @@
  * const cart = cartId ? await fetchCart(cartId) : null;
  * ```
  */
+import { type CartCredentials } from '../../core/cart/cookie-config';
 /** Read the first-party `cart-id` cookie (server-first, client fallback). */
 export declare function readCartIdCookie(): Promise<string | null>;
+/**
+ * Read the `cart-id` cookie and split the composite `<cartId>.<secret>` value
+ * into `{ cartId, cartSecret }`. Pass the result to `serverCartSecretMiddleware`
+ * so an SSR / edge cart read carries the secret (without it the backend treats
+ * the cart as unreachable and the read returns empty). Returns null when no
+ * cart cookie is present.
+ *
+ * @example
+ * ```ts
+ * import { getStorefrontClient } from '@doswiftly/storefront-sdk/react/server';
+ * import { readCartCredentials, serverCartSecretMiddleware } from '@doswiftly/storefront-sdk/react/server';
+ *
+ * const client = getStorefrontClient({
+ *   apiUrl, shopSlug,
+ *   middleware: [serverCartSecretMiddleware(await readCartCredentials())],
+ * });
+ * ```
+ */
+export declare function readCartCredentials(): Promise<CartCredentials | null>;
 /** Read the first-party `preferred-currency` cookie (server-first, client fallback). */
 export declare function readCurrencyCookie(): Promise<string | null>;
 //# sourceMappingURL=cookie-readers.d.ts.map

package/dist/react/server/cookie-readers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cookie-readers.d.ts","sourceRoot":"","sources":["../../../src/react/server/cookie-readers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAuBH,6EAA6E;AAC7E,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAE/D;AAED,wFAAwF;AACxF,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAEjE"}
+{"version":3,"file":"cookie-readers.d.ts","sourceRoot":"","sources":["../../../src/react/server/cookie-readers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAGL,KAAK,eAAe,EACrB,MAAM,+BAA+B,CAAC;AAqBvC,6EAA6E;AAC7E,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAE/D;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,mBAAmB,IAAI,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAE3E;AAED,wFAAwF;AACxF,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAEjE"}

package/dist/react/server/cookie-readers.js

@@ -22,7 +22,7 @@
  * const cart = cartId ? await fetchCart(cartId) : null;
  * ```
  */
-import { CART_COOKIE_NAME } from '../../core/cart/cookie-config';
+import { CART_COOKIE_NAME, parseCartCookieValue, } from '../../core/cart/cookie-config';
 import { CURRENCY_COOKIE_NAME } from '../../core/currency/cookie-config';
 import { getCookie } from '../cookies';
 /**
@@ -46,6 +46,27 @@ async function readCookieIsomorphic(name) {
 export async function readCartIdCookie() {
     return readCookieIsomorphic(CART_COOKIE_NAME);
 }
+/**
+ * Read the `cart-id` cookie and split the composite `<cartId>.<secret>` value
+ * into `{ cartId, cartSecret }`. Pass the result to `serverCartSecretMiddleware`
+ * so an SSR / edge cart read carries the secret (without it the backend treats
+ * the cart as unreachable and the read returns empty). Returns null when no
+ * cart cookie is present.
+ *
+ * @example
+ * ```ts
+ * import { getStorefrontClient } from '@doswiftly/storefront-sdk/react/server';
+ * import { readCartCredentials, serverCartSecretMiddleware } from '@doswiftly/storefront-sdk/react/server';
+ *
+ * const client = getStorefrontClient({
+ *   apiUrl, shopSlug,
+ *   middleware: [serverCartSecretMiddleware(await readCartCredentials())],
+ * });
+ * ```
+ */
+export async function readCartCredentials() {
+    return parseCartCookieValue(await readCookieIsomorphic(CART_COOKIE_NAME));
+}
 /** Read the first-party `preferred-currency` cookie (server-first, client fallback). */
 export async function readCurrencyCookie() {
     return readCookieIsomorphic(CURRENCY_COOKIE_NAME);

package/dist/react/server/index.d.ts

@@ -1,6 +1,7 @@
 export { getStorefrontClient, type ServerClientOptions } from './get-storefront-client';
 export { createStorefrontAuthRoute, type StorefrontAuthRouteOptions, type StorefrontAuthRouteHandlers, } from './create-storefront-auth-route';
 export { getInitialAuth, type InitialAuth } from './get-initial-auth';
-export { readCartIdCookie, readCurrencyCookie } from './cookie-readers';
+export { readCartIdCookie, readCartCredentials, readCurrencyCookie } from './cookie-readers';
+export { serverCartSecretMiddleware } from '../../core/middleware/cart-secret';
 export { trustedForwardedHostValidator, originAllowlistValidator, type OriginValidator, type OriginValidatorContext, } from '../../core/auth/handlers';
 //# sourceMappingURL=index.d.ts.map

package/dist/react/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/react/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,KAAK,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAGxF,OAAO,EACL,yBAAyB,EACzB,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,GACjC,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EAAE,cAAc,EAAE,KAAK,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtE,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAGxE,OAAO,EACL,6BAA6B,EAC7B,wBAAwB,EACxB,KAAK,eAAe,EACpB,KAAK,sBAAsB,GAC5B,MAAM,0BAA0B,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/react/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,KAAK,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAGxF,OAAO,EACL,yBAAyB,EACzB,KAAK,0BAA0B,EAC/B,KAAK,2BAA2B,GACjC,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EAAE,cAAc,EAAE,KAAK,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGtE,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAI7F,OAAO,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAG/E,OAAO,EACL,6BAA6B,EAC7B,wBAAwB,EACxB,KAAK,eAAe,EACpB,KAAK,sBAAsB,GAC5B,MAAM,0BAA0B,CAAC"}

package/dist/react/server/index.js

@@ -4,6 +4,9 @@ export { createStorefrontAuthRoute, } from './create-storefront-auth-route';
 // Server-only cold-start auth seed from the first-party cookies.
 export { getInitialAuth } from './get-initial-auth';
 // Server-first readers for the readable first-party cookies (cart-id, currency).
-export { readCartIdCookie, readCurrencyCookie } from './cookie-readers';
+export { readCartIdCookie, readCartCredentials, readCurrencyCookie } from './cookie-readers';
+// Server cart-secret middleware — prepend to `getStorefrontClient({ middleware })`
+// with `await readCartCredentials()` so SSR / edge cart reads carry the secret.
+export { serverCartSecretMiddleware } from '../../core/middleware/cart-secret';
 // Origin validators — wire CSRF defense-in-depth on the route handlers from a single import.
 export { trustedForwardedHostValidator, originAllowlistValidator, } from '../../core/auth/handlers';

package/dist/react/stores/cart.context.d.ts

@@ -1,4 +1,9 @@
 import type { CartState } from './cart.store';
+/**
+ * @deprecated Provider and hooks for the legacy {@link createCartStore} cart system.
+ * Use `useCartManager` instead — see {@link createCartStore} for details. Removed in
+ * a future major release.
+ */
 export declare const CartProvider: {
     ({ store, children }: {
         store: import("zustand").StoreApi<CartState>;

package/dist/react/stores/cart.context.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cart.context.d.ts","sourceRoot":"","sources":["../../../src/react/stores/cart.context.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAE9C,eAAO,MACK,YAAY;;;;;;GACZ,YAAY;;;GACd,eAAe,6CACqB,CAAC"}
+{"version":3,"file":"cart.context.d.ts","sourceRoot":"","sources":["../../../src/react/stores/cart.context.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAE9C;;;;GAIG;AACH,eAAO,MACK,YAAY;;;;;;GACZ,YAAY;;;GACd,eAAe,6CACqB,CAAC"}

package/dist/react/stores/cart.context.js

@@ -1,3 +1,8 @@
 'use client';
 import { createStoreContext } from '../helpers/create-store-context';
+/**
+ * @deprecated Provider and hooks for the legacy {@link createCartStore} cart system.
+ * Use `useCartManager` instead — see {@link createCartStore} for details. Removed in
+ * a future major release.
+ */
 export const { Provider: CartProvider, useStore: useCartStore, useApi: useCartStoreApi, } = createStoreContext('CartStore');

package/dist/react/stores/cart.store.d.ts

@@ -114,5 +114,11 @@ export interface CartState {
 export declare const selectCartId: (state: CartState) => string | null;
 export declare const selectIsCartOpen: (state: CartState) => boolean;
 export declare const selectCartIsLoading: (state: CartState) => boolean;
+/**
+ * @deprecated Use `useCartManager` instead. This store predates capability-based
+ * carts and does not carry the cart secret, so mutations against a capability cart
+ * fail. `useCartManager` (React) and `createCartRecoveryRunner` (framework-agnostic
+ * core) manage the cart secret automatically. Removed in a future major release.
+ */
 export declare function createCartStore(config: CartStoreConfig): import("zustand").StoreApi<CartState>;
 //# sourceMappingURL=cart.store.d.ts.map

package/dist/react/stores/cart.store.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cart.store.d.ts","sourceRoot":"","sources":["../../../src/react/stores/cart.store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAEhF,OAAO,EAEL,KAAK,gBAAgB,EAEtB,MAAM,+BAA+B,CAAC;AAIvC,YAAY,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAChF,YAAY,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAMtE,gDAAgD;AAChD,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,uDAAuD;AACvD,MAAM,WAAW,WAAW;IAC1B,+DAA+D;IAC/D,SAAS,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IACxD,iDAAiD;IACjD,UAAU,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,oDAAoD;IACpD,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IACxE,4DAA4D;IAC5D,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjF,uDAAuD;IACvD,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IACtE;;;;;;;;OAQG;IACH,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,EAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;CACrE;AAMD,iDAAiD;AACjD,MAAM,MAAM,kBAAkB,GAAG,UAAU,GAAG,WAAW,GAAG,gBAAgB,GAAG,gBAAgB,CAAC;AAEhG,MAAM,WAAW,eAAe;IAC9B,wEAAwE;IACxE,UAAU,EAAE,MAAM,WAAW,CAAC;IAC9B,wCAAwC;IACxC,iBAAiB,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,EAAE,IAAI,EAAE,QAAQ,KAAK,IAAI,CAAC;IACzE,gCAAgC;IAChC,eAAe,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IACvE;;;;;;;;;;;;OAYG;IACH,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI,CAAC;CAC/C;AAMD,MAAM,WAAW,SAAS;IAExB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IAGtB,QAAQ,EAAE,MAAM,IAAI,CAAC;IACrB,SAAS,EAAE,MAAM,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,IAAI,CAAC;IAGvB,QAAQ,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,SAAS,EAAE,CAAC,KAAK,EAAE,aAAa,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,cAAc,EAAE,CAAC,KAAK,EAAE,mBAAmB,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAChE,cAAc,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,SAAS,EAAE,MAAM,IAAI,CAAC;CACvB;AAMD,eAAO,MAAM,YAAY,GAAI,OAAO,SAAS,kBAAiB,CAAC;AAC/D,eAAO,MAAM,gBAAgB,GAAI,OAAO,SAAS,YAAiB,CAAC;AACnE,eAAO,MAAM,mBAAmB,GAAI,OAAO,SAAS,YAAoB,CAAC;AAMzE,wBAAgB,eAAe,CAAC,MAAM,EAAE,eAAe,yCAuNtD"}
+{"version":3,"file":"cart.store.d.ts","sourceRoot":"","sources":["../../../src/react/stores/cart.store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAGH,OAAO,KAAK,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAEhF,OAAO,EAEL,KAAK,gBAAgB,EAEtB,MAAM,+BAA+B,CAAC;AAIvC,YAAY,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAChF,YAAY,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AAMtE,gDAAgD;AAChD,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,uDAAuD;AACvD,MAAM,WAAW,WAAW;IAC1B,+DAA+D;IAC/D,SAAS,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IACxD,iDAAiD;IACjD,UAAU,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IAClC,oDAAoD;IACpD,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IACxE,4DAA4D;IAC5D,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjF,uDAAuD;IACvD,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IACtE;;;;;;;;OAQG;IACH,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,EAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;CACrE;AAMD,iDAAiD;AACjD,MAAM,MAAM,kBAAkB,GAAG,UAAU,GAAG,WAAW,GAAG,gBAAgB,GAAG,gBAAgB,CAAC;AAEhG,MAAM,WAAW,eAAe;IAC9B,wEAAwE;IACxE,UAAU,EAAE,MAAM,WAAW,CAAC;IAC9B,wCAAwC;IACxC,iBAAiB,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,EAAE,IAAI,EAAE,QAAQ,KAAK,IAAI,CAAC;IACzE,gCAAgC;IAChC,eAAe,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,EAAE,KAAK,EAAE,OAAO,KAAK,IAAI,CAAC;IACvE;;;;;;;;;;;;OAYG;IACH,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI,CAAC;CAC/C;AAMD,MAAM,WAAW,SAAS;IAExB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,MAAM,EAAE,OAAO,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;IACnB,KAAK,EAAE,OAAO,GAAG,IAAI,CAAC;IAGtB,QAAQ,EAAE,MAAM,IAAI,CAAC;IACrB,SAAS,EAAE,MAAM,IAAI,CAAC;IACtB,UAAU,EAAE,MAAM,IAAI,CAAC;IAGvB,QAAQ,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,SAAS,EAAE,CAAC,KAAK,EAAE,aAAa,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,cAAc,EAAE,CAAC,KAAK,EAAE,mBAAmB,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAChE,cAAc,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,SAAS,EAAE,MAAM,IAAI,CAAC;CACvB;AAMD,eAAO,MAAM,YAAY,GAAI,OAAO,SAAS,kBAAiB,CAAC;AAC/D,eAAO,MAAM,gBAAgB,GAAI,OAAO,SAAS,YAAiB,CAAC;AACnE,eAAO,MAAM,mBAAmB,GAAI,OAAO,SAAS,YAAoB,CAAC;AAMzE;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,eAAe,yCAuNtD"}

package/dist/react/stores/cart.store.js

@@ -54,6 +54,12 @@ export const selectCartIsLoading = (state) => state.isLoading;
 // ---------------------------------------------------------------------------
 // Factory
 // ---------------------------------------------------------------------------
+/**
+ * @deprecated Use `useCartManager` instead. This store predates capability-based
+ * carts and does not carry the cart secret, so mutations against a capability cart
+ * fail. `useCartManager` (React) and `createCartRecoveryRunner` (framework-agnostic
+ * core) manage the cart secret automatically. Removed in a future major release.
+ */
 export function createCartStore(config) {
     // Deduplication for initCart only — first-create collision is the common
     // case (multiple components mounting and seeing an empty cookie). Recovery

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@doswiftly/storefront-sdk",
-  "version": "19.1.0",
+  "version": "20.0.0",
   "description": "Storefront runtime SDK for DoSwiftly Commerce — layered transport, middleware pipeline, React providers, Zustand stores, cache strategies. 0 runtime dependencies in core.",
   "type": "module",
   "sideEffects": false,