@doswiftly/storefront-sdk 19.2.0 → 20.0.0

package/CHANGELOG.md

@@ -1,5 +1,50 @@
 # Changelog
 
+## 20.0.0
+
+### Major Changes
+
+- 486afc8: Cart access is now capability-based: a cart is reached with its id **and** a one-time secret instead of being tied to the signed-in customer. This fixes two long-standing cart bugs — a guest inheriting a previous visitor's cart id getting "cart not found", and a signed-in buyer being told to sign in again on their own cart — and aligns the cart contract with the industry norm.
+
+  **Why**: the `cart-id` cookie outlives the auth session and is shared across tabs and workers, so gating cart writes on the customer made carts brittle. The cart token is now a bearer capability; the customer link is enrichment only. There are no more "unauthenticated"/"forbidden" cart errors — a missing or expired cart, or a missing or wrong secret, returns a single `CART_NOT_FOUND`, which the SDK already auto-recovers from by creating a fresh cart.
+
+  **The SDK handles the secret for you.** `useCartManager`, the browser cart cookie store, and the client/server middleware read and persist it automatically. The breaking points below matter only if you read the `cart-id` cookie yourself, run server-side cart reads, or built on the removed session-error path.
+
+  **Breaking**
+  1. **Composite cart cookie.** The `cart-id` cookie value is now `"<cartId>.<secret>"`. If you read it directly (for example in a Server Component), parse it with the new `parseCartCookieValue()` / `readCartCredentials()` instead of treating the raw value as the cart id. A legacy plain-id cookie still parses (with `cartSecret: null`) and degrades to a fresh cart on the next write.
+  2. **Server-side cart reads must forward the secret.** SSR / edge cart reads now need the secret header or they come back empty. Add `serverCartSecretMiddleware(await readCartCredentials())` to your server client middleware (next to your currency / language middleware).
+  3. **The cart session-error path is removed.** `CART_UNAUTHENTICATED` no longer exists in the contract, and with it the recovery runner's `onSessionExpired` listener, the `CartSessionRequiredError` class, the `isCartSessionError` predicate and the `CART_SESSION_ERROR_CODES` constant. If you handled a "cart needs sign-in" signal, remove it — a stale or unreachable cart now flows through the normal `CART_NOT_FOUND` recovery you already have. (The auth-level session refresh — `sessionRetryMiddleware`, `useSessionExpired`, `createSessionExpiredEmitter` — is unchanged; it handles the customer token, not the cart.)
+  4. **`ensureCart` shape.** A custom `ensureCart` passed to `createCartRecoveryRunner` must now return `{ cart, secret }` (the create outcome) rather than just the cart, so the runner can persist the secret.
+
+  **New**
+  - `CartClient.create()` now returns the one-time `secret` alongside the cart.
+  - `CartClient.merge(guestCartId)` — on login, fold the customer's prior cart into the guest cart (quantities sum per variant, guest checkout fields win, the guest cart id and secret are kept so the stored cookie stays valid). Requires an authenticated request.
+  - `CartClient.downgradeOnLogout(cartId)` — on logout, clear the customer link, contact details, addresses and saved-payment selection while keeping items, coupons, shipping method, currency, notes and the secret. `useLogout` now calls this automatically before signing out, so customer details do not linger in the cart on a shared device.
+  - `CartClient.recoveryRedeem(token)` — redeem a signed cart-recovery link; the cart secret is rotated and the new one is revealed once (persist it into the cookie).
+  - `cartSecretMiddleware`, `serverCartSecretMiddleware`, `readCartCredentials`, `parseCartCookieValue`, `formatCartCookieValue` and the `CartCredentials` type for working with the secret directly.
+
+### Patch Changes
+
+- 17f4832: Two cart-cookie robustness fixes for capability-based carts:
+  - **A malformed `cart-id` cookie no longer breaks the GraphQL client.** A corrupt cookie value (for example a stray `%` left by another tool, or a hand-crafted bad value) made `getCookie` throw while reading the cart secret on every request, taking down the whole request pipeline for that browser until the cookie was cleared. The cookie is now treated as absent when it can't be decoded, so a fresh cart is created as intended.
+  - **A server-known cart seed can now carry the cart secret.** When you seed a cart id from the server (via `useCartManager({ initialCartId })`, `<CartManagerProvider initialCartId>`, or `createCartRecoveryRunner({ initialCartId })`), you can pass the composite `"<cartId>.<secret>"` value — the same value stored in the `cart-id` cookie — instead of a bare id. The seed is persisted as a composite cookie so reads and writes send the secret and reach the seeded cart. This unblocks magic-link checkout, embedded-iframe, customer-service "view this cart", and server-side dev-seed flows where the cart id is known up front.
+
+  Migration: no changes required for existing code. A bare-id seed keeps its previous behaviour (it degrades to a fresh cart on the first write, since the secret is required to reach an existing cart). To make a seeded cart reachable, read the raw `cart-id` cookie server-side and pass it through unchanged, or build the value with `formatCartCookieValue({ cartId, cartSecret })`.
+
+- 933492b: Deprecate the `createCartStore` cart-state system in favour of `useCartManager`.
+
+  `createCartStore` — and its `CartProvider` / `useCartStore` / `useCartStoreApi`
+  helpers — predate capability-based carts: the store does not carry the cart secret,
+  so mutations against a capability cart fail. These exports are now marked
+  `@deprecated` and will be removed in a future major release.
+
+  Migration: switch to `useCartManager` (React), which manages the cart secret, the
+  `cart-id` cookie, and stale-cart recovery automatically and exposes the full cart +
+  checkout lifecycle. For a framework-agnostic core, use `createCartRecoveryRunner`.
+  No runtime behaviour changes in this release — the deprecation only adds IDE hints.
+
+- 486afc8: `Order` now actually returns the `discountAllocations` breakdown it documents. The per-code discount allocations were added to the order contract previously, but the SDK's `Order` selection did not request the field, so it always came back empty. The order confirmation page can now render the same per-code discount rows the buyer saw on the cart.
+
 ## 19.2.0
 
 ### Minor Changes

package/dist/core/auth/session-events.d.ts

@@ -1,16 +1,13 @@
 /**
  * Session-expired event channel — auth-level pub/sub (0-deps core).
  *
- * Distinct from cart-recovery's `CartSessionExpiredEvent` (scoped to one cart
- * operation): this fires when the CUSTOMER auth session can no longer be kept
- * alive — the proactive scheduler's refresh failed on tab wake, or a reactive
- * refresh after a 401 also failed. Storefronts subscribe once globally
- * (`useSessionExpired`) and react (notify + redirect to sign-in).
+ * Fires when the CUSTOMER auth session can no longer be kept alive — the
+ * proactive scheduler's refresh failed on tab wake, or a reactive refresh after
+ * a 401 also failed. Storefronts subscribe once globally (`useSessionExpired`)
+ * and react (notify + redirect to sign-in).
  *
- * Mirrors the cart-recovery emitter shape (Set + emit-swallows-listener-errors
- * + subscribe→unsubscribe). 0-deps (Inv-1): plain `Set` + closure, no React /
- * DOM. The provider owns the instance (`useRef` + Context, Inv-3) — never a
- * module-level singleton.
+ * 0-deps (Inv-1): plain `Set` + closure, no React / DOM. The provider owns the
+ * instance (`useRef` + Context, Inv-3) — never a module-level singleton.
  */
 export type SessionExpiredReason = 
 /** Proactive scheduler tried to refresh on tab wake but the session was already gone. */

package/dist/core/auth/session-events.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"session-events.d.ts","sourceRoot":"","sources":["../../../src/core/auth/session-events.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,MAAM,oBAAoB;AAC9B,yFAAyF;AACvF,qBAAqB;AACvB,0FAA0F;GACxF,yBAAyB;AAC3B,8EAA8E;GAC5E,uBAAuB,CAAC;AAE5B,MAAM,WAAW,mBAAmB;IAClC,6CAA6C;IAC7C,MAAM,EAAE,oBAAoB,CAAC;IAC7B,sEAAsE;IACtE,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACpC;;;OAGG;IACH,IAAI,CAAC,KAAK,EAAE,mBAAmB,GAAG,IAAI,CAAC;IACvC,4EAA4E;IAC5E,SAAS,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,mBAAmB,KAAK,IAAI,GAAG,MAAM,IAAI,CAAC;CACvE;AAED,wBAAgB,2BAA2B,IAAI,qBAAqB,CAoBnE"}
+{"version":3,"file":"session-events.d.ts","sourceRoot":"","sources":["../../../src/core/auth/session-events.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,MAAM,MAAM,oBAAoB;AAC9B,yFAAyF;AACvF,qBAAqB;AACvB,0FAA0F;GACxF,yBAAyB;AAC3B,8EAA8E;GAC5E,uBAAuB,CAAC;AAE5B,MAAM,WAAW,mBAAmB;IAClC,6CAA6C;IAC7C,MAAM,EAAE,oBAAoB,CAAC;IAC7B,sEAAsE;IACtE,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,qBAAqB;IACpC;;;OAGG;IACH,IAAI,CAAC,KAAK,EAAE,mBAAmB,GAAG,IAAI,CAAC;IACvC,4EAA4E;IAC5E,SAAS,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,mBAAmB,KAAK,IAAI,GAAG,MAAM,IAAI,CAAC;CACvE;AAED,wBAAgB,2BAA2B,IAAI,qBAAqB,CAoBnE"}

package/dist/core/auth/session-events.js

@@ -1,16 +1,13 @@
 /**
  * Session-expired event channel — auth-level pub/sub (0-deps core).
  *
- * Distinct from cart-recovery's `CartSessionExpiredEvent` (scoped to one cart
- * operation): this fires when the CUSTOMER auth session can no longer be kept
- * alive — the proactive scheduler's refresh failed on tab wake, or a reactive
- * refresh after a 401 also failed. Storefronts subscribe once globally
- * (`useSessionExpired`) and react (notify + redirect to sign-in).
+ * Fires when the CUSTOMER auth session can no longer be kept alive — the
+ * proactive scheduler's refresh failed on tab wake, or a reactive refresh after
+ * a 401 also failed. Storefronts subscribe once globally (`useSessionExpired`)
+ * and react (notify + redirect to sign-in).
  *
- * Mirrors the cart-recovery emitter shape (Set + emit-swallows-listener-errors
- * + subscribe→unsubscribe). 0-deps (Inv-1): plain `Set` + closure, no React /
- * DOM. The provider owns the instance (`useRef` + Context, Inv-3) — never a
- * module-level singleton.
+ * 0-deps (Inv-1): plain `Set` + closure, no React / DOM. The provider owns the
+ * instance (`useRef` + Context, Inv-3) — never a module-level singleton.
  */
 export function createSessionExpiredEmitter() {
     const listeners = new Set();

package/dist/core/cart/cart-client.d.ts

@@ -31,6 +31,16 @@ export interface CartMutationOutcome {
     cart: Cart;
     warnings: CartWarning[];
 }
+/**
+ * Outcome of an operation that reveals a one-time cart access secret — cart
+ * creation and recovery redemption. `secret` is the raw secret to persist into
+ * the composite `cart-id` cookie; it is shown only here and cannot be retrieved
+ * again. The SDK cart manager persists it for you; a direct API caller must
+ * store it immediately.
+ */
+export interface CartSecretRevealOutcome extends CartMutationOutcome {
+    secret: string | null;
+}
 /**
  * cartComplete result — `order` is the Order created from the cart, non-null on
  * success (`complete()` throws via `assertNoUserErrors` before returning if the
@@ -93,9 +103,11 @@ export declare class CartClient {
      */
     getOrderByToken(token: string, email?: string): Promise<Order | null>;
     /**
-     * Create a new cart, optionally with initial lines.
+     * Create a new cart, optionally with initial lines. The result carries the
+     * one-time `secret` (the cart access capability) — persist it into the
+     * composite `cart-id` cookie. The SDK cart manager does this for you.
      */
-    create(input?: CartCreateInput): Promise<CartMutationOutcome>;
+    create(input?: CartCreateInput): Promise<CartSecretRevealOutcome>;
     /**
      * Add line items to an existing cart.
      */
@@ -129,6 +141,31 @@ export declare class CartClient {
      * Update buyer identity (email, phone, country, customer link, languageCode).
      */
     updateBuyerIdentity(cartId: string, buyerIdentity: CartBuyerIdentityInput): Promise<CartMutationOutcome>;
+    /**
+     * Merge the customer's prior cart into the guest cart on login. The guest
+     * cart survives (same id + secret → the stored cookie stays valid),
+     * quantities sum per variant, guest checkout fields win. Requires an
+     * authenticated request — throws (`StorefrontError`) on
+     * `CART_MERGE_REQUIRES_AUTH` (anonymous) or `CART_CURRENCY_MISMATCH`
+     * (different currencies). Inspect `err.userErrors[0].code`.
+     */
+    merge(guestCartId: string): Promise<CartMutationOutcome>;
+    /**
+     * Downgrade a cart to guest on logout — clears the customer association,
+     * contact details, addresses and saved-payment selection while keeping line
+     * items, coupons, shipping method, currency and notes. The access secret is
+     * NOT rotated, so the stored cookie stays valid. Capability-gated by the
+     * `x-cart-secret` header (a missing / wrong secret throws `CART_NOT_FOUND`).
+     */
+    downgradeOnLogout(cartId: string): Promise<CartMutationOutcome>;
+    /**
+     * Redeem a signed cart-recovery link. On success the cart secret is rotated
+     * and the result carries the NEW one-time `secret` — persist it into the
+     * composite `cart-id` cookie (the old secret stops working). Invalid /
+     * expired links throw a `StorefrontError` carrying `userErrors` without
+     * leaking cart content.
+     */
+    recoveryRedeem(token: string): Promise<CartSecretRevealOutcome>;
     /**
      * Set shipping address on the cart. Full replace (not patch). Triggers cart
      * re-pricing (tax recalculation per address country/region).

package/dist/core/cart/cart-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cart-client.d.ts","sourceRoot":"","sources":["../../../src/core/cart/cart-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,KAAK,EACV,IAAI,EACJ,eAAe,EACf,aAAa,EACb,mBAAmB,EACnB,sBAAsB,EACtB,kBAAkB,EAClB,2BAA2B,EAC3B,0BAA0B,EAC1B,6BAA6B,EAC7B,4BAA4B,EAC5B,8BAA8B,EAC9B,sBAAsB,EACtB,uBAAuB,EACvB,gCAAgC,EAChC,iBAAiB,EACjB,WAAW,EACX,KAAK,EACL,wBAAwB,EACxB,cAAc,EACd,kBAAkB,EAClB,+BAA+B,EAC/B,uBAAuB,EACvB,oBAAoB,EACrB,MAAM,SAAS,CAAC;AAyDjB;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,IAAI,CAAC;IACX,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAED,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,gBAAgB;IAErD;;;OAGG;IACG,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAQ/C;;;;;;;;;;;;;;;OAeG;IACG,2BAA2B,CAC/B,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,+BAA+B,GAAG,IAAI,CAAC;IAOlD;;;;;;;;;OASG;IACG,0BAA0B,IAAI,OAAO,CAAC,uBAAuB,CAAC;IAOpE;;;;;;;;;;;OAWG;IACG,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAQ3E;;OAEG;IACG,MAAM,CAAC,KAAK,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASnE;;OAEG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASpF;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS7F;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASlF;;;OAGG;IACG,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAShG;;OAEG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS5E;;;;;;OAMG;IACG,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAStG;;OAEG;IACG,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,sBAAsB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAa9G;;;OAGG;IACG,kBAAkB,CAAC,KAAK,EAAE,2BAA2B,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS1F;;;OAGG;IACG,iBAAiB,CAAC,KAAK,EAAE,0BAA0B,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASxF;;;OAGG;IACG,oBAAoB,CAAC,KAAK,EAAE,6BAA6B,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS9F;;;OAGG;IACG,mBAAmB,CAAC,KAAK,EAAE,4BAA4B,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS5F;;;;;;;OAOG;IACG,qBAAqB,CAAC,KAAK,EAAE,8BAA8B,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAYhG;;;OAGG;IACG,aAAa,CAAC,KAAK,EAAE,sBAAsB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAShF;;;OAGG;IACG,cAAc,CAAC,KAAK,EAAE,uBAAuB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASlF;;;;OAIG;IACG,uBAAuB,CAAC,KAAK,EAAE,gCAAgC,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASpG;;;;;;;;;;;;OAYG;IACG,QAAQ,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAYtE;;;;;;;;;;;;;;;;OAgBG;IACG,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,cAAc,CAAC;IASvE;;;;;;;;OAQG;IACG,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,CAAC;CAOpG"}
+{"version":3,"file":"cart-client.d.ts","sourceRoot":"","sources":["../../../src/core/cart/cart-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,KAAK,EACV,IAAI,EACJ,eAAe,EACf,aAAa,EACb,mBAAmB,EACnB,sBAAsB,EACtB,kBAAkB,EAClB,2BAA2B,EAC3B,0BAA0B,EAC1B,6BAA6B,EAC7B,4BAA4B,EAC5B,8BAA8B,EAC9B,sBAAsB,EACtB,uBAAuB,EACvB,gCAAgC,EAChC,iBAAiB,EACjB,WAAW,EACX,KAAK,EACL,wBAAwB,EACxB,cAAc,EACd,kBAAkB,EAClB,+BAA+B,EAC/B,uBAAuB,EACvB,oBAAoB,EACrB,MAAM,SAAS,CAAC;AAoEjB;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,IAAI,CAAC;IACX,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,uBAAwB,SAAQ,mBAAmB;IAClE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,WAAW,EAAE,CAAC;CACzB;AAED,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,gBAAgB;IAErD;;;OAGG;IACG,GAAG,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;IAQ/C;;;;;;;;;;;;;;;OAeG;IACG,2BAA2B,CAC/B,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,oBAAoB,GAC5B,OAAO,CAAC,+BAA+B,GAAG,IAAI,CAAC;IAOlD;;;;;;;;;OASG;IACG,0BAA0B,IAAI,OAAO,CAAC,uBAAuB,CAAC;IAOpE;;;;;;;;;;;OAWG;IACG,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC;IAQ3E;;;;OAIG;IACG,MAAM,CAAC,KAAK,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAavE;;OAEG;IACG,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASpF;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS7F;;OAEG;IACG,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASlF;;;OAGG;IACG,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAShG;;OAEG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS5E;;;;;;OAMG;IACG,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAStG;;OAEG;IACG,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,sBAAsB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAa9G;;;;;;;OAOG;IACG,KAAK,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS9D;;;;;;OAMG;IACG,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASrE;;;;;;OAMG;IACG,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAiBrE;;;OAGG;IACG,kBAAkB,CAAC,KAAK,EAAE,2BAA2B,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS1F;;;OAGG;IACG,iBAAiB,CAAC,KAAK,EAAE,0BAA0B,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASxF;;;OAGG;IACG,oBAAoB,CAAC,KAAK,EAAE,6BAA6B,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS9F;;;OAGG;IACG,mBAAmB,CAAC,KAAK,EAAE,4BAA4B,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS5F;;;;;;;OAOG;IACG,qBAAqB,CAAC,KAAK,EAAE,8BAA8B,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAYhG;;;OAGG;IACG,aAAa,CAAC,KAAK,EAAE,sBAAsB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAShF;;;OAGG;IACG,cAAc,CAAC,KAAK,EAAE,uBAAuB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASlF;;;;OAIG;IACG,uBAAuB,CAAC,KAAK,EAAE,gCAAgC,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASpG;;;;;;;;;;;;OAYG;IACG,QAAQ,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAYtE;;;;;;;;;;;;;;;;OAgBG;IACG,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,cAAc,CAAC;IASvE;;;;;;;;OAQG;IACG,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,CAAC;CAOpG"}

package/dist/core/cart/cart-client.js

@@ -22,7 +22,7 @@
  * ```
  */
 import { assertNoUserErrors } from '../helpers/assert-no-user-errors';
-import { CART_QUERY, ORDER_BY_TOKEN_QUERY, CART_AVAILABLE_SHIPPING_METHODS_QUERY, AVAILABLE_PAYMENT_METHODS_QUERY, CART_CREATE, CART_ADD_LINES, CART_UPDATE_LINES, CART_REMOVE_LINES, CART_DISCOUNT_CODES_UPDATE, CART_UPDATE_NOTE, CART_UPDATE_ATTRIBUTES, CART_UPDATE_BUYER_IDENTITY, CART_SET_SHIPPING_ADDRESS, CART_SET_BILLING_ADDRESS, CART_SELECT_SHIPPING_METHOD, CART_SELECT_PAYMENT_METHOD, CART_CLEAR_PAYMENT_SELECTION, CART_APPLY_GIFT_CARD, CART_REMOVE_GIFT_CARD, CART_UPDATE_GIFT_CARD_RECIPIENT, CART_COMPLETE, CART_VALIDATE_DISCOUNT_CODE, PAYMENT_CREATE, } from '../operations/cart';
+import { CART_QUERY, ORDER_BY_TOKEN_QUERY, CART_AVAILABLE_SHIPPING_METHODS_QUERY, AVAILABLE_PAYMENT_METHODS_QUERY, CART_CREATE, CART_ADD_LINES, CART_UPDATE_LINES, CART_REMOVE_LINES, CART_DISCOUNT_CODES_UPDATE, CART_UPDATE_NOTE, CART_UPDATE_ATTRIBUTES, CART_UPDATE_BUYER_IDENTITY, CART_MERGE, CART_DOWNGRADE_ON_LOGOUT, CART_RECOVERY_REDEEM, CART_SET_SHIPPING_ADDRESS, CART_SET_BILLING_ADDRESS, CART_SELECT_SHIPPING_METHOD, CART_SELECT_PAYMENT_METHOD, CART_CLEAR_PAYMENT_SELECTION, CART_APPLY_GIFT_CARD, CART_REMOVE_GIFT_CARD, CART_UPDATE_GIFT_CARD_RECIPIENT, CART_COMPLETE, CART_VALIDATE_DISCOUNT_CODE, PAYMENT_CREATE, } from '../operations/cart';
 export class CartClient {
     client;
     constructor(client) {
@@ -87,12 +87,18 @@ export class CartClient {
         return data.orderByToken;
     }
     /**
-     * Create a new cart, optionally with initial lines.
+     * Create a new cart, optionally with initial lines. The result carries the
+     * one-time `secret` (the cart access capability) — persist it into the
+     * composite `cart-id` cookie. The SDK cart manager does this for you.
      */
     async create(input) {
         const data = await this.client.mutate(CART_CREATE, { input: input ?? {} });
         assertNoUserErrors(data.cartCreate);
-        return { cart: data.cartCreate.cart, warnings: data.cartCreate.warnings ?? [] };
+        return {
+            cart: data.cartCreate.cart,
+            secret: data.cartCreate.secret ?? null,
+            warnings: data.cartCreate.warnings ?? [],
+        };
     }
     /**
      * Add line items to an existing cart.
@@ -156,6 +162,50 @@ export class CartClient {
         return { cart: data.cartUpdateBuyerIdentity.cart, warnings: data.cartUpdateBuyerIdentity.warnings ?? [] };
     }
     // -------------------------------------------------------------------------
+    // Guest ↔ customer transitions (capability model)
+    // -------------------------------------------------------------------------
+    /**
+     * Merge the customer's prior cart into the guest cart on login. The guest
+     * cart survives (same id + secret → the stored cookie stays valid),
+     * quantities sum per variant, guest checkout fields win. Requires an
+     * authenticated request — throws (`StorefrontError`) on
+     * `CART_MERGE_REQUIRES_AUTH` (anonymous) or `CART_CURRENCY_MISMATCH`
+     * (different currencies). Inspect `err.userErrors[0].code`.
+     */
+    async merge(guestCartId) {
+        const data = await this.client.mutate(CART_MERGE, { guestCartId });
+        assertNoUserErrors(data.cartMerge);
+        return { cart: data.cartMerge.cart, warnings: data.cartMerge.warnings ?? [] };
+    }
+    /**
+     * Downgrade a cart to guest on logout — clears the customer association,
+     * contact details, addresses and saved-payment selection while keeping line
+     * items, coupons, shipping method, currency and notes. The access secret is
+     * NOT rotated, so the stored cookie stays valid. Capability-gated by the
+     * `x-cart-secret` header (a missing / wrong secret throws `CART_NOT_FOUND`).
+     */
+    async downgradeOnLogout(cartId) {
+        const data = await this.client.mutate(CART_DOWNGRADE_ON_LOGOUT, { cartId });
+        assertNoUserErrors(data.cartDowngradeOnLogout);
+        return { cart: data.cartDowngradeOnLogout.cart, warnings: data.cartDowngradeOnLogout.warnings ?? [] };
+    }
+    /**
+     * Redeem a signed cart-recovery link. On success the cart secret is rotated
+     * and the result carries the NEW one-time `secret` — persist it into the
+     * composite `cart-id` cookie (the old secret stops working). Invalid /
+     * expired links throw a `StorefrontError` carrying `userErrors` without
+     * leaking cart content.
+     */
+    async recoveryRedeem(token) {
+        const data = await this.client.mutate(CART_RECOVERY_REDEEM, { token });
+        assertNoUserErrors(data.cartRecoveryRedeem);
+        return {
+            cart: data.cartRecoveryRedeem.cart,
+            secret: data.cartRecoveryRedeem.secret ?? null,
+            warnings: data.cartRecoveryRedeem.warnings ?? [],
+        };
+    }
+    // -------------------------------------------------------------------------
     // Phase 3 — Cart completion lifecycle methods
     // -------------------------------------------------------------------------
     /**

package/dist/core/cart/cart-recovery.d.ts

@@ -37,8 +37,9 @@ import type { Cart, CartCreateInput } from './types';
 /**
  * Cart error codes that require recreation of the cart resource.
  *
- * - `CART_NOT_FOUND` — cart expired, missing, or owner mismatch (backend masks
- *   `UNAUTHORIZED` as `CART_NOT_FOUND` to avoid leaking ownership info).
+ * - `CART_NOT_FOUND` — cart expired, missing, or the access secret was absent
+ *   or did not match. The backend returns one uniform code so it never leaks
+ *   whether a given cart exists.
  * - `ALREADY_COMPLETED` — cart status not in `{ACTIVE, RECOVERED}` (CONVERTED
  *   after checkout, EXPIRED via TTL, or ABANDONED by purge worker).
  *
@@ -55,54 +56,6 @@ export type CartRecoverableErrorCode = (typeof CART_RECOVERABLE_ERROR_CODES)[num
  * `StorefrontError` carries at least one userError with a recoverable code.
  */
 export declare function isCartRecoverableError(err: unknown): err is StorefrontError;
-/**
- * Cart error codes that signal a missing or invalid auth context on a
- * customer-owned cart — distinct from cart-resource recovery
- * (`CART_RECOVERABLE_ERROR_CODES`).
- *
- * - `CART_UNAUTHENTICATED` — anonymous request OR present-but-invalid token
- *   (expired JWT, malformed). The cart resource is intact and reachable
- *   again after re-auth.
- *
- * Storefronts SHOULD preserve the `cart-id` cookie when handling these
- * codes and prompt sign-in — the same cart resumes after a successful login.
- */
-export declare const CART_SESSION_ERROR_CODES: readonly ["CART_UNAUTHENTICATED"];
-export type CartSessionErrorCode = (typeof CART_SESSION_ERROR_CODES)[number];
-/**
- * Type-safe predicate for "this error means the session is gone, but the
- * cart resource is intact". Distinct from `isCartRecoverableError`
- * (cart-resource recovery) — `isCartSessionError` matches auth-recoverable
- * codes that should trigger re-auth flow, NOT cart cookie cleanup.
- *
- * Inspects `err.userErrors[].code` (structured field) — never matches against
- * `err.message` (locale-dependent, non-stable).
- */
-export declare function isCartSessionError(err: unknown): err is StorefrontError;
-/**
- * Event fired when the runner observes a session error (`CART_UNAUTHENTICATED`).
- * Cart-id cookie is NOT cleared — the cart resource is intact and the buyer
- * should be prompted to re-authenticate; after a successful login the same
- * cart resumes.
- */
-export interface CartSessionExpiredEvent {
-    /** Cart id from the cookie at the time of the failure (null when no cart was set). */
-    oldCartId: string | null;
-    /** Operation name from `CartRecoveryOperation.name` if provided, otherwise 'unknown'. */
-    operation: string;
-    /** Original `StorefrontError` carrying the `CART_UNAUTHENTICATED` userError. */
-    cause: unknown;
-}
-/**
- * Thrown when a cart operation fails with a session error
- * (`CART_UNAUTHENTICATED`). Distinct from `CartRecoveryNotPossibleError`
- * (cart-resource issue) — storefronts should redirect to a sign-in flow
- * and retry the operation after re-auth.
- */
-export declare class CartSessionRequiredError extends Error {
-    readonly cause: unknown;
-    constructor(cause: unknown, message?: string);
-}
 /**
  * Cookie I/O port. Caller's responsibility — core never touches `document.cookie`.
  *
@@ -118,9 +71,15 @@ export declare class CartSessionRequiredError extends Error {
 export interface CartCookieStore {
     /** Returns the persisted cart id or null. Must be synchronous. */
     get(): string | null;
-    /** Persists cart id. `options.maxAge` defaults to platform `CART_COOKIE_MAX_AGE`. */
+    /**
+     * Persists the cart id. When `options.secret` is provided the implementation
+     * stores the composite `<cartId>.<secret>` value — the cart access secret is
+     * revealed only on create / recovery redeem, so this is the only place it is
+     * written. `options.maxAge` defaults to platform `CART_COOKIE_MAX_AGE`.
+     */
     set(cartId: string, options?: {
         maxAge?: number;
+        secret?: string | null;
     }): void;
     /** Removes the cookie. Called when the current cart became unrecoverable. */
     clear(): void;
@@ -145,10 +104,13 @@ export interface CartRecoveryOperation<T> {
     run: (cartId: string) => Promise<T>;
     /**
      * Optional atomic "create new cart and run with payload in one go" strategy.
-     * Define for replay-safe operations; omit for state-dependent ones.
+     * Define for replay-safe operations; omit for state-dependent ones. Return
+     * the fresh cart's one-time `secret` so the runner persists the composite
+     * cookie (the recovered cart is reachable on the next mutation).
      */
     recreateAndRun?: (cartClient: CartClient) => Promise<{
         cart: Cart;
+        secret?: string | null;
         result: T;
     }>;
     /** Optional diagnostic label surfaced in `CartExpiredEvent.operation`. */
@@ -179,24 +141,30 @@ export interface ExecuteWithCartRecoveryOptions<T> {
     cartClient: CartClient;
     cookieStore: CartCookieStore;
     operation: CartRecoveryOperation<T>;
-    /** Initial-create fallback when cookie is empty. Defaults to `cartClient.create()`. */
-    ensureCart?: () => Promise<Cart>;
+    /**
+     * Initial-create fallback when the cookie is empty. Defaults to
+     * `cartClient.create()`. Must return the created cart together with its
+     * one-time `secret` so the runner persists the composite cookie.
+     */
+    ensureCart?: () => Promise<{
+        cart: Cart;
+        secret?: string | null;
+    }>;
     /** Cookie `maxAge` override propagated to `cookieStore.set`. */
     cookieMaxAge?: number;
     /** Optional listener fired before the runner throws `CartRecoveryNotPossibleError`. */
     onExpired?: (event: CartExpiredEvent) => void;
-    /**
-     * Optional listener fired before the runner throws
-     * `CartSessionRequiredError`. Distinct from `onExpired` — the cart
-     * resource is intact, but the session/auth context is missing or invalid.
-     * Storefront should redirect to sign-in and retry the operation after
-     * re-auth; the same cart resumes.
-     */
-    onSessionExpired?: (event: CartSessionExpiredEvent) => void;
     /**
      * Server-known cart-id seed used when the cookie store is empty. Cookie
      * wins when present; the seed only fills the gap on first interaction.
      *
+     * Accepts either a bare cart id (`"<cartId>"`) or the composite cookie value
+     * (`"<cartId>.<secret>"`). When the seed carries a secret, the runner persists
+     * the composite cookie so subsequent reads and writes send the access secret
+     * and reach the seeded cart. A bare cart id is persisted as-is and degrades to
+     * a fresh cart on the next write (the secret is required to reach an existing
+     * cart).
+     *
      * On Phase 0 the runner eagerly copies the seed into the cookie store so
      * cross-tab tabs observe the same cart-id and recovery semantics match
      * the standard cookie-driven path. If the seed is stale the recovery
@@ -231,13 +199,6 @@ export interface CartRecoveryRunner {
      * fails. Returns an unsubscribe function. Multiple subscribers are supported.
      */
     onExpired(listener: (event: CartExpiredEvent) => void): () => void;
-    /**
-     * Subscribe to `session-expired` events fired when the runner observes a
-     * `CART_UNAUTHENTICATED` userError (cart resource intact, re-auth required).
-     * The cart-id cookie is preserved so the same cart resumes after a successful
-     * sign-in. Returns an unsubscribe function. Multiple subscribers are supported.
-     */
-    onSessionExpired(listener: (event: CartSessionExpiredEvent) => void): () => void;
     /** Underlying cart client (for advanced flows / read-only helpers). */
     readonly cartClient: CartClient;
     /** Underlying cookie store (for advanced flows). */
@@ -246,8 +207,15 @@ export interface CartRecoveryRunner {
 export interface CreateCartRecoveryRunnerOptions {
     cartClient: CartClient;
     cookieStore: CartCookieStore;
-    /** Initial-create payload override (default: empty cart). */
-    ensureCart?: () => Promise<Cart>;
+    /**
+     * Initial-create payload override (default: empty cart). Must return the
+     * created cart together with its one-time `secret` so the runner persists
+     * the composite cookie.
+     */
+    ensureCart?: () => Promise<{
+        cart: Cart;
+        secret?: string | null;
+    }>;
     /** Cookie `maxAge` propagated to all `cookieStore.set` calls. */
     cookieMaxAge?: number;
     /**
@@ -283,6 +251,7 @@ export declare function createCartRecoveryRunner(options: CreateCartRecoveryRunn
  */
 export declare function recreateWithInput(input: CartCreateInput): (cartClient: CartClient) => Promise<{
     cart: Cart;
+    secret: string | null;
     result: CartMutationOutcome;
 }>;
 /**
@@ -291,6 +260,7 @@ export declare function recreateWithInput(input: CartCreateInput): (cartClient:
  */
 export declare function recreateWithLines(lines: NonNullable<CartCreateInput['lines']>, extraInput?: Omit<CartCreateInput, 'lines'>): (cartClient: CartClient) => Promise<{
     cart: Cart;
+    secret: string | null;
     result: CartMutationOutcome;
 }>;
 //# sourceMappingURL=cart-recovery.d.ts.map

package/dist/core/cart/cart-recovery.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cart-recovery.d.ts","sourceRoot":"","sources":["../../../src/core/cart/cart-recovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,KAAK,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,KAAK,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAMrD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4BAA4B,kDAAmD,CAAC;AAE7F,MAAM,MAAM,wBAAwB,GAAG,CAAC,OAAO,4BAA4B,CAAC,CAAC,MAAM,CAAC,CAAC;AAQrF;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,eAAe,CAM3E;AAMD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,wBAAwB,mCAAoC,CAAC;AAE1E,MAAM,MAAM,oBAAoB,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC;AAI7E;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,eAAe,CAMvE;AAED;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACtC,sFAAsF;IACtF,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,yFAAyF;IACzF,SAAS,EAAE,MAAM,CAAC;IAClB,gFAAgF;IAChF,KAAK,EAAE,OAAO,CAAC;CAChB;AAED;;;;;GAKG;AACH,qBAAa,wBAAyB,SAAQ,KAAK;IACjD,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;gBAEZ,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,MAAM;CAK7C;AAMD;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,eAAe;IAC9B,kEAAkE;IAClE,GAAG,IAAI,MAAM,GAAG,IAAI,CAAC;IACrB,qFAAqF;IACrF,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IACzD,6EAA6E;IAC7E,KAAK,IAAI,IAAI,CAAC;CACf;AAMD;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,qBAAqB,CAAC,CAAC;IACtC,4CAA4C;IAC5C,GAAG,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;IACpC;;;OAGG;IACH,cAAc,CAAC,EAAE,CAAC,UAAU,EAAE,UAAU,KAAK,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,MAAM,EAAE,CAAC,CAAA;KAAE,CAAC,CAAC;IAChF,0EAA0E;IAC1E,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAMD,MAAM,MAAM,yBAAyB,GACjC,iBAAiB,GACjB,iBAAiB,GACjB,mBAAmB,CAAC;AAExB;;;;GAIG;AACH,qBAAa,4BAA6B,SAAQ,KAAK;IACrD,QAAQ,CAAC,MAAM,EAAE,yBAAyB,CAAC;IAC3C,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;gBAEZ,MAAM,EAAE,yBAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,MAAM;CAMhF;AAaD,MAAM,WAAW,gBAAgB;IAC/B,iEAAiE;IACjE,MAAM,EAAE,yBAAyB,CAAC;IAClC,4FAA4F;IAC5F,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,yFAAyF;IACzF,SAAS,EAAE,MAAM,CAAC;IAClB,oEAAoE;IACpE,KAAK,EAAE,OAAO,CAAC;CAChB;AAmCD,MAAM,WAAW,8BAA8B,CAAC,CAAC;IAC/C,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,eAAe,CAAC;IAC7B,SAAS,EAAE,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACpC,uFAAuF;IACvF,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,uFAAuF;IACvF,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI,CAAC;IAC9C;;;;;;OAMG;IACH,gBAAgB,CAAC,EAAE,CAAC,KAAK,EAAE,uBAAuB,KAAK,IAAI,CAAC;IAC5D;;;;;;;;;;;;;;;OAeG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAOD;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,CAAC,EAC7C,IAAI,EAAE,8BAA8B,CAAC,CAAC,CAAC,GACtC,OAAO,CAAC,CAAC,CAAC,CAwGZ;AAMD,MAAM,WAAW,kBAAkB;IACjC,uDAAuD;IACvD,OAAO,CAAC,CAAC,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAC5D;;;;OAIG;IACH,OAAO,IAAI,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IAChC;;;OAGG;IACH,SAAS,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI,GAAG,MAAM,IAAI,CAAC;IACnE;;;;;OAKG;IACH,gBAAgB,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,uBAAuB,KAAK,IAAI,GAAG,MAAM,IAAI,CAAC;IACjF,uEAAuE;IACvE,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC,oDAAoD;IACpD,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;CACvC;AAED,MAAM,WAAW,+BAA+B;IAC9C,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,eAAe,CAAC;IAC7B,6DAA6D;IAC7D,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,iEAAiE;IACjE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,+BAA+B,GACvC,kBAAkB,CA8FpB;AAMD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,eAAe,IACxC,YAAY,UAAU,KAAG,OAAO,CAAC;IAAE,IAAI,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,mBAAmB,CAAA;CAAE,CAAC,CAI5F;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,EAC5C,UAAU,GAAE,IAAI,CAAC,eAAe,EAAE,OAAO,CAAM,gBAZrB,UAAU,KAAG,OAAO,CAAC;IAAE,IAAI,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,mBAAmB,CAAA;CAAE,CAAC,CAe5F"}
+{"version":3,"file":"cart-recovery.d.ts","sourceRoot":"","sources":["../../../src/core/cart/cart-recovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,KAAK,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACrE,OAAO,KAAK,EAAE,IAAI,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAOrD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,4BAA4B,kDAAmD,CAAC;AAE7F,MAAM,MAAM,wBAAwB,GAAG,CAAC,OAAO,4BAA4B,CAAC,CAAC,MAAM,CAAC,CAAC;AAQrF;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,eAAe,CAM3E;AAMD;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,eAAe;IAC9B,kEAAkE;IAClE,GAAG,IAAI,MAAM,GAAG,IAAI,CAAC;IACrB;;;;;OAKG;IACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC;IACjF,6EAA6E;IAC7E,KAAK,IAAI,IAAI,CAAC;CACf;AAMD;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,qBAAqB,CAAC,CAAC;IACtC,4CAA4C;IAC5C,GAAG,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC;IACpC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CACf,UAAU,EAAE,UAAU,KACnB,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,MAAM,EAAE,CAAC,CAAA;KAAE,CAAC,CAAC;IAChE,0EAA0E;IAC1E,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAMD,MAAM,MAAM,yBAAyB,GACjC,iBAAiB,GACjB,iBAAiB,GACjB,mBAAmB,CAAC;AAExB;;;;GAIG;AACH,qBAAa,4BAA6B,SAAQ,KAAK;IACrD,QAAQ,CAAC,MAAM,EAAE,yBAAyB,CAAC;IAC3C,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;gBAEZ,MAAM,EAAE,yBAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,MAAM;CAMhF;AAaD,MAAM,WAAW,gBAAgB;IAC/B,iEAAiE;IACjE,MAAM,EAAE,yBAAyB,CAAC;IAClC,4FAA4F;IAC5F,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,yFAAyF;IACzF,SAAS,EAAE,MAAM,CAAC;IAClB,oEAAoE;IACpE,KAAK,EAAE,OAAO,CAAC;CAChB;AAmCD,MAAM,WAAW,8BAA8B,CAAC,CAAC;IAC/C,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,eAAe,CAAC;IAC7B,SAAS,EAAE,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACpC;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;IACnE,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,uFAAuF;IACvF,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI,CAAC;IAC9C;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AA8BD;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,CAAC,EAC7C,IAAI,EAAE,8BAA8B,CAAC,CAAC,CAAC,GACtC,OAAO,CAAC,CAAC,CAAC,CA0FZ;AAMD,MAAM,WAAW,kBAAkB;IACjC,uDAAuD;IACvD,OAAO,CAAC,CAAC,EAAE,SAAS,EAAE,qBAAqB,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAC5D;;;;OAIG;IACH,OAAO,IAAI,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IAChC;;;OAGG;IACH,SAAS,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,gBAAgB,KAAK,IAAI,GAAG,MAAM,IAAI,CAAC;IACnE,uEAAuE;IACvE,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC,oDAAoD;IACpD,QAAQ,CAAC,WAAW,EAAE,eAAe,CAAC;CACvC;AAED,MAAM,WAAW,+BAA+B;IAC9C,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,eAAe,CAAC;IAC7B;;;;OAIG;IACH,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC;QAAE,IAAI,EAAE,IAAI,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;IACnE,iEAAiE;IACjE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAED;;;GAGG;AACH,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,+BAA+B,GACvC,kBAAkB,CAgEpB;AAMD;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,eAAe,IAEpD,YAAY,UAAU,KACrB,OAAO,CAAC;IAAE,IAAI,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,MAAM,EAAE,mBAAmB,CAAA;CAAE,CAAC,CAI/E;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,EAC5C,UAAU,GAAE,IAAI,CAAC,eAAe,EAAE,OAAO,CAAM,gBAbjC,UAAU,KACrB,OAAO,CAAC;IAAE,IAAI,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IAAC,MAAM,EAAE,mBAAmB,CAAA;CAAE,CAAC,CAe/E"}