@doswiftly/storefront-sdk 20.2.0 → 21.0.1

package/dist/react/helpers/browser-data.js

@@ -1,36 +1,36 @@
 /**
  * `getBrowserDataForPayment()` — collects browser context required by PSD2/3DS2
- * authentication flows (card-on-file z 3DS challenge, BLIK confirmation,
- * Apple/Google Pay z risk scoring).
+ * authentication flows (card-on-file with a 3DS challenge, BLIK confirmation,
+ * Apple/Google Pay with risk scoring).
  *
- * **Browser-only** — throws gdy `typeof window === 'undefined'` (server-side
- * rendering). Caller MUSI gate'ować call w useEffect / event handler / browser
- * code path. NEVER call this w Server Component lub Route Handler.
+ * **Browser-only** — throws when `typeof window === 'undefined'` (server-side
+ * rendering). Callers MUST gate the call inside a useEffect / event handler /
+ * browser-only code path. NEVER call this in a Server Component or Route Handler.
  *
- * Wartości pochodzą z standard Web APIs:
+ * Values come from standard Web APIs:
  *   - `userAgent` — `navigator.userAgent`.
  *   - `language` — `navigator.language` (BCP 47, fallback `en-US`).
  *   - `screen{Width,Height}` — `window.screen.{width,height}`.
  *   - `colorDepth` — `window.screen.colorDepth`.
  *   - `timezoneOffset` — `new Date().getTimezoneOffset()` (signed integer, minutes,
- *     reverse signed per ECMA: dodatnie = behind UTC, ujemne = ahead).
- *   - `javaEnabled` — `navigator.javaEnabled?.()` (deprecated ale wymagane PSD2/EMV
- *     specification; fallback `false` gdy browser nie expose'uje).
- *   - `acceptHeader` — NIE dostępne client-side (`navigator` nie expose'uje request
- *     headers). Caller passes z server context lub omits (gateway-dependent
- *     requirement). Helper zwraca undefined.
+ *     reverse signed per ECMA: positive = behind UTC, negative = ahead of UTC).
+ *   - `javaEnabled` — `navigator.javaEnabled?.()` (deprecated but required by the
+ *     PSD2/EMV specification; falls back to `false` when the browser does not
+ *     expose it).
+ *   - `acceptHeader` — NOT available client-side (`navigator` does not expose
+ *     request headers). Callers pass it from server context or omit it
+ *     (gateway-dependent requirement). The helper returns undefined.
  *
- * Shape matches PSD2/3DS2 BrowserData specification (EMVCo) — adapter na backend
- * `IPaymentProvider.createPayment` może merge wprost do gateway-specific body
- * (Adyen `browserInfo`, Stripe `payment_method_data.billing_details.browser_info`,
- * Mollie `cardToken` z 3DS lookup).
+ * The shape matches the PSD2/3DS2 BrowserData specification (EMVCo), so it can
+ * be merged into gateway-specific request bodies (gateway-specific field names
+ * vary).
  *
  * @example
  * ```tsx
- * // W event handler (browser-only):
+ * // In an event handler (browser-only):
  * function handleCheckoutSubmit() {
  *   const browserData = getBrowserDataForPayment();
- *   await cart.createPayment({ ..., browserData });
+ *   // pass to your payment integration where required
  * }
  *
  * // SSR-safe wrap:
@@ -39,15 +39,11 @@
  *   ...
  * }
  * ```
- *
- * Added by payment-instrument-preselection-advanced sub-sprint Adv-2 Req 9.5
- * (carry-over z Adv-1 plan — moved here as standalone utility, no backend
- * mutation impact yet — Adv-3 będzie consumer'em w `paymentCreate` input).
  */
 /**
- * Throw'd gdy helper wywołany w SSR context (Server Component, Route Handler,
- * Node bez JSDOM). Caller MUSI guard'ować przez `typeof window` check albo
- * wywołać tylko w event handler / `useEffect`.
+ * Thrown when the helper is called in an SSR context (Server Component, Route
+ * Handler, Node without JSDOM). Callers MUST guard with a `typeof window` check
+ * or call it only inside an event handler / `useEffect`.
  */
 export class BrowserDataNotAvailableError extends Error {
     constructor() {
@@ -59,11 +55,12 @@ export function getBrowserDataForPayment() {
     if (typeof window === 'undefined' || typeof navigator === 'undefined' || typeof window.screen === 'undefined') {
         throw new BrowserDataNotAvailableError();
     }
-    // `navigator.javaEnabled` jest deprecated ale wciąż obecny w major browsers — guard
-    // dla future removal. Falsy fallback gdy missing (PSD2 spec wymaga boolean, not undefined).
+    // `navigator.javaEnabled` is deprecated but still present in major browsers — guard
+    // against future removal. Falls back to `false` when missing (the PSD2 spec requires
+    // a boolean, not undefined).
     const javaEnabled = typeof navigator.javaEnabled === 'function' ? Boolean(navigator.javaEnabled()) : false;
-    // `Intl.DateTimeFormat` jest dostępny we wszystkich modern browsers — optional capture
-    // dla gateways które wymagają IANA name zamiast offset (np. Adyen).
+    // `Intl.DateTimeFormat` is available in all modern browsers — optional capture for
+    // gateways that require the IANA name instead of the numeric offset.
     let timezone;
     try {
         timezone = Intl.DateTimeFormat().resolvedOptions().timeZone;

package/dist/react/hooks/use-cart-manager.d.ts

@@ -62,7 +62,7 @@
  * function CartUI() {
  *   const { addItem, onExpired } = useCartManager();
  *
- *   useEffect(() => onExpired(() => toast('Koszyk wygasł, dodaj produkty ponownie')), [onExpired]);
+ *   useEffect(() => onExpired(() => toast('Your cart expired — please add the items again')), [onExpired]);
  *
  *   return <button onClick={() => addItem([{ variantId, quantity: 1 }])}>Add</button>;
  * }

package/dist/react/hooks/use-cart-manager.js

@@ -62,7 +62,7 @@
  * function CartUI() {
  *   const { addItem, onExpired } = useCartManager();
  *
- *   useEffect(() => onExpired(() => toast('Koszyk wygasł, dodaj produkty ponownie')), [onExpired]);
+ *   useEffect(() => onExpired(() => toast('Your cart expired — please add the items again')), [onExpired]);
  *
  *   return <button onClick={() => addItem([{ variantId, quantity: 1 }])}>Add</button>;
  * }

package/dist/react/hooks/use-cart.d.ts

@@ -9,8 +9,8 @@
  * UIs need.
  *
  * State management follows the platform's store pattern: a vanilla Zustand
- * store is created per hook mount via `useMemo` (component-scoped, no
- * module-level singleton — Inv-3 of the SDK), and React subscribes through
+ * store is created per hook mount via `useMemo` (stores are component-scoped,
+ * never module-level singletons), and React subscribes through
  * `useStore`. Changing `cartId` recreates the store; refetches are explicit
  * (`refetch()` or any mutation triggers one).
  *

package/dist/react/hooks/use-cart.js

@@ -9,8 +9,8 @@
  * UIs need.
  *
  * State management follows the platform's store pattern: a vanilla Zustand
- * store is created per hook mount via `useMemo` (component-scoped, no
- * module-level singleton — Inv-3 of the SDK), and React subscribes through
+ * store is created per hook mount via `useMemo` (stores are component-scoped,
+ * never module-level singletons), and React subscribes through
  * `useStore`. Changing `cartId` recreates the store; refetches are explicit
  * (`refetch()` or any mutation triggers one).
  *
@@ -84,7 +84,7 @@ export function useCart(cartId, options = {}) {
     const { autoFetch = true, initialCart } = options;
     // Recreate the store when `cartId` or the underlying client changes. The
     // useMemo dependency list captures store identity (component-scoped, not
-    // module-level — Inv-3). Mutations capture the store instance for stable
+    // module-level). Mutations capture the store instance for stable
     // references via the api object.
     const api = useMemo(() => createServerCartStore({ cartClient, cartId, initialCart }), 
     // initialCart deliberately excluded — it only seeds the FIRST mount; we do

package/dist/react/hooks/use-session-expired.d.ts

@@ -2,14 +2,15 @@
  * useSessionExpired — subscribe to the global session-expired signal.
  *
  * Fired when the SDK can no longer keep the customer session alive: a proactive
- * refresh failed on tab wake (R6.3), or a reactive refresh after a 401 also
- * failed (R2.4). Use once near the app root to react globally — show a notice
- * and redirect to sign-in (R14.2). No-op outside `StorefrontProvider`.
+ * refresh failed on tab wake, or a reactive refresh after a 401 also failed.
+ * Use once near the app root to react globally — show a notice and redirect
+ * to sign-in. No-op outside `StorefrontProvider`.
  */
 import type { SessionExpiredEmitter, SessionExpiredEvent } from '../../core/auth/session-events';
 /**
- * Context carrying the provider-scoped session-expired emitter. Created in
- * `StorefrontProvider` via `useRef` (Inv-3 — never a module-level singleton).
+ * Context carrying the provider-scoped session-expired emitter. Created per
+ * provider mount in `StorefrontProvider` via `useRef` — never a module-level
+ * singleton.
  */
 export declare const SessionExpiredContext: import("react").Context<SessionExpiredEmitter | null>;
 export declare function useSessionExpired(listener: (event: SessionExpiredEvent) => void): void;

package/dist/react/hooks/use-session-expired.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"use-session-expired.d.ts","sourceRoot":"","sources":["../../../src/react/hooks/use-session-expired.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,KAAK,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAEjG;;;GAGG;AACH,eAAO,MAAM,qBAAqB,uDAAoD,CAAC;AAEvF,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,mBAAmB,KAAK,IAAI,GAAG,IAAI,CAUtF"}
+{"version":3,"file":"use-session-expired.d.ts","sourceRoot":"","sources":["../../../src/react/hooks/use-session-expired.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAKH,OAAO,KAAK,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAEjG;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,uDAAoD,CAAC;AAEvF,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,mBAAmB,KAAK,IAAI,GAAG,IAAI,CAUtF"}

package/dist/react/hooks/use-session-expired.js

@@ -2,15 +2,16 @@
  * useSessionExpired — subscribe to the global session-expired signal.
  *
  * Fired when the SDK can no longer keep the customer session alive: a proactive
- * refresh failed on tab wake (R6.3), or a reactive refresh after a 401 also
- * failed (R2.4). Use once near the app root to react globally — show a notice
- * and redirect to sign-in (R14.2). No-op outside `StorefrontProvider`.
+ * refresh failed on tab wake, or a reactive refresh after a 401 also failed.
+ * Use once near the app root to react globally — show a notice and redirect
+ * to sign-in. No-op outside `StorefrontProvider`.
  */
 'use client';
 import { createContext, useContext, useEffect, useRef } from 'react';
 /**
- * Context carrying the provider-scoped session-expired emitter. Created in
- * `StorefrontProvider` via `useRef` (Inv-3 — never a module-level singleton).
+ * Context carrying the provider-scoped session-expired emitter. Created per
+ * provider mount in `StorefrontProvider` via `useRef` — never a module-level
+ * singleton.
  */
 export const SessionExpiredContext = createContext(null);
 export function useSessionExpired(listener) {

package/dist/react/stores/auth.store.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.store.d.ts","sourceRoot":"","sources":["../../../src/react/stores/auth.store.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,iBAAiB,CAAC;AAE/C,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,SAAS;IAExB,QAAQ,EAAE,YAAY,GAAG,IAAI,CAAC;IAC9B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B;;;;;OAKG;IACH,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IAGnB,OAAO,EAAE,CAAC,QAAQ,EAAE,YAAY,GAAG,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IACjG,SAAS,EAAE,MAAM,IAAI,CAAC;IACtB;;;;OAIG;IACH,YAAY,EAAE,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IACjD,cAAc,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,KAAK,IAAI,CAAC;IACzD,UAAU,EAAE,CAAC,SAAS,EAAE,OAAO,KAAK,IAAI,CAAC;CAC1C;AAED,MAAM,WAAW,sBAAsB;IACrC;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC;;;;;;;;OAQG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAClC;AAED,eAAO,MAAM,eAAe,GAAI,UAAU,sBAAsB;;;;;sBAyExC,YAAY,GAAG,IAAI;6BACZ,OAAO;;;;;;;;sBADd,YAAY,GAAG,IAAI;6BACZ,OAAO;;;CAUnC,CAAC"}
+{"version":3,"file":"auth.store.d.ts","sourceRoot":"","sources":["../../../src/react/stores/auth.store.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAKH;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,iBAAiB,CAAC;AAE/C,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,SAAS;IAExB,QAAQ,EAAE,YAAY,GAAG,IAAI,CAAC;IAC9B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B;;;;;OAKG;IACH,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,eAAe,EAAE,OAAO,CAAC;IACzB,SAAS,EAAE,OAAO,CAAC;IAGnB,OAAO,EAAE,CAAC,QAAQ,EAAE,YAAY,GAAG,IAAI,EAAE,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IACjG,SAAS,EAAE,MAAM,IAAI,CAAC;IACtB;;;;OAIG;IACH,YAAY,EAAE,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IACjD,cAAc,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,KAAK,IAAI,CAAC;IACzD,UAAU,EAAE,CAAC,SAAS,EAAE,OAAO,KAAK,IAAI,CAAC;CAC1C;AAED,MAAM,WAAW,sBAAsB;IACrC;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC;;;;;;;;OAQG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAClC;AAED,eAAO,MAAM,eAAe,GAAI,UAAU,sBAAsB;;;;;sBA4ExC,YAAY,GAAG,IAAI;6BACZ,OAAO;;;;;;;;sBADd,YAAY,GAAG,IAAI;6BACZ,OAAO;;;CAUnC,CAAC"}

package/dist/react/stores/auth.store.js

@@ -42,10 +42,11 @@ export const createAuthStore = (options) => createStore()(persist((set) => ({
     setLoading: (isLoading) => set({ isLoading }),
 }), {
     name: AUTH_STORAGE_KEY,
-    version: 3, // v3 (Iteracja 2 — XSS fix): accessToken DROP'owany z localStorage
-    // persistence. Token żyje tylko w-memory + httpOnly cookie (browser auto-sent).
-    // Non-browser klienci (mobile native, server-to-server) ustawiają token explicit
-    // przez setAuth() — nigdy nie persistowany w localStorage SDK.
+    version: 3, // v3 (XSS hardening): accessToken dropped from localStorage
+    // persistence. The token lives only in memory + the httpOnly cookie
+    // (browser auto-sent). Non-browser clients (mobile native, server-to-server)
+    // set the token explicitly via setAuth() — it is never persisted to the
+    // SDK's localStorage slice.
     partialize: (state) => ({
         customer: state.customer,
         isAuthenticated: state.isAuthenticated,
@@ -63,18 +64,20 @@ export const createAuthStore = (options) => createStore()(persist((set) => ({
         return {
             ...currentState,
             customer: persisted.customer ?? currentState.customer,
-            // accessToken NIE persistowany w localStorage (Inv-5 XSS hardening) — spread
-            // `...currentState` propaguje wartość z factory: `null` (default) lub seed
-            // z `options.initialAccessToken` gdy konsumer podał token server-side.
+            // accessToken is never persisted to localStorage (XSS hardening) — the
+            // `...currentState` spread propagates the factory value: `null` (default)
+            // or the seed from `options.initialAccessToken` when the consumer provided
+            // a server-side token.
             // Server cookie is the authority — never let stale localStorage override it.
             isAuthenticated: currentState.isAuthenticated,
         };
     },
     migrate: (persistedState, version) => {
         if (version < 3) {
-            // v1→v2: Turbopack duplication cleanup; v2→v3: XSS fix — accessToken usunięty
-            // z localStorage. Po migracji store start fresh, użytkownik re-auth przez
-            // cookie hydration (BFF /api/auth/whoami) lub login flow.
+            // v1→v2: Turbopack duplication cleanup; v2→v3: XSS hardening — accessToken
+            // removed from localStorage. After the migration the store starts fresh;
+            // the user re-authenticates via cookie hydration (BFF /api/auth/whoami)
+            // or the login flow.
             return { customer: null, isAuthenticated: false };
         }
         return persistedState;

package/dist/react/stores/cart.store.d.ts

@@ -37,7 +37,7 @@
  *
  * const store = createCartStore({
  *   getActions: () => actions,
- *   onExpired: (e) => toast.error('Koszyk wygasł, dodaj produkty ponownie'),
+ *   onExpired: (e) => toast.error('Your cart expired — please add the items again'),
  * });
  * ```
  */

package/dist/react/stores/cart.store.js

@@ -37,7 +37,7 @@
  *
  * const store = createCartStore({
  *   getActions: () => actions,
- *   onExpired: (e) => toast.error('Koszyk wygasł, dodaj produkty ponownie'),
+ *   onExpired: (e) => toast.error('Your cart expired — please add the items again'),
  * });
  * ```
  */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@doswiftly/storefront-sdk",
-  "version": "20.2.0",
+  "version": "21.0.1",
   "description": "Storefront runtime SDK for DoSwiftly Commerce — layered transport, middleware pipeline, React providers, Zustand stores, cache strategies. 0 runtime dependencies in core.",
   "type": "module",
   "sideEffects": false,