npm - @doswiftly/storefront-sdk - Versions diffs - 22.8.1 → 22.10.0 - Mend

@doswiftly/storefront-sdk 22.8.1 → 22.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/CHANGELOG.md +64 -0
package/README.md +23 -13
package/dist/core/generated/operation-types.d.ts +5 -3
package/dist/core/generated/operation-types.d.ts.map +1 -1
package/dist/core/image.d.ts +9 -0
package/dist/core/image.d.ts.map +1 -1
package/dist/core/image.js +24 -14
package/dist/core/index.d.ts +1 -1
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +1 -1
package/dist/core/middleware/cart-secret.d.ts +36 -8
package/dist/core/middleware/cart-secret.d.ts.map +1 -1
package/dist/core/middleware/cart-secret.js +46 -12
package/dist/core/operations/cart.d.ts.map +1 -1
package/dist/core/operations/cart.js +1 -0
package/dist/next/image-loader.d.ts +4 -4
package/dist/next/image-loader.d.ts.map +1 -1
package/dist/next/image-loader.js +5 -4
package/dist/react/providers/storefront-client-provider.d.ts.map +1 -1
package/dist/react/providers/storefront-client-provider.js +4 -2
package/package.json +1 -1

package/dist/core/image.d.ts CHANGED Viewed

@@ -50,6 +50,15 @@ export interface ImageLoaderConfig {
      * framework already fingerprints). Defaults to {@link FRAMEWORK_BUILD_PREFIXES}.
      */
     buildAssetPrefixes?: readonly string[];
+    /**
+     * Build clean asset URLs without the `/s/{shopId}` storage namespace. Set for a storefront served
+     * from a custom domain (`{cdnBase}/_next/static/media/…`), where the platform restores the namespace
+     * toward storage at the edge so the stored object key is unchanged. Defaults to `false` — the
+     * platform CDN keeps the namespace in the URL (`{cdnBase}/s/{shopId}/…`). The deploy pipeline sets
+     * this from the same provisioning signal that picks the asset host, so the URL form and the storage
+     * key can never disagree.
+     */
+    cleanUrl?: boolean;
 }
 /**
  * Framework build-output path prefixes — hashed/immutable assets the framework already

package/dist/core/image.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"image.d.ts","sourceRoot":"","sources":["../../src/core/image.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,gFAAgF;IAChF,GAAG,EAAE,MAAM,CAAC;IACZ,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,qCAAqC;IACrC,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,sCAAsC;IACtC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,eAAe;IACf,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,2GAA2G;IAC3G,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAMD;;;GAGG;AACH,eAAO,MAAM,kBAAkB,6BAA6B,CAAC;AAE7D,6EAA6E;AAC7E,MAAM,WAAW,iBAAiB;IAChC,kFAAkF;IAClF,MAAM,EAAE,MAAM,CAAC;IACf,2GAA2G;IAC3G,OAAO,EAAE,MAAM,CAAC;IAChB,+EAA+E;IAC/E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;~~CACxC~~;AAED;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,uDAAwD,CAAC;~~AAmF9F~~,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,iBAAiB,EACzB,IAAI,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GACnC,MAAM,~~CAiER~~;AAOD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAiD5F"}
1	+ {"version":3,"file":"image.d.ts","sourceRoot":"","sources":["../../src/core/image.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,gFAAgF;IAChF,GAAG,EAAE,MAAM,CAAC;IACZ,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,qCAAqC;IACrC,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,sCAAsC;IACtC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,eAAe;IACf,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,2GAA2G;IAC3G,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAMD;;;GAGG;AACH,eAAO,MAAM,kBAAkB,6BAA6B,CAAC;AAE7D,6EAA6E;AAC7E,MAAM,WAAW,iBAAiB;IAChC,kFAAkF;IAClF,MAAM,EAAE,MAAM,CAAC;IACf,2GAA2G;IAC3G,OAAO,EAAE,MAAM,CAAC;IAChB,+EAA+E;IAC/E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;OAGG;IACH,kBAAkB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACvC;;;;;;;OAOG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,uDAAwD,CAAC;AAyF9F,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,iBAAiB,EACzB,IAAI,EAAE;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GACnC,MAAM,CAqER;AAOD;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAiD5F"}

package/dist/core/image.js CHANGED Viewed

@@ -72,24 +72,27 @@ function nextStaticMediaSuffix(pathname) {
 /** Scheme + authority of an absolute http(s) URL — everything up to the first path `/`. */
 const ABSOLUTE_URL_AUTHORITY = /^https?:\/\/[^/]+/i;
 /**
- * Suffix after this shop's `/s/{shopId}/_next/static/media/` when `src` is an ABSOLUTE URL — a
- * code-imported image whose `src` carries the storefront's Next.js `assetPrefix`
- * (`{assetPrefixBase}/s/{shopId}/_next/static/media/{suffix}`, which Next prepends before the loader
- * runs). `null` for relative srcs, other shops' assets, and foreign hosts. Anchored on `/s/{shopId}/`
- * so a foreign host that merely embeds the marker mid-path is rejected; matched on path structure, not
- * host — the asset-prefix CDN host is not part of the loader config, only the resize base is.
+ * Suffix after the media segment when `src` is an ABSOLUTE URL — a code-imported image whose `src`
+ * carries the storefront's Next.js `assetPrefix` (which Next prepends before the loader runs). The
+ * anchor is the storage namespace `ns` (`/s/{shopId}` by default, empty when `cleanUrl`):
+ *  - default: `{assetPrefixBase}/s/{shopId}/_next/static/media/{suffix}` (`ns` = `/s/{shopId}`);
+ *  - clean: `{assetPrefixBase}/_next/static/media/{suffix}` (`ns` = ``).
+ * Anchored on the EXACT `${ns}/_next/static/media/`, so a foreign host that merely embeds the marker
+ * mid-path is rejected. `null` for relative srcs, other namespaces, and foreign hosts. Matched on
+ * path structure, not host — the asset-prefix host is not part of the loader config, only the resize
+ * base is.
  *
  * The path is taken from the RAW `src` (strip scheme/authority + query/hash), NOT via `URL.pathname`:
  * that percent-encodes the path, which would double-encode in {@link buildNextMediaCdnUrl}. The
  * root-relative counterpart {@link nextStaticMediaSuffix} likewise feeds a raw path, so both `src`
  * forms of one import — relative (no `assetPrefix`) and absolute (with it) — encode identically.
  */
-function absoluteNextMediaSuffix(src, shopId) {
+function absoluteNextMediaSuffix(src, ns) {
     // Fast reject before any allocation: must be an absolute http(s) URL that mentions the media segment.
     if (!ABSOLUTE_URL_AUTHORITY.test(src) || !src.includes(NEXT_STATIC_MEDIA_PREFIX))
         return null;
     const path = src.replace(ABSOLUTE_URL_AUTHORITY, '').replace(/[?#].*$/, '');
-    const prefix = `/s/${shopId}${NEXT_STATIC_MEDIA_PREFIX}`;
+    const prefix = `${ns}${NEXT_STATIC_MEDIA_PREFIX}`;
     return path.startsWith(prefix) ? path.slice(prefix.length) : null;
 }
 /**
@@ -101,16 +104,23 @@ function absoluteNextMediaSuffix(src, shopId) {
  * `encodeURIComponent` keeps `..` (unreserved) — harmless while the image CDN is unsigned + public;
  * if HMAC signing is ever added, strip `..` segments here AND in the public/ branch.
  *
+ * `ns` is the storage namespace (empty for a custom domain, `/s/{shopId}` for the platform CDN); the
+ * platform restores it toward storage for a custom domain, so the stored object key is the same.
+ *
  * @sync-with backend deploy mirror (`_next/static/media/` mirrored 1:1 into the image-CDN key)
  */
-function buildNextMediaCdnUrl(base, shopId, suffix, width) {
+function buildNextMediaCdnUrl(base, ns, suffix, width) {
     const encoded = suffix.split('/').map(encodeURIComponent).join('/');
-    return `${base}/s/${shopId}/_next/static/media/${encoded}?width=${width}`;
+    return `${base}${ns}/_next/static/media/${encoded}?width=${width}`;
 }
 export function buildImageLoaderUrl(config, args) {
     // `||` (not `??`): an empty injected base must still fall back to the platform default.
     const base = (config.cdnBase || IMAGE_CDN_BASE_URL).replace(/\/+$/, '');
     const { src, width } = args;
+    // Storage namespace prepended to local-asset URLs: empty when clean (a custom domain restores it
+    // toward storage), `/s/{shopId}` otherwise. Computed once, threaded through both URL builders and
+    // the absolute-media anchor so the form is decided in one place.
+    const ns = (config.cleanUrl ?? false) ? '' : `/s/${config.shopId}`;
     // (1) Product image — already an absolute CDN URL. Set the per-srcset width.
     if (src.startsWith(base)) {
         try {
@@ -129,9 +139,9 @@ export function buildImageLoaderUrl(config, args) {
     //      `_next/static/media/` but are not images, so the extension gate leaves them to load raw from
     //      the asset CDN (they are not mirrored to the resize CDN).
     if (config.shopId) {
-        const mediaSuffix = absoluteNextMediaSuffix(src, config.shopId);
+        const mediaSuffix = absoluteNextMediaSuffix(src, ns);
         if (mediaSuffix !== null && LOADER_IMAGE_EXTENSIONS.test(mediaSuffix)) {
-            return buildNextMediaCdnUrl(base, config.shopId, mediaSuffix, width);
+            return buildNextMediaCdnUrl(base, ns, mediaSuffix, width);
         }
     }
     // (2) Local root-relative image — NOT protocol-relative (`//host`). Two sub-cases:
@@ -149,7 +159,7 @@ export function buildImageLoaderUrl(config, args) {
         // (2a) Next build-output media image — same image-CDN key as the absolute (assetPrefix) form (1b).
         const mediaSuffix = nextStaticMediaSuffix(pathname);
         if (mediaSuffix !== null) {
-            return buildNextMediaCdnUrl(base, config.shopId, mediaSuffix, width);
+            return buildNextMediaCdnUrl(base, ns, mediaSuffix, width);
         }
         // Any other framework build output (hashed/immutable, NOT mirrored) → untouched.
         const buildPrefixes = config.buildAssetPrefixes ?? FRAMEWORK_BUILD_PREFIXES;
@@ -166,7 +176,7 @@ export function buildImageLoaderUrl(config, args) {
             .split('/')
             .map(encodeURIComponent)
             .join('/');
-        return `${base}/s/${config.shopId}/public/${path}?width=${width}&v=${config.version}`;
+        return `${base}${ns}/public/${path}?width=${width}&v=${config.version}`;
     }
     // (3) Build assets, protocol-relative/external URLs, data URIs — untouched.
     return src;

package/dist/core/index.d.ts CHANGED Viewed

@@ -39,7 +39,7 @@ export type { StorefrontClient, StorefrontClientConfig, Middleware, ExecuteFn, G
 export { createRemoteDebugTransport } from './client/remote-debug-transport';
 export type { RemoteDebugTransport, RemoteDebugTransportConfig } from './client/remote-debug-transport';
 export { authMiddleware } from './middleware/auth';
-export { cartSecretMiddleware, serverCartSecretMiddleware, CART_SECRET_HEADER, } from './middleware/cart-secret';
+export { cartSecretMiddleware, serverCartSecretMiddleware, isCartScopedOperation, CART_SECRET_HEADER, } from './middleware/cart-secret';
 export { currencyMiddleware } from './middleware/currency';
 export { languageMiddleware } from './middleware/language';
 export { forwardedIpMiddleware, forwardedIpSignedMessage, FORWARDED_IP_HEADER, FORWARDED_IP_TS_HEADER, FORWARDED_IP_SIG_HEADER, type ForwardedIpMiddlewareOptions, } from './middleware/forwarded-ip';

package/dist/core/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAGH,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAGhE,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AAGpC,YAAY,EACV,gBAAgB,EAChB,sBAAsB,EACtB,UAAU,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,SAAS,EACT,aAAa,EACb,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,kBAAkB,EAClB,eAAe,GAChB,MAAM,gBAAgB,CAAC;AAIxB,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,YAAY,EAAE,oBAAoB,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAGxG,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EACL,oBAAoB,EACpB,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,KAAK,4BAA4B,GAClC,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,KAAK,0BAA0B,EAC/B,KAAK,mBAAmB,EACxB,KAAK,2BAA2B,EAChC,KAAK,8BAA8B,EACnC,KAAK,YAAY,GAClB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,eAAe,EAAE,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC9E,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,sBAAsB,EAAE,KAAK,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAG9F,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAGjF,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,KAAK,sBAAsB,EAAE,MAAM,UAAU,CAAC;AAGpF,OAAO,EACL,SAAS,EACT,UAAU,EACV,SAAS,EACT,YAAY,EACZ,WAAW,EACX,0BAA0B,EAC1B,KAAK,cAAc,GACpB,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,YAAY,EACV,mBAAmB,EACnB,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,4BAA4B,EAC5B,sBAAsB,EACtB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,EAC5B,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EACV,wBAAwB,EACxB,eAAe,EACf,qBAAqB,EACrB,yBAAyB,EACzB,gBAAgB,EAChB,kBAAkB,EAClB,+BAA+B,EAC/B,8BAA8B,GAC/B,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAEV,IAAI,EACJ,QAAQ,EACR,kBAAkB,EAClB,cAAc,EACd,oBAAoB,EACpB,cAAc,EACd,QAAQ,EACR,kBAAkB,EAClB,YAAY,EACZ,QAAQ,EACR,iBAAiB,EACjB,gBAAgB,EAChB,sBAAsB,EACtB,cAAc,EACd,KAAK,EACL,WAAW,EACX,kBAAkB,EAClB,mBAAmB,EACnB,yBAAyB,EACzB,KAAK,EACL,cAAc,EAGd,aAAa,EACb,uBAAuB,EACvB,uBAAuB,EACvB,+BAA+B,EAC/B,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,WAAW,EAEX,aAAa,EACb,mBAAmB,EACnB,eAAe,EACf,sBAAsB,EACtB,kBAAkB,EAClB,2BAA2B,EAC3B,gBAAgB,EAChB,2BAA2B,EAC3B,0BAA0B,EAC1B,6BAA6B,EAC7B,4BAA4B,EAC5B,sBAAsB,EACtB,uBAAuB,EACvB,gCAAgC,EAChC,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAGhB,gBAAgB,EAEhB,wBAAwB,EACxB,YAAY,EACZ,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAQtB,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,qBAAqB,EACrB,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,eAAe,EACf,UAAU,EACV,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,oBAAoB,EACpB,4BAA4B,EAC5B,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,iBAAiB,EACjB,uBAAuB,EACvB,eAAe,EACf,qBAAqB,EACrB,4BAA4B,EAC5B,8BAA8B,GAC/B,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,UAAU,EAAE,KAAK,iBAAiB,EAAE,KAAK,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AACnG,YAAY,EACV,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,UAAU,EACV,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,2BAA2B,EAC3B,KAAK,qBAAqB,EAC1B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,GAC1B,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,mBAAmB,EACnB,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,GAC1B,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EACL,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,cAAc,EACd,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,KAAK,UAAU,GAChB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,gBAAgB,EACrB,mBAAmB,EACnB,uBAAuB,EACvB,KAAK,mBAAmB,EACxB,0BAA0B,EAC1B,8BAA8B,EAC9B,KAAK,yBAAyB,GAC/B,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAG/G,OAAO,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAG/G,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,eAAe,GACrB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,wBAAwB,EACxB,qBAAqB,EACrB,0BAA0B,GAC3B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,YAAY,EAAE,KAAK,qBAAqB,EAAE,MAAM,eAAe,CAAC;AAGzE,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,EACnB,wBAAwB,EACxB,6BAA6B,GAC9B,MAAM,iBAAiB,CAAC;AAGzB,YAAY,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAG/E,OAAO,EAAE,qBAAqB,EAAE,KAAK,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAKlF,OAAO,EACL,KAAK,SAAS,EACd,kBAAkB,EAClB,kBAAkB,EAClB,wBAAwB,EACxB,mBAAmB,EACnB,KAAK,iBAAiB,GACvB,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAGH,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAGhE,OAAO,EACL,oBAAoB,EACpB,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AAGpC,YAAY,EACV,gBAAgB,EAChB,sBAAsB,EACtB,UAAU,EACV,SAAS,EACT,cAAc,EACd,eAAe,EACf,gBAAgB,EAChB,SAAS,EACT,aAAa,EACb,YAAY,EACZ,mBAAmB,EACnB,iBAAiB,EACjB,YAAY,EACZ,UAAU,EACV,kBAAkB,EAClB,eAAe,GAChB,MAAM,gBAAgB,CAAC;AAIxB,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,YAAY,EAAE,oBAAoB,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAGxG,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EACL,oBAAoB,EACpB,0BAA0B,EAC1B,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EACL,qBAAqB,EACrB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,KAAK,4BAA4B,GAClC,MAAM,2BAA2B,CAAC;AACnC,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,KAAK,0BAA0B,EAC/B,KAAK,mBAAmB,EACxB,KAAK,2BAA2B,EAChC,KAAK,8BAA8B,EACnC,KAAK,YAAY,GAClB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,eAAe,EAAE,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,KAAK,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC9E,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,sBAAsB,EAAE,KAAK,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAG9F,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,4BAA4B,EAAE,MAAM,mCAAmC,CAAC;AAGjF,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,KAAK,sBAAsB,EAAE,MAAM,UAAU,CAAC;AAGpF,OAAO,EACL,SAAS,EACT,UAAU,EACV,SAAS,EACT,YAAY,EACZ,WAAW,EACX,0BAA0B,EAC1B,KAAK,cAAc,GACpB,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,YAAY,EACV,mBAAmB,EACnB,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,4BAA4B,EAC5B,sBAAsB,EACtB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,EAC5B,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EACV,wBAAwB,EACxB,eAAe,EACf,qBAAqB,EACrB,yBAAyB,EACzB,gBAAgB,EAChB,kBAAkB,EAClB,+BAA+B,EAC/B,8BAA8B,GAC/B,MAAM,sBAAsB,CAAC;AAC9B,YAAY,EAEV,IAAI,EACJ,QAAQ,EACR,kBAAkB,EAClB,cAAc,EACd,oBAAoB,EACpB,cAAc,EACd,QAAQ,EACR,kBAAkB,EAClB,YAAY,EACZ,QAAQ,EACR,iBAAiB,EACjB,gBAAgB,EAChB,sBAAsB,EACtB,cAAc,EACd,KAAK,EACL,WAAW,EACX,kBAAkB,EAClB,mBAAmB,EACnB,yBAAyB,EACzB,KAAK,EACL,cAAc,EAGd,aAAa,EACb,uBAAuB,EACvB,uBAAuB,EACvB,+BAA+B,EAC/B,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,WAAW,EAEX,aAAa,EACb,mBAAmB,EACnB,eAAe,EACf,sBAAsB,EACtB,kBAAkB,EAClB,2BAA2B,EAC3B,gBAAgB,EAChB,2BAA2B,EAC3B,0BAA0B,EAC1B,6BAA6B,EAC7B,4BAA4B,EAC5B,sBAAsB,EACtB,uBAAuB,EACvB,gCAAgC,EAChC,iBAAiB,EACjB,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAGhB,gBAAgB,EAEhB,wBAAwB,EACxB,YAAY,EACZ,uBAAuB,GACxB,MAAM,cAAc,CAAC;AAQtB,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,qBAAqB,EACrB,YAAY,EACZ,WAAW,EACX,YAAY,EACZ,eAAe,EACf,UAAU,EACV,eAAe,EACf,aAAa,EACb,oBAAoB,EACpB,oBAAoB,EACpB,4BAA4B,EAC5B,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,iBAAiB,EACjB,uBAAuB,EACvB,eAAe,EACf,qBAAqB,EACrB,4BAA4B,EAC5B,8BAA8B,GAC/B,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,UAAU,EAAE,KAAK,iBAAiB,EAAE,KAAK,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AACnG,YAAY,EACV,QAAQ,EACR,mBAAmB,EACnB,cAAc,EACd,UAAU,EACV,mBAAmB,EACnB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,2BAA2B,EAC3B,KAAK,qBAAqB,EAC1B,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,GAC1B,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EACL,mBAAmB,EACnB,KAAK,UAAU,EACf,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,GAC1B,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EACL,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,UAAU,EACV,cAAc,EACd,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,KAAK,UAAU,GAChB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,gBAAgB,EAChB,oBAAoB,EACpB,KAAK,gBAAgB,EACrB,mBAAmB,EACnB,uBAAuB,EACvB,KAAK,mBAAmB,EACxB,0BAA0B,EAC1B,8BAA8B,EAC9B,KAAK,yBAAyB,GAC/B,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAG/G,OAAO,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAG/G,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,KAAK,eAAe,GACrB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,wBAAwB,EACxB,qBAAqB,EACrB,0BAA0B,GAC3B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EAAE,YAAY,EAAE,KAAK,qBAAqB,EAAE,MAAM,eAAe,CAAC;AAGzE,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,mBAAmB,EACnB,wBAAwB,EACxB,6BAA6B,GAC9B,MAAM,iBAAiB,CAAC;AAGzB,YAAY,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AAG/E,OAAO,EAAE,qBAAqB,EAAE,KAAK,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAKlF,OAAO,EACL,KAAK,SAAS,EACd,kBAAkB,EAClB,kBAAkB,EAClB,wBAAwB,EACxB,mBAAmB,EACnB,KAAK,iBAAiB,GACvB,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC"}

package/dist/core/index.js CHANGED Viewed

@@ -42,7 +42,7 @@ export { isPublicReadEligible, IDENTITY_HEADERS, VARIANCE_AXIS_HEADERS, VARIANCE
 export { createRemoteDebugTransport } from './client/remote-debug-transport';
 // Middleware
 export { authMiddleware } from './middleware/auth';
-export { cartSecretMiddleware, serverCartSecretMiddleware, CART_SECRET_HEADER, } from './middleware/cart-secret';
+export { cartSecretMiddleware, serverCartSecretMiddleware, isCartScopedOperation, CART_SECRET_HEADER, } from './middleware/cart-secret';
 export { currencyMiddleware } from './middleware/currency';
 export { languageMiddleware } from './middleware/language';
 export { forwardedIpMiddleware, forwardedIpSignedMessage, FORWARDED_IP_HEADER, FORWARDED_IP_TS_HEADER, FORWARDED_IP_SIG_HEADER, } from './middleware/forwarded-ip';

package/dist/core/middleware/cart-secret.d.ts CHANGED Viewed

@@ -3,6 +3,13 @@
  * cart access secret. Possession of the secret is what authorizes cart
  * operations; the cart id alone is not enough.
  *
+ * The header is attached **only to cart operations** (classified by
+ * {@link isCartScopedOperation} — operation names with a `Cart` prefix). Public
+ * reads such as product listings, search and recommendations never carry the
+ * secret, so they stay eligible for the shared response cache even when the
+ * visitor already has a cart. Pass a custom classifier as the second argument
+ * to override which operations are treated as cart-scoped.
+ *
  * Two variants share one header contract:
  *
  *  - **Client** (`cartSecretMiddleware`) resolves the secret lazily on every
@@ -27,17 +34,38 @@ import type { CartCredentials } from '../cart/cookie-config';
 /** Request header carrying the cart access secret. */
 export declare const CART_SECRET_HEADER = "x-cart-secret";
 /**
- * Client cart-secret middleware. `getSecret` is read on every request so a
- * rotated secret is picked up without rebuilding the pipeline. No header is
- * sent when the secret is absent (legacy plain-id cookie) — the backend then
- * treats the cart as unreachable and the SDK recreates one.
+ * Default classifier deciding whether an operation should carry the cart access
+ * secret. Cart operations are named with a `Cart` prefix (`Cart`, `CartAddLines`,
+ * `CartComplete`, `CartAvailableShippingMethods`, …). Three operations are
+ * deliberately excluded because none of them is bound to a specific cart, so the
+ * secret would be meaningless on them:
+ *  - `AvailablePaymentMethods` — a shop-level read (cacheable);
+ *  - `OrderByToken` — a guest order lookup authorized by an opaque order token
+ *    (not cacheable — served `no-store`);
+ *  - `PaymentCreate` — a mutation operating on an order.
+ *
+ * Withholding the secret keeps the cacheable shop-level read in the shared cache
+ * (carrying the secret would mark it identity-bearing and push it off); for the
+ * order operations it simply avoids sending a credential they never read.
+ */
+export declare function isCartScopedOperation(operationName: string | undefined): boolean;
+/**
+ * Client cart-secret middleware. The header is sent only for cart-scoped
+ * operations (`isCartScoped`, default {@link isCartScopedOperation}); public
+ * reads stay cacheable and never touch the cookie. For a cart operation,
+ * `getSecret` is read fresh on each request so a rotated secret (recovery
+ * redeem) is picked up without rebuilding the pipeline. No header is sent when
+ * the secret is absent (legacy plain-id cookie) — the backend then treats the
+ * cart as unreachable and the SDK recreates one.
  */
-export declare function cartSecretMiddleware(getSecret: () => string | null | undefined): Middleware;
+export declare function cartSecretMiddleware(getSecret: () => string | null | undefined, isCartScoped?: (operationName: string | undefined) => boolean): Middleware;
 /**
  * Server cart-secret middleware. Takes the credentials already read from the
  * request cookies (`readCartCredentials`) — prepend it to a server client so
- * SSR / edge cart reads carry the secret. No header is sent when credentials
- * are null or carry no secret.
+ * SSR / edge cart reads carry the secret. As with the client variant, the
+ * header is sent only for cart-scoped operations (`isCartScoped`, default
+ * {@link isCartScopedOperation}). No header is sent when credentials are null or
+ * carry no secret.
  */
-export declare function serverCartSecretMiddleware(credentials: CartCredentials | null): Middleware;
+export declare function serverCartSecretMiddleware(credentials: CartCredentials | null, isCartScoped?: (operationName: string | undefined) => boolean): Middleware;
 //# sourceMappingURL=cart-secret.d.ts.map

package/dist/core/middleware/cart-secret.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cart-secret.d.ts","sourceRoot":"","sources":["../../../src/core/middleware/cart-secret.ts"],"names":[],"mappings":"AAAA~~;;;;;;;;;;;;;;;;;;;;;;;GAuBG~~;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D,sDAAsD;AACtD,eAAO,MAAM,kBAAkB,kBAAkB,CAAC;AAElD~~;;;;;GAKG~~;AACH,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,~~GACzC~~,UAAU,~~CAQZ~~;AAED~~;;;;;GAKG~~;AACH,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,eAAe,GAAG,IAAI,~~GAClC~~,UAAU,CAOZ"}
1	+ {"version":3,"file":"cart-secret.d.ts","sourceRoot":"","sources":["../../../src/core/middleware/cart-secret.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D,sDAAsD;AACtD,eAAO,MAAM,kBAAkB,kBAAkB,CAAC;AAElD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,qBAAqB,CAAC,aAAa,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAEhF;AAED;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,SAAS,EAAE,MAAM,MAAM,GAAG,IAAI,GAAG,SAAS,EAC1C,YAAY,GAAE,CAAC,aAAa,EAAE,MAAM,GAAG,SAAS,KAAK,OAA+B,GACnF,UAAU,CAYZ;AAED;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,CACxC,WAAW,EAAE,eAAe,GAAG,IAAI,EACnC,YAAY,GAAE,CAAC,aAAa,EAAE,MAAM,GAAG,SAAS,KAAK,OAA+B,GACnF,UAAU,CAOZ"}

package/dist/core/middleware/cart-secret.js CHANGED Viewed

@@ -3,6 +3,13 @@
  * cart access secret. Possession of the secret is what authorizes cart
  * operations; the cart id alone is not enough.
  *
+ * The header is attached **only to cart operations** (classified by
+ * {@link isCartScopedOperation} — operation names with a `Cart` prefix). Public
+ * reads such as product listings, search and recommendations never carry the
+ * secret, so they stay eligible for the shared response cache even when the
+ * visitor already has a cart. Pass a custom classifier as the second argument
+ * to override which operations are treated as cart-scoped.
+ *
  * Two variants share one header contract:
  *
  *  - **Client** (`cartSecretMiddleware`) resolves the secret lazily on every
@@ -25,16 +32,41 @@
 /** Request header carrying the cart access secret. */
 export const CART_SECRET_HEADER = 'x-cart-secret';
 /**
- * Client cart-secret middleware. `getSecret` is read on every request so a
- * rotated secret is picked up without rebuilding the pipeline. No header is
- * sent when the secret is absent (legacy plain-id cookie) — the backend then
- * treats the cart as unreachable and the SDK recreates one.
+ * Default classifier deciding whether an operation should carry the cart access
+ * secret. Cart operations are named with a `Cart` prefix (`Cart`, `CartAddLines`,
+ * `CartComplete`, `CartAvailableShippingMethods`, …). Three operations are
+ * deliberately excluded because none of them is bound to a specific cart, so the
+ * secret would be meaningless on them:
+ *  - `AvailablePaymentMethods` — a shop-level read (cacheable);
+ *  - `OrderByToken` — a guest order lookup authorized by an opaque order token
+ *    (not cacheable — served `no-store`);
+ *  - `PaymentCreate` — a mutation operating on an order.
+ *
+ * Withholding the secret keeps the cacheable shop-level read in the shared cache
+ * (carrying the secret would mark it identity-bearing and push it off); for the
+ * order operations it simply avoids sending a credential they never read.
+ */
+export function isCartScopedOperation(operationName) {
+    return typeof operationName === 'string' && operationName.startsWith('Cart');
+}
+/**
+ * Client cart-secret middleware. The header is sent only for cart-scoped
+ * operations (`isCartScoped`, default {@link isCartScopedOperation}); public
+ * reads stay cacheable and never touch the cookie. For a cart operation,
+ * `getSecret` is read fresh on each request so a rotated secret (recovery
+ * redeem) is picked up without rebuilding the pipeline. No header is sent when
+ * the secret is absent (legacy plain-id cookie) — the backend then treats the
+ * cart as unreachable and the SDK recreates one.
  */
-export function cartSecretMiddleware(getSecret) {
+export function cartSecretMiddleware(getSecret, isCartScoped = isCartScopedOperation) {
     return (request, next) => {
-        const secret = getSecret();
-        if (secret) {
-            request.headers[CART_SECRET_HEADER] = secret;
+        // Gate on the cheap operation-name check first so public reads (the
+        // high-volume path) skip the secret getter (a cookie read) entirely.
+        if (isCartScoped(request.operationName)) {
+            const secret = getSecret();
+            if (secret) {
+                request.headers[CART_SECRET_HEADER] = secret;
+            }
         }
         return next(request);
     };
@@ -42,12 +74,14 @@ export function cartSecretMiddleware(getSecret) {
 /**
  * Server cart-secret middleware. Takes the credentials already read from the
  * request cookies (`readCartCredentials`) — prepend it to a server client so
- * SSR / edge cart reads carry the secret. No header is sent when credentials
- * are null or carry no secret.
+ * SSR / edge cart reads carry the secret. As with the client variant, the
+ * header is sent only for cart-scoped operations (`isCartScoped`, default
+ * {@link isCartScopedOperation}). No header is sent when credentials are null or
+ * carry no secret.
  */
-export function serverCartSecretMiddleware(credentials) {
+export function serverCartSecretMiddleware(credentials, isCartScoped = isCartScopedOperation) {
     return (request, next) => {
-        if (credentials?.cartSecret) {
+        if (credentials?.cartSecret && isCartScoped(request.operationName)) {
             request.headers[CART_SECRET_HEADER] = credentials.cartSecret;
         }
         return next(request);

package/dist/core/operations/cart.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cart.d.ts","sourceRoot":"","sources":["../../../src/core/operations/cart.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;~~AAkcH~~,eAAO,MAAM,UAAU,QAOrB,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,qCAAqC,QAehD,CAAC;AAEH;;;;GAIG;AACH,eAAO,MAAM,+BAA+B,QAO1C,CAAC;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,QAO/B,CAAC;AAMH,eAAO,MAAM,WAAW,QAYtB,CAAC;AAEH,eAAO,MAAM,cAAc,QAWzB,CAAC;AAEH,eAAO,MAAM,iBAAiB,QAW5B,CAAC;AAEH,eAAO,MAAM,iBAAiB,QAW5B,CAAC;AAEH,eAAO,MAAM,0BAA0B,QAWrC,CAAC;AAEH,eAAO,MAAM,gBAAgB,QAW3B,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,sBAAsB,QAWjC,CAAC;AAEH,eAAO,MAAM,0BAA0B,QAWrC,CAAC;AAMH;;;;;;GAMG;AACH,eAAO,MAAM,UAAU,QAWrB,CAAC;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,QAWnC,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,QAY/B,CAAC;AAMH,eAAO,MAAM,yBAAyB,QAWpC,CAAC;AAEH,eAAO,MAAM,wBAAwB,QAWnC,CAAC;AAEH,eAAO,MAAM,2BAA2B,QAWtC,CAAC;AAEH,eAAO,MAAM,0BAA0B,QAWrC,CAAC;AAEH,eAAO,MAAM,oBAAoB,QAW/B,CAAC;AAEH,eAAO,MAAM,qBAAqB,QAWhC,CAAC;AAEH,eAAO,MAAM,+BAA+B,QAW1C,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,aAAa,QAWxB,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,cAAc,QAWzB,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,4BAA4B,QAWvC,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,2BAA2B,QAoBtC,CAAC"}
1	+ {"version":3,"file":"cart.d.ts","sourceRoot":"","sources":["../../../src/core/operations/cart.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAmcH,eAAO,MAAM,UAAU,QAOrB,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,qCAAqC,QAehD,CAAC;AAEH;;;;GAIG;AACH,eAAO,MAAM,+BAA+B,QAO1C,CAAC;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,QAO/B,CAAC;AAMH,eAAO,MAAM,WAAW,QAYtB,CAAC;AAEH,eAAO,MAAM,cAAc,QAWzB,CAAC;AAEH,eAAO,MAAM,iBAAiB,QAW5B,CAAC;AAEH,eAAO,MAAM,iBAAiB,QAW5B,CAAC;AAEH,eAAO,MAAM,0BAA0B,QAWrC,CAAC;AAEH,eAAO,MAAM,gBAAgB,QAW3B,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,sBAAsB,QAWjC,CAAC;AAEH,eAAO,MAAM,0BAA0B,QAWrC,CAAC;AAMH;;;;;;GAMG;AACH,eAAO,MAAM,UAAU,QAWrB,CAAC;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,wBAAwB,QAWnC,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,QAY/B,CAAC;AAMH,eAAO,MAAM,yBAAyB,QAWpC,CAAC;AAEH,eAAO,MAAM,wBAAwB,QAWnC,CAAC;AAEH,eAAO,MAAM,2BAA2B,QAWtC,CAAC;AAEH,eAAO,MAAM,0BAA0B,QAWrC,CAAC;AAEH,eAAO,MAAM,oBAAoB,QAW/B,CAAC;AAEH,eAAO,MAAM,qBAAqB,QAWhC,CAAC;AAEH,eAAO,MAAM,+BAA+B,QAW1C,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,aAAa,QAWxB,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,cAAc,QAWzB,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,4BAA4B,QAWvC,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,2BAA2B,QAoBtC,CAAC"}

package/dist/core/operations/cart.js CHANGED Viewed

@@ -277,6 +277,7 @@ const ORDER_FRAGMENT = `
     expiredAt
     shippingAddress { ...MailingAddress }
     itemCount
+    customerNote
     discountAllocations {
       discountCode
       amount { ...Money }

package/dist/next/image-loader.d.ts CHANGED Viewed

@@ -12,10 +12,10 @@
  * export default createImageLoader();
  * ```
  *
- * Zero configuration: the shop identifier, deployment version, and image-CDN base URL are
- * read from the public environment variables the DoSwiftly deploy pipeline injects
- * (`NEXT_PUBLIC_SHOP_ID`, `NEXT_PUBLIC_DEPLOYMENT_COMMIT`, `NEXT_PUBLIC_IMGPROXY_BASE`).
- * Pass overrides only for tests or non-standard hosting.
+ * Zero configuration: the shop identifier, deployment version, image-CDN base URL, and clean-URL
+ * flag are read from the public environment variables the DoSwiftly deploy pipeline injects
+ * (`NEXT_PUBLIC_SHOP_ID`, `NEXT_PUBLIC_DEPLOYMENT_COMMIT`, `NEXT_PUBLIC_IMGPROXY_BASE`,
+ * `NEXT_PUBLIC_ASSET_CLEAN_URL`). Pass overrides only for tests or non-standard hosting.
  *
  * This entry is Next-specific (it reads `NEXT_PUBLIC_*`); the framework-agnostic core (`.`)
  * stays free of it.

package/dist/next/image-loader.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"image-loader.d.ts","sourceRoot":"","sources":["../../src/next/image-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAuB,KAAK,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAE5E,yDAAyD;AACzD,MAAM,WAAW,mBAAmB;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAClC,CAAC,IAAI,EAAE,mBAAmB,KAAK,MAAM,~~CAevC~~"}
1	+ {"version":3,"file":"image-loader.d.ts","sourceRoot":"","sources":["../../src/next/image-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAAuB,KAAK,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAE5E,yDAAyD;AACzD,MAAM,WAAW,mBAAmB;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd;;;;OAIG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,GAClC,CAAC,IAAI,EAAE,mBAAmB,KAAK,MAAM,CAgBvC"}

package/dist/next/image-loader.js CHANGED Viewed

@@ -12,10 +12,10 @@
  * export default createImageLoader();
  * ```
  *
- * Zero configuration: the shop identifier, deployment version, and image-CDN base URL are
- * read from the public environment variables the DoSwiftly deploy pipeline injects
- * (`NEXT_PUBLIC_SHOP_ID`, `NEXT_PUBLIC_DEPLOYMENT_COMMIT`, `NEXT_PUBLIC_IMGPROXY_BASE`).
- * Pass overrides only for tests or non-standard hosting.
+ * Zero configuration: the shop identifier, deployment version, image-CDN base URL, and clean-URL
+ * flag are read from the public environment variables the DoSwiftly deploy pipeline injects
+ * (`NEXT_PUBLIC_SHOP_ID`, `NEXT_PUBLIC_DEPLOYMENT_COMMIT`, `NEXT_PUBLIC_IMGPROXY_BASE`,
+ * `NEXT_PUBLIC_ASSET_CLEAN_URL`). Pass overrides only for tests or non-standard hosting.
  *
  * This entry is Next-specific (it reads `NEXT_PUBLIC_*`); the framework-agnostic core (`.`)
  * stays free of it.
@@ -39,6 +39,7 @@ export function createImageLoader(config) {
         shopId: config?.shopId ?? process.env.NEXT_PUBLIC_SHOP_ID ?? '',
         version: config?.version ?? process.env.NEXT_PUBLIC_DEPLOYMENT_COMMIT ?? '',
         cdnBase: config?.cdnBase ?? process.env.NEXT_PUBLIC_IMGPROXY_BASE,
+        cleanUrl: config?.cleanUrl ?? (process.env.NEXT_PUBLIC_ASSET_CLEAN_URL === 'true'),
     };
     // Dev-only hint: surface raster images that the loader can't optimize (an external host, or
     // a build asset outside `/_next/static/media/`). Only when a shopId is resolved — without one

package/dist/react/providers/storefront-client-provider.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"storefront-client-provider.d.ts","sourceRoot":"","sources":["../../../src/react/providers/storefront-client-provider.tsx"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAA6C,MAAM,OAAO,CAAC;AAElE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAOzD,OAAO,EAA2B,KAAK,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAKhH,OAAO,KAAK,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAEpG,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAE5E,MAAM,WAAW,4BAA4B;IAC3C,MAAM,EAAE,gBAAgB,CAAC;IACzB,UAAU,EAAE,UAAU,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;CACxB;AAID,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,EAAE,sBAAsB,CAAC;IAC/B;;;OAGG;IACH,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;IAC1B,oEAAoE;IACpE,aAAa,CAAC,EAAE,0BAA0B,GAAG,IAAI,CAAC;IAClD,+DAA+D;IAC/D,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,4HAA4H;IAC5H,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,wBAAgB,wBAAwB,CAAC,EACvC,QAAQ,EACR,MAAM,EACN,UAAU,EAAE,gBAAqB,EACjC,aAAa,EACb,uBAAuB,EACvB,qBAAqB,EACrB,YAAY,GACb,EAAE,6BAA6B,~~2CA8E~~/B;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,4BAA4B,CAMzE"}
1	+ {"version":3,"file":"storefront-client-provider.d.ts","sourceRoot":"","sources":["../../../src/react/providers/storefront-client-provider.tsx"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAA6C,MAAM,OAAO,CAAC;AAElE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AACzD,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAOzD,OAAO,EAA2B,KAAK,0BAA0B,EAAE,MAAM,sCAAsC,CAAC;AAKhH,OAAO,KAAK,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AAEpG,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAC;AAE5E,MAAM,WAAW,4BAA4B;IAC3C,MAAM,EAAE,gBAAgB,CAAC;IACzB,UAAU,EAAE,UAAU,CAAC;IACvB,UAAU,EAAE,UAAU,CAAC;CACxB;AAID,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,EAAE,KAAK,CAAC,SAAS,CAAC;IAC1B,MAAM,EAAE,sBAAsB,CAAC;IAC/B;;;OAGG;IACH,UAAU,CAAC,EAAE,UAAU,EAAE,CAAC;IAC1B,oEAAoE;IACpE,aAAa,CAAC,EAAE,0BAA0B,GAAG,IAAI,CAAC;IAClD,+DAA+D;IAC/D,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,4HAA4H;IAC5H,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,wBAAgB,wBAAwB,CAAC,EACvC,QAAQ,EACR,MAAM,EACN,UAAU,EAAE,gBAAqB,EACjC,aAAa,EACb,uBAAuB,EACvB,qBAAqB,EACrB,YAAY,GACb,EAAE,6BAA6B,2CAiF/B;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,4BAA4B,CAMzE"}

package/dist/react/providers/storefront-client-provider.js CHANGED Viewed

@@ -13,7 +13,7 @@ import { createStorefrontClient } from '../../core/client/create-client';
 import { CartClient } from '../../core/cart/cart-client';
 import { AuthClient } from '../../core/auth/auth-client';
 import { authMiddleware } from '../../core/middleware/auth';
-import { cartSecretMiddleware } from '../../core/middleware/cart-secret';
+import { cartSecretMiddleware, isCartScopedOperation } from '../../core/middleware/cart-secret';
 import { CART_COOKIE_NAME, parseCartCookieValue } from '../../core/cart/cookie-config';
 import { getCookie } from '../cookies';
 import { currencyMiddleware } from '../../core/middleware/currency';
@@ -67,7 +67,9 @@ export function StorefrontClientProvider({ children, config, middleware: customM
                 authMiddleware(() => authStore.getState().accessToken),
                 // Cart access secret — read lazily from the composite cart-id cookie so
                 // a rotated secret (recovery redeem) is picked up without rebuilding.
-                cartSecretMiddleware(() => parseCartCookieValue(getCookie(CART_COOKIE_NAME))?.cartSecret ?? null),
+                // Attached only to cart operations (passed explicitly for clarity; it is
+                // the default) so public reads stay cacheable when a cart exists.
+                cartSecretMiddleware(() => parseCartCookieValue(getCookie(CART_COOKIE_NAME))?.cartSecret ?? null, isCartScopedOperation),
                 currencyMiddleware(() => currencyStore.getState().currency),
                 languageMiddleware(() => languageStore.getState().language),
                 // Bot protection (if configured)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@doswiftly/storefront-sdk",
-  "version": "22.8.1",
+  "version": "22.10.0",
   "description": "Storefront runtime SDK for DoSwiftly Commerce — layered transport, middleware pipeline, React providers, Zustand stores, cache strategies. 0 runtime dependencies in core.",
   "type": "module",
   "sideEffects": false,