@doswiftly/storefront-sdk 4.7.2 → 7.0.0

package/README.md

@@ -147,7 +147,7 @@ const logMiddleware: Middleware = async (req, next) => {
 const cartClient = new CartClient(client);
 
 const cart = await cartClient.create();
-const updated = await cartClient.addItems(cartId, [{ merchandiseId: 'v-123', quantity: 1 }]);
+const updated = await cartClient.addItems(cartId, [{ variantId: 'v-123', quantity: 1 }]);
 await cartClient.updateItems(cartId, [{ id: 'line-1', quantity: 3 }]);
 await cartClient.removeItems(cartId, ['line-1']);
 await cartClient.updateDiscountCodes(cartId, ['SAVE10']);
@@ -164,10 +164,10 @@ Auto-throws `StorefrontError` with code `USER_ERROR` on validation failures.
 const authClient = new AuthClient(client);
 
 const { accessToken, expiresAt } = await authClient.login('user@example.com', 'pass');
-await authClient.logout(accessToken);
-const renewed = await authClient.renewToken(accessToken);
-const { accessToken, customer } = await authClient.register({ email, password, firstName });
-const customer = await authClient.getCustomer(accessToken);
+await authClient.logout();
+const renewed = await authClient.refreshToken();
+const { accessToken: regToken, customer } = await authClient.register({ email, password, firstName });
+const me = await authClient.getCustomer();
 ```
 
 ### StorefrontError
@@ -312,10 +312,10 @@ cacheCustom({ maxAge: 300, swr: 600 })   // 5min + 10min swr
 
 ```typescript
 const {
-  login,        // (email, password) => Promise<LoginResult>
-  logout,       // () => Promise<LogoutResult>
-  renewToken,   // () => Promise<TokenRenewResult>
-  isLoggingIn, isLoggingOut, isRenewingToken, isLoading,
+  login,         // (email, password) => Promise<LoginResult>
+  logout,        // () => Promise<LogoutResult>
+  refreshToken,  // () => Promise<TokenRefreshResult>
+  isLoggingIn, isLoggingOut, isRefreshingToken, isLoading,
   error,
 } = useAuth({
   onSetToken: async (token) => { /* set httpOnly cookie via server route */ },
@@ -418,7 +418,7 @@ const authHydrated = useAuthHydrated(); // true after localStorage rehydration
 // Currency
 const { currency, baseCurrency, supportedCurrencies, setCurrency, isLoaded } = useCurrencyStore();
 
-// For .getState() in callbacks (e.g. logout, renewToken)
+// For .getState() in callbacks (e.g. logout, refreshToken)
 import { useAuthStoreApi, useCurrencyStoreApi } from '@doswiftly/storefront-sdk/react';
 const authStore = useAuthStoreApi();
 const token = authStore.getState().accessToken;

package/dist/core/auth/auth-client.d.ts

@@ -9,9 +9,10 @@
  * const authClient = new AuthClient(storefrontClient);
  *
  * const result = await authClient.login('user@example.com', 'password');
- * console.log(result.accessToken); // JWT token
+ * console.log(result.accessToken); // JWT (also set as httpOnly cookie by API)
  *
- * const customer = await authClient.getCustomer(result.accessToken);
+ * // Auth context resolved server-side from cookie/Bearer — no token argument.
+ * const customer = await authClient.getCustomer();
  * ```
  */
 import type { StorefrontClient } from '../client/types';
@@ -25,22 +26,27 @@ export declare class AuthClient {
      */
     login(email: string, password: string): Promise<AuthResult>;
     /**
-     * Logout — invalidate token on backend.
+     * Logout — invalidates auth cookie on backend (server clears Set-Cookie via Apollo plugin).
+     * Auth context czytany przez backend `StorefrontShopGuard` z httpOnly cookie lub
+     * `Authorization: Bearer` header (gdy ustawione przez SDK auth middleware).
      * Does not throw on failure (token may already be expired).
      */
-    logout(token: string): Promise<void>;
+    logout(): Promise<void>;
     /**
-     * Renew access token — extends expiry.
+     * Refresh access token — extends expiry. Auth context czytany przez backend
+     * z cookie / Authorization Bearer (jak inne authenticated mutations).
      */
-    renewToken(token: string): Promise<AuthResult>;
+    refreshToken(): Promise<AuthResult>;
     /**
      * Register new customer account.
      * Returns access token + customer data.
      */
     register(input: CustomerCreateInput): Promise<AuthResult>;
     /**
-     * Fetch customer data by access token.
+     * Fetch customer data — auth context z cookie / Authorization Bearer.
+     * Browser uses cookie auto-sent; non-browser klient passes Bearer header
+     * via SDK auth middleware (`setAuthToken`).
      */
-    getCustomer(accessToken: string): Promise<Customer | null>;
+    getCustomer(): Promise<Customer | null>;
 }
 //# sourceMappingURL=auth-client.d.ts.map

package/dist/core/auth/auth-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth-client.d.ts","sourceRoot":"","sources":["../../../src/core/auth/auth-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAUzE,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,gBAAgB;IAErD;;;OAGG;IACG,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAiBjE;;;OAGG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAa1C;;OAEG;IACG,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAiBpD;;;OAGG;IACG,QAAQ,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO,CAAC,UAAU,CAAC;IAmB/D;;OAEG;IACG,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;CAOjE"}
+{"version":3,"file":"auth-client.d.ts","sourceRoot":"","sources":["../../../src/core/auth/auth-client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxD,OAAO,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAUzE,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,gBAAgB;IAErD;;;OAGG;IACG,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAiBjE;;;;;OAKG;IACG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAa7B;;;OAGG;IACG,YAAY,IAAI,OAAO,CAAC,UAAU,CAAC;IAiBzC;;;OAGG;IACG,QAAQ,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO,CAAC,UAAU,CAAC;IAmB/D;;;;OAIG;IACG,WAAW,IAAI,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;CAO9C"}

package/dist/core/auth/auth-client.js

@@ -9,13 +9,14 @@
  * const authClient = new AuthClient(storefrontClient);
  *
  * const result = await authClient.login('user@example.com', 'password');
- * console.log(result.accessToken); // JWT token
+ * console.log(result.accessToken); // JWT (also set as httpOnly cookie by API)
  *
- * const customer = await authClient.getCustomer(result.accessToken);
+ * // Auth context resolved server-side from cookie/Bearer — no token argument.
+ * const customer = await authClient.getCustomer();
  * ```
  */
 import { assertNoUserErrors } from '../helpers/assert-no-user-errors';
-import { CUSTOMER_LOGIN, CUSTOMER_LOGOUT, CUSTOMER_TOKEN_RENEW, CUSTOMER_CREATE, CUSTOMER_QUERY, } from '../operations/auth';
+import { CUSTOMER_LOGIN, CUSTOMER_LOGOUT, CUSTOMER_REFRESH_TOKEN, CUSTOMER_SIGNUP, CUSTOMER_QUERY, } from '../operations/auth';
 export class AuthClient {
     client;
     constructor(client) {
@@ -27,32 +28,35 @@ export class AuthClient {
      */
     async login(email, password) {
         const data = await this.client.mutate(CUSTOMER_LOGIN, { input: { email, password } });
-        assertNoUserErrors(data.customerAccessTokenCreate);
-        const token = data.customerAccessTokenCreate.customerAccessToken;
+        assertNoUserErrors(data.customerLogin);
+        const token = data.customerLogin.customerAccessToken;
         return {
             accessToken: token.accessToken,
             expiresAt: token.expiresAt,
         };
     }
     /**
-     * Logout — invalidate token on backend.
+     * Logout — invalidates auth cookie on backend (server clears Set-Cookie via Apollo plugin).
+     * Auth context czytany przez backend `StorefrontShopGuard` z httpOnly cookie lub
+     * `Authorization: Bearer` header (gdy ustawione przez SDK auth middleware).
      * Does not throw on failure (token may already be expired).
      */
-    async logout(token) {
+    async logout() {
         try {
-            await this.client.mutate(CUSTOMER_LOGOUT, { customerAccessToken: token });
+            await this.client.mutate(CUSTOMER_LOGOUT);
         }
         catch {
             // Silently ignore — token may already be expired
         }
     }
     /**
-     * Renew access token — extends expiry.
+     * Refresh access token — extends expiry. Auth context czytany przez backend
+     * z cookie / Authorization Bearer (jak inne authenticated mutations).
      */
-    async renewToken(token) {
-        const data = await this.client.mutate(CUSTOMER_TOKEN_RENEW, { customerAccessToken: token });
-        assertNoUserErrors(data.customerAccessTokenRenew);
-        const renewed = data.customerAccessTokenRenew.customerAccessToken;
+    async refreshToken() {
+        const data = await this.client.mutate(CUSTOMER_REFRESH_TOKEN);
+        assertNoUserErrors(data.customerRefreshToken);
+        const renewed = data.customerRefreshToken.customerAccessToken;
         return {
             accessToken: renewed.accessToken,
             expiresAt: renewed.expiresAt,
@@ -63,20 +67,22 @@ export class AuthClient {
      * Returns access token + customer data.
      */
     async register(input) {
-        const data = await this.client.mutate(CUSTOMER_CREATE, { input });
-        assertNoUserErrors(data.customerCreate);
-        const token = data.customerCreate.customerAccessToken;
+        const data = await this.client.mutate(CUSTOMER_SIGNUP, { input });
+        assertNoUserErrors(data.customerSignup);
+        const token = data.customerSignup.customerAccessToken;
         return {
             accessToken: token.accessToken,
             expiresAt: token.expiresAt,
-            customer: data.customerCreate.customer ?? undefined,
+            customer: data.customerSignup.customer ?? undefined,
         };
     }
     /**
-     * Fetch customer data by access token.
+     * Fetch customer data — auth context z cookie / Authorization Bearer.
+     * Browser uses cookie auto-sent; non-browser klient passes Bearer header
+     * via SDK auth middleware (`setAuthToken`).
      */
-    async getCustomer(accessToken) {
-        const data = await this.client.query(CUSTOMER_QUERY, { customerAccessToken: accessToken });
+    async getCustomer() {
+        const data = await this.client.query(CUSTOMER_QUERY);
         return data.customer;
     }
 }

package/dist/core/auth/handlers.d.ts

@@ -22,6 +22,37 @@ interface SetTokenHandlerOptions {
  * httpOnly (XSS protection), Secure in production.
  */
 export declare function createSetTokenHandler(overrides?: SetTokenHandlerOptions): (request: Request) => Promise<Response>;
+interface WhoamiHandlerOptions {
+    /** Backend GraphQL endpoint (default: `${apiUrl}/storefront/graphql`). */
+    apiUrl?: string;
+    /** Shop slug header value (X-Shop-Slug). */
+    shopSlug?: string;
+}
+/**
+ * Create a GET handler that hydrates customer state z httpOnly cookie.
+ *
+ * Browser-based storefront po hydration mountuje React app z czystym auth store
+ * (XSS fix — `accessToken` nie persistuje w localStorage). Aby pokazać "logged in"
+ * UI bez round-trip do login, klient wywołuje GET `/api/auth/whoami`:
+ *
+ * 1. Endpoint reads httpOnly cookie `customerAccessToken` (server-side, JS-inaccessible)
+ * 2. Forward jako `Authorization: Bearer` header do backend GraphQL `customer` query
+ * 3. Return `{ isAuthenticated, customer | null }` do klienta
+ * 4. Klient setAuth(customer, '') — token NIE w body (cookie kontynuuje per-request auth)
+ *
+ * Security: origin validation, fetch via Bearer (cookie nie crossuje API boundary).
+ *
+ * @example
+ * ```ts
+ * // app/api/auth/whoami/route.ts
+ * import { createWhoamiHandler } from '@doswiftly/storefront-sdk';
+ * export const GET = createWhoamiHandler({
+ *   apiUrl: process.env.NEXT_PUBLIC_API_URL!,
+ *   shopSlug: process.env.NEXT_PUBLIC_SHOP_SLUG!,
+ * });
+ * ```
+ */
+export declare function createWhoamiHandler(options?: WhoamiHandlerOptions): (request: Request) => Promise<Response>;
 /**
  * Create a POST handler that clears the auth token cookie.
  *

package/dist/core/auth/handlers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../../src/core/auth/handlers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,UAAU,sBAAsB;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAmCD;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,SAAS,CAAC,EAAE,sBAAsB,GACjC,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAgEzC;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,IAAI,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAkCjF"}
+{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../../src/core/auth/handlers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,UAAU,sBAAsB;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAmCD;;;;;GAKG;AACH,wBAAgB,qBAAqB,CACnC,SAAS,CAAC,EAAE,sBAAsB,GACjC,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAgEzC;AAED,UAAU,oBAAoB;IAC5B,0EAA0E;IAC1E,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,4CAA4C;IAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,GAAE,oBAAyB,GACjC,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CA6DzC;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,IAAI,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAkCjF"}

package/dist/core/auth/handlers.js

@@ -91,6 +91,75 @@ export function createSetTokenHandler(overrides) {
         }
     };
 }
+/**
+ * Create a GET handler that hydrates customer state z httpOnly cookie.
+ *
+ * Browser-based storefront po hydration mountuje React app z czystym auth store
+ * (XSS fix — `accessToken` nie persistuje w localStorage). Aby pokazać "logged in"
+ * UI bez round-trip do login, klient wywołuje GET `/api/auth/whoami`:
+ *
+ * 1. Endpoint reads httpOnly cookie `customerAccessToken` (server-side, JS-inaccessible)
+ * 2. Forward jako `Authorization: Bearer` header do backend GraphQL `customer` query
+ * 3. Return `{ isAuthenticated, customer | null }` do klienta
+ * 4. Klient setAuth(customer, '') — token NIE w body (cookie kontynuuje per-request auth)
+ *
+ * Security: origin validation, fetch via Bearer (cookie nie crossuje API boundary).
+ *
+ * @example
+ * ```ts
+ * // app/api/auth/whoami/route.ts
+ * import { createWhoamiHandler } from '@doswiftly/storefront-sdk';
+ * export const GET = createWhoamiHandler({
+ *   apiUrl: process.env.NEXT_PUBLIC_API_URL!,
+ *   shopSlug: process.env.NEXT_PUBLIC_SHOP_SLUG!,
+ * });
+ * ```
+ */
+export function createWhoamiHandler(options = {}) {
+    return async (request) => {
+        try {
+            const originError = validateOrigin(request);
+            if (originError)
+                return originError;
+            const cookieHeader = request.headers.get('cookie') ?? '';
+            const tokenMatch = cookieHeader.match(new RegExp(`(?:^|; )${AUTH_COOKIE_NAME}=([^;]+)`));
+            const token = tokenMatch ? decodeURIComponent(tokenMatch[1]) : null;
+            if (!token) {
+                return new Response(JSON.stringify({ isAuthenticated: false, customer: null }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+            }
+            const apiUrl = options.apiUrl ?? process.env.NEXT_PUBLIC_API_URL ?? '';
+            const shopSlug = options.shopSlug ?? process.env.NEXT_PUBLIC_SHOP_SLUG ?? '';
+            const endpoint = `${apiUrl.replace(/\/$/, '')}/storefront/graphql`;
+            const gqlResponse = await fetch(endpoint, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    Accept: 'application/json',
+                    Authorization: `Bearer ${token}`,
+                    ...(shopSlug ? { 'X-Shop-Slug': shopSlug } : {}),
+                },
+                body: JSON.stringify({
+                    query: `query Whoami {
+            customer {
+              id
+              email
+              firstName
+              lastName
+              phone
+            }
+          }`,
+                }),
+            });
+            const json = (await gqlResponse.json());
+            const customer = json.data?.customer ?? null;
+            return new Response(JSON.stringify({ isAuthenticated: !!customer, customer }), { status: 200, headers: { 'Content-Type': 'application/json' } });
+        }
+        catch (error) {
+            console.error('Error in whoami handler:', error);
+            return new Response(JSON.stringify({ isAuthenticated: false, customer: null, error: 'Internal server error' }), { status: 500, headers: { 'Content-Type': 'application/json' } });
+        }
+    };
+}
 /**
  * Create a POST handler that clears the auth token cookie.
  *

package/dist/core/auth/types.d.ts

@@ -25,8 +25,8 @@ export interface Customer {
 }
 export interface MailingAddress {
     id: string;
-    address1: string | null;
-    address2: string | null;
+    streetLine1: string | null;
+    streetLine2: string | null;
     city: string | null;
     company: string | null;
     country: string | null;
@@ -34,9 +34,9 @@ export interface MailingAddress {
     firstName: string | null;
     lastName: string | null;
     phone: string | null;
-    province: string | null;
-    provinceCode: string | null;
-    zip: string | null;
+    state: string | null;
+    stateCode: string | null;
+    postalCode: string | null;
     isDefault: boolean;
 }
 export interface AuthResult {

package/dist/core/auth/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/auth/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,cAAc,GAAG,IAAI,CAAC;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAC5D,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/auth/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,aAAa,EAAE,OAAO,CAAC;IACvB,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,cAAc,GAAG,IAAI,CAAC;IACtC,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAC5D,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,QAAQ,CAAC;CACrB;AAED,MAAM,WAAW,mBAAmB;IAClC,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB"}

package/dist/core/cache.d.ts

@@ -1,7 +1,7 @@
 /**
  * Cache strategies — functions (not constants) with override support.
  *
- * Inspired by Shopify Hydrogen's caching strategies.
+ * Industry-standard storefront caching strategies (no-store / SWR / private).
  *
  * @example
  * ```typescript

package/dist/core/cache.js

@@ -1,7 +1,7 @@
 /**
  * Cache strategies — functions (not constants) with override support.
  *
- * Inspired by Shopify Hydrogen's caching strategies.
+ * Industry-standard storefront caching strategies (no-store / SWR / private).
  *
  * @example
  * ```typescript

package/dist/core/cart/cart-client.d.ts

@@ -10,7 +10,7 @@
  *
  * const cart = await cartClient.create();
  * const updated = await cartClient.addItem(cart.id, [
- *   { merchandiseId: 'variant-123', quantity: 1 }
+ *   { variantId: 'variant-123', quantity: 1 }
  * ]);
  * ```
  */

package/dist/core/cart/cart-client.js

@@ -10,7 +10,7 @@
  *
  * const cart = await cartClient.create();
  * const updated = await cartClient.addItem(cart.id, [
- *   { merchandiseId: 'variant-123', quantity: 1 }
+ *   { variantId: 'variant-123', quantity: 1 }
  * ]);
  * ```
  */

package/dist/core/cart/types.d.ts

@@ -10,78 +10,98 @@ export interface Money {
     amount: string;
     currencyCode: string;
 }
-/**
- * Price with full currency-conversion transparency.
- *
- * Used for all cart/checkout prices where the customer may be viewing
- * prices converted from the shop's base currency.
- */
-export interface PriceMoney {
-    amount: string;
-    currencyCode: string;
-    baseAmount: string;
-    baseCurrencyCode: string;
-    exchangeRate: number | null;
-    marginApplied: number | null;
-    rateTimestamp: string | null;
-    isConverted: boolean;
+export interface ImageThumbnail {
+    id: string | null;
+    url: string;
+    altText: string | null;
+    width: number | null;
+    height: number | null;
+    thumbhash: string | null;
+}
+export interface PageInfo {
+    hasNextPage: boolean;
+    hasPreviousPage: boolean;
+    startCursor: string | null;
+    endCursor: string | null;
 }
 export interface CartCost {
-    totalAmount: PriceMoney;
-    subtotalAmount: PriceMoney;
-    totalTaxAmount: PriceMoney | null;
-    totalDutyAmount: PriceMoney | null;
+    total: Money;
+    subtotal: Money;
+    totalTax: Money | null;
+    totalDuty: Money | null;
+    checkoutCharge: Money | null;
 }
 export interface CartLineCost {
-    amountPerQuantity: PriceMoney;
-    subtotalAmount: PriceMoney;
-    totalAmount: PriceMoney;
-    compareAtAmountPerQuantity: PriceMoney | null;
+    pricePerUnit: Money;
+    subtotal: Money;
+    total: Money;
+    compareAtPricePerUnit: Money | null;
 }
 export interface SelectedOption {
     name: string;
     value: string;
 }
-export interface CartLineMerchandise {
+export interface ProductVariantWeight {
+    value: number;
+    unit: string;
+}
+export interface ProductVariant {
     id: string;
     title: string;
     sku: string | null;
-    price: PriceMoney;
-    originalPrice: Money | null;
-    compareAtPrice: PriceMoney | null;
-    originalCompareAtPrice: Money | null;
-    available: boolean;
-    quantityAvailable: number | null;
-    image: {
-        id: string | null;
-        url: string;
-        altText: string | null;
-        width: number | null;
-        height: number | null;
-        thumbhash: string | null;
-    } | null;
+    price: Money;
+    compareAtPrice: Money | null;
+    isAvailable: boolean;
+    availableStock: number | null;
+    image: ImageThumbnail | null;
     selectedOptions: SelectedOption[];
     barcode: string | null;
-    weight: number | null;
-    position: number | null;
+    weight: ProductVariantWeight | null;
+    sortOrder: number | null;
+}
+export interface AttributeSelection {
+    attributeDefinitionId: string;
+    attributeName: string;
+    type: string;
+    fillingMode: string;
+    billingMode: string | null;
+    optionId: string | null;
+    optionLabel: string | null;
+    optionIds: string[] | null;
+    textValue: string | null;
+    surchargeAmount: number;
+    surchargeType: string | null;
+    taxClassId: string | null;
+    linkedVariantId: string | null;
 }
 export interface CartLine {
     id: string;
     quantity: number;
-    merchandise: CartLineMerchandise;
+    variant: ProductVariant;
     cost: CartLineCost;
     attributes: Array<{
         key: string;
         value: string | null;
     }>;
+    attributeSelections: AttributeSelection[];
     productId: string | null;
     productTitle: string | null;
     productHandle: string | null;
     productType: string | null;
 }
+export interface CartLineEdge {
+    cursor: string;
+    node: CartLine;
+}
+export interface CartLineConnection {
+    edges: CartLineEdge[];
+    nodes: CartLine[];
+    pageInfo: PageInfo;
+    totalCount: number;
+}
 export interface CartDiscountCode {
     code: string;
-    applicable: boolean;
+    isApplicable: boolean;
 }
 export interface CartDiscountAllocation {
     discountCode: string;
@@ -100,7 +120,7 @@ export interface Cart {
     createdAt: string;
     updatedAt: string;
     cost: CartCost;
-    lines: CartLine[];
+    lines: CartLineConnection;
     buyerIdentity: CartBuyerIdentity | null;
     discountCodes: CartDiscountCode[];
     discountAllocations: CartDiscountAllocation[];
@@ -126,9 +146,9 @@ export interface CartAttributeSelectionInput {
     textValue?: string | null;
 }
 export interface CartLineInput {
-    merchandiseId: string;
+    variantId: string;
     quantity?: number;
-    /** Shopify-style raw Line Item Properties (gift messages, engraving notes, etc.). */
+    /** Raw Line Item Properties (gift messages, engraving notes, etc.). */
     attributes?: Array<{
         key: string;
         value: string;

package/dist/core/cart/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/cart/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,MAAM,WAAW,KAAK;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,WAAW,EAAE,OAAO,CAAC;CACtB;AAMD,MAAM,WAAW,QAAQ;IACvB,WAAW,EAAE,UAAU,CAAC;IACxB,cAAc,EAAE,UAAU,CAAC;IAC3B,cAAc,EAAE,UAAU,GAAG,IAAI,CAAC;IAClC,eAAe,EAAE,UAAU,GAAG,IAAI,CAAC;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,iBAAiB,EAAE,UAAU,CAAC;IAC9B,cAAc,EAAE,UAAU,CAAC;IAC3B,WAAW,EAAE,UAAU,CAAC;IACxB,0BAA0B,EAAE,UAAU,GAAG,IAAI,CAAC;CAC/C;AAMD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,KAAK,EAAE,UAAU,CAAC;IAClB,aAAa,EAAE,KAAK,GAAG,IAAI,CAAC;IAC5B,cAAc,EAAE,UAAU,GAAG,IAAI,CAAC;IAClC,sBAAsB,EAAE,KAAK,GAAG,IAAI,CAAC;IACrC,SAAS,EAAE,OAAO,CAAC;IACnB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,KAAK,EAAE;QAAE,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC;IAChJ,eAAe,EAAE,cAAc,EAAE,CAAC;IAClC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CACzB;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,mBAAmB,CAAC;IACjC,IAAI,EAAE,YAAY,CAAC;IACnB,UAAU,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;IACzD,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAMD,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,OAAO,CAAC;CACrB;AAED,MAAM,WAAW,sBAAsB;IACrC,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,KAAK,CAAC;CACf;AAMD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAMD,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,QAAQ,CAAC;IACf,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,aAAa,EAAE,iBAAiB,GAAG,IAAI,CAAC;IACxC,aAAa,EAAE,gBAAgB,EAAE,CAAC;IAClC,mBAAmB,EAAE,sBAAsB,EAAE,CAAC;IAC9C,UAAU,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;CAC1D;AAMD;;;;;;;;;GASG;AACH,MAAM,WAAW,2BAA2B;IAC1C,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qFAAqF;IACrF,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACnD,uFAAuF;IACvF,mBAAmB,CAAC,EAAE,2BAA2B,EAAE,CAAC;CACrD;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACnD,uFAAuF;IACvF,mBAAmB,CAAC,EAAE,2BAA2B,EAAE,GAAG,IAAI,CAAC;CAC5D;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,aAAa,EAAE,CAAC;IACxB,aAAa,CAAC,EAAE,sBAAsB,CAAC;IACvC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACpD;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/cart/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,MAAM,WAAW,KAAK;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;CACtB;AAMD,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAMD,MAAM,WAAW,QAAQ;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,eAAe,EAAE,OAAO,CAAC;IACzB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAMD,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,KAAK,CAAC;IAChB,QAAQ,EAAE,KAAK,GAAG,IAAI,CAAC;IACvB,SAAS,EAAE,KAAK,GAAG,IAAI,CAAC;IACxB,cAAc,EAAE,KAAK,GAAG,IAAI,CAAC;CAC9B;AAED,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,KAAK,CAAC;IACpB,QAAQ,EAAE,KAAK,CAAC;IAChB,KAAK,EAAE,KAAK,CAAC;IACb,qBAAqB,EAAE,KAAK,GAAG,IAAI,CAAC;CACrC;AAMD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,KAAK,EAAE,KAAK,CAAC;IACb,cAAc,EAAE,KAAK,GAAG,IAAI,CAAC;IAC7B,WAAW,EAAE,OAAO,CAAC;IACrB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,KAAK,EAAE,cAAc,GAAG,IAAI,CAAC;IAC7B,eAAe,EAAE,cAAc,EAAE,CAAC;IAClC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,oBAAoB,GAAG,IAAI,CAAC;IACpC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAkB;IACjC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;CAChC;AAED,MAAM,WAAW,QAAQ;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,cAAc,CAAC;IACxB,IAAI,EAAE,YAAY,CAAC;IACnB,UAAU,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;IACzD,mBAAmB,EAAE,kBAAkB,EAAE,CAAC;IAC1C,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,QAAQ,CAAC;CAChB;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,YAAY,EAAE,CAAC;IACtB,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAMD,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,sBAAsB;IACrC,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,KAAK,CAAC;CACf;AAMD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAMD,MAAM,WAAW,IAAI;IACnB,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,QAAQ,CAAC;IACf,KAAK,EAAE,kBAAkB,CAAC;IAC1B,aAAa,EAAE,iBAAiB,GAAG,IAAI,CAAC;IACxC,aAAa,EAAE,gBAAgB,EAAE,CAAC;IAClC,mBAAmB,EAAE,sBAAsB,EAAE,CAAC;IAC9C,UAAU,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;CAC1D;AAMD;;;;;;;;;GASG;AACH,MAAM,WAAW,2BAA2B;IAC1C,qBAAqB,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,SAAS,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC5B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,uEAAuE;IACvE,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACnD,uFAAuF;IACvF,mBAAmB,CAAC,EAAE,2BAA2B,EAAE,CAAC;CACrD;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACnD,uFAAuF;IACvF,mBAAmB,CAAC,EAAE,2BAA2B,EAAE,GAAG,IAAI,CAAC;CAC5D;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE,aAAa,EAAE,CAAC;IACxB,aAAa,CAAC,EAAE,sBAAsB,CAAC;IACvC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,KAAK,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACpD;AAED,MAAM,WAAW,sBAAsB;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB"}

package/dist/core/client/compose.d.ts

@@ -1,5 +1,5 @@
 /**
- * Compose middleware chain using reduceRight (Hydrogen pattern).
+ * Compose middleware chain using reduceRight (industry-standard pattern).
  *
  * Middleware execute in order: first registered runs first.
  * Each can modify request, modify response, retry, or short-circuit.

package/dist/core/client/compose.js

@@ -1,5 +1,5 @@
 /**
- * Compose middleware chain using reduceRight (Hydrogen pattern).
+ * Compose middleware chain using reduceRight (industry-standard pattern).
  *
  * Middleware execute in order: first registered runs first.
  * Each can modify request, modify response, retry, or short-circuit.

package/dist/core/client/create-client.d.ts

@@ -1,10 +1,10 @@
 /**
- * createStorefrontClient — transport factory (Hydrogen pattern).
+ * createStorefrontClient — transport factory (agnostic-core pattern).
  *
  * Creates a framework-agnostic GraphQL client with:
  * - Middleware pipeline (composable, lazy)
  * - Request deduplication (same-tick queries)
- * - TypedDocumentString support (Saleor/client-preset)
+ * - TypedDocumentString support (graphql client-preset)
  * - Plain string queries (for custom operations)
  * - Debug mode
  *

package/dist/core/client/create-client.js

@@ -1,10 +1,10 @@
 /**
- * createStorefrontClient — transport factory (Hydrogen pattern).
+ * createStorefrontClient — transport factory (agnostic-core pattern).
  *
  * Creates a framework-agnostic GraphQL client with:
  * - Middleware pipeline (composable, lazy)
  * - Request deduplication (same-tick queries)
- * - TypedDocumentString support (Saleor/client-preset)
+ * - TypedDocumentString support (graphql client-preset)
  * - Plain string queries (for custom operations)
  * - Debug mode
  *

package/dist/core/client/execute.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"execute.d.ts","sourceRoot":"","sources":["../../../src/core/client/execute.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAoB,MAAM,SAAS,CAAC;AAEjF,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,kCAAkC;IAClC,KAAK,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAC/B,2BAA2B;IAC3B,KAAK,EAAE,OAAO,CAAC;CAChB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,IAGnB,SAAS,cAAc,KAAG,OAAO,CAAC,eAAe,CAAC,CA6CjF"}
+{"version":3,"file":"execute.d.ts","sourceRoot":"","sources":["../../../src/core/client/execute.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,eAAe,EAAoB,MAAM,SAAS,CAAC;AAEjF,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,kCAAkC;IAClC,KAAK,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAC/B,2BAA2B;IAC3B,KAAK,EAAE,OAAO,CAAC;CAChB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,aAAa,IAGnB,SAAS,cAAc,KAAG,OAAO,CAAC,eAAe,CAAC,CAmDjF"}

package/dist/core/client/execute.js

@@ -30,6 +30,12 @@ export function createExecute(config) {
             },
             body: JSON.stringify(body),
             signal,
+            // Include httpOnly cookies (e.g. customerAccessToken auth) on cross-origin
+            // requests. Required when the storefront runs on a domain different from the
+            // backend GraphQL endpoint — same-origin browsers send cookies regardless,
+            // but cross-origin needs `credentials: 'include'` paired with the backend's
+            // `Access-Control-Allow-Credentials: true` (already configured).
+            credentials: 'include',
         });
         const json = await response.json();
         if (debug) {