@droplinked_inc/editor-ui 0.3.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Droplinked Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,91 @@
+# @droplinked_inc/editor-ui
+
+Renderer + image-upload UI for the `@droplinked_inc` visual editor.
+
+Initial rebuild port of the page-level renderer (`Editor`, `PageHeader`,
+`PageFooter`, `InnerContent`, `AppStoreProvider`) that the hostile
+`droplinked-editor-configs@1.9.19` shipped tightly coupled to its
+data-only surface. `@droplinked_inc/editor-configs` already ports the
+data substrate; this package owns the renderer.
+
+## Status: 0.1.0 — shell package with bug-fix landing zone
+
+The hostile renderer is approximately **19,818 LoC across 1,168 files**
+(per `packages/editor-configs/THREAT_MODEL.md`). Porting it safely
+requires multi-agent work. This 0.1.0 release ships **the structural
+fix for the 2026-05-18 template-builder upload regression** plus a
+typed prop surface so consumers can flip imports without compile breaks.
+
+### What ships in 0.1.0
+
+| Surface | State |
+| --- | --- |
+| `Editor` component | **STUB** — renders a placeholder that delegates to `<UploadImage>` so the bug-fix path is exercisable end-to-end. |
+| `UploadImage` component | **WORKING** — minimal unstyled `<label><input type="file"></label>` widget that calls `uploadImageToCdn`. |
+| `uploadImageToCdn` helper | **WORKING** — POSTs `multipart/form-data` to `/uploader/cdn-upload` with `Authorization: Bearer <token>`. |
+| `EditorProps` / `UploadConfig` types | **STABLE** — match the prop surface that `droplinked-shop-builder` consumers used against 1.9.19. |
+| `PageHeader` / `PageFooter` / `InnerContent` / `AppStoreProvider` | **NOT YET PORTED** — see "Porting plan" below. |
+| Configured component renderers (69 files in 1.9.19) | **NOT YET PORTED** — see "Porting plan". |
+| Icon set (849 SVGs) | **NOT IN SCOPE** — belongs in a future `@droplinked_inc/icons` (already flagged in `editor-configs/THREAT_MODEL.md`). |
+
+### The bug this fixes
+
+Upload from `droplinked.com/analytics/style-center/template-builder`
+started 401-ing on 2026-05-18 after apiv3 PR #1116 made
+`/uploader/cdn-upload` JWT-required. Root cause: hostile 1.9.19 accepted
+a `token` prop on `<Editor>` but the internal upload call did **not**
+forward it as the `Authorization` header. Since we don't own that source
+we cannot patch it in place — hence this package.
+
+The fix is in `src/internal/upload.ts`:
+
+```ts
+headers: {
+  Authorization: `Bearer ${config.token}`,
+},
+```
+
+This is the single load-bearing line. The regression test
+(`src/__tests__/upload-auth-forwarded.test.tsx`) pins the contract.
+
+## Porting plan
+
+Once published, separate sub-agents can land each block as its own PR
+against this package:
+
+1. **`PageHeader`** — top-of-page editor chrome (save, exit, publish).
+2. **`PageFooter`** — publish/preview footer.
+3. **`InnerContent`** — Puck-host wrapper that consumes
+   `@droplinked_inc/editor-configs`.
+4. **`AppStoreProvider`** — zustand store wiring. Audit for telemetry
+   /phone-home before porting.
+5. **Cover Media handler + Logo Change handler** — wire to
+   `UploadImage` so they share the JWT-forwarded upload path.
+6. **Theming / Chakra v3 migration** — drop Chakra v2 carry-overs.
+
+Each port MUST repeat the secrets-sweep that
+`editor-configs/THREAT_MODEL.md` documented (eval/new Function, inline
+S3 URLs, console.log, hardcoded `apiv3.droplinked.com`, telemetry).
+
+## Consumer migration (`droplinked-shop-builder`)
+
+```diff
+- import { Editor, EditorProps } from 'droplinked-editor-configs';
++ import { Editor, EditorProps } from '@droplinked_inc/editor-ui';
+```
+
+The prop surface is unchanged. The upload regression is fixed at the
+package boundary; the host application does not need to change how it
+passes `token`.
+
+## Security posture
+
+- `sideEffects: false` — bundlers tree-shake everything the consumer
+  doesn't import.
+- No `eval`, `new Function`, dynamic `require`, or
+  `dangerouslySetInnerHTML`.
+- No `console.log` / `console.debug` in shipped code.
+- Token is forwarded only on the `Authorization` header; never logged,
+  never serialized into request body or URL.
+- Default upload endpoint is `https://apiv3.droplinked.com/uploader/cdn-upload`;
+  override via `endpoint` config for tests/staging.

package/THREAT_MODEL.md

@@ -0,0 +1,81 @@
+# Threat model — `@droplinked_inc/editor-ui`
+
+## What this package is (0.1.0)
+
+A shell rebuild package that owns the renderer surface deferred out of
+`@droplinked_inc/editor-configs`. 0.1.0 ships only the
+image-upload sub-component with the structural fix for the
+2026-05-18 template-builder regression, plus a typed `Editor` shell.
+
+## Trust boundaries
+
+| Boundary | Direction | Mitigation |
+| --- | --- | --- |
+| `token` prop | host → package → `fetch` | Forwarded only as `Authorization: Bearer <token>` header. Never logged, never written to request body, never written to URL. Empty/missing token throws before any network call. |
+| Upload endpoint | package → apiv3 | Default `https://apiv3.droplinked.com/uploader/cdn-upload`. Overridable via `UploadConfig.endpoint` for tests; production override should be a deliberate decision. |
+| CDN response | apiv3 → consumer | Response is parsed as JSON and the `url` field is strictly type-narrowed (`typeof === 'string' && length > 0`). Non-conforming responses throw before reaching the host's `onUpdate`. |
+| File input | DOM → upload helper | First selected file only. `<input type="file" accept="image/*">` constrains MIME at the browser layer; apiv3 is the source of truth for accepted MIME. |
+
+## What this package is **not** doing (deferred)
+
+See `README.md` "Porting plan". The deferred renderer surface is:
+
+- `PageHeader` / `PageFooter` / `InnerContent` / `AppStoreProvider`
+- 69 `configured-components/*` renderers from the hostile 1.9.19
+- Chakra UI v3 migration of all of the above
+- The 849-icon `assets/` tree (separate `@droplinked_inc/icons` package)
+
+Each follow-up port MUST repeat the secrets-sweep documented in
+`packages/editor-configs/THREAT_MODEL.md`.
+
+## Secrets-sweep result (0.1.0 ported surface)
+
+| Pattern | Hits | Action |
+| --- | --- | --- |
+| `pk_live` / `sk_live` / `AKIA…` / `AIza…` / `xoxb-` / `ghp_…` / `npm_…` | 0 | none |
+| PEM private-key blocks | 0 | none |
+| Author email addresses (PII) | 0 | none |
+| `eval` / `new Function` / dynamic `require` | 0 | none |
+| `dangerouslySetInnerHTML` / `.innerHTML =` | 0 | none |
+| `console.log` / `console.debug` | 0 | none |
+| Hardcoded URLs | 1 (`https://apiv3.droplinked.com/uploader/cdn-upload`, named export `DEFAULT_UPLOAD_ENDPOINT` for override) | acceptable for 0.1.0; flagged as a runtime-config target in the editor-configs threat model. |
+| `// TODO` / `// FIXME` / `// HACK` / `// XXX` | 0 | none |
+
+## Dependency surface
+
+Runtime dependencies: **none**.
+
+Peer dependencies: `react`, `react-dom`, `@droplinked_inc/editor-configs`.
+
+The hostile 1.9.19 pulled in Chakra, Radix, Puck, axios, lucide-react,
+zustand, react-query, vaul, cmdk, class-variance-authority, clsx,
+tailwind-merge, lz-string, keen-slider, react-slider, react-icons. None
+of these are re-introduced by 0.1.0. They will re-enter the graph only
+as the deferred renderer surface lands, and each addition MUST be
+justified in a follow-up PR's threat-model diff.
+
+## Upload-call audit (the load-bearing path)
+
+```
+host                              UploadImage (this pkg)         uploadImageToCdn (this pkg)
+─────                             ────────────────────           ────────────────────────────
+<Editor token=jwt …/>
+   │
+   ▼
+<UploadImage token=jwt …/>
+                                    onChange(file)
+                                       │
+                                       ▼
+                                    uploadImageToCdn(file, { token: jwt })
+                                                                       │
+                                                                       ▼
+                                                                    fetch(endpoint, {
+                                                                      method: 'POST',
+                                                                      headers: { Authorization: `Bearer ${jwt}` },
+                                                                      body: FormData(file)
+                                                                    })
+```
+
+The single regression-prone hop (the `headers.Authorization` line in
+`src/internal/upload.ts`) is pinned by
+`src/__tests__/upload-auth-forwarded.test.tsx`.

package/dist/components/CoverMedia.d.ts

@@ -0,0 +1,19 @@
+import * as React from 'react';
+import type { EditorData } from '../types.js';
+export interface CoverMediaProps {
+    readonly token: string;
+    readonly data: EditorData;
+    readonly onUpdate: (next: EditorData) => void;
+    readonly fetchImpl?: typeof fetch;
+}
+/**
+ * Cover Media section — the large hero banner image at the very top of
+ * the storefront, above the Hero Section text block. Maps to the
+ * `coverMediaUrl` key on the editor data envelope.
+ *
+ * This is the surface the template-builder bug-report screenshot called
+ * out by name ("Cover Media"). The user clicks the slot to upload an
+ * image; that fetch MUST carry Authorization: Bearer <token>.
+ */
+export declare function CoverMedia(props: CoverMediaProps): React.JSX.Element;
+//# sourceMappingURL=CoverMedia.d.ts.map

package/dist/components/CoverMedia.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CoverMedia.d.ts","sourceRoot":"","sources":["../../src/components/CoverMedia.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,EAAE,UAAU,EAAgB,MAAM,aAAa,CAAC;AAG5D,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,CAAC;IAC9C,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CACnC;AAED;;;;;;;;GAQG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,eAAe,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CA4BpE"}

package/dist/components/CoverMedia.js

@@ -0,0 +1,21 @@
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import * as React from 'react';
+import { UploadImage } from './UploadImage.js';
+/**
+ * Cover Media section — the large hero banner image at the very top of
+ * the storefront, above the Hero Section text block. Maps to the
+ * `coverMediaUrl` key on the editor data envelope.
+ *
+ * This is the surface the template-builder bug-report screenshot called
+ * out by name ("Cover Media"). The user clicks the slot to upload an
+ * image; that fetch MUST carry Authorization: Bearer <token>.
+ */
+export function CoverMedia(props) {
+    const { token, data, onUpdate, fetchImpl } = props;
+    const url = typeof data.coverMediaUrl === 'string' ? data.coverMediaUrl : '';
+    const handleUploaded = React.useCallback((result) => {
+        onUpdate({ ...data, coverMediaUrl: result.url });
+    }, [data, onUpdate]);
+    return (_jsxs("section", { "data-testid": "editor-ui-section-cover-media", "data-section": "cover-media", children: [_jsx("h2", { children: "Cover Media" }), url !== '' ? (_jsx("img", { src: url, alt: "Cover media", "data-testid": "editor-ui-cover-image" })) : null, _jsx(UploadImage, { token: token, onUploaded: handleUploaded, ...(fetchImpl !== undefined ? { fetchImpl } : {}), label: "Upload cover media" })] }));
+}
+//# sourceMappingURL=CoverMedia.js.map

package/dist/components/CoverMedia.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CoverMedia.js","sourceRoot":"","sources":["../../src/components/CoverMedia.tsx"],"names":[],"mappings":";AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAG/B,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAS/C;;;;;;;;GAQG;AACH,MAAM,UAAU,UAAU,CAAC,KAAsB;IAC/C,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC;IACnD,MAAM,GAAG,GAAG,OAAO,IAAI,CAAC,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;IAE7E,MAAM,cAAc,GAAG,KAAK,CAAC,WAAW,CACtC,CAAC,MAAoB,EAAQ,EAAE;QAC7B,QAAQ,CAAC,EAAE,GAAG,IAAI,EAAE,aAAa,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;IACnD,CAAC,EACD,CAAC,IAAI,EAAE,QAAQ,CAAC,CACjB,CAAC;IAEF,OAAO,CACL,kCACc,+BAA+B,kBAC9B,aAAa,aAE1B,uCAAoB,EACnB,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,CACZ,cAAK,GAAG,EAAE,GAAG,EAAE,GAAG,EAAC,aAAa,iBAAa,uBAAuB,GAAG,CACxE,CAAC,CAAC,CAAC,IAAI,EACR,KAAC,WAAW,IACV,KAAK,EAAE,KAAK,EACZ,UAAU,EAAE,cAAc,KACtB,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAClD,KAAK,EAAC,oBAAoB,GAC1B,IACM,CACX,CAAC;AACJ,CAAC"}

package/dist/components/Editor.d.ts

@@ -0,0 +1,29 @@
+import * as React from 'react';
+import type { EditorProps } from '../types.js';
+/**
+ * `Editor` — top-level page renderer for the @droplinked_inc visual
+ * template builder.
+ *
+ * Layout (mirrors the hostile droplinked-editor-configs@1.9.21 page
+ * structure visible in the 2026-05-18 template-builder screenshot):
+ *
+ *   PageHeader (shop name + logo upload slot)
+ *   ├ CoverMedia       (banner image upload)
+ *   ├ HeroSection      (headline + tagline + image)
+ *   └ Custom sections  (PORTING TODO — see README "Porting plan")
+ *   PageFooter (shop name + year)
+ *
+ * Each image upload slot routes through the shared `<UploadImage>`
+ * component, whose `uploadImageToCdn` helper forwards the `token` prop
+ * as `Authorization: Bearer <token>` on every CDN POST. That contract
+ * is the structural fix for the 2026-05-18 template-builder upload bug
+ * triggered by apiv3 PR #1116 making `/uploader/cdn-upload` JWT-required.
+ *
+ * Surface still stubbed in this 0.2.0 (tracked in README):
+ *   - `configured-components/*` (69 product / blog / multicolumn renderers)
+ *   - `InnerContent` zone with drag-drop slot composition
+ *   - `AppStoreProvider` (zustand store wiring)
+ *   - Per-category sidebar UI from `@droplinked_inc/editor-configs`
+ */
+export declare function Editor(props: EditorProps): React.JSX.Element;
+//# sourceMappingURL=Editor.d.ts.map

package/dist/components/Editor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Editor.d.ts","sourceRoot":"","sources":["../../src/components/Editor.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,EAAc,WAAW,EAAE,MAAM,aAAa,CAAC;AAM3D;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,MAAM,CAAC,KAAK,EAAE,WAAW,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAiD5D"}

package/dist/components/Editor.js

@@ -0,0 +1,61 @@
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import * as React from 'react';
+import { CoverMedia } from './CoverMedia.js';
+import { HeroSection } from './HeroSection.js';
+import { PageFooter } from './PageFooter.js';
+import { PageHeader } from './PageHeader.js';
+/**
+ * `Editor` — top-level page renderer for the @droplinked_inc visual
+ * template builder.
+ *
+ * Layout (mirrors the hostile droplinked-editor-configs@1.9.21 page
+ * structure visible in the 2026-05-18 template-builder screenshot):
+ *
+ *   PageHeader (shop name + logo upload slot)
+ *   ├ CoverMedia       (banner image upload)
+ *   ├ HeroSection      (headline + tagline + image)
+ *   └ Custom sections  (PORTING TODO — see README "Porting plan")
+ *   PageFooter (shop name + year)
+ *
+ * Each image upload slot routes through the shared `<UploadImage>`
+ * component, whose `uploadImageToCdn` helper forwards the `token` prop
+ * as `Authorization: Bearer <token>` on every CDN POST. That contract
+ * is the structural fix for the 2026-05-18 template-builder upload bug
+ * triggered by apiv3 PR #1116 making `/uploader/cdn-upload` JWT-required.
+ *
+ * Surface still stubbed in this 0.2.0 (tracked in README):
+ *   - `configured-components/*` (69 product / blog / multicolumn renderers)
+ *   - `InnerContent` zone with drag-drop slot composition
+ *   - `AppStoreProvider` (zustand store wiring)
+ *   - Per-category sidebar UI from `@droplinked_inc/editor-configs`
+ */
+export function Editor(props) {
+    const { token, shopName, initialData, onUpdate, fetchImpl } = props;
+    // The editor owns a local copy of the data envelope so partial edits
+    // (logo upload, then cover upload, then headline edit) compose without
+    // requiring the host to re-feed `initialData` on every keystroke.
+    // The host receives every update through `onUpdate`.
+    const [data, setData] = React.useState(initialData);
+    const handleUpdate = React.useCallback((next) => {
+        setData(next);
+        onUpdate(next);
+    }, [onUpdate]);
+    // When the host re-renders with a fresh `initialData` (e.g. after a
+    // server reload), sync the local cache. We use a ref to detect real
+    // identity changes only — not value-equal updates.
+    const lastInitialRef = React.useRef(initialData);
+    React.useEffect(() => {
+        if (lastInitialRef.current !== initialData) {
+            lastInitialRef.current = initialData;
+            setData(initialData);
+        }
+    }, [initialData]);
+    const sectionProps = {
+        token,
+        data,
+        onUpdate: handleUpdate,
+        ...(fetchImpl !== undefined ? { fetchImpl } : {}),
+    };
+    return (_jsxs("div", { "data-testid": "editor-ui-editor", "data-shop-name": shopName, "data-section": "editor-root", children: [_jsx(PageHeader, { shopName: shopName, ...sectionProps }), _jsxs("main", { "data-testid": "editor-ui-inner-content", "data-section": "inner-content", children: [_jsx(CoverMedia, { ...sectionProps }), _jsx(HeroSection, { ...sectionProps })] }), _jsx(PageFooter, { shopName: shopName, data: data })] }));
+}
+//# sourceMappingURL=Editor.js.map

package/dist/components/Editor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Editor.js","sourceRoot":"","sources":["../../src/components/Editor.tsx"],"names":[],"mappings":";AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAG/B,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAE7C;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,MAAM,CAAC,KAAkB;IACvC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC;IAEpE,qEAAqE;IACrE,uEAAuE;IACvE,kEAAkE;IAClE,qDAAqD;IACrD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAa,WAAW,CAAC,CAAC;IAEhE,MAAM,YAAY,GAAG,KAAK,CAAC,WAAW,CACpC,CAAC,IAAgB,EAAQ,EAAE;QACzB,OAAO,CAAC,IAAI,CAAC,CAAC;QACd,QAAQ,CAAC,IAAI,CAAC,CAAC;IACjB,CAAC,EACD,CAAC,QAAQ,CAAC,CACX,CAAC;IAEF,oEAAoE;IACpE,oEAAoE;IACpE,mDAAmD;IACnD,MAAM,cAAc,GAAG,KAAK,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACjD,KAAK,CAAC,SAAS,CAAC,GAAG,EAAE;QACnB,IAAI,cAAc,CAAC,OAAO,KAAK,WAAW,EAAE,CAAC;YAC3C,cAAc,CAAC,OAAO,GAAG,WAAW,CAAC;YACrC,OAAO,CAAC,WAAW,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC;IAElB,MAAM,YAAY,GAAG;QACnB,KAAK;QACL,IAAI;QACJ,QAAQ,EAAE,YAAY;QACtB,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAClD,CAAC;IAEF,OAAO,CACL,8BACc,kBAAkB,oBACd,QAAQ,kBACX,aAAa,aAE1B,KAAC,UAAU,IAAC,QAAQ,EAAE,QAAQ,KAAM,YAAY,GAAI,EACpD,+BAAkB,yBAAyB,kBAAc,eAAe,aACtE,KAAC,UAAU,OAAK,YAAY,GAAI,EAChC,KAAC,WAAW,OAAK,YAAY,GAAI,IAC5B,EACP,KAAC,UAAU,IAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,GAAI,IAC1C,CACP,CAAC;AACJ,CAAC"}

package/dist/components/HeroSection.d.ts

@@ -0,0 +1,21 @@
+import * as React from 'react';
+import type { EditorData } from '../types.js';
+export interface HeroSectionProps {
+    readonly token: string;
+    readonly data: EditorData;
+    readonly onUpdate: (next: EditorData) => void;
+    readonly fetchImpl?: typeof fetch;
+}
+/**
+ * Hero Section — text + CTA + image slot. The hostile package shipped
+ * three variants (`heroSectionCover`, `heroSectionImageBelow`,
+ * `heroSectionImageWithTextLtr`). 0.2.0 ships the common shell: a single
+ * editable headline + tagline + image. Variant selection is deferred.
+ *
+ * Editable keys on the data envelope:
+ *   - `heroHeadline: string`
+ *   - `heroTagline: string`
+ *   - `heroImageUrl: string`
+ */
+export declare function HeroSection(props: HeroSectionProps): React.JSX.Element;
+//# sourceMappingURL=HeroSection.d.ts.map

package/dist/components/HeroSection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"HeroSection.d.ts","sourceRoot":"","sources":["../../src/components/HeroSection.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,EAAE,UAAU,EAAgB,MAAM,aAAa,CAAC;AAG5D,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,CAAC;IAC9C,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CACnC;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,gBAAgB,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CA8DtE"}

package/dist/components/HeroSection.js

@@ -0,0 +1,31 @@
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import * as React from 'react';
+import { UploadImage } from './UploadImage.js';
+/**
+ * Hero Section — text + CTA + image slot. The hostile package shipped
+ * three variants (`heroSectionCover`, `heroSectionImageBelow`,
+ * `heroSectionImageWithTextLtr`). 0.2.0 ships the common shell: a single
+ * editable headline + tagline + image. Variant selection is deferred.
+ *
+ * Editable keys on the data envelope:
+ *   - `heroHeadline: string`
+ *   - `heroTagline: string`
+ *   - `heroImageUrl: string`
+ */
+export function HeroSection(props) {
+    const { token, data, onUpdate, fetchImpl } = props;
+    const headline = typeof data.heroHeadline === 'string' ? data.heroHeadline : '';
+    const tagline = typeof data.heroTagline === 'string' ? data.heroTagline : '';
+    const imageUrl = typeof data.heroImageUrl === 'string' ? data.heroImageUrl : '';
+    const handleHeadlineChange = React.useCallback((e) => {
+        onUpdate({ ...data, heroHeadline: e.target.value });
+    }, [data, onUpdate]);
+    const handleTaglineChange = React.useCallback((e) => {
+        onUpdate({ ...data, heroTagline: e.target.value });
+    }, [data, onUpdate]);
+    const handleUploaded = React.useCallback((result) => {
+        onUpdate({ ...data, heroImageUrl: result.url });
+    }, [data, onUpdate]);
+    return (_jsxs("section", { "data-testid": "editor-ui-section-hero", "data-section": "hero-section", children: [_jsx("h2", { children: "Hero Section" }), _jsxs("label", { children: ["Headline", _jsx("input", { type: "text", value: headline, onChange: handleHeadlineChange, "data-testid": "editor-ui-hero-headline-input" })] }), _jsxs("label", { children: ["Tagline", _jsx("input", { type: "text", value: tagline, onChange: handleTaglineChange, "data-testid": "editor-ui-hero-tagline-input" })] }), imageUrl !== '' ? (_jsx("img", { src: imageUrl, alt: headline, "data-testid": "editor-ui-hero-image" })) : null, _jsx(UploadImage, { token: token, onUploaded: handleUploaded, ...(fetchImpl !== undefined ? { fetchImpl } : {}), label: "Upload hero image" })] }));
+}
+//# sourceMappingURL=HeroSection.js.map

package/dist/components/HeroSection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"HeroSection.js","sourceRoot":"","sources":["../../src/components/HeroSection.tsx"],"names":[],"mappings":";AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAG/B,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAS/C;;;;;;;;;;GAUG;AACH,MAAM,UAAU,WAAW,CAAC,KAAuB;IACjD,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC;IACnD,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;IAChF,MAAM,OAAO,GAAG,OAAO,IAAI,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;IAC7E,MAAM,QAAQ,GAAG,OAAO,IAAI,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;IAEhF,MAAM,oBAAoB,GAAG,KAAK,CAAC,WAAW,CAC5C,CAAC,CAAsC,EAAQ,EAAE;QAC/C,QAAQ,CAAC,EAAE,GAAG,IAAI,EAAE,YAAY,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IACtD,CAAC,EACD,CAAC,IAAI,EAAE,QAAQ,CAAC,CACjB,CAAC;IAEF,MAAM,mBAAmB,GAAG,KAAK,CAAC,WAAW,CAC3C,CAAC,CAAsC,EAAQ,EAAE;QAC/C,QAAQ,CAAC,EAAE,GAAG,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IACrD,CAAC,EACD,CAAC,IAAI,EAAE,QAAQ,CAAC,CACjB,CAAC;IAEF,MAAM,cAAc,GAAG,KAAK,CAAC,WAAW,CACtC,CAAC,MAAoB,EAAQ,EAAE;QAC7B,QAAQ,CAAC,EAAE,GAAG,IAAI,EAAE,YAAY,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;IAClD,CAAC,EACD,CAAC,IAAI,EAAE,QAAQ,CAAC,CACjB,CAAC;IAEF,OAAO,CACL,kCACc,wBAAwB,kBACvB,cAAc,aAE3B,wCAAqB,EACrB,wCAEE,gBACE,IAAI,EAAC,MAAM,EACX,KAAK,EAAE,QAAQ,EACf,QAAQ,EAAE,oBAAoB,iBAClB,+BAA+B,GAC3C,IACI,EACR,uCAEE,gBACE,IAAI,EAAC,MAAM,EACX,KAAK,EAAE,OAAO,EACd,QAAQ,EAAE,mBAAmB,iBACjB,8BAA8B,GAC1C,IACI,EACP,QAAQ,KAAK,EAAE,CAAC,CAAC,CAAC,CACjB,cAAK,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,iBAAc,sBAAsB,GAAG,CACzE,CAAC,CAAC,CAAC,IAAI,EACR,KAAC,WAAW,IACV,KAAK,EAAE,KAAK,EACZ,UAAU,EAAE,cAAc,KACtB,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAClD,KAAK,EAAC,mBAAmB,GACzB,IACM,CACX,CAAC;AACJ,CAAC"}

package/dist/components/PageFooter.d.ts

@@ -0,0 +1,16 @@
+import * as React from 'react';
+import type { EditorData } from '../types.js';
+export interface PageFooterProps {
+    readonly shopName: string;
+    readonly data: EditorData;
+}
+/**
+ * Minimal `PageFooter` renderer.
+ *
+ * The hostile package shipped a multi-column footer (about / links /
+ * social / newsletter). The 0.2.0 shell renders shop name + year only.
+ * Newsletter signup and social links are deferred — they require port
+ * of the form-control + analytics subsurfaces.
+ */
+export declare function PageFooter(props: PageFooterProps): React.JSX.Element;
+//# sourceMappingURL=PageFooter.d.ts.map

package/dist/components/PageFooter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PageFooter.d.ts","sourceRoot":"","sources":["../../src/components/PageFooter.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;CAC3B;AAED;;;;;;;GAOG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,eAAe,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAcpE"}

package/dist/components/PageFooter.js

@@ -0,0 +1,19 @@
+import { jsxs as _jsxs, jsx as _jsx } from "react/jsx-runtime";
+/**
+ * Minimal `PageFooter` renderer.
+ *
+ * The hostile package shipped a multi-column footer (about / links /
+ * social / newsletter). The 0.2.0 shell renders shop name + year only.
+ * Newsletter signup and social links are deferred — they require port
+ * of the form-control + analytics subsurfaces.
+ */
+export function PageFooter(props) {
+    const { shopName } = props;
+    // We intentionally do NOT call `new Date()` at render time during tests
+    // that snapshot output — but for runtime we want the current year.
+    // jsdom test runs see the real Date so this is deterministic per-day,
+    // which is acceptable for a footer year.
+    const year = new Date().getUTCFullYear();
+    return (_jsx("footer", { "data-testid": "editor-ui-page-footer", "data-section": "page-footer", children: _jsxs("small", { children: ["\u00A9 ", year, " ", shopName] }) }));
+}
+//# sourceMappingURL=PageFooter.js.map

package/dist/components/PageFooter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PageFooter.js","sourceRoot":"","sources":["../../src/components/PageFooter.tsx"],"names":[],"mappings":";AASA;;;;;;;GAOG;AACH,MAAM,UAAU,UAAU,CAAC,KAAsB;IAC/C,MAAM,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;IAC3B,wEAAwE;IACxE,mEAAmE;IACnE,sEAAsE;IACtE,yCAAyC;IACzC,MAAM,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC,cAAc,EAAE,CAAC;IACzC,OAAO,CACL,gCAAoB,uBAAuB,kBAAc,aAAa,YACpE,uCACU,IAAI,OAAG,QAAQ,IACjB,GACD,CACV,CAAC;AACJ,CAAC"}

package/dist/components/PageHeader.d.ts

@@ -0,0 +1,28 @@
+import * as React from 'react';
+import type { EditorData } from '../types.js';
+export interface PageHeaderProps {
+    /** Shop name rendered as the default heading. */
+    readonly shopName: string;
+    /** Bearer JWT — forwarded to image uploads. */
+    readonly token: string;
+    /** Current editor data. The header reads `logoUrl` if present. */
+    readonly data: EditorData;
+    /** Called when the logo image is replaced via the upload widget. */
+    readonly onUpdate: (next: EditorData) => void;
+    /** Override fetch (testing). */
+    readonly fetchImpl?: typeof fetch;
+}
+/**
+ * Minimal `PageHeader` renderer.
+ *
+ * The hostile `droplinked-editor-configs@1.9.21` shipped a Chakra-themed
+ * sticky header with navigation, locale switcher, and cart drawer (~600
+ * LoC). This 0.2.0 lands a structural shell: shop name + logo upload
+ * slot. The point is to give the host page a place to mount the upload
+ * UI so the bug-fix path (Authorization-forwarded /uploader/cdn-upload)
+ * is exercisable from a real layout, not just a synthetic test.
+ *
+ * Navigation / locale / cart are deferred. See README "Porting plan".
+ */
+export declare function PageHeader(props: PageHeaderProps): React.JSX.Element;
+//# sourceMappingURL=PageHeader.d.ts.map

package/dist/components/PageHeader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PageHeader.d.ts","sourceRoot":"","sources":["../../src/components/PageHeader.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,KAAK,EAAE,UAAU,EAAgB,MAAM,aAAa,CAAC;AAG5D,MAAM,WAAW,eAAe;IAC9B,iDAAiD;IACjD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,+CAA+C;IAC/C,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,kEAAkE;IAClE,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,oEAAoE;IACpE,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,CAAC;IAC9C,gCAAgC;IAChC,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CACnC;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,eAAe,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CA+BpE"}

package/dist/components/PageHeader.js

@@ -0,0 +1,24 @@
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import * as React from 'react';
+import { UploadImage } from './UploadImage.js';
+/**
+ * Minimal `PageHeader` renderer.
+ *
+ * The hostile `droplinked-editor-configs@1.9.21` shipped a Chakra-themed
+ * sticky header with navigation, locale switcher, and cart drawer (~600
+ * LoC). This 0.2.0 lands a structural shell: shop name + logo upload
+ * slot. The point is to give the host page a place to mount the upload
+ * UI so the bug-fix path (Authorization-forwarded /uploader/cdn-upload)
+ * is exercisable from a real layout, not just a synthetic test.
+ *
+ * Navigation / locale / cart are deferred. See README "Porting plan".
+ */
+export function PageHeader(props) {
+    const { shopName, token, data, onUpdate, fetchImpl } = props;
+    const logoUrl = typeof data.logoUrl === 'string' ? data.logoUrl : '';
+    const handleUploaded = React.useCallback((result) => {
+        onUpdate({ ...data, logoUrl: result.url });
+    }, [data, onUpdate]);
+    return (_jsx("header", { "data-testid": "editor-ui-page-header", "data-section": "page-header", children: _jsxs("div", { "data-testid": "editor-ui-section-logo", "data-section": "logo", children: [_jsx("span", { "data-testid": "editor-ui-shop-name", children: shopName }), logoUrl !== '' ? (_jsx("img", { src: logoUrl, alt: `${shopName} logo`, "data-testid": "editor-ui-logo-image" })) : null, _jsx(UploadImage, { token: token, onUploaded: handleUploaded, ...(fetchImpl !== undefined ? { fetchImpl } : {}), label: "Upload logo" })] }) }));
+}
+//# sourceMappingURL=PageHeader.js.map

package/dist/components/PageHeader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"PageHeader.js","sourceRoot":"","sources":["../../src/components/PageHeader.tsx"],"names":[],"mappings":";AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAG/B,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAe/C;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,UAAU,CAAC,KAAsB;IAC/C,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC;IAC7D,MAAM,OAAO,GAAG,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;IAErE,MAAM,cAAc,GAAG,KAAK,CAAC,WAAW,CACtC,CAAC,MAAoB,EAAQ,EAAE;QAC7B,QAAQ,CAAC,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7C,CAAC,EACD,CAAC,IAAI,EAAE,QAAQ,CAAC,CACjB,CAAC;IAEF,OAAO,CACL,gCAAoB,uBAAuB,kBAAc,aAAa,YACpE,8BAAiB,wBAAwB,kBAAc,MAAM,aAC3D,8BAAkB,qBAAqB,YAAE,QAAQ,GAAQ,EACxD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAChB,cACE,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,GAAG,QAAQ,OAAO,iBACX,sBAAsB,GAClC,CACH,CAAC,CAAC,CAAC,IAAI,EACR,KAAC,WAAW,IACV,KAAK,EAAE,KAAK,EACZ,UAAU,EAAE,cAAc,KACtB,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAClD,KAAK,EAAC,aAAa,GACnB,IACE,GACC,CACV,CAAC;AACJ,CAAC"}

package/dist/components/UploadImage.d.ts

@@ -0,0 +1,26 @@
+import * as React from 'react';
+import type { UploadResult } from '../types.js';
+export interface UploadImageProps {
+    /** Bearer token forwarded as `Authorization: Bearer <token>` to the CDN. */
+    readonly token: string;
+    /** Called with the uploaded asset URL on success. */
+    readonly onUploaded: (result: UploadResult) => void;
+    /** Called with the thrown Error on failure. */
+    readonly onError?: (err: Error) => void;
+    /** Override the upload endpoint (testing / staging). */
+    readonly endpoint?: string;
+    /** Override fetch implementation (testing). */
+    readonly fetchImpl?: typeof fetch;
+    /** Accepted MIME types for the underlying `<input type=file>`. */
+    readonly accept?: string;
+    /** Button label. */
+    readonly label?: string;
+}
+/**
+ * Minimal image-upload UI. The hostile package shipped a Chakra-themed
+ * widget tightly coupled to the editor's zustand store; this 0.1.0 ships
+ * a plain unstyled input so the bug-fix can land without dragging Chakra
+ * into the dependency graph. Consumers can wrap or replace styles.
+ */
+export declare function UploadImage(props: UploadImageProps): React.JSX.Element;
+//# sourceMappingURL=UploadImage.d.ts.map

package/dist/components/UploadImage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"UploadImage.d.ts","sourceRoot":"","sources":["../../src/components/UploadImage.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAG/B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEhD,MAAM,WAAW,gBAAgB;IAC/B,4EAA4E;IAC5E,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,qDAAqD;IACrD,QAAQ,CAAC,UAAU,EAAE,CAAC,MAAM,EAAE,YAAY,KAAK,IAAI,CAAC;IACpD,+CAA+C;IAC/C,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,KAAK,KAAK,IAAI,CAAC;IACxC,wDAAwD;IACxD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,+CAA+C;IAC/C,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;IAClC,kEAAkE;IAClE,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,oBAAoB;IACpB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,gBAAgB,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CA2CtE"}

package/dist/components/UploadImage.js

@@ -0,0 +1,43 @@
+import { jsx as _jsx, jsxs as _jsxs } from "react/jsx-runtime";
+import * as React from 'react';
+import { uploadImageToCdn } from '../internal/upload.js';
+/**
+ * Minimal image-upload UI. The hostile package shipped a Chakra-themed
+ * widget tightly coupled to the editor's zustand store; this 0.1.0 ships
+ * a plain unstyled input so the bug-fix can land without dragging Chakra
+ * into the dependency graph. Consumers can wrap or replace styles.
+ */
+export function UploadImage(props) {
+    const { token, onUploaded, onError, endpoint, fetchImpl, accept = 'image/*', label = 'Upload image' } = props;
+    const [busy, setBusy] = React.useState(false);
+    const inputRef = React.useRef(null);
+    const onChange = React.useCallback(async (e) => {
+        const file = e.target.files?.[0];
+        if (!file)
+            return;
+        setBusy(true);
+        try {
+            const result = await uploadImageToCdn(file, {
+                token,
+                ...(endpoint !== undefined ? { endpoint } : {}),
+                ...(fetchImpl !== undefined ? { fetchImpl } : {}),
+            });
+            onUploaded(result);
+        }
+        catch (err) {
+            const e2 = err instanceof Error ? err : new Error(String(err));
+            if (onError)
+                onError(e2);
+            else
+                throw e2;
+        }
+        finally {
+            setBusy(false);
+            // Reset so the same file can be re-selected.
+            if (inputRef.current)
+                inputRef.current.value = '';
+        }
+    }, [token, endpoint, fetchImpl, onUploaded, onError]);
+    return (_jsxs("label", { "data-testid": "editor-ui-upload-image", children: [_jsx("span", { children: busy ? 'Uploading…' : label }), _jsx("input", { ref: inputRef, type: "file", accept: accept, disabled: busy, onChange: onChange, "data-testid": "editor-ui-upload-image-input" })] }));
+}
+//# sourceMappingURL=UploadImage.js.map

package/dist/components/UploadImage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"UploadImage.js","sourceRoot":"","sources":["../../src/components/UploadImage.tsx"],"names":[],"mappings":";AAAA,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAoBzD;;;;;GAKG;AACH,MAAM,UAAU,WAAW,CAAC,KAAuB;IACjD,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,GAAG,SAAS,EAAE,KAAK,GAAG,cAAc,EAAE,GAAG,KAAK,CAAC;IAC9G,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAA0B,IAAI,CAAC,CAAC;IAE7D,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAChC,KAAK,EAAE,CAAsC,EAAiB,EAAE;QAC9D,MAAM,IAAI,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI;YAAE,OAAO;QAClB,OAAO,CAAC,IAAI,CAAC,CAAC;QACd,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,IAAI,EAAE;gBAC1C,KAAK;gBACL,GAAG,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC/C,GAAG,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAClD,CAAC,CAAC;YACH,UAAU,CAAC,MAAM,CAAC,CAAC;QACrB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,EAAE,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/D,IAAI,OAAO;gBAAE,OAAO,CAAC,EAAE,CAAC,CAAC;;gBACpB,MAAM,EAAE,CAAC;QAChB,CAAC;gBAAS,CAAC;YACT,OAAO,CAAC,KAAK,CAAC,CAAC;YACf,6CAA6C;YAC7C,IAAI,QAAQ,CAAC,OAAO;gBAAE,QAAQ,CAAC,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC;QACpD,CAAC;IACH,CAAC,EACD,CAAC,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,CAAC,CAClD,CAAC;IAEF,OAAO,CACL,gCAAmB,wBAAwB,aACzC,yBAAO,IAAI,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,GAAQ,EAC1C,gBACE,GAAG,EAAE,QAAQ,EACb,IAAI,EAAC,MAAM,EACX,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,IAAI,EACd,QAAQ,EAAE,QAAQ,iBACN,8BAA8B,GAC1C,IACI,CACT,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,14 @@
+export { Editor } from './components/Editor.js';
+export { UploadImage } from './components/UploadImage.js';
+export type { UploadImageProps } from './components/UploadImage.js';
+export { PageHeader } from './components/PageHeader.js';
+export type { PageHeaderProps } from './components/PageHeader.js';
+export { PageFooter } from './components/PageFooter.js';
+export type { PageFooterProps } from './components/PageFooter.js';
+export { CoverMedia } from './components/CoverMedia.js';
+export type { CoverMediaProps } from './components/CoverMedia.js';
+export { HeroSection } from './components/HeroSection.js';
+export type { HeroSectionProps } from './components/HeroSection.js';
+export { uploadImageToCdn, DEFAULT_UPLOAD_ENDPOINT } from './internal/upload.js';
+export type { EditorData, EditorProps, UploadConfig, UploadResult, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC1D,YAAY,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,YAAY,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,YAAY,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,YAAY,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC1D,YAAY,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AACpE,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AACjF,YAAY,EACV,UAAU,EACV,WAAW,EACX,YAAY,EACZ,YAAY,GACb,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,8 @@
+export { Editor } from './components/Editor.js';
+export { UploadImage } from './components/UploadImage.js';
+export { PageHeader } from './components/PageHeader.js';
+export { PageFooter } from './components/PageFooter.js';
+export { CoverMedia } from './components/CoverMedia.js';
+export { HeroSection } from './components/HeroSection.js';
+export { uploadImageToCdn, DEFAULT_UPLOAD_ENDPOINT } from './internal/upload.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAExD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAExD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAExD,OAAO,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAE1D,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/internal/upload.d.ts

@@ -0,0 +1,30 @@
+import type { UploadConfig, UploadResult } from '../types.js';
+/**
+ * Default droplinked CDN uploader endpoint.
+ *
+ * The hostile `droplinked-editor-configs@1.9.19` hardcoded this URL inline
+ * inside the editor renderer. We keep it as a single named export so any
+ * future migration to a runtime-config-injected endpoint is a one-line
+ * change, and so consumers can override it in tests or for staging
+ * environments.
+ */
+export declare const DEFAULT_UPLOAD_ENDPOINT = "https://apiv3.droplinked.com/uploader/cdn-upload";
+/**
+ * Upload a binary blob (image) to the droplinked CDN.
+ *
+ * Bug fix vs hostile `droplinked-editor-configs@1.9.19`: the `token`
+ * prop is forwarded as the `Authorization` header. The hostile release
+ * accepted a `token` prop on `<Editor>` but the internal upload call did
+ * not forward it, which produced 401s after apiv3 PR #1116 made the
+ * uploader JWT-required on 2026-05-18. This was the trigger for the
+ * supply-chain port.
+ *
+ * Notes:
+ * - We do NOT serialize the token into the request body or the URL.
+ * - We do NOT log the token. The token is passed through to `fetch`
+ *   and not retained.
+ * - We use `multipart/form-data` (set automatically by `FormData`).
+ * - We do not catch errors silently — caller decides how to surface them.
+ */
+export declare function uploadImageToCdn(file: Blob, config: UploadConfig): Promise<UploadResult>;
+//# sourceMappingURL=upload.d.ts.map

package/dist/internal/upload.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"upload.d.ts","sourceRoot":"","sources":["../../src/internal/upload.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE9D;;;;;;;;GAQG;AACH,eAAO,MAAM,uBAAuB,qDAAqD,CAAC;AAE1F;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAuC9F"}

package/dist/internal/upload.js

@@ -0,0 +1,57 @@
+/**
+ * Default droplinked CDN uploader endpoint.
+ *
+ * The hostile `droplinked-editor-configs@1.9.19` hardcoded this URL inline
+ * inside the editor renderer. We keep it as a single named export so any
+ * future migration to a runtime-config-injected endpoint is a one-line
+ * change, and so consumers can override it in tests or for staging
+ * environments.
+ */
+export const DEFAULT_UPLOAD_ENDPOINT = 'https://apiv3.droplinked.com/uploader/cdn-upload';
+/**
+ * Upload a binary blob (image) to the droplinked CDN.
+ *
+ * Bug fix vs hostile `droplinked-editor-configs@1.9.19`: the `token`
+ * prop is forwarded as the `Authorization` header. The hostile release
+ * accepted a `token` prop on `<Editor>` but the internal upload call did
+ * not forward it, which produced 401s after apiv3 PR #1116 made the
+ * uploader JWT-required on 2026-05-18. This was the trigger for the
+ * supply-chain port.
+ *
+ * Notes:
+ * - We do NOT serialize the token into the request body or the URL.
+ * - We do NOT log the token. The token is passed through to `fetch`
+ *   and not retained.
+ * - We use `multipart/form-data` (set automatically by `FormData`).
+ * - We do not catch errors silently — caller decides how to surface them.
+ */
+export async function uploadImageToCdn(file, config) {
+    if (!config.token) {
+        throw new Error('[@droplinked_inc/editor-ui] uploadImageToCdn: missing token. ' +
+            'apiv3 /uploader/cdn-upload is JWT-required as of 2026-05-18; ' +
+            'pass the Editor `token` prop through to this call.');
+    }
+    const endpoint = config.endpoint ?? DEFAULT_UPLOAD_ENDPOINT;
+    const fetchImpl = config.fetchImpl ?? fetch;
+    const form = new FormData();
+    form.append('file', file);
+    const res = await fetchImpl(endpoint, {
+        method: 'POST',
+        headers: {
+            // CRUCIAL — this is the line whose absence in 1.9.19 caused the
+            // template-builder upload bug. Do not remove without coordinating
+            // with apiv3 auth on /uploader/cdn-upload.
+            Authorization: `Bearer ${config.token}`,
+        },
+        body: form,
+    });
+    if (!res.ok) {
+        throw new Error(`[@droplinked_inc/editor-ui] uploadImageToCdn: HTTP ${res.status} ${res.statusText}`);
+    }
+    const json = (await res.json());
+    if (typeof json.url !== 'string' || json.url.length === 0) {
+        throw new Error('[@droplinked_inc/editor-ui] uploadImageToCdn: malformed response — expected { url: string }');
+    }
+    return { url: json.url };
+}
+//# sourceMappingURL=upload.js.map

package/dist/internal/upload.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upload.js","sourceRoot":"","sources":["../../src/internal/upload.ts"],"names":[],"mappings":"AAEA;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,kDAAkD,CAAC;AAE1F;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAU,EAAE,MAAoB;IACrE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CACb,+DAA+D;YAC7D,+DAA+D;YAC/D,oDAAoD,CACvD,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,uBAAuB,CAAC;IAC5D,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,KAAK,CAAC;IAE5C,MAAM,IAAI,GAAG,IAAI,QAAQ,EAAE,CAAC;IAC5B,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAE1B,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,QAAQ,EAAE;QACpC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,gEAAgE;YAChE,kEAAkE;YAClE,2CAA2C;YAC3C,aAAa,EAAE,UAAU,MAAM,CAAC,KAAK,EAAE;SACxC;QACD,IAAI,EAAE,IAAI;KACX,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,sDAAsD,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,UAAU,EAAE,CACrF,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAsB,CAAC;IACrD,IAAI,OAAO,IAAI,CAAC,GAAG,KAAK,QAAQ,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CACb,6FAA6F,CAC9F,CAAC;IACJ,CAAC;IACD,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC;AAC3B,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Public types for `@droplinked_inc/editor-ui`.
+ *
+ * These mirror the prop surface that consumers of the hostile
+ * `droplinked-editor-configs@1.9.19` `Editor` component relied on
+ * (see `droplinked-shop-builder/src/pages/template-designer/
+ * TemplateDesigner.client.tsx`). They are exported up-front so consumers
+ * can compile against `@droplinked_inc/editor-ui` even while the renderer
+ * implementation is still being ported.
+ */
+/**
+ * Minimal data envelope passed in/out of the editor.
+ *
+ * Intentionally typed as `unknown` payloads at this layer — the canonical
+ * shape lives in `@droplinked_inc/editor-configs`. Once that package's
+ * `Config` / `Data` types are wired through, this will be tightened.
+ */
+export interface EditorData {
+    readonly [key: string]: unknown;
+}
+/**
+ * Props for the top-level `Editor` renderer.
+ *
+ * `token` MUST be a fresh JWT obtained by the host application. It is
+ * forwarded as `Authorization: Bearer <token>` on every upload call.
+ * This is the contract that the hostile 1.9.19 release silently violated
+ * (it accepted the prop but did not forward it on the CDN upload), which
+ * surfaced as the template-builder upload failure on 2026-05-18 after
+ * apiv3 PR #1116 enforced JWT on `/uploader/cdn-upload`.
+ */
+export interface EditorProps {
+    readonly initialData: EditorData;
+    readonly shopName: string;
+    readonly onUpdate: (next: EditorData) => void;
+    readonly publishLoading?: boolean;
+    readonly iframe?: boolean;
+    readonly themeName?: string;
+    readonly isLive?: boolean;
+    readonly isNewTheme?: boolean;
+    readonly onExit?: () => void;
+    readonly updateData?: (next: EditorData) => void;
+    readonly token: string;
+    /**
+     * Inject a `fetch` implementation. Defaults to global `fetch`. Tests
+     * pass a `jest.fn()`; production hosts should omit this prop.
+     */
+    readonly fetchImpl?: typeof fetch;
+}
+/**
+ * Result of a successful upload to the droplinked CDN.
+ */
+export interface UploadResult {
+    readonly url: string;
+}
+/**
+ * Configuration for `uploadImageToCdn` and the `<UploadImage>` component.
+ */
+export interface UploadConfig {
+    /**
+     * Bearer token forwarded as `Authorization: Bearer <token>`. Required —
+     * `/uploader/cdn-upload` rejects unauthenticated requests as of apiv3
+     * PR #1116.
+     */
+    readonly token: string;
+    /**
+     * Override the upload endpoint. Defaults to the droplinked production
+     * apiv3 CDN uploader. Tests inject a stub here.
+     */
+    readonly endpoint?: string;
+    /**
+     * Inject a `fetch` implementation. Defaults to global `fetch`. Tests
+     * inject a jest.fn().
+     */
+    readonly fetchImpl?: typeof fetch;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;GAMG;AACH,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACjC;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC;IACjC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,CAAC;IAC9C,QAAQ,CAAC,cAAc,CAAC,EAAE,OAAO,CAAC;IAClC,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC;IAC7B,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,CAAC;IACjD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CACnC;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B;;;;OAIG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B;;;OAGG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CACnC"}

package/dist/types.js

@@ -0,0 +1,12 @@
+/**
+ * Public types for `@droplinked_inc/editor-ui`.
+ *
+ * These mirror the prop surface that consumers of the hostile
+ * `droplinked-editor-configs@1.9.19` `Editor` component relied on
+ * (see `droplinked-shop-builder/src/pages/template-designer/
+ * TemplateDesigner.client.tsx`). They are exported up-front so consumers
+ * can compile against `@droplinked_inc/editor-ui` even while the renderer
+ * implementation is still being ported.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG"}

package/package.json

@@ -0,0 +1,62 @@
+{
+  "name": "@droplinked_inc/editor-ui",
+  "version": "0.3.0",
+  "description": "Renderer + image-upload UI for the @droplinked_inc visual editor. Initial rebuild port of the page-level renderer from the hostile droplinked-editor-configs@1.9.19. Most surface area is intentionally stubbed in this 0.1.0 — see README for the porting plan.",
+  "license": "MIT",
+  "type": "module",
+  "sideEffects": false,
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "THREAT_MODEL.md",
+    "LICENSE"
+  ],
+  "peerDependencies": {
+    "@droplinked_inc/editor-configs": "^0.1.0",
+    "react": "^18.0.0 || ^19.0.0",
+    "react-dom": "^18.0.0 || ^19.0.0"
+  },
+  "devDependencies": {
+    "@testing-library/jest-dom": "^6.6.3",
+    "@testing-library/react": "^16.1.0",
+    "@testing-library/user-event": "^14.6.1",
+    "@types/jest": "^29.5.14",
+    "@types/react": "^19.0.0",
+    "@types/react-dom": "^19.0.0",
+    "jest-environment-jsdom": "^29.7.0",
+    "react": "^19.0.0",
+    "react-dom": "^19.0.0",
+    "@droplinked_inc/editor-configs": "0.1.1"
+  },
+  "publishConfig": {
+    "provenance": false,
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/droplinked/droplink-packages.git",
+    "directory": "packages/editor-ui"
+  },
+  "homepage": "https://github.com/droplinked/droplink-packages/tree/main/packages/editor-ui#readme",
+  "bugs": {
+    "url": "https://github.com/droplinked/droplink-packages/issues"
+  },
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "test": "jest",
+    "test:coverage": "jest --coverage",
+    "lint": "eslint src",
+    "typecheck": "tsc --noEmit -p tsconfig.json"
+  }
+}