@handled-ai/design-system 0.18.53 → 0.19.0-rc.0

package/dist/internal/safe-html.js

@@ -0,0 +1,222 @@
+const DANGEROUS_BLOCK_TAGS = /* @__PURE__ */ new Set([
+  "script",
+  "style",
+  "iframe",
+  "object",
+  "embed",
+  "svg",
+  "math",
+  "template",
+  "noscript",
+  "textarea",
+  "select"
+]);
+const ALLOWED_TAGS = /* @__PURE__ */ new Set([
+  "a",
+  "b",
+  "blockquote",
+  "br",
+  "code",
+  "del",
+  "div",
+  "em",
+  "hr",
+  "i",
+  "img",
+  "li",
+  "ol",
+  "p",
+  "pre",
+  "s",
+  "span",
+  "strong",
+  "table",
+  "tbody",
+  "td",
+  "th",
+  "thead",
+  "tr",
+  "u",
+  "ul"
+]);
+const VOID_TAGS = /* @__PURE__ */ new Set(["br", "hr", "img"]);
+const SAFE_GLOBAL_ATTRS = /* @__PURE__ */ new Set(["aria-label", "role", "title"]);
+const SAFE_URL_PROTOCOLS = /* @__PURE__ */ new Set(["http:", "https:", "mailto:", "tel:"]);
+function escapeHtml(value) {
+  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+}
+function escapeAttribute(value) {
+  return escapeHtml(value).replace(/"/g, "&quot;");
+}
+function safeCodePoint(value) {
+  return Number.isInteger(value) && value >= 0 && value <= 1114111 ? String.fromCodePoint(value) : "";
+}
+function decodeHtmlEntities(value) {
+  const namedEntities = {
+    amp: "&",
+    apos: "'",
+    colon: ":",
+    gt: ">",
+    lt: "<",
+    newline: "\n",
+    quot: '"',
+    tab: "	"
+  };
+  let decoded = value;
+  for (let i = 0; i < 4; i += 1) {
+    const next = decoded.replace(/&#x([0-9a-f]+);?/gi, (_match, hex) => {
+      const codePoint = Number.parseInt(hex, 16);
+      return safeCodePoint(codePoint);
+    }).replace(/&#(\d+);?/g, (_match, decimal) => {
+      const codePoint = Number.parseInt(decimal, 10);
+      return safeCodePoint(codePoint);
+    }).replace(/&([a-z]+);/gi, (match, name) => {
+      var _a;
+      return (_a = namedEntities[name.toLowerCase()]) != null ? _a : match;
+    });
+    if (next === decoded) return decoded;
+    decoded = next;
+  }
+  return decoded;
+}
+function isSafeUrl(value) {
+  const decoded = decodeHtmlEntities(value).replace(/[\u0000-\u001f\u007f\s]+/g, "").trim();
+  if (!decoded) return false;
+  if (decoded.startsWith("//")) return false;
+  if (decoded.startsWith("#") || decoded.startsWith("/") || decoded.startsWith("./") || decoded.startsWith("../")) {
+    return true;
+  }
+  try {
+    return SAFE_URL_PROTOCOLS.has(new URL(decoded, "https://handled.local").protocol);
+  } catch (e) {
+    return false;
+  }
+}
+function sanitizeClassName(value) {
+  const safeTokens = value.split(/\s+/).map((token) => token.trim()).filter((token) => /^[A-Za-z0-9_-]+$/.test(token));
+  return safeTokens.length ? safeTokens.join(" ") : null;
+}
+function sanitizeAttribute(tagName, name, value) {
+  const attr = name.toLowerCase();
+  if (attr.startsWith("on") || attr === "style" || attr === "srcdoc" || attr === "formaction" || attr === "xlink:href" || attr === "xmlns") {
+    return null;
+  }
+  if (attr === "class") {
+    const safeClassName = sanitizeClassName(value);
+    return safeClassName ? `class="${escapeAttribute(safeClassName)}"` : null;
+  }
+  if (SAFE_GLOBAL_ATTRS.has(attr) || attr.startsWith("aria-")) {
+    return `${attr}="${escapeAttribute(value)}"`;
+  }
+  if (tagName === "a" && attr === "href" && isSafeUrl(value)) {
+    return `href="${escapeAttribute(value)}"`;
+  }
+  if (tagName === "img" && attr === "src" && isSafeUrl(value)) {
+    return `src="${escapeAttribute(value)}"`;
+  }
+  if (tagName === "img" && (attr === "alt" || attr === "width" || attr === "height")) {
+    return `${attr}="${escapeAttribute(value)}"`;
+  }
+  if ((tagName === "td" || tagName === "th") && (attr === "colspan" || attr === "rowspan")) {
+    return `${attr}="${escapeAttribute(value)}"`;
+  }
+  return null;
+}
+function sanitizeAttributes(tagName, rawAttributes = "") {
+  var _a, _b;
+  const attributes = [];
+  const attrPattern = /([A-Za-z_:][-A-Za-z0-9_:.]*)(?:\s*=\s*(?:"([^"]*)"|'([^']*)'|([^\s"'=<>`]+)))?/g;
+  let match;
+  while ((match = attrPattern.exec(rawAttributes)) !== null) {
+    const [, name, doubleQuotedValue, singleQuotedValue, unquotedValue] = match;
+    const value = (_b = (_a = doubleQuotedValue != null ? doubleQuotedValue : singleQuotedValue) != null ? _a : unquotedValue) != null ? _b : "";
+    const safeAttribute = sanitizeAttribute(tagName, name, value);
+    if (safeAttribute) attributes.push(safeAttribute);
+  }
+  if (tagName === "a" && attributes.some((attr) => attr.startsWith("href="))) {
+    attributes.push('target="_blank"', 'rel="noopener noreferrer"');
+  }
+  return attributes.length ? ` ${attributes.join(" ")}` : "";
+}
+function findTagEnd(html, startIndex) {
+  let quote = null;
+  for (let i = startIndex + 1; i < html.length; i += 1) {
+    const char = html[i];
+    if (quote) {
+      if (char === quote) quote = null;
+      continue;
+    }
+    if (char === '"' || char === "'") {
+      quote = char;
+      continue;
+    }
+    if (char === ">") return i;
+  }
+  return -1;
+}
+function parseTag(rawTag) {
+  var _a;
+  const match = rawTag.match(/^<\s*(\/)?\s*([A-Za-z][A-Za-z0-9:-]*)\b([\s\S]*?)\/?>$/);
+  if (!match) return null;
+  return {
+    closing: !!match[1],
+    name: match[2].toLowerCase(),
+    attributes: (_a = match[3]) != null ? _a : ""
+  };
+}
+function findDangerousClose(html, tagName, fromIndex) {
+  const closePattern = new RegExp(`</\\s*${tagName}\\s*>`, "ig");
+  closePattern.lastIndex = fromIndex;
+  const match = closePattern.exec(html);
+  return match ? closePattern.lastIndex : -1;
+}
+function sanitizeHtml(html) {
+  let output = "";
+  let cursor = 0;
+  while (cursor < html.length) {
+    const tagStart = html.indexOf("<", cursor);
+    if (tagStart === -1) {
+      output += html.slice(cursor);
+      break;
+    }
+    output += html.slice(cursor, tagStart);
+    if (html.startsWith("<!--", tagStart)) {
+      const commentEnd = html.indexOf("-->", tagStart + 4);
+      cursor = commentEnd === -1 ? html.length : commentEnd + 3;
+      continue;
+    }
+    const tagEnd = findTagEnd(html, tagStart);
+    if (tagEnd === -1) {
+      output += escapeHtml(html.slice(tagStart));
+      break;
+    }
+    const rawTag = html.slice(tagStart, tagEnd + 1);
+    const parsed = parseTag(rawTag);
+    if (!parsed) {
+      cursor = tagEnd + 1;
+      continue;
+    }
+    if (DANGEROUS_BLOCK_TAGS.has(parsed.name)) {
+      const closeEnd = parsed.closing ? -1 : findDangerousClose(html, parsed.name, tagEnd + 1);
+      cursor = closeEnd === -1 ? tagEnd + 1 : closeEnd;
+      continue;
+    }
+    if (ALLOWED_TAGS.has(parsed.name)) {
+      if (parsed.closing) {
+        if (!VOID_TAGS.has(parsed.name)) output += `</${parsed.name}>`;
+      } else {
+        output += `<${parsed.name}${sanitizeAttributes(parsed.name, parsed.attributes)}>`;
+      }
+    }
+    cursor = tagEnd + 1;
+  }
+  return output;
+}
+function htmlToTextSnippet(html, maxLength = 140) {
+  return sanitizeHtml(html).replace(/<[^>]+>/g, " ").replace(/\s+/g, " ").trim().slice(0, maxLength);
+}
+export {
+  htmlToTextSnippet,
+  sanitizeHtml
+};
+//# sourceMappingURL=safe-html.js.map

package/dist/internal/safe-html.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/internal/safe-html.ts"],"sourcesContent":["const DANGEROUS_BLOCK_TAGS = new Set([\n  \"script\",\n  \"style\",\n  \"iframe\",\n  \"object\",\n  \"embed\",\n  \"svg\",\n  \"math\",\n  \"template\",\n  \"noscript\",\n  \"textarea\",\n  \"select\",\n])\n\nconst ALLOWED_TAGS = new Set([\n  \"a\",\n  \"b\",\n  \"blockquote\",\n  \"br\",\n  \"code\",\n  \"del\",\n  \"div\",\n  \"em\",\n  \"hr\",\n  \"i\",\n  \"img\",\n  \"li\",\n  \"ol\",\n  \"p\",\n  \"pre\",\n  \"s\",\n  \"span\",\n  \"strong\",\n  \"table\",\n  \"tbody\",\n  \"td\",\n  \"th\",\n  \"thead\",\n  \"tr\",\n  \"u\",\n  \"ul\",\n])\n\nconst VOID_TAGS = new Set([\"br\", \"hr\", \"img\"])\nconst SAFE_GLOBAL_ATTRS = new Set([\"aria-label\", \"role\", \"title\"])\nconst SAFE_URL_PROTOCOLS = new Set([\"http:\", \"https:\", \"mailto:\", \"tel:\"])\n\nfunction escapeHtml(value: string): string {\n  return value\n    .replace(/&/g, \"&amp;\")\n    .replace(/</g, \"&lt;\")\n    .replace(/>/g, \"&gt;\")\n}\n\nfunction escapeAttribute(value: string): string {\n  return escapeHtml(value).replace(/\"/g, \"&quot;\")\n}\n\nfunction safeCodePoint(value: number): string {\n  return Number.isInteger(value) && value >= 0 && value <= 0x10ffff ? String.fromCodePoint(value) : \"\"\n}\n\nfunction decodeHtmlEntities(value: string): string {\n  const namedEntities: Record<string, string> = {\n    amp: \"&\",\n    apos: \"'\",\n    colon: \":\",\n    gt: \">\",\n    lt: \"<\",\n    newline: \"\\n\",\n    quot: '\"',\n    tab: \"\\t\",\n  }\n\n  let decoded = value\n  for (let i = 0; i < 4; i += 1) {\n    const next = decoded\n      .replace(/&#x([0-9a-f]+);?/gi, (_match, hex: string) => {\n        const codePoint = Number.parseInt(hex, 16)\n        return safeCodePoint(codePoint)\n      })\n      .replace(/&#(\\d+);?/g, (_match, decimal: string) => {\n        const codePoint = Number.parseInt(decimal, 10)\n        return safeCodePoint(codePoint)\n      })\n      .replace(/&([a-z]+);/gi, (match, name: string) => namedEntities[name.toLowerCase()] ?? match)\n\n    if (next === decoded) return decoded\n    decoded = next\n  }\n\n  return decoded\n}\n\nfunction isSafeUrl(value: string): boolean {\n  const decoded = decodeHtmlEntities(value).replace(/[\\u0000-\\u001f\\u007f\\s]+/g, \"\").trim()\n  if (!decoded) return false\n  if (decoded.startsWith(\"//\")) return false\n  if (decoded.startsWith(\"#\") || decoded.startsWith(\"/\") || decoded.startsWith(\"./\") || decoded.startsWith(\"../\")) {\n    return true\n  }\n\n  try {\n    return SAFE_URL_PROTOCOLS.has(new URL(decoded, \"https://handled.local\").protocol)\n  } catch {\n    return false\n  }\n}\n\nfunction sanitizeClassName(value: string): string | null {\n  const safeTokens = value\n    .split(/\\s+/)\n    .map((token) => token.trim())\n    .filter((token) => /^[A-Za-z0-9_-]+$/.test(token))\n\n  return safeTokens.length ? safeTokens.join(\" \") : null\n}\n\nfunction sanitizeAttribute(tagName: string, name: string, value: string): string | null {\n  const attr = name.toLowerCase()\n\n  if (\n    attr.startsWith(\"on\") ||\n    attr === \"style\" ||\n    attr === \"srcdoc\" ||\n    attr === \"formaction\" ||\n    attr === \"xlink:href\" ||\n    attr === \"xmlns\"\n  ) {\n    return null\n  }\n\n  if (attr === \"class\") {\n    const safeClassName = sanitizeClassName(value)\n    return safeClassName ? `class=\"${escapeAttribute(safeClassName)}\"` : null\n  }\n\n  if (SAFE_GLOBAL_ATTRS.has(attr) || attr.startsWith(\"aria-\")) {\n    return `${attr}=\"${escapeAttribute(value)}\"`\n  }\n\n  if (tagName === \"a\" && attr === \"href\" && isSafeUrl(value)) {\n    return `href=\"${escapeAttribute(value)}\"`\n  }\n\n  if (tagName === \"img\" && attr === \"src\" && isSafeUrl(value)) {\n    return `src=\"${escapeAttribute(value)}\"`\n  }\n\n  if (tagName === \"img\" && (attr === \"alt\" || attr === \"width\" || attr === \"height\")) {\n    return `${attr}=\"${escapeAttribute(value)}\"`\n  }\n\n  if ((tagName === \"td\" || tagName === \"th\") && (attr === \"colspan\" || attr === \"rowspan\")) {\n    return `${attr}=\"${escapeAttribute(value)}\"`\n  }\n\n  return null\n}\n\nfunction sanitizeAttributes(tagName: string, rawAttributes = \"\"): string {\n  const attributes: string[] = []\n  const attrPattern = /([A-Za-z_:][-A-Za-z0-9_:.]*)(?:\\s*=\\s*(?:\"([^\"]*)\"|'([^']*)'|([^\\s\"'=<>`]+)))?/g\n  let match: RegExpExecArray | null\n\n  while ((match = attrPattern.exec(rawAttributes)) !== null) {\n    const [, name, doubleQuotedValue, singleQuotedValue, unquotedValue] = match\n    const value = doubleQuotedValue ?? singleQuotedValue ?? unquotedValue ?? \"\"\n    const safeAttribute = sanitizeAttribute(tagName, name, value)\n    if (safeAttribute) attributes.push(safeAttribute)\n  }\n\n  if (tagName === \"a\" && attributes.some((attr) => attr.startsWith(\"href=\"))) {\n    attributes.push('target=\"_blank\"', 'rel=\"noopener noreferrer\"')\n  }\n\n  return attributes.length ? ` ${attributes.join(\" \")}` : \"\"\n}\n\nfunction findTagEnd(html: string, startIndex: number): number {\n  let quote: '\"' | \"'\" | null = null\n\n  for (let i = startIndex + 1; i < html.length; i += 1) {\n    const char = html[i]\n    if (quote) {\n      if (char === quote) quote = null\n      continue\n    }\n\n    if (char === '\"' || char === \"'\") {\n      quote = char\n      continue\n    }\n\n    if (char === \">\") return i\n  }\n\n  return -1\n}\n\nfunction parseTag(rawTag: string): { closing: boolean; name: string; attributes: string } | null {\n  const match = rawTag.match(/^<\\s*(\\/)?\\s*([A-Za-z][A-Za-z0-9:-]*)\\b([\\s\\S]*?)\\/?>$/)\n  if (!match) return null\n\n  return {\n    closing: !!match[1],\n    name: match[2].toLowerCase(),\n    attributes: match[3] ?? \"\",\n  }\n}\n\nfunction findDangerousClose(html: string, tagName: string, fromIndex: number): number {\n  const closePattern = new RegExp(`</\\\\s*${tagName}\\\\s*>`, \"ig\")\n  closePattern.lastIndex = fromIndex\n  const match = closePattern.exec(html)\n  return match ? closePattern.lastIndex : -1\n}\n\n/**\n * Conservative, deterministic sanitizer for user/email supplied HTML rendered by\n * design-system components. It keeps common email formatting tags while removing\n * executable tags, event handlers, inline styles, and unsafe URLs. This stays\n * dependency-free for the shared package and intentionally favors stripping\n * ambiguous email content over preserving every possible HTML feature.\n */\nexport function sanitizeHtml(html: string): string {\n  let output = \"\"\n  let cursor = 0\n\n  while (cursor < html.length) {\n    const tagStart = html.indexOf(\"<\", cursor)\n    if (tagStart === -1) {\n      output += html.slice(cursor)\n      break\n    }\n\n    output += html.slice(cursor, tagStart)\n\n    if (html.startsWith(\"<!--\", tagStart)) {\n      const commentEnd = html.indexOf(\"-->\", tagStart + 4)\n      cursor = commentEnd === -1 ? html.length : commentEnd + 3\n      continue\n    }\n\n    const tagEnd = findTagEnd(html, tagStart)\n    if (tagEnd === -1) {\n      output += escapeHtml(html.slice(tagStart))\n      break\n    }\n\n    const rawTag = html.slice(tagStart, tagEnd + 1)\n    const parsed = parseTag(rawTag)\n    if (!parsed) {\n      cursor = tagEnd + 1\n      continue\n    }\n\n    if (DANGEROUS_BLOCK_TAGS.has(parsed.name)) {\n      const closeEnd = parsed.closing ? -1 : findDangerousClose(html, parsed.name, tagEnd + 1)\n      cursor = closeEnd === -1 ? tagEnd + 1 : closeEnd\n      continue\n    }\n\n    if (ALLOWED_TAGS.has(parsed.name)) {\n      if (parsed.closing) {\n        if (!VOID_TAGS.has(parsed.name)) output += `</${parsed.name}>`\n      } else {\n        output += `<${parsed.name}${sanitizeAttributes(parsed.name, parsed.attributes)}>`\n      }\n    }\n\n    cursor = tagEnd + 1\n  }\n\n  return output\n}\n\nexport function htmlToTextSnippet(html: string, maxLength = 140): string {\n  return sanitizeHtml(html)\n    .replace(/<[^>]+>/g, \" \")\n    .replace(/\\s+/g, \" \")\n    .trim()\n    .slice(0, maxLength)\n}\n"],"mappings":"AAAA,MAAM,uBAAuB,oBAAI,IAAI;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,MAAM,eAAe,oBAAI,IAAI;AAAA,EAC3B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,MAAM,YAAY,oBAAI,IAAI,CAAC,MAAM,MAAM,KAAK,CAAC;AAC7C,MAAM,oBAAoB,oBAAI,IAAI,CAAC,cAAc,QAAQ,OAAO,CAAC;AACjE,MAAM,qBAAqB,oBAAI,IAAI,CAAC,SAAS,UAAU,WAAW,MAAM,CAAC;AAEzE,SAAS,WAAW,OAAuB;AACzC,SAAO,MACJ,QAAQ,MAAM,OAAO,EACrB,QAAQ,MAAM,MAAM,EACpB,QAAQ,MAAM,MAAM;AACzB;AAEA,SAAS,gBAAgB,OAAuB;AAC9C,SAAO,WAAW,KAAK,EAAE,QAAQ,MAAM,QAAQ;AACjD;AAEA,SAAS,cAAc,OAAuB;AAC5C,SAAO,OAAO,UAAU,KAAK,KAAK,SAAS,KAAK,SAAS,UAAW,OAAO,cAAc,KAAK,IAAI;AACpG;AAEA,SAAS,mBAAmB,OAAuB;AACjD,QAAM,gBAAwC;AAAA,IAC5C,KAAK;AAAA,IACL,MAAM;AAAA,IACN,OAAO;AAAA,IACP,IAAI;AAAA,IACJ,IAAI;AAAA,IACJ,SAAS;AAAA,IACT,MAAM;AAAA,IACN,KAAK;AAAA,EACP;AAEA,MAAI,UAAU;AACd,WAAS,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG;AAC7B,UAAM,OAAO,QACV,QAAQ,sBAAsB,CAAC,QAAQ,QAAgB;AACtD,YAAM,YAAY,OAAO,SAAS,KAAK,EAAE;AACzC,aAAO,cAAc,SAAS;AAAA,IAChC,CAAC,EACA,QAAQ,cAAc,CAAC,QAAQ,YAAoB;AAClD,YAAM,YAAY,OAAO,SAAS,SAAS,EAAE;AAC7C,aAAO,cAAc,SAAS;AAAA,IAChC,CAAC,EACA,QAAQ,gBAAgB,CAAC,OAAO,SAAc;AArFrD;AAqFwD,iCAAc,KAAK,YAAY,CAAC,MAAhC,YAAqC;AAAA,KAAK;AAE9F,QAAI,SAAS,QAAS,QAAO;AAC7B,cAAU;AAAA,EACZ;AAEA,SAAO;AACT;AAEA,SAAS,UAAU,OAAwB;AACzC,QAAM,UAAU,mBAAmB,KAAK,EAAE,QAAQ,6BAA6B,EAAE,EAAE,KAAK;AACxF,MAAI,CAAC,QAAS,QAAO;AACrB,MAAI,QAAQ,WAAW,IAAI,EAAG,QAAO;AACrC,MAAI,QAAQ,WAAW,GAAG,KAAK,QAAQ,WAAW,GAAG,KAAK,QAAQ,WAAW,IAAI,KAAK,QAAQ,WAAW,KAAK,GAAG;AAC/G,WAAO;AAAA,EACT;AAEA,MAAI;AACF,WAAO,mBAAmB,IAAI,IAAI,IAAI,SAAS,uBAAuB,EAAE,QAAQ;AAAA,EAClF,SAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,kBAAkB,OAA8B;AACvD,QAAM,aAAa,MAChB,MAAM,KAAK,EACX,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,EAC3B,OAAO,CAAC,UAAU,mBAAmB,KAAK,KAAK,CAAC;AAEnD,SAAO,WAAW,SAAS,WAAW,KAAK,GAAG,IAAI;AACpD;AAEA,SAAS,kBAAkB,SAAiB,MAAc,OAA8B;AACtF,QAAM,OAAO,KAAK,YAAY;AAE9B,MACE,KAAK,WAAW,IAAI,KACpB,SAAS,WACT,SAAS,YACT,SAAS,gBACT,SAAS,gBACT,SAAS,SACT;AACA,WAAO;AAAA,EACT;AAEA,MAAI,SAAS,SAAS;AACpB,UAAM,gBAAgB,kBAAkB,KAAK;AAC7C,WAAO,gBAAgB,UAAU,gBAAgB,aAAa,CAAC,MAAM;AAAA,EACvE;AAEA,MAAI,kBAAkB,IAAI,IAAI,KAAK,KAAK,WAAW,OAAO,GAAG;AAC3D,WAAO,GAAG,IAAI,KAAK,gBAAgB,KAAK,CAAC;AAAA,EAC3C;AAEA,MAAI,YAAY,OAAO,SAAS,UAAU,UAAU,KAAK,GAAG;AAC1D,WAAO,SAAS,gBAAgB,KAAK,CAAC;AAAA,EACxC;AAEA,MAAI,YAAY,SAAS,SAAS,SAAS,UAAU,KAAK,GAAG;AAC3D,WAAO,QAAQ,gBAAgB,KAAK,CAAC;AAAA,EACvC;AAEA,MAAI,YAAY,UAAU,SAAS,SAAS,SAAS,WAAW,SAAS,WAAW;AAClF,WAAO,GAAG,IAAI,KAAK,gBAAgB,KAAK,CAAC;AAAA,EAC3C;AAEA,OAAK,YAAY,QAAQ,YAAY,UAAU,SAAS,aAAa,SAAS,YAAY;AACxF,WAAO,GAAG,IAAI,KAAK,gBAAgB,KAAK,CAAC;AAAA,EAC3C;AAEA,SAAO;AACT;AAEA,SAAS,mBAAmB,SAAiB,gBAAgB,IAAY;AAhKzE;AAiKE,QAAM,aAAuB,CAAC;AAC9B,QAAM,cAAc;AACpB,MAAI;AAEJ,UAAQ,QAAQ,YAAY,KAAK,aAAa,OAAO,MAAM;AACzD,UAAM,CAAC,EAAE,MAAM,mBAAmB,mBAAmB,aAAa,IAAI;AACtE,UAAM,SAAQ,2DAAqB,sBAArB,YAA0C,kBAA1C,YAA2D;AACzE,UAAM,gBAAgB,kBAAkB,SAAS,MAAM,KAAK;AAC5D,QAAI,cAAe,YAAW,KAAK,aAAa;AAAA,EAClD;AAEA,MAAI,YAAY,OAAO,WAAW,KAAK,CAAC,SAAS,KAAK,WAAW,OAAO,CAAC,GAAG;AAC1E,eAAW,KAAK,mBAAmB,2BAA2B;AAAA,EAChE;AAEA,SAAO,WAAW,SAAS,IAAI,WAAW,KAAK,GAAG,CAAC,KAAK;AAC1D;AAEA,SAAS,WAAW,MAAc,YAA4B;AAC5D,MAAI,QAA0B;AAE9B,WAAS,IAAI,aAAa,GAAG,IAAI,KAAK,QAAQ,KAAK,GAAG;AACpD,UAAM,OAAO,KAAK,CAAC;AACnB,QAAI,OAAO;AACT,UAAI,SAAS,MAAO,SAAQ;AAC5B;AAAA,IACF;AAEA,QAAI,SAAS,OAAO,SAAS,KAAK;AAChC,cAAQ;AACR;AAAA,IACF;AAEA,QAAI,SAAS,IAAK,QAAO;AAAA,EAC3B;AAEA,SAAO;AACT;AAEA,SAAS,SAAS,QAA+E;AAxMjG;AAyME,QAAM,QAAQ,OAAO,MAAM,wDAAwD;AACnF,MAAI,CAAC,MAAO,QAAO;AAEnB,SAAO;AAAA,IACL,SAAS,CAAC,CAAC,MAAM,CAAC;AAAA,IAClB,MAAM,MAAM,CAAC,EAAE,YAAY;AAAA,IAC3B,aAAY,WAAM,CAAC,MAAP,YAAY;AAAA,EAC1B;AACF;AAEA,SAAS,mBAAmB,MAAc,SAAiB,WAA2B;AACpF,QAAM,eAAe,IAAI,OAAO,SAAS,OAAO,SAAS,IAAI;AAC7D,eAAa,YAAY;AACzB,QAAM,QAAQ,aAAa,KAAK,IAAI;AACpC,SAAO,QAAQ,aAAa,YAAY;AAC1C;AASO,SAAS,aAAa,MAAsB;AACjD,MAAI,SAAS;AACb,MAAI,SAAS;AAEb,SAAO,SAAS,KAAK,QAAQ;AAC3B,UAAM,WAAW,KAAK,QAAQ,KAAK,MAAM;AACzC,QAAI,aAAa,IAAI;AACnB,gBAAU,KAAK,MAAM,MAAM;AAC3B;AAAA,IACF;AAEA,cAAU,KAAK,MAAM,QAAQ,QAAQ;AAErC,QAAI,KAAK,WAAW,QAAQ,QAAQ,GAAG;AACrC,YAAM,aAAa,KAAK,QAAQ,OAAO,WAAW,CAAC;AACnD,eAAS,eAAe,KAAK,KAAK,SAAS,aAAa;AACxD;AAAA,IACF;AAEA,UAAM,SAAS,WAAW,MAAM,QAAQ;AACxC,QAAI,WAAW,IAAI;AACjB,gBAAU,WAAW,KAAK,MAAM,QAAQ,CAAC;AACzC;AAAA,IACF;AAEA,UAAM,SAAS,KAAK,MAAM,UAAU,SAAS,CAAC;AAC9C,UAAM,SAAS,SAAS,MAAM;AAC9B,QAAI,CAAC,QAAQ;AACX,eAAS,SAAS;AAClB;AAAA,IACF;AAEA,QAAI,qBAAqB,IAAI,OAAO,IAAI,GAAG;AACzC,YAAM,WAAW,OAAO,UAAU,KAAK,mBAAmB,MAAM,OAAO,MAAM,SAAS,CAAC;AACvF,eAAS,aAAa,KAAK,SAAS,IAAI;AACxC;AAAA,IACF;AAEA,QAAI,aAAa,IAAI,OAAO,IAAI,GAAG;AACjC,UAAI,OAAO,SAAS;AAClB,YAAI,CAAC,UAAU,IAAI,OAAO,IAAI,EAAG,WAAU,KAAK,OAAO,IAAI;AAAA,MAC7D,OAAO;AACL,kBAAU,IAAI,OAAO,IAAI,GAAG,mBAAmB,OAAO,MAAM,OAAO,UAAU,CAAC;AAAA,MAChF;AAAA,IACF;AAEA,aAAS,SAAS;AAAA,EACpB;AAEA,SAAO;AACT;AAEO,SAAS,kBAAkB,MAAc,YAAY,KAAa;AACvE,SAAO,aAAa,IAAI,EACrB,QAAQ,YAAY,GAAG,EACvB,QAAQ,QAAQ,GAAG,EACnB,KAAK,EACL,MAAM,GAAG,SAAS;AACvB;","names":[]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@handled-ai/design-system",
-  "version": "0.18.53",
+  "version": "0.19.0-rc.0",
   "description": "Handled UI component library (shadcn-style, New York)",
   "type": "module",
   "packageManager": "pnpm@9.12.0",

package/src/components/__tests__/comment-composer.test.tsx

@@ -0,0 +1,57 @@
+import { describe, it, expect, vi } from "vitest";
+import React from "react";
+import { render, screen, fireEvent } from "@testing-library/react";
+import { CommentComposer } from "../comment-composer";
+
+describe("CommentComposer", () => {
+  it("renders the input with the default placeholder", () => {
+    render(<CommentComposer onPost={() => {}} />);
+    expect(screen.getByPlaceholderText("Add a comment or internal note…")).toBeDefined();
+  });
+
+  it("is collapsed until focused (no footer actions)", () => {
+    render(<CommentComposer onPost={() => {}} />);
+    expect(screen.queryByText("Comment")).toBeNull();
+    fireEvent.focus(screen.getByRole("textbox"));
+    expect(screen.getByText("Comment")).toBeDefined();
+    expect(screen.getByText(/Internal note/i)).toBeDefined();
+  });
+
+  it("disables Comment until there is non-whitespace text", () => {
+    render(<CommentComposer onPost={() => {}} />);
+    const input = screen.getByRole("textbox");
+    fireEvent.focus(input);
+    const btn = screen.getByText("Comment").closest("button")!;
+    expect(btn.disabled).toBe(true);
+    fireEvent.change(input, { target: { value: "  hi  " } });
+    expect(btn.disabled).toBe(false);
+  });
+
+  it("posts the trimmed text and clears the input", () => {
+    const onPost = vi.fn();
+    render(<CommentComposer onPost={onPost} />);
+    const input = screen.getByRole("textbox") as HTMLTextAreaElement;
+    fireEvent.change(input, { target: { value: "  please follow up  " } });
+    fireEvent.click(screen.getByText("Comment").closest("button")!);
+    expect(onPost).toHaveBeenCalledWith("please follow up");
+    expect(input.value).toBe("");
+  });
+
+  it("posts on ⌘↵ / Ctrl↵", () => {
+    const onPost = vi.fn();
+    render(<CommentComposer onPost={onPost} />);
+    const input = screen.getByRole("textbox");
+    fireEvent.change(input, { target: { value: "quick note" } });
+    fireEvent.keyDown(input, { key: "Enter", metaKey: true });
+    expect(onPost).toHaveBeenCalledWith("quick note");
+  });
+
+  it("does not post empty/whitespace text", () => {
+    const onPost = vi.fn();
+    render(<CommentComposer onPost={onPost} />);
+    const input = screen.getByRole("textbox");
+    fireEvent.change(input, { target: { value: "   " } });
+    fireEvent.keyDown(input, { key: "Enter", metaKey: true });
+    expect(onPost).not.toHaveBeenCalled();
+  });
+});

package/src/components/__tests__/conversation-panel.test.tsx

@@ -0,0 +1,157 @@
+import { describe, it, expect, vi } from "vitest";
+import React from "react";
+import { render, screen, fireEvent, waitFor } from "@testing-library/react";
+import {
+  ConversationPanel,
+  type ConversationThread,
+  type ConvParticipant,
+} from "../conversation-panel";
+
+const me: ConvParticipant = { name: "Dana Okafor", email: "dana@handled.ai" };
+const priya: ConvParticipant = { name: "Priya Raman", email: "priya@northwind.io" };
+
+function thread(overrides: Partial<ConversationThread> = {}): ConversationThread {
+  return {
+    threadId: "t1",
+    subject: "Want to connect?",
+    status: "responded",
+    lastWhen: "2h ago",
+    contact: priya,
+    messages: [
+      {
+        id: "m1",
+        direction: "outbound",
+        from: me,
+        to: priya,
+        date: "Jun 1",
+        body: "Hi Priya, can we talk?",
+      },
+      {
+        id: "m2",
+        direction: "inbound",
+        from: priya,
+        to: me,
+        date: "Today",
+        bodyHtml: '<p>Sure, see the <a href="https://ex.io/x">doc</a>.</p>',
+      },
+    ],
+    ...overrides,
+  };
+}
+
+describe("ConversationPanel", () => {
+  it("renders nothing with no threads", () => {
+    const { container } = render(<ConversationPanel threads={[]} />);
+    expect(container.querySelector('[data-slot="conversation-panel"]')).toBeNull();
+  });
+
+  it("shows the 'Email response detected' badge when a thread has responded", () => {
+    render(<ConversationPanel threads={[thread()]} me={me} />);
+    expect(screen.getByText("Email response detected")).toBeDefined();
+  });
+
+  it("shows the 'Awaiting response' badge when nothing has responded", () => {
+    render(<ConversationPanel threads={[thread({ status: "awaiting" })]} me={me} />);
+    expect(screen.getByText("Awaiting response")).toBeDefined();
+  });
+
+  it("auto-opens the first responded thread and renders its newest message as HTML", () => {
+    const { container } = render(<ConversationPanel threads={[thread()]} me={me} />);
+    // newest (inbound) message expanded -> its anchor is in the DOM
+    const link = container.querySelector('a[href="https://ex.io/x"]');
+    expect(link).not.toBeNull();
+  });
+
+
+  it("sanitizes HTML message bodies and quoted history before rendering", () => {
+    const unsafe = thread({
+      messages: [
+        {
+          id: "m1",
+          direction: "inbound",
+          from: priya,
+          to: me,
+          date: "Today",
+          bodyHtml:
+            '<p onclick="alert(1)">Hello <a href="javascript:alert(1)">bad</a><script>alert(1)</script><img src="https://example.com/x.png" onerror="alert(1)"></p>',
+          quoted: {
+            attr: '<span onclick="alert(1)">On Tuesday</span>',
+            html: '<blockquote class="gmail_quote" style="color:red"><a href="data:text/html,boom">quoted</a></blockquote>',
+          },
+        },
+      ],
+    });
+
+    const { container } = render(<ConversationPanel threads={[unsafe]} me={me} />);
+    const message = container.querySelector('[data-slot="conv-message"]')!;
+    expect(message.innerHTML).not.toContain("script");
+    expect(message.innerHTML).not.toContain("onclick");
+    expect(message.innerHTML).not.toContain("onerror");
+    expect(message.innerHTML).not.toContain("javascript:");
+    expect(message.querySelector("img")?.getAttribute("src")).toBe("https://example.com/x.png");
+
+    fireEvent.click(screen.getByTitle("Show quoted text"));
+    const quoted = container.querySelector("blockquote.gmail_quote")!;
+    expect(quoted).not.toBeNull();
+    expect(quoted.outerHTML).not.toContain("style=");
+    expect(quoted.outerHTML).not.toContain("data:text/html");
+  });
+
+  it("keeps the reply composer open and shows an error when async send fails", async () => {
+    const onSendReply = vi.fn().mockRejectedValue(new Error("Gmail send failed"));
+    render(<ConversationPanel threads={[thread({ draft: "Sounds good" })]} me={me} onSendReply={onSendReply} />);
+
+    fireEvent.click(screen.getByText("Reply"));
+    fireEvent.click(screen.getByText("Send"));
+    fireEvent.click(screen.getByText("Send now"));
+
+    await waitFor(() => expect(screen.getByRole("alert").textContent).toContain("Gmail send failed"));
+    expect(screen.getByPlaceholderText("Write your reply…")).toBeDefined();
+    expect(screen.queryByText(/Reply sent/i)).toBeNull();
+  });
+
+  it("shows sent state only after async send succeeds", async () => {
+    const onSendReply = vi.fn().mockResolvedValue(undefined);
+    render(<ConversationPanel threads={[thread({ draft: "Sounds good" })]} me={me} onSendReply={onSendReply} />);
+
+    fireEvent.click(screen.getByText("Reply"));
+    fireEvent.click(screen.getByText("Send"));
+    fireEvent.click(screen.getByText("Send now"));
+
+    await waitFor(() => expect(screen.getByText(/Reply sent/i)).toBeDefined());
+  });
+
+  it("offers a Reply affordance for participant threads", () => {
+    render(<ConversationPanel threads={[thread()]} me={me} />);
+    expect(screen.getByText("Reply")).toBeDefined();
+  });
+
+  it("renders the read-only notice and no Reply when canReply is false", () => {
+    render(
+      <ConversationPanel
+        threads={[thread({ canReply: false, status: "viewing", defaultOpenThreadId: "t1" } as Partial<ConversationThread>)]}
+        me={me}
+        defaultOpenThreadId="t1"
+      />,
+    );
+    expect(screen.getByText(/Viewing only/i)).toBeDefined();
+    expect(screen.queryByText("Reply")).toBeNull();
+  });
+
+  it("shows the paused-playbook banner when a thread is paused", () => {
+    render(
+      <ConversationPanel
+        threads={[thread({ paused: { playbook: "Retention Outreach" } })]}
+        me={me}
+        tenantName="Mercury OS"
+      />,
+    );
+    expect(screen.getByText(/Follow-up actions stopped/i)).toBeDefined();
+  });
+
+  it("opens the reply composer when Reply is clicked", () => {
+    render(<ConversationPanel threads={[thread()]} me={me} />);
+    fireEvent.click(screen.getByText("Reply"));
+    expect(screen.getByPlaceholderText("Write your reply…")).toBeDefined();
+  });
+});

package/src/components/__tests__/data-table-filter.test.tsx

@@ -442,6 +442,78 @@ describe("DataTableFilter", () => {
     expect(screen.getByPlaceholderText("Search...")).toBeDefined();
   });
 
+  it("fires onOptionSearch and skips client-side filtering for remoteSearch categories", () => {
+    const onOptionSearch = vi.fn();
+    const category: DataTableFilterCategory = {
+      id: "callsign",
+      label: "Callsign",
+      icon: ListFilter,
+      remoteSearch: true,
+      // Parent-supplied (already server-filtered) options.
+      options: [{ label: "acme-corp-0001", value: "acme-corp-0001" }],
+    };
+
+    render(
+      <DataTableFilter
+        categories={[category]}
+        selectedFilters={{}}
+        onToggleFilter={() => {}}
+        onOptionSearch={onOptionSearch}
+      />
+    );
+
+    // Search box is always shown for remote categories, regardless of option count.
+    const input = screen.getByPlaceholderText("Search...");
+    // Typing a value that does NOT match the option must NOT remove it — the parent
+    // owns filtering — and must notify the parent with the typed query.
+    fireEvent.change(input, { target: { value: "zzz-no-client-match" } });
+    expect(onOptionSearch).toHaveBeenCalledWith("callsign", "zzz-no-client-match");
+    expect(screen.getByText("acme-corp-0001")).toBeDefined();
+  });
+
+  it("shows a loading row while a remoteSearch category is fetching", () => {
+    const category: DataTableFilterCategory = {
+      id: "callsign",
+      label: "Callsign",
+      icon: ListFilter,
+      remoteSearch: true,
+      options: [],
+    };
+
+    render(
+      <DataTableFilter
+        categories={[category]}
+        selectedFilters={{}}
+        onToggleFilter={() => {}}
+        onOptionSearch={() => {}}
+        optionSearchLoading={{ callsign: true }}
+      />
+    );
+
+    expect(screen.getByText("Searching…")).toBeDefined();
+  });
+
+  it("prompts to type before searching when a remoteSearch category is empty", () => {
+    const category: DataTableFilterCategory = {
+      id: "callsign",
+      label: "Callsign",
+      icon: ListFilter,
+      remoteSearch: true,
+      options: [],
+    };
+
+    render(
+      <DataTableFilter
+        categories={[category]}
+        selectedFilters={{}}
+        onToggleFilter={() => {}}
+        onOptionSearch={() => {}}
+      />
+    );
+
+    expect(screen.getByText("Type to search")).toBeDefined();
+  });
+
   it("exposes a condition builder popover entry point when condition fields are provided", () => {
     const conditionFields: ConditionFieldDef[] = [
       { id: "balance", label: "Account Balance", type: "currency" },

package/src/components/__tests__/owner-chips.test.tsx

@@ -0,0 +1,100 @@
+import { describe, it, expect } from "vitest";
+import React from "react";
+import { render, screen } from "@testing-library/react";
+import {
+  SignalOwnerChip,
+  AccountOwnerChip,
+  OwnerChips,
+  type OwnerPerson,
+} from "../owner-chips";
+
+const dana: OwnerPerson = { id: "u1", name: "Dana Okafor", role: "Senior RM" };
+const marcus: OwnerPerson = { id: "u2", name: "Marcus Lee", role: "Treasury" };
+
+describe("SignalOwnerChip", () => {
+  it("renders data-slot and the 'Signal owner' label", () => {
+    const { container } = render(<SignalOwnerChip owner={null} />);
+    expect(container.querySelector('[data-slot="signal-owner-chip"]')).not.toBeNull();
+    expect(screen.getByText("Signal owner")).toBeDefined();
+  });
+
+  it("shows 'Unassigned' (data-empty) with no owner", () => {
+    const { container } = render(<SignalOwnerChip owner={null} />);
+    const el = container.querySelector('[data-slot="signal-owner-chip"]');
+    expect(el?.getAttribute("data-empty")).toBe("true");
+    expect(screen.getByText("Unassigned")).toBeDefined();
+  });
+
+  it("shows the owner's first name when assigned", () => {
+    render(<SignalOwnerChip owner={dana} />);
+    expect(screen.getByText("Dana")).toBeDefined();
+  });
+
+  it("renders a static span (no button) when read-only / no handlers", () => {
+    const { container } = render(<SignalOwnerChip owner={dana} />);
+    const el = container.querySelector('[data-slot="signal-owner-chip"]');
+    expect(el?.tagName.toLowerCase()).toBe("span");
+  });
+
+  it("renders a button trigger when assignment handlers are provided", () => {
+    const { container } = render(
+      <SignalOwnerChip owner={null} assignableOwners={[dana]} onAssign={() => {}} />,
+    );
+    const el = container.querySelector('[data-slot="signal-owner-chip"]');
+    expect(el?.tagName.toLowerCase()).toBe("button");
+  });
+  // NOTE: the assignment menu opens via Radix (pointer events + a body portal),
+  // which doesn't drive cleanly under happy-dom; the open/select interaction is
+  // covered by Radix's own tests. Here we assert the trigger affordance only.
+});
+
+describe("AccountOwnerChip", () => {
+  it("renders nothing when there are no owners", () => {
+    const { container } = render(<AccountOwnerChip owners={[]} />);
+    expect(container.querySelector('[data-slot="account-owner-chip"]')).toBeNull();
+  });
+
+  it("single owner -> static chip, no dropdown (no data-multi)", () => {
+    const { container } = render(<AccountOwnerChip owners={[dana]} />);
+    const el = container.querySelector('[data-slot="account-owner-chip"]');
+    expect(el).not.toBeNull();
+    expect(el?.getAttribute("data-multi")).toBeNull();
+    expect(el?.tagName.toLowerCase()).toBe("span");
+    expect(screen.getByText("Dana")).toBeDefined();
+  });
+
+  it("single owner with href -> renders an external link", () => {
+    const { container } = render(
+      <AccountOwnerChip owners={[{ ...dana, href: "https://sf.example/u1" }]} />,
+    );
+    const el = container.querySelector('[data-slot="account-owner-chip"]') as HTMLAnchorElement;
+    expect(el.tagName.toLowerCase()).toBe("a");
+    expect(el.getAttribute("href")).toBe("https://sf.example/u1");
+    expect(el.getAttribute("rel")).toContain("noopener");
+  });
+
+  it("multiple owners -> a button with a ×N badge and data-multi", () => {
+    const { container } = render(<AccountOwnerChip owners={[dana, marcus]} />);
+    const el = container.querySelector('[data-slot="account-owner-chip"]');
+    expect(el?.getAttribute("data-multi")).toBe("true");
+    expect(el?.tagName.toLowerCase()).toBe("button");
+    expect(screen.getByText("×2")).toBeDefined();
+  });
+});
+
+
+describe("OwnerChips", () => {
+  it("renders the composite with accountOwners and without the legacy owners prop", () => {
+    const { container } = render(<OwnerChips owner={dana} accountOwners={[marcus]} />);
+    expect(container.querySelector('[data-slot="signal-owner-chip"]')).not.toBeNull();
+    expect(container.querySelector('[data-slot="account-owner-chip"]')).not.toBeNull();
+    expect(screen.getByText("Dana")).toBeDefined();
+    expect(screen.getByText("Marcus")).toBeDefined();
+  });
+
+  it("allows accountOwners to be omitted", () => {
+    const { container } = render(<OwnerChips owner={dana} />);
+    expect(container.querySelector('[data-slot="signal-owner-chip"]')).not.toBeNull();
+    expect(container.querySelector('[data-slot="account-owner-chip"]')).toBeNull();
+  });
+});