npm - @kennofizet/apphub-frontend - Versions diffs - 0.1.7 → 0.1.9 - Mend

@kennofizet/apphub-frontend 0.1.7 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/package.json +1 -1
package/src/composables/useAppHubHostApi.js +14 -3
package/src/index.js +449 -507
package/src/moduleStore.js +15 -2
package/src/modules/app-store/components/AppHubAppStoreApp.vue +15 -40
package/src/modules/app-store/components/AppHubDraftStoreApp.vue +11 -11
package/src/modules/app-store/composables/useAppStore.js +0 -22
package/src/utils/apphubDebug.js +0 -47

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kennofizet/apphub-frontend",
-  "version": "0.1.7",
+  "version": "0.1.9",
   "description": "App Hub Vue 3 UI — Windows-style desktop shell and modular apps (App Store default).",
   "main": "./src/index.js",
   "module": "./src/index.js",

package/src/composables/useAppHubHostApi.js CHANGED Viewed

@@ -1,11 +1,18 @@
-import { getCurrentInstance } from 'vue'
-import { getAppHubStore } from '../moduleStore.js'
+import { getCurrentInstance, inject } from 'vue'
+import { APPHUB_MODULE_STORE_KEY, getAppHubStore } from '../moduleStore.js'
 export function resolveRootApp(instance = getCurrentInstance()) {
   if (!instance) return null
   return instance.appContext?.app ?? instance.app ?? null
 }
+/** Resolve module store — inject first (always same instance), then WeakMap by Vue app. */
+export function useAppHubModuleStore() {
+  const fromInject = inject(APPHUB_MODULE_STORE_KEY, null)
+  if (fromInject) return fromInject
+  return getAppHubStore(resolveRootApp())
+}
 export function getHostApiForApp(app) {
   return getAppHubStore(app)?.facade ?? null
 }
@@ -20,5 +27,9 @@ export function isBackendReadyForApp(app) {
  * so publisher app code cannot access grantBridgeScope or internal docs.
  */
 export function useAppHubHostApi() {
-  return getHostApiForApp(resolveRootApp())
+  return useAppHubModuleStore()?.facade ?? null
+}
+export function isBackendReadyFromStore(store) {
+  return !!(store?.credentials?.backendUrl && store?.credentials?.token)
 }

package/src/index.js CHANGED Viewed

@@ -1,507 +1,449 @@
-import './modules/desktop/styles/desktop.css'
-import './modules/desktop/styles/theme.css'
-import { reactive } from 'vue'
-import { createAppHubApi } from './api/index.js'
-import { createCoreApi } from './api/coreApi.js'
-import { createZoneContextState } from './composables/createZoneContext.js'
-import { APPHUB_ZONE_CONTEXT_KEY } from './composables/useAppHubZoneContext.js'
-import { createAppStoreState, provideAppStore } from './modules/app-store/index.js'
-import { AppHubDesktop } from './modules/desktop/index.js'
-import { AppHubRunner } from './modules/runner/index.js'
-import { getAppHubStore, registerAppHubStore } from './moduleStore.js'
-import {
-  createWindowManagerState,
-  provideWindowManager,
-} from './modules/window-manager/index.js'
-import {
-  evaluateOriginSafety,
-  parseDevUserFromBootstrap,
-  parseOriginsFromBootstrap,
-} from './utils/originSafety.js'
-import { loadDevFriendlyOriginsPreference } from './utils/devOriginSettings.js'
-import {
-  bootstrapResponseFromCache,
-  loadBootstrapCache,
-  saveBootstrapCache,
-} from './utils/bootstrapCache.js'
-import {
-  apphubDebug,
-  describeHostApi,
-  describeStore,
-} from './utils/apphubDebug.js'
-const bootstrapInflight = new WeakMap()
-function buildPublicOptions(options = {}) {
-  const origins = Array.isArray(options.allowedRuntimeOrigins)
-    ? options.allowedRuntimeOrigins.filter((o) => typeof o === 'string')
-    : []
-  return {
-    language: options.language || 'vi',
-    theme: options.theme ?? 'auto',
-    themeToggle: options.themeToggle,
-    openAppStoreOnMount: options.openAppStoreOnMount !== false,
-    allowedRuntimeOrigins: origins,
-    coreUrl: options.coreUrl || '',
-    backendUrl: (options.backendUrl || '').replace(/\/$/, ''),
-    hasToken: !!(options.token),
-    allowSameOriginEmbed: options.allowSameOriginEmbed === true,
-    allowUnsafeOrigin: options.allowUnsafeOrigin === true,
-    hubOrigin: typeof options.hubOrigin === 'string' ? options.hubOrigin.trim() : '',
-    runtimePublicUrl: typeof options.runtimePublicUrl === 'string' ? options.runtimePublicUrl.trim() : '',
-    enforceDedicatedHubOrigin: options.enforceDedicatedHubOrigin !== false,
-    enforceIsolatedHostedRuntime: options.enforceIsolatedHostedRuntime !== false,
-    allowSameOriginHostedRuntime: options.allowSameOriginHostedRuntime === true,
-    hostedSandboxSameOrigin: options.hostedSandboxSameOrigin === true,
-    enforceDevFriendlyOrigins: typeof options.enforceDevFriendlyOrigins === 'boolean'
-      ? options.enforceDevFriendlyOrigins
-      : true,
-    isDevUser: options.isDevUser === true,
-    serverHubPublicUrl: typeof options.serverHubPublicUrl === 'string' ? options.serverHubPublicUrl.trim() : '',
-    serverFrontendOrigin: typeof options.serverFrontendOrigin === 'string' ? options.serverFrontendOrigin.trim() : '',
-    serverRuntimePublicUrl: typeof options.serverRuntimePublicUrl === 'string' ? options.serverRuntimePublicUrl.trim() : '',
-    serverOriginsAuto: options.serverOriginsAuto === true,
-    serverOriginsResolved: options.serverOriginsResolved === true,
-    originBootstrapLoading: options.originBootstrapLoading === true,
-    originBlocked: false,
-    originCheckPending: false,
-    originBlockReason: null,
-    originBlockParentOrigin: null,
-    originBlockExpectedHubOrigin: null,
-    originBlockExpectedRuntimeOrigin: null,
-  }
-}
-/** @param {Record<string, unknown>} target */
-function applyOriginSafety(target, sourceOptions = {}) {
-  const check = evaluateOriginSafety({ ...target, ...sourceOptions })
-  target.originBootstrapLoading = check.loading === true
-  target.originCheckPending = check.pending === true
-  target.originBlocked = !check.safe && check.loading !== true
-  target.originBlockReason = check.reason
-  target.originBlockParentOrigin = check.parentOrigin
-  target.originBlockExpectedHubOrigin = check.expectedHubOrigin
-  target.originBlockExpectedRuntimeOrigin = check.expectedRuntimeOrigin
-  return check
-}
-function parseUserFromBootstrap(resp) {
-  const data = resp?.data?.data ?? resp?.data ?? {}
-  const user = data.user
-  if (!user || user.id == null) return null
-  return {
-    id: user.id,
-    name: user.name ?? String(user.id),
-  }
-}
-function applyBootstrapOrigins(store, bootstrapResponse, { fromCache = false } = {}) {
-  const {
-    hubPublicUrl,
-    frontendOrigin,
-    runtimePublicUrl,
-    originsAuto,
-  } = parseOriginsFromBootstrap(bootstrapResponse)
-  store.options.isDevUser = parseDevUserFromBootstrap(bootstrapResponse)
-  store.options.serverOriginsAuto = originsAuto
-  if (!store.options.isDevUser) {
-    store.options.enforceDevFriendlyOrigins = true
-  } else {
-    store.options.enforceDevFriendlyOrigins = loadDevFriendlyOriginsPreference()
-  }
-  if (hubPublicUrl) {
-    store.options.serverHubPublicUrl = hubPublicUrl
-  }
-  if (frontendOrigin) {
-    store.options.serverFrontendOrigin = frontendOrigin
-  }
-  if (runtimePublicUrl) {
-    store.options.serverRuntimePublicUrl = runtimePublicUrl
-    if (!store.options.runtimePublicUrl) store.options.runtimePublicUrl = runtimePublicUrl
-  }
-  store.options.serverOriginsResolved = true
-  if (!fromCache) {
-    saveBootstrapCache(store.credentials.backendUrl, bootstrapResponse)
-  }
-  const user = parseUserFromBootstrap(bootstrapResponse)
-  if (user && store.zoneContext?.state) {
-    store.zoneContext.state.user.id = user.id
-    store.zoneContext.state.user.name = user.name
-  }
-  // Reconcile while originBootstrapLoading may still be true so enableModuleApi runs
-  // after disableModuleServices (wasLoading must be captured before clearing the flag).
-  reconcileOriginSafety(store)
-  store.options.originBootstrapLoading = false
-  applyOriginSafety(store.options)
-  apphubDebug('bootstrap', 'applyBootstrapOrigins done', describeStore(store))
-}
-function applyCachedBootstrapIfAny(store) {
-  const cached = loadBootstrapCache(store.credentials.backendUrl)
-  if (!cached) return false
-  applyBootstrapOrigins(store, bootstrapResponseFromCache(cached), { fromCache: true })
-  return true
-}
-async function fetchBootstrapSession(store) {
-  let promise = bootstrapInflight.get(store)
-  if (promise) return promise
-  promise = (async () => {
-    apphubDebug('bootstrap', 'fetchBootstrapSession start', describeStore(store))
-    syncApi(store)
-    if (!store.facade?.bootstrap) {
-      apphubDebug('bootstrap', 'fetchBootstrapSession abort — no bootstrap fn', describeStore(store))
-      return
-    }
-    const res = await store.facade.bootstrap()
-    apphubDebug('bootstrap', 'fetchBootstrapSession bootstrap response', {
-      ...describeStore(store),
-      hasResponse: !!res,
-    })
-    if (res) applyBootstrapOrigins(store, res)
-  })().catch((err) => {
-    apphubDebug('bootstrap', 'fetchBootstrapSession failed', {
-      ...describeStore(store),
-      error: err?.message ?? String(err),
-    })
-    store.options.originBootstrapLoading = false
-    if (!store.options.serverOriginsResolved) {
-      reconcileOriginSafety(store)
-    }
-  }).finally(() => {
-    bootstrapInflight.delete(store)
-  })
-  bootstrapInflight.set(store, promise)
-  return promise
-}
-function startBootstrapSession(store) {
-  const { backendUrl, token } = store.credentials
-  apphubDebug('bootstrap', 'startBootstrapSession', {
-    ...describeStore(store),
-    hasBackendUrl: !!backendUrl,
-    hasToken: !!token,
-  })
-  if (!backendUrl || !token) {
-    store.options.originBootstrapLoading = false
-    reconcileOriginSafety(store)
-    return Promise.resolve()
-  }
-  syncApi(store)
-  applyOriginSafety(store.options)
-  const hadCache = applyCachedBootstrapIfAny(store)
-  apphubDebug('bootstrap', 'startBootstrapSession after cache', {
-    hadCache,
-    ...describeStore(store),
-  })
-  if (!hadCache && !store.options.originBlocked) {
-    store.options.originBootstrapLoading = true
-    store.options.originBlocked = false
-    applyOriginSafety(store.options)
-    disableModuleServices(store, 'startBootstrapSession:no-cache')
-  }
-  return fetchBootstrapSession(store)
-}
-function reconcileOriginSafety(store) {
-  const wasBlocked = store.options.originBlocked === true
-  const wasLoading = store.options.originBootstrapLoading === true
-  applyOriginSafety(store.options)
-  let action = 'noop'
-  if (store.options.originBootstrapLoading) {
-    disableModuleServices(store, 'reconcileOriginSafety:loading')
-    action = 'disable:loading'
-  } else if (store.options.originBlocked && !wasBlocked) {
-    disableModuleServices(store, 'reconcileOriginSafety:blocked')
-    action = 'disable:blocked'
-  } else if (!store.options.originBlocked && (wasBlocked || wasLoading)) {
-    enableModuleApi(store)
-    action = 'enable'
-  }
-  apphubDebug('origin', 'reconcileOriginSafety', {
-    wasLoading,
-    wasBlocked,
-    action,
-    ...describeStore(store),
-  })
-}
-function disableModuleServices(store, reason = 'unknown') {
-  store.facade.setImpl(null)
-  store.coreApi = null
-  apphubDebug('api', 'disableModuleServices', { reason, ...describeStore(store) })
-}
-/** Window manager + app store — required even when origin is blocked (AppHubDesktop setup). */
-function ensureModuleInfrastructure(vueApp, store) {
-  ensureZoneContext(vueApp, store)
-  ensureModuleState(vueApp, store)
-}
-function enableModuleApi(store) {
-  syncApi(store)
-  syncZoneContext(store)
-  apphubDebug('api', 'enableModuleApi', describeStore(store))
-}
-function enableModuleServices(vueApp, store) {
-  ensureModuleInfrastructure(vueApp, store)
-  enableModuleApi(store)
-}
-function buildCredentials(options = {}) {
-  return {
-    coreUrl: options.coreUrl || '',
-    backendUrl: options.backendUrl || '',
-    token: options.token || '',
-    hostAccessSecret: options.hostAccessSecret || '',
-  }
-}
-function createApiFacade() {
-  let impl = null
-  return {
-    setImpl(next) {
-      impl = next
-    },
-    hasImpl() {
-      return impl != null
-    },
-    bootstrap: (...args) => impl?.bootstrap?.(...args),
-    apps: (...args) => impl?.apps?.(...args),
-    launch: (...args) => impl?.launch?.(...args),
-    ping: (...args) => impl?.ping?.(...args),
-    verifyLaunchToken: (...args) => impl?.verifyLaunchToken?.(...args),
-    usage: (...args) => impl?.usage?.(...args),
-    devApps: (...args) => impl?.devApps?.(...args),
-    devInspectBundle: (...args) => impl?.devInspectBundle?.(...args),
-    devDisableApp: (...args) => impl?.devDisableApp?.(...args),
-    devSetAppStatus: (...args) => impl?.devSetAppStatus?.(...args),
-    registerApp: (...args) => impl?.registerApp?.(...args),
-    appVersions: (...args) => impl?.appVersions?.(...args),
-    integrationDocs: (...args) => impl?.integrationDocs?.(...args),
-    integrationDocsInternal: (...args) => impl?.integrationDocsInternal?.(...args),
-    grantBridgeScope: (...args) => impl?.grantBridgeScope?.(...args),
-    bridgeUser: (...args) => impl?.bridgeUser?.(...args),
-    bridgeDesktopMessage: (...args) => impl?.bridgeDesktopMessage?.(...args),
-  }
-}
-function credentialsUnchanged(prev, next) {
-  return prev.backendUrl === next.backendUrl
-    && prev.token === next.token
-    && prev.coreUrl === next.coreUrl
-    && prev.hostAccessSecret === next.hostAccessSecret
-}
-function applyModuleOptions(store, options = {}) {
-  const prevCredentials = { ...store.credentials }
-  const nextCredentials = buildCredentials(options)
-  Object.assign(store.credentials, nextCredentials)
-  const credsUnchanged = credentialsUnchanged(prevCredentials, nextCredentials)
-  const nextPublic = buildPublicOptions({ ...options, token: options.token ?? store.credentials.token })
-  Object.assign(store.options, {
-    language: nextPublic.language,
-    theme: nextPublic.theme,
-    themeToggle: nextPublic.themeToggle,
-    openAppStoreOnMount: nextPublic.openAppStoreOnMount,
-    allowedRuntimeOrigins: nextPublic.allowedRuntimeOrigins,
-    coreUrl: nextPublic.coreUrl,
-    backendUrl: nextPublic.backendUrl,
-    hasToken: nextPublic.hasToken,
-    allowSameOriginEmbed: nextPublic.allowSameOriginEmbed,
-    allowUnsafeOrigin: nextPublic.allowUnsafeOrigin,
-    hubOrigin: nextPublic.hubOrigin,
-    runtimePublicUrl: nextPublic.runtimePublicUrl,
-    enforceDedicatedHubOrigin: nextPublic.enforceDedicatedHubOrigin,
-    enforceIsolatedHostedRuntime: nextPublic.enforceIsolatedHostedRuntime,
-    allowSameOriginHostedRuntime: nextPublic.allowSameOriginHostedRuntime,
-    hostedSandboxSameOrigin: nextPublic.hostedSandboxSameOrigin,
-    enforceDevFriendlyOrigins: nextPublic.enforceDevFriendlyOrigins,
-  })
-  applyOriginSafety(store.options, options)
-  const branch = !store.credentials.backendUrl || !store.credentials.token
-    ? 'no-credentials'
-    : (credsUnchanged ? 'creds-unchanged' : 'start-bootstrap')
-  apphubDebug('install', 'applyModuleOptions', {
-    branch,
-    credsUnchanged,
-    ...describeStore(store),
-  })
-  if (store.credentials.backendUrl && store.credentials.token) {
-    if (credsUnchanged) {
-      reconcileOriginSafety(store)
-    } else {
-      void startBootstrapSession(store)
-    }
-  } else {
-    reconcileOriginSafety(store)
-  }
-}
-function syncApi(store) {
-  const { credentials, facade, zoneContext } = store
-  const api = credentials.backendUrl && credentials.token
-    ? createAppHubApi(credentials.backendUrl, credentials.token, {
-        hostAccessSecret: credentials.hostAccessSecret,
-        getZoneHeaderId: () => zoneContext?.getZoneHeaderId?.() ?? null,
-      })
-    : null
-  facade.setImpl(api)
-  apphubDebug('api', 'syncApi', {
-    implSet: api != null,
-    ...describeStore(store),
-  })
-}
-function syncCoreApi(store) {
-  const { credentials } = store
-  store.coreApi = credentials.coreUrl && credentials.token
-    ? createCoreApi(credentials.coreUrl, credentials.token)
-    : null
-}
-function ensureZoneContext(app, store) {
-  if (store.zoneContext) return
-  store.zoneContext = createZoneContextState(
-    () => store.coreApi,
-    () => store.facade,
-    {
-      ensureBootstrapSession: () => fetchBootstrapSession(store),
-    },
-  )
-  app.provide(APPHUB_ZONE_CONTEXT_KEY, store.zoneContext)
-}
-function syncZoneContext(store) {
-  syncCoreApi(store)
-  if (store.zoneContext) {
-    store.zoneContext.refresh({ skipBootstrap: true })
-  }
-}
-function ensureModuleState(app, store) {
-  if (store.windowManager && store.appStore) {
-    return
-  }
-  store.windowManager = createWindowManagerState()
-  store.appStore = createAppStoreState()
-  provideWindowManager(app, store.windowManager)
-  provideAppStore(app, store.appStore)
-}
-/**
- * Install App Hub — Windows desktop shell + modular apps (App Store default).
- * Returns host API facade — keep in host app code, not publisher apps.
- */
-export function installAppHubModule(vueApp, options = {}) {
-  let store = getAppHubStore(vueApp)
-  if (store) {
-    vueApp.provide('apphubHostApp', vueApp)
-    apphubDebug('install', 'installAppHubModule re-install', {
-      appUid: vueApp._uid ?? null,
-      hasToken: !!(options.token),
-      theme: options.theme,
-      language: options.language,
-    })
-    applyModuleOptions(store, options)
-    ensureModuleInfrastructure(vueApp, store)
-    reconcileOriginSafety(store)
-    return store.facade
-  }
-  apphubDebug('install', 'installAppHubModule first install', {
-    appUid: vueApp._uid ?? null,
-    hasToken: !!(options.token),
-    backendUrl: options.backendUrl ? '(set)' : '(empty)',
-  })
-  const facade = createApiFacade()
-  const moduleOptions = reactive(buildPublicOptions(options))
-  applyOriginSafety(moduleOptions, options)
-  const credentials = buildCredentials(options)
-  store = {
-    app: vueApp,
-    facade,
-    options: moduleOptions,
-    credentials,
-    coreApi: null,
-    zoneContext: null,
-    windowManager: null,
-    appStore: null,
-  }
-  registerAppHubStore(vueApp, store)
-  vueApp.provide('apphubOptions', moduleOptions)
-  vueApp.provide('apphubHostApp', vueApp)
-  vueApp.component('AppHubDesktop', AppHubDesktop)
-  vueApp.component('AppHubRunner', AppHubRunner)
-  ensureModuleInfrastructure(vueApp, store)
-  void startBootstrapSession(store)
-  return facade
-}
-/** Whether installAppHubModule has been called for this Vue app instance. */
-export function isAppHubModuleInstalled(vueApp) {
-  return vueApp != null && getAppHubStore(vueApp) != null
-}
-export { useAppHubHostApi } from './composables/useAppHubHostApi.js'
-export { useAppHubZoneContext } from './composables/useAppHubZoneContext.js'
-export { createAppHubApi } from './api/index.js'
-export { createCoreApi } from './api/coreApi.js'
-export { AppHubDesktop } from './modules/desktop/index.js'
-export {
-  createDesktopNotificationsState,
-  useDesktopNotifications,
-  AppHubDesktopNotifications,
-  parseApiError,
-} from './modules/notifications/index.js'
-export { AppHubRunner } from './modules/runner/index.js'
-export { resolveLang } from './i18n/resolveLang.js'
-export { resolveTheme, normalizeTheme, isThemeLocked } from './i18n/resolveTheme.js'
-export { t } from './i18n/index.js'
-export {
-  evaluateOriginSafety,
-  isEmbeddedFrame,
-  isLocalDevOrigin,
-  parseOriginsFromBootstrap,
-  resolveEffectiveOrigins,
-  ORIGIN_UNSAFE_SAME_ORIGIN_EMBED,
-  ORIGIN_UNSAFE_NOT_CONFIGURED,
-  ORIGIN_UNSAFE_WRONG_ORIGIN,
-  ORIGIN_UNSAFE_RUNTIME_NOT_CONFIGURED,
-  ORIGIN_UNSAFE_RUNTIME_SAME_ORIGIN,
-  resolveRuntimeApiBase,
-} from './utils/originSafety.js'
-/** True when installAppHubModule blocked due to unsafe same-origin embed. */
-export function isAppHubOriginBlocked(vueApp) {
-  const store = getAppHubStore(vueApp)
-  return store?.options?.originBlocked === true
-}
-export * from './modules/app-store/index.js'
-export * from './modules/window-manager/index.js'
-export * from './modules/runner/index.js'
+import './modules/desktop/styles/desktop.css'
+import './modules/desktop/styles/theme.css'
+import { reactive } from 'vue'
+import { createAppHubApi } from './api/index.js'
+import { createCoreApi } from './api/coreApi.js'
+import { createZoneContextState } from './composables/createZoneContext.js'
+import { APPHUB_ZONE_CONTEXT_KEY } from './composables/useAppHubZoneContext.js'
+import { createAppStoreState, provideAppStore } from './modules/app-store/index.js'
+import { AppHubDesktop } from './modules/desktop/index.js'
+import { AppHubRunner } from './modules/runner/index.js'
+import { getAppHubStore, registerAppHubStore, APPHUB_MODULE_STORE_KEY } from './moduleStore.js'
+import {
+  createWindowManagerState,
+  provideWindowManager,
+} from './modules/window-manager/index.js'
+import {
+  evaluateOriginSafety,
+  parseDevUserFromBootstrap,
+  parseOriginsFromBootstrap,
+} from './utils/originSafety.js'
+import { loadDevFriendlyOriginsPreference } from './utils/devOriginSettings.js'
+import {
+  bootstrapResponseFromCache,
+  loadBootstrapCache,
+  saveBootstrapCache,
+} from './utils/bootstrapCache.js'
+const bootstrapInflight = new WeakMap()
+function buildPublicOptions(options = {}) {
+  const origins = Array.isArray(options.allowedRuntimeOrigins)
+    ? options.allowedRuntimeOrigins.filter((o) => typeof o === 'string')
+    : []
+  return {
+    language: options.language || 'vi',
+    theme: options.theme ?? 'auto',
+    themeToggle: options.themeToggle,
+    openAppStoreOnMount: options.openAppStoreOnMount !== false,
+    allowedRuntimeOrigins: origins,
+    coreUrl: options.coreUrl || '',
+    backendUrl: (options.backendUrl || '').replace(/\/$/, ''),
+    hasToken: !!(options.token),
+    allowSameOriginEmbed: options.allowSameOriginEmbed === true,
+    allowUnsafeOrigin: options.allowUnsafeOrigin === true,
+    hubOrigin: typeof options.hubOrigin === 'string' ? options.hubOrigin.trim() : '',
+    runtimePublicUrl: typeof options.runtimePublicUrl === 'string' ? options.runtimePublicUrl.trim() : '',
+    enforceDedicatedHubOrigin: options.enforceDedicatedHubOrigin !== false,
+    enforceIsolatedHostedRuntime: options.enforceIsolatedHostedRuntime !== false,
+    allowSameOriginHostedRuntime: options.allowSameOriginHostedRuntime === true,
+    hostedSandboxSameOrigin: options.hostedSandboxSameOrigin === true,
+    enforceDevFriendlyOrigins: typeof options.enforceDevFriendlyOrigins === 'boolean'
+      ? options.enforceDevFriendlyOrigins
+      : true,
+    isDevUser: options.isDevUser === true,
+    serverHubPublicUrl: typeof options.serverHubPublicUrl === 'string' ? options.serverHubPublicUrl.trim() : '',
+    serverFrontendOrigin: typeof options.serverFrontendOrigin === 'string' ? options.serverFrontendOrigin.trim() : '',
+    serverRuntimePublicUrl: typeof options.serverRuntimePublicUrl === 'string' ? options.serverRuntimePublicUrl.trim() : '',
+    serverOriginsAuto: options.serverOriginsAuto === true,
+    serverOriginsResolved: options.serverOriginsResolved === true,
+    originBootstrapLoading: options.originBootstrapLoading === true,
+    originBlocked: false,
+    originCheckPending: false,
+    originBlockReason: null,
+    originBlockParentOrigin: null,
+    originBlockExpectedHubOrigin: null,
+    originBlockExpectedRuntimeOrigin: null,
+  }
+}
+/** @param {Record<string, unknown>} target */
+function applyOriginSafety(target, sourceOptions = {}) {
+  const check = evaluateOriginSafety({ ...target, ...sourceOptions })
+  target.originBootstrapLoading = check.loading === true
+  target.originCheckPending = check.pending === true
+  target.originBlocked = !check.safe && check.loading !== true
+  target.originBlockReason = check.reason
+  target.originBlockParentOrigin = check.parentOrigin
+  target.originBlockExpectedHubOrigin = check.expectedHubOrigin
+  target.originBlockExpectedRuntimeOrigin = check.expectedRuntimeOrigin
+  return check
+}
+function parseUserFromBootstrap(resp) {
+  const data = resp?.data?.data ?? resp?.data ?? {}
+  const user = data.user
+  if (!user || user.id == null) return null
+  return {
+    id: user.id,
+    name: user.name ?? String(user.id),
+  }
+}
+function applyBootstrapOrigins(store, bootstrapResponse, { fromCache = false } = {}) {
+  const {
+    hubPublicUrl,
+    frontendOrigin,
+    runtimePublicUrl,
+    originsAuto,
+  } = parseOriginsFromBootstrap(bootstrapResponse)
+  store.options.isDevUser = parseDevUserFromBootstrap(bootstrapResponse)
+  store.options.serverOriginsAuto = originsAuto
+  if (!store.options.isDevUser) {
+    store.options.enforceDevFriendlyOrigins = true
+  } else {
+    store.options.enforceDevFriendlyOrigins = loadDevFriendlyOriginsPreference()
+  }
+  if (hubPublicUrl) {
+    store.options.serverHubPublicUrl = hubPublicUrl
+  }
+  if (frontendOrigin) {
+    store.options.serverFrontendOrigin = frontendOrigin
+  }
+  if (runtimePublicUrl) {
+    store.options.serverRuntimePublicUrl = runtimePublicUrl
+    if (!store.options.runtimePublicUrl) store.options.runtimePublicUrl = runtimePublicUrl
+  }
+  store.options.serverOriginsResolved = true
+  if (!fromCache) {
+    saveBootstrapCache(store.credentials.backendUrl, bootstrapResponse)
+  }
+  const user = parseUserFromBootstrap(bootstrapResponse)
+  if (user && store.zoneContext?.state) {
+    store.zoneContext.state.user.id = user.id
+    store.zoneContext.state.user.name = user.name
+  }
+  // Reconcile while originBootstrapLoading may still be true so enableModuleApi runs
+  // after disableModuleServices (wasLoading must be captured before clearing the flag).
+  reconcileOriginSafety(store)
+  store.options.originBootstrapLoading = false
+  applyOriginSafety(store.options)
+}
+function applyCachedBootstrapIfAny(store) {
+  const cached = loadBootstrapCache(store.credentials.backendUrl)
+  if (!cached) return false
+  applyBootstrapOrigins(store, bootstrapResponseFromCache(cached), { fromCache: true })
+  return true
+}
+async function fetchBootstrapSession(store) {
+  let promise = bootstrapInflight.get(store)
+  if (promise) return promise
+  promise = (async () => {
+    syncApi(store)
+    if (!store.facade?.bootstrap) return
+    const res = await store.facade.bootstrap()
+    if (res) applyBootstrapOrigins(store, res)
+  })().catch(() => {
+    store.options.originBootstrapLoading = false
+    if (!store.options.serverOriginsResolved) {
+      reconcileOriginSafety(store)
+    }
+  }).finally(() => {
+    bootstrapInflight.delete(store)
+  })
+  bootstrapInflight.set(store, promise)
+  return promise
+}
+function startBootstrapSession(store) {
+  const { backendUrl, token } = store.credentials
+  if (!backendUrl || !token) {
+    store.options.originBootstrapLoading = false
+    reconcileOriginSafety(store)
+    return Promise.resolve()
+  }
+  syncApi(store)
+  applyOriginSafety(store.options)
+  const hadCache = applyCachedBootstrapIfAny(store)
+  if (!hadCache && !store.options.originBlocked) {
+    store.options.originBootstrapLoading = true
+    store.options.originBlocked = false
+    applyOriginSafety(store.options)
+    disableModuleServices(store)
+  }
+  return fetchBootstrapSession(store)
+}
+function reconcileOriginSafety(store) {
+  const wasBlocked = store.options.originBlocked === true
+  const wasLoading = store.options.originBootstrapLoading === true
+  applyOriginSafety(store.options)
+  if (store.options.originBootstrapLoading) {
+    disableModuleServices(store)
+    return
+  }
+  if (store.options.originBlocked && !wasBlocked) {
+    disableModuleServices(store)
+  } else if (!store.options.originBlocked && (wasBlocked || wasLoading)) {
+    enableModuleApi(store)
+  }
+}
+function disableModuleServices(store) {
+  store.facade.setImpl(null)
+  store.coreApi = null
+}
+/** Window manager + app store — required even when origin is blocked (AppHubDesktop setup). */
+function ensureModuleInfrastructure(vueApp, store) {
+  ensureZoneContext(vueApp, store)
+  ensureModuleState(vueApp, store)
+}
+function enableModuleApi(store) {
+  syncApi(store)
+  syncZoneContext(store)
+}
+function enableModuleServices(vueApp, store) {
+  ensureModuleInfrastructure(vueApp, store)
+  enableModuleApi(store)
+}
+function buildCredentials(options = {}) {
+  return {
+    coreUrl: options.coreUrl || '',
+    backendUrl: options.backendUrl || '',
+    token: options.token || '',
+    hostAccessSecret: options.hostAccessSecret || '',
+  }
+}
+function createApiFacade() {
+  let impl = null
+  return {
+    setImpl(next) {
+      impl = next
+    },
+    hasImpl() {
+      return impl != null
+    },
+    bootstrap: (...args) => impl?.bootstrap?.(...args),
+    apps: (...args) => impl?.apps?.(...args),
+    launch: (...args) => impl?.launch?.(...args),
+    ping: (...args) => impl?.ping?.(...args),
+    verifyLaunchToken: (...args) => impl?.verifyLaunchToken?.(...args),
+    usage: (...args) => impl?.usage?.(...args),
+    devApps: (...args) => impl?.devApps?.(...args),
+    devInspectBundle: (...args) => impl?.devInspectBundle?.(...args),
+    devDisableApp: (...args) => impl?.devDisableApp?.(...args),
+    devSetAppStatus: (...args) => impl?.devSetAppStatus?.(...args),
+    registerApp: (...args) => impl?.registerApp?.(...args),
+    appVersions: (...args) => impl?.appVersions?.(...args),
+    integrationDocs: (...args) => impl?.integrationDocs?.(...args),
+    integrationDocsInternal: (...args) => impl?.integrationDocsInternal?.(...args),
+    grantBridgeScope: (...args) => impl?.grantBridgeScope?.(...args),
+    bridgeUser: (...args) => impl?.bridgeUser?.(...args),
+    bridgeDesktopMessage: (...args) => impl?.bridgeDesktopMessage?.(...args),
+  }
+}
+function credentialsUnchanged(prev, next) {
+  return prev.backendUrl === next.backendUrl
+    && prev.token === next.token
+    && prev.coreUrl === next.coreUrl
+    && prev.hostAccessSecret === next.hostAccessSecret
+}
+function applyModuleOptions(store, options = {}) {
+  const prevCredentials = { ...store.credentials }
+  const nextCredentials = buildCredentials(options)
+  Object.assign(store.credentials, nextCredentials)
+  const credsUnchanged = credentialsUnchanged(prevCredentials, nextCredentials)
+  const nextPublic = buildPublicOptions({ ...options, token: options.token ?? store.credentials.token })
+  Object.assign(store.options, {
+    language: nextPublic.language,
+    theme: nextPublic.theme,
+    themeToggle: nextPublic.themeToggle,
+    openAppStoreOnMount: nextPublic.openAppStoreOnMount,
+    allowedRuntimeOrigins: nextPublic.allowedRuntimeOrigins,
+    coreUrl: nextPublic.coreUrl,
+    backendUrl: nextPublic.backendUrl,
+    hasToken: nextPublic.hasToken,
+    allowSameOriginEmbed: nextPublic.allowSameOriginEmbed,
+    allowUnsafeOrigin: nextPublic.allowUnsafeOrigin,
+    hubOrigin: nextPublic.hubOrigin,
+    runtimePublicUrl: nextPublic.runtimePublicUrl,
+    enforceDedicatedHubOrigin: nextPublic.enforceDedicatedHubOrigin,
+    enforceIsolatedHostedRuntime: nextPublic.enforceIsolatedHostedRuntime,
+    allowSameOriginHostedRuntime: nextPublic.allowSameOriginHostedRuntime,
+    hostedSandboxSameOrigin: nextPublic.hostedSandboxSameOrigin,
+    enforceDevFriendlyOrigins: nextPublic.enforceDevFriendlyOrigins,
+  })
+  applyOriginSafety(store.options, options)
+  if (store.credentials.backendUrl && store.credentials.token) {
+    if (credsUnchanged) {
+      reconcileOriginSafety(store)
+    } else {
+      void startBootstrapSession(store)
+    }
+  } else {
+    reconcileOriginSafety(store)
+  }
+}
+function syncApi(store) {
+  const { credentials, facade, zoneContext } = store
+  const api = credentials.backendUrl && credentials.token
+    ? createAppHubApi(credentials.backendUrl, credentials.token, {
+        hostAccessSecret: credentials.hostAccessSecret,
+        getZoneHeaderId: () => zoneContext?.getZoneHeaderId?.() ?? null,
+      })
+    : null
+  facade.setImpl(api)
+}
+function syncCoreApi(store) {
+  const { credentials } = store
+  store.coreApi = credentials.coreUrl && credentials.token
+    ? createCoreApi(credentials.coreUrl, credentials.token)
+    : null
+}
+function ensureZoneContext(app, store) {
+  if (store.zoneContext) return
+  store.zoneContext = createZoneContextState(
+    () => store.coreApi,
+    () => store.facade,
+    {
+      ensureBootstrapSession: () => fetchBootstrapSession(store),
+    },
+  )
+  app.provide(APPHUB_ZONE_CONTEXT_KEY, store.zoneContext)
+}
+function syncZoneContext(store) {
+  syncCoreApi(store)
+  if (store.zoneContext) {
+    store.zoneContext.refresh({ skipBootstrap: true })
+  }
+}
+function ensureModuleState(app, store) {
+  if (store.windowManager && store.appStore) {
+    return
+  }
+  store.windowManager = createWindowManagerState()
+  store.appStore = createAppStoreState()
+  provideWindowManager(app, store.windowManager)
+  provideAppStore(app, store.appStore)
+}
+/**
+ * Install App Hub — Windows desktop shell + modular apps (App Store default).
+ * Returns host API facade — keep in host app code, not publisher apps.
+ */
+export function installAppHubModule(vueApp, options = {}) {
+  let store = getAppHubStore(vueApp)
+  if (store) {
+    vueApp.provide('apphubHostApp', vueApp)
+    vueApp.provide(APPHUB_MODULE_STORE_KEY, store)
+    applyModuleOptions(store, options)
+    ensureModuleInfrastructure(vueApp, store)
+    reconcileOriginSafety(store)
+    return store.facade
+  }
+  const facade = createApiFacade()
+  const moduleOptions = reactive(buildPublicOptions(options))
+  applyOriginSafety(moduleOptions, options)
+  const credentials = buildCredentials(options)
+  store = {
+    app: vueApp,
+    facade,
+    options: moduleOptions,
+    credentials,
+    coreApi: null,
+    zoneContext: null,
+    windowManager: null,
+    appStore: null,
+  }
+  registerAppHubStore(vueApp, store)
+  vueApp.provide('apphubOptions', moduleOptions)
+  vueApp.provide('apphubHostApp', vueApp)
+  vueApp.provide(APPHUB_MODULE_STORE_KEY, store)
+  vueApp.component('AppHubDesktop', AppHubDesktop)
+  vueApp.component('AppHubRunner', AppHubRunner)
+  ensureModuleInfrastructure(vueApp, store)
+  void startBootstrapSession(store)
+  return facade
+}
+/** Whether installAppHubModule has been called for this Vue app instance. */
+export function isAppHubModuleInstalled(vueApp) {
+  return vueApp != null && getAppHubStore(vueApp) != null
+}
+export { useAppHubHostApi, useAppHubModuleStore } from './composables/useAppHubHostApi.js'
+export { useAppHubZoneContext } from './composables/useAppHubZoneContext.js'
+export { createAppHubApi } from './api/index.js'
+export { createCoreApi } from './api/coreApi.js'
+export { AppHubDesktop } from './modules/desktop/index.js'
+export {
+  createDesktopNotificationsState,
+  useDesktopNotifications,
+  AppHubDesktopNotifications,
+  parseApiError,
+} from './modules/notifications/index.js'
+export { AppHubRunner } from './modules/runner/index.js'
+export { resolveLang } from './i18n/resolveLang.js'
+export { resolveTheme, normalizeTheme, isThemeLocked } from './i18n/resolveTheme.js'
+export { t } from './i18n/index.js'
+export {
+  evaluateOriginSafety,
+  isEmbeddedFrame,
+  isLocalDevOrigin,
+  parseOriginsFromBootstrap,
+  resolveEffectiveOrigins,
+  ORIGIN_UNSAFE_SAME_ORIGIN_EMBED,
+  ORIGIN_UNSAFE_NOT_CONFIGURED,
+  ORIGIN_UNSAFE_WRONG_ORIGIN,
+  ORIGIN_UNSAFE_RUNTIME_NOT_CONFIGURED,
+  ORIGIN_UNSAFE_RUNTIME_SAME_ORIGIN,
+  resolveRuntimeApiBase,
+} from './utils/originSafety.js'
+/** True when installAppHubModule blocked due to unsafe same-origin embed. */
+export function isAppHubOriginBlocked(vueApp) {
+  const store = getAppHubStore(vueApp)
+  return store?.options?.originBlocked === true
+}
+export * from './modules/app-store/index.js'
+export * from './modules/window-manager/index.js'
+export * from './modules/runner/index.js'

package/src/moduleStore.js CHANGED Viewed

@@ -1,5 +1,18 @@
-/** Private per-Vue-app store — not exposed via provide/inject. */
-const installedApps = new WeakMap()
+/** Internal inject key — package components only; not part of public host API. */
+export const APPHUB_MODULE_STORE_KEY = Symbol('apphubModuleStore')
+const REGISTRY_KEY = '__kennofizet_apphub_installed_apps__'
+/** Shared WeakMap — Vite may load this module twice (host bundle vs SFC chunks). */
+function getInstalledAppsRegistry() {
+  const root = typeof globalThis !== 'undefined' ? globalThis : global
+  if (!root[REGISTRY_KEY]) {
+    root[REGISTRY_KEY] = new WeakMap()
+  }
+  return root[REGISTRY_KEY]
+}
+const installedApps = getInstalledAppsRegistry()
 export function registerAppHubStore(app, store) {
   installedApps.set(app, store)

package/src/modules/app-store/components/AppHubAppStoreApp.vue CHANGED Viewed

@@ -97,11 +97,11 @@
 </template>
 <script setup>
-import { computed, getCurrentInstance, inject, onMounted, ref, watch } from 'vue'
+import { computed, inject, onMounted, ref, watch } from 'vue'
 import {
-  getHostApiForApp,
-  isBackendReadyForApp,
-  resolveRootApp,
+  isBackendReadyFromStore,
+  useAppHubHostApi,
+  useAppHubModuleStore,
 } from '../../../composables/useAppHubHostApi.js'
 import { useAppHubZoneContext } from '../../../composables/useAppHubZoneContext.js'
 import { t } from '../../../i18n/index.js'
@@ -109,7 +109,6 @@ import { resolveLang } from '../../../i18n/resolveLang.js'
 import { CATALOG_MODE_STORE } from '../constants/catalogModes.js'
 import { useCatalogInfiniteScroll } from '../composables/useCatalogInfiniteScroll.js'
 import { useAppStore } from '../composables/useAppStore.js'
-import { apphubDebug, describeApp, describeHostApi } from '../../../utils/apphubDebug.js'
 import AppHubAppStoreCard from './AppHubAppStoreCard.vue'
 import AppHubAppStoreSettingsPanel from './AppHubAppStoreSettingsPanel.vue'
@@ -123,8 +122,9 @@ const props = defineProps({
 const settingsOpen = ref(false)
 const appStore = useAppStore()
 const catalog = appStore.catalogs.store
-const rootApp = inject('apphubHostApp', null) ?? resolveRootApp(getCurrentInstance())
-const rootAppSource = inject('apphubHostApp', null) ? 'inject' : 'resolveRootApp'
+const hubStore = useAppHubModuleStore()
+const hostApi = useAppHubHostApi()
+const rootApp = inject('apphubHostApp', null)
 const zone = useAppHubZoneContext()
 const moduleOptions = inject('apphubOptions', {})
 const lang = computed(() => resolveLang(moduleOptions?.language, 'vi'))
@@ -154,35 +154,17 @@ const labels = computed(() => ({
 function hostApiOptions() {
   return {
-    backendReady: isBackendReadyForApp(rootApp),
+    backendReady: isBackendReadyFromStore(hubStore),
     mode: CATALOG_MODE_STORE,
   }
 }
-async function reloadCatalog(source = 'manual') {
-  if (!rootApp) {
-    apphubDebug('app-store', 'reloadCatalog skipped — no rootApp', { source, rootAppSource })
-    return
-  }
-  const hostApi = getHostApiForApp(rootApp)
-  const opts = hostApiOptions()
-  apphubDebug('app-store', 'reloadCatalog', {
-    source,
-    rootAppSource,
-    ...describeApp(rootApp),
-    ...describeHostApi(hostApi),
-    backendReady: opts.backendReady,
-    originBootstrapLoading: moduleOptions?.originBootstrapLoading,
-    originBlocked: moduleOptions?.originBlocked,
-    catalogLoaded: catalog.loaded,
-    catalogError: catalog.error,
-  })
-  await appStore.loadCatalog(hostApi, opts)
+async function reloadCatalog() {
+  await appStore.loadCatalog(hostApi, hostApiOptions())
 }
 async function loadMore() {
-  if (!rootApp) return
-  await appStore.loadMoreCatalog(getHostApiForApp(rootApp), CATALOG_MODE_STORE, hostApiOptions())
+  await appStore.loadMoreCatalog(hostApi, CATALOG_MODE_STORE, hostApiOptions())
 }
 const { rootRef: scrollRoot, sentinelRef: scrollSentinel } = useCatalogInfiniteScroll({
@@ -209,28 +191,21 @@ async function onUninstall(app) {
 }
 onMounted(() => {
-  if (!catalog.loaded) reloadCatalog('onMounted')
+  if (!catalog.loaded) reloadCatalog()
 })
 watch(
   () => moduleOptions?.hasToken,
   (hasToken) => {
-    if (hasToken && !catalog.loaded) reloadCatalog('watch:hasToken')
+    if (hasToken && !catalog.loaded) reloadCatalog()
   },
 )
 watch(
   () => moduleOptions?.originBootstrapLoading,
   (loading, wasLoading) => {
-    apphubDebug('app-store', 'watch originBootstrapLoading', {
-      loading,
-      wasLoading,
-      originBlocked: moduleOptions?.originBlocked,
-      catalogLoaded: catalog.loaded,
-      catalogError: catalog.error,
-    })
     if (wasLoading && !loading && !moduleOptions?.originBlocked) {
-      if (!catalog.loaded || catalog.error === 'no_api') reloadCatalog('watch:bootstrap-done')
+      if (!catalog.loaded || catalog.error === 'no_api') reloadCatalog()
     }
   },
 )
@@ -238,7 +213,7 @@ watch(
 watch(
   () => [zone?.state?.selectedZoneId, zone?.state?.viewAllZones],
   () => {
-    if (moduleOptions?.hasToken) reloadCatalog('watch:zone')
+    if (moduleOptions?.hasToken) reloadCatalog()
   },
 )
 </script>

package/src/modules/app-store/components/AppHubDraftStoreApp.vue CHANGED Viewed

@@ -62,11 +62,11 @@
 </template>
 <script setup>
-import { computed, getCurrentInstance, inject, onMounted, reactive, ref, watch } from 'vue'
+import { computed, inject, onMounted, reactive, ref, watch } from 'vue'
 import {
-  getHostApiForApp,
-  isBackendReadyForApp,
-  resolveRootApp,
+  isBackendReadyFromStore,
+  useAppHubHostApi,
+  useAppHubModuleStore,
 } from '../../../composables/useAppHubHostApi.js'
 import { useAppHubZoneContext } from '../../../composables/useAppHubZoneContext.js'
 import { t } from '../../../i18n/index.js'
@@ -83,7 +83,9 @@ const props = defineProps({
 const appStore = useAppStore()
 const catalog = appStore.catalogs.draft
-const rootApp = inject('apphubHostApp', null) ?? resolveRootApp(getCurrentInstance())
+const hubStore = useAppHubModuleStore()
+const hostApi = useAppHubHostApi()
+const rootApp = inject('apphubHostApp', null)
 const zone = useAppHubZoneContext()
 const moduleOptions = inject('apphubOptions', {})
 const lang = computed(() => resolveLang(moduleOptions?.language, 'vi'))
@@ -119,19 +121,17 @@ const labels = computed(() => ({
 function hostApiOptions() {
   return {
-    backendReady: isBackendReadyForApp(rootApp),
+    backendReady: isBackendReadyFromStore(hubStore),
     mode: CATALOG_MODE_DRAFT,
   }
 }
 async function reloadCatalog() {
-  if (!rootApp) return
-  await appStore.loadCatalog(getHostApiForApp(rootApp), hostApiOptions())
+  await appStore.loadCatalog(hostApi, hostApiOptions())
 }
 async function loadMore() {
-  if (!rootApp) return
-  await appStore.loadMoreCatalog(getHostApiForApp(rootApp), CATALOG_MODE_DRAFT, hostApiOptions())
+  await appStore.loadMoreCatalog(hostApi, CATALOG_MODE_DRAFT, hostApiOptions())
 }
 const { rootRef: scrollRoot, sentinelRef: scrollSentinel } = useCatalogInfiniteScroll({
@@ -150,7 +150,7 @@ async function onUninstall(app) {
 }
 async function onPing(app) {
-  const api = getHostApiForApp(rootApp)
+  const api = hostApi
   if (!api?.ping || !app?.slug) return
   pingingSlug.value = app.slug
   delete pingResults[app.slug]

package/src/modules/app-store/composables/useAppStore.js CHANGED Viewed

@@ -1,7 +1,6 @@
 import { computed, inject, reactive } from 'vue'
 import { CATALOG_MODE_DRAFT, CATALOG_MODE_STORE } from '../constants/catalogModes.js'
 import { normalizeCatalogList } from '../utils/normalizeCatalogApp.js'
-import { apphubDebug, describeHostApi } from '../../../utils/apphubDebug.js'
 const APP_STORE_KEY = 'apphubAppStore'
@@ -109,20 +108,7 @@ export function createAppStoreState(options = {}) {
     const append = options.append === true
     const backendReady = options.backendReady !== false
-    apphubDebug('catalog', 'loadCatalog called', {
-      mode,
-      append,
-      backendReady,
-      ...describeHostApi(hostApi),
-    })
     if (!backendReady || !hostApiReady(hostApi)) {
-      apphubDebug('catalog', 'loadCatalog → no_api (not ready)', {
-        mode,
-        append,
-        backendReady,
-        ...describeHostApi(hostApi),
-      })
       if (!append) {
         bucket.items = []
         bucket.error = 'no_api'
@@ -151,16 +137,8 @@ export function createAppStoreState(options = {}) {
       }
       const res = await hostApi.apps(params)
-      apphubDebug('catalog', 'loadCatalog apps() response', {
-        mode,
-        append,
-        ...describeHostApi(hostApi),
-        resUndefined: res === undefined,
-        resNull: res === null,
-      })
       if (res === undefined || res === null) {
         if (!append) {
-          apphubDebug('catalog', 'loadCatalog → no_api (undefined response)', { mode })
           bucket.items = []
           bucket.error = 'no_api'
           bucket.loaded = false

package/src/utils/apphubDebug.js DELETED Viewed

@@ -1,47 +0,0 @@
-/** Temporary diagnostics — filter console with `[apphub:debug]`. Disable: localStorage.setItem('apphub:debug','0') */
-export function isAppHubDebugEnabled() {
-  try {
-    if (typeof localStorage !== 'undefined' && localStorage.getItem('apphub:debug') === '0') {
-      return false
-    }
-    if (typeof window !== 'undefined' && window.__APPHUB_DEBUG__ === false) {
-      return false
-    }
-  } catch {
-    /* ignore */
-  }
-  return true
-}
-export function apphubDebug(scope, message, data) {
-  if (!isAppHubDebugEnabled()) return
-  const payload = data !== undefined ? { ts: Date.now(), ...data } : { ts: Date.now() }
-  console.info(`[apphub:debug] ${scope}: ${message}`, payload)
-}
-export function describeHostApi(hostApi) {
-  if (!hostApi) return { hostApi: null }
-  return {
-    hasImpl: typeof hostApi.hasImpl === 'function' ? hostApi.hasImpl() : null,
-    hasAppsFn: typeof hostApi.apps === 'function',
-  }
-}
-export function describeStore(store) {
-  if (!store) return { store: null }
-  return {
-    hasImpl: store.facade?.hasImpl?.() ?? null,
-    originBootstrapLoading: store.options?.originBootstrapLoading ?? null,
-    originBlocked: store.options?.originBlocked ?? null,
-    originBlockReason: store.options?.originBlockReason ?? null,
-    hasToken: store.options?.hasToken ?? null,
-    backendUrl: store.credentials?.backendUrl ? '(set)' : '(empty)',
-    token: store.credentials?.token ? `(len ${store.credentials.token.length})` : '(empty)',
-    serverOriginsResolved: store.options?.serverOriginsResolved ?? null,
-  }
-}
-export function describeApp(app) {
-  if (!app) return { app: null }
-  return { appUid: app._uid ?? null }
-}