@nowline/embed 0.4.2 → 0.5.0

package/dist/share.d.ts

@@ -1,4 +1,3 @@
-/** Default share destination — the Nowline Free app's open route. */
 export declare const DEFAULT_SHARE_BASE = "https://free.nowline.io/open";
 /**
  * The `share` initialize option selects where share links point.

package/dist/share.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"share.d.ts","sourceRoot":"","sources":["../src/share.ts"],"names":[],"mappings":"AAeA,qEAAqE;AACrE,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AAEjE;;;;;;;;;;GAUG;AACH,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC;AAE7F;;;;;;;GAOG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEjD;AAgBD,MAAM,WAAW,qBAAqB;IAClC,mEAAmE;IACnE,MAAM,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,iDAAiD;IACjD,KAAK,EAAE,WAAW,CAAC;CACtB;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,qBAAqB,GAAG,MAAM,GAAG,IAAI,CAwBjG"}
+{"version":3,"file":"share.d.ts","sourceRoot":"","sources":["../src/share.ts"],"names":[],"mappings":"AAeA,eAAO,MAAM,kBAAkB,iCAAiC,CAAC;AAEjE;;;;;;;;;;GAUG;AACH,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC;AAE7F;;;;;;;GAOG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEjD;AAgBD,MAAM,WAAW,qBAAqB;IAClC,mEAAmE;IACnE,MAAM,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,iDAAiD;IACjD,KAAK,EAAE,WAAW,CAAC;CACtB;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,qBAAqB,GAAG,MAAM,GAAG,IAAI,CAwBjG"}

package/dist/share.js

@@ -11,7 +11,6 @@
 //
 // Sync, works on every browser, no feature-detect.
 import { zlibSync } from 'fflate';
-/** Default share destination — the Nowline Free app's open route. */
 export const DEFAULT_SHARE_BASE = 'https://free.nowline.io/open';
 /**
  * Encode source text → `#text=<base64url(zlib(utf8(source)))>`.

package/dist/share.js.map

@@ -1 +1 @@
-{"version":3,"file":"share.js","sourceRoot":"","sources":["../src/share.ts"],"names":[],"mappings":"AAAA,mEAAmE;AACnE,kDAAkD;AAClD,EAAE;AACF,4DAA4D;AAC5D,wCAAwC;AACxC,qBAAqB;AACrB,EAAE;AACF,mEAAmE;AACnE,mEAAmE;AACnE,WAAW;AACX,EAAE;AACF,mDAAmD;AAEnD,OAAO,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAElC,qEAAqE;AACrE,MAAM,CAAC,MAAM,kBAAkB,GAAG,8BAA8B,CAAC;AAejE;;;;;;;GAOG;AACH,MAAM,UAAU,UAAU,CAAC,MAAc;IACrC,OAAO,SAAS,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;AAC7C,CAAC;AAED,iEAAiE;AACjE,SAAS,cAAc,CAAC,MAAc;IAClC,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,iEAAiE;IACjE,uCAAuC;IACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,4CAA4C;IAClE,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC;QAChD,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAChF,CAAC;AAeD;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAyB;IAC9E,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5B,wCAAwC;QACxC,IAAI,SAAS,KAAK,SAAS,IAAI,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,OAAO,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,2EAA2E;IAC3E,MAAM,IAAI,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,KAAK,CAAC;IACzD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC;IAE1B,IAAI,SAAS,KAAK,SAAS,IAAI,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjD,GAAG,CAAC,IAAI,GAAG,OAAO,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;IACtD,CAAC;SAAM,CAAC;QACJ,GAAG,CAAC,IAAI,GAAG,QAAQ,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;IAChD,CAAC;IAED,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AAC1B,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IACzB,IAAI,CAAC;QACD,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;AACL,CAAC"}
+{"version":3,"file":"share.js","sourceRoot":"","sources":["../src/share.ts"],"names":[],"mappings":"AAAA,mEAAmE;AACnE,kDAAkD;AAClD,EAAE;AACF,4DAA4D;AAC5D,wCAAwC;AACxC,qBAAqB;AACrB,EAAE;AACF,mEAAmE;AACnE,mEAAmE;AACnE,WAAW;AACX,EAAE;AACF,mDAAmD;AAEnD,OAAO,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAElC,MAAM,CAAC,MAAM,kBAAkB,GAAG,8BAA8B,CAAC;AAejE;;;;;;;GAOG;AACH,MAAM,UAAU,UAAU,CAAC,MAAc;IACrC,OAAO,SAAS,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;AAC7C,CAAC;AAED,iEAAiE;AACjE,SAAS,cAAc,CAAC,MAAc;IAClC,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnC,iEAAiE;IACjE,uCAAuC;IACvC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,4CAA4C;IAClE,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,CAAC,IAAI,KAAK,EAAE,CAAC;QAChD,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAChF,CAAC;AAeD;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,EAAyB;IAC9E,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,MAAM,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC5B,wCAAwC;QACxC,IAAI,SAAS,KAAK,SAAS,IAAI,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,OAAO,KAAK,CAAC,SAAS,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAC;QAC3E,CAAC;QACD,OAAO,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,2EAA2E;IAC3E,MAAM,IAAI,GAAG,KAAK,KAAK,IAAI,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,KAAK,CAAC;IACzD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC;IAE1B,IAAI,SAAS,KAAK,SAAS,IAAI,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACjD,GAAG,CAAC,IAAI,GAAG,OAAO,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;IACtD,CAAC;SAAM,CAAC;QACJ,GAAG,CAAC,IAAI,GAAG,QAAQ,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC;IAChD,CAAC;IAED,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AAC1B,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IACzB,IAAI,CAAC;QACD,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,KAAK,CAAC;IACjB,CAAC;AACL,CAAC"}

package/dist/theme.d.ts

@@ -1,5 +1,5 @@
-import type { ThemeName } from '@nowline/layout';
-export type EmbedTheme = ThemeName | 'auto';
-export declare function resolveSystemTheme(): ThemeName;
+import { type ThemeName } from '@nowline/layout';
+export type EmbedTheme = ThemeName | 'greyscale' | 'auto';
+export declare function resolveSystemTheme(): 'light' | 'dark';
 export declare function effectiveTheme(theme: EmbedTheme | undefined, systemTheme: ThemeName): ThemeName;
 //# sourceMappingURL=theme.d.ts.map

package/dist/theme.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"theme.d.ts","sourceRoot":"","sources":["../src/theme.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAEjD,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,MAAM,CAAC;AAE5C,wBAAgB,kBAAkB,IAAI,SAAS,CAS9C;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,SAAS,EAAE,WAAW,EAAE,SAAS,GAAG,SAAS,CAG/F"}
+{"version":3,"file":"theme.d.ts","sourceRoot":"","sources":["../src/theme.ts"],"names":[],"mappings":"AAeA,OAAO,EAAsB,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAGrE,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,WAAW,GAAG,MAAM,CAAC;AAE1D,wBAAgB,kBAAkB,IAAI,OAAO,GAAG,MAAM,CASrD;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,GAAG,SAAS,EAAE,WAAW,EAAE,SAAS,GAAG,SAAS,CAG/F"}

package/dist/theme.js

@@ -1,7 +1,8 @@
 // Theme resolution for the embed.
 //
 // Precedence (highest to lowest):
-//   1. `initialize({ theme })` flag (light / dark / auto).
+//   1. `initialize({ theme })` flag (light / dark / grayscale / auto;
+//      `greyscale` is accepted and canonicalized to `grayscale`).
 //   2. The file's own `nowline v1 theme:` directive — handled inside
 //      layout, so we just don't override it when the embed config says
 //      `'auto'` and we have no system preference reading.
@@ -11,6 +12,7 @@
 // flipping the OS theme mid-session does not cause every embedded
 // roadmap on the page to repaint. This matches Mermaid's posture and
 // keeps the embed deterministic for screenshot tools.
+import { normalizeThemeName } from '@nowline/layout';
 export function resolveSystemTheme() {
     if (typeof globalThis === 'undefined')
         return 'light';
@@ -25,8 +27,8 @@ export function resolveSystemTheme() {
     }
 }
 export function effectiveTheme(theme, systemTheme) {
-    if (theme === 'light' || theme === 'dark')
-        return theme;
+    if (theme && theme !== 'auto')
+        return normalizeThemeName(theme) ?? systemTheme;
     return systemTheme;
 }
 //# sourceMappingURL=theme.js.map

package/dist/theme.js.map

@@ -1 +1 @@
-{"version":3,"file":"theme.js","sourceRoot":"","sources":["../src/theme.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,EAAE;AACF,kCAAkC;AAClC,2DAA2D;AAC3D,qEAAqE;AACrE,uEAAuE;AACvE,0DAA0D;AAC1D,yDAAyD;AACzD,EAAE;AACF,sEAAsE;AACtE,kEAAkE;AAClE,qEAAqE;AACrE,sDAAsD;AAMtD,MAAM,UAAU,kBAAkB;IAC9B,IAAI,OAAO,UAAU,KAAK,WAAW;QAAE,OAAO,OAAO,CAAC;IACtD,MAAM,GAAG,GAAI,UAAmE,CAAC,UAAU,CAAC;IAC5F,IAAI,OAAO,GAAG,KAAK,UAAU;QAAE,OAAO,OAAO,CAAC;IAC9C,IAAI,CAAC;QACD,OAAO,GAAG,CAAC,8BAA8B,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,OAAO,CAAC;IACnB,CAAC;AACL,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAA6B,EAAE,WAAsB;IAChF,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IACxD,OAAO,WAAW,CAAC;AACvB,CAAC"}
+{"version":3,"file":"theme.js","sourceRoot":"","sources":["../src/theme.ts"],"names":[],"mappings":"AAAA,kCAAkC;AAClC,EAAE;AACF,kCAAkC;AAClC,sEAAsE;AACtE,kEAAkE;AAClE,qEAAqE;AACrE,uEAAuE;AACvE,0DAA0D;AAC1D,yDAAyD;AACzD,EAAE;AACF,sEAAsE;AACtE,kEAAkE;AAClE,qEAAqE;AACrE,sDAAsD;AAEtD,OAAO,EAAE,kBAAkB,EAAkB,MAAM,iBAAiB,CAAC;AAKrE,MAAM,UAAU,kBAAkB;IAC9B,IAAI,OAAO,UAAU,KAAK,WAAW;QAAE,OAAO,OAAO,CAAC;IACtD,MAAM,GAAG,GAAI,UAAmE,CAAC,UAAU,CAAC;IAC5F,IAAI,OAAO,GAAG,KAAK,UAAU;QAAE,OAAO,OAAO,CAAC;IAC9C,IAAI,CAAC;QACD,OAAO,GAAG,CAAC,8BAA8B,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC;IAC1E,CAAC;IAAC,MAAM,CAAC;QACL,OAAO,OAAO,CAAC;IACnB,CAAC;AACL,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAA6B,EAAE,WAAsB;IAChF,IAAI,KAAK,IAAI,KAAK,KAAK,MAAM;QAAE,OAAO,kBAAkB,CAAC,KAAK,CAAC,IAAI,WAAW,CAAC;IAC/E,OAAO,WAAW,CAAC;AACvB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nowline/embed",
-  "version": "0.4.2",
+  "version": "0.5.0",
   "description": "Browser embed bundle for Nowline. Drop a <script> tag and ```nowline``` blocks render in place.",
   "license": "Apache-2.0",
   "engines": {
@@ -41,15 +41,14 @@
   "dependencies": {
     "fflate": "^0.8.3",
     "langium": "~4.2.4",
-    "@nowline/core": "0.4.2",
-    "@nowline/layout": "0.4.2",
-    "@nowline/renderer": "0.4.2",
-    "@nowline/browser": "0.4.2"
+    "@nowline/browser": "0.5.0",
+    "@nowline/core": "0.5.0",
+    "@nowline/layout": "0.5.0",
+    "@nowline/renderer": "0.5.0"
   },
   "devDependencies": {
     "@types/node": "^25.9.1",
     "esbuild": "^0.28.0",
-    "firebase": "^12.13.0",
     "happy-dom": "^20.9.0",
     "typescript": "^6.0.3",
     "vitest": "^4.1.7"
@@ -59,7 +58,6 @@
     "watch": "tsc -b tsconfig.json --watch",
     "typecheck": "tsc --noEmit -p tsconfig.json",
     "bundle": "node scripts/bundle.mjs",
-    "bundle:dev": "node scripts/bundle.mjs --dev",
     "check-size": "node scripts/check-size.mjs",
     "test": "vitest run",
     "test:watch": "vitest"

package/src/index.ts

@@ -5,17 +5,12 @@
 // The IIFE bundle exposes everything below as `window.nowline.*`. ESM
 // consumers import named exports from the package root.
 
-import { EMBED_SHA, EMBED_VERSION } from './auth/env.js';
-
-// Build-time constant substituted by esbuild's `define` (see
-// `scripts/bundle.mjs`). Reading it directly at the call site (rather
-// than via an `IS_DEV` re-export from env.ts) means esbuild can fold
-// the `if` below to a literal `true`/`false` at minify time and
-// dead-code-eliminate the dynamic-import branch in the prod bundle,
-// stripping `firebase/app` + `firebase/auth` from `dist/nowline.min.js`.
-// The `typeof` guard keeps the file safe to import under vitest, where
-// esbuild's define never runs and the identifier is undeclared.
-declare const __NOWLINE_EMBED_ENV__: string;
+// Build-time constants substituted by esbuild's `define` (see
+// `scripts/bundle.mjs`). The `typeof` guards keep this file safe to
+// import under vitest, where esbuild's define never runs and the
+// identifiers are undeclared.
+declare const __NOWLINE_EMBED_VERSION__: string;
+declare const __NOWLINE_EMBED_SHA__: string;
 
 import {
     __resetAutoScanForTests,
@@ -51,8 +46,10 @@ export {
  * pages and bug reports can identify the exact build without scraping
  * the comment banner.
  */
-export const version: string = EMBED_VERSION;
-export const sha: string = EMBED_SHA;
+export const version: string =
+    typeof __NOWLINE_EMBED_VERSION__ !== 'undefined' ? __NOWLINE_EMBED_VERSION__ : '0.0.0';
+export const sha: string =
+    typeof __NOWLINE_EMBED_SHA__ !== 'undefined' ? __NOWLINE_EMBED_SHA__ : 'unknown';
 
 const DEFAULT_SELECTOR = 'pre code.language-nowline, code.language-nowline';
 
@@ -80,7 +77,8 @@ export interface InitializeOptions {
     today?: Date;
     /**
      * Controls the "Share on Nowline" anchor appended after each rendered SVG.
-     * - `true` (default) — link to `https://free.nowline.io/open#text=…`.
+     * - `true` (default) — link to the Free app open route
+     *   (`https://free.nowline.io/open`).
      * - string — a custom base URL (may include a path); the fragment is appended.
      * - `false` / `'none'` — no anchor rendered.
      * - `{ textUrl, remoteUrl }` — template with `{text}` / `{url}` substitution.
@@ -205,23 +203,6 @@ export const run = init;
 if (typeof document !== 'undefined' && !autoStartScheduled) {
     autoStartScheduled = true;
 
-    // Dev-only Firebase Auth gate (embed.nowline.dev). The condition
-    // reads `__NOWLINE_EMBED_ENV__` directly so esbuild's `define`
-    // substitutes a literal string at minify time — the prod bundle
-    // sees `if ("prod" === "dev")` → `if (false)` and DCEs the dynamic
-    // import that pulls in `firebase/app` + `firebase/auth`.
-    // `check-size.mjs` asserts no `firebase` literal survives in the
-    // prod IIFE as a belt-and-suspenders check.
-    if (typeof __NOWLINE_EMBED_ENV__ !== 'undefined' && __NOWLINE_EMBED_ENV__ === 'dev') {
-        void import('./auth/firebase-auth.client.js')
-            .then(({ startDevAuthGate }) => {
-                startDevAuthGate();
-            })
-            .catch((err) => {
-                console.error('[nowline] dev auth gate failed to load:', err);
-            });
-    }
-
     const start = (): void => {
         if (!config.startOnLoad) return;
         // Fire-and-forget; render errors are surfaced via `console.error`

package/src/share.ts

@@ -13,7 +13,6 @@
 
 import { zlibSync } from 'fflate';
 
-/** Default share destination — the Nowline Free app's open route. */
 export const DEFAULT_SHARE_BASE = 'https://free.nowline.io/open';
 
 /**

package/src/theme.ts

@@ -1,7 +1,8 @@
 // Theme resolution for the embed.
 //
 // Precedence (highest to lowest):
-//   1. `initialize({ theme })` flag (light / dark / auto).
+//   1. `initialize({ theme })` flag (light / dark / grayscale / auto;
+//      `greyscale` is accepted and canonicalized to `grayscale`).
 //   2. The file's own `nowline v1 theme:` directive — handled inside
 //      layout, so we just don't override it when the embed config says
 //      `'auto'` and we have no system preference reading.
@@ -12,11 +13,12 @@
 // roadmap on the page to repaint. This matches Mermaid's posture and
 // keeps the embed deterministic for screenshot tools.
 
-import type { ThemeName } from '@nowline/layout';
+import { normalizeThemeName, type ThemeName } from '@nowline/layout';
 
-export type EmbedTheme = ThemeName | 'auto';
+// `'greyscale'` (UK) is an accepted alias for the canonical `'grayscale'`.
+export type EmbedTheme = ThemeName | 'greyscale' | 'auto';
 
-export function resolveSystemTheme(): ThemeName {
+export function resolveSystemTheme(): 'light' | 'dark' {
     if (typeof globalThis === 'undefined') return 'light';
     const win = (globalThis as { matchMedia?: (q: string) => { matches: boolean } }).matchMedia;
     if (typeof win !== 'function') return 'light';
@@ -28,6 +30,6 @@ export function resolveSystemTheme(): ThemeName {
 }
 
 export function effectiveTheme(theme: EmbedTheme | undefined, systemTheme: ThemeName): ThemeName {
-    if (theme === 'light' || theme === 'dark') return theme;
+    if (theme && theme !== 'auto') return normalizeThemeName(theme) ?? systemTheme;
     return systemTheme;
 }

package/dist/auth/allowlist.d.ts

@@ -1,20 +0,0 @@
-/**
- * Allowlist for the dev embed bundle's Firebase Auth gate.
- *
- * An email is allowlisted if either:
- *   1. Its domain is in ALLOWED_DOMAINS (e.g. anything @nowline.io), OR
- *   2. The exact lowercase email is in ALLOWED_EMAILS.
- *
- * Mirrors the commercial site's `auth-allowlist.ts` so both Lolay
- * dev surfaces (the marketing site and the embed CDN dev tier) share
- * one allowlist policy. Keep this short; when it grows past ~5 entries,
- * migrate to Firebase custom claims (Admin SDK) or a Firestore
- * `allowlist` collection.
- *
- * See specs/embed.md § Bootstrap status (dev auth gate) and
- * the infrastructure deploy runbook § 4 for the deploy-side wiring.
- */
-export declare const ALLOWED_DOMAINS: readonly string[];
-export declare const ALLOWED_EMAILS: readonly string[];
-export declare function isAllowlisted(email: string | null | undefined): boolean;
-//# sourceMappingURL=allowlist.d.ts.map

package/dist/auth/allowlist.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"allowlist.d.ts","sourceRoot":"","sources":["../../src/auth/allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,eAAO,MAAM,eAAe,EAAE,SAAS,MAAM,EAAmB,CAAC;AAEjE,eAAO,MAAM,cAAc,EAAE,SAAS,MAAM,EAE3C,CAAC;AAEF,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAQvE"}

package/dist/auth/allowlist.js

@@ -1,33 +0,0 @@
-/**
- * Allowlist for the dev embed bundle's Firebase Auth gate.
- *
- * An email is allowlisted if either:
- *   1. Its domain is in ALLOWED_DOMAINS (e.g. anything @nowline.io), OR
- *   2. The exact lowercase email is in ALLOWED_EMAILS.
- *
- * Mirrors the commercial site's `auth-allowlist.ts` so both Lolay
- * dev surfaces (the marketing site and the embed CDN dev tier) share
- * one allowlist policy. Keep this short; when it grows past ~5 entries,
- * migrate to Firebase custom claims (Admin SDK) or a Firestore
- * `allowlist` collection.
- *
- * See specs/embed.md § Bootstrap status (dev auth gate) and
- * the infrastructure deploy runbook § 4 for the deploy-side wiring.
- */
-export const ALLOWED_DOMAINS = ['nowline.io'];
-export const ALLOWED_EMAILS = [
-// Add additional allowlisted Google account emails here, one per line.
-];
-export function isAllowlisted(email) {
-    if (!email)
-        return false;
-    const normalized = email.trim().toLowerCase();
-    if (ALLOWED_EMAILS.includes(normalized))
-        return true;
-    const at = normalized.lastIndexOf('@');
-    if (at === -1)
-        return false;
-    const domain = normalized.slice(at + 1);
-    return ALLOWED_DOMAINS.includes(domain);
-}
-//# sourceMappingURL=allowlist.js.map

package/dist/auth/allowlist.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"allowlist.js","sourceRoot":"","sources":["../../src/auth/allowlist.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,MAAM,CAAC,MAAM,eAAe,GAAsB,CAAC,YAAY,CAAC,CAAC;AAEjE,MAAM,CAAC,MAAM,cAAc,GAAsB;AAC7C,uEAAuE;CAC1E,CAAC;AAEF,MAAM,UAAU,aAAa,CAAC,KAAgC;IAC1D,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC9C,IAAI,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,MAAM,EAAE,GAAG,UAAU,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACvC,IAAI,EAAE,KAAK,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5B,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IACxC,OAAO,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAC5C,CAAC"}

package/dist/auth/env.d.ts

@@ -1,23 +0,0 @@
-/**
- * Build-time environment helpers for `@nowline/embed`.
- *
- * `__NOWLINE_EMBED_ENV__` is substituted at bundle time by esbuild's
- * `define` (see `packages/embed/scripts/bundle.mjs`). The substitution
- * lets the prod minified bundle dead-code-eliminate the dev auth gate
- * and its Firebase imports — when the constant folds to the literal
- * string `"prod"`, every `IS_DEV` branch becomes `false` and esbuild's
- * minifier strips the dynamic-import site that pulls in `firebase/app`
- * + `firebase/auth`.
- *
- * The `typeof` guards keep this module safe to import under vitest,
- * where esbuild's define never runs and the identifier is undeclared.
- */
-export type EmbedEnv = 'dev' | 'prod';
-export declare const EMBED_ENV: EmbedEnv;
-export declare const IS_DEV: boolean;
-export declare const IS_PROD: boolean;
-export declare const EMBED_VERSION: string;
-export declare const EMBED_SHA: string;
-export declare const PROD_ORIGIN = "https://embed.nowline.io";
-export declare const DEV_ORIGIN = "https://embed.nowline.dev";
-//# sourceMappingURL=env.d.ts.map

package/dist/auth/env.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../../src/auth/env.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAMH,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;AAEtC,eAAO,MAAM,SAAS,EAAE,QAGR,CAAC;AAEjB,eAAO,MAAM,MAAM,EAAE,OAA6B,CAAC;AACnD,eAAO,MAAM,OAAO,EAAE,OAA8B,CAAC;AAErD,eAAO,MAAM,aAAa,EAAE,MAC8D,CAAC;AAE3F,eAAO,MAAM,SAAS,EAAE,MAC4D,CAAC;AAErF,eAAO,MAAM,WAAW,6BAA6B,CAAC;AACtD,eAAO,MAAM,UAAU,8BAA8B,CAAC"}

package/dist/auth/env.js

@@ -1,24 +0,0 @@
-/**
- * Build-time environment helpers for `@nowline/embed`.
- *
- * `__NOWLINE_EMBED_ENV__` is substituted at bundle time by esbuild's
- * `define` (see `packages/embed/scripts/bundle.mjs`). The substitution
- * lets the prod minified bundle dead-code-eliminate the dev auth gate
- * and its Firebase imports — when the constant folds to the literal
- * string `"prod"`, every `IS_DEV` branch becomes `false` and esbuild's
- * minifier strips the dynamic-import site that pulls in `firebase/app`
- * + `firebase/auth`.
- *
- * The `typeof` guards keep this module safe to import under vitest,
- * where esbuild's define never runs and the identifier is undeclared.
- */
-export const EMBED_ENV = typeof __NOWLINE_EMBED_ENV__ !== 'undefined' && __NOWLINE_EMBED_ENV__ === 'dev'
-    ? 'dev'
-    : 'prod';
-export const IS_DEV = EMBED_ENV === 'dev';
-export const IS_PROD = EMBED_ENV === 'prod';
-export const EMBED_VERSION = typeof __NOWLINE_EMBED_VERSION__ !== 'undefined' ? __NOWLINE_EMBED_VERSION__ : '0.0.0';
-export const EMBED_SHA = typeof __NOWLINE_EMBED_SHA__ !== 'undefined' ? __NOWLINE_EMBED_SHA__ : 'unknown';
-export const PROD_ORIGIN = 'https://embed.nowline.io';
-export const DEV_ORIGIN = 'https://embed.nowline.dev';
-//# sourceMappingURL=env.js.map

package/dist/auth/env.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"env.js","sourceRoot":"","sources":["../../src/auth/env.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAQH,MAAM,CAAC,MAAM,SAAS,GAClB,OAAO,qBAAqB,KAAK,WAAW,IAAI,qBAAqB,KAAK,KAAK;IAC3E,CAAC,CAAC,KAAK;IACP,CAAC,CAAC,MAAM,CAAC;AAEjB,MAAM,CAAC,MAAM,MAAM,GAAY,SAAS,KAAK,KAAK,CAAC;AACnD,MAAM,CAAC,MAAM,OAAO,GAAY,SAAS,KAAK,MAAM,CAAC;AAErD,MAAM,CAAC,MAAM,aAAa,GACtB,OAAO,yBAAyB,KAAK,WAAW,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,OAAO,CAAC;AAE3F,MAAM,CAAC,MAAM,SAAS,GAClB,OAAO,qBAAqB,KAAK,WAAW,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;AAErF,MAAM,CAAC,MAAM,WAAW,GAAG,0BAA0B,CAAC;AACtD,MAAM,CAAC,MAAM,UAAU,GAAG,2BAA2B,CAAC"}

package/dist/auth/firebase-auth.client.d.ts

@@ -1,21 +0,0 @@
-/**
- * Client-side Firebase Auth gate for the dev embed bundle.
- *
- * Mirrors the commercial site's `firebase-auth.client.ts` so the
- * two Lolay dev surfaces share one allowlist UX. Loaded only on the
- * dev build (when `__NOWLINE_EMBED_ENV__ === 'dev'`); the prod build
- * tree-shakes the dynamic import in `src/index.ts` and never pulls
- * `firebase/app` or `firebase/auth` into the IIFE.
- *
- * Renders a full-viewport overlay with z-index 2147483647 so it sits
- * above any host-page content. Until the visitor signs in with an
- * allowlisted Google account, the overlay stays put; once allowlisted,
- * it removes itself and the embed's auto-scan reaches the rendered
- * SVG underneath. The host page is told nothing — the gate is purely
- * client-side, opaque to the embedder.
- *
- * See specs/embed.md § Bootstrap status (dev auth gate) and
- * the infrastructure deploy runbook § 4 for the deploy-side wiring.
- */
-export declare function startDevAuthGate(): void;
-//# sourceMappingURL=firebase-auth.client.d.ts.map

package/dist/auth/firebase-auth.client.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"firebase-auth.client.d.ts","sourceRoot":"","sources":["../../src/auth/firebase-auth.client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAyGH,wBAAgB,gBAAgB,IAAI,IAAI,CAsDvC"}

package/dist/auth/firebase-auth.client.js

@@ -1,146 +0,0 @@
-/**
- * Client-side Firebase Auth gate for the dev embed bundle.
- *
- * Mirrors the commercial site's `firebase-auth.client.ts` so the
- * two Lolay dev surfaces share one allowlist UX. Loaded only on the
- * dev build (when `__NOWLINE_EMBED_ENV__ === 'dev'`); the prod build
- * tree-shakes the dynamic import in `src/index.ts` and never pulls
- * `firebase/app` or `firebase/auth` into the IIFE.
- *
- * Renders a full-viewport overlay with z-index 2147483647 so it sits
- * above any host-page content. Until the visitor signs in with an
- * allowlisted Google account, the overlay stays put; once allowlisted,
- * it removes itself and the embed's auto-scan reaches the rendered
- * SVG underneath. The host page is told nothing — the gate is purely
- * client-side, opaque to the embedder.
- *
- * See specs/embed.md § Bootstrap status (dev auth gate) and
- * the infrastructure deploy runbook § 4 for the deploy-side wiring.
- */
-import { initializeApp } from 'firebase/app';
-import { GoogleAuthProvider, getAuth, onAuthStateChanged, signInWithPopup, signOut, } from 'firebase/auth';
-import { isAllowlisted } from './allowlist.js';
-const config = {
-    apiKey: typeof __NOWLINE_FIREBASE_API_KEY__ !== 'undefined' ? __NOWLINE_FIREBASE_API_KEY__ : '',
-    authDomain: typeof __NOWLINE_FIREBASE_AUTH_DOMAIN__ !== 'undefined'
-        ? __NOWLINE_FIREBASE_AUTH_DOMAIN__
-        : '',
-    projectId: typeof __NOWLINE_FIREBASE_PROJECT_ID__ !== 'undefined'
-        ? __NOWLINE_FIREBASE_PROJECT_ID__
-        : '',
-    appId: typeof __NOWLINE_FIREBASE_APP_ID__ !== 'undefined' ? __NOWLINE_FIREBASE_APP_ID__ : '',
-};
-const OVERLAY_ID = 'nowline-embed-dev-auth-overlay';
-let app = null;
-let auth = null;
-function getOrCreateOverlay() {
-    let overlay = document.getElementById(OVERLAY_ID);
-    if (overlay)
-        return overlay;
-    overlay = document.createElement('div');
-    overlay.id = OVERLAY_ID;
-    overlay.setAttribute('role', 'dialog');
-    overlay.setAttribute('aria-modal', 'true');
-    overlay.setAttribute('aria-label', 'Internal preview sign-in');
-    overlay.style.cssText = [
-        'position: fixed',
-        'inset: 0',
-        'z-index: 2147483647',
-        'background-color: #ffffff',
-        'color: #1a1a2e',
-        'display: flex',
-        'align-items: center',
-        'justify-content: center',
-        'padding: 1.5rem',
-        'font-family: system-ui, -apple-system, "Segoe UI", sans-serif',
-    ].join(';');
-    document.body.appendChild(overlay);
-    return overlay;
-}
-function removeOverlay() {
-    const overlay = document.getElementById(OVERLAY_ID);
-    overlay?.remove();
-}
-function renderSignIn(overlay, onClick) {
-    overlay.innerHTML = `
-        <div style="max-width: 28rem; text-align: center;">
-            <div style="font-size: 0.75rem; letter-spacing: 0.08em; text-transform: uppercase; color: #5a5a6a; margin-bottom: 0.75rem;">embed.nowline.dev &mdash; internal preview</div>
-            <h1 style="font-size: 1.875rem; font-weight: 700; margin: 0 0 0.75rem;">Sign in to continue</h1>
-            <p style="margin: 0 0 1.5rem; color: #5a5a6a;">Access is limited to allowlisted Lolay accounts. Production embed is at <a href="https://embed.nowline.io" style="color: #1a4ed8;">embed.nowline.io</a>.</p>
-            <button type="button" id="nowline-embed-dev-signin-btn" style="display: inline-block; padding: 0.75rem 1.5rem; border-radius: 8px; background-color: #e53e3e; color: #ffffff; font-weight: 700; border: 1px solid transparent; cursor: pointer; font-size: 1rem;">Sign in with Google</button>
-        </div>
-    `;
-    const btn = overlay.querySelector('#nowline-embed-dev-signin-btn');
-    btn?.addEventListener('click', onClick);
-}
-function renderDenied(overlay, email, onSignOut) {
-    overlay.innerHTML = `
-        <div style="max-width: 28rem; text-align: center;">
-            <div style="font-size: 0.75rem; letter-spacing: 0.08em; text-transform: uppercase; color: #5a5a6a; margin-bottom: 0.75rem;">embed.nowline.dev &mdash; internal preview</div>
-            <h1 style="font-size: 1.875rem; font-weight: 700; margin: 0 0 0.75rem;">Access denied</h1>
-            <p style="margin: 0 0 1.5rem; color: #5a5a6a;">${escapeHtml(email)} is not on the allowlist for this preview environment. Production embed is publicly available at <a href="https://embed.nowline.io" style="color: #1a4ed8;">embed.nowline.io</a>.</p>
-            <button type="button" id="nowline-embed-dev-signout-btn" style="display: inline-block; padding: 0.75rem 1.5rem; border-radius: 8px; background-color: transparent; color: #1a1a2e; font-weight: 700; border: 1px solid #c0c0c0; cursor: pointer; font-size: 1rem;">Sign out</button>
-        </div>
-    `;
-    const btn = overlay.querySelector('#nowline-embed-dev-signout-btn');
-    btn?.addEventListener('click', onSignOut);
-}
-function escapeHtml(value) {
-    return value
-        .replace(/&/g, '&amp;')
-        .replace(/</g, '&lt;')
-        .replace(/>/g, '&gt;')
-        .replace(/"/g, '&quot;')
-        .replace(/'/g, '&#39;');
-}
-export function startDevAuthGate() {
-    if (typeof window === 'undefined' || typeof document === 'undefined')
-        return;
-    if (!config.apiKey || !config.authDomain || !config.projectId || !config.appId) {
-        // No firebase config baked in. Likely a local `pnpm bundle` without
-        // PUBLIC_FIREBASE_* exported (CI deploys always set them). Skip the
-        // overlay rather than render an unrecoverable dialog so devs aren't
-        // locked out of their own local builds.
-        console.warn('[nowline-embed-dev-auth-gate] Missing PUBLIC_FIREBASE_* env vars at build time; gate is disabled. Configure them in .github/workflows/embed-cdn.yml or your local environment to enable.');
-        return;
-    }
-    // Create the overlay up front so it covers content while Firebase
-    // initialises; subsequent renders call getOrCreateOverlay() again
-    // to find the same element.
-    getOrCreateOverlay();
-    app ??= initializeApp(config);
-    auth ??= getAuth(app);
-    const provider = new GoogleAuthProvider();
-    const handleSignIn = () => {
-        void (async () => {
-            try {
-                await signInWithPopup(auth, provider);
-            }
-            catch (err) {
-                console.error('[nowline-embed-dev-auth-gate] Sign-in failed:', err);
-            }
-        })();
-    };
-    const handleSignOut = () => {
-        void (async () => {
-            try {
-                await signOut(auth);
-            }
-            catch (err) {
-                console.error('[nowline-embed-dev-auth-gate] Sign-out failed:', err);
-            }
-        })();
-    };
-    onAuthStateChanged(auth, (user) => {
-        if (!user) {
-            renderSignIn(getOrCreateOverlay(), handleSignIn);
-            return;
-        }
-        if (!isAllowlisted(user.email)) {
-            renderDenied(getOrCreateOverlay(), user.email ?? 'unknown', handleSignOut);
-            return;
-        }
-        removeOverlay();
-    });
-}
-//# sourceMappingURL=firebase-auth.client.js.map

package/dist/auth/firebase-auth.client.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"firebase-auth.client.js","sourceRoot":"","sources":["../../src/auth/firebase-auth.client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAoB,aAAa,EAAE,MAAM,cAAc,CAAC;AAC/D,OAAO,EAEH,kBAAkB,EAClB,OAAO,EACP,kBAAkB,EAClB,eAAe,EACf,OAAO,GAEV,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAU/C,MAAM,MAAM,GAAG;IACX,MAAM,EAAE,OAAO,4BAA4B,KAAK,WAAW,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,EAAE;IAC/F,UAAU,EACN,OAAO,gCAAgC,KAAK,WAAW;QACnD,CAAC,CAAC,gCAAgC;QAClC,CAAC,CAAC,EAAE;IACZ,SAAS,EACL,OAAO,+BAA+B,KAAK,WAAW;QAClD,CAAC,CAAC,+BAA+B;QACjC,CAAC,CAAC,EAAE;IACZ,KAAK,EAAE,OAAO,2BAA2B,KAAK,WAAW,CAAC,CAAC,CAAC,2BAA2B,CAAC,CAAC,CAAC,EAAE;CAC/F,CAAC;AAEF,MAAM,UAAU,GAAG,gCAAgC,CAAC;AAEpD,IAAI,GAAG,GAAuB,IAAI,CAAC;AACnC,IAAI,IAAI,GAAgB,IAAI,CAAC;AAE7B,SAAS,kBAAkB;IACvB,IAAI,OAAO,GAAG,QAAQ,CAAC,cAAc,CAAC,UAAU,CAA0B,CAAC;IAC3E,IAAI,OAAO;QAAE,OAAO,OAAO,CAAC;IAE5B,OAAO,GAAG,QAAQ,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;IACxC,OAAO,CAAC,EAAE,GAAG,UAAU,CAAC;IACxB,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvC,OAAO,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC3C,OAAO,CAAC,YAAY,CAAC,YAAY,EAAE,0BAA0B,CAAC,CAAC;IAC/D,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG;QACpB,iBAAiB;QACjB,UAAU;QACV,qBAAqB;QACrB,2BAA2B;QAC3B,gBAAgB;QAChB,eAAe;QACf,qBAAqB;QACrB,yBAAyB;QACzB,iBAAiB;QACjB,+DAA+D;KAClE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACZ,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACnC,OAAO,OAAO,CAAC;AACnB,CAAC;AAED,SAAS,aAAa;IAClB,MAAM,OAAO,GAAG,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IACpD,OAAO,EAAE,MAAM,EAAE,CAAC;AACtB,CAAC;AAED,SAAS,YAAY,CAAC,OAAuB,EAAE,OAAmB;IAC9D,OAAO,CAAC,SAAS,GAAG;;;;;;;KAOnB,CAAC;IACF,MAAM,GAAG,GAAG,OAAO,CAAC,aAAa,CAAoB,+BAA+B,CAAC,CAAC;IACtF,GAAG,EAAE,gBAAgB,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,YAAY,CAAC,OAAuB,EAAE,KAAa,EAAE,SAAqB;IAC/E,OAAO,CAAC,SAAS,GAAG;;;;6DAIqC,UAAU,CAAC,KAAK,CAAC;;;KAGzE,CAAC;IACF,MAAM,GAAG,GAAG,OAAO,CAAC,aAAa,CAAoB,gCAAgC,CAAC,CAAC;IACvF,GAAG,EAAE,gBAAgB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC7B,OAAO,KAAK;SACP,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;SACvB,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAChC,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC5B,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,QAAQ,KAAK,WAAW;QAAE,OAAO;IAC7E,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAC7E,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,wCAAwC;QACxC,OAAO,CAAC,IAAI,CACR,0LAA0L,CAC7L,CAAC;QACF,OAAO;IACX,CAAC;IAED,kEAAkE;IAClE,kEAAkE;IAClE,4BAA4B;IAC5B,kBAAkB,EAAE,CAAC;IAErB,GAAG,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC;IAC9B,IAAI,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;IAEtB,MAAM,QAAQ,GAAG,IAAI,kBAAkB,EAAE,CAAC;IAE1C,MAAM,YAAY,GAAG,GAAS,EAAE;QAC5B,KAAK,CAAC,KAAK,IAAI,EAAE;YACb,IAAI,CAAC;gBACD,MAAM,eAAe,CAAC,IAAY,EAAE,QAAQ,CAAC,CAAC;YAClD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,OAAO,CAAC,KAAK,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;YACxE,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;IACT,CAAC,CAAC;IAEF,MAAM,aAAa,GAAG,GAAS,EAAE;QAC7B,KAAK,CAAC,KAAK,IAAI,EAAE;YACb,IAAI,CAAC;gBACD,MAAM,OAAO,CAAC,IAAY,CAAC,CAAC;YAChC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACX,OAAO,CAAC,KAAK,CAAC,gDAAgD,EAAE,GAAG,CAAC,CAAC;YACzE,CAAC;QACL,CAAC,CAAC,EAAE,CAAC;IACT,CAAC,CAAC;IAEF,kBAAkB,CAAC,IAAY,EAAE,CAAC,IAAiB,EAAE,EAAE;QACnD,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,YAAY,CAAC,kBAAkB,EAAE,EAAE,YAAY,CAAC,CAAC;YACjD,OAAO;QACX,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7B,YAAY,CAAC,kBAAkB,EAAE,EAAE,IAAI,CAAC,KAAK,IAAI,SAAS,EAAE,aAAa,CAAC,CAAC;YAC3E,OAAO;QACX,CAAC;QACD,aAAa,EAAE,CAAC;IACpB,CAAC,CAAC,CAAC;AACP,CAAC"}

package/src/auth/allowlist.ts

@@ -1,32 +0,0 @@
-/**
- * Allowlist for the dev embed bundle's Firebase Auth gate.
- *
- * An email is allowlisted if either:
- *   1. Its domain is in ALLOWED_DOMAINS (e.g. anything @nowline.io), OR
- *   2. The exact lowercase email is in ALLOWED_EMAILS.
- *
- * Mirrors the commercial site's `auth-allowlist.ts` so both Lolay
- * dev surfaces (the marketing site and the embed CDN dev tier) share
- * one allowlist policy. Keep this short; when it grows past ~5 entries,
- * migrate to Firebase custom claims (Admin SDK) or a Firestore
- * `allowlist` collection.
- *
- * See specs/embed.md § Bootstrap status (dev auth gate) and
- * the infrastructure deploy runbook § 4 for the deploy-side wiring.
- */
-
-export const ALLOWED_DOMAINS: readonly string[] = ['nowline.io'];
-
-export const ALLOWED_EMAILS: readonly string[] = [
-    // Add additional allowlisted Google account emails here, one per line.
-];
-
-export function isAllowlisted(email: string | null | undefined): boolean {
-    if (!email) return false;
-    const normalized = email.trim().toLowerCase();
-    if (ALLOWED_EMAILS.includes(normalized)) return true;
-    const at = normalized.lastIndexOf('@');
-    if (at === -1) return false;
-    const domain = normalized.slice(at + 1);
-    return ALLOWED_DOMAINS.includes(domain);
-}

package/src/auth/env.ts

@@ -1,37 +0,0 @@
-/**
- * Build-time environment helpers for `@nowline/embed`.
- *
- * `__NOWLINE_EMBED_ENV__` is substituted at bundle time by esbuild's
- * `define` (see `packages/embed/scripts/bundle.mjs`). The substitution
- * lets the prod minified bundle dead-code-eliminate the dev auth gate
- * and its Firebase imports — when the constant folds to the literal
- * string `"prod"`, every `IS_DEV` branch becomes `false` and esbuild's
- * minifier strips the dynamic-import site that pulls in `firebase/app`
- * + `firebase/auth`.
- *
- * The `typeof` guards keep this module safe to import under vitest,
- * where esbuild's define never runs and the identifier is undeclared.
- */
-
-declare const __NOWLINE_EMBED_ENV__: string;
-declare const __NOWLINE_EMBED_VERSION__: string;
-declare const __NOWLINE_EMBED_SHA__: string;
-
-export type EmbedEnv = 'dev' | 'prod';
-
-export const EMBED_ENV: EmbedEnv =
-    typeof __NOWLINE_EMBED_ENV__ !== 'undefined' && __NOWLINE_EMBED_ENV__ === 'dev'
-        ? 'dev'
-        : 'prod';
-
-export const IS_DEV: boolean = EMBED_ENV === 'dev';
-export const IS_PROD: boolean = EMBED_ENV === 'prod';
-
-export const EMBED_VERSION: string =
-    typeof __NOWLINE_EMBED_VERSION__ !== 'undefined' ? __NOWLINE_EMBED_VERSION__ : '0.0.0';
-
-export const EMBED_SHA: string =
-    typeof __NOWLINE_EMBED_SHA__ !== 'undefined' ? __NOWLINE_EMBED_SHA__ : 'unknown';
-
-export const PROD_ORIGIN = 'https://embed.nowline.io';
-export const DEV_ORIGIN = 'https://embed.nowline.dev';