@open-mercato/core 0.6.6-develop.5651.1.c43359070c → 0.6.6-develop.5672.1.11e27afad2

package/dist/helpers/integration/optimisticLockUi.js

@@ -65,12 +65,12 @@ async function expectConflictBody(response) {
   expect(body.code, "body.code should be the optimistic-lock conflict code").toBe(OPTIMISTIC_LOCK_CONFLICT_CODE);
   return body;
 }
-async function expectConflictBanner(page) {
+async function expectConflictBanner(page, options) {
   const conflictSurface = page.getByTestId(CONFLICT_BANNER_TESTID).or(page.getByTestId(CONFLICT_DIALOG_TESTID));
   await expect(
     conflictSurface.first(),
     "a conflict surface (OSS bar or record_locks dialog) should appear after a stale save"
-  ).toBeVisible({ timeout: 1e4 });
+  ).toBeVisible({ timeout: options?.timeout ?? 1e4 });
 }
 async function expectNoConflictBanner(page) {
   await expect(

package/dist/helpers/integration/optimisticLockUi.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../src/helpers/integration/optimisticLockUi.ts"],
-  "sourcesContent": ["import { expect, type APIRequestContext, type Page } from '@playwright/test'\nimport {\n  OPTIMISTIC_LOCK_HEADER_NAME,\n  OPTIMISTIC_LOCK_CONFLICT_CODE,\n} from '@open-mercato/shared/lib/crud/optimistic-lock-headers'\n\n/**\n * Shared helpers for the browser-driven optimistic-lock specs\n * (`TC-LOCK-OSS-014..046`). They make the conflict deterministic without two\n * real tabs or sleeps: the spec loads an edit page in the browser (the form\n * captures the record's `updated_at`), then advances `updated_at` out-of-band\n * via a header-less API PUT (additive path, always succeeds), and finally edits\n * + saves in the browser so the now-stale header triggers the 409 \u2192 conflict bar.\n *\n * See `packages/core/src/modules/sales/__integration__/__concurrent_edit_pattern.md`\n * and the conflict bar component\n * `packages/ui/src/backend/conflicts/RecordConflictBanner.tsx`\n * (`data-testid=\"record-conflict-banner\"`).\n */\n\nconst BASE_URL = process.env.BASE_URL?.trim() || ''\n\nexport function resolveApiUrl(path: string): string {\n  return BASE_URL ? `${BASE_URL}${path}` : path\n}\n\nexport const CONFLICT_BANNER_TESTID = 'record-conflict-banner'\n\n/**\n * The enterprise `record_locks` module (enabled in CI via\n * `OM_ENABLE_ENTERPRISE_MODULES=true`) supersedes the OSS banner with a richer\n * \"Conflict detected\" resolution dialog. Both are valid surfaces for \"the stale\n * write was refused\": on a CrudForm edit page either one can win depending on\n * whether the record_locks incoming-changes SSE (fired by the out-of-band bump)\n * is processed before the browser's stale save reaches the server. Asserting one\n * fixed surface is therefore racy; we wait for whichever conflict surface appears.\n * (List-delete / non-form flows have no record_locks lock and only ever surface\n * the OSS banner, so matching either surface is safe there too.)\n */\nexport const CONFLICT_DIALOG_TESTID = 'record-lock-conflict-dialog'\n\nfunction authHeaders(token: string, lockValue?: string): Record<string, string> {\n  const headers: Record<string, string> = {\n    Authorization: `Bearer ${token}`,\n    'Content-Type': 'application/json',\n  }\n  if (lockValue !== undefined) headers[OPTIMISTIC_LOCK_HEADER_NAME] = lockValue\n  return headers\n}\n\n/**\n * Read a record's current `updated_at` from a list-shaped CRUD GET\n * (`GET <basePath>?id=<id>` \u2192 `items[0].updated_at`), normalized to ISO.\n * Works for the `makeCrudRoute` list responses (snake or camel case).\n */\nexport async function readUpdatedAt(\n  request: APIRequestContext,\n  token: string,\n  basePath: string,\n  id: string,\n  idParam = 'id',\n): Promise<string> {\n  const response = await request.fetch(\n    resolveApiUrl(`${basePath}?${idParam}=${encodeURIComponent(id)}`),\n    { method: 'GET', headers: authHeaders(token) },\n  )\n  expect(response.status(), `GET ${basePath}?${idParam}=... should be 200`).toBe(200)\n  const body = (await response.json()) as\n    | { items?: Array<Record<string, unknown>> }\n    | Record<string, unknown>\n  const item = Array.isArray((body as { items?: unknown[] }).items)\n    ? (body as { items: Array<Record<string, unknown>> }).items[0]\n    : (body as Record<string, unknown>)\n  expect(item, `response should include the record for id=${id}`).toBeTruthy()\n  const raw = (item?.updated_at ?? item?.updatedAt) as string | undefined\n  expect(typeof raw, `record should expose updated_at, got ${String(raw)}`).toBe('string')\n  const ms = Date.parse(raw as string)\n  expect(Number.isFinite(ms), `updated_at should parse, got ${String(raw)}`).toBe(true)\n  return new Date(ms).toISOString()\n}\n\n/**\n * Advance a record's `updated_at` out-of-band so the browser's loaded form now\n * holds a stale token. Uses a **header-less** PUT (the strictly-additive path\n * always succeeds and bumps `updated_at`). Returns the new ISO `updated_at`.\n */\nexport async function bumpRecordViaApi(\n  request: APIRequestContext,\n  token: string,\n  basePath: string,\n  putBody: Record<string, unknown>,\n  opts: { idParam?: string; method?: 'PUT' | 'PATCH' } = {},\n): Promise<string | null> {\n  const response = await request.fetch(resolveApiUrl(basePath), {\n    method: opts.method ?? 'PUT',\n    headers: authHeaders(token),\n    data: putBody,\n  })\n  expect(\n    response.status(),\n    `out-of-band ${opts.method ?? 'PUT'} ${basePath} should succeed (additive path), got ${response.status()}`,\n  ).toBeLessThan(300)\n  const id = putBody[opts.idParam ?? 'id']\n  if (typeof id === 'string') {\n    try {\n      return await readUpdatedAt(request, token, basePath, id, opts.idParam)\n    } catch {\n      return null\n    }\n  }\n  return null\n}\n\n/** Direct API helpers to assert the 409 contract body (used by the negative/UX specs). */\nexport async function putWithLock(\n  request: APIRequestContext,\n  token: string,\n  basePath: string,\n  body: Record<string, unknown>,\n  lockValue: string,\n) {\n  return request.fetch(resolveApiUrl(basePath), {\n    method: 'PUT',\n    headers: authHeaders(token, lockValue),\n    data: body,\n  })\n}\n\nexport async function expectConflictBody(response: { status(): number; json(): Promise<unknown> }) {\n  expect(response.status(), 'stale write should be 409').toBe(409)\n  const body = (await response.json()) as { code?: string; currentUpdatedAt?: string; expectedUpdatedAt?: string }\n  expect(body.code, 'body.code should be the optimistic-lock conflict code').toBe(OPTIMISTIC_LOCK_CONFLICT_CODE)\n  return body\n}\n\n/**\n * Assert a stale save was refused and surfaced as a conflict. Matches EITHER the\n * OSS `record-conflict-banner` OR the enterprise record_locks \"Conflict detected\"\n * dialog \u2014 see `CONFLICT_DIALOG_TESTID` for why both are valid and why pinning one\n * is racy when enterprise modules are enabled.\n */\nexport async function expectConflictBanner(page: Page): Promise<void> {\n  const conflictSurface = page\n    .getByTestId(CONFLICT_BANNER_TESTID)\n    .or(page.getByTestId(CONFLICT_DIALOG_TESTID))\n  await expect(\n    conflictSurface.first(),\n    'a conflict surface (OSS bar or record_locks dialog) should appear after a stale save',\n  ).toBeVisible({ timeout: 10_000 })\n}\n\n/** Assert no conflict surface is present (a clean single-tab save must not 409). */\nexport async function expectNoConflictBanner(page: Page): Promise<void> {\n  await expect(\n    page.getByTestId(CONFLICT_BANNER_TESTID),\n    'a clean save must not surface a false-positive conflict bar',\n  ).toHaveCount(0)\n  await expect(\n    page.getByTestId(CONFLICT_DIALOG_TESTID),\n    'a clean save must not surface a false-positive conflict dialog',\n  ).toHaveCount(0)\n}\n\n/** Click the conflict bar's Refresh button. */\nexport async function clickConflictRefresh(page: Page): Promise<void> {\n  await page.getByTestId(CONFLICT_BANNER_TESTID).getByRole('button', { name: /refresh/i }).click()\n}\n\n/** Dismiss the conflict bar via its close (X) button. */\nexport async function dismissConflictBanner(page: Page): Promise<void> {\n  await page.getByTestId(CONFLICT_BANNER_TESTID).getByRole('button', { name: /dismiss/i }).click()\n}\n"],
-  "mappings": "AAAA,SAAS,cAAiD;AAC1D;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAgBP,MAAM,WAAW,QAAQ,IAAI,UAAU,KAAK,KAAK;AAE1C,SAAS,cAAc,MAAsB;AAClD,SAAO,WAAW,GAAG,QAAQ,GAAG,IAAI,KAAK;AAC3C;AAEO,MAAM,yBAAyB;AAa/B,MAAM,yBAAyB;AAEtC,SAAS,YAAY,OAAe,WAA4C;AAC9E,QAAM,UAAkC;AAAA,IACtC,eAAe,UAAU,KAAK;AAAA,IAC9B,gBAAgB;AAAA,EAClB;AACA,MAAI,cAAc,OAAW,SAAQ,2BAA2B,IAAI;AACpE,SAAO;AACT;AAOA,eAAsB,cACpB,SACA,OACA,UACA,IACA,UAAU,MACO;AACjB,QAAM,WAAW,MAAM,QAAQ;AAAA,IAC7B,cAAc,GAAG,QAAQ,IAAI,OAAO,IAAI,mBAAmB,EAAE,CAAC,EAAE;AAAA,IAChE,EAAE,QAAQ,OAAO,SAAS,YAAY,KAAK,EAAE;AAAA,EAC/C;AACA,SAAO,SAAS,OAAO,GAAG,OAAO,QAAQ,IAAI,OAAO,oBAAoB,EAAE,KAAK,GAAG;AAClF,QAAM,OAAQ,MAAM,SAAS,KAAK;AAGlC,QAAM,OAAO,MAAM,QAAS,KAA+B,KAAK,IAC3D,KAAmD,MAAM,CAAC,IAC1D;AACL,SAAO,MAAM,6CAA6C,EAAE,EAAE,EAAE,WAAW;AAC3E,QAAM,MAAO,MAAM,cAAc,MAAM;AACvC,SAAO,OAAO,KAAK,wCAAwC,OAAO,GAAG,CAAC,EAAE,EAAE,KAAK,QAAQ;AACvF,QAAM,KAAK,KAAK,MAAM,GAAa;AACnC,SAAO,OAAO,SAAS,EAAE,GAAG,gCAAgC,OAAO,GAAG,CAAC,EAAE,EAAE,KAAK,IAAI;AACpF,SAAO,IAAI,KAAK,EAAE,EAAE,YAAY;AAClC;AAOA,eAAsB,iBACpB,SACA,OACA,UACA,SACA,OAAuD,CAAC,GAChC;AACxB,QAAM,WAAW,MAAM,QAAQ,MAAM,cAAc,QAAQ,GAAG;AAAA,IAC5D,QAAQ,KAAK,UAAU;AAAA,IACvB,SAAS,YAAY,KAAK;AAAA,IAC1B,MAAM;AAAA,EACR,CAAC;AACD;AAAA,IACE,SAAS,OAAO;AAAA,IAChB,eAAe,KAAK,UAAU,KAAK,IAAI,QAAQ,wCAAwC,SAAS,OAAO,CAAC;AAAA,EAC1G,EAAE,aAAa,GAAG;AAClB,QAAM,KAAK,QAAQ,KAAK,WAAW,IAAI;AACvC,MAAI,OAAO,OAAO,UAAU;AAC1B,QAAI;AACF,aAAO,MAAM,cAAc,SAAS,OAAO,UAAU,IAAI,KAAK,OAAO;AAAA,IACvE,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAGA,eAAsB,YACpB,SACA,OACA,UACA,MACA,WACA;AACA,SAAO,QAAQ,MAAM,cAAc,QAAQ,GAAG;AAAA,IAC5C,QAAQ;AAAA,IACR,SAAS,YAAY,OAAO,SAAS;AAAA,IACrC,MAAM;AAAA,EACR,CAAC;AACH;AAEA,eAAsB,mBAAmB,UAA0D;AACjG,SAAO,SAAS,OAAO,GAAG,2BAA2B,EAAE,KAAK,GAAG;AAC/D,QAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,SAAO,KAAK,MAAM,uDAAuD,EAAE,KAAK,6BAA6B;AAC7G,SAAO;AACT;AAQA,eAAsB,qBAAqB,MAA2B;AACpE,QAAM,kBAAkB,KACrB,YAAY,sBAAsB,EAClC,GAAG,KAAK,YAAY,sBAAsB,CAAC;AAC9C,QAAM;AAAA,IACJ,gBAAgB,MAAM;AAAA,IACtB;AAAA,EACF,EAAE,YAAY,EAAE,SAAS,IAAO,CAAC;AACnC;AAGA,eAAsB,uBAAuB,MAA2B;AACtE,QAAM;AAAA,IACJ,KAAK,YAAY,sBAAsB;AAAA,IACvC;AAAA,EACF,EAAE,YAAY,CAAC;AACf,QAAM;AAAA,IACJ,KAAK,YAAY,sBAAsB;AAAA,IACvC;AAAA,EACF,EAAE,YAAY,CAAC;AACjB;AAGA,eAAsB,qBAAqB,MAA2B;AACpE,QAAM,KAAK,YAAY,sBAAsB,EAAE,UAAU,UAAU,EAAE,MAAM,WAAW,CAAC,EAAE,MAAM;AACjG;AAGA,eAAsB,sBAAsB,MAA2B;AACrE,QAAM,KAAK,YAAY,sBAAsB,EAAE,UAAU,UAAU,EAAE,MAAM,WAAW,CAAC,EAAE,MAAM;AACjG;",
+  "sourcesContent": ["import { expect, type APIRequestContext, type Page } from '@playwright/test'\nimport {\n  OPTIMISTIC_LOCK_HEADER_NAME,\n  OPTIMISTIC_LOCK_CONFLICT_CODE,\n} from '@open-mercato/shared/lib/crud/optimistic-lock-headers'\n\n/**\n * Shared helpers for the browser-driven optimistic-lock specs\n * (`TC-LOCK-OSS-014..046`). They make the conflict deterministic without two\n * real tabs or sleeps: the spec loads an edit page in the browser (the form\n * captures the record's `updated_at`), then advances `updated_at` out-of-band\n * via a header-less API PUT (additive path, always succeeds), and finally edits\n * + saves in the browser so the now-stale header triggers the 409 \u2192 conflict bar.\n *\n * See `packages/core/src/modules/sales/__integration__/__concurrent_edit_pattern.md`\n * and the conflict bar component\n * `packages/ui/src/backend/conflicts/RecordConflictBanner.tsx`\n * (`data-testid=\"record-conflict-banner\"`).\n */\n\nconst BASE_URL = process.env.BASE_URL?.trim() || ''\n\nexport function resolveApiUrl(path: string): string {\n  return BASE_URL ? `${BASE_URL}${path}` : path\n}\n\nexport const CONFLICT_BANNER_TESTID = 'record-conflict-banner'\n\n/**\n * The enterprise `record_locks` module (enabled in CI via\n * `OM_ENABLE_ENTERPRISE_MODULES=true`) supersedes the OSS banner with a richer\n * \"Conflict detected\" resolution dialog. Both are valid surfaces for \"the stale\n * write was refused\": on a CrudForm edit page either one can win depending on\n * whether the record_locks incoming-changes SSE (fired by the out-of-band bump)\n * is processed before the browser's stale save reaches the server. Asserting one\n * fixed surface is therefore racy; we wait for whichever conflict surface appears.\n * (List-delete / non-form flows have no record_locks lock and only ever surface\n * the OSS banner, so matching either surface is safe there too.)\n */\nexport const CONFLICT_DIALOG_TESTID = 'record-lock-conflict-dialog'\n\nfunction authHeaders(token: string, lockValue?: string): Record<string, string> {\n  const headers: Record<string, string> = {\n    Authorization: `Bearer ${token}`,\n    'Content-Type': 'application/json',\n  }\n  if (lockValue !== undefined) headers[OPTIMISTIC_LOCK_HEADER_NAME] = lockValue\n  return headers\n}\n\n/**\n * Read a record's current `updated_at` from a list-shaped CRUD GET\n * (`GET <basePath>?id=<id>` \u2192 `items[0].updated_at`), normalized to ISO.\n * Works for the `makeCrudRoute` list responses (snake or camel case).\n */\nexport async function readUpdatedAt(\n  request: APIRequestContext,\n  token: string,\n  basePath: string,\n  id: string,\n  idParam = 'id',\n): Promise<string> {\n  const response = await request.fetch(\n    resolveApiUrl(`${basePath}?${idParam}=${encodeURIComponent(id)}`),\n    { method: 'GET', headers: authHeaders(token) },\n  )\n  expect(response.status(), `GET ${basePath}?${idParam}=... should be 200`).toBe(200)\n  const body = (await response.json()) as\n    | { items?: Array<Record<string, unknown>> }\n    | Record<string, unknown>\n  const item = Array.isArray((body as { items?: unknown[] }).items)\n    ? (body as { items: Array<Record<string, unknown>> }).items[0]\n    : (body as Record<string, unknown>)\n  expect(item, `response should include the record for id=${id}`).toBeTruthy()\n  const raw = (item?.updated_at ?? item?.updatedAt) as string | undefined\n  expect(typeof raw, `record should expose updated_at, got ${String(raw)}`).toBe('string')\n  const ms = Date.parse(raw as string)\n  expect(Number.isFinite(ms), `updated_at should parse, got ${String(raw)}`).toBe(true)\n  return new Date(ms).toISOString()\n}\n\n/**\n * Advance a record's `updated_at` out-of-band so the browser's loaded form now\n * holds a stale token. Uses a **header-less** PUT (the strictly-additive path\n * always succeeds and bumps `updated_at`). Returns the new ISO `updated_at`.\n */\nexport async function bumpRecordViaApi(\n  request: APIRequestContext,\n  token: string,\n  basePath: string,\n  putBody: Record<string, unknown>,\n  opts: { idParam?: string; method?: 'PUT' | 'PATCH' } = {},\n): Promise<string | null> {\n  const response = await request.fetch(resolveApiUrl(basePath), {\n    method: opts.method ?? 'PUT',\n    headers: authHeaders(token),\n    data: putBody,\n  })\n  expect(\n    response.status(),\n    `out-of-band ${opts.method ?? 'PUT'} ${basePath} should succeed (additive path), got ${response.status()}`,\n  ).toBeLessThan(300)\n  const id = putBody[opts.idParam ?? 'id']\n  if (typeof id === 'string') {\n    try {\n      return await readUpdatedAt(request, token, basePath, id, opts.idParam)\n    } catch {\n      return null\n    }\n  }\n  return null\n}\n\n/** Direct API helpers to assert the 409 contract body (used by the negative/UX specs). */\nexport async function putWithLock(\n  request: APIRequestContext,\n  token: string,\n  basePath: string,\n  body: Record<string, unknown>,\n  lockValue: string,\n) {\n  return request.fetch(resolveApiUrl(basePath), {\n    method: 'PUT',\n    headers: authHeaders(token, lockValue),\n    data: body,\n  })\n}\n\nexport async function expectConflictBody(response: { status(): number; json(): Promise<unknown> }) {\n  expect(response.status(), 'stale write should be 409').toBe(409)\n  const body = (await response.json()) as { code?: string; currentUpdatedAt?: string; expectedUpdatedAt?: string }\n  expect(body.code, 'body.code should be the optimistic-lock conflict code').toBe(OPTIMISTIC_LOCK_CONFLICT_CODE)\n  return body\n}\n\n/**\n * Assert a stale save was refused and surfaced as a conflict. Matches EITHER the\n * OSS `record-conflict-banner` OR the enterprise record_locks \"Conflict detected\"\n * dialog \u2014 see `CONFLICT_DIALOG_TESTID` for why both are valid and why pinning one\n * is racy when enterprise modules are enabled.\n */\nexport async function expectConflictBanner(\n  page: Page,\n  options?: { timeout?: number },\n): Promise<void> {\n  const conflictSurface = page\n    .getByTestId(CONFLICT_BANNER_TESTID)\n    .or(page.getByTestId(CONFLICT_DIALOG_TESTID))\n  await expect(\n    conflictSurface.first(),\n    'a conflict surface (OSS bar or record_locks dialog) should appear after a stale save',\n  ).toBeVisible({ timeout: options?.timeout ?? 10_000 })\n}\n\n/** Assert no conflict surface is present (a clean single-tab save must not 409). */\nexport async function expectNoConflictBanner(page: Page): Promise<void> {\n  await expect(\n    page.getByTestId(CONFLICT_BANNER_TESTID),\n    'a clean save must not surface a false-positive conflict bar',\n  ).toHaveCount(0)\n  await expect(\n    page.getByTestId(CONFLICT_DIALOG_TESTID),\n    'a clean save must not surface a false-positive conflict dialog',\n  ).toHaveCount(0)\n}\n\n/** Click the conflict bar's Refresh button. */\nexport async function clickConflictRefresh(page: Page): Promise<void> {\n  await page.getByTestId(CONFLICT_BANNER_TESTID).getByRole('button', { name: /refresh/i }).click()\n}\n\n/** Dismiss the conflict bar via its close (X) button. */\nexport async function dismissConflictBanner(page: Page): Promise<void> {\n  await page.getByTestId(CONFLICT_BANNER_TESTID).getByRole('button', { name: /dismiss/i }).click()\n}\n"],
+  "mappings": "AAAA,SAAS,cAAiD;AAC1D;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAgBP,MAAM,WAAW,QAAQ,IAAI,UAAU,KAAK,KAAK;AAE1C,SAAS,cAAc,MAAsB;AAClD,SAAO,WAAW,GAAG,QAAQ,GAAG,IAAI,KAAK;AAC3C;AAEO,MAAM,yBAAyB;AAa/B,MAAM,yBAAyB;AAEtC,SAAS,YAAY,OAAe,WAA4C;AAC9E,QAAM,UAAkC;AAAA,IACtC,eAAe,UAAU,KAAK;AAAA,IAC9B,gBAAgB;AAAA,EAClB;AACA,MAAI,cAAc,OAAW,SAAQ,2BAA2B,IAAI;AACpE,SAAO;AACT;AAOA,eAAsB,cACpB,SACA,OACA,UACA,IACA,UAAU,MACO;AACjB,QAAM,WAAW,MAAM,QAAQ;AAAA,IAC7B,cAAc,GAAG,QAAQ,IAAI,OAAO,IAAI,mBAAmB,EAAE,CAAC,EAAE;AAAA,IAChE,EAAE,QAAQ,OAAO,SAAS,YAAY,KAAK,EAAE;AAAA,EAC/C;AACA,SAAO,SAAS,OAAO,GAAG,OAAO,QAAQ,IAAI,OAAO,oBAAoB,EAAE,KAAK,GAAG;AAClF,QAAM,OAAQ,MAAM,SAAS,KAAK;AAGlC,QAAM,OAAO,MAAM,QAAS,KAA+B,KAAK,IAC3D,KAAmD,MAAM,CAAC,IAC1D;AACL,SAAO,MAAM,6CAA6C,EAAE,EAAE,EAAE,WAAW;AAC3E,QAAM,MAAO,MAAM,cAAc,MAAM;AACvC,SAAO,OAAO,KAAK,wCAAwC,OAAO,GAAG,CAAC,EAAE,EAAE,KAAK,QAAQ;AACvF,QAAM,KAAK,KAAK,MAAM,GAAa;AACnC,SAAO,OAAO,SAAS,EAAE,GAAG,gCAAgC,OAAO,GAAG,CAAC,EAAE,EAAE,KAAK,IAAI;AACpF,SAAO,IAAI,KAAK,EAAE,EAAE,YAAY;AAClC;AAOA,eAAsB,iBACpB,SACA,OACA,UACA,SACA,OAAuD,CAAC,GAChC;AACxB,QAAM,WAAW,MAAM,QAAQ,MAAM,cAAc,QAAQ,GAAG;AAAA,IAC5D,QAAQ,KAAK,UAAU;AAAA,IACvB,SAAS,YAAY,KAAK;AAAA,IAC1B,MAAM;AAAA,EACR,CAAC;AACD;AAAA,IACE,SAAS,OAAO;AAAA,IAChB,eAAe,KAAK,UAAU,KAAK,IAAI,QAAQ,wCAAwC,SAAS,OAAO,CAAC;AAAA,EAC1G,EAAE,aAAa,GAAG;AAClB,QAAM,KAAK,QAAQ,KAAK,WAAW,IAAI;AACvC,MAAI,OAAO,OAAO,UAAU;AAC1B,QAAI;AACF,aAAO,MAAM,cAAc,SAAS,OAAO,UAAU,IAAI,KAAK,OAAO;AAAA,IACvE,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAGA,eAAsB,YACpB,SACA,OACA,UACA,MACA,WACA;AACA,SAAO,QAAQ,MAAM,cAAc,QAAQ,GAAG;AAAA,IAC5C,QAAQ;AAAA,IACR,SAAS,YAAY,OAAO,SAAS;AAAA,IACrC,MAAM;AAAA,EACR,CAAC;AACH;AAEA,eAAsB,mBAAmB,UAA0D;AACjG,SAAO,SAAS,OAAO,GAAG,2BAA2B,EAAE,KAAK,GAAG;AAC/D,QAAM,OAAQ,MAAM,SAAS,KAAK;AAClC,SAAO,KAAK,MAAM,uDAAuD,EAAE,KAAK,6BAA6B;AAC7G,SAAO;AACT;AAQA,eAAsB,qBACpB,MACA,SACe;AACf,QAAM,kBAAkB,KACrB,YAAY,sBAAsB,EAClC,GAAG,KAAK,YAAY,sBAAsB,CAAC;AAC9C,QAAM;AAAA,IACJ,gBAAgB,MAAM;AAAA,IACtB;AAAA,EACF,EAAE,YAAY,EAAE,SAAS,SAAS,WAAW,IAAO,CAAC;AACvD;AAGA,eAAsB,uBAAuB,MAA2B;AACtE,QAAM;AAAA,IACJ,KAAK,YAAY,sBAAsB;AAAA,IACvC;AAAA,EACF,EAAE,YAAY,CAAC;AACf,QAAM;AAAA,IACJ,KAAK,YAAY,sBAAsB;AAAA,IACvC;AAAA,EACF,EAAE,YAAY,CAAC;AACjB;AAGA,eAAsB,qBAAqB,MAA2B;AACpE,QAAM,KAAK,YAAY,sBAAsB,EAAE,UAAU,UAAU,EAAE,MAAM,WAAW,CAAC,EAAE,MAAM;AACjG;AAGA,eAAsB,sBAAsB,MAA2B;AACrE,QAAM,KAAK,YAAY,sBAAsB,EAAE,UAAU,UAAU,EAAE,MAAM,WAAW,CAAC,EAAE,MAAM;AACjG;",
   "names": []
 }

package/dist/modules/auth/frontend/login.js

@@ -319,7 +319,7 @@ function LoginPage() {
           translate("auth.login.tenantClear", "Clear")
         ] })
       ] }) : tenantId ? /* @__PURE__ */ jsxs("div", { className: "rounded-md border border-emerald-200 bg-emerald-50 px-3 py-2 text-center text-xs text-emerald-900", children: [
-        /* @__PURE__ */ jsx("div", { className: "font-medium", children: tenantLoading ? translate("auth.login.tenantLoading", "Loading tenant details...") : translate("auth.login.tenantBanner", "You're logging in to {tenant} tenant.", {
+        /* @__PURE__ */ jsx("div", { className: "font-medium", children: tenantLoading ? translate("auth.login.tenantLoading", "Loading tenant details...") : translate("auth.login.tenantBanner", "You're logging in to {tenant}.", {
           tenant: tenantName || tenantId
         }) }),
         /* @__PURE__ */ jsxs(Button, { type: "button", variant: "outline", size: "sm", className: "mt-2 border-emerald-300 text-emerald-900", onClick: handleClearTenant, children: [

package/dist/modules/auth/frontend/login.js.map

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/auth/frontend/login.tsx"],
-  "sourcesContent": ["\"use client\"\nimport { useCallback, useEffect, useMemo, useState } from 'react'\nimport type { ReactNode } from 'react'\nimport Image from 'next/image'\nimport Link from 'next/link'\nimport { useRouter, useSearchParams } from 'next/navigation'\nimport { Card, CardContent, CardHeader, CardDescription } from '@open-mercato/ui/primitives/card'\nimport { Input } from '@open-mercato/ui/primitives/input'\nimport { EmailInput } from '@open-mercato/ui/primitives/email-input'\nimport { PasswordInput } from '@open-mercato/ui/primitives/password-input'\nimport { Label } from '@open-mercato/ui/primitives/label'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\nimport { translateWithFallback } from '@open-mercato/shared/lib/i18n/translate'\nimport { clearAllOperations } from '@open-mercato/ui/backend/operations/store'\nimport { notifyAuthIdentityChange } from '@open-mercato/ui/backend/AuthSessionGuard'\nimport { apiCall } from '@open-mercato/ui/backend/utils/apiCall'\nimport { X } from 'lucide-react'\nimport { Alert, AlertDescription } from '@open-mercato/ui/primitives/alert'\nimport { InjectionSpot } from '@open-mercato/ui/backend/injection/InjectionSpot'\nimport { useRegisteredComponent } from '@open-mercato/ui/backend/injection/useRegisteredComponent'\nimport type { AuthOverride, LoginFormWidgetContext } from './login-injection'\n\nconst loginTenantKey = 'om_login_tenant'\nconst loginTenantCookieMaxAge = 60 * 60 * 24 * 14\n\nfunction readTenantCookie() {\n  if (typeof document === 'undefined') return null\n  const entries = document.cookie.split(';')\n  for (const entry of entries) {\n    const [name, ...rest] = entry.trim().split('=')\n    if (name === loginTenantKey) return decodeURIComponent(rest.join('='))\n  }\n  return null\n}\n\nfunction setTenantCookie(value: string) {\n  if (typeof document === 'undefined') return\n  document.cookie = `${loginTenantKey}=${encodeURIComponent(value)}; path=/; max-age=${loginTenantCookieMaxAge}; samesite=lax`\n}\n\nfunction clearTenantCookie() {\n  if (typeof document === 'undefined') return\n  document.cookie = `${loginTenantKey}=; path=/; max-age=0; samesite=lax`\n}\n\nfunction extractErrorMessage(payload: unknown): string | null {\n  if (!payload) return null\n  if (typeof payload === 'string') return payload\n  if (Array.isArray(payload)) {\n    for (const entry of payload) {\n      const resolved = extractErrorMessage(entry)\n      if (resolved) return resolved\n    }\n    return null\n  }\n  if (typeof payload === 'object') {\n    const record = payload as Record<string, unknown>\n    const candidates: unknown[] = [\n      record.error,\n      record.message,\n      record.detail,\n      record.details,\n      record.description,\n    ]\n    for (const candidate of candidates) {\n      const resolved = extractErrorMessage(candidate)\n      if (resolved) return resolved\n    }\n  }\n  return null\n}\n\nfunction looksLikeJsonString(value: string): boolean {\n  const trimmed = value.trim()\n  return trimmed.startsWith('{') || trimmed.startsWith('[')\n}\n\ntype LoginResponseEventDetail = Record<string, unknown> | null\n\ntype LoginFormSectionProps = {\n  children: ReactNode\n}\n\nfunction LoginFormSectionDefault({ children }: LoginFormSectionProps) {\n  return <>{children}</>\n}\n\nfunction emitLoginResponseEvent(detail: LoginResponseEventDetail) {\n  if (typeof window === 'undefined') return\n  window.dispatchEvent(new CustomEvent('om:auth:login-response', { detail }))\n}\n\nexport default function LoginPage() {\n  const t = useT()\n  const translate = useCallback(\n    (key: string, fallback: string, params?: Record<string, string | number>) =>\n      translateWithFallback(t, key, fallback, params),\n    [t],\n  )\n  const router = useRouter()\n  const searchParams = useSearchParams()\n  const requireRole = (searchParams.get('requireRole') || searchParams.get('role') || '').trim()\n  const requireFeature = (searchParams.get('requireFeature') || '').trim()\n  const requiredRoles = requireRole ? requireRole.split(',').map((value) => value.trim()).filter(Boolean) : []\n  const requiredFeatures = requireFeature ? requireFeature.split(',').map((value) => value.trim()).filter(Boolean) : []\n  const translatedRoles = requiredRoles.map((role) => translate(`auth.roles.${role}`, role))\n  const translatedFeatures = requiredFeatures.map((feature) => translate(`features.${feature}`, feature))\n  const [error, setError] = useState<string | null>(null)\n  const [submitting, setSubmitting] = useState(false)\n  const [authOverride, setAuthOverride] = useState<AuthOverride | null>(null)\n  const [authOverridePending, setAuthOverridePending] = useState(false)\n  const [clientReady, setClientReady] = useState(false)\n  const [activeAuthenticatedUser, setActiveAuthenticatedUser] = useState(false)\n  const [email, setEmail] = useState('')\n  const [tenantId, setTenantId] = useState<string | null>(null)\n  const [tenantName, setTenantName] = useState<string | null>(null)\n  const [tenantLoading, setTenantLoading] = useState(false)\n  const [tenantInvalid, setTenantInvalid] = useState<string | null>(null)\n  const showTenantInvalid = tenantId != null && tenantInvalid === tenantId\n  const LoginFormSection = useRegisteredComponent<LoginFormSectionProps>(\n    'section:auth.login.form',\n    LoginFormSectionDefault,\n  )\n\n  useEffect(() => {\n    setClientReady(true)\n  }, [])\n\n  useEffect(() => {\n    let cancelled = false\n    const hasAclChallenge = requiredFeatures.length > 0 || requiredRoles.length > 0\n    void (async () => {\n      try {\n        const res = await apiCall<{ userId?: string }>('/api/auth/feature-check', {\n          method: 'POST',\n          headers: { 'content-type': 'application/json' },\n          body: JSON.stringify({ features: [] }),\n          cache: 'no-store',\n        })\n        if (cancelled) return\n        const activeUserId = typeof res.result?.userId === 'string' ? res.result.userId : ''\n        if (!activeUserId) return\n        setActiveAuthenticatedUser(true)\n        // When a feature/role challenge is present in the URL, the user already\n        // failed an ACL check while authenticated. Auto-redirecting back to\n        // `redirect` would re-trigger the same 403 and re-bounce here,\n        // producing an infinite loop (see GH #2070). Stay on the login page so\n        // the access-denied banner is visible.\n        if (hasAclChallenge) return\n        const rawRedirect = searchParams.get('redirect') || ''\n        let destination = '/backend'\n        if (rawRedirect) {\n          try {\n            const resolved = new URL(rawRedirect, window.location.origin)\n            if (\n              resolved.origin === window.location.origin &&\n              resolved.pathname.startsWith('/') &&\n              !resolved.pathname.includes('//')\n            ) {\n              destination = resolved.pathname + resolved.search + resolved.hash\n            }\n          } catch {\n            // fall back to /backend\n          }\n        }\n        router.replace(destination)\n      } catch {\n        // ignore \u2014 leave login form usable on network failure\n      }\n    })()\n    return () => { cancelled = true }\n  }, [router, searchParams, requiredFeatures.length, requiredRoles.length])\n\n  useEffect(() => {\n    const tenantParam = (searchParams.get('tenant') || '').trim()\n    if (tenantParam) {\n      setTenantId(tenantParam)\n      window.localStorage.setItem(loginTenantKey, tenantParam)\n      setTenantCookie(tenantParam)\n      return\n    }\n    const storedTenant = window.localStorage.getItem(loginTenantKey) || readTenantCookie()\n    if (storedTenant) {\n      setTenantId(storedTenant)\n    }\n  }, [searchParams])\n\n  useEffect(() => {\n    if (!tenantId) {\n      setTenantName(null)\n      setTenantInvalid(null)\n      return\n    }\n    if (tenantInvalid === tenantId) {\n      setTenantName(null)\n      setTenantLoading(false)\n      return\n    }\n    let active = true\n    setTenantLoading(true)\n    setTenantInvalid(null)\n    apiCall<{ ok: boolean; tenant?: { id: string; name: string }; error?: string }>(\n      `/api/directory/tenants/lookup?tenantId=${encodeURIComponent(tenantId)}`,\n    )\n      .then(({ result }) => {\n        if (!active) return\n        if (result?.ok && result.tenant) {\n          setTenantName(result.tenant.name)\n          return\n        }\n        setTenantName(null)\n        setTenantInvalid(tenantId)\n        setError(null)\n      })\n      .catch(() => {\n        if (!active) return\n        setTenantName(null)\n        setTenantInvalid(tenantId)\n        setError(null)\n      })\n      .finally(() => {\n        if (active) setTenantLoading(false)\n      })\n    return () => {\n      active = false\n    }\n  }, [tenantId, translate])\n\n  function handleClearTenant() {\n    window.localStorage.removeItem(loginTenantKey)\n    clearTenantCookie()\n    setTenantId(null)\n    setTenantName(null)\n    setTenantInvalid(null)\n    const params = new URLSearchParams(searchParams)\n    params.delete('tenant')\n    setError(null)\n    const query = params.toString()\n    router.replace(query ? `/login?${query}` : '/login')\n  }\n\n  async function onSubmit(e: React.FormEvent<HTMLFormElement>) {\n    e.preventDefault()\n    if (!clientReady || authOverridePending) {\n      return\n    }\n    setError(null)\n    if (authOverride) {\n      authOverride.onSubmit()\n      return\n    }\n    setSubmitting(true)\n    try {\n      const form = new FormData(e.currentTarget)\n      if (requiredRoles.length) form.set('requireRole', requiredRoles.join(','))\n      const redirectParam = searchParams.get('redirect')\n      if (redirectParam) form.set('redirect', redirectParam)\n      const res = await fetch('/api/auth/login', { method: 'POST', body: form })\n      if (res.redirected) {\n        clearAllOperations()\n        notifyAuthIdentityChange()\n        // NextResponse.redirect from API\n        router.replace(res.url)\n        return\n      }\n      if (!res.ok) {\n        const fallback = (() => {\n          if (res.status === 403) {\n            return translate(\n              'auth.login.errors.permissionDenied',\n              'You do not have permission to access this area. Please contact your administrator.',\n            )\n          }\n          if (res.status === 401 || res.status === 400) {\n            return translate('auth.login.errors.invalidCredentials', 'Invalid email or password')\n          }\n          return translate('auth.login.errors.generic', 'An error occurred. Please try again.')\n        })()\n        const cloned = res.clone()\n        let errorMessage = ''\n        const contentType = res.headers.get('content-type') || ''\n        if (contentType.includes('application/json')) {\n          try {\n            const data = await res.json()\n            errorMessage = extractErrorMessage(data) || ''\n          } catch {\n            try {\n              const text = await cloned.text()\n              const trimmed = text.trim()\n              if (trimmed && !looksLikeJsonString(trimmed)) {\n                errorMessage = trimmed\n              }\n            } catch {\n              errorMessage = ''\n            }\n          }\n        } else {\n          try {\n            const text = await res.text()\n            const trimmed = text.trim()\n            if (trimmed && !looksLikeJsonString(trimmed)) {\n              errorMessage = trimmed\n            }\n          } catch {\n            errorMessage = ''\n          }\n        }\n        setError(errorMessage || fallback)\n        return\n      }\n      // In case API returns 200 with JSON\n      const data = await res.json().catch(() => null) as LoginResponseEventDetail\n      emitLoginResponseEvent(data)\n      clearAllOperations()\n      notifyAuthIdentityChange()\n      if (data && typeof data.redirect === 'string' && data.redirect.length > 0) {\n        router.replace(data.redirect)\n      }\n    } catch (err: unknown) {\n      // Handle any errors thrown (e.g., network errors or thrown exceptions)\n      const message = err instanceof Error ? err.message : ''\n      setError(message || translate('auth.login.errors.generic', 'An error occurred. Please try again.'))\n    } finally {\n      setSubmitting(false)\n    }\n  }\n\n  const loginFormContext = useMemo<LoginFormWidgetContext>(() => ({\n    email,\n    tenantId,\n    searchParams,\n    setAuthOverride,\n    setAuthOverridePending,\n    setError,\n  }), [email, tenantId, searchParams])\n\n  const formReady = clientReady && !authOverridePending\n\n  return (\n    <div className=\"min-h-svh flex items-center justify-center p-4\">\n      <Card className=\"w-full max-w-sm\">\n        <CardHeader className=\"flex flex-col items-center gap-4 text-center p-10\">\n          <Image alt={translate('auth.login.logoAlt', 'Open Mercato logo')} src=\"/open-mercato.svg\" width={150} height={150} priority />\n          <h1 className=\"text-2xl font-semibold\">{translate('auth.login.brandName', 'Open Mercato')}</h1>\n          <CardDescription>{translate('auth.login.subtitle', 'Access your workspace')}</CardDescription>\n        </CardHeader>\n        <CardContent>\n          <LoginFormSection>\n            <form className=\"grid gap-3\" onSubmit={onSubmit} noValidate data-auth-ready={formReady ? '1' : '0'}>\n              {tenantId ? (\n                <input type=\"hidden\" name=\"tenantId\" value={tenantId} />\n              ) : null}\n              {!!translatedRoles.length && (\n                <Alert variant=\"info\" className=\"text-center\">\n                  <AlertDescription>\n                    {translate(\n                      translatedRoles.length > 1 ? 'auth.login.requireRolesMessage' : 'auth.login.requireRoleMessage',\n                      translatedRoles.length > 1\n                        ? 'Access requires one of the following roles: {roles}'\n                        : 'Access requires role: {roles}',\n                      { roles: translatedRoles.join(', ') },\n                    )}\n                  </AlertDescription>\n                </Alert>\n              )}\n              {!!translatedFeatures.length && (\n                <Alert variant=\"info\" className=\"text-center\">\n                  <AlertDescription>\n                    {translate('auth.login.featureDenied', \"You don't have access to this feature ({feature}). Please contact your administrator.\", {\n                      feature: translatedFeatures.join(', '),\n                    })}\n                  </AlertDescription>\n                </Alert>\n              )}\n              {activeAuthenticatedUser && (translatedRoles.length || translatedFeatures.length) ? (\n                <div className=\"flex justify-center\" data-testid=\"login-return-dashboard\">\n                  <Button asChild type=\"button\" variant=\"outline\" size=\"sm\">\n                    <Link href=\"/backend\">\n                      {translate('auth.accessDenied.dashboard', 'Go to Dashboard')}\n                    </Link>\n                  </Button>\n                </div>\n              ) : null}\n              {showTenantInvalid ? (\n                <div className=\"rounded-md border border-red-200 bg-red-50 px-3 py-2 text-center text-xs text-red-700\">\n                  <div className=\"font-medium\">{translate('auth.login.errors.tenantInvalid', 'Tenant not found. Clear the tenant selection and try again.')}</div>\n                  <Button type=\"button\" variant=\"outline\" size=\"sm\" className=\"mt-2 border-red-300 text-red-700\" onClick={handleClearTenant}>\n                    <X className=\"mr-2 size-4\" aria-hidden=\"true\" />\n                    {translate('auth.login.tenantClear', 'Clear')}\n                  </Button>\n                </div>\n              ) : tenantId ? (\n                <div className=\"rounded-md border border-emerald-200 bg-emerald-50 px-3 py-2 text-center text-xs text-emerald-900\">\n                  <div className=\"font-medium\">\n                    {tenantLoading\n                      ? translate('auth.login.tenantLoading', 'Loading tenant details...')\n                      : translate('auth.login.tenantBanner', \"You're logging in to {tenant} tenant.\", {\n                          tenant: tenantName || tenantId,\n                        })}\n                  </div>\n                  <Button type=\"button\" variant=\"outline\" size=\"sm\" className=\"mt-2 border-emerald-300 text-emerald-900\" onClick={handleClearTenant}>\n                    <X className=\"mr-2 size-4\" aria-hidden=\"true\" />\n                    {translate('auth.login.tenantClear', 'Clear')}\n                  </Button>\n                </div>\n              ) : null}\n              {error && !showTenantInvalid && (\n                <div className=\"rounded-md border border-red-200 bg-red-50 px-3 py-2 text-center text-sm text-red-700\" role=\"alert\" aria-live=\"polite\">\n                  {error}\n                </div>\n              )}\n              <div className=\"grid gap-1\">\n                <Label htmlFor=\"email\">{t('auth.email')}</Label>\n                <EmailInput\n                  id=\"email\"\n                  name=\"email\"\n                  required\n                  aria-invalid={!!error}\n                  onChange={(e) => setEmail(e.target.value)}\n                  onBlur={(e) => setEmail(e.target.value)}\n                />\n              </div>\n              <InjectionSpot<LoginFormWidgetContext>\n                spotId=\"auth.login:form\"\n                context={loginFormContext}\n              />\n              {authOverride?.hidePassword ? null : (\n                <div className=\"grid gap-1\">\n                  <Label htmlFor=\"password\">{t('auth.password')}</Label>\n                  <PasswordInput id=\"password\" name=\"password\" required={!authOverride} aria-invalid={!!error} autoComplete=\"current-password\" />\n                </div>\n              )}\n              {!authOverride?.hideRememberMe && !authOverride?.hidePassword && (\n                <label className=\"flex items-center gap-2 text-xs text-muted-foreground\">\n                  <input type=\"checkbox\" name=\"remember\" className=\"accent-foreground\" />\n                  <span>{translate('auth.login.rememberMe', 'Remember me')}</span>\n                </label>\n              )}\n              <Button type=\"submit\" disabled={submitting || !formReady} className=\"h-10 mt-2\">\n                {submitting\n                  ? translate('auth.login.loading', 'Loading...')\n                  : authOverride\n                    ? authOverride.providerLabel\n                    : translate('auth.signIn', 'Sign in')}\n              </Button>\n              {!authOverride?.hideForgotPassword && (\n                <div className=\"text-xs text-muted-foreground mt-2\">\n                  <Link className=\"underline\" href=\"/reset\">\n                    {translate('auth.login.forgotPassword', 'Forgot password?')}\n                  </Link>\n                </div>\n              )}\n            </form>\n          </LoginFormSection>\n        </CardContent>\n      </Card>\n    </div>\n  )\n}\n"],
-  "mappings": ";AAqFS,wBAiQD,YAjQC;AApFT,SAAS,aAAa,WAAW,SAAS,gBAAgB;AAE1D,OAAO,WAAW;AAClB,OAAO,UAAU;AACjB,SAAS,WAAW,uBAAuB;AAC3C,SAAS,MAAM,aAAa,YAAY,uBAAuB;AAE/D,SAAS,kBAAkB;AAC3B,SAAS,qBAAqB;AAC9B,SAAS,aAAa;AACtB,SAAS,cAAc;AACvB,SAAS,YAAY;AACrB,SAAS,6BAA6B;AACtC,SAAS,0BAA0B;AACnC,SAAS,gCAAgC;AACzC,SAAS,eAAe;AACxB,SAAS,SAAS;AAClB,SAAS,OAAO,wBAAwB;AACxC,SAAS,qBAAqB;AAC9B,SAAS,8BAA8B;AAGvC,MAAM,iBAAiB;AACvB,MAAM,0BAA0B,KAAK,KAAK,KAAK;AAE/C,SAAS,mBAAmB;AAC1B,MAAI,OAAO,aAAa,YAAa,QAAO;AAC5C,QAAM,UAAU,SAAS,OAAO,MAAM,GAAG;AACzC,aAAW,SAAS,SAAS;AAC3B,UAAM,CAAC,MAAM,GAAG,IAAI,IAAI,MAAM,KAAK,EAAE,MAAM,GAAG;AAC9C,QAAI,SAAS,eAAgB,QAAO,mBAAmB,KAAK,KAAK,GAAG,CAAC;AAAA,EACvE;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,OAAe;AACtC,MAAI,OAAO,aAAa,YAAa;AACrC,WAAS,SAAS,GAAG,cAAc,IAAI,mBAAmB,KAAK,CAAC,qBAAqB,uBAAuB;AAC9G;AAEA,SAAS,oBAAoB;AAC3B,MAAI,OAAO,aAAa,YAAa;AACrC,WAAS,SAAS,GAAG,cAAc;AACrC;AAEA,SAAS,oBAAoB,SAAiC;AAC5D,MAAI,CAAC,QAAS,QAAO;AACrB,MAAI,OAAO,YAAY,SAAU,QAAO;AACxC,MAAI,MAAM,QAAQ,OAAO,GAAG;AAC1B,eAAW,SAAS,SAAS;AAC3B,YAAM,WAAW,oBAAoB,KAAK;AAC1C,UAAI,SAAU,QAAO;AAAA,IACvB;AACA,WAAO;AAAA,EACT;AACA,MAAI,OAAO,YAAY,UAAU;AAC/B,UAAM,SAAS;AACf,UAAM,aAAwB;AAAA,MAC5B,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AACA,eAAW,aAAa,YAAY;AAClC,YAAM,WAAW,oBAAoB,SAAS;AAC9C,UAAI,SAAU,QAAO;AAAA,IACvB;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,oBAAoB,OAAwB;AACnD,QAAM,UAAU,MAAM,KAAK;AAC3B,SAAO,QAAQ,WAAW,GAAG,KAAK,QAAQ,WAAW,GAAG;AAC1D;AAQA,SAAS,wBAAwB,EAAE,SAAS,GAA0B;AACpE,SAAO,gCAAG,UAAS;AACrB;AAEA,SAAS,uBAAuB,QAAkC;AAChE,MAAI,OAAO,WAAW,YAAa;AACnC,SAAO,cAAc,IAAI,YAAY,0BAA0B,EAAE,OAAO,CAAC,CAAC;AAC5E;AAEe,SAAR,YAA6B;AAClC,QAAM,IAAI,KAAK;AACf,QAAM,YAAY;AAAA,IAChB,CAAC,KAAa,UAAkB,WAC9B,sBAAsB,GAAG,KAAK,UAAU,MAAM;AAAA,IAChD,CAAC,CAAC;AAAA,EACJ;AACA,QAAM,SAAS,UAAU;AACzB,QAAM,eAAe,gBAAgB;AACrC,QAAM,eAAe,aAAa,IAAI,aAAa,KAAK,aAAa,IAAI,MAAM,KAAK,IAAI,KAAK;AAC7F,QAAM,kBAAkB,aAAa,IAAI,gBAAgB,KAAK,IAAI,KAAK;AACvE,QAAM,gBAAgB,cAAc,YAAY,MAAM,GAAG,EAAE,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,EAAE,OAAO,OAAO,IAAI,CAAC;AAC3G,QAAM,mBAAmB,iBAAiB,eAAe,MAAM,GAAG,EAAE,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,EAAE,OAAO,OAAO,IAAI,CAAC;AACpH,QAAM,kBAAkB,cAAc,IAAI,CAAC,SAAS,UAAU,cAAc,IAAI,IAAI,IAAI,CAAC;AACzF,QAAM,qBAAqB,iBAAiB,IAAI,CAAC,YAAY,UAAU,YAAY,OAAO,IAAI,OAAO,CAAC;AACtG,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAwB,IAAI;AACtD,QAAM,CAAC,YAAY,aAAa,IAAI,SAAS,KAAK;AAClD,QAAM,CAAC,cAAc,eAAe,IAAI,SAA8B,IAAI;AAC1E,QAAM,CAAC,qBAAqB,sBAAsB,IAAI,SAAS,KAAK;AACpE,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,KAAK;AACpD,QAAM,CAAC,yBAAyB,0BAA0B,IAAI,SAAS,KAAK;AAC5E,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAS,EAAE;AACrC,QAAM,CAAC,UAAU,WAAW,IAAI,SAAwB,IAAI;AAC5D,QAAM,CAAC,YAAY,aAAa,IAAI,SAAwB,IAAI;AAChE,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAS,KAAK;AACxD,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAwB,IAAI;AACtE,QAAM,oBAAoB,YAAY,QAAQ,kBAAkB;AAChE,QAAM,mBAAmB;AAAA,IACvB;AAAA,IACA;AAAA,EACF;AAEA,YAAU,MAAM;AACd,mBAAe,IAAI;AAAA,EACrB,GAAG,CAAC,CAAC;AAEL,YAAU,MAAM;AACd,QAAI,YAAY;AAChB,UAAM,kBAAkB,iBAAiB,SAAS,KAAK,cAAc,SAAS;AAC9E,UAAM,YAAY;AAChB,UAAI;AACF,cAAM,MAAM,MAAM,QAA6B,2BAA2B;AAAA,UACxE,QAAQ;AAAA,UACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,UAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC;AAAA,UACrC,OAAO;AAAA,QACT,CAAC;AACD,YAAI,UAAW;AACf,cAAM,eAAe,OAAO,IAAI,QAAQ,WAAW,WAAW,IAAI,OAAO,SAAS;AAClF,YAAI,CAAC,aAAc;AACnB,mCAA2B,IAAI;AAM/B,YAAI,gBAAiB;AACrB,cAAM,cAAc,aAAa,IAAI,UAAU,KAAK;AACpD,YAAI,cAAc;AAClB,YAAI,aAAa;AACf,cAAI;AACF,kBAAM,WAAW,IAAI,IAAI,aAAa,OAAO,SAAS,MAAM;AAC5D,gBACE,SAAS,WAAW,OAAO,SAAS,UACpC,SAAS,SAAS,WAAW,GAAG,KAChC,CAAC,SAAS,SAAS,SAAS,IAAI,GAChC;AACA,4BAAc,SAAS,WAAW,SAAS,SAAS,SAAS;AAAA,YAC/D;AAAA,UACF,QAAQ;AAAA,UAER;AAAA,QACF;AACA,eAAO,QAAQ,WAAW;AAAA,MAC5B,QAAQ;AAAA,MAER;AAAA,IACF,GAAG;AACH,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,QAAQ,cAAc,iBAAiB,QAAQ,cAAc,MAAM,CAAC;AAExE,YAAU,MAAM;AACd,UAAM,eAAe,aAAa,IAAI,QAAQ,KAAK,IAAI,KAAK;AAC5D,QAAI,aAAa;AACf,kBAAY,WAAW;AACvB,aAAO,aAAa,QAAQ,gBAAgB,WAAW;AACvD,sBAAgB,WAAW;AAC3B;AAAA,IACF;AACA,UAAM,eAAe,OAAO,aAAa,QAAQ,cAAc,KAAK,iBAAiB;AACrF,QAAI,cAAc;AAChB,kBAAY,YAAY;AAAA,IAC1B;AAAA,EACF,GAAG,CAAC,YAAY,CAAC;AAEjB,YAAU,MAAM;AACd,QAAI,CAAC,UAAU;AACb,oBAAc,IAAI;AAClB,uBAAiB,IAAI;AACrB;AAAA,IACF;AACA,QAAI,kBAAkB,UAAU;AAC9B,oBAAc,IAAI;AAClB,uBAAiB,KAAK;AACtB;AAAA,IACF;AACA,QAAI,SAAS;AACb,qBAAiB,IAAI;AACrB,qBAAiB,IAAI;AACrB;AAAA,MACE,0CAA0C,mBAAmB,QAAQ,CAAC;AAAA,IACxE,EACG,KAAK,CAAC,EAAE,OAAO,MAAM;AACpB,UAAI,CAAC,OAAQ;AACb,UAAI,QAAQ,MAAM,OAAO,QAAQ;AAC/B,sBAAc,OAAO,OAAO,IAAI;AAChC;AAAA,MACF;AACA,oBAAc,IAAI;AAClB,uBAAiB,QAAQ;AACzB,eAAS,IAAI;AAAA,IACf,CAAC,EACA,MAAM,MAAM;AACX,UAAI,CAAC,OAAQ;AACb,oBAAc,IAAI;AAClB,uBAAiB,QAAQ;AACzB,eAAS,IAAI;AAAA,IACf,CAAC,EACA,QAAQ,MAAM;AACb,UAAI,OAAQ,kBAAiB,KAAK;AAAA,IACpC,CAAC;AACH,WAAO,MAAM;AACX,eAAS;AAAA,IACX;AAAA,EACF,GAAG,CAAC,UAAU,SAAS,CAAC;AAExB,WAAS,oBAAoB;AAC3B,WAAO,aAAa,WAAW,cAAc;AAC7C,sBAAkB;AAClB,gBAAY,IAAI;AAChB,kBAAc,IAAI;AAClB,qBAAiB,IAAI;AACrB,UAAM,SAAS,IAAI,gBAAgB,YAAY;AAC/C,WAAO,OAAO,QAAQ;AACtB,aAAS,IAAI;AACb,UAAM,QAAQ,OAAO,SAAS;AAC9B,WAAO,QAAQ,QAAQ,UAAU,KAAK,KAAK,QAAQ;AAAA,EACrD;AAEA,iBAAe,SAAS,GAAqC;AAC3D,MAAE,eAAe;AACjB,QAAI,CAAC,eAAe,qBAAqB;AACvC;AAAA,IACF;AACA,aAAS,IAAI;AACb,QAAI,cAAc;AAChB,mBAAa,SAAS;AACtB;AAAA,IACF;AACA,kBAAc,IAAI;AAClB,QAAI;AACF,YAAM,OAAO,IAAI,SAAS,EAAE,aAAa;AACzC,UAAI,cAAc,OAAQ,MAAK,IAAI,eAAe,cAAc,KAAK,GAAG,CAAC;AACzE,YAAM,gBAAgB,aAAa,IAAI,UAAU;AACjD,UAAI,cAAe,MAAK,IAAI,YAAY,aAAa;AACrD,YAAM,MAAM,MAAM,MAAM,mBAAmB,EAAE,QAAQ,QAAQ,MAAM,KAAK,CAAC;AACzE,UAAI,IAAI,YAAY;AAClB,2BAAmB;AACnB,iCAAyB;AAEzB,eAAO,QAAQ,IAAI,GAAG;AACtB;AAAA,MACF;AACA,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,YAAY,MAAM;AACtB,cAAI,IAAI,WAAW,KAAK;AACtB,mBAAO;AAAA,cACL;AAAA,cACA;AAAA,YACF;AAAA,UACF;AACA,cAAI,IAAI,WAAW,OAAO,IAAI,WAAW,KAAK;AAC5C,mBAAO,UAAU,wCAAwC,2BAA2B;AAAA,UACtF;AACA,iBAAO,UAAU,6BAA6B,sCAAsC;AAAA,QACtF,GAAG;AACH,cAAM,SAAS,IAAI,MAAM;AACzB,YAAI,eAAe;AACnB,cAAM,cAAc,IAAI,QAAQ,IAAI,cAAc,KAAK;AACvD,YAAI,YAAY,SAAS,kBAAkB,GAAG;AAC5C,cAAI;AACF,kBAAMA,QAAO,MAAM,IAAI,KAAK;AAC5B,2BAAe,oBAAoBA,KAAI,KAAK;AAAA,UAC9C,QAAQ;AACN,gBAAI;AACF,oBAAM,OAAO,MAAM,OAAO,KAAK;AAC/B,oBAAM,UAAU,KAAK,KAAK;AAC1B,kBAAI,WAAW,CAAC,oBAAoB,OAAO,GAAG;AAC5C,+BAAe;AAAA,cACjB;AAAA,YACF,QAAQ;AACN,6BAAe;AAAA,YACjB;AAAA,UACF;AAAA,QACF,OAAO;AACL,cAAI;AACF,kBAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,kBAAM,UAAU,KAAK,KAAK;AAC1B,gBAAI,WAAW,CAAC,oBAAoB,OAAO,GAAG;AAC5C,6BAAe;AAAA,YACjB;AAAA,UACF,QAAQ;AACN,2BAAe;AAAA,UACjB;AAAA,QACF;AACA,iBAAS,gBAAgB,QAAQ;AACjC;AAAA,MACF;AAEA,YAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,IAAI;AAC9C,6BAAuB,IAAI;AAC3B,yBAAmB;AACnB,+BAAyB;AACzB,UAAI,QAAQ,OAAO,KAAK,aAAa,YAAY,KAAK,SAAS,SAAS,GAAG;AACzE,eAAO,QAAQ,KAAK,QAAQ;AAAA,MAC9B;AAAA,IACF,SAAS,KAAc;AAErB,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,eAAS,WAAW,UAAU,6BAA6B,sCAAsC,CAAC;AAAA,IACpG,UAAE;AACA,oBAAc,KAAK;AAAA,IACrB;AAAA,EACF;AAEA,QAAM,mBAAmB,QAAgC,OAAO;AAAA,IAC9D;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,CAAC,OAAO,UAAU,YAAY,CAAC;AAEnC,QAAM,YAAY,eAAe,CAAC;AAElC,SACE,oBAAC,SAAI,WAAU,kDACb,+BAAC,QAAK,WAAU,mBACd;AAAA,yBAAC,cAAW,WAAU,qDACpB;AAAA,0BAAC,SAAM,KAAK,UAAU,sBAAsB,mBAAmB,GAAG,KAAI,qBAAoB,OAAO,KAAK,QAAQ,KAAK,UAAQ,MAAC;AAAA,MAC5H,oBAAC,QAAG,WAAU,0BAA0B,oBAAU,wBAAwB,cAAc,GAAE;AAAA,MAC1F,oBAAC,mBAAiB,oBAAU,uBAAuB,uBAAuB,GAAE;AAAA,OAC9E;AAAA,IACA,oBAAC,eACC,8BAAC,oBACC,+BAAC,UAAK,WAAU,cAAa,UAAoB,YAAU,MAAC,mBAAiB,YAAY,MAAM,KAC5F;AAAA,iBACC,oBAAC,WAAM,MAAK,UAAS,MAAK,YAAW,OAAO,UAAU,IACpD;AAAA,MACH,CAAC,CAAC,gBAAgB,UACjB,oBAAC,SAAM,SAAQ,QAAO,WAAU,eAC9B,8BAAC,oBACE;AAAA,QACC,gBAAgB,SAAS,IAAI,mCAAmC;AAAA,QAChE,gBAAgB,SAAS,IACrB,wDACA;AAAA,QACJ,EAAE,OAAO,gBAAgB,KAAK,IAAI,EAAE;AAAA,MACtC,GACF,GACF;AAAA,MAED,CAAC,CAAC,mBAAmB,UACpB,oBAAC,SAAM,SAAQ,QAAO,WAAU,eAC9B,8BAAC,oBACE,oBAAU,4BAA4B,yFAAyF;AAAA,QAC9H,SAAS,mBAAmB,KAAK,IAAI;AAAA,MACvC,CAAC,GACH,GACF;AAAA,MAED,4BAA4B,gBAAgB,UAAU,mBAAmB,UACxE,oBAAC,SAAI,WAAU,uBAAsB,eAAY,0BAC/C,8BAAC,UAAO,SAAO,MAAC,MAAK,UAAS,SAAQ,WAAU,MAAK,MACnD,8BAAC,QAAK,MAAK,YACR,oBAAU,+BAA+B,iBAAiB,GAC7D,GACF,GACF,IACE;AAAA,MACH,oBACC,qBAAC,SAAI,WAAU,yFACb;AAAA,4BAAC,SAAI,WAAU,eAAe,oBAAU,mCAAmC,6DAA6D,GAAE;AAAA,QAC1I,qBAAC,UAAO,MAAK,UAAS,SAAQ,WAAU,MAAK,MAAK,WAAU,oCAAmC,SAAS,mBACtG;AAAA,8BAAC,KAAE,WAAU,eAAc,eAAY,QAAO;AAAA,UAC7C,UAAU,0BAA0B,OAAO;AAAA,WAC9C;AAAA,SACF,IACE,WACF,qBAAC,SAAI,WAAU,qGACb;AAAA,4BAAC,SAAI,WAAU,eACZ,0BACG,UAAU,4BAA4B,2BAA2B,IACjE,UAAU,2BAA2B,yCAAyC;AAAA,UAC5E,QAAQ,cAAc;AAAA,QACxB,CAAC,GACP;AAAA,QACA,qBAAC,UAAO,MAAK,UAAS,SAAQ,WAAU,MAAK,MAAK,WAAU,4CAA2C,SAAS,mBAC9G;AAAA,8BAAC,KAAE,WAAU,eAAc,eAAY,QAAO;AAAA,UAC7C,UAAU,0BAA0B,OAAO;AAAA,WAC9C;AAAA,SACF,IACE;AAAA,MACH,SAAS,CAAC,qBACT,oBAAC,SAAI,WAAU,yFAAwF,MAAK,SAAQ,aAAU,UAC3H,iBACH;AAAA,MAEF,qBAAC,SAAI,WAAU,cACb;AAAA,4BAAC,SAAM,SAAQ,SAAS,YAAE,YAAY,GAAE;AAAA,QACxC;AAAA,UAAC;AAAA;AAAA,YACC,IAAG;AAAA,YACH,MAAK;AAAA,YACL,UAAQ;AAAA,YACR,gBAAc,CAAC,CAAC;AAAA,YAChB,UAAU,CAAC,MAAM,SAAS,EAAE,OAAO,KAAK;AAAA,YACxC,QAAQ,CAAC,MAAM,SAAS,EAAE,OAAO,KAAK;AAAA;AAAA,QACxC;AAAA,SACF;AAAA,MACA;AAAA,QAAC;AAAA;AAAA,UACC,QAAO;AAAA,UACP,SAAS;AAAA;AAAA,MACX;AAAA,MACC,cAAc,eAAe,OAC5B,qBAAC,SAAI,WAAU,cACb;AAAA,4BAAC,SAAM,SAAQ,YAAY,YAAE,eAAe,GAAE;AAAA,QAC9C,oBAAC,iBAAc,IAAG,YAAW,MAAK,YAAW,UAAU,CAAC,cAAc,gBAAc,CAAC,CAAC,OAAO,cAAa,oBAAmB;AAAA,SAC/H;AAAA,MAED,CAAC,cAAc,kBAAkB,CAAC,cAAc,gBAC/C,qBAAC,WAAM,WAAU,yDACf;AAAA,4BAAC,WAAM,MAAK,YAAW,MAAK,YAAW,WAAU,qBAAoB;AAAA,QACrE,oBAAC,UAAM,oBAAU,yBAAyB,aAAa,GAAE;AAAA,SAC3D;AAAA,MAEF,oBAAC,UAAO,MAAK,UAAS,UAAU,cAAc,CAAC,WAAW,WAAU,aACjE,uBACG,UAAU,sBAAsB,YAAY,IAC5C,eACE,aAAa,gBACb,UAAU,eAAe,SAAS,GAC1C;AAAA,MACC,CAAC,cAAc,sBACd,oBAAC,SAAI,WAAU,sCACb,8BAAC,QAAK,WAAU,aAAY,MAAK,UAC9B,oBAAU,6BAA6B,kBAAkB,GAC5D,GACF;AAAA,OAEJ,GACF,GACF;AAAA,KACF,GACF;AAEJ;",
+  "sourcesContent": ["\"use client\"\nimport { useCallback, useEffect, useMemo, useState } from 'react'\nimport type { ReactNode } from 'react'\nimport Image from 'next/image'\nimport Link from 'next/link'\nimport { useRouter, useSearchParams } from 'next/navigation'\nimport { Card, CardContent, CardHeader, CardDescription } from '@open-mercato/ui/primitives/card'\nimport { Input } from '@open-mercato/ui/primitives/input'\nimport { EmailInput } from '@open-mercato/ui/primitives/email-input'\nimport { PasswordInput } from '@open-mercato/ui/primitives/password-input'\nimport { Label } from '@open-mercato/ui/primitives/label'\nimport { Button } from '@open-mercato/ui/primitives/button'\nimport { useT } from '@open-mercato/shared/lib/i18n/context'\nimport { translateWithFallback } from '@open-mercato/shared/lib/i18n/translate'\nimport { clearAllOperations } from '@open-mercato/ui/backend/operations/store'\nimport { notifyAuthIdentityChange } from '@open-mercato/ui/backend/AuthSessionGuard'\nimport { apiCall } from '@open-mercato/ui/backend/utils/apiCall'\nimport { X } from 'lucide-react'\nimport { Alert, AlertDescription } from '@open-mercato/ui/primitives/alert'\nimport { InjectionSpot } from '@open-mercato/ui/backend/injection/InjectionSpot'\nimport { useRegisteredComponent } from '@open-mercato/ui/backend/injection/useRegisteredComponent'\nimport type { AuthOverride, LoginFormWidgetContext } from './login-injection'\n\nconst loginTenantKey = 'om_login_tenant'\nconst loginTenantCookieMaxAge = 60 * 60 * 24 * 14\n\nfunction readTenantCookie() {\n  if (typeof document === 'undefined') return null\n  const entries = document.cookie.split(';')\n  for (const entry of entries) {\n    const [name, ...rest] = entry.trim().split('=')\n    if (name === loginTenantKey) return decodeURIComponent(rest.join('='))\n  }\n  return null\n}\n\nfunction setTenantCookie(value: string) {\n  if (typeof document === 'undefined') return\n  document.cookie = `${loginTenantKey}=${encodeURIComponent(value)}; path=/; max-age=${loginTenantCookieMaxAge}; samesite=lax`\n}\n\nfunction clearTenantCookie() {\n  if (typeof document === 'undefined') return\n  document.cookie = `${loginTenantKey}=; path=/; max-age=0; samesite=lax`\n}\n\nfunction extractErrorMessage(payload: unknown): string | null {\n  if (!payload) return null\n  if (typeof payload === 'string') return payload\n  if (Array.isArray(payload)) {\n    for (const entry of payload) {\n      const resolved = extractErrorMessage(entry)\n      if (resolved) return resolved\n    }\n    return null\n  }\n  if (typeof payload === 'object') {\n    const record = payload as Record<string, unknown>\n    const candidates: unknown[] = [\n      record.error,\n      record.message,\n      record.detail,\n      record.details,\n      record.description,\n    ]\n    for (const candidate of candidates) {\n      const resolved = extractErrorMessage(candidate)\n      if (resolved) return resolved\n    }\n  }\n  return null\n}\n\nfunction looksLikeJsonString(value: string): boolean {\n  const trimmed = value.trim()\n  return trimmed.startsWith('{') || trimmed.startsWith('[')\n}\n\ntype LoginResponseEventDetail = Record<string, unknown> | null\n\ntype LoginFormSectionProps = {\n  children: ReactNode\n}\n\nfunction LoginFormSectionDefault({ children }: LoginFormSectionProps) {\n  return <>{children}</>\n}\n\nfunction emitLoginResponseEvent(detail: LoginResponseEventDetail) {\n  if (typeof window === 'undefined') return\n  window.dispatchEvent(new CustomEvent('om:auth:login-response', { detail }))\n}\n\nexport default function LoginPage() {\n  const t = useT()\n  const translate = useCallback(\n    (key: string, fallback: string, params?: Record<string, string | number>) =>\n      translateWithFallback(t, key, fallback, params),\n    [t],\n  )\n  const router = useRouter()\n  const searchParams = useSearchParams()\n  const requireRole = (searchParams.get('requireRole') || searchParams.get('role') || '').trim()\n  const requireFeature = (searchParams.get('requireFeature') || '').trim()\n  const requiredRoles = requireRole ? requireRole.split(',').map((value) => value.trim()).filter(Boolean) : []\n  const requiredFeatures = requireFeature ? requireFeature.split(',').map((value) => value.trim()).filter(Boolean) : []\n  const translatedRoles = requiredRoles.map((role) => translate(`auth.roles.${role}`, role))\n  const translatedFeatures = requiredFeatures.map((feature) => translate(`features.${feature}`, feature))\n  const [error, setError] = useState<string | null>(null)\n  const [submitting, setSubmitting] = useState(false)\n  const [authOverride, setAuthOverride] = useState<AuthOverride | null>(null)\n  const [authOverridePending, setAuthOverridePending] = useState(false)\n  const [clientReady, setClientReady] = useState(false)\n  const [activeAuthenticatedUser, setActiveAuthenticatedUser] = useState(false)\n  const [email, setEmail] = useState('')\n  const [tenantId, setTenantId] = useState<string | null>(null)\n  const [tenantName, setTenantName] = useState<string | null>(null)\n  const [tenantLoading, setTenantLoading] = useState(false)\n  const [tenantInvalid, setTenantInvalid] = useState<string | null>(null)\n  const showTenantInvalid = tenantId != null && tenantInvalid === tenantId\n  const LoginFormSection = useRegisteredComponent<LoginFormSectionProps>(\n    'section:auth.login.form',\n    LoginFormSectionDefault,\n  )\n\n  useEffect(() => {\n    setClientReady(true)\n  }, [])\n\n  useEffect(() => {\n    let cancelled = false\n    const hasAclChallenge = requiredFeatures.length > 0 || requiredRoles.length > 0\n    void (async () => {\n      try {\n        const res = await apiCall<{ userId?: string }>('/api/auth/feature-check', {\n          method: 'POST',\n          headers: { 'content-type': 'application/json' },\n          body: JSON.stringify({ features: [] }),\n          cache: 'no-store',\n        })\n        if (cancelled) return\n        const activeUserId = typeof res.result?.userId === 'string' ? res.result.userId : ''\n        if (!activeUserId) return\n        setActiveAuthenticatedUser(true)\n        // When a feature/role challenge is present in the URL, the user already\n        // failed an ACL check while authenticated. Auto-redirecting back to\n        // `redirect` would re-trigger the same 403 and re-bounce here,\n        // producing an infinite loop (see GH #2070). Stay on the login page so\n        // the access-denied banner is visible.\n        if (hasAclChallenge) return\n        const rawRedirect = searchParams.get('redirect') || ''\n        let destination = '/backend'\n        if (rawRedirect) {\n          try {\n            const resolved = new URL(rawRedirect, window.location.origin)\n            if (\n              resolved.origin === window.location.origin &&\n              resolved.pathname.startsWith('/') &&\n              !resolved.pathname.includes('//')\n            ) {\n              destination = resolved.pathname + resolved.search + resolved.hash\n            }\n          } catch {\n            // fall back to /backend\n          }\n        }\n        router.replace(destination)\n      } catch {\n        // ignore \u2014 leave login form usable on network failure\n      }\n    })()\n    return () => { cancelled = true }\n  }, [router, searchParams, requiredFeatures.length, requiredRoles.length])\n\n  useEffect(() => {\n    const tenantParam = (searchParams.get('tenant') || '').trim()\n    if (tenantParam) {\n      setTenantId(tenantParam)\n      window.localStorage.setItem(loginTenantKey, tenantParam)\n      setTenantCookie(tenantParam)\n      return\n    }\n    const storedTenant = window.localStorage.getItem(loginTenantKey) || readTenantCookie()\n    if (storedTenant) {\n      setTenantId(storedTenant)\n    }\n  }, [searchParams])\n\n  useEffect(() => {\n    if (!tenantId) {\n      setTenantName(null)\n      setTenantInvalid(null)\n      return\n    }\n    if (tenantInvalid === tenantId) {\n      setTenantName(null)\n      setTenantLoading(false)\n      return\n    }\n    let active = true\n    setTenantLoading(true)\n    setTenantInvalid(null)\n    apiCall<{ ok: boolean; tenant?: { id: string; name: string }; error?: string }>(\n      `/api/directory/tenants/lookup?tenantId=${encodeURIComponent(tenantId)}`,\n    )\n      .then(({ result }) => {\n        if (!active) return\n        if (result?.ok && result.tenant) {\n          setTenantName(result.tenant.name)\n          return\n        }\n        setTenantName(null)\n        setTenantInvalid(tenantId)\n        setError(null)\n      })\n      .catch(() => {\n        if (!active) return\n        setTenantName(null)\n        setTenantInvalid(tenantId)\n        setError(null)\n      })\n      .finally(() => {\n        if (active) setTenantLoading(false)\n      })\n    return () => {\n      active = false\n    }\n  }, [tenantId, translate])\n\n  function handleClearTenant() {\n    window.localStorage.removeItem(loginTenantKey)\n    clearTenantCookie()\n    setTenantId(null)\n    setTenantName(null)\n    setTenantInvalid(null)\n    const params = new URLSearchParams(searchParams)\n    params.delete('tenant')\n    setError(null)\n    const query = params.toString()\n    router.replace(query ? `/login?${query}` : '/login')\n  }\n\n  async function onSubmit(e: React.FormEvent<HTMLFormElement>) {\n    e.preventDefault()\n    if (!clientReady || authOverridePending) {\n      return\n    }\n    setError(null)\n    if (authOverride) {\n      authOverride.onSubmit()\n      return\n    }\n    setSubmitting(true)\n    try {\n      const form = new FormData(e.currentTarget)\n      if (requiredRoles.length) form.set('requireRole', requiredRoles.join(','))\n      const redirectParam = searchParams.get('redirect')\n      if (redirectParam) form.set('redirect', redirectParam)\n      const res = await fetch('/api/auth/login', { method: 'POST', body: form })\n      if (res.redirected) {\n        clearAllOperations()\n        notifyAuthIdentityChange()\n        // NextResponse.redirect from API\n        router.replace(res.url)\n        return\n      }\n      if (!res.ok) {\n        const fallback = (() => {\n          if (res.status === 403) {\n            return translate(\n              'auth.login.errors.permissionDenied',\n              'You do not have permission to access this area. Please contact your administrator.',\n            )\n          }\n          if (res.status === 401 || res.status === 400) {\n            return translate('auth.login.errors.invalidCredentials', 'Invalid email or password')\n          }\n          return translate('auth.login.errors.generic', 'An error occurred. Please try again.')\n        })()\n        const cloned = res.clone()\n        let errorMessage = ''\n        const contentType = res.headers.get('content-type') || ''\n        if (contentType.includes('application/json')) {\n          try {\n            const data = await res.json()\n            errorMessage = extractErrorMessage(data) || ''\n          } catch {\n            try {\n              const text = await cloned.text()\n              const trimmed = text.trim()\n              if (trimmed && !looksLikeJsonString(trimmed)) {\n                errorMessage = trimmed\n              }\n            } catch {\n              errorMessage = ''\n            }\n          }\n        } else {\n          try {\n            const text = await res.text()\n            const trimmed = text.trim()\n            if (trimmed && !looksLikeJsonString(trimmed)) {\n              errorMessage = trimmed\n            }\n          } catch {\n            errorMessage = ''\n          }\n        }\n        setError(errorMessage || fallback)\n        return\n      }\n      // In case API returns 200 with JSON\n      const data = await res.json().catch(() => null) as LoginResponseEventDetail\n      emitLoginResponseEvent(data)\n      clearAllOperations()\n      notifyAuthIdentityChange()\n      if (data && typeof data.redirect === 'string' && data.redirect.length > 0) {\n        router.replace(data.redirect)\n      }\n    } catch (err: unknown) {\n      // Handle any errors thrown (e.g., network errors or thrown exceptions)\n      const message = err instanceof Error ? err.message : ''\n      setError(message || translate('auth.login.errors.generic', 'An error occurred. Please try again.'))\n    } finally {\n      setSubmitting(false)\n    }\n  }\n\n  const loginFormContext = useMemo<LoginFormWidgetContext>(() => ({\n    email,\n    tenantId,\n    searchParams,\n    setAuthOverride,\n    setAuthOverridePending,\n    setError,\n  }), [email, tenantId, searchParams])\n\n  const formReady = clientReady && !authOverridePending\n\n  return (\n    <div className=\"min-h-svh flex items-center justify-center p-4\">\n      <Card className=\"w-full max-w-sm\">\n        <CardHeader className=\"flex flex-col items-center gap-4 text-center p-10\">\n          <Image alt={translate('auth.login.logoAlt', 'Open Mercato logo')} src=\"/open-mercato.svg\" width={150} height={150} priority />\n          <h1 className=\"text-2xl font-semibold\">{translate('auth.login.brandName', 'Open Mercato')}</h1>\n          <CardDescription>{translate('auth.login.subtitle', 'Access your workspace')}</CardDescription>\n        </CardHeader>\n        <CardContent>\n          <LoginFormSection>\n            <form className=\"grid gap-3\" onSubmit={onSubmit} noValidate data-auth-ready={formReady ? '1' : '0'}>\n              {tenantId ? (\n                <input type=\"hidden\" name=\"tenantId\" value={tenantId} />\n              ) : null}\n              {!!translatedRoles.length && (\n                <Alert variant=\"info\" className=\"text-center\">\n                  <AlertDescription>\n                    {translate(\n                      translatedRoles.length > 1 ? 'auth.login.requireRolesMessage' : 'auth.login.requireRoleMessage',\n                      translatedRoles.length > 1\n                        ? 'Access requires one of the following roles: {roles}'\n                        : 'Access requires role: {roles}',\n                      { roles: translatedRoles.join(', ') },\n                    )}\n                  </AlertDescription>\n                </Alert>\n              )}\n              {!!translatedFeatures.length && (\n                <Alert variant=\"info\" className=\"text-center\">\n                  <AlertDescription>\n                    {translate('auth.login.featureDenied', \"You don't have access to this feature ({feature}). Please contact your administrator.\", {\n                      feature: translatedFeatures.join(', '),\n                    })}\n                  </AlertDescription>\n                </Alert>\n              )}\n              {activeAuthenticatedUser && (translatedRoles.length || translatedFeatures.length) ? (\n                <div className=\"flex justify-center\" data-testid=\"login-return-dashboard\">\n                  <Button asChild type=\"button\" variant=\"outline\" size=\"sm\">\n                    <Link href=\"/backend\">\n                      {translate('auth.accessDenied.dashboard', 'Go to Dashboard')}\n                    </Link>\n                  </Button>\n                </div>\n              ) : null}\n              {showTenantInvalid ? (\n                <div className=\"rounded-md border border-red-200 bg-red-50 px-3 py-2 text-center text-xs text-red-700\">\n                  <div className=\"font-medium\">{translate('auth.login.errors.tenantInvalid', 'Tenant not found. Clear the tenant selection and try again.')}</div>\n                  <Button type=\"button\" variant=\"outline\" size=\"sm\" className=\"mt-2 border-red-300 text-red-700\" onClick={handleClearTenant}>\n                    <X className=\"mr-2 size-4\" aria-hidden=\"true\" />\n                    {translate('auth.login.tenantClear', 'Clear')}\n                  </Button>\n                </div>\n              ) : tenantId ? (\n                <div className=\"rounded-md border border-emerald-200 bg-emerald-50 px-3 py-2 text-center text-xs text-emerald-900\">\n                  <div className=\"font-medium\">\n                    {tenantLoading\n                      ? translate('auth.login.tenantLoading', 'Loading tenant details...')\n                      : translate('auth.login.tenantBanner', \"You're logging in to {tenant}.\", {\n                          tenant: tenantName || tenantId,\n                        })}\n                  </div>\n                  <Button type=\"button\" variant=\"outline\" size=\"sm\" className=\"mt-2 border-emerald-300 text-emerald-900\" onClick={handleClearTenant}>\n                    <X className=\"mr-2 size-4\" aria-hidden=\"true\" />\n                    {translate('auth.login.tenantClear', 'Clear')}\n                  </Button>\n                </div>\n              ) : null}\n              {error && !showTenantInvalid && (\n                <div className=\"rounded-md border border-red-200 bg-red-50 px-3 py-2 text-center text-sm text-red-700\" role=\"alert\" aria-live=\"polite\">\n                  {error}\n                </div>\n              )}\n              <div className=\"grid gap-1\">\n                <Label htmlFor=\"email\">{t('auth.email')}</Label>\n                <EmailInput\n                  id=\"email\"\n                  name=\"email\"\n                  required\n                  aria-invalid={!!error}\n                  onChange={(e) => setEmail(e.target.value)}\n                  onBlur={(e) => setEmail(e.target.value)}\n                />\n              </div>\n              <InjectionSpot<LoginFormWidgetContext>\n                spotId=\"auth.login:form\"\n                context={loginFormContext}\n              />\n              {authOverride?.hidePassword ? null : (\n                <div className=\"grid gap-1\">\n                  <Label htmlFor=\"password\">{t('auth.password')}</Label>\n                  <PasswordInput id=\"password\" name=\"password\" required={!authOverride} aria-invalid={!!error} autoComplete=\"current-password\" />\n                </div>\n              )}\n              {!authOverride?.hideRememberMe && !authOverride?.hidePassword && (\n                <label className=\"flex items-center gap-2 text-xs text-muted-foreground\">\n                  <input type=\"checkbox\" name=\"remember\" className=\"accent-foreground\" />\n                  <span>{translate('auth.login.rememberMe', 'Remember me')}</span>\n                </label>\n              )}\n              <Button type=\"submit\" disabled={submitting || !formReady} className=\"h-10 mt-2\">\n                {submitting\n                  ? translate('auth.login.loading', 'Loading...')\n                  : authOverride\n                    ? authOverride.providerLabel\n                    : translate('auth.signIn', 'Sign in')}\n              </Button>\n              {!authOverride?.hideForgotPassword && (\n                <div className=\"text-xs text-muted-foreground mt-2\">\n                  <Link className=\"underline\" href=\"/reset\">\n                    {translate('auth.login.forgotPassword', 'Forgot password?')}\n                  </Link>\n                </div>\n              )}\n            </form>\n          </LoginFormSection>\n        </CardContent>\n      </Card>\n    </div>\n  )\n}\n"],
+  "mappings": ";AAqFS,wBAiQD,YAjQC;AApFT,SAAS,aAAa,WAAW,SAAS,gBAAgB;AAE1D,OAAO,WAAW;AAClB,OAAO,UAAU;AACjB,SAAS,WAAW,uBAAuB;AAC3C,SAAS,MAAM,aAAa,YAAY,uBAAuB;AAE/D,SAAS,kBAAkB;AAC3B,SAAS,qBAAqB;AAC9B,SAAS,aAAa;AACtB,SAAS,cAAc;AACvB,SAAS,YAAY;AACrB,SAAS,6BAA6B;AACtC,SAAS,0BAA0B;AACnC,SAAS,gCAAgC;AACzC,SAAS,eAAe;AACxB,SAAS,SAAS;AAClB,SAAS,OAAO,wBAAwB;AACxC,SAAS,qBAAqB;AAC9B,SAAS,8BAA8B;AAGvC,MAAM,iBAAiB;AACvB,MAAM,0BAA0B,KAAK,KAAK,KAAK;AAE/C,SAAS,mBAAmB;AAC1B,MAAI,OAAO,aAAa,YAAa,QAAO;AAC5C,QAAM,UAAU,SAAS,OAAO,MAAM,GAAG;AACzC,aAAW,SAAS,SAAS;AAC3B,UAAM,CAAC,MAAM,GAAG,IAAI,IAAI,MAAM,KAAK,EAAE,MAAM,GAAG;AAC9C,QAAI,SAAS,eAAgB,QAAO,mBAAmB,KAAK,KAAK,GAAG,CAAC;AAAA,EACvE;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,OAAe;AACtC,MAAI,OAAO,aAAa,YAAa;AACrC,WAAS,SAAS,GAAG,cAAc,IAAI,mBAAmB,KAAK,CAAC,qBAAqB,uBAAuB;AAC9G;AAEA,SAAS,oBAAoB;AAC3B,MAAI,OAAO,aAAa,YAAa;AACrC,WAAS,SAAS,GAAG,cAAc;AACrC;AAEA,SAAS,oBAAoB,SAAiC;AAC5D,MAAI,CAAC,QAAS,QAAO;AACrB,MAAI,OAAO,YAAY,SAAU,QAAO;AACxC,MAAI,MAAM,QAAQ,OAAO,GAAG;AAC1B,eAAW,SAAS,SAAS;AAC3B,YAAM,WAAW,oBAAoB,KAAK;AAC1C,UAAI,SAAU,QAAO;AAAA,IACvB;AACA,WAAO;AAAA,EACT;AACA,MAAI,OAAO,YAAY,UAAU;AAC/B,UAAM,SAAS;AACf,UAAM,aAAwB;AAAA,MAC5B,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AACA,eAAW,aAAa,YAAY;AAClC,YAAM,WAAW,oBAAoB,SAAS;AAC9C,UAAI,SAAU,QAAO;AAAA,IACvB;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,oBAAoB,OAAwB;AACnD,QAAM,UAAU,MAAM,KAAK;AAC3B,SAAO,QAAQ,WAAW,GAAG,KAAK,QAAQ,WAAW,GAAG;AAC1D;AAQA,SAAS,wBAAwB,EAAE,SAAS,GAA0B;AACpE,SAAO,gCAAG,UAAS;AACrB;AAEA,SAAS,uBAAuB,QAAkC;AAChE,MAAI,OAAO,WAAW,YAAa;AACnC,SAAO,cAAc,IAAI,YAAY,0BAA0B,EAAE,OAAO,CAAC,CAAC;AAC5E;AAEe,SAAR,YAA6B;AAClC,QAAM,IAAI,KAAK;AACf,QAAM,YAAY;AAAA,IAChB,CAAC,KAAa,UAAkB,WAC9B,sBAAsB,GAAG,KAAK,UAAU,MAAM;AAAA,IAChD,CAAC,CAAC;AAAA,EACJ;AACA,QAAM,SAAS,UAAU;AACzB,QAAM,eAAe,gBAAgB;AACrC,QAAM,eAAe,aAAa,IAAI,aAAa,KAAK,aAAa,IAAI,MAAM,KAAK,IAAI,KAAK;AAC7F,QAAM,kBAAkB,aAAa,IAAI,gBAAgB,KAAK,IAAI,KAAK;AACvE,QAAM,gBAAgB,cAAc,YAAY,MAAM,GAAG,EAAE,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,EAAE,OAAO,OAAO,IAAI,CAAC;AAC3G,QAAM,mBAAmB,iBAAiB,eAAe,MAAM,GAAG,EAAE,IAAI,CAAC,UAAU,MAAM,KAAK,CAAC,EAAE,OAAO,OAAO,IAAI,CAAC;AACpH,QAAM,kBAAkB,cAAc,IAAI,CAAC,SAAS,UAAU,cAAc,IAAI,IAAI,IAAI,CAAC;AACzF,QAAM,qBAAqB,iBAAiB,IAAI,CAAC,YAAY,UAAU,YAAY,OAAO,IAAI,OAAO,CAAC;AACtG,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAwB,IAAI;AACtD,QAAM,CAAC,YAAY,aAAa,IAAI,SAAS,KAAK;AAClD,QAAM,CAAC,cAAc,eAAe,IAAI,SAA8B,IAAI;AAC1E,QAAM,CAAC,qBAAqB,sBAAsB,IAAI,SAAS,KAAK;AACpE,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,KAAK;AACpD,QAAM,CAAC,yBAAyB,0BAA0B,IAAI,SAAS,KAAK;AAC5E,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAS,EAAE;AACrC,QAAM,CAAC,UAAU,WAAW,IAAI,SAAwB,IAAI;AAC5D,QAAM,CAAC,YAAY,aAAa,IAAI,SAAwB,IAAI;AAChE,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAS,KAAK;AACxD,QAAM,CAAC,eAAe,gBAAgB,IAAI,SAAwB,IAAI;AACtE,QAAM,oBAAoB,YAAY,QAAQ,kBAAkB;AAChE,QAAM,mBAAmB;AAAA,IACvB;AAAA,IACA;AAAA,EACF;AAEA,YAAU,MAAM;AACd,mBAAe,IAAI;AAAA,EACrB,GAAG,CAAC,CAAC;AAEL,YAAU,MAAM;AACd,QAAI,YAAY;AAChB,UAAM,kBAAkB,iBAAiB,SAAS,KAAK,cAAc,SAAS;AAC9E,UAAM,YAAY;AAChB,UAAI;AACF,cAAM,MAAM,MAAM,QAA6B,2BAA2B;AAAA,UACxE,QAAQ;AAAA,UACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,UAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC;AAAA,UACrC,OAAO;AAAA,QACT,CAAC;AACD,YAAI,UAAW;AACf,cAAM,eAAe,OAAO,IAAI,QAAQ,WAAW,WAAW,IAAI,OAAO,SAAS;AAClF,YAAI,CAAC,aAAc;AACnB,mCAA2B,IAAI;AAM/B,YAAI,gBAAiB;AACrB,cAAM,cAAc,aAAa,IAAI,UAAU,KAAK;AACpD,YAAI,cAAc;AAClB,YAAI,aAAa;AACf,cAAI;AACF,kBAAM,WAAW,IAAI,IAAI,aAAa,OAAO,SAAS,MAAM;AAC5D,gBACE,SAAS,WAAW,OAAO,SAAS,UACpC,SAAS,SAAS,WAAW,GAAG,KAChC,CAAC,SAAS,SAAS,SAAS,IAAI,GAChC;AACA,4BAAc,SAAS,WAAW,SAAS,SAAS,SAAS;AAAA,YAC/D;AAAA,UACF,QAAQ;AAAA,UAER;AAAA,QACF;AACA,eAAO,QAAQ,WAAW;AAAA,MAC5B,QAAQ;AAAA,MAER;AAAA,IACF,GAAG;AACH,WAAO,MAAM;AAAE,kBAAY;AAAA,IAAK;AAAA,EAClC,GAAG,CAAC,QAAQ,cAAc,iBAAiB,QAAQ,cAAc,MAAM,CAAC;AAExE,YAAU,MAAM;AACd,UAAM,eAAe,aAAa,IAAI,QAAQ,KAAK,IAAI,KAAK;AAC5D,QAAI,aAAa;AACf,kBAAY,WAAW;AACvB,aAAO,aAAa,QAAQ,gBAAgB,WAAW;AACvD,sBAAgB,WAAW;AAC3B;AAAA,IACF;AACA,UAAM,eAAe,OAAO,aAAa,QAAQ,cAAc,KAAK,iBAAiB;AACrF,QAAI,cAAc;AAChB,kBAAY,YAAY;AAAA,IAC1B;AAAA,EACF,GAAG,CAAC,YAAY,CAAC;AAEjB,YAAU,MAAM;AACd,QAAI,CAAC,UAAU;AACb,oBAAc,IAAI;AAClB,uBAAiB,IAAI;AACrB;AAAA,IACF;AACA,QAAI,kBAAkB,UAAU;AAC9B,oBAAc,IAAI;AAClB,uBAAiB,KAAK;AACtB;AAAA,IACF;AACA,QAAI,SAAS;AACb,qBAAiB,IAAI;AACrB,qBAAiB,IAAI;AACrB;AAAA,MACE,0CAA0C,mBAAmB,QAAQ,CAAC;AAAA,IACxE,EACG,KAAK,CAAC,EAAE,OAAO,MAAM;AACpB,UAAI,CAAC,OAAQ;AACb,UAAI,QAAQ,MAAM,OAAO,QAAQ;AAC/B,sBAAc,OAAO,OAAO,IAAI;AAChC;AAAA,MACF;AACA,oBAAc,IAAI;AAClB,uBAAiB,QAAQ;AACzB,eAAS,IAAI;AAAA,IACf,CAAC,EACA,MAAM,MAAM;AACX,UAAI,CAAC,OAAQ;AACb,oBAAc,IAAI;AAClB,uBAAiB,QAAQ;AACzB,eAAS,IAAI;AAAA,IACf,CAAC,EACA,QAAQ,MAAM;AACb,UAAI,OAAQ,kBAAiB,KAAK;AAAA,IACpC,CAAC;AACH,WAAO,MAAM;AACX,eAAS;AAAA,IACX;AAAA,EACF,GAAG,CAAC,UAAU,SAAS,CAAC;AAExB,WAAS,oBAAoB;AAC3B,WAAO,aAAa,WAAW,cAAc;AAC7C,sBAAkB;AAClB,gBAAY,IAAI;AAChB,kBAAc,IAAI;AAClB,qBAAiB,IAAI;AACrB,UAAM,SAAS,IAAI,gBAAgB,YAAY;AAC/C,WAAO,OAAO,QAAQ;AACtB,aAAS,IAAI;AACb,UAAM,QAAQ,OAAO,SAAS;AAC9B,WAAO,QAAQ,QAAQ,UAAU,KAAK,KAAK,QAAQ;AAAA,EACrD;AAEA,iBAAe,SAAS,GAAqC;AAC3D,MAAE,eAAe;AACjB,QAAI,CAAC,eAAe,qBAAqB;AACvC;AAAA,IACF;AACA,aAAS,IAAI;AACb,QAAI,cAAc;AAChB,mBAAa,SAAS;AACtB;AAAA,IACF;AACA,kBAAc,IAAI;AAClB,QAAI;AACF,YAAM,OAAO,IAAI,SAAS,EAAE,aAAa;AACzC,UAAI,cAAc,OAAQ,MAAK,IAAI,eAAe,cAAc,KAAK,GAAG,CAAC;AACzE,YAAM,gBAAgB,aAAa,IAAI,UAAU;AACjD,UAAI,cAAe,MAAK,IAAI,YAAY,aAAa;AACrD,YAAM,MAAM,MAAM,MAAM,mBAAmB,EAAE,QAAQ,QAAQ,MAAM,KAAK,CAAC;AACzE,UAAI,IAAI,YAAY;AAClB,2BAAmB;AACnB,iCAAyB;AAEzB,eAAO,QAAQ,IAAI,GAAG;AACtB;AAAA,MACF;AACA,UAAI,CAAC,IAAI,IAAI;AACX,cAAM,YAAY,MAAM;AACtB,cAAI,IAAI,WAAW,KAAK;AACtB,mBAAO;AAAA,cACL;AAAA,cACA;AAAA,YACF;AAAA,UACF;AACA,cAAI,IAAI,WAAW,OAAO,IAAI,WAAW,KAAK;AAC5C,mBAAO,UAAU,wCAAwC,2BAA2B;AAAA,UACtF;AACA,iBAAO,UAAU,6BAA6B,sCAAsC;AAAA,QACtF,GAAG;AACH,cAAM,SAAS,IAAI,MAAM;AACzB,YAAI,eAAe;AACnB,cAAM,cAAc,IAAI,QAAQ,IAAI,cAAc,KAAK;AACvD,YAAI,YAAY,SAAS,kBAAkB,GAAG;AAC5C,cAAI;AACF,kBAAMA,QAAO,MAAM,IAAI,KAAK;AAC5B,2BAAe,oBAAoBA,KAAI,KAAK;AAAA,UAC9C,QAAQ;AACN,gBAAI;AACF,oBAAM,OAAO,MAAM,OAAO,KAAK;AAC/B,oBAAM,UAAU,KAAK,KAAK;AAC1B,kBAAI,WAAW,CAAC,oBAAoB,OAAO,GAAG;AAC5C,+BAAe;AAAA,cACjB;AAAA,YACF,QAAQ;AACN,6BAAe;AAAA,YACjB;AAAA,UACF;AAAA,QACF,OAAO;AACL,cAAI;AACF,kBAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,kBAAM,UAAU,KAAK,KAAK;AAC1B,gBAAI,WAAW,CAAC,oBAAoB,OAAO,GAAG;AAC5C,6BAAe;AAAA,YACjB;AAAA,UACF,QAAQ;AACN,2BAAe;AAAA,UACjB;AAAA,QACF;AACA,iBAAS,gBAAgB,QAAQ;AACjC;AAAA,MACF;AAEA,YAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,IAAI;AAC9C,6BAAuB,IAAI;AAC3B,yBAAmB;AACnB,+BAAyB;AACzB,UAAI,QAAQ,OAAO,KAAK,aAAa,YAAY,KAAK,SAAS,SAAS,GAAG;AACzE,eAAO,QAAQ,KAAK,QAAQ;AAAA,MAC9B;AAAA,IACF,SAAS,KAAc;AAErB,YAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;AACrD,eAAS,WAAW,UAAU,6BAA6B,sCAAsC,CAAC;AAAA,IACpG,UAAE;AACA,oBAAc,KAAK;AAAA,IACrB;AAAA,EACF;AAEA,QAAM,mBAAmB,QAAgC,OAAO;AAAA,IAC9D;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,CAAC,OAAO,UAAU,YAAY,CAAC;AAEnC,QAAM,YAAY,eAAe,CAAC;AAElC,SACE,oBAAC,SAAI,WAAU,kDACb,+BAAC,QAAK,WAAU,mBACd;AAAA,yBAAC,cAAW,WAAU,qDACpB;AAAA,0BAAC,SAAM,KAAK,UAAU,sBAAsB,mBAAmB,GAAG,KAAI,qBAAoB,OAAO,KAAK,QAAQ,KAAK,UAAQ,MAAC;AAAA,MAC5H,oBAAC,QAAG,WAAU,0BAA0B,oBAAU,wBAAwB,cAAc,GAAE;AAAA,MAC1F,oBAAC,mBAAiB,oBAAU,uBAAuB,uBAAuB,GAAE;AAAA,OAC9E;AAAA,IACA,oBAAC,eACC,8BAAC,oBACC,+BAAC,UAAK,WAAU,cAAa,UAAoB,YAAU,MAAC,mBAAiB,YAAY,MAAM,KAC5F;AAAA,iBACC,oBAAC,WAAM,MAAK,UAAS,MAAK,YAAW,OAAO,UAAU,IACpD;AAAA,MACH,CAAC,CAAC,gBAAgB,UACjB,oBAAC,SAAM,SAAQ,QAAO,WAAU,eAC9B,8BAAC,oBACE;AAAA,QACC,gBAAgB,SAAS,IAAI,mCAAmC;AAAA,QAChE,gBAAgB,SAAS,IACrB,wDACA;AAAA,QACJ,EAAE,OAAO,gBAAgB,KAAK,IAAI,EAAE;AAAA,MACtC,GACF,GACF;AAAA,MAED,CAAC,CAAC,mBAAmB,UACpB,oBAAC,SAAM,SAAQ,QAAO,WAAU,eAC9B,8BAAC,oBACE,oBAAU,4BAA4B,yFAAyF;AAAA,QAC9H,SAAS,mBAAmB,KAAK,IAAI;AAAA,MACvC,CAAC,GACH,GACF;AAAA,MAED,4BAA4B,gBAAgB,UAAU,mBAAmB,UACxE,oBAAC,SAAI,WAAU,uBAAsB,eAAY,0BAC/C,8BAAC,UAAO,SAAO,MAAC,MAAK,UAAS,SAAQ,WAAU,MAAK,MACnD,8BAAC,QAAK,MAAK,YACR,oBAAU,+BAA+B,iBAAiB,GAC7D,GACF,GACF,IACE;AAAA,MACH,oBACC,qBAAC,SAAI,WAAU,yFACb;AAAA,4BAAC,SAAI,WAAU,eAAe,oBAAU,mCAAmC,6DAA6D,GAAE;AAAA,QAC1I,qBAAC,UAAO,MAAK,UAAS,SAAQ,WAAU,MAAK,MAAK,WAAU,oCAAmC,SAAS,mBACtG;AAAA,8BAAC,KAAE,WAAU,eAAc,eAAY,QAAO;AAAA,UAC7C,UAAU,0BAA0B,OAAO;AAAA,WAC9C;AAAA,SACF,IACE,WACF,qBAAC,SAAI,WAAU,qGACb;AAAA,4BAAC,SAAI,WAAU,eACZ,0BACG,UAAU,4BAA4B,2BAA2B,IACjE,UAAU,2BAA2B,kCAAkC;AAAA,UACrE,QAAQ,cAAc;AAAA,QACxB,CAAC,GACP;AAAA,QACA,qBAAC,UAAO,MAAK,UAAS,SAAQ,WAAU,MAAK,MAAK,WAAU,4CAA2C,SAAS,mBAC9G;AAAA,8BAAC,KAAE,WAAU,eAAc,eAAY,QAAO;AAAA,UAC7C,UAAU,0BAA0B,OAAO;AAAA,WAC9C;AAAA,SACF,IACE;AAAA,MACH,SAAS,CAAC,qBACT,oBAAC,SAAI,WAAU,yFAAwF,MAAK,SAAQ,aAAU,UAC3H,iBACH;AAAA,MAEF,qBAAC,SAAI,WAAU,cACb;AAAA,4BAAC,SAAM,SAAQ,SAAS,YAAE,YAAY,GAAE;AAAA,QACxC;AAAA,UAAC;AAAA;AAAA,YACC,IAAG;AAAA,YACH,MAAK;AAAA,YACL,UAAQ;AAAA,YACR,gBAAc,CAAC,CAAC;AAAA,YAChB,UAAU,CAAC,MAAM,SAAS,EAAE,OAAO,KAAK;AAAA,YACxC,QAAQ,CAAC,MAAM,SAAS,EAAE,OAAO,KAAK;AAAA;AAAA,QACxC;AAAA,SACF;AAAA,MACA;AAAA,QAAC;AAAA;AAAA,UACC,QAAO;AAAA,UACP,SAAS;AAAA;AAAA,MACX;AAAA,MACC,cAAc,eAAe,OAC5B,qBAAC,SAAI,WAAU,cACb;AAAA,4BAAC,SAAM,SAAQ,YAAY,YAAE,eAAe,GAAE;AAAA,QAC9C,oBAAC,iBAAc,IAAG,YAAW,MAAK,YAAW,UAAU,CAAC,cAAc,gBAAc,CAAC,CAAC,OAAO,cAAa,oBAAmB;AAAA,SAC/H;AAAA,MAED,CAAC,cAAc,kBAAkB,CAAC,cAAc,gBAC/C,qBAAC,WAAM,WAAU,yDACf;AAAA,4BAAC,WAAM,MAAK,YAAW,MAAK,YAAW,WAAU,qBAAoB;AAAA,QACrE,oBAAC,UAAM,oBAAU,yBAAyB,aAAa,GAAE;AAAA,SAC3D;AAAA,MAEF,oBAAC,UAAO,MAAK,UAAS,UAAU,cAAc,CAAC,WAAW,WAAU,aACjE,uBACG,UAAU,sBAAsB,YAAY,IAC5C,eACE,aAAa,gBACb,UAAU,eAAe,SAAS,GAC1C;AAAA,MACC,CAAC,cAAc,sBACd,oBAAC,SAAI,WAAU,sCACb,8BAAC,QAAK,WAAU,aAAY,MAAK,UAC9B,oBAAU,6BAA6B,kBAAkB,GAC5D,GACF;AAAA,OAEJ,GACF,GACF;AAAA,KACF,GACF;AAEJ;",
   "names": ["data"]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@open-mercato/core",
-  "version": "0.6.6-develop.5651.1.c43359070c",
+  "version": "0.6.6-develop.5672.1.11e27afad2",
   "type": "module",
   "main": "./dist/index.js",
   "scripts": {
@@ -245,16 +245,16 @@
     "zod": "^4.4.3"
   },
   "peerDependencies": {
-    "@open-mercato/ai-assistant": "0.6.6-develop.5651.1.c43359070c",
-    "@open-mercato/shared": "0.6.6-develop.5651.1.c43359070c",
-    "@open-mercato/ui": "0.6.6-develop.5651.1.c43359070c",
+    "@open-mercato/ai-assistant": "0.6.6-develop.5672.1.11e27afad2",
+    "@open-mercato/shared": "0.6.6-develop.5672.1.11e27afad2",
+    "@open-mercato/ui": "0.6.6-develop.5672.1.11e27afad2",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"
   },
   "devDependencies": {
-    "@open-mercato/ai-assistant": "0.6.6-develop.5651.1.c43359070c",
-    "@open-mercato/shared": "0.6.6-develop.5651.1.c43359070c",
-    "@open-mercato/ui": "0.6.6-develop.5651.1.c43359070c",
+    "@open-mercato/ai-assistant": "0.6.6-develop.5672.1.11e27afad2",
+    "@open-mercato/shared": "0.6.6-develop.5672.1.11e27afad2",
+    "@open-mercato/ui": "0.6.6-develop.5672.1.11e27afad2",
     "@testing-library/dom": "^10.4.1",
     "@testing-library/jest-dom": "^6.9.1",
     "@testing-library/react": "^16.3.1",

package/src/helpers/integration/optimisticLockUi.ts

@@ -139,14 +139,17 @@ export async function expectConflictBody(response: { status(): number; json(): P
  * dialog — see `CONFLICT_DIALOG_TESTID` for why both are valid and why pinning one
  * is racy when enterprise modules are enabled.
  */
-export async function expectConflictBanner(page: Page): Promise<void> {
+export async function expectConflictBanner(
+  page: Page,
+  options?: { timeout?: number },
+): Promise<void> {
   const conflictSurface = page
     .getByTestId(CONFLICT_BANNER_TESTID)
     .or(page.getByTestId(CONFLICT_DIALOG_TESTID))
   await expect(
     conflictSurface.first(),
     'a conflict surface (OSS bar or record_locks dialog) should appear after a stale save',
-  ).toBeVisible({ timeout: 10_000 })
+  ).toBeVisible({ timeout: options?.timeout ?? 10_000 })
 }
 
 /** Assert no conflict surface is present (a clean single-tab save must not 409). */

package/src/modules/auth/frontend/login.tsx

@@ -395,7 +395,7 @@ export default function LoginPage() {
                   <div className="font-medium">
                     {tenantLoading
                       ? translate('auth.login.tenantLoading', 'Loading tenant details...')
-                      : translate('auth.login.tenantBanner', "You're logging in to {tenant} tenant.", {
+                      : translate('auth.login.tenantBanner', "You're logging in to {tenant}.", {
                           tenant: tenantName || tenantId,
                         })}
                   </div>

package/src/modules/auth/i18n/de.json

@@ -51,7 +51,7 @@
   "auth.login.requireRoleMessage": "Für den Zugriff ist die folgende Rolle erforderlich: {roles}",
   "auth.login.requireRolesMessage": "Für den Zugriff ist eine der folgenden Rollen erforderlich: {roles}",
   "auth.login.subtitle": "Greife auf deinen Arbeitsbereich zu",
-  "auth.login.tenantBanner": "Du meldest dich beim Tenant {tenant} an.",
+  "auth.login.tenantBanner": "Du meldest dich bei {tenant} an.",
   "auth.login.tenantClear": "Zurücksetzen",
   "auth.login.tenantLoading": "Tenant-Daten werden geladen...",
   "auth.manageAuthSettings": "Verwalte die Authentifizierungseinstellungen.",

package/src/modules/auth/i18n/en.json

@@ -51,7 +51,7 @@
   "auth.login.requireRoleMessage": "Access requires role: {roles}",
   "auth.login.requireRolesMessage": "Access requires one of the following roles: {roles}",
   "auth.login.subtitle": "Access your workspace",
-  "auth.login.tenantBanner": "You're logging in to {tenant} tenant.",
+  "auth.login.tenantBanner": "You're logging in to {tenant}.",
   "auth.login.tenantClear": "Clear",
   "auth.login.tenantLoading": "Loading tenant details...",
   "auth.manageAuthSettings": "Manage authentication settings.",

package/src/modules/auth/i18n/es.json

@@ -51,7 +51,7 @@
   "auth.login.requireRoleMessage": "El acceso requiere el rol: {roles}",
   "auth.login.requireRolesMessage": "El acceso requiere uno de los siguientes roles: {roles}",
   "auth.login.subtitle": "Accede a tu espacio de trabajo",
-  "auth.login.tenantBanner": "Estás iniciando sesión en el inquilino {tenant}.",
+  "auth.login.tenantBanner": "Estás iniciando sesión en {tenant}.",
   "auth.login.tenantClear": "Borrar",
   "auth.login.tenantLoading": "Cargando detalles del inquilino...",
   "auth.manageAuthSettings": "Administra la configuración de autenticación.",

package/src/modules/auth/i18n/pl.json

@@ -51,7 +51,7 @@
   "auth.login.requireRoleMessage": "Dostęp wymaga roli: {roles}",
   "auth.login.requireRolesMessage": "Dostęp wymaga jednej z następujących ról: {roles}",
   "auth.login.subtitle": "Uzyskaj dostęp do swojego środowiska",
-  "auth.login.tenantBanner": "Logujesz się do najemcy {tenant}.",
+  "auth.login.tenantBanner": "Logujesz się do {tenant}.",
   "auth.login.tenantClear": "Wyczyść",
   "auth.login.tenantLoading": "Ładowanie szczegółów najemcy...",
   "auth.manageAuthSettings": "Zarządzaj ustawieniami uwierzytelniania.",