@technomoron/mail-magic-client 1.0.25 → 1.0.28

package/CHANGES

@@ -1,3 +1,31 @@
+Version 1.0.29 (2026-02-11)
+
+- Expand client coverage for mail-magic-owned endpoints:
+  - Add `storeFormRecipient()` for `POST /api/v1/form/recipient`.
+  - Add `getSwaggerSpec()` for `GET /api/swagger`.
+  - Add `fetchPublicAsset()` for public asset routes (`/asset/...` and `/api/asset/...`).
+- Extend `storeFormTemplate()` input support for newer form fields:
+  `replyto_email`, `replyto_from_fields`, `allowed_fields`, and `captcha_required`.
+- Add tests for the new client methods and route mappings.
+- Refresh README usage docs for recipient upserts, swagger retrieval, and public asset fetch helpers.
+
+Version 1.0.28 (2026-02-08)
+
+- Refresh README/examples to match current server auth and public form submission semantics (`_mm_form_key`,
+  `_mm_locale`, `_mm_recipients`).
+- Update `sendFormMessage()` to require `_mm_form_key` and default attachment multipart fields to `_mm_fileN`.
+
+Version 1.0.27 (2026-02-07)
+
+- Harden the template compiler to prevent `{% include %}` paths from escaping the
+  configured template root directory.
+
+Version 1.0.26 (2026-02-07)
+
+- Fix `GET` requests to omit request bodies and only set `Content-Type` when
+  sending JSON payloads.
+- `mm-cli version` now reports the package version instead of a hardcoded string.
+
 Version 1.0.25 (2026-02-07)
 
 - `sendFormMessage()` now requires `domain` when sending by `formid`, and also

package/README.md

@@ -1,4 +1,4 @@
-# mail-magic-client
+# @technomoron/mail-magic-client
 
 Client library and CLI for the mail-magic server.
 
@@ -13,7 +13,13 @@ npm install @technomoron/mail-magic-client
 ```ts
 import TemplateClient from '@technomoron/mail-magic-client';
 
-const client = new TemplateClient('http://localhost:3000', 'username:token');
+// Use the server origin (no /api).
+const baseUrl = 'http://127.0.0.1:3776';
+
+// This is the user token from init-data.json / the admin API.
+const token = 'example-token';
+
+const client = new TemplateClient(baseUrl, token);
 
 await client.storeTxTemplate({
 	domain: 'example.test',
@@ -31,6 +37,62 @@ await client.sendTxMessage({
 });
 ```
 
+## Forms
+
+Store/update a form template (authenticated). The response includes `data.form_key`, a stable random identifier (nanoid)
+that is preferred for public form submissions:
+
+```ts
+const res = await client.storeFormTemplate({
+	domain: 'example.test',
+	idname: 'contact',
+	sender: 'Example Forms <forms@example.test>',
+	recipient: 'owner@example.test',
+	subject: 'New contact form submission',
+	secret: 's3cret',
+	template: '<p>Hello {{ _fields_.name }}</p>'
+});
+
+const form_key = res.data.form_key;
+```
+
+Store/update form recipient mappings (authenticated):
+
+```ts
+await client.storeFormRecipient({
+	domain: 'example.test',
+	idname: 'support',
+	email: 'Support <support@example.test>',
+	name: 'Support Team',
+	formid: 'contact',
+	locale: 'en'
+});
+```
+
+Submit a form publicly (no auth required):
+
+```ts
+await fetch(`${baseUrl}/api/v1/form/message`, {
+	method: 'POST',
+	headers: { 'Content-Type': 'application/json' },
+	body: JSON.stringify({
+		_mm_form_key: form_key,
+		name: 'Sam',
+		email: 'sam@example.test',
+		message: 'Hello from the website'
+	})
+});
+```
+
+If you want to use the client helper (`sendFormMessage()`), pass `_mm_form_key` (public form key):
+
+```ts
+await client.sendFormMessage({
+	_mm_form_key: form_key,
+	fields: { name: 'Sam', email: 'sam@example.test', message: 'Hello' }
+});
+```
+
 ## CLI
 
 The package ships `mm-cli`.
@@ -40,14 +102,14 @@ The package ships `mm-cli`.
 Create `.mmcli-env` in your working directory to set defaults:
 
 ```ini
-MMCLI_API=http://localhost:3000
-MMCLI_TOKEN=username:token
-# or, split token:
-MMCLI_USERNAME=username
-MMCLI_PASSWORD=token
+MMCLI_API=http://127.0.0.1:3776
+MMCLI_TOKEN=example-token
 MMCLI_DOMAIN=example.test
 ```
 
+`MMCLI_TOKEN` is treated as the server token string. As a convenience, `MMCLI_USERNAME` + `MMCLI_PASSWORD` can be used
+to build a combined token string (for legacy setups).
+
 ### Template Commands
 
 Compile a template locally:
@@ -100,3 +162,7 @@ mm-cli assets --file ./hero.png --domain example.test --template-type tx --templ
 
 - `push-dir` expects a `init-data.json` and domain folders that match the server config layout.
 - Asset uploads use the server endpoint `POST /api/v1/assets`.
+- OpenAPI spec (when enabled): `await client.getSwaggerSpec()`
+- Public asset fetch helpers:
+    - `await client.fetchPublicAsset('example.test', 'images/logo.png')` -> `/asset/{domain}/{path}`
+    - `await client.fetchPublicAsset('example.test', 'images/logo.png', true)` -> `/api/asset/{domain}/{path}`

package/dist/cjs/mail-magic-client.d.ts

@@ -21,6 +21,19 @@ interface formTemplateData {
     subject?: string;
     locale?: string;
     secret?: string;
+    replyto_email?: string;
+    replyto_from_fields?: boolean;
+    allowed_fields?: string[] | string;
+    captcha_required?: boolean;
+}
+interface formRecipientData {
+    domain: string;
+    idname: string;
+    email: string;
+    name?: string;
+    form_key?: string;
+    formid?: string;
+    locale?: string;
 }
 interface sendTemplateData {
     name: string;
@@ -33,14 +46,9 @@ interface sendTemplateData {
     attachments?: AttachmentInput[];
 }
 interface sendFormData {
-    formid?: string;
-    form_key?: string;
-    secret?: string;
-    recipient?: string;
-    domain?: string;
-    locale?: string;
-    vars?: Record<string, unknown>;
-    replyTo?: string;
+    _mm_form_key: string;
+    _mm_locale?: string;
+    _mm_recipients?: string[] | string;
     fields?: Record<string, unknown>;
     attachments?: AttachmentInput[];
 }
@@ -82,7 +90,10 @@ declare class templateClient {
     storeTxTemplate(td: templateData): Promise<unknown>;
     sendTxMessage(std: sendTemplateData): Promise<unknown>;
     storeFormTemplate(data: formTemplateData): Promise<unknown>;
+    storeFormRecipient(data: formRecipientData): Promise<unknown>;
     sendFormMessage(data: sendFormData): Promise<unknown>;
     uploadAssets(data: uploadAssetsData): Promise<unknown>;
+    getSwaggerSpec(): Promise<unknown>;
+    fetchPublicAsset(domain: string, assetPath: string, viaApiBase?: boolean): Promise<ArrayBuffer>;
 }
 export default templateClient;

package/dist/cjs/mail-magic-client.js

@@ -17,14 +17,19 @@ class templateClient {
     }
     async request(method, command, body) {
         const url = `${this.baseURL}${command}`;
+        const headers = {
+            Accept: 'application/json',
+            Authorization: `Bearer apikey-${this.apiKey}`
+        };
         const options = {
             method,
-            headers: {
-                'Content-Type': 'application/json',
-                Authorization: `Bearer apikey-${this.apiKey}`
-            },
-            body: body ? JSON.stringify(body) : '{}'
+            headers
         };
+        // Avoid GET bodies (they're non-standard and can break under some proxies).
+        if (method !== 'GET' && body !== undefined) {
+            headers['Content-Type'] = 'application/json';
+            options.body = JSON.stringify(body);
+        }
         //        console.log(JSON.stringify({ options, url }));
         const response = await fetch(url, options);
         const j = await response.json();
@@ -217,36 +222,46 @@ class templateClient {
         this.validateSender(data.sender);
         return this.post('/api/v1/form/template', data);
     }
-    async sendFormMessage(data) {
-        if (!data.form_key && !data.formid) {
-            throw new Error('Invalid request body; formid or form_key required');
+    async storeFormRecipient(data) {
+        if (!data.domain) {
+            throw new Error('Missing domain');
         }
-        if (!data.form_key && !data.domain) {
-            throw new Error('Invalid request body; domain required when sending by formid');
+        if (!data.idname) {
+            throw new Error('Missing recipient identifier');
+        }
+        if (!data.email) {
+            throw new Error('Missing recipient email');
+        }
+        const parsed = email_addresses_1.default.parseOneAddress(data.email);
+        if (!parsed || !parsed.address) {
+            throw new Error('Invalid recipient email address');
+        }
+        return this.post('/api/v1/form/recipient', data);
+    }
+    async sendFormMessage(data) {
+        if (!data._mm_form_key) {
+            throw new Error('Invalid request body; _mm_form_key required');
         }
         const fields = data.fields || {};
         const baseFields = {
-            formid: data.formid,
-            form_key: data.form_key,
-            secret: data.secret,
-            recipient: data.recipient,
-            domain: data.domain,
-            locale: data.locale,
-            vars: data.vars || {},
-            replyTo: data.replyTo,
+            _mm_form_key: data._mm_form_key,
+            _mm_locale: data._mm_locale,
+            _mm_recipients: data._mm_recipients,
             ...fields
         };
         if (data.attachments && data.attachments.length > 0) {
-            const { formData } = this.createAttachmentPayload(data.attachments);
+            const normalized = data.attachments.map((attachment, idx) => {
+                const field = attachment.field || `_mm_file${idx + 1}`;
+                if (!field.startsWith('_mm_file')) {
+                    throw new Error('Form attachments must use multipart field names starting with _mm_file');
+                }
+                return { ...attachment, field };
+            });
+            const { formData } = this.createAttachmentPayload(normalized);
             this.appendFields(formData, {
-                formid: data.formid,
-                form_key: data.form_key,
-                secret: data.secret,
-                recipient: data.recipient,
-                domain: data.domain,
-                locale: data.locale,
-                vars: JSON.stringify(data.vars || {}),
-                replyTo: data.replyTo
+                _mm_form_key: data._mm_form_key,
+                _mm_locale: data._mm_locale,
+                _mm_recipients: data._mm_recipients
             });
             this.appendFields(formData, fields);
             return this.postFormData('/api/v1/form/message', formData);
@@ -282,5 +297,36 @@ class templateClient {
         });
         return this.postFormData('/api/v1/assets', formData);
     }
+    async getSwaggerSpec() {
+        return this.get('/api/swagger');
+    }
+    async fetchPublicAsset(domain, assetPath, viaApiBase = false) {
+        if (!domain) {
+            throw new Error('domain is required');
+        }
+        if (!assetPath) {
+            throw new Error('assetPath is required');
+        }
+        const cleanedPath = assetPath
+            .split('/')
+            .filter(Boolean)
+            .map((segment) => encodeURIComponent(segment))
+            .join('/');
+        if (!cleanedPath) {
+            throw new Error('assetPath is required');
+        }
+        const prefix = viaApiBase ? '/api/asset' : '/asset';
+        const url = `${this.baseURL}${prefix}/${encodeURIComponent(domain)}/${cleanedPath}`;
+        const response = await fetch(url, {
+            method: 'GET',
+            headers: {
+                Accept: '*/*'
+            }
+        });
+        if (!response.ok) {
+            throw new Error(`FETCH FAILED: ${response.status} ${response.statusText}`);
+        }
+        return response.arrayBuffer();
+    }
 }
 exports.default = templateClient;

package/dist/cli.js

@@ -5,6 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
 const readline_1 = __importDefault(require("readline"));
 const commander_1 = require("commander");
 const cli_env_1 = require("./cli-env");
@@ -15,6 +16,16 @@ const program = new commander_1.Command();
 const envDefaults = (0, cli_env_1.loadCliEnv)();
 const defaultToken = (0, cli_env_1.resolveToken)(envDefaults);
 const apiDefault = envDefaults.api || 'http://localhost:3000';
+function resolvePackageVersion() {
+    try {
+        const raw = fs_1.default.readFileSync(path_1.default.join(__dirname, '../package.json'), 'utf8');
+        const data = JSON.parse(raw);
+        return typeof data.version === 'string' && data.version ? data.version : 'unknown';
+    }
+    catch {
+        return 'unknown';
+    }
+}
 program.option('-a, --api <api>', 'Base API endpoint', apiDefault);
 if (defaultToken) {
     program.option('-t, --token <token>', 'Authentication token in the format "username:token"', defaultToken);
@@ -144,7 +155,7 @@ program
     .command('version')
     .description('Show current client version')
     .action(async () => {
-    console.log('1.0.19');
+    console.log(resolvePackageVersion());
 });
 program
     .command('compile')

package/dist/esm/mail-magic-client.js

@@ -12,14 +12,19 @@ class templateClient {
     }
     async request(method, command, body) {
         const url = `${this.baseURL}${command}`;
+        const headers = {
+            Accept: 'application/json',
+            Authorization: `Bearer apikey-${this.apiKey}`
+        };
         const options = {
             method,
-            headers: {
-                'Content-Type': 'application/json',
-                Authorization: `Bearer apikey-${this.apiKey}`
-            },
-            body: body ? JSON.stringify(body) : '{}'
+            headers
         };
+        // Avoid GET bodies (they're non-standard and can break under some proxies).
+        if (method !== 'GET' && body !== undefined) {
+            headers['Content-Type'] = 'application/json';
+            options.body = JSON.stringify(body);
+        }
         //        console.log(JSON.stringify({ options, url }));
         const response = await fetch(url, options);
         const j = await response.json();
@@ -212,36 +217,46 @@ class templateClient {
         this.validateSender(data.sender);
         return this.post('/api/v1/form/template', data);
     }
-    async sendFormMessage(data) {
-        if (!data.form_key && !data.formid) {
-            throw new Error('Invalid request body; formid or form_key required');
+    async storeFormRecipient(data) {
+        if (!data.domain) {
+            throw new Error('Missing domain');
         }
-        if (!data.form_key && !data.domain) {
-            throw new Error('Invalid request body; domain required when sending by formid');
+        if (!data.idname) {
+            throw new Error('Missing recipient identifier');
+        }
+        if (!data.email) {
+            throw new Error('Missing recipient email');
+        }
+        const parsed = emailAddresses.parseOneAddress(data.email);
+        if (!parsed || !parsed.address) {
+            throw new Error('Invalid recipient email address');
+        }
+        return this.post('/api/v1/form/recipient', data);
+    }
+    async sendFormMessage(data) {
+        if (!data._mm_form_key) {
+            throw new Error('Invalid request body; _mm_form_key required');
         }
         const fields = data.fields || {};
         const baseFields = {
-            formid: data.formid,
-            form_key: data.form_key,
-            secret: data.secret,
-            recipient: data.recipient,
-            domain: data.domain,
-            locale: data.locale,
-            vars: data.vars || {},
-            replyTo: data.replyTo,
+            _mm_form_key: data._mm_form_key,
+            _mm_locale: data._mm_locale,
+            _mm_recipients: data._mm_recipients,
             ...fields
         };
         if (data.attachments && data.attachments.length > 0) {
-            const { formData } = this.createAttachmentPayload(data.attachments);
+            const normalized = data.attachments.map((attachment, idx) => {
+                const field = attachment.field || `_mm_file${idx + 1}`;
+                if (!field.startsWith('_mm_file')) {
+                    throw new Error('Form attachments must use multipart field names starting with _mm_file');
+                }
+                return { ...attachment, field };
+            });
+            const { formData } = this.createAttachmentPayload(normalized);
             this.appendFields(formData, {
-                formid: data.formid,
-                form_key: data.form_key,
-                secret: data.secret,
-                recipient: data.recipient,
-                domain: data.domain,
-                locale: data.locale,
-                vars: JSON.stringify(data.vars || {}),
-                replyTo: data.replyTo
+                _mm_form_key: data._mm_form_key,
+                _mm_locale: data._mm_locale,
+                _mm_recipients: data._mm_recipients
             });
             this.appendFields(formData, fields);
             return this.postFormData('/api/v1/form/message', formData);
@@ -277,5 +292,36 @@ class templateClient {
         });
         return this.postFormData('/api/v1/assets', formData);
     }
+    async getSwaggerSpec() {
+        return this.get('/api/swagger');
+    }
+    async fetchPublicAsset(domain, assetPath, viaApiBase = false) {
+        if (!domain) {
+            throw new Error('domain is required');
+        }
+        if (!assetPath) {
+            throw new Error('assetPath is required');
+        }
+        const cleanedPath = assetPath
+            .split('/')
+            .filter(Boolean)
+            .map((segment) => encodeURIComponent(segment))
+            .join('/');
+        if (!cleanedPath) {
+            throw new Error('assetPath is required');
+        }
+        const prefix = viaApiBase ? '/api/asset' : '/asset';
+        const url = `${this.baseURL}${prefix}/${encodeURIComponent(domain)}/${cleanedPath}`;
+        const response = await fetch(url, {
+            method: 'GET',
+            headers: {
+                Accept: '*/*'
+            }
+        });
+        if (!response.ok) {
+            throw new Error(`FETCH FAILED: ${response.status} ${response.statusText}`);
+        }
+        return response.arrayBuffer();
+    }
 }
 export default templateClient;

package/dist/mail-magic-client.js

@@ -17,14 +17,19 @@ class templateClient {
     }
     async request(method, command, body) {
         const url = `${this.baseURL}${command}`;
+        const headers = {
+            Accept: 'application/json',
+            Authorization: `Bearer apikey-${this.apiKey}`
+        };
         const options = {
             method,
-            headers: {
-                'Content-Type': 'application/json',
-                Authorization: `Bearer apikey-${this.apiKey}`
-            },
-            body: body ? JSON.stringify(body) : '{}'
+            headers
         };
+        // Avoid GET bodies (they're non-standard and can break under some proxies).
+        if (method !== 'GET' && body !== undefined) {
+            headers['Content-Type'] = 'application/json';
+            options.body = JSON.stringify(body);
+        }
         //        console.log(JSON.stringify({ options, url }));
         const response = await fetch(url, options);
         const j = await response.json();
@@ -217,36 +222,46 @@ class templateClient {
         this.validateSender(data.sender);
         return this.post('/api/v1/form/template', data);
     }
-    async sendFormMessage(data) {
-        if (!data.form_key && !data.formid) {
-            throw new Error('Invalid request body; formid or form_key required');
+    async storeFormRecipient(data) {
+        if (!data.domain) {
+            throw new Error('Missing domain');
         }
-        if (!data.form_key && !data.domain) {
-            throw new Error('Invalid request body; domain required when sending by formid');
+        if (!data.idname) {
+            throw new Error('Missing recipient identifier');
+        }
+        if (!data.email) {
+            throw new Error('Missing recipient email');
+        }
+        const parsed = email_addresses_1.default.parseOneAddress(data.email);
+        if (!parsed || !parsed.address) {
+            throw new Error('Invalid recipient email address');
+        }
+        return this.post('/api/v1/form/recipient', data);
+    }
+    async sendFormMessage(data) {
+        if (!data._mm_form_key) {
+            throw new Error('Invalid request body; _mm_form_key required');
         }
         const fields = data.fields || {};
         const baseFields = {
-            formid: data.formid,
-            form_key: data.form_key,
-            secret: data.secret,
-            recipient: data.recipient,
-            domain: data.domain,
-            locale: data.locale,
-            vars: data.vars || {},
-            replyTo: data.replyTo,
+            _mm_form_key: data._mm_form_key,
+            _mm_locale: data._mm_locale,
+            _mm_recipients: data._mm_recipients,
             ...fields
         };
         if (data.attachments && data.attachments.length > 0) {
-            const { formData } = this.createAttachmentPayload(data.attachments);
+            const normalized = data.attachments.map((attachment, idx) => {
+                const field = attachment.field || `_mm_file${idx + 1}`;
+                if (!field.startsWith('_mm_file')) {
+                    throw new Error('Form attachments must use multipart field names starting with _mm_file');
+                }
+                return { ...attachment, field };
+            });
+            const { formData } = this.createAttachmentPayload(normalized);
             this.appendFields(formData, {
-                formid: data.formid,
-                form_key: data.form_key,
-                secret: data.secret,
-                recipient: data.recipient,
-                domain: data.domain,
-                locale: data.locale,
-                vars: JSON.stringify(data.vars || {}),
-                replyTo: data.replyTo
+                _mm_form_key: data._mm_form_key,
+                _mm_locale: data._mm_locale,
+                _mm_recipients: data._mm_recipients
             });
             this.appendFields(formData, fields);
             return this.postFormData('/api/v1/form/message', formData);
@@ -282,5 +297,36 @@ class templateClient {
         });
         return this.postFormData('/api/v1/assets', formData);
     }
+    async getSwaggerSpec() {
+        return this.get('/api/swagger');
+    }
+    async fetchPublicAsset(domain, assetPath, viaApiBase = false) {
+        if (!domain) {
+            throw new Error('domain is required');
+        }
+        if (!assetPath) {
+            throw new Error('assetPath is required');
+        }
+        const cleanedPath = assetPath
+            .split('/')
+            .filter(Boolean)
+            .map((segment) => encodeURIComponent(segment))
+            .join('/');
+        if (!cleanedPath) {
+            throw new Error('assetPath is required');
+        }
+        const prefix = viaApiBase ? '/api/asset' : '/asset';
+        const url = `${this.baseURL}${prefix}/${encodeURIComponent(domain)}/${cleanedPath}`;
+        const response = await fetch(url, {
+            method: 'GET',
+            headers: {
+                Accept: '*/*'
+            }
+        });
+        if (!response.ok) {
+            throw new Error(`FETCH FAILED: ${response.status} ${response.statusText}`);
+        }
+        return response.arrayBuffer();
+    }
 }
 exports.default = templateClient;

package/dist/preprocess.js

@@ -31,7 +31,7 @@ function resolveCssPath(cssPath) {
     }
     return node_path_1.default.isAbsolute(cssPath) ? cssPath : node_path_1.default.join(process.cwd(), cssPath);
 }
-function inlineIncludes(content, baseDir, srcRoot, stack) {
+function inlineIncludes(content, baseDir, srcRoot, normalizedSrcRoot, stack) {
     const includeExp = /\{%\s*include\s+['"]([^'"]+)['"][^%]*%\}/g;
     return content.replace(includeExp, (_match, includePath) => {
         const cleaned = includePath.replace(/^\/+/, '');
@@ -41,12 +41,18 @@ function inlineIncludes(content, baseDir, srcRoot, stack) {
             throw new Error(`Include not found: ${includePath}`);
         }
         const resolved = node_fs_1.default.realpathSync(found);
+        if (!resolved.startsWith(normalizedSrcRoot)) {
+            throw new Error(`Include path escapes template root: ${includePath}`);
+        }
+        if (!node_fs_1.default.statSync(resolved).isFile()) {
+            throw new Error(`Include is not a file: ${includePath}`);
+        }
         if (stack.has(resolved)) {
             throw new Error(`Circular include detected for ${includePath}`);
         }
         stack.add(resolved);
         const raw = node_fs_1.default.readFileSync(resolved, 'utf8');
-        const inlined = inlineIncludes(raw, node_path_1.default.dirname(resolved), srcRoot, stack);
+        const inlined = inlineIncludes(raw, node_path_1.default.dirname(resolved), srcRoot, normalizedSrcRoot, stack);
         stack.delete(resolved);
         return inlined;
     });
@@ -95,12 +101,14 @@ function process_template(tplname, writeOutput = true) {
     console.log(`Processing template: ${tplname}`);
     try {
         const srcRoot = resolvePathRoot(cfg.src_dir);
+        const resolvedSrcRoot = node_fs_1.default.realpathSync(srcRoot);
+        const normalizedSrcRoot = resolvedSrcRoot.endsWith(node_path_1.default.sep) ? resolvedSrcRoot : resolvedSrcRoot + node_path_1.default.sep;
         const templateFile = node_path_1.default.join(srcRoot, `${tplname}.njk`);
         // 1) Resolve template inheritance
         const mergedTemplate = cfg.env.renderString(`{% process_layout "${tplname}.njk" %}`, {});
         // 1.5) Inline partials/includes so the server doesn't need a loader
         const mergedWithPartials = cfg.inline_includes
-            ? inlineIncludes(mergedTemplate, node_path_1.default.dirname(templateFile), srcRoot, new Set())
+            ? inlineIncludes(mergedTemplate, node_path_1.default.dirname(templateFile), srcRoot, normalizedSrcRoot, new Set())
             : mergedTemplate;
         // 2) Protect variables/flow
         const protectedTemplate = cfg.env.filters.protect_variables(mergedWithPartials);

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@technomoron/mail-magic-client",
-	"version": "1.0.25",
+	"version": "1.0.28",
 	"description": "Client library for mail-magic",
 	"main": "dist/cjs/mail-magic-client.js",
 	"types": "dist/cjs/mail-magic-client.d.ts",