@wopr-network/platform-ui-core 1.1.11 → 1.1.13

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wopr-network/platform-ui-core",
-  "version": "1.1.11",
+  "version": "1.1.13",
   "description": "Brand-agnostic AI agent platform UI — deploy as any brand via env vars",
   "repository": {
     "type": "git",

package/src/__tests__/middleware.test.ts

@@ -658,7 +658,7 @@ describe("CSP nonce in middleware", () => {
     const res = await middleware(req);
     const csp = res.headers.get("content-security-policy") ?? "";
     expect(csp).toContain("default-src 'self'");
-    expect(csp).toMatch(/style-src-elem 'self' 'nonce-[A-Za-z0-9+/=_-]+'/);
+    expect(csp).toMatch(/style-src-elem 'self' 'unsafe-inline' 'nonce-[A-Za-z0-9+/=_-]+'/);
 
     expect(csp).toContain("img-src 'self' data: blob:");
     expect(csp).toContain("frame-src https://js.stripe.com");
@@ -706,10 +706,10 @@ describe("CSP style-src directive", () => {
     });
     const res = await middleware(req);
     const csp = res.headers.get("content-security-policy") ?? "";
-    // Must contain nonce in style-src-elem (split from style-src for finer-grained control)
-    expect(csp).toMatch(/style-src-elem 'self' 'nonce-[A-Za-z0-9+/=_-]+'/);
-    // Must NOT contain unsafe-inline in style-src-elem
-    expect(csp).not.toContain("style-src-elem 'self' 'unsafe-inline'");
+    // Must contain nonce + unsafe-inline in style-src-elem
+    // (unsafe-inline needed for framer-motion dynamic style injection)
+    expect(csp).toMatch(/style-src-elem 'self' 'unsafe-inline' 'nonce-[A-Za-z0-9+/=_-]+'/);
+    expect(csp).toContain("style-src-attr 'unsafe-inline'");
   });
 });
 

package/src/app/(dashboard)/billing/credits/page.tsx

@@ -40,7 +40,9 @@ function CreditsContent() {
   useEffect(() => {
     getOrganization()
       .then((org) => {
-        const currentMember = org.members.find((m) => m.email === session?.user?.email);
+        const currentMember = org.members.find(
+          (m) => m.userId === session?.user?.id || (m.email && m.email === session?.user?.email),
+        );
         setOrgContext({
           orgId: org.id,
           orgName: org.name,
@@ -51,7 +53,7 @@ function CreditsContent() {
         // No org — show personal billing
       })
       .finally(() => setOrgChecked(true));
-  }, [session?.user?.email]);
+  }, [session?.user?.email, session?.user?.id]);
 
   const [showCryptoPending, setShowCryptoPending] = useState(cryptoPending);
   const [dividendStats, setDividendStats] = useState<DividendWalletStats | null>(null);

package/src/components/billing/org-billing-page.tsx

@@ -5,6 +5,7 @@ import { Building2, Download } from "lucide-react";
 import { useCallback, useEffect, useState } from "react";
 import { AddPaymentMethodDialog } from "@/components/billing/add-payment-method-dialog";
 import { BuyCreditsPanel } from "@/components/billing/buy-credits-panel";
+import { BuyCryptoCreditPanel } from "@/components/billing/buy-crypto-credits-panel";
 import { CreditBalance } from "@/components/billing/credit-balance";
 import { Badge } from "@/components/ui/badge";
 import { Button } from "@/components/ui/button";
@@ -157,6 +158,9 @@ export function OrgBillingPage({ orgId, orgName, isAdmin }: OrgBillingPageProps)
           transition={{ duration: 0.4, delay: sectionDelays.buyCredits, ease: "easeOut" }}
         >
           <BuyCreditsPanel />
+          <div className="mt-4">
+            <BuyCryptoCreditPanel />
+          </div>
         </motion.div>
       )}
 

package/src/proxy.ts

@@ -31,7 +31,7 @@ function buildCsp(nonce: string, requestUrl?: string): string {
     "default-src 'self'",
     `script-src 'self' 'nonce-${nonce}' 'strict-dynamic' https://js.stripe.com`,
     ...(NONCE_STYLES_ENABLED
-      ? [`style-src-elem 'self' 'nonce-${nonce}'`, "style-src-attr 'unsafe-inline'"]
+      ? [`style-src-elem 'self' 'unsafe-inline' 'nonce-${nonce}'`, "style-src-attr 'unsafe-inline'"]
       : ["style-src 'self' 'unsafe-inline'"]),
     "img-src 'self' data: blob:",
     "font-src 'self'",