@wopr-network/platform-ui-core 1.1.7 → 1.1.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wopr-network/platform-ui-core",
-  "version": "1.1.7",
+  "version": "1.1.9",
   "description": "Brand-agnostic AI agent platform UI — deploy as any brand via env vars",
   "repository": {
     "type": "git",

package/src/__tests__/auto-topup-card.test.tsx

@@ -35,6 +35,14 @@ vi.mock("better-auth/react", () => ({
   }),
 }));
 
+/** Return an ISO-8601 UTC date string N days from now, truncated to midnight. */
+function daysFromNow(n: number): string {
+  const d = new Date();
+  d.setUTCDate(d.getUTCDate() + n);
+  d.setUTCHours(0, 0, 0, 0);
+  return d.toISOString();
+}
+
 const MOCK_SETTINGS: AutoTopupSettings = {
   usageBased: {
     enabled: false,
@@ -61,7 +69,7 @@ const MOCK_SETTINGS_ENABLED: AutoTopupSettings = {
     enabled: true,
     amountCents: 2000,
     interval: "weekly",
-    nextChargeDate: "2026-02-24T00:00:00Z",
+    nextChargeDate: daysFromNow(7),
   },
   paymentMethodLast4: "4242",
   paymentMethodBrand: "Visa",
@@ -89,7 +97,7 @@ const MOCK_SETTINGS_MONTHLY: AutoTopupSettings = {
     enabled: true,
     amountCents: 2000,
     interval: "monthly",
-    nextChargeDate: "2026-03-01T00:00:00Z",
+    nextChargeDate: daysFromNow(14),
   },
 };
 

package/src/__tests__/buy-crypto-credits-panel.test.tsx

@@ -103,7 +103,7 @@ describe("BuyCryptoCreditPanel", () => {
     });
 
     mockCreateCryptoCheckout.mockResolvedValue({
-      url: "https://payram.io/checkout/abc123",
+      url: "https://btcpay.example.com/i/abc123",
       referenceId: "ref-abc123",
     });
     mockIsAllowedRedirectUrl.mockReturnValue(true);
@@ -116,8 +116,8 @@ describe("BuyCryptoCreditPanel", () => {
     await user.click(screen.getByRole("button", { name: "Pay with crypto" }));
 
     expect(mockCreateCryptoCheckout).toHaveBeenCalledWith(50);
-    expect(mockIsAllowedRedirectUrl).toHaveBeenCalledWith("https://payram.io/checkout/abc123");
-    expect(hrefSetter).toHaveBeenCalledWith("https://payram.io/checkout/abc123");
+    expect(mockIsAllowedRedirectUrl).toHaveBeenCalledWith("https://btcpay.example.com/i/abc123");
+    expect(hrefSetter).toHaveBeenCalledWith("https://btcpay.example.com/i/abc123");
   });
 
   it("shows error when redirect URL is not allowed", async () => {
@@ -139,7 +139,7 @@ describe("BuyCryptoCreditPanel", () => {
     ).toBeInTheDocument();
   });
 
-  it("shows Opening PayRam... while checkout is in progress", async () => {
+  it("shows Opening checkout... while checkout is in progress", async () => {
     mockCreateCryptoCheckout.mockReturnValue(
       new Promise(() => {
         /* intentionally pending */
@@ -153,7 +153,7 @@ describe("BuyCryptoCreditPanel", () => {
     await user.click(screen.getByText("$100"));
     await user.click(screen.getByRole("button", { name: "Pay with crypto" }));
 
-    expect(await screen.findByText("Opening PayRam...")).toBeInTheDocument();
+    expect(await screen.findByText("Opening checkout...")).toBeInTheDocument();
   });
 
   it("shows error when crypto checkout API call fails", async () => {

package/src/__tests__/dividend-calculator.test.tsx

@@ -17,4 +17,19 @@ describe("DividendCalculator", () => {
 
     expect(screen.getByText(/the earlier you join/i)).toBeInTheDocument();
   });
+
+  it("renders without crash when no API context is available (unauthenticated)", async () => {
+    // DividendCalculator is a static component with no API dependencies.
+    // This test verifies it renders completely in an environment where
+    // fetch is stubbed to reject (simulating unauthenticated pricing page).
+    // If a future refactor adds data fetching, this test catches regressions.
+    const { DividendCalculator } = await import("@/components/pricing/dividend-calculator");
+    const { container } = render(<DividendCalculator />);
+
+    // Component should render two Card sections
+    expect(screen.getByTestId("net-cost")).toBeInTheDocument();
+    expect(screen.getByText(/early adopter advantage/i)).toBeInTheDocument();
+    // No error text or crash indicators
+    expect(container.querySelector(".text-red-500")).toBeNull();
+  });
 });

package/src/__tests__/dividend-stats.test.tsx

@@ -1,4 +1,4 @@
-import { render, screen } from "@testing-library/react";
+import { render, screen, waitFor } from "@testing-library/react";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 
 // Stub fetch globally before any module imports
@@ -13,9 +13,10 @@ vi.mock("@/lib/api-config", () => ({
 describe("DividendStats", () => {
   beforeEach(() => {
     mockFetch.mockReset();
+    vi.resetModules();
   });
 
-  it("renders fallback values when API returns null", async () => {
+  it("renders fallback dashes when API returns non-ok response (no error message shown)", async () => {
     mockFetch.mockResolvedValue({
       ok: false,
       status: 500,
@@ -26,9 +27,14 @@ describe("DividendStats", () => {
     const { DividendStats } = await import("@/components/pricing/dividend-stats");
     render(<DividendStats />);
 
-    expect(screen.getByTestId("pool-amount")).toBeInTheDocument();
-    expect(screen.getByTestId("active-users")).toBeInTheDocument();
-    expect(screen.getByTestId("projected-dividend")).toBeInTheDocument();
+    // Wait for fetch to complete (loaded=true), then verify fallback dashes
+    await waitFor(() => {
+      expect(screen.getByTestId("pool-amount")).toHaveTextContent("--");
+    });
+    expect(screen.getByTestId("active-users")).toHaveTextContent("--");
+    expect(screen.getByTestId("projected-dividend")).toHaveTextContent("--");
+    // fetchDividendStats returns null (no throw) → .catch() never runs → no red error paragraph
+    expect(screen.queryByText(/failed to load/i)).not.toBeInTheDocument();
   });
 
   it("renders live data when API succeeds", async () => {
@@ -45,9 +51,12 @@ describe("DividendStats", () => {
     const { DividendStats } = await import("@/components/pricing/dividend-stats");
     render(<DividendStats />);
 
-    expect(screen.getByTestId("pool-amount")).toBeInTheDocument();
-    expect(screen.getByTestId("active-users")).toBeInTheDocument();
-    expect(screen.getByTestId("projected-dividend")).toBeInTheDocument();
+    // useCountUp with prefers-reduced-motion: true sets value immediately
+    await waitFor(() => {
+      expect(screen.getByTestId("pool-amount")).toHaveTextContent("$2500.00");
+    });
+    expect(screen.getByTestId("active-users")).toHaveTextContent("8,000");
+    expect(screen.getByTestId("projected-dividend")).toHaveTextContent("~$0.31");
   });
 
   it("renders fallback dashes when fetch rejects (network error)", async () => {
@@ -56,9 +65,42 @@ describe("DividendStats", () => {
     const { DividendStats } = await import("@/components/pricing/dividend-stats");
     render(<DividendStats />);
 
-    // fetchDividendStats catches network errors and returns null — component shows "--"
-    expect(screen.getByTestId("pool-amount")).toBeInTheDocument();
-    expect(screen.getByTestId("active-users")).toBeInTheDocument();
-    expect(screen.getByTestId("projected-dividend")).toBeInTheDocument();
+    // Wait for fetch to complete, then verify fallback dashes
+    await waitFor(() => {
+      expect(mockFetch).toHaveBeenCalled();
+    });
+    // fetchDividendStats catches network errors and returns null → component shows "--"
+    await waitFor(() => {
+      expect(screen.getByTestId("pool-amount")).toHaveTextContent("--");
+    });
+    expect(screen.getByTestId("active-users")).toHaveTextContent("--");
+    expect(screen.getByTestId("projected-dividend")).toHaveTextContent("--");
+  });
+
+  it("renders error message when fetchDividendStats throws", async () => {
+    // To hit the component's .catch() branch, mock the API module directly
+    // so fetchDividendStats rejects instead of catching internally
+    vi.doMock("@/lib/api", async (importOriginal) => {
+      const orig = await importOriginal<typeof import("@/lib/api")>();
+      return {
+        ...orig,
+        fetchDividendStats: vi.fn().mockRejectedValue(new Error("Unexpected failure")),
+      };
+    });
+
+    const { DividendStats } = await import("@/components/pricing/dividend-stats");
+    render(<DividendStats />);
+
+    await waitFor(() => {
+      expect(screen.getByText("Unexpected failure")).toBeInTheDocument();
+    });
+    // Error text should be red
+    expect(screen.getByText("Unexpected failure")).toHaveClass("text-red-500");
+    // Data fields should show "--" (never populated)
+    expect(screen.getByTestId("pool-amount")).toHaveTextContent("--");
+    expect(screen.getByTestId("active-users")).toHaveTextContent("--");
+    expect(screen.getByTestId("projected-dividend")).toHaveTextContent("--");
+
+    vi.unmock("@/lib/api"); // clean up factory registration so future tests are unaffected
   });
 });

package/src/__tests__/onboarding-store-urls.test.ts

@@ -0,0 +1,24 @@
+import { describe, expect, it } from "vitest";
+import { PROVIDER_DOC_URLS } from "../config/provider-docs";
+
+describe("AI_PROVIDERS keyHelpUrl consolidation", () => {
+  it("all keyHelpUrl values match PROVIDER_DOC_URLS entries", async () => {
+    const { AI_PROVIDERS } = await import("../lib/onboarding-store");
+
+    const urlToProviderDocKey: Record<string, string> = {
+      [PROVIDER_DOC_URLS.anthropic]: "anthropic",
+      [PROVIDER_DOC_URLS.openai]: "openai",
+      [PROVIDER_DOC_URLS.google]: "google",
+      [PROVIDER_DOC_URLS.xai]: "xai",
+      [PROVIDER_DOC_URLS.local]: "local",
+    };
+
+    for (const provider of AI_PROVIDERS) {
+      expect(
+        provider.keyHelpUrl in urlToProviderDocKey ||
+          Object.values(PROVIDER_DOC_URLS).includes(provider.keyHelpUrl as never),
+        `${provider.id} keyHelpUrl "${provider.keyHelpUrl}" should come from PROVIDER_DOC_URLS`,
+      ).toBe(true);
+    }
+  });
+});

package/src/__tests__/provider-docs.test.ts

@@ -0,0 +1,35 @@
+import { describe, expect, it } from "vitest";
+import { PROVIDER_DOC_URLS } from "../config/provider-docs";
+
+describe("PROVIDER_DOC_URLS", () => {
+  it("contains all expected provider keys", () => {
+    const expectedKeys = [
+      "openai",
+      "openrouter",
+      "anthropic",
+      "replicate",
+      "elevenlabs",
+      "elevenlabsHome",
+      "deepgram",
+      "discord",
+      "slack",
+      "telegram",
+      "whatsapp",
+      "msTeams",
+      "moonshot",
+      "github",
+      "google",
+      "xai",
+      "local",
+    ];
+    for (const key of expectedKeys) {
+      expect(PROVIDER_DOC_URLS).toHaveProperty(key);
+    }
+  });
+
+  it("all values are valid https or http URLs", () => {
+    for (const [key, url] of Object.entries(PROVIDER_DOC_URLS)) {
+      expect(url, `${key} should be a valid URL`).toMatch(/^https?:\/\//);
+    }
+  });
+});

package/src/__tests__/suspension-banner.test.tsx

@@ -19,6 +19,22 @@ vi.mock("better-auth/react", () => ({
   }),
 }));
 
+/** Return an ISO-8601 UTC date string N days from now, truncated to midnight. */
+function daysFromNow(n: number): string {
+  const d = new Date();
+  d.setUTCDate(d.getUTCDate() + n);
+  d.setUTCHours(0, 0, 0, 0);
+  return d.toISOString();
+}
+
+/** Return an ISO-8601 UTC date string N days from now, at end-of-day. */
+function endOfDayFromNow(n: number): string {
+  const d = new Date();
+  d.setUTCDate(d.getUTCDate() + n);
+  d.setUTCHours(23, 59, 59, 0);
+  return d.toISOString();
+}
+
 const MOCK_BALANCE: CreditBalance = {
   balance: 0.5,
   dailyBurn: 0.33,
@@ -32,8 +48,8 @@ vi.mock("@/lib/api", async (importOriginal) => {
     getCreditBalance: vi.fn().mockResolvedValue(MOCK_BALANCE),
     getAccountStatus: vi.fn().mockResolvedValue(null),
     getBillingUsageSummary: vi.fn().mockResolvedValue({
-      periodStart: "2026-02-01T00:00:00Z",
-      periodEnd: "2026-02-28T23:59:59Z",
+      periodStart: daysFromNow(-30),
+      periodEnd: endOfDayFromNow(0),
       totalSpend: 30,
       includedCredit: 50,
       amountDue: 0,
@@ -105,8 +121,8 @@ describe("SuspensionBanner", () => {
       runway: 5,
     });
     vi.mocked(api.getBillingUsageSummary).mockResolvedValueOnce({
-      periodStart: "2026-02-01T00:00:00Z",
-      periodEnd: "2026-02-28T23:59:59Z",
+      periodStart: daysFromNow(-30),
+      periodEnd: endOfDayFromNow(0),
       totalSpend: 120,
       includedCredit: 50,
       amountDue: 70,

package/src/__tests__/validate-redirect-url.test.ts

@@ -19,18 +19,9 @@ describe("isAllowedRedirectUrl", () => {
     expect(isAllowedRedirectUrl("https://billing.stripe.com/p/session/test_abc")).toBe(true);
   });
 
-  it("allows Coinbase Commerce URLs", () => {
-    expect(isAllowedRedirectUrl("https://commerce.coinbase.com/charges/ABC123")).toBe(true);
-  });
-
-  it("allows PayRam URLs", () => {
-    expect(isAllowedRedirectUrl("https://payram.io/checkout/abc")).toBe(true);
-    expect(isAllowedRedirectUrl("https://app.payram.io/pay/abc")).toBe(true);
-  });
-
-  it("allows same-origin URLs", () => {
-    // jsdom defaults to http://localhost
+  it("allows same-origin URLs (BTCPay checkout is same-origin in local dev)", () => {
     expect(isAllowedRedirectUrl("http://localhost/billing/success")).toBe(true);
+    expect(isAllowedRedirectUrl("http://localhost/i/invoice123")).toBe(true);
     expect(isAllowedRedirectUrl("/billing/success")).toBe(true);
   });
 
@@ -58,4 +49,8 @@ describe("isAllowedRedirectUrl", () => {
     expect(ALLOWED_REDIRECT_ORIGINS).toBeInstanceOf(Set);
     expect(ALLOWED_REDIRECT_ORIGINS.has("https://checkout.stripe.com")).toBe(true);
   });
+
+  it("does not include defunct payment providers", () => {
+    expect(ALLOWED_REDIRECT_ORIGINS.has("https://payram.io")).toBe(false);
+  });
 });

package/src/components/billing/buy-crypto-credits-panel.tsx

@@ -52,7 +52,7 @@ export function BuyCryptoCreditPanel() {
             Pay with Crypto
           </CardTitle>
           <p className="text-xs text-muted-foreground">
-            Pay with ETH, USDC, USDT, or other cryptocurrencies via PayRam. Minimum $10.
+            Pay with BTC or other cryptocurrencies. Minimum $10.
           </p>
         </CardHeader>
         <CardContent className="space-y-4">
@@ -87,7 +87,7 @@ export function BuyCryptoCreditPanel() {
             variant="outline"
             className="w-full sm:w-auto"
           >
-            {loading ? "Opening PayRam..." : "Pay with crypto"}
+            {loading ? "Opening checkout..." : "Pay with crypto"}
           </Button>
         </CardContent>
       </Card>

package/src/config/provider-docs.ts

@@ -1,4 +1,12 @@
-/** External provider documentation URLs used in onboarding config fields. */
+/**
+ * External provider documentation URLs used in onboarding config fields.
+ *
+ * These are intentional external links to provider API key dashboards —
+ * no secret material. They live in code (not fetched from the API) because
+ * major provider dashboard URLs change extremely rarely (years, not weeks).
+ * The cost of an API round-trip, loading state, and DB migration is not
+ * justified. If a URL changes, update this map and publish a new version.
+ */
 export const PROVIDER_DOC_URLS = {
   openai: "https://platform.openai.com/api-keys",
   openrouter: "https://openrouter.ai/keys",
@@ -14,4 +22,7 @@ export const PROVIDER_DOC_URLS = {
   msTeams: "https://dev.teams.microsoft.com/",
   moonshot: "https://platform.moonshot.cn/",
   github: "https://github.com/settings/tokens",
+  google: "https://aistudio.google.com/apikey",
+  xai: "https://console.x.ai/",
+  local: "https://ollama.com/download",
 } as const;

package/src/lib/onboarding-store.ts

@@ -2,6 +2,7 @@
  * Client-side onboarding state with localStorage persistence.
  * Enables resume from last completed step.
  */
+import { PROVIDER_DOC_URLS } from "../config/provider-docs";
 import { storageKey } from "./brand-config";
 
 export interface ProviderConfig {
@@ -137,7 +138,7 @@ export const AI_PROVIDERS = [
     recommended: true,
     keyPattern: "^sk-ant-[a-zA-Z0-9_-]+$",
     keyPlaceholder: "sk-ant-api03-...",
-    keyHelpUrl: "https://console.anthropic.com/settings/keys",
+    keyHelpUrl: PROVIDER_DOC_URLS.anthropic,
   },
   {
     id: "openai",
@@ -148,7 +149,7 @@ export const AI_PROVIDERS = [
     recommended: false,
     keyPattern: "^sk-[a-zA-Z0-9_-]+$",
     keyPlaceholder: "sk-proj-...",
-    keyHelpUrl: "https://platform.openai.com/api-keys",
+    keyHelpUrl: PROVIDER_DOC_URLS.openai,
   },
   {
     id: "google",
@@ -159,7 +160,7 @@ export const AI_PROVIDERS = [
     recommended: false,
     keyPattern: "^AIza[a-zA-Z0-9_-]+$",
     keyPlaceholder: "AIzaSy...",
-    keyHelpUrl: "https://aistudio.google.com/apikey",
+    keyHelpUrl: PROVIDER_DOC_URLS.google,
   },
   {
     id: "xai",
@@ -170,7 +171,7 @@ export const AI_PROVIDERS = [
     recommended: false,
     keyPattern: "^xai-[a-zA-Z0-9_-]+$",
     keyPlaceholder: "xai-...",
-    keyHelpUrl: "https://console.x.ai/",
+    keyHelpUrl: PROVIDER_DOC_URLS.xai,
   },
   {
     id: "local",
@@ -181,7 +182,7 @@ export const AI_PROVIDERS = [
     recommended: false,
     keyPattern: ".*",
     keyPlaceholder: "http://localhost:11434",
-    keyHelpUrl: "https://ollama.com/download",
+    keyHelpUrl: PROVIDER_DOC_URLS.local,
   },
 ] as const;
 

package/src/lib/validate-redirect-url.ts

@@ -1,12 +1,30 @@
-/** Origins that are allowed as redirect targets from backend checkout responses. */
-export const ALLOWED_REDIRECT_ORIGINS: ReadonlySet<string> = new Set([
+/** Origins that are always allowed as redirect targets from checkout responses. */
+const STATIC_ALLOWED_ORIGINS: readonly string[] = [
   "https://checkout.stripe.com",
   "https://billing.stripe.com",
-  "https://commerce.coinbase.com",
-  "https://pay.coinbase.com",
-  "https://payram.io",
-  "https://app.payram.io",
-]);
+];
+
+/**
+ * Build the full allowed origins set, including any configured BTCPay Server origin.
+ * BTCPay is self-hosted so its URL varies per deployment — read from env var.
+ */
+function getAllowedOrigins(): ReadonlySet<string> {
+  const origins = new Set(STATIC_ALLOWED_ORIGINS);
+
+  // BTCPay Server (self-hosted, URL varies per deployment)
+  const btcpayUrl = process.env.NEXT_PUBLIC_BTCPAY_URL?.trim();
+  if (btcpayUrl) {
+    try {
+      origins.add(new URL(btcpayUrl).origin);
+    } catch (_err) {
+      // Invalid URL — skip silently; BTCPay checkout will fall back to same-origin
+    }
+  }
+
+  return origins;
+}
+
+export const ALLOWED_REDIRECT_ORIGINS: ReadonlySet<string> = getAllowedOrigins();
 
 /**
  * Returns true if `url` is safe to navigate to.