npm - minutework - Versions diffs - 0.1.40 → 0.1.41 - Mend

minutework 0.1.40 → 0.1.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (162) hide show

package/assets/templates/vuilder-shell/package.json ADDED Viewed

@@ -0,0 +1,61 @@
+{
+  "name": "vuilder-shell",
+  "version": "0.1.0",
+  "private": true,
+  "packageManager": "pnpm@9.0.0",
+  "engines": {
+    "node": ">=20.9.0"
+  },
+  "scripts": {
+    "dev": "next dev --hostname 127.0.0.1 --port 3301",
+    "build": "next build",
+    "build:validate": "node tools/template/with-public-site-fixture.mjs next build",
+    "start": "next start -p 3301",
+    "lint": "eslint .",
+    "test": "vitest run",
+    "typegen": "next typegen",
+    "template:validate": "node tools/template/validate-template.mjs",
+    "template:route-contract": "node tools/template/validate-route-contract.mjs",
+    "typecheck": "tsc --noEmit",
+    "validate": "pnpm template:validate && pnpm template:route-contract && pnpm typegen && pnpm design-system:tokens && pnpm design-system:check && pnpm typecheck && pnpm lint && pnpm test && pnpm build:validate && pnpm build-storybook:validate",
+    "design-system:tokens": "node tools/design-system/build-token-manifest.mjs",
+    "design-system:check": "node tools/design-system/run-checks.mjs",
+    "design-system:check:staged": "node tools/design-system/run-checks.mjs --staged",
+    "storybook": "storybook dev -p 6006",
+    "build-storybook": "storybook build",
+    "build-storybook:validate": "node tools/template/with-public-site-fixture.mjs storybook build",
+    "design-system:visual": "playwright test -c tools/design-system/playwright.config.mjs"
+  },
+  "dependencies": {
+    "@radix-ui/react-slot": "^1.2.4",
+    "class-variance-authority": "^0.7.1",
+    "clsx": "^2.1.1",
+    "lucide-react": "^0.564.0",
+    "next": "^16.2.0",
+    "react": "^19.2.0",
+    "react-dom": "^19.2.0",
+    "server-only": "^0.0.1",
+    "tailwind-merge": "^3.3.1",
+    "tw-animate-css": "^1.3.3",
+    "zod": "^3.24.1"
+  },
+  "devDependencies": {
+    "@playwright/test": "^1.58.2",
+    "@storybook/addon-a11y": "^10.2.19",
+    "@storybook/addon-docs": "^10.2.19",
+    "@storybook/nextjs-vite": "^10.2.19",
+    "@tailwindcss/postcss": "^4.2.0",
+    "@types/node": "^22.0.0",
+    "@types/react": "^19.0.0",
+    "@types/react-dom": "^19.0.0",
+    "ajv": "^8.17.1",
+    "eslint": "^9.39.1",
+    "eslint-config-next": "^16.2.0",
+    "http-server": "^14.1.1",
+    "postcss": "^8.5.6",
+    "storybook": "^10.2.19",
+    "tailwindcss": "^4.2.0",
+    "typescript": "^5.6.0",
+    "vitest": "^3.2.4"
+  }
+}

package/assets/templates/vuilder-shell/postcss.config.mjs ADDED Viewed

@@ -0,0 +1,8 @@
+/** @type {import('postcss-load-config').Config} */
+const config = {
+  plugins: {
+    "@tailwindcss/postcss": {},
+  },
+};
+export default config;

package/assets/templates/vuilder-shell/public/.gitkeep ADDED Viewed

	@@ -0,0 +1 @@
1	+

package/assets/templates/vuilder-shell/src/app/api/auth/accept-shell-session/route.test.ts ADDED Viewed

@@ -0,0 +1,105 @@
+import { afterEach, describe, expect, it, vi } from "vitest";
+const mocks = vi.hoisted(() => ({
+  applyVuilderShellSessionToResponse: vi.fn(),
+  clearVuilderShellHandoffStateFromResponse: vi.fn(),
+  exchangeVuilderShellSessionHandoffCode: vi.fn(),
+  readVuilderShellHandoffState: vi.fn(),
+}));
+vi.mock("@/lib/platform/client.server", () => ({
+  exchangeVuilderShellSessionHandoffCode:
+    mocks.exchangeVuilderShellSessionHandoffCode,
+}));
+vi.mock("@/lib/platform/session.server", () => ({
+  applyVuilderShellSessionToResponse: mocks.applyVuilderShellSessionToResponse,
+  clearVuilderShellHandoffStateFromResponse:
+    mocks.clearVuilderShellHandoffStateFromResponse,
+  readVuilderShellHandoffState: mocks.readVuilderShellHandoffState,
+}));
+import { GET } from "./route";
+describe("GET /api/auth/accept-shell-session", () => {
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+  it("exchanges the handoff code, sets the shell token, and redirects locally", async () => {
+    mocks.readVuilderShellHandoffState.mockResolvedValue("state-1");
+    mocks.exchangeVuilderShellSessionHandoffCode.mockResolvedValue({
+      data: {
+        expires_at: "2026-06-09T12:00:00Z",
+        shell_session_token: "shell-token-1",
+      },
+    });
+    const response = await GET(
+      new Request(
+        "https://shell.example.com/api/auth/accept-shell-session?code=code-1&state=state-1&return_to=%2Fw%2Ffleet-alpha%2Fconnect",
+      ),
+    );
+    expect(response.status).toBe(307);
+    expect(response.headers.get("location")).toBe(
+      "https://shell.example.com/w/fleet-alpha/connect",
+    );
+    expect(response.headers.get("cache-control")).toBe("no-store");
+    expect(response.headers.get("referrer-policy")).toBe("no-referrer");
+    expect(mocks.exchangeVuilderShellSessionHandoffCode).toHaveBeenCalledWith(
+      "code-1",
+      "state-1",
+    );
+    expect(mocks.applyVuilderShellSessionToResponse).toHaveBeenCalledWith(
+      expect.any(Response),
+      "shell-token-1",
+      "2026-06-09T12:00:00Z",
+    );
+  });
+  it("rejects external return paths", async () => {
+    mocks.readVuilderShellHandoffState.mockResolvedValue("state-1");
+    mocks.exchangeVuilderShellSessionHandoffCode.mockResolvedValue({
+      data: {
+        expires_at: "2026-06-09T12:00:00Z",
+        shell_session_token: "shell-token-1",
+      },
+    });
+    const response = await GET(
+      new Request(
+        "https://shell.example.com/api/auth/accept-shell-session?code=code-1&state=state-1&return_to=https%3A%2F%2Fevil.example.com%2F",
+      ),
+    );
+    expect(response.headers.get("location")).toBe("https://shell.example.com/app");
+  });
+  it("fails closed when the shell state does not match", async () => {
+    mocks.readVuilderShellHandoffState.mockResolvedValue("state-1");
+    const response = await GET(
+      new Request(
+        "https://shell.example.com/api/auth/accept-shell-session?code=code-1&state=attacker-state&return_to=%2Fw%2Ffleet-alpha%2Fconnect",
+        {
+          headers: {
+            cookie: "mw_vuilder_shell_session=existing-shell-token",
+          },
+        },
+      ),
+    );
+    expect(response.headers.get("location")).toBe(
+      "https://shell.example.com/w/fleet-alpha/connect",
+    );
+    expect(mocks.exchangeVuilderShellSessionHandoffCode).not.toHaveBeenCalled();
+    expect(mocks.applyVuilderShellSessionToResponse).not.toHaveBeenCalled();
+    expect(mocks.clearVuilderShellHandoffStateFromResponse).toHaveBeenCalledWith(
+      expect.any(Response),
+    );
+    expect(response.headers.get("set-cookie") ?? "").not.toContain(
+      "mw_vuilder_shell_session",
+    );
+  });
+});

package/assets/templates/vuilder-shell/src/app/api/auth/accept-shell-session/route.ts ADDED Viewed

@@ -0,0 +1,63 @@
+import { NextResponse } from "next/server";
+import { appRoutes } from "@/lib/app-routes";
+import { exchangeVuilderShellSessionHandoffCode } from "@/lib/platform/client.server";
+import {
+  applyVuilderShellSessionToResponse,
+  clearVuilderShellHandoffStateFromResponse,
+  readVuilderShellHandoffState,
+} from "@/lib/platform/session.server";
+function normalizeLocalReturnTo(value?: string | null) {
+  const candidate = String(value ?? "").trim();
+  if (!candidate || !candidate.startsWith("/") || candidate.startsWith("//")) {
+    return appRoutes.appHome;
+  }
+  try {
+    const parsed = new URL(candidate, "http://localhost");
+    if (parsed.origin !== "http://localhost" || !parsed.pathname.startsWith("/")) {
+      return appRoutes.appHome;
+    }
+    return `${parsed.pathname}${parsed.search}${parsed.hash}`;
+  } catch {
+    return appRoutes.appHome;
+  }
+}
+export async function GET(request: Request) {
+  const url = new URL(request.url);
+  const shellSessionHandoffCode = url.searchParams.get("code")?.trim() ?? "";
+  const shellHandoffState = url.searchParams.get("state")?.trim() ?? "";
+  const expectedShellHandoffState = await readVuilderShellHandoffState();
+  const returnTo = normalizeLocalReturnTo(url.searchParams.get("return_to"));
+  const response = NextResponse.redirect(new URL(returnTo, url.origin));
+  response.headers.set("Cache-Control", "no-store");
+  response.headers.set("Referrer-Policy", "no-referrer");
+  clearVuilderShellHandoffStateFromResponse(response);
+  if (
+    !shellSessionHandoffCode ||
+    !shellHandoffState ||
+    !expectedShellHandoffState ||
+    shellHandoffState !== expectedShellHandoffState
+  ) {
+    return response;
+  }
+  try {
+    const result = await exchangeVuilderShellSessionHandoffCode(
+      shellSessionHandoffCode,
+      expectedShellHandoffState,
+    );
+    applyVuilderShellSessionToResponse(
+      response,
+      result.data.shell_session_token,
+      result.data.expires_at,
+    );
+  } catch {
+    return response;
+  }
+  return response;
+}

package/assets/templates/vuilder-shell/src/app/api/auth/logout/route.test.ts ADDED Viewed

@@ -0,0 +1,63 @@
+import { afterEach, describe, expect, it, vi } from "vitest";
+const mocks = vi.hoisted(() => ({
+  clearPlatformSessionFromResponse: vi.fn(),
+  readPlatformAuthState: vi.fn(),
+  revokeVuilderShellSession: vi.fn(),
+}));
+vi.mock("@/lib/platform/client.server", () => ({
+  revokeVuilderShellSession: mocks.revokeVuilderShellSession,
+}));
+vi.mock("@/lib/platform/session.server", () => ({
+  clearPlatformSessionFromResponse: mocks.clearPlatformSessionFromResponse,
+  readPlatformAuthState: mocks.readPlatformAuthState,
+}));
+import { POST } from "./route";
+describe("POST /api/auth/logout", () => {
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+  it("rejects cross-origin submissions before clearing shared cookies", async () => {
+    const response = await POST(
+      new Request("https://shell.example.com/api/auth/logout", {
+        method: "POST",
+        headers: { origin: "https://evil.example.com" },
+      }),
+    );
+    expect(response.status).toBe(403);
+    expect(mocks.readPlatformAuthState).not.toHaveBeenCalled();
+    expect(mocks.revokeVuilderShellSession).not.toHaveBeenCalled();
+    expect(mocks.clearPlatformSessionFromResponse).not.toHaveBeenCalled();
+  });
+  it("revokes and clears shell session cookies for same-origin submissions", async () => {
+    const authState = { shellSessionToken: "shell-token-1" };
+    mocks.readPlatformAuthState.mockResolvedValue(authState);
+    mocks.revokeVuilderShellSession.mockResolvedValue(undefined);
+    const response = await POST(
+      new Request("https://shell.example.com/api/auth/logout", {
+        method: "POST",
+        headers: { origin: "https://shell.example.com" },
+      }),
+    );
+    expect(response.status).toBe(204);
+    expect(response.headers.get("Cache-Control")).toBe("no-store");
+    expect(mocks.revokeVuilderShellSession).toHaveBeenCalledWith(authState);
+    expect(mocks.clearPlatformSessionFromResponse).toHaveBeenCalledWith(
+      expect.any(Response),
+    );
+    expect(
+      mocks.revokeVuilderShellSession.mock.invocationCallOrder[0],
+    ).toBeLessThan(
+      mocks.clearPlatformSessionFromResponse.mock.invocationCallOrder[0],
+    );
+  });
+});

package/assets/templates/vuilder-shell/src/app/api/auth/logout/route.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import { NextResponse } from "next/server";
+import { hasTrustedBrowserOrigin } from "@/lib/http/same-origin";
+import { revokeVuilderShellSession } from "@/lib/platform/client.server";
+import {
+  clearPlatformSessionFromResponse,
+  readPlatformAuthState,
+} from "@/lib/platform/session.server";
+export async function POST(request: Request) {
+  if (!hasTrustedBrowserOrigin(request)) {
+    return NextResponse.json(
+      { detail: "Same-origin browser submission required." },
+      { status: 403 },
+    );
+  }
+  const authState = await readPlatformAuthState();
+  await revokeVuilderShellSession(authState).catch(() => null);
+  const response = new NextResponse(null, { status: 204 });
+  response.headers.set("Cache-Control", "no-store");
+  clearPlatformSessionFromResponse(response);
+  return response;
+}

package/assets/templates/vuilder-shell/src/app/api/auth/session/route.test.ts ADDED Viewed

@@ -0,0 +1,70 @@
+import { afterEach, describe, expect, it, vi } from "vitest";
+const mocks = vi.hoisted(() => ({
+  loadCurrentSession: vi.fn(),
+  readPlatformAuthState: vi.fn(),
+  syncPlatformAuthStateToResponse: vi.fn(),
+  toPlatformErrorResponse: vi.fn(),
+}));
+vi.mock("@/lib/platform/client.server", () => ({
+  loadCurrentSession: mocks.loadCurrentSession,
+}));
+vi.mock("@/lib/platform/route-response", () => ({
+  toPlatformErrorResponse: mocks.toPlatformErrorResponse,
+}));
+vi.mock("@/lib/platform/session.server", () => ({
+  readPlatformAuthState: mocks.readPlatformAuthState,
+  syncPlatformAuthStateToResponse: mocks.syncPlatformAuthStateToResponse,
+}));
+import { GET } from "./route";
+describe("GET /api/auth/session", () => {
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+  it("returns the current session with no-store cache headers", async () => {
+    const authState = { shellSessionToken: "shell-token-1" };
+    const nextAuthState = { shellSessionToken: "shell-token-2" };
+    mocks.readPlatformAuthState.mockResolvedValue(authState);
+    mocks.loadCurrentSession.mockResolvedValue({
+      authState: nextAuthState,
+      data: { authenticated: true },
+    });
+    const response = await GET();
+    expect(response.status).toBe(200);
+    expect(response.headers.get("Cache-Control")).toBe("no-store");
+    await expect(response.json()).resolves.toEqual({ authenticated: true });
+    expect(mocks.syncPlatformAuthStateToResponse).toHaveBeenCalledWith(
+      expect.any(Response),
+      authState,
+      nextAuthState,
+    );
+  });
+  it("returns platform errors with no-store cache headers", async () => {
+    const authState = { shellSessionToken: "shell-token-1" };
+    const error = new Error("platform failed");
+    mocks.readPlatformAuthState.mockResolvedValue(authState);
+    mocks.loadCurrentSession.mockRejectedValue(error);
+    mocks.toPlatformErrorResponse.mockReturnValue(
+      Response.json({ detail: "Platform error" }, { status: 503 }),
+    );
+    const response = await GET();
+    expect(response.status).toBe(503);
+    expect(response.headers.get("Cache-Control")).toBe("no-store");
+    expect(mocks.toPlatformErrorResponse).toHaveBeenCalledWith(
+      error,
+      "Unable to load the current platform session.",
+      authState,
+    );
+  });
+});

package/assets/templates/vuilder-shell/src/app/api/auth/session/route.ts ADDED Viewed

@@ -0,0 +1,27 @@
+import { NextResponse } from "next/server";
+import { loadCurrentSession } from "@/lib/platform/client.server";
+import { toPlatformErrorResponse } from "@/lib/platform/route-response";
+import {
+  readPlatformAuthState,
+  syncPlatformAuthStateToResponse,
+} from "@/lib/platform/session.server";
+export async function GET() {
+  const authState = await readPlatformAuthState();
+  try {
+    const result = await loadCurrentSession(authState);
+    const response = NextResponse.json(result.data, { status: 200 });
+    response.headers.set("Cache-Control", "no-store");
+    syncPlatformAuthStateToResponse(response, authState, result.authState);
+    return response;
+  } catch (error) {
+    const response = toPlatformErrorResponse(
+      error,
+      "Unable to load the current platform session.",
+      authState,
+    );
+    response.headers.set("Cache-Control", "no-store");
+    return response;
+  }
+}

package/assets/templates/vuilder-shell/src/app/app/layout.tsx ADDED Viewed

@@ -0,0 +1,17 @@
+import type { Metadata } from "next";
+import type { ReactNode } from "react";
+export const metadata: Metadata = {
+  robots: {
+    index: false,
+    follow: false,
+  },
+};
+export default function AuthenticatedAppLayout({
+  children,
+}: {
+  children: ReactNode;
+}) {
+  return children;
+}

package/assets/templates/vuilder-shell/src/app/app/page.tsx ADDED Viewed

@@ -0,0 +1,30 @@
+import { notFound, redirect } from "next/navigation";
+import { appRoutes } from "@/lib/app-routes";
+import { loadCurrentWorkspaceShellSession } from "@/lib/platform/client.server";
+import { readPlatformAuthState } from "@/lib/platform/session.server";
+export const metadata = {
+  title: "Workspace",
+};
+export default async function AppHomePage() {
+  const authState = await readPlatformAuthState();
+  const shellSession = (await loadCurrentWorkspaceShellSession(authState)).data;
+  const { membership, session, workspaceCanOpen, workspaceCanView } =
+    shellSession;
+  if (!session.authenticated) {
+    redirect(appRoutes.login);
+  }
+  if (!membership || !workspaceCanView) {
+    notFound();
+  }
+  if (!workspaceCanOpen) {
+    redirect(appRoutes.workspaceConnect(membership.workspace_slug));
+  }
+  redirect(appRoutes.workspaceShell(membership.workspace_slug));
+}

package/assets/templates/vuilder-shell/src/app/blog/[slug]/page.tsx ADDED Viewed

@@ -0,0 +1,15 @@
+import { StaticPublicPage } from "@/features/public-shell/components/static-public-page";
+export const metadata = {
+  title: "Blog",
+};
+export default function BlogPostPage() {
+  return (
+    <StaticPublicPage
+      eyebrow="Blog"
+      title="Update"
+      body="A customer-facing update."
+    />
+  );
+}

package/assets/templates/vuilder-shell/src/app/blog/page.tsx ADDED Viewed

@@ -0,0 +1,15 @@
+import { StaticPublicPage } from "@/features/public-shell/components/static-public-page";
+export const metadata = {
+  title: "Blog",
+};
+export default function BlogIndexPage() {
+  return (
+    <StaticPublicPage
+      eyebrow="Blog"
+      title="Updates"
+      body="News, releases, and customer notes."
+    />
+  );
+}

package/assets/templates/vuilder-shell/src/app/docs/[...slug]/page.tsx ADDED Viewed

@@ -0,0 +1,15 @@
+import { StaticPublicPage } from "@/features/public-shell/components/static-public-page";
+export const metadata = {
+  title: "Docs",
+};
+export default function DocsPage() {
+  return (
+    <StaticPublicPage
+      eyebrow="Docs"
+      title="Documentation page"
+      body="Helpful context for customer workflows."
+    />
+  );
+}

package/assets/templates/vuilder-shell/src/app/docs/page.tsx ADDED Viewed

@@ -0,0 +1,15 @@
+import { StaticPublicPage } from "@/features/public-shell/components/static-public-page";
+export const metadata = {
+  title: "Docs",
+};
+export default function DocsIndexPage() {
+  return (
+    <StaticPublicPage
+      eyebrow="Docs"
+      title="Customer documentation"
+      body="Guides, onboarding notes, and product documentation."
+    />
+  );
+}

package/assets/templates/vuilder-shell/src/app/globals.css ADDED Viewed

@@ -0,0 +1,70 @@
+@import "tailwindcss";
+@import "tw-animate-css";
+@import "../design-system/tokens/index.css";
+@layer base {
+  html {
+    height: 100%;
+  }
+  body {
+    min-height: 100%;
+    margin: 0;
+  }
+  * {
+    @apply border-border outline-ring/50;
+    box-sizing: border-box;
+  }
+  body {
+    @apply bg-background text-foreground antialiased;
+  }
+  a {
+    color: inherit;
+  }
+}
+@layer components {
+  .public-site-background {
+    background:
+      linear-gradient(
+        180deg,
+        var(--color-background) 0%,
+        color-mix(in oklab, var(--color-surface-raised) 68%, white) 100%
+      );
+  }
+  .public-site-orb {
+    background:
+      radial-gradient(
+        circle at top left,
+        color-mix(in oklab, var(--color-primary) 28%, white) 0%,
+        transparent 48%
+      ),
+      radial-gradient(
+        circle at top right,
+        color-mix(in oklab, var(--color-chart-2) 18%, white) 0%,
+        transparent 42%
+      );
+  }
+  .marketing-hero-surface {
+    background:
+      linear-gradient(
+        135deg,
+        color-mix(in oklab, var(--color-surface) 78%, white) 0%,
+        color-mix(in oklab, var(--color-primary) 8%, white) 100%
+      );
+  }
+  .marketing-hero-orb {
+    background:
+      radial-gradient(
+        circle at center,
+        color-mix(in oklab, var(--color-chart-2) 14%, white) 0%,
+        transparent 70%
+      );
+  }
+}

package/assets/templates/vuilder-shell/src/app/layout.tsx ADDED Viewed

@@ -0,0 +1,69 @@
+import "./globals.css";
+import type { Metadata } from "next";
+import { Geist, Geist_Mono } from "next/font/google";
+import { cookies } from "next/headers";
+import type { ReactNode } from "react";
+import { AppProviders } from "./providers";
+import { resolvePublicMetadataBase } from "@/lib/public-site";
+import {
+  isThemeMode,
+  THEME_COOKIE_NAME,
+  type ThemeMode,
+} from "@/lib/theme-config";
+const geistSans = Geist({
+  subsets: ["latin"],
+  variable: "--font-sans",
+});
+const geistMono = Geist_Mono({
+  subsets: ["latin"],
+  variable: "--font-mono",
+});
+export function generateMetadata(): Metadata {
+  const metadataBase = resolvePublicMetadataBase();
+  const appName = process.env.MW_TEMPLATE_APP_NAME || "Vuilder Shell";
+  return {
+    ...(metadataBase ? { metadataBase } : {}),
+    title: {
+      default: appName,
+      template: `%s | ${appName}`,
+    },
+    description: "Customer-facing branded tenant shell.",
+    openGraph: {
+      title: appName,
+      description: "Customer-facing branded tenant shell.",
+      siteName: appName,
+      type: "website",
+      ...(process.env.MW_PUBLIC_BASE_URL ? { url: process.env.MW_PUBLIC_BASE_URL } : {}),
+    },
+  };
+}
+export default async function RootLayout({ children }: { children: ReactNode }) {
+  const cookieStore = await cookies();
+  const themeCookie = cookieStore.get(THEME_COOKIE_NAME)?.value;
+  const initialTheme: ThemeMode = isThemeMode(themeCookie) ? themeCookie : "system";
+  const resolvedThemeClass =
+    initialTheme === "light" || initialTheme === "dark" ? initialTheme : undefined;
+  const colorScheme =
+    initialTheme === "light" || initialTheme === "dark" ? initialTheme : undefined;
+  return (
+    <html
+      lang="en"
+      suppressHydrationWarning
+      className={resolvedThemeClass}
+      style={colorScheme ? { colorScheme } : undefined}
+    >
+      <body
+        className={`${geistSans.variable} ${geistMono.variable} bg-background font-sans text-foreground antialiased`}
+      >
+        <AppProviders initialTheme={initialTheme}>{children}</AppProviders>
+      </body>
+    </html>
+  );
+}