@droplinked_inc/editor-ui

Renderer + image-upload UI for the @droplinked_inc visual editor.

Initial rebuild port of the page-level renderer (Editor, PageHeader, PageFooter, InnerContent, AppStoreProvider) that the hostile [email protected] shipped tightly coupled to its data-only surface. @droplinked_inc/editor-configs already ports the data substrate; this package owns the renderer.

Status: 0.1.0 — shell package with bug-fix landing zone

The hostile renderer is approximately 19,818 LoC across 1,168 files (per packages/editor-configs/THREAT_MODEL.md). Porting it safely requires multi-agent work. This 0.1.0 release ships the structural fix for the 2026-05-18 template-builder upload regression plus a typed prop surface so consumers can flip imports without compile breaks.

What ships in 0.1.0

| Surface | State | | --- | --- | | Editor component | STUB — renders a placeholder that delegates to <UploadImage> so the bug-fix path is exercisable end-to-end. | | UploadImage component | WORKING — minimal unstyled <label><input type="file"></label> widget that calls uploadImageToCdn. | | uploadImageToCdn helper | WORKING — POSTs multipart/form-data to /uploader/cdn-upload with Authorization: Bearer <token>. | | EditorProps / UploadConfig types | STABLE — match the prop surface that droplinked-shop-builder consumers used against 1.9.19. | | PageHeader / PageFooter / InnerContent / AppStoreProvider | NOT YET PORTED — see "Porting plan" below. | | Configured component renderers (69 files in 1.9.19) | NOT YET PORTED — see "Porting plan". | | Icon set (849 SVGs) | NOT IN SCOPE — belongs in a future @droplinked_inc/icons (already flagged in editor-configs/THREAT_MODEL.md). |

The bug this fixes

Upload from droplinked.com/analytics/style-center/template-builder started 401-ing on 2026-05-18 after apiv3 PR #1116 made /uploader/cdn-upload JWT-required. Root cause: hostile 1.9.19 accepted a token prop on <Editor> but the internal upload call did not forward it as the Authorization header. Since we don't own that source we cannot patch it in place — hence this package.

The fix is in src/internal/upload.ts:

headers: {
  Authorization: `Bearer ${config.token}`,
},

This is the single load-bearing line. The regression test (src/__tests__/upload-auth-forwarded.test.tsx) pins the contract.

Porting plan

Once published, separate sub-agents can land each block as its own PR against this package:

1. PageHeader — top-of-page editor chrome (save, exit, publish).
2. PageFooter — publish/preview footer.
3. InnerContent — Puck-host wrapper that consumes @droplinked_inc/editor-configs.
4. AppStoreProvider — zustand store wiring. Audit for telemetry /phone-home before porting.
5. Cover Media handler + Logo Change handler — wire to UploadImage so they share the JWT-forwarded upload path.
6. Theming / Chakra v3 migration — drop Chakra v2 carry-overs.

Each port MUST repeat the secrets-sweep that editor-configs/THREAT_MODEL.md documented (eval/new Function, inline S3 URLs, console.log, hardcoded apiv3.droplinked.com, telemetry).

Consumer migration (droplinked-shop-builder)

- import { Editor, EditorProps } from 'droplinked-editor-configs';
+ import { Editor, EditorProps } from '@droplinked_inc/editor-ui';

The prop surface is unchanged. The upload regression is fixed at the package boundary; the host application does not need to change how it passes token.

Security posture

• sideEffects: false — bundlers tree-shake everything the consumer doesn't import.
• No eval, new Function, dynamic require, or dangerouslySetInnerHTML.
• No console.log / console.debug in shipped code.
• Token is forwarded only on the Authorization header; never logged, never serialized into request body or URL.
• Default upload endpoint is https://apiv3.droplinked.com/uploader/cdn-upload; override via endpoint config for tests/staging.