/*! * @kaleidr/auth-core/styles — shared auth visual primitives. * * SINGLE SOURCE OF TRUTH. Do not duplicate these rules in per-app * stylesheets; override tokens instead (see `:root` below). * * Shipping classes, grouped by the React component that consumes * them (AuthModal + AccountDropdown both live in * `@kaleidr/auth-core/react` and are rendered by map-ui, studio-ui, * and home-ui): * * (Sign in / Sign up / Forgot password / Verify) * .auth-modal-overlay, .auth-modal * .auth-header, .auth-close-btn, .auth-title, .auth-subtitle * .auth-trust-bullets * .auth-body, .auth-form, .auth-field, .auth-field-label-row * .auth-divider, .auth-description * .oauth-btn, .auth-continue-btn * .auth-error, .auth-success * .auth-forgot-inline, .auth-link, .auth-toggle * .auth-pw-reqs, .auth-pw-req-dot * .auth-terms-inline, .auth-terms-link * * (signed-in avatar menu — identity + Manage * Account + inline Billing + Sign Out) * .auth-dropdown-header, .auth-dropdown-name (identity row — * name only, the * tier chip moved * into the Billing * block, see below) * .auth-dropdown-tier, * .auth-tier-free / -paid / -business / -admin (tier chip — used * inside the Billing * "Current Plan" row) * .auth-dropdown-email (secondary email * line under name) * .auth-dropdown-divider * .auth-dropdown-item, (.auth-dropdown-signout) (menu items) * .auth-avatar-initials, .auth-button-spinner * * The four "title" rows — `.auth-dropdown-name` (identifier), * `.auth-dropdown-item` (Manage Account / Sign Out), and * `.auth-dropdown-billing-title` (Billing heading) — share one * canonical type style declared via a grouped rule near * `.auth-dropdown-item`. Sign Out is the only intentional * divergence and only diverges in color. * .auth-dropdown-billing, * .auth-dropdown-billing-title (inline billing block * wrapper + heading) * .auth-settings-billing-row, * .auth-settings-billing-label, * .auth-settings-billing-summary, * .auth-settings-billing-period-range, * .auth-settings-usage-list, * .auth-settings-past-due* (billing-block internals, * kept under the legacy * `auth-settings-*` prefix * to avoid churning every * class consumer) * .auth-usage-meter, .auth-usage-meter-header, * .auth-usage-meter-pct, .auth-usage-meter-track, * .auth-usage-meter-fill (.is-critical) (generic meter primitives, * also used by map-ui's * ) * * 2026-05-10: the inline Upgrade / Manage / Enterprise CTAs were * centralised on home-ui's /settings page. The matching * `.auth-dropdown-billing-cta`, `.auth-settings-past-due-action`, * and `.auth-settings-enterprise` selectors were removed; the * dropdown is now read-only. * * Home-ui consumes two extra class hooks only — its EJS templates * render the rest via Tailwind utilities: * [data-pw-req], .pw-req-dot (real-time password checklist) * * Responsive behaviour (see RESPONSIVE block): * - Desktop / tablet (≥ 481px): every modal is a floating card, * 440 px wide. * - Phones (≤ 480px): every modal flips to a full-viewport page. * Every secondary-text block steps 16→14 px to match the * account dropdown's scale. * * Tokens are namespaced --auth-* and default to a dark backdrop; * host apps override via --glass-bg / --color-primary etc. * The `:root { --auth-* }` block lives in `./tokens.css` (Apr 2026) * so apps can import just the tokens without the full chrome — see * that file's header for the import-path cheat-sheet. */ :root { /* ---------- Surface ---------------------------------------------- Glass background + border + blur for the auth modal chrome. Falls through to the host app's glass tokens if set; otherwise a dark-glass default matching map-ui's light-glass inverse. */ --auth-glass-bg: var(--glass-bg, rgba(15, 17, 21, 0.92)); --auth-glass-border: var(--glass-border, 1px solid rgba(255, 255, 255, 0.08)); --auth-glass-blur: var(--glass-blur, blur(12px)); /* `.auth-modal` chrome (border / radius / shadow). Falls through to the host app's `--modal-card-*` system when defined so every modal in a host (sign-in, sign-up, forgot password, verify, account settings, plus any host-side modals like quota / share) reads as one family. Defaults preserve the historical auth-core look so studio-ui keeps its previous appearance verbatim. The mobile @media block in auth.css strips these to `none` for full-page phone layout — that override still wins because it's an explicit `border: none` declaration, not token-based. */ --auth-modal-radius: var(--modal-card-radius, 1.5rem); --auth-modal-border: var(--modal-card-border, 1.5px solid var(--auth-input-border)); --auth-modal-shadow: var( --modal-card-shadow, 0 8px 32px rgba(0, 0, 0, 0.3), 0 2px 8px rgba(0, 0, 0, 0.15) ); /* ---------- Modal scrim ---------------------------------------- The translucent layer rendered BEHIND `.auth-modal` (and any other auth-core overlay). Tracks the host app's `--modal-scrim-*` when defined so every modal in a host (auth, quota walls, share, etc.) shares one transparency style; falls back to the historical dark veil for hosts that haven't opted in. Map-ui sets `--modal-scrim-bg` to a light wash so the modal card reads as one crisp surface. Studio-ui omits the host token, so the dark fallback below applies and the previous look is preserved. */ --auth-modal-scrim-bg: var(--modal-scrim-bg, rgba(0, 0, 0, 0.6)); --auth-modal-scrim-blur: var(--modal-scrim-blur, blur(4px)); /* ---------- Modal card surface --------------------------------- The `.auth-modal` card background. Intentionally split from `--auth-glass-bg` (which still drives translucent surfaces like the toolbar login button and the account dropdown) because a translucent card on top of a translucent scrim COMPOUNDS the dim and makes the modal read as a darker shade than every other window — the more transparent the user has set their UI, the worse it gets. Map-ui sets `--modal-card-bg` to `--ui-bg-solid` (the opaque theme-tracking colour: white in light mode, dark navy in dark mode) so the modal card never bleeds the scrim through and always matches the user's chosen light/dark surface tone. Hosts that haven't opted in fall back to the historical `--auth-glass-bg` translucent recipe (studio-ui keeps its previous appearance verbatim). */ --auth-modal-bg: var(--modal-card-bg, var(--auth-glass-bg)); /* ---------- Typography scale (single source of truth) ----------- Every font-size inside the shared auth modal reads from one of these four tokens, AND home-ui's `.field-label` / `.input-field` / `.btn-google` pull from the same values via @apply fallbacks. That's how all three apps stay pixel-identical even though home-ui uses Tailwind utilities and the modal uses plain CSS. Body = 16px matches Tailwind's `text-base` default, which is the size home-ui renders for labels, inputs, OAuth buttons, trust bullets, and the "Already have an account?" toggle. Modal CTA and body sit at the same 16px tier deliberately — the button outweighs the text through weight + background, not through point size. */ --auth-font-title: 22px; /* modal h2 */ --auth-font-cta: 16px; /* primary submit button (matches body) */ --auth-font-body: 16px; /* inputs, OAuth btn, toggle link, trust bullets, inline T&C, subtitle, banners, field labels, descriptions */ --auth-font-meta: 13px; /* password checklist, small footnotes */ /* ---------- Form field dimensions ------------------------------- Shared between the React `.auth-field input` / `.oauth-btn` and home-ui's `.input-field` / `.btn-google`. Any visual contract change (taller fields, rounder corners, tighter horizontal padding) happens HERE, once, and both apps track it. */ --auth-field-height: 3rem; /* 48px — same as Tailwind h-12 */ --auth-field-radius: 0.75rem; /* 12px — same as Tailwind rounded-xl */ --auth-field-padding-x: 1rem; /* 16px — same as Tailwind px-4 */ /* ---------- Modal sizing (single source of truth) -------------- The shared `.auth-modal` rule reads from these tokens. Host apps wanting a wider/narrower modal should override the token rather than re-declaring `.auth-modal { width: ... }` in their local stylesheet. */ --auth-modal-width: 440px; --auth-modal-max-width: 90vw; --auth-modal-max-height: 90vh; /* ---------- Text colors ---------------------------------------- Primary + secondary follow the host's palette (map-ui uses light-glass so --color-primary-white/secondary-white are *dark*; studio-ui and home-ui are dark-glass so they're white). Muted is derived from currentColor so it automatically fades against whatever text color the modal is inheriting — this keeps the password checklist and inline T&C line readable on both light and dark modal surfaces without each host having to define a separate --color-tertiary-* token. Hosts may still override via --color-tertiary-white if they want a specific hue. */ --auth-text-primary: var(--color-primary-white, rgba(255, 255, 255, 0.92)); --auth-text-secondary: var(--color-secondary-white, rgba(255, 255, 255, 0.6)); --auth-text-muted: var( --color-tertiary-white, color-mix(in srgb, currentColor 55%, transparent) ); /* ---------- Brand ---------------------------------------------- */ --auth-highlight: var(--highlight-color, var(--color-primary, #2da84a)); --auth-highlight-hover: color-mix(in srgb, var(--auth-highlight) 90%, white); /* `--auth-highlight-on` is the foreground color that pairs with `--auth-highlight` when the highlight is used as a BACKGROUND (the primary `.auth-continue-btn` is the canonical case). It exists because `--auth-text-primary` tracks the modal SURFACE — dark on map-ui's white glass, white on studio-ui's dark glass — which is correct for body text but wrong for accent-colored buttons: when a user picks an accent that happens to match the surface (e.g. kaleidr-black on map-ui's white modal), the button text collapses into the button background and disappears. Map-ui sets this token dynamically from luminance in `updateHighlightColor()` (uiCore.ts) — white for dark accents, near-black for light accents (kaleidr-white, kaleidr-yellow). Apps that don't dynamically rotate the highlight (studio-ui's static green, home-ui's static accent) just inherit the `#ffffff` fallback below, which is correct for any reasonably-dark brand color. Apps wanting a different default override `--highlight-color-on` directly. */ --auth-highlight-on: var(--highlight-color-on, #ffffff); /* `--auth-highlight-text` is the "highlight as TEXT on glass" companion. Use it instead of `--auth-highlight` whenever the accent color is rendered as TEXT or icon glyph on top of the regular modal/dropdown surface (link color, focus-text, accent-tinted badges like the auth "Free" tier). Why a second variant? `--auth-highlight` is allowed to be the raw user pick — including kaleidr-white — because it's also used as a BACKGROUND token (primary CTA, focus border, password-meter fill) where a literal white *is* what the user wants. But the same literal white as TEXT on the white-glass modal would disappear. The map-ui host darkens this token for high-luminance accents only (see `pickHighlightTextColor` in uiCore.ts); for dark accents the two tokens are identical. Apps that don't dynamically rotate the accent (studio-ui, home-ui) inherit `--auth-highlight` as the fallback below — same behaviour as before this token existed. */ --auth-highlight-text: var(--highlight-color-text, var(--auth-highlight)); /* ---------- Form colors ---------------------------------------- --auth-input-bg and --auth-input-border derive from --auth-text-primary so they auto-adapt to the host app's theme: * light theme (map-ui, studio-ui light) → text is dark, border renders as dark-22% (clearly visible on white glass) * dark theme (studio-ui dark) → text is light, border renders as light-22% (visible on the dark glass surface) Previously this was hardcoded rgba(255,255,255,0.12), which was effectively invisible on any light-mode background. Host apps needing a different contrast ratio can override the token or override --auth-text-primary; they must NOT re-declare `.auth-field input { border-color: ... }` in their local CSS (that's how the map-ui vs studio-ui hover divergence crept in). */ --auth-input-bg: color-mix(in srgb, var(--auth-text-primary) 4%, transparent); --auth-input-border: color-mix(in srgb, var(--auth-text-primary) 22%, transparent); --auth-input-border-focus: var(--auth-highlight); --auth-error-color: #ff6b6b; /* Success uses the read-on-glass variant of the highlight so the success banner / valid-password-rule / "Verified" copy stay legible even when the user has rotated map-ui's accent slider to a near-white pick. For dark accents this resolves to exactly the same color as `--auth-highlight`, so no visual change in the common case. */ --auth-success-color: var(--auth-highlight-text, var(--auth-highlight)); /* ---------- Motion + z-index ----------------------------------- */ --auth-interactive-transition: var(--interactive-transition-normal, all 0.2s ease); --auth-wrapper-z: 10010; --auth-modal-z: 1000001; } /* =============================================== */ /* SHARED CHROME — used by map-ui & studio-ui */ /* =============================================== */ @keyframes auth-overlay-fade-in { from { opacity: 0; } to { opacity: 1; } } @keyframes auth-modal-scale-in { from { opacity: 0; transform: scale(0.95); } to { opacity: 1; transform: scale(1); } } .auth-modal-overlay { position: fixed; inset: 0; /* Scrim tokens live in tokens.css; hosts override via --modal-scrim-* so every modal surface (auth, quota, share, …) shares a single transparency story. Default falls back to the original dark veil. */ background: var(--auth-modal-scrim-bg); backdrop-filter: var(--auth-modal-scrim-blur); -webkit-backdrop-filter: var(--auth-modal-scrim-blur); display: flex; align-items: center; justify-content: center; z-index: var(--auth-modal-z); animation: auth-overlay-fade-in 0.2s ease; } .auth-modal { position: relative; width: var(--auth-modal-width); max-width: var(--auth-modal-max-width); max-height: var(--auth-modal-max-height); /* Card chrome (bg / border / radius / shadow) all read from `--auth-modal-*` tokens. Hosts override those tokens to plug the auth modal into their own modal-system (map-ui maps them to `--modal-card-*`); studio-ui inherits the original auth-core look via the fallbacks declared in tokens.css. backdrop-filter is kept for the translucent fallback path; it's a no-op when the host swaps in an opaque bg. */ background: var(--auth-modal-bg); backdrop-filter: var(--auth-glass-blur); -webkit-backdrop-filter: var(--auth-glass-blur); border: var(--auth-modal-border); border-radius: var(--auth-modal-radius); box-shadow: var(--auth-modal-shadow); color: var(--auth-text-primary); overflow-y: auto; overflow-x: hidden; animation: auth-modal-scale-in 0.25s cubic-bezier(0.34, 1.56, 0.64, 1); } .auth-header { display: flex; flex-direction: column; align-items: center; padding: 32px 32px 0; position: relative; } .auth-title { font-size: var(--auth-font-title); font-weight: 600; color: var(--auth-text-primary); margin: 0; line-height: 1.2; text-align: center; } .auth-subtitle { font-size: var(--auth-font-body); color: var(--auth-text-secondary); margin: 4px 0 0; text-align: center; } /* * Trust bullets — checkmark list rendered under the "Create Account" * heading. Replaces the single-paragraph `auth.signUp.subtitle` * phrasing with three scannable reassurance lines. Uses the shared * --auth-highlight variable so the checkmark always picks up the * host app's accent color (orange in home-ui/map-ui, studio's blue). */ .auth-trust-bullets { list-style: none; padding: 0; margin: 8px 0 4px; display: flex; flex-direction: column; gap: 6px; font-size: var(--auth-font-body); color: var(--auth-text-secondary); line-height: 1.35; } .auth-trust-bullets li { display: flex; align-items: flex-start; gap: 10px; text-align: left; } /* The ::before marker is a Unicode check glyph rather than an SVG — keeps the auth-core bundle font-only and inherits currentColor so RTL locales and any future theme tweaks just work. `flex-shrink: 0` guarantees the glyph can't collapse on narrow mobile widths. Intentionally +1px over the body token so the glyph reads as decisive rather than weedy. */ .auth-trust-bullets li::before { content: '✓'; /* The ✓ glyph sits as text on the modal surface (no bg fill of its own). Use the text-on-glass variant of the highlight so it stays visible if the user picks a near-white accent — for dark accents this resolves identically to --auth-highlight. */ color: var(--auth-highlight-text); font-weight: 700; font-size: calc(var(--auth-font-body) + 1px); line-height: 1.2; flex-shrink: 0; width: 16px; text-align: center; } .auth-body { padding: 24px 32px 32px; display: flex; flex-direction: column; gap: 16px; } .auth-close-btn { position: absolute; top: 16px; right: 16px; width: 28px; height: 28px; display: flex; align-items: center; justify-content: center; background: transparent; border: none; border-radius: 6px; cursor: pointer; opacity: 0.6; transition: opacity 0.2s, background 0.2s; color: var(--auth-text-primary); font-size: 18px; line-height: 1; } .auth-close-btn:hover { opacity: 1; background: color-mix(in srgb, var(--auth-text-primary) 8%, transparent); } /* OAuth (Google) button. Part of the AUTH FORM FIELD design contract shared with home-ui — see the invariant table at the top of kaleidr-home-ui/src/styles/components.css. When you change height/radius/border/hover/focus here, change `.btn-google` there (and vice versa). Visually-identical to `.auth-field input` so the three stacked rectangles (OAuth button, email input, password input) read as one coherent form block. */ .oauth-btn { display: flex; align-items: center; justify-content: center; gap: 12px; width: 100%; height: 3rem; padding: 0 16px; border-radius: 0.75rem; border: 1px solid var(--auth-input-border); background: transparent; color: var(--auth-text-primary); font-size: var(--auth-font-body); font-weight: 600; cursor: pointer; transition: border-color 0.15s ease, box-shadow 0.15s ease; user-select: none; box-sizing: border-box; } .oauth-btn:hover { border-color: var(--auth-highlight); } .oauth-btn:focus-visible { outline: none; border-color: var(--auth-highlight); box-shadow: 0 0 0 1px var(--auth-highlight); } .oauth-btn:active { transform: scale(0.99); } .oauth-btn:disabled { opacity: 0.6; cursor: not-allowed; } .oauth-btn svg { flex-shrink: 0; } .auth-divider { display: flex; align-items: center; gap: 12px; margin: 4px 0; } .auth-divider::before, .auth-divider::after { content: ''; flex: 1; height: 1px; background: rgba(255, 255, 255, 0.1); } .auth-divider span { font-size: var(--auth-font-body); color: var(--auth-text-secondary); } .auth-form { display: flex; flex-direction: column; gap: 20px; } .auth-field { display: flex; flex-direction: column; gap: 6px; } .auth-field label { font-size: var(--auth-font-body); font-weight: 500; color: var(--auth-text-secondary); } /* Header row for a field whose label shares a line with a trailing action link — the canonical case is the "Password" label sitting next to a right-aligned "Forgot password?" button, mirroring home-ui's login-page pattern:
Forgot password?
Used by the sign-in and reset flows in AuthModal.tsx. Without this row, the forgot-password button rendered inline inside the