Oak Flats UI Primitives Catalogue

Renders the six MDX block kinds the Mufflermen docs platform supports — prose, code, note, warning, diff, and tabs. Every block carries its own ID so the TOC rail can scroll-spy it.

Use case

Renders the body of every docs page. The TOC rail reads block IDs to build itself and uses IntersectionObserver to keep the active section highlighted.

Why this exists

The trade account API exists so supplier portals can read stock and write order intent without sitting in front of the Mufflermen workshop terminal. Every endpoint here is scoped per-supplier and audited.

Before you start

Pre-issued keys

Your portal admin pre-provisions two keys — one production, one sandbox. They never share the same prefix.

Sandbox env vars

Sandbox keys are prefixed sandbox_. Production keys are prefixed live_. Anything else is a forgery.

issue-token.shbash

curl -X POST https://trade.mufflermen.com.au/v2/tokens \
  -H "Authorization: Bearer $MUFFLERMEN_ADMIN_KEY" \
  -H "X-Mufflermen-Workshop: oak-flats" \
  -d '{"supplier":"magnaflow-anz","scopes":["stock.read","orders.write"]}'

error-envelope.diff

   "status": 400,-  "error": "bad request"+  "error": {+    "code": "scope_not_allowed",+    "scope": "billing.read"+  }

TypeScriptts

import { TradeClient } from "@mufflermen/trade"

const client = new TradeClient({
  workshop: "oak-flats",
  adminKey: process.env.MUFFLERMEN_ADMIN_KEY!,
})

const token = await client.tokens.issue({
  supplier: "magnaflow-anz",
  scopes: ["stock.read", "orders.write"],
})

Rotation cadence

Grace window

Tokens rotate every 90 days. The old token is honoured for 24 hours after the new one is issued so portals can roll over without downtime.

Auditing access

Every call logs to audit.tokens.v2 with the calling IP, scopes used, and the supplier identifier. Logs retain for 18 months.