Add preview-store discriminator to stored store auth sessions

[alfonso-noriega]

WHY are these changes introduced?

Internal scaffolding for the upcoming shopify store create preview command (part of the Preview Store for AI Agent Surfaces M1 milestone, Foundations/DevTools epic).

Preview stores are backed by a placeholder identity rather than a real Shopify account. They are minted by Core's /services/preview-stores orchestrator, hand back a shop-scoped Admin API token, and have no relationship with the OAuth token endpoint — so the existing PKCE refresh and re-authentication paths in @shopify/store don't apply to them.

Before we can wire up store create preview and start persisting these sessions, the stored-session schema needs a discriminator and the recovery surfaces in session-lifecycle and admin-transport need to know not to send users back through shopify store auth for a placeholder-owned store.

This PR is intentionally scoped to that scaffolding. There is no new command, no new way to mint a preview session, and no user-visible behavior change. The follow-up PR introduces shopify store create preview and starts writing kind: 'preview' sessions through the existing setStoredStoreAppSession.

WHAT is this pull request doing?

Schema additions in session-store.ts:

• New discriminator field kind?: 'standard' | 'preview' on StoredStoreAppSession. Optional in storage so sessions written before this field existed read back as 'standard'.
• New optional preview?: { placeholderAccountUuid, coreUrl, magicLinkUrl?, magicLinkExpiresAt? } sub-object, present iff kind === 'preview'.
• New helpers sessionKind(session) and the type guard isPreviewStoreSession(session).

Sanitizer updates in session-store.ts:

• Missing or unknown kind values are coerced to 'standard' and the field is omitted on write — legacy buckets stay byte-identical to today.
• A kind: 'preview' session with missing or malformed preview metadata is rejected outright (downstream code requires placeholderAccountUuid and coreUrl to act on it).

Recovery dispatcher in recovery.ts:

• New throwReauthenticatePreviewStoreError(message, store) surfaces a preview-specific error that does not point users at shopify store auth (which would be meaningless for a placeholder-owned store).
• New throwReauthenticateForSession(message, session) dispatches to the right helper based on isPreviewStoreSession(session).
• The existing throwReauthenticateStoreAuthError is unchanged and retained as the standard-session helper.

Wiring in session-lifecycle.ts and admin-transport.ts:

• loadStoredStoreSession short-circuits the PKCE refresh path entirely for preview sessions and surfaces the preview-specific recovery error directly.
• All re-auth surfaces (the no-refresh-token branch, the failed-refresh branches, both admin-transport.ts 401 paths) now route through throwReauthenticateForSession.

Decisions worth calling out:

• Single storage namespace, additive discriminator rather than a separate LocalStorage bucket for preview stores. Preview sessions are structurally a subset of standard sessions (no refresh token, no real associated user) so the existing LocalStorage<StoreSessionSchema> shape already accommodates them; splitting storage would force every reader (store execute, attribution, last-seen-user, future store list) to do two lookups instead of branching on a field.
• Recovery message is generic ("Recreate the preview store to obtain a new token") because shopify store create preview does not exist yet. The follow-up PR will plug in the actual command.
• StoredStoreSessionKind and StoredPreviewStoreSession are kept module-internal for now and become exports the moment the next PR consumes them.

How to test your changes?

pnpm --filter @shopify/store build
pnpm --filter @shopify/store lint
node node_modules/vitest/vitest.mjs run \
  packages/store/src/cli/services/store/auth/session-store.test.ts \
  packages/store/src/cli/services/store/auth/session-lifecycle.test.ts \
  packages/store/src/cli/services/store/auth/recovery.test.ts \
  packages/store/src/cli/services/store/execute/admin-transport.test.ts

Coverage of interest:

• session-store.test.ts > preview-store discriminator — round-trip of preview sessions, legacy-session back-compat (no kind reads as standard, write omits the field), unknown-kind coercion, malformed-metadata rejection, side-by-side standard + preview sessions on the same store fqdn.
• recovery.test.ts > throwReauthenticateForSession — dispatches standard sessions to the PKCE re-auth helper and preview sessions to the preview-specific helper; defensively falls back to the standard helper when kind: 'preview' is set without metadata.
• session-lifecycle.test.ts > preview-store sessions — never invokes refreshStoreAccessToken for preview sessions even when a refreshToken is present, surfaces the preview-specific recovery message, returns preview sessions as-is when expiresAt is unset.

The two pre-existing failures in callback.test.ts ("doesn't" vs "does not" string mismatch) are unchanged on main and unrelated to this PR.

There is no runtime CLI command to exercise — invoking shopify store auth, shopify store execute, etc. continues to behave exactly as before for all standard sessions.

Post-release steps

None.

Checklist

• I've considered possible cross-platform impacts (Mac, Linux, Windows) — pure in-process logic, no platform surface touched.
• I've considered possible documentation changes — no public command surface changes; user-facing docs updated alongside shopify store create preview in the follow-up PR.
• I've considered analytics changes to measure impact — setLastSeenUserId continues to receive the session's userId; analytics for the placeholder: prefix used by preview sessions will be addressed when store create preview lands.
• The change is user-facing — I've identified the correct bump type (patch for bug fixes · minor for new features · major for breaking changes) and added a changeset with pnpm changeset add — minor bump on @shopify/store. No bug fix here; the change extends the stored-session schema with a new discriminator and metadata sub-object as the first slice of the preview-store feature.

[alfonso-noriega]

• Add shopify store create preview command #7558
• Add preview-store discriminator to stored store auth sessions #7557 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.