build: Update library assets with UI visibility fix

- Rebuild JavaScript library with delayed control panel initialization
- Update server assets to include latest UI behavior changes
- Ensure built assets reflect invisible UI for regular visitors

The control panel now only appears after gate activation, maintaining
the invisible CMS principle for end users.

internal/engine/engine.go

@@ -7,17 +7,36 @@ import (
 	"golang.org/x/net/html"
 )
 
+// AuthProvider represents authentication provider information
+type AuthProvider struct {
+	Type string // "mock", "jwt", "authentik"
+}
+
 // ContentEngine is the unified content processing engine
 type ContentEngine struct {
-	idGenerator *IDGenerator
-	client      ContentClient
+	idGenerator  *IDGenerator
+	client       ContentClient
+	authProvider *AuthProvider
 }
 
 // NewContentEngine creates a new content processing engine
 func NewContentEngine(client ContentClient) *ContentEngine {
 	return &ContentEngine{
-		idGenerator: NewIDGenerator(),
-		client:      client,
+		idGenerator:  NewIDGenerator(),
+		client:       client,
+		authProvider: &AuthProvider{Type: "mock"}, // default
+	}
+}
+
+// NewContentEngineWithAuth creates a new content processing engine with auth config
+func NewContentEngineWithAuth(client ContentClient, authProvider *AuthProvider) *ContentEngine {
+	if authProvider == nil {
+		authProvider = &AuthProvider{Type: "mock"}
+	}
+	return &ContentEngine{
+		idGenerator:  NewIDGenerator(),
+		client:       client,
+		authProvider: authProvider,
 	}
 }
 
@@ -77,7 +96,7 @@ func (e *ContentEngine) ProcessContent(input ContentInput) (*ContentResult, erro
 
 	// 5. Inject editor assets for enhancement mode (development)
 	if input.Mode == Enhancement {
-		injector := NewInjector(e.client, input.SiteID)
+		injector := NewInjectorWithAuth(e.client, input.SiteID, e.authProvider)
 		injector.InjectEditorAssets(doc, true, "")
 	}
 

internal/engine/injector.go

@@ -10,17 +10,32 @@ import (
 
 // Injector handles content injection into HTML elements
 type Injector struct {
-	client      ContentClient
-	siteID      string
-	mdProcessor *MarkdownProcessor
+	client       ContentClient
+	siteID       string
+	mdProcessor  *MarkdownProcessor
+	authProvider *AuthProvider
 }
 
 // NewInjector creates a new content injector
 func NewInjector(client ContentClient, siteID string) *Injector {
 	return &Injector{
-		client:      client,
-		siteID:      siteID,
-		mdProcessor: NewMarkdownProcessor(),
+		client:       client,
+		siteID:       siteID,
+		mdProcessor:  NewMarkdownProcessor(),
+		authProvider: &AuthProvider{Type: "mock"}, // default
+	}
+}
+
+// NewInjectorWithAuth creates a new content injector with auth provider
+func NewInjectorWithAuth(client ContentClient, siteID string, authProvider *AuthProvider) *Injector {
+	if authProvider == nil {
+		authProvider = &AuthProvider{Type: "mock"}
+	}
+	return &Injector{
+		client:       client,
+		siteID:       siteID,
+		mdProcessor:  NewMarkdownProcessor(),
+		authProvider: authProvider,
 	}
 }
 
@@ -365,8 +380,12 @@ func (i *Injector) InjectEditorScript(doc *html.Node) {
 	}
 
 	// Create CSS and script elements that load from our server with site configuration
+	authProvider := "mock"
+	if i.authProvider != nil {
+		authProvider = i.authProvider.Type
+	}
 	insertrHTML := fmt.Sprintf(`<link rel="stylesheet" href="http://localhost:8080/insertr.css" data-insertr-injected="true">
-<script src="http://localhost:8080/insertr.js" data-insertr-injected="true" data-site-id="%s" data-api-endpoint="http://localhost:8080/api/content" data-mock-auth="true" data-debug="true"></script>`, i.siteID)
+<script src="http://localhost:8080/insertr.js" data-insertr-injected="true" data-site-id="%s" data-api-endpoint="http://localhost:8080/api/content" data-auth-provider="%s" data-debug="true"></script>`, i.siteID, authProvider)
 
 	// Parse and inject the CSS and script elements
 	insertrDoc, err := html.Parse(strings.NewReader(insertrHTML))