feat: [ENG-36536] tokens ts and new architecture

[cesaroeduardo]

Jira: https://aziontech.atlassian.net/browse/ENG-36536

Summary

• Implements a new, market-aligned design-tokens architecture with white-label brand tokens and semantic tokens.
• Standardizes token consumption to be Tailwind-oriented, reducing onboarding/learning curve and making usage more consistent across products.
• Includes fixes to ensure downstream consumers can reliably use the updated tokens.

Problems & Solutions

• Problem: Existing token organization made it harder to scale, white-label, and onboard new contributors.
  Solution: Created new tokens following a market standard proposal, introducing brand (white-label) tokens and a clearer primitives/semantic separation.
• Problem: Token consumption varied across consumers, increasing cognitive load and the chance of inconsistent usage.
  Solution: Shifted semantics to be fully oriented for Tailwind usage, providing a predictable, standardized way to consume tokens.
• Problem: Architecture changes can break downstream integrations.
  Solution: Added consumption fixes to keep consumers stable while migrating to the new structure.

Changes Made

• Added new tokens following a market-aligned proposal:
  • Figma reference: https://www.figma.com/design/t97pXRs7xME3SJDs5iZ5RF/Global-Tokens?node-id=0-1
• Introduced white-label brand tokens to support brand theming and customization.
• Introduced semantic tokens designed for direct, consistent usage via Tailwind (reduced learning curve + standardized consumption patterns).
• Reworked token structure across primitives and semantics, plus build outputs to reflect the new organization.
• Applied fixes to improve token consumption and prevent regressions in downstream projects.

Testing Checklist

• Consume tokens in site and validate the new tokens in dark and light themes.
• Consume tokens in console-kit and validate the new tokens in dark and light themes.
• Consume tokens in docs and validate the new tokens in dark and light themes.
• Confirm no conflicts (e.g., duplicated token names, unexpected overrides, incorrect CSS vars/Tailwind mapping) across integrations.

In general, to fix prototype pollution in deep-merge / deep-assignment helpers, you must prevent writes to dangerous keys (__proto__, constructor, prototype) and/or ensure that you only recurse into properties that are own properties of the destination object, not arbitrary prototype chains. The simplest and least intrusive fix here is to filter out dangerous keys before assigning them to target.

For this specific deepMerge in scripts/figma-sync.js, the best fix without changing existing functionality is to add an early-continue guard inside the Object.entries(source).forEach loop that skips any key that could lead to prototype pollution. That means checking key and ignoring "__proto__", "constructor", and "prototype" before we touch target[key]. This preserves all existing behavior for normal keys, avoids changing call sites, and doesn’t require new imports or external libraries. The changes are localized to the deepMerge function (lines 52–65).

Concretely:

• Inside the forEach(([key, value]) => { ... }) callback, right after we obtain key and value, add:

  if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
    return;
  }

• Leave the rest of the logic intact so that merging semantics for safe keys are unchanged.

No new methods or imports are required.

[isaquebock]

@cesaroeduardo faz sentido o que o github apontou?