fix: drop /wp-json/ prefix from REST_BASE so apiFetch paths resolve (#145)

[chubes4]

Summary

Fixes #145 — the REST_BASE double /wp-json/ prefix that 404'd every editor REST call.

src/utils/api.ts defined REST_BASE = '/wp-json/datamachine/v1/socials' and passed it as the apiFetch path. apiFetch already prepends the REST root, so the resolved URL double-prefixed into /wp-json/wp-json/datamachine/... → 404 rest_no_route. This was masked on some configured production sites but broke in a bare environment (e.g. WordPress Playground).

Changes

• REST_BASE → /datamachine/v1/socials (drop the /wp-json/ literal). All apiFetch calls (auth/status, platforms, post, status/{id}, auth/{platform}/disconnect) now resolve correctly against the REST root.
• uploadCroppedImage() → apiFetch instead of raw fetch(). The raw call hardcoded the same /wp-json/ literal and the nonce; using apiFetch resolves the REST root, nonce, and credentials consistently. apiFetch passes a FormData body through untouched, so the upload semantics are unchanged.
• Rebuilt build/index.js + index.asset.php so the shipped bundle carries the fix.
• Removed the double-path shim from the WP Codebox crop-modal test harness (tests/wp-codebox/crop-modal-seed.php) — it only existed to work around this bug.

Verification

Ran the tests/wp-codebox/crop-modal.json smoke test against the rebuilt bundle with the harness shim removed (WordPress trunk / React 19):

success: true
steps: 22/22 ok
assertions: { "total": 9, "passed": 9, "failed": 0 }
errors: 0
doubled /wp-json/wp-json/ requests: 0

Network evidence — the editor now hits the correct single-prefix path:

200  http://127.0.0.1/wp-json/datamachine/v1/socials/auth/status?_locale=user

The cropper renders and works end-to-end with only the correct route registered, proving the fix resolves the gating REST call.

Notes

• The diff is intentionally minimal; the file has pre-existing prettier-style nits (the repo doesn't enforce them in CI) which I left untouched to avoid unrelated churn — the new code actually trips two fewer than before.

Fixes #145.

[homeboy-ci]

Homeboy Results — data-machine-socials

Audit

✅ audit — passed

• field_patterns — 1 finding(s)
• requested_detectors — 1 finding(s)
• Total: 2 finding(s)

Deep dive: homeboy audit data-machine-socials --changed-since fc86c27

Artifacts and drill-down

• CI results artifact: homeboy-ci-results-data-machine-socials-audit-homeboy-Linux-node24 contains immediate command JSON for this action invocation.
• Observation artifact: homeboy-observations-data-machine-socials-audit-homeboy-Linux-node24 contains exported Homeboy run history for deeper queries.
• Drill-down: download the observation artifact, then run homeboy runs import <dir>, homeboy runs list, and homeboy runs findings <run-id>.
• Artifacts are attached to the workflow run: https://github.com/Extra-Chill/data-machine-socials/actions/runs/26690016268

Tooling versions

• Homeboy CLI: homeboy 0.207.0+1722669b9
• Extension: wordpress from https://github.com/Extra-Chill/homeboy-extensions
• Extension revision: 6b3243f1
• Action: Extra-Chill/homeboy-action@v2