@civitai/app-sdk 0.13.0 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +13 -7
- package/dist/blocks/defineBlock.d.ts +22 -1
- package/dist/blocks/defineBlock.d.ts.map +1 -1
- package/dist/blocks/defineBlock.js +52 -9
- package/dist/blocks/defineBlock.js.map +1 -1
- package/dist/blocks/index.d.ts +1 -1
- package/dist/blocks/index.d.ts.map +1 -1
- package/dist/blocks/messages.d.ts +16 -0
- package/dist/blocks/messages.d.ts.map +1 -1
- package/dist/blocks/messages.js.map +1 -1
- package/dist/blocks/scopes.d.ts +14 -3
- package/dist/blocks/scopes.d.ts.map +1 -1
- package/dist/blocks/scopes.js +17 -3
- package/dist/blocks/scopes.js.map +1 -1
- package/dist/blocks/types.d.ts +30 -0
- package/dist/blocks/types.d.ts.map +1 -1
- package/dist/oauth/authorize.d.ts +13 -0
- package/dist/oauth/authorize.d.ts.map +1 -1
- package/dist/oauth/authorize.js +13 -0
- package/dist/oauth/authorize.js.map +1 -1
- package/dist/oauth/pkce.d.ts +11 -1
- package/dist/oauth/pkce.d.ts.map +1 -1
- package/dist/oauth/pkce.js +11 -1
- package/dist/oauth/pkce.js.map +1 -1
- package/dist/oauth/token.d.ts +45 -4
- package/dist/oauth/token.d.ts.map +1 -1
- package/dist/oauth/token.js +45 -4
- package/dist/oauth/token.js.map +1 -1
- package/dist/orchestrator/index.d.ts +62 -4
- package/dist/orchestrator/index.d.ts.map +1 -1
- package/dist/orchestrator/index.js +62 -4
- package/dist/orchestrator/index.js.map +1 -1
- package/dist/scopes/index.d.ts +28 -4
- package/dist/scopes/index.d.ts.map +1 -1
- package/dist/scopes/index.js +28 -4
- package/dist/scopes/index.js.map +1 -1
- package/package.json +1 -1
- package/schemas/app-block/v1.json +145 -134
|
@@ -1,184 +1,195 @@
|
|
|
1
1
|
{
|
|
2
|
-
"$schema": "
|
|
2
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
3
3
|
"$id": "https://civitai.com/schemas/app-block/v1.json",
|
|
4
|
-
"title": "Civitai App Block Manifest
|
|
5
|
-
"description": "
|
|
4
|
+
"title": "Civitai App Block Manifest",
|
|
5
|
+
"description": "THE canonical, server-published schema for block.manifest.json — the ONLY mandatory file in a Civitai App Block. Published at https://civitai.com/schemas/app-block/v1.json. This is the single source of truth for the block manifest contract: the platform's server-side validator (src/server/services/block-manifest-validator.service.ts) and the `civitai` CLI both validate against these same rules. Set this URL as your manifest's `$schema` for editor validation.",
|
|
6
6
|
"type": "object",
|
|
7
|
-
"required": [
|
|
8
|
-
"$schema",
|
|
9
|
-
"appId",
|
|
10
|
-
"blockId",
|
|
11
|
-
"version",
|
|
12
|
-
"name",
|
|
13
|
-
"type",
|
|
14
|
-
"targets",
|
|
15
|
-
"scopes",
|
|
16
|
-
"iframe",
|
|
17
|
-
"contentRating",
|
|
18
|
-
"minApiVersion"
|
|
19
|
-
],
|
|
20
|
-
"additionalProperties": true,
|
|
7
|
+
"required": ["blockId", "version", "name", "contentRating", "scopes"],
|
|
21
8
|
"properties": {
|
|
22
9
|
"$schema": {
|
|
23
10
|
"type": "string",
|
|
24
|
-
"
|
|
25
|
-
},
|
|
26
|
-
"appId": {
|
|
27
|
-
"type": "string",
|
|
28
|
-
"minLength": 1
|
|
11
|
+
"description": "Optional JSON-Schema reference; ignored by the platform validator."
|
|
29
12
|
},
|
|
30
13
|
"blockId": {
|
|
31
14
|
"type": "string",
|
|
32
|
-
"
|
|
33
|
-
"
|
|
15
|
+
"description": "The block slug. Becomes the canonical submission slug. Lowercase, starts with a letter, hyphen-separated, 3-40 chars.",
|
|
16
|
+
"minLength": 3,
|
|
17
|
+
"maxLength": 40,
|
|
18
|
+
"pattern": "^[a-z][a-z0-9-]*[a-z0-9]$"
|
|
34
19
|
},
|
|
35
20
|
"version": {
|
|
36
21
|
"type": "string",
|
|
37
|
-
"
|
|
38
|
-
"
|
|
22
|
+
"description": "Semantic version (x.y.z, optional -prerelease).",
|
|
23
|
+
"minLength": 1,
|
|
24
|
+
"pattern": "^\\d+\\.\\d+\\.\\d+(-[0-9A-Za-z.-]+)?$"
|
|
39
25
|
},
|
|
40
26
|
"name": {
|
|
41
27
|
"type": "string",
|
|
42
|
-
"
|
|
43
|
-
"
|
|
28
|
+
"description": "Human-readable display name. The server only requires a non-empty string (no length cap), so the CLI does not impose one either.",
|
|
29
|
+
"minLength": 1
|
|
44
30
|
},
|
|
45
31
|
"type": {
|
|
46
32
|
"type": "string",
|
|
47
|
-
"
|
|
33
|
+
"description": "Free-form descriptor used by some examples (e.g. \"block\"). Not validated by the platform.",
|
|
34
|
+
"enum": ["block"]
|
|
48
35
|
},
|
|
49
|
-
"
|
|
36
|
+
"contentRating": {
|
|
37
|
+
"type": "string",
|
|
38
|
+
"description": "Content rating of the app surface.",
|
|
39
|
+
"enum": ["g", "pg", "pg13", "r", "x"]
|
|
40
|
+
},
|
|
41
|
+
"renderMode": {
|
|
42
|
+
"type": "string",
|
|
43
|
+
"description": "How the block renders. Defaults to \"iframe\". \"inline\"/\"hybrid\" require a verified/internal trust tier (server-assigned), so authors should leave this as iframe.",
|
|
44
|
+
"enum": ["iframe", "inline", "hybrid"]
|
|
45
|
+
},
|
|
46
|
+
"trustTier": {
|
|
47
|
+
"type": "string",
|
|
48
|
+
"description": "SERVER-OWNED. Do NOT set this in your manifest — the platform assigns the trust tier during review. Present here only to reject dev-set values.",
|
|
49
|
+
"$comment": "Rejected via 'not' below.",
|
|
50
|
+
"enum": ["unverified", "verified", "internal"]
|
|
51
|
+
},
|
|
52
|
+
"scopes": {
|
|
50
53
|
"type": "array",
|
|
51
|
-
"
|
|
54
|
+
"description": "Capabilities the block requests. Must be a strict subset of what review grants. Each scope is lowercase colon-separated.",
|
|
52
55
|
"items": {
|
|
53
|
-
"type": "
|
|
54
|
-
"
|
|
55
|
-
|
|
56
|
-
"
|
|
57
|
-
"
|
|
58
|
-
"
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
56
|
+
"type": "string",
|
|
57
|
+
"enum": [
|
|
58
|
+
"models:read:self",
|
|
59
|
+
"media:read:owned",
|
|
60
|
+
"user:read:self",
|
|
61
|
+
"ai:write:budgeted",
|
|
62
|
+
"buzz:read:self",
|
|
63
|
+
"block:settings:read",
|
|
64
|
+
"block:settings:write",
|
|
65
|
+
"social:tip:self",
|
|
66
|
+
"apps:storage:read",
|
|
67
|
+
"apps:storage:write"
|
|
68
|
+
]
|
|
63
69
|
}
|
|
64
70
|
},
|
|
65
|
-
"
|
|
71
|
+
"minApiVersion": {
|
|
72
|
+
"type": "string",
|
|
73
|
+
"description": "Minimum App SDK API version the block targets (informational).",
|
|
74
|
+
"pattern": "^\\d+(\\.\\d+)*$"
|
|
75
|
+
},
|
|
76
|
+
"buildCommand": {
|
|
77
|
+
"type": "string",
|
|
78
|
+
"description": "Config-as-code: command the platform runs to build the static bundle (e.g. \"npm run build\"). Omit for no-build (static) apps. When set, outputDir must also be set.",
|
|
79
|
+
"minLength": 1,
|
|
80
|
+
"maxLength": 256
|
|
81
|
+
},
|
|
82
|
+
"outputDir": {
|
|
83
|
+
"type": "string",
|
|
84
|
+
"description": "Config-as-code: directory (relative to the project root) the buildCommand emits static files into (e.g. \"dist\"). Required when buildCommand is set.",
|
|
85
|
+
"minLength": 1,
|
|
86
|
+
"maxLength": 256,
|
|
87
|
+
"pattern": "^[^/].*"
|
|
88
|
+
},
|
|
89
|
+
"publicSettingsKeys": {
|
|
66
90
|
"type": "array",
|
|
67
|
-
"
|
|
91
|
+
"description": "Allowlist of settings keys exposed to anonymous viewers. Default (omitted) = none exposed.",
|
|
92
|
+
"maxItems": 32,
|
|
68
93
|
"items": {
|
|
69
94
|
"type": "string",
|
|
70
|
-
"
|
|
71
|
-
"
|
|
95
|
+
"minLength": 1,
|
|
96
|
+
"maxLength": 64
|
|
72
97
|
}
|
|
73
98
|
},
|
|
99
|
+
"assetBundleUrl": {
|
|
100
|
+
"type": "string",
|
|
101
|
+
"description": "Optional v2 surface — HTTPS URL to a hosted asset bundle. Must be a public https URL.",
|
|
102
|
+
"format": "uri",
|
|
103
|
+
"pattern": "^https://"
|
|
104
|
+
},
|
|
74
105
|
"iframe": {
|
|
75
106
|
"type": "object",
|
|
76
|
-
"
|
|
107
|
+
"description": "iframe envelope. NOTE: iframe.src is SERVER-OWNED — do NOT set it; the platform stamps the canonical bundle URL during build/approve.",
|
|
108
|
+
"additionalProperties": false,
|
|
77
109
|
"properties": {
|
|
78
110
|
"src": {
|
|
79
|
-
"
|
|
80
|
-
"
|
|
111
|
+
"description": "SERVER-OWNED. Do NOT set iframe.src — the platform assigns it. Present here only so the schema can reject dev-set values.",
|
|
112
|
+
"$comment": "Rejected via 'not' below."
|
|
113
|
+
},
|
|
114
|
+
"minHeight": {
|
|
115
|
+
"type": "integer",
|
|
116
|
+
"description": "Minimum iframe height in px.",
|
|
117
|
+
"minimum": 40,
|
|
118
|
+
"maximum": 4000
|
|
119
|
+
},
|
|
120
|
+
"maxHeight": {
|
|
121
|
+
"description": "Maximum iframe height in px, or null for unbounded.",
|
|
122
|
+
"type": ["integer", "null"],
|
|
123
|
+
"minimum": 40,
|
|
124
|
+
"maximum": 4000
|
|
125
|
+
},
|
|
126
|
+
"resizable": {
|
|
127
|
+
"type": "boolean",
|
|
128
|
+
"description": "Whether the host honours RESIZE_IFRAME messages."
|
|
81
129
|
},
|
|
82
|
-
"minHeight": { "type": "integer", "exclusiveMinimum": 0 },
|
|
83
|
-
"maxHeight": { "type": ["integer", "null"] },
|
|
84
|
-
"resizable": { "type": "boolean" },
|
|
85
130
|
"sandbox": {
|
|
86
131
|
"type": "string",
|
|
87
|
-
"
|
|
88
|
-
|
|
89
|
-
"not": { "pattern": "(^|\\s)allow-same-origin(\\s|$)" },
|
|
90
|
-
"description": "Must not contain allow-same-origin — combined with allow-scripts it defeats the sandbox."
|
|
91
|
-
},
|
|
92
|
-
{
|
|
93
|
-
"not": { "pattern": "(^|\\s)allow-top-navigation(\\s|$)" },
|
|
94
|
-
"description": "Must not contain allow-top-navigation — use the NAVIGATE postMessage instead."
|
|
95
|
-
},
|
|
96
|
-
{
|
|
97
|
-
"not": { "pattern": "(^|\\s)allow-top-navigation-by-user-activation(\\s|$)" },
|
|
98
|
-
"description": "Must not contain allow-top-navigation-by-user-activation — same threat as allow-top-navigation, gated on a user gesture."
|
|
99
|
-
},
|
|
100
|
-
{
|
|
101
|
-
"not": { "pattern": "(^|\\s)allow-top-navigation-to-custom-protocols(\\s|$)" },
|
|
102
|
-
"description": "Must not contain allow-top-navigation-to-custom-protocols — same threat as allow-top-navigation, restricted to non-fetch schemes."
|
|
103
|
-
}
|
|
104
|
-
]
|
|
132
|
+
"description": "Space-separated iframe sandbox tokens. Unverified tier allows only: allow-scripts, allow-forms. Never combine allow-same-origin with allow-scripts.",
|
|
133
|
+
"minLength": 1
|
|
105
134
|
}
|
|
106
135
|
}
|
|
107
136
|
},
|
|
108
|
-
"
|
|
109
|
-
"type": "
|
|
110
|
-
"
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
"
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
137
|
+
"page": {
|
|
138
|
+
"type": "object",
|
|
139
|
+
"description": "Full-page surface descriptor (W10). Page apps mount at /apps/run/<slug>.",
|
|
140
|
+
"additionalProperties": false,
|
|
141
|
+
"required": ["path", "title"],
|
|
142
|
+
"properties": {
|
|
143
|
+
"path": {
|
|
144
|
+
"type": "string",
|
|
145
|
+
"description": "Sub-path the page mounts at; must start with '/'.",
|
|
146
|
+
"minLength": 1,
|
|
147
|
+
"maxLength": 256,
|
|
148
|
+
"pattern": "^/"
|
|
149
|
+
},
|
|
150
|
+
"title": {
|
|
151
|
+
"type": "string",
|
|
152
|
+
"description": "Title shown in host chrome.",
|
|
153
|
+
"minLength": 1,
|
|
154
|
+
"maxLength": 128
|
|
155
|
+
},
|
|
156
|
+
"icon": {
|
|
157
|
+
"type": "string",
|
|
158
|
+
"description": "Optional icon name.",
|
|
159
|
+
"maxLength": 128
|
|
160
|
+
},
|
|
161
|
+
"buzzBudgetPerGen": {
|
|
162
|
+
"type": "integer",
|
|
163
|
+
"description": "Optional per-generation Buzz budget for ai:write:budgeted tokens. Positive integer; server-clamped to the per-gen cap.",
|
|
164
|
+
"exclusiveMinimum": 0
|
|
119
165
|
}
|
|
120
166
|
}
|
|
121
167
|
},
|
|
122
|
-
"
|
|
168
|
+
"targets": {
|
|
123
169
|
"type": "array",
|
|
170
|
+
"description": "Model-page slot targets. Each target's slotId must be a known registered model slot (not the page slot). Optional for page-only apps.",
|
|
171
|
+
"maxItems": 16,
|
|
124
172
|
"items": {
|
|
125
173
|
"type": "object",
|
|
126
|
-
"required": ["
|
|
174
|
+
"required": ["slotId"],
|
|
127
175
|
"properties": {
|
|
128
|
-
"
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
"options": {
|
|
133
|
-
"type": "array",
|
|
134
|
-
"items": {
|
|
135
|
-
"type": "object",
|
|
136
|
-
"required": ["value", "label"],
|
|
137
|
-
"properties": {
|
|
138
|
-
"value": { "type": "string" },
|
|
139
|
-
"label": { "type": "string" }
|
|
140
|
-
}
|
|
141
|
-
}
|
|
142
|
-
},
|
|
143
|
-
"min": { "type": "number" },
|
|
144
|
-
"max": { "type": "number" },
|
|
145
|
-
"required": { "type": "boolean" }
|
|
146
|
-
}
|
|
147
|
-
}
|
|
148
|
-
},
|
|
149
|
-
"contentRating": {
|
|
150
|
-
"type": "string",
|
|
151
|
-
"enum": ["g", "pg", "pg13", "r", "x"]
|
|
152
|
-
},
|
|
153
|
-
"preview": {
|
|
154
|
-
"type": "object",
|
|
155
|
-
"required": ["thumbnail", "description"],
|
|
156
|
-
"properties": {
|
|
157
|
-
"thumbnail": { "type": "string" },
|
|
158
|
-
"description": { "type": "string" },
|
|
159
|
-
"screenshots": {
|
|
160
|
-
"type": "array",
|
|
161
|
-
"items": { "type": "string" }
|
|
176
|
+
"slotId": {
|
|
177
|
+
"type": "string",
|
|
178
|
+
"minLength": 1
|
|
179
|
+
}
|
|
162
180
|
}
|
|
163
181
|
}
|
|
164
|
-
}
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
"
|
|
169
|
-
"
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
"properties": {
|
|
175
|
-
"url": { "type": ["string", "null"] },
|
|
176
|
-
"sha256": { "type": ["string", "null"] }
|
|
182
|
+
}
|
|
183
|
+
},
|
|
184
|
+
"allOf": [
|
|
185
|
+
{
|
|
186
|
+
"$comment": "outputDir is required whenever buildCommand is set. NOTE: the server-owned iframe.src and trustTier fields are rejected by the platform validator (and the CLI in Go) with clearer error messages than JSON Schema's `not`; they are declared in `properties` above only so the schema documents them.",
|
|
187
|
+
"if": {
|
|
188
|
+
"required": ["buildCommand"]
|
|
189
|
+
},
|
|
190
|
+
"then": {
|
|
191
|
+
"required": ["outputDir"]
|
|
177
192
|
}
|
|
178
|
-
},
|
|
179
|
-
"trustTier": {
|
|
180
|
-
"type": "string",
|
|
181
|
-
"enum": ["unverified", "verified", "internal"]
|
|
182
193
|
}
|
|
183
|
-
|
|
194
|
+
]
|
|
184
195
|
}
|