@colixsystems/widget-sdk 0.3.0 → 0.6.0

package/README.md

@@ -6,11 +6,47 @@ See the design reference for the full architecture: [`docs/architecture/widget-m
 
 ## Status
 
-`v0.3.0` — pre-publish. The package surface (types, function names, export paths) is the v1 contract; runtime behaviour for some hooks is stubbed (each hook documents what's wired and what isn't). It is **not yet published to npm**.
+`v0.6.0` — pre-publish. The package surface (types, function names, export paths) is the v1 contract; runtime behaviour for some hooks is stubbed (each hook documents what's wired and what isn't). It is **not yet published to npm**.
 
-### What's new in 0.3.0
+### What's new in 0.6.0
 
-Additive: `WidgetManifest` now carries an optional `datastoreTemplate` field. When a tenant installs a widget that declares one, the table set is seeded into their workspace alongside the install. Tables follow the existing built-in template semantics (auto-suffixed naming, REQ-ACL-05 creator-grants, REQ-TEMPLATES-ACL public grants, REQ-ACL-RELINHERIT cross-relation inheritance) and persist when the widget is later uninstalled. See `WidgetDatastoreTemplate` in `src/index.d.ts` for the structural constraints — at most 8 tables per widget, 24 columns per table, RELATION columns address siblings by `suffix`.
+- **Primitives are now React Native through-and-through.** Web (Studio + Player) bundles with `react-native-web`; native (exported Expo app) uses the real `react-native`. The hand-written DOM wrappers in `primitives.js` are gone — both web and native files are now one-line re-exports from `react-native`. The widget API surface is unchanged for the components that already existed (`Text`, `View`, `Pressable`, `Image`, `ScrollView`, `TextInput`), so existing 0.5.0 widgets keep running without source edits.
+- **More primitives available for free.** `FlatList`, `SectionList`, `ActivityIndicator`, `Switch`, and `StyleSheet` are now exported alongside the original five. Authors who want them just import from `@colixsystems/widget-sdk` like any other primitive.
+- **Per-component API docs link out to React Native.** The Developer Widgets page and the AI agent's system prompt now point at https://reactnative.dev/docs/<component> for prop details instead of duplicating them in the SDK contract. Less drift, more breadth (every RN prop — `accessibilityLabel`, `testID`, gesture handlers, …, works without explicit allowlisting).
+- **Adding a new primitive is now a single edit.** Append the export name to `primitives.js` + `primitives.native.js` + the `CONTRACT.primitives` array. No web/native implementation split.
+- **New peer dep.** `react-native-web >=0.19.0` (optional, marked under `peerDependenciesMeta`). The web bundler picks it up via an alias (`react-native` → `react-native-web` in the host's Vite / webpack config); the native bundler ignores it.
+
+### What was in 0.5.0
+
+- **`TextInput` primitive.** Cross-platform controlled text field — web maps to `<input type="text">` (or `<textarea>` when `multiline` is true), native maps to `react-native` `TextInput`. Props: `value`, `onChangeText`, `placeholder`, `multiline`, `rows`, `disabled`, `style`. Fixes the gap that forced widgets to fall back to raw `<textarea>` (web-only). The AI Widget Agent's system prompt now documents this primitive.
+- **`useDatastoreMutation(...).update(id, partial)` is wired.** Hits `PATCH /api/v1/tables/:tableId/records/:id`, which now exists on the backend (REQ-DML-PATCH). Partial-update semantics — only the supplied columns are mutated, the rest of the row is left intact. MANY_TO_MANY relations follow replace-set semantics when supplied; omitting the column leaves the existing links alone. Constraint enforcement (REQ-CONS-04) runs against the merged row, excluding self so a re-affirm doesn't trip its own UNIQUE.
+
+### What was in 0.4.1
+
+- **`useDatastoreQuery` returns a stable `refetch` identity.** The hook no longer rebinds the underlying callback when the host's `WidgetContext` value (a fresh object identity on every render in Studio + PageRenderer) changes. Widgets that put `refetch` in a `useEffect` dep array no longer loop.
+
+### What's new in 0.4.0
+
+- **`CONTRACT` is now a named export.** A frozen object literal describing the SDK surface every consumer (LLM system prompt, static analyzer, host builder, contract tests) derives from instead of declaring its own copy. See `docs/design/ai-widget-contract.md` for the full design and `src/contract.js` for the source. The contract carries:
+
+  - `hooks` — name, signature, return shape, required `WidgetContext` slices, manifest scopes.
+  - `primitives` — the cross-platform primitive list (names + the React Native component each one backs).
+  - `manifestSchema` — the authoritative `WidgetManifest` field list (with `id` and `minAppStudioVersion`, not the legacy `manifestId` / `minAppStudioVer`).
+  - `themeTokens` — the default `useTheme()` payload.
+  - `widgetContextShape` — what the host must populate.
+  - `bundleExportContract` — the two default-export shapes the loader accepts.
+  - `bannedApis` — the global allowlist gate.
+  - `allowedBareImports` — `react`, `@colixsystems/widget-sdk`.
+
+- **`useDatastoreQuery` is now stateful.** Returns `{ data, loading, error, refetch }`. Previously the hook returned the raw `list(...)` promise; widgets that called `.map(...)` synchronously on the result threw on first render. Migration: replace `const rows = useDatastoreQuery(...)` with `const { data, loading, error } = useDatastoreQuery(...)`. `data` is always an array (empty when the table is unbound or loading).
+
+- **`DatastoreError` is now a named export.** Mutations throw a structured `DatastoreError` with `.code` (`VALIDATION` / `CONSTRAINT_VIOLATION` / `FORBIDDEN` / `NOT_FOUND` / `INTERNAL`) and an optional `.fieldErrors` map populated from the host's 422 payload. Widgets can branch on `err.code` without parsing axios messages.
+
+- **`useI18n().t` now honours `fallback`.** `t(key, fallback)` returns `fallback` when the host's translation table has no entry for `key`.
+
+### What was in 0.3.0
+
+Additive: `WidgetManifest` carries an optional `datastoreTemplate` field. When a tenant installs a widget that declares one, the table set is seeded into their workspace alongside the install. Tables follow the existing built-in template semantics (auto-suffixed naming, REQ-ACL-05 creator-grants, REQ-TEMPLATES-ACL public grants, REQ-ACL-RELINHERIT cross-relation inheritance) and persist when the widget is later uninstalled. See `WidgetDatastoreTemplate` in `src/index.d.ts` for the structural constraints — at most 8 tables per widget, 24 columns per table, RELATION columns address siblings by `suffix`.
 
 ## Public API
 
@@ -21,7 +57,7 @@ import { defineWidget, validateManifest, useDatastoreQuery, Text, View } from "@
 - `defineWidget({ manifest, component })` — validates the manifest and produces a widget module the host can register.
 - `validateManifest(m)` / `validatePropertySchema(s)` / `validateProps(schema, props)` — shape validation; no third-party deps.
 - `useDatastoreQuery`, `useDatastoreMutation`, `useWidgetEvent`, `useTheme`, `useI18n` — hooks that read from the host-provided `WidgetContext`.
-- `Text`, `View`, `Pressable`, `Image`, `ScrollView` — platform-aware primitives. Web entry maps them to DOM elements; the `react-native` entry maps them to React Native components.
+- `Text`, `View`, `Pressable`, `Image`, `ScrollView`, `TextInput`, `FlatList`, `SectionList`, `ActivityIndicator`, `Switch`, `StyleSheet` — re-exported from `react-native`. The web build aliases `react-native` to `react-native-web` so widgets render in the browser without any per-platform code; the exported Expo app's Metro bundler resolves the real `react-native` library. See https://reactnative.dev/docs/ for per-component props.
 - `WidgetContextProvider` — React context provider that the host (Studio, Player, exported app) wraps widgets with.
 
 ## Linter

package/dist/_theme-tokens.js

@@ -0,0 +1,10 @@
+// Re-export of the default theme tokens from the canonical contract data.
+// Exists so the frontend's `widgetTheme.js` can keep its existing
+// `DEFAULT_THEME_TOKENS` named export without reaching into the contract
+// path itself. The values are the same Object.freeze'd reference as
+// CONTRACT.themeTokens — assertion #6 in the contract test relies on
+// referential identity.
+
+import { CONTRACT } from "./contract.js";
+
+export const DEFAULT_THEME_TOKENS = CONTRACT.themeTokens;

package/dist/contract.cjs

@@ -0,0 +1,433 @@
+// CommonJS-flavoured copy of the contract data so backend services (CJS
+// runtime) can `require()` it directly without dynamic import gymnastics.
+//
+// The ESM `contract.js` re-exports the SAME object as the `CONTRACT` named
+// export. The contract test asserts the two are identical (deep-equal) so
+// drift between this file and the ESM source-of-truth is caught in CI.
+//
+// Keep edits in lockstep between `contract.cjs` and `contract.js`. The
+// SDK build script copies both into `dist/`.
+
+const DEFAULT_THEME_TOKENS = Object.freeze({
+  colors: Object.freeze({
+    primary: "#ff6b5b",
+    onPrimary: "#ffffff",
+    surface: "#ffffff",
+    onSurface: "#111827",
+    surfaceMuted: "#f8fafc",
+    onSurfaceMuted: "#475569",
+    border: "#e2e8f0",
+    danger: "#dc2626",
+    success: "#059669",
+    warning: "#d97706",
+    info: "#0284c7",
+  }),
+  spacing: Object.freeze({ xs: 4, sm: 8, md: 16, lg: 24, xl: 32 }),
+  radii: Object.freeze({ sm: 4, md: 8, lg: 16, pill: 9999 }),
+  typography: Object.freeze({
+    fontFamily:
+      'ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif',
+    sizes: Object.freeze({ xs: 12, sm: 14, md: 16, lg: 20, xl: 24, xxl: 32 }),
+  }),
+});
+
+const HOOKS = [
+  {
+    name: "useTheme",
+    signature: "useTheme()",
+    returnShape: {
+      colors:
+        "{ primary, onPrimary, surface, onSurface, surfaceMuted, onSurfaceMuted, border, danger, success, warning, info }",
+      spacing: "{ xs, sm, md, lg, xl }",
+      radii: "{ sm, md, lg, pill }",
+      typography: "{ fontFamily, sizes: { xs, sm, md, lg, xl, xxl } }",
+    },
+    requiredContextSlice: ["workspace.theme"],
+    scopes: null,
+  },
+  {
+    name: "useI18n",
+    signature: "useI18n()",
+    returnShape: {
+      t: "(key: string, fallback?: string) => string",
+      locale: "string",
+    },
+    requiredContextSlice: ["i18n.t", "i18n.locale"],
+    scopes: null,
+  },
+  {
+    name: "useDatastoreQuery",
+    signature: "useDatastoreQuery(tableId, options?)",
+    returnShape: {
+      data: "Record[]",
+      loading: "boolean",
+      error: "DatastoreError | null",
+      refetch: "() => Promise<void>",
+    },
+    requiredContextSlice: ["datastore.records"],
+    scopes: ["datastore.read:*"],
+  },
+  {
+    name: "useDatastoreMutation",
+    signature: "useDatastoreMutation(tableId)",
+    returnShape: {
+      create: "(record) => Promise<Record>  // rejects with DatastoreError",
+      update: "(id, partial) => Promise<Record>  // rejects with DatastoreError",
+      delete: "(id) => Promise<void>  // rejects with DatastoreError",
+    },
+    requiredContextSlice: ["datastore.records"],
+    scopes: ["datastore.write:*"],
+  },
+  {
+    name: "useWidgetEvent",
+    signature: "useWidgetEvent(eventName)",
+    returnShape: { emit: "(payload?) => void" },
+    requiredContextSlice: ["events.emit"],
+    scopes: null,
+  },
+];
+
+// REQ-WSDK-RN-WEB: the SDK exposes the React Native primitive API
+// (backed by react-native-web on the browser, by react-native on the
+// exported Expo app). The contract describes the *cross-platform
+// subset* the SDK re-exports; the per-prop reference for each
+// component is whatever React Native documents. Adding a new primitive
+// = add the name to `./primitives.js` + `./primitives.native.js` (both
+// one-line re-exports) and append it to this list.
+const PRIMITIVES = [
+  {
+    name: "Text",
+    description:
+      "Text node. Backed by react-native Text (web: react-native-web maps to a styled <div>). See https://reactnative.dev/docs/text.",
+    rnComponent: "Text",
+    docsUrl: "https://reactnative.dev/docs/text",
+  },
+  {
+    name: "View",
+    description:
+      "Block container. Backed by react-native View. The cross-platform equivalent of a <div>. See https://reactnative.dev/docs/view.",
+    rnComponent: "View",
+    docsUrl: "https://reactnative.dev/docs/view",
+  },
+  {
+    name: "Pressable",
+    description:
+      "Tappable / clickable wrapper. Use `onPress` (NOT `onClick`). See https://reactnative.dev/docs/pressable.",
+    rnComponent: "Pressable",
+    docsUrl: "https://reactnative.dev/docs/pressable",
+  },
+  {
+    name: "Image",
+    description:
+      "Image. `source` accepts `{ uri }` or a string URL. See https://reactnative.dev/docs/image.",
+    rnComponent: "Image",
+    docsUrl: "https://reactnative.dev/docs/image",
+  },
+  {
+    name: "ScrollView",
+    description:
+      "Scrollable container. Pass `horizontal` to scroll on the x-axis. See https://reactnative.dev/docs/scrollview.",
+    rnComponent: "ScrollView",
+    docsUrl: "https://reactnative.dev/docs/scrollview",
+  },
+  {
+    name: "TextInput",
+    description:
+      "Single-line or multi-line text field. Controlled — pass `value` + `onChangeText`. Set `multiline` for a textarea-style field (`numberOfLines` controls visible rows). See https://reactnative.dev/docs/textinput.",
+    rnComponent: "TextInput",
+    docsUrl: "https://reactnative.dev/docs/textinput",
+  },
+  {
+    name: "FlatList",
+    description:
+      "Virtualised list. Render large arrays without paying for every row up front. Required props: `data`, `renderItem`, `keyExtractor`. See https://reactnative.dev/docs/flatlist.",
+    rnComponent: "FlatList",
+    docsUrl: "https://reactnative.dev/docs/flatlist",
+  },
+  {
+    name: "SectionList",
+    description:
+      "Like FlatList but grouped by section header. See https://reactnative.dev/docs/sectionlist.",
+    rnComponent: "SectionList",
+    docsUrl: "https://reactnative.dev/docs/sectionlist",
+  },
+  {
+    name: "ActivityIndicator",
+    description:
+      "Loading spinner. See https://reactnative.dev/docs/activityindicator.",
+    rnComponent: "ActivityIndicator",
+    docsUrl: "https://reactnative.dev/docs/activityindicator",
+  },
+  {
+    name: "Switch",
+    description:
+      "Toggle. Controlled — `value` + `onValueChange`. See https://reactnative.dev/docs/switch.",
+    rnComponent: "Switch",
+    docsUrl: "https://reactnative.dev/docs/switch",
+  },
+  {
+    name: "StyleSheet",
+    description:
+      "Helper for building style objects. `StyleSheet.create({ ... })` returns the same shape you can pass to `style={...}`. See https://reactnative.dev/docs/stylesheet.",
+    rnComponent: "StyleSheet",
+    docsUrl: "https://reactnative.dev/docs/stylesheet",
+  },
+];
+
+const CATEGORIES = [
+  "INPUT",
+  "DISPLAY",
+  "LAYOUT",
+  "DATA",
+  "MEDIA",
+  "COMMUNICATION",
+  "CUSTOM",
+];
+const PLATFORMS = ["web", "native"];
+
+// Reverse-DNS-ish manifest id, e.g. "com.acme.charts.barchart". Two or
+// more labels, lowercase alnum + hyphen, label starts with a letter. The
+// analyzer + the SDK validator both read this from the contract so a
+// rename / relaxation can only happen in one place.
+const MANIFEST_ID_PATTERN = /^[a-z][a-z0-9-]*(\.[a-z][a-z0-9-]*)+$/;
+
+const MANIFEST_SCHEMA = {
+  id: {
+    type: "string",
+    required: true,
+    description: "Reverse-DNS identifier, e.g. com.acme.hello.",
+    example: "com.acme.hello",
+    pattern: MANIFEST_ID_PATTERN,
+  },
+  name: {
+    type: "string",
+    required: true,
+    description: "Human-readable widget name.",
+  },
+  version: {
+    type: "string",
+    required: true,
+    description: "Semver. Patch bump per publish unless author overrides.",
+    example: "1.0.0",
+  },
+  category: {
+    type: "enum",
+    required: true,
+    description:
+      "One of " + CATEGORIES.join(", ") + ". Drives the palette section.",
+    values: CATEGORIES,
+  },
+  icon: {
+    type: "string",
+    required: true,
+    description: "Icon identifier, e.g. lucide:sparkles.",
+    default: "lucide:sparkles",
+  },
+  description: {
+    type: "string",
+    required: true,
+    description: "1-2 sentence storefront description.",
+  },
+  author: {
+    type: "object",
+    required: true,
+    description: "{ name: string, url?: string, email?: string }",
+  },
+  supportedPlatforms: {
+    type: "string[]",
+    required: true,
+    description: "Subset of " + PLATFORMS.join(", ") + ".",
+    default: ["web"],
+  },
+  minAppStudioVersion: {
+    type: "string",
+    required: true,
+    description: "Semver range, e.g. >=2.4.0.",
+    default: ">=0.1.0",
+  },
+  requestedScopes: {
+    type: "string[]",
+    required: true,
+    description:
+      "Permission scopes; use [] unless the widget reads/writes data.",
+    default: [],
+  },
+  propertySchema: {
+    type: "object",
+    required: true,
+    description: "Map of prop name to property definition.",
+    default: {},
+  },
+  events: {
+    type: "object[]",
+    required: true,
+    description: "Declared events. Each entry { name, payloadSchema? }.",
+    default: [],
+  },
+};
+
+const WIDGET_CONTEXT_SHAPE = {
+  props: {
+    description:
+      "Resolved property values, shape per manifest.propertySchema.",
+    required: true,
+    fields: {},
+  },
+  widget: {
+    description:
+      "Identity of the currently rendered widget instance ({ id, version }).",
+    required: true,
+    fields: { id: "manifest.id", version: "manifest.version" },
+  },
+  user: {
+    description: "Signed-in user ({ id, email, displayName }).",
+    required: true,
+    fields: { id: "string", email: "string", displayName: "string" },
+  },
+  workspace: {
+    description:
+      "Workspace identity + resolved theme ({ id, slug, theme, locale }).",
+    required: true,
+    fields: {
+      id: "string",
+      slug: "string",
+      theme: "ThemeTokens",
+      locale: "string",
+    },
+  },
+  navigation: {
+    description: "{ push(path), replace(path), back() }.",
+    required: true,
+    fields: { push: "function", replace: "function", back: "function" },
+  },
+  datastore: {
+    description:
+      "{ records(table) -> { list(query?), get(id), create(values), update(id, values), delete(id) } }.",
+    required: true,
+    fields: { records: "function" },
+  },
+  events: {
+    description: "{ emit(name, payload) }.",
+    required: true,
+    fields: { emit: "function" },
+  },
+  i18n: {
+    description: "{ t(key, fallback?), locale }.",
+    required: true,
+    fields: { t: "function", locale: "string" },
+  },
+  logger: {
+    description:
+      "{ debug, info, warn, error } — host-routed; never use console.*.",
+    required: true,
+    fields: {
+      debug: "function",
+      info: "function",
+      warn: "function",
+      error: "function",
+    },
+  },
+};
+
+const BUNDLE_EXPORT_CONTRACT = [
+  {
+    name: "wrapped",
+    description:
+      "default export = defineWidget({ manifest, component }) → resolves to { manifest, component, _kind: 'widget' }. Public marketplace widgets.",
+    predicate:
+      "typeof mod.default === 'object' && typeof mod.default.component === 'function' && typeof mod.default.manifest === 'object'",
+    manifestSource: "mod.default.manifest",
+    audience: "public-marketplace",
+  },
+  {
+    name: "bare-component",
+    description:
+      "default export = function MyWidget(props) {...} → host pairs it with the installation's pinnedVersion.manifestJson. AI-agent widgets.",
+    predicate: "typeof mod.default === 'function'",
+    manifestSource: "installation.pinnedVersion.manifestJson",
+    audience: "ai-agent",
+  },
+];
+
+const BANNED_APIS = [
+  { identifier: "eval", reason: "Arbitrary code evaluation." },
+  {
+    identifier: "Function",
+    reason: "Function() constructor evaluates strings.",
+  },
+  {
+    identifier: "new Function",
+    reason: "Function() constructor evaluates strings.",
+  },
+  { identifier: "window", reason: "Host environment escape." },
+  {
+    identifier: "document",
+    reason: "Host environment escape; use SDK primitives.",
+  },
+  {
+    identifier: "process",
+    reason: "Node global; unavailable in the browser, banned for parity.",
+  },
+  {
+    identifier: "localStorage",
+    reason: "Bypasses host data model; not portable to native.",
+  },
+  {
+    identifier: "sessionStorage",
+    reason: "Same reason as localStorage.",
+  },
+  {
+    identifier: "fetch",
+    reason:
+      "Direct network calls bypass the datastore client + tenant auth.",
+  },
+  {
+    identifier: "XMLHttpRequest",
+    reason:
+      "Direct network calls bypass the datastore client + tenant auth.",
+  },
+  {
+    identifier: "import(",
+    reason: "Dynamic import bypasses the loader's allowlist.",
+  },
+  { identifier: "globalThis", reason: "Host environment escape." },
+];
+
+const ALLOWED_BARE_IMPORTS = ["react", "@colixsystems/widget-sdk"];
+
+function deepFreeze(value) {
+  if (value === null || typeof value !== "object") return value;
+  if (Object.isFrozen(value)) return value;
+  for (const key of Object.keys(value)) deepFreeze(value[key]);
+  return Object.freeze(value);
+}
+
+const CONTRACT = deepFreeze({
+  version: "1.0.0",
+  hooks: HOOKS,
+  primitives: PRIMITIVES,
+  manifestSchema: MANIFEST_SCHEMA,
+  manifestCategories: CATEGORIES,
+  manifestPlatforms: PLATFORMS,
+  themeTokens: DEFAULT_THEME_TOKENS,
+  widgetContextShape: WIDGET_CONTEXT_SHAPE,
+  bundleExportContract: BUNDLE_EXPORT_CONTRACT,
+  bannedApis: BANNED_APIS,
+  allowedBareImports: ALLOWED_BARE_IMPORTS,
+});
+
+function isHookAllowed(name) {
+  return CONTRACT.hooks.some((h) => h.name === name);
+}
+
+function requiredContextKeys() {
+  const keys = new Set();
+  for (const hook of CONTRACT.hooks) {
+    for (const dotPath of hook.requiredContextSlice) {
+      keys.add(dotPath.split(".")[0]);
+    }
+  }
+  return [...keys];
+}
+
+module.exports = { CONTRACT, isHookAllowed, requiredContextKeys };