npm - @colixsystems/widget-sdk - Versions diffs - 0.3.0 → 0.6.0 - Mend

@colixsystems/widget-sdk 0.3.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/README.md +40 -4
package/dist/_theme-tokens.js +10 -0
package/dist/contract.cjs +433 -0
package/dist/contract.js +425 -0
package/dist/hooks.js +259 -23
package/dist/index.d.ts +122 -12
package/dist/index.js +16 -2
package/dist/index.native.js +16 -2
package/dist/linter.cjs +104 -0
package/dist/linter.js +72 -24
package/dist/manifest.cjs +144 -0
package/dist/manifest.js +47 -36
package/dist/primitives.js +35 -51
package/dist/primitives.native.js +20 -10
package/package.json +13 -3

package/dist/contract.js ADDED Viewed

@@ -0,0 +1,425 @@
+// ESM mirror of contract.cjs. Generated from contract.cjs — keep both in lockstep.
+// runtime) can `require()` it directly without dynamic import gymnastics.
+//
+// The ESM `contract.js` re-exports the SAME object as the `CONTRACT` named
+// export. The contract test asserts the two are identical (deep-equal) so
+// drift between this file and the ESM source-of-truth is caught in CI.
+//
+// Keep edits in lockstep between `contract.cjs` and `contract.js`. The
+// SDK build script copies both into `dist/`.
+const DEFAULT_THEME_TOKENS = Object.freeze({
+  colors: Object.freeze({
+    primary: "#ff6b5b",
+    onPrimary: "#ffffff",
+    surface: "#ffffff",
+    onSurface: "#111827",
+    surfaceMuted: "#f8fafc",
+    onSurfaceMuted: "#475569",
+    border: "#e2e8f0",
+    danger: "#dc2626",
+    success: "#059669",
+    warning: "#d97706",
+    info: "#0284c7",
+  }),
+  spacing: Object.freeze({ xs: 4, sm: 8, md: 16, lg: 24, xl: 32 }),
+  radii: Object.freeze({ sm: 4, md: 8, lg: 16, pill: 9999 }),
+  typography: Object.freeze({
+    fontFamily:
+      'ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif',
+    sizes: Object.freeze({ xs: 12, sm: 14, md: 16, lg: 20, xl: 24, xxl: 32 }),
+  }),
+});
+const HOOKS = [
+  {
+    name: "useTheme",
+    signature: "useTheme()",
+    returnShape: {
+      colors:
+        "{ primary, onPrimary, surface, onSurface, surfaceMuted, onSurfaceMuted, border, danger, success, warning, info }",
+      spacing: "{ xs, sm, md, lg, xl }",
+      radii: "{ sm, md, lg, pill }",
+      typography: "{ fontFamily, sizes: { xs, sm, md, lg, xl, xxl } }",
+    },
+    requiredContextSlice: ["workspace.theme"],
+    scopes: null,
+  },
+  {
+    name: "useI18n",
+    signature: "useI18n()",
+    returnShape: {
+      t: "(key: string, fallback?: string) => string",
+      locale: "string",
+    },
+    requiredContextSlice: ["i18n.t", "i18n.locale"],
+    scopes: null,
+  },
+  {
+    name: "useDatastoreQuery",
+    signature: "useDatastoreQuery(tableId, options?)",
+    returnShape: {
+      data: "Record[]",
+      loading: "boolean",
+      error: "DatastoreError | null",
+      refetch: "() => Promise<void>",
+    },
+    requiredContextSlice: ["datastore.records"],
+    scopes: ["datastore.read:*"],
+  },
+  {
+    name: "useDatastoreMutation",
+    signature: "useDatastoreMutation(tableId)",
+    returnShape: {
+      create: "(record) => Promise<Record>  // rejects with DatastoreError",
+      update:
+        "(id, partial) => Promise<Record>  // rejects with DatastoreError",
+      delete: "(id) => Promise<void>  // rejects with DatastoreError",
+    },
+    requiredContextSlice: ["datastore.records"],
+    scopes: ["datastore.write:*"],
+  },
+  {
+    name: "useWidgetEvent",
+    signature: "useWidgetEvent(eventName)",
+    returnShape: { emit: "(payload?) => void" },
+    requiredContextSlice: ["events.emit"],
+    scopes: null,
+  },
+];
+// REQ-WSDK-RN-WEB: see contract.cjs for the source-of-truth comment.
+const PRIMITIVES = [
+  {
+    name: "Text",
+    description:
+      "Text node. Backed by react-native Text (web: react-native-web maps to a styled <div>). See https://reactnative.dev/docs/text.",
+    rnComponent: "Text",
+    docsUrl: "https://reactnative.dev/docs/text",
+  },
+  {
+    name: "View",
+    description:
+      "Block container. Backed by react-native View. The cross-platform equivalent of a <div>. See https://reactnative.dev/docs/view.",
+    rnComponent: "View",
+    docsUrl: "https://reactnative.dev/docs/view",
+  },
+  {
+    name: "Pressable",
+    description:
+      "Tappable / clickable wrapper. Use `onPress` (NOT `onClick`). See https://reactnative.dev/docs/pressable.",
+    rnComponent: "Pressable",
+    docsUrl: "https://reactnative.dev/docs/pressable",
+  },
+  {
+    name: "Image",
+    description:
+      "Image. `source` accepts `{ uri }` or a string URL. See https://reactnative.dev/docs/image.",
+    rnComponent: "Image",
+    docsUrl: "https://reactnative.dev/docs/image",
+  },
+  {
+    name: "ScrollView",
+    description:
+      "Scrollable container. Pass `horizontal` to scroll on the x-axis. See https://reactnative.dev/docs/scrollview.",
+    rnComponent: "ScrollView",
+    docsUrl: "https://reactnative.dev/docs/scrollview",
+  },
+  {
+    name: "TextInput",
+    description:
+      "Single-line or multi-line text field. Controlled — pass `value` + `onChangeText`. Set `multiline` for a textarea-style field (`numberOfLines` controls visible rows). See https://reactnative.dev/docs/textinput.",
+    rnComponent: "TextInput",
+    docsUrl: "https://reactnative.dev/docs/textinput",
+  },
+  {
+    name: "FlatList",
+    description:
+      "Virtualised list. Render large arrays without paying for every row up front. Required props: `data`, `renderItem`, `keyExtractor`. See https://reactnative.dev/docs/flatlist.",
+    rnComponent: "FlatList",
+    docsUrl: "https://reactnative.dev/docs/flatlist",
+  },
+  {
+    name: "SectionList",
+    description:
+      "Like FlatList but grouped by section header. See https://reactnative.dev/docs/sectionlist.",
+    rnComponent: "SectionList",
+    docsUrl: "https://reactnative.dev/docs/sectionlist",
+  },
+  {
+    name: "ActivityIndicator",
+    description:
+      "Loading spinner. See https://reactnative.dev/docs/activityindicator.",
+    rnComponent: "ActivityIndicator",
+    docsUrl: "https://reactnative.dev/docs/activityindicator",
+  },
+  {
+    name: "Switch",
+    description:
+      "Toggle. Controlled — `value` + `onValueChange`. See https://reactnative.dev/docs/switch.",
+    rnComponent: "Switch",
+    docsUrl: "https://reactnative.dev/docs/switch",
+  },
+  {
+    name: "StyleSheet",
+    description:
+      "Helper for building style objects. `StyleSheet.create({ ... })` returns the same shape you can pass to `style={...}`. See https://reactnative.dev/docs/stylesheet.",
+    rnComponent: "StyleSheet",
+    docsUrl: "https://reactnative.dev/docs/stylesheet",
+  },
+];
+const CATEGORIES = [
+  "INPUT",
+  "DISPLAY",
+  "LAYOUT",
+  "DATA",
+  "MEDIA",
+  "COMMUNICATION",
+  "CUSTOM",
+];
+const PLATFORMS = ["web", "native"];
+// Reverse-DNS-ish manifest id, e.g. "com.acme.charts.barchart". Two or
+// more labels, lowercase alnum + hyphen, label starts with a letter. The
+// analyzer + the SDK validator both read this from the contract so a
+// rename / relaxation can only happen in one place.
+const MANIFEST_ID_PATTERN = /^[a-z][a-z0-9-]*(\.[a-z][a-z0-9-]*)+$/;
+const MANIFEST_SCHEMA = {
+  id: {
+    type: "string",
+    required: true,
+    description: "Reverse-DNS identifier, e.g. com.acme.hello.",
+    example: "com.acme.hello",
+    pattern: MANIFEST_ID_PATTERN,
+  },
+  name: {
+    type: "string",
+    required: true,
+    description: "Human-readable widget name.",
+  },
+  version: {
+    type: "string",
+    required: true,
+    description: "Semver. Patch bump per publish unless author overrides.",
+    example: "1.0.0",
+  },
+  category: {
+    type: "enum",
+    required: true,
+    description:
+      "One of " + CATEGORIES.join(", ") + ". Drives the palette section.",
+    values: CATEGORIES,
+  },
+  icon: {
+    type: "string",
+    required: true,
+    description: "Icon identifier, e.g. lucide:sparkles.",
+    default: "lucide:sparkles",
+  },
+  description: {
+    type: "string",
+    required: true,
+    description: "1-2 sentence storefront description.",
+  },
+  author: {
+    type: "object",
+    required: true,
+    description: "{ name: string, url?: string, email?: string }",
+  },
+  supportedPlatforms: {
+    type: "string[]",
+    required: true,
+    description: "Subset of " + PLATFORMS.join(", ") + ".",
+    default: ["web"],
+  },
+  minAppStudioVersion: {
+    type: "string",
+    required: true,
+    description: "Semver range, e.g. >=2.4.0.",
+    default: ">=0.1.0",
+  },
+  requestedScopes: {
+    type: "string[]",
+    required: true,
+    description:
+      "Permission scopes; use [] unless the widget reads/writes data.",
+    default: [],
+  },
+  propertySchema: {
+    type: "object",
+    required: true,
+    description: "Map of prop name to property definition.",
+    default: {},
+  },
+  events: {
+    type: "object[]",
+    required: true,
+    description: "Declared events. Each entry { name, payloadSchema? }.",
+    default: [],
+  },
+};
+const WIDGET_CONTEXT_SHAPE = {
+  props: {
+    description: "Resolved property values, shape per manifest.propertySchema.",
+    required: true,
+    fields: {},
+  },
+  widget: {
+    description:
+      "Identity of the currently rendered widget instance ({ id, version }).",
+    required: true,
+    fields: { id: "manifest.id", version: "manifest.version" },
+  },
+  user: {
+    description: "Signed-in user ({ id, email, displayName }).",
+    required: true,
+    fields: { id: "string", email: "string", displayName: "string" },
+  },
+  workspace: {
+    description:
+      "Workspace identity + resolved theme ({ id, slug, theme, locale }).",
+    required: true,
+    fields: {
+      id: "string",
+      slug: "string",
+      theme: "ThemeTokens",
+      locale: "string",
+    },
+  },
+  navigation: {
+    description: "{ push(path), replace(path), back() }.",
+    required: true,
+    fields: { push: "function", replace: "function", back: "function" },
+  },
+  datastore: {
+    description:
+      "{ records(table) -> { list(query?), get(id), create(values), update(id, values), delete(id) } }.",
+    required: true,
+    fields: { records: "function" },
+  },
+  events: {
+    description: "{ emit(name, payload) }.",
+    required: true,
+    fields: { emit: "function" },
+  },
+  i18n: {
+    description: "{ t(key, fallback?), locale }.",
+    required: true,
+    fields: { t: "function", locale: "string" },
+  },
+  logger: {
+    description:
+      "{ debug, info, warn, error } — host-routed; never use console.*.",
+    required: true,
+    fields: {
+      debug: "function",
+      info: "function",
+      warn: "function",
+      error: "function",
+    },
+  },
+};
+const BUNDLE_EXPORT_CONTRACT = [
+  {
+    name: "wrapped",
+    description:
+      "default export = defineWidget({ manifest, component }) → resolves to { manifest, component, _kind: 'widget' }. Public marketplace widgets.",
+    predicate:
+      "typeof mod.default === 'object' && typeof mod.default.component === 'function' && typeof mod.default.manifest === 'object'",
+    manifestSource: "mod.default.manifest",
+    audience: "public-marketplace",
+  },
+  {
+    name: "bare-component",
+    description:
+      "default export = function MyWidget(props) {...} → host pairs it with the installation's pinnedVersion.manifestJson. AI-agent widgets.",
+    predicate: "typeof mod.default === 'function'",
+    manifestSource: "installation.pinnedVersion.manifestJson",
+    audience: "ai-agent",
+  },
+];
+const BANNED_APIS = [
+  { identifier: "eval", reason: "Arbitrary code evaluation." },
+  {
+    identifier: "Function",
+    reason: "Function() constructor evaluates strings.",
+  },
+  {
+    identifier: "new Function",
+    reason: "Function() constructor evaluates strings.",
+  },
+  { identifier: "window", reason: "Host environment escape." },
+  {
+    identifier: "document",
+    reason: "Host environment escape; use SDK primitives.",
+  },
+  {
+    identifier: "process",
+    reason: "Node global; unavailable in the browser, banned for parity.",
+  },
+  {
+    identifier: "localStorage",
+    reason: "Bypasses host data model; not portable to native.",
+  },
+  {
+    identifier: "sessionStorage",
+    reason: "Same reason as localStorage.",
+  },
+  {
+    identifier: "fetch",
+    reason: "Direct network calls bypass the datastore client + tenant auth.",
+  },
+  {
+    identifier: "XMLHttpRequest",
+    reason: "Direct network calls bypass the datastore client + tenant auth.",
+  },
+  {
+    identifier: "import(",
+    reason: "Dynamic import bypasses the loader's allowlist.",
+  },
+  { identifier: "globalThis", reason: "Host environment escape." },
+];
+const ALLOWED_BARE_IMPORTS = ["react", "@colixsystems/widget-sdk"];
+function deepFreeze(value) {
+  if (value === null || typeof value !== "object") return value;
+  if (Object.isFrozen(value)) return value;
+  for (const key of Object.keys(value)) deepFreeze(value[key]);
+  return Object.freeze(value);
+}
+const CONTRACT = deepFreeze({
+  version: "1.0.0",
+  hooks: HOOKS,
+  primitives: PRIMITIVES,
+  manifestSchema: MANIFEST_SCHEMA,
+  manifestCategories: CATEGORIES,
+  manifestPlatforms: PLATFORMS,
+  themeTokens: DEFAULT_THEME_TOKENS,
+  widgetContextShape: WIDGET_CONTEXT_SHAPE,
+  bundleExportContract: BUNDLE_EXPORT_CONTRACT,
+  bannedApis: BANNED_APIS,
+  allowedBareImports: ALLOWED_BARE_IMPORTS,
+});
+function isHookAllowed(name) {
+  return CONTRACT.hooks.some((h) => h.name === name);
+}
+function requiredContextKeys() {
+  const keys = new Set();
+  for (const hook of CONTRACT.hooks) {
+    for (const dotPath of hook.requiredContextSlice) {
+      keys.add(dotPath.split(".")[0]);
+    }
+  }
+  return [...keys];
+}
+export { CONTRACT, isHookAllowed, requiredContextKeys };