@colixsystems/widget-sdk 0.39.0 → 0.40.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +1 -1
  2. package/dist/contract.cjs +9 -2
  3. package/dist/contract.js +9 -2
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -233,7 +233,7 @@ The tenant's **Theme Settings** now flow all the way into `useTheme()`.
233
233
 
234
234
  The "split-implementation + vetted package list" pivot.
235
235
 
236
- - **`CONTRACT.vettedImports` (new).** A curated allowlist of bare specifiers a widget may import — `react`, `@colixsystems/widget-sdk`, `react-native`, `axios`, `date-fns`, `react-native-svg`, `lucide-react-native`, `react-native-maps`, `leaflet`, `react-leaflet`, `expo-av`, `@react-native-community/datetimepicker`, `expo-clipboard`, `expo-haptics`. Each entry carries `platforms` (one or both of `"web"` / `"native"`) and a `category` so the linter and the marketplace listing can render honest platform badges. `CONTRACT.allowedBareImports` (the existing field) is now derived from `vettedImports` and stays a plain `string[]` for back-compat.
236
+ - **`CONTRACT.vettedImports` (new).** A curated allowlist of bare specifiers a widget may import — `react`, `@colixsystems/widget-sdk`, `react-native`, `axios`, `date-fns`, `react-native-svg`, `lucide-react-native`, `react-native-maps`, `leaflet`, `react-leaflet`, `expo-audio`, `expo-video`, `@react-native-community/datetimepicker`, `expo-clipboard`, `expo-haptics`. Each entry carries `platforms` (one or both of `"web"` / `"native"`) and a `category` so the linter and the marketplace listing can render honest platform badges. `CONTRACT.allowedBareImports` (the existing field) is now derived from `vettedImports` and stays a plain `string[]` for back-compat.
237
237
  - **`fetch` and `XMLHttpRequest` come off `CONTRACT.bannedApis`.** Widgets may call third-party APIs directly. Calls to the host's own `/api/*` surface will 401 because the JWT token is never shared with widget code; the linter emits a soft `no-host-api-url` warning when it sees host-URL substrings so authors learn the rule statically. Use SDK hooks (`useDatastoreQuery`, `useUsers`, `useAsset`, …) for workspace data; use `axios` / `fetch` for third-party APIs.
238
238
  - **`import-not-vetted` linter rule (new).** Every bare `import` specifier is validated against `CONTRACT.vettedImports`. Relative imports inside the bundle (`./shared.js`) are allowed so split-impl widgets can share helpers; `../` and absolute paths are rejected.
239
239
  - **`import-platform-mismatch` linter rule (new).** A single-source widget that imports a native-only package while `manifest.supportedPlatforms` includes `"web"` fails the lint. The author either drops the platform from the manifest OR ships a `widget.web.jsx` + `widget.native.jsx` pair where the platform-specific import lives in the file that targets its platform.
package/dist/contract.cjs CHANGED
@@ -1133,11 +1133,18 @@ const VETTED_IMPORTS = [
1133
1133
  description: "React bindings for leaflet. Web-only.",
1134
1134
  },
1135
1135
  {
1136
- specifier: "expo-av",
1136
+ specifier: "expo-audio",
1137
1137
  platforms: ["native"],
1138
1138
  category: "media",
1139
1139
  description:
1140
- "Native audio + video playback. Native-only; pair with browser <audio>/<video> in widget.web.jsx.",
1140
+ "Native audio playback (Expo SDK 56; replaces the removed expo-av). Native-only; pair with the browser <audio> element in widget.web.jsx.",
1141
+ },
1142
+ {
1143
+ specifier: "expo-video",
1144
+ platforms: ["native"],
1145
+ category: "media",
1146
+ description:
1147
+ "Native video playback (Expo SDK 56; replaces the removed expo-av). Native-only; pair with the browser <video> element in widget.web.jsx.",
1141
1148
  },
1142
1149
  {
1143
1150
  specifier: "@react-native-community/datetimepicker",
package/dist/contract.js CHANGED
@@ -1133,11 +1133,18 @@ const VETTED_IMPORTS = [
1133
1133
  description: "React bindings for leaflet. Web-only.",
1134
1134
  },
1135
1135
  {
1136
- specifier: "expo-av",
1136
+ specifier: "expo-audio",
1137
1137
  platforms: ["native"],
1138
1138
  category: "media",
1139
1139
  description:
1140
- "Native audio + video playback. Native-only; pair with browser <audio>/<video> in widget.web.jsx.",
1140
+ "Native audio playback (Expo SDK 56; replaces the removed expo-av). Native-only; pair with the browser <audio> element in widget.web.jsx.",
1141
+ },
1142
+ {
1143
+ specifier: "expo-video",
1144
+ platforms: ["native"],
1145
+ category: "media",
1146
+ description:
1147
+ "Native video playback (Expo SDK 56; replaces the removed expo-av). Native-only; pair with the browser <video> element in widget.web.jsx.",
1141
1148
  },
1142
1149
  {
1143
1150
  specifier: "@react-native-community/datetimepicker",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@colixsystems/widget-sdk",
3
- "version": "0.39.0",
3
+ "version": "0.40.0",
4
4
  "description": "Common widget interface for AppStudio. Implements WidgetManifest, WidgetContext, property schema, and helper hooks.",
5
5
  "type": "module",
6
6
  "main": "./dist/index.js",