@farcaster/snap 2.1.2 → 2.3.0

package/dist/server/parseRequest.js

@@ -1,85 +1,124 @@
-import { ACTION_TYPE_GET, ACTION_TYPE_POST, payloadSchema, } from "../schemas.js";
-import { decodePayload, verifyJFSRequestBody } from "./verify.js";
-import { z } from "zod";
+import { ACTION_TYPE_GET, ACTION_TYPE_POST, getPayloadSchema, payloadSchema, } from "../schemas.js";
+import { decodePayload, parseJfs, verifyJFS } from "./verify.js";
+import { SNAP_PAYLOAD_HEADER } from "../constants.js";
 const DEFAULT_SNAP_POST_MAX_SKEW_SECONDS = 300;
-const requestBodySchema = z.object({
-    header: z.string(),
-    payload: z.string(),
-    signature: z.string(),
-});
 /**
  * Parse and validate Farcaster snap requests:
- * - `GET` is allowed for first-page loads and returns `{ type: "get" }`.
- * - `POST`: the body must be JSON in JFS form (`header` / `payload` / `signature`) even if JFS verification is skipped.
+ * - `GET`: returns `{ type: "get" }`, or optional viewer fields when `X-Snap-Payload`
+ *   carries a JFS compact string whose decoded payload validates against {@link getPayloadSchema}.
+ * - `POST`: the body must be a JFS envelope — either JSON `{ header, payload, signature }` or the same **compact** string form as GET (`BASE64URL(header).BASE64URL(payload).BASE64URL(signature)`), even if JFS verification is skipped.
  */
 export async function parseRequest(request, options = {}) {
-    if (!["GET", "POST"].includes(request.method)) {
-        return {
-            success: false,
-            error: {
-                type: "method_not_allowed",
-                message: `expected POST, received ${request.method}`,
-            },
-        };
-    }
     if (request.method === "GET") {
-        return {
-            success: true,
-            action: { type: ACTION_TYPE_GET },
-        };
+        return await parseGetRequest(request, options);
     }
-    const maxSkew = options.maxSkewSeconds ?? DEFAULT_SNAP_POST_MAX_SKEW_SECONDS;
-    const nowSec = Math.floor(Date.now() / 1000);
-    const text = await request.text();
-    let jsonBody;
-    try {
-        jsonBody = JSON.parse(text);
+    if (request.method === "POST") {
+        return await parsePostRequest(request, options);
     }
-    catch {
+    return {
+        success: false,
+        error: {
+            type: "method_not_allowed",
+            message: `expected GET or POST, received ${request.method}`,
+        },
+    };
+}
+async function parseGetRequest(request, options) {
+    const compactHeader = request.headers.get(SNAP_PAYLOAD_HEADER)?.trim();
+    if (!compactHeader) {
+        return { success: true, action: { type: ACTION_TYPE_GET } };
+    }
+    const result = await validateJfsPayload({
+        jfsText: compactHeader,
+        schema: getPayloadSchema,
+        request,
+        options,
+        invalidJsonMessage: `${SNAP_PAYLOAD_HEADER} must be a valid JFS compact string`,
+    });
+    if (!result.ok) {
+        return { success: false, error: result.error };
+    }
+    return {
+        success: true,
+        action: { type: ACTION_TYPE_GET, ...result.payload },
+    };
+}
+async function parsePostRequest(request, options) {
+    const result = await validateJfsPayload({
+        jfsText: await request.text(),
+        schema: payloadSchema,
+        request,
+        options,
+    });
+    if (!result.ok) {
+        return { success: false, error: result.error };
+    }
+    const payload = result.payload;
+    if (payload.fid !== undefined && payload.fid !== payload.user.fid) {
         return {
             success: false,
             error: {
-                type: "invalid_json",
-                message: "request body is not valid JSON",
+                type: "fid_mismatch",
+                message: `fid "${payload.fid}" does not match user.fid "${payload.user.fid}"`,
             },
         };
     }
-    const parsed = requestBodySchema.safeParse(jsonBody);
-    if (!parsed.success) {
+    return {
+        success: true,
+        action: { type: ACTION_TYPE_POST, ...payload },
+    };
+}
+/**
+ * Shared pipeline for authenticated snap requests: parse the JFS envelope,
+ * decode and schema-validate the payload, optionally verify the JFS signature
+ * against an active hub signer (matching `user.fid`), then check timestamp
+ * skew and that `audience` matches the request origin.
+ *
+ * Both GET (payload header) and POST (request body) feed into this.
+ */
+async function validateJfsPayload({ jfsText, schema, request, options, invalidJsonMessage, }) {
+    const parsed = parseJfs(jfsText);
+    if (!parsed.ok) {
         return {
-            success: false,
-            error: { type: "invalid_json", message: parsed.error.message },
+            ok: false,
+            error: {
+                type: "invalid_json",
+                message: invalidJsonMessage ?? parsed.error,
+            },
         };
     }
-    const payloadParsed = payloadSchema.safeParse(decodePayload(parsed.data.payload));
+    const jfs = parsed.jfs;
+    const payloadParsed = schema.safeParse(decodePayload(jfs.payload));
     if (!payloadParsed.success) {
         return {
-            success: false,
+            ok: false,
             error: { type: "validation", issues: payloadParsed.error.issues },
         };
     }
-    const body = payloadParsed.data;
+    const payload = payloadParsed.data;
     if (!options.skipJFSVerification) {
-        const jfs = await verifyJFSRequestBody(parsed.data);
-        if (!jfs.valid) {
+        const verified = await verifyJFS(jfs);
+        if (!verified.valid) {
             return {
-                success: false,
-                error: { type: "signature", message: jfs.error.message },
+                ok: false,
+                error: { type: "signature", message: verified.error.message },
             };
         }
-        if (jfs.signingUserFid !== body.user.fid) {
+        if (verified.signingUserFid !== payload.user.fid) {
             return {
-                success: false,
+                ok: false,
                 error: {
                     type: "fid_mismatch",
-                    message: `JFS header fid "${jfs.signingUserFid}" does not match user.fid "${body.user.fid}"`,
+                    message: `JFS header fid "${verified.signingUserFid}" does not match user.fid "${payload.user.fid}"`,
                 },
             };
         }
     }
-    if (Math.abs(nowSec - body.timestamp) > maxSkew) {
+    const maxSkew = options.maxSkewSeconds ?? DEFAULT_SNAP_POST_MAX_SKEW_SECONDS;
+    const nowSec = Math.floor(Date.now() / 1000);
+    if (Math.abs(nowSec - payload.timestamp) > maxSkew) {
         return {
-            success: false,
+            ok: false,
             error: {
                 type: "replay",
                 message: `timestamp outside allowed skew of ${maxSkew}s`,
@@ -100,29 +139,14 @@ export async function parseRequest(request, options = {}) {
             // do nothing
         }
     }
-    if (expectedOrigin !== undefined && body.audience !== expectedOrigin) {
+    if (expectedOrigin !== undefined && payload.audience !== expectedOrigin) {
         return {
-            success: false,
+            ok: false,
             error: {
                 type: "origin_mismatch",
-                message: `payload audience "${body.audience}" does not match expected origin "${expectedOrigin}"`,
-            },
-        };
-    }
-    if (body.fid !== undefined && body.fid !== body.user.fid) {
-        return {
-            success: false,
-            error: {
-                type: "fid_mismatch",
-                message: `fid "${body.fid}" does not match user.fid "${body.user.fid}"`,
+                message: `payload audience "${payload.audience}" does not match expected origin "${expectedOrigin}"`,
             },
         };
     }
-    return {
-        success: true,
-        action: {
-            type: ACTION_TYPE_POST,
-            ...body,
-        },
-    };
+    return { ok: true, payload };
 }

package/dist/server/verify.d.ts

@@ -1,8 +1,15 @@
-export declare function verifyJFSRequestBody<TPayload>(requestBody: {
-    header: string;
-    payload: string;
-    signature: string;
-}, options?: {
+import { type JsonFarcasterSignature } from "@farcaster/jfs";
+/**
+ * Parse a JFS object or string into normalized form (see {@link toJsonFarcasterSignature} / `uncompact`).
+ */
+export declare function parseJfs(text: string): {
+    ok: true;
+    jfs: JsonFarcasterSignature;
+} | {
+    ok: false;
+    error: string;
+};
+export declare function verifyJFS<TPayload>(jfs: JsonFarcasterSignature, options?: {
     hubHttpBaseUrl?: string;
 }): Promise<{
     valid: false;

package/dist/server/verify.js

@@ -1,33 +1,40 @@
-import { compact, decode, decodePayload as jfsDecodePayload, encodePayload as jfsEncodePayload, verify, } from "@farcaster/jfs";
+import { decode, decodePayload as jfsDecodePayload, encodePayload as jfsEncodePayload, toJsonFarcasterSignature, verify, } from "@farcaster/jfs";
 import { hexToBytes } from "viem";
 import { DEFAULT_SNAP_HUB_HTTP_BASE_URL, getActiveEd25519SignerKeysFromHubHttp, } from "./hubs.js";
-export async function verifyJFSRequestBody(requestBody, options = {}) {
-    let compactJfs;
+/**
+ * Parse a JFS object or string into normalized form (see {@link toJsonFarcasterSignature} / `uncompact`).
+ */
+export function parseJfs(text) {
+    const trimmed = text.trim();
+    let jfsFromJson;
     try {
-        compactJfs = compact({
-            header: requestBody.header,
-            payload: requestBody.payload,
-            signature: requestBody.signature,
-        });
+        jfsFromJson = JSON.parse(trimmed);
     }
-    catch (error) {
-        return {
-            valid: false,
-            error: error instanceof Error ? error : new Error(String(error)),
-        };
+    catch {
+        jfsFromJson = undefined;
     }
-    let decoded;
-    try {
-        decoded = decode(compactJfs);
+    if (jfsFromJson !== undefined && isJfsObject(jfsFromJson)) {
+        return { ok: true, jfs: jfsFromJson };
     }
-    catch (error) {
+    const jfsFromString = tryUncompactJfsString(trimmed);
+    if (jfsFromString) {
+        return { ok: true, jfs: jfsFromString };
+    }
+    return {
+        ok: false,
+        error: "invalid JFS envelope: must be JSON with header, payload, and signature fields, or a JFS compact string (three dot-separated segments)",
+    };
+}
+export async function verifyJFS(jfs, options = {}) {
+    const decoded = tryDecodeJfs(jfs);
+    if (!decoded) {
         return {
             valid: false,
-            error: error instanceof Error ? error : new Error(String(error)),
+            error: new Error("invalid JFS envelope"),
         };
     }
     try {
-        await verify({ data: compactJfs, strict: true, keyTypes: ["app_key"] });
+        await verify({ data: jfs, strict: true, keyTypes: ["app_key"] });
     }
     catch (error) {
         return {
@@ -35,6 +42,12 @@ export async function verifyJFSRequestBody(requestBody, options = {}) {
             error: error instanceof Error ? error : new Error(String(error)),
         };
     }
+    return hubVerifyDecodedPayload(decoded, options);
+}
+/**
+ * Verify that the signing key for a JFS payload is an active signer for the FID.
+ */
+async function hubVerifyDecodedPayload(decoded, options) {
     const { header, payload } = decoded;
     const keys = await getActiveEd25519SignerKeysFromHubHttp(options.hubHttpBaseUrl ?? DEFAULT_SNAP_HUB_HTTP_BASE_URL, header.fid);
     if (!keys.ok) {
@@ -78,6 +91,41 @@ export function decodePayload(payload) {
 export function encodePayload(payload) {
     return jfsEncodePayload(payload);
 }
+/**
+ * Normalize a compact JFS string to `{ header, payload, signature }` using
+ * `@farcaster/jfs` {@link toJsonFarcasterSignature} (which delegates to `uncompact` for strings).
+ * Returns null if the string is malformed.
+ */
+function tryUncompactJfsString(value) {
+    try {
+        return toJsonFarcasterSignature(value.trim());
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Fully decode a JFS envelope or compact string via `@farcaster/jfs` {@link decode}:
+ * parsed header object, parsed payload, signature bytes.
+ */
+function tryDecodeJfs(input) {
+    try {
+        return decode(input);
+    }
+    catch {
+        return null;
+    }
+}
+function isJfsObject(v) {
+    return (v !== null &&
+        typeof v === "object" &&
+        "header" in v &&
+        typeof v.header === "string" &&
+        "payload" in v &&
+        typeof v.payload === "string" &&
+        "signature" in v &&
+        typeof v.signature === "string");
+}
 function bytesEqual(a, b) {
     if (a.length !== b.length)
         return false;

package/dist/stack-horizontal-utils.d.ts

@@ -2,3 +2,9 @@ import { type ReactNode } from "react";
 export declare function horizontalChildrenAreAllButtons(children: ReactNode): boolean;
 /** Direct snap catalog children under a stack (used for all-button grid column count). */
 export declare function countRenderableChildren(children: ReactNode): number;
+/**
+ * Default horizontal stack gap as a t-shirt size, chosen by column count:
+ * 2 cols → lg, 3 cols → md, 4+ cols → sm. Unknown count falls back to md.
+ * Tighter gaps for denser layouts; authors can always override via the `gap` prop.
+ */
+export declare function defaultHorizontalGapSize(columnCount: number | undefined): "sm" | "md" | "lg";

package/dist/stack-horizontal-utils.js

@@ -27,3 +27,17 @@ export function horizontalChildrenAreAllButtons(children) {
 export function countRenderableChildren(children) {
     return Children.toArray(children).filter(isRenderableChild).length;
 }
+/**
+ * Default horizontal stack gap as a t-shirt size, chosen by column count:
+ * 2 cols → lg, 3 cols → md, 4+ cols → sm. Unknown count falls back to md.
+ * Tighter gaps for denser layouts; authors can always override via the `gap` prop.
+ */
+export function defaultHorizontalGapSize(columnCount) {
+    if (columnCount === undefined)
+        return "md";
+    if (columnCount <= 2)
+        return "lg";
+    if (columnCount === 3)
+        return "md";
+    return "sm";
+}

package/dist/ui/catalog.d.ts

@@ -380,7 +380,7 @@ export declare const snapJsonRenderCatalog: import("@json-render/core").Catalog<
                 cells: z.ZodArray<z.ZodObject<{
                     row: z.ZodNumber;
                     col: z.ZodNumber;
-                    color: z.ZodOptional<z.ZodEnum<{
+                    color: z.ZodOptional<z.ZodPipe<z.ZodTransform<unknown, unknown>, z.ZodUnion<readonly [z.ZodEnum<{
                         gray: "gray";
                         blue: "blue";
                         red: "red";
@@ -389,8 +389,9 @@ export declare const snapJsonRenderCatalog: import("@json-render/core").Catalog<
                         teal: "teal";
                         purple: "purple";
                         pink: "pink";
-                    }>>;
+                    }>, z.ZodString]>>>;
                     content: z.ZodOptional<z.ZodString>;
+                    value: z.ZodOptional<z.ZodString>;
                 }, z.core.$strip>>;
                 gap: z.ZodOptional<z.ZodEnum<{
                     sm: "sm";

package/dist/ui/catalog.js

@@ -90,7 +90,7 @@ export const snapJsonRenderCatalog = defineCatalog(snapJsonRenderSchema, {
         },
         cell_grid: {
             props: cellGridProps,
-            description: "Cell grid — sparse colored cells on a rows×cols grid. Two interaction modes: leave select 'off' and bind on.press to fire an action per cell press (inputs[name] is the pressed 'row,col' before the action runs); or set select 'single'/'multiple' for press-to-select with a visual ring (no auto-fire — pair with a separate submit button). on.press is ignored when select is on.",
+            description: "Cell grid — sparse colored cells on a rows×cols grid. Cell color is a palette name or literal #rrggbb hex (hex ignores page accent). Two interaction modes: leave select 'off' and bind on.press to fire an action per cell press (inputs[name] is the pressed 'row,col' before the action runs); or set select 'single'/'multiple' for press-to-select with a visual ring (no auto-fire — pair with a separate submit button). on.press is ignored when select is on.",
         },
     },
     actions: {

package/dist/ui/cell-grid.d.ts

@@ -6,7 +6,7 @@ export declare const cellGridProps: z.ZodObject<{
     cells: z.ZodArray<z.ZodObject<{
         row: z.ZodNumber;
         col: z.ZodNumber;
-        color: z.ZodOptional<z.ZodEnum<{
+        color: z.ZodOptional<z.ZodPipe<z.ZodTransform<unknown, unknown>, z.ZodUnion<readonly [z.ZodEnum<{
             gray: "gray";
             blue: "blue";
             red: "red";
@@ -15,8 +15,9 @@ export declare const cellGridProps: z.ZodObject<{
             teal: "teal";
             purple: "purple";
             pink: "pink";
-        }>>;
+        }>, z.ZodString]>>>;
         content: z.ZodOptional<z.ZodString>;
+        value: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>;
     gap: z.ZodOptional<z.ZodEnum<{
         sm: "sm";

package/dist/ui/cell-grid.js

@@ -1,11 +1,21 @@
 import { z } from "zod";
-import { PALETTE_COLOR_VALUES } from "../colors.js";
+import { isSnapHexColorString, PALETTE_COLOR_VALUES } from "../colors.js";
 import { GRID_MIN_COLS, GRID_MAX_COLS, GRID_MIN_ROWS, GRID_MAX_ROWS, GRID_GAP_VALUES, } from "../constants.js";
+/** Palette name or `#rrggbb`; input is trimmed so palette and hex rules match runtime resolvers. */
+const cellGridCellColorSchema = z.preprocess((v) => (typeof v === "string" ? v.trim() : v), z.union([
+    z.enum(PALETTE_COLOR_VALUES),
+    z
+        .string()
+        .refine(isSnapHexColorString, {
+        message: "cell_grid cell hex color must be #rrggbb",
+    }),
+]));
 const cellGridCellSchema = z.object({
     row: z.number().int().nonnegative(),
     col: z.number().int().nonnegative(),
-    color: z.enum(PALETTE_COLOR_VALUES).optional(),
+    color: cellGridCellColorSchema.optional(),
     content: z.string().optional(),
+    value: z.string().min(1).max(30).optional(),
 });
 export const cellGridProps = z
     .object({

package/dist/verify.test.js

@@ -1,5 +1,5 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { verifyJFSRequestBody } from "./server/verify.js";
+import { verifyJFS } from "./server/verify.js";
 const validRequestBody = `{
   "header":"eyJmaWQiOjI2MTMxOSwidHlwZSI6ImFwcF9rZXkiLCJrZXkiOiIweGY0ZGQyNjczYTUzMjEwYzQ3ZGYzZjFmNTk0NjZlZTdhMTM3ZmQxOGQ5NTVjMmU2OGExMmQwOTE2MGE2NmMyMTUifQ",
   "payload":"eyJmaWQiOjI2MTMxOSwiaW5wdXRzIjp7ImRpc3BsYXkiOiJJU08gKFVUQykifSwiYnV0dG9uX2luZGV4IjowLCJ0aW1lc3RhbXAiOjE3NzQ2OTMyMTN9",
@@ -7,7 +7,7 @@ const validRequestBody = `{
 }`;
 /** Matches JFS header `key` (Ed25519 public key, 32 bytes hex without `0x` in hub JSON field). */
 const HUB_SIGNER_KEY_HEX = "f4dd2673a53210c47df3f1f59466ee7a137fd18d955c2e68a12d09160a66c215";
-describe("verifyJFSRequestBody", () => {
+describe("verifyJFS", () => {
     beforeEach(() => {
         vi.stubGlobal("fetch", vi.fn(async (input) => {
             const u = String(input);
@@ -41,7 +41,7 @@ describe("verifyJFSRequestBody", () => {
         vi.unstubAllGlobals();
     });
     it("accepts JSON JFS body and verifies crypto + hub signer list", async () => {
-        const result = await verifyJFSRequestBody(JSON.parse(validRequestBody));
+        const result = await verifyJFS(JSON.parse(validRequestBody));
         expect(result.valid).toBe(true);
         if (result.valid) {
             expect(result.data).toEqual({

package/llms.txt

@@ -95,17 +95,17 @@ Top-level fields: `version` (required, `"1.0"` or `"2.0"`), `theme` (optional, `
 - `name` (string, optional): POST inputs key. Default: `"grid_tap"`
 - `cols` (number, required, 2–32)
 - `rows` (number, required, 2–16)
-- `cells` (array, required): sparse list of `{ row, col, color?: PaletteColor, content?: string }`
+- `cells` (array, required): sparse list of `{ row, col, color?: PaletteColor | #rrggbb, content?: string, value?: string (1–30 chars) }`. When `value` is set on a cell, that string is what's written to `inputs[name]` on press/select; otherwise `"row,col"` is used. Use `value` for grids with meaningful labels (calendar days, alphabet letters, region codes) so handlers don't have to reverse-lookup. Use the row/col fallback for true coordinate grids (minesweeper, tic-tac-toe, pixel art).
 - `gap` (optional): `"none"` (0px) | `"sm"` (1px) | `"md"` (2px) | `"lg"` (4px). Default: `"sm"`
 - `rowHeight` (number, optional, 8–64): pixel height per row. Default: 28. Grid height = rows × rowHeight
-- `select` (optional): `"off"` | `"single"` | `"multiple"`. Default: `"off"`. With `select: "off"`, bind `on.press` for press-to-act (each press writes `"row,col"` to `inputs[name]` and fires the action). With `"single"` / `"multiple"`, presses accumulate selection state and pair with a separate submit `button`; `on.press` is ignored.
-- Events: `press` — fires on cell press, only when `select: "off"`; `inputs[name]` is set to `"row,col"` before the bound action runs
+- `select` (optional): `"off"` | `"single"` | `"multiple"`. Default: `"off"`. With `select: "off"`, bind `on.press` for press-to-act (each press writes the cell's `value` or `"row,col"` to `inputs[name]` and fires the action). With `"single"` / `"multiple"`, presses accumulate selection state and pair with a separate submit `button` (multi-select joins values with `|`); `on.press` is ignored.
+- Events: `press` — fires on cell press, only when `select: "off"`; `inputs[name]` is set to the pressed cell's `value` (or `"row,col"` fallback) before the bound action runs
 
 ### Container Components
 
 **stack** — Layout container.
 - `direction` (optional): `"vertical"` | `"horizontal"`. Default: `"vertical"`
-- `gap` (optional): `"none"` | `"sm"` | `"md"` | `"lg"`. Default: `"md"`
+- `gap` (optional): `"none"` | `"sm"` | `"md"` | `"lg"`. Vertical px: 0/8/16/24. Horizontal px: 0/4/8/16 (tighter, since children sit side-by-side). Default for vertical: `"md"`. Default for horizontal is column-aware: 2 cols → `"lg"` (16px), 3 cols → `"md"` (8px), 4+ cols → `"sm"` (4px), unknown → `"md"` (8px). An explicit value always wins — override the default when you have a deliberate visual reason (e.g. tighter toolbar, extra breathing room around a hero row).
 - `justify` (optional): `"start"` | `"center"` | `"end"` | `"between"` | `"around"`
 - `columns` (optional, horizontal only): `2`–`6` — CSS grid with equal columns (mixed children or layout that needs fixed column counts).
 - Children are element IDs
@@ -172,6 +172,16 @@ Bound to buttons via `on.press`:
 | `send_token` | `token`, `amount?`, `recipientFid?`, `recipientAddress?` | Send token flow |
 | `swap_token` | `sellToken?`, `buyToken?` | Swap token flow |
 
+## Authenticated requests
+
+POST requests carry a JFS envelope (JSON object **or** compact dot-separated string). `parseRequest` validates the payload and (unless `skipJFSVerification`) cryptographically verifies the JFS against an active hub signer for `user.fid`. On the server, `ctx.action.user.fid` is **always present and verified** for `type === "post"`.
+
+GET requests MAY include optional viewer identity in the `X-Snap-Payload` request header (a JFS compact string with the same shape as POST minus `inputs` and `fid`). When present and valid, `ctx.action` on GET MAY include `user`, `timestamp`, `audience`, and `surface`.
+
+`ctx.action.user` on GET is **best-effort and never guaranteed** — older or custom clients, cache layers, crawlers, and `curl` may yield an anonymous GET even for users who have POSTed to this snap before. Always render a working anonymous first load; treat viewer fields on GET as a strict enhancement. `parseRequest` (and `@farcaster/snap-hono`'s GET handler) silently fall back to anonymous `{ type: "get" }` when `X-Snap-Payload` is missing or invalid.
+
+When responses depend on viewer identity, send `Vary: Accept, X-Snap-Payload` and consider `Cache-Control: private` so caches don't serve viewer-specific bodies to other viewers (`@farcaster/snap-hono` sets `Vary` automatically).
+
 ## Icon Names (34)
 
 `arrow-right`, `arrow-left`, `external-link`, `chevron-right`, `check`, `x`, `alert-triangle`, `info`, `clock`, `heart`, `message-circle`, `repeat`, `share`, `user`, `users`, `star`, `trophy`, `zap`, `flame`, `gift`, `image`, `play`, `pause`, `wallet`, `coins`, `plus`, `minus`, `refresh-cw`, `bookmark`, `thumbs-up`, `thumbs-down`, `trending-up`, `trending-down`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@farcaster/snap",
-  "version": "2.1.2",
+  "version": "2.3.0",
   "description": "Farcaster Snaps 🫰",
   "repository": {
     "type": "git",

package/src/colors.ts

@@ -38,6 +38,33 @@ export const PALETTE_COLOR_VALUES = [
 
 export type PaletteColor = (typeof PALETTE_COLOR_VALUES)[number];
 
+/** Strict `#rrggbb` literal used by cell_grid (and clients that accept hex). */
+const SNAP_HEX_6 = /^#[0-9a-fA-F]{6}$/;
+
+export function isSnapHexColorString(s: string): boolean {
+  return SNAP_HEX_6.test(s.trim());
+}
+
+/**
+ * Resolve a snap color token for inline styles: `accent`, palette names, or
+ * literal `#rrggbb`. Unknown values fall back to `accentHex` (same as legacy
+ * `colorHex` behavior for non-hex strings).
+ */
+export function resolveSnapColorHex(
+  color: string | undefined,
+  opts: { accentHex: string; appearance: "light" | "dark" },
+): string {
+  if (!color || color === PALETTE_COLOR_ACCENT) return opts.accentHex;
+  const trimmed = color.trim();
+  if (isSnapHexColorString(trimmed)) return trimmed;
+  const map =
+    opts.appearance === "dark" ? PALETTE_DARK_HEX : PALETTE_LIGHT_HEX;
+  if (Object.hasOwn(map, trimmed)) {
+    return map[trimmed as PaletteColor];
+  }
+  return opts.accentHex;
+}
+
 /** Light-mode hex for each palette color (emulator / reference client). */
 export const PALETTE_LIGHT_HEX: Record<PaletteColor, string> = {
   gray: "#6E6A86",

package/src/constants.ts

@@ -1,9 +1,14 @@
 export const SPEC_VERSION_1 = "1.0" as const;
 export const SPEC_VERSION_2 = "2.0" as const;
 export const SPEC_VERSION = SPEC_VERSION_2;
-export const SUPPORTED_SPEC_VERSIONS = [SPEC_VERSION_1, SPEC_VERSION_2] as const;
+export const SUPPORTED_SPEC_VERSIONS = [
+  SPEC_VERSION_1,
+  SPEC_VERSION_2,
+] as const;
 export type SpecVersion = (typeof SUPPORTED_SPEC_VERSIONS)[number];
 
+export const SNAP_PAYLOAD_HEADER = "X-Snap-Payload" as const;
+
 export const MEDIA_TYPE = "application/vnd.farcaster.snap+json" as const;
 
 export const EFFECT_VALUES = ["confetti"] as const;

package/src/index.ts

@@ -8,6 +8,7 @@ export {
   SPEC_VERSION_2,
   SUPPORTED_SPEC_VERSIONS,
   type SpecVersion,
+  SNAP_PAYLOAD_HEADER,
   MEDIA_TYPE,
   EFFECT_VALUES,
   POST_GRID_TAP_KEY,
@@ -23,6 +24,8 @@ export {
   PALETTE_COLOR_VALUES,
   PALETTE_LIGHT_HEX,
   PALETTE_DARK_HEX,
+  isSnapHexColorString,
+  resolveSnapColorHex,
   type PaletteColor,
 } from "./colors";
 export {
@@ -30,7 +33,9 @@ export {
   ACTION_TYPE_POST,
   snapResponseSchema,
   payloadSchema,
+  getPayloadSchema,
   type SnapAction,
+  type SnapGetAction,
   type SnapContext,
   type SnapResponse,
   type SnapHandlerResult,
@@ -38,5 +43,6 @@ export {
   type SnapSpecInput,
   type SnapFunction,
   type SnapPayload,
+  type SnapGetPayload,
 } from "./schemas";
 export { validateSnapResponse, type ValidationResult } from "./validator";