npm - @stackable-labs/mcp-app-extension - Versions diffs - 0.8.0 → 0.10.0 - Mend

@stackable-labs/mcp-app-extension 0.8.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -43,12 +43,13 @@ export const appStore = createStore<AppState>({
   {
     path: "surfaces/Content.tsx",
     title: "Content Surface with Loading State",
-    code: `import { ui, useStore, useContextData, Surface } from '@stackable-labs/sdk-extension-react'
+    code: `import { ui, useStore, useContextData, useSettings, Surface } from '@stackable-labs/sdk-extension-react'
 import { appStore } from '../store'
 export function Content() {
   const viewState = useStore(appStore, (s) => s.viewState)
   const { loading } = useContextData()
+  const settings = useSettings() // Non-secret settings from settingsSchema
   if (loading) {
     return (
@@ -143,19 +144,33 @@ export function createApi(query: QueryFn) {
 }
 // \u2500\u2500 data.fetch wrapper \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+//
+// For API keys and secrets, use {{settings.xxx}} placeholders in headers.
+// The proxy resolves them server-side \u2014 the real secret never enters extension code.
+// Declare secret fields in manifest.json settingsSchema with "secret": true.
 const API_BASE_URL = import.meta.env.VITE_API_BASE_URL as string
 export function createFetchApi(fetch: FetchFn) {
   return {
     async getItems(): Promise<unknown[]> {
-      const result = await fetch(\`\${API_BASE_URL}/items\`, { method: 'GET' })
+      const result = await fetch(\`\${API_BASE_URL}/items\`, {
+        method: 'GET',
+        headers: {
+          'X-API-Key': '{{settings.apiKey}}',
+        },
+      })
       if (!result.ok) throw new Error(\`getItems failed: \${result.status}\`)
       return result.data as unknown[]
     },
     async getItem(itemId: string): Promise<unknown> {
-      const result = await fetch(\`\${API_BASE_URL}/items/\${itemId}\`, { method: 'GET' })
+      const result = await fetch(\`\${API_BASE_URL}/items/\${itemId}\`, {
+        method: 'GET',
+        headers: {
+          'X-API-Key': '{{settings.apiKey}}',
+        },
+      })
       if (!result.ok) throw new Error(\`getItem failed: \${result.status}\`)
       return result.data as unknown
     },
@@ -182,12 +197,13 @@ export const appStore = createStore<AppState>({
   {
     path: "surfaces/Content.tsx",
     title: "Current Content Surface",
-    code: `import { ui, useStore, useContextData, Surface } from '@stackable-labs/sdk-extension-react'
+    code: `import { ui, useStore, useContextData, useSettings, Surface } from '@stackable-labs/sdk-extension-react'
 import { appStore } from '../store'
 export function Content() {
   const viewState = useStore(appStore, (s) => s.viewState)
   const { loading } = useContextData()
+  const settings = useSettings() // Non-secret settings from settingsSchema
   if (loading) {
     return (
@@ -251,19 +267,33 @@ export function createApi(query: QueryFn) {
 }
 // \u2500\u2500 data.fetch wrapper \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+//
+// For API keys and secrets, use {{settings.xxx}} placeholders in headers.
+// The proxy resolves them server-side \u2014 the real secret never enters extension code.
+// Declare secret fields in manifest.json settingsSchema with "secret": true.
 const API_BASE_URL = import.meta.env.VITE_API_BASE_URL as string
 export function createFetchApi(fetch: FetchFn) {
   return {
     async getItems(): Promise<unknown[]> {
-      const result = await fetch(\`\${API_BASE_URL}/items\`, { method: 'GET' })
+      const result = await fetch(\`\${API_BASE_URL}/items\`, {
+        method: 'GET',
+        headers: {
+          'X-API-Key': '{{settings.apiKey}}',
+        },
+      })
       if (!result.ok) throw new Error(\`getItems failed: \${result.status}\`)
       return result.data as unknown[]
     },
     async getItem(itemId: string): Promise<unknown> {
-      const result = await fetch(\`\${API_BASE_URL}/items/\${itemId}\`, { method: 'GET' })
+      const result = await fetch(\`\${API_BASE_URL}/items/\${itemId}\`, {
+        method: 'GET',
+        headers: {
+          'X-API-Key': '{{settings.apiKey}}',
+        },
+      })
       if (!result.ok) throw new Error(\`getItem failed: \${result.status}\`)
       return result.data as unknown
     },
@@ -3682,8 +3712,11 @@ var CAPABILITY_SNIPPETS2 = {
 const result = await capabilities.data.query({ path: '/your-endpoint', method: 'GET' })`,
   "data.fetch": `const capabilities = useCapabilities()
 const response = await capabilities.data.fetch('https://api.example.com/endpoint')`,
-  "context.read": `const capabilities = useCapabilities()
-const ctx = await capabilities.context.read()`,
+  "context.read": `// Read host context + extension settings
+const { customerId, settings } = useContextData()
+// Or use the convenience hook for settings only
+const settings = useSettings()`,
   "actions.toast": `const capabilities = useCapabilities()
 capabilities.actions.toast({ type: 'success', message: 'Done!' })`,
   "actions.invoke": `const capabilities = useCapabilities()

package/dist/server.js CHANGED Viewed

@@ -41,12 +41,13 @@ export const appStore = createStore<AppState>({
   {
     path: "surfaces/Content.tsx",
     title: "Content Surface with Loading State",
-    code: `import { ui, useStore, useContextData, Surface } from '@stackable-labs/sdk-extension-react'
+    code: `import { ui, useStore, useContextData, useSettings, Surface } from '@stackable-labs/sdk-extension-react'
 import { appStore } from '../store'
 export function Content() {
   const viewState = useStore(appStore, (s) => s.viewState)
   const { loading } = useContextData()
+  const settings = useSettings() // Non-secret settings from settingsSchema
   if (loading) {
     return (
@@ -141,19 +142,33 @@ export function createApi(query: QueryFn) {
 }
 // \u2500\u2500 data.fetch wrapper \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+//
+// For API keys and secrets, use {{settings.xxx}} placeholders in headers.
+// The proxy resolves them server-side \u2014 the real secret never enters extension code.
+// Declare secret fields in manifest.json settingsSchema with "secret": true.
 const API_BASE_URL = import.meta.env.VITE_API_BASE_URL as string
 export function createFetchApi(fetch: FetchFn) {
   return {
     async getItems(): Promise<unknown[]> {
-      const result = await fetch(\`\${API_BASE_URL}/items\`, { method: 'GET' })
+      const result = await fetch(\`\${API_BASE_URL}/items\`, {
+        method: 'GET',
+        headers: {
+          'X-API-Key': '{{settings.apiKey}}',
+        },
+      })
       if (!result.ok) throw new Error(\`getItems failed: \${result.status}\`)
       return result.data as unknown[]
     },
     async getItem(itemId: string): Promise<unknown> {
-      const result = await fetch(\`\${API_BASE_URL}/items/\${itemId}\`, { method: 'GET' })
+      const result = await fetch(\`\${API_BASE_URL}/items/\${itemId}\`, {
+        method: 'GET',
+        headers: {
+          'X-API-Key': '{{settings.apiKey}}',
+        },
+      })
       if (!result.ok) throw new Error(\`getItem failed: \${result.status}\`)
       return result.data as unknown
     },
@@ -180,12 +195,13 @@ export const appStore = createStore<AppState>({
   {
     path: "surfaces/Content.tsx",
     title: "Current Content Surface",
-    code: `import { ui, useStore, useContextData, Surface } from '@stackable-labs/sdk-extension-react'
+    code: `import { ui, useStore, useContextData, useSettings, Surface } from '@stackable-labs/sdk-extension-react'
 import { appStore } from '../store'
 export function Content() {
   const viewState = useStore(appStore, (s) => s.viewState)
   const { loading } = useContextData()
+  const settings = useSettings() // Non-secret settings from settingsSchema
   if (loading) {
     return (
@@ -249,19 +265,33 @@ export function createApi(query: QueryFn) {
 }
 // \u2500\u2500 data.fetch wrapper \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500
+//
+// For API keys and secrets, use {{settings.xxx}} placeholders in headers.
+// The proxy resolves them server-side \u2014 the real secret never enters extension code.
+// Declare secret fields in manifest.json settingsSchema with "secret": true.
 const API_BASE_URL = import.meta.env.VITE_API_BASE_URL as string
 export function createFetchApi(fetch: FetchFn) {
   return {
     async getItems(): Promise<unknown[]> {
-      const result = await fetch(\`\${API_BASE_URL}/items\`, { method: 'GET' })
+      const result = await fetch(\`\${API_BASE_URL}/items\`, {
+        method: 'GET',
+        headers: {
+          'X-API-Key': '{{settings.apiKey}}',
+        },
+      })
       if (!result.ok) throw new Error(\`getItems failed: \${result.status}\`)
       return result.data as unknown[]
     },
     async getItem(itemId: string): Promise<unknown> {
-      const result = await fetch(\`\${API_BASE_URL}/items/\${itemId}\`, { method: 'GET' })
+      const result = await fetch(\`\${API_BASE_URL}/items/\${itemId}\`, {
+        method: 'GET',
+        headers: {
+          'X-API-Key': '{{settings.apiKey}}',
+        },
+      })
       if (!result.ok) throw new Error(\`getItem failed: \${result.status}\`)
       return result.data as unknown
     },
@@ -3680,8 +3710,11 @@ var CAPABILITY_SNIPPETS2 = {
 const result = await capabilities.data.query({ path: '/your-endpoint', method: 'GET' })`,
   "data.fetch": `const capabilities = useCapabilities()
 const response = await capabilities.data.fetch('https://api.example.com/endpoint')`,
-  "context.read": `const capabilities = useCapabilities()
-const ctx = await capabilities.context.read()`,
+  "context.read": `// Read host context + extension settings
+const { customerId, settings } = useContextData()
+// Or use the convenience hook for settings only
+const settings = useSettings()`,
   "actions.toast": `const capabilities = useCapabilities()
 capabilities.actions.toast({ type: 'success', message: 'Done!' })`,
   "actions.invoke": `const capabilities = useCapabilities()

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@stackable-labs/mcp-app-extension",
-  "version": "0.8.0",
+  "version": "0.10.0",
   "type": "module",
   "bin": {
     "mcp-app-extension": "./dist/index.js"