@wix/ditto-codegen-public 1.0.350 → 1.0.352

package/dist/opencode-tools/required-permissions.ts

@@ -0,0 +1,23 @@
+import { tool } from "@opencode-ai/plugin";
+
+export default tool({
+  description:
+    "Declare the Wix app permissions the generated code requires. Call ONCE at the " +
+    "very end of your response, after all files are written and validated, and ONLY if " +
+    "the code actually requires permissions — do NOT call this tool when none are needed. " +
+    "Pass SCOPE ID format (not human-readable names), e.g. `@wix/data` read → 'SCOPE.DC-DATA.READ', " +
+    "write → 'SCOPE.DC-DATA.WRITE', embedded scripts → 'SCOPE.DC-APPS.MANAGE-EMBEDDED-SCRIPTS'. " +
+    "Only include scope IDs you have explicitly seen in the Wix SDK documentation (via MCP or " +
+    "loaded skills) — NEVER guess or fabricate them. Omitting a permission is better than " +
+    "inventing one.",
+  args: {
+    permissions: tool.schema
+      .array(tool.schema.string())
+      .describe(
+        "The required permission SCOPE IDs, e.g. ['SCOPE.DC-DATA.READ', 'SCOPE.DC-DATA.WRITE'].",
+      ),
+  },
+  async execute(args) {
+    return `✓ recorded ${args.permissions.length} required permission(s)`;
+  },
+});

package/dist/out.js

@@ -12068,10 +12068,12 @@ TOOL USAGE:
   - "Building project"
 - \`validate\` for all validation (tsc + build).
 - \`uuid\` to generate UUIDs (supports count param for multiple). Do NOT use bash.
+- \`required-permissions\` to declare the Wix app permissions the generated code needs. Call it ONCE at the end, and ONLY if permissions are actually needed \u2014 don't call it otherwise (see PERMISSIONS).
 - File operations \u2014 pick the BATCH tool whenever you have 2+ files; the single-file variants are 5\u201310\xD7 slower:
   - \`batch-write\` to create N new files in one call. NEVER call \`write\` more than once per turn \u2014 use batch-write instead. \`write\` is reserved for single-file creation.
   - \`batch-read\` to read N files in one call. NEVER call \`read\` more than once per turn \u2014 use batch-read instead.
   - \`multi-edit\` to apply N find-and-replace edits across one or more files in one call. NEVER call \`edit\` more than once per turn \u2014 use multi-edit instead. \`edit\` is reserved for a single edit to one file.
+  - In \`write\`/\`batch-write\` (\`content\`) and \`edit\`/\`multi-edit\` (\`newString\`) payloads, use real newlines/tabs/quotes \u2014 NEVER the two-character escape sequences \`\\n\`, \`\\t\`, or \`\\"\`. Those are written literally to disk and break \`tsc\`.
 - For tools where no batch variant exists (e.g. \`grep\`, \`glob\`), still emit MULTIPLE \`tool_use\` blocks in a SINGLE response when the calls are independent. Sequential turns waste a model round-trip per call.
 - Before calling MCP tools, check if loaded skills already cover the API. Only use MCP for gaps.
 - When using MCP to look up a Wix SDK method, ALWAYS call \`ReadFullDocsMethodSchema\` (not just \`ReadFullDocsArticle\`). The schema is the source of truth for parameter shapes. Code examples in docs may use incorrect call signatures.
@@ -12084,7 +12086,8 @@ IMPLEMENTATION WORKFLOW:
 3. **Build**: Create every extension file in a SINGLE \`batch-write\` call. Build all extensions before registering. Include one \`progress\` call per extension type (e.g. "Creating dashboard page", "Creating service plugin").
 4. **Register**: Register all extensions in \`src/extensions.ts\`. Include a \`progress\` call (e.g. "Registering extensions").
 5. **Validate**: Run \`validate\` (typecheck only). Fix any errors and re-validate until tsc passes. Include a \`progress\` call (e.g. "Running type checks"). Then run \`validate({ runBuild: true })\` ONCE to verify the build. Pass \`installDeps: true\` ONLY when you added a new dependency to package.json in this iteration; otherwise omit it (node_modules is pre-installed). Include a \`progress\` call (e.g. "Building project").
-6. **Stop**: STOP immediately. Do NOT refactor, clean up, or verify.
+6. **Declare permissions**: If the generated code requires Wix app permissions, call \`required-permissions\` ONCE with their SCOPE IDs (see PERMISSIONS below). Skip this step entirely if no permissions are needed.
+7. **Stop**: STOP immediately. Do NOT refactor, clean up, or verify.
 
 EFFICIENCY:
 - Always prefer the BATCH variant: \`batch-write\` over multiple \`write\`s, \`batch-read\` over multiple \`read\`s, \`multi-edit\` over multiple \`edit\`s.
@@ -12099,21 +12102,14 @@ TYPESCRIPT:
 - The project enables \`verbatimModuleSyntax\`. Type-only imports MUST use \`import type\`.
 
 PERMISSIONS:
-At the end of your response, output the required Wix app permissions as a JSON block.
+After the final \`validate\` pass and before you Stop, if the generated code requires Wix app permissions, call the \`required-permissions\` tool ONCE with them. If no permissions are required, do NOT call the tool at all.
 Use SCOPE ID format (not human-readable names). Examples:
 - \`@wix/data\` read \u2192 "SCOPE.DC-DATA.READ", write \u2192 "SCOPE.DC-DATA.WRITE"
 - Embedded scripts \u2192 "SCOPE.DC-APPS.MANAGE-EMBEDDED-SCRIPTS"
 
 CRITICAL: Only include permissions that you have explicitly seen in the Wix SDK documentation (via MCP or loaded skills). NEVER guess or fabricate permission scope IDs. If you are unsure which permission a feature requires, look it up in the docs first. Omitting a permission is better than inventing one that does not exist.
 
-\`\`\`json:required-permissions
-["SCOPE.DC-DATA.READ", "SCOPE.DC-DATA.WRITE"]
-\`\`\`
-
-If no permissions are required, output an empty array:
-\`\`\`json:required-permissions
-[]
-\`\`\``;
+Example: \`required-permissions({ permissions: ["SCOPE.DC-DATA.READ", "SCOPE.DC-DATA.WRITE"] })\``;
   }
 });
 
@@ -12515,26 +12511,21 @@ var require_parser = __commonJS({
       return output.split("\n").filter((line) => line.trim()).map((line) => (0, types_1.tryParseJson)(line)).filter((event) => event !== null && event.type === type);
     }
     function parseRequiredPermissions(output) {
+      let permissions = [];
       const lines = output.split("\n");
       for (const line of lines) {
         if (!line.trim())
           continue;
         const event = (0, types_1.tryParseJson)(line);
-        if (!event || event.type !== "text" || !event.part?.text)
-          continue;
-        const text = event.part.text;
-        const match = text.match(/```json:required-permissions\s*\n?\s*(\[.*?\])\s*\n?```/s);
-        if (!match)
-          continue;
-        const parsed = (0, types_1.tryParseJson)(match[1]);
-        if (!Array.isArray(parsed))
+        if (!event || event.type !== "tool_use" || event.part?.tool !== "required-permissions" || event.part.state?.status !== "completed") {
           continue;
-        const permissions = parsed.filter((p) => typeof p === "string");
-        if (permissions.length > 0) {
-          return permissions;
         }
+        const declared = event.part.state.input?.permissions;
+        if (!Array.isArray(declared))
+          continue;
+        permissions = declared.filter((p) => typeof p === "string");
       }
-      return [];
+      return permissions;
     }
     function parseFilesChanged(output) {
       const filesChanged = [];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wix/ditto-codegen-public",
-  "version": "1.0.350",
+  "version": "1.0.352",
   "description": "AI-powered Wix CLI app generator - standalone executable",
   "scripts": {
     "build": "node build.mjs",
@@ -29,5 +29,5 @@
     "esbuild": "^0.27.2",
     "vitest": "^4.0.16"
   },
-  "falconPackageHash": "7b2e53264eacac128859b81385968e6717dcc2aa010583e57495c189"
+  "falconPackageHash": "1eb9485337cb79d255ab44882d5de88973d8debe58775a6885bfa47e"
 }