feat: Strengthen .glance.json AI generation requirements #57
Conversation
Three-layer enforcement for widget definitions:
1. **Stricter TypeScript Types**
- Made `data_schema` required (non-nullable) in CustomWidget interface
- Made `credentials` and `data_schema` required in DashboardExportFormat
- Made `data_schema` required in WidgetPackage interface
2. **JSON Schema for Structured Output** (NEW: docs/schemas/widget-schema.json)
- Comprehensive schema for AI structured output modes (Anthropic tool_use, OpenAI response_format)
- Enforces all required fields at generation time
- Conditional requirements (fetch.instructions/schedule required for agent_refresh)
- data_schema.required must include "fetchedAt"
3. **Enhanced Validation**
- validateDashboardFormat() now validates: data_schema structure, fetch config,
size constraints, credentials array, and slug format
- validateWidgetPackage() now validates data_schema requirements
- Return type includes warnings array for non-critical issues
Also updated SKILL.md with:
- "AI Structured Output Generation (REQUIRED)" section
- Required fields checklist table
- Minimal valid widget example
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 3 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| widget.cache || null, | ||
| null, // author | ||
| widget.data_schema || null | ||
| widget.data_schema |
There was a problem hiding this comment.
Inconsistent data_schema fallback removed in only some import paths
Medium Severity
The || null fallback for widget.data_schema was removed at lines 174 and 208 (for conflict resolution "rename" and "overwrite" cases), but line 241 in the non-conflict code path still uses widget.data_schema || null. This creates inconsistent behavior across different import paths—conflicting widgets pass undefined when data_schema is missing, while new widgets pass null.
Additional Locations (1)
| } | ||
| if (typeof s.h !== "number" || !Number.isInteger(s.h) || s.h < 1) { | ||
| errors.push(`Widget ${widgetId}: ${fieldName}.h must be a positive integer`); | ||
| } |
There was a problem hiding this comment.
Size validation missing maximum bounds check
Medium Severity
The validateSize function only validates minimum bounds (s.w < 1 and s.h < 1) but doesn't check maximum bounds. The JSON schema specifies w must be 1-12 and h must be 1-20, and the SKILL.md documentation shows the same ranges. Widgets with excessively large dimensions like { w: 100, h: 100 } would pass runtime validation but violate the documented constraints and could cause layout issues.
|
|
||
| const validTypes = ["api_key", "local_software", "oauth", "agent"]; | ||
| for (let i = 0; i < credentials.length; i++) { | ||
| const cred = credentials[i] as Record<string, unknown>; |
There was a problem hiding this comment.
Missing null check causes crash on malformed credentials
Medium Severity
The validateCredentials function iterates over the credentials array and immediately accesses properties like cred.id without first checking if each element is a non-null object. If the input contains credentials: [null] or credentials: [123], accessing cred.id on a null value will throw a TypeError: Cannot read properties of null, crashing the validation. Other validation functions like validateSize, validateFetch, and validateDataSchema correctly include if (!x || typeof x !== "object") guards, but this function is missing that check.
1 participant
Summary
data_schemaandcredentialsrequiredvalidateDashboardFormat()andvalidateWidgetPackage()Changes
Layer 1: Stricter TypeScript Types
CustomWidget.data_schemais now required (non-nullable)DashboardExportFormat.widgets[].data_schemaandcredentialsare now requiredWidgetPackage.data_schemais now requiredLayer 2: JSON Schema for Structured Output (NEW)
docs/schemas/widget-schema.jsonLayer 3: Enhanced Validation
validateDashboardFormat()now validates:validateWidgetPackage()now validates data_schema requirementsLayer 4: Documentation
Test plan
npx tsc --noEmitpassesnpm run lintpasses (no new errors)🤖 Generated with Claude Code
Note
Medium Risk
Changes tighten contracts around import/export and widget packaging, so existing dashboards/packages missing
data_schema/credentialsmay now fail validation or import. Mostly validation/type enforcement, but it affects core data interchange paths.Overview
Widget definitions are now enforced as fully-specified objects by making
data_schemaandcredentialsrequired (no longer optional/nullable) across dashboard export format, widget packages, and theCustomWidgetDB type.Adds a new
docs/schemas/widget-schema.jsonJSON Schema intended for AI structured output, with conditional requirements foragent_refresh(e.g.,fetch.instructions/fetch.schedule) and a hard requirement thatdata_schema.requiredcontainsfetchedAt;SKILL.mdis updated to require using this schema and to document the required-field checklist.Tightens runtime validation:
validateDashboardFormat()now validates slug format, widget sizes, fetch config,data_schemastructure, andcredentialsshape; export/import routes are adjusted to always include/persist required fields, and DB row mapping provides a fallback minimaldata_schemawhen missing.Written by Cursor Bugbot for commit 16efca2. This will update automatically on new commits. Configure here.