Skip to content

Figma design integration — build UIs that match referenced designs (interactive-once auth)#113

Merged
tzone85 merged 3 commits into
mainfrom
feat/figma-design-integration
Jul 2, 2026
Merged

Figma design integration — build UIs that match referenced designs (interactive-once auth)#113
tzone85 merged 3 commits into
mainfrom
feat/figma-design-integration

Conversation

@tzone85

@tzone85 tzone85 commented Jul 2, 2026

Copy link
Copy Markdown
Owner

Summary

Requirements can now reference figma.com design URLs and vxd builds the UI to match the referenced frames instead of inventing a design.

The auth contract (communicated, not hidden)

Figma needs an operator credential, so the first Figma-referencing run is interactive-once rather than fire-and-forget — and vxd says so everywhere it matters:

  • vxd req detects design URLs and fails fast before any LLM spend when no credential exists, with the message naming the exact interactive step.
  • vxd figma auth is the one-time session: prints the Figma settings URL (never auto-opens a browser), reads the personal access token, validates it via /v1/me before storing (a typo fails in the session, not mid-pipeline hours later), and persists it at <state_dir>/figma.token mode 0600. FIGMA_TOKEN env is also honored.
  • After that single session, Figma runs are fire-and-forget like every other vxd run — vxd figma status shows the authenticated account.

Pipeline flow

  1. Pull (figma.BuildDesignContext): referenced nodes fetched at depth 3 + 2x PNG renders into <repo>/.vxd-design/ — a DESIGN_CONTEXT.md frame inventory (dimensions, text styles, solid fills as hex) plus the rendered images. Per-ref failures degrade to a note; all-refs-failed is a loud req-time error, never a hollow success.
  2. Plan: the context rides in the decomposition prompt inside <design-reference> data tags, instructing the Tech Lead to derive the design-token foundation from the design.
  3. Implement: frontend stories get the context in their goal prompt (after FrontendDesignBrief — the reference overrides generic design guidance) and the PNGs are copied into each frontend worktree so the coding agent can open them.

Safety

  • Figma layer names are third-party data: loadDesignContext injection-scans the markdown (a MatchInjectionPattern hit drops the whole context loudly) and neutralises angle brackets so a layer literally named </design-reference> cannot close the data framing. 16 KB cap.
  • Render downloads validate the destination host (Figma CDN allowlist) — a tampered API response cannot point a download at an internal address.
  • The token never appears in logs or error strings; .vxd-design/ is gitignored and stripped from story branches.

Review

everything-claude-code:go-reviewer: 1 HIGH (error-dropped os.Getwd in the pull path — pull moved after repoPath with proper handling), 2 MEDIUM (tag-close framing escape; untestable direct client construction in runReq), 1 MEDIUM (hollow all-fail success) and 3 LOW (SSRF host validation, hyphenated file keys, unreadable-token diagnostics) — all applied with pinning tests. Reviewer confirmed: token never leaks, injection-scan placement covers every content-to-prompt path, the fail-fast genuinely precedes LLM spend, lookalike domains rejected.

Test plan

  • 24 new tests across internal/figma (URL/token/client/context via httptest), engine (load/injection-drop/tag-neutralisation/cap/copy + planner prompt pin), cli (auth validates-then-stores, invalid token not stored, status paths, SSRF refusals)
  • make verify (pre-push green gate) passes; golangci-lint 0 issues
  • Doc-coverage gates pass (CLAUDE.md section + CLI tables + README bullet)
  • NXD: intentionally not ported — Figma is a cloud API; NXD stays offline-first

tzone85 added 3 commits July 2, 2026 13:36
…sign pull, planner + agent injection

Requirements can now reference figma.com design URLs and vxd builds the UI to
MATCH the referenced frames instead of inventing a design.

The auth model is communicated, not hidden: Figma needs an operator
credential, so the FIRST Figma-referencing run is interactive-once rather
than fire-and-forget. 'vxd req' detects design URLs and fails fast — before
any LLM spend — naming the exact interactive step ('vxd figma auth', which
prints the settings URL without auto-opening a browser, reads + validates the
personal access token via /v1/me, and stores it at <state_dir>/figma.token
mode 0600; FIGMA_TOKEN env also honored). After that single session,
Figma runs are autonomous again.

- internal/figma: URL parsing (design/file/proto/board, node-id
  canonicalisation, dedup), minimal REST client (files/nodes depth-3, 2x PNG
  renders, bounded downloads, token never logged), BuildDesignContext →
  DESIGN_CONTEXT.md (frame inventory: dimensions, text styles, solid fills as
  hex) + rendered PNGs under .vxd-design/. Per-ref failures degrade to a note.
- Planner: design context injected inside <design-reference> data tags with
  instructions to derive the design-token foundation FROM the design.
- Executor: frontend stories get the context in their goal prompt (after
  FrontendDesignBrief — the reference overrides generic guidance) and the
  PNGs copied into their worktree so agents can open them.
- Safety: loadDesignContext injection-scans the markdown (Figma layer names
  are third-party data; a MatchInjectionPattern hit drops the context loudly)
  and caps it at 16 KB. .vxd-design/ is gitignored and stripped from story
  branches — working material, never a deliverable.
- CLI: vxd figma auth (interactive, validates before storing) + vxd figma
  status. Docs: CLAUDE.md section + CLI tables + README bullet.
- Tests: figma pkg (URL/token/client/context via httptest), engine
  (load/injection-drop/cap/copy + planner prompt pin), cli (auth stores only
  valid tokens, status paths). NXD: not ported — cloud API, offline-first.
- HIGH: the req-time Figma pull ran before repoPath was established and used
  an error-dropped os.Getwd() — a Getwd failure silently pulled into a
  relative path. The pull now runs after repoPath (properly error-handled)
  and uses the figmaAPIBase-aware client so the full runReq path is testable.
- MEDIUM: a Figma layer literally named '</design-reference>' could close the
  planner's data framing. Angle brackets are now neutralised (&lt;) at the
  loadDesignContext choke point — protects every prompt embedding the context.
- MEDIUM: an all-refs-failed pull returned a hollow 'design context + 0
  renders written' success. It is now a loud error at req time.
- LOW: render downloads validate the destination host (Figma CDN or the
  configured BaseURL) — a tampered API response cannot point the download at
  an internal address; hyphen/underscore file keys parse whole; an unreadable
  token file is named as a permissions problem instead of the generic
  'no credential' guidance.

New tests pin each: tag-close neutralisation, all-fail error, SSRF host
refusals (metadata IP, lookalike hosts, http downgrade), hyphenated keys,
unreadable-token distinction.
@tzone85 tzone85 merged commit 3ae1eb2 into main Jul 2, 2026
5 checks passed
@tzone85 tzone85 deleted the feat/figma-design-integration branch July 2, 2026 11:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant