refactor(sanity): validate that there is no callbacks in aspects

[sjelfull]

Description

Added validation to prevent callback functions in Media Library asset aspects. This ensures that asset aspects are serializable and can be safely deployed without relying on runtime code execution.

Part of DAM-766

What to review

• The new validateNoCallbacks utility that checks for functions in schema definitions
• Integration with the existing validateMediaLibraryAssetAspect function
• Comprehensive test coverage for various schema patterns with callbacks

Testing

Added extensive test coverage in validateMediaLibraryAssetAspect.test.ts that verifies:

• Detection of functions in conditional properties (hidden, readOnly)
• Detection of functions in initialValue, validation, and preview.prepare
• Detection of component functions in various contexts
• Detection of functions in options objects (filter, source, slugify, etc.)
• Detection of functions in fieldsets and groups
• Detection of component functions in block type styles, decorators, and annotations
• Validation of valid aspects without functions

Notes for release

Added validation to prevent callback functions in Media Library asset aspects. Asset aspects must now use static values instead of functions for properties like hidden, readOnly, initialValue, validation, and component definitions. This ensures that asset aspects are fully serializable and can be safely deployed.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
page-building-studio	Ready	Preview	Comment	Oct 22, 2025 1:24pm
performance-studio	Ready	Preview		Oct 22, 2025 1:24pm
test-studio	Ready	Preview	Comment	Oct 22, 2025 1:24pm

2 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
studio-workshop	Ignored	Preview		Oct 22, 2025 1:24pm
test-next-studio	Ignored			Oct 22, 2025 1:24pm

[sjelfull]

• refactor(sanity): validate that there is no callbacks in aspects #10905 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

🧪 E2E Preview environment

🔑 Environment Variables for Local Testing

This is the preview URL for the E2E tests: https://e2e-studio-joz6dp2pg.sanity.dev

To run the E2E tests locally, you can use the following environment variables, then run pnpm test:e2e --ui to open the Playwright test runner.

💬 Remember to build the project first with pnpm build:e2e.

  SANITY_E2E_PROJECT_ID=ittbm412
  SANITY_E2E_BASE_URL=https://e2e-studio-joz6dp2pg.sanity.dev
  SANITY_E2E_DATASET="update depending the project you want to test (pr-10905-chromium-18717448446 || pr-10905-firefox-18717448446 )"
  SANITY_E2E_DATASET_CHROMIUM=pr-10905-chromium-18717448446
  SANITY_E2E_DATASET_FIREFOX=pr-10905-firefox-18717448446

[github-actions]

📊 Playwright Test Report

Download Full E2E Report

This report contains test results, including videos of failing tests.

[github-actions]

No changes to documentation

[github-actions]

⚡️ Editor Performance Report

Updated Thu, 23 Oct 2025 10:16:19 GMT

Benchmark	reference latency of sanity@latest	experiment latency of this branch	Δ (%) latency difference
article (title)	11.8 efps (85ms)	12.7 efps (79ms)	-6ms (-7.1%)	✅
article (body)	39.1 efps (26ms)	32.1 efps (31ms)	+6ms (+22.1%)	🔴
article (string inside object)	12.7 efps (79ms)	12.7 efps (79ms)	+0ms (-/-%)	✅
article (string inside array)	11.2 efps (90ms)	11.4 efps (88ms)	-2ms (-2.2%)	✅
recipe (name)	19.2 efps (52ms)	19.8 efps (51ms)	-2ms (-2.9%)	✅
recipe (description)	20.8 efps (48ms)	22.2 efps (45ms)	-3ms (-6.3%)	✅
recipe (instructions)	99.9+ efps (8ms)	99.9+ efps (9ms)	+2ms (-/-%)	✅
singleString (stringField)	31.3 efps (32ms)	33.3 efps (30ms)	-2ms (-6.3%)	✅
synthetic (title)	8.5 efps (117ms)	8.8 efps (113ms)	-4ms (-3.4%)	✅
synthetic (string inside object)	10.4 efps (96ms)	10.4 efps (96ms)	+0ms (-/-%)	✅

efps — editor "frames per second". The number of updates assumed to be possible within a second.

Derived from input latency. efps = 1000 / input_latency

Detailed information

🏠 Reference result

The performance result of sanity@latest

Benchmark	latency	p75	p90	p99	blocking time	test duration
article (title)	85ms	114ms	136ms	390ms	3601ms	18.9s
article (body)	26ms	59ms	90ms	424ms	945ms	9.1s
article (string inside object)	79ms	97ms	188ms	378ms	2712ms	12.1s
article (string inside array)	90ms	115ms	157ms	330ms	3368ms	13.3s
recipe (name)	52ms	72ms	99ms	148ms	1063ms	12.5s
recipe (description)	48ms	60ms	72ms	186ms	945ms	8.5s
recipe (instructions)	8ms	11ms	13ms	98ms	39ms	3.6s
singleString (stringField)	32ms	38ms	45ms	82ms	73ms	9.0s
synthetic (title)	117ms	161ms	221ms	477ms	5476ms	24.7s
synthetic (string inside object)	96ms	131ms	214ms	345ms	3862ms	13.8s

🧪 Experiment result

The performance result of this branch

Benchmark	latency	p75	p90	p99	blocking time	test duration
article (title)	79ms	103ms	148ms	332ms	2727ms	17.2s
article (body)	31ms	62ms	129ms	379ms	1087ms	9.9s
article (string inside object)	79ms	108ms	133ms	328ms	2631ms	11.9s
article (string inside array)	88ms	109ms	211ms	321ms	3233ms	13.2s
recipe (name)	51ms	79ms	102ms	157ms	1096ms	12.1s
recipe (description)	45ms	64ms	78ms	97ms	588ms	8.0s
recipe (instructions)	9ms	11ms	38ms	122ms	97ms	3.8s
singleString (stringField)	30ms	36ms	44ms	94ms	49ms	8.9s
synthetic (title)	113ms	151ms	241ms	448ms	5600ms	24.2s
synthetic (string inside object)	96ms	127ms	211ms	404ms	4010ms	13.8s

📚 Glossary

column definitions

• benchmark — the name of the test, e.g. "article", followed by the label of the field being measured, e.g. "(title)".
• latency — the time between when a key was pressed and when it was rendered. derived from a set of samples. the median (p50) is shown to show the most common latency.
• p75 — the 75th percentile of the input latency in the test run. 75% of the sampled inputs in this benchmark were processed faster than this value. this provides insight into the upper range of typical performance.
• p90 — the 90th percentile of the input latency in the test run. 90% of the sampled inputs were faster than this. this metric helps identify slower interactions that occurred less frequently during the benchmark.
• p99 — the 99th percentile of the input latency in the test run. only 1% of sampled inputs were slower than this. this represents the worst-case scenarios encountered during the benchmark, useful for identifying potential performance outliers.
• blocking time — the total time during which the main thread was blocked, preventing user input and UI updates. this metric helps identify performance bottlenecks that may cause the interface to feel unresponsive.
• test duration — how long the test run took to complete.

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	44.95%	64691 / 143913
🔵	Statements	44.95%	64691 / 143913
🔵	Functions	50.06%	3261 / 6514
🔵	Branches	79.54%	12154 / 15280

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
packages/@sanity/schema/src/sanity/validateMediaLibraryAssetAspect.ts	100%	100%	100%	100%
packages/@sanity/schema/src/sanity/validateSchema.ts	100%	100%	100%	100%
packages/@sanity/schema/src/sanity/validation/utils/validateNoCallbacks.ts	88.1%	86.41%	100%	88.1%	71-72, 102-105, 161-183, 337-338, 351-353, 356-357

Generated in workflow #43913 for commit da72a2e by the Vitest Coverage Report Action

[bjoerge]

Nice, lgtm!

[sjelfull]

Merge activity

• Oct 24, 10:49 AM UTC: @sjelfull merged this pull request with Graphite.