feat(widget-light): reactivity, events, and improved defaults

[chybisov]

Which Linear task is linked to this PR?

N/A

Why was it implemented this way?

This PR builds on the initial widget-light foundation (#664) to add config reactivity, a typed event system, multi-ecosystem handler improvements, and developer experience polish.

Config reactivity & events

• Host can update widget config at any time without reloading the iframe (CONFIG_UPDATE message)
• New WidgetLightEventBus singleton with ref-counted subscriptions — guest forwards subscribed events via WIDGET_EVENT messages
• Public useWidgetLightEvents() hook returning { on, off } emitter with full TypeScript support
• Serializable event types (WidgetLightEvents) mirroring the full widget's event system

Protocol & iframe bridge improvements

• Extended protocol with WIDGET_EVENT_SUBSCRIBE/UNSUBSCRIBE, RESIZE, CONNECT_WALLET_REQUEST messages
• BaseIframeProvider base class shared across all chain providers (EVM, Solana, Bitcoin, Sui)
• WidgetEventsBridge component in widget-embedded to forward widget events to the host
• GuestBridge improvements for reliable handshake and event forwarding
• Simplified widgetLightConnector — inlined connector info updates, removed separate updateConnectorInfo function

Default URL & DX improvements

• src and iframeOrigin props are now optional on <LiFiWidgetLight> — defaults to https://widget.li.fi with iframeOrigin auto-derived from src via new URL(src).origin
• Exported DEFAULT_WIDGET_URL constant for hook-only consumers
• Simplified iframe examples by removing WIDGET_URL/WIDGET_ORIGIN boilerplate
• External wallet management via onConnect prop — widget sends CONNECT_WALLET_REQUEST instead of opening internal wallet menu

Docs & tooling

• Comprehensive widget-embedded/README.md integration guide (quick start, multi-ecosystem setup, events, props table, FAQ)
• Added CLAUDE.md with repo conventions, commands, and architecture overview
• Dependency updates across all packages
• Updated PR template from Jira to Linear

Visual showcase (Screenshots or Videos)

No visual changes — infrastructure, protocol, and API improvements.

Checklist before requesting a review

• I have performed a self-review and testing of my code.
• This pull request is focused and addresses a single problem.
• If this PR modifies the Widget API or adds new features that require documentation, I have updated the documentation in the public-docs repository.

🤖 Generated with Claude Code

[aikido-pr-checks]

listeners is a module-level mutable Map that persists across imports; avoid storing request/user-specific handlers globally or scope them per session.

Details

✨ AI Reasoning
​The change introduced module-level mutable state: a Map of listeners, a Map of refCounts, and a module-scoped send function reference. Module-level mutable variables persist for the lifetime of the process and can therefore retain per-request or per-user data between requests. This can lead to data leakage or race conditions when the module is used in long-lived server processes or reused across different iframe sessions. Consider scoping these data structures per-session/instance or clearly documenting them as intentionally shared.

🔧 How do I fix it?
Avoid storing request-specific data in module-level variables. Use request-scoped variables or explicitly mark shared caches as intentional.

_{Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info}