collavre 0.21.0 → 0.22.0

data/app/controllers/collavre/api/v1/base_controller.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Collavre
+  module Api
+    module V1
+      class BaseController < ActionController::API
+        before_action :authenticate!
+
+        private
+
+        def authenticate!
+          token = extract_bearer_token
+          if token.blank?
+            render json: { error: "Missing authentication token" }, status: :unauthorized
+            return
+          end
+
+          access_token = Doorkeeper::AccessToken.by_token(token)
+          unless access_token&.accessible?
+            render json: { error: "Invalid authentication token" }, status: :unauthorized
+            return
+          end
+
+          user = Collavre::User.find_by(id: access_token.resource_owner_id)
+          unless user
+            render json: { error: "User not found" }, status: :unauthorized
+            return
+          end
+
+          Collavre::Current.user = user
+        end
+
+        def extract_bearer_token
+          auth_header = request.headers["Authorization"]
+          return nil unless auth_header&.start_with?("Bearer ")
+
+          auth_header.sub("Bearer ", "")
+        end
+
+        def current_user
+          Collavre::Current.user
+        end
+      end
+    end
+  end
+end

data/app/controllers/collavre/attachments_controller.rb

@@ -8,7 +8,7 @@ module Collavre
         return head :forbidden
       end
 
-      blob.purge
+      purge_unless_referenced(blob)
       head :no_content
     rescue ActiveRecord::RecordNotFound
       head :not_found
@@ -19,10 +19,38 @@ module Collavre
 
     private
 
+    # A blob can be shared across creatives (description HTML copied between
+    # them). The editor fires this DELETE for removed nodes after its PATCH, so
+    # purging unconditionally could delete a blob another creative still
+    # references, 404-ing its description. Only purge a true orphan.
+    def purge_unless_referenced(blob)
+      signed_id = blob.signed_id
+      pattern = "%#{ActiveRecord::Base.sanitize_sql_like(signed_id)}%"
+
+      return if Creative.where("description LIKE ?", pattern).exists?
+      return if ActiveStorage::Attachment.where(blob_id: blob.id).exists?
+
+      blob.purge
+    end
+
     def authorized_to_purge?(blob)
       return false unless Current.user
 
-      attachment_owned_by_current_user?(blob) || editable_creative_reference?(blob)
+      attachment_owned_by_current_user?(blob) ||
+        editable_creative_reference?(blob) ||
+        orphan_blob?(blob)
+    end
+
+    # Authorize purging a true orphan (attached to nothing, in no description).
+    # Covers a node removed before its blob was ever attached (removed-then-save,
+    # so reconcile never sees it), which can prove neither ownership nor a
+    # writable reference and would otherwise 403, stranding the blob. Safe: any
+    # in-use blob still fails this check. Mirrors purge_unless_referenced.
+    def orphan_blob?(blob)
+      pattern = "%#{ActiveRecord::Base.sanitize_sql_like(blob.signed_id)}%"
+
+      !ActiveStorage::Attachment.where(blob_id: blob.id).exists? &&
+        !Creative.where("description LIKE ?", pattern).exists?
     end
 
     def attachment_owned_by_current_user?(blob)

data/app/controllers/collavre/comments_controller.rb

@@ -6,7 +6,7 @@ module Collavre
     include Collavre::Comments::BatchOperations
 
     before_action :set_creative
-    before_action :set_comment, only: [ :destroy, :show, :update, :convert, :approve, :update_action, :download_images, :remove_image ]
+    before_action :set_comment, only: [ :destroy, :show, :update, :convert, :approve, :deny, :update_action, :download_images, :remove_image ]
 
     def fullscreen
       # Render the creative index page with comments popup auto-opened in fullscreen.

data/app/controllers/collavre/creatives/attachments_controller.rb

@@ -0,0 +1,79 @@
+module Collavre
+  module Creatives
+    # Bearer-only multipart upload endpoint for agents/CLI. Creates an
+    # ActiveStorage blob from the uploaded bytes, embeds the matching node into
+    # the Creative's description, and lets after_save reconcile attach it to
+    # creative.files. No server-local paths, no session/CSRF.
+    class AttachmentsController < Collavre::ApplicationController
+      include Collavre::PublicAssetsHelper
+
+      allow_unauthenticated_access
+      skip_forgery_protection
+      before_action :authenticate_bearer!
+
+      def create
+        creative = Collavre::Creative.find_by(id: params[:creative_id])
+        return render(json: { error: "Creative not found" }, status: :not_found) unless creative
+
+        unless creative.has_permission?(Current.user, :write)
+          return render(json: { error: "No write permission" }, status: :forbidden)
+        end
+
+        unless creative.attachments_embeddable?
+          return render(json: { error: "Cannot attach files to GitHub-synced content" }, status: :unprocessable_entity)
+        end
+
+        file = params[:file]
+        return render(json: { error: "No file provided" }, status: :unprocessable_entity) unless file.respond_to?(:read)
+
+        io = file.to_io
+        content_type = resolved_content_type(file, io)
+        io.rewind
+        blob = ActiveStorage::Blob.create_and_upload!(
+          io: io,
+          filename: file.original_filename,
+          content_type: content_type
+        )
+
+        creative.embed_attachment_blob!(blob)
+
+        render json: {
+          signed_id: blob.signed_id,
+          filename: blob.filename.to_s,
+          content_type: blob.content_type,
+          byte_size: blob.byte_size,
+          url: public_asset_url(blob)
+        }
+      end
+
+      private
+
+      # The bundled `collavre` CLI sends application/octet-stream for every part,
+      # so treat octet-stream (and blank) as "unknown" and sniff via Marcel —
+      # otherwise png/mp4 render as generic download links, not inline media.
+      def resolved_content_type(file, io)
+        declared = file.content_type.presence
+        return declared if declared && declared != "application/octet-stream"
+
+        Marcel::MimeType.for(io, name: file.original_filename).presence ||
+          "application/octet-stream"
+      end
+
+      # Resolve a Doorkeeper bearer token to Current.user. The MCP middleware
+      # only does this for /mcp paths, so this endpoint authenticates itself.
+      def authenticate_bearer!
+        token_string = Doorkeeper::OAuth::Token.from_request(
+          request, *Doorkeeper.configuration.access_token_methods
+        )
+        token = Doorkeeper::AccessToken.by_token(token_string) if token_string.present?
+        user = Collavre::User.find_by(id: token.resource_owner_id) if token&.accessible?
+
+        if user
+          Current.user = user
+        else
+          render json: { error: "Unauthorized" }, status: :unauthorized
+        end
+      end
+    end
+  end
+end

data/app/controllers/collavre/creatives_controller.rb

@@ -563,12 +563,102 @@ module Collavre
 
       def serialize_creatives(collection)
         if params[:simple].present?
-          collection.map { |c| { id: c.id, description: c.effective_description(nil, false), progress: c.progress } }
+          # Preload origins so effective_origin (used per linked-shell row in both
+          # children_presence_set and the origin_id mapping below) resolves from
+          # memory instead of firing a query per shell. Only browse can hold shells;
+          # search is scoped to origin_id: nil, so this is a no-op there.
+          ActiveRecord::Associations::Preloader.new(records: collection.to_a, associations: :origin).call
+          children_ids = children_presence_set(collection)
+          searching = params[:search].present?
+          breadcrumbs = searching ? ::Creatives::BreadcrumbResolver.new(collection.map(&:id), user: Current.user, include_archived: params[:show_archived].present?).call : {}
+          # For hits routed through a linked shell, the path to expand in the
+          # user's own tree (local folders -> shell) so a breadcrumb jump can
+          # reach a shell nested under a collapsed folder.
+          reveal_paths = searching ? ::Creatives::RevealPathResolver.new(collection.map(&:id), user: Current.user, include_archived: params[:show_archived].present?).call : {}
+          collection.map do |c|
+            item = {
+              id: c.id,
+              description: c.effective_description(nil, false),
+              progress: c.progress,
+              has_children: children_ids.include?(c.id)
+            }
+            reveal = reveal_paths[c.id]
+            path = breadcrumbs[c.id]
+            if path.present?
+              item[:path] = mask_unreachable_crumbs(path, reveal)
+            end
+            item[:reveal_path] = reveal if reveal.present?
+            # For linked shells, expose the effective origin id so the picker can
+            # map a search breadcrumb (origin ids) back to the rendered shell node.
+            item[:origin_id] = c.effective_origin.id if c.origin_id
+            item
+          end
         else
           collection.map { |c| { id: c.id, description: c.effective_description, progress: c.progress } }
         end
       end
 
+      # A breadcrumb jump expands the tree from a rendered root (or, for a shared
+      # subtree, a linked shell) down to the clicked crumb. If an ancestor above a
+      # crumb is itself unrenderable (unreadable, or archived while archived rows
+      # aren't shown) and no linked shell re-roots the path at/below it, the
+      # descendant can't be expanded either — so mask it too. BreadcrumbResolver
+      # masks the unrenderable ancestor itself; this masks everything downstream of
+      # it on the plain origin chain, matching exactly what the tree can render.
+      #
+      # `reveal` is RevealPathResolver's per-origin map: a crumb whose origin id is
+      # a key re-roots navigation through its own shell (the client anchors at the
+      # nearest reveal entry at/above the clicked crumb), so it clears the block for
+      # itself and its descendants regardless of an archived/unreadable origin
+      # above it.
+      def mask_unreachable_crumbs(path, reveal)
+        blocked = false
+        path.map do |crumb|
+          if reveal&.key?(crumb[:id])
+            blocked = false
+            crumb
+          elsif crumb[:restricted]
+            blocked = true
+            crumb
+          elsif blocked
+            crumb.merge(restricted: true, description: nil)
+          else
+            crumb
+          end
+        end
+      end
+
+      # Batched "does this node have a child the user can actually browse to?"
+      # lookup so the picker tree renders expand toggles without an N+1.
+      #
+      # Must match exactly what expanding the node shows (IndexQuery#handle_id_query
+      # -> children_with_permission, minus archived unless show_archived), or the
+      # toggle either hides a reachable subtree or opens to an empty branch (and
+      # leaks that hidden children exist). Two alignments are needed:
+      #   1. Linked shells (origin_id set) store children under the effective
+      #      origin (redirect_parent_to_origin + children->origin migration), so
+      #      resolve each row to its effective origin before the lookup.
+      #   2. Apply the same archived + read-permission filters as the browse path.
+      def children_presence_set(collection)
+        return Set.new if collection.empty?
+
+        origin_id_by_id = collection.to_h { |c| [ c.id, c.effective_origin.id ] }
+
+        candidates = Creative.where(parent_id: origin_id_by_id.values.uniq)
+        candidates = candidates.where(archived_at: nil) unless params[:show_archived]
+        child_rows = candidates.pluck(:id, :parent_id) # [child_id, origin_id]
+        return Set.new if child_rows.empty?
+
+        readable = ::Creatives::PermissionFilter
+          .new(user: Current.user).readable_ids(child_rows.map(&:first)).to_set
+        origins_with_visible_children = child_rows
+          .each_with_object(Set.new) { |(child_id, origin_id), set| set << origin_id if readable.include?(child_id) }
+
+        collection.each_with_object(Set.new) do |c, set|
+          set << c.id if origins_with_visible_children.include?(origin_id_by_id[c.id])
+        end
+      end
+
       def reorderer
         @reorderer ||= ::Creatives::Reorderer.new(user: Current.user)
       end

data/app/controllers/collavre/tasks_controller.rb

@@ -10,21 +10,29 @@ module Collavre
         return head :forbidden
       end
 
-      unless %w[running pending queued pending_approval].include?(task.status)
+      unless %w[running pending queued pending_approval delegated].include?(task.status)
         return head :unprocessable_entity
       end
 
+      was_delegated = task.status == "delegated"
       task.update!(status: "cancelled")
 
-      abort_openclaw_session(task)
+      # Delegated tasks have no active worker to run the ensure-block release,
+      # so free the agent slot and drain the topic queue here.
+      if was_delegated && task.agent
+        Collavre::Orchestration::ResourceTracker.for(task.agent).release!(task.id)
+        Collavre::Orchestration::AgentOrchestrator.dequeue_next_for_topic(task.topic_id, task.creative_id)
+      end
+
+      abort_agent_session(task)
 
       head :ok
     end
 
     private
 
-    def abort_openclaw_session(task)
-      Collavre::OpenclawAbortService.call(agent: task.agent, task: task)
+    def abort_agent_session(task)
+      Collavre::AgentSessionAbort.call(agent: task.agent, task: task)
     end
   end
 end

data/app/controllers/collavre/topics_controller.rb

@@ -105,8 +105,23 @@ module Collavre
       end
 
       topic_id = topic.id
+      topic_name = topic.name
       topic.destroy
 
+      # Best-effort orphaned-cron notice. Must never break the core deletion:
+      # if it raises, swallow + log so broadcast/head still run.
+      begin
+        Collavre::Topics::OrphanedCronNotifier.new(
+          topic_id: topic_id,
+          topic_name: topic_name
+        ).call
+      rescue StandardError => e
+        Rails.logger.error(
+          "[TopicsController#destroy] OrphanedCronNotifier failed for topic " \
+          "#{topic_id}: #{e.class} #{e.message}"
+        )
+      end
+
       broadcast_topic_event("deleted", topic_id: topic_id)
       head :no_content
     end

data/app/controllers/concerns/collavre/comments/approval_actions.rb

@@ -4,22 +4,15 @@ module Collavre
       extend ActiveSupport::Concern
 
       def approve
+        # Claude Channel permission prompts reuse the approval comment UI but the
+        # tool runs inside the remote Claude Code process — never execute it
+        # server-side. Approving relays an "allow" decision to the suspended
+        # session instead of invoking the ActionExecutor.
+        return decide_claude_channel_permission(:allow) if @comment.claude_channel_permission?
+
         status = @comment.approval_status(Current.user)
         if status != :ok
-          error_key = case status
-          when :invalid_action_format then "collavre.comments.approve_invalid_format"
-          when :missing_action then "collavre.comments.approve_missing_action"
-          when :missing_approver then "collavre.comments.approve_missing_approver"
-          when :admin_required then "collavre.comments.approve_admin_required"
-          else "collavre.comments.approve_not_allowed"
-          end
-          http_status = case status
-          when :invalid_action_format, :missing_action, :missing_approver
-                          :unprocessable_entity
-          else
-                          :forbidden
-          end
-          render json: { error: I18n.t(error_key) }, status: http_status and return
+          render_approval_status_error(status) and return
         end
 
         begin
@@ -31,6 +24,17 @@ module Collavre
         end
       end
 
+      # Reject a Claude Channel tool-permission prompt. There is no native
+      # equivalent (the native approval UI has approve-only; an un-approved
+      # action is simply left pending), so deny is exclusive to these comments.
+      def deny
+        unless @comment.claude_channel_permission?
+          render json: { error: I18n.t("collavre.comments.approve_not_allowed") }, status: :forbidden and return
+        end
+
+        decide_claude_channel_permission(:deny)
+      end
+
       def update_action
         # Initial checks outside the lock
         executed_error = false
@@ -108,6 +112,45 @@ module Collavre
       rescue ::Comments::ActionValidator::ValidationError => e
         render json: { error: e.message }, status: :unprocessable_entity
       end
+
+      private
+
+      # Resolve a Claude Channel permission prompt: gate on the approver, record
+      # the decision atomically (idempotent against double-clicks), relay it to
+      # the suspended session, and re-render the now-decided comment.
+      def decide_claude_channel_permission(behavior)
+        status = @comment.approval_status(Current.user)
+        if status != :ok
+          render_approval_status_error(status) and return
+        end
+
+        begin
+          @comment.decide_claude_channel_permission!(behavior, by: Current.user)
+        rescue Comment::ClaudeChannelPermission::AlreadyDecided
+          render json: { error: I18n.t("collavre.comments.approve_already_executed") }, status: :unprocessable_entity and return
+        end
+
+        @comment.broadcast_claude_channel_permission_decision(behavior)
+        @comment = Comment.with_attached_images.includes(:comment_reactions, :comment_versions, :selected_version).find(@comment.id)
+        render partial: "collavre/comments/comment", locals: { comment: @comment, current_topic_id: current_topic_context }
+      end
+
+      def render_approval_status_error(status)
+        error_key = case status
+        when :invalid_action_format then "collavre.comments.approve_invalid_format"
+        when :missing_action then "collavre.comments.approve_missing_action"
+        when :missing_approver then "collavre.comments.approve_missing_approver"
+        when :admin_required then "collavre.comments.approve_admin_required"
+        else "collavre.comments.approve_not_allowed"
+        end
+        http_status = case status
+        when :invalid_action_format, :missing_action, :missing_approver
+                        :unprocessable_entity
+        else
+                        :forbidden
+        end
+        render json: { error: I18n.t(error_key) }, status: http_status
+      end
     end
   end
 end

data/app/javascript/components/InlineLexicalEditor.jsx

@@ -27,6 +27,7 @@ import {
   $getRoot,
   $getSelection,
   $isElementNode,
+  $isLineBreakNode,
   $isRangeSelection,
   $isTextNode,
   CAN_REDO_COMMAND,
@@ -47,9 +48,12 @@ import FileUploadPlugin, {
 } from "./plugins/image_upload_plugin"
 import { ImageNode } from "../lib/lexical/image_node"
 import { AttachmentNode } from "../lib/lexical/attachment_node"
+import { VideoNode } from "../lib/lexical/video_node"
 import AttachmentCleanupPlugin from "./plugins/attachment_cleanup_plugin"
 import MarkdownShortcutsPlugin from "./plugins/markdown_shortcuts_plugin"
 import { syncLexicalStyleAttributes } from "../lib/lexical/style_attributes"
+import { lexicalHtmlConfig, normalizeColoredContainers } from "../lib/lexical/color_import"
+import { minimizeContentHtml } from "../lib/lexical/minimize_html"
 import { updateResponsiveImages } from "../lib/responsive_images"
 
 const URL_MATCHERS = [
@@ -120,43 +124,6 @@ function InitialContentPlugin({ html }) {
   const [editor] = useLexicalComposerContext()
   const lastApplied = useRef(null)
 
-  const collectDomTextStyles = useCallback((container) => {
-    const styles = []
-    if (!container) return styles
-    const ownerDocument = container.ownerDocument || document
-    const walker = ownerDocument.createTreeWalker(container, NodeFilter.SHOW_TEXT)
-    let current = walker.nextNode()
-    while (current) {
-      const parent = current.parentElement
-      let styleText = parent?.getAttribute?.("style") || ""
-      const colorAttr = parent?.dataset?.lexicalColor
-      const bgAttr = parent?.dataset?.lexicalBackgroundColor
-
-      if ((!styleText || !styleText.trim()) && (colorAttr || bgAttr)) {
-        const declarations = []
-        if (colorAttr) declarations.push(`color: ${colorAttr}`)
-        if (bgAttr) declarations.push(`background-color: ${bgAttr}`)
-        styleText = declarations.join("; ")
-      } else {
-        const lower = styleText.toLowerCase()
-        const fragments = []
-        if (colorAttr && !lower.includes("color:")) {
-          fragments.push(`color: ${colorAttr}`)
-        }
-        if (bgAttr && !lower.includes("background-color:")) {
-          fragments.push(`background-color: ${bgAttr}`)
-        }
-        if (fragments.length > 0) {
-          styleText = `${styleText}${styleText.trim().endsWith(";") || !styleText.trim() ? "" : ";"} ${fragments.join("; ")}`.trim()
-        }
-      }
-
-      styles.push(styleText || "")
-      current = walker.nextNode()
-    }
-    return styles
-  }, [])
-
   useEffect(() => {
     if (lastApplied.current === html) return
     lastApplied.current = html
@@ -170,8 +137,15 @@ function InitialContentPlugin({ html }) {
       // No more .trix-content wrapper
       const container = doc.body
 
+      // Color / background-color are bound to text nodes during import by the
+      // colorAwareSpanImport html config (see lib/lexical/color_import). We no
+      // longer re-apply styles positionally after import, which used to drift
+      // onto the wrong text node whenever Lexical split or dropped text nodes.
       syncLexicalStyleAttributes(container)
-      const collectedStyles = collectDomTextStyles(container)
+      // Push color/background-color from non-span elements onto spans so the
+      // colorAwareSpanImport config binds it (the span importer can't see it
+      // otherwise). Must run after the sync above materializes data-lexical-*.
+      normalizeColoredContainers(container)
       const nodes = $generateNodesFromDOM(editor, container)
 
       // Filter out duplicate image nodes if any
@@ -192,24 +166,35 @@ function InitialContentPlugin({ html }) {
       })
 
       const appendedNodes = []
-      uniqueNodes.forEach((node) => {
-        if ($isTextNode(node)) {
-          const paragraph = $createParagraphNode()
-          paragraph.append(node)
-          root.append(paragraph)
-          appendedNodes.push(paragraph)
-          return
+      // Text nodes and inline elements (links, etc.) cannot live directly under
+      // the root. Minimized HTML stores a single line without its <p> wrapper, so
+      // a line like "Hello <strong>World</strong>" re-imports as several
+      // top-level inline nodes — group consecutive ones back into one paragraph
+      // so the line is not split apart.
+      let pendingParagraph = null
+      const flushPending = () => {
+        if (pendingParagraph) {
+          root.append(pendingParagraph)
+          appendedNodes.push(pendingParagraph)
+          pendingParagraph = null
         }
-
-        if ($isElementNode(node) && node.getType?.() === "paragraph") {
-          root.append(node)
-          appendedNodes.push(node)
+      }
+      uniqueNodes.forEach((node) => {
+        const isInlineLeaf =
+          $isTextNode(node) ||
+          $isLineBreakNode(node) ||
+          ($isElementNode(node) && node.isInline())
+        if (isInlineLeaf) {
+          if (!pendingParagraph) pendingParagraph = $createParagraphNode()
+          pendingParagraph.append(node)
           return
         }
 
+        flushPending()
         root.append(node)
         appendedNodes.push(node)
       })
+      flushPending()
 
       if (root.getChildrenSize() === 0) {
         const paragraph = $createParagraphNode()
@@ -217,12 +202,6 @@ function InitialContentPlugin({ html }) {
         appendedNodes.push(paragraph)
       }
 
-      const textNodes = root.getAllTextNodes()
-      textNodes.forEach((textNode, index) => {
-        const style = collectedStyles[index]
-        textNode.setStyle(style || "")
-      })
-
       let lastChild = root.getLastChild()
       while (
         lastChild &&
@@ -237,7 +216,7 @@ function InitialContentPlugin({ html }) {
         root.append($createParagraphNode())
       }
     })
-  }, [collectDomTextStyles, editor, html])
+  }, [editor, html])
 
   return null
 }
@@ -942,7 +921,9 @@ function EditorInner({
                 anchor.setAttribute("target", "_blank")
                 anchor.setAttribute("rel", "noopener")
               })
-              serialized = doc.body.innerHTML
+              // Strip Lexical's verbose markup (extra <div>, white-space spans,
+              // duplicate format wrappers, single-line <p>) before persisting.
+              serialized = minimizeContentHtml(doc.body.firstElementChild)
             })
             // No Trix wrapper
             onChange(serialized)
@@ -1019,12 +1000,14 @@ export default function InlineLexicalEditor({
         LinkNode,
         AutoLinkNode,
         ImageNode,
-        AttachmentNode
+        AttachmentNode,
+        VideoNode
       ],
       onError(error) {
         throw error
       },
-      theme
+      theme,
+      html: lexicalHtmlConfig
     }),
     []
   )

data/app/javascript/components/plugins/attachment_cleanup_plugin.jsx

@@ -3,6 +3,7 @@ import { useLexicalComposerContext } from "@lexical/react/LexicalComposerContext
 import { $getRoot } from "lexical"
 import { $isImageNode } from "../../lib/lexical/image_node"
 import { $isAttachmentNode } from "../../lib/lexical/attachment_node"
+import { $isVideoNode } from "../../lib/lexical/video_node"
 
 function extractSignedIdFromUrl(url) {
     if (!url) return null
@@ -27,6 +28,8 @@ function getAllAttachmentUrls(editor) {
         function traverse(node) {
             if ($isImageNode(node)) {
                 urls.add(node.getSrc())
+            } else if ($isVideoNode(node)) {
+                urls.add(node.getSrc())
             } else if ($isAttachmentNode(node)) {
                 urls.add(node.getSrc())
             }

data/app/javascript/components/plugins/image_upload_plugin.jsx

@@ -15,6 +15,7 @@ import {
 
 import { $createImageNode } from "../../lib/lexical/image_node"
 import { $createAttachmentNode } from "../../lib/lexical/attachment_node"
+import { $createVideoNode } from "../../lib/lexical/video_node"
 
 export const INSERT_IMAGE_COMMAND = createCommand("INSERT_IMAGE_COMMAND")
 export const INSERT_FILE_COMMAND = createCommand("INSERT_FILE_COMMAND")
@@ -25,6 +26,12 @@ function isImageFile(file) {
     return /\.(bmp|gif|jpe?g|png|svg|webp)$/i.test(file.name || "")
 }
 
+function isVideoFile(file) {
+    if (!file) return false
+    if (file.type) return /^video\//i.test(file.type)
+    return /\.(mp4|webm|mov|m4v)$/i.test(file.name || "")
+}
+
 export default function FileUploadPlugin({
     onUploadStateChange,
     directUploadUrl,
@@ -78,6 +85,11 @@ export default function FileUploadPlugin({
                             altText: attributes.filename,
                             maxWidth: 800 // Default max width
                         })
+                    } else if (isVideoFile(file)) {
+                        node = $createVideoNode({
+                            src: url,
+                            filename: attributes.filename
+                        })
                     } else {
                         node = $createAttachmentNode({
                             src: url,