@ixo/editor 3.0.0-beta.3 → 3.0.0-beta.31

package/dist/chunk-5D26UG3I.mjs

@@ -0,0 +1,2848 @@
+// src/core/lib/actionRegistry/registry.ts
+var actions = /* @__PURE__ */ new Map();
+var ACTION_TYPE_ALIASES = {
+  bid: "qi/bid.submit",
+  claim: "qi/claim.submit",
+  evaluateBid: "qi/bid.evaluate",
+  evaluateClaim: "qi/claim.evaluate",
+  "email.send": "qi/email.send",
+  "http.request": "qi/http.request",
+  "form.submit": "qi/form.submit",
+  "human.form.submit": "qi/human.form.submit",
+  "human.checkbox.set": "qi/human.checkbox.set",
+  "notification.push": "qi/notification.push",
+  "proposal.create": "qi/proposal.create",
+  "proposal.vote": "qi/proposal.vote",
+  "protocol.select": "qi/protocol.select",
+  "domain.sign": "qi/domain.sign",
+  "domain.create": "qi/domain.create",
+  "credential.store": "qi/credential.store",
+  payment: "qi/payment.execute",
+  "matrix.dm": "qi/matrix.dm"
+};
+var aliases = new Map(Object.entries(ACTION_TYPE_ALIASES));
+function resolveActionType(type) {
+  return aliases.get(type) ?? type;
+}
+function registerAction(definition) {
+  actions.set(definition.type, definition);
+}
+function getAction(type) {
+  return actions.get(resolveActionType(type));
+}
+function getAllActions() {
+  return Array.from(actions.values());
+}
+function hasAction(type) {
+  return actions.has(resolveActionType(type));
+}
+function getActionByCan(can) {
+  for (const action of actions.values()) {
+    if (action.can === can) return action;
+  }
+  return void 0;
+}
+
+// src/core/lib/actionRegistry/canMapping.ts
+var CAN_TO_TYPE = {
+  "bid/submit": "qi/bid.submit",
+  "bid/evaluate": "qi/bid.evaluate",
+  "claim/submit": "qi/claim.submit",
+  "claim/evaluate": "qi/claim.evaluate",
+  "email/send": "qi/email.send",
+  "notification/push": "qi/notification.push",
+  "matrix/dm": "qi/matrix.dm",
+  "proposal/create": "qi/proposal.create",
+  "proposal/vote": "qi/proposal.vote",
+  "domain/create": "qi/domain.create",
+  "domain/sign": "qi/domain.sign",
+  "credential/store": "qi/credential.store",
+  "payment/execute": "qi/payment.execute",
+  "http/request": "qi/http.request",
+  "protocol/select": "qi/protocol.select",
+  "human/checkbox": "qi/human.checkbox.set",
+  "human/form": "qi/human.form.submit",
+  "oracle/query": "oracle"
+};
+var TYPE_TO_CAN = Object.fromEntries(Object.entries(CAN_TO_TYPE).map(([can, type]) => [type, can]));
+function canToType(can) {
+  return CAN_TO_TYPE[can];
+}
+function typeToCan(type) {
+  return TYPE_TO_CAN[type];
+}
+function getAllCanMappings() {
+  return Object.entries(CAN_TO_TYPE).map(([can, type]) => ({ can, type }));
+}
+
+// src/core/lib/actionRegistry/adapters.ts
+function buildServicesFromHandlers(handlers) {
+  return {
+    http: {
+      request: async (params) => {
+        const fetchOptions = {
+          method: params.method,
+          headers: { "Content-Type": "application/json", ...params.headers }
+        };
+        if (params.method !== "GET" && params.body) {
+          fetchOptions.body = typeof params.body === "string" ? params.body : JSON.stringify(params.body);
+        }
+        const res = await fetch(params.url, fetchOptions);
+        const data = await res.json().catch(() => ({}));
+        const responseHeaders = {};
+        res.headers.forEach((value, key) => {
+          responseHeaders[key] = value;
+        });
+        return {
+          status: res.status,
+          headers: responseHeaders,
+          data
+        };
+      }
+    },
+    email: handlers?.sendEmail ? {
+      send: async (params) => {
+        const result = await handlers.sendEmail(params);
+        return {
+          messageId: result.id || "",
+          sentAt: (/* @__PURE__ */ new Date()).toISOString()
+        };
+      }
+    } : void 0,
+    notify: handlers?.sendNotification ? {
+      send: async (params) => {
+        const result = await handlers.sendNotification(params);
+        return {
+          messageId: result.messageId,
+          sentAt: result.timestamp || (/* @__PURE__ */ new Date()).toISOString()
+        };
+      }
+    } : void 0,
+    bid: handlers?.submitBid && handlers?.approveBid && handlers?.rejectBid && handlers?.approveServiceAgentApplication && handlers?.approveEvaluatorApplication ? {
+      submitBid: async (params) => handlers.submitBid(params),
+      approveBid: async (params) => handlers.approveBid(params),
+      rejectBid: async (params) => handlers.rejectBid(params),
+      approveServiceAgentApplication: async (params) => handlers.approveServiceAgentApplication(params),
+      approveEvaluatorApplication: async (params) => handlers.approveEvaluatorApplication(params)
+    } : void 0,
+    claim: handlers?.requestPin && handlers?.submitClaim && handlers?.evaluateClaim && handlers?.getCurrentUser ? {
+      requestPin: async (config) => handlers.requestPin(config),
+      submitClaim: async (params) => handlers.submitClaim(params),
+      evaluateClaim: async (granteeAddress, did, payload) => handlers.evaluateClaim(granteeAddress, did, payload),
+      getCurrentUser: () => handlers.getCurrentUser(),
+      createUdid: handlers?.createUdid ? async (params) => handlers.createUdid(params) : void 0
+    } : void 0,
+    matrix: handlers?.storeMatrixCredential ? {
+      storeCredential: async (params) => handlers.storeMatrixCredential(params)
+    } : void 0
+  };
+}
+
+// src/core/lib/matrixDm.ts
+function getHomeserver(matrixClient) {
+  const userId = matrixClient.getUserId();
+  if (!userId) throw new Error("Matrix client has no user ID");
+  const idx = userId.indexOf(":");
+  if (idx === -1) throw new Error(`Invalid Matrix user ID: ${userId}`);
+  return userId.substring(idx + 1);
+}
+function didToMatrixUserId(did, homeserver) {
+  const localpart = did.replace(/:/g, "-");
+  return `@${localpart}:${homeserver}`;
+}
+async function findOrCreateDMRoom(matrixClient, targetUserId) {
+  try {
+    const directEvent = matrixClient.getAccountData("m.direct");
+    const directContent = directEvent?.getContent() || {};
+    const existingRooms = directContent[targetUserId];
+    if (existingRooms && existingRooms.length > 0) {
+      return existingRooms[0];
+    }
+  } catch {
+  }
+  const response = await matrixClient.createRoom({
+    is_direct: true,
+    invite: [targetUserId],
+    preset: "trusted_private_chat",
+    initial_state: []
+  });
+  const roomId = response.room_id;
+  try {
+    const directEvent = matrixClient.getAccountData("m.direct");
+    const directContent = directEvent?.getContent() || {};
+    const updatedContent = {
+      ...directContent,
+      [targetUserId]: [...directContent[targetUserId] || [], roomId]
+    };
+    await matrixClient.setAccountData("m.direct", updatedContent);
+  } catch (error) {
+    console.warn("[MatrixDM] Failed to update m.direct account data:", error);
+  }
+  return roomId;
+}
+async function sendMatrixMessage(matrixClient, roomId, message) {
+  await matrixClient.sendEvent(roomId, "m.room.message", {
+    msgtype: "m.text",
+    body: message
+  });
+}
+async function sendDirectMessage(matrixClient, targetDid, message) {
+  const homeserver = getHomeserver(matrixClient);
+  const targetUserId = didToMatrixUserId(targetDid, homeserver);
+  const roomId = await findOrCreateDMRoom(matrixClient, targetUserId);
+  await sendMatrixMessage(matrixClient, roomId, message);
+  return { roomId };
+}
+
+// src/core/lib/actionRegistry/diffRegistry.ts
+var diffResolvers = /* @__PURE__ */ new Map();
+function registerDiffResolver(actionType, reg) {
+  diffResolvers.set(actionType, reg);
+}
+function getDiffResolver(actionType) {
+  return diffResolvers.get(actionType);
+}
+function hasDiffResolver(actionType) {
+  return diffResolvers.has(actionType);
+}
+
+// src/core/lib/actionRegistry/actions/httpRequest.ts
+registerAction({
+  type: "qi/http.request",
+  can: "http/request",
+  sideEffect: false,
+  defaultRequiresConfirmation: false,
+  run: async (inputs, ctx) => {
+    const { url, method = "GET", headers = {}, body } = inputs;
+    const requestFn = ctx.services.http?.request;
+    if (requestFn) {
+      const result = await requestFn({ url, method, headers, body });
+      return {
+        output: {
+          status: result.status,
+          data: result.data,
+          response: JSON.stringify(result.data, null, 2)
+        }
+      };
+    }
+    const fetchOptions = {
+      method,
+      headers: { "Content-Type": "application/json", ...headers }
+    };
+    if (method !== "GET" && body) {
+      fetchOptions.body = typeof body === "string" ? body : JSON.stringify(body);
+    }
+    const response = await fetch(url, fetchOptions);
+    const data = await response.json().catch(() => ({}));
+    return {
+      output: {
+        status: response.status,
+        data,
+        response: JSON.stringify(data, null, 2)
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/emailSend.ts
+registerAction({
+  type: "qi/email.send",
+  can: "email/send",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "email/send",
+  outputSchema: [
+    { path: "messageId", displayName: "Message ID", type: "string", description: "The unique ID of the sent email" },
+    { path: "sentAt", displayName: "Sent At", type: "string", description: "Timestamp when the email was sent" }
+  ],
+  run: async (inputs, ctx) => {
+    if (!ctx.services.email) {
+      throw new Error("Email service not configured");
+    }
+    const { to, subject, template, templateName, templateVersion, variables, cc, bcc, replyTo } = inputs;
+    const resolvedTemplate = template || templateName;
+    if (!resolvedTemplate) throw new Error("No template selected");
+    if (!to) throw new Error("Recipient (to) is required");
+    let resolvedVariables = variables;
+    if (typeof resolvedVariables === "string") {
+      try {
+        resolvedVariables = JSON.parse(resolvedVariables);
+      } catch {
+        resolvedVariables = {};
+      }
+    }
+    const result = await ctx.services.email.send({
+      to,
+      subject,
+      template: resolvedTemplate,
+      templateVersion,
+      variables: resolvedVariables,
+      cc,
+      bcc,
+      replyTo
+    });
+    return {
+      output: {
+        messageId: result.messageId,
+        sentAt: result.sentAt || (/* @__PURE__ */ new Date()).toISOString()
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/humanCheckbox.ts
+registerAction({
+  type: "qi/human.checkbox.set",
+  can: "human/checkbox",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  requiredCapability: "flow/execute",
+  run: async (inputs) => {
+    const checked = inputs.checked !== void 0 ? !!inputs.checked : true;
+    return { output: { checked } };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/humanForm.ts
+function normalizeAnswers(rawAnswers) {
+  if (rawAnswers == null) {
+    return {};
+  }
+  if (typeof rawAnswers === "string") {
+    try {
+      const parsed = JSON.parse(rawAnswers);
+      if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+        throw new Error();
+      }
+      return parsed;
+    } catch {
+      throw new Error("answers must be a valid JSON object");
+    }
+  }
+  if (typeof rawAnswers !== "object" || Array.isArray(rawAnswers)) {
+    throw new Error("answers must be an object");
+  }
+  return rawAnswers;
+}
+function registerFormSubmitAction(type, can) {
+  registerAction({
+    type,
+    can,
+    sideEffect: true,
+    defaultRequiresConfirmation: false,
+    requiredCapability: "flow/execute",
+    outputSchema: [
+      { path: "form.answers", displayName: "Form Answers JSON", type: "string", description: "JSON stringified form answers, matching form block runtime output." },
+      { path: "answers", displayName: "Form Answers", type: "object", description: "Parsed form answers object for convenience." }
+    ],
+    run: async (inputs) => {
+      const answers = normalizeAnswers(inputs.answers ?? inputs.form?.answers);
+      const answersJson = JSON.stringify(answers);
+      return {
+        output: {
+          form: {
+            answers: answersJson
+          },
+          answers
+        }
+      };
+    }
+  });
+}
+registerFormSubmitAction("qi/form.submit", "form/submit");
+registerFormSubmitAction("qi/human.form.submit", "human/form");
+
+// src/core/lib/actionRegistry/actions/notificationPush.ts
+registerAction({
+  type: "qi/notification.push",
+  can: "notification/push",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "notify/send",
+  run: async (inputs, ctx) => {
+    if (!ctx.services.notify) {
+      throw new Error("Notification service not configured");
+    }
+    const { channel, to, cc, bcc, subject, body, bodyType, from, replyTo } = inputs;
+    if (!to || Array.isArray(to) && to.length === 0) {
+      throw new Error("At least one recipient is required");
+    }
+    const result = await ctx.services.notify.send({
+      channel,
+      to: Array.isArray(to) ? to : [to],
+      cc,
+      bcc,
+      subject,
+      body,
+      bodyType,
+      from,
+      replyTo
+    });
+    return {
+      output: {
+        messageId: result.messageId,
+        sentAt: result.sentAt || (/* @__PURE__ */ new Date()).toISOString()
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/bid/bid.ts
+function normalizeBidRole(role) {
+  const normalized = String(role || "").trim().toLowerCase();
+  if (normalized === "service_agent" || normalized === "sa") return "SA";
+  if (normalized === "evaluation_agent" || normalized === "ea") return "EA";
+  throw new Error("Invalid bid role. Expected service_agent or evaluation_agent");
+}
+registerAction({
+  type: "qi/bid.submit",
+  can: "bid/submit",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "flow/block/execute",
+  outputSchema: [
+    { path: "bidId", displayName: "Bid ID", type: "string", description: "The submitted bid identifier" },
+    { path: "collectionId", displayName: "Collection ID", type: "string", description: "Claim collection identifier" },
+    { path: "role", displayName: "Role", type: "string", description: "Submitted role (service_agent or evaluation_agent)" },
+    { path: "submitterDid", displayName: "Submitter DID", type: "string", description: "Actor DID that submitted the bid" },
+    { path: "deedDid", displayName: "Deed DID", type: "string", description: "Deed identifier if provided" }
+  ],
+  run: async (inputs, ctx) => {
+    const service = ctx.services.bid;
+    if (!service) {
+      throw new Error("Bid service not configured");
+    }
+    const collectionId = String(inputs.collectionId || "").trim();
+    const roleInput = String(inputs.role || "").trim();
+    let surveyAnswers = inputs.surveyAnswers;
+    const deedDid = String(inputs.deedDid || "").trim();
+    if (!collectionId) throw new Error("collectionId is required");
+    if (!roleInput) throw new Error("role is required");
+    if (typeof surveyAnswers === "string") {
+      try {
+        surveyAnswers = JSON.parse(surveyAnswers);
+      } catch {
+        throw new Error("surveyAnswers must be a valid JSON object");
+      }
+    }
+    if (!surveyAnswers || typeof surveyAnswers !== "object" || Array.isArray(surveyAnswers)) {
+      throw new Error("surveyAnswers must be an object");
+    }
+    const chainRole = normalizeBidRole(roleInput);
+    const submission = await service.submitBid({
+      collectionId,
+      role: chainRole,
+      surveyAnswers
+    });
+    const bidId = String(submission?.claimId || submission?.bidId || submission?.id || "");
+    if (!bidId) {
+      throw new Error("submitBid returned no bid identifier");
+    }
+    return {
+      output: {
+        bidId,
+        collectionId,
+        role: roleInput,
+        submitterDid: ctx.actorDid || "",
+        deedDid
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/evaluateBid/evaluateBid.ts
+function normalizeDecision(value) {
+  const normalized = String(value || "").trim().toLowerCase();
+  if (normalized === "approve" || normalized === "reject") {
+    return normalized;
+  }
+  throw new Error("decision must be either approve or reject");
+}
+function isServiceAgentRole(role) {
+  const normalized = String(role || "").trim().toLowerCase();
+  return normalized === "service_agent" || normalized === "sa";
+}
+function isEvaluationAgentRole(role) {
+  const normalized = String(role || "").trim().toLowerCase();
+  return normalized === "evaluation_agent" || normalized === "ea";
+}
+registerAction({
+  type: "qi/bid.evaluate",
+  can: "bid/evaluate",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "flow/block/execute",
+  outputSchema: [
+    { path: "bidId", displayName: "Bid ID", type: "string", description: "Evaluated bid identifier" },
+    { path: "decision", displayName: "Decision", type: "string", description: "approve or reject" },
+    { path: "status", displayName: "Status", type: "string", description: "approved or rejected" },
+    { path: "evaluatedByDid", displayName: "Evaluated By DID", type: "string", description: "Actor DID that evaluated the bid" },
+    { path: "evaluatedAt", displayName: "Evaluated At", type: "string", description: "ISO timestamp of evaluation" },
+    { path: "reason", displayName: "Reason", type: "string", description: "Rejection reason when decision is reject" },
+    { path: "collectionId", displayName: "Collection ID", type: "string", description: "Claim collection identifier" },
+    { path: "role", displayName: "Role", type: "string", description: "Applicant role" },
+    { path: "deedDid", displayName: "Deed DID", type: "string", description: "Deed identifier" },
+    { path: "applicantDid", displayName: "Applicant DID", type: "string", description: "Applicant DID" },
+    { path: "applicantAddress", displayName: "Applicant Address", type: "string", description: "Applicant wallet address" }
+  ],
+  run: async (inputs, ctx) => {
+    const service = ctx.services.bid;
+    if (!service) {
+      throw new Error("Bid service not configured");
+    }
+    const decision = normalizeDecision(inputs.decision);
+    const bidId = String(inputs.bidId || "").trim();
+    const collectionId = String(inputs.collectionId || "").trim();
+    const deedDid = String(inputs.deedDid || "").trim();
+    const role = String(inputs.role || "").trim();
+    const applicantDid = String(inputs.applicantDid || "").trim();
+    const applicantAddress = String(inputs.applicantAddress || "").trim();
+    if (!bidId) throw new Error("bidId is required");
+    if (!collectionId) throw new Error("collectionId is required");
+    if (!deedDid) throw new Error("deedDid is required");
+    if (!role) throw new Error("role is required");
+    if (!applicantDid) throw new Error("applicantDid is required");
+    if (!applicantAddress) throw new Error("applicantAddress is required");
+    if (decision === "approve") {
+      const adminAddress = String(inputs.adminAddress || "").trim();
+      if (!adminAddress) {
+        throw new Error("adminAddress is required when decision is approve");
+      }
+      if (isServiceAgentRole(role)) {
+        await service.approveServiceAgentApplication({
+          adminAddress,
+          collectionId,
+          agentQuota: 30,
+          deedDid,
+          currentUserAddress: applicantAddress
+        });
+      } else if (isEvaluationAgentRole(role)) {
+        let maxAmounts = inputs.maxAmounts;
+        if (typeof maxAmounts === "string") {
+          try {
+            maxAmounts = JSON.parse(maxAmounts);
+          } catch {
+            throw new Error("maxAmounts must be valid JSON when provided");
+          }
+        }
+        await service.approveEvaluatorApplication({
+          adminAddress,
+          collectionId,
+          deedDid,
+          evaluatorAddress: applicantAddress,
+          agentQuota: 10,
+          maxAmounts: Array.isArray(maxAmounts) ? maxAmounts : void 0
+        });
+      } else {
+        throw new Error("Invalid role for evaluation. Expected service_agent or evaluation_agent");
+      }
+      await service.approveBid({
+        bidId,
+        collectionId,
+        did: applicantDid
+      });
+    } else {
+      const reason = String(inputs.reason || "").trim();
+      if (!reason) {
+        throw new Error("reason is required when decision is reject");
+      }
+      await service.rejectBid({
+        bidId,
+        collectionId,
+        did: deedDid,
+        reason
+      });
+    }
+    return {
+      output: {
+        bidId,
+        decision,
+        status: decision === "approve" ? "approved" : "rejected",
+        evaluatedByDid: ctx.actorDid || "",
+        evaluatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        reason: decision === "reject" ? String(inputs.reason || "") : "",
+        collectionId,
+        role,
+        deedDid,
+        applicantDid,
+        applicantAddress
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/claim/claim.ts
+registerAction({
+  type: "qi/claim.submit",
+  can: "claim/submit",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "flow/block/execute",
+  outputSchema: [
+    { path: "claimId", displayName: "Claim ID", type: "string", description: "The submitted claim identifier" },
+    { path: "transactionHash", displayName: "Transaction Hash", type: "string", description: "Submission transaction hash" },
+    { path: "collectionId", displayName: "Collection ID", type: "string", description: "Claim collection identifier" },
+    { path: "deedDid", displayName: "Deed DID", type: "string", description: "Deed identifier" },
+    { path: "submittedByDid", displayName: "Submitted By DID", type: "string", description: "Actor DID that submitted the claim" },
+    { path: "submittedAt", displayName: "Submitted At", type: "string", description: "ISO timestamp of submission" }
+  ],
+  run: async (inputs, ctx) => {
+    const service = ctx.services.claim;
+    if (!service) {
+      throw new Error("Claim service not configured");
+    }
+    const deedDid = String(inputs.deedDid || "").trim();
+    const collectionId = String(inputs.collectionId || "").trim();
+    const adminAddress = String(inputs.adminAddress || "").trim();
+    if (!deedDid) throw new Error("deedDid is required");
+    if (!collectionId) throw new Error("collectionId is required");
+    if (!adminAddress) throw new Error("adminAddress is required");
+    let surveyAnswers = inputs.surveyAnswers;
+    if (typeof surveyAnswers === "string") {
+      try {
+        surveyAnswers = JSON.parse(surveyAnswers);
+      } catch {
+        throw new Error("surveyAnswers must be valid JSON");
+      }
+    }
+    if (!surveyAnswers || typeof surveyAnswers !== "object" || Array.isArray(surveyAnswers)) {
+      throw new Error("surveyAnswers must be an object");
+    }
+    let pin = String(inputs.pin || "").trim();
+    if (!pin) {
+      pin = await service.requestPin({
+        title: "Verify Identity",
+        description: "Enter your PIN to submit the claim",
+        submitText: "Verify"
+      });
+    }
+    if (!pin) {
+      throw new Error("PIN is required to submit claim");
+    }
+    const result = await service.submitClaim({
+      surveyData: surveyAnswers,
+      deedDid,
+      collectionId,
+      adminAddress,
+      pin
+    });
+    const claimId = String(result?.claimId || result?.id || "");
+    if (!claimId) {
+      throw new Error("submitClaim returned no claim identifier");
+    }
+    return {
+      output: {
+        claimId,
+        transactionHash: String(result?.transactionHash || ""),
+        collectionId,
+        deedDid,
+        submittedByDid: ctx.actorDid || "",
+        submittedAt: (/* @__PURE__ */ new Date()).toISOString()
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/evaluateClaim/evaluateClaim.ts
+function normalizeDecision2(value) {
+  const normalized = String(value || "").trim().toLowerCase();
+  if (normalized === "approve" || normalized === "reject") {
+    return normalized;
+  }
+  throw new Error("decision must be either approve or reject");
+}
+function toStatus(decision) {
+  return decision === "approve" ? 1 : 2;
+}
+function isEvaluatorRole(role) {
+  const normalized = String(role || "").trim().toLowerCase();
+  return normalized === "ea" || normalized === "evaluation_agent";
+}
+registerAction({
+  type: "qi/claim.evaluate",
+  can: "claim/evaluate",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "flow/block/execute",
+  outputSchema: [
+    { path: "claimId", displayName: "Claim ID", type: "string", description: "Evaluated claim identifier" },
+    { path: "decision", displayName: "Decision", type: "string", description: "approve or reject" },
+    { path: "status", displayName: "Status", type: "string", description: "approved or rejected" },
+    { path: "verificationProof", displayName: "Verification Proof", type: "string", description: "UDID URL proof if generated" },
+    { path: "collectionId", displayName: "Collection ID", type: "string", description: "Claim collection identifier" },
+    { path: "deedDid", displayName: "Deed DID", type: "string", description: "Deed identifier" },
+    { path: "evaluatedByDid", displayName: "Evaluated By DID", type: "string", description: "Actor DID that evaluated the claim" },
+    { path: "evaluatedAt", displayName: "Evaluated At", type: "string", description: "ISO timestamp of evaluation" }
+  ],
+  run: async (inputs, ctx) => {
+    const service = ctx.services.claim;
+    if (!service) {
+      throw new Error("Claim service not configured");
+    }
+    const decision = normalizeDecision2(inputs.decision);
+    const claimId = String(inputs.claimId || "").trim();
+    const collectionId = String(inputs.collectionId || "").trim();
+    const deedDid = String(inputs.deedDid || "").trim();
+    const adminAddress = String(inputs.adminAddress || "").trim();
+    if (!claimId) throw new Error("claimId is required");
+    if (!collectionId) throw new Error("collectionId is required");
+    if (!deedDid) throw new Error("deedDid is required");
+    if (!adminAddress) throw new Error("adminAddress is required");
+    const handlers = ctx.handlers;
+    const actorAddress = String(ctx.actorDid || service.getCurrentUser?.()?.address || "").trim();
+    if (!actorAddress) {
+      throw new Error("Unable to resolve actor address for evaluator authorization");
+    }
+    if (typeof handlers?.getUserRoles !== "function") {
+      throw new Error("Evaluator authorization check unavailable (getUserRoles handler missing)");
+    }
+    const roles = await handlers.getUserRoles({
+      userAddress: actorAddress,
+      adminAddress,
+      deedDid,
+      collectionIds: [collectionId]
+    });
+    const roleForCollection = Array.isArray(roles) ? roles.find((r) => r?.collectionId === collectionId)?.role : void 0;
+    if (!isEvaluatorRole(roleForCollection)) {
+      throw new Error("Not authorized: evaluator role required to evaluate claims for this collection");
+    }
+    let amount = inputs.amount;
+    if (typeof amount === "string" && amount.trim()) {
+      try {
+        amount = JSON.parse(amount);
+      } catch {
+        throw new Error("amount must be valid JSON when provided as string");
+      }
+    }
+    const normalizeCoin = (coin) => {
+      if (!coin || typeof coin !== "object" || Array.isArray(coin)) return null;
+      const denom = String(coin.denom || "").trim();
+      const tokenAmount = String(coin.amount || "").trim();
+      if (!denom || !tokenAmount) return null;
+      return { denom, amount: tokenAmount };
+    };
+    let normalizedAmounts;
+    if (Array.isArray(amount)) {
+      normalizedAmounts = amount.map(normalizeCoin).filter((coin) => !!coin);
+      if (normalizedAmounts.length !== amount.length) {
+        throw new Error("amount must contain valid coin objects with denom and amount");
+      }
+    } else if (amount != null) {
+      const coin = normalizeCoin(amount);
+      if (!coin) {
+        throw new Error("amount must be a coin object or an array of coin objects");
+      }
+      normalizedAmounts = [coin];
+    }
+    let verificationProof = String(inputs.verificationProof || "").trim();
+    const shouldCreateUdid = Boolean(inputs.createUdid);
+    if (!verificationProof && shouldCreateUdid && service.createUdid) {
+      const pin = await service.requestPin({
+        title: "Sign Evaluation Result",
+        description: "Enter your PIN to sign the evaluation UDID",
+        submitText: "Sign"
+      });
+      if (!pin) {
+        throw new Error("PIN is required to sign evaluation proof");
+      }
+      const udid = await service.createUdid({
+        claimCid: claimId,
+        deedDid,
+        collectionId,
+        capabilityCid: String(inputs.capabilityCid || deedDid),
+        rubricAuthority: String(inputs.rubricAuthority || deedDid),
+        rubricId: String(inputs.rubricId || deedDid),
+        outcome: toStatus(decision),
+        tag: decision === "approve" ? "approved" : "rejected",
+        issuerType: "user",
+        pin,
+        traceCid: inputs.traceCid,
+        items: inputs.items,
+        patch: inputs.patch
+      });
+      verificationProof = String(udid?.url || udid?.cid || "");
+    }
+    const currentUser = service.getCurrentUser();
+    const granteeAddress = String(inputs.granteeAddress || currentUser?.address || "").trim();
+    if (!granteeAddress) {
+      throw new Error("granteeAddress could not be resolved");
+    }
+    await service.evaluateClaim(granteeAddress, deedDid, {
+      claimId,
+      collectionId,
+      adminAddress,
+      status: toStatus(decision),
+      verificationProof,
+      amount: normalizedAmounts && normalizedAmounts.length > 0 ? normalizedAmounts.length === 1 ? normalizedAmounts[0] : normalizedAmounts : void 0
+    });
+    return {
+      output: {
+        claimId,
+        decision,
+        status: decision === "approve" ? "approved" : "rejected",
+        verificationProof,
+        collectionId,
+        deedDid,
+        evaluatedByDid: ctx.actorDid || granteeAddress,
+        evaluatedAt: (/* @__PURE__ */ new Date()).toISOString()
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/proposalCreate.ts
+registerAction({
+  type: "qi/proposal.create",
+  can: "proposal/create",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "flow/block/execute",
+  outputSchema: [
+    { path: "proposalId", displayName: "Proposal ID", type: "string", description: "The on-chain proposal identifier" },
+    { path: "status", displayName: "Proposal Status", type: "string", description: "Current proposal status (open, passed, rejected, executed, etc.)" },
+    { path: "proposalContractAddress", displayName: "Proposal Contract Address", type: "string", description: "The proposal module contract address" },
+    { path: "coreAddress", displayName: "Core Address", type: "string", description: "The DAO core contract address" },
+    { path: "createdAt", displayName: "Created At", type: "string", description: "ISO timestamp of proposal creation" }
+  ],
+  run: async (inputs, ctx) => {
+    const handlers = ctx.handlers;
+    if (!handlers) {
+      throw new Error("Handlers not available");
+    }
+    const coreAddress = String(inputs.coreAddress || "").trim();
+    const title = String(inputs.title || "").trim();
+    const description = String(inputs.description || "").trim();
+    if (!coreAddress) throw new Error("coreAddress is required");
+    if (!title) throw new Error("title is required");
+    if (!description) throw new Error("description is required");
+    let actions2 = [];
+    if (inputs.actions) {
+      if (typeof inputs.actions === "string") {
+        try {
+          actions2 = JSON.parse(inputs.actions);
+        } catch {
+          throw new Error("actions must be valid JSON array");
+        }
+      } else if (Array.isArray(inputs.actions)) {
+        actions2 = inputs.actions;
+      }
+    }
+    const { preProposalContractAddress } = await handlers.getPreProposalContractAddress({
+      coreAddress
+    });
+    const { groupContractAddress } = await handlers.getGroupContractAddress({
+      coreAddress
+    });
+    const { proposalContractAddress } = await handlers.getProposalContractAddress({
+      coreAddress
+    });
+    const params = {
+      preProposalContractAddress,
+      title,
+      description,
+      actions: actions2.length > 0 ? actions2 : void 0,
+      coreAddress,
+      groupContractAddress
+    };
+    const proposalId = await handlers.createProposal(params);
+    return {
+      output: {
+        proposalId: String(proposalId),
+        status: "open",
+        proposalContractAddress: proposalContractAddress || "",
+        coreAddress,
+        createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/proposalVote.ts
+registerAction({
+  type: "qi/proposal.vote",
+  can: "proposal/vote",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "flow/block/execute",
+  outputSchema: [
+    { path: "vote", displayName: "Vote", type: "string", description: "The vote cast (yes, no, no_with_veto, abstain)" },
+    { path: "rationale", displayName: "Rationale", type: "string", description: "Optional rationale provided with the vote" },
+    { path: "proposalId", displayName: "Proposal ID", type: "string", description: "The proposal that was voted on" },
+    { path: "votedAt", displayName: "Voted At", type: "string", description: "ISO timestamp of when the vote was cast" }
+  ],
+  run: async (inputs, ctx) => {
+    const handlers = ctx.handlers;
+    if (!handlers) {
+      throw new Error("Handlers not available");
+    }
+    const proposalId = Number(inputs.proposalId);
+    const vote = String(inputs.vote || "").trim();
+    const rationale = String(inputs.rationale || "").trim();
+    const proposalContractAddress = String(inputs.proposalContractAddress || "").trim();
+    if (!proposalId || isNaN(proposalId)) throw new Error("proposalId is required");
+    if (!vote) throw new Error("vote is required");
+    if (!proposalContractAddress) throw new Error("proposalContractAddress is required");
+    const validVotes = ["yes", "no", "no_with_veto", "abstain"];
+    if (!validVotes.includes(vote)) {
+      throw new Error(`vote must be one of: ${validVotes.join(", ")}`);
+    }
+    await handlers.vote({
+      proposalId,
+      vote,
+      rationale: rationale || void 0,
+      proposalContractAddress
+    });
+    return {
+      output: {
+        vote,
+        rationale: rationale || "",
+        proposalId: String(proposalId),
+        votedAt: (/* @__PURE__ */ new Date()).toISOString()
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/protocolSelect.ts
+registerAction({
+  type: "qi/protocol.select",
+  can: "protocol/select",
+  sideEffect: false,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "selectedProtocolDid", displayName: "Selected Protocol DID", type: "string", description: "DID of the selected protocol" },
+    { path: "selectedProtocolName", displayName: "Selected Protocol Name", type: "string", description: "Display name of the selected protocol" },
+    { path: "selectedProtocolType", displayName: "Selected Protocol Type", type: "string", description: "Type of the selected protocol" }
+  ],
+  run: async (inputs, _ctx) => {
+    const selectedProtocolDid = String(inputs.selectedProtocolDid || "").trim();
+    const selectedProtocolName = String(inputs.selectedProtocolName || "").trim();
+    const selectedProtocolType = String(inputs.selectedProtocolType || "").trim();
+    if (!selectedProtocolDid) throw new Error("selectedProtocolDid is required");
+    return {
+      output: {
+        selectedProtocolDid,
+        selectedProtocolName,
+        selectedProtocolType
+      }
+    };
+  }
+});
+
+// src/mantine/blocks/domainCreator/utils/buildVerifiableCredential.ts
+var DOMAIN_CARD_CONTEXT = [
+  "https://w3id.org/ixo/context/v1",
+  {
+    schema: "https://schema.org/",
+    ixo: "https://w3id.org/ixo/vocab/v1",
+    prov: "http://www.w3.org/ns/prov#",
+    proj: "http://www.w3.org/ns/project#",
+    id: "@id",
+    type: "@type",
+    "@protected": true
+  }
+];
+var DOMAIN_CARD_SCHEMA = {
+  id: "https://w3id.org/ixo/protocol/schema/v1#domainCard",
+  type: "JsonSchema"
+};
+function toISOString(dateInput, fallback = /* @__PURE__ */ new Date()) {
+  if (!dateInput) {
+    return fallback.toISOString();
+  }
+  if (dateInput instanceof Date) {
+    return dateInput.toISOString();
+  }
+  if (/^\d{4}-\d{2}-\d{2}$/.test(dateInput)) {
+    return (/* @__PURE__ */ new Date(dateInput + "T00:00:00.000Z")).toISOString();
+  }
+  if (/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}$/.test(dateInput)) {
+    return (/* @__PURE__ */ new Date(dateInput + ":00.000Z")).toISOString();
+  }
+  const parsed = new Date(dateInput);
+  if (!isNaN(parsed.getTime())) {
+    return parsed.toISOString();
+  }
+  return fallback.toISOString();
+}
+function getDefaultValidUntil(validFrom) {
+  const fromDate = new Date(validFrom);
+  const untilDate = new Date(fromDate);
+  untilDate.setFullYear(untilDate.getFullYear() + 5);
+  return untilDate.toISOString();
+}
+function buildVerifiableCredential(params) {
+  const { entityDid, issuerDid, credentialSubject, validFrom, validUntil } = params;
+  const validFromISO = toISOString(validFrom);
+  const validUntilISO = validUntil ? toISOString(validUntil) : getDefaultValidUntil(validFromISO);
+  return {
+    "@context": DOMAIN_CARD_CONTEXT,
+    id: `${entityDid}#dmn`,
+    type: ["VerifiableCredential", "ixo:DomainCard"],
+    issuer: {
+      id: issuerDid
+    },
+    validFrom: validFromISO,
+    validUntil: validUntilISO,
+    credentialSchema: DOMAIN_CARD_SCHEMA,
+    credentialSubject: {
+      ...credentialSubject,
+      // Ensure the subject ID matches the entity DID
+      id: entityDid
+    }
+  };
+}
+function buildDomainCardLinkedResource(params) {
+  return {
+    id: `${params.entityDid}#dmn`,
+    type: "domainCard",
+    proof: params.cid,
+    right: "",
+    encrypted: "false",
+    mediaType: "application/json",
+    description: params.description || "Domain Card",
+    serviceEndpoint: params.serviceEndpoint
+  };
+}
+
+// src/mantine/blocks/domainCreatorSign/utils/buildLinkedEntityResource.ts
+function parseLinkedEntities(entitiesString) {
+  if (!entitiesString || entitiesString === "[]") return [];
+  try {
+    return JSON.parse(entitiesString);
+  } catch {
+    return [];
+  }
+}
+function buildGovernanceGroupLinkedEntities(linkedEntities) {
+  return linkedEntities.filter((entity) => entity.type === "governanceGroup" && entity.coreAddress).map((entity) => ({
+    id: entity.coreAddress,
+    type: "group",
+    relationship: "governs",
+    service: ""
+  }));
+}
+
+// src/core/lib/actionRegistry/actions/domainSign.ts
+registerAction({
+  type: "qi/domain.sign",
+  can: "domain/sign",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "flow/block/execute",
+  outputSchema: [
+    { path: "entityDid", displayName: "Entity DID", type: "string", description: "The DID of the newly created domain entity" },
+    { path: "transactionHash", displayName: "Transaction Hash", type: "string", description: "The on-chain transaction hash for domain creation" }
+  ],
+  run: async (inputs, ctx) => {
+    const handlers = ctx.handlers;
+    if (!handlers) {
+      throw new Error("Handlers not available");
+    }
+    if (!handlers.requestPin) throw new Error("requestPin handler not available");
+    if (!handlers.signCredential) throw new Error("signCredential handler not implemented");
+    if (!handlers.publicFileUpload) throw new Error("publicFileUpload handler not available");
+    if (!handlers.createDomain) throw new Error("createDomain handler not implemented");
+    let domainCardData;
+    if (typeof inputs.domainCardData === "string") {
+      try {
+        domainCardData = JSON.parse(inputs.domainCardData);
+      } catch {
+        throw new Error("domainCardData must be valid JSON");
+      }
+    } else if (inputs.domainCardData && typeof inputs.domainCardData === "object") {
+      domainCardData = inputs.domainCardData;
+    } else {
+      throw new Error("domainCardData is required");
+    }
+    if (!domainCardData?.credentialSubject?.name) {
+      throw new Error("domainCardData is missing or invalid (credentialSubject.name required)");
+    }
+    const extractEntityType = (type) => type.replace(/^schema:/i, "").toLowerCase();
+    const entityType = String(inputs.entityType || "").trim() || (domainCardData.credentialSubject?.type?.[0] ? extractEntityType(domainCardData.credentialSubject.type[0]) : "dao");
+    const issuerDid = handlers.getEntityDid?.() || handlers.getCurrentUser?.()?.address;
+    if (!issuerDid) throw new Error("Unable to determine issuer DID");
+    const entityDidPlaceholder = "did:ixo:entity:pending";
+    const validFrom = domainCardData.validFrom || (/* @__PURE__ */ new Date()).toISOString();
+    const validUntil = domainCardData.validUntil || (() => {
+      const d = /* @__PURE__ */ new Date();
+      d.setFullYear(d.getFullYear() + 100);
+      return d.toISOString();
+    })();
+    const credentialSubject = {
+      ...domainCardData.credentialSubject,
+      id: entityDidPlaceholder
+    };
+    const unsignedCredential = buildVerifiableCredential({
+      entityDid: entityDidPlaceholder,
+      issuerDid,
+      credentialSubject,
+      validFrom,
+      validUntil
+    });
+    const pin = await handlers.requestPin({
+      title: "Sign Domain Card",
+      description: "Enter your PIN to sign the Domain Card credential",
+      submitText: "Sign"
+    });
+    const { signedCredential } = await handlers.signCredential({
+      issuerDid,
+      issuerType: "user",
+      credential: unsignedCredential,
+      pin
+    });
+    const credentialBlob = new Blob([JSON.stringify(signedCredential, null, 2)], {
+      type: "application/json"
+    });
+    const credentialFile = new File([credentialBlob], "domainCard.json", {
+      type: "application/json"
+    });
+    const uploadResult = await handlers.publicFileUpload(credentialFile);
+    const domainCardLinkedResource = buildDomainCardLinkedResource({
+      entityDid: entityDidPlaceholder,
+      cid: uploadResult.cid,
+      serviceEndpoint: uploadResult.url,
+      description: `Domain Card for ${domainCardData.credentialSubject?.name || "Domain"}`
+    });
+    let linkedEntitiesData = [];
+    if (inputs.linkedEntities) {
+      if (typeof inputs.linkedEntities === "string") {
+        try {
+          linkedEntitiesData = JSON.parse(inputs.linkedEntities);
+        } catch {
+        }
+      } else if (Array.isArray(inputs.linkedEntities)) {
+        linkedEntitiesData = inputs.linkedEntities;
+      }
+    }
+    const governanceGroupLinkedEntities = buildGovernanceGroupLinkedEntities(parseLinkedEntities(JSON.stringify(linkedEntitiesData)));
+    const endDate = domainCardData.endDate || validUntil;
+    const { entityDid: newEntityDid, transactionHash } = await handlers.createDomain({
+      entityType,
+      linkedResource: [domainCardLinkedResource],
+      linkedEntity: governanceGroupLinkedEntities.length > 0 ? governanceGroupLinkedEntities : void 0,
+      startDate: validFrom,
+      endDate
+    });
+    return {
+      output: {
+        entityDid: newEntityDid,
+        transactionHash
+      }
+    };
+  }
+});
+
+// src/mantine/blocks/domainCreator/utils/transformSurveyToCredentialSubject.ts
+function extractPanelDynamicItems(surveyData, panelName, itemMapper) {
+  const items = surveyData[panelName];
+  if (!Array.isArray(items)) return [];
+  return items.map(itemMapper).filter((item) => item !== null);
+}
+function parseCommaSeparated(value) {
+  if (!value || typeof value !== "string") return [];
+  return value.split(",").map((s) => s.trim()).filter(Boolean);
+}
+function parseLanguageCodes(value) {
+  return parseCommaSeparated(value);
+}
+function buildImageObject(url) {
+  if (!url) return null;
+  return {
+    type: "schema:ImageObject",
+    id: url,
+    contentUrl: url
+  };
+}
+function transformSurveyToCredentialSubject(surveyData, entityDid) {
+  const types = [];
+  if (surveyData["type_1"]) types.push(`ixo:${surveyData["type_1"]}`);
+  if (surveyData["type_2"]) types.push(surveyData["type_2"]);
+  const additionalType = [];
+  if (surveyData["daoType"]) additionalType.push(surveyData["daoType"]);
+  const alternateNames = extractPanelDynamicItems(surveyData, "pannel_schema:alternateName", (item) => item["schema:alternateName"] || null);
+  const sameAsUrls = extractPanelDynamicItems(surveyData, "schema:sameAs", (item) => item["schema:sameAs.url"] || null);
+  const logoUrl = surveyData["ixo:imageLogo_url"] || surveyData["ixo:imageLogo"]?.[0]?.content;
+  const logo = buildImageObject(logoUrl);
+  const profileImageUrl = surveyData["ixo:imageProfile_url"] || surveyData["ixo:imageProfile"]?.[0]?.content;
+  const profileImage = buildImageObject(profileImageUrl);
+  const keywords = parseCommaSeparated(surveyData["schema:keywords"]);
+  const knowsAbout = extractPanelDynamicItems(surveyData, "pannel_ixo:knowsAbout", (item) => item["ixo:knowsAbout"] || null);
+  const hasAddressData = surveyData["schema:streetAddress"] || surveyData["schema:addressLocality"] || surveyData["schema:addressRegion"] || surveyData["schema:postalCode"] || surveyData["schema:addressCountry"];
+  const address = hasAddressData ? {
+    type: "schema:PostalAddress",
+    streetAddress: surveyData["schema:streetAddress"] || void 0,
+    addressLocality: surveyData["schema:addressLocality"] || void 0,
+    addressRegion: surveyData["schema:addressRegion"] || void 0,
+    postalCode: surveyData["schema:postalCode"] || void 0,
+    addressCountry: surveyData["schema:addressCountry"] || void 0
+  } : void 0;
+  const areaServed = surveyData["schema:AdministrativeArea"] ? {
+    type: "schema:AdministrativeArea",
+    name: surveyData["schema:AdministrativeArea"]
+  } : void 0;
+  const contactPoints = extractPanelDynamicItems(surveyData, "pannel:schema_contactPoint", (item) => {
+    if (!item["schema:contactType"] && !item["schema:email"] && !item["schema:telephone"]) return null;
+    return {
+      type: "schema:ContactPoint",
+      contactType: item["schema:contactType"] || "general",
+      email: item["schema:email"] || void 0,
+      telephone: item["schema:telephone"] || void 0,
+      availableLanguage: parseLanguageCodes(item["schema:availableLanguage"])
+    };
+  });
+  const hasParts = extractPanelDynamicItems(surveyData, "schema:hasPart", (item) => {
+    if (!item["schema:hasPart.name"] && !item["schema:hasPart.id"]) return null;
+    return {
+      type: "schema:CreativeWork",
+      id: item["schema:hasPart.id"] || void 0,
+      name: item["schema:hasPart.name"] || void 0,
+      description: item["schema:hasPart.description"] || void 0,
+      url: item["schema:hasPart.url"] || void 0,
+      creator: item["schema:hasPart.creator.name"] ? {
+        type: "schema:Organization",
+        name: item["schema:hasPart.creator.name"]
+      } : void 0
+    };
+  });
+  const subjectOf = extractPanelDynamicItems(surveyData, "schema:subjectOf", (item) => {
+    if (!item["schema:subjectOf.name"]) return null;
+    return {
+      type: "schema:CreativeWork",
+      name: item["schema:subjectOf.name"],
+      url: item["schema:subjectOf.url"] || void 0,
+      author: item["schema:subjectOf.author.name"] ? {
+        type: "schema:Organisation",
+        name: item["schema:subjectOf.author.name"]
+      } : void 0
+    };
+  });
+  const composition = hasParts.length > 0 || subjectOf.length > 0 ? {
+    type: "schema:Collection",
+    hasPart: hasParts.length > 0 ? hasParts : void 0,
+    subjectOf: subjectOf.length > 0 ? subjectOf : void 0
+  } : void 0;
+  const makesOffer = extractPanelDynamicItems(surveyData, "schema:makesOffer", (item) => {
+    if (!item["schema:itemOffered.name"]) return null;
+    return {
+      type: "schema:Offer",
+      itemOffered: {
+        type: item["schema:itemOffered.type"] === "service" ? "schema:Service" : "schema:Product",
+        name: item["schema:itemOffered.name"] || void 0,
+        description: item["schema:itemOffered.description"] || void 0,
+        url: item["schema:itemOffered.url"] || void 0
+      }
+    };
+  });
+  const memberOf = extractPanelDynamicItems(surveyData, "schema:memberOf", (item) => {
+    if (!item["schema:memberOf.name"]) return null;
+    return {
+      type: "schema:Organization",
+      name: item["schema:memberOf.name"]
+    };
+  });
+  const wasAssociatedWith = extractPanelDynamicItems(surveyData, "schema:wasAssociatedWith", (item) => {
+    if (!item["schema:wasAssociatedWith.name"]) return null;
+    return {
+      type: "schema:Organization",
+      name: item["schema:wasAssociatedWith.name"],
+      url: item["schema:wasAssociatedWith.url"] || void 0
+    };
+  });
+  const funding = extractPanelDynamicItems(surveyData, "schema:funding", (item) => {
+    if (!item["schema:funder.name"]) return null;
+    return {
+      type: "schema:MonetaryGrant",
+      funder: {
+        type: "schema:Organization",
+        name: item["schema:funder.name"]
+      },
+      amount: item["schema:amount.value"] || item["schema:amount.currency"] ? {
+        type: "schema:MonetaryAmount",
+        currency: item["schema:amount.currency"] || "USD",
+        value: item["schema:amount.value"] || "0"
+      } : void 0
+    };
+  });
+  const relationships = memberOf.length > 0 || wasAssociatedWith.length > 0 || funding.length > 0 ? {
+    memberOf: memberOf.length > 0 ? memberOf : void 0,
+    "prov:wasAssociatedWith": wasAssociatedWith.length > 0 ? wasAssociatedWith : void 0,
+    funding: funding.length > 0 ? funding : void 0
+  } : void 0;
+  const agents = extractPanelDynamicItems(surveyData, "ixo:agentCard", (item) => {
+    if (!item["ixo:agentCard.name"] && !item["ixo:agentCard.id"]) return null;
+    return {
+      type: "ixo:AgentCard",
+      id: item["ixo:agentCard.id"] || void 0,
+      name: item["ixo:agentCard.name"] || void 0,
+      description: item["ixo:agentCard.description"] || void 0
+    };
+  });
+  const credentials = extractPanelDynamicItems(surveyData, "ixo:verifiableCredential", (item) => {
+    if (!item["schema:Name"] && !item["schema:ID"]) return null;
+    return {
+      type: "VerifiableCredential",
+      id: item["schema:ID"] || void 0,
+      name: item["schema:Name"] || void 0,
+      description: item["schema:description"] || void 0
+    };
+  });
+  const attributes = extractPanelDynamicItems(surveyData, "ixo:attribute", (item) => {
+    if (!item["schema:name_2"]) return null;
+    return {
+      "@type": "ixo:Attribute",
+      "@id": item["schema:ID_2"] || `attribute:${item["schema:name_2"].replace(/\s+/g, "_").toLowerCase()}`,
+      name: item["schema:name_2"],
+      value: item["schema:description_2"] || ""
+    };
+  });
+  const projects = extractPanelDynamicItems(surveyData, "pannel_proj:project", (item) => {
+    if (!item["proj:project.name"]) return null;
+    const objectives = extractPanelDynamicItems(item, "proj:project.hadObjective", (objItem) => objItem["proj:hadObjective"] || null);
+    const projectFunding = extractPanelDynamicItems(item, "proj:wasFundedThrough", (fundItem) => ({
+      type: "proj:FundingAssociation",
+      moneyAmount: fundItem["proj:moneyAmount"] || void 0,
+      moneyCurrency: fundItem["proj:moneyCurrency"] || void 0,
+      agent: fundItem["prov.agent.name"] || fundItem["prov:agent.id"] ? {
+        type: "prov:Agent",
+        id: fundItem["prov:agent.id"] || void 0,
+        name: fundItem["prov.agent.name"] || void 0
+      } : void 0
+    }));
+    return {
+      type: "proj:Project",
+      name: item["proj:project.name"],
+      description: item["proj:project.description"] || void 0,
+      hadObjective: objectives.length > 0 ? objectives : void 0,
+      plannedStart: item["proj:plannedStart"] || void 0,
+      plannedEnd: item["proj:plannedEnd"] || void 0,
+      wasFundedThrough: projectFunding.length > 0 ? projectFunding : void 0
+    };
+  });
+  const project = projects.length > 0 ? projects[0] : void 0;
+  const seedQueries = extractPanelDynamicItems(surveyData, "ixo:ResearchProfile", (item) => item["ixo:seedQueries"] || null);
+  const citations = extractPanelDynamicItems(surveyData, "schema:creativeWork", (item) => {
+    if (!item["schema:creativeWork.name"]) return null;
+    return {
+      type: "schema:CreativeWork",
+      name: item["schema:creativeWork.name"],
+      url: item["schema:creativeWork.url"] || void 0,
+      publisher: item["schema:creativeWork.publisher"] || void 0,
+      datePublished: item["schema:creativeWork.datePublished"] || void 0
+    };
+  });
+  const researchProfile = seedQueries.length > 0 || citations.length > 0 ? {
+    type: "ixo:ResearchProfile",
+    "ixo:seedQueries": seedQueries.length > 0 ? seedQueries : void 0,
+    citation: citations.length > 0 ? citations : void 0,
+    dateModified: (/* @__PURE__ */ new Date()).toISOString()
+  } : void 0;
+  const credentialSubject = {
+    id: entityDid,
+    type: types.length > 0 ? types : ["ixo:dao"],
+    name: surveyData["schema:name"] || "",
+    description: surveyData["schema.description"] || ""
+  };
+  if (additionalType.length > 0) credentialSubject.additionalType = additionalType;
+  if (alternateNames.length > 0) credentialSubject.alternateName = alternateNames;
+  if (surveyData["schema:url"]) credentialSubject.url = surveyData["schema:url"];
+  if (sameAsUrls.length > 0) credentialSubject.sameAs = sameAsUrls;
+  if (logo) credentialSubject.logo = logo;
+  if (profileImage) credentialSubject.image = [profileImage];
+  if (keywords.length > 0) credentialSubject.keywords = keywords;
+  if (knowsAbout.length > 0) credentialSubject.knowsAbout = knowsAbout;
+  if (address) credentialSubject.address = address;
+  if (areaServed) credentialSubject.areaServed = areaServed;
+  if (contactPoints.length > 0) credentialSubject.contactPoint = contactPoints;
+  if (composition) credentialSubject.composition = composition;
+  if (makesOffer.length > 0) credentialSubject.makesOffer = makesOffer;
+  if (relationships) credentialSubject.relationships = relationships;
+  if (agents.length > 0) credentialSubject.agents = agents;
+  if (credentials.length > 0) credentialSubject.credentials = credentials;
+  if (attributes.length > 0) credentialSubject.attributes = attributes;
+  if (project) credentialSubject.project = project;
+  if (researchProfile) credentialSubject.researchProfile = researchProfile;
+  return credentialSubject;
+}
+
+// src/mantine/blocks/domainCreator/utils/extractSurveyAnswersTemplate.ts
+function extractFieldsFromElements(elements, fields) {
+  for (const element of elements) {
+    if (element.type === "panel" && element.elements) {
+      extractFieldsFromElements(element.elements, fields);
+      continue;
+    }
+    if (element.type === "paneldynamic" && element.name) {
+      fields[element.name] = [];
+      if (element.templateElements) {
+        extractFieldsFromElements(element.templateElements, fields);
+      }
+      continue;
+    }
+    if (element.name && element.type !== "panel") {
+      switch (element.type) {
+        case "boolean":
+          fields[element.name] = false;
+          break;
+        case "checkbox":
+          fields[element.name] = [];
+          break;
+        case "file":
+          fields[element.name] = [];
+          break;
+        default:
+          fields[element.name] = "";
+      }
+    }
+    if (element.elements) {
+      extractFieldsFromElements(element.elements, fields);
+    }
+  }
+}
+function extractSurveyAnswersTemplate(surveyDef) {
+  const fields = {};
+  for (const page of surveyDef.pages) {
+    extractFieldsFromElements(page.elements, fields);
+  }
+  return fields;
+}
+
+// src/core/lib/actionRegistry/actions/domainCreate.ts
+registerAction({
+  type: "qi/domain.create",
+  can: "domain/create",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "flow/block/execute",
+  outputSchema: [
+    { path: "entityDid", displayName: "Entity DID", type: "string", description: "The created domain entity DID" },
+    { path: "transactionHash", displayName: "Transaction Hash", type: "string", description: "Blockchain transaction hash" },
+    { path: "credentialId", displayName: "Credential ID", type: "string", description: "The uploaded domain card credential identifier (CID)" },
+    { path: "entityType", displayName: "Entity Type", type: "string", description: "The type of domain entity created" }
+  ],
+  run: async (inputs, ctx) => {
+    const handlers = ctx.handlers;
+    if (!handlers) throw new Error("Handlers not available");
+    if (!handlers.signCredential) throw new Error("signCredential handler not implemented");
+    if (!handlers.publicFileUpload) throw new Error("publicFileUpload handler not available");
+    if (!handlers.createDomain) throw new Error("createDomain handler not implemented");
+    if (!handlers.requestPin) throw new Error("requestPin handler not available");
+    const configEntityType = String(inputs.entityType || "dao").trim();
+    let surveyData = {};
+    if (inputs.surveyData) {
+      if (typeof inputs.surveyData === "string") {
+        try {
+          surveyData = JSON.parse(inputs.surveyData);
+        } catch {
+          throw new Error("surveyData must be valid JSON");
+        }
+      } else if (typeof inputs.surveyData === "object" && !Array.isArray(inputs.surveyData)) {
+        surveyData = inputs.surveyData;
+      }
+    }
+    const issuerDid = handlers.getEntityDid?.() || handlers.getCurrentUser?.()?.address;
+    if (!issuerDid) throw new Error("Unable to determine issuer DID");
+    const entityDid = "did:ixo:entity:pending";
+    const credentialSubject = transformSurveyToCredentialSubject(surveyData, entityDid);
+    const unsignedCredential = buildVerifiableCredential({
+      entityDid,
+      issuerDid,
+      credentialSubject,
+      validFrom: surveyData["schema:validFrom"] || (/* @__PURE__ */ new Date()).toISOString(),
+      validUntil: surveyData["schema:validUntil"]
+    });
+    const pin = await handlers.requestPin({
+      title: "Sign Domain Card",
+      description: "Enter your PIN to sign the Domain Card credential",
+      submitText: "Sign"
+    });
+    const { signedCredential } = await handlers.signCredential({
+      issuerDid,
+      issuerType: "user",
+      credential: unsignedCredential,
+      pin
+    });
+    const credentialBlob = new Blob([JSON.stringify(signedCredential, null, 2)], {
+      type: "application/json"
+    });
+    const credentialFile = new File([credentialBlob], "domainCard.json", {
+      type: "application/json"
+    });
+    const uploadResult = await handlers.publicFileUpload(credentialFile);
+    const domainCardLinkedResource = buildDomainCardLinkedResource({
+      entityDid,
+      cid: uploadResult.cid,
+      serviceEndpoint: uploadResult.url,
+      description: `Domain Card for ${surveyData["schema:name"] || "Domain"}`
+    });
+    const finalEntityType = surveyData["type_2"] || surveyData["daoType"] || configEntityType;
+    const { entityDid: newEntityDid, transactionHash } = await handlers.createDomain({
+      entityType: finalEntityType,
+      linkedResource: [domainCardLinkedResource],
+      startDate: surveyData["schema:validFrom"],
+      endDate: surveyData["schema:validUntil"]
+    });
+    return {
+      output: {
+        entityDid: newEntityDid,
+        transactionHash,
+        credentialId: uploadResult.cid,
+        entityType: finalEntityType
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/oracle.ts
+registerAction({
+  type: "oracle",
+  can: "oracle/query",
+  sideEffect: false,
+  defaultRequiresConfirmation: false,
+  outputSchema: [{ path: "prompt", displayName: "Prompt", type: "string", description: "The prompt sent to the companion" }],
+  run: async (inputs, ctx) => {
+    const prompt = String(inputs.prompt || "").trim();
+    if (!prompt) throw new Error("prompt is required");
+    if (!ctx.handlers?.askCompanion) {
+      throw new Error("askCompanion handler is not available");
+    }
+    await ctx.handlers.askCompanion(prompt);
+    return {
+      output: { prompt }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/credentialStore.ts
+registerAction({
+  type: "qi/credential.store",
+  can: "credential/store",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "flow/execute",
+  outputSchema: [
+    { path: "credentialKey", displayName: "Credential Key", type: "string", description: "Key under which credential was stored (e.g. kycamllevel1)" },
+    { path: "cid", displayName: "Content ID", type: "string", description: "IPFS-compatible CID of the credential (used for deduplication)" },
+    { path: "storedAt", displayName: "Stored At", type: "string", description: "ISO timestamp of when the credential was stored" },
+    { path: "duplicate", displayName: "Duplicate", type: "boolean", description: "Whether this credential was already stored (matched by CID)" }
+  ],
+  run: async (inputs, ctx) => {
+    const { credential, credentialKey, roomId } = inputs;
+    if (!credentialKey) throw new Error("credentialKey is required");
+    if (!credential) throw new Error("credential is required");
+    let parsedCredential = credential;
+    if (typeof parsedCredential === "string") {
+      for (let i = 0; i < 3 && typeof parsedCredential === "string"; i++) {
+        try {
+          parsedCredential = JSON.parse(parsedCredential);
+        } catch {
+          throw new Error("credential must be a valid JSON object or JSON string");
+        }
+      }
+    }
+    if (typeof parsedCredential !== "object" || parsedCredential === null || Array.isArray(parsedCredential)) {
+      throw new Error("credential must be a JSON object");
+    }
+    if (!ctx.services.matrix?.storeCredential) {
+      throw new Error("Matrix credential storage service not configured");
+    }
+    const { computeJsonCID } = await import("./cid-6O646X2I.mjs");
+    const cid = await computeJsonCID(parsedCredential);
+    const result = await ctx.services.matrix.storeCredential({
+      roomId: roomId || "",
+      credentialKey: String(credentialKey),
+      credential: parsedCredential,
+      cid
+    });
+    return {
+      output: {
+        credentialKey: String(credentialKey),
+        cid,
+        storedAt: result.storedAt,
+        duplicate: result.duplicate
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/payment.ts
+registerAction({
+  type: "qi/payment.execute",
+  can: "payment/execute",
+  sideEffect: true,
+  defaultRequiresConfirmation: true,
+  requiredCapability: "flow/block/execute",
+  outputSchema: [
+    { path: "transactionId", displayName: "Transaction ID", type: "string", description: "Payment transaction identifier from the provider" },
+    { path: "status", displayName: "Status", type: "string", description: "Payment status (proposed, submitted, pending, completed, failed)" },
+    { path: "proposal", displayName: "Proposal", type: "object", description: "Payment proposal object for review before execution" },
+    { path: "summary", displayName: "Summary", type: "object", description: "Human-readable payment summary" }
+  ],
+  run: async (inputs, ctx) => {
+    const config = inputs.paymentConfig;
+    if (!config || typeof config === "string" && !config.trim()) {
+      throw new Error("paymentConfig is required");
+    }
+    if (!ctx.handlers?.askCompanion) {
+      throw new Error("askCompanion handler is not available");
+    }
+    const parsed = typeof config === "string" ? JSON.parse(config) : config;
+    const configJson = JSON.stringify(parsed, null, 2);
+    await ctx.handlers.askCompanion(
+      [
+        "Execute payment action with this configuration.",
+        "IMPORTANT: First read the flow context and settings \u2014 the flow may contain parameters required by the skill. Also review all blocks in the flow to understand the basic workflow before executing.",
+        `Payment configuration JSON:
+${configJson}`
+      ].join("\n")
+    );
+    return {
+      output: {
+        status: "requested",
+        paymentConfig: parsed
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/matrixDm.ts
+registerAction({
+  type: "qi/matrix.dm",
+  can: "matrix/dm",
+  sideEffect: true,
+  defaultRequiresConfirmation: false,
+  outputSchema: [
+    { path: "roomId", displayName: "Room ID", type: "string", description: "The Matrix room ID used for the DM" },
+    { path: "sentAt", displayName: "Sent At", type: "string", description: "Timestamp when the message was sent" }
+  ],
+  run: async (inputs, ctx) => {
+    const matrixClient = ctx.editor?.getMatrixClient?.();
+    if (!matrixClient) {
+      throw new Error("Matrix client not available");
+    }
+    const targetDid = String(inputs.targetDid || "").trim();
+    const message = String(inputs.message || "").trim();
+    if (!targetDid) throw new Error("Recipient DID is required");
+    if (!message) throw new Error("Message is required");
+    const result = await sendDirectMessage(matrixClient, targetDid, message);
+    return {
+      output: {
+        roomId: result.roomId,
+        sentAt: (/* @__PURE__ */ new Date()).toISOString()
+      }
+    };
+  }
+});
+
+// src/core/lib/actionRegistry/actions/bid/bid.diff.ts
+registerDiffResolver("bid", {
+  resolver: async (inputs, _ctx) => {
+    if (!inputs.surveyStarted) return [];
+    const collectionId = String(inputs.collectionId || "").trim();
+    const role = String(inputs.role || "").trim();
+    const roleLabel = role === "evaluation_agent" || role === "ea" ? "Evaluator" : role ? "Contributor" : "Selected at runtime";
+    return [
+      {
+        key: "applicationStatus",
+        label: "Application Status",
+        before: "None",
+        after: "Pending",
+        changeType: "replace",
+        severity: "info"
+      },
+      {
+        key: "role",
+        label: "Role",
+        before: "None",
+        after: roleLabel,
+        changeType: role ? "replace" : "unchanged"
+      },
+      {
+        key: "collection",
+        label: "Collection",
+        before: collectionId || "Not configured",
+        after: collectionId || "Not configured",
+        changeType: "unchanged"
+      },
+      {
+        key: "surveyAnswers",
+        label: "Survey Answers",
+        before: "None",
+        after: "Submitted at runtime",
+        changeType: "replace"
+      }
+    ];
+  }
+});
+
+// src/core/lib/actionRegistry/actions/evaluateBid/evaluateBid.diff.ts
+var USDC_DENOM = "ibc/6BBE9BD4246F8E04948D5A4EEE7164B2630263B9EBB5E7DC5F0A46C62A2FF97B";
+function formatCoin(coin) {
+  const denom = coin.denom === USDC_DENOM ? "USDC" : coin.denom === "uixo" ? "IXO" : coin.denom;
+  return `${coin.amount} ${denom}`;
+}
+registerDiffResolver("evaluateBid", {
+  resolver: async (inputs, _ctx) => {
+    const bidId = String(inputs.bidId || "").trim();
+    if (!bidId) return [];
+    const decision = String(inputs.decision || "").trim().toLowerCase();
+    const role = String(inputs.role || "").trim();
+    const collectionId = String(inputs.collectionId || "").trim();
+    const applicantDid = String(inputs.applicantDid || "").trim();
+    const roleLower = role.toLowerCase();
+    const isEvaluator = roleLower === "evaluation_agent" || roleLower === "ea";
+    const roleLabel = isEvaluator ? "Evaluator" : roleLower === "service_agent" || roleLower === "sa" ? "Contributor" : role || "Unknown";
+    const isApprove = decision === "approve";
+    const isReject = decision === "reject";
+    const decisionLabel = isApprove ? "Approve" : isReject ? "Reject" : "Not selected";
+    const afterStatus = isApprove ? "Approved" : isReject ? "Rejected" : "Pending";
+    const results = [
+      {
+        key: "bidStatus",
+        label: "Bid Status",
+        before: "Pending",
+        after: afterStatus,
+        changeType: decision ? "replace" : "unchanged",
+        severity: isReject ? "warning" : "info"
+      },
+      {
+        key: "decision",
+        label: "Decision",
+        before: "None",
+        after: decisionLabel,
+        changeType: decision ? "replace" : "unchanged"
+      },
+      {
+        key: "applicantRole",
+        label: "Applicant Role",
+        before: roleLabel,
+        after: roleLabel,
+        changeType: "unchanged"
+      },
+      {
+        key: "bidId",
+        label: "Bid ID",
+        before: bidId || "Not selected",
+        after: bidId || "Not selected",
+        changeType: "unchanged"
+      },
+      {
+        key: "collection",
+        label: "Collection",
+        before: collectionId || "Not configured",
+        after: collectionId || "Not configured",
+        changeType: "unchanged"
+      }
+    ];
+    if (isEvaluator) {
+      let amountsLabel = "None";
+      try {
+        const parsed = typeof inputs.maxAmounts === "string" ? JSON.parse(inputs.maxAmounts) : inputs.maxAmounts;
+        if (Array.isArray(parsed) && parsed.length > 0) {
+          amountsLabel = parsed.map((a) => formatCoin(a)).join(", ");
+        }
+      } catch {
+      }
+      results.push({
+        key: "maxAmounts",
+        label: "Max Amounts",
+        before: "None",
+        after: amountsLabel,
+        changeType: amountsLabel !== "None" ? "replace" : "unchanged"
+      });
+    }
+    if (isReject) {
+      const reason = String(inputs.rejectReason || inputs.reason || "").trim();
+      results.push({
+        key: "reason",
+        label: "Rejection Reason",
+        before: "None",
+        after: reason || "Not provided",
+        changeType: reason ? "replace" : "unchanged",
+        severity: "warning"
+      });
+    }
+    if (applicantDid) {
+      results.push({
+        key: "applicant",
+        label: "Applicant",
+        before: applicantDid,
+        after: applicantDid,
+        changeType: "unchanged"
+      });
+    }
+    return results;
+  }
+});
+
+// src/core/lib/actionRegistry/actions/claim/claim.diff.ts
+registerDiffResolver("claim", {
+  resolver: async (inputs, _ctx) => {
+    if (!inputs.claimStarted) return [];
+    const collectionId = String(inputs.collectionId || "").trim();
+    const deedDid = String(inputs.deedDid || "").trim();
+    return [
+      {
+        key: "claimStatus",
+        label: "Claim Status",
+        before: "None",
+        after: "Pending",
+        changeType: "replace",
+        severity: "info"
+      },
+      {
+        key: "collection",
+        label: "Collection",
+        before: collectionId || "Not configured",
+        after: collectionId || "Not configured",
+        changeType: "unchanged"
+      },
+      {
+        key: "deed",
+        label: "Deed",
+        before: deedDid || "Not configured",
+        after: deedDid || "Not configured",
+        changeType: "unchanged"
+      },
+      {
+        key: "surveyAnswers",
+        label: "Survey Answers",
+        before: "None",
+        after: "Submitted at runtime",
+        changeType: "replace"
+      }
+    ];
+  }
+});
+
+// src/core/lib/actionRegistry/actions/evaluateClaim/evaluateClaim.diff.ts
+var USDC_DENOM2 = "ibc/6BBE9BD4246F8E04948D5A4EEE7164B2630263B9EBB5E7DC5F0A46C62A2FF97B";
+var DECIMALS = 6;
+function formatCoin2(coin) {
+  const denom = coin.denom === USDC_DENOM2 ? "USDC" : coin.denom === "uixo" ? "IXO" : coin.denom;
+  const raw = Number(coin.amount);
+  const display = raw >= Math.pow(10, DECIMALS) ? raw / Math.pow(10, DECIMALS) : raw;
+  return `${display} ${denom}`;
+}
+registerDiffResolver("evaluateClaim", {
+  resolver: async (inputs, _ctx) => {
+    const claimId = String(inputs.claimId || "").trim();
+    if (!claimId || inputs.alreadyEvaluated) return [];
+    const decision = String(inputs.decision || "").trim().toLowerCase();
+    const collectionId = String(inputs.collectionId || "").trim();
+    const createUdid = Boolean(inputs.createUdid);
+    const isApprove = decision === "approve";
+    const isReject = decision === "reject";
+    const decisionLabel = isApprove ? "Approve" : isReject ? "Reject" : "Not selected";
+    const afterStatus = isApprove ? "Approved" : isReject ? "Rejected" : "Pending";
+    const results = [
+      {
+        key: "claimStatus",
+        label: "Claim Status",
+        before: "Pending",
+        after: afterStatus,
+        changeType: decision ? "replace" : "unchanged",
+        severity: isReject ? "warning" : "info"
+      },
+      {
+        key: "decision",
+        label: "Decision",
+        before: "None",
+        after: decisionLabel,
+        changeType: decision ? "replace" : "unchanged"
+      },
+      {
+        key: "claimId",
+        label: "Claim ID",
+        before: claimId || "Not selected",
+        after: claimId || "Not selected",
+        changeType: "unchanged"
+      },
+      {
+        key: "collection",
+        label: "Collection",
+        before: collectionId || "Not configured",
+        after: collectionId || "Not configured",
+        changeType: "unchanged"
+      },
+      {
+        key: "udidProof",
+        label: "UDID Proof",
+        before: "None",
+        after: createUdid ? "Will be generated" : "Skipped",
+        changeType: createUdid ? "replace" : "unchanged"
+      }
+    ];
+    let amountsLabel = "None";
+    try {
+      const raw = typeof inputs.amount === "string" ? JSON.parse(inputs.amount) : inputs.amount;
+      if (Array.isArray(raw) && raw.length > 0) {
+        amountsLabel = raw.map((a) => formatCoin2(a)).join(", ");
+      } else if (raw && typeof raw === "object" && raw.denom) {
+        amountsLabel = formatCoin2(raw);
+      }
+    } catch {
+    }
+    results.push({
+      key: "payment",
+      label: "Payment",
+      before: "None",
+      after: amountsLabel,
+      changeType: amountsLabel !== "None" ? "replace" : "unchanged"
+    });
+    if (inputs.outcomeComplete !== void 0) {
+      results.push({
+        key: "outcome",
+        label: "Outcome Template",
+        before: "None",
+        after: inputs.outcomeComplete ? "Completed" : "Not completed",
+        changeType: inputs.outcomeComplete ? "replace" : "unchanged",
+        severity: inputs.outcomeComplete ? "info" : "warning"
+      });
+    }
+    return results;
+  }
+});
+
+// src/core/lib/ucanDelegationStore.ts
+var ROOT_DELEGATION_KEY = "__root__";
+var STORE_VERSION_KEY = "__version__";
+var CURRENT_VERSION = 2;
+var isValidEntry = (value) => {
+  if (!value || typeof value !== "object") return false;
+  const entry = value;
+  return entry.v === CURRENT_VERSION && entry.data !== void 0;
+};
+var isReservedKey = (key) => key === ROOT_DELEGATION_KEY || key === STORE_VERSION_KEY;
+var createUcanDelegationStore = (yMap) => {
+  const get = (cid) => {
+    if (isReservedKey(cid)) return null;
+    const raw = yMap.get(cid);
+    if (!raw) return null;
+    if (isValidEntry(raw)) return raw.data;
+    return null;
+  };
+  const set = (delegation) => {
+    const entry = { v: CURRENT_VERSION, data: delegation };
+    yMap.set(delegation.cid, entry);
+  };
+  const remove = (cid) => {
+    yMap.delete(cid);
+  };
+  const has = (cid) => {
+    return yMap.has(cid) && !isReservedKey(cid);
+  };
+  const getRoot = () => {
+    const rootCid = yMap.get(ROOT_DELEGATION_KEY);
+    if (!rootCid) return null;
+    return get(rootCid);
+  };
+  const setRootCid = (cid) => {
+    yMap.set(ROOT_DELEGATION_KEY, cid);
+  };
+  const getRootCid = () => {
+    return yMap.get(ROOT_DELEGATION_KEY) || null;
+  };
+  const getAll = () => {
+    const delegations = [];
+    yMap.forEach((value, key) => {
+      if (isReservedKey(key)) return;
+      if (isValidEntry(value)) {
+        delegations.push(value.data);
+      }
+    });
+    return delegations;
+  };
+  const getByAudience = (audienceDid) => {
+    return getAll().filter((d) => d.audienceDid === audienceDid);
+  };
+  const getByIssuer = (issuerDid) => {
+    return getAll().filter((d) => d.issuerDid === issuerDid);
+  };
+  const findByCapability = (can, withUri) => {
+    return getAll().filter(
+      (d) => d.capabilities.some((c) => {
+        if (c.can === can && c.with === withUri) return true;
+        if (c.can === "*" || c.can === "flow/*") return true;
+        if (c.can.endsWith("/*")) {
+          const prefix = c.can.slice(0, -1);
+          if (can.startsWith(prefix)) return true;
+        }
+        if (c.with === "*") return true;
+        if (c.with.endsWith("*")) {
+          const prefix = c.with.slice(0, -1);
+          if (withUri.startsWith(prefix)) return true;
+        }
+        return false;
+      })
+    );
+  };
+  return {
+    get,
+    set,
+    remove,
+    has,
+    getRoot,
+    setRootCid,
+    getRootCid,
+    getAll,
+    getByAudience,
+    getByIssuer,
+    findByCapability
+  };
+};
+var createMemoryUcanDelegationStore = () => {
+  const store = /* @__PURE__ */ new Map();
+  const get = (cid) => {
+    if (isReservedKey(cid)) return null;
+    const raw = store.get(cid);
+    if (!raw) return null;
+    if (isValidEntry(raw)) return raw.data;
+    return null;
+  };
+  const set = (delegation) => {
+    const entry = { v: CURRENT_VERSION, data: delegation };
+    store.set(delegation.cid, entry);
+  };
+  const remove = (cid) => {
+    store.delete(cid);
+  };
+  const has = (cid) => {
+    return store.has(cid) && !isReservedKey(cid);
+  };
+  const getRoot = () => {
+    const rootCid = store.get(ROOT_DELEGATION_KEY);
+    if (!rootCid) return null;
+    return get(rootCid);
+  };
+  const setRootCid = (cid) => {
+    store.set(ROOT_DELEGATION_KEY, cid);
+  };
+  const getRootCid = () => {
+    return store.get(ROOT_DELEGATION_KEY) || null;
+  };
+  const getAll = () => {
+    const delegations = [];
+    store.forEach((value, key) => {
+      if (isReservedKey(key)) return;
+      if (isValidEntry(value)) {
+        delegations.push(value.data);
+      }
+    });
+    return delegations;
+  };
+  const getByAudience = (audienceDid) => {
+    return getAll().filter((d) => d.audienceDid === audienceDid);
+  };
+  const getByIssuer = (issuerDid) => {
+    return getAll().filter((d) => d.issuerDid === issuerDid);
+  };
+  const findByCapability = (can, withUri) => {
+    return getAll().filter(
+      (d) => d.capabilities.some((c) => {
+        if (c.can === can && c.with === withUri) return true;
+        if (c.can === "*" || c.can === "flow/*") return true;
+        if (c.can.endsWith("/*")) {
+          const prefix = c.can.slice(0, -1);
+          if (can.startsWith(prefix)) return true;
+        }
+        if (c.with === "*") return true;
+        if (c.with.endsWith("*")) {
+          const prefix = c.with.slice(0, -1);
+          if (withUri.startsWith(prefix)) return true;
+        }
+        return false;
+      })
+    );
+  };
+  return {
+    get,
+    set,
+    remove,
+    has,
+    getRoot,
+    setRootCid,
+    getRootCid,
+    getAll,
+    getByAudience,
+    getByIssuer,
+    findByCapability
+  };
+};
+
+// src/core/lib/invocationStore.ts
+var createInvocationStore = (yMap) => {
+  const add = (invocation) => {
+    yMap.set(invocation.cid, invocation);
+  };
+  const get = (cid) => {
+    const raw = yMap.get(cid);
+    if (!raw || typeof raw !== "object") return null;
+    return raw;
+  };
+  const remove = (cid) => {
+    yMap.delete(cid);
+  };
+  const getAll = () => {
+    const invocations = [];
+    yMap.forEach((value) => {
+      if (value && typeof value === "object" && "cid" in value) {
+        invocations.push(value);
+      }
+    });
+    return invocations.sort((a, b) => b.executedAt - a.executedAt);
+  };
+  const getByInvoker = (invokerDid) => {
+    return getAll().filter((i) => i.invokerDid === invokerDid);
+  };
+  const getByFlow = (flowId) => {
+    return getAll().filter((i) => i.flowId === flowId);
+  };
+  const getByBlock = (flowId, blockId) => {
+    return getAll().filter((i) => i.flowId === flowId && i.blockId === blockId);
+  };
+  const getByCapability = (can, withUri) => {
+    return getAll().filter((i) => i.capability.can === can && i.capability.with === withUri);
+  };
+  const hasBeenInvoked = (cid) => {
+    return yMap.has(cid);
+  };
+  const getInDateRange = (startMs, endMs) => {
+    return getAll().filter((i) => i.executedAt >= startMs && i.executedAt <= endMs);
+  };
+  const getSuccessful = () => {
+    return getAll().filter((i) => i.result === "success");
+  };
+  const getFailures = () => {
+    return getAll().filter((i) => i.result === "failure");
+  };
+  const getPendingSubmission = () => {
+    return getAll().filter((i) => i.result === "success" && !i.transactionHash);
+  };
+  const markSubmitted = (cid, transactionHash) => {
+    const invocation = get(cid);
+    if (invocation) {
+      const updated = {
+        ...invocation,
+        transactionHash
+      };
+      yMap.set(cid, updated);
+    }
+  };
+  const getCount = () => {
+    return getAll().length;
+  };
+  const getCountByResult = () => {
+    const all = getAll();
+    return {
+      success: all.filter((i) => i.result === "success").length,
+      failure: all.filter((i) => i.result === "failure").length
+    };
+  };
+  return {
+    add,
+    get,
+    remove,
+    getAll,
+    getByInvoker,
+    getByFlow,
+    getByBlock,
+    getByCapability,
+    hasBeenInvoked,
+    getInDateRange,
+    getSuccessful,
+    getFailures,
+    getPendingSubmission,
+    markSubmitted,
+    getCount,
+    getCountByResult
+  };
+};
+var createMemoryInvocationStore = () => {
+  const store = /* @__PURE__ */ new Map();
+  const add = (invocation) => {
+    store.set(invocation.cid, invocation);
+  };
+  const get = (cid) => {
+    return store.get(cid) || null;
+  };
+  const remove = (cid) => {
+    store.delete(cid);
+  };
+  const getAll = () => {
+    const invocations = Array.from(store.values());
+    return invocations.sort((a, b) => b.executedAt - a.executedAt);
+  };
+  const getByInvoker = (invokerDid) => {
+    return getAll().filter((i) => i.invokerDid === invokerDid);
+  };
+  const getByFlow = (flowId) => {
+    return getAll().filter((i) => i.flowId === flowId);
+  };
+  const getByBlock = (flowId, blockId) => {
+    return getAll().filter((i) => i.flowId === flowId && i.blockId === blockId);
+  };
+  const getByCapability = (can, withUri) => {
+    return getAll().filter((i) => i.capability.can === can && i.capability.with === withUri);
+  };
+  const hasBeenInvoked = (cid) => {
+    return store.has(cid);
+  };
+  const getInDateRange = (startMs, endMs) => {
+    return getAll().filter((i) => i.executedAt >= startMs && i.executedAt <= endMs);
+  };
+  const getSuccessful = () => {
+    return getAll().filter((i) => i.result === "success");
+  };
+  const getFailures = () => {
+    return getAll().filter((i) => i.result === "failure");
+  };
+  const getPendingSubmission = () => {
+    return getAll().filter((i) => i.result === "success" && !i.transactionHash);
+  };
+  const markSubmitted = (cid, transactionHash) => {
+    const invocation = get(cid);
+    if (invocation) {
+      store.set(cid, { ...invocation, transactionHash });
+    }
+  };
+  const getCount = () => {
+    return store.size;
+  };
+  const getCountByResult = () => {
+    const all = getAll();
+    return {
+      success: all.filter((i) => i.result === "success").length,
+      failure: all.filter((i) => i.result === "failure").length
+    };
+  };
+  return {
+    add,
+    get,
+    remove,
+    getAll,
+    getByInvoker,
+    getByFlow,
+    getByBlock,
+    getByCapability,
+    hasBeenInvoked,
+    getInDateRange,
+    getSuccessful,
+    getFailures,
+    getPendingSubmission,
+    markSubmitted,
+    getCount,
+    getCountByResult
+  };
+};
+
+// src/core/lib/flowEngine/utils.ts
+var parseActivationStatus = (value) => {
+  if (value === "pending" || value === "approved" || value === "rejected") {
+    return value;
+  }
+  return void 0;
+};
+var buildAuthzFromProps = (props) => {
+  const activationRequiredStatus = parseActivationStatus(props.activationRequiredStatus);
+  const activationUpstreamNodeId = typeof props.activationUpstreamNodeId === "string" ? props.activationUpstreamNodeId.trim() : "";
+  const linkedClaimCollectionId = typeof props.linkedClaimCollectionId === "string" ? props.linkedClaimCollectionId.trim() : "";
+  const authz = {};
+  if (linkedClaimCollectionId) {
+    authz.linkedClaim = { collectionId: linkedClaimCollectionId };
+  }
+  if (activationUpstreamNodeId && activationRequiredStatus) {
+    authz.activationCondition = {
+      upstreamNodeId: activationUpstreamNodeId,
+      requiredStatus: activationRequiredStatus,
+      requireAuthorisedActor: Boolean(props.activationRequireAuthorisedActor)
+    };
+  }
+  return authz;
+};
+var buildFlowNodeFromBlock = (block) => {
+  const base = {
+    id: block.id,
+    type: block.type,
+    props: block.props || {}
+  };
+  const authz = buildAuthzFromProps(block.props || {});
+  return {
+    ...base,
+    ...authz
+  };
+};
+
+// src/core/lib/flowEngine/runtime.ts
+var ensureStateObject = (value) => {
+  if (!value || typeof value !== "object") {
+    return {};
+  }
+  return { ...value };
+};
+var createYMapManager = (map) => {
+  return {
+    get: (nodeId) => {
+      const stored = map.get(nodeId);
+      return ensureStateObject(stored);
+    },
+    update: (nodeId, updates) => {
+      const current = ensureStateObject(map.get(nodeId));
+      map.set(nodeId, { ...current, ...updates });
+    }
+  };
+};
+var createMemoryManager = () => {
+  const memory = /* @__PURE__ */ new Map();
+  return {
+    get: (nodeId) => ensureStateObject(memory.get(nodeId)),
+    update: (nodeId, updates) => {
+      const current = ensureStateObject(memory.get(nodeId));
+      memory.set(nodeId, { ...current, ...updates });
+    }
+  };
+};
+var createRuntimeStateManager = (editor) => {
+  if (editor?._yRuntime) {
+    return createYMapManager(editor._yRuntime);
+  }
+  return createMemoryManager();
+};
+function clearRuntimeForTemplateClone(yDoc) {
+  const runtime = yDoc.getMap("runtime");
+  const invocations = yDoc.getMap("invocations");
+  yDoc.transact(() => {
+    runtime.forEach((_, key) => runtime.delete(key));
+    invocations.forEach((_, key) => invocations.delete(key));
+  });
+}
+
+// src/core/lib/flowEngine/activation.ts
+var isNodeActive = (node, runtime) => {
+  if (!node.activationCondition) {
+    return { active: true };
+  }
+  const { upstreamNodeId, requiredStatus, requireAuthorisedActor } = node.activationCondition;
+  if (!upstreamNodeId) {
+    return { active: true };
+  }
+  const upstreamState = runtime.get(upstreamNodeId);
+  if (!upstreamState.claimId) {
+    return { active: false, reason: `Upstream node ${upstreamNodeId} has no claim submission yet.` };
+  }
+  if (upstreamState.evaluationStatus !== requiredStatus) {
+    return {
+      active: false,
+      reason: `Upstream node ${upstreamNodeId} status is ${upstreamState.evaluationStatus || "unknown"}, requires ${requiredStatus}.`
+    };
+  }
+  if (requireAuthorisedActor) {
+    const upstreamActor = upstreamState.submittedByDid;
+    if (!upstreamActor) {
+      return { active: false, reason: "Upstream submission actor is unknown." };
+    }
+    if (!upstreamState.lastInvocationCid) {
+      return { active: false, reason: "Upstream execution has no invocation proof." };
+    }
+  }
+  return { active: true };
+};
+
+// src/core/lib/flowEngine/authorization.ts
+var isAuthorized = async (blockId, actorDid, ucanService, flowUri) => {
+  const capability = {
+    can: "flow/block/execute",
+    with: `${flowUri}:${blockId}`
+  };
+  const result = await ucanService.validateDelegationChain(actorDid, capability);
+  if (!result.valid) {
+    return {
+      authorized: false,
+      reason: result.error || "No valid capability chain found"
+    };
+  }
+  const proofCids = result.proofChain?.map((d) => d.cid) || [];
+  return {
+    authorized: true,
+    capabilityId: proofCids[0],
+    proofCids
+  };
+};
+
+// src/core/lib/flowEngine/executor.ts
+var updateRuntimeAfterSuccess = (node, actorDid, runtime, actionResult, invocationCid, now) => {
+  const updates = {
+    submittedByDid: actionResult.submittedByDid || actorDid,
+    evaluationStatus: actionResult.evaluationStatus || "pending",
+    executionTimestamp: now ? now() : Date.now(),
+    lastInvocationCid: invocationCid
+  };
+  if (actionResult.claimId) {
+    updates.claimId = actionResult.claimId;
+  }
+  runtime.update(node.id, updates);
+};
+var executeNode = async ({ node, actorDid, actorType, entityRoomId, context, action, pin }) => {
+  const { runtime, ucanService, invocationStore, flowUri, flowId, now } = context;
+  const activation = isNodeActive(node, runtime);
+  if (!activation.active) {
+    return { success: false, stage: "activation", error: activation.reason };
+  }
+  const auth = await isAuthorized(node.id, actorDid, ucanService, flowUri);
+  if (!auth.authorized) {
+    return { success: false, stage: "authorization", error: auth.reason };
+  }
+  if (node.linkedClaim && !node.linkedClaim.collectionId) {
+    return { success: false, stage: "claim", error: "Linked claim collection is required but missing." };
+  }
+  let invocationCid;
+  let invocationData;
+  if (auth.proofCids && auth.proofCids.length > 0) {
+    const capability = {
+      can: "flow/block/execute",
+      with: `${flowUri}:${node.id}`
+    };
+    try {
+      const invocationResult = await ucanService.createAndValidateInvocation(
+        {
+          invokerDid: actorDid,
+          invokerType: actorType,
+          entityRoomId,
+          capability,
+          proofs: auth.proofCids,
+          pin
+        },
+        flowId,
+        node.id
+      );
+      if (!invocationResult.valid) {
+        return {
+          success: false,
+          stage: "authorization",
+          error: `Invocation validation failed: ${invocationResult.error}`
+        };
+      }
+      invocationCid = invocationResult.cid;
+      invocationData = invocationResult.invocation;
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Failed to create invocation";
+      return { success: false, stage: "authorization", error: message };
+    }
+  }
+  try {
+    const result = await action();
+    if (node.linkedClaim && !result.claimId) {
+      if (invocationStore && invocationCid && invocationData) {
+        const storedInvocation = {
+          cid: invocationCid,
+          invocation: invocationData,
+          invokerDid: actorDid,
+          capability: { can: "flow/block/execute", with: `${flowUri}:${node.id}` },
+          executedAt: now ? now() : Date.now(),
+          flowId,
+          blockId: node.id,
+          result: "failure",
+          error: "Execution did not return a claimId for linked claim requirement.",
+          proofCids: auth.proofCids || []
+        };
+        invocationStore.add(storedInvocation);
+      }
+      return {
+        success: false,
+        stage: "claim",
+        error: "Execution did not return a claimId for linked claim requirement.",
+        invocationCid
+      };
+    }
+    if (invocationStore && invocationCid && invocationData) {
+      const storedInvocation = {
+        cid: invocationCid,
+        invocation: invocationData,
+        invokerDid: actorDid,
+        capability: { can: "flow/block/execute", with: `${flowUri}:${node.id}` },
+        executedAt: now ? now() : Date.now(),
+        flowId,
+        blockId: node.id,
+        result: "success",
+        proofCids: auth.proofCids || [],
+        claimId: result.claimId
+      };
+      invocationStore.add(storedInvocation);
+    }
+    updateRuntimeAfterSuccess(node, actorDid, runtime, result, invocationCid || auth.capabilityId, now);
+    return {
+      success: true,
+      stage: "complete",
+      result,
+      capabilityId: auth.capabilityId,
+      invocationCid
+    };
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Execution failed";
+    if (invocationStore && invocationCid && invocationData) {
+      const storedInvocation = {
+        cid: invocationCid,
+        invocation: invocationData,
+        invokerDid: actorDid,
+        capability: { can: "flow/block/execute", with: `${flowUri}:${node.id}` },
+        executedAt: now ? now() : Date.now(),
+        flowId,
+        blockId: node.id,
+        result: "failure",
+        error: message,
+        proofCids: auth.proofCids || []
+      };
+      invocationStore.add(storedInvocation);
+    }
+    return { success: false, stage: "action", error: message, invocationCid };
+  }
+};
+
+// src/core/services/ucanService.ts
+import {
+  createDelegation as ucanCreateDelegation,
+  createInvocation as ucanCreateInvocation,
+  serializeDelegation,
+  serializeInvocation,
+  parseDelegation,
+  parseSigner,
+  signerFromMnemonic
+} from "@ixo/ucan";
+function toSupportedDID(did) {
+  if (did.startsWith("did:ixo:") || did.startsWith("did:key:")) {
+    return did;
+  }
+  return void 0;
+}
+function toUcantoCapabilities(capabilities) {
+  return capabilities.map((cap) => ({
+    can: cap.can,
+    with: cap.with,
+    ...cap.nb && { nb: cap.nb }
+  }));
+}
+async function getSigner(handlers, did, didType, entityRoomId, pin) {
+  const supportedDid = toSupportedDID(did);
+  if (handlers.getPrivateKey) {
+    const privateKey = await handlers.getPrivateKey({ did, didType, entityRoomId, pin });
+    return parseSigner(privateKey, supportedDid);
+  }
+  if (handlers.getMnemonic) {
+    const mnemonic = await handlers.getMnemonic({ did, didType, entityRoomId, pin });
+    const result = await signerFromMnemonic(mnemonic, supportedDid);
+    return result.signer;
+  }
+  throw new Error("No signer handler configured (need getPrivateKey or getMnemonic)");
+}
+function getCidFromDelegation(delegation) {
+  return delegation.cid.toString();
+}
+var createUcanService = (config) => {
+  const { delegationStore, invocationStore, handlers, flowOwnerDid } = config;
+  const delegationCache = /* @__PURE__ */ new Map();
+  const isConfigured = () => {
+    const hasSessionHandlers = !!(handlers.createSignerSession && handlers.signWithSession);
+    const hasLegacyHandlers = !!(handlers.getPrivateKey || handlers.getMnemonic);
+    return hasSessionHandlers || hasLegacyHandlers;
+  };
+  const parseDelegationFromStore = async (cid) => {
+    if (delegationCache.has(cid)) {
+      return delegationCache.get(cid);
+    }
+    const stored = delegationStore.get(cid);
+    if (!stored || !stored.delegation) {
+      return null;
+    }
+    try {
+      const delegation = await parseDelegation(stored.delegation);
+      delegationCache.set(cid, delegation);
+      return delegation;
+    } catch {
+      return null;
+    }
+  };
+  const getProofDelegations = async (proofCids) => {
+    const proofs = [];
+    for (const cid of proofCids) {
+      const delegation = await parseDelegationFromStore(cid);
+      if (delegation) {
+        proofs.push(delegation);
+      }
+    }
+    return proofs;
+  };
+  const createRootDelegation = async (params) => {
+    const { flowOwnerDid: ownerDid, issuerType, entityRoomId, flowUri: uri, pin } = params;
+    const signer = await getSigner(handlers, ownerDid, issuerType, entityRoomId, pin);
+    const capabilities = [{ can: "flow/*", with: uri }];
+    const delegation = await ucanCreateDelegation({
+      issuer: signer,
+      audience: ownerDid,
+      capabilities,
+      proofs: []
+    });
+    const serialized = await serializeDelegation(delegation);
+    const cid = getCidFromDelegation(delegation);
+    const storedDelegation = {
+      cid,
+      delegation: serialized,
+      issuerDid: ownerDid,
+      audienceDid: ownerDid,
+      capabilities,
+      createdAt: Date.now(),
+      format: "car",
+      proofCids: []
+    };
+    delegationStore.set(storedDelegation);
+    delegationStore.setRootCid(cid);
+    delegationCache.set(cid, delegation);
+    return storedDelegation;
+  };
+  const createDelegation = async (params) => {
+    const { issuerDid, issuerType, entityRoomId, audience, capabilities, proofs = [], expiration, pin } = params;
+    const signer = await getSigner(handlers, issuerDid, issuerType, entityRoomId, pin);
+    const proofCids = proofs.length > 0 ? proofs : [delegationStore.getRootCid()].filter(Boolean);
+    const proofDelegations = await getProofDelegations(proofCids);
+    const delegation = await ucanCreateDelegation({
+      issuer: signer,
+      audience,
+      capabilities: toUcantoCapabilities(capabilities),
+      proofs: proofDelegations,
+      expiration: expiration ? Math.floor(expiration / 1e3) : void 0
+    });
+    const serialized = await serializeDelegation(delegation);
+    const cid = getCidFromDelegation(delegation);
+    const storedDelegation = {
+      cid,
+      delegation: serialized,
+      issuerDid,
+      audienceDid: audience,
+      capabilities,
+      expiration,
+      createdAt: Date.now(),
+      format: "car",
+      proofCids
+    };
+    delegationStore.set(storedDelegation);
+    delegationCache.set(cid, delegation);
+    return storedDelegation;
+  };
+  const revokeDelegation = (cid) => {
+    delegationStore.remove(cid);
+    delegationCache.delete(cid);
+  };
+  const getDelegation = (cid) => {
+    return delegationStore.get(cid);
+  };
+  const getAllDelegations = () => {
+    return delegationStore.getAll();
+  };
+  const getRootDelegation = () => {
+    return delegationStore.getRoot();
+  };
+  const findValidProofs = async (audienceDid, capability) => {
+    const delegations = delegationStore.getByAudience(audienceDid);
+    if (delegations.length === 0) {
+      const root = delegationStore.getRoot();
+      if (root && root.audienceDid === audienceDid) {
+        return { found: true, proofCids: [root.cid] };
+      }
+      return { found: false, error: "No delegations found for actor" };
+    }
+    for (const delegation of delegations) {
+      const covers = delegation.capabilities.some((c) => {
+        if (c.can === capability.can && c.with === capability.with) return true;
+        if (c.can === "*" || c.can === "flow/*") return true;
+        if (c.can.endsWith("/*")) {
+          const prefix = c.can.slice(0, -1);
+          if (capability.can.startsWith(prefix)) return true;
+        }
+        if (c.with === "*") return true;
+        if (c.with.endsWith("*")) {
+          const prefix = c.with.slice(0, -1);
+          if (capability.with.startsWith(prefix)) return true;
+        }
+        return false;
+      });
+      if (covers) {
+        if (delegation.expiration && delegation.expiration < Date.now()) {
+          continue;
+        }
+        const proofCids = [delegation.cid, ...delegation.proofCids];
+        return { found: true, proofCids };
+      }
+    }
+    return { found: false, error: "No valid delegation found for capability" };
+  };
+  const validateDelegationChain = async (audienceDid, capability) => {
+    const proofsResult = await findValidProofs(audienceDid, capability);
+    if (!proofsResult.found || !proofsResult.proofCids) {
+      return { valid: false, error: proofsResult.error };
+    }
+    const proofChain = [];
+    for (const cid of proofsResult.proofCids) {
+      const delegation = delegationStore.get(cid);
+      if (!delegation) {
+        return { valid: false, error: `Proof delegation ${cid} not found` };
+      }
+      proofChain.push(delegation);
+    }
+    for (let i = 0; i < proofChain.length - 1; i++) {
+      const current = proofChain[i];
+      const parent = proofChain[i + 1];
+      if (parent.audienceDid !== current.issuerDid) {
+        return {
+          valid: false,
+          error: `Chain broken: ${parent.cid} audience (${parent.audienceDid}) != ${current.cid} issuer (${current.issuerDid})`
+        };
+      }
+    }
+    const root = proofChain[proofChain.length - 1];
+    if (root.issuerDid !== flowOwnerDid) {
+      return { valid: false, error: `Root issuer ${root.issuerDid} is not flow owner ${flowOwnerDid}` };
+    }
+    return { valid: true, proofChain };
+  };
+  const createAndValidateInvocation = async (params, _flowId, _blockId) => {
+    const { invokerDid, invokerType, entityRoomId, capability, proofs, pin } = params;
+    const validation = await validateDelegationChain(invokerDid, capability);
+    if (!validation.valid) {
+      return {
+        cid: "",
+        invocation: "",
+        valid: false,
+        error: validation.error
+      };
+    }
+    const signer = await getSigner(handlers, invokerDid, invokerType, entityRoomId, pin);
+    const proofDelegations = await getProofDelegations(proofs);
+    const ucantoCapability = {
+      can: capability.can,
+      with: capability.with,
+      ...capability.nb && { nb: capability.nb }
+    };
+    const invocation = await ucanCreateInvocation({
+      issuer: signer,
+      audience: flowOwnerDid,
+      capability: ucantoCapability,
+      proofs: proofDelegations
+    });
+    const serialized = await serializeInvocation(invocation);
+    const built = await invocation.buildIPLDView();
+    const cid = built.cid.toString();
+    return {
+      cid,
+      invocation: serialized,
+      valid: true
+    };
+  };
+  const executeWithInvocation = async (params, action, flowId, blockId) => {
+    const invocationResult = await createAndValidateInvocation(params, flowId, blockId);
+    if (!invocationResult.valid) {
+      return {
+        success: false,
+        invocationCid: invocationResult.cid,
+        error: invocationResult.error
+      };
+    }
+    if (invocationStore.hasBeenInvoked(invocationResult.cid)) {
+      return {
+        success: false,
+        invocationCid: invocationResult.cid,
+        error: "Invocation has already been used (replay attack prevented)"
+      };
+    }
+    try {
+      const actionResult = await action();
+      const storedInvocation = {
+        cid: invocationResult.cid,
+        invocation: invocationResult.invocation,
+        invokerDid: params.invokerDid,
+        capability: params.capability,
+        executedAt: Date.now(),
+        flowId,
+        blockId,
+        result: "success",
+        proofCids: params.proofs
+      };
+      invocationStore.add(storedInvocation);
+      return {
+        success: true,
+        invocationCid: invocationResult.cid,
+        result: actionResult,
+        actionResult
+      };
+    } catch (error) {
+      const storedInvocation = {
+        cid: invocationResult.cid,
+        invocation: invocationResult.invocation,
+        invokerDid: params.invokerDid,
+        capability: params.capability,
+        executedAt: Date.now(),
+        flowId,
+        blockId,
+        result: "failure",
+        error: error instanceof Error ? error.message : "Unknown error",
+        proofCids: params.proofs
+      };
+      invocationStore.add(storedInvocation);
+      return {
+        success: false,
+        invocationCid: invocationResult.cid,
+        error: error instanceof Error ? error.message : "Unknown error"
+      };
+    }
+  };
+  return {
+    createRootDelegation,
+    createDelegation,
+    revokeDelegation,
+    getDelegation,
+    getAllDelegations,
+    getRootDelegation,
+    createAndValidateInvocation,
+    executeWithInvocation,
+    validateDelegationChain,
+    findValidProofs,
+    parseDelegationFromStore,
+    isConfigured
+  };
+};
+
+export {
+  resolveActionType,
+  registerAction,
+  getAction,
+  getAllActions,
+  hasAction,
+  getActionByCan,
+  canToType,
+  typeToCan,
+  getAllCanMappings,
+  buildServicesFromHandlers,
+  getDiffResolver,
+  hasDiffResolver,
+  buildVerifiableCredential,
+  buildDomainCardLinkedResource,
+  parseLinkedEntities,
+  buildGovernanceGroupLinkedEntities,
+  transformSurveyToCredentialSubject,
+  extractSurveyAnswersTemplate,
+  getHomeserver,
+  didToMatrixUserId,
+  findOrCreateDMRoom,
+  sendDirectMessage,
+  createUcanDelegationStore,
+  createMemoryUcanDelegationStore,
+  createInvocationStore,
+  createMemoryInvocationStore,
+  buildAuthzFromProps,
+  buildFlowNodeFromBlock,
+  createRuntimeStateManager,
+  clearRuntimeForTemplateClone,
+  isNodeActive,
+  isAuthorized,
+  executeNode,
+  createUcanService
+};
+//# sourceMappingURL=chunk-5D26UG3I.mjs.map