@ixo/editor 3.0.0 → 3.2.0

package/dist/{chunk-5D26UG3I.mjs → chunk-3EZI42YS.mjs}

@@ -2348,8 +2348,64 @@ var isNodeActive = (node, runtime) => {
   return { active: true };
 };
 
+// src/core/lib/flowEngine/versionManifest.ts
+var VERSION_MANIFEST = {
+  "0.3": {
+    version: "0.3",
+    label: "Legacy",
+    ucanRequired: false,
+    delegationRootRequired: false,
+    whitelistOnlyAllowed: true,
+    unrestrictedAllowed: true,
+    executionPath: "legacy",
+    authorizationFn: "v1",
+    allowedAuthModes: ["anyone", "actors", "capability"],
+    ui: {
+      showDelegationPanel: false,
+      showWhitelistConfig: true,
+      showAnyoneConfig: true,
+      showMigrationBanner: true,
+      requirePinForExecution: false
+    },
+    description: "Legacy version. UCAN optional, whitelist-only authorization accepted."
+  },
+  "1.0.0": {
+    version: "1.0.0",
+    label: "UCAN Required",
+    ucanRequired: true,
+    delegationRootRequired: true,
+    whitelistOnlyAllowed: false,
+    unrestrictedAllowed: false,
+    executionPath: "invocation",
+    authorizationFn: "v2",
+    allowedAuthModes: ["capability"],
+    ui: {
+      showDelegationPanel: true,
+      showWhitelistConfig: false,
+      showAnyoneConfig: false,
+      showMigrationBanner: false,
+      requirePinForExecution: true
+    },
+    description: "UCAN-enforced. Every block execution requires a valid delegation chain."
+  }
+};
+var LATEST_VERSION = "1.0.0";
+function getVersionPolicy(version) {
+  const policy = VERSION_MANIFEST[version];
+  if (!policy) {
+    return VERSION_MANIFEST[LATEST_VERSION];
+  }
+  return policy;
+}
+
 // src/core/lib/flowEngine/authorization.ts
-var isAuthorized = async (blockId, actorDid, ucanService, flowUri) => {
+var isAuthorized = async (blockId, actorDid, ucanService, flowUri, schemaVersion) => {
+  if (schemaVersion) {
+    const policy = getVersionPolicy(schemaVersion);
+    if (!policy.ucanRequired) {
+      return { authorized: true };
+    }
+  }
   const capability = {
     can: "flow/block/execute",
     with: `${flowUri}:${blockId}`
@@ -2809,6 +2865,153 @@ var createUcanService = (config) => {
   };
 };
 
+// src/core/lib/flowEngine/migration.ts
+var MIGRATION_REGISTRY = {};
+function registerMigration(definition) {
+  const key = `${definition.from}->${definition.to}`;
+  MIGRATION_REGISTRY[key] = definition;
+}
+
+// src/core/lib/flowEngine/migrations/v0_3_to_v1_0_0.ts
+var NON_EXECUTABLE_BLOCK_TYPES = /* @__PURE__ */ new Set(["paragraph", "heading", "bulletListItem", "numberedListItem", "image", "table"]);
+function hasDelegationForBlock(ctx, blockId) {
+  const delegations = ctx.ucanService.getAllDelegations();
+  const resourceUri = `${ctx.flowUri}:${blockId}`;
+  return delegations.some((d) => d.capabilities.some((c) => c.can === "flow/block/execute" && c.with === resourceUri));
+}
+var migration_0_3_to_1_0_0 = {
+  from: "0.3",
+  to: "1.0.0",
+  preconditions: [
+    {
+      id: "has_flow_owner",
+      description: "Flow must have a flowOwnerDid set",
+      check: (ctx) => {
+        const ownerDid = ctx.editor.getFlowOwnerDid?.() || ctx.flowOwnerDid;
+        return !!ownerDid;
+      },
+      blocking: true
+    },
+    {
+      id: "is_owner",
+      description: "Only the flow owner can initiate migration",
+      check: (ctx) => {
+        const ownerDid = ctx.editor.getFlowOwnerDid?.() || ctx.flowOwnerDid;
+        return ctx.actorDid === ownerDid;
+      },
+      blocking: true
+    },
+    {
+      id: "ucan_service_available",
+      description: "UCAN service must be configured",
+      check: (ctx) => {
+        return !!ctx.ucanService && ctx.ucanService.isConfigured();
+      },
+      blocking: true
+    }
+  ],
+  async analyze(ctx) {
+    const items = [];
+    const blocks = ctx.editor.document;
+    const rootDelegation = ctx.ucanService.getRootDelegation();
+    if (!rootDelegation) {
+      items.push({
+        id: "__root_delegation__",
+        nodeId: "",
+        type: "create_root_delegation",
+        status: "pending",
+        requiresUserAction: true,
+        description: "Create root delegation for flow owner"
+      });
+    }
+    if (blocks) {
+      for (const block of blocks) {
+        if (NON_EXECUTABLE_BLOCK_TYPES.has(block.type)) continue;
+        if (!hasDelegationForBlock(ctx, block.id)) {
+          items.push({
+            id: `node_delegation_${block.id}`,
+            nodeId: block.id,
+            type: "create_node_delegation",
+            status: "pending",
+            requiresUserAction: true,
+            description: `Create delegation for block "${block.type}" (${block.id})`
+          });
+        }
+      }
+    }
+    return items;
+  },
+  async executeItem(ctx, item) {
+    try {
+      switch (item.type) {
+        case "create_root_delegation": {
+          await ctx.ucanService.createRootDelegation({
+            flowOwnerDid: ctx.flowOwnerDid,
+            issuerType: ctx.actorType,
+            entityRoomId: ctx.entityRoomId,
+            flowUri: ctx.flowUri,
+            pin: ctx.pin
+          });
+          return { success: true };
+        }
+        case "create_node_delegation":
+        case "backfill_capability": {
+          const capability = {
+            can: "flow/block/execute",
+            with: `${ctx.flowUri}:${item.nodeId}`
+          };
+          await ctx.ucanService.createDelegation({
+            issuerDid: ctx.flowOwnerDid,
+            issuerType: ctx.actorType,
+            entityRoomId: ctx.entityRoomId,
+            audience: ctx.flowOwnerDid,
+            // Owner delegates to self initially; actors get sub-delegations
+            capabilities: [capability],
+            pin: ctx.pin
+          });
+          return { success: true };
+        }
+        default:
+          return { success: false, error: `Unknown work item type: ${item.type}` };
+      }
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      return { success: false, error: message };
+    }
+  },
+  async postValidate(ctx) {
+    const errors = [];
+    const blocks = ctx.editor.document;
+    const rootDelegation = ctx.ucanService.getRootDelegation();
+    if (!rootDelegation) {
+      errors.push("Root delegation is missing after migration");
+    }
+    if (blocks) {
+      for (const block of blocks) {
+        if (NON_EXECUTABLE_BLOCK_TYPES.has(block.type)) continue;
+        const requiredCapability = {
+          can: "flow/block/execute",
+          with: `${ctx.flowUri}:${block.id}`
+        };
+        const validation = await ctx.ucanService.validateDelegationChain(ctx.flowOwnerDid, requiredCapability);
+        if (!validation.valid) {
+          errors.push(`Block "${block.type}" (${block.id}): delegation chain invalid \u2014 ${validation.error || "unknown error"}`);
+        }
+      }
+    }
+    return { valid: errors.length === 0, errors };
+  },
+  finalize(ctx) {
+    const root = ctx.editor._yRoot;
+    if (!root) {
+      throw new Error("Cannot finalize: editor _yRoot not available");
+    }
+    root.set("schema_version", "1.0.0");
+    root.set("@context", "https://ixo.world/flow/1.0");
+  }
+};
+registerMigration(migration_0_3_to_1_0_0);
+
 export {
   resolveActionType,
   registerAction,
@@ -2836,6 +3039,7 @@ export {
   createMemoryUcanDelegationStore,
   createInvocationStore,
   createMemoryInvocationStore,
+  LATEST_VERSION,
   buildAuthzFromProps,
   buildFlowNodeFromBlock,
   createRuntimeStateManager,
@@ -2845,4 +3049,4 @@ export {
   executeNode,
   createUcanService
 };
-//# sourceMappingURL=chunk-5D26UG3I.mjs.map
+//# sourceMappingURL=chunk-3EZI42YS.mjs.map