@powerhousedao/reactor-api 6.2.0-dev.4 → 6.2.0-dev.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/README.md +0 -2
  2. package/dist/index.d.mts +32 -93
  3. package/dist/index.d.mts.map +1 -1
  4. package/dist/index.mjs +85 -235
  5. package/dist/index.mjs.map +1 -1
  6. package/dist/src/packages/vite-loader.mjs +1 -1
  7. package/dist/{utils-BFkbSO_H.mjs → utils-CtC8sjRo.mjs} +115 -34
  8. package/dist/utils-CtC8sjRo.mjs.map +1 -0
  9. package/package.json +13 -13
  10. package/dist/utils-BFkbSO_H.mjs.map +0 -1
package/dist/src/packages/vite-loader.mjs CHANGED
@@ -1,6 +1,6 @@
1
1
 
2
2
  !function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="1ea545f7-1fd6-5398-9906-11c687b497c5")}catch(e){}}();
3
- import { a as isSubgraphClass, o as debounce, s as isSubpath } from "../../utils-BFkbSO_H.mjs";
3
+ import { a as isSubgraphClass, o as debounce, s as isSubpath } from "../../utils-CtC8sjRo.mjs";
4
4
  import { childLogger } from "document-model";
5
5
  import path from "node:path";
6
6
  import { viteCommonjs } from "@originjs/vite-plugin-commonjs";
package/dist/{utils-BFkbSO_H.mjs → utils-CtC8sjRo.mjs} RENAMED
@@ -1,9 +1,109 @@
1
1
 
2
- !function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="f64c0238-0280-5fb7-9cf2-93c99d05e219")}catch(e){}}();
2
+ !function(){try{var e="undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof globalThis?globalThis:"undefined"!=typeof self?self:{},n=(new e.Error).stack;n&&(e._sentryDebugIds=e._sentryDebugIds||{},e._sentryDebugIds[n]="143f3840-f36d-5b22-91f1-5b5328f2e537")}catch(e){}}();
3
3
  import { gql } from "graphql-tag";
4
4
  import { GraphQLError } from "graphql";
5
5
  import { childLogger } from "document-model";
6
6
  import path from "node:path";
7
+ //#region src/services/authorization.service.ts
8
+ const AuthorizationPolicy = {
9
+ OPEN: "OPEN",
10
+ ADMIN_ONLY: "ADMIN_ONLY",
11
+ DOCUMENT_PERMISSIONS: "DOCUMENT_PERMISSIONS"
12
+ };
13
+ /** Shared config holder and admin-list check for the policy strategies. */
14
+ var BaseAuthorizationService = class {
15
+ constructor(config) {
16
+ this.config = config;
17
+ }
18
+ isSupremeAdmin(userAddress) {
19
+ if (!userAddress) return false;
20
+ return this.config.admins.includes(userAddress.toLowerCase());
21
+ }
22
+ };
23
+ /** OPEN: authentication disabled — everyone (incl. anonymous) is allowed. */
24
+ var OpenAuthorizationService = class extends BaseAuthorizationService {
25
+ isSupremeAdmin() {
26
+ return true;
27
+ }
28
+ canRead() {
29
+ return Promise.resolve(true);
30
+ }
31
+ canWrite() {
32
+ return Promise.resolve(true);
33
+ }
34
+ canManage() {
35
+ return Promise.resolve(true);
36
+ }
37
+ canMutate() {
38
+ return Promise.resolve(true);
39
+ }
40
+ };
41
+ /** ADMIN_ONLY: authentication on, document permissions off — only ADMINS. */
42
+ var AdminOnlyAuthorizationService = class extends BaseAuthorizationService {
43
+ canRead(_documentId, userAddress) {
44
+ return Promise.resolve(this.isSupremeAdmin(userAddress));
45
+ }
46
+ canWrite(_documentId, userAddress) {
47
+ return Promise.resolve(this.isSupremeAdmin(userAddress));
48
+ }
49
+ canManage(_documentId, userAddress) {
50
+ return Promise.resolve(this.isSupremeAdmin(userAddress));
51
+ }
52
+ canMutate(_documentId, _operationType, userAddress) {
53
+ return Promise.resolve(this.isSupremeAdmin(userAddress));
54
+ }
55
+ };
56
+ /** DOCUMENT_PERMISSIONS: the full per-document protection + grant model. */
57
+ var DocumentPermissionsAuthorizationService = class extends BaseAuthorizationService {
58
+ constructor(permissions, config) {
59
+ super(config);
60
+ this.permissions = permissions;
61
+ }
62
+ async canRead(documentId, userAddress, getParentIds) {
63
+ if (this.isSupremeAdmin(userAddress)) return true;
64
+ if (!(getParentIds ? await this.permissions.isProtectedWithAncestors(documentId, getParentIds) : await this.permissions.isDocumentProtected(documentId))) return true;
65
+ if (!userAddress) return false;
66
+ const owner = await this.permissions.getDocumentOwner(documentId);
67
+ if (owner && owner === userAddress.toLowerCase()) return true;
68
+ if (getParentIds) return this.permissions.canRead(documentId, userAddress, getParentIds);
69
+ return this.permissions.canReadDocument(documentId, userAddress);
70
+ }
71
+ async canWrite(documentId, userAddress, getParentIds) {
72
+ if (this.isSupremeAdmin(userAddress)) return true;
73
+ return this.#permissionCanWrite(documentId, userAddress, getParentIds);
74
+ }
75
+ async canManage(documentId, userAddress) {
76
+ if (this.isSupremeAdmin(userAddress)) return true;
77
+ if (!userAddress) return false;
78
+ const owner = await this.permissions.getDocumentOwner(documentId);
79
+ if (owner && owner === userAddress.toLowerCase()) return true;
80
+ return this.permissions.canManageDocument(documentId, userAddress);
81
+ }
82
+ async canMutate(documentId, operationType, userAddress, getParentIds) {
83
+ if (this.isSupremeAdmin(userAddress)) return true;
84
+ if (await this.permissions.isOperationRestricted(documentId, operationType)) return this.permissions.canExecuteOperation(documentId, operationType, userAddress?.toLowerCase());
85
+ return this.#permissionCanWrite(documentId, userAddress, getParentIds);
86
+ }
87
+ async #permissionCanWrite(documentId, userAddress, getParentIds) {
88
+ if (!(getParentIds ? await this.permissions.isProtectedWithAncestors(documentId, getParentIds) : await this.permissions.isDocumentProtected(documentId))) return true;
89
+ if (!userAddress) return false;
90
+ const owner = await this.permissions.getDocumentOwner(documentId);
91
+ if (owner && owner === userAddress.toLowerCase()) return true;
92
+ if (getParentIds) return this.permissions.canWrite(documentId, userAddress, getParentIds);
93
+ return this.permissions.canWriteDocument(documentId, userAddress);
94
+ }
95
+ };
96
+ /**
97
+ * Selects the strategy for the configured policy. The strategy classes are
98
+ * not exported, so this guard is the only construction path.
99
+ */
100
+ function createAuthorizationService(config, documentPermissionService) {
101
+ if (config.policy === AuthorizationPolicy.OPEN) return new OpenAuthorizationService(config);
102
+ if (config.policy === AuthorizationPolicy.ADMIN_ONLY) return new AdminOnlyAuthorizationService(config);
103
+ if (!documentPermissionService) throw new Error("DocumentPermissionService is required for the DOCUMENT_PERMISSIONS policy");
104
+ return new DocumentPermissionsAuthorizationService(documentPermissionService, config);
105
+ }
106
+ //#endregion
7
107
  //#region src/graphql/base-subgraph.ts
8
108
  var BaseSubgraph = class {
9
109
  name = "example";
@@ -39,43 +139,24 @@ var BaseSubgraph = class {
39
139
  }
40
140
  };
41
141
  }
42
- hasGlobalAdminAccess(ctx) {
43
- return !!ctx.isAdmin?.(ctx.user?.address ?? "");
44
- }
45
142
  async canReadDocument(documentId, ctx) {
46
- if (this.authorizationService) return this.authorizationService.canRead(documentId, ctx.user?.address, this.getParentIdsFn());
47
- if (this.hasGlobalAdminAccess(ctx)) return true;
48
- if (this.documentPermissionService) return this.documentPermissionService.canRead(documentId, ctx.user?.address, this.getParentIdsFn());
49
- return false;
143
+ return this.authorizationService.canRead(documentId, ctx.user?.address, this.getParentIdsFn());
50
144
  }
51
145
  async assertCanRead(documentId, ctx) {
52
- if (this.authorizationService) {
53
- if (!await this.authorizationService.canRead(documentId, ctx.user?.address, this.getParentIdsFn())) throw new GraphQLError("Forbidden: insufficient permissions to read this document");
54
- return;
55
- }
56
- if (!this.hasGlobalAdminAccess(ctx)) if (this.documentPermissionService) {
57
- if (!await this.documentPermissionService.canRead(documentId, ctx.user?.address, this.getParentIdsFn())) throw new GraphQLError("Forbidden: insufficient permissions to read this document");
58
- } else throw new GraphQLError("Forbidden: insufficient permissions to read this document");
146
+ if (!await this.authorizationService.canRead(documentId, ctx.user?.address, this.getParentIdsFn())) throw new GraphQLError("Forbidden: insufficient permissions to read this document");
59
147
  }
60
148
  async assertCanWrite(documentId, ctx) {
61
- if (this.authorizationService) {
62
- if (!await this.authorizationService.canWrite(documentId, ctx.user?.address, this.getParentIdsFn())) throw new GraphQLError("Forbidden: insufficient permissions to write to this document");
63
- return;
64
- }
65
- if (!this.hasGlobalAdminAccess(ctx)) if (this.documentPermissionService) {
66
- if (!await this.documentPermissionService.canWrite(documentId, ctx.user?.address, this.getParentIdsFn())) throw new GraphQLError("Forbidden: insufficient permissions to write to this document");
67
- } else throw new GraphQLError("Forbidden: insufficient permissions to write to this document");
149
+ if (!await this.authorizationService.canWrite(documentId, ctx.user?.address, this.getParentIdsFn())) throw new GraphQLError("Forbidden: insufficient permissions to write to this document");
68
150
  }
69
151
  async assertCanExecuteOperation(documentId, operationType, ctx) {
70
- if (this.authorizationService) {
71
- if (!await this.authorizationService.canMutate(documentId, operationType, ctx.user?.address, this.getParentIdsFn())) throw new GraphQLError(`Forbidden: insufficient permissions to execute operation "${operationType}" on this document`);
72
- return;
73
- }
74
- if (!this.documentPermissionService) return;
75
- if (ctx.isAdmin?.(ctx.user?.address ?? "")) return;
76
- if (await this.documentPermissionService.isOperationRestricted(documentId, operationType)) {
77
- if (!await this.documentPermissionService.canExecuteOperation(documentId, operationType, ctx.user?.address)) throw new GraphQLError(`Forbidden: insufficient permissions to execute operation "${operationType}" on this document`);
78
- }
152
+ if (!await this.authorizationService.canMutate(documentId, operationType, ctx.user?.address, this.getParentIdsFn())) throw new GraphQLError(`Forbidden: insufficient permissions to execute operation "${operationType}" on this document`);
153
+ }
154
+ assertCanCreate(ctx) {
155
+ const policy = this.authorizationService.config.policy;
156
+ if (policy === AuthorizationPolicy.OPEN) return;
157
+ if (this.authorizationService.isSupremeAdmin(ctx.user?.address)) return;
158
+ if (policy === AuthorizationPolicy.ADMIN_ONLY) throw new GraphQLError("Forbidden: insufficient permissions to create documents");
159
+ if (!ctx.user?.address) throw new GraphQLError("Forbidden: authentication required to create documents");
79
160
  }
80
161
  };
81
162
  //#endregion
@@ -290,7 +371,7 @@ function buildGraphQlDriveDocument(doc) {
290
371
  };
291
372
  }
292
373
  //#endregion
293
- export { isSubgraphClass as a, loadDocumentModels as c, BaseSubgraph as d, buildGraphqlOperations as i, loadProcessors as l, buildGraphQlDriveDocument as n, debounce as o, buildGraphqlOperation as r, isSubpath as s, buildGraphQlDocument as t, loadSubgraphs as u };
374
+ export { isSubgraphClass as a, loadDocumentModels as c, BaseSubgraph as d, AuthorizationPolicy as f, buildGraphqlOperations as i, loadProcessors as l, buildGraphQlDriveDocument as n, debounce as o, createAuthorizationService as p, buildGraphqlOperation as r, isSubpath as s, buildGraphQlDocument as t, loadSubgraphs as u };
294
375
 
295
- //# sourceMappingURL=utils-BFkbSO_H.mjs.map
296
- //# debugId=f64c0238-0280-5fb7-9cf2-93c99d05e219
376
+ //# sourceMappingURL=utils-CtC8sjRo.mjs.map
377
+ //# debugId=143f3840-f36d-5b22-91f1-5b5328f2e537
package/dist/utils-CtC8sjRo.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"utils-CtC8sjRo.mjs","sources":["../src/services/authorization.service.ts","../src/graphql/base-subgraph.ts","../src/packages/import-resolver.ts","../src/packages/util.ts","../src/graphql/utils.ts"],"sourcesContent":["import type {\n DocumentPermissionService,\n GetParentIdsFn,\n} from \"./document-permission.service.js\";\n\nexport const AuthorizationPolicy = {\n OPEN: \"OPEN\",\n ADMIN_ONLY: \"ADMIN_ONLY\",\n DOCUMENT_PERMISSIONS: \"DOCUMENT_PERMISSIONS\",\n} as const;\n\nexport type AuthorizationPolicy =\n (typeof AuthorizationPolicy)[keyof typeof AuthorizationPolicy];\n\nexport interface AuthorizationConfig {\n admins: string[];\n defaultProtection: boolean;\n policy: AuthorizationPolicy;\n}\n\n/**\n * Single source of truth for every permission decision. Always present (never\n * null) so callers branch on data, not on the existence of a service.\n *\n * The policy selects an implementation once at boot:\n * - OPEN: authentication disabled — everyone (incl. anonymous) is allowed.\n * - ADMIN_ONLY: authentication on, document permissions off — only ADMINS.\n * - DOCUMENT_PERMISSIONS: the full per-document protection + grant model.\n */\nexport interface IAuthorizationService {\n readonly config: AuthorizationConfig;\n\n isSupremeAdmin(userAddress?: string): boolean;\n\n canRead(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n canWrite(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n canManage(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n canMutate(\n documentId: string,\n operationType: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n}\n\n/** Shared config holder and admin-list check for the policy strategies. */\nabstract class BaseAuthorizationService implements IAuthorizationService {\n constructor(readonly config: AuthorizationConfig) {}\n\n isSupremeAdmin(userAddress?: string): boolean {\n if (!userAddress) return false;\n return this.config.admins.includes(userAddress.toLowerCase());\n }\n\n abstract canRead(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n abstract canWrite(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n abstract canManage(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n\n abstract canMutate(\n documentId: string,\n operationType: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean>;\n}\n\n/** OPEN: authentication disabled — everyone (incl. anonymous) is allowed. */\nclass OpenAuthorizationService extends BaseAuthorizationService {\n isSupremeAdmin(): boolean {\n return true;\n }\n\n canRead(): Promise<boolean> {\n return Promise.resolve(true);\n }\n\n canWrite(): Promise<boolean> {\n return Promise.resolve(true);\n }\n\n canManage(): Promise<boolean> {\n return Promise.resolve(true);\n }\n\n canMutate(): Promise<boolean> {\n return Promise.resolve(true);\n }\n}\n\n/** ADMIN_ONLY: authentication on, document permissions off — only ADMINS. */\nclass AdminOnlyAuthorizationService extends BaseAuthorizationService {\n canRead(_documentId: string, userAddress?: string): Promise<boolean> {\n return Promise.resolve(this.isSupremeAdmin(userAddress));\n }\n\n canWrite(_documentId: string, userAddress?: string): Promise<boolean> {\n return Promise.resolve(this.isSupremeAdmin(userAddress));\n }\n\n canManage(_documentId: string, userAddress?: string): Promise<boolean> {\n return Promise.resolve(this.isSupremeAdmin(userAddress));\n }\n\n canMutate(\n _documentId: string,\n _operationType: string,\n userAddress?: string,\n ): Promise<boolean> {\n return Promise.resolve(this.isSupremeAdmin(userAddress));\n }\n}\n\n/** DOCUMENT_PERMISSIONS: the full per-document protection + grant model. */\nclass DocumentPermissionsAuthorizationService extends BaseAuthorizationService {\n constructor(\n private readonly permissions: DocumentPermissionService,\n config: AuthorizationConfig,\n ) {\n super(config);\n }\n\n async canRead(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean> {\n if (this.isSupremeAdmin(userAddress)) return true;\n\n const isProtected = getParentIds\n ? await this.permissions.isProtectedWithAncestors(\n documentId,\n getParentIds,\n )\n : await this.permissions.isDocumentProtected(documentId);\n\n if (!isProtected) return true;\n if (!userAddress) return false;\n\n const owner = await this.permissions.getDocumentOwner(documentId);\n if (owner && owner === userAddress.toLowerCase()) return true;\n\n if (getParentIds) {\n return this.permissions.canRead(documentId, userAddress, getParentIds);\n }\n return this.permissions.canReadDocument(documentId, userAddress);\n }\n\n async canWrite(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean> {\n if (this.isSupremeAdmin(userAddress)) return true;\n return this.#permissionCanWrite(documentId, userAddress, getParentIds);\n }\n\n async canManage(documentId: string, userAddress?: string): Promise<boolean> {\n if (this.isSupremeAdmin(userAddress)) return true;\n if (!userAddress) return false;\n\n const owner = await this.permissions.getDocumentOwner(documentId);\n if (owner && owner === userAddress.toLowerCase()) return true;\n\n return this.permissions.canManageDocument(documentId, userAddress);\n }\n\n async canMutate(\n documentId: string,\n operationType: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean> {\n if (this.isSupremeAdmin(userAddress)) return true;\n\n const isRestricted = await this.permissions.isOperationRestricted(\n documentId,\n operationType,\n );\n\n if (isRestricted) {\n return this.permissions.canExecuteOperation(\n documentId,\n operationType,\n userAddress?.toLowerCase(),\n );\n }\n\n return this.#permissionCanWrite(documentId, userAddress, getParentIds);\n }\n\n async #permissionCanWrite(\n documentId: string,\n userAddress?: string,\n getParentIds?: GetParentIdsFn,\n ): Promise<boolean> {\n const isProtected = getParentIds\n ? await this.permissions.isProtectedWithAncestors(\n documentId,\n getParentIds,\n )\n : await this.permissions.isDocumentProtected(documentId);\n\n if (!isProtected) return true;\n if (!userAddress) return false;\n\n const owner = await this.permissions.getDocumentOwner(documentId);\n if (owner && owner === userAddress.toLowerCase()) return true;\n\n if (getParentIds) {\n return this.permissions.canWrite(documentId, userAddress, getParentIds);\n }\n return this.permissions.canWriteDocument(documentId, userAddress);\n }\n}\n\n/**\n * Selects the strategy for the configured policy. The strategy classes are\n * not exported, so this guard is the only construction path.\n */\nexport function createAuthorizationService(\n config: AuthorizationConfig,\n documentPermissionService?: DocumentPermissionService,\n): IAuthorizationService {\n if (config.policy === AuthorizationPolicy.OPEN) {\n return new OpenAuthorizationService(config);\n }\n if (config.policy === AuthorizationPolicy.ADMIN_ONLY) {\n return new AdminOnlyAuthorizationService(config);\n }\n if (!documentPermissionService) {\n throw new Error(\n \"DocumentPermissionService is required for the DOCUMENT_PERMISSIONS policy\",\n );\n }\n return new DocumentPermissionsAuthorizationService(\n documentPermissionService,\n config,\n );\n}\n","import type {\n IReactorClient,\n IRelationalDb,\n ISyncManager,\n} from \"@powerhousedao/reactor\";\nimport type {\n GraphQLManager,\n ISubgraph,\n SubgraphArgs,\n} from \"@powerhousedao/reactor-api\";\nimport type { DocumentNode } from \"graphql\";\nimport { GraphQLError } from \"graphql\";\nimport { gql } from \"graphql-tag\";\nimport {\n AuthorizationPolicy,\n type IAuthorizationService,\n} from \"../services/authorization.service.js\";\nimport type {\n DocumentPermissionService,\n GetParentIdsFn,\n} from \"../services/document-permission.service.js\";\nimport type { Context } from \"./types.js\";\n\nexport class BaseSubgraph implements ISubgraph {\n name = \"example\";\n path = \"\";\n resolvers: Record<string, any> = {\n Query: {\n hello: () => this.name,\n },\n };\n typeDefs: DocumentNode = gql`\n type Query {\n hello: String\n }\n `;\n reactorClient: IReactorClient;\n graphqlManager: GraphQLManager;\n relationalDb: IRelationalDb;\n syncManager: ISyncManager;\n documentPermissionService?: DocumentPermissionService;\n authorizationService: IAuthorizationService;\n\n constructor(args: SubgraphArgs) {\n this.reactorClient = args.reactorClient;\n this.graphqlManager = args.graphqlManager;\n this.relationalDb = args.relationalDb;\n this.syncManager = args.syncManager;\n this.documentPermissionService = args.documentPermissionService;\n this.authorizationService = args.authorizationService;\n this.path = args.path ?? \"\";\n }\n\n async onSetup() {\n // noop\n }\n\n // ============================================\n // Shared permission helpers\n // ============================================\n\n protected getParentIdsFn(): GetParentIdsFn {\n return async (documentId: string): Promise<string[]> => {\n try {\n const result = await this.reactorClient.getIncomingRelationships(\n documentId,\n \"child\",\n );\n return result.results.map((doc) => doc.header.id);\n } catch {\n return [];\n }\n };\n }\n\n protected async canReadDocument(\n documentId: string,\n ctx: Context,\n ): Promise<boolean> {\n return this.authorizationService.canRead(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n }\n\n protected async assertCanRead(\n documentId: string,\n ctx: Context,\n ): Promise<void> {\n const canRead = await this.authorizationService.canRead(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n if (!canRead) {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to read this document\",\n );\n }\n }\n\n protected async assertCanWrite(\n documentId: string,\n ctx: Context,\n ): Promise<void> {\n const canWrite = await this.authorizationService.canWrite(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n if (!canWrite) {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to write to this document\",\n );\n }\n }\n\n protected async assertCanExecuteOperation(\n documentId: string,\n operationType: string,\n ctx: Context,\n ): Promise<void> {\n const canMutate = await this.authorizationService.canMutate(\n documentId,\n operationType,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n if (!canMutate) {\n throw new GraphQLError(\n `Forbidden: insufficient permissions to execute operation \"${operationType}\" on this document`,\n );\n }\n }\n\n protected assertCanCreate(ctx: Context): void {\n const policy = this.authorizationService.config.policy;\n if (policy === AuthorizationPolicy.OPEN) return;\n if (this.authorizationService.isSupremeAdmin(ctx.user?.address)) return;\n if (policy === AuthorizationPolicy.ADMIN_ONLY) {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to create documents\",\n );\n }\n if (!ctx.user?.address) {\n throw new GraphQLError(\n \"Forbidden: authentication required to create documents\",\n );\n }\n }\n}\n","import path from \"node:path\";\n\n/**\n * Attempts to import from suggested Node.js paths\n */\nasync function tryNodeSuggestedPaths<T>(\n packageName: string,\n subPath: string,\n): Promise<T | null> {\n const suggestedPaths = [\n `${packageName}/dist/node/${subPath}/index.mjs`,\n `${packageName}/dist/node/${subPath}.mjs`,\n `${packageName}/dist/${subPath}/index.js`,\n `${packageName}/dist/${subPath}.js`,\n ];\n\n for (const suggestedPath of suggestedPaths) {\n try {\n return (await import(/* @vite-ignore */ suggestedPath)) as T;\n } catch {\n // Continue to next attempt\n }\n }\n\n return null;\n}\n\n/**\n * Attempts to resolve package using import.meta.resolve\n */\nasync function tryImportMetaResolve<T>(\n packageName: string,\n subPath: string,\n): Promise<T | null> {\n try {\n const resolvedUrl = import.meta.resolve?.(`${packageName}/package.json`);\n if (!resolvedUrl) return null;\n\n const packageRoot = path.dirname(new URL(resolvedUrl).pathname);\n const pathsToTry = [\n path.join(packageRoot, \"dist\", \"node\", subPath, \"index.mjs\"),\n path.join(packageRoot, \"dist\", \"node\", `${subPath}.mjs`),\n path.join(packageRoot, \"dist\", subPath, \"index.js\"),\n path.join(packageRoot, \"dist\", `${subPath}.js`),\n path.join(packageRoot, subPath, \"index.js\"),\n path.join(packageRoot, `${subPath}.js`),\n ];\n\n for (const attemptPath of pathsToTry) {\n try {\n return (await import(/* @vite-ignore */ attemptPath)) as T;\n } catch {\n // Continue to next attempt\n }\n }\n } catch {\n // import.meta.resolve failed\n }\n\n return null;\n}\n\n/**\n * Resolves symlinks in node_modules to find the real package location\n */\nasync function resolveSymlinkedPaths(\n packageName: string,\n subPath: string,\n): Promise<string[]> {\n const packageBaseName = packageName.includes(\"/\")\n ? packageName.split(\"/\").pop()\n : packageName;\n const nodeModulesPatterns = [\n path.join(process.cwd(), \"node_modules\", packageName),\n path.join(process.cwd(), \"node_modules\", packageBaseName || packageName),\n ];\n\n const workspacePatterns: string[] = [];\n\n for (const nodeModulesPath of nodeModulesPatterns) {\n try {\n const fs = await import(\"node:fs\");\n if (fs.existsSync(nodeModulesPath)) {\n const realPath = fs.realpathSync(nodeModulesPath);\n\n workspacePatterns.push(\n path.join(realPath, \"dist\", \"node\", subPath, \"index.mjs\"),\n path.join(realPath, \"dist\", \"node\", `${subPath}.mjs`),\n path.join(realPath, \"dist\", subPath, \"index.js\"),\n path.join(realPath, \"dist\", `${subPath}.js`),\n path.join(realPath, subPath, \"index.js\"),\n path.join(realPath, `${subPath}.js`),\n );\n }\n } catch {\n // Continue to next attempt\n }\n }\n\n return workspacePatterns;\n}\n\n/**\n * Generates common workspace pattern paths\n */\nfunction getCommonWorkspacePaths(\n packageName: string,\n subPath: string,\n): string[] {\n const packageBaseName = packageName.includes(\"/\")\n ? packageName.split(\"/\").pop()\n : packageName;\n const commonRoots = [process.cwd(), path.dirname(process.cwd())];\n\n const workspacePatterns: string[] = [];\n for (const root of commonRoots) {\n workspacePatterns.push(\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n \"node\",\n subPath,\n \"index.mjs\",\n ),\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n \"node\",\n `${subPath}.mjs`,\n ),\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n subPath,\n \"index.js\",\n ),\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n `${subPath}.js`,\n ),\n );\n }\n\n return workspacePatterns;\n}\n\n/**\n * Attempts to import from a list of workspace patterns\n */\nasync function tryWorkspacePatterns<T>(patterns: string[]): Promise<T | null> {\n for (const workspacePath of patterns) {\n try {\n return (await import(/* @vite-ignore */ workspacePath)) as T;\n } catch {\n // Continue to next attempt\n }\n }\n\n return null;\n}\n\n/**\n * Attempts to resolve linked packages using various fallback strategies\n */\nexport async function resolveLinkedPackage<T>(\n packageName: string,\n subPath: string,\n): Promise<T | null> {\n // Try Node.js suggested paths first\n let result = await tryNodeSuggestedPaths<T>(packageName, subPath);\n if (result) return result;\n\n // Try import.meta.resolve\n result = await tryImportMetaResolve<T>(packageName, subPath);\n if (result) return result;\n\n // Try symlink resolution\n const symlinkPaths = await resolveSymlinkedPaths(packageName, subPath);\n result = await tryWorkspacePatterns<T>(symlinkPaths);\n if (result) return result;\n\n // Try common workspace patterns as final fallback\n const commonPaths = getCommonWorkspacePaths(packageName, subPath);\n result = await tryWorkspacePatterns<T>(commonPaths);\n if (result) return result;\n\n return null;\n}\n","import type {\n ProcessorFactoryBuilder,\n SubgraphClass,\n} from \"@powerhousedao/reactor-api\";\nimport type { DocumentModelModule } from \"@powerhousedao/shared/document-model\";\nimport { childLogger } from \"document-model\";\nimport { execSync } from \"node:child_process\";\nimport path from \"node:path\";\nimport { resolveLinkedPackage } from \"./import-resolver.js\";\n\n// Define the expected module export structures\ntype DocumentModelsExport = Record<string, DocumentModelModule>;\ntype SubgraphsExport = Record<string, Record<string, SubgraphClass>>;\ntype ProcessorsExport = {\n processorFactory?: ProcessorFactoryBuilder;\n processorFactoryLegacy?: ProcessorFactoryBuilder;\n};\n\nconst _logger = childLogger([\"reactor-api\", \"packages/util\"]);\n\nexport const installPackages = (packages: string[]): Promise<void> => {\n for (const packageName of packages) {\n execSync(`ph install ${packageName}`);\n }\n return Promise.resolve();\n};\n\nexport const readManifest = () => {\n const manifest = execSync(`ph manifest`).toString();\n return manifest;\n};\n\n/**\n * Tries to import document models from a package. This function cannot throw.\n */\nexport async function loadDocumentModels(\n packageName: string,\n): Promise<DocumentModelsExport | null> {\n return loadDependency(packageName, \"document-models\");\n}\n\n/**\n * Tries to import subgraphs from a package. This function cannot throw.\n */\nexport async function loadSubgraphs(\n packageName: string,\n): Promise<SubgraphsExport | null> {\n return loadDependency(packageName, \"subgraphs\");\n}\n\n/**\n * Tries to import processors from a package. This function cannot throw.\n */\nexport async function loadProcessors(\n packageName: string,\n): Promise<ProcessorsExport | null> {\n return loadDependency(packageName, \"processors\");\n}\n\n/**\n * Generic dependency loader - tries to import a dependency from a package. This function cannot throw.\n * Returns null if the dependency cannot be loaded.\n */\nasync function loadDependency<T = unknown>(\n packageName: string,\n subPath: string,\n): Promise<T> {\n const fullPath = `${packageName}/${subPath}`;\n\n // Try the standard import first\n try {\n // vite does not support this, but that's okay as we have provided the\n // vite-loader for this purpose\n\n const module = (await import(/* @vite-ignore */ fullPath)) as T;\n return module;\n } catch (e) {\n // Handle module not found errors with fallback resolution\n if (\n e instanceof Error &&\n \"code\" in e &&\n (e.code === \"ERR_MODULE_NOT_FOUND\" ||\n e.code === \"ERR_UNSUPPORTED_DIR_IMPORT\")\n ) {\n const result = await resolveLinkedPackage<T>(packageName, subPath);\n if (result) return result;\n }\n throw e;\n }\n}\n\nexport function debounce<T extends unknown[], R>(\n func: (...args: T) => Promise<R>,\n delay = 250,\n) {\n let timer: number;\n return (immediate = false, ...args: T) => {\n if (timer) {\n clearTimeout(timer);\n }\n return new Promise<R>((resolve, reject) => {\n if (immediate) {\n func(...args)\n .then(resolve)\n .catch(reject);\n } else {\n timer = setTimeout(() => {\n func(...args)\n .then(resolve)\n .catch(reject);\n }, delay) as unknown as number;\n }\n });\n };\n}\n\nexport function isSubpath(parent: string, dir: string) {\n const relative = path.relative(parent, dir);\n return relative && !relative.startsWith(\"..\") && !path.isAbsolute(relative);\n}\n","import type {\n GqlDocument,\n GqlDriveDocument,\n GqlOperation,\n SubgraphClass,\n} from \"@powerhousedao/reactor-api\";\nimport type { DocumentDriveDocument } from \"@powerhousedao/shared/document-drive\";\nimport type {\n Operation,\n PHDocument,\n} from \"@powerhousedao/shared/document-model\";\nimport { BaseSubgraph } from \"./base-subgraph.js\";\n\nexport function isSubgraphClass(\n candidate: unknown,\n): candidate is SubgraphClass {\n if (typeof candidate !== \"function\") return false;\n\n let proto: unknown = Object.getPrototypeOf(candidate);\n while (proto) {\n if (Object.prototype.isPrototypeOf.call(proto, BaseSubgraph)) return true;\n\n proto = Object.getPrototypeOf(proto);\n }\n\n return false;\n}\n\nexport function buildGraphqlOperations(\n operations: Operation[],\n skip: number,\n first: number,\n): GqlOperation[] {\n return operations.slice(skip, skip + first).map(buildGraphqlOperation);\n}\n\nexport function buildGraphqlOperation(operation: Operation): GqlOperation {\n const signer = operation.action.context?.signer;\n return {\n id: operation.id ?? \"\",\n type: operation.action.type,\n index: operation.index,\n timestampUtcMs: operation.timestampUtcMs,\n hash: operation.hash,\n skip: operation.skip,\n inputText:\n typeof operation.action.input === \"string\"\n ? operation.action.input\n : JSON.stringify(operation.action.input),\n error: operation.error,\n context: {\n signer: signer\n ? {\n user: signer.user,\n app: signer.app,\n signatures: signer.signatures.map((sig) =>\n Array.isArray(sig) ? sig.join(\", \") : sig,\n ),\n }\n : undefined,\n },\n };\n}\n\nexport function buildGraphQlDocument(doc: PHDocument): GqlDocument {\n // Return full state with all scopes (auth, document, global, local)\n // This matches the ReactorSubgraph pattern in adapters.ts\n const state = doc.state;\n const initialState = doc.initialState;\n // For stateJSON, use global state for backward compatibility\n const globalState = \"global\" in doc.state ? doc.state.global : {};\n return {\n id: doc.header.id,\n name: doc.header.name,\n documentType: doc.header.documentType,\n revision: doc.header.revision.global || 0,\n createdAtUtcIso: doc.header.createdAtUtcIso,\n lastModifiedAtUtcIso: doc.header.lastModifiedAtUtcIso,\n operations: [],\n stateJSON: globalState as JSON,\n state,\n initialState,\n };\n}\n\nexport function buildGraphQlDriveDocument(\n doc: DocumentDriveDocument,\n): GqlDriveDocument {\n const gqlDoc = buildGraphQlDocument(doc);\n return {\n ...gqlDoc,\n meta: {\n preferredEditor: doc.header.meta?.preferredEditor,\n },\n slug: doc.header.slug,\n state: doc.state.global,\n initialState: doc.state.global,\n };\n}\n"],"names":["#permissionCanWrite"],"mappings":";;;;;;;AAKA,MAAa,sBAAsB;CACjC,MAAM;CACN,YAAY;CACZ,sBAAsB;CACvB;;AAoDD,IAAe,2BAAf,MAAyE;CACvE,YAAY,QAAsC;AAA7B,OAAA,SAAA;;CAErB,eAAe,aAA+B;AAC5C,MAAI,CAAC,YAAa,QAAO;AACzB,SAAO,KAAK,OAAO,OAAO,SAAS,YAAY,aAAa,CAAC;;;;AA8BjE,IAAM,2BAAN,cAAuC,yBAAyB;CAC9D,iBAA0B;AACxB,SAAO;;CAGT,UAA4B;AAC1B,SAAO,QAAQ,QAAQ,KAAK;;CAG9B,WAA6B;AAC3B,SAAO,QAAQ,QAAQ,KAAK;;CAG9B,YAA8B;AAC5B,SAAO,QAAQ,QAAQ,KAAK;;CAG9B,YAA8B;AAC5B,SAAO,QAAQ,QAAQ,KAAK;;;;AAKhC,IAAM,gCAAN,cAA4C,yBAAyB;CACnE,QAAQ,aAAqB,aAAwC;AACnE,SAAO,QAAQ,QAAQ,KAAK,eAAe,YAAY,CAAC;;CAG1D,SAAS,aAAqB,aAAwC;AACpE,SAAO,QAAQ,QAAQ,KAAK,eAAe,YAAY,CAAC;;CAG1D,UAAU,aAAqB,aAAwC;AACrE,SAAO,QAAQ,QAAQ,KAAK,eAAe,YAAY,CAAC;;CAG1D,UACE,aACA,gBACA,aACkB;AAClB,SAAO,QAAQ,QAAQ,KAAK,eAAe,YAAY,CAAC;;;;AAK5D,IAAM,0CAAN,cAAsD,yBAAyB;CAC7E,YACE,aACA,QACA;AACA,QAAM,OAAO;AAHI,OAAA,cAAA;;CAMnB,MAAM,QACJ,YACA,aACA,cACkB;AAClB,MAAI,KAAK,eAAe,YAAY,CAAE,QAAO;AAS7C,MAAI,EAPgB,eAChB,MAAM,KAAK,YAAY,yBACrB,YACA,aACD,GACD,MAAM,KAAK,YAAY,oBAAoB,WAAW,EAExC,QAAO;AACzB,MAAI,CAAC,YAAa,QAAO;EAEzB,MAAM,QAAQ,MAAM,KAAK,YAAY,iBAAiB,WAAW;AACjE,MAAI,SAAS,UAAU,YAAY,aAAa,CAAE,QAAO;AAEzD,MAAI,aACF,QAAO,KAAK,YAAY,QAAQ,YAAY,aAAa,aAAa;AAExE,SAAO,KAAK,YAAY,gBAAgB,YAAY,YAAY;;CAGlE,MAAM,SACJ,YACA,aACA,cACkB;AAClB,MAAI,KAAK,eAAe,YAAY,CAAE,QAAO;AAC7C,SAAO,MAAA,mBAAyB,YAAY,aAAa,aAAa;;CAGxE,MAAM,UAAU,YAAoB,aAAwC;AAC1E,MAAI,KAAK,eAAe,YAAY,CAAE,QAAO;AAC7C,MAAI,CAAC,YAAa,QAAO;EAEzB,MAAM,QAAQ,MAAM,KAAK,YAAY,iBAAiB,WAAW;AACjE,MAAI,SAAS,UAAU,YAAY,aAAa,CAAE,QAAO;AAEzD,SAAO,KAAK,YAAY,kBAAkB,YAAY,YAAY;;CAGpE,MAAM,UACJ,YACA,eACA,aACA,cACkB;AAClB,MAAI,KAAK,eAAe,YAAY,CAAE,QAAO;AAO7C,MALqB,MAAM,KAAK,YAAY,sBAC1C,YACA,cACD,CAGC,QAAO,KAAK,YAAY,oBACtB,YACA,eACA,aAAa,aAAa,CAC3B;AAGH,SAAO,MAAA,mBAAyB,YAAY,aAAa,aAAa;;CAGxE,OAAA,mBACE,YACA,aACA,cACkB;AAQlB,MAAI,EAPgB,eAChB,MAAM,KAAK,YAAY,yBACrB,YACA,aACD,GACD,MAAM,KAAK,YAAY,oBAAoB,WAAW,EAExC,QAAO;AACzB,MAAI,CAAC,YAAa,QAAO;EAEzB,MAAM,QAAQ,MAAM,KAAK,YAAY,iBAAiB,WAAW;AACjE,MAAI,SAAS,UAAU,YAAY,aAAa,CAAE,QAAO;AAEzD,MAAI,aACF,QAAO,KAAK,YAAY,SAAS,YAAY,aAAa,aAAa;AAEzE,SAAO,KAAK,YAAY,iBAAiB,YAAY,YAAY;;;;;;;AAQrE,SAAgB,2BACd,QACA,2BACuB;AACvB,KAAI,OAAO,WAAW,oBAAoB,KACxC,QAAO,IAAI,yBAAyB,OAAO;AAE7C,KAAI,OAAO,WAAW,oBAAoB,WACxC,QAAO,IAAI,8BAA8B,OAAO;AAElD,KAAI,CAAC,0BACH,OAAM,IAAI,MACR,4EACD;AAEH,QAAO,IAAI,wCACT,2BACA,OACD;;;;ACnPH,IAAa,eAAb,MAA+C;CAC7C,OAAO;CACP,OAAO;CACP,YAAiC,EAC/B,OAAO,EACL,aAAa,KAAK,MACnB,EACF;CACD,WAAyB,GAAG;;;;;CAK5B;CACA;CACA;CACA;CACA;CACA;CAEA,YAAY,MAAoB;AAC9B,OAAK,gBAAgB,KAAK;AAC1B,OAAK,iBAAiB,KAAK;AAC3B,OAAK,eAAe,KAAK;AACzB,OAAK,cAAc,KAAK;AACxB,OAAK,4BAA4B,KAAK;AACtC,OAAK,uBAAuB,KAAK;AACjC,OAAK,OAAO,KAAK,QAAQ;;CAG3B,MAAM,UAAU;CAQhB,iBAA2C;AACzC,SAAO,OAAO,eAA0C;AACtD,OAAI;AAKF,YAJe,MAAM,KAAK,cAAc,yBACtC,YACA,QACD,EACa,QAAQ,KAAK,QAAQ,IAAI,OAAO,GAAG;WAC3C;AACN,WAAO,EAAE;;;;CAKf,MAAgB,gBACd,YACA,KACkB;AAClB,SAAO,KAAK,qBAAqB,QAC/B,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB;;CAGH,MAAgB,cACd,YACA,KACe;AAMf,MAAI,CALY,MAAM,KAAK,qBAAqB,QAC9C,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB,CAEC,OAAM,IAAI,aACR,4DACD;;CAIL,MAAgB,eACd,YACA,KACe;AAMf,MAAI,CALa,MAAM,KAAK,qBAAqB,SAC/C,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB,CAEC,OAAM,IAAI,aACR,gEACD;;CAIL,MAAgB,0BACd,YACA,eACA,KACe;AAOf,MAAI,CANc,MAAM,KAAK,qBAAqB,UAChD,YACA,eACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB,CAEC,OAAM,IAAI,aACR,6DAA6D,cAAc,oBAC5E;;CAIL,gBAA0B,KAAoB;EAC5C,MAAM,SAAS,KAAK,qBAAqB,OAAO;AAChD,MAAI,WAAW,oBAAoB,KAAM;AACzC,MAAI,KAAK,qBAAqB,eAAe,IAAI,MAAM,QAAQ,CAAE;AACjE,MAAI,WAAW,oBAAoB,WACjC,OAAM,IAAI,aACR,0DACD;AAEH,MAAI,CAAC,IAAI,MAAM,QACb,OAAM,IAAI,aACR,yDACD;;;;;;;;AC/IP,eAAe,sBACb,aACA,SACmB;CACnB,MAAM,iBAAiB;EACrB,GAAG,YAAY,aAAa,QAAQ;EACpC,GAAG,YAAY,aAAa,QAAQ;EACpC,GAAG,YAAY,QAAQ,QAAQ;EAC/B,GAAG,YAAY,QAAQ,QAAQ;EAChC;AAED,MAAK,MAAM,iBAAiB,eAC1B,KAAI;AACF,SAAQ,MAAM;;GAA0B;;SAClC;AAKV,QAAO;;;;;AAMT,eAAe,qBACb,aACA,SACmB;AACnB,KAAI;EACF,MAAM,cAAc,OAAO,KAAK,UAAU,GAAG,YAAY,eAAe;AACxE,MAAI,CAAC,YAAa,QAAO;EAEzB,MAAM,cAAc,KAAK,QAAQ,IAAI,IAAI,YAAY,CAAC,SAAS;EAC/D,MAAM,aAAa;GACjB,KAAK,KAAK,aAAa,QAAQ,QAAQ,SAAS,YAAY;GAC5D,KAAK,KAAK,aAAa,QAAQ,QAAQ,GAAG,QAAQ,MAAM;GACxD,KAAK,KAAK,aAAa,QAAQ,SAAS,WAAW;GACnD,KAAK,KAAK,aAAa,QAAQ,GAAG,QAAQ,KAAK;GAC/C,KAAK,KAAK,aAAa,SAAS,WAAW;GAC3C,KAAK,KAAK,aAAa,GAAG,QAAQ,KAAK;GACxC;AAED,OAAK,MAAM,eAAe,WACxB,KAAI;AACF,UAAQ,MAAM;;IAA0B;;UAClC;SAIJ;AAIR,QAAO;;;;;AAMT,eAAe,sBACb,aACA,SACmB;CACnB,MAAM,kBAAkB,YAAY,SAAS,IAAI,GAC7C,YAAY,MAAM,IAAI,CAAC,KAAK,GAC5B;CACJ,MAAM,sBAAsB,CAC1B,KAAK,KAAK,QAAQ,KAAK,EAAE,gBAAgB,YAAY,EACrD,KAAK,KAAK,QAAQ,KAAK,EAAE,gBAAgB,mBAAmB,YAAY,CACzE;CAED,MAAM,oBAA8B,EAAE;AAEtC,MAAK,MAAM,mBAAmB,oBAC5B,KAAI;EACF,MAAM,KAAK,MAAM,OAAO;AACxB,MAAI,GAAG,WAAW,gBAAgB,EAAE;GAClC,MAAM,WAAW,GAAG,aAAa,gBAAgB;AAEjD,qBAAkB,KAChB,KAAK,KAAK,UAAU,QAAQ,QAAQ,SAAS,YAAY,EACzD,KAAK,KAAK,UAAU,QAAQ,QAAQ,GAAG,QAAQ,MAAM,EACrD,KAAK,KAAK,UAAU,QAAQ,SAAS,WAAW,EAChD,KAAK,KAAK,UAAU,QAAQ,GAAG,QAAQ,KAAK,EAC5C,KAAK,KAAK,UAAU,SAAS,WAAW,EACxC,KAAK,KAAK,UAAU,GAAG,QAAQ,KAAK,CACrC;;SAEG;AAKV,QAAO;;;;;AAMT,SAAS,wBACP,aACA,SACU;CACV,MAAM,kBAAkB,YAAY,SAAS,IAAI,GAC7C,YAAY,MAAM,IAAI,CAAC,KAAK,GAC5B;CACJ,MAAM,cAAc,CAAC,QAAQ,KAAK,EAAE,KAAK,QAAQ,QAAQ,KAAK,CAAC,CAAC;CAEhE,MAAM,oBAA8B,EAAE;AACtC,MAAK,MAAM,QAAQ,YACjB,mBAAkB,KAChB,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,QACA,SACA,YACD,EACD,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,QACA,GAAG,QAAQ,MACZ,EACD,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,SACA,WACD,EACD,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,GAAG,QAAQ,KACZ,CACF;AAGH,QAAO;;;;;AAMT,eAAe,qBAAwB,UAAuC;AAC5E,MAAK,MAAM,iBAAiB,SAC1B,KAAI;AACF,SAAQ,MAAM;;GAA0B;;SAClC;AAKV,QAAO;;;;;AAMT,eAAsB,qBACpB,aACA,SACmB;CAEnB,IAAI,SAAS,MAAM,sBAAyB,aAAa,QAAQ;AACjE,KAAI,OAAQ,QAAO;AAGnB,UAAS,MAAM,qBAAwB,aAAa,QAAQ;AAC5D,KAAI,OAAQ,QAAO;AAInB,UAAS,MAAM,qBADM,MAAM,sBAAsB,aAAa,QAAQ,CAClB;AACpD,KAAI,OAAQ,QAAO;AAInB,UAAS,MAAM,qBADK,wBAAwB,aAAa,QAAQ,CACd;AACnD,KAAI,OAAQ,QAAO;AAEnB,QAAO;;;;ACjLO,YAAY,CAAC,eAAe,gBAAgB,CAAC;;;;AAiB7D,eAAsB,mBACpB,aACsC;AACtC,QAAO,eAAe,aAAa,kBAAkB;;;;;AAMvD,eAAsB,cACpB,aACiC;AACjC,QAAO,eAAe,aAAa,YAAY;;;;;AAMjD,eAAsB,eACpB,aACkC;AAClC,QAAO,eAAe,aAAa,aAAa;;;;;;AAOlD,eAAe,eACb,aACA,SACY;CACZ,MAAM,WAAW,GAAG,YAAY,GAAG;AAGnC,KAAI;AAKF,SADgB,MAAM;;GAA0B;;UAEzC,GAAG;AAEV,MACE,aAAa,SACb,UAAU,MACT,EAAE,SAAS,0BACV,EAAE,SAAS,+BACb;GACA,MAAM,SAAS,MAAM,qBAAwB,aAAa,QAAQ;AAClE,OAAI,OAAQ,QAAO;;AAErB,QAAM;;;AAIV,SAAgB,SACd,MACA,QAAQ,KACR;CACA,IAAI;AACJ,SAAQ,YAAY,OAAO,GAAG,SAAY;AACxC,MAAI,MACF,cAAa,MAAM;AAErB,SAAO,IAAI,SAAY,SAAS,WAAW;AACzC,OAAI,UACF,MAAK,GAAG,KAAK,CACV,KAAK,QAAQ,CACb,MAAM,OAAO;OAEhB,SAAQ,iBAAiB;AACvB,SAAK,GAAG,KAAK,CACV,KAAK,QAAQ,CACb,MAAM,OAAO;MACf,MAAM;IAEX;;;AAIN,SAAgB,UAAU,QAAgB,KAAa;CACrD,MAAM,WAAW,KAAK,SAAS,QAAQ,IAAI;AAC3C,QAAO,YAAY,CAAC,SAAS,WAAW,KAAK,IAAI,CAAC,KAAK,WAAW,SAAS;;;;ACzG7E,SAAgB,gBACd,WAC4B;AAC5B,KAAI,OAAO,cAAc,WAAY,QAAO;CAE5C,IAAI,QAAiB,OAAO,eAAe,UAAU;AACrD,QAAO,OAAO;AACZ,MAAI,OAAO,UAAU,cAAc,KAAK,OAAO,aAAa,CAAE,QAAO;AAErE,UAAQ,OAAO,eAAe,MAAM;;AAGtC,QAAO;;AAGT,SAAgB,uBACd,YACA,MACA,OACgB;AAChB,QAAO,WAAW,MAAM,MAAM,OAAO,MAAM,CAAC,IAAI,sBAAsB;;AAGxE,SAAgB,sBAAsB,WAAoC;CACxE,MAAM,SAAS,UAAU,OAAO,SAAS;AACzC,QAAO;EACL,IAAI,UAAU,MAAM;EACpB,MAAM,UAAU,OAAO;EACvB,OAAO,UAAU;EACjB,gBAAgB,UAAU;EAC1B,MAAM,UAAU;EAChB,MAAM,UAAU;EAChB,WACE,OAAO,UAAU,OAAO,UAAU,WAC9B,UAAU,OAAO,QACjB,KAAK,UAAU,UAAU,OAAO,MAAM;EAC5C,OAAO,UAAU;EACjB,SAAS,EACP,QAAQ,SACJ;GACE,MAAM,OAAO;GACb,KAAK,OAAO;GACZ,YAAY,OAAO,WAAW,KAAK,QACjC,MAAM,QAAQ,IAAI,GAAG,IAAI,KAAK,KAAK,GAAG,IACvC;GACF,GACD,KAAA,GACL;EACF;;AAGH,SAAgB,qBAAqB,KAA8B;CAGjE,MAAM,QAAQ,IAAI;CAClB,MAAM,eAAe,IAAI;CAEzB,MAAM,cAAc,YAAY,IAAI,QAAQ,IAAI,MAAM,SAAS,EAAE;AACjE,QAAO;EACL,IAAI,IAAI,OAAO;EACf,MAAM,IAAI,OAAO;EACjB,cAAc,IAAI,OAAO;EACzB,UAAU,IAAI,OAAO,SAAS,UAAU;EACxC,iBAAiB,IAAI,OAAO;EAC5B,sBAAsB,IAAI,OAAO;EACjC,YAAY,EAAE;EACd,WAAW;EACX;EACA;EACD;;AAGH,SAAgB,0BACd,KACkB;AAElB,QAAO;EACL,GAFa,qBAAqB,IAAI;EAGtC,MAAM,EACJ,iBAAiB,IAAI,OAAO,MAAM,iBACnC;EACD,MAAM,IAAI,OAAO;EACjB,OAAO,IAAI,MAAM;EACjB,cAAc,IAAI,MAAM;EACzB","debug_id":"143f3840-f36d-5b22-91f1-5b5328f2e537"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@powerhousedao/reactor-api",
3
- "version": "6.2.0-dev.4",
3
+ "version": "6.2.0-dev.6",
4
4
  "description": "",
5
5
  "type": "module",
6
6
  "repository": {
@@ -65,18 +65,18 @@
65
65
  "read-pkg": "10.1.0",
66
66
  "ws": "^8.18.3",
67
67
  "zod": "4.3.6",
68
- "@powerhousedao/analytics-engine-core": "6.2.0-dev.4",
69
- "@powerhousedao/analytics-engine-graphql": "6.2.0-dev.4",
70
- "@powerhousedao/config": "6.2.0-dev.4",
71
- "@powerhousedao/analytics-engine-pg": "6.2.0-dev.4",
72
- "@powerhousedao/pglite-fs": "6.2.0-dev.4",
73
- "@powerhousedao/reactor": "6.2.0-dev.4",
74
- "@powerhousedao/reactor-drive": "6.2.0-dev.4",
75
- "@powerhousedao/reactor-mcp": "6.2.0-dev.4",
76
- "@powerhousedao/reactor-attachments": "6.2.0-dev.4",
77
- "@powerhousedao/shared": "6.2.0-dev.4",
78
- "@renown/sdk": "6.2.0-dev.4",
79
- "document-model": "6.2.0-dev.4"
68
+ "@powerhousedao/analytics-engine-core": "6.2.0-dev.6",
69
+ "@powerhousedao/config": "6.2.0-dev.6",
70
+ "@powerhousedao/analytics-engine-pg": "6.2.0-dev.6",
71
+ "@powerhousedao/pglite-fs": "6.2.0-dev.6",
72
+ "@powerhousedao/analytics-engine-graphql": "6.2.0-dev.6",
73
+ "@powerhousedao/reactor-attachments": "6.2.0-dev.6",
74
+ "@powerhousedao/reactor-drive": "6.2.0-dev.6",
75
+ "@powerhousedao/shared": "6.2.0-dev.6",
76
+ "@powerhousedao/reactor": "6.2.0-dev.6",
77
+ "@renown/sdk": "6.2.0-dev.6",
78
+ "@powerhousedao/reactor-mcp": "6.2.0-dev.6",
79
+ "document-model": "6.2.0-dev.6"
80
80
  },
81
81
  "devDependencies": {
82
82
  "@fastify/cors": "^11.0.1",
package/dist/utils-BFkbSO_H.mjs.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"utils-BFkbSO_H.mjs","sources":["../src/graphql/base-subgraph.ts","../src/packages/import-resolver.ts","../src/packages/util.ts","../src/graphql/utils.ts"],"sourcesContent":["import type {\n IReactorClient,\n IRelationalDb,\n ISyncManager,\n} from \"@powerhousedao/reactor\";\nimport type {\n GraphQLManager,\n ISubgraph,\n SubgraphArgs,\n} from \"@powerhousedao/reactor-api\";\nimport type { DocumentNode } from \"graphql\";\nimport { GraphQLError } from \"graphql\";\nimport { gql } from \"graphql-tag\";\nimport type { AuthorizationService } from \"../services/authorization.service.js\";\nimport type {\n DocumentPermissionService,\n GetParentIdsFn,\n} from \"../services/document-permission.service.js\";\nimport type { Context } from \"./types.js\";\n\nexport class BaseSubgraph implements ISubgraph {\n name = \"example\";\n path = \"\";\n resolvers: Record<string, any> = {\n Query: {\n hello: () => this.name,\n },\n };\n typeDefs: DocumentNode = gql`\n type Query {\n hello: String\n }\n `;\n reactorClient: IReactorClient;\n graphqlManager: GraphQLManager;\n relationalDb: IRelationalDb;\n syncManager: ISyncManager;\n documentPermissionService?: DocumentPermissionService;\n authorizationService?: AuthorizationService;\n\n constructor(args: SubgraphArgs) {\n this.reactorClient = args.reactorClient;\n this.graphqlManager = args.graphqlManager;\n this.relationalDb = args.relationalDb;\n this.syncManager = args.syncManager;\n this.documentPermissionService = args.documentPermissionService;\n this.authorizationService = args.authorizationService;\n this.path = args.path ?? \"\";\n }\n\n async onSetup() {\n // noop\n }\n\n // ============================================\n // Shared permission helpers\n // ============================================\n\n protected getParentIdsFn(): GetParentIdsFn {\n return async (documentId: string): Promise<string[]> => {\n try {\n const result = await this.reactorClient.getIncomingRelationships(\n documentId,\n \"child\",\n );\n return result.results.map((doc) => doc.header.id);\n } catch {\n return [];\n }\n };\n }\n\n protected hasGlobalAdminAccess(ctx: Context): boolean {\n return !!ctx.isAdmin?.(ctx.user?.address ?? \"\");\n }\n\n protected async canReadDocument(\n documentId: string,\n ctx: Context,\n ): Promise<boolean> {\n if (this.authorizationService) {\n return this.authorizationService.canRead(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n }\n if (this.hasGlobalAdminAccess(ctx)) return true;\n if (this.documentPermissionService) {\n return this.documentPermissionService.canRead(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n }\n return false;\n }\n\n protected async assertCanRead(\n documentId: string,\n ctx: Context,\n ): Promise<void> {\n if (this.authorizationService) {\n const canRead = await this.authorizationService.canRead(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n if (!canRead) {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to read this document\",\n );\n }\n return;\n }\n // Legacy fallback\n if (!this.hasGlobalAdminAccess(ctx)) {\n if (this.documentPermissionService) {\n const canRead = await this.documentPermissionService.canRead(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n if (!canRead) {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to read this document\",\n );\n }\n } else {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to read this document\",\n );\n }\n }\n }\n\n protected async assertCanWrite(\n documentId: string,\n ctx: Context,\n ): Promise<void> {\n if (this.authorizationService) {\n const canWrite = await this.authorizationService.canWrite(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n if (!canWrite) {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to write to this document\",\n );\n }\n return;\n }\n // Legacy fallback\n if (!this.hasGlobalAdminAccess(ctx)) {\n if (this.documentPermissionService) {\n const canWrite = await this.documentPermissionService.canWrite(\n documentId,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n if (!canWrite) {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to write to this document\",\n );\n }\n } else {\n throw new GraphQLError(\n \"Forbidden: insufficient permissions to write to this document\",\n );\n }\n }\n }\n\n protected async assertCanExecuteOperation(\n documentId: string,\n operationType: string,\n ctx: Context,\n ): Promise<void> {\n if (this.authorizationService) {\n const canMutate = await this.authorizationService.canMutate(\n documentId,\n operationType,\n ctx.user?.address,\n this.getParentIdsFn(),\n );\n if (!canMutate) {\n throw new GraphQLError(\n `Forbidden: insufficient permissions to execute operation \"${operationType}\" on this document`,\n );\n }\n return;\n }\n // Legacy fallback\n if (!this.documentPermissionService) return;\n if (ctx.isAdmin?.(ctx.user?.address ?? \"\")) return;\n const isRestricted =\n await this.documentPermissionService.isOperationRestricted(\n documentId,\n operationType,\n );\n if (isRestricted) {\n const canExecute =\n await this.documentPermissionService.canExecuteOperation(\n documentId,\n operationType,\n ctx.user?.address,\n );\n if (!canExecute) {\n throw new GraphQLError(\n `Forbidden: insufficient permissions to execute operation \"${operationType}\" on this document`,\n );\n }\n }\n }\n}\n","import path from \"node:path\";\n\n/**\n * Attempts to import from suggested Node.js paths\n */\nasync function tryNodeSuggestedPaths<T>(\n packageName: string,\n subPath: string,\n): Promise<T | null> {\n const suggestedPaths = [\n `${packageName}/dist/node/${subPath}/index.mjs`,\n `${packageName}/dist/node/${subPath}.mjs`,\n `${packageName}/dist/${subPath}/index.js`,\n `${packageName}/dist/${subPath}.js`,\n ];\n\n for (const suggestedPath of suggestedPaths) {\n try {\n return (await import(/* @vite-ignore */ suggestedPath)) as T;\n } catch {\n // Continue to next attempt\n }\n }\n\n return null;\n}\n\n/**\n * Attempts to resolve package using import.meta.resolve\n */\nasync function tryImportMetaResolve<T>(\n packageName: string,\n subPath: string,\n): Promise<T | null> {\n try {\n const resolvedUrl = import.meta.resolve?.(`${packageName}/package.json`);\n if (!resolvedUrl) return null;\n\n const packageRoot = path.dirname(new URL(resolvedUrl).pathname);\n const pathsToTry = [\n path.join(packageRoot, \"dist\", \"node\", subPath, \"index.mjs\"),\n path.join(packageRoot, \"dist\", \"node\", `${subPath}.mjs`),\n path.join(packageRoot, \"dist\", subPath, \"index.js\"),\n path.join(packageRoot, \"dist\", `${subPath}.js`),\n path.join(packageRoot, subPath, \"index.js\"),\n path.join(packageRoot, `${subPath}.js`),\n ];\n\n for (const attemptPath of pathsToTry) {\n try {\n return (await import(/* @vite-ignore */ attemptPath)) as T;\n } catch {\n // Continue to next attempt\n }\n }\n } catch {\n // import.meta.resolve failed\n }\n\n return null;\n}\n\n/**\n * Resolves symlinks in node_modules to find the real package location\n */\nasync function resolveSymlinkedPaths(\n packageName: string,\n subPath: string,\n): Promise<string[]> {\n const packageBaseName = packageName.includes(\"/\")\n ? packageName.split(\"/\").pop()\n : packageName;\n const nodeModulesPatterns = [\n path.join(process.cwd(), \"node_modules\", packageName),\n path.join(process.cwd(), \"node_modules\", packageBaseName || packageName),\n ];\n\n const workspacePatterns: string[] = [];\n\n for (const nodeModulesPath of nodeModulesPatterns) {\n try {\n const fs = await import(\"node:fs\");\n if (fs.existsSync(nodeModulesPath)) {\n const realPath = fs.realpathSync(nodeModulesPath);\n\n workspacePatterns.push(\n path.join(realPath, \"dist\", \"node\", subPath, \"index.mjs\"),\n path.join(realPath, \"dist\", \"node\", `${subPath}.mjs`),\n path.join(realPath, \"dist\", subPath, \"index.js\"),\n path.join(realPath, \"dist\", `${subPath}.js`),\n path.join(realPath, subPath, \"index.js\"),\n path.join(realPath, `${subPath}.js`),\n );\n }\n } catch {\n // Continue to next attempt\n }\n }\n\n return workspacePatterns;\n}\n\n/**\n * Generates common workspace pattern paths\n */\nfunction getCommonWorkspacePaths(\n packageName: string,\n subPath: string,\n): string[] {\n const packageBaseName = packageName.includes(\"/\")\n ? packageName.split(\"/\").pop()\n : packageName;\n const commonRoots = [process.cwd(), path.dirname(process.cwd())];\n\n const workspacePatterns: string[] = [];\n for (const root of commonRoots) {\n workspacePatterns.push(\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n \"node\",\n subPath,\n \"index.mjs\",\n ),\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n \"node\",\n `${subPath}.mjs`,\n ),\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n subPath,\n \"index.js\",\n ),\n path.join(\n root,\n \"packages\",\n packageBaseName || packageName,\n \"dist\",\n `${subPath}.js`,\n ),\n );\n }\n\n return workspacePatterns;\n}\n\n/**\n * Attempts to import from a list of workspace patterns\n */\nasync function tryWorkspacePatterns<T>(patterns: string[]): Promise<T | null> {\n for (const workspacePath of patterns) {\n try {\n return (await import(/* @vite-ignore */ workspacePath)) as T;\n } catch {\n // Continue to next attempt\n }\n }\n\n return null;\n}\n\n/**\n * Attempts to resolve linked packages using various fallback strategies\n */\nexport async function resolveLinkedPackage<T>(\n packageName: string,\n subPath: string,\n): Promise<T | null> {\n // Try Node.js suggested paths first\n let result = await tryNodeSuggestedPaths<T>(packageName, subPath);\n if (result) return result;\n\n // Try import.meta.resolve\n result = await tryImportMetaResolve<T>(packageName, subPath);\n if (result) return result;\n\n // Try symlink resolution\n const symlinkPaths = await resolveSymlinkedPaths(packageName, subPath);\n result = await tryWorkspacePatterns<T>(symlinkPaths);\n if (result) return result;\n\n // Try common workspace patterns as final fallback\n const commonPaths = getCommonWorkspacePaths(packageName, subPath);\n result = await tryWorkspacePatterns<T>(commonPaths);\n if (result) return result;\n\n return null;\n}\n","import type {\n ProcessorFactoryBuilder,\n SubgraphClass,\n} from \"@powerhousedao/reactor-api\";\nimport type { DocumentModelModule } from \"@powerhousedao/shared/document-model\";\nimport { childLogger } from \"document-model\";\nimport { execSync } from \"node:child_process\";\nimport path from \"node:path\";\nimport { resolveLinkedPackage } from \"./import-resolver.js\";\n\n// Define the expected module export structures\ntype DocumentModelsExport = Record<string, DocumentModelModule>;\ntype SubgraphsExport = Record<string, Record<string, SubgraphClass>>;\ntype ProcessorsExport = {\n processorFactory?: ProcessorFactoryBuilder;\n processorFactoryLegacy?: ProcessorFactoryBuilder;\n};\n\nconst _logger = childLogger([\"reactor-api\", \"packages/util\"]);\n\nexport const installPackages = (packages: string[]): Promise<void> => {\n for (const packageName of packages) {\n execSync(`ph install ${packageName}`);\n }\n return Promise.resolve();\n};\n\nexport const readManifest = () => {\n const manifest = execSync(`ph manifest`).toString();\n return manifest;\n};\n\n/**\n * Tries to import document models from a package. This function cannot throw.\n */\nexport async function loadDocumentModels(\n packageName: string,\n): Promise<DocumentModelsExport | null> {\n return loadDependency(packageName, \"document-models\");\n}\n\n/**\n * Tries to import subgraphs from a package. This function cannot throw.\n */\nexport async function loadSubgraphs(\n packageName: string,\n): Promise<SubgraphsExport | null> {\n return loadDependency(packageName, \"subgraphs\");\n}\n\n/**\n * Tries to import processors from a package. This function cannot throw.\n */\nexport async function loadProcessors(\n packageName: string,\n): Promise<ProcessorsExport | null> {\n return loadDependency(packageName, \"processors\");\n}\n\n/**\n * Generic dependency loader - tries to import a dependency from a package. This function cannot throw.\n * Returns null if the dependency cannot be loaded.\n */\nasync function loadDependency<T = unknown>(\n packageName: string,\n subPath: string,\n): Promise<T> {\n const fullPath = `${packageName}/${subPath}`;\n\n // Try the standard import first\n try {\n // vite does not support this, but that's okay as we have provided the\n // vite-loader for this purpose\n\n const module = (await import(/* @vite-ignore */ fullPath)) as T;\n return module;\n } catch (e) {\n // Handle module not found errors with fallback resolution\n if (\n e instanceof Error &&\n \"code\" in e &&\n (e.code === \"ERR_MODULE_NOT_FOUND\" ||\n e.code === \"ERR_UNSUPPORTED_DIR_IMPORT\")\n ) {\n const result = await resolveLinkedPackage<T>(packageName, subPath);\n if (result) return result;\n }\n throw e;\n }\n}\n\nexport function debounce<T extends unknown[], R>(\n func: (...args: T) => Promise<R>,\n delay = 250,\n) {\n let timer: number;\n return (immediate = false, ...args: T) => {\n if (timer) {\n clearTimeout(timer);\n }\n return new Promise<R>((resolve, reject) => {\n if (immediate) {\n func(...args)\n .then(resolve)\n .catch(reject);\n } else {\n timer = setTimeout(() => {\n func(...args)\n .then(resolve)\n .catch(reject);\n }, delay) as unknown as number;\n }\n });\n };\n}\n\nexport function isSubpath(parent: string, dir: string) {\n const relative = path.relative(parent, dir);\n return relative && !relative.startsWith(\"..\") && !path.isAbsolute(relative);\n}\n","import type {\n GqlDocument,\n GqlDriveDocument,\n GqlOperation,\n SubgraphClass,\n} from \"@powerhousedao/reactor-api\";\nimport type { DocumentDriveDocument } from \"@powerhousedao/shared/document-drive\";\nimport type {\n Operation,\n PHDocument,\n} from \"@powerhousedao/shared/document-model\";\nimport { BaseSubgraph } from \"./base-subgraph.js\";\n\nexport function isSubgraphClass(\n candidate: unknown,\n): candidate is SubgraphClass {\n if (typeof candidate !== \"function\") return false;\n\n let proto: unknown = Object.getPrototypeOf(candidate);\n while (proto) {\n if (Object.prototype.isPrototypeOf.call(proto, BaseSubgraph)) return true;\n\n proto = Object.getPrototypeOf(proto);\n }\n\n return false;\n}\n\nexport function buildGraphqlOperations(\n operations: Operation[],\n skip: number,\n first: number,\n): GqlOperation[] {\n return operations.slice(skip, skip + first).map(buildGraphqlOperation);\n}\n\nexport function buildGraphqlOperation(operation: Operation): GqlOperation {\n const signer = operation.action.context?.signer;\n return {\n id: operation.id ?? \"\",\n type: operation.action.type,\n index: operation.index,\n timestampUtcMs: operation.timestampUtcMs,\n hash: operation.hash,\n skip: operation.skip,\n inputText:\n typeof operation.action.input === \"string\"\n ? operation.action.input\n : JSON.stringify(operation.action.input),\n error: operation.error,\n context: {\n signer: signer\n ? {\n user: signer.user,\n app: signer.app,\n signatures: signer.signatures.map((sig) =>\n Array.isArray(sig) ? sig.join(\", \") : sig,\n ),\n }\n : undefined,\n },\n };\n}\n\nexport function buildGraphQlDocument(doc: PHDocument): GqlDocument {\n // Return full state with all scopes (auth, document, global, local)\n // This matches the ReactorSubgraph pattern in adapters.ts\n const state = doc.state;\n const initialState = doc.initialState;\n // For stateJSON, use global state for backward compatibility\n const globalState = \"global\" in doc.state ? doc.state.global : {};\n return {\n id: doc.header.id,\n name: doc.header.name,\n documentType: doc.header.documentType,\n revision: doc.header.revision.global || 0,\n createdAtUtcIso: doc.header.createdAtUtcIso,\n lastModifiedAtUtcIso: doc.header.lastModifiedAtUtcIso,\n operations: [],\n stateJSON: globalState as JSON,\n state,\n initialState,\n };\n}\n\nexport function buildGraphQlDriveDocument(\n doc: DocumentDriveDocument,\n): GqlDriveDocument {\n const gqlDoc = buildGraphQlDocument(doc);\n return {\n ...gqlDoc,\n meta: {\n preferredEditor: doc.header.meta?.preferredEditor,\n },\n slug: doc.header.slug,\n state: doc.state.global,\n initialState: doc.state.global,\n };\n}\n"],"names":[],"mappings":";;;;;;;AAoBA,IAAa,eAAb,MAA+C;CAC7C,OAAO;CACP,OAAO;CACP,YAAiC,EAC/B,OAAO,EACL,aAAa,KAAK,MACnB,EACF;CACD,WAAyB,GAAG;;;;;CAK5B;CACA;CACA;CACA;CACA;CACA;CAEA,YAAY,MAAoB;AAC9B,OAAK,gBAAgB,KAAK;AAC1B,OAAK,iBAAiB,KAAK;AAC3B,OAAK,eAAe,KAAK;AACzB,OAAK,cAAc,KAAK;AACxB,OAAK,4BAA4B,KAAK;AACtC,OAAK,uBAAuB,KAAK;AACjC,OAAK,OAAO,KAAK,QAAQ;;CAG3B,MAAM,UAAU;CAQhB,iBAA2C;AACzC,SAAO,OAAO,eAA0C;AACtD,OAAI;AAKF,YAJe,MAAM,KAAK,cAAc,yBACtC,YACA,QACD,EACa,QAAQ,KAAK,QAAQ,IAAI,OAAO,GAAG;WAC3C;AACN,WAAO,EAAE;;;;CAKf,qBAA+B,KAAuB;AACpD,SAAO,CAAC,CAAC,IAAI,UAAU,IAAI,MAAM,WAAW,GAAG;;CAGjD,MAAgB,gBACd,YACA,KACkB;AAClB,MAAI,KAAK,qBACP,QAAO,KAAK,qBAAqB,QAC/B,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB;AAEH,MAAI,KAAK,qBAAqB,IAAI,CAAE,QAAO;AAC3C,MAAI,KAAK,0BACP,QAAO,KAAK,0BAA0B,QACpC,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB;AAEH,SAAO;;CAGT,MAAgB,cACd,YACA,KACe;AACf,MAAI,KAAK,sBAAsB;AAM7B,OAAI,CALY,MAAM,KAAK,qBAAqB,QAC9C,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB,CAEC,OAAM,IAAI,aACR,4DACD;AAEH;;AAGF,MAAI,CAAC,KAAK,qBAAqB,IAAI,CACjC,KAAI,KAAK;OAMH,CALY,MAAM,KAAK,0BAA0B,QACnD,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB,CAEC,OAAM,IAAI,aACR,4DACD;QAGH,OAAM,IAAI,aACR,4DACD;;CAKP,MAAgB,eACd,YACA,KACe;AACf,MAAI,KAAK,sBAAsB;AAM7B,OAAI,CALa,MAAM,KAAK,qBAAqB,SAC/C,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB,CAEC,OAAM,IAAI,aACR,gEACD;AAEH;;AAGF,MAAI,CAAC,KAAK,qBAAqB,IAAI,CACjC,KAAI,KAAK;OAMH,CALa,MAAM,KAAK,0BAA0B,SACpD,YACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB,CAEC,OAAM,IAAI,aACR,gEACD;QAGH,OAAM,IAAI,aACR,gEACD;;CAKP,MAAgB,0BACd,YACA,eACA,KACe;AACf,MAAI,KAAK,sBAAsB;AAO7B,OAAI,CANc,MAAM,KAAK,qBAAqB,UAChD,YACA,eACA,IAAI,MAAM,SACV,KAAK,gBAAgB,CACtB,CAEC,OAAM,IAAI,aACR,6DAA6D,cAAc,oBAC5E;AAEH;;AAGF,MAAI,CAAC,KAAK,0BAA2B;AACrC,MAAI,IAAI,UAAU,IAAI,MAAM,WAAW,GAAG,CAAE;AAM5C,MAJE,MAAM,KAAK,0BAA0B,sBACnC,YACA,cACD;OAQG,CALF,MAAM,KAAK,0BAA0B,oBACnC,YACA,eACA,IAAI,MAAM,QACX,CAED,OAAM,IAAI,aACR,6DAA6D,cAAc,oBAC5E;;;;;;;;;AC9MT,eAAe,sBACb,aACA,SACmB;CACnB,MAAM,iBAAiB;EACrB,GAAG,YAAY,aAAa,QAAQ;EACpC,GAAG,YAAY,aAAa,QAAQ;EACpC,GAAG,YAAY,QAAQ,QAAQ;EAC/B,GAAG,YAAY,QAAQ,QAAQ;EAChC;AAED,MAAK,MAAM,iBAAiB,eAC1B,KAAI;AACF,SAAQ,MAAM;;GAA0B;;SAClC;AAKV,QAAO;;;;;AAMT,eAAe,qBACb,aACA,SACmB;AACnB,KAAI;EACF,MAAM,cAAc,OAAO,KAAK,UAAU,GAAG,YAAY,eAAe;AACxE,MAAI,CAAC,YAAa,QAAO;EAEzB,MAAM,cAAc,KAAK,QAAQ,IAAI,IAAI,YAAY,CAAC,SAAS;EAC/D,MAAM,aAAa;GACjB,KAAK,KAAK,aAAa,QAAQ,QAAQ,SAAS,YAAY;GAC5D,KAAK,KAAK,aAAa,QAAQ,QAAQ,GAAG,QAAQ,MAAM;GACxD,KAAK,KAAK,aAAa,QAAQ,SAAS,WAAW;GACnD,KAAK,KAAK,aAAa,QAAQ,GAAG,QAAQ,KAAK;GAC/C,KAAK,KAAK,aAAa,SAAS,WAAW;GAC3C,KAAK,KAAK,aAAa,GAAG,QAAQ,KAAK;GACxC;AAED,OAAK,MAAM,eAAe,WACxB,KAAI;AACF,UAAQ,MAAM;;IAA0B;;UAClC;SAIJ;AAIR,QAAO;;;;;AAMT,eAAe,sBACb,aACA,SACmB;CACnB,MAAM,kBAAkB,YAAY,SAAS,IAAI,GAC7C,YAAY,MAAM,IAAI,CAAC,KAAK,GAC5B;CACJ,MAAM,sBAAsB,CAC1B,KAAK,KAAK,QAAQ,KAAK,EAAE,gBAAgB,YAAY,EACrD,KAAK,KAAK,QAAQ,KAAK,EAAE,gBAAgB,mBAAmB,YAAY,CACzE;CAED,MAAM,oBAA8B,EAAE;AAEtC,MAAK,MAAM,mBAAmB,oBAC5B,KAAI;EACF,MAAM,KAAK,MAAM,OAAO;AACxB,MAAI,GAAG,WAAW,gBAAgB,EAAE;GAClC,MAAM,WAAW,GAAG,aAAa,gBAAgB;AAEjD,qBAAkB,KAChB,KAAK,KAAK,UAAU,QAAQ,QAAQ,SAAS,YAAY,EACzD,KAAK,KAAK,UAAU,QAAQ,QAAQ,GAAG,QAAQ,MAAM,EACrD,KAAK,KAAK,UAAU,QAAQ,SAAS,WAAW,EAChD,KAAK,KAAK,UAAU,QAAQ,GAAG,QAAQ,KAAK,EAC5C,KAAK,KAAK,UAAU,SAAS,WAAW,EACxC,KAAK,KAAK,UAAU,GAAG,QAAQ,KAAK,CACrC;;SAEG;AAKV,QAAO;;;;;AAMT,SAAS,wBACP,aACA,SACU;CACV,MAAM,kBAAkB,YAAY,SAAS,IAAI,GAC7C,YAAY,MAAM,IAAI,CAAC,KAAK,GAC5B;CACJ,MAAM,cAAc,CAAC,QAAQ,KAAK,EAAE,KAAK,QAAQ,QAAQ,KAAK,CAAC,CAAC;CAEhE,MAAM,oBAA8B,EAAE;AACtC,MAAK,MAAM,QAAQ,YACjB,mBAAkB,KAChB,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,QACA,SACA,YACD,EACD,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,QACA,GAAG,QAAQ,MACZ,EACD,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,SACA,WACD,EACD,KAAK,KACH,MACA,YACA,mBAAmB,aACnB,QACA,GAAG,QAAQ,KACZ,CACF;AAGH,QAAO;;;;;AAMT,eAAe,qBAAwB,UAAuC;AAC5E,MAAK,MAAM,iBAAiB,SAC1B,KAAI;AACF,SAAQ,MAAM;;GAA0B;;SAClC;AAKV,QAAO;;;;;AAMT,eAAsB,qBACpB,aACA,SACmB;CAEnB,IAAI,SAAS,MAAM,sBAAyB,aAAa,QAAQ;AACjE,KAAI,OAAQ,QAAO;AAGnB,UAAS,MAAM,qBAAwB,aAAa,QAAQ;AAC5D,KAAI,OAAQ,QAAO;AAInB,UAAS,MAAM,qBADM,MAAM,sBAAsB,aAAa,QAAQ,CAClB;AACpD,KAAI,OAAQ,QAAO;AAInB,UAAS,MAAM,qBADK,wBAAwB,aAAa,QAAQ,CACd;AACnD,KAAI,OAAQ,QAAO;AAEnB,QAAO;;;;ACjLO,YAAY,CAAC,eAAe,gBAAgB,CAAC;;;;AAiB7D,eAAsB,mBACpB,aACsC;AACtC,QAAO,eAAe,aAAa,kBAAkB;;;;;AAMvD,eAAsB,cACpB,aACiC;AACjC,QAAO,eAAe,aAAa,YAAY;;;;;AAMjD,eAAsB,eACpB,aACkC;AAClC,QAAO,eAAe,aAAa,aAAa;;;;;;AAOlD,eAAe,eACb,aACA,SACY;CACZ,MAAM,WAAW,GAAG,YAAY,GAAG;AAGnC,KAAI;AAKF,SADgB,MAAM;;GAA0B;;UAEzC,GAAG;AAEV,MACE,aAAa,SACb,UAAU,MACT,EAAE,SAAS,0BACV,EAAE,SAAS,+BACb;GACA,MAAM,SAAS,MAAM,qBAAwB,aAAa,QAAQ;AAClE,OAAI,OAAQ,QAAO;;AAErB,QAAM;;;AAIV,SAAgB,SACd,MACA,QAAQ,KACR;CACA,IAAI;AACJ,SAAQ,YAAY,OAAO,GAAG,SAAY;AACxC,MAAI,MACF,cAAa,MAAM;AAErB,SAAO,IAAI,SAAY,SAAS,WAAW;AACzC,OAAI,UACF,MAAK,GAAG,KAAK,CACV,KAAK,QAAQ,CACb,MAAM,OAAO;OAEhB,SAAQ,iBAAiB;AACvB,SAAK,GAAG,KAAK,CACV,KAAK,QAAQ,CACb,MAAM,OAAO;MACf,MAAM;IAEX;;;AAIN,SAAgB,UAAU,QAAgB,KAAa;CACrD,MAAM,WAAW,KAAK,SAAS,QAAQ,IAAI;AAC3C,QAAO,YAAY,CAAC,SAAS,WAAW,KAAK,IAAI,CAAC,KAAK,WAAW,SAAS;;;;ACzG7E,SAAgB,gBACd,WAC4B;AAC5B,KAAI,OAAO,cAAc,WAAY,QAAO;CAE5C,IAAI,QAAiB,OAAO,eAAe,UAAU;AACrD,QAAO,OAAO;AACZ,MAAI,OAAO,UAAU,cAAc,KAAK,OAAO,aAAa,CAAE,QAAO;AAErE,UAAQ,OAAO,eAAe,MAAM;;AAGtC,QAAO;;AAGT,SAAgB,uBACd,YACA,MACA,OACgB;AAChB,QAAO,WAAW,MAAM,MAAM,OAAO,MAAM,CAAC,IAAI,sBAAsB;;AAGxE,SAAgB,sBAAsB,WAAoC;CACxE,MAAM,SAAS,UAAU,OAAO,SAAS;AACzC,QAAO;EACL,IAAI,UAAU,MAAM;EACpB,MAAM,UAAU,OAAO;EACvB,OAAO,UAAU;EACjB,gBAAgB,UAAU;EAC1B,MAAM,UAAU;EAChB,MAAM,UAAU;EAChB,WACE,OAAO,UAAU,OAAO,UAAU,WAC9B,UAAU,OAAO,QACjB,KAAK,UAAU,UAAU,OAAO,MAAM;EAC5C,OAAO,UAAU;EACjB,SAAS,EACP,QAAQ,SACJ;GACE,MAAM,OAAO;GACb,KAAK,OAAO;GACZ,YAAY,OAAO,WAAW,KAAK,QACjC,MAAM,QAAQ,IAAI,GAAG,IAAI,KAAK,KAAK,GAAG,IACvC;GACF,GACD,KAAA,GACL;EACF;;AAGH,SAAgB,qBAAqB,KAA8B;CAGjE,MAAM,QAAQ,IAAI;CAClB,MAAM,eAAe,IAAI;CAEzB,MAAM,cAAc,YAAY,IAAI,QAAQ,IAAI,MAAM,SAAS,EAAE;AACjE,QAAO;EACL,IAAI,IAAI,OAAO;EACf,MAAM,IAAI,OAAO;EACjB,cAAc,IAAI,OAAO;EACzB,UAAU,IAAI,OAAO,SAAS,UAAU;EACxC,iBAAiB,IAAI,OAAO;EAC5B,sBAAsB,IAAI,OAAO;EACjC,YAAY,EAAE;EACd,WAAW;EACX;EACA;EACD;;AAGH,SAAgB,0BACd,KACkB;AAElB,QAAO;EACL,GAFa,qBAAqB,IAAI;EAGtC,MAAM,EACJ,iBAAiB,IAAI,OAAO,MAAM,iBACnC;EACD,MAAM,IAAI,OAAO;EACjB,OAAO,IAAI,MAAM;EACjB,cAAc,IAAI,MAAM;EACzB","debug_id":"f64c0238-0280-5fb7-9cf2-93c99d05e219"}