npm - @timeax/service-builder - Versions diffs - 0.1.0 → 0.1.1 - Mend

@timeax/service-builder 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -617,11 +617,81 @@ function normalizeRole(value) {
   return value === "utility" ? "utility" : "base";
 }
-// src/workspace/authorization.ts
-function hasPermission(permissions2, key) {
-  if (!permissions2) return false;
-  return permissions2[key] === true;
+// src/workspace/permissions.ts
+var BUILDER_PERMISSIONS = {
+  WORKSPACE_READ: "workspace.read",
+  WORKSPACE_WRITE: "workspace.write",
+  BRANCHES_READ: "branches.read",
+  BRANCHES_CREATE: "branches.create",
+  BRANCHES_WRITE: "branches.write",
+  BRANCHES_DELETE: "branches.delete",
+  BRANCHES_MERGE: "branches.merge",
+  BRANCHES_PUBLISH: "branches.publish",
+  BRANCHES_MANAGE: "branches.manage",
+  TEMPLATES_READ: "templates.read",
+  TEMPLATES_WRITE: "templates.write",
+  TEMPLATES_DELETE: "templates.delete",
+  TEMPLATES_MANAGE: "templates.manage",
+  COMMENTS_READ: "comments.read",
+  COMMENTS_WRITE: "comments.write",
+  COMMENTS_MODERATE: "comments.moderate",
+  POLICIES_READ: "policies.read",
+  POLICIES_WRITE: "policies.write",
+  POLICIES_MANAGE: "policies.manage",
+  PARTICIPANTS_READ: "participants.read",
+  PARTICIPANTS_WRITE: "participants.write",
+  PARTICIPANTS_MANAGE: "participants.manage",
+  SERVICES_READ: "services.read"
+};
+var BUILDER_PERMISSION_KEYS = new Set(Object.values(BUILDER_PERMISSIONS));
+function toBuilderPermissionsMap(permissions2) {
+  if (!permissions2) return {};
+  const result = {};
+  for (const [key, value] of Object.entries(permissions2)) {
+    if (!BUILDER_PERMISSION_KEYS.has(key)) continue;
+    result[key] = value === true;
+  }
+  return result;
+}
+function can(map, permission) {
+  if (!map) return false;
+  return map[permission] === true;
+}
+function canReadWorkspace(map) {
+  return can(map, BUILDER_PERMISSIONS.WORKSPACE_READ);
+}
+function canEditBranch(map) {
+  return can(map, BUILDER_PERMISSIONS.BRANCHES_WRITE);
+}
+function canCreateBranch(map) {
+  return can(map, BUILDER_PERMISSIONS.BRANCHES_CREATE);
+}
+function canMergeBranch(map) {
+  return can(map, BUILDER_PERMISSIONS.BRANCHES_MERGE);
+}
+function canPublishBranch(map) {
+  return can(map, BUILDER_PERMISSIONS.BRANCHES_PUBLISH);
 }
+function canDeleteBranch(map) {
+  return can(map, BUILDER_PERMISSIONS.BRANCHES_DELETE);
+}
+function canManageBranches(map) {
+  return can(map, BUILDER_PERMISSIONS.BRANCHES_MANAGE);
+}
+function canWriteTemplates(map) {
+  return can(map, BUILDER_PERMISSIONS.TEMPLATES_WRITE);
+}
+function canManageTemplates(map) {
+  return can(map, BUILDER_PERMISSIONS.TEMPLATES_MANAGE);
+}
+function canReadComments(map) {
+  return can(map, BUILDER_PERMISSIONS.COMMENTS_READ);
+}
+function canWriteComments(map) {
+  return can(map, BUILDER_PERMISSIONS.COMMENTS_WRITE);
+}
+// src/workspace/authorization.ts
 function resolveActorAuthorId(actor, authors2) {
   if (!actor) return "unknown";
   const fromMeta = actor?.meta && typeof actor.meta.authorId === "string" ? actor.meta.authorId : void 0;
@@ -633,40 +703,52 @@ function deriveWorkspaceAuthorization(args) {
   const { actor, permissions: permissions2 = null, participants = null, authors: authors2 = null } = args;
   const authorId = resolveActorAuthorId(actor, authors2);
   const participant = (participants ?? []).find((row) => row.authorId === authorId) ?? null;
-  const canReadWorkspace = hasPermission(permissions2, "workspace.read");
-  const canEditBranchContent = hasPermission(permissions2, "workspace.write") && participant?.canWrite === true;
-  const canCreateBranch = canEditBranchContent && hasPermission(permissions2, "branches.create");
-  const canMergeBranches = canEditBranchContent && hasPermission(permissions2, "branches.merge");
-  const canManageBranches = canCreateBranch || canMergeBranches || canEditBranchContent;
-  const canWriteTemplates = canEditBranchContent && hasPermission(permissions2, "templates.write");
-  const canCommentRead = canReadWorkspace && hasPermission(permissions2, "comments.read");
-  const canCommentWrite = canReadWorkspace && hasPermission(permissions2, "comments.write");
+  const permissionMap = toBuilderPermissionsMap(permissions2);
+  const readWorkspace = canReadWorkspace(permissionMap);
+  const editBranch = canEditBranch(permissionMap);
+  const createBranch = canCreateBranch(permissionMap);
+  const mergeBranches = canMergeBranch(permissionMap);
+  const publishBranches = canPublishBranch(permissionMap);
+  const deleteBranches = canDeleteBranch(permissionMap);
+  const manageBranches = canManageBranches(permissionMap);
+  const writeTemplates = canWriteTemplates(permissionMap);
+  const manageTemplates = canManageTemplates(permissionMap);
+  const commentRead = canReadComments(permissionMap);
+  const commentWrite = canWriteComments(permissionMap);
   return {
     authorId,
     participant,
-    canReadWorkspace,
-    canEditBranchContent,
-    canCreateBranch,
-    canMergeBranches,
-    canManageBranches,
-    canWriteTemplates,
-    canCommentRead,
-    canCommentWrite
+    permissions: permissionMap,
+    canReadWorkspace: readWorkspace,
+    canEditBranchContent: editBranch,
+    canCreateBranch: createBranch,
+    canMergeBranches: mergeBranches,
+    canPublishBranches: publishBranches,
+    canDeleteBranches: deleteBranches,
+    canManageBranches: manageBranches,
+    canWriteTemplates: writeTemplates,
+    canManageTemplates: manageTemplates,
+    canCommentRead: readWorkspace && commentRead,
+    canCommentWrite: readWorkspace && commentWrite
   };
 }
 function getAuthorizationDecision(auth, action) {
   switch (action) {
     case "branch-content-edit":
     case "snapshot-write":
-      return auth.canEditBranchContent ? { ok: true } : { ok: false, reason: "Editing is disabled. You need workspace write access and branch write access." };
+      return auth.canEditBranchContent ? { ok: true } : { ok: false, reason: "Editing is disabled. You need branches.write." };
     case "template-write":
-      return auth.canWriteTemplates ? { ok: true } : { ok: false, reason: "Template editing requires templates.write and branch edit access." };
+      return auth.canWriteTemplates ? { ok: true } : { ok: false, reason: "Template editing requires templates.write." };
     case "branch-create":
-      return auth.canCreateBranch ? { ok: true } : { ok: false, reason: "Branch creation requires branches.create and branch edit access." };
+      return auth.canCreateBranch ? { ok: true } : { ok: false, reason: "Branch creation requires branches.create." };
     case "branch-merge":
-      return auth.canMergeBranches ? { ok: true } : { ok: false, reason: "Branch merge requires branches.merge and branch edit access." };
+      return auth.canMergeBranches ? { ok: true } : { ok: false, reason: "Branch merge requires branches.merge." };
+    case "branch-publish":
+      return auth.canPublishBranches ? { ok: true } : { ok: false, reason: "Branch publish requires branches.publish." };
+    case "branch-delete":
+      return auth.canDeleteBranches ? { ok: true } : { ok: false, reason: "Branch deletion requires branches.delete." };
     case "branch-manage":
-      return auth.canManageBranches ? { ok: true } : { ok: false, reason: "Branch management requires branch edit access." };
+      return auth.canManageBranches ? { ok: true } : { ok: false, reason: "Branch management requires branches.manage." };
     case "comment-read":
       return auth.canCommentRead ? { ok: true } : { ok: false, reason: "Comment read access is disabled for this actor." };
     case "comment-write":
@@ -3404,6 +3486,7 @@ import { jsx as jsx13, jsxs as jsxs9 } from "react/jsx-runtime";
 function AppToolbar({
   bootActionReason,
   editDisabledReason,
+  publishDisabledReason,
   commentDisabledReason,
   errors,
   bottomPanelOpen,
@@ -3454,7 +3537,7 @@ function AppToolbar({
           "aria-label": "Publish commit",
           onClick: onPublish,
           disabled: pendingAction === "publish" || !canPublish,
-          title: (bootActionReason && !canPublish ? bootActionReason : void 0) ?? (!canPublish ? editDisabledReason : void 0) ?? "Publish commit",
+          title: (bootActionReason && !canPublish ? bootActionReason : void 0) ?? (!canPublish ? publishDisabledReason : void 0) ?? "Publish commit",
           children: /* @__PURE__ */ jsx13(LuGitCommitHorizontal, {})
         }
       )
@@ -6067,7 +6150,9 @@ function CanvasPanel({
   );
   const canEditBranchContent = auth.canEditBranchContent;
   const canCommentWrite = auth.canCommentWrite;
+  const canPublishBranch2 = auth.canPublishBranches;
   const editDecision = getAuthorizationDecision(auth, "branch-content-edit");
+  const publishDecision = getAuthorizationDecision(auth, "branch-publish");
   const commentWriteDecision = getAuthorizationDecision(auth, "comment-write");
   const emitPermissionDenied = useCallback7(
     (reason, action, meta) => {
@@ -6217,7 +6302,7 @@ function CanvasPanel({
   }, [canvas.api, ws.snapshot]);
   const hasChanges = currentSnapshotHash !== persistedBaselineHash;
   const canSave = hasChanges && canEditBranchContent;
-  const canPublish = !!ws.snapshot.draft && !hasChanges && canEditBranchContent;
+  const canPublish = !!ws.snapshot.draft && !hasChanges && canPublishBranch2;
   const importProps = async (nextProps) => {
     if (!canEditBranchContent) {
       emitPermissionDenied(editDecision.reason ?? "Editing is disabled for this actor.", "import-props");
@@ -6492,6 +6577,7 @@ function CanvasPanel({
           {
             bootActionReason,
             editDisabledReason: !canEditBranchContent ? editDecision.reason ?? "Editing is disabled for this actor." : void 0,
+            publishDisabledReason: !canPublishBranch2 ? publishDecision.reason ?? "Publishing is disabled for this actor." : void 0,
             commentDisabledReason: !canCommentWrite ? commentWriteDecision.reason ?? "Comment write access is disabled for this actor." : void 0,
             errors,
             showErrorBadges,
@@ -6538,8 +6624,8 @@ function CanvasPanel({
               }
             },
             onPublish: async () => {
-              if (!canEditBranchContent) {
-                emitPermissionDenied(editDecision.reason ?? "Editing is disabled for this actor.", "snapshot-publish");
+              if (!canPublishBranch2) {
+                emitPermissionDenied(publishDecision.reason ?? "Publishing is disabled for this actor.", "snapshot-publish");
                 return;
               }
               if (!canPublish) return;
@@ -7215,15 +7301,6 @@ import { jsx as jsx27, jsxs as jsxs19 } from "react/jsx-runtime";
 function normalizeKey(input) {
   return input.trim().toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");
 }
-function getActorAuthorId(ws) {
-  const actorMetaAuthorId = ws.actor?.meta && typeof ws.actor.meta.authorId === "string" ? ws.actor.meta.authorId : void 0;
-  if (actorMetaAuthorId) return actorMetaAuthorId;
-  if ((ws.authors.data ?? []).some((author) => author.id === ws.actor.id)) return ws.actor.id;
-  return ws.actor.id;
-}
-function resolveBranchParticipant(authorId, participants) {
-  return (participants ?? []).find((participant) => participant.authorId === authorId);
-}
 function ActionIconButton({
   icon,
   label,
@@ -7262,25 +7339,34 @@ var Drafts = ({ trigger }) => {
   const [createName, setCreateName] = useState11("");
   const [createFromId, setCreateFromId] = useState11(ws.branches.currentId);
   const [actionKey, setActionKey] = useState11(null);
-  const workspaceRead = ws.permissions.data?.["workspace.read"] ?? false;
-  const canCreateBranch = ws.permissions.data?.["branches.create"] ?? false;
-  const canMergeBranches = ws.permissions.data?.["branches.merge"] ?? false;
-  const canWriteWorkspace = ws.permissions.data?.["workspace.write"] ?? false;
+  const auth = useMemo11(
+    () => deriveWorkspaceAuthorization({
+      actor: ws.actor,
+      permissions: ws.permissions?.data,
+      participants: ws.participants?.data,
+      authors: ws.authors?.data
+    }),
+    [ws.actor, ws.authors?.data, ws.participants?.data, ws.permissions?.data]
+  );
+  const workspaceRead = auth.canReadWorkspace;
+  const branchesReadable = auth.permissions["branches.read"] === true;
+  const canCreateBranch2 = auth.canCreateBranch;
+  const canMergeBranches = auth.canMergeBranches;
+  const canManageBranches2 = auth.canManageBranches;
+  const canDeleteBranches = auth.canDeleteBranches;
+  const canWriteBranchContent = auth.canEditBranchContent;
   const currentBranch = ws.branches.data?.find((branch) => branch.id === ws.branches.currentId);
-  const actorAuthorId = getActorAuthorId(ws);
   const branchItems = useMemo11(() => {
     return (ws.branches.data ?? []).map((branch) => {
-      const participant = branch.id === ws.branches.currentId ? resolveBranchParticipant(actorAuthorId, ws.participants.data) : null;
-      const canRead = branch.id === ws.branches.currentId ? true : workspaceRead;
-      const canWrite = branch.id === ws.branches.currentId ? participant?.canWrite ?? false : canWriteWorkspace;
+      const canRead = branchesReadable && workspaceRead;
+      const canWrite = canWriteBranchContent;
       return {
         branch,
-        participant,
         canRead,
         canWrite
       };
     });
-  }, [actorAuthorId, canWriteWorkspace, workspaceRead, ws.branches.currentId, ws.branches.data, ws.participants.data]);
+  }, [branchesReadable, canWriteBranchContent, workspaceRead, ws.branches.data]);
   const visibleBranches = useMemo11(() => {
     const lower = query.trim().toLowerCase();
     return branchItems.filter((item) => {
@@ -7376,15 +7462,15 @@ var Drafts = ({ trigger }) => {
   const createPermission = useMemo11(() => {
     if (!ws.boot.isReady) return { allowed: false, reason: bootActionReason ?? "Workspace data is still loading." };
     if (!workspaceRead) return { allowed: false, reason: "You do not have workspace access." };
-    if (!canCreateBranch) return { allowed: false, reason: "Branch creation is disabled by workspace permissions." };
+    if (!canCreateBranch2) return { allowed: false, reason: "Branch creation is disabled by workspace permissions." };
     if (!createFromId) return { allowed: false, reason: "Choose a source branch first." };
     return { allowed: true };
-  }, [bootActionReason, canCreateBranch, createFromId, workspaceRead, ws.boot.isReady]);
+  }, [bootActionReason, canCreateBranch2, createFromId, workspaceRead, ws.boot.isReady]);
   const branchActionMenu = (item) => {
     const currentId = ws.branches.currentId;
     const switchPermission = !ws.boot.isReady ? { allowed: false, reason: bootActionReason ?? "Workspace data is still loading." } : item.branch.id === currentId ? { allowed: false, reason: "This branch is already active." } : { allowed: true };
-    const setMainPermission = !ws.boot.isReady ? { allowed: false, reason: bootActionReason ?? "Workspace data is still loading." } : item.branch.isMain ? { allowed: false, reason: "This branch is already the main branch." } : !canWriteWorkspace ? { allowed: false, reason: "Setting the main branch requires workspace write access." } : !item.canWrite ? { allowed: false, reason: "You need write access to this branch to make it main." } : { allowed: true };
-    const deletePermission = !ws.boot.isReady ? { allowed: false, reason: bootActionReason ?? "Workspace data is still loading." } : item.branch.isMain ? { allowed: false, reason: "Set another branch as main before deleting this branch." } : !canWriteWorkspace ? { allowed: false, reason: "Deleting branches requires workspace write access." } : !item.canWrite ? { allowed: false, reason: "You need write access to delete this branch." } : { allowed: true };
+    const setMainPermission = !ws.boot.isReady ? { allowed: false, reason: bootActionReason ?? "Workspace data is still loading." } : item.branch.isMain ? { allowed: false, reason: "This branch is already the main branch." } : !canManageBranches2 ? { allowed: false, reason: "Setting the main branch requires branches.manage." } : !item.canWrite ? { allowed: false, reason: "You need write access to this branch to make it main." } : { allowed: true };
+    const deletePermission = !ws.boot.isReady ? { allowed: false, reason: bootActionReason ?? "Workspace data is still loading." } : item.branch.isMain ? { allowed: false, reason: "Set another branch as main before deleting this branch." } : !canDeleteBranches ? { allowed: false, reason: "Deleting branches requires branches.delete." } : !item.canWrite ? { allowed: false, reason: "You need write access to delete this branch." } : { allowed: true };
     const mergeTargets = visibleBranches.filter((target) => target.branch.id !== item.branch.id).map((target) => {
       const mergePermission = !ws.boot.isReady ? { allowed: false, reason: bootActionReason ?? "Workspace data is still loading." } : !canMergeBranches ? { allowed: false, reason: "Merging is disabled by workspace permissions." } : !item.canWrite ? { allowed: false, reason: "You need write access to the source branch to merge it." } : !target.canWrite ? { allowed: false, reason: "You need write access to the target branch to merge into it." } : { allowed: true };
       return {
@@ -9082,6 +9168,13 @@ import * as React22 from "react";
 import { jsx as jsx34, jsxs as jsxs23 } from "react/jsx-runtime";
 function Node({ node, matched, isEditing, onCommit, onCancel }) {
   const spanRef = React22.useRef(null);
+  React22.useEffect(() => {
+    const span = spanRef.current;
+    if (!span || isEditing) return;
+    if (span.textContent !== node.title) {
+      span.textContent = node.title;
+    }
+  }, [isEditing, node.title]);
   React22.useEffect(() => {
     if (isEditing && spanRef.current) {
       spanRef.current.focus();
@@ -9093,18 +9186,18 @@ function Node({ node, matched, isEditing, onCommit, onCancel }) {
       selection?.addRange(range);
     }
   }, [isEditing]);
+  const commitFromDom = React22.useCallback(() => {
+    if (!isEditing || !onCommit || !spanRef.current) return;
+    onCommit(spanRef.current.innerText || "");
+  }, [isEditing, onCommit]);
   const handleBlur = () => {
-    const edited = spanRef.current.innerText;
-    spanRef.current.innerText = node.title;
-    if (isEditing && onCommit && spanRef.current) {
-      onCommit(edited);
-    }
+    commitFromDom();
   };
   const handleKeyDown = (e) => {
     if (!isEditing) return;
     if (e.key === "Enter") {
       e.preventDefault();
-      onCommit?.(spanRef.current?.innerText || "");
+      spanRef.current?.blur();
     } else if (e.key === "Escape") {
       e.preventDefault();
       onCancel?.();
@@ -11553,7 +11646,7 @@ function RenderIf({ data, emptyMessage = null, children, when }) {
 // src/panels/right/partials/global/add-service.tsx
 import { useCanvas as useCanvas7, useWorkspace as useWorkspace12 } from "@timeax/digital-service-engine/workspace";
 import { InputField as InputField5 } from "@timeax/form-palette";
-import { useCallback as useCallback17, useEffect as useEffect19, useMemo as useMemo25, useState as useState26 } from "react";
+import { useCallback as useCallback18, useEffect as useEffect19, useMemo as useMemo25, useState as useState26 } from "react";
 import { BsPlus } from "react-icons/bs";
 import { FaFolderOpen } from "react-icons/fa";
 import { FiFilter } from "react-icons/fi";
@@ -11735,7 +11828,7 @@ function AddServicePopover({
     }
     return ids;
   }, [canvas.api.editor, contextFilterEnabled, liveSnapshot, policies2, services2]);
-  const setCatalogMode = useCallback17(
+  const setCatalogMode = useCallback18(
     (mode) => {
       const editor = canvas.api.editor;
       editor.ensureCatalog?.();
@@ -14296,7 +14389,7 @@ var wireframe_tags_widget_default = WireframeTagsWidget;
 // src/panels/right/tabs/wireframe.tsx
 import { useOrderFlow, Wrapper } from "@timeax/digital-service-engine/react";
 import { useCanvas as useCanvas16, useWorkspace as useWorkspace14 } from "@timeax/digital-service-engine/workspace";
-import { useCallback as useCallback18, useMemo as useMemo33 } from "react";
+import { useCallback as useCallback19, useMemo as useMemo33 } from "react";
 import { jsx as jsx71, jsxs as jsxs51 } from "react/jsx-runtime";
 var CHECKBOX_SINGLE_EXTRA_PROPS = Object.freeze({ single: true });
 function Wireframe() {
@@ -14357,7 +14450,7 @@ function Wireframe() {
     }
     return map;
   }, [canvas.props, canvas.selectionInfo, canvas.activeId]);
-  const select = useCallback18(
+  const select = useCallback19(
     (id) => {
       canvas.setActive(id);
       canvas.api.select([id]);
@@ -14499,7 +14592,7 @@ var right_default = RightPanel;
 // src/workspace/fallback-editor-modal.tsx
 import { useCanvas as useCanvas18, useWorkspace as useWorkspace15 } from "@timeax/digital-service-engine/workspace";
 import cloneDeep4 from "lodash/cloneDeep";
-import { Suspense, lazy, createContext as createContext4, useCallback as useCallback19, useContext as useContext4, useEffect as useEffect21, useMemo as useMemo34, useState as useState33 } from "react";
+import { Suspense, lazy, createContext as createContext4, useCallback as useCallback20, useContext as useContext4, useEffect as useEffect21, useMemo as useMemo34, useState as useState33 } from "react";
 import { createPortal as createPortal4 } from "react-dom";
 import { FiX as FiX4 } from "react-icons/fi";
 import { jsx as jsx73, jsxs as jsxs53 } from "react/jsx-runtime";
@@ -14522,11 +14615,11 @@ function FallbackEditorModalProvider({ children }) {
   const [launch, setLaunch] = useState33(null);
   const [sessionId, setSessionId] = useState33(0);
   const [surfaceError, setSurfaceError] = useState33(null);
-  const close = useCallback19(() => {
+  const close = useCallback20(() => {
     setLaunch(null);
     setSurfaceError(null);
   }, []);
-  const openForNode = useCallback19((input) => {
+  const openForNode = useCallback20((input) => {
     setSurfaceError(null);
     setSessionId((current) => current + 1);
     setLaunch({
@@ -14537,7 +14630,7 @@ function FallbackEditorModalProvider({ children }) {
       nodeLabel: input.nodeLabel ?? input.nodeId
     });
   }, []);
-  const openForService = useCallback19((input) => {
+  const openForService = useCallback20((input) => {
     setSurfaceError(null);
     setSessionId((current) => current + 1);
     setLaunch({
@@ -14546,7 +14639,7 @@ function FallbackEditorModalProvider({ children }) {
       serviceName: input.serviceName
     });
   }, []);
-  const persistProps = useCallback19(
+  const persistProps = useCallback20(
     (label, mutate) => {
       const editorAny = canvas.api.editor;
       if (typeof editorAny.transact !== "function" || typeof editorAny.replaceProps !== "function") {
@@ -14560,7 +14653,7 @@ function FallbackEditorModalProvider({ children }) {
     },
     [canvas.api.builder, canvas.api.editor, canvas.props]
   );
-  const handleSave = useCallback19(
+  const handleSave = useCallback20(
     async (nextFallbacks) => {
       setSurfaceError(null);
       try {
@@ -14577,7 +14670,7 @@ function FallbackEditorModalProvider({ children }) {
     },
     [close, persistProps]
   );
-  const handleSettingsChange = useCallback19(
+  const handleSettingsChange = useCallback20(
     async (nextSettings) => {
       setSurfaceError(null);
       try {
@@ -14690,7 +14783,7 @@ function useFallbackEditorModal() {
 // src/workspace/bottom-panel/index.tsx
 import { useCanvas as useCanvas21, useWorkspace as useWorkspace16 } from "@timeax/digital-service-engine/workspace";
-import { useCallback as useCallback20, useEffect as useEffect24, useMemo as useMemo36, useRef as useRef12, useState as useState36 } from "react";
+import { useCallback as useCallback21, useEffect as useEffect24, useMemo as useMemo36, useRef as useRef12, useState as useState36 } from "react";
 import { FiEye as FiEye3, FiEyeOff as FiEyeOff2, FiSearch, FiTerminal as FiTerminal2, FiX as FiX6 } from "react-icons/fi";
 import { LuGripHorizontal, LuLayers3 } from "react-icons/lu";
 import { MdOutlineSync } from "react-icons/md";
@@ -16521,7 +16614,7 @@ function BottomConsolePanel({ controller, errors, activeServices, allServices, o
       window.removeEventListener("pointercancel", onPointerUp);
     };
   }, [draggingPanel, panelPosition]);
-  const setCatalogMode = useCallback20(
+  const setCatalogMode = useCallback21(
     (mode) => {
       const editor = canvas.api.editor;
       editor.ensureCatalog?.();
@@ -16529,27 +16622,27 @@ function BottomConsolePanel({ controller, errors, activeServices, allServices, o
     },
     [canvas.api.editor]
   );
-  const handleSelectCatalogService = useCallback20(
+  const handleSelectCatalogService = useCallback21(
     (id) => {
       setSelectedAllServiceId(id);
       canvas.api.editor.setSelectedCatalogService?.(id ?? void 0);
     },
     [canvas.api.editor]
   );
-  const handleSelectCatalogGroup = useCallback20(
+  const handleSelectCatalogGroup = useCallback21(
     (groupId) => {
       canvas.api.editor.setActiveCatalogNode?.(groupId ?? void 0);
     },
     [canvas.api.editor]
   );
-  const handleCreateRootGroup = useCallback20(
+  const handleCreateRootGroup = useCallback21(
     (label) => {
       if (!label.trim()) return;
       canvas.api.editor.createCatalogGroup?.({ label: label.trim() });
     },
     [canvas.api.editor]
   );
-  const handleCreateChildGroup = useCallback20(
+  const handleCreateChildGroup = useCallback21(
     (label) => {
       if (!selectedCatalogGroupId) return;
       const editor = canvas.api.editor;
@@ -16558,7 +16651,7 @@ function BottomConsolePanel({ controller, errors, activeServices, allServices, o
     },
     [canvas.api.editor, selectedCatalogGroupId]
   );
-  const handleRenameGroup = useCallback20(
+  const handleRenameGroup = useCallback21(
     (label) => {
       if (!selectedCatalogGroupId) return;
       const group = catalogGroups.find((item) => item.id === selectedCatalogGroupId);
@@ -16568,15 +16661,15 @@ function BottomConsolePanel({ controller, errors, activeServices, allServices, o
     },
     [canvas.api.editor, catalogGroups, selectedCatalogGroupId]
   );
-  const handleDeleteGroup = useCallback20(() => {
+  const handleDeleteGroup = useCallback21(() => {
     if (!selectedCatalogGroupId) return;
     canvas.api.editor.removeCatalogNode?.(selectedCatalogGroupId, { cascade: true });
   }, [canvas.api.editor, selectedCatalogGroupId]);
-  const handleAssignServices = useCallback20(() => {
+  const handleAssignServices = useCallback21(() => {
     if (!selectedCatalogGroupId) return;
     setServicePickerOpen(true);
   }, [selectedCatalogGroupId]);
-  const handleConfirmAssignServices = useCallback20(
+  const handleConfirmAssignServices = useCallback21(
     (serviceIds) => {
       if (!selectedCatalogGroupId || !serviceIds.length) return;
       canvas.api.editor.assignServicesToCatalogGroup?.(selectedCatalogGroupId, serviceIds, "append");
@@ -17247,41 +17340,77 @@ var participantsByBranch = {
 var permissions = {
   "actor:davy": {
     "workspace.read": true,
-    "workspace.write": true,
+    "workspace.write": false,
+    "branches.read": true,
     "branches.create": true,
+    "branches.write": false,
+    "branches.delete": true,
     "branches.merge": true,
+    "branches.publish": true,
+    "branches.manage": true,
     "templates.read": true,
     "templates.write": true,
+    "templates.delete": true,
+    "templates.manage": true,
     "comments.read": true,
     "comments.write": true,
+    "comments.moderate": true,
     "policies.read": true,
     "policies.write": true,
+    "policies.manage": true,
+    "participants.read": true,
+    "participants.write": true,
+    "participants.manage": true,
     "services.read": true
   },
   "actor:bot": {
     "workspace.read": true,
     "workspace.write": false,
+    "branches.read": true,
     "branches.create": false,
+    "branches.write": false,
+    "branches.delete": false,
     "branches.merge": false,
+    "branches.publish": false,
+    "branches.manage": false,
     "templates.read": true,
     "templates.write": false,
+    "templates.delete": false,
+    "templates.manage": false,
     "comments.read": true,
     "comments.write": true,
+    "comments.moderate": false,
     "policies.read": false,
     "policies.write": false,
+    "policies.manage": false,
+    "participants.read": false,
+    "participants.write": false,
+    "participants.manage": false,
     "services.read": true
   },
   "actor:readonly": {
     "workspace.read": true,
     "workspace.write": false,
+    "branches.read": true,
     "branches.create": false,
+    "branches.write": false,
+    "branches.delete": false,
     "branches.merge": false,
+    "branches.publish": false,
+    "branches.manage": false,
     "templates.read": true,
     "templates.write": false,
+    "templates.delete": false,
+    "templates.manage": false,
     "comments.read": true,
     "comments.write": false,
+    "comments.moderate": false,
     "policies.read": false,
     "policies.write": false,
+    "policies.manage": false,
+    "participants.read": false,
+    "participants.write": false,
+    "participants.manage": false,
     "services.read": true
   }
 };
@@ -17623,7 +17752,7 @@ var workspaceBackend = {
       return baseBackend.branches.merge(workspaceId, sourceId, targetId);
     },
     delete: async (workspaceId, branchId) => {
-      const check = await authorize("branch-manage", branchId);
+      const check = await authorize("branch-delete", branchId);
       if (!check.ok) return check;
       return baseBackend.branches.delete(workspaceId, branchId);
     }
@@ -17677,7 +17806,7 @@ var workspaceBackend = {
     },
     publish: async (params) => {
       if (params.actorId !== workspaceActor.id) return forbidden("Snapshot mutation denied for unknown actor.", { actorId: params.actorId });
-      const check = await authorize("snapshot-write", void 0);
+      const check = await authorize("branch-publish", void 0);
       if (!check.ok) return check;
       return baseBackend.snapshots.publish(params);
     },