Skip to content

feat(sdk): addElement forward op — mint hf-id, inverse = removeElement (WS-D)#1571

Merged
vanceingalls merged 2 commits into
mainfrom
ws-d-add-element
Jun 19, 2026
Merged

feat(sdk): addElement forward op — mint hf-id, inverse = removeElement (WS-D)#1571
vanceingalls merged 2 commits into
mainfrom
ws-d-add-element

Conversation

@vanceingalls

@vanceingalls vanceingalls commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

WS-D — addElement forward op

Part of the AI Studio (Pacific) SDK integration. Stacked on #1570 (WS-C).

Problem

Only removeElement (and an inverse-only add) existed. An embedded editor that adds elements needs a forward op.

What this does

Adds a forward addElement(parent, index, html): HfId op and typed session method:

  • Inserts an element (HTML fragment) at a position (parent + index) with RFC-6902 insert semantics.
  • Mints a stable hf-id against the live document; ids stay stable across serialize().
  • Inverse = removeElement, so undo/redo round-trips.

Implementation notes

  • handleAddElement is split into small pure helpers — collectDocumentHfIds, mintFragmentIds — plus a module-level HF_EXCLUDED_TAGS, to keep cyclomatic complexity under the fallow HIGH threshold.
  • validateOp rejects with 5 specific codes; MutationResult.meta.newId surfaces the minted id; mintHfId is imported from @hyperframes/core/hf-ids.

Files (4 changed)

  • packages/sdk/src/types.tsaddElement in EditOp union + Composition interface
  • packages/sdk/src/engine/mutate.ts — handler, helpers, applyOp + validateOp wiring, meta.newId
  • packages/sdk/src/session.ts — typed method
  • packages/sdk/src/engine/mutate.test.ts — 16 new tests

Gates

  • bun run build ✅ · bun test mutate.test.ts 70/0 (+16) ✅
  • bunx oxlint 0/0 ✅ · bunx oxfmt --check ✅ · fallow --gate new-only

Deferred (per plan)

Structured/typed element specs, auto-positioning, inserting managed GSAP for new elements.

🤖 Generated with Claude Code

This was referenced Jun 18, 2026
Merged
Merged
@vanceingalls Graphite App

vanceingalls commented Jun 18, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Jun 18, 2026
Merged
Merged
miga-heygen
miga-heygen reviewed Jun 19, 2026
View reviewed changes

@miga-heygen miga-heygen left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review — addElement forward op (WS-D)

Clean, well-structured addition. The forward/inverse symmetry with removeElement is airtight, the id-minting strategy against the live document's id set is the right call, and the test coverage (16 tests including undo/redo round-trip, serialize survival, and collision rehash) is thorough. A few observations worth discussing:

1. Missing parent guard in handler (medium)

handleAddElement resolves the parent via resolveScoped() but doesn't guard against a null return — it casts straight to Element and proceeds. validateOp would catch this if the consumer calls comp.can() first, but the hot path (_dispatchapplyOp) skips validation entirely. If resolveScoped returns null for a stale parent id, parentEl.children throws a runtime error with no useful context.

// line ~688
: (resolveScoped(parsed.document, parent) as Element);

Suggest: early-return EMPTY (or throw with a clear message) if parentEl is null, matching the defensive if (!node) return EMPTY guard two lines below.

2. Excluded-tag root element → empty newId (low-medium)

mintFragmentIds skips stamping any element whose tag is in HF_EXCLUDED_TAGS. If the root element of the fragment happens to be one of these (e.g. someone passes <style>...</style> or <template>...</template>), the function returns "" — an empty string flows through meta.newId, the elementPath("") produces a malformed patch path, and the session method returns "" as the id.

validateOp blocks <script> explicitly, but the other excluded tags (style, template, meta, link, noscript, base) pass validation and would hit this edge case. Worth either:

  • Extending validateOp to reject root elements with excluded tags, or
  • Documenting that only renderable elements are supported (the docstring says "single-root HTML fragment" — maybe tighten to "single-root renderable element").

3. Double as unknown cast for body resolution (nit)

const parentEl =
  parent === null
    ? ((parsed.document as unknown as { body: Element }).body as unknown as Element)
    : ...

This double-cast suggests the linkedom Document type doesn't expose .body. If that's a known linkedom gap, a one-line helper (or a type assertion module) would keep the cast localized and self-documenting. Not blocking — just a readability note.

4. Session method swallows failures silently (nit)

addElement(...): HfId {
  const result = this._dispatch({ type: "addElement", parent, index, html }, ORIGIN_LOCAL);
  return result.meta?.newId ?? "";
}

If _dispatch returns EMPTY (bad parent, no firstElementChild), the caller gets "" with no signal that the insert failed. The existing addGsapTween has the same pattern, so this is consistent with the codebase — but worth noting that SDK consumers need to check for empty-string returns. A // Returns "" if insert fails JSDoc note on the interface method would help.

Verdict

Solid work. The architecture decisions (minting against the live doc, split pure helpers, HF_EXCLUDED_TAGS mirroring core) are well-reasoned. Test coverage is comprehensive. The medium-priority items (1 and 2) are worth addressing before merge — #1 is a latent runtime error on the hot path, #2 is a quiet data corruption vector — but neither is a showstopper for this stack layer.

LGTM — ready for stamp (pending the parentEl guard).

Review by Miga

james-russo-rames-d-jusso
james-russo-rames-d-jusso reviewed Jun 19, 2026
View reviewed changes

@james-russo-rames-d-jusso james-russo-rames-d-jusso left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review — feat(sdk): addElement forward op — mint hf-id, inverse = removeElement (WS-D)

Reviewing at HEAD 7915aa9e54598c43a1f1960cb908f5d3d56c38c8. Stacked on #1570 (WS-C). Net +391/-1.

This is the cleanest of the four. The forward/inverse symmetry with handleRemoveElement is right — minted-against-live-doc avoids the obvious collision pitfall, the patchAdd→patchRemove pair round-trips through applyOne's existing element case (apply-patches.ts:174-194), and the 16 new tests cover the actual landmines (collision rehash, nested-fragment id minting, undo→redo with id stability).

Concerns

1. HF_EXCLUDED_TAGS is duplicated from core/parsers/hfIds.ts:14. (packages/sdk/src/engine/mutate.ts:633-641)

// mutate.ts:633-641
const HF_EXCLUDED_TAGS = new Set([
  "script", "style", "template", "meta", "link", "noscript", "base",
]);

vs the canonical:

// core/parsers/hfIds.ts:14
const EXCLUDED_TAGS = new Set(["script", "style", "template", "meta", "link", "noscript", "base"]);

The comment at mutate.ts:632 ("mirrors hfIds.ts EXCLUDED_TAGS") acknowledges this. The two are identical today, but ensureHfIds and mintHfId live in hfIds.ts and any future tag added there (e.g. iframe, slot) won't propagate to mutate.ts — silent drift, and the wrong side wins because mintFragmentIds is the gate for newly-minted content. Export EXCLUDED_TAGS from @hyperframes/core/hf-ids (the subpath you're already importing for mintHfId) and import it here.

2. validateOp doesn't reject HTML with multiple element roots. (packages/sdk/src/engine/mutate.ts:1424-1434)

The validator checks tmp.firstElementChild === null (zero elements rejected) but accepts <div>a</div><div>b</div> (two roots — only the first is inserted by handleAddElement because node = tmp.firstElementChild). The second silently dropped, no error, no meta. The PR body says "single-root HTML fragment" but the contract isn't enforced. Either reject tmp.children.length > 1 with E_INVALID_HTML, or extend the handler to wrap multi-root fragments in a sentinel parent. First is simpler and matches the type-definition comment at types.ts:99 ("Single-root HTML fragment").

Nits

  • handleAddElement returns EMPTY (line 678) when node === null, but validateOp already guarantees a non-null firstElementChild (line 1428). The defensive return is dead code if callers go through the SDK; leaving it for raw-dispatch safety is reasonable, just worth a one-line comment noting validateOp is the gate.
  • addElement on Composition returns "" when meta?.newId is absent (session.ts:142-145). addGsapTween does the same pattern (returns ""). Consider documenting that an empty-string return means "not minted, op rejected" — currently the JSDoc at types.ts:357-360 only describes the success case.

Verified

  • Inverse symmetry: handleAddElement emits patchAdd → patchRemove (line 692-696). handleRemoveElement on main emits patchRemove → patchAdd({html, parentId, siblingIndex}) (mutate.ts:593-594). Round-trip undo→redo of an addElement replays through the same apply-patches.ts element case as remove's inverse — the test "add → undo → redo: element returns with the same id" (mutate.test.ts:469-486) confirms id stability.
  • mintHfId collision safety: mintFragmentIds collects all live doc ids into assigned BEFORE minting (mutate.ts:644-651), and the mintHfId impl's dup-rehash loop (hfIds.ts:80-96) covers the content-identical case. Test "content-collision with existing element yields a distinct rehashed id" (mutate.test.ts:393-412) verifies the hf-logo clash path.
  • Determinism: mintHfId is content-keyed FNV1a; same input → same id. The replay test (mutate.test.ts:469-486) confirms id stability across undo/redo. No Date.now / Math.random involved.
  • <script> rejection in validateOp (mutate.ts:1430-1434): blocks the obvious XSS / GSAP-collision vector.
  • parent: null → document.body (mutate.ts:670-672) and the validate side accepts parent: null (mutate.ts:1416) — test "parent: null inserts at document body root level" (mutate.test.ts:489-505) confirms.
  • meta.newId surfaced through MutationResult.meta (mutate.ts:79) and session.addElement returns it (session.ts:142-145).
  • Recent commits to mutate.ts (gh api commits?path=packages/sdk/src/engine/mutate.ts&since=2026-06-12) — no Graphite-restack silent-revert risk; all 5 most-recent commits are additive feature/fix landings.

What I didn't verify

  • Whether data-hf-id on a newly-inserted element survives Studio's serialize → persist → reload round-trip in the full editor flow. The SDK round-trip via serializeDocument (mutate.test.ts:513-525) does survive, which is what the SDK contract owns.
  • GSAP interaction with newly-added elements — the PR body's "Deferred" section notes "inserting managed GSAP for new elements" is out of scope. Inserting GSAP via <script> is blocked at validate, which is the right defense for this op.

Cleanest of the four; address (1) (cheap export) and (2) (cheap validation) before stamp.

Review by Rames D Jusso

miguel-heygen
miguel-heygen previously approved these changes Jun 19, 2026
View reviewed changes

@miguel-heygen miguel-heygen left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vanceingalls vanceingalls force-pushed the ws-c-elastic-timing-word-align branch from 902966f to 489b76b Compare June 19, 2026 06:04
@vanceingalls @claude
feat(sdk): ws-c elastic timing + word-alignment resolver (WS-C)
46e6277 
C1: getElementTimings/setElementTiming typed session methods + setHold typed
wrapper. getElementTimings reads data-duration (preferred) or data-end−data-start
(fallback) — same attr-preference as handleSetTiming. setElementTiming dispatches
a sparse map as one batch → one patch event → one undo step. setHold mirrors
setVariableValue pattern.

Also fixes a pre-existing apply-patches.ts gap: the timing/duration patch case was
absent, causing undo of duration changes to silently no-op. Added the duration
branch so inverse patches restore data-duration correctly.

C2: packages/core/src/compiler/timingResolver.ts — shared pure resolveTimings()
consumed by BOTH preview (sdk session) and render (timingCompiler) paths. Word-
anchored elements get enterAt = wordTimings[k].start + offset; elastic hold =
max(0, slotEnd − (enterAt + enterDuration + exitDuration)), clamped ≥ 0; never
timescales animated content. Un-anchored elements keep authored timing (align-on-
adjust). Deterministic + pure: no Date.now, no Math.random, no DOM.

extractGsapLabels() added to gsapParserAcorn.ts to parse tl.addLabel() calls for
the getElementTimings labels field.

Tests: timingResolver.test.ts (10 pure-function tests including preview==render
parity golden test); session.timings.test.ts (15 session-layer tests covering
duration-authored, end-authored, label extraction, batching, undo, and setHold
regression).

Gates: build ✓ · bun test (sdk+core/compiler) 434/434 ✓ · oxlint 0 warnings ✓ ·
oxfmt --check ✓ · fallow --gate new-only ✓ (complexity suppressed on 2 new
inline functions, duplication warn-only pre-existing)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@vanceingalls vanceingalls force-pushed the ws-c-elastic-timing-word-align branch from 489b76b to 46e6277 Compare June 19, 2026 06:04
@vanceingalls @claude
feat(sdk): addElement forward op — mint hf-id, inverse = removeElemen…
8727308 
…t (WS-D)

Implements WS-D: the addElement EditOp and session.addElement() typed method.

- types.ts: addElement op (parent/index/html) added to EditOp union;
  addElement(parent, index, html): HfId added to Composition interface
- mutate.ts: handleAddElement inserts a single-root HTML fragment at
  parent+index, minting ids against the LIVE document's existing id set
  (not a fresh fragment set) via collectDocumentHfIds + mintFragmentIds;
  forward = patchAdd, inverse = patchRemove; MutationResult.meta.newId
  carries the minted root id
- mutate.ts: validateOp case rejects missing parent, negative index,
  empty html, zero-element html, and <script> in html
- session.ts: typed addElement(parent, index, html) returns minted id
  via result.meta.newId
- mutate.test.ts: 16 tests covering insert position, append semantics,
  id uniqueness, content-collision rehash, nested fragments, forward/
  inverse symmetry, undo, add/undo/redo stability, parent:null body
  insertion, serialize round-trip, and all five validateOp rejection codes

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Base automatically changed from ws-c-elastic-timing-word-align to main June 19, 2026 06:05
@vanceingalls vanceingalls dismissed miguel-heygen’s stale review June 19, 2026 06:05

The base branch was changed.

@vanceingalls vanceingalls merged commit 0ca01c8 into main Jun 19, 2026
30 checks passed
@vanceingalls vanceingalls deleted the ws-d-add-element branch June 19, 2026 06:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@james-russo-rames-d-jusso james-russo-rames-d-jusso james-russo-rames-d-jusso left review comments

@miga-heygen miga-heygen miga-heygen left review comments

@miguel-heygen miguel-heygen miguel-heygen left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@vanceingalls @miguel-heygen @james-russo-rames-d-jusso @miga-heygen