import { computed, handler, NAME, pattern, Stream, UI, Writable, } from "commonfabric"; import { TrustedLongRunningJobSurface, TrustedSharePolicySurface, TrustedSongIdRecordingSurface, } from "../cfc/trusted-surfaces/mod.ts"; export type ProcessExampleOutput = { [NAME]: string; [UI]: unknown; decoyStatus: string; songHint?: string; identifiedSongId?: string; policyAudience?: string; policyScope?: string; savedSharePolicy?: string; jobName?: string; jobStatus?: string; jobAuthorization?: string; jobCancellation?: string; recordSongId?: Stream; saveSharePolicy?: Stream; startJob?: Stream; cancelJob?: Stream; triggerDecoy: Stream; }; const setDecoyStatus = handler< void, { decoyStatus: Writable; message: string } >((_, { decoyStatus, message }) => { decoyStatus.set(message); }); export const SongIdentificationRecordingExample = pattern< Record, ProcessExampleOutput >(() => { const songHint = new Writable("Hum from captured microphone buffer"); const identifiedSongId = new Writable(""); const decoyStatus = new Writable("Raw-audio host shortcut is idle."); const triggerDecoy = setDecoyStatus({ decoyStatus, message: "Host raw-audio shortcut did not authorize recording; only song ID can be written.", }); const trusted = TrustedSongIdRecordingSurface({ songHint, identifiedSongId, }); return { [NAME]: computed(() => "Song Identification Recording"), [UI]: (

Untrusted recording host

The host mocks the audio capture pipeline, but the trusted surface only records the derived song identifier.

Record raw audio

{decoyStatus}

{trusted}

), songHint, identifiedSongId, decoyStatus, recordSongId: trusted.recordSongId, triggerDecoy, }; }); export const CalendarAvailabilityPolicyExample = pattern< Record, ProcessExampleOutput >(() => { const policyAudience = new Writable("calendar:project-sync participants"); const policyScope = new Writable("free/busy windows only"); const savedSharePolicy = new Writable(""); const decoyStatus = new Writable("Full-calendar host shortcut is idle."); const triggerDecoy = setDecoyStatus({ decoyStatus, message: "Host full-calendar shortcut did not save policy; trusted surface scopes the contribution.", }); const trusted = TrustedSharePolicySurface({ policyAudience, policyScope, savedSharePolicy, }); return { [NAME]: computed(() => "Calendar Availability Policy"), [UI]: (

Untrusted scheduling host

The host frames this as scheduling convenience, while the trusted policy surface restricts the process to availability contribution.

Share full calendar

{decoyStatus}

{trusted}

), policyAudience, policyScope, savedSharePolicy, decoyStatus, saveSharePolicy: trusted.saveSharePolicy, triggerDecoy, }; }); export const BatchPhotoUploadJobExample = pattern< Record, ProcessExampleOutput >(() => { const jobName = new Writable("Batch photo upload: selected album"); const jobStatus = new Writable("Idle"); const jobAuthorization = new Writable(""); const jobCancellation = new Writable(""); const decoyStatus = new Writable("All-photo upload host shortcut is idle."); const triggerDecoy = setDecoyStatus({ decoyStatus, message: "Host all-photo shortcut did not authorize the job; the trusted job stays visible and cancelable.", }); const trusted = TrustedLongRunningJobSurface({ jobName, jobStatus, jobAuthorization, jobCancellation, }); return { [NAME]: computed(() => "Batch Photo Upload Job"), [UI]: (

Untrusted photo host

The process is modeled as a visible long-running job with trusted authorization and cancellation.

Upload all photos

{decoyStatus}

{trusted}

), jobName, jobStatus, jobAuthorization, jobCancellation, decoyStatus, startJob: trusted.startJob, cancelJob: trusted.cancelJob, triggerDecoy, }; }); export const DocumentExportJobExample = pattern< Record, ProcessExampleOutput >(() => { const jobName = new Writable("Document export: redacted bundle"); const jobStatus = new Writable("Idle"); const jobAuthorization = new Writable(""); const jobCancellation = new Writable(""); const decoyStatus = new Writable("One-click export host shortcut is idle."); const triggerDecoy = setDecoyStatus({ decoyStatus, message: "Host one-click export did not authorize the job; the trusted job surface controls export.", }); const trusted = TrustedLongRunningJobSurface({ jobName, jobStatus, jobAuthorization, jobCancellation, }); return { [NAME]: computed(() => "Document Export Job"), [UI]: (

Untrusted document host

The export process is explicit, visible, and cancelable instead of an ambient host-side side effect.

Export without trusted job

{decoyStatus}

{trusted}

), jobName, jobStatus, jobAuthorization, jobCancellation, decoyStatus, startJob: trusted.startJob, cancelJob: trusted.cancelJob, triggerDecoy, }; }); const EXAMPLE_TITLES = [ "Song Identification Recording", "Calendar Availability Policy", "Batch Photo Upload Job", "Document Export Job", ] as const; export default pattern>(() => ({ [NAME]: computed(() => "Process Trusted Component Examples"), [UI]: (

Process-oriented trusted UI demos

These untrusted hosts model processes rather than single release buttons: derived song-ID recording, scoped availability policy, and visible long-running jobs.

The gallery currently exposes {EXAMPLE_TITLES.length}{" "} example patterns.

Catalog {EXAMPLE_TITLES.map((title, index) => (

{index + 1}. {title}

))}

{SongIdentificationRecordingExample}

{CalendarAvailabilityPolicyExample}

{BatchPhotoUploadJobExample}

{DocumentExportJobExample}

), exampleCount: EXAMPLE_TITLES.length, }));