feat(super-editor): add w:lock support for StructuredContent nodes

[tupizz]

Summary

Add ECMA-376 w:lock support for StructuredContent (inline) and StructuredContentBlock (block) nodes, enabling template variables to be read-only per the OOXML specification (§17.5.2.23).

Lock Modes

Lock Mode	SDT Wrapper	Content	Use Case
unlocked	Can delete	Can edit	Default, no restrictions
sdtLocked	Cannot delete	Can edit	Protect field structure
contentLocked	Can delete	Cannot edit	Read-only value, removable
sdtContentLocked	Cannot delete	Cannot edit	Fully protected field

Visual Comparison (Word vs SuperDoc)

Border behavior: Blue border (#629be7) appears on hover only, matching Word's behavior.

---

Architecture Decisions

1. Plugin-Only Defense (No contentEditable='false')

Decision: Block edits through the lock plugin instead of setting contentEditable='false' on locked content.

Why: Setting contentEditable='false' completely prevents cursor placement inside the node. This is poor UX because users:

• Can't select text to copy it
• Can't navigate through the document smoothly
• Experience jarring cursor behavior around locked regions

Solution: Keep content editable at the DOM level and rely on the plugin to block actual edits. Users can move cursor and select text freely while being prevented from modifying content.

2. Three-Layer Defense Strategy

The lock plugin uses three mechanisms to enforce locks:

Layer	Hook	Purpose
1	handleKeyDown	Block Delete/Backspace/Cut before transaction is created
2	handleTextInput	Block typing in content-locked nodes
3	filterTransaction	Safety net for paste, drag-drop, programmatic changes

Why handleKeyDown instead of just filterTransaction?

ProseMirror's transaction flow is:

User action → Browser event → handleKeyDown → Transaction created → filterTransaction → Applied

When filterTransaction blocks a transaction, the browser may have already modified DOM selection, causing the cursor to jump unexpectedly. By intercepting in handleKeyDown and calling event.preventDefault(), we prevent the browser from processing the event at all.

3. Step Relationship Analysis

To detect lock violations, we analyze the geometric relationship between a step's affected range and each SDT node:

Document: [----SDT----]
               pos    end

1. containsSDT: Would fully delete the SDT
   Step:    [================]
   SDT:        [--------]
   → Blocked for sdtLocked/sdtContentLocked

2. insideSDT: Modification entirely within SDT (but not deleting it)
   Step:          [--]
   SDT:        [--------]
   → Blocked for contentLocked/sdtContentLocked

3. crossesStart/crossesEnd: Step crosses SDT boundary
   Step:    [=======]        or        [=======]
   SDT:        [--------]         [--------]
   → Blocked for sdtLocked/sdtContentLocked (damages wrapper)

4. NodeView Provides Visual Feedback Only

The NodeView adds CSS classes for styling but does NOT set contentEditable:

updateContentEditability() {
  if (this.dom) {
    this.dom.classList.toggle('sd-structured-content--content-locked', this.isContentLocked());
    this.dom.classList.toggle('sd-structured-content--sdt-locked', this.isSdtLocked());
  }
}

---

Changes

Import/Export

• Parse w:lock element from w:sdtPr on DOCX import
• Export w:lock element to w:sdtPr on DOCX save
• Round-trip preservation of lock mode values

Editor Behavior

• Add lockMode attribute to StructuredContent and StructuredContentBlock extensions
• Add structuredContentLockPlugin with 3-layer defense:
  • handleKeyDown: Block Delete/Backspace/Cut before transaction
  • handleTextInput: Block typing in content-locked nodes
  • filterTransaction: Safety net for programmatic changes
• NodeView adds CSS classes for visual feedback (allows cursor movement)

Visual Styling (Presentation Mode)

• Add StructuredContentLockMode type to contracts
• Add lockMode to StructuredContentMetadata in style-engine
• Add data-lock-mode attribute rendering in DomPainter
• Add CSS styles matching Word's appearance for each lock mode

Documentation

• Add comprehensive research document at .tupizz/docs/prosemirror-lock-plugin-research.md
• Documents ProseMirror transaction flow, plugin hooks, and implementation learnings

---

Test Coverage

35 tests covering all lock modes and operations:

• Wrapper deletion tests (4 modes × 2 node types = 8 tests)
• Content modification tests (4 modes × 2 node types = 8 tests)
• Boundary crossing tests (crosses start/end of SDT)
• Edge cases (empty document, multiple SDTs, collapsed selection)

Test Files  1 passed (1)
     Tests  35 passed (35)

---

Files Changed

Package	Files
contracts	src/index.ts - Add StructuredContentLockMode type
style-engine	src/index.ts - Add lockMode normalization
painter-dom	renderer.ts, styles.ts, sdt-helpers.ts - Render lock mode styling
super-editor	Extensions, NodeViews, import/export handlers, lock plugin, tests

---

Test Plan

• Unit tests for import parsing (all 4 lock modes)
• Unit tests for export generation
• Unit tests for lock plugin (35 tests covering all scenarios)
• Cursor movement works in locked content
• Manual test with DOCX containing locked SDTs
• Verify visual styling matches Word

Related

• IT-336

Demo

CleanShot.2026-02-04.at.15.53.52.mp4

[github-actions]

Based on my review of the code and my knowledge of the ECMA-376 specification, I can provide a detailed review:

Status: FAIL

The implementation has spec violations in the w:lock element handling:

Issues Found

1. Invalid enumeration values (Critical)

Files:

• packages/super-editor/src/core/super-converter/v3/handlers/w/sdt/helpers/handle-structured-content-node.js:25
• packages/super-editor/src/core/super-converter/v3/handlers/w/sdt/helpers/translate-structured-content.js:62

Problem: The code uses 'unlocked' as a valid value for w:lock/@w:val, but this is not a valid ECMA-376 enumeration value.

According to ECMA-376 Part 1 §17.5.2.20 (CT_Lock), the w:lock element's w:val attribute accepts ST_Lock enumeration values:

• sdtLocked - SDT cannot be deleted
• contentLocked - SDT contents cannot be edited
• sdtContentLocked - Both SDT and contents are locked
• unlocked is NOT a valid value in the spec

Spec violation: When an SDT is unlocked, the w:lock element should be omitted entirely, not set to 'unlocked'.

2. Incorrect default handling (Major)

File: packages/super-editor/src/core/super-converter/v3/handlers/w/sdt/helpers/handle-structured-content-node.js:26

Problem: The code defaults missing w:lock elements to 'unlocked':

const lockMode = validModes.includes(lockValue) ? lockValue : 'unlocked';

Correct behavior: When w:lock is absent, the lock mode should be represented as undefined or null internally, and no w:lock element should be written on export.

3. Correct export logic (passes validation)

File: packages/super-editor/src/core/super-converter/v3/handlers/w/sdt/helpers/translate-structured-content.js:69

Good news: The export logic correctly omits the w:lock element when lockMode === 'unlocked':

if (attrs.lockMode && attrs.lockMode !== 'unlocked') resultElements.push(lock);

This partially compensates for issue #1, but the internal representation still uses an invalid spec value.

Recommendations

1. Remove 'unlocked' from valid modes - Use null/undefined to represent unlocked state
2. Update the valid modes list to only include the three actual ECMA-376 values:

   const validModes = ['sdtLocked', 'contentLocked', 'sdtContentLocked'];
   const lockMode = validModes.includes(lockValue) ? lockValue : null;

3. Update TypeScript types in packages/layout-engine/contracts/src/index.ts:59 to make lockMode nullable or remove 'unlocked' from the union

Reference

See ECMA-376 Part 1 §17.5.2.20 for full specification: https://ooxml.dev/spec?q=w:lock

The implementation is close but needs the "unlocked" value removed from the internal data model to fully comply with OOXML.

[Copilot]

Pull request overview

This PR adds comprehensive support for ECMA-376 w:lock functionality to StructuredContent nodes, enabling four lock modes (unlocked, sdtLocked, contentLocked, sdtContentLocked) that control whether the SDT wrapper can be deleted and whether the content can be edited. The implementation uses a three-layer defense strategy in the editor, full round-trip import/export support, and visual styling that differentiates lock modes.

Changes:

• Added lockMode attribute to StructuredContent and StructuredContentBlock nodes with DOM parsing/rendering
• Implemented lock enforcement plugin with handleKeyDown, handleTextInput, and filterTransaction hooks
• Added DOCX import parsing and export generation for w:lock elements
• Implemented visual styling with distinct background colors for each lock mode

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
packages/super-editor/src/extensions/types/node-attributes.ts	Added StructuredContentLockMode type definition
packages/super-editor/src/extensions/structured-content/structured-content.js	Added lockMode attribute and registered lock plugin
packages/super-editor/src/extensions/structured-content/structured-content-block.js	Added lockMode attribute definition
packages/super-editor/src/extensions/structured-content/structured-content-lock-plugin.js	Implemented three-layer lock enforcement with step relationship analysis
packages/super-editor/src/extensions/structured-content/structured-content-lock-plugin.test.js	Comprehensive test suite with 35 tests covering all lock modes and scenarios
packages/super-editor/src/extensions/structured-content/StructuredContentViewBase.js	Added lock detection and CSS class application methods
packages/super-editor/src/extensions/structured-content/StructuredContentInlineView.js	Integrated updateContentEditability in view lifecycle
packages/super-editor/src/extensions/structured-content/StructuredContentBlockView.js	Integrated updateContentEditability in view lifecycle
packages/super-editor/src/core/super-converter/v3/handlers/w/sdt/helpers/handle-structured-content-node.js	Added w:lock parsing with validation of lock mode values
packages/super-editor/src/core/super-converter/v3/handlers/w/sdt/helpers/handle-structured-content-node.test.js	Tests for parsing all lock mode values and defaults
packages/super-editor/src/core/super-converter/v3/handlers/w/sdt/helpers/translate-structured-content.js	Added w:lock export generation and deduplication
packages/super-editor/src/core/super-converter/v3/handlers/w/sdt/helpers/translate-structured-content.test.js	Tests for exporting lock modes and preventing duplication
packages/layout-engine/style-engine/src/index.ts	Added lockMode to normalized StructuredContentMetadata
packages/layout-engine/painters/dom/src/utils/sdt-helpers.ts	Added lockMode data attribute rendering in SDT containers
packages/layout-engine/painters/dom/src/renderer.ts	Added lockMode to dataset attributes and rendering
packages/layout-engine/painters/dom/src/styles.ts	Added CSS styles for each lock mode with hover effects
packages/layout-engine/contracts/src/index.ts	Added StructuredContentLockMode type to contracts

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

CSS specificity conflict: The new lock mode styles may conflict with existing hover styles. For inline structured content, line 423 sets border: 1px solid #629be7 and line 430-432 sets hover styles with background-color and border-color. The new lock mode styles at lines 459-485 set border: 1px solid transparent which will override the base blue border, and the hover styles at lines 488-491 only set border-color without setting background-color.

This means:

1. For inline SDTs without lock mode data attribute, the existing blue border and hover background will work correctly
2. For inline SDTs with lock mode data attributes, the transparent border will replace the blue border, and on hover, only the border color changes but the lock mode background color persists

This may not be the intended behavior. Consider whether lock mode styles should only apply to block-level SDTs, or if the inline styles need to be adjusted to work harmoniously with the existing hover behavior. The PR description mentions "matching Word's behavior" but it's unclear if Word shows these lock mode colors for inline SDTs or only for block SDTs.

[Copilot]

Unused variable sdtStillIntact.

Suggested change

	// Assert: check if SDT still exists (boundary crossing damages wrapper)
	const sdtStillIntact = sdtNodeExists(newState.doc, 'structuredContent');
	// Assert: check whether the document content changed

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fb4a38c0cd

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Map step positions when checking lock violations

The filterTransaction guard collects SDT ranges from the pre-transaction document, but each step.from/step.to is expressed in the document after prior steps have applied. In multi-step transactions (e.g., a programmatic command that inserts before an SDT and then deletes inside it), the later step’s coordinates will be shifted while the SDT ranges are not, so checkLockViolation can miss a deletion inside locked content. To keep the safety net accurate, map step positions back to the original doc or map SDT ranges forward for each step (e.g., via tr.mapping).

Useful? React with 👍 / 👎.