npm - @abraca/dabra - Versions diffs - 2.5.0 → 2.7.0 - Mend

@abraca/dabra 2.5.0 → 2.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/abracadabra-provider.cjs +67 -3
package/dist/abracadabra-provider.cjs.map +1 -1
package/dist/abracadabra-provider.esm.js +67 -3
package/dist/abracadabra-provider.esm.js.map +1 -1
package/dist/index.d.ts +63 -2
package/package.json +2 -2
package/src/AbracadabraBaseProvider.ts +15 -0
package/src/AbracadabraClient.ts +78 -0
package/src/ContentManager.ts +8 -6

package/dist/index.d.ts CHANGED Viewed

@@ -821,6 +821,62 @@ declare class AbracadabraClient {
       role: string | null;
     }>;
   }>;
+  /**
+   * List `service`-role users (runners, demo seeders, automation
+   * identities). Requires Service role. Admins can see service users via
+   * `/admin/users` too but cannot mint or rotate them.
+   */
+  adminListServiceAccounts(): Promise<{
+    items: Array<{
+      id: string;
+      username: string;
+      public_key: string | null;
+      revoked: boolean;
+      display_name: string | null;
+    }>;
+  }>;
+  /**
+   * Create a new `service`-role user. When `public_key` is omitted the
+   * server generates a keypair and returns the private half in the
+   * response — show it to the operator **once** and discard; the server
+   * never persists it. Requires Service role.
+   */
+  adminCreateServiceAccount(body: {
+    username: string;
+    public_key?: string;
+  }): Promise<{
+    id: string;
+    username: string;
+    public_key: string;
+    role: string;
+    private_key?: string;
+  }>;
+  /**
+   * Rotate the active keypair on a service account. Old JWTs are
+   * invalidated; old device keys are marked revoked; the canonical
+   * `users.public_key` swaps to the new value. `users.id` stays put so
+   * existing permission rows keep matching. Returns the new pubkey (and
+   * private half when the server generated it). Requires Service role.
+   */
+  adminRotateServiceAccountKey(userId: string, body?: {
+    public_key?: string;
+  }): Promise<{
+    id: string;
+    public_key: string;
+    private_key?: string;
+  }>;
+  /**
+   * Lock a service account and revoke all of its device keys. Idempotent.
+   * Refuses targets whose `users.role` isn't `"service"`. Requires
+   * Service role.
+   */
+  adminRevokeServiceAccount(userId: string): Promise<void>;
+  /**
+   * Revoke a single device key on a user (any role). Bumps
+   * `tokens_invalid_before` so open WS sessions tied to the key must
+   * re-auth. Requires elevated role (Service or Admin@root).
+   */
+  adminRevokeDeviceKey(userId: string, keyId: string): Promise<void>;
   /**
    * Page through the audit log. Filters AND-combine; `limit` defaults to
    * 100 server-side. Requires elevated role.
@@ -4929,8 +4985,13 @@ declare class ContentManager {
   constructor(dm: DocumentManager);
   /**
    * Read document content as markdown.
-   * Returns the title extracted from the TipTap documentHeader, the markdown
-   * body, tree metadata, and immediate children.
+   *
+   * Returns the markdown body, tree-derived label/type/meta, and immediate
+   * children. `title` mirrors `label` (the tree entry's display name) — it
+   * is *not* derived from a TipTap `documentHeader`, and the markdown body
+   * does NOT include YAML frontmatter. Callers that want frontmatter-style
+   * round-tripping should serialise `meta`/`type` themselves on top of the
+   * returned markdown.
    */
   read(docId: string): Promise<DocumentContent>;
   /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@abraca/dabra",
-  "version": "2.5.0",
+  "version": "2.7.0",
   "description": "abracadabra provider",
   "keywords": [
     "abracadabra",
@@ -41,7 +41,7 @@
     "yjs": "^13.6.8"
   },
   "devDependencies": {
-    "@abraca/schema": "2.5.0"
+    "@abraca/schema": "2.7.0"
   },
   "scripts": {
     "test": "node --no-warnings --conditions=source --experimental-transform-types --test 'tests/*.test.ts'"

package/src/AbracadabraBaseProvider.ts CHANGED Viewed

@@ -14,6 +14,7 @@ import { StatelessMessage } from "./OutgoingMessages/StatelessMessage.ts";
 import { RpcClient } from "./RpcClient.ts";
 import { QueryClient } from "./QueryClient.ts";
 import type { QuerySpec, QuerySubscriptionHandlers, QuerySubscriptionHandle } from "./QueryClient.ts";
+import { QueryAwarenessMessage } from "./OutgoingMessages/QueryAwarenessMessage.ts";
 import { SyncStepOneMessage } from "./OutgoingMessages/SyncStepOneMessage.ts";
 import { UpdateMessage } from "./OutgoingMessages/UpdateMessage.ts";
 import type {
@@ -516,6 +517,20 @@ export class AbracadabraBaseProvider extends EventEmitter {
         documentName: this.configuration.name,
       });
     }
+    // Pull existing peers' awareness on (re)connect. The server keeps no
+    // awareness cache and never replays presence to a fresh joiner, so without
+    // this a late-joining client only learns about a peer once that peer next
+    // *changes* its own awareness — producing asymmetric presence ("A sees B
+    // but B can't see A"). The server re-broadcasts this query to all peers,
+    // who answer with their full state (MessageReceiver.applyQueryAwareness),
+    // and those replies fan back to us. Matches stock y-websocket on-open
+    // behaviour. Only meaningful when an awareness instance exists.
+    if (this.awareness) {
+      this.send(QueryAwarenessMessage, {
+        documentName: this.configuration.name,
+      });
+    }
   }
   send(message: ConstructableOutgoingMessage, args: any) {

package/src/AbracadabraClient.ts CHANGED Viewed

@@ -1194,6 +1194,84 @@ export class AbracadabraClient {
 		);
 	}
+	/**
+	 * List `service`-role users (runners, demo seeders, automation
+	 * identities). Requires Service role. Admins can see service users via
+	 * `/admin/users` too but cannot mint or rotate them.
+	 */
+	async adminListServiceAccounts(): Promise<{
+		items: Array<{
+			id: string;
+			username: string;
+			public_key: string | null;
+			revoked: boolean;
+			display_name: string | null;
+		}>;
+	}> {
+		return this.request("GET", "/admin/service-accounts");
+	}
+	/**
+	 * Create a new `service`-role user. When `public_key` is omitted the
+	 * server generates a keypair and returns the private half in the
+	 * response — show it to the operator **once** and discard; the server
+	 * never persists it. Requires Service role.
+	 */
+	async adminCreateServiceAccount(body: {
+		username: string;
+		public_key?: string;
+	}): Promise<{
+		id: string;
+		username: string;
+		public_key: string;
+		role: string;
+		private_key?: string;
+	}> {
+		return this.request("POST", "/admin/service-accounts", { body });
+	}
+	/**
+	 * Rotate the active keypair on a service account. Old JWTs are
+	 * invalidated; old device keys are marked revoked; the canonical
+	 * `users.public_key` swaps to the new value. `users.id` stays put so
+	 * existing permission rows keep matching. Returns the new pubkey (and
+	 * private half when the server generated it). Requires Service role.
+	 */
+	async adminRotateServiceAccountKey(
+		userId: string,
+		body: { public_key?: string } = {},
+	): Promise<{ id: string; public_key: string; private_key?: string }> {
+		return this.request(
+			"POST",
+			`/admin/service-accounts/${encodeURIComponent(userId)}/rotate-key`,
+			{ body },
+		);
+	}
+	/**
+	 * Lock a service account and revoke all of its device keys. Idempotent.
+	 * Refuses targets whose `users.role` isn't `"service"`. Requires
+	 * Service role.
+	 */
+	async adminRevokeServiceAccount(userId: string): Promise<void> {
+		await this.request(
+			"DELETE",
+			`/admin/service-accounts/${encodeURIComponent(userId)}`,
+		);
+	}
+	/**
+	 * Revoke a single device key on a user (any role). Bumps
+	 * `tokens_invalid_before` so open WS sessions tied to the key must
+	 * re-auth. Requires elevated role (Service or Admin@root).
+	 */
+	async adminRevokeDeviceKey(userId: string, keyId: string): Promise<void> {
+		await this.request(
+			"POST",
+			`/admin/users/${encodeURIComponent(userId)}/device-keys/${encodeURIComponent(keyId)}/revoke`,
+		);
+	}
 	/**
 	 * Page through the audit log. Filters AND-combine; `limit` defaults to
 	 * 100 server-side. Requires elevated role.

package/src/ContentManager.ts CHANGED Viewed

@@ -44,8 +44,13 @@ export class ContentManager {
 	/**
 	 * Read document content as markdown.
-	 * Returns the title extracted from the TipTap documentHeader, the markdown
-	 * body, tree metadata, and immediate children.
+	 *
+	 * Returns the markdown body, tree-derived label/type/meta, and immediate
+	 * children. `title` mirrors `label` (the tree entry's display name) — it
+	 * is *not* derived from a TipTap `documentHeader`, and the markdown body
+	 * does NOT include YAML frontmatter. Callers that want frontmatter-style
+	 * round-tripping should serialise `meta`/`type` themselves on top of the
+	 * returned markdown.
 	 */
 	async read(docId: string): Promise<DocumentContent> {
 		const provider = await this.dm.getChildProvider(docId);
@@ -95,10 +100,7 @@ export class ContentManager {
 			meta,
 		}));
-		// yjsToMarkdown returns a string and takes the resolved label/meta/type
-		// so frontmatter round-trips. (Older code destructured an object and
-		// passed only the fragment — that silently produced `undefined`.)
-		const markdown = yjsToMarkdown(fragment, label, meta, type);
+		const { markdown } = yjsToMarkdown(fragment);
 		const title = label;
 		return { label, type, meta, title, markdown, children };