@arbidocs/sdk 0.3.17 → 0.3.19

package/dist/index.cjs

@@ -285,6 +285,107 @@ var FileConfigStore = class {
     return null;
   }
 };
+
+// src/device-flow.ts
+var device_flow_exports = {};
+__export(device_flow_exports, {
+  DeviceFlowAccessDenied: () => DeviceFlowAccessDenied,
+  DeviceFlowError: () => DeviceFlowError,
+  DeviceFlowExpired: () => DeviceFlowExpired,
+  fetchSsoConfig: () => fetchSsoConfig,
+  pollForToken: () => pollForToken,
+  requestDeviceCode: () => requestDeviceCode
+});
+var DeviceFlowError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "DeviceFlowError";
+  }
+};
+var DeviceFlowExpired = class extends DeviceFlowError {
+  constructor() {
+    super("Device code expired \u2014 please try again");
+    this.name = "DeviceFlowExpired";
+  }
+};
+var DeviceFlowAccessDenied = class extends DeviceFlowError {
+  constructor() {
+    super("Authorization was denied by the user");
+    this.name = "DeviceFlowAccessDenied";
+  }
+};
+async function fetchSsoConfig(baseUrl) {
+  const arbi = client.createArbiClient({ baseUrl, deploymentDomain: "", credentials: "omit" });
+  const { data, error } = await arbi.fetch.GET("/v1/user/sso-config");
+  if (error || !data) {
+    throw new DeviceFlowError(`Failed to fetch SSO config`);
+  }
+  return {
+    ssoEnabled: data.sso_enabled,
+    domain: data.domain,
+    clientId: data.cli_client_id || data.client_id,
+    audience: data.audience
+  };
+}
+async function requestDeviceCode(domain, clientId, audience, scope = "openid email profile") {
+  const body = new URLSearchParams({
+    client_id: clientId,
+    scope,
+    ...audience ? { audience } : {}
+  });
+  const res = await fetch(`https://${domain}/oauth/device/code`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new DeviceFlowError(`Device code request failed: ${res.status} ${text}`);
+  }
+  return await res.json();
+}
+async function pollForToken(domain, clientId, deviceCode, interval, expiresIn, onPoll) {
+  const deadline = Date.now() + expiresIn * 1e3;
+  let pollInterval = interval * 1e3;
+  while (Date.now() < deadline) {
+    await sleep(pollInterval);
+    onPoll?.(Date.now());
+    const res = await fetch(`https://${domain}/oauth/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+        client_id: clientId,
+        device_code: deviceCode
+      })
+    });
+    if (res.ok) {
+      const data = await res.json();
+      return data.access_token;
+    }
+    const errBody = await res.json().catch(() => ({ error: "unknown" }));
+    if (errBody.error === "authorization_pending") {
+      continue;
+    } else if (errBody.error === "slow_down") {
+      pollInterval += 5e3;
+      continue;
+    } else if (errBody.error === "expired_token") {
+      throw new DeviceFlowExpired();
+    } else if (errBody.error === "access_denied") {
+      throw new DeviceFlowAccessDenied();
+    } else {
+      throw new DeviceFlowError(
+        `Token polling error: ${errBody.error} \u2014 ${errBody.error_description ?? ""}`
+      );
+    }
+  }
+  throw new DeviceFlowExpired();
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/auth.ts
 function formatWorkspaceChoices(wsList) {
   return wsList.map((ws) => {
     const totalDocs = ws.shared_document_count + ws.private_document_count;
@@ -305,7 +406,8 @@ async function createAuthenticatedClient(config, creds, store) {
   const signingPrivateKey = client.base64ToBytes(creds.signingPrivateKeyBase64);
   const loginResult = await arbi.auth.loginWithKey({
     email: creds.email,
-    signingPrivateKey
+    signingPrivateKey,
+    ssoToken: creds.ssoToken
   });
   store.saveCredentials({
     ...creds,
@@ -337,6 +439,40 @@ async function performPasswordLogin(config, email, password, store) {
   });
   return { arbi, loginResult, config };
 }
+async function performSsoDeviceFlowLogin(config, email, password, store, callbacks) {
+  const ssoConfig = await fetchSsoConfig(config.baseUrl);
+  if (!ssoConfig.ssoEnabled) {
+    throw new ArbiError("SSO is not enabled on this deployment");
+  }
+  const dc = await requestDeviceCode(ssoConfig.domain, ssoConfig.clientId, ssoConfig.audience);
+  callbacks?.onUserCode?.(dc.user_code, dc.verification_uri_complete);
+  const ssoToken = await pollForToken(
+    ssoConfig.domain,
+    ssoConfig.clientId,
+    dc.device_code,
+    dc.interval,
+    dc.expires_in,
+    callbacks?.onPoll
+  );
+  const arbi = client.createArbiClient({
+    baseUrl: config.baseUrl,
+    deploymentDomain: config.deploymentDomain,
+    credentials: "omit"
+  });
+  await arbi.crypto.initSodium();
+  const loginResult = await arbi.auth.login({ email, password, ssoToken });
+  store.saveCredentials({
+    email,
+    signingPrivateKeyBase64: arbi.crypto.bytesToBase64(loginResult.signingPrivateKey),
+    serverSessionKeyBase64: arbi.crypto.bytesToBase64(loginResult.serverSessionKey),
+    ssoToken,
+    accessToken: void 0,
+    workspaceKeyHeader: void 0,
+    workspaceId: void 0,
+    tokenTimestamp: void 0
+  });
+  return { arbi, loginResult, config };
+}
 async function selectWorkspace(arbi, workspaceId, wrappedKey, serverSessionKey, signingPrivateKeyBase64) {
   const signingPrivateKey = client.base64ToBytes(signingPrivateKeyBase64);
   const ed25519PublicKey = signingPrivateKey.slice(32, 64);
@@ -456,23 +592,7 @@ async function resolveWorkspace(store, workspaceOpt) {
 }
 
 // src/sse.ts
-var TOOL_LABELS = {
-  search_documents: "Searching documents",
-  get_document_passages: "Reading document",
-  get_table_of_contents: "Getting table of contents",
-  view_document_pages: "Viewing document pages",
-  get_full_document: "Reading full document",
-  web_search: "Searching the web",
-  read_url: "Reading web pages",
-  ask_user: "Asking user",
-  compaction: "Compacting conversation",
-  personal_agent: "Running agent",
-  create_artifact: "Creating artifact",
-  create_plan: "Creating plan",
-  save_skill: "Saving skill",
-  run_code: "Running code"
-};
-var LIFECYCLE_LABELS = {
+var LIFECYCLE_LABELS_FALLBACK = {
   evaluation: "Evaluating results",
   answering: "Writing answer",
   reviewing: "Reviewing answer",
@@ -481,18 +601,19 @@ var LIFECYCLE_LABELS = {
 };
 function formatAgentStepLabel(step) {
   if (step.focus) return step.focus;
+  if (step.label) return step.label;
   const detail = step.detail;
   if (step.step === "tool_progress" && detail && detail.length > 0) {
-    const toolName = detail[0].tool;
-    const label = toolName && TOOL_LABELS[toolName] || LIFECYCLE_LABELS.tool_progress;
+    const label = detail[0].label || LIFECYCLE_LABELS_FALLBACK.tool_progress;
     const message = detail[0].message;
     return message ? `${label}: ${message}` : label;
   }
   if (step.step) {
-    return LIFECYCLE_LABELS[step.step] || step.step;
+    return LIFECYCLE_LABELS_FALLBACK[step.step] || step.step;
   }
-  if (detail && detail.length > 0 && detail[0].tool) {
-    return TOOL_LABELS[detail[0].tool] || detail[0].tool;
+  if (detail && detail.length > 0) {
+    if (detail[0].label) return detail[0].label;
+    if (detail[0].tool) return detail[0].tool;
   }
   return "";
 }
@@ -2081,8 +2202,6 @@ exports.Arbi = Arbi;
 exports.ArbiApiError = ArbiApiError;
 exports.ArbiError = ArbiError;
 exports.FileConfigStore = FileConfigStore;
-exports.LIFECYCLE_LABELS = LIFECYCLE_LABELS;
-exports.TOOL_LABELS = TOOL_LABELS;
 exports.agentconfig = agentconfig_exports;
 exports.assistant = assistant_exports;
 exports.authenticatedFetch = authenticatedFetch;
@@ -2097,6 +2216,7 @@ exports.conversations = conversations_exports;
 exports.countCitations = countCitations;
 exports.createAuthenticatedClient = createAuthenticatedClient;
 exports.createDocumentWaiter = createDocumentWaiter;
+exports.deviceFlow = device_flow_exports;
 exports.dm = dm_exports;
 exports.doctags = doctags_exports;
 exports.documents = documents_exports;
@@ -2114,6 +2234,7 @@ exports.getErrorMessage = getErrorMessage;
 exports.health = health_exports;
 exports.parseSSEEvents = parseSSEEvents;
 exports.performPasswordLogin = performPasswordLogin;
+exports.performSsoDeviceFlowLogin = performSsoDeviceFlowLogin;
 exports.requireData = requireData;
 exports.requireOk = requireOk;
 exports.resolveAuth = resolveAuth;