@arbidocs/sdk 0.3.17 → 0.3.19

package/dist/index.d.cts

@@ -1,5 +1,5 @@
-import { C as ConfigStore, a as CliConfig, b as CliCredentials, c as ChatSession, A as AuthHeaders, U as UploadBatchResult, d as UploadOptions, e as UploadResult } from './browser-BtAHbiq_.cjs';
-export { f as AgentStepEvent, g as Arbi, h as ArbiApiError, i as ArbiError, j as ArbiOptions, k as ArtifactEvent, l as AuthContext, m as AuthenticatedClient, n as CitationSummary, o as ConnectOptions, D as DocumentWaiter, p as DocumentWaiterOptions, F as FormattedWsMessage, L as LIFECYCLE_LABELS, M as MessageLevel, q as MessageMetadataPayload, r as MessageQueuedEvent, O as OutputTokensDetails, Q as QueryOptions, R as ReconnectOptions, s as ReconnectableWsConnection, t as ResolvedCitation, u as ResponseCompletedEvent, v as ResponseContentPartAddedEvent, w as ResponseCreatedEvent, x as ResponseFailedEvent, y as ResponseOutputItemAddedEvent, z as ResponseOutputItemDoneEvent, B as ResponseOutputTextDeltaEvent, E as ResponseOutputTextDoneEvent, G as ResponseUsage, S as SSEEvent, H as SSEStreamCallbacks, I as SSEStreamResult, J as SSEStreamStartData, T as TOOL_LABELS, K as UserInfo, N as UserInputRequestEvent, P as UserMessageEvent, W as WorkspaceContext, V as WsConnection, X as agentconfig, Y as assistant, Z as authenticatedFetch, _ as buildRetrievalChunkTool, $ as buildRetrievalFullContextTool, a0 as buildRetrievalTocTool, a1 as connectWebSocket, a2 as connectWithReconnect, a3 as consumeSSEStream, a4 as contacts, a5 as conversations, a6 as countCitations, a7 as createAuthenticatedClient, a8 as createDocumentWaiter, a9 as dm, aa as doctags, ab as documents, ac as files, ad as formatAgentStepLabel, ae as formatFileSize, af as formatStreamSummary, ag as formatUserName, ah as formatWorkspaceChoices, ai as formatWsMessage, aj as generateEncryptedWorkspaceKey, ak as getErrorCode, al as getErrorMessage, am as health, an as parseSSEEvents, ao as performPasswordLogin, ap as requireData, aq as requireOk, ar as resolveAuth, as as resolveCitations, at as resolveWorkspace, au as responses, av as selectWorkspace, aw as selectWorkspaceById, ax as settings, ay as streamSSE, az as stripCitationMarkdown, aA as summarizeCitations, aB as tags, aC as workspaces } from './browser-BtAHbiq_.cjs';
+import { C as ConfigStore, a as CliConfig, b as CliCredentials, c as ChatSession, A as AuthHeaders, U as UploadBatchResult, d as UploadOptions, e as UploadResult } from './browser-D8aF-wkt.cjs';
+export { f as AgentStepEvent, g as Arbi, h as ArbiApiError, i as ArbiError, j as ArbiOptions, k as ArtifactEvent, l as AuthContext, m as AuthenticatedClient, n as CitationSummary, o as ConnectOptions, D as DocumentWaiter, p as DocumentWaiterOptions, F as FormattedWsMessage, M as MessageLevel, q as MessageMetadataPayload, r as MessageQueuedEvent, O as OutputTokensDetails, Q as QueryOptions, R as ReconnectOptions, s as ReconnectableWsConnection, t as ResolvedCitation, u as ResponseCompletedEvent, v as ResponseContentPartAddedEvent, w as ResponseCreatedEvent, x as ResponseFailedEvent, y as ResponseOutputItemAddedEvent, z as ResponseOutputItemDoneEvent, B as ResponseOutputTextDeltaEvent, E as ResponseOutputTextDoneEvent, G as ResponseUsage, S as SSEEvent, H as SSEStreamCallbacks, I as SSEStreamResult, J as SSEStreamStartData, K as UserInfo, L as UserInputRequestEvent, N as UserMessageEvent, W as WorkspaceContext, P as WsConnection, T as agentconfig, V as assistant, X as authenticatedFetch, Y as buildRetrievalChunkTool, Z as buildRetrievalFullContextTool, _ as buildRetrievalTocTool, $ as connectWebSocket, a0 as connectWithReconnect, a1 as consumeSSEStream, a2 as contacts, a3 as conversations, a4 as countCitations, a5 as createAuthenticatedClient, a6 as createDocumentWaiter, a7 as dm, a8 as doctags, a9 as documents, aa as files, ab as formatAgentStepLabel, ac as formatFileSize, ad as formatStreamSummary, ae as formatUserName, af as formatWorkspaceChoices, ag as formatWsMessage, ah as generateEncryptedWorkspaceKey, ai as getErrorCode, aj as getErrorMessage, ak as health, al as parseSSEEvents, am as performPasswordLogin, an as performSsoDeviceFlowLogin, ao as requireData, ap as requireOk, aq as resolveAuth, ar as resolveCitations, as as resolveWorkspace, at as responses, au as selectWorkspace, av as selectWorkspaceById, aw as settings, ax as streamSSE, ay as stripCitationMarkdown, az as summarizeCitations, aA as tags, aB as workspaces } from './browser-D8aF-wkt.cjs';
 import '@arbidocs/client';
 
 /**
@@ -58,6 +58,66 @@ declare class FileConfigStore implements ConfigStore {
     private readPublicConfigDomain;
 }
 
+/**
+ * OAuth 2.0 Device Authorization Grant (RFC 8628) for Auth0.
+ *
+ * Enables headless CLI login: the user authorizes in a browser while the CLI polls for a token.
+ */
+interface SsoConfig {
+    ssoEnabled: boolean;
+    domain: string;
+    clientId: string;
+    audience: string;
+}
+interface DeviceCodeResponse {
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    verification_uri_complete: string;
+    expires_in: number;
+    interval: number;
+}
+declare class DeviceFlowError extends Error {
+    constructor(message: string);
+}
+declare class DeviceFlowExpired extends DeviceFlowError {
+    constructor();
+}
+declare class DeviceFlowAccessDenied extends DeviceFlowError {
+    constructor();
+}
+/**
+ * Fetch SSO configuration from the ARBI deployment.
+ */
+declare function fetchSsoConfig(baseUrl: string): Promise<SsoConfig>;
+/**
+ * Request a device code from Auth0.
+ *
+ * POST https://{domain}/oauth/device/code
+ */
+declare function requestDeviceCode(domain: string, clientId: string, audience?: string, scope?: string): Promise<DeviceCodeResponse>;
+/**
+ * Poll Auth0 token endpoint until the user authorizes (or the code expires).
+ *
+ * Returns the Auth0 access_token (JWT).
+ */
+declare function pollForToken(domain: string, clientId: string, deviceCode: string, interval: number, expiresIn: number, onPoll?: (elapsedMs: number) => void): Promise<string>;
+
+type deviceFlow_DeviceCodeResponse = DeviceCodeResponse;
+type deviceFlow_DeviceFlowAccessDenied = DeviceFlowAccessDenied;
+declare const deviceFlow_DeviceFlowAccessDenied: typeof DeviceFlowAccessDenied;
+type deviceFlow_DeviceFlowError = DeviceFlowError;
+declare const deviceFlow_DeviceFlowError: typeof DeviceFlowError;
+type deviceFlow_DeviceFlowExpired = DeviceFlowExpired;
+declare const deviceFlow_DeviceFlowExpired: typeof DeviceFlowExpired;
+type deviceFlow_SsoConfig = SsoConfig;
+declare const deviceFlow_fetchSsoConfig: typeof fetchSsoConfig;
+declare const deviceFlow_pollForToken: typeof pollForToken;
+declare const deviceFlow_requestDeviceCode: typeof requestDeviceCode;
+declare namespace deviceFlow {
+  export { type deviceFlow_DeviceCodeResponse as DeviceCodeResponse, deviceFlow_DeviceFlowAccessDenied as DeviceFlowAccessDenied, deviceFlow_DeviceFlowError as DeviceFlowError, deviceFlow_DeviceFlowExpired as DeviceFlowExpired, type deviceFlow_SsoConfig as SsoConfig, deviceFlow_fetchSsoConfig as fetchSsoConfig, deviceFlow_pollForToken as pollForToken, deviceFlow_requestDeviceCode as requestDeviceCode };
+}
+
 /**
  * Document operations — Node.js file system operations.
  *
@@ -90,4 +150,4 @@ declare namespace documentsNode {
   export { documentsNode_uploadDirectory as uploadDirectory, documentsNode_uploadLocalFile as uploadLocalFile, documentsNode_uploadZip as uploadZip };
 }
 
-export { AuthHeaders, ChatSession, CliConfig, CliCredentials, ConfigStore, FileConfigStore, documentsNode };
+export { AuthHeaders, ChatSession, CliConfig, CliCredentials, ConfigStore, FileConfigStore, deviceFlow, documentsNode };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { C as ConfigStore, a as CliConfig, b as CliCredentials, c as ChatSession, A as AuthHeaders, U as UploadBatchResult, d as UploadOptions, e as UploadResult } from './browser-BtAHbiq_.js';
-export { f as AgentStepEvent, g as Arbi, h as ArbiApiError, i as ArbiError, j as ArbiOptions, k as ArtifactEvent, l as AuthContext, m as AuthenticatedClient, n as CitationSummary, o as ConnectOptions, D as DocumentWaiter, p as DocumentWaiterOptions, F as FormattedWsMessage, L as LIFECYCLE_LABELS, M as MessageLevel, q as MessageMetadataPayload, r as MessageQueuedEvent, O as OutputTokensDetails, Q as QueryOptions, R as ReconnectOptions, s as ReconnectableWsConnection, t as ResolvedCitation, u as ResponseCompletedEvent, v as ResponseContentPartAddedEvent, w as ResponseCreatedEvent, x as ResponseFailedEvent, y as ResponseOutputItemAddedEvent, z as ResponseOutputItemDoneEvent, B as ResponseOutputTextDeltaEvent, E as ResponseOutputTextDoneEvent, G as ResponseUsage, S as SSEEvent, H as SSEStreamCallbacks, I as SSEStreamResult, J as SSEStreamStartData, T as TOOL_LABELS, K as UserInfo, N as UserInputRequestEvent, P as UserMessageEvent, W as WorkspaceContext, V as WsConnection, X as agentconfig, Y as assistant, Z as authenticatedFetch, _ as buildRetrievalChunkTool, $ as buildRetrievalFullContextTool, a0 as buildRetrievalTocTool, a1 as connectWebSocket, a2 as connectWithReconnect, a3 as consumeSSEStream, a4 as contacts, a5 as conversations, a6 as countCitations, a7 as createAuthenticatedClient, a8 as createDocumentWaiter, a9 as dm, aa as doctags, ab as documents, ac as files, ad as formatAgentStepLabel, ae as formatFileSize, af as formatStreamSummary, ag as formatUserName, ah as formatWorkspaceChoices, ai as formatWsMessage, aj as generateEncryptedWorkspaceKey, ak as getErrorCode, al as getErrorMessage, am as health, an as parseSSEEvents, ao as performPasswordLogin, ap as requireData, aq as requireOk, ar as resolveAuth, as as resolveCitations, at as resolveWorkspace, au as responses, av as selectWorkspace, aw as selectWorkspaceById, ax as settings, ay as streamSSE, az as stripCitationMarkdown, aA as summarizeCitations, aB as tags, aC as workspaces } from './browser-BtAHbiq_.js';
+import { C as ConfigStore, a as CliConfig, b as CliCredentials, c as ChatSession, A as AuthHeaders, U as UploadBatchResult, d as UploadOptions, e as UploadResult } from './browser-D8aF-wkt.js';
+export { f as AgentStepEvent, g as Arbi, h as ArbiApiError, i as ArbiError, j as ArbiOptions, k as ArtifactEvent, l as AuthContext, m as AuthenticatedClient, n as CitationSummary, o as ConnectOptions, D as DocumentWaiter, p as DocumentWaiterOptions, F as FormattedWsMessage, M as MessageLevel, q as MessageMetadataPayload, r as MessageQueuedEvent, O as OutputTokensDetails, Q as QueryOptions, R as ReconnectOptions, s as ReconnectableWsConnection, t as ResolvedCitation, u as ResponseCompletedEvent, v as ResponseContentPartAddedEvent, w as ResponseCreatedEvent, x as ResponseFailedEvent, y as ResponseOutputItemAddedEvent, z as ResponseOutputItemDoneEvent, B as ResponseOutputTextDeltaEvent, E as ResponseOutputTextDoneEvent, G as ResponseUsage, S as SSEEvent, H as SSEStreamCallbacks, I as SSEStreamResult, J as SSEStreamStartData, K as UserInfo, L as UserInputRequestEvent, N as UserMessageEvent, W as WorkspaceContext, P as WsConnection, T as agentconfig, V as assistant, X as authenticatedFetch, Y as buildRetrievalChunkTool, Z as buildRetrievalFullContextTool, _ as buildRetrievalTocTool, $ as connectWebSocket, a0 as connectWithReconnect, a1 as consumeSSEStream, a2 as contacts, a3 as conversations, a4 as countCitations, a5 as createAuthenticatedClient, a6 as createDocumentWaiter, a7 as dm, a8 as doctags, a9 as documents, aa as files, ab as formatAgentStepLabel, ac as formatFileSize, ad as formatStreamSummary, ae as formatUserName, af as formatWorkspaceChoices, ag as formatWsMessage, ah as generateEncryptedWorkspaceKey, ai as getErrorCode, aj as getErrorMessage, ak as health, al as parseSSEEvents, am as performPasswordLogin, an as performSsoDeviceFlowLogin, ao as requireData, ap as requireOk, aq as resolveAuth, ar as resolveCitations, as as resolveWorkspace, at as responses, au as selectWorkspace, av as selectWorkspaceById, aw as settings, ax as streamSSE, ay as stripCitationMarkdown, az as summarizeCitations, aA as tags, aB as workspaces } from './browser-D8aF-wkt.js';
 import '@arbidocs/client';
 
 /**
@@ -58,6 +58,66 @@ declare class FileConfigStore implements ConfigStore {
     private readPublicConfigDomain;
 }
 
+/**
+ * OAuth 2.0 Device Authorization Grant (RFC 8628) for Auth0.
+ *
+ * Enables headless CLI login: the user authorizes in a browser while the CLI polls for a token.
+ */
+interface SsoConfig {
+    ssoEnabled: boolean;
+    domain: string;
+    clientId: string;
+    audience: string;
+}
+interface DeviceCodeResponse {
+    device_code: string;
+    user_code: string;
+    verification_uri: string;
+    verification_uri_complete: string;
+    expires_in: number;
+    interval: number;
+}
+declare class DeviceFlowError extends Error {
+    constructor(message: string);
+}
+declare class DeviceFlowExpired extends DeviceFlowError {
+    constructor();
+}
+declare class DeviceFlowAccessDenied extends DeviceFlowError {
+    constructor();
+}
+/**
+ * Fetch SSO configuration from the ARBI deployment.
+ */
+declare function fetchSsoConfig(baseUrl: string): Promise<SsoConfig>;
+/**
+ * Request a device code from Auth0.
+ *
+ * POST https://{domain}/oauth/device/code
+ */
+declare function requestDeviceCode(domain: string, clientId: string, audience?: string, scope?: string): Promise<DeviceCodeResponse>;
+/**
+ * Poll Auth0 token endpoint until the user authorizes (or the code expires).
+ *
+ * Returns the Auth0 access_token (JWT).
+ */
+declare function pollForToken(domain: string, clientId: string, deviceCode: string, interval: number, expiresIn: number, onPoll?: (elapsedMs: number) => void): Promise<string>;
+
+type deviceFlow_DeviceCodeResponse = DeviceCodeResponse;
+type deviceFlow_DeviceFlowAccessDenied = DeviceFlowAccessDenied;
+declare const deviceFlow_DeviceFlowAccessDenied: typeof DeviceFlowAccessDenied;
+type deviceFlow_DeviceFlowError = DeviceFlowError;
+declare const deviceFlow_DeviceFlowError: typeof DeviceFlowError;
+type deviceFlow_DeviceFlowExpired = DeviceFlowExpired;
+declare const deviceFlow_DeviceFlowExpired: typeof DeviceFlowExpired;
+type deviceFlow_SsoConfig = SsoConfig;
+declare const deviceFlow_fetchSsoConfig: typeof fetchSsoConfig;
+declare const deviceFlow_pollForToken: typeof pollForToken;
+declare const deviceFlow_requestDeviceCode: typeof requestDeviceCode;
+declare namespace deviceFlow {
+  export { type deviceFlow_DeviceCodeResponse as DeviceCodeResponse, deviceFlow_DeviceFlowAccessDenied as DeviceFlowAccessDenied, deviceFlow_DeviceFlowError as DeviceFlowError, deviceFlow_DeviceFlowExpired as DeviceFlowExpired, type deviceFlow_SsoConfig as SsoConfig, deviceFlow_fetchSsoConfig as fetchSsoConfig, deviceFlow_pollForToken as pollForToken, deviceFlow_requestDeviceCode as requestDeviceCode };
+}
+
 /**
  * Document operations — Node.js file system operations.
  *
@@ -90,4 +150,4 @@ declare namespace documentsNode {
   export { documentsNode_uploadDirectory as uploadDirectory, documentsNode_uploadLocalFile as uploadLocalFile, documentsNode_uploadZip as uploadZip };
 }
 
-export { AuthHeaders, ChatSession, CliConfig, CliCredentials, ConfigStore, FileConfigStore, documentsNode };
+export { AuthHeaders, ChatSession, CliConfig, CliCredentials, ConfigStore, FileConfigStore, deviceFlow, documentsNode };

package/dist/index.js

@@ -277,6 +277,107 @@ var FileConfigStore = class {
     return null;
   }
 };
+
+// src/device-flow.ts
+var device_flow_exports = {};
+__export(device_flow_exports, {
+  DeviceFlowAccessDenied: () => DeviceFlowAccessDenied,
+  DeviceFlowError: () => DeviceFlowError,
+  DeviceFlowExpired: () => DeviceFlowExpired,
+  fetchSsoConfig: () => fetchSsoConfig,
+  pollForToken: () => pollForToken,
+  requestDeviceCode: () => requestDeviceCode
+});
+var DeviceFlowError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "DeviceFlowError";
+  }
+};
+var DeviceFlowExpired = class extends DeviceFlowError {
+  constructor() {
+    super("Device code expired \u2014 please try again");
+    this.name = "DeviceFlowExpired";
+  }
+};
+var DeviceFlowAccessDenied = class extends DeviceFlowError {
+  constructor() {
+    super("Authorization was denied by the user");
+    this.name = "DeviceFlowAccessDenied";
+  }
+};
+async function fetchSsoConfig(baseUrl) {
+  const arbi = createArbiClient({ baseUrl, deploymentDomain: "", credentials: "omit" });
+  const { data, error } = await arbi.fetch.GET("/v1/user/sso-config");
+  if (error || !data) {
+    throw new DeviceFlowError(`Failed to fetch SSO config`);
+  }
+  return {
+    ssoEnabled: data.sso_enabled,
+    domain: data.domain,
+    clientId: data.cli_client_id || data.client_id,
+    audience: data.audience
+  };
+}
+async function requestDeviceCode(domain, clientId, audience, scope = "openid email profile") {
+  const body = new URLSearchParams({
+    client_id: clientId,
+    scope,
+    ...audience ? { audience } : {}
+  });
+  const res = await fetch(`https://${domain}/oauth/device/code`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new DeviceFlowError(`Device code request failed: ${res.status} ${text}`);
+  }
+  return await res.json();
+}
+async function pollForToken(domain, clientId, deviceCode, interval, expiresIn, onPoll) {
+  const deadline = Date.now() + expiresIn * 1e3;
+  let pollInterval = interval * 1e3;
+  while (Date.now() < deadline) {
+    await sleep(pollInterval);
+    onPoll?.(Date.now());
+    const res = await fetch(`https://${domain}/oauth/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+        client_id: clientId,
+        device_code: deviceCode
+      })
+    });
+    if (res.ok) {
+      const data = await res.json();
+      return data.access_token;
+    }
+    const errBody = await res.json().catch(() => ({ error: "unknown" }));
+    if (errBody.error === "authorization_pending") {
+      continue;
+    } else if (errBody.error === "slow_down") {
+      pollInterval += 5e3;
+      continue;
+    } else if (errBody.error === "expired_token") {
+      throw new DeviceFlowExpired();
+    } else if (errBody.error === "access_denied") {
+      throw new DeviceFlowAccessDenied();
+    } else {
+      throw new DeviceFlowError(
+        `Token polling error: ${errBody.error} \u2014 ${errBody.error_description ?? ""}`
+      );
+    }
+  }
+  throw new DeviceFlowExpired();
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/auth.ts
 function formatWorkspaceChoices(wsList) {
   return wsList.map((ws) => {
     const totalDocs = ws.shared_document_count + ws.private_document_count;
@@ -297,7 +398,8 @@ async function createAuthenticatedClient(config, creds, store) {
   const signingPrivateKey = base64ToBytes(creds.signingPrivateKeyBase64);
   const loginResult = await arbi.auth.loginWithKey({
     email: creds.email,
-    signingPrivateKey
+    signingPrivateKey,
+    ssoToken: creds.ssoToken
   });
   store.saveCredentials({
     ...creds,
@@ -329,6 +431,40 @@ async function performPasswordLogin(config, email, password, store) {
   });
   return { arbi, loginResult, config };
 }
+async function performSsoDeviceFlowLogin(config, email, password, store, callbacks) {
+  const ssoConfig = await fetchSsoConfig(config.baseUrl);
+  if (!ssoConfig.ssoEnabled) {
+    throw new ArbiError("SSO is not enabled on this deployment");
+  }
+  const dc = await requestDeviceCode(ssoConfig.domain, ssoConfig.clientId, ssoConfig.audience);
+  callbacks?.onUserCode?.(dc.user_code, dc.verification_uri_complete);
+  const ssoToken = await pollForToken(
+    ssoConfig.domain,
+    ssoConfig.clientId,
+    dc.device_code,
+    dc.interval,
+    dc.expires_in,
+    callbacks?.onPoll
+  );
+  const arbi = createArbiClient({
+    baseUrl: config.baseUrl,
+    deploymentDomain: config.deploymentDomain,
+    credentials: "omit"
+  });
+  await arbi.crypto.initSodium();
+  const loginResult = await arbi.auth.login({ email, password, ssoToken });
+  store.saveCredentials({
+    email,
+    signingPrivateKeyBase64: arbi.crypto.bytesToBase64(loginResult.signingPrivateKey),
+    serverSessionKeyBase64: arbi.crypto.bytesToBase64(loginResult.serverSessionKey),
+    ssoToken,
+    accessToken: void 0,
+    workspaceKeyHeader: void 0,
+    workspaceId: void 0,
+    tokenTimestamp: void 0
+  });
+  return { arbi, loginResult, config };
+}
 async function selectWorkspace(arbi, workspaceId, wrappedKey, serverSessionKey, signingPrivateKeyBase64) {
   const signingPrivateKey = base64ToBytes(signingPrivateKeyBase64);
   const ed25519PublicKey = signingPrivateKey.slice(32, 64);
@@ -448,23 +584,7 @@ async function resolveWorkspace(store, workspaceOpt) {
 }
 
 // src/sse.ts
-var TOOL_LABELS = {
-  search_documents: "Searching documents",
-  get_document_passages: "Reading document",
-  get_table_of_contents: "Getting table of contents",
-  view_document_pages: "Viewing document pages",
-  get_full_document: "Reading full document",
-  web_search: "Searching the web",
-  read_url: "Reading web pages",
-  ask_user: "Asking user",
-  compaction: "Compacting conversation",
-  personal_agent: "Running agent",
-  create_artifact: "Creating artifact",
-  create_plan: "Creating plan",
-  save_skill: "Saving skill",
-  run_code: "Running code"
-};
-var LIFECYCLE_LABELS = {
+var LIFECYCLE_LABELS_FALLBACK = {
   evaluation: "Evaluating results",
   answering: "Writing answer",
   reviewing: "Reviewing answer",
@@ -473,18 +593,19 @@ var LIFECYCLE_LABELS = {
 };
 function formatAgentStepLabel(step) {
   if (step.focus) return step.focus;
+  if (step.label) return step.label;
   const detail = step.detail;
   if (step.step === "tool_progress" && detail && detail.length > 0) {
-    const toolName = detail[0].tool;
-    const label = toolName && TOOL_LABELS[toolName] || LIFECYCLE_LABELS.tool_progress;
+    const label = detail[0].label || LIFECYCLE_LABELS_FALLBACK.tool_progress;
     const message = detail[0].message;
     return message ? `${label}: ${message}` : label;
   }
   if (step.step) {
-    return LIFECYCLE_LABELS[step.step] || step.step;
+    return LIFECYCLE_LABELS_FALLBACK[step.step] || step.step;
   }
-  if (detail && detail.length > 0 && detail[0].tool) {
-    return TOOL_LABELS[detail[0].tool] || detail[0].tool;
+  if (detail && detail.length > 0) {
+    if (detail[0].label) return detail[0].label;
+    if (detail[0].tool) return detail[0].tool;
   }
   return "";
 }
@@ -2069,6 +2190,6 @@ function extractResponseText(response) {
   return parts.join("");
 }
 
-export { Arbi, ArbiApiError, ArbiError, FileConfigStore, LIFECYCLE_LABELS, TOOL_LABELS, agentconfig_exports as agentconfig, assistant_exports as assistant, authenticatedFetch, buildRetrievalChunkTool, buildRetrievalFullContextTool, buildRetrievalTocTool, connectWebSocket, connectWithReconnect, consumeSSEStream, contacts_exports as contacts, conversations_exports as conversations, countCitations, createAuthenticatedClient, createDocumentWaiter, dm_exports as dm, doctags_exports as doctags, documents_exports as documents, documents_node_exports as documentsNode, files_exports as files, formatAgentStepLabel, formatFileSize, formatStreamSummary, formatUserName, formatWorkspaceChoices, formatWsMessage, generateEncryptedWorkspaceKey, getErrorCode, getErrorMessage, health_exports as health, parseSSEEvents, performPasswordLogin, requireData, requireOk, resolveAuth, resolveCitations, resolveWorkspace, responses_exports as responses, selectWorkspace, selectWorkspaceById, settings_exports as settings, streamSSE, stripCitationMarkdown, summarizeCitations, tags_exports as tags, workspaces_exports as workspaces };
+export { Arbi, ArbiApiError, ArbiError, FileConfigStore, agentconfig_exports as agentconfig, assistant_exports as assistant, authenticatedFetch, buildRetrievalChunkTool, buildRetrievalFullContextTool, buildRetrievalTocTool, connectWebSocket, connectWithReconnect, consumeSSEStream, contacts_exports as contacts, conversations_exports as conversations, countCitations, createAuthenticatedClient, createDocumentWaiter, device_flow_exports as deviceFlow, dm_exports as dm, doctags_exports as doctags, documents_exports as documents, documents_node_exports as documentsNode, files_exports as files, formatAgentStepLabel, formatFileSize, formatStreamSummary, formatUserName, formatWorkspaceChoices, formatWsMessage, generateEncryptedWorkspaceKey, getErrorCode, getErrorMessage, health_exports as health, parseSSEEvents, performPasswordLogin, performSsoDeviceFlowLogin, requireData, requireOk, resolveAuth, resolveCitations, resolveWorkspace, responses_exports as responses, selectWorkspace, selectWorkspaceById, settings_exports as settings, streamSSE, stripCitationMarkdown, summarizeCitations, tags_exports as tags, workspaces_exports as workspaces };
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map