@arbidocs/sdk 0.3.65 → 0.3.67

package/dist/browser.cjs

@@ -3568,6 +3568,7 @@ async function authenticatedFetch(options) {
 }
 
 // src/auth.ts
+var TOKEN_MAX_AGE_MS = 50 * 60 * 1e3;
 function formatWorkspaceChoices(wsList) {
   return wsList.map((ws) => {
     const totalDocs = ws.shared_document_count + ws.private_document_count;
@@ -3598,11 +3599,11 @@ async function createAuthenticatedClient(config, creds, store) {
   });
   store.saveCredentials({
     ...creds,
+    userExtId: loginResult.userExtId ?? creds.userExtId,
     serverSessionKeyBase64: arbi.crypto.bytesToBase64(loginResult.serverSessionKey),
     accessToken: void 0,
-    sealedWorkspaceKey: void 0,
-    workspaceId: void 0,
-    tokenTimestamp: void 0
+    tokenTimestamp: void 0,
+    openedWorkspaces: void 0
   });
   return { arbi, loginResult };
 }
@@ -3612,13 +3613,18 @@ async function performPasswordLogin(config, email, password, store) {
   const loginResult = await arbi.auth.login({ email, password });
   store.saveCredentials({
     email,
+    userExtId: loginResult.userExtId,
     signingPrivateKeyBase64: arbi.crypto.bytesToBase64(loginResult.signingPrivateKey),
     serverSessionKeyBase64: arbi.crypto.bytesToBase64(loginResult.serverSessionKey),
-    // Clear any cached workspace tokens — new session key invalidates them
+    // `parent_ext_id` is set for persistent agent accounts (the user is
+    // an Assistant owned by another user). Persisting it makes the CLI's
+    // `arbi listen` work — it requires this to confirm a real agent
+    // identity. Regular users get `null`, which we store as `undefined`.
+    parentExtId: loginResult.parentExtId ?? void 0,
+    // New session = no workspaces deposited yet.
     accessToken: void 0,
-    sealedWorkspaceKey: void 0,
-    workspaceId: void 0,
-    tokenTimestamp: void 0
+    tokenTimestamp: void 0,
+    openedWorkspaces: void 0
   });
   return { arbi, loginResult, config };
 }
@@ -3634,16 +3640,6 @@ async function selectWorkspace(arbi, workspaceId, wrappedKey, serverSessionKey,
   arbi.session.setSelectedWorkspace(workspaceId);
   return header;
 }
-async function generateEncryptedWorkspaceKey(arbi, wrappedKey, serverSessionKey, signingPrivateKeyBase64) {
-  const signingPrivateKey = client.base64ToBytes(signingPrivateKeyBase64);
-  const ed25519PublicKey = signingPrivateKey.slice(32, 64);
-  const encryptionKeyPair = client.deriveEncryptionKeypairFromSigning({
-    publicKey: ed25519PublicKey,
-    secretKey: signingPrivateKey
-  });
-  const workspaceKey = client.sealedBoxDecrypt(wrappedKey, encryptionKeyPair.secretKey);
-  return client.sealKeyForSession(workspaceKey, serverSessionKey);
-}
 async function getRawWorkspaceKey(arbi, workspaceId, signingPrivateKeyBase64) {
   const { data: workspaces, error } = await arbi.fetch.GET("/v1/user/workspaces");
   if (error || !workspaces) {
@@ -3661,38 +3657,79 @@ async function getRawWorkspaceKey(arbi, workspaceId, signingPrivateKeyBase64) {
   });
   return client.sealedBoxDecrypt(ws.wrapped_key, encryptionKeyPair.secretKey);
 }
+async function openWorkspaceEntry(arbi, ws, serverSessionKey, signingPrivateKeyBase64) {
+  if (ws.wrapped_key) {
+    const sealedKey = await selectWorkspace(
+      arbi,
+      ws.external_id,
+      ws.wrapped_key,
+      serverSessionKey,
+      signingPrivateKeyBase64
+    );
+    const { error: error2 } = await arbi.fetch.POST("/v1/workspace/{workspace_ext_id}/open", {
+      params: { path: { workspace_ext_id: ws.external_id } },
+      body: { workspace_key: sealedKey }
+    });
+    if (error2) {
+      throw new ArbiError(`Workspace open failed for ${ws.external_id}: ${JSON.stringify(error2)}`);
+    }
+    return sealedKey;
+  }
+  arbi.session.setSelectedWorkspace(ws.external_id);
+  const { error } = await arbi.fetch.POST("/v1/workspace/{workspace_ext_id}/open", {
+    params: { path: { workspace_ext_id: ws.external_id } },
+    body: {}
+  });
+  if (error) {
+    throw new ArbiError(`Workspace open failed for ${ws.external_id}: ${JSON.stringify(error)}`);
+  }
+  return null;
+}
 async function selectWorkspaceById(arbi, workspaceId, serverSessionKey, signingPrivateKeyBase64) {
   const { data: workspaces, error } = await arbi.fetch.GET("/v1/user/workspaces");
   if (error || !workspaces) {
     throw new ArbiError("Failed to fetch workspaces");
   }
   const ws = workspaces.find((w2) => w2.external_id === workspaceId);
-  if (!ws || !ws.wrapped_key) {
-    throw new ArbiError(`Workspace ${workspaceId} not found or has no encryption key`);
+  if (!ws) {
+    throw new ArbiError(`Workspace ${workspaceId} not found`);
   }
-  const sealedKey = await selectWorkspace(
-    arbi,
-    ws.external_id,
-    ws.wrapped_key,
-    serverSessionKey,
-    signingPrivateKeyBase64
-  );
-  await arbi.fetch.POST("/v1/workspace/{workspace_ext_id}/open", {
-    params: { path: { workspace_ext_id: ws.external_id } },
-    body: { workspace_key: sealedKey }
-  });
-  return { external_id: ws.external_id, name: ws.name, wrapped_key: ws.wrapped_key };
+  const sealedKey = await openWorkspaceEntry(arbi, ws, serverSessionKey, signingPrivateKeyBase64);
+  return {
+    external_id: ws.external_id,
+    name: ws.name,
+    wrapped_key: ws.wrapped_key ?? null,
+    sealed_key: sealedKey
+  };
+}
+function isSessionAlive(creds) {
+  return !!(creds.accessToken && creds.tokenTimestamp && Date.now() - new Date(creds.tokenTimestamp).getTime() < TOKEN_MAX_AGE_MS);
+}
+async function buildAuthFromCache(config, creds, store) {
+  const arbi = client.createArbiClient(buildClientOptions(config, store, creds.email));
+  await arbi.crypto.initSodium();
+  arbi.session.setUser(creds.email, creds.userExtId);
+  arbi.session.setAccessToken(creds.accessToken);
+  const signingPrivateKey = client.base64ToBytes(creds.signingPrivateKeyBase64);
+  const serverSessionKey = client.base64ToBytes(creds.serverSessionKeyBase64);
+  const loginResult = {
+    accessToken: creds.accessToken,
+    userExtId: creds.userExtId,
+    signingPrivateKey,
+    serverSessionKey
+  };
+  return { arbi, loginResult };
 }
 async function resolveAuth(store) {
   const config = store.requireConfig();
   const creds = store.requireCredentials();
+  if (isSessionAlive(creds)) {
+    const { arbi: arbi2, loginResult: loginResult2 } = await buildAuthFromCache(config, creds, store);
+    return { arbi: arbi2, loginResult: loginResult2, config };
+  }
   const { arbi, loginResult } = await createAuthenticatedClient(config, creds, store);
   return { arbi, loginResult, config };
 }
-var TOKEN_MAX_AGE_MS = 50 * 60 * 1e3;
-function isCachedTokenValid(creds, workspaceId) {
-  return !!(creds.accessToken && creds.sealedWorkspaceKey && creds.workspaceId === workspaceId && creds.tokenTimestamp && Date.now() - new Date(creds.tokenTimestamp).getTime() < TOKEN_MAX_AGE_MS);
-}
 async function resolveWorkspace(store, workspaceOpt) {
   const config = store.requireConfig();
   const creds = store.requireCredentials();
@@ -3700,53 +3737,52 @@ async function resolveWorkspace(store, workspaceOpt) {
   if (!workspaceId) {
     throw new ArbiError("No workspace selected. Run: arbi workspace select <id>");
   }
-  if (isCachedTokenValid(creds, workspaceId)) {
-    const arbi2 = client.createArbiClient(buildClientOptions(config, store, creds.email));
-    await arbi2.crypto.initSodium();
-    arbi2.session.setUser(creds.email);
+  if (isSessionAlive(creds)) {
+    const { arbi: arbi2, loginResult: loginResult2 } = await buildAuthFromCache(config, creds, store);
     arbi2.session.setSelectedWorkspace(workspaceId);
-    arbi2.session.setAccessToken(creds.accessToken);
-    const signingPrivateKey = client.base64ToBytes(creds.signingPrivateKeyBase64);
-    const serverSessionKey = client.base64ToBytes(creds.serverSessionKeyBase64);
-    const loginResult2 = {
-      accessToken: creds.accessToken,
-      signingPrivateKey,
-      serverSessionKey
-    };
+    await selectWorkspaceById(
+      arbi2,
+      workspaceId,
+      loginResult2.serverSessionKey,
+      creds.signingPrivateKeyBase64
+    );
+    const nextOpened = Array.from(/* @__PURE__ */ new Set([...creds.openedWorkspaces ?? [], workspaceId]));
+    store.saveCredentials({
+      ...store.requireCredentials(),
+      openedWorkspaces: nextOpened
+    });
     return {
       arbi: arbi2,
       loginResult: loginResult2,
       config,
       workspaceId,
-      accessToken: creds.accessToken,
-      sealedWorkspaceKey: creds.sealedWorkspaceKey
+      accessToken: creds.accessToken
     };
   }
   const { arbi, loginResult } = await createAuthenticatedClient(config, creds, store);
-  const wsInfo = await selectWorkspaceById(
+  await selectWorkspaceById(
     arbi,
     workspaceId,
     loginResult.serverSessionKey,
     creds.signingPrivateKeyBase64
   );
   const accessToken = arbi.session.getState().accessToken;
-  const sealedWorkspaceKey = await generateEncryptedWorkspaceKey(
-    arbi,
-    wsInfo.wrapped_key,
-    loginResult.serverSessionKey,
-    creds.signingPrivateKeyBase64
-  );
   if (!accessToken) {
     throw new ArbiError("Authentication error \u2014 missing token");
   }
   store.saveCredentials({
     ...store.requireCredentials(),
     accessToken,
-    sealedWorkspaceKey,
-    workspaceId,
-    tokenTimestamp: (/* @__PURE__ */ new Date()).toISOString()
+    tokenTimestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    openedWorkspaces: [workspaceId]
   });
-  return { arbi, loginResult, config, workspaceId, accessToken, sealedWorkspaceKey };
+  return {
+    arbi,
+    loginResult,
+    config,
+    workspaceId,
+    accessToken
+  };
 }
 
 // src/sse.ts
@@ -4310,6 +4346,7 @@ async function uploadFile(auth, fileData, fileName, options) {
   const params = new URLSearchParams();
   if (options?.folder) params.set("folder", sanitizeFolderPath(options.folder));
   if (options?.configExtId) params.set("config_ext_id", options.configExtId);
+  if (options?.wpType) params.set("wp_type", options.wpType);
   const qs = params.toString();
   const res = await authenticatedFetch({
     ...auth,
@@ -4325,6 +4362,7 @@ async function uploadFiles(auth, files, options) {
   const params = new URLSearchParams();
   if (options?.folder) params.set("folder", sanitizeFolderPath(options.folder));
   if (options?.configExtId) params.set("config_ext_id", options.configExtId);
+  if (options?.wpType) params.set("wp_type", options.wpType);
   const qs = params.toString();
   const res = await authenticatedFetch({
     ...auth,
@@ -4650,6 +4688,10 @@ __export(assistant_exports, {
   buildRetrievalChunkTool: () => buildRetrievalChunkTool,
   buildRetrievalFullContextTool: () => buildRetrievalFullContextTool,
   buildRetrievalTocTool: () => buildRetrievalTocTool,
+  filterSkills: () => filterSkills,
+  listSkills: () => listSkills,
+  parseSlashCommand: () => parseSlashCommand,
+  parseSlashTokenInProgress: () => parseSlashTokenInProgress,
   queryAssistant: () => queryAssistant,
   respondToAgent: () => respondToAgent,
   retrieve: () => retrieve
@@ -4745,6 +4787,40 @@ async function respondToAgent(arbi, assistantMessageExtId, answer) {
     "Failed to respond to agent"
   );
 }
+async function listSkills(arbi, options) {
+  const result = requireData(
+    await arbi.fetch.GET("/v1/assistant/skills", {
+      params: { query: { include_hidden: options?.includeHidden ?? false } }
+    }),
+    "Failed to list skills"
+  );
+  return result.skills;
+}
+function parseSlashCommand(input) {
+  const m2 = /^\s*\/([a-zA-Z0-9_-]+)(?:\s+([\s\S]*))?$/.exec(input);
+  if (!m2) return null;
+  return { slug: m2[1].toLowerCase(), args: m2[2] ?? "" };
+}
+function parseSlashTokenInProgress(buffer) {
+  const m2 = /^\s*\/([a-zA-Z0-9_-]*)$/.exec(buffer);
+  return m2 ? m2[1].toLowerCase() : null;
+}
+function filterSkills(items, query, pinned = []) {
+  const q2 = query.toLowerCase();
+  const pinnedSet = new Set(pinned);
+  const key = (s2) => (s2.slug ?? s2.name).toLowerCase();
+  const matched = q2 ? items.filter((s2) => key(s2).includes(q2)) : items.slice();
+  matched.sort((a2, b2) => {
+    const aPinned = pinnedSet.has(key(a2)) ? 0 : 1;
+    const bPinned = pinnedSet.has(key(b2)) ? 0 : 1;
+    if (aPinned !== bPinned) return aPinned - bPinned;
+    const aPrefix = key(a2).startsWith(q2) ? 0 : 1;
+    const bPrefix = key(b2).startsWith(q2) ? 0 : 1;
+    if (aPrefix !== bPrefix) return aPrefix - bPrefix;
+    return key(a2).localeCompare(key(b2));
+  });
+  return matched;
+}
 
 // src/operations/tags.ts
 var tags_exports = {};