npm - @arbidocs/sdk - Versions diffs - 0.3.65 → 0.3.67 - Mend

@arbidocs/sdk 0.3.65 → 0.3.67

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/{browser-D2dkZnc9.d.cts → browser-B5xRfc7b.d.cts} +143 -17
package/dist/{browser-D2dkZnc9.d.ts → browser-B5xRfc7b.d.ts} +143 -17
package/dist/browser.cjs +136 -60
package/dist/browser.cjs.map +1 -1
package/dist/browser.d.cts +1 -1
package/dist/browser.d.ts +1 -1
package/dist/browser.js +136 -60
package/dist/browser.js.map +1 -1
package/dist/index.cjs +153 -62
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +2 -2
package/dist/index.d.ts +2 -2
package/dist/index.js +151 -63
package/dist/index.js.map +1 -1
package/package.json +2 -2

package/dist/index.cjs CHANGED Viewed

@@ -3602,7 +3602,7 @@ var FileConfigStore = class {
   sessionFile;
   metadataFile;
   constructor(configDir) {
-    const arbiBase = process.env.ARBI_CONFIG_DIR ?? path2__default.default.join(os2__default.default.homedir(), ".arbi");
+    const arbiBase = process.env.ARBI_CONFIG_DIR ?? (fs2__default.default.existsSync(path2__default.default.join(process.cwd(), ".arbi", "credentials.json")) ? path2__default.default.join(process.cwd(), ".arbi") : path2__default.default.join(os2__default.default.homedir(), ".arbi"));
     const arbiId = process.env.ARBI_ID;
     this.configDir = configDir ?? (arbiId ? path2__default.default.join(arbiBase, arbiId) : arbiBase);
     this.configFile = path2__default.default.join(this.configDir, "config.json");
@@ -3700,12 +3700,12 @@ var FileConfigStore = class {
           ...existing,
           signingPrivateKeyBase64: b64encode(data.signingPrivateKey),
           serverSessionKeyBase64: data.serverSessionKey ? b64encode(data.serverSessionKey) : existing.serverSessionKeyBase64,
-          // A fresh server session key invalidates any cached
-          // workspace-scoped token, so wipe those so the next request
-          // re-derives them from the new session.
+          // A fresh server session = a fresh ``session.workspaces``
+          // dict. The previous session's deposits do not transfer, so
+          // wipe the client mirror to force re-deposit on next touch.
           accessToken: void 0,
-          sealedWorkspaceKey: void 0,
-          tokenTimestamp: void 0
+          tokenTimestamp: void 0,
+          openedWorkspaces: void 0
         });
       }
     };
@@ -3904,6 +3904,7 @@ function sleep(ms) {
 }
 // src/auth.ts
+var TOKEN_MAX_AGE_MS = 50 * 60 * 1e3;
 function formatWorkspaceChoices(wsList) {
   return wsList.map((ws) => {
     const totalDocs = ws.shared_document_count + ws.private_document_count;
@@ -3934,11 +3935,11 @@ async function createAuthenticatedClient(config, creds, store) {
   });
   store.saveCredentials({
     ...creds,
+    userExtId: loginResult.userExtId ?? creds.userExtId,
     serverSessionKeyBase64: arbi.crypto.bytesToBase64(loginResult.serverSessionKey),
     accessToken: void 0,
-    sealedWorkspaceKey: void 0,
-    workspaceId: void 0,
-    tokenTimestamp: void 0
+    tokenTimestamp: void 0,
+    openedWorkspaces: void 0
   });
   return { arbi, loginResult };
 }
@@ -3948,13 +3949,18 @@ async function performPasswordLogin(config, email, password, store) {
   const loginResult = await arbi.auth.login({ email, password });
   store.saveCredentials({
     email,
+    userExtId: loginResult.userExtId,
     signingPrivateKeyBase64: arbi.crypto.bytesToBase64(loginResult.signingPrivateKey),
     serverSessionKeyBase64: arbi.crypto.bytesToBase64(loginResult.serverSessionKey),
-    // Clear any cached workspace tokens — new session key invalidates them
+    // `parent_ext_id` is set for persistent agent accounts (the user is
+    // an Assistant owned by another user). Persisting it makes the CLI's
+    // `arbi listen` work — it requires this to confirm a real agent
+    // identity. Regular users get `null`, which we store as `undefined`.
+    parentExtId: loginResult.parentExtId ?? void 0,
+    // New session = no workspaces deposited yet.
     accessToken: void 0,
-    sealedWorkspaceKey: void 0,
-    workspaceId: void 0,
-    tokenTimestamp: void 0
+    tokenTimestamp: void 0,
+    openedWorkspaces: void 0
   });
   return { arbi, loginResult, config };
 }
@@ -3965,12 +3971,13 @@ async function performSigningKeyLogin(config, email, signingPrivateKeyBase64, st
   const loginResult = await arbi.auth.loginWithKey({ email, signingPrivateKey });
   store.saveCredentials({
     email,
+    userExtId: loginResult.userExtId,
     signingPrivateKeyBase64,
     serverSessionKeyBase64: arbi.crypto.bytesToBase64(loginResult.serverSessionKey),
+    parentExtId: loginResult.parentExtId ?? void 0,
     accessToken: void 0,
-    sealedWorkspaceKey: void 0,
-    workspaceId: void 0,
-    tokenTimestamp: void 0
+    tokenTimestamp: void 0,
+    openedWorkspaces: void 0
   });
   return { arbi, loginResult, config };
 }
@@ -3994,13 +4001,14 @@ async function performSsoDeviceFlowLogin(config, email, password, store, callbac
   const loginResult = await arbi.auth.login({ email, password, ssoToken });
   store.saveCredentials({
     email,
+    userExtId: loginResult.userExtId,
     signingPrivateKeyBase64: arbi.crypto.bytesToBase64(loginResult.signingPrivateKey),
     serverSessionKeyBase64: arbi.crypto.bytesToBase64(loginResult.serverSessionKey),
+    parentExtId: loginResult.parentExtId ?? void 0,
     ssoToken,
     accessToken: void 0,
-    sealedWorkspaceKey: void 0,
-    workspaceId: void 0,
-    tokenTimestamp: void 0
+    tokenTimestamp: void 0,
+    openedWorkspaces: void 0
   });
   return { arbi, loginResult, config };
 }
@@ -4050,38 +4058,79 @@ async function getRawWorkspaceKey(arbi, workspaceId, signingPrivateKeyBase64) {
   });
   return client.sealedBoxDecrypt(ws.wrapped_key, encryptionKeyPair.secretKey);
 }
+async function openWorkspaceEntry(arbi, ws, serverSessionKey, signingPrivateKeyBase64) {
+  if (ws.wrapped_key) {
+    const sealedKey = await selectWorkspace(
+      arbi,
+      ws.external_id,
+      ws.wrapped_key,
+      serverSessionKey,
+      signingPrivateKeyBase64
+    );
+    const { error: error2 } = await arbi.fetch.POST("/v1/workspace/{workspace_ext_id}/open", {
+      params: { path: { workspace_ext_id: ws.external_id } },
+      body: { workspace_key: sealedKey }
+    });
+    if (error2) {
+      throw new ArbiError(`Workspace open failed for ${ws.external_id}: ${JSON.stringify(error2)}`);
+    }
+    return sealedKey;
+  }
+  arbi.session.setSelectedWorkspace(ws.external_id);
+  const { error } = await arbi.fetch.POST("/v1/workspace/{workspace_ext_id}/open", {
+    params: { path: { workspace_ext_id: ws.external_id } },
+    body: {}
+  });
+  if (error) {
+    throw new ArbiError(`Workspace open failed for ${ws.external_id}: ${JSON.stringify(error)}`);
+  }
+  return null;
+}
 async function selectWorkspaceById(arbi, workspaceId, serverSessionKey, signingPrivateKeyBase64) {
   const { data: workspaces, error } = await arbi.fetch.GET("/v1/user/workspaces");
   if (error || !workspaces) {
     throw new ArbiError("Failed to fetch workspaces");
   }
   const ws = workspaces.find((w2) => w2.external_id === workspaceId);
-  if (!ws || !ws.wrapped_key) {
-    throw new ArbiError(`Workspace ${workspaceId} not found or has no encryption key`);
+  if (!ws) {
+    throw new ArbiError(`Workspace ${workspaceId} not found`);
   }
-  const sealedKey = await selectWorkspace(
-    arbi,
-    ws.external_id,
-    ws.wrapped_key,
-    serverSessionKey,
-    signingPrivateKeyBase64
-  );
-  await arbi.fetch.POST("/v1/workspace/{workspace_ext_id}/open", {
-    params: { path: { workspace_ext_id: ws.external_id } },
-    body: { workspace_key: sealedKey }
-  });
-  return { external_id: ws.external_id, name: ws.name, wrapped_key: ws.wrapped_key };
+  const sealedKey = await openWorkspaceEntry(arbi, ws, serverSessionKey, signingPrivateKeyBase64);
+  return {
+    external_id: ws.external_id,
+    name: ws.name,
+    wrapped_key: ws.wrapped_key ?? null,
+    sealed_key: sealedKey
+  };
+}
+function isSessionAlive(creds) {
+  return !!(creds.accessToken && creds.tokenTimestamp && Date.now() - new Date(creds.tokenTimestamp).getTime() < TOKEN_MAX_AGE_MS);
+}
+async function buildAuthFromCache(config, creds, store) {
+  const arbi = client.createArbiClient(buildClientOptions(config, store, creds.email));
+  await arbi.crypto.initSodium();
+  arbi.session.setUser(creds.email, creds.userExtId);
+  arbi.session.setAccessToken(creds.accessToken);
+  const signingPrivateKey = client.base64ToBytes(creds.signingPrivateKeyBase64);
+  const serverSessionKey = client.base64ToBytes(creds.serverSessionKeyBase64);
+  const loginResult = {
+    accessToken: creds.accessToken,
+    userExtId: creds.userExtId,
+    signingPrivateKey,
+    serverSessionKey
+  };
+  return { arbi, loginResult };
 }
 async function resolveAuth(store) {
   const config = store.requireConfig();
   const creds = store.requireCredentials();
+  if (isSessionAlive(creds)) {
+    const { arbi: arbi2, loginResult: loginResult2 } = await buildAuthFromCache(config, creds, store);
+    return { arbi: arbi2, loginResult: loginResult2, config };
+  }
   const { arbi, loginResult } = await createAuthenticatedClient(config, creds, store);
   return { arbi, loginResult, config };
 }
-var TOKEN_MAX_AGE_MS = 50 * 60 * 1e3;
-function isCachedTokenValid(creds, workspaceId) {
-  return !!(creds.accessToken && creds.sealedWorkspaceKey && creds.workspaceId === workspaceId && creds.tokenTimestamp && Date.now() - new Date(creds.tokenTimestamp).getTime() < TOKEN_MAX_AGE_MS);
-}
 async function resolveWorkspace(store, workspaceOpt) {
   const config = store.requireConfig();
   const creds = store.requireCredentials();
@@ -4089,53 +4138,52 @@ async function resolveWorkspace(store, workspaceOpt) {
   if (!workspaceId) {
     throw new ArbiError("No workspace selected. Run: arbi workspace select <id>");
   }
-  if (isCachedTokenValid(creds, workspaceId)) {
-    const arbi2 = client.createArbiClient(buildClientOptions(config, store, creds.email));
-    await arbi2.crypto.initSodium();
-    arbi2.session.setUser(creds.email);
+  if (isSessionAlive(creds)) {
+    const { arbi: arbi2, loginResult: loginResult2 } = await buildAuthFromCache(config, creds, store);
     arbi2.session.setSelectedWorkspace(workspaceId);
-    arbi2.session.setAccessToken(creds.accessToken);
-    const signingPrivateKey = client.base64ToBytes(creds.signingPrivateKeyBase64);
-    const serverSessionKey = client.base64ToBytes(creds.serverSessionKeyBase64);
-    const loginResult2 = {
-      accessToken: creds.accessToken,
-      signingPrivateKey,
-      serverSessionKey
-    };
+    await selectWorkspaceById(
+      arbi2,
+      workspaceId,
+      loginResult2.serverSessionKey,
+      creds.signingPrivateKeyBase64
+    );
+    const nextOpened = Array.from(/* @__PURE__ */ new Set([...creds.openedWorkspaces ?? [], workspaceId]));
+    store.saveCredentials({
+      ...store.requireCredentials(),
+      openedWorkspaces: nextOpened
+    });
     return {
       arbi: arbi2,
       loginResult: loginResult2,
       config,
       workspaceId,
-      accessToken: creds.accessToken,
-      sealedWorkspaceKey: creds.sealedWorkspaceKey
+      accessToken: creds.accessToken
     };
   }
   const { arbi, loginResult } = await createAuthenticatedClient(config, creds, store);
-  const wsInfo = await selectWorkspaceById(
+  await selectWorkspaceById(
     arbi,
     workspaceId,
     loginResult.serverSessionKey,
     creds.signingPrivateKeyBase64
   );
   const accessToken = arbi.session.getState().accessToken;
-  const sealedWorkspaceKey = await generateEncryptedWorkspaceKey(
-    arbi,
-    wsInfo.wrapped_key,
-    loginResult.serverSessionKey,
-    creds.signingPrivateKeyBase64
-  );
   if (!accessToken) {
     throw new ArbiError("Authentication error \u2014 missing token");
   }
   store.saveCredentials({
     ...store.requireCredentials(),
     accessToken,
-    sealedWorkspaceKey,
-    workspaceId,
-    tokenTimestamp: (/* @__PURE__ */ new Date()).toISOString()
+    tokenTimestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    openedWorkspaces: [workspaceId]
   });
-  return { arbi, loginResult, config, workspaceId, accessToken, sealedWorkspaceKey };
+  return {
+    arbi,
+    loginResult,
+    config,
+    workspaceId,
+    accessToken
+  };
 }
 // src/sse.ts
@@ -4843,6 +4891,7 @@ async function uploadFile(auth, fileData, fileName, options) {
   const params = new URLSearchParams();
   if (options?.folder) params.set("folder", sanitizeFolderPath(options.folder));
   if (options?.configExtId) params.set("config_ext_id", options.configExtId);
+  if (options?.wpType) params.set("wp_type", options.wpType);
   const qs = params.toString();
   const res = await authenticatedFetch({
     ...auth,
@@ -4858,6 +4907,7 @@ async function uploadFiles(auth, files, options) {
   const params = new URLSearchParams();
   if (options?.folder) params.set("folder", sanitizeFolderPath(options.folder));
   if (options?.configExtId) params.set("config_ext_id", options.configExtId);
+  if (options?.wpType) params.set("wp_type", options.wpType);
   const qs = params.toString();
   const res = await authenticatedFetch({
     ...auth,
@@ -5183,6 +5233,10 @@ __export(assistant_exports, {
   buildRetrievalChunkTool: () => buildRetrievalChunkTool,
   buildRetrievalFullContextTool: () => buildRetrievalFullContextTool,
   buildRetrievalTocTool: () => buildRetrievalTocTool,
+  filterSkills: () => filterSkills,
+  listSkills: () => listSkills,
+  parseSlashCommand: () => parseSlashCommand,
+  parseSlashTokenInProgress: () => parseSlashTokenInProgress,
   queryAssistant: () => queryAssistant,
   respondToAgent: () => respondToAgent,
   retrieve: () => retrieve
@@ -5278,6 +5332,40 @@ async function respondToAgent(arbi, assistantMessageExtId, answer) {
     "Failed to respond to agent"
   );
 }
+async function listSkills(arbi, options) {
+  const result = requireData(
+    await arbi.fetch.GET("/v1/assistant/skills", {
+      params: { query: { include_hidden: options?.includeHidden ?? false } }
+    }),
+    "Failed to list skills"
+  );
+  return result.skills;
+}
+function parseSlashCommand(input) {
+  const m2 = /^\s*\/([a-zA-Z0-9_-]+)(?:\s+([\s\S]*))?$/.exec(input);
+  if (!m2) return null;
+  return { slug: m2[1].toLowerCase(), args: m2[2] ?? "" };
+}
+function parseSlashTokenInProgress(buffer) {
+  const m2 = /^\s*\/([a-zA-Z0-9_-]*)$/.exec(buffer);
+  return m2 ? m2[1].toLowerCase() : null;
+}
+function filterSkills(items, query, pinned = []) {
+  const q2 = query.toLowerCase();
+  const pinnedSet = new Set(pinned);
+  const key = (s2) => (s2.slug ?? s2.name).toLowerCase();
+  const matched = q2 ? items.filter((s2) => key(s2).includes(q2)) : items.slice();
+  matched.sort((a2, b2) => {
+    const aPinned = pinnedSet.has(key(a2)) ? 0 : 1;
+    const bPinned = pinnedSet.has(key(b2)) ? 0 : 1;
+    if (aPinned !== bPinned) return aPinned - bPinned;
+    const aPrefix = key(a2).startsWith(q2) ? 0 : 1;
+    const bPrefix = key(b2).startsWith(q2) ? 0 : 1;
+    if (aPrefix !== bPrefix) return aPrefix - bPrefix;
+    return key(a2).localeCompare(key(b2));
+  });
+  return matched;
+}
 // src/operations/tags.ts
 var tags_exports = {};
@@ -7169,6 +7257,7 @@ exports.doctags = doctags_exports;
 exports.documents = documents_exports;
 exports.documentsNode = documents_node_exports;
 exports.files = files_exports;
+exports.filterSkills = filterSkills;
 exports.formatAgentStepLabel = formatAgentStepLabel;
 exports.formatFileSize = formatFileSize;
 exports.formatStreamSummary = formatStreamSummary;
@@ -7183,6 +7272,8 @@ exports.getRawWorkspaceKey = getRawWorkspaceKey;
 exports.health = health_exports;
 exports.listen = listen_exports;
 exports.parseSSEEvents = parseSSEEvents;
+exports.parseSlashCommand = parseSlashCommand;
+exports.parseSlashTokenInProgress = parseSlashTokenInProgress;
 exports.performPasswordLogin = performPasswordLogin;
 exports.performSigningKeyLogin = performSigningKeyLogin;
 exports.performSsoDeviceFlowLogin = performSsoDeviceFlowLogin;