@botdocs/cli 0.12.1 → 0.13.0

package/dist/commands/edit.js

@@ -5,6 +5,8 @@ import * as p from '@clack/prompts';
 import { ApiError, apiFetch, fetchRawContent, friendlyApiErrorDetail } from '../lib/api.js';
 import { complete, detectProvider, LlmError } from '../lib/llm.js';
 import { renderDiff } from '../lib/diff.js';
+import { loadAuth } from '../lib/config.js';
+import { fileSetHash } from '../lib/proposals.js';
 const TEMPLATES_DIR = path.join(path.dirname(fileURLToPath(import.meta.url)), '..', '..', 'templates', 'ecosystem-prompts');
 function loadEditPrompt() {
     return fs.readFileSync(path.join(TEMPLATES_DIR, 'edit.md'), 'utf-8');
@@ -16,6 +18,17 @@ function parseRef(raw) {
         throw new Error(`Invalid ref: ${raw}`);
     return { username: parts[0], slug: parts[1] };
 }
+/** True when the logged-in user owns this skill. A skill ref's username IS the
+ * author's username (the registry resolves `@user/slug` by the author's
+ * handle), so ownership is a case-insensitive username match. Drives the
+ * branch between the author's lower-friction draft loop and the cross-author
+ * proposal lane. */
+function isOwnSkill(username) {
+    const me = loadAuth()?.username;
+    if (!me)
+        return false;
+    return me.toLowerCase() === username.toLowerCase();
+}
 function fileForEcosystem(files, eco) {
     if (eco === 'claude')
         return files.find((f) => f.filename === 'claude/SKILL.md');
@@ -44,7 +57,9 @@ export async function edit(rawRef, options) {
     let manifest;
     const refStr = `@${ref.username}/${ref.slug}`;
     try {
-        manifest = await apiFetch(`/api/skills/${ref.username}/${ref.slug}/manifest`);
+        manifest = await apiFetch(`/api/skills/${ref.username}/${ref.slug}/manifest`, {
+            auth: 'optional',
+        });
     }
     catch (err) {
         if (err instanceof ApiError && err.status === 404) {
@@ -111,11 +126,62 @@ export async function edit(rawRef, options) {
             break;
         // else regenerate — loop
     }
-    await apiFetch(`/api/skills/${ref.username}/${ref.slug}/draft`, {
-        method: 'POST',
-        auth: true,
-        body: { ecosystem: options.ecosystem, content: revised },
-    });
-    console.log(`\n  ✓ Pushed draft for ${rawRef} (${options.ecosystem}).`);
-    console.log(`    Visit https://botdocs.ai/@${ref.username}/${ref.slug} to publish.\n`);
+    // Ownership branch (design §7): the author's own skill keeps the
+    // lower-friction draft→publish loop; a skill owned by someone else routes
+    // through the proposal lane so the change lands in the author's review queue
+    // instead of clobbering their live files.
+    if (isOwnSkill(ref.username)) {
+        await apiFetch(`/api/skills/${ref.username}/${ref.slug}/draft`, {
+            method: 'POST',
+            auth: true,
+            body: { ecosystem: options.ecosystem, content: revised },
+        });
+        console.log(`\n  ✓ Pushed draft for ${rawRef} (${options.ecosystem}).`);
+        console.log(`    Visit https://botdocs.ai/@${ref.username}/${ref.slug} to publish.\n`);
+        return;
+    }
+    await proposeEdit(ref, manifest, target.filename, currentContent, revised);
+}
+/**
+ * Queue an edited file as a proposal for the skill's author to review.
+ *
+ * A proposal replaces the skill's ENTIRE file set, so we fetch every live file
+ * and swap in the revised content for the one ecosystem file we edited. The
+ * `basedFileHash` is computed over the UNMODIFIED live set — it's the drift
+ * anchor the author's accept is checked against.
+ */
+async function proposeEdit(ref, manifest, targetFilename, targetCurrentContent, revised) {
+    // Build the live file set (filename + content). We already have the edited
+    // file's current content; fetch the rest.
+    const liveFiles = await Promise.all(manifest.files.map(async (f) => ({
+        filename: f.filename,
+        content: f.filename === targetFilename ? targetCurrentContent : await fetchRawContent(f.rawUrl),
+    })));
+    const basedFileHash = fileSetHash(liveFiles);
+    // The proposed set is the live set with the edited file's content replaced.
+    const proposedFiles = liveFiles.map((f, i) => ({
+        filename: f.filename,
+        content: f.filename === targetFilename ? revised : f.content,
+        sortOrder: i,
+    }));
+    try {
+        await apiFetch(`/api/skills/${ref.username}/${ref.slug}/proposals`, {
+            method: 'POST',
+            auth: true,
+            body: {
+                files: proposedFiles,
+                agentLabel: 'cli-edit',
+                basedFileHash,
+            },
+        });
+    }
+    catch (err) {
+        if (err instanceof ApiError) {
+            console.error(`\n  ✗ @${ref.username}/${ref.slug}: ${friendlyApiErrorDetail(err, `@${ref.username}/${ref.slug}`)}\n`);
+            process.exit(1);
+        }
+        throw err;
+    }
+    console.log(`\n  ✓ Proposal queued for @${ref.username}/${ref.slug} (${targetFilename}).`);
+    console.log('    The skill author will review it before it goes live.\n');
 }

package/dist/commands/install.js

@@ -382,51 +382,6 @@ function isInstallUpToDate(prior, manifest) {
     }
     return true;
 }
-/** Compute the Levenshtein edit distance between two short strings. Used by
- * the "did you mean?" suggester to filter search hits that are too far from
- * the user's typo to be useful. Implementation is the textbook two-row DP —
- * O(n*m) time, O(min(n,m)) space. Both inputs are slug-sized (≤ ~64 chars),
- * so the constant factor doesn't matter. */
-function levenshtein(a, b) {
-    if (a === b)
-        return 0;
-    if (a.length === 0)
-        return b.length;
-    if (b.length === 0)
-        return a.length;
-    let prev = new Array(b.length + 1);
-    let curr = new Array(b.length + 1);
-    for (let j = 0; j <= b.length; j++)
-        prev[j] = j;
-    for (let i = 1; i <= a.length; i++) {
-        curr[0] = i;
-        for (let j = 1; j <= b.length; j++) {
-            const cost = a.charCodeAt(i - 1) === b.charCodeAt(j - 1) ? 0 : 1;
-            curr[j] = Math.min(curr[j - 1] + 1, prev[j] + 1, prev[j - 1] + cost);
-        }
-        [prev, curr] = [curr, prev];
-    }
-    return prev[b.length];
-}
-/** On a 404, query the search endpoint for the user's slug fragment and
- * return the top result as a `@user/slug` string when its slug is within
- * Levenshtein distance 2 of the requested slug. Returns null when the
- * search returns no results, when the top result is too far, or when
- * `requestedRef` already equals the top match (defensive). Never throws —
- * callers wrap in catch and treat any failure as "no suggestion". */
-async function suggestClosestRef(requestedSlug, requestedRef) {
-    const encoded = encodeURIComponent(requestedSlug);
-    const resp = await apiFetch(`/api/search?q=${encoded}`);
-    const top = resp.results[0];
-    if (!top)
-        return null;
-    if (levenshtein(top.slug.toLowerCase(), requestedSlug.toLowerCase()) > 2)
-        return null;
-    const candidate = `@${top.author}/${top.slug}`;
-    if (candidate === requestedRef)
-        return null;
-    return candidate;
-}
 export async function install(rawRef, options) {
     let ref;
     try {
@@ -465,19 +420,15 @@ export async function install(rawRef, options) {
     }
     let manifest;
     try {
-        manifest = await apiFetch(`/api/skills/${ref.username}/${ref.slug}/manifest`);
+        manifest = await apiFetch(`/api/skills/${ref.username}/${ref.slug}/manifest`, { auth: 'optional' });
     }
     catch (err) {
         if (err instanceof ApiError && err.status === 404) {
-            // 404 dead-ends are common when users mistype a slug. Ask the search
-            // endpoint for the slug-fragment and surface the top close match
-            // (Levenshtein distance ≤ 2) so the user can quickly correct.
-            // Network errors from the suggestion lookup are swallowed — the 404
-            // itself is the primary signal and we shouldn't gate it on the
-            // suggestion call succeeding.
-            const suggestion = await suggestClosestRef(ref.slug, refStr).catch(() => null);
-            const suffix = suggestion ? `\n    Did you mean: ${suggestion}?\n` : '\n';
-            console.error(`\n  ✗ Skill or bundle not found: ${refStr}${suffix}`);
+            // A 404 here also covers "PRIVATE skill you can't read" — the server
+            // returns 404 (never 403) for private-no-access so existence never
+            // leaks. We don't try to suggest a close match: the discovery/search
+            // surface was removed (private-by-default), so there's nothing to query.
+            console.error(`\n  ✗ Skill or bundle not found: ${refStr}\n`);
             process.exit(1);
         }
         // 410 Gone = author soft-deleted the skill upstream. Distinct from 404

package/dist/commands/proposals.d.ts

@@ -0,0 +1,69 @@
+import { Command } from 'commander';
+interface ProposalsListOptions {
+    /** Filter by status: OPEN (default) | ACCEPTED | REJECTED | all. */
+    status?: string;
+    json?: boolean;
+}
+interface AcceptOptions {
+    /** The proposal id to accept. Required. */
+    id?: string;
+    json?: boolean;
+}
+interface SynthesizeOptions {
+    /** Changelog describing the merge, shown to the reviewing author. */
+    message?: string;
+    /** Self-reported agent identity (e.g. "nightly-synth"). UNTRUSTED server-side. */
+    agentLabel?: string;
+    /** Skip the interactive confirm (for cron / non-interactive use). */
+    yes?: boolean;
+    /** Env var holding the LLM key (passed through to `complete`). */
+    keyEnv?: string;
+    json?: boolean;
+}
+/**
+ * `botdocs proposals @user/slug [--status OPEN|ACCEPTED|REJECTED|all]` — list
+ * the proposals queued against a skill as a table (or `--json`).
+ *
+ * Authors see full metadata; non-author readers see the redacted status view
+ * (Q5: visibility without the ability to accept/reject).
+ */
+export declare function proposals(rawRef: string, options: ProposalsListOptions): Promise<void>;
+/**
+ * `botdocs proposals accept @user/slug --id X` — accept a proposal, publishing
+ * it as a new version. Author-only (the server 403s non-authors).
+ *
+ * Fetches the current version first so we can send `basedOnCurrentVersion` —
+ * the optimistic-concurrency anchor. If the skill moved since (a 409
+ * stale-base), we tell the user to re-review rather than silently clobbering.
+ */
+export declare function proposalsAccept(rawRef: string, options: AcceptOptions): Promise<void>;
+/**
+ * `botdocs proposals synthesize @user/slug` — merge a skill's OPEN proposals
+ * into ONE synthesis proposal for the author to review.
+ *
+ * Runs with a SYNTHESIZER token (a low-privilege principal the author minted,
+ * scoped to this skill). The synthesizer can ONLY read the skill's proposals
+ * and create a synthesis — it can never accept, publish, or edit. The author
+ * still reviews and approves the merge through the normal accept path.
+ *
+ * Steps:
+ *   1. List OPEN proposals (permitted for a scoped synthesizer).
+ *   2. Fetch each OPEN proposal's full contents + the skill's live file set
+ *      (the DETAIL endpoint returns both `files` and `currentFiles`).
+ *   3. Merge the live set + the N proposed sets into one file set via the LLM.
+ *   4. Preview the merge (live vs merged) and confirm unless `--yes`.
+ *   5. POST the synthesis with basedFileHash = fileSetHash(live files).
+ *
+ * A 409 `duplicate_synthesis` is treated as a NO-OP SUCCESS (exit 0): the same
+ * merge already exists OPEN, so an end-of-day cron re-running this is safe.
+ */
+export declare function proposalsSynthesize(rawRef: string, options: SynthesizeOptions): Promise<void>;
+/**
+ * Register the `proposals` command (list, default) and its `accept`
+ * subcommand on the program. Done in a registrar helper (like `team`/`backups`)
+ * so the nested `accept` subcommand lives in this file rather than inline in
+ * index.ts — keeping index.ts's top-level surface clean and the quickstart
+ * drift-check parser happy (it lists only the parent verb `proposals`).
+ */
+export declare function registerProposalsCommands(program: Command): void;
+export {};