@cavuno/board 1.2.1 → 1.4.0

package/dist/index.js

@@ -21,12 +21,14 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   ACCESS_TOKEN_KEY: () => ACCESS_TOKEN_KEY,
+  BOARD_ACCESS_GRANT_KEY: () => BOARD_ACCESS_GRANT_KEY,
   BoardApiError: () => BoardApiError,
   BoardClient: () => BoardClient,
   REFRESH_TOKEN_KEY: () => REFRESH_TOKEN_KEY,
   SDK_VERSION: () => SDK_VERSION,
   createBoardClient: () => createBoardClient,
   isBoardApiError: () => isBoardApiError,
+  isBoardPasswordRequired: () => isBoardPasswordRequired,
   isConflict: () => isConflict,
   isForbidden: () => isForbidden,
   isNotFound: () => isNotFound,
@@ -65,6 +67,9 @@ function isNotFound(e) {
 function isUnauthorized(e) {
   return isBoardApiError(e) && e.status === 401;
 }
+function isBoardPasswordRequired(e) {
+  return isBoardApiError(e) && e.status === 401 && e.code === "board_password_required";
+}
 function isForbidden(e) {
   return isBoardApiError(e) && e.status === 403;
 }
@@ -99,6 +104,7 @@ function toSearchParams(query) {
 // src/storage.ts
 var ACCESS_TOKEN_KEY = "cavuno_board_access_token";
 var REFRESH_TOKEN_KEY = "cavuno_board_refresh_token";
+var BOARD_ACCESS_GRANT_KEY = "cavuno_board_access_grant";
 function isBrowser() {
   return typeof globalThis.document !== "undefined";
 }
@@ -143,7 +149,7 @@ async function clearSession(storage) {
 }
 
 // src/version.ts
-var SDK_VERSION = "1.2.1";
+var SDK_VERSION = "1.4.0";
 
 // src/client.ts
 function isRawBody(body) {
@@ -185,12 +191,14 @@ var BoardClient = class {
     }
     const token = await this.storage.getItem(ACCESS_TOKEN_KEY);
     if (token !== null) headers.set("authorization", `Bearer ${token}`);
+    const grant = await this.storage.getItem(BOARD_ACCESS_GRANT_KEY);
+    if (grant !== null) headers.set("x-board-access", grant);
     if (callHeaders) {
       new Headers(callHeaders).forEach((value, key) => {
         headers.set(key, value);
       });
     }
-    if ((method !== "GET" || headers.has("authorization")) && !headers.has("x-cavuno-sdk")) {
+    if ((method !== "GET" || headers.has("authorization") || headers.has("x-board-access")) && !headers.has("x-cavuno-sdk")) {
       headers.set("x-cavuno-sdk", `board@${SDK_VERSION}`);
     }
     let req = {
@@ -201,7 +209,8 @@ var BoardClient = class {
     this.options.logger?.debug(`${method} ${req.url}`);
     const res = await globalThis.fetch(req.url, req.init);
     this.options.logger?.debug(`${res.status} ${method} ${req.url}`);
-    if (this.options.onResponse) await this.options.onResponse(res.clone(), req);
+    if (this.options.onResponse)
+      await this.options.onResponse(res.clone(), req);
     if (res.status === 204) return void 0;
     if (res.ok) return await res.json();
     let parsed;
@@ -396,6 +405,30 @@ function blogNamespace(client) {
           `/blog/posts/${encodeURIComponent(postSlug)}`,
           { ...options, query }
         );
+      },
+      /**
+       * The previous (older) and next (newer) posts for prev/next navigation.
+       *
+       * @example
+       * const { previous, next } = await board.blog.posts.adjacent('hello-world');
+       */
+      adjacent(postSlug, options) {
+        return client.fetch(
+          `/blog/posts/${encodeURIComponent(postSlug)}/adjacent`,
+          options
+        );
+      },
+      /**
+       * Posts most similar to one post (the related-posts rail).
+       *
+       * @example
+       * const { data } = await board.blog.posts.similar('hello-world', { limit: 6 });
+       */
+      similar(postSlug, query, options) {
+        return client.fetch(
+          `/blog/posts/${encodeURIComponent(postSlug)}/similar`,
+          { ...options, query }
+        );
       }
     },
     tags: {
@@ -497,6 +530,123 @@ function companiesNamespace(client) {
         `/companies/${encodeURIComponent(companySlug)}/jobs`,
         { ...options, query }
       );
+    },
+    /**
+     * List companies similar to one company — the same ranking that powers the
+     * hosted company page's similar-companies rail (most open roles first),
+     * excluding the company itself.
+     *
+     * @example
+     * const { data } = await board.companies.similar('acme', { limit: 6 });
+     */
+    similar(companySlug, query, options) {
+      return client.fetch(
+        `/companies/${encodeURIComponent(companySlug)}/similar`,
+        { ...options, query }
+      );
+    },
+    /**
+     * List the board's company markets (sectors), ranked by company count — the
+     * data behind the hosted companies index's market filter. A top-N preview.
+     *
+     * @example
+     * const { data } = await board.companies.markets({ search: 'robotics' });
+     */
+    markets(query, options) {
+      return client.fetch("/companies/markets", {
+        ...options,
+        query
+      });
+    }
+  };
+}
+
+// src/namespaces/embed.ts
+function embedNamespace(client) {
+  return {
+    /**
+     * List published jobs for an embeddable widget — the same featured-ranked
+     * cards as `board.jobs.list`, but UNGATED: the candidate paywall never
+     * applies, so the full page is always returned and there is no
+     * `gatedCount`. Powers the public "Powered by Cavuno" embed. `limit`
+     * defaults to 8 and is clamped to a maximum of 50.
+     *
+     * @example
+     * const { data, nextCursor } = await board.embed.jobs({ q: 'chef', limit: 8 });
+     */
+    jobs(query, options) {
+      return client.fetch("/embed/jobs", {
+        ...options,
+        query
+      });
+    }
+  };
+}
+
+// src/namespaces/job-alerts.ts
+function jobAlertsNamespace(client) {
+  return {
+    /** Subscribe an email to job alerts. Sends a double-opt-in confirmation email. */
+    subscribe(input, options) {
+      return client.fetch("/job-alerts", {
+        ...options,
+        method: "POST",
+        body: input
+      });
+    },
+    /** Complete double opt-in with the token from the confirmation email. */
+    confirm(input, options) {
+      return client.fetch("/job-alerts/confirm", {
+        ...options,
+        method: "POST",
+        body: input
+      });
+    },
+    /** Re-send the confirmation email for an unconfirmed subscription. */
+    resendConfirmation(input, options) {
+      return client.fetch(
+        "/job-alerts/resend-confirmation",
+        { ...options, method: "POST", body: input }
+      );
+    },
+    /** Read a subscription + its preferences for the manage page (HMAC token). */
+    manage(query, options) {
+      return client.fetch("/job-alerts/manage", {
+        ...options,
+        query
+      });
+    },
+    /** Deactivate a subscription via the HMAC manage token. */
+    unsubscribe(input, options) {
+      return client.fetch("/job-alerts/unsubscribe", {
+        ...options,
+        method: "POST",
+        body: input
+      });
+    },
+    /** Re-activate a previously unsubscribed subscription via the manage token. */
+    resubscribe(input, options) {
+      return client.fetch("/job-alerts/resubscribe", {
+        ...options,
+        method: "POST",
+        body: input
+      });
+    },
+    /** Edit a preference's filters/frequency via the manage token. */
+    updatePreference(input, options) {
+      return client.fetch("/job-alerts/preferences", {
+        ...options,
+        method: "POST",
+        body: input
+      });
+    },
+    /** Delete a preference via the manage token. */
+    deletePreference(input, options) {
+      return client.fetch("/job-alerts/preferences", {
+        ...options,
+        method: "DELETE",
+        body: input
+      });
     }
   };
 }
@@ -565,6 +715,28 @@ function jobsNamespace(client) {
   };
 }
 
+// src/namespaces/legal.ts
+function legalNamespace(client) {
+  return {
+    /**
+     * Retrieve a board legal/about page — owner-authored prose as portable HTML
+     * (`privacy-policy` / `terms-of-service` / `cookie-policy` / `about`) plus,
+     * for `impressum`, structured legal-entity facts. The starter authors the
+     * layout, breadcrumb labels, and JSON-LD. `impressum` throws
+     * `board_page_not_found` (404) when the board has not enabled it.
+     *
+     * @example
+     * const { title, content } = await board.legal.retrieve('privacy-policy');
+     */
+    retrieve(type, options) {
+      return client.fetch(
+        `/legal/${encodeURIComponent(type)}`,
+        options
+      );
+    }
+  };
+}
+
 // src/namespaces/me.ts
 function meNamespace(client) {
   return {
@@ -625,6 +797,30 @@ function meNamespace(client) {
   };
 }
 
+// src/namespaces/password.ts
+function passwordNamespace(client) {
+  return {
+    /**
+     * Exchange a board password for an access grant and store it. After this
+     * resolves, every subsequent read auto-carries the grant as the
+     * `X-Board-Access` header — until the password rotates, after which reads
+     * fail with 401 `board_password_required` and you must `verify()` again
+     * (the SDK never auto-retries — verify is rate-limited — and never
+     * auto-clears; the host re-challenges). On the server (`nostore` storage)
+     * the grant is returned but not persisted; pass it per-call instead.
+     */
+    async verify(password, options) {
+      const grant = await client.fetch("/password/verify", {
+        ...options,
+        method: "POST",
+        body: { password }
+      });
+      await client.storage.setItem(BOARD_ACCESS_GRANT_KEY, grant.token);
+      return grant;
+    }
+  };
+}
+
 // src/namespaces/redirects.ts
 function redirectsNamespace(client) {
   return {
@@ -666,9 +862,16 @@ function taxonomyNamespace(client) {
     skills: taxonomyResolver(client, "skills"),
     places: {
       ...taxonomyResolver(client, "places"),
-      /** List every place used by a published job, with its live job count. */
-      list(options) {
-        return client.fetch("/places", options);
+      /**
+       * Without `query`: list every place used by a published job, with its
+       * live job count (the locations directory). With `query.q` (≥2 chars):
+       * location autocomplete — the top name matches ranked.
+       */
+      list(query, options) {
+        return client.fetch("/places", {
+          ...options,
+          query
+        });
       }
     }
   };
@@ -713,11 +916,15 @@ function createBoardClient(options) {
       return client.fetch("/seo", options2);
     },
     jobs: jobsNamespace(client),
+    embed: embedNamespace(client),
     companies: companiesNamespace(client),
     blog: blogNamespace(client),
+    legal: legalNamespace(client),
     auth: authNamespace(client),
     me: meNamespace(client),
+    password: passwordNamespace(client),
     taxonomy: taxonomyNamespace(client),
-    redirects: redirectsNamespace(client)
+    redirects: redirectsNamespace(client),
+    jobAlerts: jobAlertsNamespace(client)
   };
 }

package/dist/index.mjs

@@ -27,6 +27,9 @@ function isNotFound(e) {
 function isUnauthorized(e) {
   return isBoardApiError(e) && e.status === 401;
 }
+function isBoardPasswordRequired(e) {
+  return isBoardApiError(e) && e.status === 401 && e.code === "board_password_required";
+}
 function isForbidden(e) {
   return isBoardApiError(e) && e.status === 403;
 }
@@ -61,6 +64,7 @@ function toSearchParams(query) {
 // src/storage.ts
 var ACCESS_TOKEN_KEY = "cavuno_board_access_token";
 var REFRESH_TOKEN_KEY = "cavuno_board_refresh_token";
+var BOARD_ACCESS_GRANT_KEY = "cavuno_board_access_grant";
 function isBrowser() {
   return typeof globalThis.document !== "undefined";
 }
@@ -105,7 +109,7 @@ async function clearSession(storage) {
 }
 
 // src/version.ts
-var SDK_VERSION = "1.2.1";
+var SDK_VERSION = "1.4.0";
 
 // src/client.ts
 function isRawBody(body) {
@@ -147,12 +151,14 @@ var BoardClient = class {
     }
     const token = await this.storage.getItem(ACCESS_TOKEN_KEY);
     if (token !== null) headers.set("authorization", `Bearer ${token}`);
+    const grant = await this.storage.getItem(BOARD_ACCESS_GRANT_KEY);
+    if (grant !== null) headers.set("x-board-access", grant);
     if (callHeaders) {
       new Headers(callHeaders).forEach((value, key) => {
         headers.set(key, value);
       });
     }
-    if ((method !== "GET" || headers.has("authorization")) && !headers.has("x-cavuno-sdk")) {
+    if ((method !== "GET" || headers.has("authorization") || headers.has("x-board-access")) && !headers.has("x-cavuno-sdk")) {
       headers.set("x-cavuno-sdk", `board@${SDK_VERSION}`);
     }
     let req = {
@@ -163,7 +169,8 @@ var BoardClient = class {
     this.options.logger?.debug(`${method} ${req.url}`);
     const res = await globalThis.fetch(req.url, req.init);
     this.options.logger?.debug(`${res.status} ${method} ${req.url}`);
-    if (this.options.onResponse) await this.options.onResponse(res.clone(), req);
+    if (this.options.onResponse)
+      await this.options.onResponse(res.clone(), req);
     if (res.status === 204) return void 0;
     if (res.ok) return await res.json();
     let parsed;
@@ -358,6 +365,30 @@ function blogNamespace(client) {
           `/blog/posts/${encodeURIComponent(postSlug)}`,
           { ...options, query }
         );
+      },
+      /**
+       * The previous (older) and next (newer) posts for prev/next navigation.
+       *
+       * @example
+       * const { previous, next } = await board.blog.posts.adjacent('hello-world');
+       */
+      adjacent(postSlug, options) {
+        return client.fetch(
+          `/blog/posts/${encodeURIComponent(postSlug)}/adjacent`,
+          options
+        );
+      },
+      /**
+       * Posts most similar to one post (the related-posts rail).
+       *
+       * @example
+       * const { data } = await board.blog.posts.similar('hello-world', { limit: 6 });
+       */
+      similar(postSlug, query, options) {
+        return client.fetch(
+          `/blog/posts/${encodeURIComponent(postSlug)}/similar`,
+          { ...options, query }
+        );
       }
     },
     tags: {
@@ -459,6 +490,123 @@ function companiesNamespace(client) {
         `/companies/${encodeURIComponent(companySlug)}/jobs`,
         { ...options, query }
       );
+    },
+    /**
+     * List companies similar to one company — the same ranking that powers the
+     * hosted company page's similar-companies rail (most open roles first),
+     * excluding the company itself.
+     *
+     * @example
+     * const { data } = await board.companies.similar('acme', { limit: 6 });
+     */
+    similar(companySlug, query, options) {
+      return client.fetch(
+        `/companies/${encodeURIComponent(companySlug)}/similar`,
+        { ...options, query }
+      );
+    },
+    /**
+     * List the board's company markets (sectors), ranked by company count — the
+     * data behind the hosted companies index's market filter. A top-N preview.
+     *
+     * @example
+     * const { data } = await board.companies.markets({ search: 'robotics' });
+     */
+    markets(query, options) {
+      return client.fetch("/companies/markets", {
+        ...options,
+        query
+      });
+    }
+  };
+}
+
+// src/namespaces/embed.ts
+function embedNamespace(client) {
+  return {
+    /**
+     * List published jobs for an embeddable widget — the same featured-ranked
+     * cards as `board.jobs.list`, but UNGATED: the candidate paywall never
+     * applies, so the full page is always returned and there is no
+     * `gatedCount`. Powers the public "Powered by Cavuno" embed. `limit`
+     * defaults to 8 and is clamped to a maximum of 50.
+     *
+     * @example
+     * const { data, nextCursor } = await board.embed.jobs({ q: 'chef', limit: 8 });
+     */
+    jobs(query, options) {
+      return client.fetch("/embed/jobs", {
+        ...options,
+        query
+      });
+    }
+  };
+}
+
+// src/namespaces/job-alerts.ts
+function jobAlertsNamespace(client) {
+  return {
+    /** Subscribe an email to job alerts. Sends a double-opt-in confirmation email. */
+    subscribe(input, options) {
+      return client.fetch("/job-alerts", {
+        ...options,
+        method: "POST",
+        body: input
+      });
+    },
+    /** Complete double opt-in with the token from the confirmation email. */
+    confirm(input, options) {
+      return client.fetch("/job-alerts/confirm", {
+        ...options,
+        method: "POST",
+        body: input
+      });
+    },
+    /** Re-send the confirmation email for an unconfirmed subscription. */
+    resendConfirmation(input, options) {
+      return client.fetch(
+        "/job-alerts/resend-confirmation",
+        { ...options, method: "POST", body: input }
+      );
+    },
+    /** Read a subscription + its preferences for the manage page (HMAC token). */
+    manage(query, options) {
+      return client.fetch("/job-alerts/manage", {
+        ...options,
+        query
+      });
+    },
+    /** Deactivate a subscription via the HMAC manage token. */
+    unsubscribe(input, options) {
+      return client.fetch("/job-alerts/unsubscribe", {
+        ...options,
+        method: "POST",
+        body: input
+      });
+    },
+    /** Re-activate a previously unsubscribed subscription via the manage token. */
+    resubscribe(input, options) {
+      return client.fetch("/job-alerts/resubscribe", {
+        ...options,
+        method: "POST",
+        body: input
+      });
+    },
+    /** Edit a preference's filters/frequency via the manage token. */
+    updatePreference(input, options) {
+      return client.fetch("/job-alerts/preferences", {
+        ...options,
+        method: "POST",
+        body: input
+      });
+    },
+    /** Delete a preference via the manage token. */
+    deletePreference(input, options) {
+      return client.fetch("/job-alerts/preferences", {
+        ...options,
+        method: "DELETE",
+        body: input
+      });
     }
   };
 }
@@ -527,6 +675,28 @@ function jobsNamespace(client) {
   };
 }
 
+// src/namespaces/legal.ts
+function legalNamespace(client) {
+  return {
+    /**
+     * Retrieve a board legal/about page — owner-authored prose as portable HTML
+     * (`privacy-policy` / `terms-of-service` / `cookie-policy` / `about`) plus,
+     * for `impressum`, structured legal-entity facts. The starter authors the
+     * layout, breadcrumb labels, and JSON-LD. `impressum` throws
+     * `board_page_not_found` (404) when the board has not enabled it.
+     *
+     * @example
+     * const { title, content } = await board.legal.retrieve('privacy-policy');
+     */
+    retrieve(type, options) {
+      return client.fetch(
+        `/legal/${encodeURIComponent(type)}`,
+        options
+      );
+    }
+  };
+}
+
 // src/namespaces/me.ts
 function meNamespace(client) {
   return {
@@ -587,6 +757,30 @@ function meNamespace(client) {
   };
 }
 
+// src/namespaces/password.ts
+function passwordNamespace(client) {
+  return {
+    /**
+     * Exchange a board password for an access grant and store it. After this
+     * resolves, every subsequent read auto-carries the grant as the
+     * `X-Board-Access` header — until the password rotates, after which reads
+     * fail with 401 `board_password_required` and you must `verify()` again
+     * (the SDK never auto-retries — verify is rate-limited — and never
+     * auto-clears; the host re-challenges). On the server (`nostore` storage)
+     * the grant is returned but not persisted; pass it per-call instead.
+     */
+    async verify(password, options) {
+      const grant = await client.fetch("/password/verify", {
+        ...options,
+        method: "POST",
+        body: { password }
+      });
+      await client.storage.setItem(BOARD_ACCESS_GRANT_KEY, grant.token);
+      return grant;
+    }
+  };
+}
+
 // src/namespaces/redirects.ts
 function redirectsNamespace(client) {
   return {
@@ -628,9 +822,16 @@ function taxonomyNamespace(client) {
     skills: taxonomyResolver(client, "skills"),
     places: {
       ...taxonomyResolver(client, "places"),
-      /** List every place used by a published job, with its live job count. */
-      list(options) {
-        return client.fetch("/places", options);
+      /**
+       * Without `query`: list every place used by a published job, with its
+       * live job count (the locations directory). With `query.q` (≥2 chars):
+       * location autocomplete — the top name matches ranked.
+       */
+      list(query, options) {
+        return client.fetch("/places", {
+          ...options,
+          query
+        });
       }
     }
   };
@@ -675,22 +876,28 @@ function createBoardClient(options) {
       return client.fetch("/seo", options2);
     },
     jobs: jobsNamespace(client),
+    embed: embedNamespace(client),
     companies: companiesNamespace(client),
     blog: blogNamespace(client),
+    legal: legalNamespace(client),
     auth: authNamespace(client),
     me: meNamespace(client),
+    password: passwordNamespace(client),
     taxonomy: taxonomyNamespace(client),
-    redirects: redirectsNamespace(client)
+    redirects: redirectsNamespace(client),
+    jobAlerts: jobAlertsNamespace(client)
   };
 }
 export {
   ACCESS_TOKEN_KEY,
+  BOARD_ACCESS_GRANT_KEY,
   BoardApiError,
   BoardClient,
   REFRESH_TOKEN_KEY,
   SDK_VERSION,
   createBoardClient,
   isBoardApiError,
+  isBoardPasswordRequired,
   isConflict,
   isForbidden,
   isNotFound,

package/dist/skills.d.mts

@@ -0,0 +1,38 @@
+/**
+ * Skill-corpus loader. Node-only (reads the shipped `skills/` directory from
+ * the installed package) — kept out of the isomorphic core and exposed via the
+ * `@cavuno/board/skills` subpath export. Both `npx @cavuno/board setup` and the
+ * in-admin sidekick (ADR-0033) read the corpus through here, so the two doors
+ * stay fed from one source.
+ */
+interface SkillManifestEntry {
+    name: string;
+    description: string;
+    /** Path to the SKILL.md, relative to the package root. */
+    path: string;
+    /** Framework slug for flavor skills; `null` for framework-agnostic core skills. */
+    framework: string | null;
+    category: 'core' | 'flavor';
+}
+interface SkillManifest {
+    version: string;
+    skills: SkillManifestEntry[];
+}
+interface LoadedSkill extends SkillManifestEntry {
+    content: string;
+}
+interface SkillCorpus {
+    version: string;
+    skills: LoadedSkill[];
+}
+/** Resolve a package-root-relative path (e.g. a manifest `path`) to an absolute path. */
+declare function resolveFromPackageRoot(relativePath: string): string;
+declare function loadSkillManifest(): SkillManifest;
+/**
+ * Load the full skill corpus — manifest metadata plus each skill's markdown
+ * `content`. The sidekick injects `content` into its agent context; an external
+ * Claude Code instead receives the files copied by the setup command.
+ */
+declare function loadSkillCorpus(): SkillCorpus;
+
+export { type LoadedSkill, type SkillCorpus, type SkillManifest, type SkillManifestEntry, loadSkillCorpus, loadSkillManifest, resolveFromPackageRoot };