@peers-app/peers-sdk 0.9.5 → 0.10.3

package/dist/data/assistants.d.ts

@@ -52,6 +52,16 @@ export declare function Assistants(dataContext?: DataContext): import("./orm").T
     description?: string | undefined;
     updatedAt?: Date | undefined;
 }>;
+/**
+ * Per-user primary assistant preference for the current group.
+ * Overrides the group default when set. Synced across the user's devices.
+ */
+export declare const userPrimaryAssistantVar: import("./persistent-vars").PersistentVar<string | undefined>;
+/**
+ * Group-wide default primary assistant. Applies to all members who haven't set
+ * their own preference. Can be set by group admins. Synced to all group members.
+ */
+export declare const groupPrimaryAssistantVar: import("./persistent-vars").PersistentVar<string | undefined>;
 export declare const getPrimaryAssistant: (dataContext?: DataContext) => Promise<{
     name: string;
     createdAt: Date;

package/dist/data/assistants.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getPrimaryAssistant = exports.assistantSchema = exports.ToolInclusionStrategy = void 0;
+exports.getPrimaryAssistant = exports.groupPrimaryAssistantVar = exports.userPrimaryAssistantVar = exports.assistantSchema = exports.ToolInclusionStrategy = void 0;
 exports.Assistants = Assistants;
 exports.getAllAssistantIdsMentioned = getAllAssistantIdsMentioned;
 const mentions_1 = require("../mentions");
@@ -48,14 +48,35 @@ const metaData = {
 function Assistants(dataContext) {
     return (0, user_context_singleton_1.getTableContainer)(dataContext).getTable(metaData, exports.assistantSchema);
 }
+/**
+ * Per-user primary assistant preference for the current group.
+ * Overrides the group default when set. Synced across the user's devices.
+ */
+exports.userPrimaryAssistantVar = (0, persistent_vars_1.groupUserVar)('userPrimaryAssistantId');
+/**
+ * Group-wide default primary assistant. Applies to all members who haven't set
+ * their own preference. Can be set by group admins. Synced to all group members.
+ */
+exports.groupPrimaryAssistantVar = (0, persistent_vars_1.groupVar)('groupPrimaryAssistantId');
 const getPrimaryAssistant = async (dataContext) => {
-    let myPrimaryAssistant = undefined;
-    const assistantId = (await (0, persistent_vars_1.getPersistentVar)("primaryAssistantId", dataContext))?.value;
-    myPrimaryAssistant = await Assistants(dataContext).get(assistantId || system_ids_1.defaultAssistantId);
-    if (!myPrimaryAssistant) {
-        throw new Error('Primary assistant not found');
+    await exports.userPrimaryAssistantVar.loadingPromise;
+    const userAssistantId = (0, exports.userPrimaryAssistantVar)();
+    if (userAssistantId) {
+        const a = await Assistants(dataContext).get(userAssistantId);
+        if (a)
+            return a;
+    }
+    await exports.groupPrimaryAssistantVar.loadingPromise;
+    const groupAssistantId = (0, exports.groupPrimaryAssistantVar)();
+    if (groupAssistantId) {
+        const a = await Assistants(dataContext).get(groupAssistantId);
+        if (a)
+            return a;
     }
-    return myPrimaryAssistant;
+    const fallback = await Assistants(dataContext).get(system_ids_1.openCodeAssistantId);
+    if (!fallback)
+        throw new Error('Primary assistant not found');
+    return fallback;
 };
 exports.getPrimaryAssistant = getPrimaryAssistant;
 async function getAllAssistantIdsMentioned(message) {

package/dist/data/index.d.ts

@@ -17,6 +17,7 @@ export * from "./knowledge/knowledge-values";
 export * from "./knowledge/peer-types";
 export * from "./knowledge/predicates";
 export * from "./messages";
+export * from "./package-versions";
 export * from "./packages";
 export * from "./packages.utils";
 export * from "./table-definitions-table";

package/dist/data/index.js

@@ -33,6 +33,7 @@ __exportStar(require("./knowledge/knowledge-values"), exports);
 __exportStar(require("./knowledge/peer-types"), exports);
 __exportStar(require("./knowledge/predicates"), exports);
 __exportStar(require("./messages"), exports);
+__exportStar(require("./package-versions"), exports);
 __exportStar(require("./packages"), exports);
 __exportStar(require("./packages.utils"), exports);
 __exportStar(require("./table-definitions-table"), exports);

package/dist/data/package-version-permissions.d.ts

@@ -0,0 +1,7 @@
+import type { IPackageVersion } from './package-versions';
+/**
+ * Verifies that a package version update signature is valid, throws on invalid signature
+ * @param packageVersion The package version record to verify
+ * @throws Error if signature is invalid or unauthorized
+ */
+export declare function verifyPackageVersionSignature(packageVersion: IPackageVersion, groupId: string): Promise<void>;

package/dist/data/package-version-permissions.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyPackageVersionSignature = verifyPackageVersionSignature;
+const keys_1 = require("../keys");
+const group_permissions_1 = require("./group-permissions");
+/**
+ * Verifies that a package version update signature is valid, throws on invalid signature
+ * @param packageVersion The package version record to verify
+ * @throws Error if signature is invalid or unauthorized
+ */
+async function verifyPackageVersionSignature(packageVersion, groupId) {
+    (0, keys_1.verifyObjectSignature)(packageVersion);
+    const signerPublicKey = (0, keys_1.getPublicKeyFromObjectSignature)(packageVersion) ?? '';
+    const signerRole = await (0, group_permissions_1.getUserRoleFromPublicKey)(groupId, signerPublicKey);
+    if (signerRole < group_permissions_1.GroupMemberRole.Admin) {
+        throw new Error('Only group admins can create or update package versions');
+    }
+}

package/dist/data/package-versions.d.ts

@@ -0,0 +1,96 @@
+import { z } from "zod";
+import type { DataContext } from "../context/data-context";
+import type { ISaveOptions } from "./orm/data-query";
+import { Table } from "./orm/table";
+declare const schema: z.ZodObject<{
+    packageVersionId: z.ZodEffects<z.ZodString, string, string>;
+    packageId: z.ZodEffects<z.ZodString, string, string>;
+    version: z.ZodString;
+    versionTag: z.ZodOptional<z.ZodString>;
+    packageVersionHash: z.ZodString;
+    packageBundleFileId: z.ZodEffects<z.ZodString, string, string>;
+    packageBundleFileHash: z.ZodString;
+    routesBundleFileId: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
+    routesBundleFileHash: z.ZodOptional<z.ZodString>;
+    uiBundleFileId: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
+    uiBundleFileHash: z.ZodOptional<z.ZodString>;
+    appNavs: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        name: z.ZodString;
+        displayName: z.ZodOptional<z.ZodString>;
+        iconClassName: z.ZodString;
+        navigationPath: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        name: string;
+        iconClassName: string;
+        navigationPath: string;
+        displayName?: string | undefined;
+    }, {
+        name: string;
+        iconClassName: string;
+        navigationPath: string;
+        displayName?: string | undefined;
+    }>, "many">>;
+    signature: z.ZodString;
+    createdBy: z.ZodEffects<z.ZodString, string, string>;
+    createdAt: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    signature: string;
+    createdAt: string;
+    createdBy: string;
+    packageId: string;
+    packageVersionId: string;
+    version: string;
+    packageVersionHash: string;
+    packageBundleFileId: string;
+    packageBundleFileHash: string;
+    versionTag?: string | undefined;
+    routesBundleFileId?: string | undefined;
+    routesBundleFileHash?: string | undefined;
+    uiBundleFileId?: string | undefined;
+    uiBundleFileHash?: string | undefined;
+    appNavs?: {
+        name: string;
+        iconClassName: string;
+        navigationPath: string;
+        displayName?: string | undefined;
+    }[] | undefined;
+}, {
+    signature: string;
+    createdAt: string;
+    createdBy: string;
+    packageId: string;
+    packageVersionId: string;
+    version: string;
+    packageVersionHash: string;
+    packageBundleFileId: string;
+    packageBundleFileHash: string;
+    versionTag?: string | undefined;
+    routesBundleFileId?: string | undefined;
+    routesBundleFileHash?: string | undefined;
+    uiBundleFileId?: string | undefined;
+    uiBundleFileHash?: string | undefined;
+    appNavs?: {
+        name: string;
+        iconClassName: string;
+        navigationPath: string;
+        displayName?: string | undefined;
+    }[] | undefined;
+}>;
+export type IPackageVersion = z.infer<typeof schema>;
+export declare class PackageVersionsTable extends Table<IPackageVersion> {
+    static isPassthrough: boolean;
+    insert(packageVersion: IPackageVersion, opts?: ISaveOptions): Promise<IPackageVersion>;
+    update(packageVersion: IPackageVersion, opts?: ISaveOptions): Promise<IPackageVersion>;
+    save(packageVersion: IPackageVersion, opts?: ISaveOptions): Promise<IPackageVersion>;
+    signAndSave(packageVersion: IPackageVersion, opts?: ISaveOptions): Promise<IPackageVersion>;
+    private static addSignatureToPackageVersion;
+    static enablePackageVersionSigning(fn: (packageVersion: IPackageVersion) => IPackageVersion): void;
+}
+export declare function PackageVersions(dataContext?: DataContext): PackageVersionsTable;
+/**
+ * Compute a hash combining the bundle file hashes to uniquely identify this version's content.
+ */
+export declare function computePackageVersionHash(version: string, versionTag: string, packageBundleFileHash: string, routesBundleFileHash?: string, uiBundleFileHash?: string): string;
+export declare function isVersionInRange(activeVersion: string, incomingVersion: string, range: 'pinned' | 'patch' | 'minor' | 'latest'): boolean;
+export declare function doesTagMatch(activeVersionTag: string | undefined, incomingVersionTag: string | undefined, followVersionTags: string | undefined, deviceVersionTag: string | undefined): boolean;
+export {};

package/dist/data/package-versions.js

@@ -0,0 +1,162 @@
+"use strict";
+var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
+    var useValue = arguments.length > 2;
+    for (var i = 0; i < initializers.length; i++) {
+        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
+    }
+    return useValue ? value : void 0;
+};
+var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
+    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
+    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
+    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
+    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
+    var _, done = false;
+    for (var i = decorators.length - 1; i >= 0; i--) {
+        var context = {};
+        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
+        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
+        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
+        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
+        if (kind === "accessor") {
+            if (result === void 0) continue;
+            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
+            if (_ = accept(result.get)) descriptor.get = _;
+            if (_ = accept(result.set)) descriptor.set = _;
+            if (_ = accept(result.init)) initializers.unshift(_);
+        }
+        else if (_ = accept(result)) {
+            if (kind === "field") initializers.unshift(_);
+            else descriptor[key] = _;
+        }
+    }
+    if (target) Object.defineProperty(target, contextIn.name, descriptor);
+    done = true;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PackageVersionsTable = void 0;
+exports.PackageVersions = PackageVersions;
+exports.computePackageVersionHash = computePackageVersionHash;
+exports.isVersionInRange = isVersionInRange;
+exports.doesTagMatch = doesTagMatch;
+const zod_1 = require("zod");
+const context_1 = require("../context");
+const keys_1 = require("../keys");
+const app_nav_1 = require("../types/app-nav");
+const zod_types_1 = require("../types/zod-types");
+const decorators_1 = require("./orm/decorators");
+const table_1 = require("./orm/table");
+const table_definitions_system_1 = require("./orm/table-definitions.system");
+const types_1 = require("./orm/types");
+const package_version_permissions_1 = require("./package-version-permissions");
+const schema = zod_1.z.object({
+    packageVersionId: zod_types_1.zodPeerId,
+    packageId: zod_types_1.zodPeerId.describe('The package this version belongs to'),
+    version: zod_1.z.string().describe('Semantic version string (e.g., "1.0.0")'),
+    versionTag: zod_1.z.string().optional().describe('Version tag (e.g., "stable", "beta")'),
+    packageVersionHash: zod_1.z.string().describe('Hash of the combined bundle file hashes'),
+    packageBundleFileId: zod_types_1.zodPeerId.describe('File ID of the package bundle'),
+    packageBundleFileHash: zod_1.z.string().describe('Hash of the package bundle file'),
+    routesBundleFileId: zod_types_1.zodPeerId.optional().describe('File ID of the routes bundle'),
+    routesBundleFileHash: zod_1.z.string().optional().describe('Hash of the routes bundle'),
+    uiBundleFileId: zod_types_1.zodPeerId.optional().describe('File ID of the UI bundle'),
+    uiBundleFileHash: zod_1.z.string().optional().describe('Hash of the UI bundle'),
+    appNavs: app_nav_1.appNavSchema.array().optional().describe('The app navigation items that this version provides'),
+    signature: zod_1.z.string().describe('The signed hash of this data excluding the signature itself'),
+    createdBy: zod_types_1.zodPeerId.describe('The user who created this version'),
+    createdAt: zod_1.z.string().describe('ISO timestamp of when this version was created'),
+});
+const metaData = {
+    name: 'PackageVersions',
+    description: 'Versioned builds of packages',
+    primaryKeyName: 'packageVersionId',
+    iconClassName: 'bi bi-tag-fill',
+    fields: (0, types_1.schemaToFields)(schema),
+    indexes: [{ fields: ['packageId'] }],
+};
+let PackageVersionsTable = (() => {
+    let _classSuper = table_1.Table;
+    let _instanceExtraInitializers = [];
+    let _signAndSave_decorators;
+    return class PackageVersionsTable extends _classSuper {
+        static {
+            const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(_classSuper[Symbol.metadata] ?? null) : void 0;
+            _signAndSave_decorators = [(0, decorators_1.ProxyClientTableMethodCalls)()];
+            __esDecorate(this, null, _signAndSave_decorators, { kind: "method", name: "signAndSave", static: false, private: false, access: { has: obj => "signAndSave" in obj, get: obj => obj.signAndSave }, metadata: _metadata }, null, _instanceExtraInitializers);
+            if (_metadata) Object.defineProperty(this, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
+        }
+        static isPassthrough = false;
+        async insert(packageVersion, opts) {
+            return this.save(packageVersion, opts);
+        }
+        async update(packageVersion, opts) {
+            return this.save(packageVersion, opts);
+        }
+        async save(packageVersion, opts) {
+            if (PackageVersionsTable.isPassthrough) {
+                return super.save(packageVersion, opts);
+            }
+            if (!this.groupId) {
+                // users can do whatever they want to package versions in their personal space
+                return super.save(packageVersion, opts);
+            }
+            try {
+                await (0, package_version_permissions_1.verifyPackageVersionSignature)(packageVersion, this.groupId);
+            }
+            catch (err) {
+                throw new Error('Package version verification failed.  Did you mean to call `signAndSave`?', { cause: err });
+            }
+            return super.save(packageVersion, opts);
+        }
+        async signAndSave(packageVersion, opts) {
+            if (!PackageVersionsTable.addSignatureToPackageVersion) {
+                throw new Error('Package version signing is not enabled. Call PackageVersionsTable.enablePackageVersionSigning(fn) to enable it.');
+            }
+            packageVersion = await PackageVersionsTable.addSignatureToPackageVersion(packageVersion);
+            return super.save(packageVersion, opts);
+        }
+        static addSignatureToPackageVersion = undefined;
+        static enablePackageVersionSigning(fn) {
+            this.addSignatureToPackageVersion = fn;
+        }
+        constructor() {
+            super(...arguments);
+            __runInitializers(this, _instanceExtraInitializers);
+        }
+    };
+})();
+exports.PackageVersionsTable = PackageVersionsTable;
+(0, table_definitions_system_1.registerSystemTableDefinition)(metaData, schema, PackageVersionsTable);
+function PackageVersions(dataContext) {
+    return (0, context_1.getTableContainer)(dataContext).getTable(metaData, schema, PackageVersionsTable);
+}
+/**
+ * Compute a hash combining the bundle file hashes to uniquely identify this version's content.
+ */
+function computePackageVersionHash(version, versionTag, packageBundleFileHash, routesBundleFileHash, uiBundleFileHash) {
+    return (0, keys_1.hashValue)([version, versionTag, packageBundleFileHash, routesBundleFileHash ?? '', uiBundleFileHash ?? ''].join(':'));
+}
+function isVersionInRange(activeVersion, incomingVersion, range) {
+    if (range === 'pinned')
+        return false;
+    if (range === 'latest')
+        return true;
+    const [aMaj, aMin] = activeVersion.split('.').map(Number);
+    const [iMaj, iMin] = incomingVersion.split('.').map(Number);
+    if (range === 'patch')
+        return aMaj === iMaj && aMin === iMin;
+    if (range === 'minor')
+        return aMaj === iMaj;
+    return false;
+}
+function doesTagMatch(activeVersionTag, incomingVersionTag, followVersionTags, deviceVersionTag) {
+    const inTag = incomingVersionTag || 'stable';
+    if (deviceVersionTag)
+        return inTag === deviceVersionTag;
+    if (!followVersionTags) {
+        return inTag === (activeVersionTag || 'stable');
+    }
+    if (followVersionTags === '*')
+        return true;
+    return followVersionTags.split(',').map(t => t.trim()).includes(inTag);
+}

package/dist/data/packages.d.ts

@@ -26,12 +26,9 @@ declare const schema: z.ZodObject<{
         navigationPath: string;
         displayName?: string | undefined;
     }>, "many">>;
-    packageBundleFileId: z.ZodEffects<z.ZodString, string, string>;
-    packageBundleFileHash: z.ZodString;
-    routesBundleFileId: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
-    routesBundleFileHash: z.ZodOptional<z.ZodString>;
-    uiBundleFileId: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
-    uiBundleFileHash: z.ZodOptional<z.ZodString>;
+    activePackageVersionId: z.ZodOptional<z.ZodEffects<z.ZodString, string, string>>;
+    versionFollowRange: z.ZodOptional<z.ZodEnum<["pinned", "patch", "minor", "latest"]>>;
+    followVersionTags: z.ZodOptional<z.ZodString>;
     signature: z.ZodString;
 }, "strip", z.ZodTypeAny, {
     name: string;
@@ -40,20 +37,17 @@ declare const schema: z.ZodObject<{
     createdBy: string;
     packageId: string;
     localPath: string;
-    packageBundleFileId: string;
-    packageBundleFileHash: string;
     disabled?: boolean | undefined;
-    remoteRepo?: string | undefined;
     appNavs?: {
         name: string;
         iconClassName: string;
         navigationPath: string;
         displayName?: string | undefined;
     }[] | undefined;
-    routesBundleFileId?: string | undefined;
-    routesBundleFileHash?: string | undefined;
-    uiBundleFileId?: string | undefined;
-    uiBundleFileHash?: string | undefined;
+    remoteRepo?: string | undefined;
+    activePackageVersionId?: string | undefined;
+    versionFollowRange?: "pinned" | "patch" | "minor" | "latest" | undefined;
+    followVersionTags?: string | undefined;
 }, {
     name: string;
     description: string;
@@ -61,20 +55,17 @@ declare const schema: z.ZodObject<{
     createdBy: string;
     packageId: string;
     localPath: string;
-    packageBundleFileId: string;
-    packageBundleFileHash: string;
     disabled?: boolean | undefined;
-    remoteRepo?: string | undefined;
     appNavs?: {
         name: string;
         iconClassName: string;
         navigationPath: string;
         displayName?: string | undefined;
     }[] | undefined;
-    routesBundleFileId?: string | undefined;
-    routesBundleFileHash?: string | undefined;
-    uiBundleFileId?: string | undefined;
-    uiBundleFileHash?: string | undefined;
+    remoteRepo?: string | undefined;
+    activePackageVersionId?: string | undefined;
+    versionFollowRange?: "pinned" | "patch" | "minor" | "latest" | undefined;
+    followVersionTags?: string | undefined;
 }>;
 export type IPackage = z.infer<typeof schema>;
 export declare class PackagesTable extends Table<IPackage> {

package/dist/data/packages.js

@@ -55,12 +55,9 @@ const schema = zod_1.z.object({
     disabled: zod_1.z.boolean().optional().describe("Whether the package's components should be loaded and included in the app runtime"),
     remoteRepo: zod_1.z.string().optional().describe('The remote repository where the package is stored'),
     appNavs: app_nav_1.appNavSchema.array().optional().describe('The app navigation items that this package provides'),
-    packageBundleFileId: zod_types_1.zodPeerId.describe('File ID of the package bundle (required)'),
-    packageBundleFileHash: zod_1.z.string().describe('Hash of the package bundle file (required)'),
-    routesBundleFileId: zod_types_1.zodPeerId.optional().describe('File ID of the routes bundle (optional)'),
-    routesBundleFileHash: zod_1.z.string().optional().describe('Hash of the routes bundle (optional)'),
-    uiBundleFileId: zod_types_1.zodPeerId.optional().describe('File ID of the UI bundle (optional)'),
-    uiBundleFileHash: zod_1.z.string().optional().describe('Hash of the UI bundle (optional)'),
+    activePackageVersionId: zod_types_1.zodPeerId.optional().describe('FK to PackageVersions — the currently active version'),
+    versionFollowRange: zod_1.z.enum(['pinned', 'patch', 'minor', 'latest']).optional().describe('Auto-update range: pinned=never, patch=same major.minor, minor=same major, latest=always'),
+    followVersionTags: zod_1.z.string().optional().describe('Tag policy: undefined="current" (follow active tag), "*"=any tag, or CSV like "stable,prod"'),
     signature: zod_1.z.string().describe('The signed hash of this data excluding the signature itself'),
 });
 const metaData = {

package/dist/data/packages.utils.js

@@ -3,6 +3,18 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.copyPackageToAnotherDataContext = copyPackageToAnotherDataContext;
 const packages_1 = require("./packages");
 const files_1 = require("./files");
+const package_versions_1 = require("./package-versions");
+async function copyBundleFile(fileId, fromFiles, toFiles, label) {
+    if (!fileId)
+        return;
+    const file = await fromFiles.get(fileId);
+    if (file) {
+        await toFiles.saveFileRecord(file);
+    }
+    else {
+        console.warn(`${label} file ${fileId} not found in source context`);
+    }
+}
 async function copyPackageToAnotherDataContext(packageId, fromDataContext, toDataContext) {
     const fromPackages = (0, packages_1.Packages)(fromDataContext);
     const toPackages = (0, packages_1.Packages)(toDataContext);
@@ -12,29 +24,15 @@ async function copyPackageToAnotherDataContext(packageId, fromDataContext, toDat
     }
     const fromFiles = (0, files_1.Files)(fromDataContext);
     const toFiles = (0, files_1.Files)(toDataContext);
-    const bundleFile = await fromFiles.get(pkg.packageBundleFileId);
-    if (bundleFile) {
-        await toFiles.saveFileRecord(bundleFile);
-    }
-    else {
-        throw new Error(`Package bundle file ${pkg.packageBundleFileId} not found in fromDataContext`);
-    }
-    if (pkg.routesBundleFileId) {
-        const routesBundleFile = await fromFiles.get(pkg.routesBundleFileId);
-        if (routesBundleFile) {
-            await toFiles.saveFileRecord(routesBundleFile);
-        }
-        else {
-            throw new Error(`Routes bundle file ${pkg.routesBundleFileId} not found in fromDataContext`);
-        }
-    }
-    if (pkg.uiBundleFileId) {
-        const uiBundleFile = await fromFiles.get(pkg.uiBundleFileId);
-        if (uiBundleFile) {
-            await toFiles.saveFileRecord(uiBundleFile);
-        }
-        else {
-            throw new Error(`UI bundle file ${pkg.uiBundleFileId} not found in fromDataContext`);
+    if (pkg.activePackageVersionId) {
+        const fromPvTable = (0, package_versions_1.PackageVersions)(fromDataContext);
+        const toPvTable = (0, package_versions_1.PackageVersions)(toDataContext);
+        const pv = await fromPvTable.get(pkg.activePackageVersionId);
+        if (pv) {
+            await copyBundleFile(pv.packageBundleFileId, fromFiles, toFiles, 'Version package bundle');
+            await copyBundleFile(pv.routesBundleFileId, fromFiles, toFiles, 'Version routes bundle');
+            await copyBundleFile(pv.uiBundleFileId, fromFiles, toFiles, 'Version UI bundle');
+            await toPvTable.signAndSave(pv, { saveAsSnapshot: true });
         }
     }
     return toPackages.signAndSave(pkg);

package/dist/device/get-trust-level-fn.d.ts

@@ -1,3 +1,4 @@
+import { UserContext } from "../context";
 import { IDeviceInfo } from "../data";
 import { TrustLevel } from "./socket.type";
-export declare function getTrustLevelFn(me: Pick<IDeviceInfo, 'userId' | 'publicKey' | 'publicBoxKey'>, serverUrl?: string): (deviceInfo: IDeviceInfo, registerNew?: boolean) => Promise<TrustLevel>;
+export declare function getTrustLevelFn(me: Pick<IDeviceInfo, 'userId' | 'publicKey' | 'publicBoxKey'>, serverUrl?: string, injectedUserContext?: UserContext): (deviceInfo: IDeviceInfo, registerNew?: boolean) => Promise<TrustLevel>;

package/dist/device/get-trust-level-fn.js

@@ -4,9 +4,9 @@ exports.getTrustLevelFn = getTrustLevelFn;
 const context_1 = require("../context");
 const data_1 = require("../data");
 const socket_type_1 = require("./socket.type");
-function getTrustLevelFn(me, serverUrl) {
+function getTrustLevelFn(me, serverUrl, injectedUserContext) {
     return async function getTrustLevel(deviceInfo, registerNew) {
-        const userContext = await (0, context_1.getUserContext)();
+        const userContext = injectedUserContext ?? await (0, context_1.getUserContext)();
         const userDataContext = userContext.userDataContext;
         // if this is my own device it is trusted
         if (deviceInfo.userId === me.userId && deviceInfo.publicKey === me.publicKey && deviceInfo.publicBoxKey === me.publicBoxKey) {
@@ -43,9 +43,32 @@ function getTrustLevelFn(me, serverUrl) {
         }
         // TODO check user trust level, if they are untrusted, return immediately
         if (user && device && !(deviceInfo.userId === device.userId && deviceInfo.userId === user.userId && deviceInfo.publicKey === user.publicKey && deviceInfo.publicBoxKey === user.publicBoxKey)) {
-            // deviceInfo does not align with local info about user and device, return Untrusted
-            // TODO check if user has changed their public keys
-            return socket_type_1.TrustLevel.Untrusted;
+            // The stored user record has different public keys than what this device is presenting.
+            //
+            // By the time getTrustLevel is called the handshake has already been
+            // cryptographically verified: the connecting device proved ownership of
+            // deviceInfo.publicKey by signing the IDeviceHandshake with the
+            // corresponding secret key (verified in Device.handshakeResponse via
+            // openSignedObject).  The stored record is therefore stale — most
+            // commonly because it was synced from a relay before the first direct
+            // WebRTC connection and the relay's copy had wrong/empty keys.
+            //
+            // Rather than returning Untrusted (which would permanently block this
+            // device on every reconnect after the first), we refresh the stored
+            // keys with the verified values.  The signature is cleared so a
+            // subsequent sync of the real signed user record can replace this
+            // interim version.
+            if (deviceInfo.userId === device.userId) {
+                user.publicKey = deviceInfo.publicKey;
+                user.publicBoxKey = deviceInfo.publicBoxKey;
+                const { signature: _sig, ...userWithoutSig } = user;
+                await (0, data_1.Users)(userDataContext).save(userWithoutSig, { restoreIfDeleted: true });
+                user = userWithoutSig;
+            }
+            else {
+                // userId mismatch — genuinely untrusted
+                return socket_type_1.TrustLevel.Untrusted;
+            }
         }
         if (userTrustLevel?.trustLevel && userTrustLevel.trustLevel >= socket_type_1.TrustLevel.Trusted && device?.trustLevel && device.trustLevel >= socket_type_1.TrustLevel.Trusted) {
             device.lastSeen = new Date();
@@ -78,6 +101,7 @@ function getTrustLevelFn(me, serverUrl) {
         }
         trustLevel = device.trustLevel;
         let newUser = false;
+        let staleUserKeys = false;
         if (!user) {
             user = {
                 userId: deviceInfo.userId,
@@ -88,6 +112,16 @@ function getTrustLevelFn(me, serverUrl) {
             trustLevel = socket_type_1.TrustLevel.NewUser;
             newUser = true;
         }
+        else if (user.publicKey !== deviceInfo.publicKey || user.publicBoxKey !== deviceInfo.publicBoxKey) {
+            // User record exists but has stale keys (e.g. from a sync that arrived
+            // before this direct connection).  Refresh them with the verified keys
+            // so subsequent connections don't hit the mismatch check above.
+            user.publicKey = deviceInfo.publicKey;
+            user.publicBoxKey = deviceInfo.publicBoxKey;
+            const { signature: _sig, ...userWithoutSig } = user;
+            user = userWithoutSig;
+            staleUserKeys = true;
+        }
         // TODO - reimplement this, checks with peers to see if this is an untrusted device
         // let remoteTrustLevel = TrustLevel.Unknown;
         // for (const [serverUrl, conn] of Object.entries(getActiveConnections())) {
@@ -123,6 +157,9 @@ function getTrustLevelFn(me, serverUrl) {
                 weakInsert: true,
             });
         }
+        else if (staleUserKeys) {
+            await (0, data_1.Users)(userDataContext).save(user, { restoreIfDeleted: true });
+        }
         // device.trustLevel = remoteTrustLevel || trustLevel;
         await (0, data_1.Devices)(userDataContext).save(device, {
             restoreIfDeleted: true,

package/dist/package-loader/package-loader.js

@@ -4,6 +4,7 @@ exports.PackageLoader = void 0;
 exports.setDefaultRequire = setDefaultRequire;
 const tools_1 = require("../tools");
 const files_1 = require("../data/files");
+const package_versions_1 = require("../data/package-versions");
 const packages_1 = require("../data/packages");
 const tools_2 = require("../data/tools");
 class PackageLoader {
@@ -30,14 +31,24 @@ class PackageLoader {
         }
         try {
             let bundleCode = '';
-            if (pkg.packageBundleFileId) {
+            let bundleFileId;
+            if (pkg.activePackageVersionId) {
+                try {
+                    const pv = await (0, package_versions_1.PackageVersions)(this.dataContext).get(pkg.activePackageVersionId);
+                    if (pv) {
+                        bundleFileId = pv.packageBundleFileId;
+                    }
+                }
+                catch { /* no version record */ }
+            }
+            if (bundleFileId) {
                 const filesTable = (0, files_1.Files)(this.dataContext);
-                const bundleBuffer = await filesTable.getFileContents(pkg.packageBundleFileId);
+                const bundleBuffer = await filesTable.getFileContents(bundleFileId);
                 if (bundleBuffer) {
                     bundleCode = Buffer.from(bundleBuffer).toString('utf8');
                 }
                 else {
-                    console.warn(`Package bundle file not found for ${pkg.name} (fileId: ${pkg.packageBundleFileId})`);
+                    console.warn(`Package bundle file not found for ${pkg.name} (fileId: ${bundleFileId})`);
                 }
             }
             else {

package/dist/rpc-types.d.ts

@@ -61,11 +61,12 @@ export declare const rpcServerCalls: {
     importGroupShare: ((groupShareJson: string) => Promise<string>);
     appQuit: (() => Promise<void>);
     appRestart: (() => Promise<void>);
-    dbQuery: ((query: string) => Promise<{
+    dbQuery: ((query: string, dataContextId?: string) => Promise<{
         columns: string[];
         rows: any[][];
         rowCount: number;
     }>);
+    runTool: ((toolId: string, args: Record<string, any>, dataContextId?: string, assistantId?: string) => Promise<any>);
     uiReload: ((options?: {
         ignoreCache?: boolean;
     }) => Promise<void>);

package/dist/rpc-types.js

@@ -33,6 +33,8 @@ exports.rpcServerCalls = {
     appRestart: rpcStub('appRestart'),
     // Database exploration (for CLI)
     dbQuery: rpcStub('dbQuery'),
+    // Direct tool execution (for CLI)
+    runTool: rpcStub('runTool'),
     // UI control (for CLI)
     uiReload: rpcStub('uiReload'),
     uiInspect: rpcStub('uiInspect'),

package/dist/system-ids.d.ts

@@ -1,5 +1,6 @@
 export declare const peersRootUserId = "000peers0user000000000001";
 export declare const defaultAssistantId = "000peers0bot00000000shell";
+export declare const openCodeAssistantId = "00mlwl2km2opencode0000001";
 export declare const defaultAssistantRunnerToolId = "000peers0tool00000runner1";
 export declare const defaultSendMessageToolId = "000peers0tool00000sendmsg";
 export declare const runWorkflowToolId = "000peers0tool0runworkflow";

package/dist/system-ids.js

@@ -1,9 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.peersCorePackageRepoUrl = exports.peersCorePackageId = exports.emitEventToolId = exports.runWorkflowToolId = exports.defaultSendMessageToolId = exports.defaultAssistantRunnerToolId = exports.defaultAssistantId = exports.peersRootUserId = void 0;
+exports.peersCorePackageRepoUrl = exports.peersCorePackageId = exports.emitEventToolId = exports.runWorkflowToolId = exports.defaultSendMessageToolId = exports.defaultAssistantRunnerToolId = exports.openCodeAssistantId = exports.defaultAssistantId = exports.peersRootUserId = void 0;
 exports.peersRootUserId = '000peers0user000000000001';
 exports.defaultAssistantId = '000peers0bot00000000shell';
 // export const defaultAssistantId = '000peers0bot000000000bot1';
+exports.openCodeAssistantId = '00mlwl2km2opencode0000001';
 exports.defaultAssistantRunnerToolId = '000peers0tool00000runner1';
 exports.defaultSendMessageToolId = '000peers0tool00000sendmsg';
 exports.runWorkflowToolId = '000peers0tool0runworkflow';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@peers-app/peers-sdk",
-  "version": "0.9.5",
+  "version": "0.10.3",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/peers-app/peers-sdk.git"