@schoolai/shipyard 3.7.0 → 3.8.0-rc.20260529.0

package/dist/{chunk-7AHRFPAL.js → chunk-7YOU7MBN.js}

@@ -3,6 +3,60 @@ import {
   external_exports
 } from "./chunk-EHQITHQX.js";
 
+// ../../packages/session/src/skill-schemas.ts
+var SkillCompatibleAgentSchema = external_exports.enum(["claude-code", "codex", "cursor"]);
+var SkillBodyResolutionSchema = external_exports.enum(["native", "pass-in", "mirror", "unreachable"]);
+var SkillInfoSchema = external_exports.object({
+  name: external_exports.string(),
+  description: external_exports.string(),
+  path: external_exports.string().optional(),
+  sourceAgent: external_exports.string().optional(),
+  /**
+   * Which agent runtimes can invoke this skill. Defaults to `[sourceAgent]`
+   * on read for back-compat. Set by the daemon's compat resolver after
+   * detection. Codex pass-in via `[$name](skill://path)` extends a Claude
+   * skill's reach to include 'codex'; mirror=on makes both runtimes native.
+   * See plan: skill-compat.ts.
+   */
+  compatibleAgents: external_exports.array(SkillCompatibleAgentSchema).optional(),
+  /**
+   * How this skill reaches the active agent. `native` = agent's own resolver
+   * indexed it; `pass-in` = injected via `skill://` path at submission time;
+   * `mirror` = available through a Shipyard-managed symlink; `unreachable` =
+   * cannot be invoked from the active agent. Default on read: `'native'`.
+   */
+  bodyResolution: SkillBodyResolutionSchema.optional(),
+  /**
+   * Size of the SKILL.md in bytes. Used for context-budget warnings in the
+   * composer (per-skill display + per-session injection watermark). Excludes
+   * referenced asset files.
+   */
+  bodyBytes: external_exports.number().optional(),
+  /**
+   * Plugin id, when the skill is provided by a plugin install (under a plugin
+   * cache path such as
+   * `~/.claude/plugins/cache/<marketplace>/<plugin-id>/<version>/skills/...`
+   * or
+   * `~/.codex/plugins/cache/<marketplace>/<plugin-id>/<version>/skills/...`).
+   * Used as the SDK invocation prefix (`plugin:name`) — the only namespace
+   * form Claude's `Options.skills` and Codex's skill resolver recognize.
+   * Unset for user-, project-, and system-scoped skills (the SDK accepts
+   * bare names for those). Synthetic prefixes like `'user'`, `'project'`, the
+   * marketplace name, or the agent name (e.g. `'claude-code'`) are NEVER
+   * written here — they would be rejected at invocation time with "Skill X is
+   * not in this session's skills allowlist".
+   */
+  namespace: external_exports.string().optional(),
+  /**
+   * Set when the entry was loaded from the persistent Codex skills cache at
+   * daemon boot (before the live `listSkills` RPC has replied). The composer
+   * may render these with a "stale" treatment; once the RPC result lands the
+   * flag is cleared. Never persisted in the cache file itself — the file
+   * carries fresh skills and the loader stamps `stale: true` on read.
+   */
+  stale: external_exports.boolean().optional()
+});
+
 // ../../packages/session/src/schemas.ts
 var BRANCH_NAME_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9/_.-]*$/;
 var ErrorResponseSchema = external_exports.object({
@@ -35,8 +89,8 @@ var AuthGitHubCallbackRequestSchema = external_exports.object({
 var OAuthUserSchema = external_exports.object({
   /** Shipyard user ID ("usr_abc123") */
   id: external_exports.string(),
-  /** Display name */
   displayName: external_exports.string(),
+  login: external_exports.string().optional(),
   /** GitHub avatar URL */
   avatarUrl: external_exports.string().nullable(),
   /** Linked providers */
@@ -158,8 +212,8 @@ var PresignedUrlPayloadSchema = external_exports.object({
   generation: external_exports.number().optional()
 });
 var ReasoningCapabilitySchema = external_exports.object({
-  efforts: external_exports.array(external_exports.enum(["none", "low", "medium", "high", "xhigh", "max"])).min(1),
-  defaultEffort: external_exports.enum(["none", "low", "medium", "high", "xhigh", "max"])
+  efforts: external_exports.array(external_exports.enum(["none", "low", "medium", "high", "xhigh", "ultracode", "max"])).min(1),
+  defaultEffort: external_exports.enum(["none", "low", "medium", "high", "xhigh", "ultracode", "max"])
 }).refine((data) => data.efforts.includes(data.defaultEffort), {
   message: "defaultEffort must be one of the supported efforts"
 });
@@ -196,12 +250,33 @@ var AnthropicAuthStatusSchema = external_exports.object({
   orgName: external_exports.string().optional(),
   subscriptionType: external_exports.string().nullable().optional(),
   apiProvider: external_exports.string().optional(),
+  /**
+   * Account identifier surfaced for collision detection on the web side
+   * (Step 19). Populated from the email claim or subject claim of the
+   * id_token. Optional/nullable so older daemons that omit the field
+   * still parse cleanly.
+   */
+  accountId: external_exports.string().optional(),
   authMismatch: external_exports.object({
     selected: AnthropicAuthMethodEnum,
     envMethod: AnthropicAuthMethodEnum,
     envVar: external_exports.string()
   }).optional()
 });
+var CursorAuthStatusSchema = external_exports.object({
+  status: external_exports.enum(["authenticated", "unauthenticated", "unknown"]),
+  method: external_exports.enum(["api-key", "none"]).optional(),
+  email: external_exports.string().optional(),
+  accountId: external_exports.string().optional(),
+  apiKeyHint: external_exports.string().optional()
+});
+var CodexAuthStatusSchema = external_exports.object({
+  status: external_exports.enum(["authenticated", "unauthenticated", "unknown"]),
+  method: external_exports.enum(["chatgpt", "api-key", "bedrock", "none"]).optional(),
+  email: external_exports.string().optional(),
+  accountId: external_exports.string().optional(),
+  apiKeyHint: external_exports.string().optional()
+});
 var MCPServerAuthStatusSchema = external_exports.enum(["authenticated", "unauthenticated", "unknown"]);
 var MCPServerSourceSchema = external_exports.enum([
   "project",
@@ -215,11 +290,19 @@ var MCP_SERVER_TYPES = ["stdio", "http", "sse"];
 var MCPServerTypeSchema = external_exports.enum(MCP_SERVER_TYPES);
 var MCPOAuthConfigSchema = external_exports.object({
   clientId: external_exports.string().optional(),
-  callbackPort: external_exports.number().optional()
+  /**
+   * `.positive()` rejects `0` at the boundary so a malformed
+   * `.mcp.json` with `oauth.callbackPort: 0` doesn't propagate
+   * through to DCR and cement `http://localhost:0/callback` in the
+   * OAuth state. Downstream defensive guards still treat undefined
+   * the same as "missing".
+   */
+  callbackPort: external_exports.number().int().positive().optional()
 });
 var MCPServerInfoSchema = external_exports.object({
   name: external_exports.string(),
   type: MCPServerTypeSchema.default("stdio"),
+  runtimeId: external_exports.string().min(1).optional(),
   command: external_exports.string().optional(),
   args: external_exports.array(external_exports.string()).optional(),
   env: external_exports.record(external_exports.string(), external_exports.string()).optional(),
@@ -228,12 +311,10 @@ var MCPServerInfoSchema = external_exports.object({
   oauth: MCPOAuthConfigSchema.optional(),
   enabled: external_exports.boolean(),
   source: MCPServerSourceSchema,
+  sourceLabel: external_exports.string().optional(),
+  sourcePath: external_exports.string().optional(),
   authStatus: MCPServerAuthStatusSchema
 });
-var SkillInfoSchema = external_exports.object({
-  name: external_exports.string(),
-  description: external_exports.string()
-});
 var MarketplacePluginInfoSchema = external_exports.object({
   name: external_exports.string(),
   description: external_exports.string(),
@@ -245,23 +326,95 @@ var MarketplacePluginInfoSchema = external_exports.object({
   version: external_exports.string().optional(),
   isExternal: external_exports.boolean()
 });
+var RuntimeIdSchema = external_exports.string().min(1);
 var ClaudeCodeAgentSchema = external_exports.object({
   id: external_exports.literal("claude-code"),
+  providerId: external_exports.literal("anthropic").default("anthropic"),
   name: external_exports.literal("Claude Code"),
   version: external_exports.string().optional()
 });
-var InstalledAgentSchema = external_exports.discriminatedUnion("id", [ClaudeCodeAgentSchema]);
+var CodexAgentSchema = external_exports.object({
+  id: external_exports.literal("codex"),
+  providerId: external_exports.literal("openai").default("openai"),
+  name: external_exports.literal("Codex"),
+  version: external_exports.string().optional()
+});
+var CursorAgentSchema = external_exports.object({
+  id: external_exports.literal("cursor"),
+  providerId: external_exports.literal("anysphere").default("anysphere"),
+  name: external_exports.literal("Cursor"),
+  version: external_exports.string().optional()
+});
+var InstalledAgentSchema = external_exports.object({
+  id: RuntimeIdSchema,
+  providerId: external_exports.string().min(1).default("unknown").optional(),
+  name: external_exports.string().min(1),
+  version: external_exports.string().optional()
+});
+var InstalledRuntimeSchema = InstalledAgentSchema;
+var RuntimeAuthStatusSchema = external_exports.object({
+  runtimeId: RuntimeIdSchema,
+  providerId: external_exports.string().min(1),
+  status: external_exports.enum(["authenticated", "unauthenticated", "unknown"]),
+  method: external_exports.string().optional(),
+  email: external_exports.string().optional(),
+  /**
+   * Stable account identifier from the provider. Optional — only set
+   * when the auth payload includes it (codex chatgpt path, cursor
+   * api-key path once `/v1/me` is wired).
+   */
+  accountId: external_exports.string().optional(),
+  /**
+   * Masked hint for the api-key auth method, e.g. `crsr_abc***xyz12` or
+   * `sk-abc***xyz12`. Lets the settings card show "Signed in as ..."
+   * without exposing the full secret.
+   */
+  apiKeyHint: external_exports.string().optional(),
+  orgName: external_exports.string().optional(),
+  subscriptionType: external_exports.string().nullable().optional(),
+  apiProvider: external_exports.string().optional(),
+  authMismatch: external_exports.object({
+    selected: external_exports.string().min(1),
+    envMethod: external_exports.string().min(1),
+    envVar: external_exports.string()
+  }).optional()
+});
+var CommonDirSchema = external_exports.object({
+  path: external_exports.string(),
+  label: external_exports.string()
+});
 var MachineCapabilitiesSchema = external_exports.object({
   models: external_exports.array(ModelInfoSchema),
   environments: external_exports.array(GitRepoInfoSchema),
   permissionModes: external_exports.array(PermissionModeSchema),
   homeDir: external_exports.string(),
+  /**
+   * Pre-detected common directories (e.g. ~/Documents). Optional with a
+   * default so pre-v79 daemons that don't send the field still parse —
+   * the browser falls back to a Home-only picker. See PROTOCOL_VERSION 79.
+   */
+  commonDirs: external_exports.array(CommonDirSchema).default([]),
   anthropicAuth: AnthropicAuthStatusSchema.optional(),
+  /**
+   * Codex auth status (PROTOCOL_VERSION 83). Optional + `.nullable()`
+   * because pre-v83 daemons don't emit the field; older browsers reading
+   * a v83 daemon's snapshot ignore the unknown key.
+   */
+  codexAuth: CodexAuthStatusSchema.nullable().optional(),
+  /**
+   * Cursor auth status (PROTOCOL_VERSION 102). Same nullable+optional
+   * shape as `codexAuth` so pre-cursor daemons / older browsers stay
+   * compatible. The `cursor-agent` profile's `authDetector` populates
+   * this on every `refreshFull` / cursor login.
+   */
+  cursorAuth: CursorAuthStatusSchema.nullable().optional(),
+  runtimeAuth: external_exports.record(external_exports.string(), RuntimeAuthStatusSchema).default({}).optional(),
   mcpServers: external_exports.array(MCPServerInfoSchema),
   skills: external_exports.array(SkillInfoSchema),
   marketplacePlugins: external_exports.array(MarketplacePluginInfoSchema),
   autoModeEnabled: external_exports.boolean().optional(),
   installedAgents: external_exports.array(InstalledAgentSchema),
+  installedRuntimes: external_exports.array(InstalledRuntimeSchema).default([]).optional(),
   /**
    * False until `runCapabilityDetection` resolves (success OR failure).
    * Browser banner predicates that treat empty arrays as authoritative-empty
@@ -548,6 +701,8 @@ var AuthLinearCallbackRequestSchema = external_exports.object({
 var AuthLinearCallbackResponseSchema = external_exports.object({
   /** Linear access token */
   linearAccessToken: external_exports.string(),
+  /** OAuth refresh token, when Linear returns one (requires offline_access scope) */
+  refreshToken: external_exports.string().optional(),
   /** Seconds until the access token expires (from Linear's token response) */
   expiresIn: external_exports.number().optional(),
   /** Linear user info */
@@ -621,6 +776,10 @@ var MetricsIngestResponseSchema = external_exports.object({
   accepted: external_exports.number()
 });
 
+// ../../packages/session/src/protocol-version.ts
+var PROTOCOL_VERSION = 110;
+var MIN_PROTOCOL_VERSION = 103;
+
 // ../../packages/session/src/routes.ts
 var ROUTES = {
   HEALTH: "/health",
@@ -647,7 +806,10 @@ var ROUTES = {
   METRICS_QUERY_EVENTS: "/query/events",
   PUBLISH_UPLOAD: "/publish",
   PUBLISH_ITEM: "/publish/:id",
-  PUBLISH_MINE: "/publish/mine"
+  PUBLISH_MINE: "/publish/mine",
+  ELECTRON_INSTALL_STABLE: "/install.sh",
+  ELECTRON_INSTALL_NEXT: "/install-next.sh",
+  ELECTRON_DOWNLOAD: "/downloads/electron/:channel/:file"
 };
 var ROUTE_DESCRIPTIONS = [
   `GET ${ROUTES.HEALTH}`,
@@ -676,11 +838,14 @@ var ROUTE_DESCRIPTIONS = [
   `POST ${ROUTES.PUBLISH_UPLOAD}`,
   `PUT ${ROUTES.PUBLISH_ITEM}`,
   `DELETE ${ROUTES.PUBLISH_ITEM}`,
-  `GET ${ROUTES.PUBLISH_MINE}`
+  `GET ${ROUTES.PUBLISH_MINE}`,
+  `GET ${ROUTES.ELECTRON_INSTALL_STABLE}`,
+  `GET ${ROUTES.ELECTRON_INSTALL_NEXT}`,
+  `GET ${ROUTES.ELECTRON_DOWNLOAD}`
 ];
 
 // ../../packages/session/src/claude-code-compat.ts
-var TESTED_CLAUDE_CODE_VERSION = "2.1.120";
+var TESTED_CLAUDE_CODE_VERSION = "2.1.153";
 function classifyClaudeCodeCompatibility(detected, tested = TESTED_CLAUDE_CODE_VERSION) {
   if (!detected) return { status: "unknown" };
   const detectedParts = detected.split(".");
@@ -886,7 +1051,7 @@ function extractCloseCode(ev) {
 
 // ../../packages/session/src/personal-room-connection.ts
 var DEFAULT_BACKOFF_SCHEDULE = [1e3, 2e3, 4e3, 8e3, 15e3, 3e4];
-var DEFAULT_SLOW_RETRY_DELAY_MS = 3e4;
+var DEFAULT_SLOW_RETRY_DELAY_MS = 3e5;
 var DEFAULT_PING_INTERVAL_MS = 3e4;
 var DEFAULT_PONG_TIMEOUT_MS = 6e4;
 var PersonalRoomConnection = class {
@@ -1178,9 +1343,6 @@ var PersonalRoomConnection = class {
   }
 };
 
-// ../../packages/session/src/protocol-version.ts
-var PROTOCOL_VERSION = 74;
-
 // ../../packages/session/src/publish-constants.ts
 var PUBLISHED_PREVIEW_KINDS = [
   "html",
@@ -1249,6 +1411,9 @@ export {
   CollabCreateRequestSchema,
   CollabCreateResponseSchema,
   PermissionModeSchema,
+  AnthropicAuthStatusSchema,
+  CursorAuthStatusSchema,
+  CodexAuthStatusSchema,
   DEFAULT_ICE_SERVERS,
   GitHubIssueCreateRequestSchema,
   GitHubIssueCreateResponseSchema,
@@ -1271,6 +1436,7 @@ export {
   CollabRoomConnection,
   PersonalRoomConnection,
   PROTOCOL_VERSION,
+  MIN_PROTOCOL_VERSION,
   PUBLISHED_PREVIEW_KINDS,
   PUBLISH_TTL_CHOICES,
   MAX_BUILD_TOTAL_BYTES,
@@ -1279,4 +1445,4 @@ export {
   PublishCreateResponseSchema,
   ROUTES
 };
-//# sourceMappingURL=chunk-7AHRFPAL.js.map
+//# sourceMappingURL=chunk-7YOU7MBN.js.map