studiograph 1.3.48-next.2 → 1.3.48-next.201

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1157) hide show
  1. package/README.md +26 -16
  2. package/dist/agent/agent-pool.d.ts +117 -0
  3. package/dist/agent/agent-pool.js +287 -0
  4. package/dist/agent/agent-pool.js.map +1 -0
  5. package/dist/agent/followups.d.ts +34 -0
  6. package/dist/agent/followups.js +52 -0
  7. package/dist/agent/followups.js.map +1 -0
  8. package/dist/agent/orchestrator.d.ts +113 -22
  9. package/dist/agent/orchestrator.js +574 -181
  10. package/dist/agent/orchestrator.js.map +1 -1
  11. package/dist/agent/prompts/entity-types-section.d.ts +34 -0
  12. package/dist/agent/prompts/entity-types-section.js +76 -0
  13. package/dist/agent/prompts/entity-types-section.js.map +1 -0
  14. package/dist/agent/prompts/system.md +147 -69
  15. package/dist/agent/skill-loader.d.ts +30 -17
  16. package/dist/agent/skill-loader.js +63 -30
  17. package/dist/agent/skill-loader.js.map +1 -1
  18. package/dist/agent/skills/entity-schema.md +77 -433
  19. package/dist/agent/skills/interview/entity-templates.md +193 -0
  20. package/dist/agent/skills/interview/question-domains.md +391 -0
  21. package/dist/agent/skills/interview/skill.md +204 -0
  22. package/dist/agent/skills/schema-rules.md +54 -0
  23. package/dist/agent/tools/capture-tools.d.ts +31 -0
  24. package/dist/agent/tools/capture-tools.js +40 -0
  25. package/dist/agent/tools/capture-tools.js.map +1 -0
  26. package/dist/agent/tools/folder-tools.d.ts +47 -0
  27. package/dist/agent/tools/folder-tools.js +249 -0
  28. package/dist/agent/tools/folder-tools.js.map +1 -0
  29. package/dist/agent/tools/fs-tools.d.ts +7 -6
  30. package/dist/agent/tools/fs-tools.js +5 -4
  31. package/dist/agent/tools/fs-tools.js.map +1 -1
  32. package/dist/agent/tools/graph-tools.d.ts +21 -58
  33. package/dist/agent/tools/graph-tools.js +664 -333
  34. package/dist/agent/tools/graph-tools.js.map +1 -1
  35. package/dist/agent/tools/history-tools.d.ts +95 -0
  36. package/dist/agent/tools/history-tools.js +461 -0
  37. package/dist/agent/tools/history-tools.js.map +1 -0
  38. package/dist/agent/tools/load-skill.d.ts +6 -5
  39. package/dist/agent/tools/load-skill.js +3 -3
  40. package/dist/agent/tools/load-skill.js.map +1 -1
  41. package/dist/agent/tools/ops-tools.d.ts +5 -4
  42. package/dist/agent/tools/ops-tools.js +130 -236
  43. package/dist/agent/tools/ops-tools.js.map +1 -1
  44. package/dist/agent/tools/permission-tools.d.ts +87 -17
  45. package/dist/agent/tools/permission-tools.js +233 -38
  46. package/dist/agent/tools/permission-tools.js.map +1 -1
  47. package/dist/agent/tools/tool-loader.js +5 -4
  48. package/dist/agent/tools/tool-loader.js.map +1 -1
  49. package/dist/agent/tools/web-tools.js +58 -9
  50. package/dist/agent/tools/web-tools.js.map +1 -1
  51. package/dist/cli/commands/about.d.ts +1 -0
  52. package/dist/cli/commands/about.js +55 -3
  53. package/dist/cli/commands/about.js.map +1 -1
  54. package/dist/cli/commands/admin/audit-workspace.d.ts +23 -0
  55. package/dist/cli/commands/admin/audit-workspace.js +133 -0
  56. package/dist/cli/commands/admin/audit-workspace.js.map +1 -0
  57. package/dist/cli/commands/admin/audit.d.ts +21 -0
  58. package/dist/cli/commands/admin/audit.js +174 -0
  59. package/dist/cli/commands/admin/audit.js.map +1 -0
  60. package/dist/cli/commands/admin/backup.d.ts +54 -0
  61. package/dist/cli/commands/admin/backup.js +207 -0
  62. package/dist/cli/commands/admin/backup.js.map +1 -0
  63. package/dist/cli/commands/admin/folder.d.ts +11 -0
  64. package/dist/cli/commands/admin/folder.js +186 -0
  65. package/dist/cli/commands/admin/folder.js.map +1 -0
  66. package/dist/cli/commands/admin/index.d.ts +16 -0
  67. package/dist/cli/commands/admin/index.js +46 -0
  68. package/dist/cli/commands/admin/index.js.map +1 -0
  69. package/dist/cli/commands/admin/migrate-assets.d.ts +53 -0
  70. package/dist/cli/commands/admin/migrate-assets.js +184 -0
  71. package/dist/cli/commands/admin/migrate-assets.js.map +1 -0
  72. package/dist/cli/commands/admin/migrate.d.ts +56 -0
  73. package/dist/cli/commands/admin/migrate.js +263 -0
  74. package/dist/cli/commands/admin/migrate.js.map +1 -0
  75. package/dist/cli/commands/admin/restore.d.ts +24 -0
  76. package/dist/cli/commands/admin/restore.js +228 -0
  77. package/dist/cli/commands/admin/restore.js.map +1 -0
  78. package/dist/cli/commands/admin/secrets.d.ts +23 -0
  79. package/dist/cli/commands/admin/secrets.js +256 -0
  80. package/dist/cli/commands/admin/secrets.js.map +1 -0
  81. package/dist/cli/commands/admin/settings.d.ts +28 -0
  82. package/dist/cli/commands/admin/settings.js +284 -0
  83. package/dist/cli/commands/admin/settings.js.map +1 -0
  84. package/dist/cli/commands/admin/token.d.ts +42 -0
  85. package/dist/cli/commands/admin/token.js +126 -0
  86. package/dist/cli/commands/admin/token.js.map +1 -0
  87. package/dist/cli/commands/admin/transfer-ownership.d.ts +15 -0
  88. package/dist/cli/commands/admin/transfer-ownership.js +106 -0
  89. package/dist/cli/commands/admin/transfer-ownership.js.map +1 -0
  90. package/dist/cli/commands/admin/user.d.ts +11 -0
  91. package/dist/cli/commands/admin/user.js +187 -0
  92. package/dist/cli/commands/admin/user.js.map +1 -0
  93. package/dist/cli/commands/clone.d.ts +25 -3
  94. package/dist/cli/commands/clone.js +142 -36
  95. package/dist/cli/commands/clone.js.map +1 -1
  96. package/dist/cli/commands/commit.d.ts +1 -1
  97. package/dist/cli/commands/commit.js +24 -11
  98. package/dist/cli/commands/commit.js.map +1 -1
  99. package/dist/cli/commands/config.d.ts +23 -107
  100. package/dist/cli/commands/config.js +52 -260
  101. package/dist/cli/commands/config.js.map +1 -1
  102. package/dist/cli/commands/connector.d.ts +10 -13
  103. package/dist/cli/commands/connector.js +16 -58
  104. package/dist/cli/commands/connector.js.map +1 -1
  105. package/dist/cli/commands/deploy.js +215 -68
  106. package/dist/cli/commands/deploy.js.map +1 -1
  107. package/dist/cli/commands/index.js +2 -2
  108. package/dist/cli/commands/index.js.map +1 -1
  109. package/dist/cli/commands/init.js +10 -30
  110. package/dist/cli/commands/init.js.map +1 -1
  111. package/dist/cli/commands/mcp.js +12 -4
  112. package/dist/cli/commands/mcp.js.map +1 -1
  113. package/dist/cli/commands/orphans.js +14 -30
  114. package/dist/cli/commands/orphans.js.map +1 -1
  115. package/dist/cli/commands/r2.d.ts +3 -0
  116. package/dist/cli/commands/r2.js +223 -204
  117. package/dist/cli/commands/r2.js.map +1 -1
  118. package/dist/cli/commands/redeploy.js +65 -12
  119. package/dist/cli/commands/redeploy.js.map +1 -1
  120. package/dist/cli/commands/reset.d.ts +22 -6
  121. package/dist/cli/commands/reset.js +142 -63
  122. package/dist/cli/commands/reset.js.map +1 -1
  123. package/dist/cli/commands/serve.js +218 -24
  124. package/dist/cli/commands/serve.js.map +1 -1
  125. package/dist/cli/commands/sync.d.ts +1 -1
  126. package/dist/cli/commands/sync.js +372 -202
  127. package/dist/cli/commands/sync.js.map +1 -1
  128. package/dist/cli/crypto-bundle.d.ts +39 -0
  129. package/dist/cli/crypto-bundle.js +94 -0
  130. package/dist/cli/crypto-bundle.js.map +1 -0
  131. package/dist/cli/index.js +24 -35
  132. package/dist/cli/index.js.map +1 -1
  133. package/dist/cli/railway-pin.d.ts +68 -0
  134. package/dist/cli/railway-pin.js +96 -0
  135. package/dist/cli/railway-pin.js.map +1 -0
  136. package/dist/cli/railway-provisioning.d.ts +53 -0
  137. package/dist/cli/railway-provisioning.js +85 -0
  138. package/dist/cli/railway-provisioning.js.map +1 -0
  139. package/dist/cli/setup-wizard.d.ts +33 -52
  140. package/dist/cli/setup-wizard.js +43 -68
  141. package/dist/cli/setup-wizard.js.map +1 -1
  142. package/dist/core/accent-palette.d.ts +22 -0
  143. package/dist/core/accent-palette.js +47 -0
  144. package/dist/core/accent-palette.js.map +1 -0
  145. package/dist/core/cell-anchor.d.ts +29 -0
  146. package/dist/core/cell-anchor.js +53 -0
  147. package/dist/core/cell-anchor.js.map +1 -0
  148. package/dist/core/comment-anchor.d.ts +41 -0
  149. package/dist/core/comment-anchor.js +147 -0
  150. package/dist/core/comment-anchor.js.map +1 -0
  151. package/dist/core/commit-messages.d.ts +57 -0
  152. package/dist/core/commit-messages.js +85 -0
  153. package/dist/core/commit-messages.js.map +1 -0
  154. package/dist/core/embeds.d.ts +77 -0
  155. package/dist/core/embeds.js +147 -0
  156. package/dist/core/embeds.js.map +1 -0
  157. package/dist/core/entity-body-templates.d.ts +21 -0
  158. package/dist/core/entity-body-templates.js +53 -0
  159. package/dist/core/entity-body-templates.js.map +1 -0
  160. package/dist/core/entity-types-catalog.d.ts +65 -0
  161. package/dist/core/entity-types-catalog.js +140 -0
  162. package/dist/core/entity-types-catalog.js.map +1 -0
  163. package/dist/core/folder-paths.d.ts +41 -0
  164. package/dist/core/folder-paths.js +95 -0
  165. package/dist/core/folder-paths.js.map +1 -0
  166. package/dist/core/folder-sidecar.d.ts +36 -0
  167. package/dist/core/folder-sidecar.js +91 -0
  168. package/dist/core/folder-sidecar.js.map +1 -0
  169. package/dist/core/format-registry.d.ts +170 -0
  170. package/dist/core/format-registry.js +404 -0
  171. package/dist/core/format-registry.js.map +1 -0
  172. package/dist/core/graph.d.ts +731 -14
  173. package/dist/core/graph.js +2202 -315
  174. package/dist/core/graph.js.map +1 -1
  175. package/dist/core/history-diff.d.ts +35 -0
  176. package/dist/core/history-diff.js +114 -0
  177. package/dist/core/history-diff.js.map +1 -0
  178. package/dist/core/refs.d.ts +41 -0
  179. package/dist/core/refs.js +80 -0
  180. package/dist/core/refs.js.map +1 -0
  181. package/dist/core/schema-registry.d.ts +82 -0
  182. package/dist/core/schema-registry.js +238 -0
  183. package/dist/core/schema-registry.js.map +1 -1
  184. package/dist/core/schemas/connector.d.ts +67 -0
  185. package/dist/core/schemas/connector.js +100 -0
  186. package/dist/core/schemas/connector.js.map +1 -0
  187. package/dist/core/schemas/workspace.d.ts +122 -0
  188. package/dist/core/schemas/workspace.js +211 -0
  189. package/dist/core/schemas/workspace.js.map +1 -0
  190. package/dist/core/secrets/SecretStore.d.ts +77 -0
  191. package/dist/core/secrets/SecretStore.js +13 -0
  192. package/dist/core/secrets/SecretStore.js.map +1 -0
  193. package/dist/core/secrets/SettingsResolver.d.ts +54 -0
  194. package/dist/core/secrets/SettingsResolver.js +80 -0
  195. package/dist/core/secrets/SettingsResolver.js.map +1 -0
  196. package/dist/core/secrets/SettingsStore.d.ts +30 -0
  197. package/dist/core/secrets/SettingsStore.js +9 -0
  198. package/dist/core/secrets/SettingsStore.js.map +1 -0
  199. package/dist/core/secrets/SqliteEncryptedStore.d.ts +90 -0
  200. package/dist/core/secrets/SqliteEncryptedStore.js +598 -0
  201. package/dist/core/secrets/SqliteEncryptedStore.js.map +1 -0
  202. package/dist/core/secrets/audit.d.ts +36 -0
  203. package/dist/core/secrets/audit.js +60 -0
  204. package/dist/core/secrets/audit.js.map +1 -0
  205. package/dist/core/secrets/auth-db-migration.d.ts +129 -0
  206. package/dist/core/secrets/auth-db-migration.js +653 -0
  207. package/dist/core/secrets/auth-db-migration.js.map +1 -0
  208. package/dist/core/secrets/bundle.d.ts +141 -0
  209. package/dist/core/secrets/bundle.js +435 -0
  210. package/dist/core/secrets/bundle.js.map +1 -0
  211. package/dist/core/secrets/dual-write.d.ts +81 -0
  212. package/dist/core/secrets/dual-write.js +247 -0
  213. package/dist/core/secrets/dual-write.js.map +1 -0
  214. package/dist/core/secrets/encryption.d.ts +44 -0
  215. package/dist/core/secrets/encryption.js +97 -0
  216. package/dist/core/secrets/encryption.js.map +1 -0
  217. package/dist/core/secrets/index.d.ts +49 -0
  218. package/dist/core/secrets/index.js +74 -0
  219. package/dist/core/secrets/index.js.map +1 -0
  220. package/dist/core/secrets/master-key.d.ts +38 -0
  221. package/dist/core/secrets/master-key.js +122 -0
  222. package/dist/core/secrets/master-key.js.map +1 -0
  223. package/dist/core/secrets/probes/anthropic.d.ts +98 -0
  224. package/dist/core/secrets/probes/anthropic.js +300 -0
  225. package/dist/core/secrets/probes/anthropic.js.map +1 -0
  226. package/dist/core/secrets/probes/brave.d.ts +9 -0
  227. package/dist/core/secrets/probes/brave.js +15 -0
  228. package/dist/core/secrets/probes/brave.js.map +1 -0
  229. package/dist/core/secrets/probes/r2.d.ts +15 -0
  230. package/dist/core/secrets/probes/r2.js +14 -0
  231. package/dist/core/secrets/probes/r2.js.map +1 -0
  232. package/dist/core/secrets/probes/tavily.d.ts +18 -0
  233. package/dist/core/secrets/probes/tavily.js +58 -0
  234. package/dist/core/secrets/probes/tavily.js.map +1 -0
  235. package/dist/core/secrets/probes/voyage.d.ts +13 -0
  236. package/dist/core/secrets/probes/voyage.js +52 -0
  237. package/dist/core/secrets/probes/voyage.js.map +1 -0
  238. package/dist/core/secrets/r2-structural-migration.d.ts +39 -0
  239. package/dist/core/secrets/r2-structural-migration.js +109 -0
  240. package/dist/core/secrets/r2-structural-migration.js.map +1 -0
  241. package/dist/core/secrets/read-flip.d.ts +59 -0
  242. package/dist/core/secrets/read-flip.js +87 -0
  243. package/dist/core/secrets/read-flip.js.map +1 -0
  244. package/dist/core/secrets/registry.d.ts +188 -0
  245. package/dist/core/secrets/registry.js +616 -0
  246. package/dist/core/secrets/registry.js.map +1 -0
  247. package/dist/core/types.d.ts +80 -475
  248. package/dist/core/types.js +27 -3
  249. package/dist/core/types.js.map +1 -1
  250. package/dist/core/user-config.d.ts +75 -7
  251. package/dist/core/user-config.js +155 -7
  252. package/dist/core/user-config.js.map +1 -1
  253. package/dist/core/validation.d.ts +731 -1790
  254. package/dist/core/validation.js +442 -228
  255. package/dist/core/validation.js.map +1 -1
  256. package/dist/core/workspace-manager.d.ts +89 -12
  257. package/dist/core/workspace-manager.js +225 -73
  258. package/dist/core/workspace-manager.js.map +1 -1
  259. package/dist/core/workspace.d.ts +19 -5
  260. package/dist/core/workspace.js +69 -35
  261. package/dist/core/workspace.js.map +1 -1
  262. package/dist/mcp/comment-virtual-entity.d.ts +36 -0
  263. package/dist/mcp/comment-virtual-entity.js +71 -0
  264. package/dist/mcp/comment-virtual-entity.js.map +1 -0
  265. package/dist/mcp/connector-manager.d.ts +94 -13
  266. package/dist/mcp/connector-manager.js +283 -62
  267. package/dist/mcp/connector-manager.js.map +1 -1
  268. package/dist/mcp/oauth-provider.d.ts +27 -33
  269. package/dist/mcp/oauth-provider.js +65 -134
  270. package/dist/mcp/oauth-provider.js.map +1 -1
  271. package/dist/mcp/oauth-registry.d.ts +62 -0
  272. package/dist/mcp/oauth-registry.js +85 -0
  273. package/dist/mcp/oauth-registry.js.map +1 -0
  274. package/dist/mcp/server.d.ts +11 -3
  275. package/dist/mcp/server.js +30 -5
  276. package/dist/mcp/server.js.map +1 -1
  277. package/dist/mcp/state-signer.d.ts +62 -0
  278. package/dist/mcp/state-signer.js +205 -0
  279. package/dist/mcp/state-signer.js.map +1 -0
  280. package/dist/mcp/tools.d.ts +35 -2
  281. package/dist/mcp/tools.js +1361 -112
  282. package/dist/mcp/tools.js.map +1 -1
  283. package/dist/server/__tests__/helpers/graph-api.d.ts +16 -0
  284. package/dist/server/__tests__/helpers/graph-api.js +16 -0
  285. package/dist/server/__tests__/helpers/graph-api.js.map +1 -0
  286. package/dist/server/asset-index-queue.d.ts +96 -0
  287. package/dist/server/asset-index-queue.js +191 -0
  288. package/dist/server/asset-index-queue.js.map +1 -0
  289. package/dist/server/body-write-coordinator.d.ts +151 -0
  290. package/dist/server/body-write-coordinator.js +161 -0
  291. package/dist/server/body-write-coordinator.js.map +1 -0
  292. package/dist/server/cloud-billing-flow.d.ts +32 -0
  293. package/dist/server/cloud-billing-flow.js +75 -0
  294. package/dist/server/cloud-billing-flow.js.map +1 -0
  295. package/dist/server/commit-audit.d.ts +26 -0
  296. package/dist/server/commit-audit.js +30 -0
  297. package/dist/server/commit-audit.js.map +1 -0
  298. package/dist/server/index.d.ts +22 -3
  299. package/dist/server/index.js +622 -198
  300. package/dist/server/index.js.map +1 -1
  301. package/dist/server/middleware/sanitize.d.ts +46 -0
  302. package/dist/server/middleware/sanitize.js +171 -0
  303. package/dist/server/middleware/sanitize.js.map +1 -0
  304. package/dist/server/routes/asset-api.d.ts +31 -0
  305. package/dist/server/routes/asset-api.js +593 -0
  306. package/dist/server/routes/asset-api.js.map +1 -0
  307. package/dist/server/routes/audit-api.d.ts +24 -0
  308. package/dist/server/routes/audit-api.js +117 -0
  309. package/dist/server/routes/audit-api.js.map +1 -0
  310. package/dist/server/routes/auth-api.d.ts +3 -2
  311. package/dist/server/routes/auth-api.js +573 -39
  312. package/dist/server/routes/auth-api.js.map +1 -1
  313. package/dist/server/routes/capture-api.d.ts +18 -0
  314. package/dist/server/routes/capture-api.js +257 -0
  315. package/dist/server/routes/capture-api.js.map +1 -0
  316. package/dist/server/routes/chat-sessions-api.d.ts +9 -0
  317. package/dist/server/routes/chat-sessions-api.js +121 -0
  318. package/dist/server/routes/chat-sessions-api.js.map +1 -0
  319. package/dist/server/routes/chat.d.ts +12 -1
  320. package/dist/server/routes/chat.js +318 -88
  321. package/dist/server/routes/chat.js.map +1 -1
  322. package/dist/server/routes/comments-api.d.ts +15 -0
  323. package/dist/server/routes/comments-api.js +444 -0
  324. package/dist/server/routes/comments-api.js.map +1 -0
  325. package/dist/server/routes/config-api.d.ts +21 -0
  326. package/dist/server/routes/config-api.js +256 -0
  327. package/dist/server/routes/config-api.js.map +1 -0
  328. package/dist/server/routes/connectors-api.d.ts +17 -0
  329. package/dist/server/routes/connectors-api.js +410 -0
  330. package/dist/server/routes/connectors-api.js.map +1 -0
  331. package/dist/server/routes/event-ingest-api.d.ts +15 -0
  332. package/dist/server/routes/event-ingest-api.js +125 -0
  333. package/dist/server/routes/event-ingest-api.js.map +1 -0
  334. package/dist/server/routes/git-http.d.ts +3 -3
  335. package/dist/server/routes/git-http.js +86 -38
  336. package/dist/server/routes/git-http.js.map +1 -1
  337. package/dist/server/routes/graph-api-access.d.ts +57 -0
  338. package/dist/server/routes/graph-api-access.js +112 -0
  339. package/dist/server/routes/graph-api-access.js.map +1 -0
  340. package/dist/server/routes/graph-api.d.ts +1 -1
  341. package/dist/server/routes/graph-api.js +1529 -263
  342. package/dist/server/routes/graph-api.js.map +1 -1
  343. package/dist/server/routes/health.d.ts +18 -0
  344. package/dist/server/routes/health.js +74 -0
  345. package/dist/server/routes/health.js.map +1 -0
  346. package/dist/server/routes/import-batch.d.ts +24 -0
  347. package/dist/server/routes/import-batch.js +33 -0
  348. package/dist/server/routes/import-batch.js.map +1 -0
  349. package/dist/server/routes/insights-api.d.ts +9 -2
  350. package/dist/server/routes/insights-api.js +384 -38
  351. package/dist/server/routes/insights-api.js.map +1 -1
  352. package/dist/server/routes/mcp.d.ts +7 -3
  353. package/dist/server/routes/mcp.js +22 -6
  354. package/dist/server/routes/mcp.js.map +1 -1
  355. package/dist/server/routes/oauth-api.d.ts +67 -0
  356. package/dist/server/routes/oauth-api.js +421 -0
  357. package/dist/server/routes/oauth-api.js.map +1 -0
  358. package/dist/server/routes/permissions-api.d.ts +9 -2
  359. package/dist/server/routes/permissions-api.js +87 -30
  360. package/dist/server/routes/permissions-api.js.map +1 -1
  361. package/dist/server/routes/r2-api.d.ts +25 -0
  362. package/dist/server/routes/r2-api.js +276 -0
  363. package/dist/server/routes/r2-api.js.map +1 -0
  364. package/dist/server/routes/secrets-api.d.ts +36 -0
  365. package/dist/server/routes/secrets-api.js +308 -0
  366. package/dist/server/routes/secrets-api.js.map +1 -0
  367. package/dist/server/routes/settings-api.d.ts +29 -0
  368. package/dist/server/routes/settings-api.js +180 -0
  369. package/dist/server/routes/settings-api.js.map +1 -0
  370. package/dist/server/routes/share-api.d.ts +32 -0
  371. package/dist/server/routes/share-api.js +234 -0
  372. package/dist/server/routes/share-api.js.map +1 -0
  373. package/dist/server/routes/url-api.d.ts +7 -0
  374. package/dist/server/routes/url-api.js +74 -0
  375. package/dist/server/routes/url-api.js.map +1 -0
  376. package/dist/server/routes/views-api.js +75 -7
  377. package/dist/server/routes/views-api.js.map +1 -1
  378. package/dist/server/routes/workspace-api.d.ts +2 -1
  379. package/dist/server/routes/workspace-api.js +129 -35
  380. package/dist/server/routes/workspace-api.js.map +1 -1
  381. package/dist/server/routes/ws.d.ts +2 -1
  382. package/dist/server/routes/ws.js +68 -16
  383. package/dist/server/routes/ws.js.map +1 -1
  384. package/dist/server/session-manager.d.ts +48 -5
  385. package/dist/server/session-manager.js +182 -15
  386. package/dist/server/session-manager.js.map +1 -1
  387. package/dist/server/ws-hub.d.ts +138 -14
  388. package/dist/server/ws-hub.js +0 -0
  389. package/dist/server/ws-hub.js.map +1 -1
  390. package/dist/server/yjs-manager.d.ts +285 -7
  391. package/dist/server/yjs-manager.js +907 -36
  392. package/dist/server/yjs-manager.js.map +1 -1
  393. package/dist/server/yjs-persistence.d.ts +165 -0
  394. package/dist/server/yjs-persistence.js +557 -0
  395. package/dist/server/yjs-persistence.js.map +1 -0
  396. package/dist/server/yjs-text-diff.d.ts +32 -0
  397. package/dist/server/yjs-text-diff.js +61 -0
  398. package/dist/server/yjs-text-diff.js.map +1 -0
  399. package/dist/services/access-control.d.ts +73 -0
  400. package/dist/services/access-control.js +165 -0
  401. package/dist/services/access-control.js.map +1 -0
  402. package/dist/services/asset-caption-service.d.ts +102 -0
  403. package/dist/services/asset-caption-service.js +184 -0
  404. package/dist/services/asset-caption-service.js.map +1 -0
  405. package/dist/services/asset-delete-authz.d.ts +31 -0
  406. package/dist/services/asset-delete-authz.js +61 -0
  407. package/dist/services/asset-delete-authz.js.map +1 -0
  408. package/dist/services/asset-finalize-service.d.ts +58 -0
  409. package/dist/services/asset-finalize-service.js +207 -0
  410. package/dist/services/asset-finalize-service.js.map +1 -0
  411. package/dist/services/asset-import-service.d.ts +111 -0
  412. package/dist/services/asset-import-service.js +394 -0
  413. package/dist/services/asset-import-service.js.map +1 -0
  414. package/dist/services/asset-index-sweep.d.ts +92 -0
  415. package/dist/services/asset-index-sweep.js +258 -0
  416. package/dist/services/asset-index-sweep.js.map +1 -0
  417. package/dist/services/asset-lifecycle-check.d.ts +22 -0
  418. package/dist/services/asset-lifecycle-check.js +80 -0
  419. package/dist/services/asset-lifecycle-check.js.map +1 -0
  420. package/dist/services/asset-listing.d.ts +72 -0
  421. package/dist/services/asset-listing.js +321 -0
  422. package/dist/services/asset-listing.js.map +1 -0
  423. package/dist/services/asset-presign-service.d.ts +68 -0
  424. package/dist/services/asset-presign-service.js +124 -0
  425. package/dist/services/asset-presign-service.js.map +1 -0
  426. package/dist/services/asset-sidecar-service.d.ts +30 -0
  427. package/dist/services/asset-sidecar-service.js +96 -0
  428. package/dist/services/asset-sidecar-service.js.map +1 -0
  429. package/dist/services/asset-upload-errors.d.ts +41 -0
  430. package/dist/services/asset-upload-errors.js +45 -0
  431. package/dist/services/asset-upload-errors.js.map +1 -0
  432. package/dist/services/asset-upload-service.d.ts +74 -0
  433. package/dist/services/asset-upload-service.js +244 -0
  434. package/dist/services/asset-upload-service.js.map +1 -0
  435. package/dist/services/asset-upload-token.d.ts +58 -0
  436. package/dist/services/asset-upload-token.js +75 -0
  437. package/dist/services/asset-upload-token.js.map +1 -0
  438. package/dist/services/assets/asset-index-service.d.ts +127 -0
  439. package/dist/services/assets/asset-index-service.js +227 -0
  440. package/dist/services/assets/asset-index-service.js.map +1 -0
  441. package/dist/services/assets/base.d.ts +118 -1
  442. package/dist/services/assets/base.js +77 -1
  443. package/dist/services/assets/base.js.map +1 -1
  444. package/dist/services/assets/index.d.ts +103 -1
  445. package/dist/services/assets/index.js +192 -0
  446. package/dist/services/assets/index.js.map +1 -1
  447. package/dist/services/assets/local.d.ts +16 -1
  448. package/dist/services/assets/local.js +110 -1
  449. package/dist/services/assets/local.js.map +1 -1
  450. package/dist/services/assets/r2-sync.d.ts +88 -0
  451. package/dist/services/assets/r2-sync.js +412 -0
  452. package/dist/services/assets/r2-sync.js.map +1 -0
  453. package/dist/services/assets/r2.d.ts +87 -1
  454. package/dist/services/assets/r2.js +203 -1
  455. package/dist/services/assets/r2.js.map +1 -1
  456. package/dist/services/auth-service.d.ts +350 -36
  457. package/dist/services/auth-service.js +1179 -140
  458. package/dist/services/auth-service.js.map +1 -1
  459. package/dist/services/bookmark-import-service.d.ts +49 -0
  460. package/dist/services/bookmark-import-service.js +250 -0
  461. package/dist/services/bookmark-import-service.js.map +1 -0
  462. package/dist/services/chat-session-service.d.ts +96 -0
  463. package/dist/services/chat-session-service.js +316 -0
  464. package/dist/services/chat-session-service.js.map +1 -0
  465. package/dist/services/cloud-inference-billing.d.ts +64 -0
  466. package/dist/services/cloud-inference-billing.js +313 -0
  467. package/dist/services/cloud-inference-billing.js.map +1 -0
  468. package/dist/services/comment-service.d.ts +97 -0
  469. package/dist/services/comment-service.js +341 -0
  470. package/dist/services/comment-service.js.map +1 -0
  471. package/dist/services/convert-service.d.ts +64 -0
  472. package/dist/services/convert-service.js +68 -0
  473. package/dist/services/convert-service.js.map +1 -0
  474. package/dist/services/csv-service.d.ts +22 -17
  475. package/dist/services/csv-service.js +55 -92
  476. package/dist/services/csv-service.js.map +1 -1
  477. package/dist/services/entity-mutations.d.ts +210 -0
  478. package/dist/services/entity-mutations.js +377 -0
  479. package/dist/services/entity-mutations.js.map +1 -0
  480. package/dist/services/event-processor.d.ts +104 -0
  481. package/dist/services/event-processor.js +441 -0
  482. package/dist/services/event-processor.js.map +1 -0
  483. package/dist/services/extract/docx.d.ts +1 -0
  484. package/dist/services/extract/docx.js +233 -0
  485. package/dist/services/extract/docx.js.map +1 -0
  486. package/dist/services/extract/index.d.ts +9 -0
  487. package/dist/services/extract/index.js +10 -0
  488. package/dist/services/extract/index.js.map +1 -0
  489. package/dist/services/extract/pdf.d.ts +13 -0
  490. package/dist/services/extract/pdf.js +69 -0
  491. package/dist/services/extract/pdf.js.map +1 -0
  492. package/dist/services/folder-creation.d.ts +33 -0
  493. package/dist/services/folder-creation.js +103 -0
  494. package/dist/services/folder-creation.js.map +1 -0
  495. package/dist/services/git.d.ts +54 -0
  496. package/dist/services/git.js +188 -54
  497. package/dist/services/git.js.map +1 -1
  498. package/dist/services/graph-maintenance.d.ts +42 -0
  499. package/dist/services/graph-maintenance.js +143 -0
  500. package/dist/services/graph-maintenance.js.map +1 -0
  501. package/dist/services/import-service.d.ts +58 -3
  502. package/dist/services/import-service.js +316 -100
  503. package/dist/services/import-service.js.map +1 -1
  504. package/dist/services/lint-service.js +10 -17
  505. package/dist/services/lint-service.js.map +1 -1
  506. package/dist/services/markdown.d.ts +12 -1
  507. package/dist/services/markdown.js +77 -9
  508. package/dist/services/markdown.js.map +1 -1
  509. package/dist/services/memory-service.d.ts +22 -14
  510. package/dist/services/memory-service.js +53 -35
  511. package/dist/services/memory-service.js.map +1 -1
  512. package/dist/services/mention-detector.d.ts +23 -0
  513. package/dist/services/mention-detector.js +47 -0
  514. package/dist/services/mention-detector.js.map +1 -0
  515. package/dist/services/model-capabilities.d.ts +41 -0
  516. package/dist/services/model-capabilities.js +107 -0
  517. package/dist/services/model-capabilities.js.map +1 -0
  518. package/dist/services/notification-broadcast.d.ts +32 -0
  519. package/dist/services/notification-broadcast.js +38 -0
  520. package/dist/services/notification-broadcast.js.map +1 -0
  521. package/dist/services/notification-service.d.ts +41 -0
  522. package/dist/services/notification-service.js +100 -0
  523. package/dist/services/notification-service.js.map +1 -0
  524. package/dist/services/oauth-server-store.d.ts +147 -0
  525. package/dist/services/oauth-server-store.js +319 -0
  526. package/dist/services/oauth-server-store.js.map +1 -0
  527. package/dist/services/orphan-service.js +2 -2
  528. package/dist/services/orphan-service.js.map +1 -1
  529. package/dist/services/personal-folder.d.ts +40 -0
  530. package/dist/services/personal-folder.js +101 -0
  531. package/dist/services/personal-folder.js.map +1 -0
  532. package/dist/services/share-link-service.d.ts +57 -0
  533. package/dist/services/share-link-service.js +142 -0
  534. package/dist/services/share-link-service.js.map +1 -0
  535. package/dist/services/user-person-bridge.d.ts +136 -0
  536. package/dist/services/user-person-bridge.js +340 -0
  537. package/dist/services/user-person-bridge.js.map +1 -0
  538. package/dist/services/vector-service.d.ts +260 -6
  539. package/dist/services/vector-service.js +574 -31
  540. package/dist/services/vector-service.js.map +1 -1
  541. package/dist/services/workspace-access.d.ts +108 -0
  542. package/dist/services/workspace-access.js +149 -0
  543. package/dist/services/workspace-access.js.map +1 -0
  544. package/dist/services/workspace-assets-folder.d.ts +46 -0
  545. package/dist/services/workspace-assets-folder.js +75 -0
  546. package/dist/services/workspace-assets-folder.js.map +1 -0
  547. package/dist/utils/git.d.ts +17 -2
  548. package/dist/utils/git.js +23 -7
  549. package/dist/utils/git.js.map +1 -1
  550. package/dist/utils/log.d.ts +42 -0
  551. package/dist/utils/log.js +137 -0
  552. package/dist/utils/log.js.map +1 -0
  553. package/dist/utils/preflight.js +2 -2
  554. package/dist/utils/preflight.js.map +1 -1
  555. package/dist/utils/version-checker.d.ts +12 -19
  556. package/dist/utils/version-checker.js +14 -104
  557. package/dist/utils/version-checker.js.map +1 -1
  558. package/dist/web/_app/immutable/assets/0.BZHoBJEc.css +2 -0
  559. package/dist/web/_app/immutable/assets/12.DlIf1mKh.css +1 -0
  560. package/dist/web/_app/immutable/assets/13.7d-Q37wc.css +1 -0
  561. package/dist/web/_app/immutable/assets/14.BwBFdc1D.css +1 -0
  562. package/dist/web/_app/immutable/assets/15.CmLrbzZp.css +1 -0
  563. package/dist/web/_app/immutable/assets/16.B0GwXar3.css +1 -0
  564. package/dist/web/_app/immutable/assets/2.C9Vt4JHy.css +1 -0
  565. package/dist/web/_app/immutable/assets/3.BFvgCYSk.css +1 -0
  566. package/dist/web/_app/immutable/assets/4.OmdYF47-.css +1 -0
  567. package/dist/web/_app/immutable/assets/5.C6MySjPq.css +1 -0
  568. package/dist/web/_app/immutable/assets/BulkActionsBar.Bx7nxMjH.css +1 -0
  569. package/dist/web/_app/immutable/assets/CalendarView.lBCvS3X5.css +1 -0
  570. package/dist/web/_app/immutable/assets/CodeMirrorEditor.D6hf2pNJ.css +1 -0
  571. package/dist/web/_app/immutable/assets/CopyField.DVGZtw4U.css +1 -0
  572. package/dist/web/_app/immutable/assets/FolderMembersPanel.DX1oBeF_.css +1 -0
  573. package/dist/web/_app/immutable/assets/FolderMutationDialogs.D2B7KrRn.css +1 -0
  574. package/dist/web/_app/immutable/assets/FolderPicker.B5KdvRYl.css +1 -0
  575. package/dist/web/_app/immutable/assets/GalleryView.CF48FWYQ.css +1 -0
  576. package/dist/web/_app/immutable/assets/GraphView.BJtGL9py.css +1 -0
  577. package/dist/web/_app/immutable/assets/KanbanView.BOaI5KFL.css +1 -0
  578. package/dist/web/_app/immutable/assets/Link.vV0ne105.css +1 -0
  579. package/dist/web/_app/immutable/assets/Markdown.BqgpZCv5.css +1 -0
  580. package/dist/web/_app/immutable/assets/Rail.f8lsriOT.css +1 -0
  581. package/dist/web/_app/immutable/assets/SettingsDialog.DwMus2u2.css +1 -0
  582. package/dist/web/_app/immutable/assets/Spinner.UBfl0pab.css +1 -0
  583. package/dist/web/_app/immutable/assets/StopFilledAlt.fNlDN65D.css +1 -0
  584. package/dist/web/_app/immutable/assets/TimelineView.DriOGAKB.css +1 -0
  585. package/dist/web/_app/immutable/assets/WorkspaceView.u5VdwRR6.css +1 -0
  586. package/dist/web/_app/immutable/assets/button.BlLm4Dg1.css +1 -0
  587. package/dist/web/_app/immutable/assets/checkbox.DK0MgYgb.css +1 -0
  588. package/dist/web/_app/immutable/assets/dist.DDCWxn3B.css +1 -0
  589. package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-400-normal.CvHOgSBP.woff +0 -0
  590. package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-400-normal.DMJ8VG8y.woff2 +0 -0
  591. package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-500-normal.CB9ihrfo.woff +0 -0
  592. package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-500-normal.DSY6xOcd.woff2 +0 -0
  593. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-italic.CZTNEAuW.woff2 +0 -0
  594. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-italic.CsGl1sm0.woff +0 -0
  595. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-normal.CDDApCn2.woff2 +0 -0
  596. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-normal.CYLoc0-x.woff +0 -0
  597. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-italic.BNK2_mGO.woff2 +0 -0
  598. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-italic.DpEwFAQM.woff +0 -0
  599. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-normal.6ng42L7E.woff2 +0 -0
  600. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-normal.BgVn5rGT.woff +0 -0
  601. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-600-normal.Cu4Hd6ag.woff +0 -0
  602. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-600-normal.CuJfVYMP.woff2 +0 -0
  603. package/dist/web/_app/immutable/assets/inline-list.cqga56xT.css +1 -0
  604. package/dist/web/_app/immutable/assets/list-columns.DiLB0G5L.css +1 -0
  605. package/dist/web/_app/immutable/assets/select.BFL238eD.css +1 -0
  606. package/dist/web/_app/immutable/assets/sheet.4rY4hpfJ.css +1 -0
  607. package/dist/web/_app/immutable/chunks/2oYV6q4R.js +2 -0
  608. package/dist/web/_app/immutable/chunks/4XSri7g0.js +1 -0
  609. package/dist/web/_app/immutable/chunks/4iaT0dG72.js +1 -0
  610. package/dist/web/_app/immutable/chunks/5_TKU9QS2.js +1 -0
  611. package/dist/web/_app/immutable/chunks/8Yh26Z9_2.js +1 -0
  612. package/dist/web/_app/immutable/chunks/Atl8xKOm.js +2 -0
  613. package/dist/web/_app/immutable/chunks/B-Z_xZy_.js +4 -0
  614. package/dist/web/_app/immutable/chunks/B0pk0Lyx.js +1 -0
  615. package/dist/web/_app/immutable/chunks/B1RnjnNt.js +1 -0
  616. package/dist/web/_app/immutable/chunks/B2n86UNJ.js +1 -0
  617. package/dist/web/_app/immutable/chunks/B318GEUB2.js +1 -0
  618. package/dist/web/_app/immutable/chunks/B6Lt-qaJ.js +1 -0
  619. package/dist/web/_app/immutable/chunks/B8yrQWxT2.js +1 -0
  620. package/dist/web/_app/immutable/chunks/BADt8daH.js +2 -0
  621. package/dist/web/_app/immutable/chunks/BBGt-XQo.js +3 -0
  622. package/dist/web/_app/immutable/chunks/BDIUHcEz.js +1 -0
  623. package/dist/web/_app/immutable/chunks/BDSuq3KH.js +1 -0
  624. package/dist/web/_app/immutable/chunks/BGiLU5VN.js +1 -0
  625. package/dist/web/_app/immutable/chunks/BJgOZTHR.js +1 -0
  626. package/dist/web/_app/immutable/chunks/BOSiTh-42.js +1 -0
  627. package/dist/web/_app/immutable/chunks/BPxcCdjn.js +1 -0
  628. package/dist/web/_app/immutable/chunks/BVPNAzAK.js +1 -0
  629. package/dist/web/_app/immutable/chunks/BcOvJgjM.js +1 -0
  630. package/dist/web/_app/immutable/chunks/BdYQewoD.js +1 -0
  631. package/dist/web/_app/immutable/chunks/BfCWIy8t.js +8 -0
  632. package/dist/web/_app/immutable/chunks/BgRT-K6w.js +5 -0
  633. package/dist/web/_app/immutable/chunks/BibveGGd.js +1 -0
  634. package/dist/web/_app/immutable/chunks/BmM5VZ4W.js +1 -0
  635. package/dist/web/_app/immutable/chunks/BnIYzuS1.js +66 -0
  636. package/dist/web/_app/immutable/chunks/BoDmwOTJ.js +1 -0
  637. package/dist/web/_app/immutable/chunks/BoglwbZW.js +1 -0
  638. package/dist/web/_app/immutable/chunks/Bqm_YrIg2.js +23 -0
  639. package/dist/web/_app/immutable/chunks/BtMRrdc4.js +2 -0
  640. package/dist/web/_app/immutable/chunks/C-AnzvKr.js +7 -0
  641. package/dist/web/_app/immutable/chunks/C1Y3tUpz.js +1 -0
  642. package/dist/web/_app/immutable/chunks/C6VZhhwF.js +1 -0
  643. package/dist/web/_app/immutable/chunks/C8IMrD4G2.js +3 -0
  644. package/dist/web/_app/immutable/chunks/CAXXrbj52.js +1 -0
  645. package/dist/web/_app/immutable/chunks/CB-0u-Pc2.js +1 -0
  646. package/dist/web/_app/immutable/chunks/CEniyZ1Z2.js +6 -0
  647. package/dist/web/_app/immutable/chunks/CJhElIkU2.js +1 -0
  648. package/dist/web/_app/immutable/chunks/CK8tIaYT.js +1 -0
  649. package/dist/web/_app/immutable/chunks/CM8uYli8.js +1 -0
  650. package/dist/web/_app/immutable/chunks/CTzjJm_m2.js +1 -0
  651. package/dist/web/_app/immutable/chunks/CUXqa1nn2.js +1 -0
  652. package/dist/web/_app/immutable/chunks/CY0iY_WO.js +1 -0
  653. package/dist/web/_app/immutable/chunks/CbCfNNV_2.js +2692 -0
  654. package/dist/web/_app/immutable/chunks/CbuGIyDu2.js +22 -0
  655. package/dist/web/_app/immutable/chunks/CcRGXA-t.js +1 -0
  656. package/dist/web/_app/immutable/chunks/CcXmQaYs2.js +1 -0
  657. package/dist/web/_app/immutable/chunks/CcaQuaSt2.js +1 -0
  658. package/dist/web/_app/immutable/chunks/CoHaBDpN2.js +2 -0
  659. package/dist/web/_app/immutable/chunks/Cvbd3myc2.js +14 -0
  660. package/dist/web/_app/immutable/chunks/D20C1thX2.js +1 -0
  661. package/dist/web/_app/immutable/chunks/D3JoMtWC.js +7 -0
  662. package/dist/web/_app/immutable/chunks/D3ch71s_.js +1 -0
  663. package/dist/web/_app/immutable/chunks/D4xXlMEU.js +2 -0
  664. package/dist/web/_app/immutable/chunks/D5GipQqN2.js +1 -0
  665. package/dist/web/_app/immutable/chunks/D9TyJuu_.js +1 -0
  666. package/dist/web/_app/immutable/chunks/DBFijAmG.js +1 -0
  667. package/dist/web/_app/immutable/chunks/DHLjkH7T.js +1 -0
  668. package/dist/web/_app/immutable/chunks/DIfdPIt_2.js +1 -0
  669. package/dist/web/_app/immutable/chunks/DO_sw49q2.js +1 -0
  670. package/dist/web/_app/immutable/chunks/DP69PpIj.js +1 -0
  671. package/dist/web/_app/immutable/chunks/DQ3HSZMs.js +2 -0
  672. package/dist/web/_app/immutable/chunks/DQMWa2t7.js +1 -0
  673. package/dist/web/_app/immutable/chunks/DT0wzK622.js +1 -0
  674. package/dist/web/_app/immutable/chunks/DTnEJArL.js +1 -0
  675. package/dist/web/_app/immutable/chunks/DToS-G202.js +1 -0
  676. package/dist/web/_app/immutable/chunks/DZcU6mGe2.js +1 -0
  677. package/dist/web/_app/immutable/chunks/DbslMybD.js +1 -0
  678. package/dist/web/_app/immutable/chunks/DcGThsSF.js +1 -0
  679. package/dist/web/_app/immutable/chunks/DcPrzUMJ.js +1 -0
  680. package/dist/web/_app/immutable/chunks/De0g5qop2.js +1 -0
  681. package/dist/web/_app/immutable/chunks/DimS8dbZ2.js +1 -0
  682. package/dist/web/_app/immutable/chunks/DjuqhOjF.js +1 -0
  683. package/dist/web/_app/immutable/chunks/Dk6sAhpo.js +3 -0
  684. package/dist/web/_app/immutable/chunks/Dl6cnwyk.js +1 -0
  685. package/dist/web/_app/immutable/chunks/DnIQzIOz.js +1 -0
  686. package/dist/web/_app/immutable/chunks/DnXYAo60.js +1 -0
  687. package/dist/web/_app/immutable/chunks/DnrImJan.js +1 -0
  688. package/dist/web/_app/immutable/chunks/Dpuq25vu2.js +1 -0
  689. package/dist/web/_app/immutable/chunks/DrMZDWru.js +1 -0
  690. package/dist/web/_app/immutable/chunks/DsVOtl0N.js +1 -0
  691. package/dist/web/_app/immutable/chunks/DuTXsWdP.js +2 -0
  692. package/dist/web/_app/immutable/chunks/Dw-frCfE.js +1 -0
  693. package/dist/web/_app/immutable/chunks/Dz34u8Ie2.js +185 -0
  694. package/dist/web/_app/immutable/chunks/DzcFeQZU2.js +2 -0
  695. package/dist/web/_app/immutable/chunks/DzrRTvug.js +1 -0
  696. package/dist/web/_app/immutable/chunks/G5oUVQa92.js +1 -0
  697. package/dist/web/_app/immutable/chunks/HyhOhoeq2.js +2 -0
  698. package/dist/web/_app/immutable/chunks/J5nb9xxj.js +1 -0
  699. package/dist/web/_app/immutable/chunks/JCjEwqH9.js +1 -0
  700. package/dist/web/_app/immutable/chunks/JN_nsXUm2.js +1 -0
  701. package/dist/web/_app/immutable/chunks/JS2_GaB1.js +1 -0
  702. package/dist/web/_app/immutable/chunks/MtI6dyxu.js +1 -0
  703. package/dist/web/_app/immutable/chunks/N6vnY5Si2.js +1 -0
  704. package/dist/web/_app/immutable/chunks/PcEbaKam.js +2 -0
  705. package/dist/web/_app/immutable/chunks/VTYhCLh9.js +2 -0
  706. package/dist/web/_app/immutable/chunks/Wowi_89k.js +5 -0
  707. package/dist/web/_app/immutable/chunks/Y_asqJqs2.js +83 -0
  708. package/dist/web/_app/immutable/chunks/Yhg5Q4MT.js +1 -0
  709. package/dist/web/_app/immutable/chunks/f_eYccPf2.js +1 -0
  710. package/dist/web/_app/immutable/chunks/hm_8RsuL.js +1 -0
  711. package/dist/web/_app/immutable/chunks/iPCkjliu.js +3 -0
  712. package/dist/web/_app/immutable/chunks/j2AvgZGz.js +1 -0
  713. package/dist/web/_app/immutable/chunks/kNaey6uv.js +1 -0
  714. package/dist/web/_app/immutable/chunks/l1761xxj.js +1 -0
  715. package/dist/web/_app/immutable/chunks/liGRFQqV2.js +184 -0
  716. package/dist/web/_app/immutable/chunks/lq1kR86d.js +1 -0
  717. package/dist/web/_app/immutable/chunks/mIykYR4F2.js +1 -0
  718. package/dist/web/_app/immutable/chunks/rbhlO_t8.js +1 -0
  719. package/dist/web/_app/immutable/chunks/tJpAwaTl.js +1 -0
  720. package/dist/web/_app/immutable/chunks/tcegdii0.js +2 -0
  721. package/dist/web/_app/immutable/chunks/u8G2EUvz2.js +224 -0
  722. package/dist/web/_app/immutable/chunks/vgsM0KTm2.js +1 -0
  723. package/dist/web/_app/immutable/chunks/xcGI4fuV.js +1 -0
  724. package/dist/web/_app/immutable/chunks/xihTtKlq.js +1 -0
  725. package/dist/web/_app/immutable/chunks/yEYlhV9G2.js +1 -0
  726. package/dist/web/_app/immutable/entry/app.DSf_XGp8.js +2 -0
  727. package/dist/web/_app/immutable/entry/start.B7ScfxPc.js +1 -0
  728. package/dist/web/_app/immutable/nodes/0.BMSOOETY.js +2 -0
  729. package/dist/web/_app/immutable/nodes/1.B0lBUpHt.js +1 -0
  730. package/dist/web/_app/immutable/nodes/10.DmDbUH1j.js +1 -0
  731. package/dist/web/_app/immutable/nodes/11.gwY7gZdR.js +1 -0
  732. package/dist/web/_app/immutable/nodes/12.BpGHSr2y.js +1 -0
  733. package/dist/web/_app/immutable/nodes/13.Bf178QF_.js +1 -0
  734. package/dist/web/_app/immutable/nodes/14.D_x8-nk9.js +1 -0
  735. package/dist/web/_app/immutable/nodes/15.DY4XeagL.js +1 -0
  736. package/dist/web/_app/immutable/nodes/16.DPqftx8x.js +77 -0
  737. package/dist/web/_app/immutable/nodes/2.OM2LGRpi.js +109 -0
  738. package/dist/web/_app/immutable/nodes/3.e8ZoPCmC.js +6 -0
  739. package/dist/web/_app/immutable/nodes/4.BdYR1hNQ.js +11 -0
  740. package/dist/web/_app/immutable/nodes/5.B8sOFna9.js +5 -0
  741. package/dist/web/_app/immutable/nodes/6.L1BbYsmo.js +1 -0
  742. package/dist/web/_app/immutable/nodes/7.B7zoemJD.js +1 -0
  743. package/dist/web/_app/immutable/nodes/8.B1VtnfMK.js +1 -0
  744. package/dist/web/_app/immutable/nodes/9.BE3VCQzk.js +1 -0
  745. package/dist/web/_app/version.json +1 -1
  746. package/dist/web/favicon-16.png +0 -0
  747. package/dist/web/favicon-180.png +0 -0
  748. package/dist/web/favicon-32.png +0 -0
  749. package/dist/web/favicon-48.png +0 -0
  750. package/dist/web/favicon-512.png +0 -0
  751. package/dist/web/favicon.ico +0 -0
  752. package/dist/web/favicon.svg +8 -0
  753. package/dist/web/index.html +58 -19
  754. package/dist/web/studiograph-logomark.svg +29 -0
  755. package/package.json +38 -14
  756. package/dist/agent/skills/enrich-entities.md +0 -136
  757. package/dist/agent/skills/obsidian-source-setup.md +0 -246
  758. package/dist/agent/skills/skill-loader.d.ts +0 -48
  759. package/dist/agent/skills/skill-loader.js +0 -166
  760. package/dist/agent/skills/skill-loader.js.map +0 -1
  761. package/dist/agent/skills/sync-configuration.md +0 -119
  762. package/dist/agent/skills/sync-setup.md +0 -82
  763. package/dist/agent/tools/sync-tools.d.ts +0 -35
  764. package/dist/agent/tools/sync-tools.js +0 -992
  765. package/dist/agent/tools/sync-tools.js.map +0 -1
  766. package/dist/auth/github.d.ts +0 -56
  767. package/dist/auth/github.js +0 -169
  768. package/dist/auth/github.js.map +0 -1
  769. package/dist/cli/commands/access.d.ts +0 -11
  770. package/dist/cli/commands/access.js +0 -156
  771. package/dist/cli/commands/access.js.map +0 -1
  772. package/dist/cli/commands/app.d.ts +0 -7
  773. package/dist/cli/commands/app.js +0 -268
  774. package/dist/cli/commands/app.js.map +0 -1
  775. package/dist/cli/commands/auth.d.ts +0 -10
  776. package/dist/cli/commands/auth.js +0 -79
  777. package/dist/cli/commands/auth.js.map +0 -1
  778. package/dist/cli/commands/clear.d.ts +0 -5
  779. package/dist/cli/commands/clear.js +0 -36
  780. package/dist/cli/commands/clear.js.map +0 -1
  781. package/dist/cli/commands/collection.d.ts +0 -10
  782. package/dist/cli/commands/collection.js +0 -187
  783. package/dist/cli/commands/collection.js.map +0 -1
  784. package/dist/cli/commands/enrich.d.ts +0 -11
  785. package/dist/cli/commands/enrich.js +0 -135
  786. package/dist/cli/commands/enrich.js.map +0 -1
  787. package/dist/cli/commands/graphrag.d.ts +0 -12
  788. package/dist/cli/commands/graphrag.js +0 -122
  789. package/dist/cli/commands/graphrag.js.map +0 -1
  790. package/dist/cli/commands/join.d.ts +0 -9
  791. package/dist/cli/commands/join.js +0 -255
  792. package/dist/cli/commands/join.js.map +0 -1
  793. package/dist/cli/commands/members.d.ts +0 -11
  794. package/dist/cli/commands/members.js +0 -230
  795. package/dist/cli/commands/members.js.map +0 -1
  796. package/dist/cli/commands/org.d.ts +0 -10
  797. package/dist/cli/commands/org.js +0 -132
  798. package/dist/cli/commands/org.js.map +0 -1
  799. package/dist/cli/commands/provision.d.ts +0 -8
  800. package/dist/cli/commands/provision.js +0 -116
  801. package/dist/cli/commands/provision.js.map +0 -1
  802. package/dist/cli/commands/resolve.d.ts +0 -8
  803. package/dist/cli/commands/resolve.js +0 -85
  804. package/dist/cli/commands/resolve.js.map +0 -1
  805. package/dist/cli/commands/review.d.ts +0 -19
  806. package/dist/cli/commands/review.js +0 -128
  807. package/dist/cli/commands/review.js.map +0 -1
  808. package/dist/cli/commands/source.d.ts +0 -16
  809. package/dist/cli/commands/source.js +0 -159
  810. package/dist/cli/commands/source.js.map +0 -1
  811. package/dist/cli/commands/start.d.ts +0 -7
  812. package/dist/cli/commands/start.js +0 -589
  813. package/dist/cli/commands/start.js.map +0 -1
  814. package/dist/cli/commands/sync-collection.d.ts +0 -14
  815. package/dist/cli/commands/sync-collection.js +0 -355
  816. package/dist/cli/commands/sync-collection.js.map +0 -1
  817. package/dist/cli/commands/sync-entities.d.ts +0 -13
  818. package/dist/cli/commands/sync-entities.js +0 -242
  819. package/dist/cli/commands/sync-entities.js.map +0 -1
  820. package/dist/cli/commands/team.d.ts +0 -12
  821. package/dist/cli/commands/team.js +0 -185
  822. package/dist/cli/commands/team.js.map +0 -1
  823. package/dist/cli/commands/update.d.ts +0 -8
  824. package/dist/cli/commands/update.js +0 -155
  825. package/dist/cli/commands/update.js.map +0 -1
  826. package/dist/cli/commands/user.d.ts +0 -7
  827. package/dist/cli/commands/user.js +0 -153
  828. package/dist/cli/commands/user.js.map +0 -1
  829. package/dist/cli/scaffolding.d.ts +0 -12
  830. package/dist/cli/scaffolding.js +0 -397
  831. package/dist/cli/scaffolding.js.map +0 -1
  832. package/dist/cli/sync-review-interactive.d.ts +0 -31
  833. package/dist/cli/sync-review-interactive.js +0 -393
  834. package/dist/cli/sync-review-interactive.js.map +0 -1
  835. package/dist/core/migration-runner.d.ts +0 -42
  836. package/dist/core/migration-runner.js +0 -232
  837. package/dist/core/migration-runner.js.map +0 -1
  838. package/dist/core/migration-types.d.ts +0 -101
  839. package/dist/core/migration-types.js +0 -21
  840. package/dist/core/migration-types.js.map +0 -1
  841. package/dist/core/migrations/20260219-formalize-memory-location.d.ts +0 -2
  842. package/dist/core/migrations/20260219-formalize-memory-location.js +0 -35
  843. package/dist/core/migrations/20260219-formalize-memory-location.js.map +0 -1
  844. package/dist/core/migrations/20260220-add-workspace-metadata.d.ts +0 -12
  845. package/dist/core/migrations/20260220-add-workspace-metadata.js +0 -65
  846. package/dist/core/migrations/20260220-add-workspace-metadata.js.map +0 -1
  847. package/dist/core/migrations/20260220-add-workspace-readme.d.ts +0 -11
  848. package/dist/core/migrations/20260220-add-workspace-readme.js +0 -82
  849. package/dist/core/migrations/20260220-add-workspace-readme.js.map +0 -1
  850. package/dist/core/migrations/20260220-migrate-yaml-to-json.d.ts +0 -9
  851. package/dist/core/migrations/20260220-migrate-yaml-to-json.js +0 -64
  852. package/dist/core/migrations/20260220-migrate-yaml-to-json.js.map +0 -1
  853. package/dist/core/migrations/index.d.ts +0 -11
  854. package/dist/core/migrations/index.js +0 -23
  855. package/dist/core/migrations/index.js.map +0 -1
  856. package/dist/integrations/asana.d.ts +0 -26
  857. package/dist/integrations/asana.js +0 -78
  858. package/dist/integrations/asana.js.map +0 -1
  859. package/dist/integrations/figma-local.d.ts +0 -16
  860. package/dist/integrations/figma-local.js +0 -10
  861. package/dist/integrations/figma-local.js.map +0 -1
  862. package/dist/integrations/figma.d.ts +0 -17
  863. package/dist/integrations/figma.js +0 -17
  864. package/dist/integrations/figma.js.map +0 -1
  865. package/dist/integrations/granola.d.ts +0 -24
  866. package/dist/integrations/granola.js +0 -60
  867. package/dist/integrations/granola.js.map +0 -1
  868. package/dist/integrations/linear.d.ts +0 -14
  869. package/dist/integrations/linear.js +0 -80
  870. package/dist/integrations/linear.js.map +0 -1
  871. package/dist/integrations/paper-local.d.ts +0 -14
  872. package/dist/integrations/paper-local.js +0 -10
  873. package/dist/integrations/paper-local.js.map +0 -1
  874. package/dist/integrations/paper.d.ts +0 -2
  875. package/dist/integrations/paper.js +0 -10
  876. package/dist/integrations/paper.js.map +0 -1
  877. package/dist/integrations/pipedrive.d.ts +0 -26
  878. package/dist/integrations/pipedrive.js +0 -97
  879. package/dist/integrations/pipedrive.js.map +0 -1
  880. package/dist/integrations/registry.d.ts +0 -15
  881. package/dist/integrations/registry.js +0 -27
  882. package/dist/integrations/registry.js.map +0 -1
  883. package/dist/integrations/types.d.ts +0 -38
  884. package/dist/integrations/types.js +0 -9
  885. package/dist/integrations/types.js.map +0 -1
  886. package/dist/lib/lib/utils.d.ts +0 -2
  887. package/dist/lib/lib/utils.js +0 -6
  888. package/dist/lib/lib/utils.js.map +0 -1
  889. package/dist/mcp/connectors/asana.d.ts +0 -2
  890. package/dist/mcp/connectors/asana.js +0 -20
  891. package/dist/mcp/connectors/asana.js.map +0 -1
  892. package/dist/mcp/connectors/definitions.d.ts +0 -45
  893. package/dist/mcp/connectors/definitions.js +0 -32
  894. package/dist/mcp/connectors/definitions.js.map +0 -1
  895. package/dist/mcp/connectors/figma.d.ts +0 -5
  896. package/dist/mcp/connectors/figma.js +0 -21
  897. package/dist/mcp/connectors/figma.js.map +0 -1
  898. package/dist/mcp/connectors/gdrive.d.ts +0 -2
  899. package/dist/mcp/connectors/gdrive.js +0 -20
  900. package/dist/mcp/connectors/gdrive.js.map +0 -1
  901. package/dist/mcp/connectors/granola.d.ts +0 -2
  902. package/dist/mcp/connectors/granola.js +0 -12
  903. package/dist/mcp/connectors/granola.js.map +0 -1
  904. package/dist/mcp/connectors/linear.d.ts +0 -2
  905. package/dist/mcp/connectors/linear.js +0 -19
  906. package/dist/mcp/connectors/linear.js.map +0 -1
  907. package/dist/mcp/connectors/obsidian.d.ts +0 -2
  908. package/dist/mcp/connectors/obsidian.js +0 -19
  909. package/dist/mcp/connectors/obsidian.js.map +0 -1
  910. package/dist/mcp/connectors/pipedrive.d.ts +0 -2
  911. package/dist/mcp/connectors/pipedrive.js +0 -20
  912. package/dist/mcp/connectors/pipedrive.js.map +0 -1
  913. package/dist/mcp/connectors/slack.d.ts +0 -2
  914. package/dist/mcp/connectors/slack.js +0 -21
  915. package/dist/mcp/connectors/slack.js.map +0 -1
  916. package/dist/mcp/server-oauth-provider.d.ts +0 -56
  917. package/dist/mcp/server-oauth-provider.js +0 -142
  918. package/dist/mcp/server-oauth-provider.js.map +0 -1
  919. package/dist/server/chrome/chrome.css +0 -691
  920. package/dist/server/chrome/chrome.js +0 -374
  921. package/dist/server/collab-authority.d.ts +0 -70
  922. package/dist/server/collab-authority.js +0 -218
  923. package/dist/server/collab-authority.js.map +0 -1
  924. package/dist/server/collab.d.ts +0 -29
  925. package/dist/server/collab.js +0 -195
  926. package/dist/server/collab.js.map +0 -1
  927. package/dist/server/commit-scheduler.d.ts +0 -39
  928. package/dist/server/commit-scheduler.js +0 -113
  929. package/dist/server/commit-scheduler.js.map +0 -1
  930. package/dist/server/plugin-loader.d.ts +0 -53
  931. package/dist/server/plugin-loader.js +0 -155
  932. package/dist/server/plugin-loader.js.map +0 -1
  933. package/dist/server/routes/collab.d.ts +0 -6
  934. package/dist/server/routes/collab.js +0 -10
  935. package/dist/server/routes/collab.js.map +0 -1
  936. package/dist/server/routes/git-api.d.ts +0 -9
  937. package/dist/server/routes/git-api.js +0 -82
  938. package/dist/server/routes/git-api.js.map +0 -1
  939. package/dist/server/routes/meeting-ingest-api.d.ts +0 -15
  940. package/dist/server/routes/meeting-ingest-api.js +0 -323
  941. package/dist/server/routes/meeting-ingest-api.js.map +0 -1
  942. package/dist/server/routes/sync-api.d.ts +0 -26
  943. package/dist/server/routes/sync-api.js +0 -814
  944. package/dist/server/routes/sync-api.js.map +0 -1
  945. package/dist/server/routes/webhook.d.ts +0 -14
  946. package/dist/server/routes/webhook.js +0 -102
  947. package/dist/server/routes/webhook.js.map +0 -1
  948. package/dist/services/github-provisioner.d.ts +0 -36
  949. package/dist/services/github-provisioner.js +0 -126
  950. package/dist/services/github-provisioner.js.map +0 -1
  951. package/dist/services/github-service.d.ts +0 -99
  952. package/dist/services/github-service.js +0 -310
  953. package/dist/services/github-service.js.map +0 -1
  954. package/dist/services/insights.d.ts +0 -38
  955. package/dist/services/insights.js +0 -246
  956. package/dist/services/insights.js.map +0 -1
  957. package/dist/services/sync/collection-sync.d.ts +0 -60
  958. package/dist/services/sync/collection-sync.js +0 -509
  959. package/dist/services/sync/collection-sync.js.map +0 -1
  960. package/dist/services/sync/commit.d.ts +0 -60
  961. package/dist/services/sync/commit.js +0 -354
  962. package/dist/services/sync/commit.js.map +0 -1
  963. package/dist/services/sync/context-index.d.ts +0 -69
  964. package/dist/services/sync/context-index.js +0 -280
  965. package/dist/services/sync/context-index.js.map +0 -1
  966. package/dist/services/sync/data-fetcher.d.ts +0 -31
  967. package/dist/services/sync/data-fetcher.js +0 -12
  968. package/dist/services/sync/data-fetcher.js.map +0 -1
  969. package/dist/services/sync/derive.d.ts +0 -34
  970. package/dist/services/sync/derive.js +0 -164
  971. package/dist/services/sync/derive.js.map +0 -1
  972. package/dist/services/sync/enrichment-state.d.ts +0 -31
  973. package/dist/services/sync/enrichment-state.js +0 -63
  974. package/dist/services/sync/enrichment-state.js.map +0 -1
  975. package/dist/services/sync/enrichment.d.ts +0 -25
  976. package/dist/services/sync/enrichment.js +0 -121
  977. package/dist/services/sync/enrichment.js.map +0 -1
  978. package/dist/services/sync/entity-refresh.d.ts +0 -30
  979. package/dist/services/sync/entity-refresh.js +0 -275
  980. package/dist/services/sync/entity-refresh.js.map +0 -1
  981. package/dist/services/sync/frontmatter-extractor.d.ts +0 -40
  982. package/dist/services/sync/frontmatter-extractor.js +0 -279
  983. package/dist/services/sync/frontmatter-extractor.js.map +0 -1
  984. package/dist/services/sync/graph-match-state.d.ts +0 -33
  985. package/dist/services/sync/graph-match-state.js +0 -61
  986. package/dist/services/sync/graph-match-state.js.map +0 -1
  987. package/dist/services/sync/graph-match.d.ts +0 -53
  988. package/dist/services/sync/graph-match.js +0 -316
  989. package/dist/services/sync/graph-match.js.map +0 -1
  990. package/dist/services/sync/graphrag-client.d.ts +0 -43
  991. package/dist/services/sync/graphrag-client.js +0 -94
  992. package/dist/services/sync/graphrag-client.js.map +0 -1
  993. package/dist/services/sync/graphrag-config.d.ts +0 -16
  994. package/dist/services/sync/graphrag-config.js +0 -39
  995. package/dist/services/sync/graphrag-config.js.map +0 -1
  996. package/dist/services/sync/graphrag-context.d.ts +0 -14
  997. package/dist/services/sync/graphrag-context.js +0 -109
  998. package/dist/services/sync/graphrag-context.js.map +0 -1
  999. package/dist/services/sync/graphrag-indexer.d.ts +0 -30
  1000. package/dist/services/sync/graphrag-indexer.js +0 -358
  1001. package/dist/services/sync/graphrag-indexer.js.map +0 -1
  1002. package/dist/services/sync/llm.d.ts +0 -32
  1003. package/dist/services/sync/llm.js +0 -115
  1004. package/dist/services/sync/llm.js.map +0 -1
  1005. package/dist/services/sync/mcp-client.d.ts +0 -71
  1006. package/dist/services/sync/mcp-client.js +0 -299
  1007. package/dist/services/sync/mcp-client.js.map +0 -1
  1008. package/dist/services/sync/model-factory.d.ts +0 -13
  1009. package/dist/services/sync/model-factory.js +0 -38
  1010. package/dist/services/sync/model-factory.js.map +0 -1
  1011. package/dist/services/sync/name-quality.d.ts +0 -31
  1012. package/dist/services/sync/name-quality.js +0 -60
  1013. package/dist/services/sync/name-quality.js.map +0 -1
  1014. package/dist/services/sync/output-schemas.d.ts +0 -92
  1015. package/dist/services/sync/output-schemas.js +0 -43
  1016. package/dist/services/sync/output-schemas.js.map +0 -1
  1017. package/dist/services/sync/prompts.d.ts +0 -19
  1018. package/dist/services/sync/prompts.js +0 -128
  1019. package/dist/services/sync/prompts.js.map +0 -1
  1020. package/dist/services/sync/reconciler.d.ts +0 -48
  1021. package/dist/services/sync/reconciler.js +0 -294
  1022. package/dist/services/sync/reconciler.js.map +0 -1
  1023. package/dist/services/sync/rest-client.d.ts +0 -40
  1024. package/dist/services/sync/rest-client.js +0 -100
  1025. package/dist/services/sync/rest-client.js.map +0 -1
  1026. package/dist/services/sync/source-config.d.ts +0 -67
  1027. package/dist/services/sync/source-config.js +0 -304
  1028. package/dist/services/sync/source-config.js.map +0 -1
  1029. package/dist/services/sync/source-definitions/asana.d.ts +0 -14
  1030. package/dist/services/sync/source-definitions/asana.js +0 -42
  1031. package/dist/services/sync/source-definitions/asana.js.map +0 -1
  1032. package/dist/services/sync/source-definitions/definitions.d.ts +0 -8
  1033. package/dist/services/sync/source-definitions/definitions.js +0 -8
  1034. package/dist/services/sync/source-definitions/definitions.js.map +0 -1
  1035. package/dist/services/sync/source-definitions/gdrive.d.ts +0 -16
  1036. package/dist/services/sync/source-definitions/gdrive.js +0 -68
  1037. package/dist/services/sync/source-definitions/gdrive.js.map +0 -1
  1038. package/dist/services/sync/source-definitions/granola.d.ts +0 -2
  1039. package/dist/services/sync/source-definitions/granola.js +0 -21
  1040. package/dist/services/sync/source-definitions/granola.js.map +0 -1
  1041. package/dist/services/sync/source-definitions/linear.d.ts +0 -2
  1042. package/dist/services/sync/source-definitions/linear.js +0 -62
  1043. package/dist/services/sync/source-definitions/linear.js.map +0 -1
  1044. package/dist/services/sync/source-definitions/obsidian.d.ts +0 -2
  1045. package/dist/services/sync/source-definitions/obsidian.js +0 -55
  1046. package/dist/services/sync/source-definitions/obsidian.js.map +0 -1
  1047. package/dist/services/sync/source-definitions/pipedrive.d.ts +0 -2
  1048. package/dist/services/sync/source-definitions/pipedrive.js +0 -43
  1049. package/dist/services/sync/source-definitions/pipedrive.js.map +0 -1
  1050. package/dist/services/sync/staging.d.ts +0 -53
  1051. package/dist/services/sync/staging.js +0 -130
  1052. package/dist/services/sync/staging.js.map +0 -1
  1053. package/dist/services/sync/structured-extractor.d.ts +0 -57
  1054. package/dist/services/sync/structured-extractor.js +0 -584
  1055. package/dist/services/sync/structured-extractor.js.map +0 -1
  1056. package/dist/services/sync/sync-runner.d.ts +0 -32
  1057. package/dist/services/sync/sync-runner.js +0 -195
  1058. package/dist/services/sync/sync-runner.js.map +0 -1
  1059. package/dist/services/sync/sync-state.d.ts +0 -43
  1060. package/dist/services/sync/sync-state.js +0 -154
  1061. package/dist/services/sync/sync-state.js.map +0 -1
  1062. package/dist/services/sync/types.d.ts +0 -381
  1063. package/dist/services/sync/types.js +0 -8
  1064. package/dist/services/sync/types.js.map +0 -1
  1065. package/dist/services/sync/unstructured-extractor.d.ts +0 -27
  1066. package/dist/services/sync/unstructured-extractor.js +0 -185
  1067. package/dist/services/sync/unstructured-extractor.js.map +0 -1
  1068. package/dist/utils/merge-resolver.d.ts +0 -59
  1069. package/dist/utils/merge-resolver.js +0 -303
  1070. package/dist/utils/merge-resolver.js.map +0 -1
  1071. package/dist/utils/workspace-config.d.ts +0 -8
  1072. package/dist/utils/workspace-config.js +0 -22
  1073. package/dist/utils/workspace-config.js.map +0 -1
  1074. package/dist/web/_app/immutable/assets/0.DdizXOKi.css +0 -1
  1075. package/dist/web/_app/immutable/assets/10.BUrHkYry.css +0 -1
  1076. package/dist/web/_app/immutable/assets/2.n7-yW_Fs.css +0 -1
  1077. package/dist/web/_app/immutable/assets/3.BtaZagnv.css +0 -1
  1078. package/dist/web/_app/immutable/assets/4.DT7X0x5S.css +0 -1
  1079. package/dist/web/_app/immutable/assets/5.DFeGxLYf.css +0 -1
  1080. package/dist/web/_app/immutable/assets/6.CquhUpOu.css +0 -1
  1081. package/dist/web/_app/immutable/assets/7.CjbDRbuG.css +0 -1
  1082. package/dist/web/_app/immutable/assets/8.S1QdUGNM.css +0 -1
  1083. package/dist/web/_app/immutable/assets/9.CT4xL4K3.css +0 -1
  1084. package/dist/web/_app/immutable/assets/Copy.FS8bdfxr.css +0 -1
  1085. package/dist/web/_app/immutable/assets/Toaster.rN8r_Hzv.css +0 -1
  1086. package/dist/web/_app/immutable/assets/ViewToolbar.D-QW2oKe.css +0 -1
  1087. package/dist/web/_app/immutable/assets/index.D6tMDJWk.css +0 -1
  1088. package/dist/web/_app/immutable/chunks/-iaeBIWN.js +0 -1
  1089. package/dist/web/_app/immutable/chunks/37NdyH6G.js +0 -32
  1090. package/dist/web/_app/immutable/chunks/4Hhzb6pv.js +0 -1
  1091. package/dist/web/_app/immutable/chunks/72bZS3G9.js +0 -1
  1092. package/dist/web/_app/immutable/chunks/7S2LGqoP.js +0 -2
  1093. package/dist/web/_app/immutable/chunks/B340SUKR.js +0 -1
  1094. package/dist/web/_app/immutable/chunks/B3Z4_Sps.js +0 -1
  1095. package/dist/web/_app/immutable/chunks/BB_5th5W.js +0 -3383
  1096. package/dist/web/_app/immutable/chunks/BPWYOQXG.js +0 -1
  1097. package/dist/web/_app/immutable/chunks/BR77jbfR.js +0 -1
  1098. package/dist/web/_app/immutable/chunks/BS2rFAVq.js +0 -1
  1099. package/dist/web/_app/immutable/chunks/BSsDC_p4.js +0 -1
  1100. package/dist/web/_app/immutable/chunks/BTX2Jr8_.js +0 -1
  1101. package/dist/web/_app/immutable/chunks/Bq_KShUL.js +0 -4
  1102. package/dist/web/_app/immutable/chunks/Bsacq2UX.js +0 -1
  1103. package/dist/web/_app/immutable/chunks/ByunV8un.js +0 -1
  1104. package/dist/web/_app/immutable/chunks/BzPu-Eht.js +0 -1
  1105. package/dist/web/_app/immutable/chunks/C7VoTosa.js +0 -2
  1106. package/dist/web/_app/immutable/chunks/CDV5Q7RN.js +0 -1
  1107. package/dist/web/_app/immutable/chunks/CGc1sIb_.js +0 -1
  1108. package/dist/web/_app/immutable/chunks/CJ8__CWt.js +0 -1
  1109. package/dist/web/_app/immutable/chunks/CJUKmosC.js +0 -5
  1110. package/dist/web/_app/immutable/chunks/CSVbGg_b.js +0 -5
  1111. package/dist/web/_app/immutable/chunks/CT6oIU-C.js +0 -1
  1112. package/dist/web/_app/immutable/chunks/CTRxNfZk.js +0 -1
  1113. package/dist/web/_app/immutable/chunks/CWQRQXxy.js +0 -1
  1114. package/dist/web/_app/immutable/chunks/CX87mIM8.js +0 -1
  1115. package/dist/web/_app/immutable/chunks/CXH6iFbA.js +0 -1
  1116. package/dist/web/_app/immutable/chunks/CX_61fY8.js +0 -5
  1117. package/dist/web/_app/immutable/chunks/CYrVHOHA.js +0 -1
  1118. package/dist/web/_app/immutable/chunks/CdeYcEuU.js +0 -1
  1119. package/dist/web/_app/immutable/chunks/CmCtpZ1Y.js +0 -1
  1120. package/dist/web/_app/immutable/chunks/Cpsr8-Xy.js +0 -1
  1121. package/dist/web/_app/immutable/chunks/CqkleIqs.js +0 -1
  1122. package/dist/web/_app/immutable/chunks/CrdV0ttd.js +0 -1
  1123. package/dist/web/_app/immutable/chunks/CscoF-YL.js +0 -18
  1124. package/dist/web/_app/immutable/chunks/Cx4YdFMk.js +0 -1
  1125. package/dist/web/_app/immutable/chunks/D7ZqAKi9.js +0 -3
  1126. package/dist/web/_app/immutable/chunks/DGbA7IXh.js +0 -2
  1127. package/dist/web/_app/immutable/chunks/DTZE-yoq.js +0 -2
  1128. package/dist/web/_app/immutable/chunks/DbbB6Up5.js +0 -1
  1129. package/dist/web/_app/immutable/chunks/DnL9f0lc.js +0 -7
  1130. package/dist/web/_app/immutable/chunks/DtM5cEDu.js +0 -1
  1131. package/dist/web/_app/immutable/chunks/Eqahi7_S.js +0 -2
  1132. package/dist/web/_app/immutable/chunks/O9Eb9k00.js +0 -1
  1133. package/dist/web/_app/immutable/chunks/PPVm8Dsz.js +0 -1
  1134. package/dist/web/_app/immutable/chunks/QF8MAmnc.js +0 -1
  1135. package/dist/web/_app/immutable/chunks/UjzxCpxn.js +0 -1
  1136. package/dist/web/_app/immutable/chunks/WSUKABI_.js +0 -1
  1137. package/dist/web/_app/immutable/chunks/Y90OgS-9.js +0 -1
  1138. package/dist/web/_app/immutable/chunks/cLyZlkXv.js +0 -1
  1139. package/dist/web/_app/immutable/chunks/iDtAARVW.js +0 -2
  1140. package/dist/web/_app/immutable/chunks/oC_W7W7p.js +0 -1
  1141. package/dist/web/_app/immutable/chunks/rJdWIgh-.js +0 -1
  1142. package/dist/web/_app/immutable/chunks/tvOsokaa.js +0 -1
  1143. package/dist/web/_app/immutable/chunks/uLEXaPwE.js +0 -1
  1144. package/dist/web/_app/immutable/chunks/vSaooFHB.js +0 -1
  1145. package/dist/web/_app/immutable/entry/app.BeUKh4sD.js +0 -2
  1146. package/dist/web/_app/immutable/entry/start.CZJnFuQn.js +0 -1
  1147. package/dist/web/_app/immutable/nodes/0.DyF_RsLg.js +0 -2
  1148. package/dist/web/_app/immutable/nodes/1.7iDQmMPh.js +0 -1
  1149. package/dist/web/_app/immutable/nodes/10.Btl8d8HT.js +0 -1
  1150. package/dist/web/_app/immutable/nodes/2.LDRE62jN.js +0 -168
  1151. package/dist/web/_app/immutable/nodes/3.BaW1XB1x.js +0 -1
  1152. package/dist/web/_app/immutable/nodes/4.D0Q8kpkI.js +0 -12
  1153. package/dist/web/_app/immutable/nodes/5.n7j2UG9h.js +0 -4
  1154. package/dist/web/_app/immutable/nodes/6.DQYxR0iy.js +0 -2
  1155. package/dist/web/_app/immutable/nodes/7.BsURvFAp.js +0 -2
  1156. package/dist/web/_app/immutable/nodes/8.CsiErG0p.js +0 -1
  1157. package/dist/web/_app/immutable/nodes/9.CnN6OZgC.js +0 -1
@@ -3,6 +3,14 @@
3
3
  *
4
4
  * Login, logout, session verification, and auth status endpoints.
5
5
  */
6
+ import { createHmac, timingSafeEqual } from 'node:crypto';
7
+ import { isWorkspaceOwner } from '../../services/auth-service.js';
8
+ import { Workspace } from '../../core/workspace.js';
9
+ import { ensurePersonalFolder, archivePersonalFolder } from '../../services/personal-folder.js';
10
+ import { ensureWorkspaceAssetsFolder } from '../../services/workspace-assets-folder.js';
11
+ import { authUserToGitUser, ensurePersonForUser, findPersonRefForUser, linkChosenPersonToUser, BridgeError } from '../../services/user-person-bridge.js';
12
+ import * as access from '../../services/access-control.js';
13
+ import { safeReturnTo } from './oauth-api.js';
6
14
  // ── Login rate limiting ──
7
15
  const MAX_ATTEMPTS = 5;
8
16
  const LOCKOUT_MS = 15 * 60 * 1000; // 15 minutes
@@ -35,35 +43,237 @@ export function recordFailedAttempt(email) {
35
43
  export function clearAttempts(email) {
36
44
  loginAttempts.delete(email.toLowerCase());
37
45
  }
38
- function requireAdmin(req, authService) {
46
+ function requireOwner(req, authService) {
39
47
  const token = req.cookies?.['__sg_token'];
40
48
  if (!token)
41
49
  return null;
42
50
  const user = authService.verifyToken(token);
43
- if (!user || user.role !== 'admin')
51
+ if (!user || !isWorkspaceOwner(user.role))
44
52
  return null;
45
53
  return user;
46
54
  }
47
- export async function registerAuthApiRoutes(fastify, authService, workspaceName) {
55
+ /**
56
+ * Resolve the caller to an AuthUser. The global auth hook skips /api/auth/*
57
+ * so endpoints that need identity (like the token CRUD routes below) must
58
+ * look up credentials themselves.
59
+ *
60
+ * Accepted forms:
61
+ * - Cookie `__sg_token=<jwt>` (web UI)
62
+ * - `Authorization: Bearer <jwt>` (CLI with stored JWT)
63
+ * - `Authorization: Bearer <sg_…>` (CLI with API token)
64
+ *
65
+ * Mirrors the precedence the main API middleware uses elsewhere
66
+ * (src/server/index.ts) — needed so CLI commands like
67
+ * `studiograph admin transfer-ownership` can call /api/auth/* endpoints
68
+ * using the same Bearer sg_ token they use everywhere else.
69
+ */
70
+ function requireUser(req, authService) {
71
+ const cookieToken = req.cookies?.['__sg_token'];
72
+ if (cookieToken) {
73
+ const user = authService.verifyToken(cookieToken);
74
+ if (user)
75
+ return user;
76
+ }
77
+ const authHeader = req.headers?.authorization;
78
+ if (authHeader?.startsWith('Bearer ')) {
79
+ const bearer = authHeader.slice('Bearer '.length).trim();
80
+ if (bearer.startsWith('sg_')) {
81
+ return authService.verifyApiToken(bearer);
82
+ }
83
+ // Treat anything else as a JWT — verifyToken returns null on invalid input.
84
+ return authService.verifyToken(bearer);
85
+ }
86
+ return null;
87
+ }
88
+ function managedCloudAuthConfig() {
89
+ return {
90
+ enabled: parseBoolean(process.env.STUDIOGRAPH_MANAGED_AUTH),
91
+ cloudUrl: process.env.STUDIOGRAPH_CLOUD_URL?.trim() ?? '',
92
+ orgId: process.env.STUDIOGRAPH_CLOUD_ORG_ID?.trim() ?? '',
93
+ workspaceId: process.env.STUDIOGRAPH_CLOUD_WORKSPACE_ID?.trim() ?? '',
94
+ token: process.env.STUDIOGRAPH_CLOUD_TOKEN?.trim() ?? '',
95
+ };
96
+ }
97
+ function managedCloudLoginUrl(config) {
98
+ if (!config.cloudUrl || !config.orgId || !config.workspaceId)
99
+ return null;
100
+ const url = new URL('/auth/workspace', config.cloudUrl);
101
+ url.searchParams.set('orgId', config.orgId);
102
+ url.searchParams.set('workspaceId', config.workspaceId);
103
+ return url.toString();
104
+ }
105
+ function managedCloudLogoutUrl(config, returnTo) {
106
+ if (!config.cloudUrl)
107
+ return null;
108
+ const url = new URL('/auth/logout', config.cloudUrl);
109
+ if (returnTo)
110
+ url.searchParams.set('returnTo', returnTo);
111
+ return url.toString();
112
+ }
113
+ function requestOrigin(req) {
114
+ const rawHost = req.headers?.['x-forwarded-host'] ?? req.headers?.host;
115
+ const host = Array.isArray(rawHost) ? rawHost[0] : rawHost;
116
+ if (!host)
117
+ return null;
118
+ const rawProto = req.headers?.['x-forwarded-proto'];
119
+ const forwardedProto = Array.isArray(rawProto) ? rawProto[0] : rawProto;
120
+ const proto = typeof forwardedProto === 'string' && forwardedProto.trim()
121
+ ? forwardedProto.split(',')[0].trim()
122
+ : 'http';
123
+ return `${proto}://${host}`;
124
+ }
125
+ function managedLogoutReturnTo(req) {
126
+ const origin = requestOrigin(req);
127
+ if (!origin)
128
+ return null;
129
+ const url = new URL('/login', origin);
130
+ url.searchParams.set('managedLogout', '1');
131
+ return url.toString();
132
+ }
133
+ function verifyCloudLoginToken(token, secret) {
134
+ const [payloadPart, signaturePart] = token.split('.');
135
+ if (!payloadPart || !signaturePart || token.split('.').length !== 2) {
136
+ throw new Error('Malformed login token');
137
+ }
138
+ const expected = hmacBase64Url(payloadPart, secret);
139
+ if (!constantTimeEqual(signaturePart, expected)) {
140
+ throw new Error('Invalid login token signature');
141
+ }
142
+ const claims = JSON.parse(Buffer.from(payloadPart, 'base64url').toString('utf8'));
143
+ if (claims.iss !== 'studiograph-cloud' || claims.aud !== 'studiograph-runtime') {
144
+ throw new Error('Invalid login token audience');
145
+ }
146
+ if (!claims.orgId || !claims.workspaceId || !claims.userId || !claims.email || !claims.displayName || !claims.role) {
147
+ throw new Error('Incomplete login token');
148
+ }
149
+ if (!['owner', 'admin', 'member'].includes(claims.role)) {
150
+ throw new Error('Invalid login token role');
151
+ }
152
+ const now = Math.floor(Date.now() / 1000);
153
+ if (typeof claims.exp !== 'number' || claims.exp < now) {
154
+ throw new Error('Login token has expired');
155
+ }
156
+ if (typeof claims.iat !== 'number' || claims.iat > now + 60) {
157
+ throw new Error('Login token was issued in the future');
158
+ }
159
+ return claims;
160
+ }
161
+ function runtimeRoleForCloudRole(cloudRole, existing, authService) {
162
+ if (existing?.role === 'owner')
163
+ return 'owner';
164
+ if (cloudRole === 'owner')
165
+ return 'owner';
166
+ if (!authService.getOwner() && cloudRole === 'admin')
167
+ return 'owner';
168
+ return 'member';
169
+ }
170
+ function grantManagedWorkspaceAccess(authService, workspaceManager, user, cloudRole) {
171
+ const folderRole = cloudRole === 'owner' || cloudRole === 'admin' ? 'admin' : 'editor';
172
+ for (const repo of workspaceManager.getAllRepoConfigs()) {
173
+ if (repo.personal)
174
+ continue;
175
+ const currentRole = authService.getFolderRole(user.id, repo.name);
176
+ if (currentRole === 'admin')
177
+ continue;
178
+ if (currentRole !== folderRole)
179
+ authService.grantFolderAccess(user.id, repo.name, folderRole);
180
+ }
181
+ }
182
+ function hmacBase64Url(value, secret) {
183
+ return createHmac('sha256', secret).update(value).digest('base64url');
184
+ }
185
+ function constantTimeEqual(a, b) {
186
+ const left = Buffer.from(a);
187
+ const right = Buffer.from(b);
188
+ return left.length === right.length && timingSafeEqual(left, right);
189
+ }
190
+ function parseBoolean(value) {
191
+ if (!value)
192
+ return false;
193
+ return ['1', 'true', 'yes', 'on'].includes(value.trim().toLowerCase());
194
+ }
195
+ export async function registerAuthApiRoutes(fastify, authService, workspacePath, workspaceManager, workspaceName) {
196
+ fastify.get('/api/cloud/auth/callback', async (req, reply) => {
197
+ const config = managedCloudAuthConfig();
198
+ if (!config.enabled)
199
+ return reply.status(404).send({ error: 'Managed cloud auth is not enabled' });
200
+ if (!config.token || !config.workspaceId) {
201
+ return reply.status(503).send({ error: 'Managed cloud auth is not configured' });
202
+ }
203
+ const { token } = req.query;
204
+ if (!token)
205
+ return reply.status(400).send({ error: 'Missing login token' });
206
+ try {
207
+ const claims = verifyCloudLoginToken(token, config.token);
208
+ if (claims.workspaceId !== config.workspaceId) {
209
+ return reply.status(403).send({ error: 'Login token was issued for a different workspace' });
210
+ }
211
+ if (config.orgId && claims.orgId !== config.orgId) {
212
+ return reply.status(403).send({ error: 'Login token was issued for a different organization' });
213
+ }
214
+ const existing = authService.findUserByEmail(claims.email);
215
+ const runtimeRole = runtimeRoleForCloudRole(claims.role, existing, authService);
216
+ const user = authService.upsertCloudManagedUser({
217
+ email: claims.email,
218
+ displayName: claims.displayName,
219
+ role: runtimeRole,
220
+ });
221
+ await ensurePersonalFolder(new Workspace(workspacePath), authService, user);
222
+ grantManagedWorkspaceAccess(authService, workspaceManager, user, claims.role);
223
+ workspaceManager.reloadConfig();
224
+ // No person auto-provisioning here: task assignment + "My Tasks" key on the
225
+ // account identity (`[[user:<id>]]`), so a person entity is optional and
226
+ // never a precondition. Users add a profile explicitly from Settings → Profile.
227
+ const secure = req.headers['x-forwarded-proto'] === 'https';
228
+ reply.setCookie('__sg_token', authService.createSessionToken(user), {
229
+ path: '/',
230
+ httpOnly: true,
231
+ sameSite: 'lax',
232
+ secure,
233
+ maxAge: 7 * 24 * 60 * 60,
234
+ });
235
+ // Honor a returnTo echoed back through the cloud round-trip (used by the
236
+ // OAuth authorize → /login bounce so consent resumes after cloud auth).
237
+ // safeReturnTo enforces same-origin: root-relative path only, rejecting
238
+ // absolute/protocol-relative URLs, backslash-normalized off-origin, and
239
+ // control chars.
240
+ const returnTo = safeReturnTo(req.query.returnTo);
241
+ return reply.redirect(returnTo);
242
+ }
243
+ catch (err) {
244
+ return reply.status(401).send({ error: err?.message || 'Invalid login token' });
245
+ }
246
+ });
48
247
  // ── Admin user management ──
49
- // GET /api/auth/users — list all users (admin only)
248
+ // GET /api/auth/users — list all users. Any authenticated caller: folder
249
+ // admins need this to populate the share-dialog "Add members" candidates,
250
+ // and the comment @-mention surface needs the same shape.
251
+ // Mutating endpoints below (POST/DELETE/PATCH) stay owner-only.
50
252
  fastify.get('/api/auth/users', async (req, reply) => {
51
- const admin = requireAdmin(req, authService);
52
- if (!admin)
53
- return reply.status(403).send({ error: 'Admin access required' });
253
+ const user = requireUser(req, authService);
254
+ if (!user)
255
+ return reply.status(401).send({ error: 'Authentication required' });
54
256
  return reply.send({ users: authService.listUsers() });
55
257
  });
56
258
  // POST /api/auth/users — create a new user (admin only)
57
259
  fastify.post('/api/auth/users', async (req, reply) => {
58
- const admin = requireAdmin(req, authService);
260
+ const admin = requireOwner(req, authService);
59
261
  if (!admin)
60
- return reply.status(403).send({ error: 'Admin access required' });
262
+ return reply.status(403).send({ error: 'Workspace owner access required' });
61
263
  const { email, password, displayName, role } = req.body;
62
264
  if (!email || !password) {
63
265
  return reply.status(400).send({ error: 'Email and password are required' });
64
266
  }
267
+ if (role && role !== 'owner' && role !== 'member') {
268
+ return reply.status(400).send({ error: `Invalid role "${role}" — must be "owner" or "member"` });
269
+ }
65
270
  try {
66
271
  const user = authService.createUser(email, password, displayName || email.split('@')[0], role || 'member');
272
+ await ensurePersonalFolder(new Workspace(workspacePath), authService, user);
273
+ workspaceManager.reloadConfig();
274
+ // No person auto-provisioning: assignment + "My Tasks" key on the account
275
+ // identity (`[[user:<id>]]`), so a person entity is optional. Users add a
276
+ // profile to the graph explicitly from Settings → Profile.
67
277
  return reply.send({ user });
68
278
  }
69
279
  catch (err) {
@@ -72,9 +282,9 @@ export async function registerAuthApiRoutes(fastify, authService, workspaceName)
72
282
  });
73
283
  // DELETE /api/auth/users/:id — delete a user (admin only, cannot delete self or last admin)
74
284
  fastify.delete('/api/auth/users/:id', async (req, reply) => {
75
- const admin = requireAdmin(req, authService);
285
+ const admin = requireOwner(req, authService);
76
286
  if (!admin)
77
- return reply.status(403).send({ error: 'Admin access required' });
287
+ return reply.status(403).send({ error: 'Workspace owner access required' });
78
288
  const userId = parseInt(req.params.id, 10);
79
289
  if (isNaN(userId))
80
290
  return reply.status(400).send({ error: 'Invalid user ID' });
@@ -84,17 +294,111 @@ export async function registerAuthApiRoutes(fastify, authService, workspaceName)
84
294
  const target = users.find(u => u.id === userId);
85
295
  if (!target)
86
296
  return reply.status(404).send({ error: 'User not found' });
87
- if (target.role === 'admin' && users.filter(u => u.role === 'admin').length <= 1) {
88
- return reply.status(400).send({ error: 'Cannot delete the last admin' });
297
+ if (target.role === 'owner' && users.filter(u => u.role === 'owner').length <= 1) {
298
+ return reply.status(400).send({ error: 'Cannot delete the last workspace owner. Transfer ownership first.' });
299
+ }
300
+ // Transfer folders the target solely administers to the actor
301
+ // (the workspace owner performing this deletion) BEFORE the cascade
302
+ // delete — otherwise folder_access rows for those folders disappear
303
+ // and the folder is left with no admins.
304
+ //
305
+ // Personal folders (the target's "My Folder") are a sub-case: they
306
+ // transfer the same way, then get demoted to normal archive folders
307
+ // so the one-personal-folder-per-user invariant holds and the actor
308
+ // ends up with a plainly-named folder they own outright.
309
+ const workspace = new Workspace(workspacePath);
310
+ const preConfig = await workspace.loadConfig();
311
+ const targetPersonalFolders = preConfig.repos.filter(r => r.personal === true && r.owner_id === target.id);
312
+ const personalEntryCounts = new Map();
313
+ for (const p of targetPersonalFolders) {
314
+ try {
315
+ personalEntryCounts.set(p.name, workspaceManager.getGraph(p.name).listEntityIds().length);
316
+ }
317
+ catch {
318
+ personalEntryCounts.set(p.name, 0);
319
+ }
320
+ }
321
+ const transferred = authService.transferFoldersOnDelete(target.id, admin.id);
322
+ // Capture the old name upfront: archivePersonalFolder mutates the
323
+ // RepoConfig in place (name/path change), so reading `p.name` after
324
+ // the await would return the new archive name.
325
+ const archived = [];
326
+ for (const p of targetPersonalFolders) {
327
+ const oldName = p.name;
328
+ if (!transferred.includes(oldName))
329
+ continue;
330
+ const { newName, newDisplayName } = await archivePersonalFolder(workspace, oldName, target.displayName, authService);
331
+ archived.push({
332
+ oldName,
333
+ newName,
334
+ newDisplayName,
335
+ entryCount: personalEntryCounts.get(oldName) ?? 0,
336
+ });
89
337
  }
90
338
  authService.deleteUser(target.email);
91
- return reply.send({ ok: true });
339
+ if (archived.length > 0)
340
+ workspaceManager.reloadConfig();
341
+ return reply.send({ ok: true, transferred, archived });
342
+ });
343
+ // GET /api/auth/users/:id/deletion-preview — show the actor what
344
+ // will transfer if they delete this user. Owner-gated. Returns entry
345
+ // counts and archive names so the confirmation UI can set expectations
346
+ // WITHOUT exposing the contents of the target's private folder. The
347
+ // preview is advisory; the DELETE endpoint is the source of truth.
348
+ fastify.get('/api/auth/users/:id/deletion-preview', async (req, reply) => {
349
+ const admin = requireOwner(req, authService);
350
+ if (!admin)
351
+ return reply.status(403).send({ error: 'Workspace owner access required' });
352
+ const userId = parseInt(req.params.id, 10);
353
+ if (isNaN(userId))
354
+ return reply.status(400).send({ error: 'Invalid user ID' });
355
+ if (admin.id === userId)
356
+ return reply.status(400).send({ error: 'Cannot preview deleting yourself' });
357
+ const target = authService.listUsers().find(u => u.id === userId);
358
+ if (!target)
359
+ return reply.status(404).send({ error: 'User not found' });
360
+ const workspace = new Workspace(workspacePath);
361
+ const config = await workspace.loadConfig();
362
+ // Mirror transferFoldersOnDelete's sole-admin rule so the preview
363
+ // matches the real delete. Personal folders are 1-member by nature,
364
+ // so they always qualify.
365
+ const targetAdminFolders = authService.getUserFolders(target.id)
366
+ .filter(f => authService.getFolderRole(target.id, f) === 'admin');
367
+ const soleAdminFolders = targetAdminFolders.filter(f => authService.getFolderAdmins(f).length === 1);
368
+ const date = new Date().toISOString().slice(0, 10);
369
+ const personalFolders = config.repos.filter(r => r.personal === true && r.owner_id === target.id && soleAdminFolders.includes(r.name));
370
+ const sharedSoleAdmin = soleAdminFolders.filter(f => !personalFolders.some(p => p.name === f));
371
+ const personal = personalFolders.map(p => {
372
+ let entryCount = 0;
373
+ try {
374
+ entryCount = workspaceManager.getGraph(p.name).listEntityIds().length;
375
+ }
376
+ catch { /* skip */ }
377
+ return {
378
+ entryCount,
379
+ newDisplayName: `Archive: ${target.displayName} (${date})`,
380
+ };
381
+ });
382
+ const shared = sharedSoleAdmin.map(f => {
383
+ const repo = config.repos.find(r => r.name === f);
384
+ let entryCount = 0;
385
+ try {
386
+ entryCount = workspaceManager.getGraph(f).listEntityIds().length;
387
+ }
388
+ catch { /* skip */ }
389
+ return {
390
+ name: f,
391
+ displayName: repo?.display_name ?? f,
392
+ entryCount,
393
+ };
394
+ });
395
+ return reply.send({ personal, shared });
92
396
  });
93
397
  // PATCH /api/auth/users/:id/password — reset a user's password (admin only)
94
398
  fastify.patch('/api/auth/users/:id/password', async (req, reply) => {
95
- const admin = requireAdmin(req, authService);
399
+ const admin = requireOwner(req, authService);
96
400
  if (!admin)
97
- return reply.status(403).send({ error: 'Admin access required' });
401
+ return reply.status(403).send({ error: 'Workspace owner access required' });
98
402
  const userId = parseInt(req.params.id, 10);
99
403
  if (isNaN(userId))
100
404
  return reply.status(400).send({ error: 'Invalid user ID' });
@@ -113,23 +417,116 @@ export async function registerAuthApiRoutes(fastify, authService, workspaceName)
113
417
  return reply.status(400).send({ error: err.message });
114
418
  }
115
419
  });
116
- // POST /api/auth/api-key/regenerateregenerate workspace API key (admin only)
117
- fastify.post('/api/auth/api-key/regenerate', async (req, reply) => {
118
- const admin = requireAdmin(req, authService);
420
+ // PATCH /api/auth/users/:idupdate a member's profile (owner only).
421
+ // Currently accepts `email` and `displayName`; mirrors the existing
422
+ // password-reset pattern (owner-gated, no user notification).
423
+ fastify.patch('/api/auth/users/:id', async (req, reply) => {
424
+ const admin = requireOwner(req, authService);
119
425
  if (!admin)
120
- return reply.status(403).send({ error: 'Admin access required' });
121
- const newKey = authService.regenerateApiKey();
122
- return reply.send({ apiKey: newKey });
426
+ return reply.status(403).send({ error: 'Workspace owner access required' });
427
+ const userId = parseInt(req.params.id, 10);
428
+ if (isNaN(userId))
429
+ return reply.status(400).send({ error: 'Invalid user ID' });
430
+ const { email, displayName } = req.body;
431
+ if (email === undefined && displayName === undefined) {
432
+ return reply.status(400).send({ error: 'Nothing to update' });
433
+ }
434
+ if (email !== undefined) {
435
+ const normalized = email.toLowerCase().trim();
436
+ if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(normalized)) {
437
+ return reply.status(400).send({ error: 'Invalid email address' });
438
+ }
439
+ }
440
+ const target = authService.findUserById(userId);
441
+ if (!target)
442
+ return reply.status(404).send({ error: 'User not found' });
443
+ try {
444
+ const updated = authService.updateProfile(userId, { email, displayName });
445
+ return reply.send({ user: updated });
446
+ }
447
+ catch (err) {
448
+ // SQLite raises a UNIQUE constraint error on duplicate email.
449
+ if (String(err?.message ?? '').includes('UNIQUE')) {
450
+ return reply.status(409).send({ error: 'That email is already in use' });
451
+ }
452
+ return reply.status(400).send({ error: err.message });
453
+ }
454
+ });
455
+ // ── Per-user API tokens (used by MCP clients, CLI, and git HTTP) ──
456
+ // POST /api/auth/tokens — mint a new token for the authenticated user.
457
+ // Body: { name: string }. Returns the raw token once; only its hash is stored.
458
+ fastify.post('/api/auth/tokens', async (req, reply) => {
459
+ const user = requireUser(req, authService);
460
+ if (!user)
461
+ return reply.status(401).send({ error: 'Unauthorized' });
462
+ const { name } = (req.body ?? {});
463
+ if (!name || !name.trim()) {
464
+ return reply.status(400).send({ error: 'name is required' });
465
+ }
466
+ try {
467
+ const minted = authService.createApiToken(user.id, name);
468
+ return reply.status(201).send(minted);
469
+ }
470
+ catch (err) {
471
+ return reply.status(400).send({ error: err.message });
472
+ }
473
+ });
474
+ // GET /api/auth/tokens — list the authenticated user's tokens (metadata only).
475
+ fastify.get('/api/auth/tokens', async (req, reply) => {
476
+ const user = requireUser(req, authService);
477
+ if (!user)
478
+ return reply.status(401).send({ error: 'Unauthorized' });
479
+ return reply.send({ tokens: authService.listApiTokens(user.id) });
480
+ });
481
+ // DELETE /api/auth/tokens/:id — revoke one of the user's own tokens.
482
+ fastify.delete('/api/auth/tokens/:id', async (req, reply) => {
483
+ const user = requireUser(req, authService);
484
+ if (!user)
485
+ return reply.status(401).send({ error: 'Unauthorized' });
486
+ const tokenId = parseInt(req.params.id, 10);
487
+ if (isNaN(tokenId))
488
+ return reply.status(400).send({ error: 'Invalid token id' });
489
+ const ok = authService.revokeApiToken(tokenId, user.id);
490
+ if (!ok)
491
+ return reply.status(404).send({ error: 'Token not found' });
492
+ return reply.send({ ok: true });
123
493
  });
124
494
  // GET /api/auth/seed — export auth seed data (admin only, for remote pull)
495
+ // Phase 3: sanitized via the same registry-driven helper as
496
+ // /api/config/bundle. jwtSecret + deprecated apiKey are dropped before
497
+ // the response leaves the trust boundary.
125
498
  fastify.get('/api/auth/seed', async (req, reply) => {
126
- const admin = requireAdmin(req, authService);
499
+ const admin = requireOwner(req, authService);
127
500
  if (!admin)
128
- return reply.status(403).send({ error: 'Admin access required' });
129
- return reply.send(authService.getSeedData());
501
+ return reply.status(403).send({ error: 'Workspace owner access required' });
502
+ const { sanitizeAuthSeed } = await import('../../core/secrets/bundle.js');
503
+ return reply.send(sanitizeAuthSeed(authService.getSeedData()));
504
+ });
505
+ // POST /api/auth/transfer-ownership — transfer ownership to another user (owner only).
506
+ // Accepts cookie OR Bearer sg_ token via requireUser (the CLI calls this
507
+ // through `studiograph admin transfer-ownership`).
508
+ fastify.post('/api/auth/transfer-ownership', async (req, reply) => {
509
+ const user = requireUser(req, authService);
510
+ if (!user)
511
+ return reply.status(401).send({ error: 'Unauthorized' });
512
+ if (user.role !== 'owner')
513
+ return reply.status(403).send({ error: 'Only the workspace owner can transfer ownership' });
514
+ const { targetUserId } = req.body;
515
+ if (!targetUserId)
516
+ return reply.status(400).send({ error: 'targetUserId is required' });
517
+ try {
518
+ authService.transferOwnership(user.id, targetUserId);
519
+ return reply.send({ ok: true });
520
+ }
521
+ catch (err) {
522
+ return reply.status(400).send({ error: err.message });
523
+ }
130
524
  });
131
525
  // POST /api/auth/login — authenticate and set session cookie
132
526
  fastify.post('/api/auth/login', async (req, reply) => {
527
+ if (managedCloudAuthConfig().enabled) {
528
+ return reply.status(403).send({ error: 'Use Studiograph Cloud to sign in to this managed workspace' });
529
+ }
133
530
  const { email, password } = req.body;
134
531
  if (!email || !password) {
135
532
  return reply.status(400).send({ error: 'Email and password are required' });
@@ -150,13 +547,17 @@ export async function registerAuthApiRoutes(fastify, authService, workspaceName)
150
547
  reply.setCookie('__sg_token', result.token, {
151
548
  path: '/',
152
549
  httpOnly: true,
153
- sameSite: 'strict',
550
+ // Lax (not Strict): sent on top-level GET navigations initiated cross-site
551
+ // — e.g. the OAuth /oauth/authorize redirect from Claude's connector — so an
552
+ // already-logged-in user isn't bounced to a redundant login. Still withheld
553
+ // on cross-site POSTs/subresources (the CSRF-dangerous cases).
554
+ sameSite: 'lax',
154
555
  secure,
155
556
  maxAge: 7 * 24 * 60 * 60, // 7 days
156
557
  });
157
558
  // Include the token in the response body when requested via
158
- // X-Return-Token header (used by Chrome extension and other
159
- // API clients that can't use cookies across origins).
559
+ // X-Return-Token header for API clients that can't use cookies
560
+ // across origins.
160
561
  const returnToken = req.headers['x-return-token'] === '1';
161
562
  return reply.send({
162
563
  user: result.user,
@@ -164,37 +565,148 @@ export async function registerAuthApiRoutes(fastify, authService, workspaceName)
164
565
  });
165
566
  });
166
567
  // POST /api/auth/logout — clear session cookie
167
- fastify.post('/api/auth/logout', async (_req, reply) => {
568
+ fastify.post('/api/auth/logout', async (req, reply) => {
569
+ const cloudAuth = managedCloudAuthConfig();
168
570
  reply.setCookie('__sg_token', '', {
169
571
  path: '/',
170
572
  httpOnly: true,
171
- sameSite: 'strict',
573
+ sameSite: 'lax',
172
574
  maxAge: 0,
173
575
  });
174
- return reply.send({ ok: true });
576
+ return reply.send({
577
+ ok: true,
578
+ logoutUrl: cloudAuth.enabled
579
+ ? managedCloudLogoutUrl(cloudAuth, managedLogoutReturnTo(req))
580
+ : undefined,
581
+ });
175
582
  });
176
- // GET /api/auth/me — verify current session
583
+ // GET /api/auth/me — verify current session. Also resolves the user's
584
+ // linked person entity (the auth↔person bridge) so the client gets both
585
+ // identifiers in one round-trip. `personRef` is null when the user has
586
+ // no linked entity (legacy, unprovisioned, or explicitly unlinked) OR
587
+ // when the linked entity lives in a repo the user no longer has read
588
+ // access to (would leak repo existence otherwise — see access-control).
177
589
  fastify.get('/api/auth/me', async (req, reply) => {
178
- const token = req.cookies?.['__sg_token'];
179
- if (!token) {
590
+ // Resolve from the cookie JWT OR Authorization: Bearer (JWT / sg_ API
591
+ // token) via the shared requireUser helper. The global auth hook skips
592
+ // /api/auth/*, so without this the boot session check only honored the
593
+ // web cookie and rejected API-token callers (CLI, automation, the
594
+ // headless browser) even though they authenticate everywhere else.
595
+ const user = requireUser(req, authService);
596
+ if (!user) {
597
+ return reply.status(401).send({ error: 'Not authenticated' });
598
+ }
599
+ const rawRef = findPersonRefForUser(workspaceManager, user.handle);
600
+ const personRef = rawRef && access.hasRepoAccess(user, rawRef.repo, workspaceManager, authService)
601
+ ? rawRef
602
+ : null;
603
+ return reply.send({ user, personRef });
604
+ });
605
+ // POST /api/auth/me/person-link — self-service link of the user↔person
606
+ // bridge for the CURRENT user. Two modes:
607
+ // - body `{ entityId }` → link that SPECIFIC person the user picked
608
+ // (the home CTA / Profile "which record is you?" picker).
609
+ // - no body → auto: email-match an existing record, else create one
610
+ // (ensurePersonForUser).
611
+ //
612
+ // Self-scoped — the user can only stamp THEIR OWN handle onto an UNLINKED
613
+ // person they can read — so it safely bypasses the owner-only gate that
614
+ // guards generic user_handle writes (that gate exists to stop a member
615
+ // claiming ANOTHER user's identity; linking yourself isn't that, and it
616
+ // confers no privileges — auth role comes from the account, not the entity).
617
+ fastify.post('/api/auth/me/person-link', async (req, reply) => {
618
+ const user = requireUser(req, authService);
619
+ if (!user)
180
620
  return reply.status(401).send({ error: 'Not authenticated' });
621
+ const chosenId = typeof req.body?.entityId === 'string' ? req.body.entityId.trim() : '';
622
+ // Idempotent / conflict: already linked?
623
+ const existing = findPersonRefForUser(workspaceManager, user.handle);
624
+ if (existing) {
625
+ // Same record (or no specific request) → no-op success. A DIFFERENT
626
+ // record → you're already linked; refuse rather than create a 2nd link.
627
+ if (!chosenId || existing.entityId === chosenId) {
628
+ return reply.send({ action: 'already-linked', personRef: existing });
629
+ }
630
+ return reply.status(409).send({
631
+ error: `Your account is already linked to ${existing.repo}/${existing.entityId}. Unlink it first to link a different record.`,
632
+ code: 'ALREADY_LINKED_ELSEWHERE',
633
+ });
181
634
  }
635
+ // Mode 1 — link a specific, user-picked person.
636
+ if (chosenId) {
637
+ const target = workspaceManager.findEntityByTypeAndId('person', chosenId);
638
+ // Collapse "not found" and "can't read it" into one 404 so we don't leak
639
+ // the existence of records in folders the caller can't access.
640
+ if (!target || !access.hasRepoAccess(user, target.repoName, workspaceManager, authService)) {
641
+ return reply.status(404).send({ error: `No person entry "${chosenId}" you can link.`, code: 'PERSON_NOT_FOUND' });
642
+ }
643
+ try {
644
+ // Self-scoped link (own handle, unlinked target) — guards live in the
645
+ // bridge helper; it throws BridgeError on conflict.
646
+ await linkChosenPersonToUser(workspaceManager, user, { repo: target.repoName, entityId: chosenId }, authUserToGitUser(user));
647
+ return reply.send({ action: 'linked', personRef: { repo: target.repoName, entityId: chosenId } });
648
+ }
649
+ catch (err) {
650
+ if (err instanceof BridgeError)
651
+ return reply.status(409).send({ error: err.message, code: err.code, ...err.details });
652
+ return reply.status(500).send({ error: err?.message ?? 'Failed to link person record' });
653
+ }
654
+ }
655
+ // Mode 2 — auto (email-match an existing record, else create one).
656
+ try {
657
+ const r = await ensurePersonForUser(workspaceManager, authService, user, authUserToGitUser(user));
658
+ if (r.action === 'skipped') {
659
+ return reply.status(409).send({
660
+ error: `Could not create a person record (${r.reason}). Ask a workspace owner to designate a shared folder.`,
661
+ code: 'BRIDGE_SKIPPED',
662
+ });
663
+ }
664
+ return reply.send({ action: r.action, personRef: r.ref });
665
+ }
666
+ catch (err) {
667
+ return reply.status(500).send({ error: err?.message ?? 'Failed to link person record' });
668
+ }
669
+ });
670
+ // PATCH /api/auth/me — update current user's profile
671
+ fastify.patch('/api/auth/me', async (req, reply) => {
672
+ const token = req.cookies?.['__sg_token'];
673
+ if (!token)
674
+ return reply.status(401).send({ error: 'Not authenticated' });
182
675
  const user = authService.verifyToken(token);
183
- if (!user) {
676
+ if (!user)
184
677
  return reply.status(401).send({ error: 'Not authenticated' });
678
+ const { displayName, email, newPassword } = req.body;
679
+ if (newPassword) {
680
+ authService.updatePassword(user.email, newPassword);
185
681
  }
186
- return reply.send({ user });
682
+ const updated = authService.updateProfile(user.id, {
683
+ displayName: displayName !== undefined ? displayName : undefined,
684
+ email: email !== undefined ? email : undefined,
685
+ });
686
+ return reply.send({ user: updated });
687
+ });
688
+ // GET /api/auth/colors — accent colors for all users (for avatar rendering)
689
+ fastify.get('/api/auth/colors', async (_req, reply) => {
690
+ return reply.send({ colors: authService.getAllAccentColors() });
187
691
  });
188
692
  // GET /api/auth/status — public endpoint for login page
189
- fastify.get('/api/auth/status', async (_req, reply) => {
693
+ fastify.get('/api/auth/status', async (req, reply) => {
694
+ const cloudAuth = managedCloudAuthConfig();
190
695
  return reply.send({
191
696
  authEnabled: authService.hasUsers(),
192
697
  userCount: authService.getUserCount(),
193
698
  workspaceName: workspaceName || undefined,
699
+ managedAuth: cloudAuth.enabled,
700
+ cloudUrl: cloudAuth.cloudUrl || undefined,
701
+ managedAuthLoginUrl: managedCloudLoginUrl(cloudAuth) || undefined,
702
+ managedAuthLogoutUrl: managedCloudLogoutUrl(cloudAuth, managedLogoutReturnTo(req)) || undefined,
194
703
  });
195
704
  });
196
705
  // POST /api/auth/setup — create the first admin account (only works when no users exist)
197
706
  fastify.post('/api/auth/setup', async (req, reply) => {
707
+ if (managedCloudAuthConfig().enabled) {
708
+ return reply.status(403).send({ error: 'Managed workspaces are set up from Studiograph Cloud' });
709
+ }
198
710
  if (authService.hasUsers()) {
199
711
  return reply.status(403).send({ error: 'Setup already completed' });
200
712
  }
@@ -203,7 +715,29 @@ export async function registerAuthApiRoutes(fastify, authService, workspaceName)
203
715
  return reply.status(400).send({ error: 'Email and password are required' });
204
716
  }
205
717
  try {
206
- const user = authService.createUser(email, password, displayName || email.split('@')[0], 'admin');
718
+ const user = authService.createUser(email, password, displayName || email.split('@')[0], 'owner');
719
+ const setupWorkspace = new Workspace(workspacePath);
720
+ await ensurePersonalFolder(setupWorkspace, authService, user);
721
+ // Provision the reserved workspace-wide "Assets" store once, at first-run
722
+ // setup. Existing workspaces backfill lazily on first asset upload
723
+ // (resolveWorkspaceAssetsRepo) — never via a boot sweep.
724
+ await ensureWorkspaceAssetsFolder(setupWorkspace);
725
+ workspaceManager.reloadConfig();
726
+ // Grant the first owner folder-admin on every existing team folder.
727
+ // Without this, folders scaffolded by `studiograph init` before any
728
+ // user existed end up with zero folder_access rows, and
729
+ // `getAccessibleRepos()` filters them out of the sidebar — the first
730
+ // owner then sees an empty workspace despite the files being on disk.
731
+ // Personal folders are handled by ensurePersonalFolder above; skipping
732
+ // them here avoids granting the owner access to other users' personals.
733
+ for (const repo of workspaceManager.getAllRepoConfigs()) {
734
+ if (repo.personal)
735
+ continue;
736
+ authService.grantFolderAccess(user.id, repo.name, 'admin');
737
+ }
738
+ // No first-owner person auto-provisioning: assignment + "My Tasks" key on
739
+ // the account identity (`[[user:<id>]]`). The owner adds their profile to
740
+ // the graph explicitly from Settings → Profile if they want one.
207
741
  const result = authService.authenticate(email, password);
208
742
  if (!result) {
209
743
  return reply.status(500).send({ error: 'Failed to authenticate after setup' });
@@ -212,7 +746,7 @@ export async function registerAuthApiRoutes(fastify, authService, workspaceName)
212
746
  reply.setCookie('__sg_token', result.token, {
213
747
  path: '/',
214
748
  httpOnly: true,
215
- sameSite: 'strict',
749
+ sameSite: 'lax',
216
750
  secure,
217
751
  maxAge: 7 * 24 * 60 * 60,
218
752
  });