studiograph 1.3.48-next.21 → 1.3.48-next.211

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (966) hide show
  1. package/README.md +26 -16
  2. package/dist/agent/agent-pool.d.ts +87 -3
  3. package/dist/agent/agent-pool.js +188 -15
  4. package/dist/agent/agent-pool.js.map +1 -1
  5. package/dist/agent/followups.d.ts +34 -0
  6. package/dist/agent/followups.js +52 -0
  7. package/dist/agent/followups.js.map +1 -0
  8. package/dist/agent/orchestrator.d.ts +101 -4
  9. package/dist/agent/orchestrator.js +464 -66
  10. package/dist/agent/orchestrator.js.map +1 -1
  11. package/dist/agent/prompts/entity-types-section.d.ts +34 -0
  12. package/dist/agent/prompts/entity-types-section.js +76 -0
  13. package/dist/agent/prompts/entity-types-section.js.map +1 -0
  14. package/dist/agent/prompts/system.md +112 -54
  15. package/dist/agent/skill-loader.d.ts +30 -17
  16. package/dist/agent/skill-loader.js +63 -30
  17. package/dist/agent/skill-loader.js.map +1 -1
  18. package/dist/agent/skills/artifact-canvas/skill.md +152 -0
  19. package/dist/agent/skills/entity-schema.md +75 -431
  20. package/dist/agent/skills/interview/entity-templates.md +38 -37
  21. package/dist/agent/skills/interview/question-domains.md +54 -49
  22. package/dist/agent/skills/interview/skill.md +84 -16
  23. package/dist/agent/skills/schema-rules.md +28 -28
  24. package/dist/agent/tools/artifact-tools.d.ts +124 -0
  25. package/dist/agent/tools/artifact-tools.js +207 -0
  26. package/dist/agent/tools/artifact-tools.js.map +1 -0
  27. package/dist/agent/tools/capture-tools.d.ts +31 -0
  28. package/dist/agent/tools/capture-tools.js +40 -0
  29. package/dist/agent/tools/capture-tools.js.map +1 -0
  30. package/dist/agent/tools/folder-tools.d.ts +47 -0
  31. package/dist/agent/tools/folder-tools.js +249 -0
  32. package/dist/agent/tools/folder-tools.js.map +1 -0
  33. package/dist/agent/tools/fs-tools.d.ts +6 -5
  34. package/dist/agent/tools/fs-tools.js +5 -5
  35. package/dist/agent/tools/fs-tools.js.map +1 -1
  36. package/dist/agent/tools/graph-tools.d.ts +48 -72
  37. package/dist/agent/tools/graph-tools.js +852 -329
  38. package/dist/agent/tools/graph-tools.js.map +1 -1
  39. package/dist/agent/tools/history-tools.d.ts +95 -0
  40. package/dist/agent/tools/history-tools.js +461 -0
  41. package/dist/agent/tools/history-tools.js.map +1 -0
  42. package/dist/agent/tools/load-skill.d.ts +6 -5
  43. package/dist/agent/tools/load-skill.js +3 -3
  44. package/dist/agent/tools/load-skill.js.map +1 -1
  45. package/dist/agent/tools/ops-tools.d.ts +5 -4
  46. package/dist/agent/tools/ops-tools.js +130 -236
  47. package/dist/agent/tools/ops-tools.js.map +1 -1
  48. package/dist/agent/tools/permission-tools.d.ts +87 -17
  49. package/dist/agent/tools/permission-tools.js +233 -43
  50. package/dist/agent/tools/permission-tools.js.map +1 -1
  51. package/dist/agent/tools/tool-loader.js +5 -4
  52. package/dist/agent/tools/tool-loader.js.map +1 -1
  53. package/dist/agent/tools/web-tools.js +58 -9
  54. package/dist/agent/tools/web-tools.js.map +1 -1
  55. package/dist/cli/commands/about.d.ts +1 -0
  56. package/dist/cli/commands/about.js +55 -3
  57. package/dist/cli/commands/about.js.map +1 -1
  58. package/dist/cli/commands/admin/audit-workspace.d.ts +23 -0
  59. package/dist/cli/commands/admin/audit-workspace.js +133 -0
  60. package/dist/cli/commands/admin/audit-workspace.js.map +1 -0
  61. package/dist/cli/commands/admin/audit.d.ts +21 -0
  62. package/dist/cli/commands/admin/audit.js +174 -0
  63. package/dist/cli/commands/admin/audit.js.map +1 -0
  64. package/dist/cli/commands/admin/backup.d.ts +54 -0
  65. package/dist/cli/commands/admin/backup.js +207 -0
  66. package/dist/cli/commands/admin/backup.js.map +1 -0
  67. package/dist/cli/commands/admin/folder.d.ts +11 -0
  68. package/dist/cli/commands/{collection.js → admin/folder.js} +33 -32
  69. package/dist/cli/commands/admin/folder.js.map +1 -0
  70. package/dist/cli/commands/admin/index.d.ts +16 -0
  71. package/dist/cli/commands/admin/index.js +46 -0
  72. package/dist/cli/commands/admin/index.js.map +1 -0
  73. package/dist/cli/commands/admin/migrate-assets.d.ts +53 -0
  74. package/dist/cli/commands/admin/migrate-assets.js +184 -0
  75. package/dist/cli/commands/admin/migrate-assets.js.map +1 -0
  76. package/dist/cli/commands/admin/migrate.d.ts +56 -0
  77. package/dist/cli/commands/admin/migrate.js +263 -0
  78. package/dist/cli/commands/admin/migrate.js.map +1 -0
  79. package/dist/cli/commands/admin/restore.d.ts +24 -0
  80. package/dist/cli/commands/admin/restore.js +228 -0
  81. package/dist/cli/commands/admin/restore.js.map +1 -0
  82. package/dist/cli/commands/admin/secrets.d.ts +23 -0
  83. package/dist/cli/commands/admin/secrets.js +256 -0
  84. package/dist/cli/commands/admin/secrets.js.map +1 -0
  85. package/dist/cli/commands/admin/settings.d.ts +28 -0
  86. package/dist/cli/commands/admin/settings.js +284 -0
  87. package/dist/cli/commands/admin/settings.js.map +1 -0
  88. package/dist/cli/commands/admin/token.d.ts +42 -0
  89. package/dist/cli/commands/admin/token.js +126 -0
  90. package/dist/cli/commands/admin/token.js.map +1 -0
  91. package/dist/cli/commands/admin/transfer-ownership.d.ts +15 -0
  92. package/dist/cli/commands/admin/transfer-ownership.js +106 -0
  93. package/dist/cli/commands/admin/transfer-ownership.js.map +1 -0
  94. package/dist/cli/commands/admin/user.d.ts +11 -0
  95. package/dist/cli/commands/admin/user.js +187 -0
  96. package/dist/cli/commands/admin/user.js.map +1 -0
  97. package/dist/cli/commands/clone.d.ts +25 -3
  98. package/dist/cli/commands/clone.js +142 -36
  99. package/dist/cli/commands/clone.js.map +1 -1
  100. package/dist/cli/commands/config.d.ts +23 -107
  101. package/dist/cli/commands/config.js +52 -260
  102. package/dist/cli/commands/config.js.map +1 -1
  103. package/dist/cli/commands/connector.d.ts +10 -13
  104. package/dist/cli/commands/connector.js +16 -58
  105. package/dist/cli/commands/connector.js.map +1 -1
  106. package/dist/cli/commands/deploy.js +215 -68
  107. package/dist/cli/commands/deploy.js.map +1 -1
  108. package/dist/cli/commands/index.js +5 -1
  109. package/dist/cli/commands/index.js.map +1 -1
  110. package/dist/cli/commands/init.js +10 -30
  111. package/dist/cli/commands/init.js.map +1 -1
  112. package/dist/cli/commands/mcp.js +54 -6
  113. package/dist/cli/commands/mcp.js.map +1 -1
  114. package/dist/cli/commands/r2.d.ts +3 -0
  115. package/dist/cli/commands/r2.js +223 -204
  116. package/dist/cli/commands/r2.js.map +1 -1
  117. package/dist/cli/commands/redeploy.js +65 -12
  118. package/dist/cli/commands/redeploy.js.map +1 -1
  119. package/dist/cli/commands/reset.d.ts +22 -6
  120. package/dist/cli/commands/reset.js +132 -34
  121. package/dist/cli/commands/reset.js.map +1 -1
  122. package/dist/cli/commands/serve.js +231 -26
  123. package/dist/cli/commands/serve.js.map +1 -1
  124. package/dist/cli/commands/sync.d.ts +1 -1
  125. package/dist/cli/commands/sync.js +237 -227
  126. package/dist/cli/commands/sync.js.map +1 -1
  127. package/dist/cli/crypto-bundle.d.ts +39 -0
  128. package/dist/cli/crypto-bundle.js +94 -0
  129. package/dist/cli/crypto-bundle.js.map +1 -0
  130. package/dist/cli/index.js +24 -26
  131. package/dist/cli/index.js.map +1 -1
  132. package/dist/cli/railway-pin.d.ts +68 -0
  133. package/dist/cli/railway-pin.js +96 -0
  134. package/dist/cli/railway-pin.js.map +1 -0
  135. package/dist/cli/railway-provisioning.d.ts +53 -0
  136. package/dist/cli/railway-provisioning.js +85 -0
  137. package/dist/cli/railway-provisioning.js.map +1 -0
  138. package/dist/cli/setup-wizard.d.ts +30 -49
  139. package/dist/cli/setup-wizard.js +39 -40
  140. package/dist/cli/setup-wizard.js.map +1 -1
  141. package/dist/core/accent-palette.d.ts +22 -0
  142. package/dist/core/accent-palette.js +47 -0
  143. package/dist/core/accent-palette.js.map +1 -0
  144. package/dist/core/artifact-asset-urls.d.ts +51 -0
  145. package/dist/core/artifact-asset-urls.js +79 -0
  146. package/dist/core/artifact-asset-urls.js.map +1 -0
  147. package/dist/core/artifact-bundle.d.ts +69 -0
  148. package/dist/core/artifact-bundle.js +305 -0
  149. package/dist/core/artifact-bundle.js.map +1 -0
  150. package/dist/core/artifact-escape.d.ts +5 -0
  151. package/dist/core/artifact-escape.js +26 -0
  152. package/dist/core/artifact-escape.js.map +1 -0
  153. package/dist/core/artifact-export.d.ts +17 -0
  154. package/dist/core/artifact-export.js +529 -0
  155. package/dist/core/artifact-export.js.map +1 -0
  156. package/dist/core/cell-anchor.d.ts +29 -0
  157. package/dist/core/cell-anchor.js +53 -0
  158. package/dist/core/cell-anchor.js.map +1 -0
  159. package/dist/core/comment-anchor.d.ts +41 -0
  160. package/dist/core/comment-anchor.js +147 -0
  161. package/dist/core/comment-anchor.js.map +1 -0
  162. package/dist/core/commit-messages.d.ts +57 -0
  163. package/dist/core/commit-messages.js +85 -0
  164. package/dist/core/commit-messages.js.map +1 -0
  165. package/dist/core/embeds.d.ts +96 -0
  166. package/dist/core/embeds.js +196 -0
  167. package/dist/core/embeds.js.map +1 -0
  168. package/dist/core/entity-body-templates.d.ts +21 -0
  169. package/dist/core/entity-body-templates.js +67 -0
  170. package/dist/core/entity-body-templates.js.map +1 -0
  171. package/dist/core/entity-types-catalog.d.ts +65 -0
  172. package/dist/core/entity-types-catalog.js +142 -0
  173. package/dist/core/entity-types-catalog.js.map +1 -0
  174. package/dist/core/field-library.d.ts +62 -0
  175. package/dist/core/field-library.js +129 -0
  176. package/dist/core/field-library.js.map +1 -0
  177. package/dist/core/folder-paths.d.ts +41 -0
  178. package/dist/core/folder-paths.js +95 -0
  179. package/dist/core/folder-paths.js.map +1 -0
  180. package/dist/core/folder-sidecar.d.ts +36 -0
  181. package/dist/core/folder-sidecar.js +91 -0
  182. package/dist/core/folder-sidecar.js.map +1 -0
  183. package/dist/core/format-registry.d.ts +170 -0
  184. package/dist/core/format-registry.js +412 -0
  185. package/dist/core/format-registry.js.map +1 -0
  186. package/dist/core/graph.d.ts +773 -14
  187. package/dist/core/graph.js +2269 -308
  188. package/dist/core/graph.js.map +1 -1
  189. package/dist/core/history-diff.d.ts +35 -0
  190. package/dist/core/history-diff.js +114 -0
  191. package/dist/core/history-diff.js.map +1 -0
  192. package/dist/core/refs.d.ts +41 -0
  193. package/dist/core/refs.js +80 -0
  194. package/dist/core/refs.js.map +1 -0
  195. package/dist/core/schema-registry.d.ts +66 -0
  196. package/dist/core/schema-registry.js +198 -37
  197. package/dist/core/schema-registry.js.map +1 -1
  198. package/dist/core/schemas/connector.d.ts +67 -0
  199. package/dist/core/schemas/connector.js +100 -0
  200. package/dist/core/schemas/connector.js.map +1 -0
  201. package/dist/core/schemas/workspace.d.ts +122 -0
  202. package/dist/core/schemas/workspace.js +211 -0
  203. package/dist/core/schemas/workspace.js.map +1 -0
  204. package/dist/core/secrets/SecretStore.d.ts +77 -0
  205. package/dist/core/secrets/SecretStore.js +13 -0
  206. package/dist/core/secrets/SecretStore.js.map +1 -0
  207. package/dist/core/secrets/SettingsResolver.d.ts +54 -0
  208. package/dist/core/secrets/SettingsResolver.js +80 -0
  209. package/dist/core/secrets/SettingsResolver.js.map +1 -0
  210. package/dist/core/secrets/SettingsStore.d.ts +30 -0
  211. package/dist/core/secrets/SettingsStore.js +9 -0
  212. package/dist/core/secrets/SettingsStore.js.map +1 -0
  213. package/dist/core/secrets/SqliteEncryptedStore.d.ts +90 -0
  214. package/dist/core/secrets/SqliteEncryptedStore.js +598 -0
  215. package/dist/core/secrets/SqliteEncryptedStore.js.map +1 -0
  216. package/dist/core/secrets/audit.d.ts +36 -0
  217. package/dist/core/secrets/audit.js +60 -0
  218. package/dist/core/secrets/audit.js.map +1 -0
  219. package/dist/core/secrets/auth-db-migration.d.ts +129 -0
  220. package/dist/core/secrets/auth-db-migration.js +653 -0
  221. package/dist/core/secrets/auth-db-migration.js.map +1 -0
  222. package/dist/core/secrets/bundle.d.ts +141 -0
  223. package/dist/core/secrets/bundle.js +435 -0
  224. package/dist/core/secrets/bundle.js.map +1 -0
  225. package/dist/core/secrets/dual-write.d.ts +81 -0
  226. package/dist/core/secrets/dual-write.js +247 -0
  227. package/dist/core/secrets/dual-write.js.map +1 -0
  228. package/dist/core/secrets/encryption.d.ts +44 -0
  229. package/dist/core/secrets/encryption.js +97 -0
  230. package/dist/core/secrets/encryption.js.map +1 -0
  231. package/dist/core/secrets/index.d.ts +49 -0
  232. package/dist/core/secrets/index.js +74 -0
  233. package/dist/core/secrets/index.js.map +1 -0
  234. package/dist/core/secrets/master-key.d.ts +38 -0
  235. package/dist/core/secrets/master-key.js +122 -0
  236. package/dist/core/secrets/master-key.js.map +1 -0
  237. package/dist/core/secrets/probes/anthropic.d.ts +98 -0
  238. package/dist/core/secrets/probes/anthropic.js +300 -0
  239. package/dist/core/secrets/probes/anthropic.js.map +1 -0
  240. package/dist/core/secrets/probes/brave.d.ts +9 -0
  241. package/dist/core/secrets/probes/brave.js +15 -0
  242. package/dist/core/secrets/probes/brave.js.map +1 -0
  243. package/dist/core/secrets/probes/r2.d.ts +15 -0
  244. package/dist/core/secrets/probes/r2.js +14 -0
  245. package/dist/core/secrets/probes/r2.js.map +1 -0
  246. package/dist/core/secrets/probes/tavily.d.ts +18 -0
  247. package/dist/core/secrets/probes/tavily.js +58 -0
  248. package/dist/core/secrets/probes/tavily.js.map +1 -0
  249. package/dist/core/secrets/probes/voyage.d.ts +13 -0
  250. package/dist/core/secrets/probes/voyage.js +52 -0
  251. package/dist/core/secrets/probes/voyage.js.map +1 -0
  252. package/dist/core/secrets/r2-structural-migration.d.ts +39 -0
  253. package/dist/core/secrets/r2-structural-migration.js +109 -0
  254. package/dist/core/secrets/r2-structural-migration.js.map +1 -0
  255. package/dist/core/secrets/read-flip.d.ts +59 -0
  256. package/dist/core/secrets/read-flip.js +87 -0
  257. package/dist/core/secrets/read-flip.js.map +1 -0
  258. package/dist/core/secrets/registry.d.ts +188 -0
  259. package/dist/core/secrets/registry.js +616 -0
  260. package/dist/core/secrets/registry.js.map +1 -0
  261. package/dist/core/types.d.ts +77 -483
  262. package/dist/core/types.js +25 -3
  263. package/dist/core/types.js.map +1 -1
  264. package/dist/core/user-config.d.ts +75 -12
  265. package/dist/core/user-config.js +155 -14
  266. package/dist/core/user-config.js.map +1 -1
  267. package/dist/core/validation.d.ts +786 -1373
  268. package/dist/core/validation.js +458 -147
  269. package/dist/core/validation.js.map +1 -1
  270. package/dist/core/workspace-manager.d.ts +87 -14
  271. package/dist/core/workspace-manager.js +222 -94
  272. package/dist/core/workspace-manager.js.map +1 -1
  273. package/dist/core/workspace.d.ts +19 -5
  274. package/dist/core/workspace.js +67 -39
  275. package/dist/core/workspace.js.map +1 -1
  276. package/dist/mcp/comment-virtual-entity.d.ts +36 -0
  277. package/dist/mcp/comment-virtual-entity.js +71 -0
  278. package/dist/mcp/comment-virtual-entity.js.map +1 -0
  279. package/dist/mcp/connector-manager.d.ts +72 -2
  280. package/dist/mcp/connector-manager.js +211 -32
  281. package/dist/mcp/connector-manager.js.map +1 -1
  282. package/dist/mcp/oauth-provider.d.ts +0 -5
  283. package/dist/mcp/oauth-provider.js +10 -22
  284. package/dist/mcp/oauth-provider.js.map +1 -1
  285. package/dist/mcp/oauth-registry.d.ts +46 -8
  286. package/dist/mcp/oauth-registry.js +52 -13
  287. package/dist/mcp/oauth-registry.js.map +1 -1
  288. package/dist/mcp/server-discovery.d.ts +73 -0
  289. package/dist/mcp/server-discovery.js +164 -0
  290. package/dist/mcp/server-discovery.js.map +1 -0
  291. package/dist/mcp/server.d.ts +24 -3
  292. package/dist/mcp/server.js +53 -10
  293. package/dist/mcp/server.js.map +1 -1
  294. package/dist/mcp/state-signer.d.ts +62 -0
  295. package/dist/mcp/state-signer.js +205 -0
  296. package/dist/mcp/state-signer.js.map +1 -0
  297. package/dist/mcp/stdio-proxy.d.ts +67 -0
  298. package/dist/mcp/stdio-proxy.js +149 -0
  299. package/dist/mcp/stdio-proxy.js.map +1 -0
  300. package/dist/mcp/tools.d.ts +65 -2
  301. package/dist/mcp/tools.js +1772 -124
  302. package/dist/mcp/tools.js.map +1 -1
  303. package/dist/server/__tests__/helpers/graph-api.d.ts +16 -0
  304. package/dist/server/__tests__/helpers/graph-api.js +16 -0
  305. package/dist/server/__tests__/helpers/graph-api.js.map +1 -0
  306. package/dist/server/artifact-asset-mint.d.ts +41 -0
  307. package/dist/server/artifact-asset-mint.js +59 -0
  308. package/dist/server/artifact-asset-mint.js.map +1 -0
  309. package/dist/server/asset-index-queue.d.ts +98 -0
  310. package/dist/server/asset-index-queue.js +193 -0
  311. package/dist/server/asset-index-queue.js.map +1 -0
  312. package/dist/server/body-write-coordinator.d.ts +161 -0
  313. package/dist/server/body-write-coordinator.js +182 -0
  314. package/dist/server/body-write-coordinator.js.map +1 -0
  315. package/dist/server/cloud-billing-flow.d.ts +32 -0
  316. package/dist/server/cloud-billing-flow.js +75 -0
  317. package/dist/server/cloud-billing-flow.js.map +1 -0
  318. package/dist/server/commit-audit.d.ts +26 -0
  319. package/dist/server/commit-audit.js +30 -0
  320. package/dist/server/commit-audit.js.map +1 -0
  321. package/dist/server/index.d.ts +29 -3
  322. package/dist/server/index.js +657 -269
  323. package/dist/server/index.js.map +1 -1
  324. package/dist/server/middleware/sanitize.d.ts +46 -0
  325. package/dist/server/middleware/sanitize.js +182 -0
  326. package/dist/server/middleware/sanitize.js.map +1 -0
  327. package/dist/server/routes/artifact-export-api.d.ts +11 -0
  328. package/dist/server/routes/artifact-export-api.js +159 -0
  329. package/dist/server/routes/artifact-export-api.js.map +1 -0
  330. package/dist/server/routes/asset-api.d.ts +76 -1
  331. package/dist/server/routes/asset-api.js +761 -61
  332. package/dist/server/routes/asset-api.js.map +1 -1
  333. package/dist/server/routes/audit-api.d.ts +24 -0
  334. package/dist/server/routes/audit-api.js +117 -0
  335. package/dist/server/routes/audit-api.js.map +1 -0
  336. package/dist/server/routes/auth-api.js +532 -63
  337. package/dist/server/routes/auth-api.js.map +1 -1
  338. package/dist/server/routes/capture-api.d.ts +10 -3
  339. package/dist/server/routes/capture-api.js +213 -25
  340. package/dist/server/routes/capture-api.js.map +1 -1
  341. package/dist/server/routes/chat-sessions-api.d.ts +13 -0
  342. package/dist/server/routes/chat-sessions-api.js +455 -0
  343. package/dist/server/routes/chat-sessions-api.js.map +1 -0
  344. package/dist/server/routes/chat.d.ts +35 -1
  345. package/dist/server/routes/chat.js +699 -54
  346. package/dist/server/routes/chat.js.map +1 -1
  347. package/dist/server/routes/comments-api.d.ts +15 -0
  348. package/dist/server/routes/comments-api.js +444 -0
  349. package/dist/server/routes/comments-api.js.map +1 -0
  350. package/dist/server/routes/config-api.d.ts +3 -2
  351. package/dist/server/routes/config-api.js +179 -49
  352. package/dist/server/routes/config-api.js.map +1 -1
  353. package/dist/server/routes/connectors-api.js +177 -42
  354. package/dist/server/routes/connectors-api.js.map +1 -1
  355. package/dist/server/routes/event-ingest-api.d.ts +15 -0
  356. package/dist/server/routes/{meeting-ingest-api.js → event-ingest-api.js} +35 -20
  357. package/dist/server/routes/event-ingest-api.js.map +1 -0
  358. package/dist/server/routes/field-library-api.d.ts +28 -0
  359. package/dist/server/routes/field-library-api.js +126 -0
  360. package/dist/server/routes/field-library-api.js.map +1 -0
  361. package/dist/server/routes/git-http.d.ts +2 -2
  362. package/dist/server/routes/git-http.js +86 -39
  363. package/dist/server/routes/git-http.js.map +1 -1
  364. package/dist/server/routes/graph-api-access.d.ts +57 -0
  365. package/dist/server/routes/graph-api-access.js +112 -0
  366. package/dist/server/routes/graph-api-access.js.map +1 -0
  367. package/dist/server/routes/graph-api.d.ts +1 -1
  368. package/dist/server/routes/graph-api.js +1455 -325
  369. package/dist/server/routes/graph-api.js.map +1 -1
  370. package/dist/server/routes/health.d.ts +18 -0
  371. package/dist/server/routes/health.js +74 -0
  372. package/dist/server/routes/health.js.map +1 -0
  373. package/dist/server/routes/import-batch.d.ts +24 -0
  374. package/dist/server/routes/import-batch.js +33 -0
  375. package/dist/server/routes/import-batch.js.map +1 -0
  376. package/dist/server/routes/insights-api.d.ts +9 -2
  377. package/dist/server/routes/insights-api.js +355 -61
  378. package/dist/server/routes/insights-api.js.map +1 -1
  379. package/dist/server/routes/mcp.d.ts +7 -3
  380. package/dist/server/routes/mcp.js +24 -8
  381. package/dist/server/routes/mcp.js.map +1 -1
  382. package/dist/server/routes/oauth-api.d.ts +67 -0
  383. package/dist/server/routes/oauth-api.js +421 -0
  384. package/dist/server/routes/oauth-api.js.map +1 -0
  385. package/dist/server/routes/permissions-api.d.ts +9 -2
  386. package/dist/server/routes/permissions-api.js +87 -31
  387. package/dist/server/routes/permissions-api.js.map +1 -1
  388. package/dist/server/routes/r2-api.d.ts +25 -0
  389. package/dist/server/routes/r2-api.js +276 -0
  390. package/dist/server/routes/r2-api.js.map +1 -0
  391. package/dist/server/routes/secrets-api.d.ts +36 -0
  392. package/dist/server/routes/secrets-api.js +308 -0
  393. package/dist/server/routes/secrets-api.js.map +1 -0
  394. package/dist/server/routes/settings-api.d.ts +29 -0
  395. package/dist/server/routes/settings-api.js +180 -0
  396. package/dist/server/routes/settings-api.js.map +1 -0
  397. package/dist/server/routes/share-api.d.ts +32 -0
  398. package/dist/server/routes/share-api.js +234 -0
  399. package/dist/server/routes/share-api.js.map +1 -0
  400. package/dist/server/routes/views-api.js +51 -0
  401. package/dist/server/routes/views-api.js.map +1 -1
  402. package/dist/server/routes/workspace-api.d.ts +2 -1
  403. package/dist/server/routes/workspace-api.js +142 -23
  404. package/dist/server/routes/workspace-api.js.map +1 -1
  405. package/dist/server/routes/ws.d.ts +3 -2
  406. package/dist/server/routes/ws.js +68 -17
  407. package/dist/server/routes/ws.js.map +1 -1
  408. package/dist/server/session-manager.d.ts +48 -5
  409. package/dist/server/session-manager.js +182 -14
  410. package/dist/server/session-manager.js.map +1 -1
  411. package/dist/server/ws-hub.d.ts +124 -37
  412. package/dist/server/ws-hub.js +0 -0
  413. package/dist/server/ws-hub.js.map +1 -1
  414. package/dist/server/yjs-manager.d.ts +278 -7
  415. package/dist/server/yjs-manager.js +830 -38
  416. package/dist/server/yjs-manager.js.map +1 -1
  417. package/dist/server/yjs-persistence.d.ts +165 -0
  418. package/dist/server/yjs-persistence.js +557 -0
  419. package/dist/server/yjs-persistence.js.map +1 -0
  420. package/dist/server/yjs-text-diff.d.ts +32 -0
  421. package/dist/server/yjs-text-diff.js +61 -0
  422. package/dist/server/yjs-text-diff.js.map +1 -0
  423. package/dist/services/access-control.d.ts +73 -0
  424. package/dist/services/access-control.js +165 -0
  425. package/dist/services/access-control.js.map +1 -0
  426. package/dist/services/artifact-asset-token.d.ts +69 -0
  427. package/dist/services/artifact-asset-token.js +94 -0
  428. package/dist/services/artifact-asset-token.js.map +1 -0
  429. package/dist/services/artifact-library-sources.d.ts +3 -0
  430. package/dist/services/artifact-library-sources.js +44 -0
  431. package/dist/services/artifact-library-sources.js.map +1 -0
  432. package/dist/services/artifact-render-export.d.ts +97 -0
  433. package/dist/services/artifact-render-export.js +467 -0
  434. package/dist/services/artifact-render-export.js.map +1 -0
  435. package/dist/services/asset-caption-service.d.ts +103 -0
  436. package/dist/services/asset-caption-service.js +186 -0
  437. package/dist/services/asset-caption-service.js.map +1 -0
  438. package/dist/services/asset-delete-authz.d.ts +31 -0
  439. package/dist/services/asset-delete-authz.js +61 -0
  440. package/dist/services/asset-delete-authz.js.map +1 -0
  441. package/dist/services/asset-finalize-service.d.ts +58 -0
  442. package/dist/services/asset-finalize-service.js +216 -0
  443. package/dist/services/asset-finalize-service.js.map +1 -0
  444. package/dist/services/asset-import-service.d.ts +111 -0
  445. package/dist/services/asset-import-service.js +394 -0
  446. package/dist/services/asset-import-service.js.map +1 -0
  447. package/dist/services/asset-index-sweep.d.ts +95 -0
  448. package/dist/services/asset-index-sweep.js +249 -0
  449. package/dist/services/asset-index-sweep.js.map +1 -0
  450. package/dist/services/asset-lifecycle-check.d.ts +22 -0
  451. package/dist/services/asset-lifecycle-check.js +80 -0
  452. package/dist/services/asset-lifecycle-check.js.map +1 -0
  453. package/dist/services/asset-listing.d.ts +72 -0
  454. package/dist/services/asset-listing.js +321 -0
  455. package/dist/services/asset-listing.js.map +1 -0
  456. package/dist/services/asset-presign-service.d.ts +68 -0
  457. package/dist/services/asset-presign-service.js +124 -0
  458. package/dist/services/asset-presign-service.js.map +1 -0
  459. package/dist/services/asset-sidecar-service.d.ts +28 -0
  460. package/dist/services/asset-sidecar-service.js +79 -0
  461. package/dist/services/asset-sidecar-service.js.map +1 -0
  462. package/dist/services/asset-upload-errors.d.ts +41 -0
  463. package/dist/services/asset-upload-errors.js +45 -0
  464. package/dist/services/asset-upload-errors.js.map +1 -0
  465. package/dist/services/asset-upload-service.d.ts +56 -0
  466. package/dist/services/asset-upload-service.js +200 -0
  467. package/dist/services/asset-upload-service.js.map +1 -0
  468. package/dist/services/asset-upload-token.d.ts +58 -0
  469. package/dist/services/asset-upload-token.js +75 -0
  470. package/dist/services/asset-upload-token.js.map +1 -0
  471. package/dist/services/assets/asset-index-service.d.ts +127 -0
  472. package/dist/services/assets/asset-index-service.js +227 -0
  473. package/dist/services/assets/asset-index-service.js.map +1 -0
  474. package/dist/services/assets/base.d.ts +128 -2
  475. package/dist/services/assets/base.js +98 -1
  476. package/dist/services/assets/base.js.map +1 -1
  477. package/dist/services/assets/index.d.ts +114 -1
  478. package/dist/services/assets/index.js +221 -0
  479. package/dist/services/assets/index.js.map +1 -1
  480. package/dist/services/assets/local.d.ts +16 -1
  481. package/dist/services/assets/local.js +110 -1
  482. package/dist/services/assets/local.js.map +1 -1
  483. package/dist/services/assets/r2-sync.d.ts +88 -0
  484. package/dist/services/assets/r2-sync.js +412 -0
  485. package/dist/services/assets/r2-sync.js.map +1 -0
  486. package/dist/services/assets/r2.d.ts +87 -1
  487. package/dist/services/assets/r2.js +203 -1
  488. package/dist/services/assets/r2.js.map +1 -1
  489. package/dist/services/auth-service.d.ts +312 -45
  490. package/dist/services/auth-service.js +1011 -195
  491. package/dist/services/auth-service.js.map +1 -1
  492. package/dist/services/chat-session-service.d.ts +188 -0
  493. package/dist/services/chat-session-service.js +512 -0
  494. package/dist/services/chat-session-service.js.map +1 -0
  495. package/dist/services/cloud-inference-billing.d.ts +64 -0
  496. package/dist/services/cloud-inference-billing.js +313 -0
  497. package/dist/services/cloud-inference-billing.js.map +1 -0
  498. package/dist/services/comment-service.d.ts +97 -0
  499. package/dist/services/comment-service.js +341 -0
  500. package/dist/services/comment-service.js.map +1 -0
  501. package/dist/services/comment-virtual-entity.d.ts +36 -0
  502. package/dist/services/comment-virtual-entity.js +71 -0
  503. package/dist/services/comment-virtual-entity.js.map +1 -0
  504. package/dist/services/convert-service.d.ts +64 -0
  505. package/dist/services/convert-service.js +68 -0
  506. package/dist/services/convert-service.js.map +1 -0
  507. package/dist/services/csv-service.d.ts +22 -17
  508. package/dist/services/csv-service.js +55 -92
  509. package/dist/services/csv-service.js.map +1 -1
  510. package/dist/services/entity-mutations.d.ts +213 -0
  511. package/dist/services/entity-mutations.js +380 -0
  512. package/dist/services/entity-mutations.js.map +1 -0
  513. package/dist/services/{meeting-processor.d.ts → event-processor.d.ts} +15 -8
  514. package/dist/services/{meeting-processor.js → event-processor.js} +124 -65
  515. package/dist/services/event-processor.js.map +1 -0
  516. package/dist/services/extract/docx.d.ts +1 -0
  517. package/dist/services/extract/docx.js +233 -0
  518. package/dist/services/extract/docx.js.map +1 -0
  519. package/dist/services/extract/index.d.ts +9 -0
  520. package/dist/services/extract/index.js +10 -0
  521. package/dist/services/extract/index.js.map +1 -0
  522. package/dist/services/extract/pdf.d.ts +13 -0
  523. package/dist/services/extract/pdf.js +69 -0
  524. package/dist/services/extract/pdf.js.map +1 -0
  525. package/dist/services/folder-creation.d.ts +33 -0
  526. package/dist/services/folder-creation.js +103 -0
  527. package/dist/services/folder-creation.js.map +1 -0
  528. package/dist/services/git.d.ts +58 -0
  529. package/dist/services/git.js +194 -55
  530. package/dist/services/git.js.map +1 -1
  531. package/dist/services/graph-maintenance.js +4 -4
  532. package/dist/services/graph-maintenance.js.map +1 -1
  533. package/dist/services/import-service.d.ts +51 -2
  534. package/dist/services/import-service.js +254 -107
  535. package/dist/services/import-service.js.map +1 -1
  536. package/dist/services/lint-service.js +10 -17
  537. package/dist/services/lint-service.js.map +1 -1
  538. package/dist/services/markdown.d.ts +12 -1
  539. package/dist/services/markdown.js +77 -9
  540. package/dist/services/markdown.js.map +1 -1
  541. package/dist/services/mention-detector.d.ts +23 -0
  542. package/dist/services/mention-detector.js +47 -0
  543. package/dist/services/mention-detector.js.map +1 -0
  544. package/dist/services/model-capabilities.d.ts +41 -0
  545. package/dist/services/model-capabilities.js +107 -0
  546. package/dist/services/model-capabilities.js.map +1 -0
  547. package/dist/services/notification-broadcast.d.ts +32 -0
  548. package/dist/services/notification-broadcast.js +38 -0
  549. package/dist/services/notification-broadcast.js.map +1 -0
  550. package/dist/services/notification-service.d.ts +41 -0
  551. package/dist/services/notification-service.js +100 -0
  552. package/dist/services/notification-service.js.map +1 -0
  553. package/dist/services/oauth-server-store.d.ts +147 -0
  554. package/dist/services/oauth-server-store.js +319 -0
  555. package/dist/services/oauth-server-store.js.map +1 -0
  556. package/dist/services/orphan-service.js +2 -2
  557. package/dist/services/orphan-service.js.map +1 -1
  558. package/dist/services/personal-folder.d.ts +40 -0
  559. package/dist/services/personal-folder.js +101 -0
  560. package/dist/services/personal-folder.js.map +1 -0
  561. package/dist/services/scratch-asset-promote.d.ts +57 -0
  562. package/dist/services/scratch-asset-promote.js +95 -0
  563. package/dist/services/scratch-asset-promote.js.map +1 -0
  564. package/dist/services/scratch-attachment-service.d.ts +196 -0
  565. package/dist/services/scratch-attachment-service.js +347 -0
  566. package/dist/services/scratch-attachment-service.js.map +1 -0
  567. package/dist/services/share-link-service.d.ts +57 -0
  568. package/dist/services/share-link-service.js +142 -0
  569. package/dist/services/share-link-service.js.map +1 -0
  570. package/dist/services/user-person-bridge.d.ts +136 -0
  571. package/dist/services/user-person-bridge.js +340 -0
  572. package/dist/services/user-person-bridge.js.map +1 -0
  573. package/dist/services/vector-service.d.ts +282 -5
  574. package/dist/services/vector-service.js +585 -29
  575. package/dist/services/vector-service.js.map +1 -1
  576. package/dist/services/workspace-access.d.ts +108 -0
  577. package/dist/services/workspace-access.js +149 -0
  578. package/dist/services/workspace-access.js.map +1 -0
  579. package/dist/services/workspace-assets-folder.d.ts +46 -0
  580. package/dist/services/workspace-assets-folder.js +75 -0
  581. package/dist/services/workspace-assets-folder.js.map +1 -0
  582. package/dist/utils/git.d.ts +17 -2
  583. package/dist/utils/git.js +23 -7
  584. package/dist/utils/git.js.map +1 -1
  585. package/dist/utils/log.d.ts +42 -0
  586. package/dist/utils/log.js +137 -0
  587. package/dist/utils/log.js.map +1 -0
  588. package/dist/utils/preflight.js +2 -2
  589. package/dist/utils/preflight.js.map +1 -1
  590. package/dist/utils/version-checker.d.ts +12 -19
  591. package/dist/utils/version-checker.js +14 -104
  592. package/dist/utils/version-checker.js.map +1 -1
  593. package/dist/web/_app/immutable/assets/0.Bs_z3Z86.css +2 -0
  594. package/dist/web/_app/immutable/assets/12.DlIf1mKh.css +1 -0
  595. package/dist/web/_app/immutable/assets/14.7d-Q37wc.css +1 -0
  596. package/dist/web/_app/immutable/assets/15.BwBFdc1D.css +1 -0
  597. package/dist/web/_app/immutable/assets/16.CmLrbzZp.css +1 -0
  598. package/dist/web/_app/immutable/assets/17.DcuK5ZVm.css +1 -0
  599. package/dist/web/_app/immutable/assets/2.DATnR31c.css +1 -0
  600. package/dist/web/_app/immutable/assets/3.Cz4H8n_O.css +1 -0
  601. package/dist/web/_app/immutable/assets/4.aDHteTDy.css +1 -0
  602. package/dist/web/_app/immutable/assets/6.CF1i5Bon.css +1 -0
  603. package/dist/web/_app/immutable/assets/ArtifactEntityView.C4ooklFD.css +1 -0
  604. package/dist/web/_app/immutable/assets/AssetLibraryPicker.BOFW0MvF.css +1 -0
  605. package/dist/web/_app/immutable/assets/BulkActionsBar.cmKvHzRK.css +1 -0
  606. package/dist/web/_app/immutable/assets/CalendarView.lBCvS3X5.css +1 -0
  607. package/dist/web/_app/immutable/assets/CodeMirrorEditor.D6hf2pNJ.css +1 -0
  608. package/dist/web/_app/immutable/assets/CopyField.DVGZtw4U.css +1 -0
  609. package/dist/web/_app/immutable/assets/FolderMembersPanel.kiYnDFHu.css +1 -0
  610. package/dist/web/_app/immutable/assets/FolderMutationDialogs.BMRF6Z3z.css +1 -0
  611. package/dist/web/_app/immutable/assets/FolderPicker.Cp46GHe2.css +1 -0
  612. package/dist/web/_app/immutable/assets/GalleryView.WBGxxUQc.css +1 -0
  613. package/dist/web/_app/immutable/assets/GraphView.BJtGL9py.css +1 -0
  614. package/dist/web/_app/immutable/assets/KanbanView.BOaI5KFL.css +1 -0
  615. package/dist/web/_app/immutable/assets/Link.vV0ne105.css +1 -0
  616. package/dist/web/_app/immutable/assets/Markdown.BZnsSOSf.css +1 -0
  617. package/dist/web/_app/immutable/assets/Rail.ilusFgD4.css +1 -0
  618. package/dist/web/_app/immutable/assets/SettingsDialog.D7-BO6S_.css +1 -0
  619. package/dist/web/_app/immutable/assets/Spinner.UBfl0pab.css +1 -0
  620. package/dist/web/_app/immutable/assets/StopFilledAlt.fNlDN65D.css +1 -0
  621. package/dist/web/_app/immutable/assets/TimelineView.xAZBJhHw.css +1 -0
  622. package/dist/web/_app/immutable/assets/WorkspaceView.C8ErUJAY.css +1 -0
  623. package/dist/web/_app/immutable/assets/button.BlLm4Dg1.css +1 -0
  624. package/dist/web/_app/immutable/assets/history-summary.LpmHXasl.css +1 -0
  625. package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-400-normal.CvHOgSBP.woff +0 -0
  626. package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-400-normal.DMJ8VG8y.woff2 +0 -0
  627. package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-500-normal.CB9ihrfo.woff +0 -0
  628. package/dist/web/_app/immutable/assets/ibm-plex-mono-latin-500-normal.DSY6xOcd.woff2 +0 -0
  629. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-italic.CZTNEAuW.woff2 +0 -0
  630. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-italic.CsGl1sm0.woff +0 -0
  631. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-normal.CDDApCn2.woff2 +0 -0
  632. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-400-normal.CYLoc0-x.woff +0 -0
  633. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-italic.BNK2_mGO.woff2 +0 -0
  634. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-italic.DpEwFAQM.woff +0 -0
  635. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-normal.6ng42L7E.woff2 +0 -0
  636. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-500-normal.BgVn5rGT.woff +0 -0
  637. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-600-normal.Cu4Hd6ag.woff +0 -0
  638. package/dist/web/_app/immutable/assets/ibm-plex-sans-latin-600-normal.CuJfVYMP.woff2 +0 -0
  639. package/dist/web/_app/immutable/assets/inline-list.cqga56xT.css +1 -0
  640. package/dist/web/_app/immutable/assets/list-columns.BgnafZ4K.css +1 -0
  641. package/dist/web/_app/immutable/assets/realtime.DDCWxn3B.css +1 -0
  642. package/dist/web/_app/immutable/assets/select.B90KUqR4.css +1 -0
  643. package/dist/web/_app/immutable/assets/sheet.RF9RBmml.css +1 -0
  644. package/dist/web/_app/immutable/chunks/22qYtvr82.js +1 -0
  645. package/dist/web/_app/immutable/chunks/2f1VclTm.js +1 -0
  646. package/dist/web/_app/immutable/chunks/4xgUPoGj2.js +2 -0
  647. package/dist/web/_app/immutable/chunks/5CYQk4xR.js +1 -0
  648. package/dist/web/_app/immutable/chunks/6S9WOky52.js +1 -0
  649. package/dist/web/_app/immutable/chunks/9K8VREGP.js +1 -0
  650. package/dist/web/_app/immutable/chunks/B-n5q6ku.js +1 -0
  651. package/dist/web/_app/immutable/chunks/B0p2fSEV2.js +1 -0
  652. package/dist/web/_app/immutable/chunks/B2oi87jG.js +2 -0
  653. package/dist/web/_app/immutable/chunks/B5Rb52QU.js +1 -0
  654. package/dist/web/_app/immutable/chunks/B6Lt-qaJ.js +1 -0
  655. package/dist/web/_app/immutable/chunks/B6O-q2CN.js +1 -0
  656. package/dist/web/_app/immutable/chunks/B6qeIQZz.js +2 -0
  657. package/dist/web/_app/immutable/chunks/B9KfEsQw2.js +1 -0
  658. package/dist/web/_app/immutable/chunks/BB-RSeXQ.js +1 -0
  659. package/dist/web/_app/immutable/chunks/BCQQzpbj.js +1 -0
  660. package/dist/web/_app/immutable/chunks/BGdzd-Tc.js +1 -0
  661. package/dist/web/_app/immutable/chunks/BLs1h0Rh2.js +1 -0
  662. package/dist/web/_app/immutable/chunks/BPzV_xOS2.js +1 -0
  663. package/dist/web/_app/immutable/chunks/BT2C6q8n.js +1 -0
  664. package/dist/web/_app/immutable/chunks/BUesbLq2.js +1 -0
  665. package/dist/web/_app/immutable/chunks/BUrnwOw4.js +2 -0
  666. package/dist/web/_app/immutable/chunks/BV-iCKqa.js +1 -0
  667. package/dist/web/_app/immutable/chunks/BVCJtXyc.js +1 -0
  668. package/dist/web/_app/immutable/chunks/BY9a3GSt.js +6 -0
  669. package/dist/web/_app/immutable/chunks/BZi3uKF4.js +1 -0
  670. package/dist/web/_app/immutable/chunks/BbfHGU9n2.js +1 -0
  671. package/dist/web/_app/immutable/chunks/Bbqu2-5G2.js +1 -0
  672. package/dist/web/_app/immutable/chunks/BbsX1Slr.js +3 -0
  673. package/dist/web/_app/immutable/chunks/BcwjqHaZ2.js +1 -0
  674. package/dist/web/_app/immutable/chunks/BizeEpTx.js +2 -0
  675. package/dist/web/_app/immutable/chunks/BlgjVmFM2.js +14 -0
  676. package/dist/web/_app/immutable/chunks/BocSRgv12.js +1 -0
  677. package/dist/web/_app/immutable/chunks/BojBYqc3.js +1 -0
  678. package/dist/web/_app/immutable/chunks/BpCG9m962.js +1 -0
  679. package/dist/web/_app/immutable/chunks/BqvnBg_y.js +1 -0
  680. package/dist/web/_app/immutable/chunks/BsT0J1QD.js +1 -0
  681. package/dist/web/_app/immutable/chunks/BsW72fyR2.js +1 -0
  682. package/dist/web/_app/immutable/chunks/Bti_XKwx.js +2692 -0
  683. package/dist/web/_app/immutable/chunks/Bua97Had2.js +2 -0
  684. package/dist/web/_app/immutable/chunks/BuhW5Fr0.js +689 -0
  685. package/dist/web/_app/immutable/chunks/Bx74EEyn2.js +1 -0
  686. package/dist/web/_app/immutable/chunks/BxPN0T61.js +1 -0
  687. package/dist/web/_app/immutable/chunks/Bz9lrgGs.js +1 -0
  688. package/dist/web/_app/immutable/chunks/BzaxZ6j12.js +1 -0
  689. package/dist/web/_app/immutable/chunks/C1B4xDs0.js +1 -0
  690. package/dist/web/_app/immutable/chunks/C1trcC8M.js +7 -0
  691. package/dist/web/_app/immutable/chunks/C9tvkk7Y2.js +22 -0
  692. package/dist/web/_app/immutable/chunks/CBQjdDZf.js +1 -0
  693. package/dist/web/_app/immutable/chunks/CDeazMFW2.js +2 -0
  694. package/dist/web/_app/immutable/chunks/CEahbtnP.js +1 -0
  695. package/dist/web/_app/immutable/chunks/CGjVCd0e.js +8 -0
  696. package/dist/web/_app/immutable/chunks/CICK9maP.js +1 -0
  697. package/dist/web/_app/immutable/chunks/CIoNEHQ82.js +184 -0
  698. package/dist/web/_app/immutable/chunks/CP8_U450.js +1 -0
  699. package/dist/web/_app/immutable/chunks/CQ1eQ93t2.js +6 -0
  700. package/dist/web/_app/immutable/chunks/CUFQMEBn2.js +1 -0
  701. package/dist/web/_app/immutable/chunks/CYEYDNwO2.js +1 -0
  702. package/dist/web/_app/immutable/chunks/CYyIP7kP2.js +66 -0
  703. package/dist/web/_app/immutable/chunks/CZgFaimi2.js +83 -0
  704. package/dist/web/_app/immutable/chunks/CZqvCTCv.js +1 -0
  705. package/dist/web/_app/immutable/chunks/CcI9jYBV.js +1 -0
  706. package/dist/web/_app/immutable/chunks/CcWaWbrI2.js +1 -0
  707. package/dist/web/_app/immutable/chunks/CdtzRVZK.js +1 -0
  708. package/dist/web/_app/immutable/chunks/CfYG72Hc.js +1 -0
  709. package/dist/web/_app/immutable/chunks/Ch1kmm3J2.js +1 -0
  710. package/dist/web/_app/immutable/chunks/CmSSN61R2.js +1 -0
  711. package/dist/web/_app/immutable/chunks/Cqm5wAin.js +1 -0
  712. package/dist/web/_app/immutable/chunks/CuYPXpWU.js +1 -0
  713. package/dist/web/_app/immutable/chunks/CvSEodTA.js +1 -0
  714. package/dist/web/_app/immutable/chunks/CvqqrTrj.js +1 -0
  715. package/dist/web/_app/immutable/chunks/CwAmWt6h.js +1 -0
  716. package/dist/web/_app/immutable/chunks/CwP3Oa7F.js +1 -0
  717. package/dist/web/_app/immutable/chunks/CyTluew1.js +2 -0
  718. package/dist/web/_app/immutable/chunks/CzXdOgVl2.js +7 -0
  719. package/dist/web/_app/immutable/chunks/D0IAituJ.js +1 -0
  720. package/dist/web/_app/immutable/chunks/D0W7c6Sg.js +185 -0
  721. package/dist/web/_app/immutable/chunks/D0rBhnqB2.js +1 -0
  722. package/dist/web/_app/immutable/chunks/D1-GZSN1.js +1 -0
  723. package/dist/web/_app/immutable/chunks/D1yvtriI.js +1 -0
  724. package/dist/web/_app/immutable/chunks/D25NMRpl.js +1 -0
  725. package/dist/web/_app/immutable/chunks/D8wZ2xul.js +4 -0
  726. package/dist/web/_app/immutable/chunks/DA3HEX3X.js +1 -0
  727. package/dist/web/_app/immutable/chunks/DD9wj4ca2.js +1 -0
  728. package/dist/web/_app/immutable/chunks/DJ1YeiJL2.js +1 -0
  729. package/dist/web/_app/immutable/chunks/DKFZnpVC.js +5 -0
  730. package/dist/web/_app/immutable/chunks/DKJl40hl.js +1 -0
  731. package/dist/web/_app/immutable/chunks/DPUVu0T0.js +1 -0
  732. package/dist/web/_app/immutable/chunks/DQMWa2t7.js +1 -0
  733. package/dist/web/_app/immutable/chunks/DXsFrDer2.js +1 -0
  734. package/dist/web/_app/immutable/chunks/DYc5KW3F.js +1 -0
  735. package/dist/web/_app/immutable/chunks/DZcTwXBW.js +1 -0
  736. package/dist/web/_app/immutable/chunks/DcPrzUMJ.js +1 -0
  737. package/dist/web/_app/immutable/chunks/DdPO8kRu2.js +2 -0
  738. package/dist/web/_app/immutable/chunks/DeOXyJZw2.js +1 -0
  739. package/dist/web/_app/immutable/chunks/DfufUFR1.js +2 -0
  740. package/dist/web/_app/immutable/chunks/DiQg3ing.js +1 -0
  741. package/dist/web/_app/immutable/chunks/DjIqa1_y.js +2 -0
  742. package/dist/web/_app/immutable/chunks/DkJ1dkxV2.js +1 -0
  743. package/dist/web/_app/immutable/chunks/Dl63IUnH2.js +224 -0
  744. package/dist/web/_app/immutable/chunks/DmFdD6zT.js +1 -0
  745. package/dist/web/_app/immutable/chunks/Dn3R8S-U.js +1 -0
  746. package/dist/web/_app/immutable/chunks/DpNr1GQ2.js +1 -0
  747. package/dist/web/_app/immutable/chunks/DpVNDHXz.js +2 -0
  748. package/dist/web/_app/immutable/chunks/DuxziNnw.js +1 -0
  749. package/dist/web/_app/immutable/chunks/Dv3A3Wcj.js +1 -0
  750. package/dist/web/_app/immutable/chunks/FuiJnZG0.js +1 -0
  751. package/dist/web/_app/immutable/chunks/Izkulod7.js +1 -0
  752. package/dist/web/_app/immutable/chunks/KZY6ongq2.js +2 -0
  753. package/dist/web/_app/immutable/chunks/LYL8znYR2.js +23 -0
  754. package/dist/web/_app/immutable/chunks/PhN6tXuJ2.js +1 -0
  755. package/dist/web/_app/immutable/chunks/PyLyCpuL.js +1 -0
  756. package/dist/web/_app/immutable/chunks/RK4gCWN0.js +2 -0
  757. package/dist/web/_app/immutable/chunks/VsBngTf4.js +2 -0
  758. package/dist/web/_app/immutable/chunks/XcWejFm_.js +5 -0
  759. package/dist/web/_app/immutable/chunks/al_nidE9.js +1 -0
  760. package/dist/web/_app/immutable/chunks/e50-izZO2.js +1 -0
  761. package/dist/web/_app/immutable/chunks/hG-QCarB.js +1 -0
  762. package/dist/web/_app/immutable/chunks/hStvCHkX.js +1 -0
  763. package/dist/web/_app/immutable/chunks/iJVY9p0y.js +3 -0
  764. package/dist/web/_app/immutable/chunks/kNaey6uv.js +1 -0
  765. package/dist/web/_app/immutable/chunks/pIXNe0C1.js +1 -0
  766. package/dist/web/_app/immutable/chunks/pNSRq_1B.js +2 -0
  767. package/dist/web/_app/immutable/chunks/qwr5boV8.js +1 -0
  768. package/dist/web/_app/immutable/chunks/rjjyuGhb.js +1 -0
  769. package/dist/web/_app/immutable/chunks/sg-T-FoN.js +1 -0
  770. package/dist/web/_app/immutable/chunks/uBgoVlsx.js +3 -0
  771. package/dist/web/_app/immutable/chunks/ulshNz6x.js +2 -0
  772. package/dist/web/_app/immutable/chunks/xY0c-UfG.js +3 -0
  773. package/dist/web/_app/immutable/chunks/xeNvx4Bl2.js +1 -0
  774. package/dist/web/_app/immutable/chunks/xihTtKlq.js +1 -0
  775. package/dist/web/_app/immutable/entry/app.pNUW-q4U.js +2 -0
  776. package/dist/web/_app/immutable/entry/start.DxGtIGG_.js +1 -0
  777. package/dist/web/_app/immutable/nodes/0.D6ZCY_R6.js +2 -0
  778. package/dist/web/_app/immutable/nodes/1.BryH3TNr.js +1 -0
  779. package/dist/web/_app/immutable/nodes/10.CMZMvR17.js +1 -0
  780. package/dist/web/_app/immutable/nodes/11.QHx_JShx.js +1 -0
  781. package/dist/web/_app/immutable/nodes/12.CiRWbb4X.js +1 -0
  782. package/dist/web/_app/immutable/nodes/13.CYrHXCA8.js +1 -0
  783. package/dist/web/_app/immutable/nodes/14.K18eIE5Z.js +1 -0
  784. package/dist/web/_app/immutable/nodes/15.DxgnZ61h.js +1 -0
  785. package/dist/web/_app/immutable/nodes/16.Dn6iuWIo.js +1 -0
  786. package/dist/web/_app/immutable/nodes/17.viwS7vTR.js +77 -0
  787. package/dist/web/_app/immutable/nodes/2.BQkQ_uUM.js +122 -0
  788. package/dist/web/_app/immutable/nodes/3.B4pqXsqq.js +6 -0
  789. package/dist/web/_app/immutable/nodes/4.CKXEgIAP.js +11 -0
  790. package/dist/web/_app/immutable/nodes/5.A2TASl4Q.js +1 -0
  791. package/dist/web/_app/immutable/nodes/6.DaIRO3SI.js +6 -0
  792. package/dist/web/_app/immutable/nodes/7.ga2UvFm-.js +1 -0
  793. package/dist/web/_app/immutable/nodes/8.BTEWT81u.js +1 -0
  794. package/dist/web/_app/immutable/nodes/9.BVxo0E0c.js +1 -0
  795. package/dist/web/_app/version.json +1 -1
  796. package/dist/web/favicon-16.png +0 -0
  797. package/dist/web/favicon-180.png +0 -0
  798. package/dist/web/favicon-32.png +0 -0
  799. package/dist/web/favicon-48.png +0 -0
  800. package/dist/web/favicon-512.png +0 -0
  801. package/dist/web/favicon.ico +0 -0
  802. package/dist/web/favicon.svg +8 -0
  803. package/dist/web/index.html +56 -21
  804. package/dist/web/studiograph-logomark.svg +29 -0
  805. package/package.json +35 -14
  806. package/dist/agent/skills/enrich-entities.md +0 -136
  807. package/dist/agent/skills/sync-configuration.md +0 -119
  808. package/dist/agent/skills/sync-setup.md +0 -82
  809. package/dist/agent/tools/message-tools.d.ts +0 -42
  810. package/dist/agent/tools/message-tools.js +0 -106
  811. package/dist/agent/tools/message-tools.js.map +0 -1
  812. package/dist/cli/commands/app.d.ts +0 -7
  813. package/dist/cli/commands/app.js +0 -268
  814. package/dist/cli/commands/app.js.map +0 -1
  815. package/dist/cli/commands/clear.d.ts +0 -5
  816. package/dist/cli/commands/clear.js +0 -36
  817. package/dist/cli/commands/clear.js.map +0 -1
  818. package/dist/cli/commands/collection.d.ts +0 -10
  819. package/dist/cli/commands/collection.js.map +0 -1
  820. package/dist/cli/commands/join.d.ts +0 -9
  821. package/dist/cli/commands/join.js +0 -255
  822. package/dist/cli/commands/join.js.map +0 -1
  823. package/dist/cli/commands/start.d.ts +0 -7
  824. package/dist/cli/commands/start.js +0 -584
  825. package/dist/cli/commands/start.js.map +0 -1
  826. package/dist/cli/commands/update.d.ts +0 -8
  827. package/dist/cli/commands/update.js +0 -155
  828. package/dist/cli/commands/update.js.map +0 -1
  829. package/dist/cli/commands/user.d.ts +0 -7
  830. package/dist/cli/commands/user.js +0 -175
  831. package/dist/cli/commands/user.js.map +0 -1
  832. package/dist/cli/scaffolding.d.ts +0 -12
  833. package/dist/cli/scaffolding.js +0 -397
  834. package/dist/cli/scaffolding.js.map +0 -1
  835. package/dist/integrations/registry.d.ts +0 -8
  836. package/dist/integrations/registry.js +0 -7
  837. package/dist/integrations/registry.js.map +0 -1
  838. package/dist/integrations/types.d.ts +0 -43
  839. package/dist/integrations/types.js +0 -5
  840. package/dist/integrations/types.js.map +0 -1
  841. package/dist/lib/lib/utils.d.ts +0 -2
  842. package/dist/lib/lib/utils.js +0 -6
  843. package/dist/lib/lib/utils.js.map +0 -1
  844. package/dist/server/chrome/chrome.css +0 -691
  845. package/dist/server/chrome/chrome.js +0 -374
  846. package/dist/server/commit-scheduler.d.ts +0 -39
  847. package/dist/server/commit-scheduler.js +0 -113
  848. package/dist/server/commit-scheduler.js.map +0 -1
  849. package/dist/server/plugin-loader.d.ts +0 -53
  850. package/dist/server/plugin-loader.js +0 -155
  851. package/dist/server/plugin-loader.js.map +0 -1
  852. package/dist/server/routes/meeting-ingest-api.d.ts +0 -14
  853. package/dist/server/routes/meeting-ingest-api.js.map +0 -1
  854. package/dist/server/routes/messages-api.d.ts +0 -15
  855. package/dist/server/routes/messages-api.js +0 -385
  856. package/dist/server/routes/messages-api.js.map +0 -1
  857. package/dist/services/batch-processor.d.ts +0 -49
  858. package/dist/services/batch-processor.js +0 -166
  859. package/dist/services/batch-processor.js.map +0 -1
  860. package/dist/services/briefing.d.ts +0 -26
  861. package/dist/services/briefing.js +0 -230
  862. package/dist/services/briefing.js.map +0 -1
  863. package/dist/services/heartbeat.d.ts +0 -28
  864. package/dist/services/heartbeat.js +0 -183
  865. package/dist/services/heartbeat.js.map +0 -1
  866. package/dist/services/image-import-service.d.ts +0 -24
  867. package/dist/services/image-import-service.js +0 -108
  868. package/dist/services/image-import-service.js.map +0 -1
  869. package/dist/services/insights.d.ts +0 -38
  870. package/dist/services/insights.js +0 -269
  871. package/dist/services/insights.js.map +0 -1
  872. package/dist/services/meeting-processor.js.map +0 -1
  873. package/dist/services/message-service.d.ts +0 -68
  874. package/dist/services/message-service.js +0 -220
  875. package/dist/services/message-service.js.map +0 -1
  876. package/dist/utils/workspace-config.d.ts +0 -8
  877. package/dist/utils/workspace-config.js +0 -22
  878. package/dist/utils/workspace-config.js.map +0 -1
  879. package/dist/web/_app/immutable/assets/0.uPSqtsC5.css +0 -1
  880. package/dist/web/_app/immutable/assets/11.2jzI3cZY.css +0 -1
  881. package/dist/web/_app/immutable/assets/12.CT4xL4K3.css +0 -1
  882. package/dist/web/_app/immutable/assets/13.BUrHkYry.css +0 -1
  883. package/dist/web/_app/immutable/assets/2.DpQWr6q6.css +0 -1
  884. package/dist/web/_app/immutable/assets/3.BxdqT7zi.css +0 -1
  885. package/dist/web/_app/immutable/assets/4.DdNqjd0T.css +0 -1
  886. package/dist/web/_app/immutable/assets/5.DFeGxLYf.css +0 -1
  887. package/dist/web/_app/immutable/assets/6.DXZr_rI_.css +0 -1
  888. package/dist/web/_app/immutable/assets/GraphView.D9ePpZez.css +0 -1
  889. package/dist/web/_app/immutable/assets/Toaster.rN8r_Hzv.css +0 -1
  890. package/dist/web/_app/immutable/assets/ViewToolbar.BWE03S64.css +0 -1
  891. package/dist/web/_app/immutable/assets/WorkspaceView.CgGDi_Zb.css +0 -1
  892. package/dist/web/_app/immutable/assets/wikilinks.CzMBkUMB.css +0 -1
  893. package/dist/web/_app/immutable/chunks/-jG4Obyh.js +0 -4
  894. package/dist/web/_app/immutable/chunks/2nrc8f_O.js +0 -1
  895. package/dist/web/_app/immutable/chunks/7S2LGqoP.js +0 -2
  896. package/dist/web/_app/immutable/chunks/8Q3ZJIYu.js +0 -1
  897. package/dist/web/_app/immutable/chunks/B8ydT5xX.js +0 -2
  898. package/dist/web/_app/immutable/chunks/BB_5th5W.js +0 -3383
  899. package/dist/web/_app/immutable/chunks/BEn6N5c2.js +0 -1
  900. package/dist/web/_app/immutable/chunks/BFNNbCAM.js +0 -1
  901. package/dist/web/_app/immutable/chunks/BFZZEUd5.js +0 -1
  902. package/dist/web/_app/immutable/chunks/BGk8kfOE.js +0 -2
  903. package/dist/web/_app/immutable/chunks/BIBCr278.js +0 -1
  904. package/dist/web/_app/immutable/chunks/BPCkkwqe.js +0 -1
  905. package/dist/web/_app/immutable/chunks/BhlvzGQx.js +0 -1
  906. package/dist/web/_app/immutable/chunks/BlMknQeF.js +0 -1
  907. package/dist/web/_app/immutable/chunks/BpjqrlCg.js +0 -1
  908. package/dist/web/_app/immutable/chunks/BrebtJNG.js +0 -18
  909. package/dist/web/_app/immutable/chunks/ByBZ7JIT.js +0 -1
  910. package/dist/web/_app/immutable/chunks/Bz0ZjVQE.js +0 -2
  911. package/dist/web/_app/immutable/chunks/BzJTZOK2.js +0 -1
  912. package/dist/web/_app/immutable/chunks/C0LVZhvn.js +0 -1
  913. package/dist/web/_app/immutable/chunks/C3uBrOS5.js +0 -1
  914. package/dist/web/_app/immutable/chunks/C8R1sDpW.js +0 -1
  915. package/dist/web/_app/immutable/chunks/CDRHrs0g.js +0 -1
  916. package/dist/web/_app/immutable/chunks/CN5_py1I.js +0 -1
  917. package/dist/web/_app/immutable/chunks/CPne482a.js +0 -1
  918. package/dist/web/_app/immutable/chunks/CSVbGg_b.js +0 -5
  919. package/dist/web/_app/immutable/chunks/CWyU-seV.js +0 -1
  920. package/dist/web/_app/immutable/chunks/CX_61fY8.js +0 -5
  921. package/dist/web/_app/immutable/chunks/CYrVHOHA.js +0 -1
  922. package/dist/web/_app/immutable/chunks/ChsiIm-E.js +0 -1
  923. package/dist/web/_app/immutable/chunks/CojKppbh.js +0 -1
  924. package/dist/web/_app/immutable/chunks/CqkleIqs.js +0 -1
  925. package/dist/web/_app/immutable/chunks/CtYLtD7K.js +0 -1
  926. package/dist/web/_app/immutable/chunks/D-HDy5qS.js +0 -1
  927. package/dist/web/_app/immutable/chunks/D5aIYSkd.js +0 -1
  928. package/dist/web/_app/immutable/chunks/DBBXARVf.js +0 -1
  929. package/dist/web/_app/immutable/chunks/DFYOFE3o.js +0 -1
  930. package/dist/web/_app/immutable/chunks/DKaafS50.js +0 -1
  931. package/dist/web/_app/immutable/chunks/DUMOo1Pn.js +0 -1
  932. package/dist/web/_app/immutable/chunks/DWX9f6AF.js +0 -1
  933. package/dist/web/_app/immutable/chunks/DY8-EONP.js +0 -1
  934. package/dist/web/_app/immutable/chunks/DkoHPElM.js +0 -1
  935. package/dist/web/_app/immutable/chunks/DnL9f0lc.js +0 -7
  936. package/dist/web/_app/immutable/chunks/DsnmJJEf.js +0 -1
  937. package/dist/web/_app/immutable/chunks/DujahU3W.js +0 -1
  938. package/dist/web/_app/immutable/chunks/FBn-ES5k.js +0 -1
  939. package/dist/web/_app/immutable/chunks/HQpwSOb3.js +0 -1
  940. package/dist/web/_app/immutable/chunks/KyjzlWRN.js +0 -2
  941. package/dist/web/_app/immutable/chunks/PPVm8Dsz.js +0 -1
  942. package/dist/web/_app/immutable/chunks/UwYfmrPx.js +0 -2
  943. package/dist/web/_app/immutable/chunks/W25ZVI8L.js +0 -2
  944. package/dist/web/_app/immutable/chunks/WSUKABI_.js +0 -1
  945. package/dist/web/_app/immutable/chunks/XjsuEnNE.js +0 -5
  946. package/dist/web/_app/immutable/chunks/ZD6ARAtb.js +0 -1
  947. package/dist/web/_app/immutable/chunks/pBTf4stg.js +0 -2
  948. package/dist/web/_app/immutable/chunks/rGIarcnp.js +0 -1
  949. package/dist/web/_app/immutable/chunks/vxEtkL8z.js +0 -1
  950. package/dist/web/_app/immutable/chunks/wDIGUaoU.js +0 -3
  951. package/dist/web/_app/immutable/entry/app.ZHiTM8WS.js +0 -2
  952. package/dist/web/_app/immutable/entry/start.C9-FfAVc.js +0 -1
  953. package/dist/web/_app/immutable/nodes/0.D92Orz8k.js +0 -2
  954. package/dist/web/_app/immutable/nodes/1.BMdyglM_.js +0 -1
  955. package/dist/web/_app/immutable/nodes/10.BilVDHSL.js +0 -1
  956. package/dist/web/_app/immutable/nodes/11.CS9E0Hic.js +0 -1
  957. package/dist/web/_app/immutable/nodes/12.D3BOxYzG.js +0 -1
  958. package/dist/web/_app/immutable/nodes/13.CClMKYtN.js +0 -1
  959. package/dist/web/_app/immutable/nodes/2.C8KKElPL.js +0 -267
  960. package/dist/web/_app/immutable/nodes/3.C5n5uiWU.js +0 -5
  961. package/dist/web/_app/immutable/nodes/4.DcGVvgiL.js +0 -11
  962. package/dist/web/_app/immutable/nodes/5.DxIjnFQO.js +0 -4
  963. package/dist/web/_app/immutable/nodes/6.lkh6kKLj.js +0 -1
  964. package/dist/web/_app/immutable/nodes/7.Bg7SbfhA.js +0 -1
  965. package/dist/web/_app/immutable/nodes/8.DcXWCNBE.js +0 -1
  966. package/dist/web/_app/immutable/nodes/9.Cefi8Jfm.js +0 -1
@@ -3,84 +3,42 @@
3
3
  *
4
4
  * Pull and push changes across the workspace:
5
5
  * - the .studiograph config repo (if it has a git remote)
6
- * - each entity collection that is a git repo with a remote
6
+ * - each entity folder that is a git repo with a remote
7
7
  *
8
8
  * Works with both GitHub remotes and the embedded git server.
9
9
  */
10
10
  import { Command } from 'commander';
11
- import { log, outro, text, password as passwordPrompt } from '@clack/prompts';
11
+ import { log, outro } from '@clack/prompts';
12
12
  import { existsSync, mkdirSync, readdirSync, readFileSync, rmSync, writeFileSync } from 'fs';
13
13
  import { join } from 'path';
14
14
  import { Workspace } from '../../core/workspace.js';
15
15
  import { AuthService } from '../../services/auth-service.js';
16
16
  import { ConnectorManager } from '../../mcp/connector-manager.js';
17
+ import { buildConfigBundle } from '../../core/secrets/bundle.js';
17
18
  import { gitClone, gitPull, gitPush, gitPushWithCredentials, gitSetRemote, gitHasRemote } from '../../utils/git.js';
18
- async function resolveRemoteAuth(base, workspaceRoot, opts) {
19
- // 1-2. Explicit API key or env var
20
- const explicitKey = opts.apiKey || process.env.STUDIOGRAPH_API_KEY;
21
- if (explicitKey) {
22
- const key = explicitKey.trim();
23
- return {
24
- httpHeader: { 'Authorization': `Bearer ${key}` },
25
- gitCredentials: { username: '_apikey_', password: key },
26
- };
27
- }
28
- // 3. Explicit email/password or env vars
29
- const email = opts.email || process.env.STUDIOGRAPH_EMAIL;
30
- const password = opts.password || process.env.STUDIOGRAPH_PASSWORD;
31
- if (email && password) {
32
- const httpHeader = await loginForCookie(base, email, password);
33
- return { httpHeader, gitCredentials: { username: email, password } };
34
- }
35
- // 4. Local auth-seed.json API key (workspace owner pushing to their own server)
36
- const seedPath = join(workspaceRoot, '.studiograph', 'auth-seed.json');
37
- if (existsSync(seedPath)) {
38
- try {
39
- const seed = JSON.parse(readFileSync(seedPath, 'utf-8'));
40
- if (seed.apiKey) {
41
- return {
42
- httpHeader: { 'Authorization': `Bearer ${seed.apiKey}` },
43
- gitCredentials: { username: '_apikey_', password: seed.apiKey },
44
- };
45
- }
46
- }
47
- catch { /* fall through */ }
48
- }
49
- // 5. Interactive prompts
50
- if (!process.stdin.isTTY) {
51
- throw new Error('No credentials provided and stdin is not a TTY. Use --api-key, --email + --password, or set STUDIOGRAPH_API_KEY.');
52
- }
53
- const emailPrompt = await text({ message: 'Admin email:', validate: (v) => v.includes('@') ? undefined : 'Enter a valid email' });
54
- if (typeof emailPrompt === 'symbol') {
55
- outro('Cancelled');
56
- process.exit(0);
57
- }
58
- const passPrompt = await passwordPrompt({ message: 'Password:' });
59
- if (typeof passPrompt === 'symbol') {
60
- outro('Cancelled');
61
- process.exit(0);
62
- }
63
- const emailStr = String(emailPrompt);
64
- const passStr = String(passPrompt);
65
- const httpHeader = await loginForCookie(base, emailStr, passStr);
66
- return { httpHeader, gitCredentials: { username: emailStr, password: passStr } };
67
- }
68
- async function loginForCookie(base, email, password) {
69
- const loginRes = await fetch(`${base}/api/auth/login`, {
70
- method: 'POST',
71
- headers: { 'Content-Type': 'application/json' },
72
- body: JSON.stringify({ email, password }),
73
- });
74
- if (!loginRes.ok) {
75
- const body = await loginRes.json().catch(() => ({}));
76
- throw new Error(`Login failed: ${body.error || loginRes.statusText}`);
77
- }
78
- const cookies = loginRes.headers.getSetCookie?.() ?? [];
79
- const tokenCookie = cookies.find(c => c.startsWith('__sg_token='));
80
- if (!tokenCookie) {
81
- throw new Error('Login succeeded but no session cookie was returned');
82
- }
83
- return { 'Cookie': tokenCookie.split(';')[0] };
19
+ import { getStudiographToken } from '../../core/user-config.js';
20
+ // Owner-only admin escalation header for embedded-git operations. The server
21
+ // lifts the personal-folder restriction only when the caller is the workspace
22
+ // owner (access-control.ts: `includePrivate` is gated to owners and is a no-op
23
+ // for everyone else). `pull`/`push` are owner-CLI commands, so we send it
24
+ // unconditionally — non-owners get no extra access, and the owner can sync
25
+ // other users' private folders during migrations / offboarding. Without it the
26
+ // server returns 404 for any folder the caller doesn't personally own, even
27
+ // the workspace owner. `studiograph clone` sends the same header for the
28
+ // same reason, so clone/pull/push stay consistent.
29
+ const OWNER_INCLUDE_PRIVATE_HEADERS = ['X-Studiograph-Include-Private: 1'];
30
+ function resolveRemoteAuth(base, opts) {
31
+ const token = opts.token?.trim() || process.env.STUDIOGRAPH_TOKEN?.trim() || getStudiographToken(base);
32
+ if (!token) {
33
+ throw new Error(`No API token for ${base}. Run \`studiograph admin token issue ${base}\` to mint one, or pass --token / STUDIOGRAPH_TOKEN.`);
34
+ }
35
+ return {
36
+ // Both the main API middleware (server/index.ts) and the git-http handler
37
+ // (routes/git-http.ts authenticateBasic) accept Bearer + Basic with an
38
+ // sg_ token, so one token → one set of headers, no dual-format gymnastics.
39
+ httpHeader: { Authorization: `Bearer ${token}` },
40
+ gitCredentials: { username: '_token_', password: token },
41
+ };
84
42
  }
85
43
  async function getRepoEntries(workspace, workspaceRoot) {
86
44
  const entries = [];
@@ -91,8 +49,15 @@ async function getRepoEntries(workspace, workspaceRoot) {
91
49
  }
92
50
  const config = await workspace.loadConfig();
93
51
  for (const repo of config.repos) {
94
- if (repo.private)
95
- continue; // private repos are local-only
52
+ // Personal folders are excluded ONLY on this fallback path, which pushes
53
+ // to whatever git remote was manually wired up — typically a third-party
54
+ // host (GitHub, etc.) with no Studiograph permission layer to gate
55
+ // access. Pushing a personal folder there would leak private content to
56
+ // an ungated remote. The Studiograph-server paths (pull/pushRemoteData,
57
+ // the server-aware push) DO sync personal folders, because git-http
58
+ // gates them by owner.
59
+ if (repo.personal)
60
+ continue;
96
61
  const repoPath = join(workspaceRoot, repo.path);
97
62
  if (!isGitRepo(repoPath) || !gitHasRemote(repoPath))
98
63
  continue;
@@ -119,11 +84,10 @@ async function pullRemoteConfig(remoteUrl, includeData = false, authOpts = {}) {
119
84
  const base = remoteUrl.replace(/\/+$/, '');
120
85
  const workspaceRoot = workspace.getWorkspacePath();
121
86
  const sgDir = join(workspaceRoot, '.studiograph');
122
- // Resolve authentication (API key, email+password, env vars, or interactive prompts)
87
+ // Resolve authentication sg_ token only (Phase C5).
123
88
  let auth;
124
89
  try {
125
- log.info('Authenticating...');
126
- auth = await resolveRemoteAuth(base, workspaceRoot, authOpts);
90
+ auth = resolveRemoteAuth(base, authOpts);
127
91
  }
128
92
  catch (err) {
129
93
  outro(err.message);
@@ -138,20 +102,29 @@ async function pullRemoteConfig(remoteUrl, includeData = false, authOpts = {}) {
138
102
  });
139
103
  if (bundleRes.ok) {
140
104
  const bundle = await bundleRes.json();
141
- // 1. Auth seed
105
+ // 1. Auth seed — remote is authoritative for pull, so overwrite any
106
+ // local-shadow rows (e.g. post-clone setup-wizard credentials that
107
+ // would otherwise shadow the real production password_hash).
142
108
  writeFileSync(join(sgDir, 'auth-seed.json'), JSON.stringify(bundle.authSeed, null, 2), 'utf-8');
143
- const authService = new AuthService(sgDir);
144
- authService.applySeed();
109
+ // AuthService appends `.studiograph` to the path it's given —
110
+ // pass workspace root, not `sgDir`, or we end up with
111
+ // `.studiograph/.studiograph/auth.db` (disjoint from the running server).
112
+ const authService = new AuthService(workspaceRoot);
113
+ authService.applySeed({ mode: 'overwrite' });
145
114
  authService.close();
146
115
  log.success(`Team: ${bundle.authSeed.users.length} user${bundle.authSeed.users.length === 1 ? '' : 's'}`);
147
- // 2. Workspace config — merge: keep local-only fields (server_url), update shared fields
116
+ // 2. Workspace config — merge: keep local-only fields (server_url), update shared fields.
117
+ //
118
+ // Phase 9b: route through `workspace.writeConfig()` so this CLI
119
+ // pull path shares the same schema validator + dual-write seam as
120
+ // every other writer.
148
121
  if (bundle.workspace) {
149
122
  const local = await workspace.loadConfig().catch(() => ({}));
150
123
  const merged = { ...local, ...bundle.workspace };
151
124
  if (local.server_url)
152
125
  merged.server_url = local.server_url;
153
- writeFileSync(join(sgDir, 'workspace.json'), JSON.stringify(merged, null, 2), 'utf-8');
154
- log.success(`Workspace config: ${bundle.workspace.repos?.length ?? 0} collection${(bundle.workspace.repos?.length ?? 0) === 1 ? '' : 's'}`);
126
+ workspace.writeConfig(merged);
127
+ log.success(`Workspace config: ${bundle.workspace.repos?.length ?? 0} folder${(bundle.workspace.repos?.length ?? 0) === 1 ? '' : 's'}`);
155
128
  }
156
129
  // 3. ABOUT.md
157
130
  if (bundle.about !== null && bundle.about !== undefined) {
@@ -168,12 +141,15 @@ async function pullRemoteConfig(remoteUrl, includeData = false, authOpts = {}) {
168
141
  }
169
142
  log.success(`Sources: ${sourceNames.join(', ')}`);
170
143
  }
171
- // 5. Connectors (sanitized — no secrets)
144
+ // 5. Connectors (sanitized — no secrets).
145
+ //
146
+ // Phase 9b: route through `ConnectorManager.saveWorkspaceConfig` so
147
+ // every connector save runs the same schema validator + stripSecrets
148
+ // pass. The bundle is already sanitized server-side; the re-strip
149
+ // is idempotent and preserves the single-seam invariant.
172
150
  if (bundle.connectors && bundle.connectors.length > 0) {
173
- const connectorsDir = join(sgDir, 'connectors');
174
- mkdirSync(connectorsDir, { recursive: true });
175
151
  for (const conn of bundle.connectors) {
176
- writeFileSync(join(connectorsDir, `${conn.name}.json`), JSON.stringify(conn, null, 2), 'utf-8');
152
+ ConnectorManager.saveWorkspaceConfig(conn, workspaceRoot);
177
153
  }
178
154
  log.success(`Connectors: ${bundle.connectors.map(c => c.name).join(', ')}`);
179
155
  }
@@ -200,8 +176,9 @@ async function pullRemoteConfig(remoteUrl, includeData = false, authOpts = {}) {
200
176
  }
201
177
  const seed = await seedRes.json();
202
178
  writeFileSync(join(sgDir, 'auth-seed.json'), JSON.stringify(seed, null, 2), 'utf-8');
203
- const authService = new AuthService(sgDir);
204
- authService.applySeed();
179
+ // AuthService appends `.studiograph` — pass workspace root, not `sgDir`.
180
+ const authService = new AuthService(workspaceRoot);
181
+ authService.applySeed({ mode: 'overwrite' });
205
182
  authService.close();
206
183
  outro(`Pulled ${seed.users.length} user${seed.users.length === 1 ? '' : 's'} from ${base}`);
207
184
  }
@@ -212,13 +189,21 @@ async function pullRemoteConfig(remoteUrl, includeData = false, authOpts = {}) {
212
189
  }
213
190
  }
214
191
  catch (err) {
192
+ // Phase 9c: surface SchemaViolationError with its redaction-safe
193
+ // message (field path + classification, no values). The error class
194
+ // is detected by name to avoid pulling the schemas module into the
195
+ // CLI bundle import graph just for an instanceof check.
196
+ if (err?.name === 'SchemaViolationError' || err?.code === 'schema_violation') {
197
+ outro(`Schema violation:\n${err.message}`);
198
+ process.exit(1);
199
+ }
215
200
  outro(`Failed: ${err.message}`);
216
201
  process.exit(1);
217
202
  }
218
203
  }
219
204
  // ─── Remote data pull (git-based) ───────────────────────────────────────────
220
- // Clones or pulls each collection from the remote's embedded git HTTP server
221
- // (/git/:repo). Uses git's native conflict detection — diverged collections
205
+ // Clones or pulls each folder from the remote's embedded git HTTP server
206
+ // (/git/:repo). Uses git's native conflict detection — diverged folders
222
207
  // are reported, not silently overwritten.
223
208
  async function pullRemoteData(base, auth, workspaceRoot) {
224
209
  // Reload config — it was just updated by pullRemoteConfig
@@ -226,8 +211,6 @@ async function pullRemoteData(base, auth, workspaceRoot) {
226
211
  const config = await workspace.loadConfig();
227
212
  let cloned = 0, updated = 0, upToDate = 0, diverged = 0, errors = 0;
228
213
  for (const repo of config.repos) {
229
- if (repo.private)
230
- continue; // private collections don't sync
231
214
  const repoPath = join(workspaceRoot, repo.path);
232
215
  const remoteUrl = `${base}/git/${repo.name}`;
233
216
  // Clone if missing
@@ -236,7 +219,7 @@ async function pullRemoteData(base, auth, workspaceRoot) {
236
219
  if (existsSync(repoPath))
237
220
  rmSync(repoPath, { recursive: true, force: true });
238
221
  mkdirSync(repoPath, { recursive: true });
239
- gitClone(remoteUrl, repoPath, { silent: true, credentials: auth.gitCredentials });
222
+ gitClone(remoteUrl, repoPath, { silent: true, credentials: auth.gitCredentials, extraHeaders: OWNER_INCLUDE_PRIVATE_HEADERS });
240
223
  log.success(`${repo.name}: cloned`);
241
224
  cloned++;
242
225
  }
@@ -252,7 +235,7 @@ async function pullRemoteData(base, auth, workspaceRoot) {
252
235
  }
253
236
  catch { /* non-fatal */ }
254
237
  try {
255
- const result = gitPull(repoPath, { credentials: auth.gitCredentials });
238
+ const result = gitPull(repoPath, { credentials: auth.gitCredentials, extraHeaders: OWNER_INCLUDE_PRIVATE_HEADERS });
256
239
  if (result === 'updated') {
257
240
  log.success(`${repo.name}: updated`);
258
241
  updated++;
@@ -273,42 +256,55 @@ async function pullRemoteData(base, auth, workspaceRoot) {
273
256
  }
274
257
  log.info(`Data: ${cloned} cloned, ${updated} updated, ${upToDate} up to date${diverged ? `, ${diverged} diverged` : ''}${errors ? `, ${errors} failed` : ''}`);
275
258
  if (diverged) {
276
- throw new Error('One or more collections diverged — resolve conflicts and retry');
259
+ throw new Error('One or more folders diverged — resolve conflicts and retry');
277
260
  }
278
261
  if (errors) {
279
- throw new Error('One or more collections failed to pull');
262
+ throw new Error('One or more folders failed to pull');
280
263
  }
281
264
  }
282
265
  // ─── Remote data push (git-based) ───────────────────────────────────────────
283
- // Pushes each local collection to the remote's embedded git HTTP server.
266
+ // Pushes each local folder to the remote's embedded git HTTP server.
284
267
  // Uses git's native conflict detection — rejected pushes require a pull first.
285
268
  async function pushRemoteData(base, auth, workspace, workspaceRoot) {
286
269
  const config = await workspace.loadConfig();
287
270
  let pushed = 0, nothingToPush = 0, created = 0, rejected = 0, errors = 0;
288
271
  for (const repo of config.repos) {
289
- if (repo.private)
290
- continue; // private collections don't sync to a remote we don't control
291
272
  const repoPath = join(workspaceRoot, repo.path);
292
273
  if (!existsSync(join(repoPath, '.git'))) {
293
274
  log.warn(`${repo.name}: not a git repo — skipping`);
294
275
  continue;
295
276
  }
296
277
  try {
297
- // Ensure collection exists on remote (idempotent; 409 means it already exists)
298
- const status = await ensureServerCollection(base, repo.name, !!repo.private, auth.httpHeader);
299
- if (status === 'created') {
300
- log.info(`${repo.name}: created on server`);
301
- created++;
278
+ // Ensure folder exists on remote (idempotent; 409 means it already exists).
279
+ // Skip for personal folders: they're auto-provisioned server-side on login
280
+ // (auth-api.ts#ensurePrivateFolder), and the POST /api/repos shared-folder
281
+ // path rejects reserved `entries-<id>` names. Detect by flag OR name
282
+ // pattern: clone now preserves `personal` (see clone.ts), so the flag is
283
+ // authoritative for freshly-cloned workspaces — the name-pattern check is
284
+ // a fallback for workspaces cloned before that fix landed. Mirrors the
285
+ // server-aware push below.
286
+ const skipServerFolderEnsure = !!repo.personal || /^entries-\d+$/.test(repo.name);
287
+ if (!skipServerFolderEnsure) {
288
+ const status = await ensureServerFolder(base, repo.name, !!repo.personal, auth.httpHeader);
289
+ if (status === 'created') {
290
+ log.info(`${repo.name}: created on server`);
291
+ created++;
292
+ }
302
293
  }
303
294
  // Point origin at the remote's git server
304
295
  gitSetRemote(repoPath, `${base}/git/${repo.name}`);
305
- // Push with credentials
306
- const result = gitPushWithCredentials(repoPath, auth.gitCredentials);
296
+ // Push with credentials + owner escalation (so the owner can push to
297
+ // any folder, including other users' private ones, during a migration).
298
+ const result = gitPushWithCredentials(repoPath, auth.gitCredentials, { extraHeaders: OWNER_INCLUDE_PRIVATE_HEADERS });
307
299
  if (result === 'rejected') {
308
- log.warn(`${repo.name}: push rejected — run \`studiograph pull --remote ${base} --data\` first`);
300
+ log.warn(`${repo.name}: push rejected — run \`studiograph pull --server ${base} --data\` first`);
309
301
  rejected++;
310
302
  continue;
311
303
  }
304
+ if (result === 'not-found') {
305
+ log.warn(`${repo.name}: skipped — folder does not exist on the server (stale local clone; safe to remove locally)`);
306
+ continue;
307
+ }
312
308
  if (result === 'pushed') {
313
309
  log.success(`${repo.name}: pushed`);
314
310
  pushed++;
@@ -324,27 +320,29 @@ async function pushRemoteData(base, auth, workspace, workspaceRoot) {
324
320
  }
325
321
  log.info(`Data: ${pushed} pushed${created ? `, ${created} created` : ''}, ${nothingToPush} unchanged${rejected ? `, ${rejected} rejected` : ''}${errors ? `, ${errors} failed` : ''}`);
326
322
  if (rejected) {
327
- throw new Error('One or more collections were rejected — pull and retry');
323
+ throw new Error('One or more folders were rejected — pull and retry');
328
324
  }
329
325
  if (errors) {
330
- throw new Error('One or more collections failed to push');
326
+ throw new Error('One or more folders failed to push');
331
327
  }
332
328
  }
333
329
  // ─── pull ─────────────────────────────────────────────────────────────────────
334
330
  export const pullCommand = new Command('pull')
335
331
  .description('Pull latest changes from remote across the workspace')
336
- .option('--remote <url>', 'Pull config from a remote Studiograph server')
337
- .option('--data', 'Also pull workspace collection data (markdown files) from the remote server')
338
- .option('--api-key <key>', 'Use Bearer API key instead of email/password (non-interactive)')
339
- .option('--email <email>', 'Admin email for non-interactive auth (also reads STUDIOGRAPH_EMAIL)')
340
- .option('--password <password>', 'Admin password for non-interactive auth (also reads STUDIOGRAPH_PASSWORD)')
332
+ .option('--server <url>', 'Pull config from a remote Studiograph server')
333
+ // `--remote` is a hidden alias kept for one release; remove in the next.
334
+ // See cli-owner-audit §C5. Owner CLI is now the only caller, but scripts
335
+ // and muscle memory may still reach for the old name.
336
+ .option('--remote <url>', 'Deprecated alias for --server (removed in the next release)', undefined)
337
+ .option('--data', 'Also pull workspace folder data (markdown files) from the remote server')
338
+ .option('--token <token>', 'sg_ API token (also reads STUDIOGRAPH_TOKEN; mint via `studiograph admin token issue <url>`)')
341
339
  .action(async (opts) => {
342
- if (opts.remote) {
343
- return pullRemoteConfig(opts.remote, opts.data, {
344
- apiKey: opts.apiKey,
345
- email: opts.email,
346
- password: opts.password,
347
- });
340
+ const flagServer = opts.server ?? opts.remote;
341
+ if (opts.remote && !opts.server) {
342
+ log.warn('`--remote` is deprecated, use `--server` instead.');
343
+ }
344
+ if (flagServer) {
345
+ return pullRemoteConfig(flagServer, opts.data, { token: opts.token });
348
346
  }
349
347
  const workspace = new Workspace();
350
348
  if (!workspace.isWorkspace()) {
@@ -370,13 +368,21 @@ export const pullCommand = new Command('pull')
370
368
  else if (result === 'up-to-date') {
371
369
  log.info('.studiograph: already up to date');
372
370
  }
371
+ else {
372
+ // Diverged / any other non-clean state — surface it the same way
373
+ // the folder loop does so the user actually sees the problem
374
+ // instead of walking into a silent no-op.
375
+ log.warn('.studiograph: diverged — has local commits not on the server');
376
+ logManualGuidance(configPath);
377
+ hasConflict = true;
378
+ }
373
379
  }
374
380
  catch (error) {
375
381
  log.error(`.studiograph: ${error instanceof Error ? error.message : 'Unknown error'}`);
376
382
  hasError = true;
377
383
  }
378
384
  }
379
- // ── Step 2: reload config — picks up any new collections added server-side ─
385
+ // ── Step 2: reload config — picks up any new folders added server-side ─
380
386
  // Must use a fresh Workspace instance — loadConfig() caches this.config on
381
387
  // first call, so the original instance would return stale data after the pull.
382
388
  const freshWorkspace = new Workspace(workspaceRoot);
@@ -387,13 +393,12 @@ export const pullCommand = new Command('pull')
387
393
  freshWorkspace.writeConfig(config);
388
394
  }
389
395
  const serverUrl = (config.server_url ?? savedServerUrl)?.replace(/\/+$/, '');
390
- // ── Step 3: pull or clone each collection ────────────────────────────────
396
+ // ── Step 3: pull or clone each folder ────────────────────────────────
391
397
  // Resolve git credentials for the embedded server:
392
398
  // 1. Stored JWT from `studiograph join` — per-user access control (preferred)
393
- // 2. API key from auth-seed.json — admin access (fallback for workspace owners)
399
+ // 2. Stored personal API token from ~/.studiograph/user.json
394
400
  let serverGitCredentials;
395
401
  if (serverUrl) {
396
- // Try stored JWT first (saved by studiograph join)
397
402
  const serverAuthPath = join(workspaceRoot, '.studiograph', 'server-auth.json');
398
403
  if (existsSync(serverAuthPath)) {
399
404
  try {
@@ -404,29 +409,20 @@ export const pullCommand = new Command('pull')
404
409
  }
405
410
  catch { /* non-fatal */ }
406
411
  }
407
- // Fall back to API key (used by workspace owners who set up with `studiograph serve`)
408
412
  if (!serverGitCredentials) {
409
- try {
410
- const seedPath = join(workspaceRoot, '.studiograph', 'auth-seed.json');
411
- if (existsSync(seedPath)) {
412
- const seed = JSON.parse(readFileSync(seedPath, 'utf-8'));
413
- const apiKey = seed.apiKey;
414
- if (apiKey)
415
- serverGitCredentials = { username: '_apikey_', password: apiKey };
416
- }
413
+ const storedToken = getStudiographToken(serverUrl);
414
+ if (storedToken) {
415
+ serverGitCredentials = { username: '_token_', password: storedToken };
417
416
  }
418
- catch { /* non-fatal */ }
419
417
  }
420
418
  }
421
419
  for (const repo of config.repos) {
422
- if (repo.private)
423
- continue;
424
420
  const repoPath = join(workspaceRoot, repo.path);
425
- // New collection — directory missing or exists but isn't a git repo (e.g. failed clone)
421
+ // New folder — directory missing or exists but isn't a git repo (e.g. failed clone)
426
422
  if (!isGitRepo(repoPath)) {
427
423
  const cloneUrl = serverUrl ? `${serverUrl}/git/${repo.name}` : null;
428
424
  if (!cloneUrl) {
429
- log.warn(`${repo.name}: new collection has no remote — skipping`);
425
+ log.warn(`${repo.name}: new folder has no remote — skipping`);
430
426
  continue;
431
427
  }
432
428
  try {
@@ -436,7 +432,11 @@ export const pullCommand = new Command('pull')
436
432
  if (existsSync(repoPath))
437
433
  rmSync(repoPath, { recursive: true, force: true });
438
434
  mkdirSync(repoPath, { recursive: true });
439
- gitClone(cloneUrl, repoPath, { silent: true, credentials: serverGitCredentials });
435
+ gitClone(cloneUrl, repoPath, {
436
+ silent: true,
437
+ credentials: serverGitCredentials,
438
+ extraHeaders: OWNER_INCLUDE_PRIVATE_HEADERS,
439
+ });
440
440
  log.success(`${repo.name}: cloned`);
441
441
  }
442
442
  catch (error) {
@@ -445,11 +445,14 @@ export const pullCommand = new Command('pull')
445
445
  }
446
446
  continue;
447
447
  }
448
- // Existing collection — pull if it has a remote
448
+ // Existing folder — pull if it has a remote
449
449
  if (!isGitRepo(repoPath) || !gitHasRemote(repoPath))
450
450
  continue;
451
451
  try {
452
- const result = gitPull(repoPath, { credentials: serverGitCredentials });
452
+ const result = gitPull(repoPath, {
453
+ credentials: serverGitCredentials,
454
+ extraHeaders: OWNER_INCLUDE_PRIVATE_HEADERS,
455
+ });
453
456
  if (result === 'updated') {
454
457
  log.success(`${repo.name}: updated`);
455
458
  }
@@ -467,12 +470,15 @@ export const pullCommand = new Command('pull')
467
470
  hasError = true;
468
471
  }
469
472
  }
470
- // Apply auth seed if it was updated by pulling .studiograph
473
+ // Apply auth seed if it was updated by pulling .studiograph.
474
+ // Overwrite mode: the seed file just came from the remote config repo
475
+ // and is authoritative over any local-shadow rows.
471
476
  const seedPath = join(workspaceRoot, '.studiograph', 'auth-seed.json');
472
477
  if (existsSync(seedPath)) {
473
478
  try {
474
- const authService = new AuthService(join(workspaceRoot, '.studiograph'));
475
- authService.applySeed();
479
+ // AuthService appends `.studiograph` pass workspace root.
480
+ const authService = new AuthService(workspaceRoot);
481
+ authService.applySeed({ mode: 'overwrite' });
476
482
  authService.close();
477
483
  }
478
484
  catch {
@@ -484,7 +490,7 @@ export const pullCommand = new Command('pull')
484
490
  process.exit(1);
485
491
  }
486
492
  else if (hasError) {
487
- outro('❌ Pull failed for one or more collections.');
493
+ outro('❌ Pull failed for one or more folders.');
488
494
  process.exit(1);
489
495
  }
490
496
  });
@@ -499,11 +505,10 @@ async function pushRemoteConfig(remoteUrl, includeData = false, authOpts = {}) {
499
505
  const base = remoteUrl.replace(/\/+$/, '');
500
506
  const workspaceRoot = workspace.getWorkspacePath();
501
507
  const sgDir = join(workspaceRoot, '.studiograph');
502
- // Resolve authentication (API key, email+password, env vars, or interactive prompts)
508
+ // Resolve authentication sg_ token only (Phase C5).
503
509
  let auth;
504
510
  try {
505
- log.info('Authenticating...');
506
- auth = await resolveRemoteAuth(base, workspaceRoot, authOpts);
511
+ auth = resolveRemoteAuth(base, authOpts);
507
512
  }
508
513
  catch (err) {
509
514
  outro(err.message);
@@ -538,7 +543,18 @@ async function pushRemoteConfig(remoteUrl, includeData = false, authOpts = {}) {
538
543
  }
539
544
  // Connectors (workspace-level, already sanitized)
540
545
  const connectors = ConnectorManager.loadWorkspaceConfigs(workspaceRoot);
541
- const bundle = { workspace: config, about, authSeed, sources, connectors };
546
+ // Phase 3: route the bundle through the same sanitizer the server's
547
+ // GET /api/config/bundle endpoint uses. CLI push and server export now
548
+ // produce byte-identical output for the same workspace state — bootstrap
549
+ // class fields (jwtSecret, deprecated apiKey) drop here so the POST
550
+ // endpoint's strict-reject doesn't bounce older client builds.
551
+ const bundle = buildConfigBundle({
552
+ workspace: config,
553
+ about,
554
+ authSeed: (authSeed ?? { users: [] }),
555
+ sources,
556
+ connectors: connectors,
557
+ });
542
558
  // Push to remote
543
559
  log.info('Pushing config...');
544
560
  try {
@@ -594,7 +610,7 @@ async function serverFetch(serverUrl, path, authHeader) {
594
610
  }
595
611
  return res.json();
596
612
  }
597
- async function ensureServerCollection(serverUrl, repoName, isPrivate, authHeader) {
613
+ async function ensureServerFolder(serverUrl, repoName, isPersonal, authHeader) {
598
614
  const headers = { 'Content-Type': 'application/json' };
599
615
  if (typeof authHeader === 'string') {
600
616
  headers['Authorization'] = authHeader;
@@ -605,31 +621,30 @@ async function ensureServerCollection(serverUrl, repoName, isPrivate, authHeader
605
621
  const res = await fetch(`${serverUrl}/api/repos`, {
606
622
  method: 'POST',
607
623
  headers,
608
- body: JSON.stringify({ name: repoName, ...(isPrivate ? { private: true } : {}) }),
624
+ body: JSON.stringify({ name: repoName, ...(isPersonal ? { personal: true } : {}) }),
609
625
  });
610
626
  if (res.ok)
611
627
  return 'created';
612
628
  if (res.status === 409)
613
629
  return 'exists'; // already exists
614
630
  const body = await res.json().catch(() => ({}));
615
- throw new Error(body.error || `Failed to create collection "${repoName}": ${res.statusText}`);
631
+ throw new Error(body.error || `Failed to create folder "${repoName}": ${res.statusText}`);
616
632
  }
617
633
  // ─── push ─────────────────────────────────────────────────────────────────────
618
634
  export const pushCommand = new Command('push')
619
635
  .description('Push local commits to remote across the workspace')
620
- .argument('[collection]', 'Push a specific collection (default: all)')
621
- .option('--remote <url>', 'Push config to a remote Studiograph server')
622
- .option('--data', 'Also push workspace collection data (markdown files) to the remote server')
623
- .option('--api-key <key>', 'Use Bearer API key instead of email/password (non-interactive)')
624
- .option('--email <email>', 'Admin email for non-interactive auth (also reads STUDIOGRAPH_EMAIL)')
625
- .option('--password <password>', 'Admin password for non-interactive auth (also reads STUDIOGRAPH_PASSWORD)')
626
- .action(async (collection, opts) => {
627
- if (opts.remote) {
628
- return pushRemoteConfig(opts.remote, opts.data, {
629
- apiKey: opts.apiKey,
630
- email: opts.email,
631
- password: opts.password,
632
- });
636
+ .argument('[folder]', 'Push a specific folder (default: all)')
637
+ .option('--server <url>', 'Push config to a remote Studiograph server')
638
+ .option('--remote <url>', 'Deprecated alias for --server (removed in the next release)', undefined)
639
+ .option('--data', 'Also push workspace folder data (markdown files) to the remote server')
640
+ .option('--token <token>', 'sg_ API token (also reads STUDIOGRAPH_TOKEN; mint via `studiograph admin token issue <url>`)')
641
+ .action(async (folder, opts) => {
642
+ const flagServer = opts.server ?? opts.remote;
643
+ if (opts.remote && !opts.server) {
644
+ log.warn('`--remote` is deprecated, use `--server` instead.');
645
+ }
646
+ if (flagServer) {
647
+ return pushRemoteConfig(flagServer, opts.data, { token: opts.token });
633
648
  }
634
649
  const workspace = new Workspace();
635
650
  if (!workspace.isWorkspace()) {
@@ -640,78 +655,47 @@ export const pushCommand = new Command('push')
640
655
  const workspaceRoot = workspace.getWorkspacePath();
641
656
  const config = await workspace.loadConfig();
642
657
  const serverUrl = config.server_url?.replace(/\/+$/, '');
643
- // Build list of repos to push
644
- let repos = config.repos.filter(r => !r.private || serverUrl); // include private only when pushing to server
645
- if (collection) {
646
- const match = repos.find(r => r.name === collection);
658
+ // Push every folder shared and personal alike. Personal folders are
659
+ // per-user, but git-http (canAccessFolder hasRepoAccess) gates by
660
+ // owner so only the owner ever succeeds; the owner CLI sends the
661
+ // include-private escalation, so the owner can push any of them.
662
+ // Server-side, personal folders are auto-provisioned on login by
663
+ // auth-api.ts#ensurePrivateFolder, so the per-folder ensureServerFolder()
664
+ // call is skipped for them below (the createSharedFolder path would
665
+ // reject `entries-<number>` as a reserved name even though the folder
666
+ // already exists).
667
+ let repos = config.repos;
668
+ if (folder) {
669
+ const match = repos.find(r => r.name === folder);
647
670
  if (!match) {
648
- log.error(`Collection "${collection}" not found in workspace.`);
671
+ log.error(`Folder "${folder}" not found in workspace.`);
649
672
  process.exit(1);
650
673
  return;
651
674
  }
652
675
  repos = [match];
653
676
  }
654
- // Server-aware push: workspace has a server_url (set by `studiograph join`)
677
+ // Server-aware push: workspace has a `server_url` (set by `studiograph clone`).
655
678
  if (serverUrl) {
656
- // Resolve credentials: JWT (per-user) API key (admin) → prompt
657
- let authHeader;
658
- let gitCredentials;
659
- // 1. Stored JWT from `studiograph join` (per-user access control)
660
- const pushServerAuthPath = join(workspaceRoot, '.studiograph', 'server-auth.json');
679
+ // sg_ token only. resolveRemoteAuth handles the "no token" error.
680
+ let auth;
661
681
  try {
662
- if (existsSync(pushServerAuthPath)) {
663
- const sa = JSON.parse(readFileSync(pushServerAuthPath, 'utf-8'));
664
- if (sa.email && sa.jwtToken) {
665
- authHeader = makeBasicAuth(sa.email, sa.jwtToken);
666
- gitCredentials = { username: sa.email, password: sa.jwtToken };
667
- }
668
- }
669
- }
670
- catch { /* non-fatal */ }
671
- // 2. API key fallback (workspace owners who set up with `studiograph serve`)
672
- if (!authHeader) {
673
- try {
674
- const seedPathPush = join(workspaceRoot, '.studiograph', 'auth-seed.json');
675
- if (existsSync(seedPathPush)) {
676
- const seed = JSON.parse(readFileSync(seedPathPush, 'utf-8'));
677
- const pushApiKey = seed.apiKey;
678
- if (pushApiKey) {
679
- authHeader = makeBasicAuth('_apikey_', pushApiKey);
680
- gitCredentials = { username: '_apikey_', password: pushApiKey };
681
- }
682
- }
683
- }
684
- catch { /* non-fatal */ }
685
- }
686
- // 3. Interactive credential prompt as last resort
687
- if (!authHeader) {
688
- const email = await text({ message: 'Email:', validate: (v) => v.includes('@') ? undefined : 'Enter a valid email' });
689
- if (typeof email === 'symbol') {
690
- outro('Cancelled');
691
- process.exit(0);
692
- return;
693
- }
694
- const pass = await passwordPrompt({ message: 'Password:' });
695
- if (typeof pass === 'symbol') {
696
- outro('Cancelled');
697
- process.exit(0);
698
- return;
699
- }
700
- authHeader = makeBasicAuth(String(email), String(pass));
701
- gitCredentials = { username: String(email), password: String(pass) };
682
+ auth = resolveRemoteAuth(serverUrl, { token: undefined });
702
683
  }
703
- // All three branches above either set credentials or exit — this is a safety guard
704
- if (!authHeader || !gitCredentials) {
705
- outro('Could not resolve credentials');
684
+ catch (err) {
685
+ outro(err.message);
706
686
  process.exit(1);
707
687
  return;
708
688
  }
709
- // Validate credentials
689
+ const authHeader = auth.httpHeader.Authorization;
690
+ const gitCredentials = auth.gitCredentials;
691
+ // Cheap probe — surfaces a 401/expired token before we touch git
692
+ // (which would otherwise fail with a less useful "askpass auth
693
+ // failed" message). One round-trip, idempotent.
710
694
  try {
711
695
  await serverFetch(serverUrl, '/api/workspace', authHeader);
712
696
  }
713
697
  catch (err) {
714
- outro(`Authentication failed: ${err.message}`);
698
+ outro(`Authentication failed (${err.message}). Run \`studiograph admin token issue ${serverUrl}\` to mint a fresh token.`);
715
699
  process.exit(1);
716
700
  return;
717
701
  }
@@ -722,21 +706,43 @@ export const pushCommand = new Command('push')
722
706
  log.warn(`${repo.name}: not a git repo, skipping`);
723
707
  continue;
724
708
  }
709
+ // Personal folders skip the /api/repos POST. Detection has TWO
710
+ // sources: the `personal` flag (clone now preserves it — see
711
+ // clone.ts) and the reserved name pattern as a fallback for
712
+ // workspaces cloned before that fix, whose workspace.json carries a
713
+ // thin repo record without the flag. Anything matching
714
+ // `entries-<digit>` is owned by the user with that id and was
715
+ // auto-provisioned server-side via auth-api.ts#ensurePrivateFolder
716
+ // on login. The /api/repos path goes through createSharedFolder
717
+ // which rejects this exact pattern; the git push that follows
718
+ // hits git-http directly where canAccessFolder gates by owner.
719
+ const isPersonalByPattern = /^entries-\d+$/.test(repo.name);
720
+ const skipServerFolderEnsure = !!repo.personal || isPersonalByPattern;
725
721
  try {
726
- // Ensure collection exists on server
727
- const status = await ensureServerCollection(serverUrl, repo.name, !!repo.private, authHeader);
728
- if (status === 'created') {
729
- log.info(`${repo.name}: created on server`);
722
+ if (!skipServerFolderEnsure) {
723
+ const status = await ensureServerFolder(serverUrl, repo.name, false, authHeader);
724
+ if (status === 'created') {
725
+ log.info(`${repo.name}: created on server`);
726
+ }
730
727
  }
731
728
  // Set origin to server git URL
732
729
  gitSetRemote(repoPath, `${serverUrl}/git/${repo.name}`);
733
- // Push with credentials
734
- let result = gitPushWithCredentials(repoPath, gitCredentials);
730
+ // Push with the resolved sg_ token plus the owner escalation header.
731
+ // The server gates personal/solo folders to their owner-of-record —
732
+ // even the workspace owner gets a 404 without this header (the
733
+ // `includePrivate` flag is owner-only server-side, a no-op for
734
+ // everyone else). Required so the owner can push other users' private
735
+ // folders during migrations. Consistent with `studiograph clone`.
736
+ let result = gitPushWithCredentials(repoPath, gitCredentials, { extraHeaders: OWNER_INCLUDE_PRIVATE_HEADERS });
735
737
  if (result === 'rejected') {
736
738
  log.warn(`${repo.name}: push rejected — run \`studiograph pull\` first`);
737
739
  hasError = true;
738
740
  continue;
739
741
  }
742
+ if (result === 'not-found') {
743
+ log.warn(`${repo.name}: skipped — folder does not exist on the server (stale local clone; safe to remove locally)`);
744
+ continue;
745
+ }
740
746
  if (result === 'pushed') {
741
747
  log.success(`${repo.name}: pushed`);
742
748
  }
@@ -758,12 +764,12 @@ export const pushCommand = new Command('push')
758
764
  // Fallback: plain git push for repos that already have remotes
759
765
  const entries = await getRepoEntries(workspace, workspaceRoot);
760
766
  if (entries.length === 0) {
761
- log.info('No collections with remotes to push to. Use `studiograph join` to connect to a server.');
767
+ log.info('No folders with remotes to push to. Use `studiograph clone <url>` to connect to a server.');
762
768
  return;
763
769
  }
764
770
  let hasError = false;
765
771
  for (const entry of entries) {
766
- if (collection && entry.name !== collection)
772
+ if (folder && entry.name !== folder)
767
773
  continue;
768
774
  try {
769
775
  let result = gitPush(entry.path);
@@ -772,6 +778,10 @@ export const pushCommand = new Command('push')
772
778
  hasError = true;
773
779
  continue;
774
780
  }
781
+ if (result === 'not-found') {
782
+ log.warn(`${entry.name}: skipped — folder does not exist on the remote (stale local clone; safe to remove locally)`);
783
+ continue;
784
+ }
775
785
  if (result === 'pushed') {
776
786
  log.success(`${entry.name}: pushed`);
777
787
  }
@@ -785,7 +795,7 @@ export const pushCommand = new Command('push')
785
795
  }
786
796
  }
787
797
  if (hasError) {
788
- outro('Push failed for one or more collections.');
798
+ outro('Push failed for one or more folders.');
789
799
  process.exit(1);
790
800
  }
791
801
  });