@hasna/knowledge 0.2.26 → 0.2.28

package/src/artifact-store.ts

@@ -1,184 +0,0 @@
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
-import { dirname, join, relative, sep } from 'node:path';
-import type { KnowledgeConfig, KnowledgeWorkspace } from './workspace';
-
-interface S3ClientLike {
-  send(command: unknown): Promise<any>;
-}
-
-export interface ArtifactWrite {
-  key: string;
-  body: string | Uint8Array;
-  content_type?: string;
-  metadata?: Record<string, string>;
-}
-
-export interface ArtifactStore {
-  readonly type: 'local' | 's3';
-  readonly canRead: boolean;
-  readonly canWrite: boolean;
-  put(entry: ArtifactWrite): Promise<{ key: string; uri: string }>;
-  getText(key: string): Promise<string>;
-  exists(key: string): Promise<boolean>;
-}
-
-export function normalizeArtifactKey(key: string): string {
-  const raw = key.replace(/\\/g, '/').trim();
-  if (!raw || raw.startsWith('/')) {
-    throw new Error(`Invalid artifact key: ${key}`);
-  }
-  const segments = raw.split('/').filter(Boolean);
-  if (segments.length === 0 || segments.some((segment) => segment === '.' || segment === '..')) {
-    throw new Error(`Invalid artifact key: ${key}`);
-  }
-  return segments.join('/');
-}
-
-function assertInside(root: string, target: string): void {
-  const rel = relative(root, target);
-  if (rel.startsWith('..') || rel === '..' || rel.startsWith(`..${sep}`)) {
-    throw new Error(`Artifact path escapes root: ${target}`);
-  }
-}
-
-export class LocalArtifactStore implements ArtifactStore {
-  readonly type = 'local' as const;
-  readonly canRead = true;
-  readonly canWrite = true;
-
-  constructor(private readonly root: string) {
-    mkdirSync(root, { recursive: true });
-  }
-
-  async put(entry: ArtifactWrite): Promise<{ key: string; uri: string }> {
-    const key = normalizeArtifactKey(entry.key);
-    const path = join(this.root, key);
-    assertInside(this.root, path);
-    mkdirSync(dirname(path), { recursive: true });
-    writeFileSync(path, entry.body);
-    return { key, uri: `file://${path}` };
-  }
-
-  async getText(key: string): Promise<string> {
-    const normalizedKey = normalizeArtifactKey(key);
-    const path = join(this.root, normalizedKey);
-    assertInside(this.root, path);
-    return readFileSync(path, 'utf8');
-  }
-
-  async exists(key: string): Promise<boolean> {
-    const normalizedKey = normalizeArtifactKey(key);
-    const path = join(this.root, normalizedKey);
-    assertInside(this.root, path);
-    return existsSync(path);
-  }
-}
-
-export interface S3ArtifactStoreOptions {
-  bucket: string;
-  prefix?: string;
-  region?: string;
-  profile?: string;
-  max_attempts?: number;
-  server_side_encryption?: 'AES256' | 'aws:kms';
-  kms_key_id?: string;
-  client?: S3ClientLike;
-}
-
-export class S3ArtifactStore implements ArtifactStore {
-  readonly type = 's3' as const;
-  readonly canRead = true;
-  readonly canWrite = true;
-  private client?: S3ClientLike;
-
-  constructor(private readonly options: S3ArtifactStoreOptions) {
-    this.client = options.client;
-  }
-
-  private async getClient(): Promise<S3ClientLike> {
-    if (this.client) return this.client;
-    const [{ S3Client }, { fromIni }] = await Promise.all([
-      import('@aws-sdk/client-s3'),
-      import('@aws-sdk/credential-providers'),
-    ]);
-    this.client = new S3Client({
-      region: this.options.region,
-      credentials: this.options.profile ? fromIni({ profile: this.options.profile }) : undefined,
-      maxAttempts: this.options.max_attempts,
-    });
-    return this.client;
-  }
-
-  private objectKey(key: string): string {
-    const normalizedKey = normalizeArtifactKey(key);
-    const prefix = this.options.prefix ? normalizeArtifactKey(this.options.prefix) : '';
-    return prefix ? `${prefix}/${normalizedKey}` : normalizedKey;
-  }
-
-  async put(entry: ArtifactWrite): Promise<{ key: string; uri: string }> {
-    const [{ PutObjectCommand }, client] = await Promise.all([
-      import('@aws-sdk/client-s3'),
-      this.getClient(),
-    ]);
-    const key = this.objectKey(entry.key);
-    await client.send(new PutObjectCommand({
-      Bucket: this.options.bucket,
-      Key: key,
-      Body: entry.body,
-      ContentType: entry.content_type,
-      Metadata: entry.metadata,
-      ServerSideEncryption: this.options.server_side_encryption,
-      SSEKMSKeyId: this.options.kms_key_id,
-    }));
-    return { key, uri: `s3://${this.options.bucket}/${key}` };
-  }
-
-  async getText(key: string): Promise<string> {
-    const [{ GetObjectCommand }, client] = await Promise.all([
-      import('@aws-sdk/client-s3'),
-      this.getClient(),
-    ]);
-    const objectKey = this.objectKey(key);
-    const response = await client.send(new GetObjectCommand({
-      Bucket: this.options.bucket,
-      Key: objectKey,
-    }));
-    if (!response.Body) return '';
-    return await response.Body.transformToString();
-  }
-
-  async exists(key: string): Promise<boolean> {
-    const [{ HeadObjectCommand }, client] = await Promise.all([
-      import('@aws-sdk/client-s3'),
-      this.getClient(),
-    ]);
-    const objectKey = this.objectKey(key);
-    try {
-      await client.send(new HeadObjectCommand({
-        Bucket: this.options.bucket,
-        Key: objectKey,
-      }));
-      return true;
-    } catch (error) {
-      const name = error instanceof Error ? error.name : '';
-      if (name === 'NotFound' || name === 'NoSuchKey' || name === 'NotFoundError') return false;
-      throw error;
-    }
-  }
-}
-
-export function createArtifactStore(config: KnowledgeConfig, workspace: KnowledgeWorkspace): ArtifactStore {
-  if (config.storage.type === 's3') {
-    if (!config.storage.s3?.bucket) throw new Error('S3 artifact storage requires storage.s3.bucket');
-    return new S3ArtifactStore({
-      bucket: config.storage.s3.bucket,
-      prefix: config.storage.s3.prefix,
-      region: config.storage.s3.region,
-      profile: config.storage.s3.profile,
-      max_attempts: config.storage.s3.max_attempts,
-      server_side_encryption: config.storage.s3.server_side_encryption,
-      kms_key_id: config.storage.s3.kms_key_id,
-    });
-  }
-  return new LocalArtifactStore(workspace.artifactsDir);
-}

package/src/auth.ts

@@ -1,123 +0,0 @@
-import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs';
-import { homedir } from 'node:os';
-import { dirname, join } from 'node:path';
-import type { KnowledgeConfig } from './workspace';
-
-export interface KnowledgeAuthConfig {
-  api_key: string;
-  email?: string;
-  org_id?: string;
-  org_slug?: string;
-  user_id?: string;
-  api_url?: string;
-  created_at: string;
-}
-
-export interface KnowledgeAuthStatus {
-  authenticated: boolean;
-  source: 'env' | 'file' | 'none';
-  api_url: string;
-  auth_path: string;
-  email: string | null;
-  org_id: string | null;
-  org_slug: string | null;
-  user_id: string | null;
-  api_key_present: boolean;
-}
-
-export const DEFAULT_KNOWLEDGE_API_URL = 'https://knowledge.hasna.xyz';
-
-export function normalizeKnowledgeApiOrigin(apiUrl: string): string {
-  const url = new URL(apiUrl);
-  if (url.protocol !== 'http:' && url.protocol !== 'https:') {
-    throw new Error('Knowledge API URL must use http or https.');
-  }
-  const pathname = url.pathname.replace(/\/+$/, '');
-  if (pathname === '/api' || pathname === '/api/v1') {
-    url.pathname = '/';
-  } else if (pathname.endsWith('/api/v1')) {
-    url.pathname = pathname.slice(0, -'/api/v1'.length) || '/';
-  } else if (pathname.endsWith('/api')) {
-    url.pathname = pathname.slice(0, -'/api'.length) || '/';
-  }
-  return url.toString().replace(/\/+$/, '');
-}
-
-export function knowledgeAuthPath(env: Record<string, string | undefined> = process.env): string {
-  if (env.HASNA_KNOWLEDGE_AUTH_PATH) return env.HASNA_KNOWLEDGE_AUTH_PATH;
-  const root = env.HASNA_KNOWLEDGE_AUTH_DIR ?? join(homedir(), '.hasna', 'knowledge');
-  return join(root, 'auth.json');
-}
-
-export function resolveKnowledgeApiUrl(
-  config?: KnowledgeConfig,
-  env: Record<string, string | undefined> = process.env,
-): string {
-  return normalizeKnowledgeApiOrigin(env.KNOWLEDGE_API_URL ?? config?.hosted?.api_url ?? DEFAULT_KNOWLEDGE_API_URL);
-}
-
-export function getKnowledgeAuth(env: Record<string, string | undefined> = process.env): KnowledgeAuthConfig | null {
-  try {
-    const path = knowledgeAuthPath(env);
-    if (!existsSync(path)) return null;
-    const parsed = JSON.parse(readFileSync(path, 'utf8')) as KnowledgeAuthConfig;
-    return typeof parsed.api_key === 'string' && parsed.api_key.length > 0 ? parsed : null;
-  } catch {
-    return null;
-  }
-}
-
-export function saveKnowledgeAuth(
-  auth: Omit<KnowledgeAuthConfig, 'created_at'> & { created_at?: string },
-  env: Record<string, string | undefined> = process.env,
-): KnowledgeAuthConfig {
-  const path = knowledgeAuthPath(env);
-  const stored: KnowledgeAuthConfig = {
-    ...auth,
-    api_url: auth.api_url ? normalizeKnowledgeApiOrigin(auth.api_url) : undefined,
-    created_at: auth.created_at ?? new Date().toISOString(),
-  };
-  mkdirSync(dirname(path), { recursive: true, mode: 0o700 });
-  writeFileSync(path, `${JSON.stringify(stored, null, 2)}\n`, { mode: 0o600 });
-  return stored;
-}
-
-export function clearKnowledgeAuth(env: Record<string, string | undefined> = process.env): boolean {
-  try {
-    unlinkSync(knowledgeAuthPath(env));
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-export function getKnowledgeApiKey(env: Record<string, string | undefined> = process.env): { apiKey: string | null; source: KnowledgeAuthStatus['source'] } {
-  if (env.KNOWLEDGE_API_KEY) return { apiKey: env.KNOWLEDGE_API_KEY, source: 'env' };
-  if (env.HASNA_KNOWLEDGE_API_KEY) return { apiKey: env.HASNA_KNOWLEDGE_API_KEY, source: 'env' };
-  const auth = getKnowledgeAuth(env);
-  return auth?.api_key ? { apiKey: auth.api_key, source: 'file' } : { apiKey: null, source: 'none' };
-}
-
-export function knowledgeAuthStatus(
-  config?: KnowledgeConfig,
-  env: Record<string, string | undefined> = process.env,
-): KnowledgeAuthStatus {
-  const auth = getKnowledgeAuth(env);
-  const key = getKnowledgeApiKey(env);
-  const apiUrl = env.KNOWLEDGE_API_URL
-    ? resolveKnowledgeApiUrl(config, env)
-    : auth?.api_url
-      ? normalizeKnowledgeApiOrigin(auth.api_url)
-      : resolveKnowledgeApiUrl(config, env);
-  return {
-    authenticated: Boolean(key.apiKey),
-    source: key.source,
-    api_url: apiUrl,
-    auth_path: knowledgeAuthPath(env),
-    email: key.source === 'file' ? auth?.email ?? null : null,
-    org_id: key.source === 'file' ? auth?.org_id ?? null : null,
-    org_slug: key.source === 'file' ? auth?.org_slug ?? null : null,
-    user_id: key.source === 'file' ? auth?.user_id ?? null : null,
-    api_key_present: Boolean(key.apiKey),
-  };
-}