@hasna/knowledge 0.2.6 → 0.2.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +39 -1
- package/bin/open-knowledge-mcp.js +637 -5
- package/bin/open-knowledge.js +75 -21
- package/docs/architecture/ai-native-knowledge-base.md +18 -0
- package/package.json +1 -1
- package/src/cli.ts +169 -5
- package/src/knowledge-db.ts +41 -1
- package/src/manifest-ingest.ts +58 -9
- package/src/mcp.js +25 -0
- package/src/outbox-consume.ts +33 -4
- package/src/safety.ts +265 -0
- package/src/source-ref.ts +12 -0
- package/src/source-resolver.ts +418 -0
- package/src/workspace.ts +26 -0
package/README.md
CHANGED
|
@@ -68,6 +68,12 @@ open-knowledge ingest manifest ./open-files-manifest.jsonl --scope project --jso
|
|
|
68
68
|
|
|
69
69
|
# Consume open-files change events and invalidate stale source chunks
|
|
70
70
|
open-knowledge reindex outbox ./open-files-outbox.jsonl --scope project --json
|
|
71
|
+
|
|
72
|
+
# Resolve indexed source text and citation evidence through the read-only source boundary
|
|
73
|
+
open-knowledge source resolve open-files://file/f_123/revision/rev_456 --scope project --json
|
|
74
|
+
|
|
75
|
+
# Inspect local safety policy and approvals
|
|
76
|
+
open-knowledge safety status --scope project --json
|
|
71
77
|
```
|
|
72
78
|
|
|
73
79
|
## Commands
|
|
@@ -166,6 +172,15 @@ Create starter generated-knowledge artifacts through the artifact store:
|
|
|
166
172
|
`schemas/v1.md`, `indexes/root.md`, `wiki/README.md`, and a dated JSONL log
|
|
167
173
|
partition.
|
|
168
174
|
|
|
175
|
+
### source
|
|
176
|
+
```bash
|
|
177
|
+
open-knowledge source resolve <source-ref> [--purpose knowledge_answer|knowledge_index] [--limit <n>] [--scope project] [--json]
|
|
178
|
+
```
|
|
179
|
+
Resolve an indexed source through the read-only open-files boundary. The result
|
|
180
|
+
returns source metadata, permissions, the selected revision, derived chunk text,
|
|
181
|
+
and citation evidence. It does not expose raw file bytes or storage credentials;
|
|
182
|
+
raw source retrieval remains owned by `open-files`.
|
|
183
|
+
|
|
169
184
|
### ingest
|
|
170
185
|
```bash
|
|
171
186
|
open-knowledge ingest manifest <file|s3://bucket/key> [--scope project] [--json]
|
|
@@ -182,6 +197,18 @@ Consume open-files JSON or JSONL change events. This invalidates matching
|
|
|
182
197
|
source chunks and embeddings by source ref, revision, or hash, updates
|
|
183
198
|
permission/path/delete metadata, and records a local run ledger.
|
|
184
199
|
|
|
200
|
+
### safety
|
|
201
|
+
```bash
|
|
202
|
+
open-knowledge safety status [--scope project] [--json]
|
|
203
|
+
open-knowledge safety check generated_write [target] [--scope project] [--json]
|
|
204
|
+
open-knowledge safety approve generated_write [target] [--scope project] [--json]
|
|
205
|
+
open-knowledge safety audit [--scope project] [--json]
|
|
206
|
+
open-knowledge safety redact <text> [--scope project] [--json]
|
|
207
|
+
```
|
|
208
|
+
Inspect and operate the local safety model. Source reads are read-only by
|
|
209
|
+
default, web search and S3 reads are opt-in, generated writes require approval
|
|
210
|
+
by default, and known secret patterns are redacted before chunk storage.
|
|
211
|
+
|
|
185
212
|
### help
|
|
186
213
|
```bash
|
|
187
214
|
open-knowledge help [command]
|
|
@@ -217,7 +244,7 @@ The MCP server exposes item tools (`ok_add`, `ok_list`, `ok_get`, `ok_update`,
|
|
|
217
244
|
`ok_delete`, `ok_archive`, `ok_restore`, `ok_upsert`, `ok_untag`,
|
|
218
245
|
`ok_bulk_delete`, `ok_prune`, `ok_dedupe`, `ok_stats`, `ok_export`,
|
|
219
246
|
`ok_import`, `ok_batch`), workspace inspection (`ok_paths`), and source-ref
|
|
220
|
-
parsing (`ok_parse_source_ref`).
|
|
247
|
+
parsing/resolution (`ok_parse_source_ref`, `ok_resolve_source`).
|
|
221
248
|
|
|
222
249
|
## Source And Artifact Boundary
|
|
223
250
|
|
|
@@ -227,9 +254,20 @@ stores source references such as `open-files://file/<id>`,
|
|
|
227
254
|
and `https://...`, plus citations, chunks, generated wiki pages, indexes,
|
|
228
255
|
logs, runs, and search metadata.
|
|
229
256
|
|
|
257
|
+
`open-knowledge source resolve` and the MCP `ok_resolve_source` tool resolve
|
|
258
|
+
only the indexed, derived knowledge catalog. The resolver enforces read-only
|
|
259
|
+
purpose labels from source permissions, returns chunk citation evidence, writes
|
|
260
|
+
an audit event, and keeps bytes/storage credentials inside `open-files`.
|
|
261
|
+
|
|
230
262
|
Generated knowledge artifacts can be stored locally under
|
|
231
263
|
`.hasna/apps/knowledge/artifacts` or through the S3 artifact-store adapter.
|
|
232
264
|
|
|
265
|
+
The default safety policy allows writes only under the resolved
|
|
266
|
+
`.hasna/apps/knowledge` workspace. S3 manifest/outbox reads require
|
|
267
|
+
`safety.network.s3_reads_enabled=true` and an allowed bucket in config, or the
|
|
268
|
+
equivalent `HASNA_KNOWLEDGE_ALLOW_S3_READS=1` and
|
|
269
|
+
`HASNA_KNOWLEDGE_ALLOWED_S3_BUCKETS=bucket-a,bucket-b` environment variables.
|
|
270
|
+
|
|
233
271
|
## JSON Output
|
|
234
272
|
|
|
235
273
|
Every command returns structured JSON when `--json` is passed:
|