npm - @kweaver-ai/kweaver-sdk - Versions diffs - 0.4.5 → 0.4.7 - Mend

@kweaver-ai/kweaver-sdk 0.4.5 → 0.4.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/bin/kweaver.js CHANGED Viewed

@@ -1,9 +1,24 @@
 #!/usr/bin/env node
+function exit(code) {
+  if (process.stdout.writableNeedDrain || process.stderr.writableNeedDrain) {
+    const done = () => {
+      if (!process.stdout.writableNeedDrain && !process.stderr.writableNeedDrain) {
+        process.exit(code);
+      }
+    };
+    process.stdout.once("drain", done);
+    process.stderr.once("drain", done);
+  } else {
+    process.exit(code);
+  }
+}
 import("../dist/cli.js").then(({ run }) => {
   run(process.argv.slice(2))
-    .then((code) => process.exit(code))
+    .then((code) => exit(code))
     .catch((err) => {
       console.error(err instanceof Error ? err.message : String(err));
-      process.exit(1);
+      exit(1);
     });
 });

package/dist/auth/oauth.d.ts CHANGED Viewed

@@ -1,5 +1,21 @@
 import { type TokenConfig } from "../config/store.js";
 export declare function normalizeBaseUrl(value: string): string;
+/**
+ * OAuth2 Authorization Code login flow.
+ * 1. Register client (if not already registered)
+ * 2. Open browser to /oauth2/auth
+ * 3. Receive authorization code via local HTTP callback
+ * 4. Exchange code for access_token + refresh_token
+ * 5. Save token.json + client.json to ~/.kweaver/
+ */
+export declare function oauth2Login(baseUrl: string, options?: {
+    port?: number;
+    scope?: string;
+}): Promise<TokenConfig>;
+/**
+ * Playwright cookie login (legacy fallback).
+ * Does NOT produce a refresh_token — token expires in 1 hour with no auto-refresh.
+ */
 export declare function playwrightLogin(baseUrl: string, options?: {
     username?: string;
     password?: string;

package/dist/auth/oauth.js CHANGED Viewed

@@ -1,11 +1,169 @@
-import { getCurrentPlatform, loadClientConfig, loadTokenConfig, saveTokenConfig, setCurrentPlatform, } from "../config/store.js";
+import { getCurrentPlatform, loadClientConfig, loadTokenConfig, saveClientConfig, saveTokenConfig, setCurrentPlatform, } from "../config/store.js";
 import { HttpError, NetworkRequestError } from "../utils/http.js";
 const TOKEN_TTL_SECONDS = 3600;
 /** Seconds before access token expiry to trigger refresh (matches Python ConfigAuth). */
 const REFRESH_THRESHOLD_SEC = 60;
+const DEFAULT_REDIRECT_PORT = 9010;
+const DEFAULT_SCOPE = "openid offline all";
 export function normalizeBaseUrl(value) {
     return value.replace(/\/+$/, "");
 }
+/**
+ * OAuth2 Authorization Code login flow.
+ * 1. Register client (if not already registered)
+ * 2. Open browser to /oauth2/auth
+ * 3. Receive authorization code via local HTTP callback
+ * 4. Exchange code for access_token + refresh_token
+ * 5. Save token.json + client.json to ~/.kweaver/
+ */
+export async function oauth2Login(baseUrl, options) {
+    const { createServer } = await import("node:http");
+    const { randomBytes } = await import("node:crypto");
+    const base = normalizeBaseUrl(baseUrl);
+    const port = options?.port ?? DEFAULT_REDIRECT_PORT;
+    const scope = options?.scope ?? DEFAULT_SCOPE;
+    const redirectUri = `http://127.0.0.1:${port}/callback`;
+    // Step 1: Ensure registered client
+    let client = loadClientConfig(base);
+    if (!client?.clientId) {
+        client = await registerOAuth2Client(base, redirectUri, scope);
+        saveClientConfig(base, client);
+    }
+    // Step 2: Generate CSRF state
+    const state = randomBytes(12).toString("hex");
+    // Step 3: Build authorization URL
+    const authParams = new URLSearchParams({
+        redirect_uri: redirectUri,
+        "x-forwarded-prefix": "",
+        client_id: client.clientId,
+        scope,
+        response_type: "code",
+        state,
+        lang: "zh-cn",
+        product: "adp",
+    });
+    const authUrl = `${base}/oauth2/auth?${authParams.toString()}`;
+    // Step 4: Start local callback server, wait for code
+    const code = await new Promise((resolve, reject) => {
+        const timeoutId = setTimeout(() => {
+            server.close();
+            reject(new Error("OAuth2 login timed out (120s). No authorization code received."));
+        }, 120_000);
+        const server = createServer((req, res) => {
+            const url = new URL(req.url ?? "/", `http://127.0.0.1:${port}`);
+            if (url.pathname === "/callback") {
+                const receivedState = url.searchParams.get("state");
+                const receivedCode = url.searchParams.get("code");
+                res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+                res.end("<html><body><h2>Login successful. You can close this tab.</h2></body></html>");
+                clearTimeout(timeoutId);
+                server.close();
+                if (receivedState !== state) {
+                    reject(new Error("OAuth2 state mismatch — possible CSRF attack."));
+                }
+                else if (!receivedCode) {
+                    reject(new Error("No authorization code received in callback."));
+                }
+                else {
+                    resolve(receivedCode);
+                }
+            }
+            else {
+                res.writeHead(404);
+                res.end();
+            }
+        });
+        server.listen(port, "127.0.0.1", () => {
+            // Step 5: Open browser
+            import("node:child_process").then(({ exec }) => {
+                const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+                exec(`${cmd} "${authUrl}"`);
+            });
+        });
+    });
+    // Step 6: Exchange code for tokens
+    const token = await exchangeCodeForToken(base, code, client.clientId, client.clientSecret, redirectUri);
+    setCurrentPlatform(base);
+    return token;
+}
+async function registerOAuth2Client(baseUrl, redirectUri, scope) {
+    const logoutUri = redirectUri.replace("/callback", "/successful-logout");
+    const response = await fetch(`${baseUrl}/oauth2/clients`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json", Accept: "application/json" },
+        body: JSON.stringify({
+            client_name: "kweaver-sdk",
+            grant_types: ["authorization_code", "implicit", "refresh_token"],
+            response_types: ["token id_token", "code", "token"],
+            scope: "openid offline all",
+            redirect_uris: [redirectUri],
+            post_logout_redirect_uris: [logoutUri],
+            metadata: {
+                device: {
+                    name: "kweaver-sdk",
+                    client_type: "web",
+                    description: "KWeaver TypeScript SDK",
+                },
+            },
+        }),
+    });
+    const text = await response.text();
+    if (!response.ok) {
+        throw new HttpError(response.status, response.statusText, text);
+    }
+    const data = JSON.parse(text);
+    return {
+        baseUrl,
+        clientId: data.client_id,
+        clientSecret: data.client_secret,
+        redirectUri,
+        logoutRedirectUri: logoutUri,
+        scope,
+        lang: "zh-cn",
+        product: "adp",
+        xForwardedPrefix: "",
+    };
+}
+async function exchangeCodeForToken(baseUrl, code, clientId, clientSecret, redirectUri) {
+    const credentials = Buffer.from(`${clientId}:${clientSecret}`).toString("base64");
+    const response = await fetch(`${baseUrl}/oauth2/token`, {
+        method: "POST",
+        headers: {
+            Authorization: `Basic ${credentials}`,
+            "Content-Type": "application/x-www-form-urlencoded",
+            Accept: "application/json",
+        },
+        body: new URLSearchParams({
+            grant_type: "authorization_code",
+            code,
+            redirect_uri: redirectUri,
+        }).toString(),
+    });
+    const text = await response.text();
+    if (!response.ok) {
+        throw new HttpError(response.status, response.statusText, text);
+    }
+    const data = JSON.parse(text);
+    const now = new Date();
+    const expiresIn = typeof data.expires_in === "number" ? data.expires_in : 3600;
+    const token = {
+        baseUrl,
+        accessToken: data.access_token,
+        tokenType: data.token_type ?? "Bearer",
+        scope: data.scope ?? "",
+        expiresIn,
+        expiresAt: new Date(now.getTime() + expiresIn * 1000).toISOString(),
+        refreshToken: data.refresh_token ?? "",
+        idToken: data.id_token ?? "",
+        obtainedAt: now.toISOString(),
+    };
+    saveTokenConfig(token);
+    return token;
+}
+/**
+ * Playwright cookie login (legacy fallback).
+ * Does NOT produce a refresh_token — token expires in 1 hour with no auto-refresh.
+ */
 export async function playwrightLogin(baseUrl, options) {
     let chromium;
     try {

package/dist/cli.js CHANGED Viewed

@@ -87,14 +87,28 @@ export async function run(argv) {
     printHelp();
     return 1;
 }
+function safeExit(code) {
+    if (process.stdout.writableNeedDrain || process.stderr.writableNeedDrain) {
+        const done = () => {
+            if (!process.stdout.writableNeedDrain && !process.stderr.writableNeedDrain) {
+                process.exit(code);
+            }
+        };
+        process.stdout.once("drain", done);
+        process.stderr.once("drain", done);
+    }
+    else {
+        process.exit(code);
+    }
+}
 if (import.meta.url === `file://${process.argv[1]}`) {
     run(process.argv.slice(2))
         .then((code) => {
-        process.exit(code);
+        safeExit(code);
     })
         .catch((error) => {
         const message = error instanceof Error ? error.message : String(error);
         console.error(message);
-        process.exit(1);
+        safeExit(1);
     });
 }

package/dist/commands/auth.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { clearPlatformSession, deletePlatform, getConfigDir, getCurrentPlatform, getPlatformAlias, hasPlatform, listPlatforms, loadTokenConfig, resolvePlatformIdentifier, setCurrentPlatform, setPlatformAlias, } from "../config/store.js";
-import { formatHttpError, normalizeBaseUrl, playwrightLogin, } from "../auth/oauth.js";
+import { formatHttpError, normalizeBaseUrl, oauth2Login, playwrightLogin, } from "../auth/oauth.js";
 export async function runAuthCommand(args) {
     const target = args[0];
     const rest = args.slice(1);
@@ -27,13 +27,23 @@ kweaver auth delete <url>    Delete saved credentials`);
             const alias = readOption(args, "--alias");
             const username = readOption(args, "--username") ?? readOption(args, "-u");
             const password = readOption(args, "--password") ?? readOption(args, "-p");
+            const usePlaywright = args.includes("--playwright");
+            let token;
             if (username && password) {
+                // Headless Playwright login with credentials
                 console.log("Logging in (headless)...");
+                token = await playwrightLogin(normalizedTarget, { username, password });
+            }
+            else if (usePlaywright) {
+                // Explicit Playwright fallback
+                console.log("Opening browser for login (Playwright)...");
+                token = await playwrightLogin(normalizedTarget);
             }
             else {
-                console.log("Opening browser for login...");
+                // Default: OAuth2 authorization code flow (supports refresh_token)
+                console.log("Opening browser for OAuth2 login...");
+                token = await oauth2Login(normalizedTarget);
             }
-            const token = await playwrightLogin(normalizedTarget, username && password ? { username, password } : undefined);
             if (alias) {
                 setPlatformAlias(normalizedTarget, alias);
             }
@@ -49,6 +59,12 @@ kweaver auth delete <url>    Delete saved credentials`);
             }
             console.log(`Current platform: ${normalizedTarget}`);
             console.log(`Access token saved: yes`);
+            if (token.refreshToken) {
+                console.log(`Refresh token: yes (auto-refresh enabled)`);
+            }
+            else {
+                console.log(`Refresh token: no (token will expire in 1 hour)`);
+            }
             if (token.expiresAt) {
                 console.log(`Token expires at: ${token.expiresAt}`);
             }
@@ -79,6 +95,7 @@ kweaver auth delete <url>    Delete saved credentials`);
             `Current platform: ${token.baseUrl === currentPlatform ? "yes" : "no"}`,
             `Token present: yes`,
         ];
+        lines.push(`Refresh token: ${token.refreshToken ? "yes (auto-refresh enabled)" : "no"}`);
         if (token.expiresAt) {
             const expiry = new Date(token.expiresAt);
             const remainingMs = expiry.getTime() - Date.now();
@@ -86,6 +103,9 @@ kweaver auth delete <url>    Delete saved credentials`);
                 const remainingMin = Math.ceil(remainingMs / 60_000);
                 lines.push(`Token status: active (expires in ${remainingMin} min)`);
             }
+            else if (token.refreshToken) {
+                lines.push(`Token status: expired (will auto-refresh on next command)`);
+            }
             else {
                 lines.push(`Token status: expired (run \`kweaver auth login ${token.baseUrl}\` again)`);
             }

package/dist/commands/bkn.js CHANGED Viewed

@@ -456,6 +456,57 @@ function parseJsonObject(text, errorMessage) {
     }
     return parsed;
 }
+const MAX_OUTPUT_BYTES = 100_000;
+/**
+ * If a query response exceeds MAX_OUTPUT_BYTES, trim the datas array
+ * to fit, preserving valid JSON and the search_after cursor for pagination.
+ */
+function truncateQueryResult(raw) {
+    if (raw.length <= MAX_OUTPUT_BYTES) {
+        return raw;
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        return raw;
+    }
+    const datas = parsed.datas;
+    if (!Array.isArray(datas) || datas.length === 0) {
+        return raw;
+    }
+    const originalCount = datas.length;
+    while (datas.length > 1) {
+        datas.pop();
+        const candidate = JSON.stringify(parsed);
+        if (candidate.length <= MAX_OUTPUT_BYTES) {
+            const remaining = originalCount - datas.length;
+            const sa = parsed.search_after;
+            parsed._truncated = {
+                returned: datas.length,
+                total_fetched: originalCount,
+                remaining,
+                next_search_after: sa ?? null,
+                hint: sa
+                    ? `Pass --search-after '${JSON.stringify(sa)}' --limit ${datas.length} to fetch the next page.`
+                    : `Reduce --limit to ${datas.length} or less to avoid truncation.`,
+            };
+            console.error(`[warn] Truncated ${originalCount} → ${datas.length} records (output exceeded ${Math.round(MAX_OUTPUT_BYTES / 1024)}KB). ${parsed._truncated.hint}`);
+            return JSON.stringify(parsed);
+        }
+    }
+    const sa = parsed.search_after;
+    parsed._truncated = {
+        returned: 1,
+        total_fetched: originalCount,
+        remaining: originalCount - 1,
+        next_search_after: sa ?? null,
+        hint: `Single record is very large. Use --limit 1 and --search-after to iterate.`,
+    };
+    console.error(`[warn] Truncated ${originalCount} → 1 record. Single record is very large. Use --limit 1 and --search-after to iterate.`);
+    return JSON.stringify(parsed);
+}
 function parseSearchAfterArray(text) {
     let parsed;
     try {
@@ -528,7 +579,7 @@ export function parseKnObjectTypeQueryArgs(args) {
         body.search_after = searchAfter;
     }
     if (typeof body.limit !== "number" || !Number.isFinite(body.limit) || body.limit < 1) {
-        throw new Error("Missing limit. Provide it in body JSON or via --limit <n>.");
+        body.limit = 30;
     }
     if (!businessDomain)
         businessDomain = resolveBusinessDomain();
@@ -916,7 +967,8 @@ kweaver bkn object-type properties <kn-id> <ot-id> '<json>' [--pretty] [-bd valu
 list: List object types (schema) from ontology-manager.
 get: Get single object type details.
 create/update/delete: Schema CRUD (create requires dataview-id).
-query/properties: Query via ontology-query API. For query, --limit and --search-after are merged into the JSON body.
+query: Query via ontology-query API. Default limit is 30 if not specified. Use --search-after for pagination.
+properties: Query instance properties by primary key.
 properties JSON format: {"_instance_identities":[{"<primary-key>":"<value>"}],"properties":["prop1","prop2"]}`);
         return 0;
@@ -1016,7 +1068,7 @@ properties JSON format: {"_instance_identities":[{"<primary-key>":"<value>"}],"p
                 body: options.body,
                 businessDomain: options.businessDomain,
             });
-            console.log(formatCallOutput(result, options.pretty));
+            console.log(formatCallOutput(truncateQueryResult(result), options.pretty));
             return 0;
         }
         if (action === "properties") {
@@ -1343,6 +1395,9 @@ Query subgraph via ontology-query API. JSON body format see references/json-form
             businessDomain,
             queryType,
         });
+        if (result.length > 100_000) {
+            console.error(`[warn] Response is ${(result.length / 1024).toFixed(0)}KB. Consider narrowing the subgraph query.`);
+        }
         console.log(formatCallOutput(result, pretty));
         return 0;
     }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kweaver-ai/kweaver-sdk",
-  "version": "0.4.5",
+  "version": "0.4.7",
   "description": "KWeaver TypeScript SDK — CLI tool and programmatic API for knowledge networks and Decision Agents.",
   "type": "module",
   "main": "./dist/index.js",