@kweaver-ai/kweaver-sdk 0.4.7 → 0.4.9

package/dist/auth/oauth.d.ts

@@ -13,12 +13,21 @@ export declare function oauth2Login(baseUrl: string, options?: {
     scope?: string;
 }): Promise<TokenConfig>;
 /**
- * Playwright cookie login (legacy fallback).
- * Does NOT produce a refresh_token — token expires in 1 hour with no auto-refresh.
+ * Playwright-automated OAuth2 login.
+ *
+ * Uses the full OAuth2 authorization code flow (same as `oauth2Login`) but
+ * automates the browser interaction with Playwright.  This produces a
+ * refresh_token so the CLI can auto-refresh without re-login.
+ *
+ * When `username` and `password` are provided the browser runs headless and
+ * fills the login form automatically.  Otherwise it opens a visible browser
+ * window for manual login (same UX as the old cookie-based flow).
  */
 export declare function playwrightLogin(baseUrl: string, options?: {
     username?: string;
     password?: string;
+    port?: number;
+    scope?: string;
 }): Promise<TokenConfig>;
 /**
  * Exchange refresh_token for a new access token (OAuth2 password grant style, same as Python ConfigAuth).

package/dist/auth/oauth.js

@@ -74,10 +74,9 @@ export async function oauth2Login(baseUrl, options) {
             }
         });
         server.listen(port, "127.0.0.1", () => {
-            // Step 5: Open browser
-            import("node:child_process").then(({ exec }) => {
-                const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
-                exec(`${cmd} "${authUrl}"`);
+            // Step 5: Open browser (uses spawn with proper Windows quoting)
+            import("../utils/browser.js").then(({ openBrowser }) => {
+                openBrowser(authUrl);
             });
         });
     });
@@ -161,10 +160,19 @@ async function exchangeCodeForToken(baseUrl, code, clientId, clientSecret, redir
     return token;
 }
 /**
- * Playwright cookie login (legacy fallback).
- * Does NOT produce a refresh_token — token expires in 1 hour with no auto-refresh.
+ * Playwright-automated OAuth2 login.
+ *
+ * Uses the full OAuth2 authorization code flow (same as `oauth2Login`) but
+ * automates the browser interaction with Playwright.  This produces a
+ * refresh_token so the CLI can auto-refresh without re-login.
+ *
+ * When `username` and `password` are provided the browser runs headless and
+ * fills the login form automatically.  Otherwise it opens a visible browser
+ * window for manual login (same UX as the old cookie-based flow).
  */
 export async function playwrightLogin(baseUrl, options) {
+    const { createServer } = await import("node:http");
+    const { randomBytes } = await import("node:crypto");
     let chromium;
     try {
         const modName = "playwright";
@@ -174,71 +182,94 @@ export async function playwrightLogin(baseUrl, options) {
     catch {
         throw new Error("Playwright is not installed. Run:\n  npm install playwright && npx playwright install chromium");
     }
-    const hasCredentials = options?.username && options?.password;
-    const browser = await chromium.launch({ headless: hasCredentials ? true : false });
-    try {
-        const context = await browser.newContext();
-        const page = await context.newPage();
-        await page.goto(`${baseUrl}/api/dip-hub/v1/login`, {
-            waitUntil: "networkidle",
-            timeout: 30_000,
-        });
-        if (hasCredentials) {
-            // Headless mode: auto-fill credentials
-            await page.waitForSelector('input[name="account"]', { timeout: 10_000 });
-            await page.fill('input[name="account"]', options.username);
-            await page.fill('input[name="password"]', options.password);
-            await page.click("button.ant-btn-primary");
-        }
-        // else: headed mode — user logs in manually in the browser window
-        const TIMEOUT_SECONDS = hasCredentials ? 30 : 120;
-        let accessToken = null;
-        for (let i = 0; i < TIMEOUT_SECONDS; i++) {
-            await new Promise((r) => setTimeout(r, 1000));
-            // Check cookies (works even after navigation)
-            for (const cookie of await context.cookies()) {
-                if (cookie.name === "dip.oauth2_token") {
-                    accessToken = decodeURIComponent(cookie.value);
-                    break;
+    const base = normalizeBaseUrl(baseUrl);
+    const port = options?.port ?? DEFAULT_REDIRECT_PORT;
+    const scope = options?.scope ?? DEFAULT_SCOPE;
+    const redirectUri = `http://127.0.0.1:${port}/callback`;
+    const hasCredentials = !!(options?.username && options?.password);
+    // Step 1: Ensure registered OAuth2 client
+    let client = loadClientConfig(base);
+    if (!client?.clientId) {
+        client = await registerOAuth2Client(base, redirectUri, scope);
+        saveClientConfig(base, client);
+    }
+    // Step 2: Generate CSRF state
+    const state = randomBytes(12).toString("hex");
+    // Step 3: Build authorization URL
+    const authParams = new URLSearchParams({
+        redirect_uri: redirectUri,
+        "x-forwarded-prefix": "",
+        client_id: client.clientId,
+        scope,
+        response_type: "code",
+        state,
+        lang: "zh-cn",
+        product: "adp",
+    });
+    const authUrl = `${base}/oauth2/auth?${authParams.toString()}`;
+    // Step 4: Start local callback server to capture the authorization code
+    const code = await new Promise((resolve, reject) => {
+        const TIMEOUT_MS = hasCredentials ? 30_000 : 120_000;
+        const timeoutId = setTimeout(() => {
+            server.close();
+            browser?.close();
+            reject(new Error(`OAuth2 login timed out (${TIMEOUT_MS / 1000}s). No authorization code received.`));
+        }, TIMEOUT_MS);
+        const server = createServer((req, res) => {
+            const url = new URL(req.url ?? "/", `http://127.0.0.1:${port}`);
+            if (url.pathname === "/callback") {
+                const receivedState = url.searchParams.get("state");
+                const receivedCode = url.searchParams.get("code");
+                res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+                res.end("<html><body><h2>Login successful. You can close this tab.</h2></body></html>");
+                clearTimeout(timeoutId);
+                server.close();
+                browser?.close();
+                if (receivedState !== state) {
+                    reject(new Error("OAuth2 state mismatch — possible CSRF attack."));
                 }
-            }
-            if (accessToken)
-                break;
-            // In headless mode, check for login error messages
-            if (hasCredentials) {
-                try {
-                    const errorEl = await page.$(".ant-message-error, .ant-alert-error");
-                    if (errorEl) {
-                        const errorText = await errorEl.textContent();
-                        throw new Error(`Login failed: ${errorText?.trim() || "unknown error"}`);
-                    }
+                else if (!receivedCode) {
+                    reject(new Error("No authorization code received in callback."));
                 }
-                catch (e) {
-                    if (e instanceof Error && e.message.startsWith("Login failed:"))
-                        throw e;
+                else {
+                    resolve(receivedCode);
                 }
             }
-        }
-        if (!accessToken) {
-            throw new Error(`Login timed out: dip.oauth2_token cookie not received within ${TIMEOUT_SECONDS} seconds.`);
-        }
-        const now = new Date();
-        const tokenConfig = {
-            baseUrl,
-            accessToken,
-            tokenType: "bearer",
-            scope: "",
-            expiresIn: TOKEN_TTL_SECONDS,
-            expiresAt: new Date(now.getTime() + TOKEN_TTL_SECONDS * 1000).toISOString(),
-            obtainedAt: now.toISOString(),
-        };
-        saveTokenConfig(tokenConfig);
-        setCurrentPlatform(baseUrl);
-        return tokenConfig;
-    }
-    finally {
-        await browser.close();
-    }
+            else {
+                res.writeHead(404);
+                res.end();
+            }
+        });
+        let browser;
+        server.listen(port, "127.0.0.1", async () => {
+            try {
+                browser = await chromium.launch({ headless: hasCredentials });
+                const context = await browser.newContext();
+                const page = await context.newPage();
+                // Navigate to OAuth2 auth URL — redirects to signin page
+                await page.goto(authUrl, { waitUntil: "networkidle", timeout: 30_000 });
+                if (hasCredentials) {
+                    // Auto-fill credentials
+                    await page.waitForSelector('input[name="account"]', { timeout: 10_000 });
+                    await page.fill('input[name="account"]', options.username);
+                    await page.fill('input[name="password"]', options.password);
+                    await page.click("button.ant-btn-primary");
+                }
+                // else: visible browser — user logs in manually
+                // The OAuth2 callback will fire when login completes, resolving the promise above
+            }
+            catch (err) {
+                clearTimeout(timeoutId);
+                server.close();
+                browser?.close();
+                reject(err);
+            }
+        });
+    });
+    // Step 5: Exchange authorization code for tokens (includes refresh_token)
+    const token = await exchangeCodeForToken(base, code, client.clientId, client.clientSecret, redirectUri);
+    setCurrentPlatform(base);
+    return token;
 }
 function tokenNeedsRefresh(token) {
     if (!token.expiresAt) {

package/dist/cli.js

@@ -11,47 +11,100 @@ function printHelp() {
     console.log(`kweaver
 
 Usage:
-  kweaver auth <platform-url>
-  kweaver auth login <platform-url>
-  kweaver auth <platform-url> [--alias name] [--no-open] [--host host] [--redirect-uri uri]
-  kweaver auth status [platform-url]
+  kweaver --version | -V
+  kweaver --help | -h
+
+  kweaver auth <platform-url> [--alias name] [-u user] [-p pass] [--playwright]
+  kweaver auth login <platform-url>          (alias for auth <url>)
+  kweaver auth status [platform-url|alias]
   kweaver auth list
-  kweaver auth use <platform-url>
-  kweaver auth logout [platform-url]
-  kweaver auth delete <platform-url>
+  kweaver auth use <platform-url|alias>
+  kweaver auth logout [platform-url|alias]
+  kweaver auth delete <platform-url|alias>
   kweaver token
-  kweaver call <url> [-X METHOD] [-H "Name: value"] [-d BODY] [--pretty] [--verbose] [-bd value]
-  kweaver agent chat <agent_id> [-m "message"] [--version value] [--conversation-id id] [--stream] [--no-stream] [--verbose] [-bd value]
-  kweaver agent list [options]
-  kweaver agent get <agent_id> [options]
-  kweaver ds list [options]
+
+  kweaver call <url> [-X METHOD] [-H "Name: value"] [-d BODY] [--data-raw BODY]
+             [--url URL] [--pretty] [--verbose] [-bd value]
+  (alias: kweaver curl ...)
+
+  kweaver agent chat <agent_id> [-m "message"] [--version value] [--conversation-id id]
+                [--stream] [--no-stream] [--verbose] [-bd value]
+  kweaver agent list [--name X] [--limit N] [--offset N] [-bd value] [--pretty]
+  kweaver agent get <agent_id> [-bd value] [--pretty]
+  kweaver agent get-by-key <key> [-bd value] [--pretty]
+  kweaver agent sessions <agent_id> [-bd value] [--limit N] [--pretty]
+  kweaver agent history <agent_id> <session_id> [-bd value] [--limit N] [--pretty]
+  kweaver agent create [options]
+  kweaver agent update <agent_id> [options]
+  kweaver agent delete <agent_id> [-bd value]
+  kweaver agent publish <agent_id> [-bd value]
+  kweaver agent unpublish <agent_id> [-bd value]
+
+  kweaver ds list [--keyword X] [--type T] [-bd value] [--pretty]
   kweaver ds get <id>
-  kweaver ds connect <db_type> <host> <port> <database> --account X --password Y
+  kweaver ds delete <id> [-y]
+  kweaver ds tables <id> [--keyword X] [--pretty]
+  kweaver ds connect <db_type> <host> <port> <database> --account X --password Y [--schema S] [--name N]
+
   kweaver bkn list [options]
   kweaver bkn get <kn-id> [options]
-  kweaver bkn search <kn-id> <query> [options]
+  kweaver bkn search <kn-id> <query> [--max-concepts N] [--mode M] [--pretty] [-bd value]
   kweaver bkn create [options]
+  kweaver bkn create-from-ds [options]
   kweaver bkn update <kn-id> [options]
-  kweaver bkn delete <kn-id>
-  kweaver config [set-bd|show]
-  kweaver vega [health|stats|inspect|catalog|resource|connector-type]
-  kweaver context-loader [config|kn-search|...]
-  kweaver --help
+  kweaver bkn delete <kn-id> [-y]
+  kweaver bkn build <kn-id> [--wait] [--no-wait] [--timeout N]
+  kweaver bkn validate <directory> [--detect-encoding|--no-detect-encoding] [--source-encoding name]
+  kweaver bkn export <kn-id>
+  kweaver bkn stats <kn-id>
+  kweaver bkn push <directory> [--branch main] [-bd value] [--detect-encoding|--no-detect-encoding] [--source-encoding name]
+  kweaver bkn pull <kn-id> [directory] [--branch main] [-bd value]
+  kweaver bkn object-type list|get|create|update|delete|query|properties <kn-id> ...
+  kweaver bkn relation-type list|get|create|update|delete <kn-id> ...
+  kweaver bkn subgraph <kn-id> <body-json>
+  kweaver bkn action-type list|query|execute <kn-id> ... [--wait] [--no-wait] [--timeout N]
+  kweaver bkn action-execution get <kn-id> <execution-id>
+  kweaver bkn action-log list|get|cancel <kn-id> ...
+
+  kweaver config set-bd <value>
+  kweaver config show
+
+  kweaver vega health|stats|inspect
+  kweaver vega catalog list|get|health|test-connection|discover|resources [options]
+  kweaver vega resource list|get|query|preview [options]
+  kweaver vega connector-type list|get [options]
+
+  kweaver context-loader config set|use|list|remove|show [options]
+  kweaver context-loader tools|resources|templates|prompts [--cursor]
+  kweaver context-loader resource <uri>
+  kweaver context-loader prompt <name> [--args json]
+  kweaver context-loader kn-search <query> [--only-schema]
+  kweaver context-loader kn-schema-search <query> [--max N]
+  kweaver context-loader query-object-instance|query-instance-subgraph|get-logic-properties|get-action-info ...
+  (alias: kweaver context ...)
 
 Commands:
   auth           Login, list, inspect, and switch saved platform auth profiles
   token          Print the current access token, refreshing it first if needed
-  call           Call an API with curl-style flags and auto-injected token headers
+  call (curl)    Call an API with curl-style flags and auto-injected token headers
+  agent          Agent CRUD, chat, sessions, history, publish/unpublish
   ds             Manage datasources (list, get, delete, tables, connect)
-  agent          Chat with a KWeaver agent (agent chat <id>), list published agents (agent list)
-  bkn           Business knowledge network (list/get/create/update/delete/export/stats; object-type, subgraph, action-type, action-log)
+  bkn            Knowledge network (CRUD, build, validate, export, stats, push/pull,
+                 object-type, relation-type, subgraph, action-type, action-execution, action-log)
   config         Per-platform configuration (business domain)
-  vega           Vega observability platform (catalogs, resources, connector-types, health)
-  context-loader Call context-loader MCP (tools, resources, prompts; kn-search, query-*, etc.)
+  vega           Vega observability (catalog, resource, connector-type, health/stats/inspect)
+  context-loader Context-loader MCP (config, tools, resources, prompts, kn-search, query-*, etc.)
   help           Show this message`);
 }
 export async function run(argv) {
     const [command, ...rest] = argv;
+    if (command === "--version" || command === "-V" || command === "version") {
+        const { createRequire } = await import("node:module");
+        const require = createRequire(import.meta.url);
+        const pkg = require("../package.json");
+        console.log(pkg.version);
+        return 0;
+    }
     if (argv.length === 0 || !command || command === "--help" || command === "-h" || command === "help") {
         printHelp();
         return 0;
@@ -101,7 +154,9 @@ function safeExit(code) {
         process.exit(code);
     }
 }
-if (import.meta.url === `file://${process.argv[1]}`) {
+import { fileURLToPath } from "node:url";
+import { resolve } from "node:path";
+if (fileURLToPath(import.meta.url) === resolve(process.argv[1])) {
     run(process.argv.slice(2))
         .then((code) => {
         safeExit(code);

package/dist/commands/bkn.d.ts

@@ -1,3 +1,4 @@
+import { type BknEncodingImportOptions } from "../utils/bkn-encoding.js";
 export interface KnListOptions {
     offset: number;
     limit: number;
@@ -46,6 +47,7 @@ export interface KnPushOptions {
     branch: string;
     businessDomain: string;
     pretty: boolean;
+    encodingOptions: BknEncodingImportOptions;
 }
 export declare function parseKnPushArgs(args: string[]): KnPushOptions;
 export interface KnPullOptions {
@@ -64,6 +66,42 @@ export interface KnObjectTypeQueryOptions {
 }
 export declare function parseKnObjectTypeQueryArgs(args: string[]): KnObjectTypeQueryOptions;
 export declare function runKnCommand(args: string[]): Promise<number>;
+/** Fields merged via GET → modify → PUT (not raw body mode). */
+export interface ObjectTypeMergeFields {
+    name?: string;
+    displayKey?: string;
+    addProperties: Record<string, unknown>[];
+    removeProperties: string[];
+    tags?: string[];
+    comment?: string;
+    icon?: string;
+    color?: string;
+}
+export type ObjectTypeUpdateParsed = {
+    mode: "body";
+    knId: string;
+    otId: string;
+    body: string;
+    businessDomain: string;
+    pretty: boolean;
+} | {
+    mode: "merge";
+    knId: string;
+    otId: string;
+    merge: ObjectTypeMergeFields;
+    businessDomain: string;
+    pretty: boolean;
+    branch: string;
+};
+/** Prepare a GET response entry for PUT (drop read-only fields). */
+export declare function stripObjectTypeForPut(entry: Record<string, unknown>): Record<string, unknown>;
+/**
+ * Apply merge flags onto a stripped object-type object (mutates copy).
+ * - Add: property `name` not in list → append.
+ * - Update: property `name` exists → replace entry (same as add; CLI also accepts `--update-property`).
+ * - Delete: `--remove-property` removes by `name` before adds are applied.
+ */
+export declare function applyObjectTypeMerge(target: Record<string, unknown>, merge: ObjectTypeMergeFields): Record<string, unknown>;
 export interface KnActionTypeExecuteOptions {
     knId: string;
     atId: string;

package/dist/commands/bkn.js

@@ -3,6 +3,7 @@ import { spawnSync } from "node:child_process";
 import { mkdirSync, readFileSync, readdirSync, statSync } from "node:fs";
 import { resolve } from "node:path";
 import { loadNetwork, allObjects, allRelations, allActions, generateChecksum, validateNetwork } from "@kweaver-ai/bkn";
+import { prepareBknDirectoryForImport, stripBknEncodingCliArgs, } from "../utils/bkn-encoding.js";
 import { ensureValidToken, formatHttpError, with401RefreshRetry } from "../auth/oauth.js";
 import { listKnowledgeNetworks, getKnowledgeNetwork, createKnowledgeNetwork, updateKnowledgeNetwork, deleteKnowledgeNetwork, listObjectTypes, listRelationTypes, listActionTypes, getObjectType, createObjectTypes, updateObjectType, deleteObjectTypes, getRelationType, createRelationTypes, updateRelationType, deleteRelationTypes, buildKnowledgeNetwork, getBuildStatus, } from "../api/knowledge-networks.js";
 import { objectTypeQuery, objectTypeProperties, subgraph, actionTypeQuery, actionTypeExecute, actionExecutionGet, actionLogsList, actionLogGet, actionLogCancel, } from "../api/ontology-query.js";
@@ -354,12 +355,13 @@ export function parseKnDeleteArgs(args) {
     return { knId, businessDomain, yes };
 }
 export function parseKnPushArgs(args) {
+    const { rest, options: encodingOptions } = stripBknEncodingCliArgs(args);
     let directory = "";
     let branch = "main";
     let businessDomain = "";
     let pretty = true;
-    for (let i = 0; i < args.length; i += 1) {
-        const arg = args[i];
+    for (let i = 0; i < rest.length; i += 1) {
+        const arg = rest[i];
         if (arg === "--help" || arg === "-h") {
             throw new Error("help");
         }
@@ -394,7 +396,7 @@ export function parseKnPushArgs(args) {
     }
     if (!businessDomain)
         businessDomain = resolveBusinessDomain();
-    return { directory, branch, businessDomain, pretty };
+    return { directory, branch, businessDomain, pretty, encodingOptions };
 }
 export function parseKnPullArgs(args) {
     let knId = "";
@@ -767,12 +769,84 @@ function parseObjectTypeCreateArgs(args) {
         businessDomain = resolveBusinessDomain();
     return { knId, body, businessDomain, branch, pretty };
 }
-/** Parse object-type update args: --name X [--display-key Y] */
+const OBJECT_TYPE_PUT_STRIP_KEYS = new Set([
+    "status",
+    "creator",
+    "updater",
+    "create_time",
+    "update_time",
+    "module_type",
+    "kn_id",
+]);
+/** Prepare a GET response entry for PUT (drop read-only fields). */
+export function stripObjectTypeForPut(entry) {
+    const out = { ...entry };
+    for (const k of OBJECT_TYPE_PUT_STRIP_KEYS) {
+        delete out[k];
+    }
+    return out;
+}
+/**
+ * Apply merge flags onto a stripped object-type object (mutates copy).
+ * - Add: property `name` not in list → append.
+ * - Update: property `name` exists → replace entry (same as add; CLI also accepts `--update-property`).
+ * - Delete: `--remove-property` removes by `name` before adds are applied.
+ */
+export function applyObjectTypeMerge(target, merge) {
+    if (merge.name !== undefined)
+        target.name = merge.name;
+    if (merge.displayKey !== undefined)
+        target.display_key = merge.displayKey;
+    if (merge.comment !== undefined)
+        target.comment = merge.comment;
+    if (merge.icon !== undefined)
+        target.icon = merge.icon;
+    if (merge.color !== undefined)
+        target.color = merge.color;
+    if (merge.tags !== undefined)
+        target.tags = merge.tags;
+    let props = target.data_properties;
+    if (!Array.isArray(props)) {
+        props = [];
+    }
+    else {
+        props = props.map((p) => p && typeof p === "object" && !Array.isArray(p) ? { ...p } : p);
+    }
+    const list = props;
+    for (const rm of merge.removeProperties) {
+        for (let j = list.length - 1; j >= 0; j -= 1) {
+            const n = list[j]?.name;
+            if (typeof n === "string" && n === rm)
+                list.splice(j, 1);
+        }
+    }
+    for (const add of merge.addProperties) {
+        const nm = add.name;
+        if (typeof nm !== "string" || !nm) {
+            throw new Error("--add-property / --update-property JSON must include a non-empty string \"name\" field.");
+        }
+        const idx = list.findIndex((p) => p?.name === nm);
+        if (idx >= 0)
+            list[idx] = add;
+        else
+            list.push(add);
+    }
+    target.data_properties = list;
+    return target;
+}
+/** Parse object-type update: raw JSON body OR merge flags (GET-merge-PUT). */
 function parseObjectTypeUpdateArgs(args) {
     let name;
     let displayKey;
     let businessDomain = "";
     let pretty = true;
+    let branch = "main";
+    let comment;
+    let icon;
+    let color;
+    let tagsJson;
+    const addProperties = [];
+    const removeProperties = [];
     const positional = [];
     for (let i = 0; i < args.length; i += 1) {
         const arg = args[i];
@@ -786,6 +860,35 @@ function parseObjectTypeUpdateArgs(args) {
             displayKey = args[++i];
             continue;
         }
+        if ((arg === "--add-property" || arg === "--update-property") && args[i + 1]) {
+            const raw = args[++i];
+            addProperties.push(parseJsonObject(raw, `--add-property / --update-property must be valid JSON object: ${raw}`));
+            continue;
+        }
+        if (arg === "--remove-property" && args[i + 1]) {
+            removeProperties.push(args[++i]);
+            continue;
+        }
+        if (arg === "--tags" && args[i + 1]) {
+            tagsJson = args[++i];
+            continue;
+        }
+        if (arg === "--comment" && args[i + 1]) {
+            comment = args[++i];
+            continue;
+        }
+        if (arg === "--icon" && args[i + 1]) {
+            icon = args[++i];
+            continue;
+        }
+        if (arg === "--color" && args[i + 1]) {
+            color = args[++i];
+            continue;
+        }
+        if (arg === "--branch" && args[i + 1]) {
+            branch = args[++i];
+            continue;
+        }
         if ((arg === "-bd" || arg === "--biz-domain") && args[i + 1]) {
             businessDomain = args[++i];
             continue;
@@ -797,21 +900,72 @@ function parseObjectTypeUpdateArgs(args) {
         if (!arg.startsWith("-"))
             positional.push(arg);
     }
-    const [knId, otId] = positional;
+    const [knId, otId, maybeBody] = positional;
     if (!knId || !otId) {
-        throw new Error("Usage: kweaver bkn object-type update <kn-id> <ot-id> [--name X] [--display-key Y]");
+        throw new Error("Usage: kweaver bkn object-type update <kn-id> <ot-id> [ '<full-json-body>' ] [--name ...] [--add-property|--update-property '<json>' ...] [--remove-property <name> ...]");
+    }
+    const hasMergeFlags = name !== undefined ||
+        displayKey !== undefined ||
+        addProperties.length > 0 ||
+        removeProperties.length > 0 ||
+        tagsJson !== undefined ||
+        comment !== undefined ||
+        icon !== undefined ||
+        color !== undefined;
+    if (maybeBody !== undefined && maybeBody.trim().startsWith("{")) {
+        if (hasMergeFlags) {
+            throw new Error("Do not combine a raw JSON body with --name/--add-property/--update-property/--remove-property and other merge flags.");
+        }
+        if (!businessDomain)
+            businessDomain = resolveBusinessDomain();
+        return {
+            mode: "body",
+            knId,
+            otId,
+            body: maybeBody.trim(),
+            businessDomain,
+            pretty,
+        };
+    }
+    if (maybeBody !== undefined) {
+        throw new Error(`Unexpected third argument "${maybeBody}". For raw PUT body, pass a single JSON object starting with "{".`);
     }
-    const payload = {};
-    if (name !== undefined)
-        payload.name = name;
-    if (displayKey !== undefined)
-        payload.display_key = displayKey;
-    if (Object.keys(payload).length === 0) {
-        throw new Error("No update fields. Use --name or --display-key.");
+    let tags;
+    if (tagsJson !== undefined) {
+        try {
+            const t = JSON.parse(tagsJson);
+            if (!Array.isArray(t) || !t.every((x) => typeof x === "string")) {
+                throw new Error("invalid");
+            }
+            tags = t;
+        }
+        catch {
+            throw new Error(`--tags must be a JSON array of strings, e.g. '["足球","球员"]'`);
+        }
+    }
+    const merge = {
+        addProperties,
+        removeProperties,
+        ...(name !== undefined ? { name } : {}),
+        ...(displayKey !== undefined ? { displayKey } : {}),
+        ...(tags !== undefined ? { tags } : {}),
+        ...(comment !== undefined ? { comment } : {}),
+        ...(icon !== undefined ? { icon } : {}),
+        ...(color !== undefined ? { color } : {}),
+    };
+    if (merge.name === undefined &&
+        merge.displayKey === undefined &&
+        merge.addProperties.length === 0 &&
+        merge.removeProperties.length === 0 &&
+        merge.tags === undefined &&
+        merge.comment === undefined &&
+        merge.icon === undefined &&
+        merge.color === undefined) {
+        throw new Error("No update fields. Use --name, --display-key, --add-property (new), --update-property (same as add; replaces by name), --remove-property, --tags, --comment, --icon, --color, or pass a full JSON object as the third argument.");
     }
     if (!businessDomain)
         businessDomain = resolveBusinessDomain();
-    return { knId, otId, body: JSON.stringify(payload), businessDomain, pretty };
+    return { mode: "merge", knId, otId, merge, businessDomain, pretty, branch };
 }
 /** Parse object-type delete args: <kn-id> <ot-ids> [-y] */
 function parseObjectTypeDeleteArgs(args) {
@@ -959,14 +1113,15 @@ async function runKnObjectTypeCommand(args) {
         console.log(`kweaver bkn object-type list <kn-id> [--pretty] [-bd value]
 kweaver bkn object-type get <kn-id> <ot-id> [--pretty] [-bd value]
 kweaver bkn object-type create <kn-id> --name X --dataview-id Y --primary-key Z --display-key W [--property '<json>' ...]
-kweaver bkn object-type update <kn-id> <ot-id> [--name X] [--display-key Y]
+kweaver bkn object-type update <kn-id> <ot-id> [--name X] [--display-key Y] [--add-property|--update-property '<json>' ...] [--remove-property N ...] [--tags '["a","b"]'] [--comment S] [--icon I] [--color C] [--branch main]
+  kweaver bkn object-type update <kn-id> <ot-id> '<full-json-body>'
 kweaver bkn object-type delete <kn-id> <ot-ids> [-y]
 kweaver bkn object-type query <kn-id> <ot-id> ['<json>'] [--limit <n>] [--search-after '<json-array>'] [--pretty] [-bd value]
 kweaver bkn object-type properties <kn-id> <ot-id> '<json>' [--pretty] [-bd value]
 
 list: List object types (schema) from ontology-manager.
 get: Get single object type details.
-create/update/delete: Schema CRUD (create requires dataview-id).
+create/update/delete: Schema CRUD (create requires dataview-id). update: merge flags (--add-property / --update-property / --remove-property, etc.) GET-merge-PUT; or full JSON as third arg.
 query: Query via ontology-query API. Default limit is 30 if not specified. Use --search-after for pagination.
 properties: Query instance properties by primary key.
 
@@ -1009,12 +1164,37 @@ properties JSON format: {"_instance_identities":[{"<primary-key>":"<value>"}],"p
         if (action === "update") {
             const opts = parseObjectTypeUpdateArgs(rest);
             const token = await ensureValidToken();
+            let putBody;
+            if (opts.mode === "body") {
+                putBody = opts.body;
+            }
+            else {
+                const raw = await getObjectType({
+                    baseUrl: token.baseUrl,
+                    accessToken: token.accessToken,
+                    knId: opts.knId,
+                    otId: opts.otId,
+                    businessDomain: opts.businessDomain,
+                    branch: opts.branch,
+                });
+                const parsed = JSON.parse(raw);
+                const entryUnknown = parsed.entries;
+                const entry = Array.isArray(entryUnknown) && entryUnknown.length > 0 && entryUnknown[0] && typeof entryUnknown[0] === "object"
+                    ? entryUnknown[0]
+                    : parsed;
+                if (!entry || typeof entry !== "object") {
+                    throw new Error("Unexpected object-type GET response shape.");
+                }
+                const stripped = stripObjectTypeForPut(entry);
+                applyObjectTypeMerge(stripped, opts.merge);
+                putBody = JSON.stringify(stripped);
+            }
             const body = await updateObjectType({
                 baseUrl: token.baseUrl,
                 accessToken: token.accessToken,
                 knId: opts.knId,
                 otId: opts.otId,
-                body: opts.body,
+                body: putBody,
                 businessDomain: opts.businessDomain,
             });
             console.log(formatCallOutput(body, opts.pretty));
@@ -1097,7 +1277,8 @@ JSON: {"_instance_identities":[{"<primary-key>":"<value>"}],"properties":["prop1
     catch (error) {
         if (error instanceof Error && error.message === "help") {
             console.log(`kweaver bkn object-type create <kn-id> --name X --dataview-id Y --primary-key Z --display-key W [--property '<json>' ...]
-kweaver bkn object-type update <kn-id> <ot-id> [--name X] [--display-key Y]
+kweaver bkn object-type update <kn-id> <ot-id> [--name X] [--display-key Y] [--add-property|--update-property '<json>' ...] [--remove-property N ...] [--tags '["a"]'] [--comment S] [--icon I] [--color C] [--branch main]
+  kweaver bkn object-type update <kn-id> <ot-id> '<full-json-body>'
 kweaver bkn object-type delete <kn-id> <ot-ids> [-y]`);
             return 0;
         }
@@ -2264,8 +2445,13 @@ export function packDirectoryToTar(dirPath) {
         encoding: "buffer",
         env: { ...process.env, COPYFILE_DISABLE: "1" },
     });
-    if (result.error)
+    if (result.error) {
+        if ("code" in result.error && result.error.code === "ENOENT") {
+            throw new Error("tar executable not found. On Windows, ensure tar.exe is in PATH " +
+                "(ships with Windows 10 1803+) or install GNU tar via Git for Windows / scoop.");
+        }
         throw result.error;
+    }
     if (result.status !== 0) {
         throw new Error(`tar pack failed: ${result.stderr?.toString() ?? result.status}`);
     }
@@ -2278,6 +2464,10 @@ export function extractTarToDirectory(tarBuffer, dirPath) {
         input: tarBuffer,
     });
     if (result.error) {
+        if ("code" in result.error && result.error.code === "ENOENT") {
+            throw new Error("tar executable not found. On Windows, ensure tar.exe is in PATH " +
+                "(ships with Windows 10 1803+) or install GNU tar via Git for Windows / scoop.");
+        }
         throw result.error;
     }
     if (result.status !== 0) {
@@ -2291,7 +2481,10 @@ Pack a BKN directory into a tar and upload to import as a knowledge network.
 Options:
   --branch <s>       Branch name (default: main)
   -bd, --biz-domain  Business domain (default: bd_public)
-  --pretty           Pretty-print JSON output`;
+  --pretty           Pretty-print JSON output
+  --detect-encoding  Detect .bkn encoding and normalize to UTF-8 (default: on)
+  --no-detect-encoding  Do not detect; require UTF-8 .bkn files
+  --source-encoding <name>  Decode all .bkn files with this encoding (e.g. gb18030); overrides detection`;
 const KN_PULL_HELP = `kweaver bkn pull <kn-id> [<directory>] [options]
 
 Download a BKN tar from a knowledge network and extract to a local directory.
@@ -2302,12 +2495,28 @@ Options:
   -bd, --biz-domain  Business domain (default: bd_public)`;
 async function runKnValidateCommand(args) {
     if (args.includes("--help") || args.includes("-h")) {
-        console.log("Usage: kweaver bkn validate <directory>\n\nValidate a local BKN directory without uploading.");
+        console.log("Usage: kweaver bkn validate <directory> [options]\n\n" +
+            "Validate a local BKN directory without uploading.\n\n" +
+            "Options:\n" +
+            "  --detect-encoding       Detect .bkn encoding and normalize to UTF-8 (default: on)\n" +
+            "  --no-detect-encoding    Require UTF-8 .bkn files\n" +
+            "  --source-encoding <n>   Decode all .bkn with this encoding (e.g. gb18030)");
         return 0;
     }
-    const directory = args.find((a) => !a.startsWith("-"));
+    let encodingOptions;
+    let restArgs;
+    try {
+        const stripped = stripBknEncodingCliArgs(args);
+        encodingOptions = stripped.options;
+        restArgs = stripped.rest;
+    }
+    catch (e) {
+        console.error(e instanceof Error ? e.message : String(e));
+        return 1;
+    }
+    const directory = restArgs.find((a) => !a.startsWith("-"));
     if (!directory) {
-        console.error("Missing directory. Usage: kweaver bkn validate <directory>");
+        console.error("Missing directory. Usage: kweaver bkn validate <directory> [options]");
         return 1;
     }
     const absDir = resolve(directory);
@@ -2325,8 +2534,9 @@ async function runKnValidateCommand(args) {
         }
         throw err;
     }
+    const prepared = prepareBknDirectoryForImport(absDir, encodingOptions);
     try {
-        const network = await loadNetwork(absDir);
+        const network = await loadNetwork(prepared.dir);
         const result = validateNetwork(network);
         if (!result.ok) {
             for (const e of result.errors)
@@ -2344,6 +2554,9 @@ async function runKnValidateCommand(args) {
         console.error(`BKN validation failed: ${error instanceof Error ? error.message : String(error)}`);
         return 1;
     }
+    finally {
+        prepared.cleanup();
+    }
 }
 async function runKnPushCommand(args) {
     let options;
@@ -2373,41 +2586,48 @@ async function runKnPushCommand(args) {
         }
         throw err;
     }
+    const prepared = prepareBknDirectoryForImport(absDir, options.encodingOptions);
+    const workDir = prepared.dir;
     try {
-        const network = await loadNetwork(absDir);
-        const objs = allObjects(network);
-        const rels = allRelations(network);
-        const acts = allActions(network);
-        console.error(`Validated: ${objs.length} object types, ${rels.length} relation types, ${acts.length} action types`);
-    }
-    catch (error) {
-        console.error(`BKN validation failed: ${error instanceof Error ? error.message : String(error)}`);
-        return 1;
-    }
-    try {
-        await generateChecksum(absDir);
-        console.error("Checksum generated");
-    }
-    catch (error) {
-        console.error(`Checksum generation failed: ${error instanceof Error ? error.message : String(error)}`);
-        return 1;
-    }
-    try {
-        const tarBuffer = packDirectoryToTar(absDir);
-        const token = await ensureValidToken();
-        const body = await uploadBkn({
-            baseUrl: token.baseUrl,
-            accessToken: token.accessToken,
-            tarBuffer,
-            businessDomain: options.businessDomain,
-            branch: options.branch,
-        });
-        console.log(formatCallOutput(body, options.pretty));
-        return 0;
+        try {
+            const network = await loadNetwork(workDir);
+            const objs = allObjects(network);
+            const rels = allRelations(network);
+            const acts = allActions(network);
+            console.error(`Validated: ${objs.length} object types, ${rels.length} relation types, ${acts.length} action types`);
+        }
+        catch (error) {
+            console.error(`BKN validation failed: ${error instanceof Error ? error.message : String(error)}`);
+            return 1;
+        }
+        try {
+            await generateChecksum(workDir);
+            console.error("Checksum generated");
+        }
+        catch (error) {
+            console.error(`Checksum generation failed: ${error instanceof Error ? error.message : String(error)}`);
+            return 1;
+        }
+        try {
+            const tarBuffer = packDirectoryToTar(workDir);
+            const token = await ensureValidToken();
+            const body = await uploadBkn({
+                baseUrl: token.baseUrl,
+                accessToken: token.accessToken,
+                tarBuffer,
+                businessDomain: options.businessDomain,
+                branch: options.branch,
+            });
+            console.log(formatCallOutput(body, options.pretty));
+            return 0;
+        }
+        catch (error) {
+            console.error(formatHttpError(error));
+            return 1;
+        }
     }
-    catch (error) {
-        console.error(formatHttpError(error));
-        return 1;
+    finally {
+        prepared.cleanup();
     }
 }
 async function runKnPullCommand(args) {

package/dist/commands/call.js

@@ -125,7 +125,7 @@ Options:
   <url>              API path (e.g. /api/ontology-manager/v1/knowledge-networks)
   -X, --request      HTTP method (default: GET)
   -H, --header       Extra header (repeatable)
-  -d, --data         JSON request body
+  -d, --data, --data-raw   JSON request body (sets Content-Type: application/json if not set)
   -bd, --biz-domain  Override x-business-domain (default: bd_public)
   -v, --verbose      Print request info to stderr
   --pretty           Pretty-print JSON output (default)`);
@@ -147,6 +147,12 @@ Options:
             : invocation.url;
         const headers = new Headers(invocation.headers);
         injectAuthHeaders(headers, token.accessToken, invocation.businessDomain);
+        if (invocation.body !== undefined &&
+            invocation.body.length > 0 &&
+            !headers.has("content-type") &&
+            !headers.has("Content-Type")) {
+            headers.set("content-type", "application/json");
+        }
         if (invocation.verbose) {
             for (const line of formatVerboseRequest({ ...invocation, url, headers })) {
                 console.error(line);

package/dist/config/store.js

@@ -24,9 +24,10 @@ function getLegacyTokenFilePath() {
 function getLegacyCallbackFilePath() {
     return join(getConfigDirPath(), "callback.json");
 }
+const IS_WIN32 = process.platform === "win32";
 function ensureDir(path) {
     if (!existsSync(path)) {
-        mkdirSync(path, { recursive: true, mode: 0o700 });
+        mkdirSync(path, { recursive: true, ...(IS_WIN32 ? {} : { mode: 0o700 }) });
     }
 }
 function ensureConfigDir() {
@@ -41,8 +42,9 @@ function readJsonFile(filePath) {
 }
 function writeJsonFile(filePath, value) {
     ensureConfigDir();
-    writeFileSync(filePath, `${JSON.stringify(value, null, 2)}\n`, { mode: 0o600 });
-    chmodSync(filePath, 0o600);
+    writeFileSync(filePath, `${JSON.stringify(value, null, 2)}\n`, IS_WIN32 ? {} : { mode: 0o600 });
+    if (!IS_WIN32)
+        chmodSync(filePath, 0o600);
 }
 function encodePlatformKey(baseUrl) {
     return Buffer.from(baseUrl, "utf8")

package/dist/utils/bkn-encoding.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Normalize .bkn file bytes to UTF-8 for BKN import (validate / push).
+ * Used when --detect-encoding (default) or --source-encoding is active.
+ */
+/** Minimum confidence (0–1) for charset detection before failing. */
+export declare const BKN_DETECT_MIN_CONFIDENCE = 0.65;
+export interface BknEncodingImportOptions {
+    /** When true (default), detect encoding for non-UTF-8 .bkn files. */
+    detectEncoding: boolean;
+    /** When set, decode all .bkn files with this encoding (overrides detection). */
+    sourceEncoding: string | null;
+}
+/**
+ * Parse --no-detect-encoding, --detect-encoding, --source-encoding <name> from argv.
+ * Remaining args are returned for positional parsing (directory, etc.).
+ */
+export declare function stripBknEncodingCliArgs(args: string[]): {
+    rest: string[];
+    options: BknEncodingImportOptions;
+};
+/**
+ * Decode raw .bkn bytes to a UTF-8 Buffer (no BOM).
+ */
+export declare function normalizeBknFileBytes(raw: Buffer, options: BknEncodingImportOptions, fileLabel: string): Buffer;
+/**
+ * When normalization is needed, copy the tree to a temp dir with .bkn files normalized to UTF-8.
+ * Returns the directory to pass to loadNetwork and a cleanup function.
+ */
+export declare function prepareBknDirectoryForImport(absDir: string, options: BknEncodingImportOptions): {
+    dir: string;
+    cleanup: () => void;
+};

package/dist/utils/bkn-encoding.js

@@ -0,0 +1,152 @@
+/**
+ * Normalize .bkn file bytes to UTF-8 for BKN import (validate / push).
+ * Used when --detect-encoding (default) or --source-encoding is active.
+ */
+import { copyFileSync, mkdirSync, mkdtempSync, readdirSync, readFileSync, rmSync, writeFileSync, } from "node:fs";
+import { tmpdir } from "node:os";
+import { join, relative, resolve } from "node:path";
+import chardet from "chardet";
+import iconv from "iconv-lite";
+/** Minimum confidence (0–1) for charset detection before failing. */
+export const BKN_DETECT_MIN_CONFIDENCE = 0.65;
+/**
+ * Parse --no-detect-encoding, --detect-encoding, --source-encoding <name> from argv.
+ * Remaining args are returned for positional parsing (directory, etc.).
+ */
+export function stripBknEncodingCliArgs(args) {
+    let detectEncoding = true;
+    let sourceEncoding = null;
+    const rest = [];
+    for (let i = 0; i < args.length; i += 1) {
+        const arg = args[i];
+        if (arg === "--no-detect-encoding") {
+            detectEncoding = false;
+            continue;
+        }
+        if (arg === "--detect-encoding") {
+            detectEncoding = true;
+            continue;
+        }
+        if (arg === "--source-encoding") {
+            const v = args[i + 1];
+            if (!v || v.startsWith("-")) {
+                throw new Error("Missing value for --source-encoding (e.g. gb18030)");
+            }
+            sourceEncoding = v;
+            i += 1;
+            continue;
+        }
+        rest.push(arg);
+    }
+    return {
+        rest,
+        options: { detectEncoding, sourceEncoding },
+    };
+}
+function isValidUtf8(buf) {
+    try {
+        new TextDecoder("utf-8", { fatal: true }).decode(buf);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function stripUtf8Bom(buf) {
+    if (buf.length >= 3 && buf[0] === 0xef && buf[1] === 0xbb && buf[2] === 0xbf) {
+        return buf.subarray(3);
+    }
+    return buf;
+}
+/**
+ * Decode raw .bkn bytes to a UTF-8 Buffer (no BOM).
+ */
+export function normalizeBknFileBytes(raw, options, fileLabel) {
+    if (options.sourceEncoding) {
+        const enc = options.sourceEncoding.trim().toLowerCase();
+        if (enc === "utf-8" || enc === "utf8") {
+            const body = stripUtf8Bom(raw);
+            if (!isValidUtf8(body)) {
+                throw new Error(`Invalid UTF-8 in ${fileLabel} despite --source-encoding utf-8`);
+            }
+            return Buffer.from(body.toString("utf8"), "utf8");
+        }
+        if (!iconv.encodingExists(enc)) {
+            throw new Error(`Unsupported --source-encoding: ${options.sourceEncoding}`);
+        }
+        const text = iconv.decode(raw, enc);
+        return Buffer.from(text, "utf8");
+    }
+    if (!options.detectEncoding) {
+        const body = stripUtf8Bom(raw);
+        if (!isValidUtf8(body)) {
+            throw new Error(`Invalid UTF-8 in ${fileLabel}. Use --detect-encoding (default) or --source-encoding (e.g. gb18030).`);
+        }
+        return Buffer.from(body.toString("utf8"), "utf8");
+    }
+    let work = stripUtf8Bom(raw);
+    if (isValidUtf8(work)) {
+        return Buffer.from(work.toString("utf8"), "utf8");
+    }
+    const matches = chardet.analyse(work);
+    const best = matches[0];
+    if (!best || best.confidence < BKN_DETECT_MIN_CONFIDENCE) {
+        throw new Error(`Could not detect encoding confidently for ${fileLabel} (best confidence ${best?.confidence ?? 0}). ` +
+            `Try --source-encoding gb18030 or save files as UTF-8.`);
+    }
+    const name = best.name ?? "utf-8";
+    if (!iconv.encodingExists(name)) {
+        throw new Error(`Detected encoding "${name}" is not supported for ${fileLabel}. Try --source-encoding.`);
+    }
+    const text = iconv.decode(work, name);
+    return Buffer.from(text, "utf8");
+}
+/**
+ * When normalization is needed, copy the tree to a temp dir with .bkn files normalized to UTF-8.
+ * Returns the directory to pass to loadNetwork and a cleanup function.
+ */
+export function prepareBknDirectoryForImport(absDir, options) {
+    const needWork = options.sourceEncoding != null || options.detectEncoding;
+    if (!needWork) {
+        return { dir: absDir, cleanup: () => { } };
+    }
+    const root = resolve(absDir);
+    const tmpRoot = mkdtempSync(join(tmpdir(), "kweaver-bkn-"));
+    function walk(srcDir, destDir) {
+        mkdirSync(destDir, { recursive: true });
+        const entries = readdirSync(srcDir, { withFileTypes: true });
+        for (const entry of entries) {
+            if (entry.name === "." || entry.name === "..")
+                continue;
+            const srcPath = join(srcDir, entry.name);
+            const destPath = join(destDir, entry.name);
+            if (entry.isDirectory()) {
+                walk(srcPath, destPath);
+                continue;
+            }
+            if (!entry.isFile())
+                continue;
+            if (entry.name.endsWith(".bkn")) {
+                const raw = readFileSync(srcPath);
+                const rel = relative(root, srcPath) || entry.name;
+                const out = normalizeBknFileBytes(raw, options, rel);
+                writeFileSync(destPath, out);
+            }
+            else {
+                copyFileSync(srcPath, destPath);
+            }
+        }
+    }
+    walk(root, tmpRoot);
+    return {
+        dir: tmpRoot,
+        cleanup: () => {
+            try {
+                rmSync(tmpRoot, { recursive: true, force: true });
+            }
+            catch {
+                /* ignore */
+            }
+        },
+    };
+}

package/dist/utils/browser.js

@@ -1,20 +1,23 @@
 import { spawn } from "node:child_process";
 export function openBrowser(url) {
-    const command = process.platform === "darwin"
-        ? "open"
-        : process.platform === "win32"
-            ? "cmd"
-            : "xdg-open";
-    const args = process.platform === "win32"
-        ? ["/c", "start", "", url]
+    const isWindows = process.platform === "win32";
+    const command = process.platform === "darwin" ? "open" : isWindows ? "rundll32.exe" : "xdg-open";
+    const args = isWindows
+        ? [
+            "url.dll,FileProtocolHandler",
+            url,
+        ]
         : [url];
     return new Promise((resolve) => {
         const child = spawn(command, args, {
-            detached: true,
             stdio: "ignore",
+            detached: !isWindows,
+            windowsHide: true,
         });
-        child.on("error", () => resolve(false));
-        child.unref();
-        resolve(true);
+        child.once("error", () => resolve(false));
+        child.once("spawn", () => resolve(true));
+        if (!isWindows) {
+            child.unref();
+        }
     });
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kweaver-ai/kweaver-sdk",
-  "version": "0.4.7",
+  "version": "0.4.9",
   "description": "KWeaver TypeScript SDK — CLI tool and programmatic API for knowledge networks and Decision Agents.",
   "type": "module",
   "main": "./dist/index.js",
@@ -28,7 +28,8 @@
     "start": "node ./dist/cli.js",
     "lint": "tsc --noEmit -p tsconfig.json",
     "test": "node --import tsx --test test/*.test.ts",
-    "test:e2e": "node --import tsx --test test/e2e/**/*.test.ts",
+    "test:e2e": "node --import tsx test/e2e/ensure-token.ts && node --import tsx --test --test-concurrency=1 test/e2e/**/*.test.ts",
+    "test:e2e:strict": "node test/e2e/run-e2e-strict.mjs",
     "prepublishOnly": "npm run build"
   },
   "keywords": [
@@ -50,6 +51,7 @@
   "devDependencies": {
     "@types/node": "^24.6.0",
     "@types/react": "^19.2.14",
+    "playwright": "^1.58.2",
     "tsx": "^4.20.5",
     "typescript": "^5.9.3"
   },
@@ -63,6 +65,9 @@
   },
   "dependencies": {
     "@kweaver-ai/bkn": "^0.1.0",
+    "@playwright/test": "^1.58.2",
+    "chardet": "^2.1.1",
+    "iconv-lite": "^0.7.2",
     "ink": "^6.8.0",
     "ink-spinner": "^5.0.0",
     "ink-text-input": "^6.0.0",