@kweaver-ai/kweaver-sdk 0.5.1 → 0.6.0

package/dist/config/store.d.ts

@@ -1,3 +1,11 @@
+export { NO_AUTH_TOKEN, isNoAuth } from "./no-auth.js";
+/**
+ * Persist a no-auth session for a platform (users/default/token.json) and set it as current.
+ * Used by `kweaver auth <url> --no-auth` and when OAuth registration returns 404.
+ */
+export declare function saveNoAuthPlatform(baseUrl: string, opts?: {
+    tlsInsecure?: boolean;
+}): TokenConfig;
 export interface TokenConfig {
     baseUrl: string;
     accessToken: string;
@@ -10,6 +18,8 @@ export interface TokenConfig {
     obtainedAt: string;
     /** When true, skip TLS certificate verification for this platform (saved by `kweaver auth --insecure`). */
     tlsInsecure?: boolean;
+    /** Human-readable display name fetched from userinfo at login time. */
+    displayName?: string;
 }
 /** OAuth2 client registration (per platform), used for refresh_token grant. */
 export interface ClientConfig {
@@ -38,7 +48,37 @@ export interface PlatformSummary {
     hasToken: boolean;
     isCurrent: boolean;
     alias?: string;
+    /** Active user ID for this platform (from id_token sub claim). */
+    userId?: string;
+    /** Human-readable name persisted from /oauth2/userinfo at login time. */
+    displayName?: string;
+}
+/** Extract userId from a TokenConfig (try idToken, then accessToken, fallback "default"). */
+export declare function extractUserId(token: TokenConfig): string;
+/** Get the active userId for a platform. */
+export declare function getActiveUser(baseUrl: string): string | null;
+/** Set the active userId for a platform. */
+export declare function setActiveUser(baseUrl: string, userId: string): void;
+/** List all user IDs stored under a platform. */
+export declare function listUsers(baseUrl: string): string[];
+/** Load a specific user's token (not necessarily the active user). */
+export declare function loadUserTokenConfig(baseUrl: string, userId: string): TokenConfig | null;
+export interface UserProfile {
+    userId: string;
+    username?: string;
+    email?: string;
 }
+/**
+ * List all user profiles for a platform, enriched with display names.
+ *
+ * Resolution order for username:
+ *   1. ``displayName`` field persisted in token.json (set at login via /oauth2/userinfo)
+ *   2. ``preferred_username`` or ``name`` decoded from id_token JWT
+ */
+export declare function listUserProfiles(baseUrl: string): UserProfile[];
+/** Resolve a user identifier (userId, username, or email) to a userId for the given platform.
+ *  userId and username are matched case-sensitively; email is case-insensitive. */
+export declare function resolveUserId(baseUrl: string, identifier: string): string | null;
 export declare function getConfigDir(): string;
 export declare function getCurrentPlatform(): string | null;
 export declare function setCurrentPlatform(baseUrl: string): void;
@@ -47,9 +87,10 @@ export declare function deletePlatformAlias(baseUrl: string): void;
 export declare function getPlatformAlias(baseUrl: string): string | null;
 export declare function resolvePlatformIdentifier(value: string): string | null;
 export declare function loadTokenConfig(baseUrl?: string): TokenConfig | null;
-export declare function saveTokenConfig(config: TokenConfig): void;
+export declare function saveTokenConfig(config: TokenConfig, userId?: string): void;
 export declare function loadClientConfig(baseUrl?: string): ClientConfig | null;
 export declare function saveClientConfig(baseUrl: string, config: ClientConfig): void;
+export declare function deleteClientConfig(baseUrl: string): void;
 export declare function loadContextLoaderConfig(baseUrl?: string): ContextLoaderConfig | null;
 export declare function saveContextLoaderConfig(baseUrl: string, config: ContextLoaderConfig): void;
 export interface CurrentContextLoaderKn {
@@ -61,10 +102,9 @@ export declare function addContextLoaderEntry(baseUrl: string, name: string, knI
 export declare function setCurrentContextLoader(baseUrl: string, name: string): void;
 export declare function removeContextLoaderEntry(baseUrl: string, name: string): void;
 export declare function hasPlatform(baseUrl: string): boolean;
-/**
- * Remove token for a platform so the next auth will do a full login.
- */
-export declare function clearPlatformSession(baseUrl: string): void;
+export declare function clearPlatformSession(baseUrl: string, userId?: string): void;
+/** Delete a single user's profile directory under a platform. */
+export declare function deleteUser(baseUrl: string, userId: string): void;
 export declare function deletePlatform(baseUrl: string): void;
 export declare function listPlatforms(): PlatformSummary[];
 /** Per-platform config (not auth — general settings). */

package/dist/config/store.js

@@ -1,12 +1,34 @@
-import { chmodSync, existsSync, mkdirSync, readFileSync, readdirSync, rmSync, statSync, writeFileSync, } from "node:fs";
+import { chmodSync, existsSync, mkdirSync, readFileSync, readdirSync, renameSync, rmSync, statSync, writeFileSync, } from "node:fs";
 import { homedir } from "node:os";
 import { join } from "node:path";
 import { listBusinessDomains } from "../api/business-domains.js";
+import { NO_AUTH_TOKEN } from "./no-auth.js";
+import { decodeJwtPayload, extractUserIdFromJwt } from "./jwt.js";
+export { NO_AUTH_TOKEN, isNoAuth } from "./no-auth.js";
+/**
+ * Persist a no-auth session for a platform (users/default/token.json) and set it as current.
+ * Used by `kweaver auth <url> --no-auth` and when OAuth registration returns 404.
+ */
+export function saveNoAuthPlatform(baseUrl, opts) {
+    const base = baseUrl.replace(/\/+$/, "");
+    const token = {
+        baseUrl: base,
+        accessToken: NO_AUTH_TOKEN,
+        tokenType: "none",
+        scope: "",
+        obtainedAt: new Date().toISOString(),
+    };
+    if (opts?.tlsInsecure) {
+        token.tlsInsecure = true;
+    }
+    saveTokenConfig(token);
+    setCurrentPlatform(base);
+    return token;
+}
 const MCP_PATH = "/api/agent-retrieval/v1/mcp";
 function buildMcpUrl(baseUrl) {
     return baseUrl.replace(/\/+$/, "") + MCP_PATH;
 }
-const CONFIG_DIR = process.env.KWEAVERC_CONFIG_DIR || join(homedir(), ".kweaver");
 function getConfigDirPath() {
     return process.env.KWEAVERC_CONFIG_DIR || join(homedir(), ".kweaver");
 }
@@ -43,6 +65,8 @@ function readJsonFile(filePath) {
 }
 function writeJsonFile(filePath, value) {
     ensureConfigDir();
+    const dir = join(filePath, "..");
+    ensureDir(dir);
     writeFileSync(filePath, `${JSON.stringify(value, null, 2)}\n`, IS_WIN32 ? {} : { mode: 0o600 });
     if (!IS_WIN32)
         chmodSync(filePath, 0o600);
@@ -63,6 +87,56 @@ function getPlatformFile(baseUrl, filename) {
 function ensurePlatformDir(baseUrl) {
     ensureDir(getPlatformDir(baseUrl));
 }
+// ---------------------------------------------------------------------------
+// User-scoped file routing
+// ---------------------------------------------------------------------------
+/** Files that live under users/<userId>/ instead of at platform root. */
+const USER_SCOPED_FILES = new Set(["token.json", "config.json", "context-loader.json"]);
+function getUserDir(baseUrl, userId) {
+    return join(getPlatformDir(baseUrl), "users", userId);
+}
+function getUsersDirPath(baseUrl) {
+    return join(getPlatformDir(baseUrl), "users");
+}
+/**
+ * Resolve a per-platform file path, routing user-scoped files through the
+ * active user's subdirectory with auto-migration fallback.
+ */
+function resolveFile(baseUrl, filename) {
+    if (!USER_SCOPED_FILES.has(filename)) {
+        return getPlatformFile(baseUrl, filename);
+    }
+    const userId = getActiveUserRaw(baseUrl);
+    if (userId) {
+        const userPath = join(getUserDir(baseUrl, userId), filename);
+        if (existsSync(userPath))
+            return userPath;
+    }
+    // Fallback: check platform root for legacy / partially-migrated files
+    const legacyPath = getPlatformFile(baseUrl, filename);
+    if (existsSync(legacyPath)) {
+        // If legacy token.json exists, trigger full on-demand migration
+        const legacyToken = getPlatformFile(baseUrl, "token.json");
+        if (existsSync(legacyToken)) {
+            migratePlatformToUserScoped(baseUrl);
+            const migratedUser = getActiveUserRaw(baseUrl);
+            if (migratedUser) {
+                const migratedPath = join(getUserDir(baseUrl, migratedUser), filename);
+                if (existsSync(migratedPath))
+                    return migratedPath;
+            }
+        }
+        // File exists at legacy root but no migration possible (e.g. token already migrated).
+        // Return legacy path so the caller can still read it.
+        return legacyPath;
+    }
+    if (userId)
+        return join(getUserDir(baseUrl, userId), filename);
+    return legacyPath;
+}
+// ---------------------------------------------------------------------------
+// State helpers
+// ---------------------------------------------------------------------------
 function readState() {
     return readJsonFile(getStateFilePath()) ?? {};
 }
@@ -72,6 +146,9 @@ function writeState(state) {
 function normalizeAlias(value) {
     return value.trim().toLowerCase();
 }
+// ---------------------------------------------------------------------------
+// Migration: legacy flat files → platforms/<encoded>/
+// ---------------------------------------------------------------------------
 function migrateLegacyFilesIfNeeded() {
     const legacyClientFile = getLegacyClientFilePath();
     const legacyTokenFile = getLegacyTokenFilePath();
@@ -105,10 +182,182 @@ function migrateLegacyFilesIfNeeded() {
         writeState({ ...state, currentPlatform: baseUrl });
     }
 }
+// ---------------------------------------------------------------------------
+// Migration: flat platform dir → users/<userId>/ scoped layout
+// ---------------------------------------------------------------------------
+/** Extract userId from a TokenConfig (try idToken, then accessToken, fallback "default"). */
+export function extractUserId(token) {
+    if (token.idToken) {
+        const sub = extractUserIdFromJwt(token.idToken);
+        if (sub)
+            return sub;
+    }
+    if (token.accessToken) {
+        const sub = extractUserIdFromJwt(token.accessToken);
+        if (sub)
+            return sub;
+    }
+    return "default";
+}
+function migratePlatformToUserScoped(baseUrl) {
+    const platformDir = getPlatformDir(baseUrl);
+    const usersDir = getUsersDirPath(baseUrl);
+    const rootTokenFile = join(platformDir, "token.json");
+    if (!existsSync(rootTokenFile) || existsSync(usersDir)) {
+        return;
+    }
+    const token = readJsonFile(rootTokenFile);
+    if (!token)
+        return;
+    const userId = extractUserId(token);
+    const userDir = getUserDir(baseUrl, userId);
+    ensureDir(userDir);
+    renameSync(rootTokenFile, join(userDir, "token.json"));
+    const rootConfigFile = join(platformDir, "config.json");
+    if (existsSync(rootConfigFile)) {
+        renameSync(rootConfigFile, join(userDir, "config.json"));
+    }
+    const rootContextLoaderFile = join(platformDir, "context-loader.json");
+    if (existsSync(rootContextLoaderFile)) {
+        renameSync(rootContextLoaderFile, join(userDir, "context-loader.json"));
+    }
+    const resolvedUrl = token.baseUrl || baseUrl;
+    const state = readState();
+    const activeUsers = { ...(state.activeUsers ?? {}) };
+    activeUsers[resolvedUrl] = userId;
+    writeState({ ...state, activeUsers });
+}
+function migrateAllPlatformsToUserScoped() {
+    const platformsDir = getPlatformsDirPath();
+    if (!existsSync(platformsDir))
+        return;
+    for (const entry of readdirSync(platformsDir)) {
+        const dirPath = join(platformsDir, entry);
+        if (!statSync(dirPath).isDirectory())
+            continue;
+        const rootToken = join(dirPath, "token.json");
+        const usersDir = join(dirPath, "users");
+        if (!existsSync(rootToken) || existsSync(usersDir))
+            continue;
+        const token = readJsonFile(rootToken);
+        if (!token?.baseUrl)
+            continue;
+        migratePlatformToUserScoped(token.baseUrl);
+    }
+}
+// ---------------------------------------------------------------------------
+// Store initialization
+// ---------------------------------------------------------------------------
 function ensureStoreReady() {
     ensureConfigDir();
     migrateLegacyFilesIfNeeded();
+    migrateAllPlatformsToUserScoped();
+}
+// ---------------------------------------------------------------------------
+// Active user management
+// ---------------------------------------------------------------------------
+/** Read active user from state without triggering ensureStoreReady (avoids recursion). */
+function getActiveUserRaw(baseUrl) {
+    const state = readJsonFile(getStateFilePath()) ?? {};
+    const userId = state.activeUsers?.[baseUrl];
+    if (userId)
+        return userId;
+    // Fallback: scan users/ dir and pick the first one
+    const usersDir = getUsersDirPath(baseUrl);
+    if (!existsSync(usersDir))
+        return null;
+    for (const entry of readdirSync(usersDir)) {
+        const entryPath = join(usersDir, entry);
+        if (statSync(entryPath).isDirectory() && existsSync(join(entryPath, "token.json"))) {
+            return entry;
+        }
+    }
+    return null;
+}
+/** Get the active userId for a platform. */
+export function getActiveUser(baseUrl) {
+    ensureStoreReady();
+    return getActiveUserRaw(baseUrl);
+}
+/** Set the active userId for a platform. */
+export function setActiveUser(baseUrl, userId) {
+    ensureStoreReady();
+    const state = readState();
+    const activeUsers = { ...(state.activeUsers ?? {}) };
+    activeUsers[baseUrl] = userId;
+    writeState({ ...state, activeUsers });
+}
+/** List all user IDs stored under a platform. */
+export function listUsers(baseUrl) {
+    ensureStoreReady();
+    const usersDir = getUsersDirPath(baseUrl);
+    if (!existsSync(usersDir))
+        return [];
+    const users = [];
+    for (const entry of readdirSync(usersDir)) {
+        const entryPath = join(usersDir, entry);
+        if (statSync(entryPath).isDirectory()) {
+            users.push(entry);
+        }
+    }
+    return users.sort();
+}
+/** Load a specific user's token (not necessarily the active user). */
+export function loadUserTokenConfig(baseUrl, userId) {
+    ensureStoreReady();
+    return readJsonFile(join(getUserDir(baseUrl, userId), "token.json"));
+}
+/**
+ * List all user profiles for a platform, enriched with display names.
+ *
+ * Resolution order for username:
+ *   1. ``displayName`` field persisted in token.json (set at login via /oauth2/userinfo)
+ *   2. ``preferred_username`` or ``name`` decoded from id_token JWT
+ */
+export function listUserProfiles(baseUrl) {
+    const userIds = listUsers(baseUrl);
+    return userIds.map((userId) => {
+        const token = loadUserTokenConfig(baseUrl, userId);
+        let username;
+        let email;
+        if (token?.displayName) {
+            username = token.displayName;
+        }
+        if (token?.idToken) {
+            const payload = decodeJwtPayload(token.idToken);
+            if (payload) {
+                if (!username) {
+                    if (typeof payload.preferred_username === "string")
+                        username = payload.preferred_username;
+                    else if (typeof payload.name === "string")
+                        username = payload.name;
+                }
+                if (typeof payload.email === "string")
+                    email = payload.email;
+            }
+        }
+        return { userId, username, email };
+    });
 }
+/** Resolve a user identifier (userId, username, or email) to a userId for the given platform.
+ *  userId and username are matched case-sensitively; email is case-insensitive. */
+export function resolveUserId(baseUrl, identifier) {
+    const users = listUsers(baseUrl);
+    if (users.includes(identifier))
+        return identifier;
+    const profiles = listUserProfiles(baseUrl);
+    // Exact match on username (case-sensitive)
+    const exact = profiles.find((p) => p.username === identifier);
+    if (exact)
+        return exact.userId;
+    // Email match (case-insensitive per RFC 5321)
+    const lower = identifier.toLowerCase();
+    const byEmail = profiles.find((p) => p.email?.toLowerCase() === lower);
+    return byEmail?.userId ?? null;
+}
+// ---------------------------------------------------------------------------
+// Public API — platform & alias management
+// ---------------------------------------------------------------------------
 export function getConfigDir() {
     return getConfigDirPath();
 }
@@ -178,19 +427,32 @@ export function resolvePlatformIdentifier(value) {
     }
     return normalized;
 }
+// ---------------------------------------------------------------------------
+// Token config (user-scoped)
+// ---------------------------------------------------------------------------
 export function loadTokenConfig(baseUrl) {
     ensureStoreReady();
     const targetBaseUrl = baseUrl ?? getCurrentPlatform();
     if (!targetBaseUrl) {
         return null;
     }
-    return readJsonFile(getPlatformFile(targetBaseUrl, "token.json"));
+    return readJsonFile(resolveFile(targetBaseUrl, "token.json"));
 }
-export function saveTokenConfig(config) {
+export function saveTokenConfig(config, userId) {
     ensureStoreReady();
-    ensurePlatformDir(config.baseUrl);
-    writeJsonFile(getPlatformFile(config.baseUrl, "token.json"), config);
-}
+    const resolvedUser = userId ?? extractUserId(config);
+    const dir = getUserDir(config.baseUrl, resolvedUser);
+    ensureDir(dir);
+    writeJsonFile(join(dir, "token.json"), config);
+    // When KWEAVER_USER is set the caller is doing a one-off operation;
+    // don't change the persisted active user.
+    if (!process.env.KWEAVER_USER) {
+        setActiveUser(config.baseUrl, resolvedUser);
+    }
+}
+// ---------------------------------------------------------------------------
+// Client config (platform-level — shared across users)
+// ---------------------------------------------------------------------------
 export function loadClientConfig(baseUrl) {
     ensureStoreReady();
     const targetBaseUrl = baseUrl ?? getCurrentPlatform();
@@ -204,6 +466,11 @@ export function saveClientConfig(baseUrl, config) {
     ensurePlatformDir(baseUrl);
     writeJsonFile(getPlatformFile(baseUrl, "client.json"), { ...config, baseUrl });
 }
+export function deleteClientConfig(baseUrl) {
+    const filePath = getPlatformFile(baseUrl, "client.json");
+    if (existsSync(filePath))
+        rmSync(filePath, { force: true });
+}
 function migrateLegacyContextLoader(raw) {
     const leg = raw;
     if (leg?.knId && !Array.isArray(raw.configs)) {
@@ -220,7 +487,7 @@ export function loadContextLoaderConfig(baseUrl) {
     if (!targetBaseUrl) {
         return null;
     }
-    const raw = readJsonFile(getPlatformFile(targetBaseUrl, "context-loader.json"));
+    const raw = readJsonFile(resolveFile(targetBaseUrl, "context-loader.json"));
     if (!raw)
         return null;
     const migrated = migrateLegacyContextLoader(raw);
@@ -240,8 +507,16 @@ export function loadContextLoaderConfig(baseUrl) {
 }
 export function saveContextLoaderConfig(baseUrl, config) {
     ensureStoreReady();
-    ensurePlatformDir(baseUrl);
-    writeJsonFile(getPlatformFile(baseUrl, "context-loader.json"), config);
+    const userId = getActiveUser(baseUrl);
+    if (userId) {
+        const dir = getUserDir(baseUrl, userId);
+        ensureDir(dir);
+        writeJsonFile(join(dir, "context-loader.json"), config);
+    }
+    else {
+        ensurePlatformDir(baseUrl);
+        writeJsonFile(getPlatformFile(baseUrl, "context-loader.json"), config);
+    }
 }
 export function getCurrentContextLoaderKn(baseUrl) {
     ensureStoreReady();
@@ -297,7 +572,7 @@ export function removeContextLoaderEntry(baseUrl, name) {
         return;
     const newConfigs = config.configs.filter((c) => c.name !== name);
     if (newConfigs.length === 0) {
-        const file = getPlatformFile(baseUrl, "context-loader.json");
+        const file = resolveFile(baseUrl, "context-loader.json");
         if (existsSync(file))
             rmSync(file, { force: true });
         return;
@@ -308,18 +583,47 @@ export function removeContextLoaderEntry(baseUrl, name) {
     }
     saveContextLoaderConfig(baseUrl, { configs: newConfigs, current: newCurrent });
 }
+// ---------------------------------------------------------------------------
+// Platform existence / session management
+// ---------------------------------------------------------------------------
 export function hasPlatform(baseUrl) {
     ensureStoreReady();
-    return existsSync(getPlatformFile(baseUrl, "token.json"));
+    const file = resolveFile(baseUrl, "token.json");
+    if (existsSync(file))
+        return true;
+    return listUsers(baseUrl).length > 0;
 }
-/**
- * Remove token for a platform so the next auth will do a full login.
- */
-export function clearPlatformSession(baseUrl) {
+export function clearPlatformSession(baseUrl, userId) {
     ensureStoreReady();
-    const tokenFile = getPlatformFile(baseUrl, "token.json");
-    if (existsSync(tokenFile)) {
-        rmSync(tokenFile, { force: true });
+    const target = userId ?? getActiveUser(baseUrl);
+    if (target) {
+        const tokenFile = join(getUserDir(baseUrl, target), "token.json");
+        if (existsSync(tokenFile))
+            rmSync(tokenFile, { force: true });
+        return;
+    }
+    // Fallback: legacy flat layout
+    const legacyToken = getPlatformFile(baseUrl, "token.json");
+    if (existsSync(legacyToken))
+        rmSync(legacyToken, { force: true });
+}
+/** Delete a single user's profile directory under a platform. */
+export function deleteUser(baseUrl, userId) {
+    ensureStoreReady();
+    const dir = getUserDir(baseUrl, userId);
+    if (existsSync(dir))
+        rmSync(dir, { recursive: true, force: true });
+    const state = readState();
+    if (state.activeUsers?.[baseUrl] === userId) {
+        const remaining = listUsers(baseUrl);
+        const au = { ...(state.activeUsers ?? {}) };
+        if (remaining.length > 0) {
+            au[baseUrl] = remaining[0];
+        }
+        else {
+            delete au[baseUrl];
+        }
+        writeState({ ...state, activeUsers: Object.keys(au).length > 0 ? au : undefined });
     }
 }
 export function deletePlatform(baseUrl) {
@@ -331,33 +635,76 @@ export function deletePlatform(baseUrl) {
     deletePlatformAlias(baseUrl);
     rmSync(platformDir, { recursive: true, force: true });
     const state = readState();
+    const au = { ...(state.activeUsers ?? {}) };
+    delete au[baseUrl];
     if (state.currentPlatform !== baseUrl) {
+        writeState({ ...state, activeUsers: Object.keys(au).length > 0 ? au : undefined });
         return;
     }
     const remainingPlatforms = listPlatforms();
     writeState({
         ...readState(),
         currentPlatform: remainingPlatforms[0]?.baseUrl,
+        activeUsers: Object.keys(au).length > 0 ? au : undefined,
     });
 }
 export function listPlatforms() {
     ensureStoreReady();
     const currentPlatform = getCurrentPlatform();
     const items = [];
-    for (const entry of readdirSync(getPlatformsDirPath())) {
-        const dirPath = join(getPlatformsDirPath(), entry);
+    const platformsDir = getPlatformsDirPath();
+    if (!existsSync(platformsDir))
+        return items;
+    for (const entry of readdirSync(platformsDir)) {
+        const dirPath = join(platformsDir, entry);
         if (!statSync(dirPath).isDirectory()) {
             continue;
         }
-        const token = readJsonFile(join(dirPath, "token.json"));
-        if (!token?.baseUrl) {
+        // Try to find the baseUrl from any available token
+        let baseUrl = null;
+        // Check users/ subdirectory first (new layout)
+        const usersDir = join(dirPath, "users");
+        if (existsSync(usersDir)) {
+            for (const userEntry of readdirSync(usersDir)) {
+                const userTokenPath = join(usersDir, userEntry, "token.json");
+                const userToken = readJsonFile(userTokenPath);
+                if (userToken?.baseUrl) {
+                    baseUrl = userToken.baseUrl;
+                    break;
+                }
+            }
+        }
+        // Fallback: legacy flat layout
+        if (!baseUrl) {
+            const token = readJsonFile(join(dirPath, "token.json"));
+            if (token?.baseUrl) {
+                baseUrl = token.baseUrl;
+            }
+        }
+        // Fallback: client.json
+        if (!baseUrl) {
+            const client = readJsonFile(join(dirPath, "client.json"));
+            if (client?.baseUrl) {
+                baseUrl = client.baseUrl;
+            }
+        }
+        if (!baseUrl)
             continue;
+        const hasToken = existsSync(resolveFile(baseUrl, "token.json"));
+        const activeUser = getActiveUserRaw(baseUrl);
+        let displayName;
+        if (activeUser) {
+            const tok = loadUserTokenConfig(baseUrl, activeUser);
+            if (tok?.displayName)
+                displayName = tok.displayName;
         }
         items.push({
-            baseUrl: token.baseUrl,
-            hasToken: true,
-            isCurrent: token.baseUrl === currentPlatform,
-            alias: getPlatformAlias(token.baseUrl) ?? undefined,
+            baseUrl,
+            hasToken,
+            isCurrent: baseUrl === currentPlatform,
+            alias: getPlatformAlias(baseUrl) ?? undefined,
+            userId: activeUser ?? undefined,
+            displayName,
         });
     }
     items.sort((a, b) => a.baseUrl.localeCompare(b.baseUrl));
@@ -365,12 +712,20 @@ export function listPlatforms() {
 }
 function loadPlatformConfig(baseUrl) {
     ensureStoreReady();
-    return readJsonFile(getPlatformFile(baseUrl, "config.json"));
+    return readJsonFile(resolveFile(baseUrl, "config.json"));
 }
 function savePlatformConfig(baseUrl, config) {
     ensureStoreReady();
-    ensurePlatformDir(baseUrl);
-    writeJsonFile(getPlatformFile(baseUrl, "config.json"), config);
+    const userId = getActiveUser(baseUrl);
+    if (userId) {
+        const dir = getUserDir(baseUrl, userId);
+        ensureDir(dir);
+        writeJsonFile(join(dir, "config.json"), config);
+    }
+    else {
+        ensurePlatformDir(baseUrl);
+        writeJsonFile(getPlatformFile(baseUrl, "config.json"), config);
+    }
 }
 export function loadPlatformBusinessDomain(baseUrl) {
     return loadPlatformConfig(baseUrl)?.businessDomain ?? null;

package/dist/index.d.ts

@@ -49,6 +49,9 @@ export type { AgentConfig, AgentInput, AgentInputField, AgentOutput, AgentLlmCon
 export { BknResource } from "./resources/bkn.js";
 export { ConversationsResource } from "./resources/conversations.js";
 export { ContextLoaderResource } from "./resources/context-loader.js";
+export { SkillsResource } from "./resources/skills.js";
+export type { SkillStatus, SkillSummary, SkillInfo, SkillFileSummary, SkillContentIndex, SkillFileReadResult, RegisterSkillResult, DeleteSkillResult, UpdateSkillStatusResult, SkillListResult, ListSkillsOptions, ListSkillMarketOptions, GetSkillOptions, RegisterSkillContentOptions, RegisterSkillZipOptions, UpdateSkillStatusOptions, ReadSkillFileOptions, DownloadSkillOptions, DownloadedSkillArchive, } from "./api/skills.js";
+export { listSkills, listSkillMarket, getSkill, deleteSkill, updateSkillStatus, registerSkillContent, registerSkillZip, getSkillContentIndex, fetchSkillContent, readSkillFile, fetchSkillFile, downloadSkill, installSkillArchive, } from "./api/skills.js";
 export type { ViewField, DataView, CreateDataViewOptions, GetDataViewOptions, ListDataViewsOptions, DeleteDataViewOptions, FindDataViewOptions, QueryDataViewOptions, DataViewQueryResult, } from "./api/dataviews.js";
 export { parseDataView, createDataView, getDataView, listDataViews, deleteDataView, findDataView, queryDataView, } from "./api/dataviews.js";
 export { DataViewsResource } from "./resources/dataviews.js";
@@ -56,4 +59,6 @@ export type { BusinessDomain, ListBusinessDomainsOptions } from "./api/business-
 export { listBusinessDomains } from "./api/business-domains.js";
 export { HttpError, NetworkRequestError, fetchTextOrThrow } from "./utils/http.js";
 export type { TokenConfig, ContextLoaderEntry, ContextLoaderConfig, } from "./config/store.js";
-export { autoSelectBusinessDomain, getConfigDir, getCurrentPlatform } from "./config/store.js";
+export type { UserProfile } from "./config/store.js";
+export { NO_AUTH_TOKEN, isNoAuth, saveNoAuthPlatform, autoSelectBusinessDomain, getConfigDir, getCurrentPlatform, getActiveUser, setActiveUser, listUsers, listUserProfiles, resolveUserId, extractUserId, } from "./config/store.js";
+export { decodeJwtPayload, extractUserIdFromJwt } from "./config/jwt.js";

package/dist/index.js

@@ -39,9 +39,13 @@ export { AgentsResource } from "./resources/agents.js";
 export { BknResource } from "./resources/bkn.js";
 export { ConversationsResource } from "./resources/conversations.js";
 export { ContextLoaderResource } from "./resources/context-loader.js";
+export { SkillsResource } from "./resources/skills.js";
+export { listSkills, listSkillMarket, getSkill, deleteSkill, updateSkillStatus, registerSkillContent, registerSkillZip, getSkillContentIndex, fetchSkillContent, readSkillFile, fetchSkillFile, downloadSkill, installSkillArchive, } from "./api/skills.js";
 export { parseDataView, createDataView, getDataView, listDataViews, deleteDataView, findDataView, queryDataView, } from "./api/dataviews.js";
 export { DataViewsResource } from "./resources/dataviews.js";
 export { listBusinessDomains } from "./api/business-domains.js";
 // ── HTTP utilities ────────────────────────────────────────────────────────────
 export { HttpError, NetworkRequestError, fetchTextOrThrow } from "./utils/http.js";
-export { autoSelectBusinessDomain, getConfigDir, getCurrentPlatform } from "./config/store.js";
+export { NO_AUTH_TOKEN, isNoAuth, saveNoAuthPlatform, autoSelectBusinessDomain, getConfigDir, getCurrentPlatform, getActiveUser, setActiveUser, listUsers, listUserProfiles, resolveUserId, extractUserId, } from "./config/store.js";
+// ── JWT utilities ─────────────────────────────────────────────────────────────
+export { decodeJwtPayload, extractUserIdFromJwt } from "./config/jwt.js";

package/dist/kweaver.d.ts

@@ -37,6 +37,11 @@ export interface ConfigureOptions {
      * config, preventing accidental cross-environment credential leaks.
      */
     config?: boolean;
+    /**
+     * If false, use no-auth mode (no Authorization headers). Requires baseUrl or KWEAVER_BASE_URL.
+     * Incompatible with config=true.
+     */
+    auth?: boolean;
     /** Default BKN ID used by search() and weaver(). */
     bknId?: string;
     /** Default agent ID used by chat(). */