@kweaver-ai/kweaver-sdk 0.5.1 → 0.6.0

package/dist/commands/auth.js

@@ -1,4 +1,6 @@
-import { autoSelectBusinessDomain, clearPlatformSession, deletePlatform, getConfigDir, getCurrentPlatform, getPlatformAlias, hasPlatform, listPlatforms, loadClientConfig, loadTokenConfig, resolvePlatformIdentifier, setCurrentPlatform, setPlatformAlias, } from "../config/store.js";
+import { isNoAuth } from "../config/no-auth.js";
+import { autoSelectBusinessDomain, clearPlatformSession, deletePlatform, deleteUser, getActiveUser, getConfigDir, getCurrentPlatform, getPlatformAlias, hasPlatform, listPlatforms, listUserProfiles, loadClientConfig, loadTokenConfig, resolveBusinessDomain, resolvePlatformIdentifier, resolveUserId, saveNoAuthPlatform, setActiveUser, setCurrentPlatform, setPlatformAlias, } from "../config/store.js";
+import { decodeJwtPayload } from "../config/jwt.js";
 import { buildCopyCommand, formatHttpError, normalizeBaseUrl, oauth2Login, playwrightLogin, refreshTokenLogin, } from "../auth/oauth.js";
 export async function runAuthCommand(args) {
     const target = args[0];
@@ -9,10 +11,12 @@ kweaver auth <url>                   Login (shorthand; same options as login)
 kweaver auth whoami [url|alias]      Show current user identity (from id_token)
 kweaver auth export [url|alias] [--json]   Export credentials; run printed command on a headless host
 kweaver auth status [url|alias]      Show current auth status
-kweaver auth list                    List saved platforms
+kweaver auth list                    List all platforms and users (tree view)
 kweaver auth use <url|alias>         Switch active platform
-kweaver auth logout [url|alias]      Logout (clear local token)
-kweaver auth delete <url|alias>      Delete saved credentials
+kweaver auth users [url|alias]       List all user profiles (with usernames) for a platform
+kweaver auth switch [url|alias] --user <id|username>  Switch active user for a platform
+kweaver auth logout [url|alias] [--user <id>]  Logout (clear local token)
+kweaver auth delete <url|alias> [--user <id>]  Delete saved credentials
 
 Login options:
   --alias <name>         Save platform with a short alias (use with use / status / logout)
@@ -23,15 +27,20 @@ Login options:
   --refresh-token <t>    Use on a machine without a browser: exchange refresh token for access token.
                          Requires --client-id and --client-secret.
                          Get these from the callback page after browser login or \`auth export\`.
+  --port <n>             Local callback port (default: 9010). Use when 9010 is occupied.
+  --redirect-uri <uri>   Full OAuth2 redirect URI override. Localhost URIs start a local server;
+                         non-localhost URIs use a manual paste-the-callback-URL flow.
+                         When set, --port is ignored. Example: --redirect-uri http://127.0.0.1:9010/callback
   -u, --username         Username (with -p triggers Playwright headless login)
   -p, --password         Password
   --playwright           Force Playwright browser login even without -u/-p
-  --insecure, -k         Skip TLS certificate verification (self-signed / dev HTTPS only)`);
+  --insecure, -k         Skip TLS certificate verification (self-signed / dev HTTPS only)
+  --no-auth              Save platform without OAuth (servers with no authentication). Same as detecting OAuth 404 during login.`);
         return 0;
     }
     if (target === "login") {
         if (rest[0] === "--help" || rest[0] === "-h") {
-            console.log(`kweaver auth login <platform-url> [--alias <name>] [-u user] [-p pass] [--playwright] [--refresh-token T --client-id ID --client-secret S]`);
+            console.log(`kweaver auth login <platform-url> [--alias <name>] [--no-auth] [-u user] [-p pass] [--playwright] [--refresh-token T --client-id ID --client-secret S]`);
             return 0;
         }
         const url = rest[0];
@@ -47,7 +56,13 @@ Login options:
     if (target === "export") {
         return runAuthExportCommand(rest);
     }
-    const LOGIN_SUBCOMMANDS = new Set(["status", "list", "use", "delete", "logout", "export", "whoami"]);
+    if (target === "users") {
+        return runAuthUsersCommand(rest);
+    }
+    if (target === "switch") {
+        return runAuthSwitchCommand(rest);
+    }
+    const LOGIN_SUBCOMMANDS = new Set(["status", "list", "use", "delete", "logout", "export", "whoami", "users", "switch"]);
     if (target && !LOGIN_SUBCOMMANDS.has(target)) {
         try {
             const normalizedTarget = normalizeBaseUrl(target);
@@ -58,9 +73,47 @@ Login options:
             const clientId = readOption(args, "--client-id");
             const clientSecret = readOption(args, "--client-secret");
             const refreshToken = readOption(args, "--refresh-token");
+            const customRedirectUri = readOption(args, "--redirect-uri");
+            const customPortStr = readOption(args, "--port");
+            const customPort = customPortStr ? parseInt(customPortStr, 10) : undefined;
             const tlsInsecure = args.includes("--insecure") || args.includes("-k");
+            const noAuth = args.includes("--no-auth");
+            const KNOWN_LOGIN_FLAGS = new Set([
+                "--alias", "--client-id", "--client-secret", "--refresh-token",
+                "--port", "--redirect-uri", "--username", "-u", "--password", "-p",
+                "--playwright", "--insecure", "-k", "--no-auth",
+            ]);
+            const KNOWN_VALUE_FLAGS = new Set([
+                "--alias", "--client-id", "--client-secret", "--refresh-token",
+                "--port", "--redirect-uri", "--username", "-u", "--password", "-p",
+            ]);
+            for (let i = 0; i < args.length; i++) {
+                const a = args[i];
+                if (a.startsWith("-") && a !== target && !KNOWN_LOGIN_FLAGS.has(a)) {
+                    console.error(`Unknown option: ${a}`);
+                    console.error("Run 'kweaver auth --help' to see available options.");
+                    return 1;
+                }
+                if (KNOWN_VALUE_FLAGS.has(a))
+                    i++;
+            }
+            if (customPort !== undefined && (Number.isNaN(customPort) || customPort < 1 || customPort > 65535)) {
+                console.error("Invalid --port value. Expected a number between 1 and 65535.");
+                return 1;
+            }
+            if (noAuth && refreshToken) {
+                console.error("--no-auth cannot be used with --refresh-token.");
+                return 1;
+            }
+            if (noAuth && (username || password || usePlaywright)) {
+                console.error("--no-auth cannot be used with Playwright login or -u/-p.");
+                return 1;
+            }
             let token;
-            if (refreshToken) {
+            if (noAuth) {
+                token = saveNoAuthPlatform(normalizedTarget, { tlsInsecure });
+            }
+            else if (refreshToken) {
                 if (!clientId || !clientSecret) {
                     console.error("--refresh-token requires --client-id and --client-secret.\n");
                     console.error("Get these values from the callback page after a browser login or `kweaver auth export`.");
@@ -72,17 +125,20 @@ Login options:
                 });
             }
             else if (username && password) {
-                // Headless Playwright login with credentials
                 console.log("Logging in (headless)...");
-                token = await playwrightLogin(normalizedTarget, { username, password, tlsInsecure });
+                token = await playwrightLogin(normalizedTarget, {
+                    username, password, tlsInsecure,
+                    port: customPort, redirectUri: customRedirectUri ?? undefined,
+                });
             }
             else if (usePlaywright) {
-                // Explicit Playwright fallback
                 console.log("Opening browser for login (Playwright)...");
-                token = await playwrightLogin(normalizedTarget, { tlsInsecure });
+                token = await playwrightLogin(normalizedTarget, {
+                    tlsInsecure,
+                    port: customPort, redirectUri: customRedirectUri ?? undefined,
+                });
             }
             else {
-                // Default: OAuth2 authorization code flow (supports refresh_token)
                 if (clientId) {
                     console.log(`Opening browser for OAuth2 login (client: ${clientId})...`);
                 }
@@ -93,6 +149,7 @@ Login options:
                     clientId: clientId ?? undefined,
                     clientSecret: clientSecret ?? undefined,
                     tlsInsecure,
+                    port: customPort, redirectUri: customRedirectUri ?? undefined,
                 });
             }
             if (alias) {
@@ -109,19 +166,31 @@ Login options:
                 }
             }
             console.log(`Current platform: ${normalizedTarget}`);
-            console.log(`Access token saved: yes`);
-            if (token.refreshToken) {
-                console.log(`Refresh token: yes (auto-refresh enabled)`);
+            const activeUser = getActiveUser(normalizedTarget);
+            if (activeUser) {
+                const userLabel = token.displayName ? `${token.displayName} (${activeUser})` : activeUser;
+                console.log(`User: ${userLabel}`);
+            }
+            if (isNoAuth(token.accessToken)) {
+                console.log(`Authentication: none (no-auth mode)`);
             }
             else {
+                console.log(`Access token saved: yes`);
+            }
+            if (!isNoAuth(token.accessToken) && token.refreshToken) {
+                console.log(`Refresh token: yes (auto-refresh enabled)`);
+            }
+            else if (!isNoAuth(token.accessToken)) {
                 console.log(`Refresh token: no (token will expire in 1 hour)`);
             }
             if (token.expiresAt) {
                 console.log(`Token expires at: ${token.expiresAt}`);
             }
-            const selectedBd = await autoSelectBusinessDomain(normalizedTarget, token.accessToken, {
-                tlsInsecure: token.tlsInsecure,
-            });
+            const selectedBd = isNoAuth(token.accessToken)
+                ? resolveBusinessDomain(normalizedTarget)
+                : await autoSelectBusinessDomain(normalizedTarget, token.accessToken, {
+                    tlsInsecure: token.tlsInsecure,
+                });
             console.log(`Business domain: ${selectedBd}`);
             return 0;
         }
@@ -148,24 +217,36 @@ Login options:
             `Config directory: ${getConfigDir()}`,
             `Platform: ${token.baseUrl}`,
             `Current platform: ${token.baseUrl === currentPlatform ? "yes" : "no"}`,
-            `Token present: yes`,
         ];
-        lines.push(`Refresh token: ${token.refreshToken ? "yes (auto-refresh enabled)" : "no"}`);
-        if (token.tlsInsecure) {
-            lines.push(`TLS: certificate verification disabled (saved; dev only)`);
+        if (isNoAuth(token.accessToken)) {
+            lines.push(`Authentication: none (no-auth mode)`);
+            lines.push(`User: default (built-in profile for no-auth platforms)`);
         }
-        if (token.expiresAt) {
-            const expiry = new Date(token.expiresAt);
-            const remainingMs = expiry.getTime() - Date.now();
-            if (remainingMs > 0) {
-                const remainingMin = Math.ceil(remainingMs / 60_000);
-                lines.push(`Token status: active (expires in ${remainingMin} min)`);
+        else {
+            const statusActiveUser = getActiveUser(platform);
+            if (statusActiveUser) {
+                const statusDisplayName = token.displayName;
+                const userLabel = statusDisplayName ? `${statusDisplayName} (${statusActiveUser})` : statusActiveUser;
+                lines.push(`User: ${userLabel}`);
             }
-            else if (token.refreshToken) {
-                lines.push(`Token status: expired (will auto-refresh on next command)`);
+            lines.push(`Token present: yes`);
+            lines.push(`Refresh token: ${token.refreshToken ? "yes (auto-refresh enabled)" : "no"}`);
+            if (token.tlsInsecure) {
+                lines.push(`TLS: certificate verification disabled (saved; dev only)`);
             }
-            else {
-                lines.push(`Token status: expired (run \`kweaver auth login ${token.baseUrl}\` again)`);
+            if (token.expiresAt) {
+                const expiry = new Date(token.expiresAt);
+                const remainingMs = expiry.getTime() - Date.now();
+                if (remainingMs > 0) {
+                    const remainingMin = Math.ceil(remainingMs / 60_000);
+                    lines.push(`Token status: active (expires in ${remainingMin} min)`);
+                }
+                else if (token.refreshToken) {
+                    lines.push(`Token status: expired (will auto-refresh on next command)`);
+                }
+                else {
+                    lines.push(`Token status: expired (run \`kweaver auth login ${token.baseUrl}\` again)`);
+                }
             }
         }
         for (const line of lines) {
@@ -183,8 +264,20 @@ Login options:
         console.log(`Config directory: ${getConfigDir()}`);
         for (const platform of platforms) {
             const marker = platform.baseUrl === currentPlatform ? "*" : "-";
-            const aliasPart = platform.alias ? ` alias=${platform.alias}` : "";
-            console.log(`${marker} ${platform.baseUrl}${aliasPart}  token=${platform.hasToken ? "yes" : "no"}`);
+            const aliasPart = platform.alias ? ` (${platform.alias})` : "";
+            const tok = loadTokenConfig(platform.baseUrl);
+            const noAuthPart = tok && isNoAuth(tok.accessToken) ? " (no-auth)" : "";
+            console.log(`${marker} ${platform.baseUrl}${aliasPart}${noAuthPart}`);
+            const profiles = listUserProfiles(platform.baseUrl);
+            const activeUser = getActiveUser(platform.baseUrl);
+            for (let i = 0; i < profiles.length; i++) {
+                const p = profiles[i];
+                const isLast = i === profiles.length - 1;
+                const branch = isLast ? "└──" : "├──";
+                const activeMarker = p.userId === activeUser ? " *" : "";
+                const label = p.username ? `${p.username} (${p.userId})` : p.userId;
+                console.log(`  ${branch} ${label}${activeMarker}`);
+            }
         }
         return 0;
     }
@@ -204,16 +297,24 @@ Login options:
         return 0;
     }
     if (target === "delete") {
-        const resolvedTarget = args[1] ? resolvePlatformIdentifier(args[1]) : "";
+        const deleteUserArg = readOption(args, "--user");
+        const positionalArgs = args.slice(1).filter((a) => a !== "--user" && a !== deleteUserArg);
+        const resolvedTarget = positionalArgs[0] ? resolvePlatformIdentifier(positionalArgs[0]) : "";
         const deleteTarget = resolvedTarget && /^https?:\/\//.test(resolvedTarget) ? normalizeBaseUrl(resolvedTarget) : resolvedTarget;
         if (!deleteTarget) {
-            console.error("Usage: kweaver auth delete <platform-url|alias>");
+            console.error("Usage: kweaver auth delete <platform-url|alias> [--user <userId|username>]");
             return 1;
         }
         if (!hasPlatform(deleteTarget)) {
             console.error(`No saved token for ${deleteTarget}.`);
             return 1;
         }
+        if (deleteUserArg) {
+            const deleteUserId = resolveUserId(deleteTarget, deleteUserArg) ?? deleteUserArg;
+            deleteUser(deleteTarget, deleteUserId);
+            console.log(`Deleted user ${deleteUserId} from ${deleteTarget}`);
+            return 0;
+        }
         const wasCurrent = getCurrentPlatform() === deleteTarget;
         deletePlatform(deleteTarget);
         console.log(`Deleted platform: ${deleteTarget}`);
@@ -224,10 +325,12 @@ Login options:
         return 0;
     }
     if (target === "logout") {
-        const resolvedTarget = args[1] ? resolvePlatformIdentifier(args[1]) : getCurrentPlatform();
+        const logoutUserArg = readOption(args, "--user");
+        const positionalArgs = args.slice(1).filter((a) => a !== "--user" && a !== logoutUserArg);
+        const resolvedTarget = positionalArgs[0] ? resolvePlatformIdentifier(positionalArgs[0]) : getCurrentPlatform();
         const logoutTarget = resolvedTarget && /^https?:\/\//.test(resolvedTarget) ? normalizeBaseUrl(resolvedTarget) : resolvedTarget;
         if (!logoutTarget) {
-            console.error("Usage: kweaver auth logout [platform-url|alias]");
+            console.error("Usage: kweaver auth logout [platform-url|alias] [--user <userId|username>]");
             console.error("No current platform. Specify a platform to logout.");
             return 1;
         }
@@ -235,8 +338,10 @@ Login options:
             console.error(`No saved token for ${logoutTarget}.`);
             return 1;
         }
-        clearPlatformSession(logoutTarget);
-        console.log(`Logged out: ${logoutTarget}`);
+        const logoutUserId = logoutUserArg ? resolveUserId(logoutTarget, logoutUserArg) ?? logoutUserArg : undefined;
+        clearPlatformSession(logoutTarget, logoutUserId);
+        const userHint = logoutUserId ? ` (user: ${logoutUserId})` : "";
+        console.log(`Logged out: ${logoutTarget}${userHint}`);
         console.log(`Run \`kweaver auth login ${logoutTarget}\` to sign in again.`);
         return 0;
     }
@@ -246,22 +351,82 @@ Login options:
     console.error("       kweaver auth status [platform-url|alias]");
     console.error("       kweaver auth list");
     console.error("       kweaver auth use <platform-url|alias>");
-    console.error("       kweaver auth logout [platform-url|alias]");
-    console.error("       kweaver auth delete <platform-url|alias>");
+    console.error("       kweaver auth users [platform-url|alias]");
+    console.error("       kweaver auth switch [platform-url|alias] --user <userId>");
+    console.error("       kweaver auth logout [platform-url|alias] [--user <userId>]");
+    console.error("       kweaver auth delete <platform-url|alias> [--user <userId>]");
     return 1;
 }
-function decodeJwtPayload(jwt) {
-    const parts = jwt.split(".");
-    if (parts.length !== 3)
-        return null;
-    try {
-        const base64 = parts[1].replace(/-/g, "+").replace(/_/g, "/");
-        const json = Buffer.from(base64, "base64").toString("utf8");
-        return JSON.parse(json);
-    }
-    catch {
-        return null;
+function resolvePlatformArg(args) {
+    const positional = args.find((a) => !a.startsWith("-"));
+    const resolved = positional ? resolvePlatformIdentifier(positional) : null;
+    if (resolved && /^https?:\/\//.test(resolved))
+        return normalizeBaseUrl(resolved);
+    return resolved ?? getCurrentPlatform();
+}
+function runAuthUsersCommand(args) {
+    if (args[0] === "--help" || args[0] === "-h") {
+        console.log(`kweaver auth users [platform-url|alias]
+
+List all user profiles stored for a platform.
+Each line shows: userId (username) where username is decoded from the id_token.
+You can use either userId or username with --user in switch/logout/delete.`);
+        return 0;
     }
+    const platform = resolvePlatformArg(args);
+    if (!platform) {
+        console.error("No active platform. Run `kweaver auth login <platform-url>` first.");
+        return 1;
+    }
+    const profiles = listUserProfiles(platform);
+    if (profiles.length === 0) {
+        console.error(`No user profiles for ${platform}.`);
+        return 1;
+    }
+    const active = getActiveUser(platform);
+    console.log(`Platform: ${platform}`);
+    for (const p of profiles) {
+        const marker = p.userId === active ? "*" : "-";
+        const displayName = p.username ? ` (${p.username})` : "";
+        console.log(`${marker} ${p.userId}${displayName}`);
+    }
+    return 0;
+}
+function runAuthSwitchCommand(args) {
+    if (args[0] === "--help" || args[0] === "-h") {
+        console.log(`kweaver auth switch [platform-url|alias] --user <userId|username>
+
+Switch the active user for a platform.
+You can specify either the userId (sub claim) or the username (preferred_username from id_token).`);
+        return 0;
+    }
+    const userArg = readOption(args, "--user");
+    if (!userArg) {
+        console.error("Usage: kweaver auth switch [platform-url|alias] --user <userId|username>");
+        return 1;
+    }
+    const filteredArgs = args.filter((a) => a !== "--user" && a !== userArg);
+    const platform = resolvePlatformArg(filteredArgs);
+    if (!platform) {
+        console.error("No active platform. Run `kweaver auth login <platform-url>` first.");
+        return 1;
+    }
+    const resolvedId = resolveUserId(platform, userArg);
+    if (!resolvedId) {
+        console.error(`User '${userArg}' not found for ${platform}.`);
+        const profiles = listUserProfiles(platform);
+        if (profiles.length > 0) {
+            const hints = profiles.map((p) => p.username ? `${p.userId} (${p.username})` : p.userId);
+            console.error(`Available users: ${hints.join(", ")}`);
+        }
+        return 1;
+    }
+    setActiveUser(platform, resolvedId);
+    const profiles = listUserProfiles(platform);
+    const profile = profiles.find((p) => p.userId === resolvedId);
+    const displayName = profile?.username ? ` (${profile.username})` : "";
+    console.log(`Switched to user ${resolvedId}${displayName} on ${platform}`);
+    return 0;
 }
 function runAuthWhoamiCommand(args) {
     if (args[0] === "--help" || args[0] === "-h") {
@@ -295,11 +460,17 @@ Options:
         console.error("Failed to decode id_token.");
         return 1;
     }
+    const displayNameValue = token.displayName ?? null;
     if (jsonOutput) {
-        console.log(JSON.stringify({ platform, ...payload }, null, 2));
+        const out = { platform, ...payload };
+        if (displayNameValue)
+            out.displayName = displayNameValue;
+        console.log(JSON.stringify(out, null, 2));
         return 0;
     }
     console.log(`Platform: ${platform}`);
+    if (displayNameValue)
+        console.log(`Username: ${displayNameValue}`);
     console.log(`User ID:  ${payload.sub ?? "(unknown)"}`);
     console.log(`Issuer:   ${payload.iss ?? "(unknown)"}`);
     if (payload.sid)

package/dist/commands/bkn-ops.d.ts

@@ -0,0 +1,77 @@
+import { type BknEncodingImportOptions } from "../utils/bkn-encoding.js";
+export declare function parseKnBuildArgs(args: string[]): {
+    knId: string;
+    wait: boolean;
+    timeout: number;
+    businessDomain: string;
+};
+export declare function runKnBuildCommand(args: string[]): Promise<number>;
+export declare function runKnValidateCommand(args: string[]): Promise<number>;
+export interface KnPushOptions {
+    directory: string;
+    branch: string;
+    businessDomain: string;
+    pretty: boolean;
+    encodingOptions: BknEncodingImportOptions;
+}
+export declare function parseKnPushArgs(args: string[]): KnPushOptions;
+export interface KnPullOptions {
+    knId: string;
+    directory: string;
+    branch: string;
+    businessDomain: string;
+}
+export declare function parseKnPullArgs(args: string[]): KnPullOptions;
+export declare function packDirectoryToTar(dirPath: string): Buffer;
+export declare function extractTarToDirectory(tarBuffer: Buffer, dirPath: string): void;
+export declare function runKnPushCommand(args: string[]): Promise<number>;
+export declare function runKnPullCommand(args: string[]): Promise<number>;
+export declare function parseKnCreateFromDsArgs(args: string[]): {
+    dsId: string;
+    name: string;
+    tables: string[];
+    build: boolean;
+    timeout: number;
+    businessDomain: string;
+    pretty: boolean;
+};
+/** Generate a BKN ObjectType YAML markdown file for a table. */
+export declare function generateObjectTypeBkn(tableName: string, dvId: string, pk: string, dk: string, columns: Array<{
+    name: string;
+    type: string;
+}>): string;
+export declare function runKnCreateFromDsCommand(args: string[], sampleRows?: Record<string, Array<Record<string, string | null>>>): Promise<number>;
+export declare function parseKnCreateFromCsvArgs(args: string[]): {
+    dsId: string;
+    files: string;
+    name: string;
+    tablePrefix: string;
+    batchSize: number;
+    tables: string[];
+    build: boolean;
+    timeout: number;
+    businessDomain: string;
+};
+export declare function runKnCreateFromCsvCommand(args: string[]): Promise<number>;
+export interface ActionScheduleParsed {
+    action: string;
+    knId: string;
+    itemId: string;
+    body: string;
+    extra: string;
+    yes: boolean;
+    pretty: boolean;
+    businessDomain: string;
+}
+export declare function parseActionScheduleArgs(args: string[]): ActionScheduleParsed;
+export declare function runKnActionScheduleCommand(args: string[]): Promise<number>;
+export interface JobParsed {
+    action: string;
+    knId: string;
+    itemId: string;
+    yes: boolean;
+    pretty: boolean;
+    businessDomain: string;
+}
+export declare function parseJobArgs(args: string[]): JobParsed;
+export declare function runKnJobCommand(args: string[]): Promise<number>;