@kweaver-ai/kweaver-sdk 0.5.2 → 0.6.1

package/dist/commands/auth.js

@@ -1,4 +1,5 @@
-import { autoSelectBusinessDomain, clearPlatformSession, deletePlatform, deleteUser, getActiveUser, getConfigDir, getCurrentPlatform, getPlatformAlias, hasPlatform, listPlatforms, listUserProfiles, loadClientConfig, loadTokenConfig, resolvePlatformIdentifier, resolveUserId, setActiveUser, setCurrentPlatform, setPlatformAlias, } from "../config/store.js";
+import { isNoAuth } from "../config/no-auth.js";
+import { autoSelectBusinessDomain, clearPlatformSession, deletePlatform, deleteUser, getActiveUser, getConfigDir, getCurrentPlatform, getPlatformAlias, hasPlatform, listPlatforms, listUserProfiles, loadClientConfig, loadTokenConfig, resolveBusinessDomain, resolvePlatformIdentifier, resolveUserId, saveNoAuthPlatform, setActiveUser, setCurrentPlatform, setPlatformAlias, } from "../config/store.js";
 import { decodeJwtPayload } from "../config/jwt.js";
 import { buildCopyCommand, formatHttpError, normalizeBaseUrl, oauth2Login, playwrightLogin, refreshTokenLogin, } from "../auth/oauth.js";
 export async function runAuthCommand(args) {
@@ -27,18 +28,18 @@ Login options:
                          Requires --client-id and --client-secret.
                          Get these from the callback page after browser login or \`auth export\`.
   --port <n>             Local callback port (default: 9010). Use when 9010 is occupied.
-  --redirect-uri <uri>   Full OAuth2 redirect URI override. Localhost URIs start a local server;
-                         non-localhost URIs use a manual paste-the-callback-URL flow.
-                         Overrides --port. Example: http://127.0.0.1:8080/callback
+  --no-browser           Do not open a browser; print the auth URL and prompt for the callback URL or code (stdin).
+                         Use on headless servers or when automatic browser launch fails.
   -u, --username         Username (with -p triggers Playwright headless login)
   -p, --password         Password
   --playwright           Force Playwright browser login even without -u/-p
-  --insecure, -k         Skip TLS certificate verification (self-signed / dev HTTPS only)`);
+  --insecure, -k         Skip TLS certificate verification (self-signed / dev HTTPS only)
+  --no-auth              Save platform without OAuth (servers with no authentication). Same as detecting OAuth 404 during login.`);
         return 0;
     }
     if (target === "login") {
         if (rest[0] === "--help" || rest[0] === "-h") {
-            console.log(`kweaver auth login <platform-url> [--alias <name>] [-u user] [-p pass] [--playwright] [--refresh-token T --client-id ID --client-secret S]`);
+            console.log(`kweaver auth login <platform-url> [--alias <name>] [--no-auth] [--no-browser] [-u user] [-p pass] [--playwright] [--refresh-token T --client-id ID --client-secret S]`);
             return 0;
         }
         const url = rest[0];
@@ -71,16 +72,61 @@ Login options:
             const clientId = readOption(args, "--client-id");
             const clientSecret = readOption(args, "--client-secret");
             const refreshToken = readOption(args, "--refresh-token");
-            const customRedirectUri = readOption(args, "--redirect-uri");
             const customPortStr = readOption(args, "--port");
             const customPort = customPortStr ? parseInt(customPortStr, 10) : undefined;
             const tlsInsecure = args.includes("--insecure") || args.includes("-k");
+            const noAuth = args.includes("--no-auth");
+            const noBrowser = args.includes("--no-browser");
+            if (args.includes("--redirect-uri")) {
+                console.error("Warning: --redirect-uri is deprecated and ignored. The redirect URI is always http://127.0.0.1:<port>/callback.");
+            }
+            const KNOWN_LOGIN_FLAGS = new Set([
+                "--alias", "--client-id", "--client-secret", "--refresh-token",
+                "--port", "--no-browser", "--username", "-u", "--password", "-p",
+                "--playwright", "--insecure", "-k", "--no-auth", "--redirect-uri",
+            ]);
+            const KNOWN_VALUE_FLAGS = new Set([
+                "--alias", "--client-id", "--client-secret", "--refresh-token",
+                "--port", "--username", "-u", "--password", "-p", "--redirect-uri",
+            ]);
+            for (let i = 0; i < args.length; i++) {
+                const a = args[i];
+                if (a.startsWith("-") && a !== target && !KNOWN_LOGIN_FLAGS.has(a)) {
+                    console.error(`Unknown option: ${a}`);
+                    console.error("Run 'kweaver auth --help' to see available options.");
+                    return 1;
+                }
+                if (KNOWN_VALUE_FLAGS.has(a))
+                    i++;
+            }
             if (customPort !== undefined && (Number.isNaN(customPort) || customPort < 1 || customPort > 65535)) {
                 console.error("Invalid --port value. Expected a number between 1 and 65535.");
                 return 1;
             }
+            if (noAuth && refreshToken) {
+                console.error("--no-auth cannot be used with --refresh-token.");
+                return 1;
+            }
+            if (noAuth && noBrowser) {
+                console.error("--no-auth does not require a browser; --no-browser is ignored.");
+            }
+            if (noAuth && (username || password || usePlaywright)) {
+                console.error("--no-auth cannot be used with Playwright login or -u/-p.");
+                return 1;
+            }
+            if (noBrowser && (username || password || usePlaywright)) {
+                console.error("--no-browser cannot be used with Playwright login or -u/-p.");
+                return 1;
+            }
+            if (noBrowser && refreshToken) {
+                console.error("--no-browser cannot be used with --refresh-token.");
+                return 1;
+            }
             let token;
-            if (refreshToken) {
+            if (noAuth) {
+                token = saveNoAuthPlatform(normalizedTarget, { tlsInsecure });
+            }
+            else if (refreshToken) {
                 if (!clientId || !clientSecret) {
                     console.error("--refresh-token requires --client-id and --client-secret.\n");
                     console.error("Get these values from the callback page after a browser login or `kweaver auth export`.");
@@ -94,19 +140,20 @@ Login options:
             else if (username && password) {
                 console.log("Logging in (headless)...");
                 token = await playwrightLogin(normalizedTarget, {
-                    username, password, tlsInsecure,
-                    port: customPort, redirectUri: customRedirectUri ?? undefined,
+                    username, password, tlsInsecure, port: customPort,
                 });
             }
             else if (usePlaywright) {
                 console.log("Opening browser for login (Playwright)...");
                 token = await playwrightLogin(normalizedTarget, {
-                    tlsInsecure,
-                    port: customPort, redirectUri: customRedirectUri ?? undefined,
+                    tlsInsecure, port: customPort,
                 });
             }
             else {
-                if (clientId) {
+                if (noBrowser) {
+                    console.log("OAuth2 login (no browser — open the URL on any device, then paste the callback URL or code)...");
+                }
+                else if (clientId) {
                     console.log(`Opening browser for OAuth2 login (client: ${clientId})...`);
                 }
                 else {
@@ -115,8 +162,7 @@ Login options:
                 token = await oauth2Login(normalizedTarget, {
                     clientId: clientId ?? undefined,
                     clientSecret: clientSecret ?? undefined,
-                    tlsInsecure,
-                    port: customPort, redirectUri: customRedirectUri ?? undefined,
+                    tlsInsecure, port: customPort, noBrowser,
                 });
             }
             if (alias) {
@@ -138,19 +184,26 @@ Login options:
                 const userLabel = token.displayName ? `${token.displayName} (${activeUser})` : activeUser;
                 console.log(`User: ${userLabel}`);
             }
-            console.log(`Access token saved: yes`);
-            if (token.refreshToken) {
-                console.log(`Refresh token: yes (auto-refresh enabled)`);
+            if (isNoAuth(token.accessToken)) {
+                console.log(`Authentication: none (no-auth mode)`);
             }
             else {
+                console.log(`Access token saved: yes`);
+            }
+            if (!isNoAuth(token.accessToken) && token.refreshToken) {
+                console.log(`Refresh token: yes (auto-refresh enabled)`);
+            }
+            else if (!isNoAuth(token.accessToken)) {
                 console.log(`Refresh token: no (token will expire in 1 hour)`);
             }
             if (token.expiresAt) {
                 console.log(`Token expires at: ${token.expiresAt}`);
             }
-            const selectedBd = await autoSelectBusinessDomain(normalizedTarget, token.accessToken, {
-                tlsInsecure: token.tlsInsecure,
-            });
+            const selectedBd = isNoAuth(token.accessToken)
+                ? resolveBusinessDomain(normalizedTarget)
+                : await autoSelectBusinessDomain(normalizedTarget, token.accessToken, {
+                    tlsInsecure: token.tlsInsecure,
+                });
             console.log(`Business domain: ${selectedBd}`);
             return 0;
         }
@@ -178,29 +231,35 @@ Login options:
             `Platform: ${token.baseUrl}`,
             `Current platform: ${token.baseUrl === currentPlatform ? "yes" : "no"}`,
         ];
-        const statusActiveUser = getActiveUser(platform);
-        if (statusActiveUser) {
-            const statusDisplayName = token.displayName;
-            const userLabel = statusDisplayName ? `${statusDisplayName} (${statusActiveUser})` : statusActiveUser;
-            lines.push(`User: ${userLabel}`);
-        }
-        lines.push(`Token present: yes`);
-        lines.push(`Refresh token: ${token.refreshToken ? "yes (auto-refresh enabled)" : "no"}`);
-        if (token.tlsInsecure) {
-            lines.push(`TLS: certificate verification disabled (saved; dev only)`);
+        if (isNoAuth(token.accessToken)) {
+            lines.push(`Authentication: none (no-auth mode)`);
+            lines.push(`User: default (built-in profile for no-auth platforms)`);
         }
-        if (token.expiresAt) {
-            const expiry = new Date(token.expiresAt);
-            const remainingMs = expiry.getTime() - Date.now();
-            if (remainingMs > 0) {
-                const remainingMin = Math.ceil(remainingMs / 60_000);
-                lines.push(`Token status: active (expires in ${remainingMin} min)`);
+        else {
+            const statusActiveUser = getActiveUser(platform);
+            if (statusActiveUser) {
+                const statusDisplayName = token.displayName;
+                const userLabel = statusDisplayName ? `${statusDisplayName} (${statusActiveUser})` : statusActiveUser;
+                lines.push(`User: ${userLabel}`);
             }
-            else if (token.refreshToken) {
-                lines.push(`Token status: expired (will auto-refresh on next command)`);
+            lines.push(`Token present: yes`);
+            lines.push(`Refresh token: ${token.refreshToken ? "yes (auto-refresh enabled)" : "no"}`);
+            if (token.tlsInsecure) {
+                lines.push(`TLS: certificate verification disabled (saved; dev only)`);
             }
-            else {
-                lines.push(`Token status: expired (run \`kweaver auth login ${token.baseUrl}\` again)`);
+            if (token.expiresAt) {
+                const expiry = new Date(token.expiresAt);
+                const remainingMs = expiry.getTime() - Date.now();
+                if (remainingMs > 0) {
+                    const remainingMin = Math.ceil(remainingMs / 60_000);
+                    lines.push(`Token status: active (expires in ${remainingMin} min)`);
+                }
+                else if (token.refreshToken) {
+                    lines.push(`Token status: expired (will auto-refresh on next command)`);
+                }
+                else {
+                    lines.push(`Token status: expired (run \`kweaver auth login ${token.baseUrl}\` again)`);
+                }
             }
         }
         for (const line of lines) {
@@ -219,7 +278,9 @@ Login options:
         for (const platform of platforms) {
             const marker = platform.baseUrl === currentPlatform ? "*" : "-";
             const aliasPart = platform.alias ? ` (${platform.alias})` : "";
-            console.log(`${marker} ${platform.baseUrl}${aliasPart}`);
+            const tok = loadTokenConfig(platform.baseUrl);
+            const noAuthPart = tok && isNoAuth(tok.accessToken) ? " (no-auth)" : "";
+            console.log(`${marker} ${platform.baseUrl}${aliasPart}${noAuthPart}`);
             const profiles = listUserProfiles(platform.baseUrl);
             const activeUser = getActiveUser(platform.baseUrl);
             for (let i = 0; i < profiles.length; i++) {

package/dist/commands/bkn-schema.js

@@ -109,6 +109,28 @@ export function parseKnObjectTypeQueryArgs(args) {
         throw new Error("Usage: kweaver bkn object-type query <kn-id> <ot-id> ['<json>'] [--limit <n>] [--search-after '<json-array>'] [--pretty] [-bd value]");
     }
     const body = parseJsonObject(bodyText, "object-type query body must be a JSON object.");
+    // Detect likely misplaced filter fields in query body (#49)
+    // Instead of a brittle whitelist, detect the pattern: no "condition" key present,
+    // but there are keys with primitive values (string/number/boolean) — these are
+    // almost certainly field=value filters that belong inside a condition structure.
+    if (!("condition" in body)) {
+        const suspectKeys = Object.keys(body).filter((k) => {
+            const v = body[k];
+            return typeof v === "string" || typeof v === "number" || typeof v === "boolean";
+        });
+        // Exclude keys that are well-known query parameters with primitive values
+        const PRIMITIVE_QUERY_KEYS = new Set(["limit"]);
+        const misplacedKeys = suspectKeys.filter((k) => !PRIMITIVE_QUERY_KEYS.has(k));
+        if (misplacedKeys.length > 0) {
+            const keyList = misplacedKeys.map((k) => `"${k}"`).join(", ");
+            const hint = misplacedKeys.length === 1
+                ? `Example: {"limit":20,"condition":{"field":${JSON.stringify(misplacedKeys[0])},"operation":"==","value":"<your-value>"}}`
+                : `Example: {"limit":20,"condition":{"operation":"and","sub_conditions":[${misplacedKeys.map((k) => `{"field":${JSON.stringify(k)},"operation":"==","value":"<value>"}`).join(",")}]}}`;
+            throw new Error(`Likely misplaced filter field(s) ${keyList} in query body.\n` +
+                `Filter conditions must be wrapped in a "condition" structure.\n` +
+                hint);
+        }
+    }
     if (limit !== undefined) {
         body.limit = limit;
     }

package/dist/commands/call.js

@@ -1,4 +1,5 @@
 import { ensureValidToken, formatHttpError, with401RefreshRetry } from "../auth/oauth.js";
+import { isNoAuth } from "../config/no-auth.js";
 import { HttpError } from "../utils/http.js";
 import { resolveBusinessDomain } from "../config/store.js";
 export function parseCallArgs(args) {
@@ -74,11 +75,13 @@ export function parseCallArgs(args) {
     return { url, method, headers, body, pretty, verbose, businessDomain };
 }
 function injectAuthHeaders(headers, accessToken, businessDomain) {
-    if (!headers.has("authorization")) {
-        headers.set("authorization", `Bearer ${accessToken}`);
-    }
-    if (!headers.has("token")) {
-        headers.set("token", accessToken);
+    if (!isNoAuth(accessToken)) {
+        if (!headers.has("authorization")) {
+            headers.set("authorization", `Bearer ${accessToken}`);
+        }
+        if (!headers.has("token")) {
+            headers.set("token", accessToken);
+        }
     }
     if (!headers.has("x-business-domain")) {
         headers.set("x-business-domain", businessDomain);

package/dist/commands/dataflow.d.ts

@@ -0,0 +1 @@
+export declare function runDataflowCommand(args: string[]): Promise<number>;

package/dist/commands/dataflow.js

@@ -0,0 +1,251 @@
+import { access, readFile } from "node:fs/promises";
+import { constants } from "node:fs";
+import columnify from "columnify";
+import stringWidth from "string-width";
+import yargs from "yargs";
+import { ensureValidToken, formatHttpError, with401RefreshRetry } from "../auth/oauth.js";
+import { resolveBusinessDomain } from "../config/store.js";
+import { getDataflowLogsPage, listDataflowRuns, listDataflows, runDataflowWithFile, runDataflowWithRemoteUrl, } from "../api/dataflow2.js";
+function renderTable(rows) {
+    if (rows.length === 0)
+        return "";
+    return columnify(rows, {
+        showHeaders: true,
+        preserveNewLines: true,
+        stringLength: stringWidth,
+        headingTransform: (heading) => heading,
+    });
+}
+function buildListTableRows(items) {
+    return items.map((item) => ({
+        "ID": item.id,
+        "Title": item.title ?? "",
+        "Status": item.status ?? "",
+        "Trigger": item.trigger ?? "",
+        "Creator": item.creator ?? "",
+        "Updated At": item.updated_at != null ? String(item.updated_at) : "",
+        "Version ID": item.version_id ?? "",
+    }));
+}
+function buildRunTableRows(items) {
+    return items.map((item) => ({
+        "ID": item.id,
+        "Status": item.status ?? "",
+        "Started At": item.started_at != null ? String(item.started_at) : "",
+        "Ended At": item.ended_at != null ? String(item.ended_at) : "",
+        "Source Name": item.source?.name != null ? String(item.source.name) : "",
+        "Content Type": item.source?.content_type != null ? String(item.source.content_type) : "",
+        "Size": item.source?.size != null ? String(item.source.size) : "",
+        "Reason": item.reason ?? "",
+    }));
+}
+function parseSinceToLocalDayRange(value) {
+    // 只支持 YYYY-MM-DD 格式，解析为本地时区的一整天范围
+    const match = value.match(/^(\d{4})-(\d{2})-(\d{2})$/);
+    if (!match)
+        return null;
+    const year = parseInt(match[1], 10);
+    const month = parseInt(match[2], 10) - 1; // Date month is 0-indexed
+    const day = parseInt(match[3], 10);
+    const start = new Date(year, month, day, 0, 0, 0);
+    const end = new Date(year, month, day, 23, 59, 59);
+    return {
+        startTime: Math.floor(start.getTime() / 1000),
+        endTime: Math.floor(end.getTime() / 1000),
+    };
+}
+function formatDataflowLogSummary(item) {
+    const duration = item.metadata?.duration ?? "-";
+    return [
+        `[${item.id}] ${item.taskId ?? ""} ${item.operator ?? ""}`,
+        `Status: ${item.status ?? ""}`,
+        `Started At: ${item.started_at ?? ""}`,
+        `Updated At: ${item.updated_at ?? ""}`,
+        `Duration: ${duration}`
+    ].join("\n");
+}
+function formatIndentedJsonBlock(label, value) {
+    const pretty = JSON.stringify(value ?? {}, null, 4) ?? "{}";
+    const indented = pretty
+        .split("\n")
+        .map((line) => `        ${line}`)
+        .join("\n");
+    return `    ${label}:\n${indented}`;
+}
+function formatDataflowLogOutput(item, detail) {
+    const parts = [formatDataflowLogSummary(item)];
+    if (detail) {
+        parts.push("");
+        parts.push(formatIndentedJsonBlock("input", item.inputs ?? {}));
+        parts.push("");
+        parts.push(formatIndentedJsonBlock("output", item.outputs ?? {}));
+    }
+    return parts.join("\n");
+}
+async function requireTokenAndBusinessDomain(businessDomain) {
+    const token = await ensureValidToken();
+    return {
+        baseUrl: token.baseUrl,
+        accessToken: token.accessToken,
+        businessDomain: businessDomain || resolveBusinessDomain(),
+    };
+}
+export async function runDataflowCommand(args) {
+    let exitCode = 0;
+    const parser = yargs(args)
+        .scriptName("kweaver dataflow")
+        .exitProcess(false)
+        .help()
+        .version(false)
+        .strict()
+        .fail((message, error) => {
+        throw error ?? new Error(message);
+    })
+        .command("list", "List all dataflows", (command) => command.option("biz-domain", {
+        alias: "bd",
+        type: "string",
+    }), async (argv) => {
+        exitCode = await with401RefreshRetry(async () => {
+            const base = await requireTokenAndBusinessDomain(argv.bizDomain);
+            const body = await listDataflows(base);
+            const table = renderTable(buildListTableRows(body.dags));
+            if (table) {
+                console.log(table);
+            }
+            return 0;
+        });
+    })
+        .command("run <dagId>", "Trigger one dataflow run", (command) => command
+        .positional("dagId", { type: "string" })
+        .option("file", { type: "string" })
+        .option("url", { type: "string" })
+        .option("name", { type: "string" })
+        .option("biz-domain", { alias: "bd", type: "string" })
+        .check((argv) => {
+        const hasFile = typeof argv.file === "string";
+        const hasUrl = typeof argv.url === "string";
+        if (hasFile === hasUrl) {
+            throw new Error("Exactly one of --file or --url is required.");
+        }
+        if (hasUrl && typeof argv.name !== "string") {
+            throw new Error("--url requires --name.");
+        }
+        return true;
+    }), async (argv) => {
+        exitCode = await with401RefreshRetry(async () => {
+            const base = await requireTokenAndBusinessDomain(argv.bizDomain);
+            if (typeof argv.file === "string") {
+                await access(argv.file, constants.R_OK);
+                const fileBytes = await readFile(argv.file);
+                const fileName = argv.file.split(/[\\/]/).pop() || "upload.bin";
+                const body = await runDataflowWithFile({
+                    ...base,
+                    dagId: argv.dagId,
+                    fileName,
+                    fileBytes,
+                });
+                console.log(body.dag_instance_id);
+                return 0;
+            }
+            const body = await runDataflowWithRemoteUrl({
+                ...base,
+                dagId: argv.dagId,
+                url: String(argv.url),
+                name: String(argv.name),
+            });
+            console.log(body.dag_instance_id);
+            return 0;
+        });
+    })
+        .command("runs <dagId>", "List run records for one dataflow", (command) => command
+        .positional("dagId", { type: "string" })
+        .option("since", { type: "string" })
+        .option("biz-domain", { alias: "bd", type: "string" }), async (argv) => {
+        exitCode = await with401RefreshRetry(async () => {
+            const base = await requireTokenAndBusinessDomain(argv.bizDomain);
+            const dayRange = typeof argv.since === "string" ? parseSinceToLocalDayRange(argv.since) : null;
+            let results = [];
+            if (!dayRange) {
+                const body = await listDataflowRuns({
+                    ...base,
+                    dagId: argv.dagId,
+                    page: 0,
+                    limit: 20,
+                    sortBy: "started_at",
+                    order: "desc",
+                });
+                results = body.results;
+            }
+            else {
+                const first = await listDataflowRuns({
+                    ...base,
+                    dagId: argv.dagId,
+                    page: 0,
+                    limit: 20,
+                    sortBy: "started_at",
+                    order: "desc",
+                    startTime: dayRange.startTime,
+                    endTime: dayRange.endTime,
+                });
+                results = [...first.results];
+                const total = first.total ?? first.results.length;
+                for (let page = 1; page * 20 < total; page += 1) {
+                    const next = await listDataflowRuns({
+                        ...base,
+                        dagId: argv.dagId,
+                        page,
+                        limit: 20,
+                        sortBy: "started_at",
+                        order: "desc",
+                        startTime: dayRange.startTime,
+                        endTime: dayRange.endTime,
+                    });
+                    results = results.concat(next.results);
+                }
+            }
+            const table = renderTable(buildRunTableRows(results));
+            if (table) {
+                console.log(table);
+            }
+            return 0;
+        });
+    })
+        .command("logs <dagId> <instanceId>", "Show logs for one run in summary or detail mode", (command) => command
+        .positional("dagId", { type: "string" })
+        .positional("instanceId", { type: "string" })
+        .option("detail", { type: "boolean", default: false })
+        .option("biz-domain", { alias: "bd", type: "string" }), async (argv) => {
+        exitCode = await with401RefreshRetry(async () => {
+            const base = await requireTokenAndBusinessDomain(argv.bizDomain);
+            let seen = 0;
+            for (let page = 0;; page += 1) {
+                const body = await getDataflowLogsPage({
+                    ...base,
+                    dagId: argv.dagId,
+                    instanceId: argv.instanceId,
+                    page,
+                    limit: 100,
+                });
+                if (body.results.length === 0)
+                    break;
+                for (const item of body.results) {
+                    console.log(formatDataflowLogOutput(item, argv.detail === true));
+                    console.log("");
+                }
+                seen += body.results.length;
+                if ((body.total ?? 0) > 0 && seen >= (body.total ?? 0))
+                    break;
+            }
+            return 0;
+        });
+    })
+        .demandCommand(1);
+    try {
+        await parser.parseAsync();
+        return exitCode;
+    }
+    catch (error) {
+        console.error(formatHttpError(error));
+        return 1;
+    }
+}

package/dist/commands/explore-bkn.d.ts

@@ -0,0 +1,79 @@
+import { IncomingMessage, ServerResponse } from "node:http";
+export interface ExploreMeta {
+    bkn: {
+        id: string;
+        name: string;
+    };
+    statistics: {
+        object_count: number;
+        relation_count: number;
+    };
+    objectTypes: Array<{
+        id: string;
+        name: string;
+        displayKey: string;
+        propertyCount: number;
+        properties: Array<{
+            name: string;
+            type?: string;
+        }>;
+    }>;
+    relationTypes: Array<{
+        id: string;
+        name: string;
+        sourceOtId: string;
+        targetOtId: string;
+        sourceOtName: string;
+        targetOtName: string;
+    }>;
+    actionTypes: Array<{
+        id: string;
+        name: string;
+    }>;
+}
+export interface ExploreOt {
+    id: string;
+    name: string;
+    displayKey: string;
+    propertyCount: number;
+    properties: Array<{
+        name: string;
+        type?: string;
+    }>;
+}
+export interface ExploreRt {
+    id: string;
+    name: string;
+    sourceOtId: string;
+    targetOtId: string;
+    sourceOtName: string;
+    targetOtName: string;
+}
+export interface ExploreAt {
+    id: string;
+    name: string;
+}
+export interface ExploreBkn {
+    id: string;
+    name: string;
+}
+export interface ExploreStats {
+    object_count: number;
+    relation_count: number;
+}
+export declare const EXPLORE_BOOTSTRAP_RETRY_DELAY_MS = 300;
+export declare const EXPLORE_BOOTSTRAP_MAX_ATTEMPTS = 2;
+export declare function buildMeta(knRaw: string, otRaw: string, rtRaw: string, atRaw: string): ExploreMeta;
+export declare function isRetryableExploreBootstrapError(error: unknown): boolean;
+export declare function loadExploreMetaWithRetry(token: {
+    baseUrl: string;
+    accessToken: string;
+}, knId: string, businessDomain: string): Promise<ExploreMeta>;
+export declare function readBody(req: IncomingMessage): Promise<string>;
+export declare function jsonResponse(res: ServerResponse, status: number, data: unknown): void;
+export declare function handleApiError(res: ServerResponse, error: unknown): void;
+export type TokenProvider = () => Promise<{
+    baseUrl: string;
+    accessToken: string;
+}>;
+export declare function registerBknRoutes(meta: ExploreMeta, getToken: TokenProvider, businessDomain: string): Map<string, (req: IncomingMessage, res: ServerResponse) => void>;