npm - @kweaver-ai/kweaver-sdk - Versions diffs - 0.6.2 → 0.6.4 - Mend

@kweaver-ai/kweaver-sdk 0.6.2 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/README.md +7 -3
package/README.zh.md +7 -3
package/dist/api/dataflow.js +4 -1
package/dist/api/skills.d.ts +6 -6
package/dist/api/skills.js +23 -9
package/dist/api/vega.d.ts +2 -0
package/dist/api/vega.js +8 -13
package/dist/auth/oauth.d.ts +69 -0
package/dist/auth/oauth.js +647 -1
package/dist/cli.js +1 -1
package/dist/commands/agent-chat.js +1 -1
package/dist/commands/agent.d.ts +9 -0
package/dist/commands/agent.js +44 -4
package/dist/commands/auth.js +145 -18
package/dist/commands/bkn-schema.js +6 -1
package/dist/commands/config.js +19 -9
package/dist/commands/context-loader.js +8 -2
package/dist/commands/dataflow.js +49 -7
package/dist/commands/ds.d.ts +1 -0
package/dist/commands/ds.js +10 -10
package/dist/commands/skill.js +4 -4
package/dist/index.d.ts +1 -0
package/dist/index.js +2 -0
package/package.json +1 -2

package/README.md CHANGED Viewed

@@ -31,6 +31,8 @@ export KWEAVER_BASE_URL=https://your-kweaver-instance.com
 export KWEAVER_TOKEN=your-token
 ```
+With both set, API commands use that token even if you never ran `auth login`. You can also run **`kweaver auth status`**, **`kweaver auth whoami`** (supports `--json`), and **`kweaver config show`** when there is **no** current platform in `~/.kweaver/` — the CLI decodes the token locally (JWT only). If the token is opaque, identity fields are omitted and a short hint is printed.
 ### Business domain (platform)
 Set or verify **before** calling list/query APIs that scope by tenant. DIP deployments often need a UUID, not only `bd_public`.
@@ -151,11 +153,13 @@ const skillMd = await client.skills.fetchContent("skill-id");
 ## CLI Reference
 ```
-kweaver auth login <url> [--alias name] [--no-auth] [--no-browser] [-u user] [-p pass] [--playwright] [--insecure|-k]
+kweaver auth login <url> [--alias name] [--no-auth] [--no-browser] [-u user] [-p pass] [--http-signin] [--playwright] [--insecure|-k]
+# -u/-p: tries HTTP /oauth2/signin first (refresh_token). If studioweb is missing: falls back to Playwright when installed, else prints install hint. --http-signin: HTTP only. --playwright: force browser automation.
 kweaver auth login <url> --client-id ID --client-secret S --refresh-token T   (headless login)
 kweaver auth export [url|alias] [--json]   (export command to run on a headless host)
-kweaver auth status/list/use/delete/logout
-kweaver config show / list-bd / set-bd <value>   # platform business domain — after login
+kweaver auth status / whoami [url|alias] [--json]   # whoami: --json; with KWEAVER_BASE_URL+KWEAVER_TOKEN when no ~/.kweaver/ platform
+kweaver auth list/use/delete/logout
+kweaver config show / list-bd / set-bd <value>   # platform business domain — show/list-bd work with KWEAVER_BASE_URL (+ KWEAVER_TOKEN for list-bd)
 kweaver token
 kweaver ds list/get/delete/tables/connect
 kweaver ds import-csv <ds_id> --files <glob> [--table-prefix <p>] [--batch-size 500] [--recreate]

package/README.zh.md CHANGED Viewed

@@ -31,6 +31,8 @@ export KWEAVER_BASE_URL=https://your-kweaver-instance.com
 export KWEAVER_TOKEN=your-token
 ```
+两者同时设置时，即使未执行 `auth login`，业务命令也会使用该 token。若 **`~/.kweaver/` 无当前平台**，仍可使用 **`kweaver auth status`**、**`kweaver auth whoami`**（支持 `--json`）、**`kweaver config show`**：CLI 会在本地解 JWT 展示身份；若 token 为 opaque，则省略身份字段并给出简短提示。
 ### 业务域（平台配置）
 在调用依赖租户范围的接口前，应先确认业务域；DIP 环境通常使用 **UUID**，不能长期只依赖默认 `bd_public`。
@@ -144,11 +146,13 @@ const skillMd = await client.skills.fetchContent("skill-id");
 ## 命令速查
 ```
-kweaver auth login <url> [--alias name] [--no-auth] [--no-browser] [-u user] [-p pass] [--playwright] [--insecure|-k]
+kweaver auth login <url> [--alias name] [--no-auth] [--no-browser] [-u user] [-p pass] [--http-signin] [--playwright] [--insecure|-k]
+# -u/-p：默认先试 HTTP /oauth2/signin（可拿 refresh_token）；无 studioweb 时：已装 Playwright 则回退无头浏览器，否则提示安装 Playwright；--http-signin 仅 HTTP；--playwright 强制浏览器
 kweaver auth login <url> --client-id ID --client-secret S --refresh-token T   (无浏览器登录)
 kweaver auth export [url|alias] [--json]   (导出在无浏览器机器上运行的命令)
-kweaver auth status/list/use/delete/logout
-kweaver config show / list-bd / set-bd <value>   # 平台业务域，登录后优先
+kweaver auth status / whoami [url|alias] [--json]   # whoami 支持 --json；无 ~/.kweaver/ 当前平台时可配 KWEAVER_BASE_URL+KWEAVER_TOKEN
+kweaver auth list/use/delete/logout
+kweaver config show / list-bd / set-bd <value>   # 业务域；show/list-bd 在无已保存平台时可与 env 配对
 kweaver token
 kweaver ds list/get/delete/tables/connect
 kweaver dataflow list/run/runs/logs

package/dist/api/dataflow.js CHANGED Viewed

@@ -82,7 +82,10 @@ export async function pollDataflowResults(options) {
                 return latest;
             }
             if (latest.status === "failed" || latest.status === "error") {
-                const reason = latest.reason ? `: ${latest.reason}` : "";
+                const reasonVal = latest.reason;
+                const reason = reasonVal
+                    ? `: ${typeof reasonVal === "string" ? reasonVal : JSON.stringify(reasonVal)}`
+                    : "";
                 throw new Error(`Dataflow run ${latest.status}${reason}`);
             }
         }

package/dist/api/skills.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 export type SkillStatus = "unpublish" | "published" | "offline";
 export type SkillFileType = "zip" | "content";
 export interface SkillSummary {
-    skill_id: string;
+    id: string;
     name: string;
     description?: string;
     version?: string;
@@ -26,20 +26,20 @@ export interface SkillFileSummary {
     mime_type?: string;
 }
 export interface SkillContentIndex {
-    skill_id: string;
+    id: string;
     url: string;
     files: SkillFileSummary[];
     status?: SkillStatus;
 }
 export interface SkillFileReadResult {
-    skill_id: string;
+    id: string;
     rel_path: string;
     url: string;
     mime_type?: string;
     file_type?: string;
 }
 export interface RegisterSkillResult {
-    skill_id: string;
+    id: string;
     name: string;
     description?: string;
     version?: string;
@@ -47,11 +47,11 @@ export interface RegisterSkillResult {
     files?: string[];
 }
 export interface DeleteSkillResult {
-    skill_id: string;
+    id: string;
     deleted: boolean;
 }
 export interface UpdateSkillStatusResult {
-    skill_id: string;
+    id: string;
     status: SkillStatus;
 }
 export interface SkillListResult {

package/dist/api/skills.js CHANGED Viewed

@@ -18,6 +18,20 @@ function unwrapEnvelope(raw) {
     }
     return parsed;
 }
+/** Rename `skill_id` → `id` for consistent output with other modules. */
+function normalizeSkillId(obj) {
+    if (!obj || typeof obj !== "object")
+        return obj;
+    if (Array.isArray(obj))
+        return obj.map(normalizeSkillId);
+    const record = obj;
+    const out = {};
+    for (const [key, value] of Object.entries(record)) {
+        const newKey = key === "skill_id" ? "id" : key;
+        out[newKey] = typeof value === "object" ? normalizeSkillId(value) : value;
+    }
+    return out;
+}
 function appendCommonListParams(url, opts) {
     if (opts.page !== undefined)
         url.searchParams.set("page", String(opts.page));
@@ -60,23 +74,23 @@ export async function listSkills(options) {
     if (options.createUser)
         url.searchParams.set("create_user", options.createUser);
     const { body } = await fetchTextOrThrow(url, { headers: baseHeaders(options) });
-    return unwrapEnvelope(body);
+    return normalizeSkillId(unwrapEnvelope(body));
 }
 export async function listSkillMarket(options) {
     const url = new URL(buildUrl(options.baseUrl, `${SKILL_API_PREFIX}/skills/market`));
     appendCommonListParams(url, options);
     const { body } = await fetchTextOrThrow(url, { headers: baseHeaders(options) });
-    return unwrapEnvelope(body);
+    return normalizeSkillId(unwrapEnvelope(body));
 }
 export async function getSkill(options) {
     const url = buildUrl(options.baseUrl, `${SKILL_API_PREFIX}/skills/${encodeURIComponent(options.skillId)}`);
     const { body } = await fetchTextOrThrow(url, { headers: baseHeaders(options) });
-    return unwrapEnvelope(body);
+    return normalizeSkillId(unwrapEnvelope(body));
 }
 export async function deleteSkill(options) {
     const url = buildUrl(options.baseUrl, `${SKILL_API_PREFIX}/skills/${encodeURIComponent(options.skillId)}`);
     const { body } = await fetchTextOrThrow(url, { method: "DELETE", headers: baseHeaders(options) });
-    return unwrapEnvelope(body);
+    return normalizeSkillId(unwrapEnvelope(body));
 }
 export async function updateSkillStatus(options) {
     const url = buildUrl(options.baseUrl, `${SKILL_API_PREFIX}/skills/${encodeURIComponent(options.skillId)}/status`);
@@ -85,7 +99,7 @@ export async function updateSkillStatus(options) {
         headers: { ...baseHeaders(options), "content-type": "application/json" },
         body: JSON.stringify({ status: options.status }),
     });
-    return unwrapEnvelope(body);
+    return normalizeSkillId(unwrapEnvelope(body));
 }
 export async function registerSkillContent(options) {
     const url = buildUrl(options.baseUrl, `${SKILL_API_PREFIX}/skills`);
@@ -102,7 +116,7 @@ export async function registerSkillContent(options) {
         headers: { ...baseHeaders(options), "content-type": "application/json" },
         body: JSON.stringify(payload),
     });
-    return unwrapEnvelope(body);
+    return normalizeSkillId(unwrapEnvelope(body));
 }
 export async function registerSkillZip(options) {
     const url = buildUrl(options.baseUrl, `${SKILL_API_PREFIX}/skills`);
@@ -118,12 +132,12 @@ export async function registerSkillZip(options) {
         headers: baseHeaders(options),
         body: form,
     });
-    return unwrapEnvelope(body);
+    return normalizeSkillId(unwrapEnvelope(body));
 }
 export async function getSkillContentIndex(options) {
     const url = buildUrl(options.baseUrl, `${SKILL_API_PREFIX}/skills/${encodeURIComponent(options.skillId)}/content`);
     const { body } = await fetchTextOrThrow(url, { headers: baseHeaders(options) });
-    return unwrapEnvelope(body);
+    return normalizeSkillId(unwrapEnvelope(body));
 }
 export async function fetchSkillContent(options) {
     const index = await getSkillContentIndex(options);
@@ -137,7 +151,7 @@ export async function readSkillFile(options) {
         headers: { ...baseHeaders(options), "content-type": "application/json" },
         body: JSON.stringify({ rel_path: options.relPath }),
     });
-    return unwrapEnvelope(body);
+    return normalizeSkillId(unwrapEnvelope(body));
 }
 export async function fetchSkillFile(options) {
     const file = await readSkillFile(options);

package/dist/api/vega.d.ts CHANGED Viewed

@@ -235,4 +235,6 @@ export interface ListAllVegaResourcesOptions {
     offset?: number;
     businessDomain?: string;
 }
+/** List all Vega resources (no catalog filter). Uses GET /resources — not /resources/list, which
+ * conflicts with GET /resources/{id} on some gateways (path segment "list" is treated as an id). */
 export declare function listAllVegaResources(options: ListAllVegaResourcesOptions): Promise<string>;

package/dist/api/vega.js CHANGED Viewed

@@ -476,20 +476,15 @@ export async function vegaSQLQuery(options) {
         throw new HttpError(response.status, response.statusText, body);
     return body;
 }
+/** List all Vega resources (no catalog filter). Uses GET /resources — not /resources/list, which
+ * conflicts with GET /resources/{id} on some gateways (path segment "list" is treated as an id). */
 export async function listAllVegaResources(options) {
     const { baseUrl, accessToken, limit, offset, businessDomain = "bd_public" } = options;
-    const base = baseUrl.replace(/\/+$/, "");
-    const url = new URL(`${base}${VEGA_BASE}/resources/list`);
-    if (limit !== undefined)
-        url.searchParams.set("limit", String(limit));
-    if (offset !== undefined)
-        url.searchParams.set("offset", String(offset));
-    const response = await fetch(url.toString(), {
-        method: "GET",
-        headers: buildHeaders(accessToken, businessDomain),
+    return listVegaResources({
+        baseUrl,
+        accessToken,
+        limit,
+        offset,
+        businessDomain,
     });
-    const body = await response.text();
-    if (!response.ok)
-        throw new HttpError(response.status, response.statusText, body);
-    return body;
 }

package/dist/auth/oauth.d.ts CHANGED Viewed

@@ -1,4 +1,19 @@
 import { type TokenConfig } from "../config/store.js";
+/**
+ * Studioweb hardcoded LOGIN public key (PEM) — the single key used for HTTP `/oauth2/signin`.
+ * Source: kweaver-ai/kweaver `deploy/auto_cofig/auto_config.sh` `LOGIN_PUBLIC_KEY`.
+ */
+export declare const STUDIOWEB_LOGIN_PUBLIC_KEY_PEM = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyOstgbYuubBi2PUqeVj\nGKlkwVUY6w1Y8d4k116dI2SkZI8fxcjHALv77kItO4jYLVplk9gO4HAtsisnNE2o\nwlYIqdmyEPMwupaeFFFcg751oiTXJiYbtX7ABzU5KQYPjRSEjMq6i5qu/mL67XTk\nhvKwrC83zme66qaKApmKupDODPb0RRkutK/zHfd1zL7sciBQ6psnNadh8pE24w8O\n2XVy1v2bgSNkGHABgncR7seyIg81JQ3c/Axxd6GsTztjLnlvGAlmT1TphE84mi99\nfUaGD2A1u1qdIuNc+XuisFeNcUW6fct0+x97eS2eEGRr/7qxWmO/P20sFVzXc2bF\n1QIDAQAB\n-----END PUBLIC KEY-----";
+/**
+ * Default RSA modulus (hex) for `/oauth2/signin` when `__NEXT_DATA__` has no `publicKey` / `modulus`.
+ * DIP / EACP / AnyShare-style deployments use the ISFWeb `core/auth` PUBLIC_KEY (1024-bit, exp 65537).
+ * Prefer key material from the sign-in page when present.
+ */
+export declare const DEFAULT_SIGNIN_RSA_MODULUS_HEX = "C1D9F84B95AF6B331FBA2D64D76A39CAD7529DA79DB4B3543E4DF3DF21723FEC6F7E2F6602E11037339AE0462DF6B39F94150FC256A505A8CA95BB3699E25C3FB84764D6A1DC3F483A2C1DC4F70925D85725151D0CFBF1EB5A6C4FA0E37ED32FED150C717CD82C528745CDB761D17635AC855421B3CBBEE7D405B2CA5C70CFA7";
+/**
+ * Build an SPKI PEM from an RSA modulus (hex) and public exponent (default 65537 / 0x10001).
+ */
+export declare function rsaModulusHexToSpkiPem(modulusHex: string, exponent?: number): string;
 /** POSIX shell single-quote escaping for copy-paste commands. */
 export declare function shellQuoteForShell(value: string): string;
 /**
@@ -11,6 +26,12 @@ export declare function buildCopyCommand(baseUrl: string, clientId: string, clie
  */
 export declare function buildCallbackHtml(copyCommand: string): string;
 export declare function normalizeBaseUrl(value: string): string;
+/**
+ * Temporarily disable TLS certificate verification for Node `fetch` (sets
+ * NODE_TLS_REJECT_UNAUTHORIZED). Used for `--insecure` login and token refresh.
+ */
+/** @internal Exported for CLI env-only identity resolution (`env-snapshot.ts`). */
+export declare function runWithTlsInsecure<T>(tlsInsecure: boolean | undefined, fn: () => Promise<T>): Promise<T>;
 /**
  * OAuth2 Authorization Code login flow.
  * 1. Register client (if not already registered), OR use a provided client ID
@@ -50,6 +71,54 @@ export declare function playwrightLogin(baseUrl: string, options?: {
     scope?: string;
     tlsInsecure?: boolean;
 }): Promise<TokenConfig>;
+/**
+ * Parse Next.js `__NEXT_DATA__` from the OAuth2 sign-in HTML shell (CSRF + optional challenge/remember for POST /oauth2/signin).
+ * Hydra `login_challenge` may appear only in the sign-in URL; use that when `pageProps.challenge` is absent.
+ */
+export declare function parseSigninPageHtmlProps(html: string): {
+    challenge?: string;
+    csrftoken: string;
+    remember?: boolean;
+    /** Hex modulus, PEM, or Base64 SPKI from page (nested search + HTML regex fallback). */
+    rsaPublicKeyMaterial?: string;
+};
+/**
+ * True when {@link oauth2PasswordSigninLogin} failed because the Studio web sign-in shell
+ * (`/interface/studioweb/login`) is missing or unreachable — callers may fall back to Playwright.
+ */
+export declare function isStudiowebShellUnavailableError(err: unknown): boolean;
+/**
+ * OAuth2 Authorization Code login using HTTP **only**: `GET /oauth2/signin` (Next.js shell) and
+ * `POST /oauth2/signin` with an RSA PKCS#1 v1.5–encrypted password (same as the browser `rsa.min` / Studio
+ * `core/mediator/auth` path).
+ *
+ * `/oauth2/auth` uses `product` `adp` by default (KWeaver Studio shell); set `oauthProduct` or `KWEAVER_OAUTH_PRODUCT` for DIP (`dip`).
+ * Password ciphertext defaults to **single-line base64** (PyCrypto-style); set `KWEAVER_SIGNIN_PASSWORD_B64_RSA_MIN=1` for rsa.min-style wrapped lines.
+ */
+export declare function oauth2PasswordSigninLogin(baseUrl: string, options: {
+    username: string;
+    password: string;
+    port?: number;
+    scope?: string;
+    clientId?: string;
+    clientSecret?: string;
+    tlsInsecure?: boolean;
+    /**
+     * `product` query for `/oauth2/auth` (must match deployment). Default `adp`; DIP deployments often use `dip`.
+     * @default KWEAVER_OAUTH_PRODUCT env or `adp`
+     */
+    oauthProduct?: string;
+    /**
+     * Password ciphertext: `rsa.min` uses newline every 64 chars; PyCrypto / some gateways expect a single base64 line.
+     * @default false (single-line base64, matches kweaver-core EACP-style encryption)
+     */
+    signinPasswordBase64Plain?: boolean;
+    /**
+     * PEM / hex / Base64-SPKI file path — overrides key from the sign-in HTML.
+     * Env: `KWEAVER_SIGNIN_RSA_PUBLIC_KEY` (same path semantics as CLI `--signin-public-key-file`).
+     */
+    signinPublicKeyPemPath?: string;
+}): Promise<TokenConfig>;
 /**
  * Log in on a headless machine using OAuth2 client credentials and a refresh token (no browser).
  * Exchanges the refresh token for a new access token and persists ~/.kweaver/ state.