@kweaver-ai/kweaver-sdk 0.6.3 → 0.6.5

package/dist/cli.js

@@ -12,6 +12,8 @@ import { runExploreCommand } from "./commands/explore.js";
 import { runDataviewCommand } from "./commands/dataview.js";
 import { runSkillCommand } from "./commands/skill.js";
 import { runTokenCommand } from "./commands/token.js";
+import { runToolboxCommand } from "./commands/toolbox.js";
+import { runToolCommand } from "./commands/tool.js";
 import { runVegaCommand } from "./commands/vega.js";
 function printHelp() {
     console.log(`kweaver
@@ -21,7 +23,7 @@ Usage:
   kweaver --version | -V
   kweaver --help | -h
 
-  kweaver auth <platform-url> [--alias name] [--no-auth] [--no-browser] [-u user] [-p pass] [--playwright] [--insecure|-k]
+  kweaver auth <platform-url> [--alias name] [--no-auth] [--no-browser] [-u user] [-p pass] [--http-signin] [--playwright] [--insecure|-k]
   kweaver auth login <platform-url>          (alias for auth <url>)
   kweaver auth login <url> --client-id ID --client-secret S --refresh-token T   (run on host without browser)
   kweaver auth whoami [platform-url|alias] [--json]
@@ -99,6 +101,15 @@ Usage:
   kweaver skill read-file <skill-id> <rel-path> [--raw] [--output file]
   kweaver skill download|install <skill-id> [path] [options]
 
+  kweaver toolbox create --name <n> --service-url <url> [--description <d>] [-bd value]
+  kweaver toolbox list [--keyword X] [--limit N] [--offset N] [-bd value]
+  kweaver toolbox publish|unpublish <box-id> [-bd value]
+  kweaver toolbox delete <box-id> [-y] [-bd value]
+
+  kweaver tool upload --toolbox <box-id> <openapi-spec-path> [--metadata-type openapi]
+  kweaver tool list --toolbox <box-id> [-bd value]
+  kweaver tool enable|disable --toolbox <box-id> <tool-id>... [-bd value]
+
   kweaver vega health|stats|inspect
   kweaver vega catalog list|get|health|test-connection|discover|resources [options]
   kweaver vega resource list|get|query [options]
@@ -129,6 +140,8 @@ Commands:
                  object-type, relation-type, subgraph, action-type, action-execution, action-log)
   config         Per-platform configuration (business domain)
   skill          Skill registry and market (register, search, progressive read, download/install)
+  toolbox        Agent toolbox lifecycle (create, list, publish, delete)
+  tool           Tools inside a toolbox (upload OpenAPI spec, list, enable/disable)
   vega           Vega observability (catalog, resource, query/sql, connector-type, health/stats/inspect)
   context-loader Context-loader MCP (config, tools, resources, prompts, kn-search, query-*, etc.)
   help           Show this message`);
@@ -195,6 +208,12 @@ export async function run(argv) {
     if (command === "skill") {
         return runSkillCommand(rest);
     }
+    if (command === "toolbox") {
+        return runToolboxCommand(rest);
+    }
+    if (command === "tool") {
+        return runToolCommand(rest);
+    }
     if (command === "context-loader" || command === "context") {
         return runContextLoaderCommand(rest);
     }

package/dist/commands/auth.js

@@ -1,14 +1,25 @@
 import { isNoAuth } from "../config/no-auth.js";
 import { autoSelectBusinessDomain, clearPlatformSession, deletePlatform, deleteUser, getActiveUser, getConfigDir, getCurrentPlatform, getPlatformAlias, hasPlatform, listPlatforms, listUserProfiles, loadClientConfig, loadTokenConfig, resolveBusinessDomain, resolvePlatformIdentifier, resolveUserId, saveNoAuthPlatform, setActiveUser, setCurrentPlatform, setPlatformAlias, } from "../config/store.js";
 import { decodeJwtPayload } from "../config/jwt.js";
-import { buildCopyCommand, formatHttpError, normalizeBaseUrl, oauth2Login, playwrightLogin, refreshTokenLogin, } from "../auth/oauth.js";
+import { buildCopyCommand, formatHttpError, isStudiowebShellUnavailableError, normalizeBaseUrl, oauth2Login, oauth2PasswordSigninLogin, playwrightLogin, refreshTokenLogin, } from "../auth/oauth.js";
+/** True when the `playwright` npm package can be imported (browser binaries may still need `npx playwright install`). */
+async function isPlaywrightPackageResolvable() {
+    try {
+        const modName = "playwright";
+        await import(/* webpackIgnore: true */ modName);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
 export async function runAuthCommand(args) {
     const target = args[0];
     const rest = args.slice(1);
     if (!target || target === "--help" || target === "-h") {
         console.log(`kweaver auth login <url> [options]   Login to a platform (browser OAuth2 by default)
 kweaver auth <url>                   Login (shorthand; same options as login)
-kweaver auth whoami [url|alias]      Show current user identity (from id_token)
+kweaver auth whoami [url|alias] [--json]  Show current user identity (from id_token)
 kweaver auth export [url|alias] [--json]   Export credentials; run printed command on a headless host
 kweaver auth status [url|alias]      Show current auth status
 kweaver auth list                    List all platforms and users (tree view)
@@ -30,16 +41,17 @@ Login options:
   --port <n>             Local callback port (default: 9010). Use when 9010 is occupied.
   --no-browser           Do not open a browser; print the auth URL and prompt for the callback URL or code (stdin).
                          Use on headless servers or when automatic browser launch fails.
-  -u, --username         Username (with -p triggers Playwright headless login)
-  -p, --password         Password
-  --playwright           Force Playwright browser login even without -u/-p
+  -u, --username         Username (with -p: tries HTTP /oauth2/signin first when the Studio web shell is available)
+  -p, --password         Password (with -u: falls back to Playwright headless only when studioweb is unavailable and Playwright is installed)
+  --http-signin          With -u/-p: HTTP POST /oauth2/signin only (no Playwright fallback). Uses the built-in RSA public key.
+  --playwright           With -u/-p: force Playwright (skip HTTP sign-in). Without -u/-p: open Playwright for manual login.
   --insecure, -k         Skip TLS certificate verification (self-signed / dev HTTPS only)
   --no-auth              Save platform without OAuth (servers with no authentication). Same as detecting OAuth 404 during login.`);
         return 0;
     }
     if (target === "login") {
         if (rest[0] === "--help" || rest[0] === "-h") {
-            console.log(`kweaver auth login <platform-url> [--alias <name>] [--no-auth] [--no-browser] [-u user] [-p pass] [--playwright] [--refresh-token T --client-id ID --client-secret S]`);
+            console.log(`kweaver auth login <platform-url> [--alias <name>] [--no-auth] [--no-browser] [-u user] [-p pass] [--http-signin] [--playwright] [--refresh-token T --client-id ID --client-secret S]`);
             return 0;
         }
         const url = rest[0];
@@ -69,6 +81,9 @@ Login options:
             const username = readOption(args, "--username") ?? readOption(args, "-u");
             const password = readOption(args, "--password") ?? readOption(args, "-p");
             const usePlaywright = args.includes("--playwright");
+            const httpSignin = args.includes("--http-signin");
+            const oauthProduct = readOption(args, "--oauth-product");
+            const signinPublicKeyFile = readOption(args, "--signin-public-key-file");
             const clientId = readOption(args, "--client-id");
             const clientSecret = readOption(args, "--client-secret");
             const refreshToken = readOption(args, "--refresh-token");
@@ -83,11 +98,16 @@ Login options:
             const KNOWN_LOGIN_FLAGS = new Set([
                 "--alias", "--client-id", "--client-secret", "--refresh-token",
                 "--port", "--no-browser", "--username", "-u", "--password", "-p",
+                "--http-signin",
+                "--oauth-product",
+                "--signin-public-key-file",
                 "--playwright", "--insecure", "-k", "--no-auth", "--redirect-uri",
             ]);
             const KNOWN_VALUE_FLAGS = new Set([
                 "--alias", "--client-id", "--client-secret", "--refresh-token",
                 "--port", "--username", "-u", "--password", "-p", "--redirect-uri",
+                "--oauth-product",
+                "--signin-public-key-file",
             ]);
             for (let i = 0; i < args.length; i++) {
                 const a = args[i];
@@ -110,12 +130,24 @@ Login options:
             if (noAuth && noBrowser) {
                 console.error("--no-auth does not require a browser; --no-browser is ignored.");
             }
-            if (noAuth && (username || password || usePlaywright)) {
-                console.error("--no-auth cannot be used with Playwright login or -u/-p.");
+            if (noAuth && (username || password || usePlaywright || httpSignin)) {
+                console.error("--no-auth cannot be used with Playwright login, HTTP sign-in, or -u/-p.");
+                return 1;
+            }
+            if (noBrowser && (username || password || usePlaywright || httpSignin)) {
+                console.error("--no-browser cannot be used with Playwright login, HTTP sign-in, or -u/-p.");
                 return 1;
             }
-            if (noBrowser && (username || password || usePlaywright)) {
-                console.error("--no-browser cannot be used with Playwright login or -u/-p.");
+            if (httpSignin && usePlaywright) {
+                console.error("--http-signin cannot be used with --playwright.");
+                return 1;
+            }
+            if (httpSignin && refreshToken) {
+                console.error("--http-signin cannot be used with --refresh-token.");
+                return 1;
+            }
+            if (httpSignin && (!username || !password)) {
+                console.error("--http-signin requires -u/--username and -p/--password.");
                 return 1;
             }
             if (noBrowser && refreshToken) {
@@ -137,12 +169,67 @@ Login options:
                     clientId, clientSecret, refreshToken, tlsInsecure,
                 });
             }
-            else if (username && password) {
-                console.log("Logging in (headless)...");
+            else if (username && password && httpSignin) {
+                console.log("Logging in (HTTP /oauth2/signin)...");
+                token = await oauth2PasswordSigninLogin(normalizedTarget, {
+                    username,
+                    password,
+                    tlsInsecure,
+                    port: customPort,
+                    clientId: clientId ?? undefined,
+                    clientSecret: clientSecret ?? undefined,
+                    oauthProduct: oauthProduct ?? undefined,
+                    signinPublicKeyPemPath: signinPublicKeyFile ?? undefined,
+                });
+            }
+            else if (username && password && usePlaywright) {
+                console.log("Logging in (headless, Playwright)...");
                 token = await playwrightLogin(normalizedTarget, {
-                    username, password, tlsInsecure, port: customPort,
+                    username,
+                    password,
+                    tlsInsecure,
+                    port: customPort,
                 });
             }
+            else if (username && password) {
+                const signinOpts = {
+                    username,
+                    password,
+                    tlsInsecure,
+                    port: customPort,
+                    clientId: clientId ?? undefined,
+                    clientSecret: clientSecret ?? undefined,
+                    oauthProduct: oauthProduct ?? undefined,
+                    signinPublicKeyPemPath: signinPublicKeyFile ?? undefined,
+                };
+                console.log("Logging in (HTTP /oauth2/signin)...");
+                try {
+                    token = await oauth2PasswordSigninLogin(normalizedTarget, signinOpts);
+                }
+                catch (err) {
+                    if (!isStudiowebShellUnavailableError(err)) {
+                        throw err;
+                    }
+                    const playwrightOk = await isPlaywrightPackageResolvable();
+                    if (playwrightOk) {
+                        process.stderr.write("Studio web sign-in shell is not available; falling back to Playwright headless login.\n");
+                        console.log("Logging in (headless, Playwright)...");
+                        token = await playwrightLogin(normalizedTarget, {
+                            username,
+                            password,
+                            tlsInsecure,
+                            port: customPort,
+                        });
+                    }
+                    else {
+                        console.error("Studio web sign-in shell is not available on this platform, and the Playwright package is not installed.");
+                        console.error("Install Playwright for headless browser login: npm install playwright && npx playwright install chromium");
+                        console.error("Alternatively, use OAuth without credentials:");
+                        console.error(`  kweaver auth login ${normalizedTarget} --no-browser`);
+                        throw err;
+                    }
+                }
+            }
             else if (usePlaywright) {
                 console.log("Opening browser for login (Playwright)...");
                 token = await playwrightLogin(normalizedTarget, {
@@ -217,8 +304,19 @@ Login options:
         const statusTarget = resolvedTarget && /^https?:\/\//.test(resolvedTarget) ? normalizeBaseUrl(resolvedTarget) : resolvedTarget ?? undefined;
         const platform = statusTarget ?? getCurrentPlatform();
         if (!platform) {
-            console.error("No active platform. Run `kweaver auth login <platform-url>` first.");
-            return 1;
+            const envRaw = process.env.KWEAVER_BASE_URL?.trim();
+            const envUrl = envRaw ? normalizeBaseUrl(envRaw) : undefined;
+            const envToken = process.env.KWEAVER_TOKEN?.trim();
+            if (!envUrl || !envToken) {
+                console.error("No active platform. Run `kweaver auth login <platform-url>` first.\n" +
+                    "  Tip: set KWEAVER_BASE_URL and KWEAVER_TOKEN to use this command without a saved login.");
+                return 1;
+            }
+            console.log(`Config directory: ${getConfigDir()}`);
+            console.log(`Platform:         ${envUrl} (KWEAVER_BASE_URL)`);
+            console.log(`Token present:    yes (KWEAVER_TOKEN)`);
+            console.log(`Refresh token:    n/a (env)`);
+            return 0;
         }
         const token = loadTokenConfig(platform);
         if (!token) {
@@ -359,7 +457,7 @@ Login options:
         return 0;
     }
     console.error("Usage: kweaver auth login <platform-url> [--alias <name>] [-u user] [-p pass] [--playwright]");
-    console.error("       kweaver auth whoami [platform-url|alias]");
+    console.error("       kweaver auth whoami [platform-url|alias] [--json]");
     console.error("       kweaver auth export [platform-url|alias] [--json]");
     console.error("       kweaver auth status [platform-url|alias]");
     console.error("       kweaver auth list");
@@ -456,8 +554,37 @@ Options:
     const resolved = positional ? resolvePlatformIdentifier(positional) : null;
     const platform = resolved && /^https?:\/\//.test(resolved) ? normalizeBaseUrl(resolved) : resolved ?? getCurrentPlatform();
     if (!platform) {
-        console.error("No active platform. Run `kweaver auth login <platform-url>` first.");
-        return 1;
+        const envRaw = process.env.KWEAVER_BASE_URL?.trim();
+        const envUrl = envRaw ? normalizeBaseUrl(envRaw) : undefined;
+        const envToken = process.env.KWEAVER_TOKEN?.trim();
+        if (!envUrl || !envToken) {
+            console.error("No active platform. Run `kweaver auth login <platform-url>` first.");
+            return 1;
+        }
+        const accessToken = envToken.replace(/^Bearer\s+/i, "");
+        const payload = decodeJwtPayload(accessToken);
+        if (jsonOutput) {
+            console.log(JSON.stringify({ platform: envUrl, source: "env", ...(payload ?? {}) }, null, 2));
+            return 0;
+        }
+        console.log(`Platform: ${envUrl}`);
+        console.log(`Source:   env (KWEAVER_TOKEN)`);
+        if (payload) {
+            const uname = payload.preferred_username ?? payload.name;
+            if (uname)
+                console.log(`Username: ${uname}`);
+            console.log(`User ID:  ${payload.sub ?? "(unknown)"}`);
+            console.log(`Issuer:   ${payload.iss ?? "(unknown)"}`);
+            if (payload.iat)
+                console.log(`Issued:   ${new Date(payload.iat * 1000).toISOString()}`);
+            if (payload.exp)
+                console.log(`Expires:  ${new Date(payload.exp * 1000).toISOString()}`);
+        }
+        else {
+            console.log(`User info unavailable: opaque access token.`);
+            console.log(`Hint: run \`kweaver auth login ${envUrl}\` to obtain a full session.`);
+        }
+        return 0;
     }
     const token = loadTokenConfig(platform);
     if (!token) {

package/dist/commands/bkn-ops.d.ts

@@ -49,6 +49,7 @@ export declare function parseKnCreateFromCsvArgs(args: string[]): {
     batchSize: number;
     tables: string[];
     build: boolean;
+    recreate: boolean;
     timeout: number;
     businessDomain: string;
 };

package/dist/commands/bkn-ops.js

@@ -706,6 +706,7 @@ Options:
   --tables <a,b>       Tables to include in KN (default: all imported)
   --build (default)    Build after creation
   --no-build           Skip build
+  --recreate           Use "insert" mode on first batch (only effective for new tables)
   --timeout <n>        Build timeout in seconds (default: 300)
   -bd, --biz-domain    Business domain (default: bd_public)`;
 export function parseKnCreateFromCsvArgs(args) {
@@ -716,6 +717,7 @@ export function parseKnCreateFromCsvArgs(args) {
     let batchSize = 500;
     let tablesStr = "";
     let build = true;
+    let recreate = false;
     let timeout = 300;
     let businessDomain = "";
     for (let i = 0; i < args.length; i += 1) {
@@ -752,6 +754,10 @@ export function parseKnCreateFromCsvArgs(args) {
             build = false;
             continue;
         }
+        if (arg === "--recreate") {
+            recreate = true;
+            continue;
+        }
         if (arg === "--timeout" && args[i + 1]) {
             timeout = parseInt(args[++i], 10);
             if (Number.isNaN(timeout) || timeout < 1)
@@ -772,7 +778,7 @@ export function parseKnCreateFromCsvArgs(args) {
     }
     if (!businessDomain)
         businessDomain = resolveBusinessDomain();
-    return { dsId, files, name, tablePrefix, batchSize, tables, build, timeout, businessDomain };
+    return { dsId, files, name, tablePrefix, batchSize, tables, build, recreate, timeout, businessDomain };
 }
 export async function runKnCreateFromCsvCommand(args) {
     let options;
@@ -795,6 +801,7 @@ export async function runKnCreateFromCsvCommand(args) {
         "--table-prefix", options.tablePrefix,
         "--batch-size", String(options.batchSize),
         "-bd", options.businessDomain,
+        ...(options.recreate ? ["--recreate"] : []),
     ];
     const importResult = await runDsImportCsv(importArgs);
     if (importResult.code !== 0) {

package/dist/commands/call.d.ts

@@ -1,8 +1,18 @@
+export type FormField = {
+    name: string;
+    kind: "string";
+    value: string;
+} | {
+    name: string;
+    kind: "file";
+    path: string;
+};
 export interface CallInvocation {
     url: string;
     method: string;
     headers: Headers;
     body?: string;
+    formFields?: FormField[];
     pretty: boolean;
     verbose: boolean;
     businessDomain: string;

package/dist/commands/call.js

@@ -1,3 +1,5 @@
+import { readFile } from "node:fs/promises";
+import { basename } from "node:path";
 import { ensureValidToken, formatHttpError, with401RefreshRetry } from "../auth/oauth.js";
 import { isNoAuth } from "../config/no-auth.js";
 import { HttpError } from "../utils/http.js";
@@ -6,6 +8,7 @@ export function parseCallArgs(args) {
     const headers = new Headers();
     let method = "GET";
     let body;
+    const formFields = [];
     let url;
     let pretty = true;
     let verbose = false;
@@ -40,6 +43,26 @@ export function parseCallArgs(args) {
             index += 1;
             continue;
         }
+        if (arg === "-F" || arg === "--form") {
+            const raw = args[index + 1];
+            if (!raw)
+                throw new Error("Missing value for -F flag");
+            const eq = raw.indexOf("=");
+            if (eq === -1)
+                throw new Error(`Invalid -F format: ${raw} (expected key=value or key=@path)`);
+            const name = raw.slice(0, eq);
+            const rhs = raw.slice(eq + 1);
+            if (rhs.startsWith("@")) {
+                formFields.push({ name, kind: "file", path: rhs.slice(1) });
+            }
+            else {
+                formFields.push({ name, kind: "string", value: rhs });
+            }
+            if (method === "GET")
+                method = "POST";
+            index += 1;
+            continue;
+        }
         if (arg === "--pretty") {
             pretty = true;
             continue;
@@ -70,9 +93,21 @@ export function parseCallArgs(args) {
     if (!url) {
         throw new Error("Missing request URL");
     }
+    if (formFields.length > 0 && body !== undefined) {
+        throw new Error("-F and -d are mutually exclusive");
+    }
     if (!businessDomain)
         businessDomain = resolveBusinessDomain();
-    return { url, method, headers, body, pretty, verbose, businessDomain };
+    return {
+        url,
+        method,
+        headers,
+        body,
+        formFields: formFields.length > 0 ? formFields : undefined,
+        pretty,
+        verbose,
+        businessDomain,
+    };
 }
 function injectAuthHeaders(headers, accessToken, businessDomain) {
     if (!isNoAuth(accessToken)) {
@@ -115,12 +150,17 @@ export function formatVerboseRequest(invocation) {
     for (const [name, value] of entries) {
         lines.push(`  ${name}: ${value}`);
     }
-    lines.push(`Body: ${invocation.body ? "present" : "empty"}`);
+    const bodyDesc = invocation.formFields && invocation.formFields.length > 0
+        ? `multipart (${invocation.formFields.length} field${invocation.formFields.length > 1 ? "s" : ""})`
+        : invocation.body
+            ? "present"
+            : "empty";
+    lines.push(`Body: ${bodyDesc}`);
     return lines;
 }
 export async function runCallCommand(args) {
     if (args.length === 0 || args[0] === "--help" || args[0] === "-h") {
-        console.log(`kweaver call <url> [-X METHOD] [-H "Name: value"] [-d BODY] [--pretty] [--verbose] [-bd value]
+        console.log(`kweaver call <url> [-X METHOD] [-H "Name: value"] [-d BODY] [-F key=value] [--pretty] [--verbose] [-bd value]
 
 Call an API with curl-style flags and auto-injected token headers.
 
@@ -129,6 +169,7 @@ Options:
   -X, --request      HTTP method (default: GET)
   -H, --header       Extra header (repeatable)
   -d, --data, --data-raw   JSON request body (sets Content-Type: application/json if not set)
+  -F, --form         Multipart form field. -F key=value or -F key=@/path/to/file. Repeatable. Mutually exclusive with -d.
   -bd, --biz-domain  Override x-business-domain (default: bd_public)
   -v, --verbose      Print request info to stderr
   --pretty           Pretty-print JSON output (default)`);
@@ -150,7 +191,22 @@ Options:
             : invocation.url;
         const headers = new Headers(invocation.headers);
         injectAuthHeaders(headers, token.accessToken, invocation.businessDomain);
-        if (invocation.body !== undefined &&
+        let requestBody = invocation.body;
+        if (invocation.formFields && invocation.formFields.length > 0) {
+            const form = new FormData();
+            for (const field of invocation.formFields) {
+                if (field.kind === "string") {
+                    form.append(field.name, field.value);
+                }
+                else {
+                    const buf = await readFile(field.path);
+                    form.append(field.name, new Blob([buf]), basename(field.path));
+                }
+            }
+            requestBody = form;
+            // do not set content-type — fetch sets multipart boundary
+        }
+        else if (invocation.body !== undefined &&
             invocation.body.length > 0 &&
             !headers.has("content-type") &&
             !headers.has("Content-Type")) {
@@ -164,7 +220,7 @@ Options:
         const response = await fetch(url, {
             method: invocation.method,
             headers,
-            body: invocation.body,
+            body: requestBody,
         });
         const rawText = await response.text();
         const text = stripSseDoneMarker(rawText, response.headers.get("content-type"));

package/dist/commands/config.js

@@ -1,5 +1,14 @@
 import { listBusinessDomains } from "../api/business-domains.js";
-import { withTokenRetry } from "../auth/oauth.js";
+import { normalizeBaseUrl, withTokenRetry } from "../auth/oauth.js";
+// Resolve platform URL: saved current platform > KWEAVER_BASE_URL (normalized to
+// match what `auth login` writes, so env users share the same platforms/<key>/ dir).
+function resolvePlatformUrl() {
+    const saved = getCurrentPlatform();
+    if (saved)
+        return saved;
+    const env = process.env.KWEAVER_BASE_URL?.trim();
+    return env ? normalizeBaseUrl(env) : undefined;
+}
 import { getCurrentPlatform, loadPlatformBusinessDomain, resolveBusinessDomain, savePlatformBusinessDomain, } from "../config/store.js";
 const HELP = `kweaver config
 
@@ -20,9 +29,9 @@ export async function runConfigCommand(args) {
         return 0;
     }
     if (sub === "show") {
-        const platform = getCurrentPlatform();
+        const platform = resolvePlatformUrl();
         if (!platform) {
-            console.error("No active platform. Run `kweaver auth login <url>` first.");
+            console.error("No active platform. Run `kweaver auth login <url>` first.\n  Tip: set KWEAVER_BASE_URL to use this command without a saved login.");
             return 1;
         }
         const bd = resolveBusinessDomain(platform);
@@ -31,7 +40,8 @@ export async function runConfigCommand(args) {
             : loadPlatformBusinessDomain(platform)
                 ? "config"
                 : "default";
-        console.log(`Platform:        ${platform}`);
+        const platformSource = getCurrentPlatform() ? "" : " (KWEAVER_BASE_URL)";
+        console.log(`Platform:        ${platform}${platformSource}`);
         console.log(`Business Domain: ${bd} (${source})`);
         return 0;
     }
@@ -41,19 +51,19 @@ export async function runConfigCommand(args) {
             console.error("Usage: kweaver config set-bd <value>");
             return 1;
         }
-        const platform = getCurrentPlatform();
+        const platform = resolvePlatformUrl();
         if (!platform) {
-            console.error("No active platform. Run `kweaver auth login <url>` first.");
+            console.error("No active platform. Run `kweaver auth login <url>` first.\n  Tip: set KWEAVER_BASE_URL to write the business domain for that platform.");
             return 1;
         }
         savePlatformBusinessDomain(platform, value);
-        console.log(`Business domain set to: ${value}`);
+        console.log(`Business domain set to: ${value} (${getCurrentPlatform() ? platform : `${platform} via KWEAVER_BASE_URL`})`);
         return 0;
     }
     if (sub === "list-bd") {
-        const platform = getCurrentPlatform();
+        const platform = resolvePlatformUrl();
         if (!platform) {
-            console.error("No active platform. Run `kweaver auth login <url>` first.");
+            console.error("No active platform. Run `kweaver auth login <url>` first.\n  Tip: set KWEAVER_BASE_URL and KWEAVER_TOKEN to use this command without a saved login.");
             return 1;
         }
         try {

package/dist/commands/context-loader.js

@@ -281,20 +281,26 @@ async function runGetPrompt(options, args, pretty) {
 async function runKnSearch(options, args, pretty) {
     let query;
     let onlySchema = false;
+    let knIdOverride;
     for (let i = 0; i < args.length; i += 1) {
         const arg = args[i];
         if (arg === "--only-schema") {
             onlySchema = true;
         }
+        else if ((arg === "--kn-id" || arg === "-k") && args[i + 1]) {
+            knIdOverride = args[i + 1];
+            i += 1;
+        }
         else if (!arg.startsWith("-") && !query) {
             query = arg;
         }
     }
     if (!query) {
-        console.error("Usage: kweaver context-loader kn-search <query> [--only-schema]");
+        console.error("Usage: kweaver context-loader kn-search <query> [--kn-id <id>] [--only-schema]");
         return 1;
     }
-    const result = await knSearch(options, { query, only_schema: onlySchema });
+    const effectiveOptions = knIdOverride ? { ...options, knId: knIdOverride } : options;
+    const result = await knSearch(effectiveOptions, { query, only_schema: onlySchema });
     console.log(formatOutput(result, pretty));
     return 0;
 }

package/dist/commands/ds.d.ts

@@ -17,6 +17,7 @@ export declare function resolveFiles(pattern: string): Promise<string[]>;
 export interface ImportCsvResult {
     code: number;
     tables: string[];
+    failed: string[];
     tableColumns: Record<string, string[]>;
     sampleRows: Record<string, Array<Record<string, string | null>>>;
 }

package/dist/commands/ds.js

@@ -384,17 +384,17 @@ export async function runDsImportCsv(args) {
     catch (error) {
         if (error instanceof Error && error.message === "help") {
             console.log(IMPORT_CSV_HELP);
-            return { code: 0, tables: [], tableColumns: {}, sampleRows: {} };
+            return { code: 0, tables: [], failed: [], tableColumns: {}, sampleRows: {} };
         }
         throw error;
     }
     if (!options.datasourceId) {
         console.error("Usage: kweaver ds import-csv <ds-id> --files <glob_or_list> [options]");
-        return { code: 1, tables: [], tableColumns: {}, sampleRows: {} };
+        return { code: 1, tables: [], failed: [], tableColumns: {}, sampleRows: {} };
     }
     if (!options.files) {
         console.error("Error: --files is required");
-        return { code: 1, tables: [], tableColumns: {}, sampleRows: {} };
+        return { code: 1, tables: [], failed: [], tableColumns: {}, sampleRows: {} };
     }
     // 1. Get credentials
     const token = await ensureValidToken();
@@ -429,7 +429,7 @@ export async function runDsImportCsv(args) {
     }
     if (parsed.length === 0) {
         console.error("All files were skipped — nothing to import");
-        return { code: 1, tables: [], tableColumns: {}, sampleRows: {} };
+        return { code: 1, tables: [], failed: [], tableColumns: {}, sampleRows: {} };
     }
     // Phase 2: Import each file in batches
     const succeeded = [];
@@ -466,7 +466,7 @@ export async function runDsImportCsv(args) {
                 process.stderr.write(`${elapsed}s\n`);
             }
             catch (err) {
-                const msg = err instanceof Error ? err.message : String(err);
+                const msg = formatHttpError(err);
                 process.stderr.write(`FAILED\n`);
                 console.error(`[${tableName}] batch ${batchLabel} error: ${msg}`);
                 batchFailed = true;
@@ -487,14 +487,14 @@ export async function runDsImportCsv(args) {
     if (failed.length > 0) {
         console.error(`Failed tables: ${failed.join(", ")}`);
     }
-    console.log(JSON.stringify({
-        tables: succeeded,
-        failed,
-        summary: { succeeded: succeeded.length, failed: failed.length },
-    }, null, 2));
-    return { code: failed.length > 0 ? 1 : 0, tables: succeeded, tableColumns, sampleRows };
+    return { code: failed.length > 0 ? 1 : 0, tables: succeeded, failed, tableColumns, sampleRows };
 }
 export async function runDsImportCsvCommand(args) {
     const result = await runDsImportCsv(args);
+    console.log(JSON.stringify({
+        tables: result.tables,
+        failed: result.failed,
+        summary: { succeeded: result.tables.length, failed: result.failed.length },
+    }, null, 2));
     return result.code;
 }