@openbkn/bkn-sdk 0.1.1-alpha.2 → 0.1.1-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/{chunk-5MOIXIMJ.js → chunk-APJNRHLS.js} +27 -5
  2. package/dist/chunk-APJNRHLS.js.map +1 -0
  3. package/dist/cli.js +69 -31
  4. package/dist/cli.js.map +1 -1
  5. package/dist/index.d.ts +11 -1
  6. package/dist/index.js +1 -1
  7. package/package.json +2 -1
  8. package/dist/chunk-5MOIXIMJ.js.map +0 -1
package/dist/cli.js CHANGED
@@ -6,6 +6,7 @@ import {
6
6
  HttpError,
7
7
  InputError,
8
8
  activePlatform,
9
+ attachNoAuth,
9
10
  attachToken,
10
11
  createClient,
11
12
  credentialDeviceLogin,
@@ -14,6 +15,7 @@ import {
14
15
  deletePlatform,
15
16
  deviceLogin,
16
17
  exportCreds,
18
+ fetchAuthStatus,
17
19
  formatError,
18
20
  getUserSafe,
19
21
  listPlatforms,
@@ -33,7 +35,7 @@ import {
33
35
  use,
34
36
  whoami,
35
37
  writePlatformConfig
36
- } from "./chunk-5MOIXIMJ.js";
38
+ } from "./chunk-APJNRHLS.js";
37
39
 
38
40
  // src/cli.ts
39
41
  import { Command as Command16 } from "commander";
@@ -41,7 +43,7 @@ import { Command as Command16 } from "commander";
41
43
  // package.json
42
44
  var package_default = {
43
45
  name: "@openbkn/bkn-sdk",
44
- version: "0.1.1-alpha.2",
46
+ version: "0.1.1-alpha.4",
45
47
  description: "Unified TypeScript SDK + CLI for the BKN (Business Knowledge Network) platform.",
46
48
  type: "module",
47
49
  license: "Apache-2.0",
@@ -81,6 +83,7 @@ var package_default = {
81
83
  },
82
84
  dependencies: {
83
85
  "@clack/prompts": "^0.9.1",
86
+ "@openbkn/bkn-sdk": "^0.1.1-alpha.3",
84
87
  chalk: "^5.4.1",
85
88
  commander: "^13.1.0",
86
89
  "csv-parse": "^6.2.1",
@@ -400,13 +403,16 @@ function registerAuthLeaves(cmd) {
400
403
  "device-login wait before timing out",
401
404
  (v) => Number.parseInt(v, 10),
402
405
  120
403
- ).option("--no-browser", "(legacy) print the URL instead of opening a browser").option("--product <name>", "(legacy) ISF OAuth product query").option("--signin-public-key-file <path>", "(legacy) RSA public key for ISF /oauth2/signin").action(async (url, opts, cmd2) => {
406
+ ).option("--no-browser", "(legacy) print the URL instead of opening a browser").option("--product <name>", "(legacy) ISF OAuth product query").option("--signin-public-key-file <path>", "(legacy) RSA public key for ISF /oauth2/signin").option("--no-auth", "register the platform with no authentication (no bkn-safe)").action(async (url, opts, cmd2) => {
404
407
  const g = cmd2.optsWithGlobals();
405
408
  if (g.insecure) process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
406
409
  const out = outputOptions(cmd2);
407
410
  const report = (r) => {
408
411
  if (out.json || out.compact) {
409
412
  printJson({ loggedIn: true, ...r }, out);
413
+ } else if (r.noAuth) {
414
+ process.stdout.write(`Registered ${r.baseUrl ?? url} (no authentication)
415
+ `);
410
416
  } else {
411
417
  process.stdout.write(`Logged in to ${r.baseUrl ?? url} as ${r.username ?? r.userId}
412
418
  `);
@@ -417,36 +423,58 @@ function registerAuthLeaves(cmd) {
417
423
  report(attachToken(url, token, { insecure: g.insecure }));
418
424
  return;
419
425
  }
426
+ if (opts.auth === false) {
427
+ report(attachNoAuth(url, { insecure: g.insecure }));
428
+ return;
429
+ }
430
+ const authStatus = await fetchAuthStatus(url);
431
+ if (authStatus && !authStatus.enabled) {
432
+ process.stderr.write(
433
+ `Platform auth is disabled (stack: ${authStatus.stack ?? "none"}) \u2014 registering without auth.
434
+ `
435
+ );
436
+ report(attachNoAuth(url, { insecure: g.insecure }));
437
+ return;
438
+ }
420
439
  let tokens;
421
440
  let account;
422
- if (opts.username || opts.password) {
423
- const username = opts.username ?? await promptLine("Username: ");
424
- account = username;
425
- const password = opts.password ?? await promptLine("Password: ", true);
426
- tokens = await credentialDeviceLogin(url, username, password, {
427
- clientId: opts.clientId,
428
- audience: opts.audience,
429
- timeoutMs: opts.timeout * 1e3
430
- });
431
- } else {
432
- const openInBrowser = !opts.device && opts.browser !== false;
433
- tokens = await deviceLogin(url, {
434
- clientId: opts.clientId,
435
- audience: opts.audience,
436
- timeoutMs: opts.timeout * 1e3,
437
- onPrompt: ({ userCode, verificationUri, verificationUriComplete }) => {
438
- const target = verificationUriComplete ?? verificationUri;
439
- process.stderr.write(
440
- `
441
+ try {
442
+ if (opts.username || opts.password) {
443
+ const username = opts.username ?? await promptLine("Username: ");
444
+ account = username;
445
+ const password = opts.password ?? await promptLine("Password: ", true);
446
+ tokens = await credentialDeviceLogin(url, username, password, {
447
+ clientId: opts.clientId,
448
+ audience: opts.audience,
449
+ timeoutMs: opts.timeout * 1e3
450
+ });
451
+ } else {
452
+ const openInBrowser = !opts.device && opts.browser !== false;
453
+ tokens = await deviceLogin(url, {
454
+ clientId: opts.clientId,
455
+ audience: opts.audience,
456
+ timeoutMs: opts.timeout * 1e3,
457
+ onPrompt: ({ userCode, verificationUri, verificationUriComplete }) => {
458
+ const target = verificationUriComplete ?? verificationUri;
459
+ process.stderr.write(
460
+ `
441
461
  Open this URL to sign in and authorize:
442
462
  ${target}
443
463
  User code: ${userCode}
444
464
  `
445
- );
446
- if (openInBrowser) openBrowser(target);
447
- process.stderr.write("Waiting for authorization\u2026\n");
448
- }
449
- });
465
+ );
466
+ if (openInBrowser) openBrowser(target);
467
+ process.stderr.write("Waiting for authorization\u2026\n");
468
+ }
469
+ });
470
+ }
471
+ } catch (e) {
472
+ if (e instanceof Error && /Device auth failed \(404\)/.test(e.message)) {
473
+ process.stderr.write("No auth endpoint found \u2014 registering platform without auth.\n");
474
+ report(attachNoAuth(url, { insecure: g.insecure }));
475
+ return;
476
+ }
477
+ throw e;
450
478
  }
451
479
  if (!account) {
452
480
  account = await resolveAccount(
@@ -548,6 +576,7 @@ function authCommand() {
548
576
 
549
577
  // src/commands/admin.ts
550
578
  var int = (v) => Number.parseInt(v, 10);
579
+ var DEFAULT_RESET_PASSWORD = "openbkn";
551
580
  function adminCommand() {
552
581
  const admin = new Command2("admin").description(
553
582
  "Operator CLI (kweaver-admin): org, user, role, models, audit"
@@ -680,12 +709,21 @@ function adminCommand() {
680
709
  user.command("delete <id>").description("Delete a user").action(async (id, _opts, cmd) => {
681
710
  printJson(await clientFrom(cmd).admin.userDelete(id), outputOptions(cmd));
682
711
  });
683
- user.command("reset-password [id]").description("Reset a user's password (RSA-encrypted in transit)").option("--id <userId>", "explicit user UUID (alt to the positional id)").option("--user <account>", "resolve the user by account / login name").option("--password <s>", "the new password").option("--new-password <s>", "the new password (alias of --password)").option("--prompt-password", "prompt for the new password interactively").option("-y, --yes", "skip confirmation").action(async (id, opts, cmd) => {
712
+ user.command("reset-password [id]").description("Reset a user's password (defaults to the platform initial password)").option("--id <userId>", "explicit user UUID (alt to the positional id)").option("--user <account>", "resolve the user by account / login name").option("--password <s>", "the new password (default: platform initial 'openbkn')").option("--new-password <s>", "the new password (alias of --password)").option("-y, --yes", "skip confirmation").action(async (id, opts, cmd) => {
684
713
  const userId = id ?? opts.id ?? opts.user;
685
- const pwd = opts.password ?? opts.newPassword;
686
714
  if (!userId) throw new Error("Provide a user id (positional or --id).");
687
- if (!pwd) throw new Error("Provide --password / --new-password.");
688
- printJson(await clientFrom(cmd).admin.userResetPassword(userId, pwd), outputOptions(cmd));
715
+ const pwd = opts.password ?? opts.newPassword ?? DEFAULT_RESET_PASSWORD;
716
+ const r = await clientFrom(cmd).admin.userResetPassword(userId, pwd);
717
+ const out = outputOptions(cmd);
718
+ if (out.json || out.compact) printJson(r, out);
719
+ else if (opts.password || opts.newPassword)
720
+ process.stdout.write(`Password reset for ${userId}.
721
+ `);
722
+ else
723
+ process.stdout.write(
724
+ `Password reset for ${userId} to the initial password '${DEFAULT_RESET_PASSWORD}' (must change on next login).
725
+ `
726
+ );
689
727
  });
690
728
  const role = admin.command("role").description("Role management");
691
729
  role.command("list").description("List roles").option("--keyword <s>", "filter by keyword").option("--limit <n>", "page size", int, 100).option("--offset <n>", "page offset", int, 0).option("--source <s>", "role source filter (business | user)").action(async (opts, cmd) => {