harper-knowledge 0.1.0 → 0.1.2

package/dist/core/embeddings.d.ts

@@ -7,13 +7,14 @@
  */
 /**
  * Initialize the embedding model.
- * Downloads the model to ~/hdb/models/ if not present.
+ * Downloads the model to the given directory if not present.
  * Uses file-based locking so only one thread downloads.
  *
- * @param config - Plugin configuration with embeddingModel name
+ * @param config - Plugin configuration with embeddingModel name and componentDir
  */
 export declare function initEmbeddingModel(config: {
     embeddingModel: string;
+    componentDir: string;
 }): Promise<void>;
 /**
  * Generate an embedding vector for the given text.

package/dist/core/embeddings.js

@@ -8,7 +8,6 @@
 import { writeFile, readFile, unlink, mkdir } from "node:fs/promises";
 import { existsSync } from "node:fs";
 import path from "node:path";
-import os from "node:os";
 // Module-level state for the loaded model and context
 let llama = null;
 let embeddingModel = null;
@@ -24,17 +23,13 @@ const MODEL_CONFIGS = {
         file: "nomic-embed-text-v2-moe.Q4_K_M.gguf",
     },
 };
-/**
- * Get the directory where models are stored.
- */
-function getModelsDir() {
-    return path.join(os.homedir(), "hdb", "models");
-}
+// Module-level models directory, set during initEmbeddingModel
+let modelsDir = null;
 /**
  * Get the lock file path for download synchronization.
  */
 function getLockFilePath(modelName) {
-    return path.join(getModelsDir(), `${modelName}.lock`);
+    return path.join(modelsDir, `${modelName}.lock`);
 }
 /**
  * Get the model URI for node-llama-cpp downloads.
@@ -107,16 +102,16 @@ async function waitForDownload(modelName, modelPath) {
  */
 async function downloadModelIfNeeded(modelName) {
     const modelUri = getModelUri(modelName);
-    const modelsDir = getModelsDir();
+    const dir = modelsDir;
     // Ensure models directory exists
-    await mkdir(modelsDir, { recursive: true });
+    await mkdir(dir, { recursive: true });
     // Use node-llama-cpp to resolve the actual file path and download if needed.
     // node-llama-cpp prefixes filenames (e.g., hf_nomic-ai_<file>.gguf),
     // so we use its entrypointFilePath rather than guessing the name.
     const { createModelDownloader } = (await import("node-llama-cpp"));
     const downloader = await createModelDownloader({
         modelUri,
-        dirPath: modelsDir,
+        dirPath: dir,
         skipExisting: true,
     });
     const modelPath = downloader.entrypointFilePath;
@@ -144,13 +139,14 @@ async function downloadModelIfNeeded(modelName) {
 }
 /**
  * Initialize the embedding model.
- * Downloads the model to ~/hdb/models/ if not present.
+ * Downloads the model to the given directory if not present.
  * Uses file-based locking so only one thread downloads.
  *
- * @param config - Plugin configuration with embeddingModel name
+ * @param config - Plugin configuration with embeddingModel name and componentDir
  */
 export async function initEmbeddingModel(config) {
     const modelName = config.embeddingModel || "nomic-embed-text";
+    modelsDir = path.join(config.componentDir, "models");
     if (embeddingModel) {
         logger?.debug?.("Embedding model already initialized");
         return;

package/dist/index.js

@@ -14,6 +14,7 @@ import { TagResource } from "./resources/TagResource.js";
 import { QueryLogResource } from "./resources/QueryLogResource.js";
 import { ServiceKeyResource } from "./resources/ServiceKeyResource.js";
 import { HistoryResource } from "./resources/HistoryResource.js";
+import { MeResource } from "./resources/MeResource.js";
 import { createMcpMiddleware } from "./mcp/server.js";
 import { createWebhookMiddleware } from "./webhooks/middleware.js";
 import { createOAuthMiddleware } from "./oauth/middleware.js";
@@ -38,7 +39,7 @@ export async function handleApplication(scope) {
     // Don't await — the download can take minutes and would exceed Harper's
     // 30-second handleApplication timeout. Semantic search degrades gracefully
     // to keyword-only mode until the model is ready.
-    initEmbeddingModel({ embeddingModel }).then(() => scopeLogger?.info?.(`Embedding model "${embeddingModel}" loaded`), (error) => scopeLogger?.error?.("Failed to initialize embedding model — semantic search will be unavailable:", error.message));
+    initEmbeddingModel({ embeddingModel, componentDir: scope.directory }).then(() => scopeLogger?.info?.(`Embedding model "${embeddingModel}" loaded`), (error) => scopeLogger?.error?.("Failed to initialize embedding model — semantic search will be unavailable:", error.message));
     // Initialize OAuth signing keys (generates RSA key pair on first run)
     try {
         await ensureSigningKey();
@@ -53,6 +54,7 @@ export async function handleApplication(scope) {
     scope.resources.set("QueryLog", QueryLogResource);
     scope.resources.set("ServiceKey", ServiceKeyResource);
     scope.resources.set("History", HistoryResource);
+    scope.resources.set("me", MeResource);
     // Register OAuth endpoints (must be first — handles /.well-known/*, /oauth/*)
     scope.server.http?.(createOAuthMiddleware());
     // Register webhook intake middleware (before MCP so /webhooks/* is handled first)

package/dist/oauth/authorize.d.ts

@@ -1,7 +1,7 @@
 /**
  * OAuth Authorization Endpoint
  *
- * GET /oauth/authorize — MCP OAuth 2.1 authorization endpoint.
+ * GET /mcp-auth/authorize — MCP OAuth 2.1 authorization endpoint.
  *
  * Shows a login page with GitHub as the primary auth method and a
  * subtle link to fall back to Harper credentials. If the user has an
@@ -13,7 +13,7 @@
  */
 import type { HarperRequest } from "../types.ts";
 /**
- * Handle GET /oauth/authorize
+ * Handle GET /mcp-auth/authorize
  *
  * Three modes:
  * 1. Returning from GitHub login (`pending` param) — complete authorization.
@@ -22,6 +22,6 @@ import type { HarperRequest } from "../types.ts";
  */
 export declare function handleAuthorizeGet(request: HarperRequest): Promise<Response>;
 /**
- * Handle POST /oauth/authorize — Harper credential login.
+ * Handle POST /mcp-auth/authorize — Harper credential login.
  */
 export declare function handleAuthorizePost(request: HarperRequest): Promise<Response>;

package/dist/oauth/authorize.js

@@ -1,7 +1,7 @@
 /**
  * OAuth Authorization Endpoint
  *
- * GET /oauth/authorize — MCP OAuth 2.1 authorization endpoint.
+ * GET /mcp-auth/authorize — MCP OAuth 2.1 authorization endpoint.
  *
  * Shows a login page with GitHub as the primary auth method and a
  * subtle link to fall back to Harper credentials. If the user has an
@@ -15,7 +15,7 @@ import crypto from "node:crypto";
 import { readBody, parseFormBody } from "../http-utils.js";
 import { checkOrgMembership } from "./github.js";
 /**
- * Handle GET /oauth/authorize
+ * Handle GET /mcp-auth/authorize
  *
  * Three modes:
  * 1. Returning from GitHub login (`pending` param) — complete authorization.
@@ -44,7 +44,7 @@ export async function handleAuthorizeGet(request) {
     return loginPage(params);
 }
 /**
- * Handle POST /oauth/authorize — Harper credential login.
+ * Handle POST /mcp-auth/authorize — Harper credential login.
  */
 export async function handleAuthorizePost(request) {
     let form;
@@ -266,7 +266,7 @@ async function buildGitHubLoginUrl(params) {
         redirectUri: params.redirect_uri,
         type: "pending",
     });
-    const returnPath = `/oauth/authorize?pending=${pendingId}`;
+    const returnPath = `/mcp-auth/authorize?pending=${pendingId}`;
     return `/oauth/github/login?redirect=${encodeURIComponent(returnPath)}`;
 }
 /**
@@ -361,7 +361,7 @@ async function loginPage(params, errorMsg) {
   <button type="button" class="cred-toggle" onclick="document.querySelector('.cred-form').classList.toggle('visible');this.style.display='none'">
     Sign in with Harper credentials
   </button>
-  <form method="POST" action="/oauth/authorize" class="cred-form${errorMsg ? " visible" : ""}">
+  <form method="POST" action="/mcp-auth/authorize" class="cred-form${errorMsg ? " visible" : ""}">
     <input type="hidden" name="client_id" value="${escapeAttr(params.client_id)}">
     <input type="hidden" name="redirect_uri" value="${escapeAttr(params.redirect_uri)}">
     <input type="hidden" name="response_type" value="${escapeAttr(params.response_type)}">

package/dist/oauth/metadata.js

@@ -32,10 +32,10 @@ export function handleAuthServerMetadata(request) {
     const baseUrl = getBaseUrl(request);
     return jsonResponse(200, {
         issuer: baseUrl,
-        authorization_endpoint: `${baseUrl}/oauth/authorize`,
-        token_endpoint: `${baseUrl}/oauth/token`,
-        registration_endpoint: `${baseUrl}/oauth/register`,
-        jwks_uri: `${baseUrl}/oauth/jwks`,
+        authorization_endpoint: `${baseUrl}/mcp-auth/authorize`,
+        token_endpoint: `${baseUrl}/mcp-auth/token`,
+        registration_endpoint: `${baseUrl}/mcp-auth/register`,
+        jwks_uri: `${baseUrl}/mcp-auth/jwks`,
         scopes_supported: SCOPES,
         response_types_supported: ["code"],
         grant_types_supported: ["authorization_code", "refresh_token"],

package/dist/oauth/middleware.d.ts

@@ -4,14 +4,14 @@
  * Route dispatcher for all OAuth endpoints. Registered via
  * scope.server.http() before the MCP and webhook middlewares.
  *
- * Routes:
+ * Routes (MCP OAuth 2.1 — separate from @harperfast/oauth's /oauth/* Resource):
  *   GET  /.well-known/oauth-protected-resource   → metadata
  *   GET  /.well-known/oauth-authorization-server  → metadata
- *   POST /oauth/register                          → DCR
- *   GET  /oauth/authorize                         → login page
- *   POST /oauth/authorize                         → credential validation + redirect
- *   POST /oauth/token                             → code exchange / refresh
- *   GET  /oauth/jwks                              → public key set
+ *   POST /mcp-auth/register                       → DCR
+ *   GET  /mcp-auth/authorize                      → login page
+ *   POST /mcp-auth/authorize                      → credential validation + redirect
+ *   POST /mcp-auth/token                          → code exchange / refresh
+ *   GET  /mcp-auth/jwks                           → public key set
  */
 import type { HarperRequest } from "../types.ts";
 type MiddlewareFn = (request: HarperRequest, next: (req: HarperRequest) => Promise<unknown>) => Promise<unknown>;

package/dist/oauth/middleware.js

@@ -4,14 +4,14 @@
  * Route dispatcher for all OAuth endpoints. Registered via
  * scope.server.http() before the MCP and webhook middlewares.
  *
- * Routes:
+ * Routes (MCP OAuth 2.1 — separate from @harperfast/oauth's /oauth/* Resource):
  *   GET  /.well-known/oauth-protected-resource   → metadata
  *   GET  /.well-known/oauth-authorization-server  → metadata
- *   POST /oauth/register                          → DCR
- *   GET  /oauth/authorize                         → login page
- *   POST /oauth/authorize                         → credential validation + redirect
- *   POST /oauth/token                             → code exchange / refresh
- *   GET  /oauth/jwks                              → public key set
+ *   POST /mcp-auth/register                       → DCR
+ *   GET  /mcp-auth/authorize                      → login page
+ *   POST /mcp-auth/authorize                      → credential validation + redirect
+ *   POST /mcp-auth/token                          → code exchange / refresh
+ *   GET  /mcp-auth/jwks                           → public key set
  */
 import { handleProtectedResourceMetadata, handleAuthServerMetadata, } from "./metadata.js";
 import { handleRegister } from "./register.js";
@@ -34,11 +34,12 @@ export function createOAuthMiddleware() {
             method === "GET") {
             return handleAuthServerMetadata(request);
         }
-        // OAuth endpoints
-        if (pathname === "/oauth/register" && method === "POST") {
+        // MCP OAuth endpoints (under /mcp-auth/ to avoid conflict with
+        // @harperfast/oauth's OAuthResource which owns the /oauth/* path)
+        if (pathname === "/mcp-auth/register" && method === "POST") {
             return handleRegister(request);
         }
-        if (pathname === "/oauth/authorize") {
+        if (pathname === "/mcp-auth/authorize") {
             if (method === "GET") {
                 return handleAuthorizeGet(request);
             }
@@ -46,10 +47,10 @@ export function createOAuthMiddleware() {
                 return handleAuthorizePost(request);
             }
         }
-        if (pathname === "/oauth/token" && method === "POST") {
+        if (pathname === "/mcp-auth/token" && method === "POST") {
             return handleToken(request);
         }
-        if (pathname === "/oauth/jwks" && method === "GET") {
+        if (pathname === "/mcp-auth/jwks" && method === "GET") {
             return new Response(JSON.stringify(await getJwks()), {
                 status: 200,
                 headers: {
@@ -58,7 +59,7 @@ export function createOAuthMiddleware() {
                 },
             });
         }
-        // Not an OAuth route — pass through
+        // Not a handled route — pass through
         return next(request);
     };
 }

package/dist/resources/MeResource.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Me Resource
+ *
+ * Public endpoint that returns the current user's session info.
+ * Reads from the Harper session cookie — no extra state tracked.
+ *
+ * Routes:
+ *   GET /me — returns current authenticated user or { authenticated: false }
+ */
+declare const MeResource_base: any;
+export declare class MeResource extends MeResource_base {
+    static loadAsInstance: boolean;
+    get(): {
+        authenticated: boolean;
+        username: any;
+        name: any;
+        provider: any;
+    } | {
+        authenticated: boolean;
+        username: any;
+        provider: string;
+        name?: undefined;
+    } | {
+        authenticated: boolean;
+        username?: undefined;
+        name?: undefined;
+        provider?: undefined;
+    };
+}
+export {};

package/dist/resources/MeResource.js

@@ -0,0 +1,39 @@
+/**
+ * Me Resource
+ *
+ * Public endpoint that returns the current user's session info.
+ * Reads from the Harper session cookie — no extra state tracked.
+ *
+ * Routes:
+ *   GET /me — returns current authenticated user or { authenticated: false }
+ */
+function getResourceClass() {
+    return globalThis.Resource;
+}
+export class MeResource extends getResourceClass() {
+    static loadAsInstance = false;
+    get() {
+        const context = this.getContext();
+        // Check for OAuth session (via @harperfast/oauth)
+        const oauthUser = context?.session?.oauthUser;
+        if (oauthUser) {
+            return {
+                authenticated: true,
+                username: oauthUser.username,
+                name: oauthUser.name,
+                provider: oauthUser.provider,
+            };
+        }
+        // Check for Harper user (Basic auth or session-based)
+        const user = context?.user;
+        if (user) {
+            const username = typeof user === "string" ? user : user.username || user.id;
+            return {
+                authenticated: true,
+                username,
+                provider: "harper",
+            };
+        }
+        return { authenticated: false };
+    }
+}

package/dist/types.d.ts

@@ -266,6 +266,7 @@ export interface Table {
  * Harper Scope passed to handleApplication for sub-component plugins.
  */
 export interface Scope {
+    directory: string;
     logger: Logger;
     resources: {
         set(name: string, resource: unknown): void;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "harper-knowledge",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Knowledge base plugin for Harper with MCP server integration",
   "type": "module",
   "main": "dist/index.js",

package/web/js/app.js

@@ -104,20 +104,20 @@ const auth = {
   authenticated: false,
 
   async check() {
-    // Check for GitHub session via @harperfast/oauth
+    // Check session via /me endpoint (reads Harper session cookie)
     try {
-      const res = await fetch("/oauth/github/user");
+      const res = await fetch("/me");
       if (res.ok) {
         const data = await res.json();
-        if (data && (data.username || data.login)) {
-          this.user = data.username || data.login;
+        if (data?.authenticated) {
+          this.user = data.username;
           this.authenticated = true;
           updateAuthUI();
           return true;
         }
       }
     } catch {
-      // No GitHub session or endpoint unavailable
+      // Endpoint unavailable
     }
 
     // Check for stored Harper credentials (Basic auth)