mirror of
https://github.com/Tencent/WeKnora.git
synced 2026-06-04 13:30:32 +08:00
2ee9741fa1
Post-review polish on the v0.7 wire / surface contract. Bundles five
follow-ups that landed after the main BREAKING feat commit:
1. Complete context→profile cascade (internal API + YAML schema)
The prior commit renamed only the user-visible surface (commands /
flags / env / project link / envelope field). The internal Go API
and on-disk config schema were still half-renamed — an L-25
self-consistency violation flagged by post-merge review. Closed here:
Internal Go API:
- config.Context → config.Profile
- config.Config.CurrentContext → CurrentProfile
- config.Config.Contexts → Profiles
- LoginOptions.Context → LoginOptions.Profile
- clearContextSecrets() → clearProfileSecrets()
- saveContextRef() → saveProfileRef()
- secrets.Store: param name `context` → `profile` (interface +
FileStore + KeyringStore + MemStore)
- cmdutil.LoadSecret(store, context, key) → LoadSecret(store, profile, key)
- cmdutil.RefreshAndPersist's ctxName → profileName
- Local var `ctx := &config.Profile{...}` → `prof := &config.Profile{...}`
in auth/login.go to eliminate the visual collision with Go stdlib
context.Context that motivated the whole rename in the first place.
On-disk config.yaml schema:
- current_context: → current_profile:
- contexts: → profiles:
- Pre-1.0 break, no compat alias. Users on v0.6 dogfooded configs
must delete ~/.config/weknora/config.yaml or hand-rename the two
keys (CHANGELOG migration note added).
Tests / fixtures / golden files:
- factory_test.go YAML fixture + assertion updated.
- acceptance/e2e/e2e_test.go writeContextYAML → writeProfileYAML,
fixture YAML keys updated.
- acceptance/testdata/wire/doctor.error_network.json golden updated
("active context" → "active profile" in hint string).
User-visible prose sweep:
- cmd/mcp/serve.go --help Long: "active context (or --context)" →
"active profile (or --profile)" — most-visible miss.
- cmd/{kb/list, search/kb, session/list, api/api} Short/Long help.
- cmd/auth/login.go stdout: `(context=%s)` → `(profile=%s)`.
- cmd/auth/logout.go error: `"no current context"` → `"no current profile"`.
- cmd/doctor/doctor.go hint string (also the wire golden above).
- cmd/auth/refresh.go error: `"refresh token missing for context"` →
`"refresh token missing for profile"`.
- README.md: `## Multi-context` H2 → `## Multi-profile`; code-block
comment `# current context` → `# current profile`.
Code-comment / docstring sweep across cli/cmd/auth/ and
cli/internal/cmdutil/. Comments referencing Go stdlib context.Context,
the RAG / LLM "context window" concept, and historical CHANGELOG
entries for v0.4 / v0.5 were left alone.
CHANGELOG v0.7 BREAKING entry gains the on-disk-schema bullet under
the existing "context → profile" item.
2. Profile name validation (shell-injection guard)
`envelope.error.retry_command` is a single shell-string field. An
AI agent that exec()s it via `sh -c <retry_command>` was injectable
through a maliciously-named profile:
weknora auth logout --name 'x; rm -rf ~'
# would produce: retry_command = "weknora auth logout --name x; rm -rf ~ -y"
`cmd/profile/add.go` already enforced an alphanumeric + `-_.`
allowlist via `validateName`. The `auth login` and `auth logout`
paths bypassed it.
- Moved validation from `cmd/profile/add.go` to
`cli/internal/cmdutil/profilename.go` as exported
`ValidateProfileName` (cmdutil is the import-cycle-safe home;
internal/config can't depend on cmdutil).
- `auth login` runs the validator before any persist call.
- `auth logout` runs the validator on `opts.Name` before
constructing `retry_command`.
- Unit tests (`profilename_test.go`) cover the allowlist, empty
rejection, path-traversal, shell metacharacters (`;`, `&`, `|`,
`$()`, backticks, quotes, whitespace, glob, redirects), and the
user-facing hint text. The shell-metachar test exists as a
regression guard.
Wire shape (`retry_command` string → `retry_command_argv []string`)
remains a v0.8 additive change per ROADMAP — this fix removes the
practical exploit path without touching the wire contract.
3. AI-agent terminology disambiguation
"agent" has three referents in this codebase: (a) WeKnora's
server-side Custom Agent resource, (b) the removed `agent invoke`
verb, (c) external LLM/automation consumers. Per project memory
feedback_no_meta_disambiguation_in_docs, the fix is full-term
naming, not "X has N meanings" prose. Surgical changes at section
headers + ambiguous prose:
- AGENTS.md: "Agent decision shortcuts" → "AI agent decision
shortcuts"; "agent-callable surface" → "AI-agent-callable
surface".
- README.md: "Designed to be agent-first" → "AI-agent-first";
"Other agent ergonomics" → "Other AI-agent ergonomics"; "in
agent contexts" → "in AI-agent contexts"; "for CI / agents" →
"for CI / AI agents".
Anaphoric "agents" inside paragraphs that already established
"AI agents" was left alone — full substitution everywhere would
have been prose noise without clarity gain.
4. Wire-contract review follow-ups
Real findings from a second-pass review of the v0.7 envelope /
streaming / surface design. Per project memory
feedback_check_in_domain_anchor_first, candidate findings were
first verified against the in-domain peer CLI explicitly cited as
the envelope anchor; two earlier-flagged issues turned out to be
in-pattern and were withdrawn.
Surviving fixes:
- AGENTS.md success-envelope example rewritten. The prior example
showed `has_more: false` / `_notice: {}` as if they were always
present, but both fields are `omitempty` and never serialize
when zero / nil. Replaced with three realistic shapes (list /
single resource / mutation with no payload) and added a note
that optional fields are omitted when empty.
- cmd/chat/chat.go Args: MinimumNArgs(1) → ExactArgs(1).
v0.6 silently joined `weknora chat hello world` into
`"hello world"`. v0.7 now rejects multi-arg with exit 2,
matching `weknora session ask`. BREAKING; CHANGELOG entry
added under v0.7 BREAKING.
- internal/output/envelope.go extracts NewEnvelope(data, meta,
profile) constructor. The jq-filter path in
cmdutil.FormatOptions.Emit was manually rebuilding the
envelope literal alongside the canonical WriteEnvelope path —
drift risk when fields are added. Single construction point now.
- internal/cmdutil/factory.go adds AddKBFlag(cmd) helper.
Five files (chat, doc/list, doc/upload, doc/create, doc/fetch)
had verbatim-identical `cmd.Flags().String("kb", ...)`
declarations. Centralised so flag name + help text stay
in sync with Factory.ResolveKB. Docstring reordering + gofmt
fixup landed in the same edit to keep ResolveKB's own godoc
attached to its function.
5. OSS-readiness comment / doc sweep
Pre-publication scrub of code, comments, and shipped Markdown to
remove references that only make sense in the development repo:
- AGENTS.md "Deliberate deviations + mainstream alignments"
section: removed peer-project name-drops from the comparison
table; rewrote as five flagged design decisions with rationale
but no specific competitor named. The four rows that previously
contrasted against a named peer CLI now state WeKnora's choice
+ rationale directly. Section header renamed to "Design
decisions worth flagging" since it is no longer a
deviation/alignment matrix.
- CHANGELOG v0.7 BREAKING rationales: three references to a
named peer CLI removed; the context→profile rationale now
cites only mainstream multi-credential CLIs by category (AWS /
Stripe / OpenAI / Anthropic), and the `api -d/--data` removal
rationale cites only `gh api` / `curl`. `chat` BREAKING entry
rationale similarly simplified.
- 35 cross-references to design-spec section numbers (§4.1 /
§4.5 / §5.3 etc.) removed from Go doc comments and test
comments across 13 files. The referenced spec lives outside
the shipped tree; readers of the public repo cannot resolve
them. Each reference replaced with a self-contained semantic
description (e.g. "the batch envelope" / "AGENTS.md section
on the success path").
- Mixed-language strings translated to English:
- Four Go comments: internal/cmdutil/exit.go:213,215,
internal/cmdutil/errors.go:156,
internal/output/batch_test.go:90,
internal/output/envelope_test.go:27.
- One CHANGELOG section title:
`v0.7 — Agent-first wire contract + 命令面集中清理` →
`... + command-surface cleanup`.
- CJK test fixtures (internal/text/truncate_test.go CJK
truncation cases, cmd/session/list_test.go Chinese session
title, acceptance/e2e/e2e_test.go Chinese RAG corpus)
retained — they are intentional test inputs, not stray prose.
- Makefile help comment: `golangci-lint added in PR-9` →
`golangci-lint planned`. Internal PR numbering should not
surface in shipped Makefile prose.
Build green, 28/28 packages, +5 new ValidateProfileName tests.
go vet / gofmt / go mod verify / go mod tidy all clean.
Rationale for the cascade: pre-1.0 is the cheapest moment to close
L-25 self-consistency (L-26). The half-finished internal rename
would have perpetuated the very `context` vs `context.Context`
ambiguity that motivated v0.7's user-visible rename in the first
place.
295 lines
11 KiB
Go
295 lines
11 KiB
Go
// Package chat implements `weknora chat <text>` - the streaming RAG answer
|
|
// entry point.
|
|
//
|
|
// Two output modes share a single SDK call:
|
|
//
|
|
// - Stream mode (TTY + --format text): write each StreamResponse.Content
|
|
// fragment directly to iostreams.IO.Out as it arrives, then print a
|
|
// footer with knowledge references. This is the "feels alive" UX a
|
|
// human typing in a terminal expects.
|
|
//
|
|
// - NDJSON mode (--format json / --format ndjson / pipe): inject a CLI
|
|
// "init" event at stream head, then pass through every SDK event verbatim
|
|
// as NDJSON lines. Agents and pipes get a live event stream they can
|
|
// parse incrementally. --format json routes here too — buffered JSON
|
|
// envelope makes no sense for a streaming command.
|
|
//
|
|
// The SDK's KnowledgeQAStream callback contract is invoked sequentially on
|
|
// one goroutine, so neither mode needs locking. The runChat core takes a
|
|
// ChatService interface so tests inject a fake without standing up a real
|
|
// SSE server.
|
|
package chat
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/spf13/cobra"
|
|
|
|
"github.com/Tencent/WeKnora/cli/internal/cmdutil"
|
|
"github.com/Tencent/WeKnora/cli/internal/format"
|
|
"github.com/Tencent/WeKnora/cli/internal/iostreams"
|
|
"github.com/Tencent/WeKnora/cli/internal/output"
|
|
"github.com/Tencent/WeKnora/cli/internal/sse"
|
|
sdk "github.com/Tencent/WeKnora/client"
|
|
)
|
|
|
|
// chatFields enumerates the NDJSON init-event fields surfaced for
|
|
// `--format json` / `--format ndjson` discovery on `chat`. Reflects the
|
|
// InitEvent head line + the raw SDK event vocabulary.
|
|
var chatFields = []string{
|
|
"session_id", "kb_id",
|
|
// SDK event fields (pass-through): response_type, content, done,
|
|
// knowledge_references, assistant_message_id, session_id
|
|
}
|
|
|
|
type Options struct {
|
|
Query string
|
|
KBID string
|
|
SessionID string
|
|
}
|
|
|
|
// ChatService is the narrow SDK surface this command depends on. *sdk.Client
|
|
// satisfies it; tests substitute a fake. Compile-time check is at the bottom
|
|
// of this file.
|
|
type ChatService interface {
|
|
CreateSession(ctx context.Context, req *sdk.CreateSessionRequest) (*sdk.Session, error)
|
|
KnowledgeQAStream(ctx context.Context, sessionID string, req *sdk.KnowledgeQARequest, cb func(*sdk.StreamResponse) error) error
|
|
}
|
|
|
|
// NewCmd builds `weknora chat <text>`.
|
|
func NewCmd(f *cmdutil.Factory) *cobra.Command {
|
|
opts := &Options{}
|
|
cmd := &cobra.Command{
|
|
Use: `chat "<text>"`,
|
|
Short: "Ask a streaming RAG question against a knowledge base",
|
|
Long: `Send a query to the WeKnora knowledge-chat endpoint and stream the
|
|
answer back. By default a fresh session is created on first invocation; pass
|
|
--session to continue an existing conversation.
|
|
|
|
Modes:
|
|
--format text: live token streaming + reference footer
|
|
--format json / --format ndjson / pipe (default): NDJSON event stream —
|
|
one init line at head (session_id, kb_id),
|
|
then raw SDK events verbatim. Both json
|
|
and ndjson flags produce the same NDJSON
|
|
stream.`,
|
|
Example: ` weknora chat "What is RRF?" --kb a32a63ff-fb36-4874-bcaa-30f48570a694
|
|
weknora chat "Summarise this design doc" --kb my-kb --format json
|
|
weknora chat "Continue?" --session sess_abc`,
|
|
Args: cobra.ExactArgs(1),
|
|
RunE: func(c *cobra.Command, args []string) error {
|
|
opts.Query = strings.TrimSpace(args[0])
|
|
if opts.Query == "" {
|
|
return cmdutil.NewError(cmdutil.CodeInputInvalidArgument, "query argument cannot be empty")
|
|
}
|
|
fopts, err := cmdutil.CheckFormatFlag(c)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
fopts.ResolveDefault(iostreams.IO.IsStdoutTTY())
|
|
kbID, err := f.ResolveKB(c)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
opts.KBID = kbID
|
|
cli, err := f.Client()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return runChat(c.Context(), opts, fopts, cli)
|
|
},
|
|
}
|
|
cmdutil.AddKBFlag(cmd)
|
|
cmd.Flags().StringVar(&opts.SessionID, "session", "", "Continue an existing chat session (skip auto-create)")
|
|
cmdutil.AddFormatFlag(cmd, chatFields...)
|
|
cmdutil.SetAgentHelp(cmd, cmdutil.AgentHelp{
|
|
UsedFor: "Ask a streaming RAG question against a knowledge base. Produces an NDJSON event stream: init line (session_id, kb_id) then raw SDK events. Use --format json or --format ndjson.",
|
|
RequiredFlags: []string{"--kb"},
|
|
Examples: []string{`weknora chat "What is RRF?" --kb kb_abc --format json`},
|
|
Output: "NDJSON stream: {type:init, session_id, kb_id} then SDK events (response_type, content, done, knowledge_references, ...)",
|
|
})
|
|
return cmd
|
|
}
|
|
|
|
// runChat is the testable core: validate, ensure a session, dispatch the
|
|
// stream, and route output. Returns a typed error.
|
|
func runChat(ctx context.Context, opts *Options, fopts *cmdutil.FormatOptions, svc ChatService) error {
|
|
if opts.Query == "" {
|
|
return cmdutil.NewError(cmdutil.CodeInputInvalidArgument, "query argument cannot be empty")
|
|
}
|
|
if opts.KBID == "" {
|
|
// Defensive: the cobra layer resolves KB before runChat; this guards
|
|
// the direct-test entry point.
|
|
return cmdutil.NewError(cmdutil.CodeKBIDRequired, "kb id is required")
|
|
}
|
|
if svc == nil {
|
|
return cmdutil.NewError(cmdutil.CodeServerError, "chat: no SDK client available")
|
|
}
|
|
|
|
// Streaming commands route --format json AND --format ndjson to the
|
|
// NDJSON event-stream path. A buffered envelope makes no sense for a
|
|
// streaming command. Only --format text uses the live renderer.
|
|
ndjsonMode := fopts != nil && (fopts.Mode == cmdutil.FormatJSON || fopts.Mode == cmdutil.FormatNDJSON)
|
|
|
|
sessionID := opts.SessionID
|
|
autoCreated := false
|
|
if sessionID == "" {
|
|
sess, err := svc.CreateSession(ctx, &sdk.CreateSessionRequest{Title: "weknora chat"})
|
|
if err != nil {
|
|
// Ctrl-C during session creation: classify as cancelled so the
|
|
// hint nudges the user toward retry-with-signal-clean, not
|
|
// "pass --session" as session_create_failed would.
|
|
if cmdutil.IsCancelled(ctx, err) {
|
|
return cmdutil.Wrapf(cmdutil.CodeOperationCancelled, err, "chat cancelled")
|
|
}
|
|
// Map HTTP-shaped failures, but tag generic transport / unknown
|
|
// errors as session_create_failed so the dedicated hint fires.
|
|
code := cmdutil.ClassifyHTTPError(err)
|
|
if code == cmdutil.CodeNetworkError || code == cmdutil.CodeServerError {
|
|
code = cmdutil.CodeSessionCreateFailed
|
|
}
|
|
return cmdutil.Wrapf(code, err, "create chat session")
|
|
}
|
|
sessionID = sess.ID
|
|
autoCreated = true
|
|
}
|
|
|
|
if ndjsonMode {
|
|
return runChatNDJSON(ctx, opts, sessionID, svc)
|
|
}
|
|
|
|
// Surface the auto-created session ID up-front so a user who hits ^C
|
|
// mid-stream still has the pointer to resume - no need to scroll back
|
|
// past tokens. Skipped in NDJSON mode (it appears in the init event).
|
|
if autoCreated {
|
|
fmt.Fprintf(iostreams.IO.Err, "session: %s (use --session to continue)\n", sessionID)
|
|
}
|
|
|
|
return runChatText(ctx, opts, sessionID, autoCreated, svc)
|
|
}
|
|
|
|
// runChatNDJSON handles --format json and --format ndjson paths.
|
|
// Emits a CLI init event at stream head, then passes every SDK event through
|
|
// verbatim as NDJSON lines. No buffering — callers parse the stream
|
|
// incrementally.
|
|
func runChatNDJSON(ctx context.Context, opts *Options, sessionID string, svc ChatService) error {
|
|
w := iostreams.IO.Out
|
|
|
|
// 1. Inject the CLI-managed init event at the head of the stream.
|
|
// Carries the session pointer + retrieval context callers need for
|
|
// follow-up threading.
|
|
initEv := output.InitEvent{
|
|
SessionID: sessionID,
|
|
KBID: opts.KBID,
|
|
Profile: cmdutil.GetProfile(),
|
|
}
|
|
if err := output.EmitInit(w, initEv); err != nil {
|
|
return err
|
|
}
|
|
|
|
// 2. Open SDK stream and pass each event through as a bare NDJSON line.
|
|
req := &sdk.KnowledgeQARequest{
|
|
Query: opts.Query,
|
|
KnowledgeBaseIDs: []string{opts.KBID},
|
|
AgentEnabled: false,
|
|
WebSearchEnabled: false,
|
|
Channel: "api",
|
|
}
|
|
cb := func(r *sdk.StreamResponse) error {
|
|
return output.EmitSDKEvent(w, r)
|
|
}
|
|
if err := svc.KnowledgeQAStream(ctx, sessionID, req, cb); err != nil {
|
|
if cmdutil.IsCancelled(ctx, err) {
|
|
return cmdutil.Wrapf(cmdutil.CodeOperationCancelled, err, "chat cancelled")
|
|
}
|
|
return cmdutil.WrapHTTP(err, "knowledge qa stream")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// runChatText handles the --format text path. Streams content fragments
|
|
// live on TTY; accumulates then renders on non-TTY pipes.
|
|
func runChatText(ctx context.Context, opts *Options, sessionID string, autoCreated bool, svc ChatService) error {
|
|
// Stream mode requires an interactive stdout.
|
|
streamMode := iostreams.IO.IsStdoutTTY()
|
|
|
|
req := &sdk.KnowledgeQARequest{
|
|
Query: opts.Query,
|
|
KnowledgeBaseIDs: []string{opts.KBID},
|
|
AgentEnabled: false,
|
|
WebSearchEnabled: false,
|
|
Channel: "api",
|
|
}
|
|
|
|
acc := &sse.Accumulator{}
|
|
|
|
cb := func(r *sdk.StreamResponse) error {
|
|
if streamMode && r != nil && r.Content != "" {
|
|
// Best-effort write; if stdout dies the SDK will surface the
|
|
// error on the next iteration. No need to bail early.
|
|
_, _ = iostreams.IO.Out.Write([]byte(r.Content))
|
|
}
|
|
acc.Append(r)
|
|
return nil
|
|
}
|
|
|
|
streamErr := svc.KnowledgeQAStream(ctx, sessionID, req, cb)
|
|
if streamErr != nil {
|
|
// Re-surface the auto-created session id on failure so a user who
|
|
// missed the start-of-stream notice (it scrolls past mid-stream
|
|
// tokens, especially on ^C) can still recover with --session.
|
|
if autoCreated {
|
|
fmt.Fprintf(iostreams.IO.Err, "session: %s (resume with --session %s)\n", sessionID, sessionID)
|
|
}
|
|
// Context cancelled (Ctrl-C) → user-aborted, exit 130 lineage.
|
|
if cmdutil.IsCancelled(ctx, streamErr) {
|
|
return cmdutil.Wrapf(cmdutil.CodeOperationCancelled, streamErr, "chat cancelled")
|
|
}
|
|
// Stream began (we observed at least one event) but never reached a
|
|
// terminal Done frame: typed as sse_stream_aborted so the hint
|
|
// nudges the user toward a retry.
|
|
if acc.Result() != "" && !acc.Done() {
|
|
return cmdutil.Wrapf(cmdutil.CodeSSEStreamAborted, streamErr, "stream aborted before completion")
|
|
}
|
|
// Pre-stream HTTP / transport failure: route through the canonical
|
|
// classifier so 401 / 404 / 5xx still surface their specific codes.
|
|
return cmdutil.WrapHTTP(streamErr, "knowledge qa stream")
|
|
}
|
|
|
|
// SDK returned nil but we never saw a Done event - server closed the
|
|
// connection cleanly mid-stream. Treat as aborted so the user sees the
|
|
// truncation rather than a silent partial answer. Includes the empty-body
|
|
// case (Done frame never arrived AND no content): better to surface the
|
|
// abort than emit ok=true with answer="" - agents can't distinguish the
|
|
// model genuinely had nothing to say from the stream getting cut.
|
|
if !acc.Done() {
|
|
return cmdutil.NewError(cmdutil.CodeSSEStreamAborted, "stream ended without a terminal event")
|
|
}
|
|
|
|
answer := acc.Result()
|
|
references := acc.References
|
|
|
|
// Streaming mode already wrote the answer body via the callback, so we
|
|
// only need to render the trailing references (and a closing newline).
|
|
// Non-TTY accumulate path writes the answer here for the first time.
|
|
out := iostreams.IO.Out
|
|
if streamMode {
|
|
// Ensure the answer line ends cleanly before the references footer.
|
|
if !strings.HasSuffix(answer, "\n") {
|
|
fmt.Fprintln(out)
|
|
}
|
|
} else {
|
|
fmt.Fprint(out, answer)
|
|
if !strings.HasSuffix(answer, "\n") {
|
|
fmt.Fprintln(out)
|
|
}
|
|
}
|
|
format.WriteReferences(out, references)
|
|
return nil
|
|
}
|
|
|
|
// compile-time check: the production SDK client implements ChatService.
|
|
var _ ChatService = (*sdk.Client)(nil)
|