From c01511bfe4c491f9ccc86d6aafcd09215fea486a Mon Sep 17 00:00:00 2001 From: ian Date: Mon, 29 Jun 2026 16:40:34 +0100 Subject: [PATCH 1/5] chore(agent): remove node https module from web bundle --- packages/core/src/connection/http.ts | 2 +- packages/core/src/index.ts | 11 ++++++++--- packages/node/src/index.ts | 4 ++++ packages/web/src/index.ts | 2 ++ 4 files changed, 15 insertions(+), 4 deletions(-) diff --git a/packages/core/src/connection/http.ts b/packages/core/src/connection/http.ts index 66275d59..5d805ab3 100644 --- a/packages/core/src/connection/http.ts +++ b/packages/core/src/connection/http.ts @@ -1,7 +1,7 @@ import OpenidConfigurationGetter from '../v2/misc/openidConfigurationGetter.js'; import { isAbortError } from 'abort-controller-x'; -import { Agent } from 'http'; +import type { Agent } from 'http'; import { WeaviateInsufficientPermissionsError, WeaviateInvalidInputError, diff --git a/packages/core/src/index.ts b/packages/core/src/index.ts index 078b5bbb..2e213636 100644 --- a/packages/core/src/index.ts +++ b/packages/core/src/index.ts @@ -23,8 +23,7 @@ import { DbVersion } from './utils/dbVersion.js'; import { Backend, BackupCompressionLevel, BackupStatus } from './v2/backup/index.js'; import MetaGetter from './v2/misc/metaGetter.js'; -import { Agent as HttpAgent } from 'http'; -import { Agent as HttpsAgent } from 'https'; +import type { Agent } from 'http'; import { LiveChecker, OpenidConfigurationGetter, ReadyChecker } from './v2/misc/index.js'; import weaviateV2 from './v2/index.js'; @@ -133,6 +132,12 @@ export const cleanHost = (host: string, protocol: 'rest' | 'grpc') => { export type Context = { transportsMaker: TransportsMaker; toBase64FromMedia: ToBase64FromMedia; + /** + * Creates the HTTP(S) keep-alive agent for the REST/GraphQL connection. Supplied by the Node shim + * (`@weaviate/node`); omitted by the browser shim (`@weaviate/web`) so no Node `http`/`https` + * builtins are pulled into the browser bundle. When undefined, `fetch` runs without a custom agent. + */ + agentMaker?: (secure: boolean) => Agent | undefined; }; const client = async ( @@ -151,7 +156,7 @@ const client = async ( if (!params.headers) params.headers = {}; const scheme = httpSecure ? 'https' : 'http'; - const agent = httpSecure ? new HttpsAgent({ keepAlive: true }) : new HttpAgent({ keepAlive: true }); + const agent = context.agentMaker?.(httpSecure); const { connection, dbVersionProvider, dbVersionSupport } = await ConnectionGRPC.use( context.transportsMaker, diff --git a/packages/node/src/index.ts b/packages/node/src/index.ts index 1d6c4d77..ecb9fe41 100644 --- a/packages/node/src/index.ts +++ b/packages/node/src/index.ts @@ -20,12 +20,16 @@ import weaviate, { permissions, reconfigure, } from '@weaviate/core'; +import { Agent as HttpAgent } from 'http'; +import { Agent as HttpsAgent } from 'https'; import { toBase64FromMedia } from './base64.js'; import { transportsMaker } from './transports.js'; const context: Context = { transportsMaker, toBase64FromMedia, + agentMaker: (secure) => + secure ? new HttpsAgent({ keepAlive: true }) : new HttpAgent({ keepAlive: true }), }; /** diff --git a/packages/web/src/index.ts b/packages/web/src/index.ts index 21143387..29b6cb6b 100644 --- a/packages/web/src/index.ts +++ b/packages/web/src/index.ts @@ -24,6 +24,8 @@ import { transportsMaker } from './transports.js'; const context: Context = { transportsMaker, toBase64FromMedia, + // No `agentMaker` on purpose: the browser uses fetch-based gRPC-Web (and fetch for REST), so no Node + // `http`/`https` Agent is needed. Omitting it keeps those Node builtins out of the browser bundle. }; export type ConnectToLocalOptions = Omit; From f03327164b618f01e862f63fe87900f5ffd9cd70 Mon Sep 17 00:00:00 2001 From: ian Date: Mon, 29 Jun 2026 16:46:21 +0100 Subject: [PATCH 2/5] chore(): appease the linter --- packages/node/src/index.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/packages/node/src/index.ts b/packages/node/src/index.ts index ecb9fe41..2de6b77f 100644 --- a/packages/node/src/index.ts +++ b/packages/node/src/index.ts @@ -28,8 +28,7 @@ import { transportsMaker } from './transports.js'; const context: Context = { transportsMaker, toBase64FromMedia, - agentMaker: (secure) => - secure ? new HttpsAgent({ keepAlive: true }) : new HttpAgent({ keepAlive: true }), + agentMaker: (secure) => (secure ? new HttpsAgent({ keepAlive: true }) : new HttpAgent({ keepAlive: true })), }; /** From 848dc23fef91ddd68ef875a945a573a13e21a8ee Mon Sep 17 00:00:00 2001 From: ian Date: Mon, 29 Jun 2026 23:39:21 +0100 Subject: [PATCH 3/5] chore(): fix version import --- packages/test/web/connect.test.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/test/web/connect.test.ts b/packages/test/web/connect.test.ts index c633b1d0..f5b1be7c 100644 --- a/packages/test/web/connect.test.ts +++ b/packages/test/web/connect.test.ts @@ -1,6 +1,6 @@ import { describe, it, expect } from 'vitest'; import weaviate from '@weaviate/web'; -import { requireAtLeast } from '../../version'; +import { requireAtLeast } from '../version'; requireAtLeast(1, 39, 0).describe('connectToLocal', () => { it('should connect to a local Weaviate instance using grpc-web', async () => { From df2c91fe5c770c4e4bfff9c68a902d5a25bca31a Mon Sep 17 00:00:00 2001 From: Tommy Smith Date: Tue, 30 Jun 2026 11:35:55 +0100 Subject: [PATCH 4/5] Remove outdated openId validation --- packages/core/src/connection/auth.ts | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/packages/core/src/connection/auth.ts b/packages/core/src/connection/auth.ts index 2cb71cbe..f6773bc5 100644 --- a/packages/core/src/connection/auth.ts +++ b/packages/core/src/connection/auth.ts @@ -183,7 +183,6 @@ class UserPasswordAuthenticator implements OidcAuthFlow { } refresh = () => { - this.validateOpenidConfig(); return this.requestAccessToken() .then((tokenResp: RequestAccessTokenResponse) => { return { @@ -197,22 +196,6 @@ class UserPasswordAuthenticator implements OidcAuthFlow { }); }; - validateOpenidConfig = () => { - if ( - this.openidConfig.provider.grant_types_supported !== undefined && - !this.openidConfig.provider.grant_types_supported.includes('password') - ) { - throw new Error('grant_type password not supported'); - } - if (this.openidConfig.provider.token_endpoint.includes('https://login.microsoftonline.com')) { - throw new Error( - 'microsoft/azure recommends to avoid authentication using ' + - 'username and password, so this method is not supported by this client' - ); - } - this.openidConfig.scopes.push('offline_access'); - }; - requestAccessToken = () => { const url = this.openidConfig.provider.token_endpoint; const params = new URLSearchParams({ From f3886196b9e66f5a6fe7afbb6ed5a51ce9f4c674 Mon Sep 17 00:00:00 2001 From: Tommy Smith Date: Tue, 30 Jun 2026 11:53:17 +0100 Subject: [PATCH 5/5] Add back missing `offline_access` scope to `AuthUserPasswordCredentials` --- packages/core/src/connection/auth.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/core/src/connection/auth.ts b/packages/core/src/connection/auth.ts index f6773bc5..c99d3c18 100644 --- a/packages/core/src/connection/auth.ts +++ b/packages/core/src/connection/auth.ts @@ -183,6 +183,7 @@ class UserPasswordAuthenticator implements OidcAuthFlow { } refresh = () => { + this.openidConfig.scopes.push('offline_access'); return this.requestAccessToken() .then((tokenResp: RequestAccessTokenResponse) => { return {