@cortexmemory/cli 0.27.1 → 0.27.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cortexmemory/cli",
-  "version": "0.27.1",
+  "version": "0.27.4",
   "description": "CLI tool for managing Cortex Memory deployments, performing administrative tasks, and streamlining development workflows",
   "type": "module",
   "bin": {

package/templates/vercel-ai-quickstart/app/api/auth/check/route.ts

@@ -0,0 +1,30 @@
+/**
+ * Auth Check API Route
+ *
+ * GET: Check if admin has been set up (first-run detection)
+ */
+
+import { getCortex } from "@/lib/cortex";
+
+const ADMIN_NAMESPACE = "quickstart-config";
+const ADMIN_KEY = "admin_password_hash";
+
+export async function GET() {
+  try {
+    const cortex = getCortex();
+
+    // Check if admin password hash exists in mutable store
+    const adminHash = await cortex.mutable.get(ADMIN_NAMESPACE, ADMIN_KEY);
+
+    return Response.json({
+      isSetup: adminHash !== null,
+    });
+  } catch (error) {
+    console.error("[Auth Check Error]", error);
+
+    return Response.json(
+      { error: "Failed to check admin setup status" },
+      { status: 500 }
+    );
+  }
+}

package/templates/vercel-ai-quickstart/app/api/auth/login/route.ts

@@ -0,0 +1,128 @@
+/**
+ * User Login API Route
+ *
+ * POST: Authenticate user and return session
+ */
+
+import { getCortex } from "@/lib/cortex";
+import { verifyPassword, generateSessionToken } from "@/lib/password";
+
+/**
+ * Validates login request body structure.
+ * Returns validated credentials or null if invalid.
+ */
+function validateLoginBody(
+  body: unknown
+): { username: string; password: string } | null {
+  if (typeof body !== "object" || body === null) {
+    return null;
+  }
+
+  const record = body as Record<string, unknown>;
+
+  // Validate username field exists and is a non-empty string
+  const hasValidUsername =
+    "username" in record &&
+    typeof record.username === "string" &&
+    record.username.length > 0 &&
+    record.username.length <= 256;
+
+  // Validate password field exists and is a non-empty string
+  const hasValidPassword =
+    "password" in record &&
+    typeof record.password === "string" &&
+    record.password.length > 0 &&
+    record.password.length <= 1024;
+
+  if (!hasValidUsername || !hasValidPassword) {
+    return null;
+  }
+
+  return {
+    username: record.username as string,
+    password: record.password as string,
+  };
+}
+
+/**
+ * Safely extracts an error message for logging without exposing user data.
+ */
+function getSafeErrorMessage(error: unknown): string {
+  if (error instanceof Error) {
+    // Only include error name and a sanitized message
+    // Avoid logging full stack traces which may contain user data
+    return `${error.name}: ${error.message.slice(0, 200)}`;
+  }
+  return "Unknown error";
+}
+
+export async function POST(req: Request) {
+  try {
+    const body = await req.json();
+
+    // Validate input structure before extracting values
+    const credentials = validateLoginBody(body);
+    if (!credentials) {
+      return Response.json(
+        { error: "Username and password are required" },
+        { status: 400 }
+      );
+    }
+
+    const { username, password } = credentials;
+
+    const cortex = getCortex();
+    const sanitizedUsername = username.toLowerCase();
+
+    // Get user profile
+    const user = await cortex.users.get(sanitizedUsername);
+    if (!user) {
+      return Response.json(
+        { error: "Invalid username or password" },
+        { status: 401 }
+      );
+    }
+
+    // Verify password
+    const storedHash = user.data.passwordHash as string;
+    if (!storedHash) {
+      return Response.json(
+        { error: "Invalid username or password" },
+        { status: 401 }
+      );
+    }
+
+    const isValid = await verifyPassword(password, storedHash);
+    if (!isValid) {
+      return Response.json(
+        { error: "Invalid username or password" },
+        { status: 401 }
+      );
+    }
+
+    // Update last login time
+    await cortex.users.update(sanitizedUsername, {
+      lastLoginAt: Date.now(),
+    });
+
+    // Generate session token
+    const sessionToken = generateSessionToken();
+
+    return Response.json({
+      success: true,
+      user: {
+        id: sanitizedUsername,
+        displayName: (user.data.displayName as string) || sanitizedUsername,
+      },
+      sessionToken,
+    });
+  } catch (error) {
+    // Log sanitized error to prevent log injection
+    console.error("[Login Error]", getSafeErrorMessage(error));
+
+    return Response.json(
+      { error: "Failed to authenticate" },
+      { status: 500 }
+    );
+  }
+}

package/templates/vercel-ai-quickstart/app/api/auth/register/route.ts

@@ -0,0 +1,94 @@
+/**
+ * User Registration API Route
+ *
+ * POST: Register a new user account
+ */
+
+import { getCortex } from "@/lib/cortex";
+import { hashPassword, generateSessionToken } from "@/lib/password";
+
+export async function POST(req: Request) {
+  try {
+    const body = await req.json();
+    const { username, password, displayName } = body;
+
+    // Validate input
+    if (!username || typeof username !== "string") {
+      return Response.json(
+        { error: "Username is required" },
+        { status: 400 }
+      );
+    }
+
+    if (!password || typeof password !== "string") {
+      return Response.json(
+        { error: "Password is required" },
+        { status: 400 }
+      );
+    }
+
+    if (username.length < 2) {
+      return Response.json(
+        { error: "Username must be at least 2 characters" },
+        { status: 400 }
+      );
+    }
+
+    if (password.length < 4) {
+      return Response.json(
+        { error: "Password must be at least 4 characters" },
+        { status: 400 }
+      );
+    }
+
+    // Sanitize username (alphanumeric, underscore, hyphen only)
+    const sanitizedUsername = username.toLowerCase().replace(/[^a-z0-9_-]/g, "");
+    if (sanitizedUsername !== username.toLowerCase()) {
+      return Response.json(
+        { error: "Username can only contain letters, numbers, underscores, and hyphens" },
+        { status: 400 }
+      );
+    }
+
+    const cortex = getCortex();
+
+    // Check if user already exists
+    const existingUser = await cortex.users.get(sanitizedUsername);
+    if (existingUser) {
+      return Response.json(
+        { error: "Username already taken" },
+        { status: 409 }
+      );
+    }
+
+    // Hash password and create user profile
+    const passwordHash = await hashPassword(password);
+    const now = Date.now();
+
+    await cortex.users.update(sanitizedUsername, {
+      displayName: displayName || sanitizedUsername,
+      passwordHash,
+      createdAt: now,
+      lastLoginAt: now,
+    });
+
+    // Generate session token
+    const sessionToken = generateSessionToken();
+
+    return Response.json({
+      success: true,
+      user: {
+        id: sanitizedUsername,
+        displayName: displayName || sanitizedUsername,
+      },
+      sessionToken,
+    });
+  } catch (error) {
+    console.error("[Register Error]", error);
+
+    return Response.json(
+      { error: "Failed to register user" },
+      { status: 500 }
+    );
+  }
+}

package/templates/vercel-ai-quickstart/app/api/auth/setup/route.ts

@@ -0,0 +1,59 @@
+/**
+ * Admin Setup API Route
+ *
+ * POST: Set up initial admin password (first-run only)
+ */
+
+import { getCortex } from "@/lib/cortex";
+import { hashPassword } from "@/lib/password";
+
+const ADMIN_NAMESPACE = "quickstart-config";
+const ADMIN_KEY = "admin_password_hash";
+
+export async function POST(req: Request) {
+  try {
+    const body = await req.json();
+    const { password } = body;
+
+    if (!password || typeof password !== "string") {
+      return Response.json(
+        { error: "Password is required" },
+        { status: 400 }
+      );
+    }
+
+    if (password.length < 4) {
+      return Response.json(
+        { error: "Password must be at least 4 characters" },
+        { status: 400 }
+      );
+    }
+
+    const cortex = getCortex();
+
+    // Check if admin already exists
+    const existingHash = await cortex.mutable.get(ADMIN_NAMESPACE, ADMIN_KEY);
+    if (existingHash !== null) {
+      return Response.json(
+        { error: "Admin already configured" },
+        { status: 409 }
+      );
+    }
+
+    // Hash and store admin password
+    const passwordHash = await hashPassword(password);
+    await cortex.mutable.set(ADMIN_NAMESPACE, ADMIN_KEY, passwordHash);
+
+    return Response.json({
+      success: true,
+      message: "Admin password configured successfully",
+    });
+  } catch (error) {
+    console.error("[Admin Setup Error]", error);
+
+    return Response.json(
+      { error: "Failed to configure admin password" },
+      { status: 500 }
+    );
+  }
+}

package/templates/vercel-ai-quickstart/app/api/chat/route.ts

@@ -11,6 +11,7 @@ import {
   createUIMessageStream,
   createUIMessageStreamResponse,
 } from "ai";
+import { getCortex } from "@/lib/cortex";
 
 // Create OpenAI client for embeddings
 const openaiClient = createOpenAI({ apiKey: process.env.OPENAI_API_KEY });
@@ -40,6 +41,7 @@ Example interactions:
 function getCortexMemoryConfig(
   memorySpaceId: string,
   userId: string,
+  conversationId: string,
   layerObserver?: LayerObserver,
 ): CortexMemoryConfig {
   return {
@@ -54,6 +56,9 @@ function getCortexMemoryConfig(
     agentId: "quickstart-assistant",
     agentName: "Cortex Demo Assistant",
 
+    // Conversation ID for chat history isolation
+    conversationId,
+
     // Enable graph memory sync (auto-configured via env vars)
     // When true, uses CypherGraphAdapter to sync to Neo4j/Memgraph
     enableGraphMemory: process.env.CORTEX_GRAPH_SYNC === "true",
@@ -101,19 +106,117 @@ function getCortexMemoryConfig(
   };
 }
 
+/**
+ * Generate a title from the first user message
+ */
+function generateTitle(message: string): string {
+  // Take first 50 chars, cut at word boundary
+  let title = message.slice(0, 50);
+  if (message.length > 50) {
+    const lastSpace = title.lastIndexOf(" ");
+    if (lastSpace > 20) {
+      title = title.slice(0, lastSpace);
+    }
+    title += "...";
+  }
+  return title;
+}
+
+/**
+ * Normalize messages to ensure they have the `parts` array format
+ * expected by AI SDK v6's convertToModelMessages.
+ *
+ * Handles:
+ * - Messages with `content` string (legacy format) -> converts to `parts` array
+ * - Messages with `role: "agent"` -> converts to `role: "assistant"`
+ * - Messages already in v6 format -> passes through unchanged
+ */
+function normalizeMessages(messages: unknown[]): unknown[] {
+  return messages.map((msg: unknown) => {
+    const m = msg as Record<string, unknown>;
+
+    // Normalize role: "agent" -> "assistant"
+    let role = m.role as string;
+    if (role === "agent") {
+      role = "assistant";
+    }
+
+    // Ensure parts array exists
+    let parts = m.parts as Array<{ type: string; text?: string }> | undefined;
+    if (!parts) {
+      // Convert content string to parts array
+      const content = m.content as string | undefined;
+      if (content) {
+        parts = [{ type: "text", text: content }];
+      } else {
+        parts = [];
+      }
+    }
+
+    return {
+      ...m,
+      role,
+      parts,
+    };
+  });
+}
+
+/**
+ * Extract text from a message (handles both content string and parts array)
+ */
+function getMessageText(message: { content?: string; parts?: Array<{ type: string; text?: string }> }): string {
+  if (typeof message.content === "string") {
+    return message.content;
+  }
+  if (message.parts && Array.isArray(message.parts)) {
+    return message.parts
+      .filter((part) => part.type === "text" && part.text)
+      .map((part) => part.text)
+      .join("");
+  }
+  return "";
+}
+
 export async function POST(req: Request) {
   try {
     const body = await req.json();
-    const { messages, memorySpaceId, userId } = body;
+    const { messages, memorySpaceId, userId, conversationId: providedConversationId } = body;
+
+    // Validate messages array exists
+    if (!messages || !Array.isArray(messages)) {
+      return new Response(
+        JSON.stringify({ error: "messages array is required" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    // Generate conversation ID if not provided (new chat)
+    const conversationId = providedConversationId || 
+      `conv-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
+    const isNewConversation = !providedConversationId;
+
+    // Normalize messages to ensure they have the `parts` array format
+    // expected by AI SDK v6's convertToModelMessages
+    const normalizedMessages = normalizeMessages(messages);
 
     // Convert UIMessage[] from useChat to ModelMessage[] for streamText
     // Note: In AI SDK v6+, convertToModelMessages may return a Promise
-    const modelMessagesResult = convertToModelMessages(messages);
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const modelMessagesResult = convertToModelMessages(normalizedMessages as any);
     const modelMessages =
       modelMessagesResult instanceof Promise
         ? await modelMessagesResult
         : modelMessagesResult;
 
+    // Get the first user message for title generation
+    const firstUserMessage = messages.find((m: { role: string }) => m.role === "user") as {
+      role: string;
+      content?: string;
+      parts?: Array<{ type: string; text?: string }>;
+    } | undefined;
+    
+    const messageText = firstUserMessage ? getMessageText(firstUserMessage) : "";
+
     // Use createUIMessageStream to send both LLM text and layer events
     return createUIMessageStreamResponse({
       stream: createUIMessageStream({
@@ -157,10 +260,11 @@ export async function POST(req: Request) {
             },
           };
 
-          // Build config with the observer
+          // Build config with the observer and conversation ID
           const config = getCortexMemoryConfig(
             memorySpaceId || "quickstart-demo",
             userId || "demo-user",
+            conversationId,
             layerObserver,
           );
 
@@ -177,6 +281,38 @@ export async function POST(req: Request) {
 
           // Merge LLM stream into the UI message stream
           writer.merge(result.toUIMessageStream());
+
+          // If this is a new conversation, create it in the SDK and update the title
+          if (isNewConversation && messageText) {
+            try {
+              const cortex = getCortex();
+              const title = generateTitle(messageText);
+
+              // Create the conversation with the SDK
+              await cortex.conversations.create({
+                memorySpaceId: memorySpaceId || "quickstart-demo",
+                conversationId,
+                type: "user-agent",
+                participants: {
+                  userId: userId || "demo-user",
+                  agentId: "quickstart-assistant",
+                },
+                metadata: { title },
+              });
+
+              // Send conversation update to the client
+              writer.write({
+                type: "data-conversation-update",
+                data: {
+                  conversationId,
+                  title,
+                },
+                transient: true,
+              });
+            } catch (error) {
+              console.error("Failed to create conversation:", error);
+            }
+          }
         },
       }),
     });