@cybermem/cli 0.9.12 → 0.13.3

package/dist/commands/upgrade.js

@@ -10,26 +10,46 @@ const fs_1 = __importDefault(require("fs"));
 const inquirer_1 = __importDefault(require("inquirer"));
 const os_1 = __importDefault(require("os"));
 const path_1 = __importDefault(require("path"));
+// Helper to handle and suggest fixes for common errors
+function handleExecError(error, context) {
+    const stderr = error.stderr || "";
+    let suggestion = "";
+    if (stderr.includes("Permission denied") || stderr.includes("publickey")) {
+        suggestion =
+            "\n💡 Next Step: Ensure your SSH keys are added to the remote host: `ssh-copy-id user@host`";
+    }
+    else if (stderr.includes("Connection timed out") ||
+        stderr.includes("Could not resolve host")) {
+        suggestion =
+            "\n💡 Next Step: Check your network connection or the remote host's availability.";
+    }
+    else if (stderr.includes("ansible-playbook: command not found")) {
+        suggestion =
+            "\n💡 Next Step: Install Ansible: `brew install ansible` (on macOS).";
+    }
+    else if (stderr.includes("docker-compose: command not found")) {
+        suggestion =
+            "\n💡 Next Step: Install Docker and ensure docker-compose is in your PATH.";
+    }
+    console.error(chalk_1.default.red(`\n❌ ${context} failed:`), error.message);
+    if (suggestion)
+        console.log(chalk_1.default.yellow(suggestion));
+    process.exit(1);
+}
 async function upgrade(options) {
     let target = "local";
     if (options.rpi)
         target = "rpi";
     if (options.vps)
         target = "vps";
-    console.log(chalk_1.default.blue(`Upgrading CyberMem (${target})...`));
+    const isStaging = !!options.staging;
+    const envType = isStaging ? "staging" : "prod";
+    const projectSuffix = isStaging ? "-staging" : "";
+    console.log(chalk_1.default.blue(`Upgrading CyberMem (${target}-${envType})...`));
     try {
         if (target === "local") {
             console.log(chalk_1.default.blue("Pulling latest Docker images..."));
-            // Re-use logic: find compose file from template if needed, OR use installed ~/.cybermem one?
-            // "upgrade" implies updating running instance.
-            // running instance uses ~/.cybermem/docker-compose.yml (if init copied it?)
-            // Wait, init uses template directly?
-            // "deploy/init" logic for local:
-            // "docker-compose -f composeFile ...". composeFile was from templateDir.
-            // It did NOT copy compose file to ~/.cybermem for local.
-            // It uses the installed package's template.
-            // So for upgrade (which might be run from newer CLI version), we use the NEW CLI's template.
-            // Resolve Template Directory (Same logic as init)
+            // Resolve Template Directory
             let templateDir = path_1.default.resolve(__dirname, "../../templates");
             if (!fs_1.default.existsSync(templateDir)) {
                 templateDir = path_1.default.resolve(__dirname, "../../../templates");
@@ -47,25 +67,35 @@ async function upgrade(options) {
             const homeDir = os_1.default.homedir();
             const configDir = path_1.default.join(homeDir, ".cybermem");
             const envFile = path_1.default.join(configDir, ".env");
-            const dataDir = path_1.default.join(configDir, "data");
+            const dataDir = path_1.default.join(configDir, isStaging ? "data-staging" : "data");
             // Pull images
-            await (0, execa_1.default)("docker-compose", [
-                "-f",
-                composeFile,
-                "--env-file",
-                envFile,
-                "--project-name",
-                "cybermem",
-                "pull",
-            ], {
-                stdio: "inherit",
-                env: {
-                    ...process.env,
-                    DATA_DIR: dataDir,
-                    CYBERMEM_ENV_PATH: envFile,
-                    OM_API_KEY: "", // Local bypass
-                },
-            });
+            try {
+                await (0, execa_1.default)("docker-compose", [
+                    "-f",
+                    composeFile,
+                    "--env-file",
+                    envFile,
+                    "--project-name",
+                    `cybermem${projectSuffix}`,
+                    "pull",
+                ], {
+                    stdio: "inherit",
+                    env: {
+                        ...process.env,
+                        DATA_DIR: dataDir,
+                        CYBERMEM_ENV_PATH: envFile,
+                        OM_API_KEY: "", // Local bypass
+                        PROJECT_NAME: `cybermem${projectSuffix}`,
+                        TRAEFIK_PORT: isStaging ? "8625" : "8626",
+                        DASHBOARD_PORT: isStaging ? "3001" : "3000",
+                        CYBERMEM_ENV: envType,
+                        CYBERMEM_INSTANCE: target,
+                    },
+                });
+            }
+            catch (e) {
+                handleExecError(e, "Local image pull");
+            }
             // Up (recreate)
             console.log(chalk_1.default.blue("Restarting services..."));
             await (0, execa_1.default)("docker-compose", [
@@ -74,7 +104,7 @@ async function upgrade(options) {
                 "--env-file",
                 envFile,
                 "--project-name",
-                "cybermem",
+                `cybermem${projectSuffix}`,
                 "up",
                 "-d",
                 "--remove-orphans",
@@ -85,12 +115,17 @@ async function upgrade(options) {
                     DATA_DIR: dataDir,
                     CYBERMEM_ENV_PATH: envFile,
                     OM_API_KEY: "", // Local bypass
+                    PROJECT_NAME: `cybermem${projectSuffix}`,
+                    TRAEFIK_PORT: isStaging ? "8625" : "8626",
+                    DASHBOARD_PORT: isStaging ? "3001" : "3000",
+                    CYBERMEM_ENV: envType,
+                    CYBERMEM_INSTANCE: target,
                 },
             });
             console.log(chalk_1.default.green("✅ Upgrade complete!"));
         }
         else if (target === "rpi" || target === "vps") {
-            // Remote upgrade
+            // Remote upgrade via Ansible
             let sshHost = options.host;
             if (!sshHost) {
                 const answers = await inquirer_1.default.prompt([
@@ -103,9 +138,8 @@ async function upgrade(options) {
                 ]);
                 sshHost = answers.host;
             }
-            console.log(chalk_1.default.blue(`Upgrading remote host ${sshHost}...`));
-            // 1. Upload NEW docker-compose.yml (from this CLI version)
-            // Resolve Template Directory
+            console.log(chalk_1.default.blue(`Upgrading remote host ${sshHost} via Ansible...`));
+            // 1. Resolve Template Directory
             let templateDir = path_1.default.resolve(__dirname, "../../templates");
             if (!fs_1.default.existsSync(templateDir)) {
                 templateDir = path_1.default.resolve(__dirname, "../../../templates");
@@ -113,25 +147,30 @@ async function upgrade(options) {
             if (!fs_1.default.existsSync(templateDir)) {
                 templateDir = path_1.default.resolve(process.cwd(), "packages/cli/templates");
             }
-            if (!fs_1.default.existsSync(templateDir)) {
-                templateDir = path_1.default.resolve(__dirname, "../templates");
+            const playbookPath = path_1.default.join(templateDir, "ansible/playbooks/deploy-cybermem.yml");
+            const ansibleDir = path_1.default.join(templateDir, "ansible");
+            const [sshUser, host] = sshHost.split("@");
+            // 2. Run Ansible Playbook
+            // For upgrade, the playbook's default state (started) will pull latest images
+            // if we ensure it performs a pull. Our playbook already pulls images.
+            try {
+                await (0, execa_1.default)("ansible-playbook", [
+                    "-i",
+                    `${host},`,
+                    "-u",
+                    sshUser,
+                    playbookPath,
+                    "--extra-vars",
+                    `ansible_ssh_extra_args='-o StrictHostKeyChecking=no' CYBERMEM_ENV=${envType} TRAEFIK_PORT=${isStaging ? "8625" : "8626"} PROJECT_NAME=cybermem${projectSuffix} project_dir=/home/${sshUser}/cybermem${projectSuffix}`,
+                ], {
+                    stdio: "inherit",
+                    cwd: ansibleDir,
+                });
             }
-            const composeFile = path_1.default.join(templateDir, "docker-compose.yml");
-            console.log(chalk_1.default.blue("Uploading newest definitions..."));
-            await (0, execa_1.default)("scp", [
-                composeFile,
-                `${sshHost}:~/.cybermem/docker-compose.yml`,
-            ]);
-            // 2. Pull and Up on Remote
-            const remoteCmd = `
-                export CYBERMEM_ENV_PATH=~/.cybermem/.env
-                export DATA_DIR=~/.cybermem/data
-                export DOCKER_DEFAULT_PLATFORM=linux/arm64
-                docker-compose -f ~/.cybermem/docker-compose.yml pull
-                docker-compose -f ~/.cybermem/docker-compose.yml up -d --remove-orphans
-            `;
-            await (0, execa_1.default)("ssh", [sshHost, remoteCmd], { stdio: "inherit" });
-            console.log(chalk_1.default.green("✅ Remote upgrade complete!"));
+            catch (e) {
+                handleExecError(e, "Remote upgrade");
+            }
+            console.log(chalk_1.default.green("✅ Remote upgrade complete via Ansible!"));
         }
     }
     catch (error) {

package/dist/index.js

@@ -4,23 +4,34 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const commander_1 = require("commander");
 const backup_1 = require("./commands/backup");
 const dashboard_1 = require("./commands/dashboard");
-const init_1 = require("./commands/init");
+const install_1 = require("./commands/install");
 const reset_1 = require("./commands/reset");
 const restore_1 = require("./commands/restore");
+const uninstall_1 = require("./commands/uninstall");
 const upgrade_1 = require("./commands/upgrade");
 const program = new commander_1.Command();
 program
     .name("mcp")
     .description("CyberMem - Deploy your AI memory server in one command")
     .version("1.0.0");
-// Command: Init (formerly deploy)
+// Command: Install
 program
-    .command("init")
-    .description("Initialize CyberMem (Scaffold & Start)")
+    .command("install")
+    .description("Install CyberMem (Scaffold & Start)")
     .option("--rpi", "Deploy to Raspberry Pi")
     .option("--vps", "Deploy to VPS/Cloud server")
+    .option("--staging", "Deploy to staging environment (different ports/data)")
     .option("--remote-access", "Enable Tailscale Funnel for HTTPS remote access")
-    .action(init_1.init);
+    .option("--host <host>", "SSH host for remote deploy (e.g. pi@raspberrypi.local)")
+    .action(install_1.install);
+// Command: Uninstall
+program
+    .command("uninstall")
+    .description("Uninstall CyberMem (Teardown services)")
+    .option("--rpi", "Uninstall from Raspberry Pi")
+    .option("--vps", "Uninstall from VPS/Cloud server")
+    .option("--host <host>", "SSH host for remote uninstall")
+    .action(uninstall_1.uninstall);
 // Command: Upgrade
 program
     .command("upgrade")
@@ -28,6 +39,7 @@ program
     .option("--local", "Upgrade local instance (default)")
     .option("--rpi", "Upgrade remote RPi")
     .option("--vps", "Upgrade remote VPS")
+    .option("--staging", "Upgrade staging environment")
     .option("--host <host>", "SSH host for remote upgrade (e.g. pi@raspberrypi.local)")
     .action(upgrade_1.upgrade);
 program
@@ -42,6 +54,7 @@ program
 program
     .command("reset")
     .description("Reset (wipe) the CyberMem database - DESTRUCTIVE!")
+    .option("-f, --force", "Skip confirmation prompt")
     .action(reset_1.reset);
 program
     .command("dashboard")

package/dist/templates/ansible/playbooks/deploy-cybermem.yml

@@ -1,15 +1,21 @@
 ---
 - name: Deploy CyberMem to Raspberry Pi
-  hosts: rpi
-  become: yes
+  hosts: all
+  become: true
   vars:
     project_dir: /home/{{ ansible_user }}/cybermem
     env_file: .env.rpi
+    # Default ports based on environment
+    TRAEFIK_PORT_STAGING: "8625"
+    TRAEFIK_PORT_PROD: "8626"
+    TRAEFIK_PORT_DEFAULT: "{{ TRAEFIK_PORT_STAGING if cybermem_env | default('prod') == 'staging' else TRAEFIK_PORT_PROD }}"
+    # Port to use consistently across all tasks
+    EFFECTIVE_TRAEFIK_PORT: "{{ TRAEFIK_PORT | default(TRAEFIK_PORT_DEFAULT) }}"
 
   tasks:
     - name: Update apt cache
       apt:
-        update_cache: yes
+        update_cache: true
         cache_valid_time: 3600
 
     - name: Install dependencies
@@ -23,13 +29,13 @@
       service:
         name: docker
         state: started
-        enabled: yes
+        enabled: true
 
     - name: Add user to docker group
       user:
         name: "{{ ansible_user }}"
         groups: docker
-        append: yes
+        append: true
 
     - name: Create project directory
       file:
@@ -39,33 +45,204 @@
         group: "{{ ansible_user }}"
         mode: "0755"
 
-    - name: Synchronize project files
+    - name: Ensure backup directory exists
+      file:
+        path: "{{ project_dir }}/backups"
+        state: directory
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: "0755"
+
+    - name: Ensure secrets directory exists
+      file:
+        path: "{{ project_dir }}/secrets"
+        state: directory
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: "0755"
+
+    - name: Write API Key Secret File
+      copy:
+        content: "{{ auth_token_value }}"
+        dest: "{{ project_dir }}/secrets/om_api_key"
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: "0600"
+      when: auth_token_value is defined
+      ignore_errors: true
+
+    - name: Ensure data directory exists
+      file:
+        path: "{{ project_dir }}/data"
+        state: directory
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: "0755"
+
+    - name: Check if database exists
+      stat:
+        path: "{{ project_dir }}/data/openmemory.sqlite"
+      register: db_file
+
+    - name: Create pre-deploy database backup
+      shell: "cp {{ project_dir }}/data/openmemory.sqlite {{ project_dir }}/backups/openmemory.sqlite.{{ ansible_facts['date_time']['iso8601_basic_short'] }}.bak"
+      when: db_file.stat.exists
+      ignore_errors: true
+
+    - name: Copy Docker Compose template
+      copy:
+        src: "../../docker-compose.yml"
+        dest: "{{ project_dir }}/docker-compose.yml"
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: "0644"
+
+    - name: Replace GHCR image tag (staging uses :staging, prod uses :latest)
+      replace:
+        path: "{{ project_dir }}/docker-compose.yml"
+        regexp: "(ghcr.io/[^/]+/cybermem-[^:]+):latest"
+        replace: '\1:{{ ghcr_tag | default("latest") }}'
+      when: ghcr_tag is defined and ghcr_tag != 'latest'
+
+    - name: Sync monitoring configuration
       synchronize:
-        src: "{{ playbook_dir }}/../../"
-        dest: "{{ project_dir }}"
-        rsync_opts:
-          - "--exclude=.git"
-          - "--exclude=node_modules"
-          - "--exclude=.next"
-          - "--exclude=dashboard/.next"
-          - "--exclude=*.log"
-          - "--exclude=tmp"
-          - "--exclude=__pycache__"
-
-    - name: Copy environment file
+        src: "../../monitoring"
+        dest: "{{ project_dir }}/"
+        recursive: true
+        delete: true
+
+    # NOTE: build_from_source removed - all builds happen on GH Actions now
+
+    - name: Patch Traefik configuration
+      replace:
+        path: "{{ project_dir }}/monitoring/traefik/traefik.yml"
+        regexp: 'address: ":8626"'
+        replace: 'address: ":{{ EFFECTIVE_TRAEFIK_PORT }}"'
+
+    - name: Ensure .env is present (template if missing)
       copy:
-        src: "../../{{ env_file }}"
+        content: |
+          CYBERMEM_INSTANCE=rpi
+          CYBERMEM_ENV={{ cybermem_env | default('prod') }}
+          PROJECT_NAME={{ PROJECT_NAME | default('cybermem') }}
+          TRAEFIK_PORT={{ EFFECTIVE_TRAEFIK_PORT }}
+          CYBERMEM_TAILSCALE={{ CYBERMEM_TAILSCALE | default('false') }}
+          SECRETS_DIR={{ project_dir }}/secrets
+          DATA_DIR={{ project_dir }}/data
+          CYBERMEM_ENV_PATH={{ project_dir }}/.env
+          CYBERMEM_HOME={{ project_dir }}
+          # Add other envs as needed
         dest: "{{ project_dir }}/.env"
+        force: true
         owner: "{{ ansible_user }}"
         group: "{{ ansible_user }}"
         mode: "0600"
 
-    - name: Pull and start services
-      command: docker-compose -f docker-compose.prod.yml --profile ollama up -d --pull always
+    - name: Load global version from package.json
+      set_fact:
+        global_version: "{{ (lookup('file', playbook_dir + '/../../../../../package.json') | from_json).version }}"
+
+    - name: Pull images from GHCR
+      command: docker-compose -p {{ PROJECT_NAME | default('cybermem') }} pull
+      args:
+        chdir: "{{ project_dir }}"
+      register: pull_out
+      changed_when: "'Downloaded newer image' in pull_out.stdout or 'Downloaded newer image' in pull_out.stderr"
+      when: not (skip_pull | default(false) | bool)
+
+    - name: Stop staging containers (prevent port conflicts, NEVER touch prod)
+      shell: |
+        docker-compose -p cybermem-staging down --remove-orphans 2>/dev/null || true
+      args:
+        chdir: "{{ project_dir }}"
+      changed_when: false
+      ignore_errors: true
+      when: cybermem_env | default('prod') == 'staging'
+
+    - name: Start services
+      command: docker-compose -p {{ PROJECT_NAME | default('cybermem') }} up -d --remove-orphans
       args:
         chdir: "{{ project_dir }}"
-      register: compose_output
+      register: up_out
+      changed_when: "'Creating' in up_out.stdout or 'Recreating' in up_out.stdout or 'Starting' in up_out.stdout or 'Creating' in up_out.stderr or 'Recreating' in up_out.stderr or 'Starting' in up_out.stderr"
+
+    - name: Install sqlite3 for token injection
+      apt:
+        name: sqlite3
+        state: present
+
+    - name: Inject Authentication Token
+      shell: |
+        sqlite3 {{ project_dir }}/data/openmemory.sqlite "CREATE TABLE IF NOT EXISTS access_keys (
+          id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(16)))),
+          key_hash TEXT NOT NULL,
+          name TEXT DEFAULT 'default',
+          user_id TEXT DEFAULT 'default',
+          created_at TEXT DEFAULT (datetime('now')),
+          last_used_at TEXT,
+          is_active INTEGER DEFAULT 1
+        );"
+        sqlite3 {{ project_dir }}/data/openmemory.sqlite "DELETE FROM access_keys WHERE name='{{ auth_token_name | default('ansible-generated') }}';"
+        sqlite3 {{ project_dir }}/data/openmemory.sqlite "INSERT INTO access_keys (id, key_hash, name, user_id) VALUES ('{{ auth_token_id }}', '{{ auth_token_hash }}', '{{ auth_token_name | default('ansible-generated') }}', 'admin');"
+      when: auth_token_hash is defined
+      ignore_errors: true
+
+    - name: Wait for Traefik to be ready
+      uri:
+        url: "http://localhost:{{ EFFECTIVE_TRAEFIK_PORT }}/health"
+        status_code: 200
+      register: traefik_ping
+      until: traefik_ping.status == 200
+      retries: 10
+      delay: 5
+
+    - name: Verify Overall System Health
+      uri:
+        url: "http://localhost:{{ EFFECTIVE_TRAEFIK_PORT }}/api/health"
+        return_content: true
+      register: health_status
+      until: "health_status.content is defined and (health_status.content | from_json).overall == 'ok'"
+      retries: 5
+      delay: 10
+      ignore_errors: true
+
+    - name: Configure Tailscale Funnel (after health check)
+      shell: |
+        # Reset any existing configuration for clean state
+        tailscale serve reset 2>/dev/null || true
+        tailscale funnel reset 2>/dev/null || true
+
+        # Configure port based on current environment only
+        if [ "{{ cybermem_env | default('prod') }}" = "staging" ]; then
+          tailscale funnel --bg --https=10000 http://127.0.0.1:{{ EFFECTIVE_TRAEFIK_PORT }}
+        else
+          tailscale funnel --bg --https=443 http://127.0.0.1:{{ EFFECTIVE_TRAEFIK_PORT }}
+        fi
+
+        tailscale funnel status
+      become: true
+      when: (CYBERMEM_TAILSCALE | default('false') | bool) and (health_status is defined and not health_status.failed and (health_status.content | from_json).overall == 'ok')
+      register: funnel_status
+      ignore_errors: true
+
+    - name: Display Tailscale Funnel Status
+      debug:
+        var: funnel_status.stdout_lines
+      when: funnel_status is defined and funnel_status.stdout_lines is defined
+
+    - name: Automated Rollback on Failure
+      block:
+        - name: Rollback message
+          debug:
+            msg: "Rollback logic triggered due to unhealthy state."
+
+        - name: Restart previous state containers
+          command: docker-compose -p {{ PROJECT_NAME | default('cybermem') }} up -d --remove-orphans
+          args:
+            chdir: "{{ project_dir }}"
+          ignore_errors: true
+      when: health_status.failed or (health_status.content | from_json).overall != 'ok'
 
-    - name: Show deployment status
+    - name: Deployment Summary
       debug:
-        var: compose_output.stdout_lines
+        msg: "CyberMem v{{ global_version }} successfully deployed. Health: {{ (health_status.content | from_json).overall | default('UNKNOWN') }}"

package/dist/templates/ansible/playbooks/reset-db.yml

@@ -0,0 +1,44 @@
+---
+- name: Reset CyberMem Database on Raspberry Pi
+  hosts: rpi
+  become: yes
+  vars:
+    project_dir: /home/{{ ansible_user }}/cybermem
+    db_path: "{{ project_dir }}/data/openmemory.sqlite"
+
+  tasks:
+    - name: Stop CyberMem services
+      command: docker-compose down
+      args:
+        chdir: "{{ project_dir }}"
+
+    - name: Wipe database file
+      file:
+        path: "{{ db_path }}"
+        state: absent
+
+    - name: Ensure data directory exists
+      file:
+        path: "{{ project_dir }}/data"
+        state: directory
+        owner: "{{ ansible_user }}"
+        group: "{{ ansible_user }}"
+        mode: "0755"
+
+    - name: Start CyberMem services
+      command: docker-compose up -d
+      args:
+        chdir: "{{ project_dir }}"
+
+    - name: Wait for Traefik to be ready
+      uri:
+        url: "http://localhost:8626/health"
+        status_code: 200
+      register: traefik_ping
+      until: traefik_ping.status == 200
+      retries: 10
+      delay: 5
+
+    - name: Database Reset Summary
+      debug:
+        msg: "CyberMem database at {{ db_path }} has been wiped and services are back online."

package/dist/templates/auth-sidecar/Dockerfile

@@ -1,17 +1,9 @@
-# Builder stage for native modules
-FROM node:20-alpine AS builder
+FROM node:20-alpine
 WORKDIR /app
-RUN apk add --no-cache python3 make g++
+RUN apk add --no-cache libc6-compat
 COPY package.json ./
 RUN npm install
-
-# Production stage
-FROM node:20-alpine AS runner
-WORKDIR /app
-RUN apk add --no-cache libc6-compat
-COPY --from=builder /app/node_modules ./node_modules
 COPY server.js .
-COPY package.json .
 
 EXPOSE 3001
 CMD ["node", "server.js"]

package/dist/templates/auth-sidecar/package.json

@@ -3,7 +3,5 @@
   "version": "0.1.0",
   "description": "Auth sidecar for CyberMem",
   "main": "server.js",
-  "dependencies": {
-    "sqlite3": "5.1.7"
-  }
+  "dependencies": {}
 }