@cybermem/dashboard 0.13.17 → 0.14.5

package/CHANGELOG.md

@@ -0,0 +1,18 @@
+# @cybermem/dashboard
+
+## 0.14.5
+
+### Patch Changes
+
+- Automated release for patch version bump.
+
+## 0.14.4
+
+### Patch Changes
+
+- [#86](https://github.com/mikhailkogan17/cybermem/pull/86) [`ffca5dd`](https://github.com/mikhailkogan17/cybermem/commit/ffca5dd374a50f594c1a935f1fe81ee1e1e3c6fe) Thanks [@copilot-swe-agent](https://github.com/apps/copilot-swe-agent)! - Migrate version management to Changesets
+
+  - Remove custom bash scripts (version-bump.sh, release.sh)
+  - Add Changesets for automated versioning and changelog generation
+  - Update publish workflow to use Changesets
+  - Add documentation for new release process

package/Dockerfile

@@ -1,5 +1,5 @@
 # Base stage for both dev and prod
-FROM node:20-alpine AS base
+FROM node:24-alpine AS base
 WORKDIR /app
 
 # Use corepack to get the pnpm version from the lockfile and speed up installs via cache
@@ -27,13 +27,13 @@ RUN --mount=type=cache,target=/root/.pnpm-store \
     pnpm build
 
 # Native stage for sqlite3 bindings and wrapper
-FROM node:20-alpine AS native-builder
+FROM node:24-alpine AS native-builder
 RUN apk update && apk add --no-cache python3 python3-dev make g++
 WORKDIR /native
 RUN npm init -y && npm install sqlite3@5.1.7 sqlite@5.1.1
 
 # Production stage
-FROM node:20-alpine AS production
+FROM node:24-alpine AS production
 RUN apk add --no-cache libc6-compat
 WORKDIR /app
 

package/app/api/mcp-config/route.ts

@@ -67,37 +67,49 @@ export async function GET(request: Request) {
     let config: any;
     let configType = client?.configType || "json";
 
+    // Local envs (isManaged): use @cybermem/mcp directly
+    // Remote envs: use mcp-remote (standard stdio-to-HTTP bridge)
     if (configType === "toml") {
       if (isManaged) {
-        config = `[mcpServers.cybermem]\ncommand = "npx"\nargs = ["@cybermem/mcp"]`;
+        const localArgs = isStaging
+          ? `["-y", "@cybermem/mcp", "--env", "staging"]`
+          : `["-y", "@cybermem/mcp"]`;
+        config = `[mcpServers.cybermem]\ncommand = "npx"\nargs = ${localArgs}`;
       } else {
         const keyVal = maskKey ? displayKey : actualKey;
-        config = `[mcpServers.cybermem]\ncommand = "npx"\nargs = ["@cybermem/mcp", "--url", "${baseUrl}", "--token", "${keyVal}"]`;
+        config = `[mcpServers.cybermem]\ncommand = "npx"\nargs = ["-y", "mcp-remote", "${baseUrl}", "--header", "X-API-Key:${keyVal}"]`;
       }
     } else if (configType === "command" || configType === "cmd") {
-      let cmd = isManaged ? client?.localCommand : client?.remoteCommand;
-      if (!cmd) {
-        cmd = client?.command?.replace("http://localhost:8080", baseUrl) || "";
+      // Generate command directly (don't rely on clients.json templates)
+      if (isManaged) {
+        const clientName = client?.id || "cybermem";
+        const cliPrefix = client?.id === "gemini-cli" ? "gemini" : "claude";
+        config = `${cliPrefix} mcp add ${clientName} npx -y @cybermem/mcp`;
+      } else {
+        const keyVal = maskKey ? displayKey : actualKey;
+        const clientName = client?.id || "cybermem";
+        const cliPrefix = client?.id === "gemini-cli" ? "gemini" : "claude";
+        config = `${cliPrefix} mcp add ${clientName} -- npx -y mcp-remote ${baseUrl} --header X-API-Key:${keyVal}`;
       }
-      cmd = cmd.replace("{{ENDPOINT}}", baseUrl);
-      cmd = cmd.replace("{{API_KEY}}", maskKey ? displayKey : actualKey);
-      cmd = cmd.replace("{{TOKEN}}", maskKey ? displayKey : actualKey);
-      config = cmd;
     } else {
       // JSON (default)
-      const args = isManaged
-        ? ["-y", "@cybermem/mcp"]
-        : [
-            "-y",
-            "@cybermem/mcp",
-            "--url",
-            baseUrl,
-            "--token",
-            maskKey ? displayKey : actualKey,
-          ];
+      let args: string[];
 
-      if (isStaging && !isManaged) {
-        args.push("--staging");
+      if (isManaged) {
+        // Local: use @cybermem/mcp directly (SDK mode)
+        args = ["-y", "@cybermem/mcp"];
+        if (isStaging) {
+          args.push("--env", "staging");
+        }
+      } else {
+        // Remote: use mcp-remote (standard stdio-to-HTTP bridge)
+        args = [
+          "-y",
+          "mcp-remote",
+          baseUrl,
+          "--header",
+          `X-API-Key:${maskKey ? displayKey : actualKey}`,
+        ];
       }
 
       config = {

package/app/api/settings/route.ts

@@ -120,11 +120,13 @@ export async function GET(request: NextRequest) {
   }
 
   let apiKey = process.env.OM_API_KEY || "not-set";
+  let tokenSource = "env";
 
   // Try to read from HttpOnly cookie first
   const cookieKey = request.cookies.get("cybermem_api_key")?.value;
   if (cookieKey) {
     apiKey = cookieKey;
+    tokenSource = "cookie";
   }
 
   // Fallback to config file
@@ -132,7 +134,10 @@ export async function GET(request: NextRequest) {
     if (fs.existsSync(CONFIG_PATH)) {
       const raw = fs.readFileSync(CONFIG_PATH, "utf-8");
       const conf = JSON.parse(raw);
-      if (conf.api_key && apiKey === "not-set") apiKey = conf.api_key;
+      if (conf.api_key && apiKey === "not-set") {
+        apiKey = conf.api_key;
+        tokenSource = "config";
+      }
     }
   } catch (e) {
     // ignore
@@ -143,7 +148,45 @@ export async function GET(request: NextRequest) {
     const secretPath = "/run/secrets/om_api_key";
     if (fs.existsSync(secretPath)) {
       const secret = fs.readFileSync(secretPath, "utf-8").trim();
-      if (secret) apiKey = secret;
+      if (secret) {
+        if (secret.startsWith("sk-")) {
+          apiKey = secret;
+          tokenSource = "docker-secret";
+        } else {
+          // Fallback: support env-file format like "OM_API_KEY=sk-..."
+          const envMatch = secret.match(
+            /OM_API_KEY=["']?(sk-[a-zA-Z0-9]+)["']?/,
+          );
+          if (envMatch) {
+            apiKey = envMatch[1];
+            tokenSource = "docker-secret-env";
+          } else {
+            console.warn(
+              `[Settings API] Token at ${secretPath} doesn't match expected format (sk-* or OM_API_KEY=sk-*)`,
+            );
+          }
+        }
+      }
+    }
+  } catch (e) {
+    // ignore
+  }
+
+  // Fallback: Auto-generated token location
+  try {
+    const fallbackPath = "/data/.cybermem_token";
+    if (apiKey === "not-set" && fs.existsSync(fallbackPath)) {
+      const token = fs.readFileSync(fallbackPath, "utf-8").trim();
+      if (token) {
+        if (token.startsWith("sk-")) {
+          apiKey = token;
+          tokenSource = "fallback";
+        } else {
+          console.warn(
+            `[Settings API] Token at ${fallbackPath} doesn't match expected format (sk-*)`,
+          );
+        }
+      }
     }
   } catch (e) {
     // ignore
@@ -158,6 +201,16 @@ export async function GET(request: NextRequest) {
   // isManaged = Local Mode (localhost auto-login)
   const isManaged = isLocal;
 
+  // Mask the token for public display
+  const maskToken = (token: string) => {
+    if (!token || token === "not-set") return token;
+    if (token.length <= 10) return "****";
+    // sk-abcd...efgh
+    return `${token.slice(0, 7)}...${token.slice(-4)}`;
+  };
+
+  const maskedApiKey = maskToken(apiKey);
+
   // Read version from package.json
   let version = "v0.11.4"; // Default fallback
   try {
@@ -176,8 +229,9 @@ export async function GET(request: NextRequest) {
 
   return NextResponse.json(
     {
-      token: apiKey,
       apiKey: apiKey,
+      apiKeyMasked: maskedApiKey,
+      tokenSource: apiKey === "not-set" ? "not-set" : tokenSource,
       endpoint,
       isManaged,
       isLocal,

package/components/dashboard/settings/access-token-section.tsx

@@ -7,6 +7,7 @@ import { Check, Copy, Eye, EyeOff, RotateCcw, Shield } from "lucide-react";
 
 interface AccessTokenSectionProps {
   apiKey: string;
+  apiKeyMasked: string;
   showApiKey: boolean;
   setShowApiKey: (show: boolean) => void;
   copiedId: string | null;
@@ -18,6 +19,7 @@ interface AccessTokenSectionProps {
 
 export default function AccessTokenSection({
   apiKey,
+  apiKeyMasked,
   showApiKey,
   setShowApiKey,
   copiedId,
@@ -40,7 +42,10 @@ export default function AccessTokenSection({
             <div className="relative flex-1">
               <Input
                 id="access-token"
-                value={apiKey || "Token not generated yet"}
+                value={
+                  (showApiKey ? apiKey : apiKeyMasked) ||
+                  "Token not generated yet"
+                }
                 readOnly
                 className="bg-black/40 border-[0.5px] border-white/10 text-white font-mono text-sm pr-10"
                 type={showApiKey ? "text" : "password"}

package/components/dashboard/settings-modal.tsx

@@ -12,6 +12,7 @@ import SystemInfoSection from "./settings/system-info-section";
 
 export default function SettingsModal({ onClose }: { onClose: () => void }) {
   const [apiKey, setApiKey] = useState("");
+  const [apiKeyMasked, setApiKeyMasked] = useState("");
   const [endpoint, setEndpoint] = useState("");
   const [isManaged, setIsManaged] = useState(false);
   const [instanceType, setInstanceType] = useState<"local" | "rpi" | "vps">(
@@ -58,8 +59,16 @@ export default function SettingsModal({ onClose }: { onClose: () => void }) {
 
         if (localKey && !data.isManaged) {
           setApiKey(localKey);
+          // Mask the local key for display
+          const maskedLocal = localKey.length > 10 
+            ? `${localKey.slice(0, 7)}...${localKey.slice(-4)}`
+            : "****";
+          setApiKeyMasked(maskedLocal);
         } else {
           setApiKey(data.apiKey !== "not-set" ? data.apiKey : "");
+          setApiKeyMasked(
+            data.apiKeyMasked !== "not-set" ? data.apiKeyMasked : "",
+          );
         }
 
         let srvEndpoint = data.endpoint;
@@ -227,6 +236,7 @@ export default function SettingsModal({ onClose }: { onClose: () => void }) {
         <div className="flex-1 overflow-y-auto p-8 space-y-8 bg-[#05100F]">
           <AccessTokenSection
             apiKey={apiKey}
+            apiKeyMasked={apiKeyMasked}
             showApiKey={showApiKey}
             setShowApiKey={setShowApiKey}
             copiedId={copiedId}

package/e2e/api.spec.ts

@@ -215,5 +215,28 @@ test.describe("Dashboard:E2E:API (Deep Verification)", () => {
         contentType: "text/plain",
       });
     });
+
+    await test.step("⚙️ Settings Fallback — Verify tokenSource and Masking", async () => {
+      console.log("⚙️  GET /api/settings (Fallback/Auto-gen Verification)");
+
+      const settingsResp = await request.get(`${DASHBOARD_URL}/api/settings`, {
+        headers: getHeaders("antigravity-client"),
+      });
+
+      const settings = await settingsResp.json();
+      console.log(`   Token Source: ${settings.tokenSource}`);
+
+      expect(settingsResp.status()).toBe(200);
+      expect(settings).toHaveProperty("tokenSource");
+      // Verify apiKeyMasked is masked (not the raw apiKey field)
+      if (settings.apiKeyMasked && settings.apiKeyMasked !== "not-set") {
+        expect(settings.apiKeyMasked.length).toBeLessThanOrEqual(14); // 7 + 3 + 4 = 14
+        expect(settings.apiKeyMasked).toMatch(/^sk-.*\.\.\..*$/);
+      }
+      // Verify apiKey contains the raw token (for UI copy functionality)
+      if (settings.apiKey && settings.apiKey !== "not-set") {
+        expect(settings.apiKey).toMatch(/^sk-[a-f0-9]{32}$/);
+      }
+    });
   });
 });

package/e2e/ui.spec.ts

@@ -199,8 +199,10 @@ test.describe("Dashboard:E2E:UI (High-Fidelity Mocks)", () => {
           contentType: "application/json",
           body: JSON.stringify({
             apiKey: MOCK_API_KEY,
+            apiKeyMasked: "sk-e2e-...2345",
             instanceId: "local-dev-mock",
             instanceType: "local",
+            isManaged: true,
             endpoint: "http://localhost:8626/mcp",
           }),
         });
@@ -210,7 +212,7 @@ test.describe("Dashboard:E2E:UI (High-Fidelity Mocks)", () => {
         description: `API Key: ${MOCK_API_KEY.substring(0, 10)}...`,
       });
 
-      // 5. Mock MCP Config
+      // 5. Mock MCP Config (local env = @cybermem/mcp direct, no --url)
       await page.route("**/api/mcp-config*", async (route) => {
         await route.fulfill({
           status: 200,
@@ -219,19 +221,19 @@ test.describe("Dashboard:E2E:UI (High-Fidelity Mocks)", () => {
             configType: "json",
             config: {
               mcpServers: {
-                "cybermem-mcp": {
+                cybermem: {
                   command: "npx",
-                  args: ["@cybermem/mcp", "--url", "http://localhost:8626"],
-                  env: { X_CLIENT_NAME: MOCK_IDENTITY_WRITER },
+                  args: ["-y", "@cybermem/mcp"],
                 },
               },
             },
+            isManaged: true,
           }),
         });
       });
       appliedMocks.push({
         endpoint: "GET /api/mcp-config",
-        description: "MCP config with npx @cybermem/mcp",
+        description: "MCP config with npx @cybermem/mcp (local)",
       });
     });
 
@@ -326,9 +328,9 @@ test.describe("Dashboard:E2E:UI (High-Fidelity Mocks)", () => {
       await expect(page.getByText(/ACCESS TOKEN/i).first()).toBeVisible();
     });
 
-    await test.step(`Verify Token Matches Mock — ${MOCK_API_KEY}`, async () => {
+    await test.step(`Verify Token Matches Masked Mock by Default`, async () => {
       const input = page.locator("input#access-token");
-      await expect(input).toHaveValue(MOCK_API_KEY);
+      await expect(input).toHaveValue("sk-e2e-...2345");
     });
 
     await test.step("Toggle Token Visibility — password → text", async () => {
@@ -336,6 +338,7 @@ test.describe("Dashboard:E2E:UI (High-Fidelity Mocks)", () => {
       await expect(input).toHaveAttribute("type", "password");
       await page.getByTestId("toggle-visibility").click();
       await expect(input).toHaveAttribute("type", "text");
+      await expect(input).toHaveValue(MOCK_API_KEY);
     });
 
     await flushNetwork();
@@ -357,14 +360,14 @@ test.describe("Dashboard:E2E:UI (High-Fidelity Mocks)", () => {
       await page.getByRole("button", { name: MOCK_IDENTITY_WRITER }).click();
     });
 
-    await test.step("Verify CLI Install Command — npx @cybermem/mcp", async () => {
+    await test.step("Verify CLI Install Command — npx @cybermem/mcp (local, no --url)", async () => {
       const codeBlock = page.locator("pre code");
       await expect(codeBlock).toContainText("npx");
       await expect(codeBlock).toContainText("@cybermem/mcp");
     });
 
     await testInfo.attach("🚀 CLI Installation Command", {
-      body: `npx @cybermem/cli init\nnpx @cybermem/cli up\n\nMCP Server Config:\n"cybermem-mcp": {\n  "command": "npx",\n  "args": ["@cybermem/mcp", "--url", "http://localhost:8626"]\n}`,
+      body: `npx @cybermem/cli init\nnpx @cybermem/cli up\n\nMCP Server Config (local):\n"cybermem": {\n  "command": "npx",\n  "args": ["-y", "@cybermem/mcp"]\n}`,
       contentType: "text/plain",
     });
 

package/eslint.config.mjs

@@ -1,13 +1,16 @@
-import nextConfig from 'eslint-config-next';
+import nextConfig from "eslint-config-next";
 
 const eslintConfig = [
+  {
+    ignores: ["playwright-report/**", ".next/**", "test-results/**"],
+  },
   ...nextConfig,
   {
     rules: {
       // Disable false-positive for sessionStorage reads in useEffect
-      'react-hooks/set-state-in-effect': 'off',
+      "react-hooks/set-state-in-effect": "off",
       // Disable for shadcn/ui components that use Math.random() in useMemo
-      'react-hooks/purity': 'off',
+      "react-hooks/purity": "off",
     },
   },
 ];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cybermem/dashboard",
-  "version": "0.13.17",
+  "version": "0.14.5",
   "description": "CyberMem Monitoring Dashboard",
   "homepage": "https://cybermem.dev",
   "repository": {

package/public/clients.json

@@ -94,7 +94,7 @@
     ],
     "configType": "command",
     "localCommand": "claude mcp add cybermem npx @cybermem/mcp",
-    "remoteCommand": "claude mcp add cybermem -- npx @cybermem/mcp --url {{ENDPOINT}} --token {{TOKEN}}"
+    "remoteCommand": "claude mcp add cybermem -- npx -y mcp-remote {{ENDPOINT}} --header X-API-Key:{{TOKEN}}"
   },
   {
     "id": "chatgpt",
@@ -158,7 +158,7 @@
     ],
     "configType": "cmd",
     "localCommand": "gemini mcp add cybermem npx @cybermem/mcp",
-    "remoteCommand": "gemini mcp add cybermem -- npx @cybermem/mcp --url {{ENDPOINT}} --token {{TOKEN}}"
+    "remoteCommand": "gemini mcp add cybermem -- npx -y mcp-remote {{ENDPOINT}} --header X-API-Key:{{TOKEN}}"
   },
   {
     "id": "other",