@lanonasis/cli 3.3.15 → 3.5.15

package/dist/index.js

@@ -52,7 +52,11 @@ program
     }
     process.env.CLI_OUTPUT_FORMAT = opts.output;
     // Auto-initialize MCP unless disabled
-    if (opts.mcp !== false && !['init', 'auth', 'login', 'mcp', 'health', 'status'].includes(actionCommand.name())) {
+    const isMcpFlow = actionCommand.name() === 'mcp' ||
+        actionCommand.parent?.name?.() === 'mcp' ||
+        actionCommand.name() === 'mcp-server' ||
+        actionCommand.parent?.name?.() === 'mcp-server';
+    if (opts.mcp !== false && !isMcpFlow && !['init', 'auth', 'login', 'health', 'status'].includes(actionCommand.name())) {
         try {
             const client = getMCPClient();
             if (!client.isConnectedToServer()) {

package/dist/mcp/access-control.d.ts

@@ -50,7 +50,7 @@ export declare class MemoryAccessControl {
     /**
      * Revoke access to a memory or app
      */
-    revokeAccess(userId: string, appId: string, memoryId?: string): Promise<void>;
+    revokeAccess(_userId: string, _appId: string, memoryId?: string): Promise<void>;
     /**
      * Get access logs for audit purposes
      */

package/dist/mcp/access-control.js

@@ -123,8 +123,8 @@ export class MemoryAccessControl {
     /**
      * Revoke access to a memory or app
      */
-    async revokeAccess(userId, appId, memoryId) {
-        const key = `${userId}:${appId}`;
+    async revokeAccess(_userId, _appId, memoryId) {
+        const key = `${_userId}:${_appId}`;
         const existingRules = this.accessRules.get(key) || [];
         const updatedRules = existingRules.map(rule => {
             if (!memoryId || rule.memory_id === memoryId) {
@@ -133,7 +133,7 @@ export class MemoryAccessControl {
             return rule;
         });
         this.accessRules.set(key, updatedRules);
-        logger.info('Access revoked', { userId, appId, memoryId });
+        logger.info('Access revoked', { userId: _userId, appId: _appId, memoryId });
     }
     /**
      * Get access logs for audit purposes
@@ -215,7 +215,7 @@ export class MemoryAccessControl {
             return [];
         }
     }
-    async getSharedMemories(userId, appId) {
+    async getSharedMemories(_userId, _appId) {
         // This would implement logic to find memories shared with the user
         // through explicit permissions or app-level sharing
         return [];

package/dist/mcp/client/enhanced-client.js

@@ -59,7 +59,7 @@ export class EnhancedMCPClient extends EventEmitter {
         const maxRetries = config.maxRetries || 3;
         const timeout = config.timeout || 30000;
         let attempts = 0;
-        while (attempts < maxRetries) {
+        while (true) {
             try {
                 this.updateConnectionStatus(config.name, 'connecting');
                 const client = await this.createClientWithTimeout(config, timeout);
@@ -82,7 +82,6 @@ export class EnhancedMCPClient extends EventEmitter {
                 await this.delay(delay);
             }
         }
-        return false;
     }
     /**
      * Create client with timeout
@@ -115,7 +114,6 @@ export class EnhancedMCPClient extends EventEmitter {
                 // HTTP transport is not directly supported by MCP SDK
                 // Use stdio or websocket instead
                 throw new Error('HTTP transport not directly supported. Use websocket or stdio transport.');
-                break;
             case 'websocket':
                 if (!config.url) {
                     throw new Error('URL required for websocket transport');
@@ -225,7 +223,7 @@ export class EnhancedMCPClient extends EventEmitter {
     /**
      * Select the best server for a tool based on availability and latency
      */
-    async selectBestServer(toolName) {
+    async selectBestServer(_toolName) {
         const availableServers = Array.from(this.clients.keys()).filter(name => {
             const status = this.connectionStatus.get(name);
             return status?.status === 'connected';
@@ -240,7 +238,7 @@ export class EnhancedMCPClient extends EventEmitter {
     /**
      * Select a failover server
      */
-    async selectFailoverServer(excludeServer, toolName) {
+    async selectFailoverServer(excludeServer, _toolName) {
         const availableServers = Array.from(this.clients.keys()).filter(name => {
             const status = this.connectionStatus.get(name);
             return name !== excludeServer && status?.status === 'connected';
@@ -318,7 +316,7 @@ export class EnhancedMCPClient extends EventEmitter {
     /**
      * Get server configuration (placeholder - should be stored during connect)
      */
-    getServerConfig(serverName) {
+    getServerConfig(_serverName) {
         // TODO: Store and retrieve server configs
         return null;
     }
@@ -343,7 +341,7 @@ export class EnhancedMCPClient extends EventEmitter {
                 await client.close();
                 console.log(chalk.gray(`Disconnected from ${name}`));
             }
-            catch (error) {
+            catch {
                 console.log(chalk.yellow(`Warning: Error disconnecting from ${name}`));
             }
         }

package/dist/mcp/schemas/tool-schemas.d.ts

@@ -371,7 +371,7 @@ export declare class SchemaValidator {
     /**
      * Get schema as JSON Schema for documentation
      */
-    static toJsonSchema(schema: z.ZodSchema<any>): any;
+    static toJsonSchema(_schema: z.ZodSchema<any>): any;
 }
 export declare const MCPSchemas: {
     memory: {

package/dist/mcp/schemas/tool-schemas.js

@@ -333,7 +333,7 @@ export class SchemaValidator {
     /**
      * Get schema as JSON Schema for documentation
      */
-    static toJsonSchema(schema) {
+    static toJsonSchema(_schema) {
         // This would require zodToJsonSchema package
         // For now, return a simplified version
         return {

package/dist/mcp/server/lanonasis-server.d.ts

@@ -59,7 +59,8 @@ export declare class LanonasisMCPServer {
      */
     private registerPrompts; /**
     
-   * Handle tool calls
+    /**
+     * Handle tool calls
      */
     private handleToolCall;
     /**

package/dist/mcp/server/lanonasis-server.js

@@ -600,9 +600,10 @@ Please choose an option (1-4):`
         });
     } /**
     
-   * Handle tool calls
+    /**
+     * Handle tool calls
      */
-    async handleToolCall(name, args, clientId) {
+    async handleToolCall(name, args, _clientId) {
         // Ensure we're initialized
         if (!this.apiClient) {
             await this.initialize();
@@ -666,7 +667,7 @@ Please choose an option (1-4):`
             // Transport management operations
             case 'transport_status':
                 return this.getTransportStatus();
-            case 'transport_test':
+            case 'transport_test': {
                 if (!args.transport) {
                     throw new Error('transport is required');
                 }
@@ -676,6 +677,7 @@ Please choose an option (1-4):`
                     available: isAvailable,
                     tested_at: new Date().toISOString()
                 };
+            }
             case 'transport_reset_failures':
                 if (args.transport) {
                     this.transportFailures.delete(args.transport);
@@ -1178,7 +1180,7 @@ Please choose an option (1-4):`
             }
             return true;
         }
-        catch (error) {
+        catch {
             return false;
         }
     }
@@ -1199,7 +1201,7 @@ Please choose an option (1-4):`
             }
             return true;
         }
-        catch (error) {
+        catch {
             return false;
         }
     }

package/dist/mcp/transports/transport-manager.js

@@ -162,7 +162,7 @@ class WebSocketTransport extends EventEmitter {
                         const message = JSON.parse(data.toString());
                         this.emit('message', message);
                     }
-                    catch (error) {
+                    catch {
                         this.emit('error', new Error('Failed to parse WebSocket message'));
                     }
                 });
@@ -270,7 +270,7 @@ class SSETransport extends EventEmitter {
                     const data = JSON.parse(event.data);
                     this.emit('message', data);
                 }
-                catch (error) {
+                catch {
                     this.emit('error', new Error('Failed to parse SSE message'));
                 }
             };
@@ -282,7 +282,7 @@ class SSETransport extends EventEmitter {
             };
         });
     }
-    async send(data) {
+    async send(_data) {
         // SSE is receive-only, but we can send data via HTTP POST
         throw new Error('SSE transport is read-only. Use HTTP for sending data.');
     }

package/dist/mcp-server.d.ts

@@ -17,6 +17,7 @@ export declare class CLIMCPServer {
      * Start MCP server using CLI configuration
      */
     start(options?: MCPServerOptions): Promise<void>;
+    private resolveMCPServerPath;
     /**
      * Start local MCP server using CLI auth config
      */

package/dist/mcp-server.js

@@ -6,10 +6,13 @@
  */
 import { fileURLToPath } from 'url';
 import { dirname, join } from 'path';
+import { existsSync } from 'fs';
+import { createRequire } from 'module';
 import { spawn } from 'child_process';
 import { CLIConfig } from './utils/config.js';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
+const nodeRequire = createRequire(import.meta.url);
 export class CLIMCPServer {
     config;
     constructor() {
@@ -20,7 +23,7 @@ export class CLIMCPServer {
      */
     async start(options = {}) {
         await this.config.init();
-        const { mode = 'stdio', port = 3001, verbose = false, useRemote = this.config.shouldUseRemoteMCP() } = options;
+        const { useRemote = this.config.shouldUseRemoteMCP() } = options;
         if (useRemote) {
             await this.startRemoteMCP(options);
         }
@@ -28,13 +31,40 @@ export class CLIMCPServer {
             await this.startLocalMCP(options);
         }
     }
+    resolveMCPServerPath() {
+        const candidates = new Set();
+        if (process.env.MCP_SERVER_PATH) {
+            candidates.add(process.env.MCP_SERVER_PATH);
+        }
+        const packageRequests = [
+            '@lanonasis/mcp-server/dist/cli-aligned-mcp-server.js',
+            'lanonasis-mcp-server/dist/cli-aligned-mcp-server.js'
+        ];
+        for (const request of packageRequests) {
+            try {
+                const resolved = nodeRequire.resolve(request);
+                candidates.add(resolved);
+            }
+            catch {
+                // Ignore resolution failures and continue through fallbacks
+            }
+        }
+        candidates.add(join(process.cwd(), 'mcp-server/dist/cli-aligned-mcp-server.js'));
+        candidates.add(join(__dirname, '../../../mcp-server/dist/cli-aligned-mcp-server.js'));
+        for (const candidate of candidates) {
+            if (candidate && existsSync(candidate)) {
+                return candidate;
+            }
+        }
+        throw new Error('Unable to locate the CLI-aligned MCP server. Set MCP_SERVER_PATH or install @lanonasis/mcp-server.');
+    }
     /**
      * Start local MCP server using CLI auth config
      */
     async startLocalMCP(options) {
         const { mode, port, verbose } = options;
-        // Path to CLI-aligned MCP server in submodule
-        const mcpServerPath = join(__dirname, '../../../mcp-server/dist/cli-aligned-mcp-server.js');
+        // Path to production MCP server (uses CommonJS, no build needed)
+        const mcpServerPath = join(__dirname, '../../../mcp-server/src/production-mcp-server.cjs');
         const args = mode === 'http' ? ['--http'] : ['--stdio'];
         if (verbose) {
             console.error('🚀 Starting CLI-aligned MCP Server...');
@@ -42,10 +72,11 @@ export class CLIMCPServer {
             console.error(`Config: ~/.maas/config.json`);
             console.error(`Auth: ${this.config.hasVendorKey() ? 'Vendor Key' : 'JWT Token'}`);
         }
+        const resolvedPort = typeof port === 'number' && !Number.isNaN(port) ? port : 3001;
         // Set environment variables from CLI config
         const env = {
             ...process.env,
-            PORT: port?.toString(),
+            PORT: resolvedPort.toString(),
             MEMORY_API_URL: this.config.getApiUrl(),
             LANONASIS_VENDOR_KEY: this.config.getVendorKey(),
             LANONASIS_TOKEN: this.config.getToken(),
@@ -84,14 +115,13 @@ export class CLIMCPServer {
      */
     async startRemoteMCP(options) {
         const { verbose } = options;
+        const message = 'Remote MCP not implemented; remove --remote or use local mode.';
         if (verbose) {
             console.error('🌐 Connecting to remote MCP server...');
             console.error(`URL: ${this.config.getMCPServerUrl()}`);
         }
-        // For remote MCP, we'd need to implement a proxy or client
-        // For now, fall back to local mode
-        console.error('⚠️  Remote MCP not yet implemented, falling back to local mode');
-        await this.startLocalMCP({ ...options, useRemote: false });
+        console.error(`❌ ${message}`);
+        throw new Error(message);
     }
     /**
      * Check if MCP server is available and configured
@@ -149,6 +179,10 @@ Examples:
     await server.start(options);
 }
 if (import.meta.url === `file://${process.argv[1]}`) {
-    main().catch(console.error);
+    main().catch(error => {
+        const message = error instanceof Error ? error.message : String(error);
+        console.error(message);
+        process.exit(1);
+    });
 }
 export default CLIMCPServer;

package/dist/utils/config.d.ts

@@ -43,6 +43,14 @@ export declare class CLIConfig {
     private authCheckCache;
     private readonly AUTH_CACHE_TTL;
     constructor();
+    /**
+     * Overrides the configuration storage directory. Primarily used for tests.
+     */
+    setConfigDirectory(configDir: string): void;
+    /**
+     * Exposes the current config path for tests and diagnostics.
+     */
+    getConfigPath(): string;
     init(): Promise<void>;
     load(): Promise<void>;
     private migrateConfigIfNeeded;
@@ -55,6 +63,8 @@ export declare class CLIConfig {
     discoverServices(verbose?: boolean): Promise<void>;
     private handleServiceDiscoveryFailure;
     private categorizeServiceDiscoveryError;
+    private resolveFallbackEndpoints;
+    private logFallbackUsage;
     setManualEndpoints(endpoints: Partial<CLIConfigData['discoveredServices']>): Promise<void>;
     hasManualEndpointOverrides(): boolean;
     clearManualEndpointOverrides(): Promise<void>;
@@ -71,7 +81,6 @@ export declare class CLIConfig {
     isAuthenticated(): Promise<boolean>;
     logout(): Promise<void>;
     clear(): Promise<void>;
-    getConfigPath(): string;
     exists(): Promise<boolean>;
     validateStoredCredentials(): Promise<boolean>;
     refreshTokenIfNeeded(): Promise<void>;

package/dist/utils/config.js

@@ -16,6 +16,20 @@ export class CLIConfig {
         this.configPath = path.join(this.configDir, 'config.json');
         this.lockFile = path.join(this.configDir, 'config.lock');
     }
+    /**
+     * Overrides the configuration storage directory. Primarily used for tests.
+     */
+    setConfigDirectory(configDir) {
+        this.configDir = configDir;
+        this.configPath = path.join(configDir, 'config.json');
+        this.lockFile = path.join(configDir, 'config.lock');
+    }
+    /**
+     * Exposes the current config path for tests and diagnostics.
+     */
+    getConfigPath() {
+        return this.configPath;
+    }
     async init() {
         try {
             await fs.mkdir(this.configDir, { recursive: true });
@@ -229,20 +243,17 @@ export class CLIConfig {
                 return;
             }
         }
-        // Set fallback service endpoints
+        const fallback = this.resolveFallbackEndpoints();
         this.config.discoveredServices = {
-            auth_base: 'https://api.lanonasis.com', // CLI auth goes to central auth system
-            memory_base: 'https://api.lanonasis.com/api/v1', // Memory via onasis-core
-            mcp_base: 'https://mcp.lanonasis.com/api/v1', // MCP HTTP/REST
-            mcp_ws_base: 'wss://mcp.lanonasis.com/ws', // MCP WebSocket
-            mcp_sse_base: 'https://mcp.lanonasis.com/api/v1/events', // MCP SSE
-            project_scope: 'lanonasis-maas' // Correct project scope
+            ...fallback.endpoints,
+            project_scope: 'lanonasis-maas'
         };
         // Mark as fallback (don't set lastServiceDiscovery)
         await this.save();
+        this.logFallbackUsage(fallback.source, this.config.discoveredServices);
         if (verbose) {
             console.log('✓ Using fallback service endpoints');
-            console.log('   These are the standard production endpoints');
+            console.log(`   Source: ${fallback.source === 'environment' ? 'environment overrides' : 'built-in defaults'}`);
         }
     }
     categorizeServiceDiscoveryError(error) {
@@ -272,6 +283,47 @@ export class CLIConfig {
         }
         return 'unknown';
     }
+    resolveFallbackEndpoints() {
+        const envAuthBase = process.env.LANONASIS_FALLBACK_AUTH_BASE ?? process.env.AUTH_BASE;
+        const envMemoryBase = process.env.LANONASIS_FALLBACK_MEMORY_BASE ?? process.env.MEMORY_BASE;
+        const envMcpBase = process.env.LANONASIS_FALLBACK_MCP_BASE ?? process.env.MCP_BASE;
+        const envMcpWsBase = process.env.LANONASIS_FALLBACK_MCP_WS_BASE ?? process.env.MCP_WS_BASE;
+        const envMcpSseBase = process.env.LANONASIS_FALLBACK_MCP_SSE_BASE ?? process.env.MCP_SSE_BASE;
+        const hasEnvOverrides = Boolean(envAuthBase || envMemoryBase || envMcpBase || envMcpWsBase || envMcpSseBase);
+        const nodeEnv = (process.env.NODE_ENV ?? '').toLowerCase();
+        const isDevEnvironment = nodeEnv === 'development' || nodeEnv === 'test';
+        const defaultAuthBase = isDevEnvironment ? 'http://localhost:4000' : 'https://api.lanonasis.com';
+        const defaultMemoryBase = isDevEnvironment ? 'http://localhost:4000/api/v1' : 'https://api.lanonasis.com/api/v1';
+        const defaultMcpBase = isDevEnvironment ? 'http://localhost:4100/api/v1' : 'https://mcp.lanonasis.com/api/v1';
+        const defaultMcpWsBase = isDevEnvironment ? 'ws://localhost:4100/ws' : 'wss://mcp.lanonasis.com/ws';
+        const defaultMcpSseBase = isDevEnvironment ? 'http://localhost:4100/api/v1/events' : 'https://mcp.lanonasis.com/api/v1/events';
+        const endpoints = {
+            auth_base: envAuthBase ?? defaultAuthBase,
+            memory_base: envMemoryBase ?? defaultMemoryBase,
+            mcp_base: envMcpBase ?? defaultMcpBase,
+            mcp_ws_base: envMcpWsBase ?? defaultMcpWsBase,
+            mcp_sse_base: envMcpSseBase ?? defaultMcpSseBase
+        };
+        return {
+            endpoints,
+            source: hasEnvOverrides ? 'environment' : 'default'
+        };
+    }
+    logFallbackUsage(source, endpoints) {
+        const summary = {
+            auth: endpoints.auth_base,
+            mcp: endpoints.mcp_base,
+            websocket: endpoints.mcp_ws_base,
+            sse: endpoints.mcp_sse_base,
+            source
+        };
+        const message = `Service discovery fallback activated using ${source === 'environment' ? 'environment overrides' : 'built-in defaults'}`;
+        console.warn(`⚠️  ${message}`);
+        console.info('📊 service_discovery_fallback', summary);
+        if (typeof process.emitWarning === 'function') {
+            process.emitWarning(message, 'ServiceDiscoveryFallback');
+        }
+    }
     // Manual endpoint override functionality
     async setManualEndpoints(endpoints) {
         if (!this.config.discoveredServices) {
@@ -446,6 +498,8 @@ export class CLIConfig {
         catch {
             // Invalid token, don't store user info or expiry
             this.config.tokenExpiry = undefined;
+            // Mark as non-JWT (e.g., OAuth/CLI token)
+            this.config.authMethod = this.config.authMethod || 'oauth';
         }
         await this.save();
     }
@@ -493,8 +547,32 @@ export class CLIConfig {
                 locallyValid = false;
             }
         }
-        // If expired locally, no need to check server
+        // If not locally valid, attempt server verification before failing
         if (!locallyValid) {
+            try {
+                const axios = (await import('axios')).default;
+                const endpoints = [
+                    'http://localhost:4000/v1/auth/verify-token',
+                    'https://auth.lanonasis.com/v1/auth/verify-token',
+                    'https://api.lanonasis.com/auth/verify'
+                ];
+                for (const endpoint of endpoints) {
+                    try {
+                        const resp = await axios.post(endpoint, { token }, { timeout: 3000 });
+                        if (resp.data?.valid === true) {
+                            this.authCheckCache = { isValid: true, timestamp: Date.now() };
+                            return true;
+                        }
+                    }
+                    catch {
+                        // try next endpoint
+                        continue;
+                    }
+                }
+            }
+            catch {
+                // ignore, will fall back to failure below
+            }
             this.authCheckCache = { isValid: false, timestamp: Date.now() };
             return false;
         }
@@ -515,7 +593,7 @@ export class CLIConfig {
                         break;
                     }
                 }
-                catch (err) {
+                catch {
                     // Try next endpoint
                     continue;
                 }
@@ -527,7 +605,7 @@ export class CLIConfig {
             this.authCheckCache = { isValid: true, timestamp: Date.now() };
             return true;
         }
-        catch (error) {
+        catch {
             // If all server checks fail, fall back to local validation
             // This allows offline usage but is less secure
             console.warn('⚠️  Unable to verify token with server, using local validation');
@@ -544,9 +622,6 @@ export class CLIConfig {
         this.config = {};
         await this.save();
     }
-    getConfigPath() {
-        return this.configPath;
-    }
     async exists() {
         try {
             await fs.access(this.configPath);
@@ -591,7 +666,7 @@ export class CLIConfig {
             await this.save();
             return true;
         }
-        catch (error) {
+        catch {
             // Increment failure count
             await this.incrementFailureCount();
             return false;
@@ -630,9 +705,12 @@ export class CLIConfig {
                 }
             }
         }
-        catch (error) {
+        catch (err) {
             // If refresh fails, mark credentials as potentially invalid
             await this.incrementFailureCount();
+            if (process.env.CLI_VERBOSE === 'true' || process.env.NODE_ENV !== 'production') {
+                console.debug('Token refresh failed:', err.message);
+            }
         }
     }
     async clearInvalidCredentials() {
@@ -697,7 +775,9 @@ export class CLIConfig {
     }
     // MCP-specific helpers
     getMCPServerPath() {
-        return this.config.mcpServerPath || path.join(process.cwd(), 'onasis-gateway/mcp-server/server.js');
+        // Only return an explicitly configured path. No implicit bundled defaults.
+        // Returning an empty string if unset helps callers decide how to proceed safely.
+        return this.config.mcpServerPath || '';
     }
     getMCPServerUrl() {
         return this.config.discoveredServices?.mcp_ws_base ||

package/dist/utils/mcp-client.d.ts

@@ -4,6 +4,7 @@ interface MCPConnectionOptions {
     useRemote?: boolean;
     useWebSocket?: boolean;
     connectionMode?: 'local' | 'remote' | 'websocket';
+    localArgs?: string[];
 }
 /**
  * Interface for MCP tool arguments
@@ -24,10 +25,10 @@ export interface MCPToolResponse {
     title?: string;
     memory_type?: string;
     length?: number;
-    forEach?: (callback: (item: any, index: number) => void) => void;
+    forEach?: (callback: (item: unknown, index: number) => void) => void;
     code?: number;
     message?: string;
-    response?: any;
+    response?: unknown;
 }
 /**
  * Interface for MCP WebSocket messages
@@ -54,7 +55,25 @@ export declare class MCPClient {
     private healthCheckInterval;
     private connectionStartTime;
     private lastHealthCheck;
+    private activeConnectionMode;
     constructor();
+    /**
+     * Overrides the configuration directory used by the underlying CLI config.
+     * Useful for tests that need isolated config state.
+     */
+    setConfigDirectory(configDir: string): void;
+    /**
+     * Returns the current config file path. Primarily used for test introspection.
+     */
+    getConfigPath(): string;
+    /**
+     * Helper for tests to seed authentication tokens without accessing internals.
+     */
+    setTokenForTesting(token: string): Promise<void>;
+    /**
+     * Helper for tests to seed vendor keys without accessing internals.
+     */
+    setVendorKeyForTesting(vendorKey: string): Promise<void>;
     /**
      * Initialize the MCP client configuration
      */