@lanonasis/cli 3.7.1 → 3.7.3

package/README.md

@@ -34,6 +34,17 @@ onasis health                                 # Verify system health
 onasis memory create --title "Welcome" --content "My first memory"
 ```
 
+## 🤖 Claude Desktop Integration
+
+For instant Claude Desktop MCP integration with OAuth2 authentication, see our [Claude Desktop Setup Guide](./CLAUDE_DESKTOP_SETUP.md).
+
+**Quick Links**:
+- **Authorization Endpoint**: `https://auth.lanonasis.com/oauth/authorize`
+- **Client ID**: `claude-desktop`
+- **Scopes**: `mcp:full memories:read memories:write`
+
+The guide includes complete OAuth2 configuration, available MCP tools, and troubleshooting steps.
+
 ## 🎯 Command Aliases
 
 The CLI supports multiple command aliases for different use cases:

package/dist/commands/auth.js

@@ -305,6 +305,40 @@ async function refreshOAuth2Token(config) {
         return false;
     }
 }
+/**
+ * Exchange Supabase JWT token for auth-gateway API key
+ * This enables CLI to work with MCP WebSocket and all services seamlessly
+ */
+async function exchangeSupabaseTokenForApiKey(supabaseToken, config) {
+    try {
+        const discoveredServices = config.get('discoveredServices');
+        const authBase = discoveredServices?.auth_base || 'https://auth.lanonasis.com';
+        if (process.env.CLI_VERBOSE === 'true') {
+            console.log(chalk.dim(`   Exchanging token at: ${authBase}/v1/auth/token/exchange`));
+        }
+        const response = await axios.post(`${authBase}/v1/auth/token/exchange`, {
+            project_scope: 'lanonasis-maas',
+            platform: 'cli'
+        }, {
+            headers: {
+                'Authorization': `Bearer ${supabaseToken}`,
+                'Content-Type': 'application/json',
+                'X-Project-Scope': 'lanonasis-maas'
+            }
+        });
+        return {
+            access_token: response.data.access_token,
+            user: response.data.user
+        };
+    }
+    catch (error) {
+        console.error(chalk.yellow('⚠️  Token exchange failed:', error.message));
+        if (process.env.CLI_VERBOSE === 'true' && error.response) {
+            console.error(chalk.dim('   Response:', JSON.stringify(error.response.data, null, 2)));
+        }
+        return null;
+    }
+}
 export async function diagnoseCommand() {
     const config = new CLIConfig();
     await config.init();
@@ -674,14 +708,33 @@ async function handleOAuthFlow(config) {
         }
         const tokens = await exchangeCodeForTokens(code, pkce.verifier, authBase, redirectUri);
         spinner.succeed('Access tokens received');
-        // Store tokens
+        // Store OAuth tokens
         await config.setToken(tokens.access_token);
         await config.set('refresh_token', tokens.refresh_token);
         await config.set('token_expires_at', Date.now() + (tokens.expires_in * 1000));
-        await config.set('authMethod', 'oauth2');
-        console.log();
-        console.log(chalk.green('✓ OAuth2 authentication successful'));
-        console.log(colors.info('You can now use Lanonasis services'));
+        // Exchange for unified API key
+        spinner.text = 'Configuring unified access...';
+        spinner.start();
+        const exchangeResult = await exchangeSupabaseTokenForApiKey(tokens.access_token, config);
+        if (exchangeResult) {
+            // Store the auth-gateway API key for MCP and other services
+            await config.setVendorKey(exchangeResult.access_token);
+            await config.set('authMethod', 'oauth2');
+            spinner.succeed('Unified authentication configured');
+            console.log();
+            console.log(chalk.green('✓ OAuth2 authentication successful'));
+            console.log(colors.info('You can now use all Lanonasis services'));
+            console.log(chalk.gray('✓ MCP, API, and CLI access configured'));
+        }
+        else {
+            // Fallback
+            await config.set('authMethod', 'oauth2');
+            spinner.warn('Token exchange failed, OAuth token stored');
+            console.log();
+            console.log(chalk.green('✓ OAuth2 authentication successful'));
+            console.log(colors.info('You can now use Lanonasis services'));
+            console.log(chalk.yellow('⚠️  Some services may require re-authentication'));
+        }
         process.exit(0);
     }
     catch (error) {
@@ -766,16 +819,32 @@ async function handleCredentialsFlow(options, config) {
     const spinner = ora('Authenticating...').start();
     try {
         const response = await apiClient.login(email, password);
-        // Store token and user info
-        await config.setToken(response.token);
+        if (process.env.CLI_VERBOSE === 'true') {
+            console.log(chalk.dim('   Login response:'), JSON.stringify(response, null, 2));
+        }
+        // The auth-gateway login endpoint already returns the correct token format
+        // No need to exchange - this token works with all services (MCP, API, CLI)
+        const authToken = response.token || response.access_token;
+        if (!authToken) {
+            throw new Error('No token received from login response');
+        }
+        if (process.env.CLI_VERBOSE === 'true') {
+            console.log(chalk.dim(`   JWT received (length: ${authToken.length})`));
+        }
+        // Store JWT token for API authentication
+        await config.setToken(authToken);
+        await config.set('authMethod', 'jwt');
         spinner.succeed('Login successful');
         console.log();
         console.log(chalk.green('✓ Authenticated successfully'));
         console.log(`Welcome, ${response.user.email}!`);
-        if (response.user.organization_id) {
-            console.log(`Organization: ${response.user.organization_id}`);
+        if (response.user.role) {
+            console.log(`Role: ${response.user.role}`);
         }
-        console.log(`Plan: ${response.user.plan || 'free'}`);
+        console.log(chalk.gray('✓ API access configured'));
+        console.log();
+        console.log(chalk.dim('Note: MCP WebSocket commands require a vendor key.'));
+        console.log(chalk.dim('Run'), chalk.white('onasis auth vendor-key <key>'), chalk.dim('to configure MCP access.'));
     }
     catch (error) {
         spinner.fail('Login failed');

package/dist/utils/api.js

@@ -101,64 +101,64 @@ export class APIClient {
     }
     // Memory operations - aligned with existing schema
     async createMemory(data) {
-        const response = await this.client.post('/api/v1/memory', data);
+        const response = await this.client.post('/memory', data);
         return response.data;
     }
     async getMemories(params = {}) {
-        const response = await this.client.get('/api/v1/memory', { params });
+        const response = await this.client.get('/memory', { params });
         return response.data;
     }
     async getMemory(id) {
-        const response = await this.client.get(`/api/v1/memory/${id}`);
+        const response = await this.client.get(`/memory/${id}`);
         return response.data;
     }
     async updateMemory(id, data) {
-        const response = await this.client.put(`/api/v1/memory/${id}`, data);
+        const response = await this.client.put(`/memory/${id}`, data);
         return response.data;
     }
     async deleteMemory(id) {
-        await this.client.delete(`/api/v1/memory/${id}`);
+        await this.client.delete(`/memory/${id}`);
     }
     async searchMemories(query, options = {}) {
-        const response = await this.client.post('/api/v1/memory/search', {
+        const response = await this.client.post('/memory/search', {
             query,
             ...options
         });
         return response.data;
     }
     async getMemoryStats() {
-        const response = await this.client.get('/api/v1/memory/stats');
+        const response = await this.client.get('/memory/stats');
         return response.data;
     }
     async bulkDeleteMemories(memoryIds) {
-        const response = await this.client.post('/api/v1/memory/bulk/delete', {
+        const response = await this.client.post('/memory/bulk/delete', {
             memory_ids: memoryIds
         });
         return response.data;
     }
     // Topic operations - working with existing memory_topics table
     async createTopic(data) {
-        const response = await this.client.post('/api/v1/topics', data);
+        const response = await this.client.post('/topics', data);
         return response.data;
     }
     async getTopics() {
-        const response = await this.client.get('/api/v1/topics');
+        const response = await this.client.get('/topics');
         return response.data;
     }
     async getTopic(id) {
-        const response = await this.client.get(`/api/v1/topics/${id}`);
+        const response = await this.client.get(`/topics/${id}`);
         return response.data;
     }
     async updateTopic(id, data) {
-        const response = await this.client.put(`/api/v1/topics/${id}`, data);
+        const response = await this.client.put(`/topics/${id}`, data);
         return response.data;
     }
     async deleteTopic(id) {
-        await this.client.delete(`/api/v1/topics/${id}`);
+        await this.client.delete(`/topics/${id}`);
     }
     // Health check
     async getHealth() {
-        const response = await this.client.get('/api/v1/health');
+        const response = await this.client.get('/health');
         return response.data;
     }
     // Generic HTTP methods

package/dist/utils/config.d.ts

@@ -61,6 +61,7 @@ export declare class CLIConfig {
     private acquireLock;
     private releaseLock;
     getApiUrl(): string;
+    getApiUrlsWithFallbacks(): string[];
     discoverServices(verbose?: boolean): Promise<void>;
     private handleServiceDiscoveryFailure;
     private categorizeServiceDiscoveryError;

package/dist/utils/config.js

@@ -169,7 +169,17 @@ export class CLIConfig {
     getApiUrl() {
         return process.env.MEMORY_API_URL ||
             this.config.apiUrl ||
-            'https://mcp.lanonasis.com/api/v1';
+            'https://api.lanonasis.com';
+    }
+    // Get API URLs with fallbacks - try multiple endpoints
+    getApiUrlsWithFallbacks() {
+        const primary = this.getApiUrl();
+        const fallbacks = [
+            'https://api.lanonasis.com',
+            'https://mcp.lanonasis.com'
+        ];
+        // Remove duplicates and return primary first
+        return [primary, ...fallbacks.filter(url => url !== primary)];
     }
     // Enhanced Service Discovery Integration
     async discoverServices(verbose = false) {
@@ -187,21 +197,45 @@ export class CLIConfig {
             }
             return;
         }
-        const discoveryUrl = 'https://mcp.lanonasis.com/.well-known/onasis.json';
-        try {
-            // Use axios instead of fetch for consistency
-            const axios = (await import('axios')).default;
-            if (verbose) {
-                console.log(`🔍 Discovering services from ${discoveryUrl}...`);
-            }
-            const response = await axios.get(discoveryUrl, {
-                timeout: 10000,
-                maxRedirects: 5,
-                proxy: false, // Bypass proxy to avoid redirect loops
-                headers: {
-                    'User-Agent': 'Lanonasis-CLI/3.0.13'
+        // Try multiple discovery URLs with fallbacks
+        const discoveryUrls = [
+            'https://api.lanonasis.com/.well-known/onasis.json',
+            'https://mcp.lanonasis.com/.well-known/onasis.json'
+        ];
+        let response = null;
+        let lastError = null;
+        // Use axios instead of fetch for consistency
+        const axios = (await import('axios')).default;
+        for (const discoveryUrl of discoveryUrls) {
+            try {
+                if (verbose) {
+                    console.log(`🔍 Discovering services from ${discoveryUrl}...`);
                 }
-            });
+                response = await axios.get(discoveryUrl, {
+                    timeout: 10000,
+                    maxRedirects: 5,
+                    proxy: false, // Bypass proxy to avoid redirect loops
+                    headers: {
+                        'User-Agent': 'Lanonasis-CLI/3.0.13'
+                    }
+                });
+                if (verbose) {
+                    console.log(`✓ Successfully discovered services from ${discoveryUrl}`);
+                }
+                break; // Success, exit loop
+            }
+            catch (err) {
+                lastError = err;
+                if (verbose) {
+                    console.log(`⚠️  Failed to discover from ${discoveryUrl}, trying next...`);
+                }
+                continue;
+            }
+        }
+        if (!response) {
+            throw lastError || new Error('All service discovery URLs failed');
+        }
+        try {
             // Map discovery response to our config format
             const discovered = response.data;
             // Extract auth base, but filter out localhost URLs

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lanonasis/cli",
-  "version": "3.7.1",
+  "version": "3.7.3",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -22,7 +22,7 @@
     "LICENSE"
   ],
   "dependencies": {
-    "@lanonasis/oauth-client": "^1.0.0",
+    "@lanonasis/oauth-client": "^1.2.1",
     "@lanonasis/security-sdk": "^1.0.1",
     "@modelcontextprotocol/sdk": "^1.1.1",
     "axios": "^1.7.7",