@lanonasis/cli 3.7.8 → 3.8.0

package/dist/commands/auth.js

@@ -370,7 +370,7 @@ export async function diagnoseCommand() {
     // Step 2: Check stored credentials
     console.log(chalk.cyan('\n2. Stored Credentials'));
     const token = config.getToken();
-    const vendorKey = config.getVendorKey();
+    const vendorKey = await config.getVendorKeyAsync();
     const authMethod = config.get('authMethod');
     if (vendorKey) {
         diagnostics.hasCredentials = true;
@@ -825,10 +825,8 @@ async function handleCredentialsFlow(options, config) {
         if (response.user.role) {
             console.log(`Role: ${response.user.role}`);
         }
-        console.log(chalk.gray('✓ API access configured'));
-        console.log();
-        console.log(chalk.dim('Note: MCP WebSocket commands require a vendor key.'));
-        console.log(chalk.dim('Run'), chalk.white('onasis auth vendor-key <key>'), chalk.dim('to configure MCP access.'));
+        console.log(chalk.gray('✓ API and MCP access configured'));
+        console.log(chalk.dim('Your JWT token works with all services: API, MCP, CLI.'));
     }
     catch (error) {
         spinner.fail('Login failed');

package/dist/commands/config.js

@@ -382,7 +382,7 @@ export function configCommands(program) {
         // Step 2: Validate authentication configuration
         console.log(chalk.cyan('\n2. Authentication Configuration'));
         const token = config.getToken();
-        const vendorKey = config.getVendorKey();
+        const vendorKey = await config.getVendorKeyAsync();
         const authMethod = config.get('authMethod');
         if (!token && !vendorKey) {
             console.log(chalk.yellow('   ⚠ No authentication credentials configured'));

package/dist/commands/mcp.js

@@ -190,7 +190,7 @@ export function mcpCommands(program) {
             const rootBase = restUrl.replace(/\/api\/v1$/, '');
             const healthUrl = `${rootBase}/health`;
             const token = config.getToken();
-            const vendorKey = config.getVendorKey();
+            const vendorKey = await config.getVendorKeyAsync();
             const headers = {};
             if (vendorKey) {
                 headers['X-API-Key'] = vendorKey;
@@ -457,6 +457,41 @@ export function mcpCommands(program) {
             console.log('  --auto             : Auto-detect based on configuration (default)');
         }
     });
+    // Start MCP server for external clients
+    mcp.command('start')
+        .description('Start MCP server for external clients (Claude Desktop, Cursor, etc.)')
+        .option('--transport <type>', 'Transport: stdio (default), ws, http, sse', 'stdio')
+        .option('--port <number>', 'Port for ws/http/sse', '3009')
+        .option('--host <address>', 'Host address', '127.0.0.1')
+        .action(async (options) => {
+        const apiKey = process.env.LANONASIS_API_KEY;
+        if (!apiKey) {
+            console.error('Error: LANONASIS_API_KEY environment variable required');
+            process.exit(1);
+        }
+        try {
+            const { LanonasisMCPServer } = await import('../mcp/server/lanonasis-server.js');
+            const server = new LanonasisMCPServer({
+                apiKey,
+                transport: options.transport,
+                port: parseInt(options.port, 10),
+                host: options.host
+            });
+            if (options.transport === 'stdio') {
+                // Log to stderr since stdout is for MCP protocol
+                console.error(`Starting MCP server in stdio mode...`);
+                await server.startStdio();
+            }
+            else {
+                console.error(`Starting MCP server on ${options.host}:${options.port} (${options.transport})...`);
+                await server.start();
+            }
+        }
+        catch (error) {
+            console.error(`Failed to start MCP server: ${error instanceof Error ? error.message : 'Unknown error'}`);
+            process.exit(1);
+        }
+    });
     // Diagnose MCP connection issues
     mcp.command('diagnose')
         .description('Diagnose MCP connection issues')
@@ -483,7 +518,7 @@ export function mcpCommands(program) {
         // Step 1: Check authentication status
         console.log(chalk.cyan('1. Authentication Status'));
         const token = config.getToken();
-        const vendorKey = config.getVendorKey();
+        const vendorKey = await config.getVendorKeyAsync();
         if (!token && !vendorKey) {
             console.log(chalk.red('   ✖ No authentication credentials found'));
             console.log(chalk.gray('   → Run: lanonasis auth login'));

package/dist/mcp/schemas/tool-schemas.d.ts

@@ -15,15 +15,15 @@ export declare const MemoryCreateSchema: z.ZodObject<{
     content?: string;
     tags?: string[];
     topic_id?: string;
-    memory_type?: "context" | "reference" | "note";
     metadata?: Record<string, any>;
+    memory_type?: "context" | "reference" | "note";
 }, {
     title?: string;
     content?: string;
     tags?: string[];
     topic_id?: string;
-    memory_type?: "context" | "reference" | "note";
     metadata?: Record<string, any>;
+    memory_type?: "context" | "reference" | "note";
 }>;
 export declare const MemorySearchSchema: z.ZodObject<{
     query: z.ZodString;
@@ -59,15 +59,15 @@ export declare const MemoryUpdateSchema: z.ZodObject<{
     content?: string;
     tags?: string[];
     memory_id?: string;
-    memory_type?: "context" | "reference" | "note";
     metadata?: Record<string, any>;
+    memory_type?: "context" | "reference" | "note";
 }, {
     title?: string;
     content?: string;
     tags?: string[];
     memory_id?: string;
-    memory_type?: "context" | "reference" | "note";
     metadata?: Record<string, any>;
+    memory_type?: "context" | "reference" | "note";
 }>;
 export declare const MemoryDeleteSchema: z.ZodObject<{
     memory_id: z.ZodString;
@@ -217,13 +217,13 @@ export declare const BulkOperationSchema: z.ZodObject<{
     transaction: z.ZodDefault<z.ZodBoolean>;
 }, "strip", z.ZodTypeAny, {
     operation?: "create" | "delete" | "update";
-    entity_type?: "topic" | "memory" | "apikey";
     items?: Record<string, any>[];
+    entity_type?: "topic" | "memory" | "apikey";
     transaction?: boolean;
 }, {
     operation?: "create" | "delete" | "update";
-    entity_type?: "topic" | "memory" | "apikey";
     items?: Record<string, any>[];
+    entity_type?: "topic" | "memory" | "apikey";
     transaction?: boolean;
 }>;
 export declare const ImportExportSchema: z.ZodObject<{
@@ -387,15 +387,15 @@ export declare const MCPSchemas: {
             content?: string;
             tags?: string[];
             topic_id?: string;
-            memory_type?: "context" | "reference" | "note";
             metadata?: Record<string, any>;
+            memory_type?: "context" | "reference" | "note";
         }, {
             title?: string;
             content?: string;
             tags?: string[];
             topic_id?: string;
-            memory_type?: "context" | "reference" | "note";
             metadata?: Record<string, any>;
+            memory_type?: "context" | "reference" | "note";
         }>;
         search: z.ZodObject<{
             query: z.ZodString;
@@ -431,15 +431,15 @@ export declare const MCPSchemas: {
             content?: string;
             tags?: string[];
             memory_id?: string;
-            memory_type?: "context" | "reference" | "note";
             metadata?: Record<string, any>;
+            memory_type?: "context" | "reference" | "note";
         }, {
             title?: string;
             content?: string;
             tags?: string[];
             memory_id?: string;
-            memory_type?: "context" | "reference" | "note";
             metadata?: Record<string, any>;
+            memory_type?: "context" | "reference" | "note";
         }>;
         delete: z.ZodObject<{
             memory_id: z.ZodString;
@@ -597,13 +597,13 @@ export declare const MCPSchemas: {
             transaction: z.ZodDefault<z.ZodBoolean>;
         }, "strip", z.ZodTypeAny, {
             operation?: "create" | "delete" | "update";
-            entity_type?: "topic" | "memory" | "apikey";
             items?: Record<string, any>[];
+            entity_type?: "topic" | "memory" | "apikey";
             transaction?: boolean;
         }, {
             operation?: "create" | "delete" | "update";
-            entity_type?: "topic" | "memory" | "apikey";
             items?: Record<string, any>[];
+            entity_type?: "topic" | "memory" | "apikey";
             transaction?: boolean;
         }>;
         importExport: z.ZodObject<{

package/dist/mcp/server/lanonasis-server.d.ts

@@ -9,6 +9,10 @@ export interface LanonasisServerOptions {
     verbose?: boolean;
     apiUrl?: string;
     token?: string;
+    apiKey?: string;
+    transport?: 'stdio' | 'ws' | 'http' | 'sse';
+    port?: number;
+    host?: string;
     preferredTransport?: 'stdio' | 'websocket' | 'http';
     enableTransportFallback?: boolean;
 }
@@ -209,6 +213,11 @@ export declare class LanonasisMCPServer {
      * Start the server
      */
     start(): Promise<void>;
+    /**
+     * Start the server in stdio mode for external MCP clients (Claude Desktop, Cursor, etc.)
+     * This is the primary entry point for `lanonasis mcp start`
+     */
+    startStdio(): Promise<void>;
     /**
      * Stop the server
      */

package/dist/mcp/server/lanonasis-server.js

@@ -1473,6 +1473,35 @@ Please choose an option (1-4):`
             throw error;
         }
     }
+    /**
+     * Start the server in stdio mode for external MCP clients (Claude Desktop, Cursor, etc.)
+     * This is the primary entry point for `lanonasis mcp start`
+     */
+    async startStdio() {
+        await this.initialize();
+        try {
+            // Use API key from options if provided (from LANONASIS_API_KEY env var)
+            if (this.options.apiKey) {
+                // Set the API key for authentication
+                await this.config.setVendorKey(this.options.apiKey);
+            }
+            // Create stdio transport
+            this.transport = new StdioServerTransport();
+            await this.server.connect(this.transport);
+            // Log to stderr since stdout is for MCP protocol
+            console.error(chalk.cyan('🚀 Lanonasis MCP Server started (stdio mode)'));
+            console.error(chalk.gray(`Backend: ${this.config.getApiUrl()}`));
+            console.error(chalk.gray(`Tools: 18+ available`));
+            console.error(chalk.gray('Ready for MCP client connections...'));
+            // Keep the process alive
+            process.stdin.resume();
+        }
+        catch (error) {
+            console.error(chalk.red('❌ Failed to start MCP Server:'));
+            console.error(chalk.red(error instanceof Error ? error.message : 'Unknown error'));
+            throw error;
+        }
+    }
     /**
      * Stop the server
      */

package/dist/mcp-server-entry.d.ts

@@ -0,0 +1,20 @@
+#!/usr/bin/env node
+/**
+ * Lanonasis MCP Server Entry Point
+ *
+ * Direct entry point for external MCP clients (Claude Desktop, Cursor, Windsurf, etc.)
+ * This allows simple configuration like:
+ *
+ *   claude mcp add lanonasis -- lanonasis-mcp
+ *
+ * Or in claude_desktop_config.json:
+ *   {
+ *     "mcpServers": {
+ *       "lanonasis": {
+ *         "command": "lanonasis-mcp",
+ *         "env": { "LANONASIS_API_KEY": "lano_xxx" }
+ *       }
+ *     }
+ *   }
+ */
+export {};

package/dist/mcp-server-entry.js

@@ -0,0 +1,54 @@
+#!/usr/bin/env node
+/**
+ * Lanonasis MCP Server Entry Point
+ *
+ * Direct entry point for external MCP clients (Claude Desktop, Cursor, Windsurf, etc.)
+ * This allows simple configuration like:
+ *
+ *   claude mcp add lanonasis -- lanonasis-mcp
+ *
+ * Or in claude_desktop_config.json:
+ *   {
+ *     "mcpServers": {
+ *       "lanonasis": {
+ *         "command": "lanonasis-mcp",
+ *         "env": { "LANONASIS_API_KEY": "lano_xxx" }
+ *       }
+ *     }
+ *   }
+ */
+import { LanonasisMCPServer } from './mcp/server/lanonasis-server.js';
+async function main() {
+    // Get API key from environment
+    const apiKey = process.env.LANONASIS_API_KEY;
+    if (!apiKey) {
+        console.error('Error: LANONASIS_API_KEY environment variable is required');
+        console.error('');
+        console.error('Usage:');
+        console.error('  LANONASIS_API_KEY=lano_xxx lanonasis-mcp');
+        console.error('');
+        console.error('Or configure in Claude Desktop/Cursor:');
+        console.error('  {');
+        console.error('    "mcpServers": {');
+        console.error('      "lanonasis": {');
+        console.error('        "command": "lanonasis-mcp",');
+        console.error('        "env": { "LANONASIS_API_KEY": "your_api_key" }');
+        console.error('      }');
+        console.error('    }');
+        console.error('  }');
+        process.exit(1);
+    }
+    try {
+        const server = new LanonasisMCPServer({
+            apiKey,
+            verbose: process.env.LOG_LEVEL === 'debug'
+        });
+        // Start in stdio mode (standard for MCP clients)
+        await server.startStdio();
+    }
+    catch (error) {
+        console.error(`Failed to start MCP server: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        process.exit(1);
+    }
+}
+main();

package/dist/mcp-server.js

@@ -77,12 +77,13 @@ export class CLIMCPServer {
             console.error(`Auth: ${this.config.hasVendorKey() ? 'Vendor Key' : 'JWT Token'}`);
         }
         const resolvedPort = typeof port === 'number' && !Number.isNaN(port) ? port : 3001;
+        const vendorKey = await this.config.getVendorKeyAsync();
         // Set environment variables from CLI config
         const env = {
             ...process.env,
             PORT: resolvedPort.toString(),
             MEMORY_API_URL: this.config.getApiUrl(),
-            LANONASIS_VENDOR_KEY: this.config.getVendorKey(),
+            LANONASIS_VENDOR_KEY: vendorKey,
             LANONASIS_TOKEN: this.config.getToken(),
             MCP_VERBOSE: verbose ? 'true' : 'false',
             CLI_ALIGNED: 'true'

package/dist/utils/api.js

@@ -27,7 +27,7 @@ export class APIClient {
             }
             // Enhanced Authentication Support
             const token = this.config.getToken();
-            const vendorKey = this.config.getVendorKey();
+            const vendorKey = await this.config.getVendorKeyAsync();
             if (vendorKey) {
                 // Vendor key authentication (validated server-side)
                 // Send raw key - server handles hashing for comparison

package/dist/utils/config.d.ts

@@ -43,6 +43,7 @@ export declare class CLIConfig {
     private authCheckCache;
     private readonly AUTH_CACHE_TTL;
     private apiKeyStorage;
+    private vendorKeyCache?;
     constructor();
     /**
      * Overrides the configuration storage directory. Primarily used for tests.

package/dist/utils/config.js

@@ -14,6 +14,7 @@ export class CLIConfig {
     authCheckCache = null;
     AUTH_CACHE_TTL = 5 * 60 * 1000; // 5 minutes
     apiKeyStorage;
+    vendorKeyCache;
     constructor() {
         this.configDir = path.join(os.homedir(), '.maas');
         this.configPath = path.join(this.configDir, 'config.json');
@@ -28,6 +29,7 @@ export class CLIConfig {
         this.configDir = configDir;
         this.configPath = path.join(configDir, 'config.json');
         this.lockFile = path.join(configDir, 'config.lock');
+        this.vendorKeyCache = undefined;
     }
     /**
      * Exposes the current config path for tests and diagnostics.
@@ -45,6 +47,8 @@ export class CLIConfig {
         }
     }
     async load() {
+        // Reset in-memory cache; disk state may have changed
+        this.vendorKeyCache = undefined;
         try {
             const data = await fs.readFile(this.configPath, 'utf-8');
             this.config = JSON.parse(data);
@@ -170,7 +174,7 @@ export class CLIConfig {
     getApiUrl() {
         const baseUrl = process.env.MEMORY_API_URL ||
             this.config.apiUrl ||
-            'https://mcp.lanonasis.com';
+            'https://api.lanonasis.com'; // Primary REST API endpoint
         // Ensure we don't double-append /api/v1 - strip it if present since APIClient adds it
         return baseUrl.replace(/\/api\/v1\/?$/, '');
     }
@@ -192,8 +196,8 @@ export class CLIConfig {
             if (!this.config.discoveredServices) {
                 this.config.discoveredServices = {
                     auth_base: 'https://auth.lanonasis.com',
-                    memory_base: 'https://mcp.lanonasis.com', // Base URL without /api/v1
-                    mcp_base: 'https://mcp.lanonasis.com/api/v1', // Full MCP REST path
+                    memory_base: 'https://api.lanonasis.com', // Primary REST API (Supabase Edge Functions)
+                    mcp_base: 'https://mcp.lanonasis.com/api/v1', // MCP protocol REST path
                     mcp_ws_base: 'wss://mcp.lanonasis.com/ws',
                     mcp_sse_base: 'https://mcp.lanonasis.com/api/v1/events',
                     project_scope: 'lanonasis-maas'
@@ -245,10 +249,10 @@ export class CLIConfig {
             if (authBase.includes('localhost') || authBase.includes('127.0.0.1')) {
                 authBase = 'https://auth.lanonasis.com';
             }
-            // Memory base should be the MCP base URL without /api/v1 suffix
+            // Memory base should be the REST API URL without /api/v1 suffix
             // The API client will append the path as needed
-            const rawMemoryBase = discovered.endpoints?.http || 'https://mcp.lanonasis.com/api/v1';
-            const memoryBase = rawMemoryBase.replace(/\/api\/v1\/?$/, '') || 'https://mcp.lanonasis.com';
+            const rawMemoryBase = discovered.endpoints?.http || 'https://api.lanonasis.com/api/v1';
+            const memoryBase = rawMemoryBase.replace(/\/api\/v1\/?$/, '') || 'https://api.lanonasis.com';
             this.config.discoveredServices = {
                 auth_base: authBase || 'https://auth.lanonasis.com',
                 memory_base: memoryBase,
@@ -371,8 +375,8 @@ export class CLIConfig {
         const nodeEnv = (process.env.NODE_ENV ?? '').toLowerCase();
         const isDevEnvironment = nodeEnv === 'development' || nodeEnv === 'test';
         const defaultAuthBase = isDevEnvironment ? 'http://localhost:4000' : 'https://auth.lanonasis.com';
-        const defaultMemoryBase = isDevEnvironment ? 'http://localhost:4000' : 'https://mcp.lanonasis.com'; // Base URL without /api/v1
-        const defaultMcpBase = isDevEnvironment ? 'http://localhost:4100/api/v1' : 'https://mcp.lanonasis.com/api/v1'; // Full MCP REST path
+        const defaultMemoryBase = isDevEnvironment ? 'http://localhost:4000' : 'https://api.lanonasis.com'; // Primary REST API (Supabase Edge Functions)
+        const defaultMcpBase = isDevEnvironment ? 'http://localhost:4100/api/v1' : 'https://mcp.lanonasis.com/api/v1'; // MCP protocol REST path
         const defaultMcpWsBase = isDevEnvironment ? 'ws://localhost:4100/ws' : 'wss://mcp.lanonasis.com/ws';
         const defaultMcpSseBase = isDevEnvironment ? 'http://localhost:4100/api/v1/events' : 'https://mcp.lanonasis.com/api/v1/events';
         const endpoints = {
@@ -438,8 +442,8 @@ export class CLIConfig {
         }
         const currentServices = this.config.discoveredServices ?? {
             auth_base: 'https://auth.lanonasis.com',
-            memory_base: 'https://mcp.lanonasis.com', // Base URL without /api/v1
-            mcp_base: 'https://mcp.lanonasis.com/api/v1', // Full MCP REST path
+            memory_base: 'https://api.lanonasis.com', // Primary REST API (Supabase Edge Functions)
+            mcp_base: 'https://mcp.lanonasis.com/api/v1', // MCP protocol REST path
             mcp_ws_base: 'wss://mcp.lanonasis.com/ws',
             mcp_sse_base: 'https://mcp.lanonasis.com/api/v1/events',
             project_scope: 'lanonasis-maas'
@@ -488,6 +492,8 @@ export class CLIConfig {
             environment: process.env.NODE_ENV || 'production',
             createdAt: new Date().toISOString()
         });
+        // Cache the vendor key for this process so synchronous callers can reuse it
+        this.vendorKeyCache = trimmedKey;
         if (process.env.CLI_VERBOSE === 'true') {
             console.log('🔐 Vendor key stored securely via @lanonasis/oauth-client');
         }
@@ -566,10 +572,16 @@ export class CLIConfig {
         }
     }
     getVendorKey() {
+        if (this.vendorKeyCache) {
+            return this.vendorKeyCache;
+        }
         try {
             // Retrieve from secure storage using ApiKeyStorage (synchronous wrapper)
             const stored = this.getVendorKeySync();
-            return stored;
+            if (stored) {
+                this.vendorKeyCache = stored;
+            }
+            return this.vendorKeyCache;
         }
         catch (error) {
             if (process.env.CLI_VERBOSE === 'true') {
@@ -600,7 +612,8 @@ export class CLIConfig {
             await this.apiKeyStorage.initialize();
             const stored = await this.apiKeyStorage.retrieve();
             if (stored) {
-                return stored.apiKey;
+                this.vendorKeyCache = stored.apiKey;
+                return this.vendorKeyCache;
             }
         }
         catch (error) {
@@ -613,13 +626,14 @@ export class CLIConfig {
             if (process.env.CLI_VERBOSE === 'true') {
                 console.log('ℹ️  Found legacy plaintext vendor key, will migrate on next auth');
             }
-            return this.config.vendorKey;
+            this.vendorKeyCache = this.config.vendorKey;
+            return this.vendorKeyCache;
         }
         return undefined;
     }
     hasVendorKey() {
         // Check for marker or legacy storage
-        return !!this.config.vendorKey;
+        return !!(this.vendorKeyCache || this.config.vendorKey);
     }
     async setApiUrl(url) {
         this.config.apiUrl = url;
@@ -848,10 +862,25 @@ export class CLIConfig {
     async logout() {
         this.config.token = undefined;
         this.config.user = undefined;
+        this.vendorKeyCache = undefined;
+        this.config.vendorKey = undefined;
+        this.config.authMethod = undefined;
+        try {
+            await this.apiKeyStorage.initialize();
+            // ApiKeyStorage may implement clear() to remove encrypted secrets
+            const storage = this.apiKeyStorage;
+            if (typeof storage.clear === 'function') {
+                await storage.clear();
+            }
+        }
+        catch {
+            // Ignore storage cleanup errors during logout
+        }
         await this.save();
     }
     async clear() {
         this.config = {};
+        this.vendorKeyCache = undefined;
         await this.save();
     }
     async exists() {
@@ -866,7 +895,7 @@ export class CLIConfig {
     // Enhanced credential validation methods
     async validateStoredCredentials() {
         try {
-            const vendorKey = this.getVendorKey();
+            const vendorKey = await this.getVendorKeyAsync();
             const token = this.getToken();
             if (!vendorKey && !token) {
                 return false;

package/dist/utils/crypto-utils.js

@@ -8,7 +8,7 @@
  */
 import crypto from 'crypto';
 import { homedir, platform, hostname } from 'os';
-import { hashApiKey, isSha256Hash } from './hash-utils.js';
+import { hashApiKey, isSha256Hash } from '@lanonasis/security-sdk/hash-utils';
 // Encryption algorithm configuration
 const ALGORITHM = 'aes-256-gcm';
 const KEY_LENGTH = 32; // 256 bits

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "@lanonasis/cli",
-  "version": "3.7.8",
+  "version": "3.8.0",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
     "onasis": "dist/index.js",
-    "lanonasis": "dist/index.js"
+    "lanonasis": "dist/index.js",
+    "lanonasis-mcp": "dist/mcp-server-entry.js"
   },
   "exports": {
     ".": {
@@ -23,8 +24,8 @@
   ],
   "dependencies": {
     "@lanonasis/oauth-client": "1.2.5",
-    "@lanonasis/security-sdk": "^1.0.1",
-    "@modelcontextprotocol/sdk": "^1.1.1",
+    "@lanonasis/security-sdk": "1.0.5",
+    "@modelcontextprotocol/sdk": "^1.25.2",
     "axios": "^1.7.7",
     "chalk": "^5.3.0",
     "cli-progress": "^3.12.0",
@@ -61,4 +62,4 @@
     "test:watch": "npm test -- --watch",
     "test:coverage": "npm test -- --coverage"
   }
-}
+}