@lanonasis/cli 3.9.0 → 3.9.2

package/CHANGELOG.md

@@ -1,5 +1,28 @@
 # Changelog - @lanonasis/cli
 
+## [3.9.2] - 2026-02-02
+
+### 🐛 Bug Fixes
+
+- **Auth Method Override**: Fixed vendor key authentication not overriding previous OAuth `authMethod`
+  - When users explicitly authenticate with vendor key after OAuth, the `authMethod` is now correctly set to `vendor_key`
+  - This fixes "Authenticated: No" status after successful vendor key authentication
+  - Reverted changes from 3.9.1 that incorrectly removed vendor key storage from OAuth flow
+
+## [3.9.1] - 2026-02-01
+
+### 🔐 Authentication Fixes
+
+- **OAuth Scope Clarification**: OAuth login now clearly states it enables MCP integration only
+- **Improved Error Messages**: 401 errors for OAuth users include specific guidance for direct API access
+- **Removed Misleading Storage**: OAuth tokens are no longer incorrectly stored as vendor keys
+- **Documentation Updates**: README and in-CLI help clarify authentication method differences
+
+### 🐛 Bug Fixes
+
+- Fixed confusing error message when OAuth users try to use direct CLI commands
+- Removed `.lanonasis/mcp-config.json` from version control
+
 ## [3.9.0] - 2026-02-01
 
 ### 🎨 CLI UX Revolution
@@ -26,6 +49,21 @@
 - **User Preferences**: Captures and persists input mode, editor choice, and behavior preferences
 - **Troubleshooting Guidance**: Context-aware help when issues are detected
 
+### 🔐 Authentication Clarifications
+
+#### OAuth vs Direct API Access
+- **Clear Scope Documentation**: OAuth2 login now explicitly states it enables MCP integration
+- **Improved Error Messages**: 401 errors for OAuth users include specific guidance for direct API access
+- **Authentication Method Guidance**: CLI provides clear instructions for:
+  - **OAuth**: Use for MCP integration and real-time features
+  - **Vendor Key**: Obtain from dashboard for direct API access (`lanonasis auth login --vendor`)
+  - **Credentials**: Use username/password for direct API access (`lanonasis auth login --credentials`)
+
+#### Secure Storage Fallback
+- **Keytar Optional**: When keytar (native secure storage) is unavailable, CLI gracefully falls back to encrypted file storage
+- **Cross-Platform**: Encrypted storage works consistently across all platforms
+- **No Data Loss**: Credentials are preserved in `~/.lanonasis/api-key.enc` with AES-256-GCM encryption
+
 ### 🐛 Critical Bug Fixes (PR #93)
 
 #### P1: Connection Verification False Positive

package/README.md

@@ -156,12 +156,14 @@ onasis login --vendor-key <your-vendor-key>
 
 ### 2. OAuth Browser Authentication
 
-Secure browser-based authentication:
+Secure browser-based authentication for MCP integration:
 
 ```bash
 onasis login --oauth
 ```
 
+> **Note**: OAuth authentication enables MCP integration features (real-time updates, WebSocket connections). For direct CLI memory commands (`memory list`, `memory create`, etc.), use vendor key or credentials authentication.
+
 ### 3. Interactive Credentials
 
 Traditional username/password authentication:

package/dist/commands/auth.js

@@ -606,6 +606,10 @@ async function handleVendorKeyAuth(vendorKey, config) {
     const spinner = ora('Validating vendor key...').start();
     try {
         await config.setVendorKey(vendorKey);
+        // Explicitly set authMethod to vendor_key when user does explicit vendor key auth
+        // This overrides any previous OAuth authMethod
+        await config.set('authMethod', 'vendor_key');
+        await config.save();
         // Test the vendor key with a health check
         await apiClient.get('/health');
         spinner.succeed('Vendor key authentication successful');

package/dist/commands/mcp.js

@@ -212,12 +212,38 @@ export function mcpCommands(program) {
         let healthLabel = chalk.gray('Unknown');
         let healthDetails;
         let isServiceReachable = false;
+        let resolvedHealthUrl;
         try {
             const axios = (await import('axios')).default;
-            // Derive MCP health URL from discovered REST base (e.g. https://mcp.lanonasis.com/api/v1 -> https://mcp.lanonasis.com/health)
-            const restUrl = config.getMCPRestUrl();
-            const rootBase = restUrl.replace(/\/api\/v1$/, '');
-            const healthUrl = `${rootBase}/health`;
+            const normalizeMcpHealthUrl = (inputUrl) => {
+                const parsed = new URL(inputUrl);
+                if (parsed.protocol === 'wss:') {
+                    parsed.protocol = 'https:';
+                }
+                else if (parsed.protocol === 'ws:') {
+                    parsed.protocol = 'http:';
+                }
+                parsed.pathname = '/health';
+                parsed.search = '';
+                parsed.hash = '';
+                return parsed.toString();
+            };
+            // Prefer MCP host health based on active mode:
+            // - websocket: use configured websocket host (wss -> https)
+            // - remote: use configured MCP REST host
+            // - local/default: fall back to discovered MCP REST host
+            let healthProbeBase;
+            if (status.mode === 'websocket') {
+                healthProbeBase = config.get('mcpWebSocketUrl') ?? config.getMCPServerUrl();
+            }
+            else if (status.mode === 'remote') {
+                healthProbeBase = config.get('mcpServerUrl') ?? config.getMCPRestUrl();
+            }
+            else {
+                healthProbeBase = config.getMCPRestUrl();
+            }
+            const healthUrl = normalizeMcpHealthUrl(healthProbeBase);
+            resolvedHealthUrl = healthUrl;
             const token = config.getToken();
             const vendorKey = await config.getVendorKeyAsync();
             const headers = {};
@@ -234,7 +260,8 @@ export function mcpCommands(program) {
                 timeout: 5000
             });
             const overallStatus = String(response.data?.status ?? '').toLowerCase();
-            const ok = response.status === 200 && (!overallStatus || overallStatus === 'healthy');
+            const okStatuses = new Set(['healthy', 'ok', 'up']);
+            const ok = response.status === 200 && (!overallStatus || okStatuses.has(overallStatus));
             if (ok) {
                 healthLabel = chalk.green('Healthy');
                 isServiceReachable = true;
@@ -285,6 +312,9 @@ export function mcpCommands(program) {
         if (healthDetails && process.env.CLI_VERBOSE === 'true') {
             console.log(chalk.gray(`Health details: ${healthDetails}`));
         }
+        if (resolvedHealthUrl && process.env.CLI_VERBOSE === 'true') {
+            console.log(chalk.gray(`Health probe URL: ${resolvedHealthUrl}`));
+        }
         // Show features when service is reachable
         if (isServiceReachable) {
             if (status.mode === 'remote') {

package/dist/utils/mcp-client.d.ts

@@ -191,6 +191,11 @@ export declare class MCPClient {
      * Check if connected to MCP server
      */
     isConnectedToServer(): boolean;
+    /**
+     * Determine whether tool operations should use the remote REST bridge.
+     * WebSocket mode uses the same bridge for tool list/call operations.
+     */
+    private shouldUseRemoteToolBridge;
     /**
      * Get connection status details with health information
      */

package/dist/utils/mcp-client.js

@@ -68,6 +68,7 @@ export class MCPClient {
             // Save the successful connection mode as preference
             this.config.set('mcpConnectionMode', mode);
             this.config.set('mcpPreference', mode);
+            this.config.set('mcpUseRemote', mode === 'remote' || mode === 'websocket');
             // Save the specific URL that worked
             if (url) {
                 if (mode === 'websocket') {
@@ -525,7 +526,12 @@ export class MCPClient {
                 this.wsConnection.on('message', (data) => {
                     try {
                         const message = JSON.parse(data.toString());
-                        console.log(chalk.blue('📡 MCP message:'), message.id, message.method || 'response');
+                        const messageId = message.id ?? 'event';
+                        const messageType = message.method
+                            || (message.error ? 'error' : undefined)
+                            || (message.result ? 'result' : undefined)
+                            || 'response';
+                        console.log(chalk.blue('📡 MCP message:'), messageId, messageType);
                     }
                     catch (error) {
                         console.error('Failed to parse WebSocket message:', error);
@@ -740,7 +746,7 @@ export class MCPClient {
         if (!this.isConnected) {
             throw new Error('Not connected to MCP server. Run "lanonasis mcp connect" first.');
         }
-        const useRemote = this.config.get('mcpUseRemote') ?? false;
+        const useRemote = this.shouldUseRemoteToolBridge();
         if (useRemote) {
             // Remote MCP calls are translated to REST API calls
             return await this.callRemoteTool(toolName, args);
@@ -854,7 +860,7 @@ export class MCPClient {
         if (!this.isConnected) {
             throw new Error('Not connected to MCP server');
         }
-        const useRemote = this.config.get('mcpUseRemote') ?? false;
+        const useRemote = this.shouldUseRemoteToolBridge();
         if (useRemote) {
             // Return hardcoded list for remote mode
             return [
@@ -883,6 +889,16 @@ export class MCPClient {
     isConnectedToServer() {
         return this.isConnected;
     }
+    /**
+     * Determine whether tool operations should use the remote REST bridge.
+     * WebSocket mode uses the same bridge for tool list/call operations.
+     */
+    shouldUseRemoteToolBridge() {
+        if (this.activeConnectionMode === 'remote' || this.activeConnectionMode === 'websocket') {
+            return true;
+        }
+        return this.config.get('mcpUseRemote') ?? false;
+    }
     /**
      * Get connection status details with health information
      */

package/dist/ux/implementations/ConnectionManagerImpl.js

@@ -202,6 +202,10 @@ export class ConnectionManagerImpl {
                     LOG_LEVEL: this.config.logLevel,
                 },
             });
+            if (serverProcess.pid === undefined) {
+                reject(new Error('Failed to start local MCP server: process ID was not assigned'));
+                return;
+            }
             const serverInstance = {
                 pid: serverProcess.pid,
                 port: this.config.serverPort || 3000,
@@ -291,7 +295,7 @@ export class ConnectionManagerImpl {
                         this.serverProcess.kill('SIGKILL');
                     }
                 }, 5000);
-                this.serverProcess.on('exit', () => {
+                this.serverProcess.once('exit', () => {
                     clearTimeout(forceKillTimeout);
                     this.serverProcess = null;
                     if (this.connectionStatus.serverInstance) {

package/dist/ux/implementations/TextInputHandlerImpl.js

@@ -47,10 +47,17 @@ export class TextInputHandlerImpl {
             status: 'active',
         };
         return new Promise((resolve, reject) => {
+            let handleKeypress = null;
+            const cleanup = () => {
+                if (handleKeypress) {
+                    process.stdin.removeListener('data', handleKeypress);
+                }
+                this.disableRawMode();
+            };
             try {
                 this.enableRawMode();
-                this.displayInputPrompt('');
-                const handleKeypress = (chunk) => {
+                this.displayInputPrompt(this.getCurrentContent());
+                handleKeypress = (chunk) => {
                     const key = this.parseKeyEvent(chunk);
                     if (this.handleSpecialKeys(key)) {
                         return;
@@ -61,10 +68,6 @@ export class TextInputHandlerImpl {
                         this.displayInputPrompt(this.getCurrentContent());
                     }
                 };
-                const cleanup = () => {
-                    process.stdin.removeListener('data', handleKeypress);
-                    this.disableRawMode();
-                };
                 // Set up completion handlers
                 const complete = (result) => {
                     cleanup();
@@ -86,7 +89,7 @@ export class TextInputHandlerImpl {
                 process.stdin.on('data', handleKeypress);
             }
             catch (error) {
-                this.disableRawMode();
+                cleanup();
                 reject(error);
             }
         });
@@ -322,15 +325,17 @@ export class TextInputHandlerImpl {
                 }
                 break;
             case 'right':
-                const currentLineLength = content[cursorPosition.line]?.length || 0;
-                if (cursorPosition.column < currentLineLength) {
-                    cursorPosition.column++;
-                }
-                else if (cursorPosition.line < content.length - 1) {
-                    cursorPosition.line++;
-                    cursorPosition.column = 0;
+                {
+                    const currentLineLength = content[cursorPosition.line]?.length || 0;
+                    if (cursorPosition.column < currentLineLength) {
+                        cursorPosition.column++;
+                    }
+                    else if (cursorPosition.line < content.length - 1) {
+                        cursorPosition.line++;
+                        cursorPosition.column = 0;
+                    }
+                    break;
                 }
-                break;
         }
     }
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lanonasis/cli",
-  "version": "3.9.0",
+  "version": "3.9.2",
   "description": "Professional CLI for LanOnasis Memory as a Service (MaaS) with MCP support, seamless inline editing, and enterprise-grade security",
   "keywords": [
     "lanonasis",