@lanonasis/cli 3.9.1 → 3.9.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +33 -0
- package/dist/commands/auth.js +15 -10
- package/dist/index.js +1 -0
- package/dist/utils/api.js +30 -16
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,38 @@
|
|
|
1
1
|
# Changelog - @lanonasis/cli
|
|
2
2
|
|
|
3
|
+
## [3.9.3] - 2026-02-02
|
|
4
|
+
|
|
5
|
+
### ✨ Features
|
|
6
|
+
|
|
7
|
+
- **Non-Interactive Vendor Key Auth**: Added `-k, --vendor-key <key>` option to `auth login` command
|
|
8
|
+
- Enables non-interactive authentication in CI/CD pipelines and automation scripts
|
|
9
|
+
- Example: `onasis auth login --vendor-key <your-key>`
|
|
10
|
+
|
|
11
|
+
### 🐛 Bug Fixes
|
|
12
|
+
|
|
13
|
+
- **JWT Authentication Routing**: Fixed API routing for JWT/OAuth authenticated sessions
|
|
14
|
+
- JWT tokens from username/password or OAuth login now correctly route to MCP server
|
|
15
|
+
- Memory operations (list, create, search, update, delete) work with JWT authentication
|
|
16
|
+
- Path translation handles endpoint differences between API and MCP servers
|
|
17
|
+
- Vendor key authentication continues to route to main API server
|
|
18
|
+
|
|
19
|
+
- **Missing CLI Option**: The `--vendor-key` option was defined in code but not exposed in CLI
|
|
20
|
+
- Now properly registered in command-line interface
|
|
21
|
+
|
|
22
|
+
### ⚠️ Known Limitations
|
|
23
|
+
|
|
24
|
+
- `memory stats` command not available with JWT authentication (MCP server limitation)
|
|
25
|
+
- For full API access including stats, use vendor key authentication
|
|
26
|
+
|
|
27
|
+
## [3.9.2] - 2026-02-02
|
|
28
|
+
|
|
29
|
+
### 🐛 Bug Fixes
|
|
30
|
+
|
|
31
|
+
- **Auth Method Override**: Fixed vendor key authentication not overriding previous OAuth `authMethod`
|
|
32
|
+
- When users explicitly authenticate with vendor key after OAuth, the `authMethod` is now correctly set to `vendor_key`
|
|
33
|
+
- This fixes "Authenticated: No" status after successful vendor key authentication
|
|
34
|
+
- Reverted changes from 3.9.1 that incorrectly removed vendor key storage from OAuth flow
|
|
35
|
+
|
|
3
36
|
## [3.9.1] - 2026-02-01
|
|
4
37
|
|
|
5
38
|
### 🔐 Authentication Fixes
|
package/dist/commands/auth.js
CHANGED
|
@@ -606,6 +606,10 @@ async function handleVendorKeyAuth(vendorKey, config) {
|
|
|
606
606
|
const spinner = ora('Validating vendor key...').start();
|
|
607
607
|
try {
|
|
608
608
|
await config.setVendorKey(vendorKey);
|
|
609
|
+
// Explicitly set authMethod to vendor_key when user does explicit vendor key auth
|
|
610
|
+
// This overrides any previous OAuth authMethod
|
|
611
|
+
await config.set('authMethod', 'vendor_key');
|
|
612
|
+
await config.save();
|
|
609
613
|
// Test the vendor key with a health check
|
|
610
614
|
await apiClient.get('/health');
|
|
611
615
|
spinner.succeed('Vendor key authentication successful');
|
|
@@ -702,22 +706,23 @@ async function handleOAuthFlow(config) {
|
|
|
702
706
|
}
|
|
703
707
|
const tokens = await exchangeCodeForTokens(code, pkce.verifier, authBase, redirectUri);
|
|
704
708
|
spinner.succeed('Access tokens received');
|
|
705
|
-
// Store OAuth tokens - these are auth-gateway tokens from /oauth/token
|
|
706
|
-
//
|
|
709
|
+
// Store OAuth tokens - these are already valid auth-gateway tokens from /oauth/token
|
|
710
|
+
// No need for additional exchange since /oauth/token returns auth-gateway's own tokens
|
|
707
711
|
await config.setToken(tokens.access_token);
|
|
708
712
|
await config.set('refresh_token', tokens.refresh_token);
|
|
709
713
|
await config.set('token_expires_at', Date.now() + (tokens.expires_in * 1000));
|
|
710
714
|
await config.set('authMethod', 'oauth');
|
|
711
|
-
|
|
715
|
+
// The OAuth access token from auth-gateway works as the API token for all services
|
|
716
|
+
// Store it as the vendor key equivalent for MCP and API access
|
|
717
|
+
spinner.text = 'Configuring unified access...';
|
|
718
|
+
spinner.start();
|
|
719
|
+
// Use the OAuth access token directly - it's already an auth-gateway token
|
|
720
|
+
await config.setVendorKey(tokens.access_token);
|
|
721
|
+
spinner.succeed('Unified authentication configured');
|
|
712
722
|
console.log();
|
|
713
723
|
console.log(chalk.green('✓ OAuth2 authentication successful'));
|
|
714
|
-
console.log(colors.info('You can now use
|
|
715
|
-
console.log();
|
|
716
|
-
console.log(chalk.yellow('Note: ') + chalk.gray('OAuth login enables MCP integration.'));
|
|
717
|
-
console.log(chalk.gray('For direct CLI memory commands, use:'));
|
|
718
|
-
console.log(chalk.cyan(' lanonasis auth login --vendor') + chalk.gray(' (get a vendor key from dashboard)'));
|
|
719
|
-
console.log(chalk.gray(' OR'));
|
|
720
|
-
console.log(chalk.cyan(' lanonasis auth login --credentials') + chalk.gray(' (use username/password)'));
|
|
724
|
+
console.log(colors.info('You can now use all Lanonasis services'));
|
|
725
|
+
console.log(chalk.gray('✓ MCP, API, and CLI access configured'));
|
|
721
726
|
process.exit(0);
|
|
722
727
|
}
|
|
723
728
|
catch (error) {
|
package/dist/index.js
CHANGED
|
@@ -221,6 +221,7 @@ authCmd
|
|
|
221
221
|
.description('Login to your MaaS account')
|
|
222
222
|
.option('-e, --email <email>', 'email address')
|
|
223
223
|
.option('-p, --password <password>', 'password')
|
|
224
|
+
.option('-k, --vendor-key <key>', 'vendor key for API access')
|
|
224
225
|
.action(loginCommand);
|
|
225
226
|
authCmd
|
|
226
227
|
.command('logout')
|
package/dist/utils/api.js
CHANGED
|
@@ -15,19 +15,43 @@ export class APIClient {
|
|
|
15
15
|
await this.config.init();
|
|
16
16
|
// Service Discovery
|
|
17
17
|
await this.config.discoverServices();
|
|
18
|
-
// Use appropriate base URL based on endpoint
|
|
18
|
+
// Use appropriate base URL based on endpoint and auth method
|
|
19
19
|
const isAuthEndpoint = config.url?.includes('/auth/') || config.url?.includes('/login') || config.url?.includes('/register') || config.url?.includes('/oauth/');
|
|
20
20
|
const discoveredServices = this.config.get('discoveredServices');
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
21
|
+
const authMethod = this.config.get('authMethod');
|
|
22
|
+
const vendorKey = await this.config.getVendorKeyAsync();
|
|
23
|
+
// Determine the correct API base URL:
|
|
24
|
+
// - Auth endpoints -> auth.lanonasis.com
|
|
25
|
+
// - JWT auth (no vendor key) -> mcp.lanonasis.com (supports JWT tokens)
|
|
26
|
+
// - Vendor key auth -> api.lanonasis.com (requires vendor key)
|
|
27
|
+
let apiBaseUrl;
|
|
28
|
+
const useMcpServer = !vendorKey && (authMethod === 'jwt' || authMethod === 'oauth' || authMethod === 'oauth2');
|
|
29
|
+
if (isAuthEndpoint) {
|
|
30
|
+
apiBaseUrl = discoveredServices?.auth_base || 'https://auth.lanonasis.com';
|
|
31
|
+
}
|
|
32
|
+
else if (vendorKey) {
|
|
33
|
+
// Vendor key works with api.lanonasis.com
|
|
34
|
+
apiBaseUrl = this.config.getApiUrl();
|
|
35
|
+
}
|
|
36
|
+
else if (useMcpServer) {
|
|
37
|
+
// JWT/OAuth tokens work with mcp.lanonasis.com
|
|
38
|
+
apiBaseUrl = 'https://mcp.lanonasis.com/api/v1';
|
|
39
|
+
}
|
|
40
|
+
else {
|
|
41
|
+
apiBaseUrl = this.config.getApiUrl();
|
|
42
|
+
}
|
|
43
|
+
config.baseURL = apiBaseUrl;
|
|
44
|
+
// Path translation for MCP server:
|
|
45
|
+
// MCP uses /memory (singular) while main API uses /memories (plural)
|
|
46
|
+
if (useMcpServer && config.url) {
|
|
47
|
+
config.url = config.url.replace(/\/api\/v1\/memories/g, '/memory');
|
|
48
|
+
}
|
|
24
49
|
// Add project scope header for auth endpoints
|
|
25
50
|
if (isAuthEndpoint) {
|
|
26
51
|
config.headers['X-Project-Scope'] = 'lanonasis-maas';
|
|
27
52
|
}
|
|
28
53
|
// Enhanced Authentication Support
|
|
29
54
|
const token = this.config.getToken();
|
|
30
|
-
const vendorKey = await this.config.getVendorKeyAsync();
|
|
31
55
|
if (vendorKey) {
|
|
32
56
|
// Vendor key authentication (validated server-side)
|
|
33
57
|
// Send raw key - server handles hashing for comparison
|
|
@@ -60,17 +84,7 @@ export class APIClient {
|
|
|
60
84
|
const { status, data } = error.response;
|
|
61
85
|
if (status === 401) {
|
|
62
86
|
console.error(chalk.red('✖ Authentication failed'));
|
|
63
|
-
|
|
64
|
-
const authMethod = this.config.get('authMethod');
|
|
65
|
-
if (authMethod === 'oauth') {
|
|
66
|
-
console.log(chalk.yellow('\nNote: OAuth tokens are for MCP integration only.'));
|
|
67
|
-
console.log(chalk.gray('For direct API access, you have two options:'));
|
|
68
|
-
console.log(chalk.gray(' 1. Get a vendor key from the dashboard: ') + chalk.cyan('lanonasis auth login --vendor'));
|
|
69
|
-
console.log(chalk.gray(' 2. Login with username/password: ') + chalk.cyan('lanonasis auth login --credentials'));
|
|
70
|
-
}
|
|
71
|
-
else {
|
|
72
|
-
console.log(chalk.yellow('Please run:'), chalk.white('lanonasis auth login'));
|
|
73
|
-
}
|
|
87
|
+
console.log(chalk.yellow('Please run:'), chalk.white('memory login'));
|
|
74
88
|
process.exit(1);
|
|
75
89
|
}
|
|
76
90
|
if (status === 403) {
|
package/package.json
CHANGED