@lanonasis/cli 3.9.4 → 3.9.6

package/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog - @lanonasis/cli
 
+## [3.9.6] - 2026-02-21
+
+### 🐛 Bug Fixes
+
+- **Reliable Memory Auth Routing**: Memory CRUD and search operations now consistently route through the API gateway (`https://api.lanonasis.com`) to avoid MCP endpoint contract mismatches.
+- **Legacy Endpoint Compatibility**: Added fallback support for deployments that still expose RPC-style memory routes (`/api/v1/memory/*`) when REST routes return `400/405`.
+- **Auth Status Accuracy**: `status` now validates live auth state against the auth verify endpoint before reporting authenticated session state.
+- **OAuth Session Stability**: Requests proactively refresh OAuth/JWT sessions to reduce intermittent `memory login required` errors during long-running CLI usage.
+- **Response Normalization**: Memory get/list/search handlers normalize wrapped gateway responses (`{ data: ... }`) for consistent CLI behavior across environments.
+
+### 📚 Documentation
+
+- Clarified auth flow behavior for vendor keys and bearer tokens.
+- Added release notes for endpoint override guidance and memory transport behavior.
+
 ## [3.9.3] - 2026-02-02
 
 ### ✨ Features

package/README.md

@@ -1,11 +1,11 @@
-# @lanonasis/cli v3.9.3 - Enterprise Security & Professional UX
+# @lanonasis/cli v3.9.6 - Auth Routing & Memory Reliability
 
 [![NPM Version](https://img.shields.io/npm/v/@lanonasis/cli)](https://www.npmjs.com/package/@lanonasis/cli)
 [![Downloads](https://img.shields.io/npm/dt/@lanonasis/cli)](https://www.npmjs.com/package/@lanonasis/cli)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Golden Contract](https://img.shields.io/badge/Onasis--Core-v0.1%20Compliant-gold)](https://api.lanonasis.com/.well-known/onasis.json)
 
-🎉 **NEW IN v3.9.3**: Fixed JWT authentication routing for username/password login, resolved frozen terminal during interactive input, and added non-interactive vendor key authentication (`-k` flag). Professional CLI UX with seamless inline text editing, intelligent MCP connection management, and first-run onboarding.
+🎉 **NEW IN v3.9.6**: Fixed memory auth routing to the API gateway, added compatibility fallbacks for legacy memory endpoints, improved auth status verification, and stabilized OAuth/JWT refresh behavior during CLI memory operations.
 
 ## 🚀 Quick Start
 
@@ -129,23 +129,19 @@ maas memory list
 
 ## 🔐 Security & Authentication
 
-### Enterprise-Grade SHA-256 Security (v3.7.0+)
+### Enterprise-Grade API Key Handling
 
-All API keys are now secured with SHA-256 cryptographic hashing:
+The CLI uses secure local storage and sends credentials in the expected wire format:
 
-- ✅ **Automatic Hash Normalization**: Keys are automatically hashed before transmission
-- ✅ **Double-Hash Prevention**: Smart detection prevents re-hashing already hashed keys
-- ✅ **Cross-Platform Compatibility**: Works seamlessly across Node.js and browser environments
-- ✅ **Zero Configuration**: Security is automatic and transparent
-
-```typescript
-// Hash utilities are built-in and automatic
-// Your vendor keys are automatically secured
-onasis login --vendor-key pk_xxxxx.sk_xxxxx  // ✅ Automatically hashed
-```
+- ✅ **Encrypted At Rest**: Vendor keys are stored in encrypted local storage (keytar when available, encrypted file fallback otherwise).
+- ✅ **Correct On-Wire Format**: Vendor key auth sends the raw vendor key in `X-API-Key` over HTTPS.
+- ✅ **Single Server-Side Hash Validation**: The API validates keys with server-side hashing and does not require client-side hashing.
+- ✅ **Token-First Sessions**: OAuth/JWT sessions use `Authorization: Bearer <token>` and refresh automatically before expiry.
 
 ### Authentication Methods
 
+> Transport note: for memory commands, keep `manualEndpointOverrides=false` so requests route through `https://api.lanonasis.com`.
+
 ### 1. Vendor Key Authentication (Recommended)
 
 Best for API integrations and automation. Copy the vendor key value exactly as shown in your LanOnasis dashboard (keys may vary in format):
@@ -242,6 +238,12 @@ onasis memory list --type context --limit 20
 onasis memory create -t "Project Notes" -c "Important information"
 onasis memory create -t "Reference" --type reference --tags "docs,api"
 
+# Create memory via JSON payload
+onasis memory create --json '{"title":"Design decisions","type":"project","content":"Summary...","tags":["architecture","design"]}'
+
+# Create memory from a file
+onasis memory create -t "Session notes" --content-file ./notes.md
+
 # Create memories (interactive)
 onasis memory create -i                   # Interactive mode with inline editor
 onasis memory create                      # Prompts for missing fields
@@ -258,6 +260,34 @@ onasis memory delete <id>                 # Delete memory
 onasis memory stats                       # Memory statistics
 ```
 
+#### `onasis memory save-session`
+
+Save the current CLI session context (CWD + git branch/status + changed files) as a memory entry so you can persist what you worked on and pick it up later.
+
+- `--test-summary`: Stores a human-readable test result summary (e.g., `Vitest: 53 passed, 1 skipped`) in the saved session memory.
+- `--title`: Sets the memory title (default: `Session summary`).
+- `--type`: Sets the memory type (default: `project`).
+- `--tags`: Comma-separated tags for session metadata (default: `session,cli`).
+
+**Examples**
+```bash
+onasis memory save-session --test-summary "Vitest: 53 passed, 1 skipped"
+onasis memory save-session --title "API client fixes" --type project --tags "session,cli,testing"
+```
+
+See **Session management** below for related commands.
+
+#### Session management
+
+Sessions are stored as memory entries (tagged `session,cli` by default). Related commands:
+
+```bash
+onasis memory save-session
+onasis memory list-sessions
+onasis memory load-session <id>
+onasis memory delete-session <id>
+```
+
 **Create/Update Options:**
 | Short | Long | Description |
 |-------|------|-------------|
@@ -266,6 +296,8 @@ onasis memory stats                       # Memory statistics
 | `-i` | `--interactive` | Interactive mode |
 | | `--type` | Memory type (context, project, knowledge, etc.) |
 | | `--tags` | Comma-separated tags |
+| | `--json` | JSON payload (title, content, type/memory_type, tags, topic_id) |
+| | `--content-file` | Read content from a file |
 
 ### Topic Management
 
@@ -637,4 +669,3 @@ The CLI will show the authorization URL - copy and paste it into your browser ma
 
 **Token refresh failed:**
 Run `onasis auth login` to re-authenticate.
-

package/dist/commands/config.js

@@ -11,11 +11,13 @@ export function configCommands(program) {
         .action(async (key, value) => {
         const config = new CLIConfig();
         await config.init();
+        let shouldSave = true;
         // Handle special cases
         switch (key) {
             case 'api-url':
                 await config.setApiUrl(value);
                 console.log(chalk.green('✓ API URL updated:'), value);
+                shouldSave = false; // setApiUrl already persists
                 break;
             case 'ai-integration':
                 if (value === 'claude-mcp') {
@@ -42,11 +44,19 @@ export function configCommands(program) {
                 config.set('mcpServerUrl', value);
                 console.log(chalk.green('✓ MCP server URL updated:'), value);
                 break;
+            case 'force-api':
+                config.set('forceApi', value === 'true');
+                config.set('connectionTransport', value === 'true' ? 'api' : 'auto');
+                console.log(chalk.green('✓ Force direct API mode:'), value === 'true' ? 'enabled' : 'disabled');
+                break;
             default:
                 // Generic config set
                 config.set(key, value);
                 console.log(chalk.green(`✓ ${key} set to:`), value);
         }
+        if (shouldSave) {
+            await config.save();
+        }
     });
     // Generic config get command
     program
@@ -101,6 +111,7 @@ export function configCommands(program) {
             { key: 'mcp-use-remote', description: 'Use remote MCP server', current: config.get('mcpUseRemote') || false },
             { key: 'mcp-server-path', description: 'Local MCP server path', current: config.get('mcpServerPath') || 'default' },
             { key: 'mcp-server-url', description: 'Remote MCP server URL', current: config.get('mcpServerUrl') || 'https://mcp.lanonasis.com' },
+            { key: 'force-api', description: 'Force direct API transport', current: config.get('forceApi') || false },
             { key: 'mcpEnabled', description: 'MCP integration enabled', current: config.get('mcpEnabled') || false }
         ];
         configOptions.forEach(opt => {

package/dist/commands/memory.js

@@ -8,6 +8,30 @@ import { apiClient } from '../utils/api.js';
 import { formatBytes, truncateText } from '../utils/formatting.js';
 import { CLIConfig } from '../utils/config.js';
 import { createTextInputHandler } from '../ux/index.js';
+import * as fs from 'fs/promises';
+import { exec as execCb } from 'node:child_process';
+import { promisify } from 'node:util';
+const exec = promisify(execCb);
+const MEMORY_TYPE_CHOICES = [
+    'context',
+    'project',
+    'knowledge',
+    'reference',
+    'personal',
+    'workflow',
+];
+const coerceMemoryType = (value) => {
+    if (typeof value !== 'string')
+        return undefined;
+    const normalized = value.trim().toLowerCase();
+    // Backward compatibility for older docs/examples.
+    if (normalized === 'conversation')
+        return 'context';
+    if (MEMORY_TYPE_CHOICES.includes(normalized)) {
+        return normalized;
+    }
+    return undefined;
+};
 const resolveInputMode = async () => {
     const config = new CLIConfig();
     await config.init();
@@ -41,13 +65,53 @@ export function memoryCommands(program) {
         .description('Create a new memory entry')
         .option('-t, --title <title>', 'memory title')
         .option('-c, --content <content>', 'memory content')
-        .option('--type <type>', 'memory type (conversation, knowledge, project, context, reference)', 'context')
+        .option('--type <type>', `memory type (${MEMORY_TYPE_CHOICES.join(', ')})`)
         .option('--tags <tags>', 'comma-separated tags')
         .option('--topic-id <id>', 'topic ID')
         .option('-i, --interactive', 'interactive mode')
+        .option('--json <json>', 'JSON payload (title, content, type/memory_type, tags[], topic_id)')
+        .option('--content-file <path>', 'Read memory content from a file (overrides --content)')
         .action(async (options) => {
         try {
-            let { title, content, type, tags, topicId, interactive } = options;
+            let { title, content, type, tags, topicId, interactive, json, contentFile } = options;
+            // 1) JSON payload (optional)
+            if (json) {
+                let parsed;
+                try {
+                    parsed = JSON.parse(json);
+                }
+                catch (err) {
+                    const msg = err instanceof Error ? err.message : 'Invalid JSON';
+                    throw new Error(`Invalid --json payload: ${msg}`);
+                }
+                if (!title && typeof parsed.title === 'string')
+                    title = parsed.title;
+                if (!content && typeof parsed.content === 'string')
+                    content = parsed.content;
+                const parsedType = parsed.memory_type ?? parsed.type;
+                if (!type && parsedType !== undefined) {
+                    const coerced = coerceMemoryType(parsedType);
+                    if (!coerced) {
+                        throw new Error(`Invalid memory type in --json payload. Expected one of: ${MEMORY_TYPE_CHOICES.join(', ')}`);
+                    }
+                    type = coerced;
+                }
+                if (!tags) {
+                    if (Array.isArray(parsed.tags)) {
+                        tags = parsed.tags.map((t) => String(t)).join(',');
+                    }
+                    else if (typeof parsed.tags === 'string') {
+                        tags = parsed.tags;
+                    }
+                }
+                const parsedTopic = parsed.topic_id ?? parsed.topicId;
+                if (!topicId && typeof parsedTopic === 'string')
+                    topicId = parsedTopic;
+            }
+            // 2) Content file (optional)
+            if (contentFile) {
+                content = await fs.readFile(contentFile, 'utf-8');
+            }
             if (interactive || (!title || !content)) {
                 const inputMode = await resolveInputMode();
                 const answers = await inquirer.prompt([
@@ -62,7 +126,7 @@ export function memoryCommands(program) {
                         type: 'list',
                         name: 'type',
                         message: 'Memory type:',
-                        choices: ['conversation', 'knowledge', 'project', 'context', 'reference'],
+                        choices: [...MEMORY_TYPE_CHOICES],
                         default: type || 'context',
                     },
                     {
@@ -86,11 +150,12 @@ export function memoryCommands(program) {
             if (!content || content.trim().length === 0) {
                 throw new Error('Content is required');
             }
+            const resolvedType = type ?? 'context';
             const spinner = ora('Creating memory...').start();
             const memoryData = {
                 title,
                 content,
-                memory_type: type
+                memory_type: resolvedType
             };
             if (tags) {
                 memoryData.tags = tags.split(',').map((tag) => tag.trim()).filter(Boolean);
@@ -115,6 +180,211 @@ export function memoryCommands(program) {
             process.exit(1);
         }
     });
+    // Save current working session context as a memory
+    program
+        .command('save-session')
+        .description('Save current session context (git branch/status + optional test summary) as a memory')
+        .option('-t, --title <title>', 'memory title', 'Session summary')
+        .option('--type <type>', `memory type (${MEMORY_TYPE_CHOICES.join(', ')})`, 'project')
+        .option('--tags <tags>', 'comma-separated tags', 'session,cli')
+        .option('--test-summary <text>', 'Optional test summary to include')
+        .action(async (options) => {
+        try {
+            const spinner = ora('Collecting session info...').start();
+            const cwd = process.cwd();
+            const runGit = async (cmd) => {
+                try {
+                    const { stdout } = await exec(cmd, { cwd });
+                    return String(stdout || '').trim();
+                }
+                catch {
+                    return null;
+                }
+            };
+            const branch = await runGit('git rev-parse --abbrev-ref HEAD');
+            const status = await runGit('git status --porcelain');
+            const changedFiles = status
+                ? status
+                    .split('\n')
+                    .map((line) => line.trim())
+                    .filter(Boolean)
+                    .map((line) => line.replace(/^.. /, ''))
+                : [];
+            const lines = [];
+            lines.push(`# Session Summary`);
+            lines.push('');
+            lines.push(`- Date: ${new Date().toISOString()}`);
+            lines.push(`- CWD: ${cwd}`);
+            if (branch)
+                lines.push(`- Git branch: ${branch}`);
+            lines.push('');
+            lines.push('## Changes');
+            if (changedFiles.length === 0) {
+                lines.push('No uncommitted changes detected (or git not available).');
+            }
+            else {
+                lines.push(changedFiles.map((f) => `- ${f}`).join('\n'));
+            }
+            lines.push('');
+            if (options.testSummary) {
+                lines.push('## Test Summary');
+                lines.push(options.testSummary);
+                lines.push('');
+            }
+            spinner.text = 'Saving session memory...';
+            const resolvedType = coerceMemoryType(options.type) ?? 'project';
+            const memoryData = {
+                title: options.title || 'Session summary',
+                content: lines.join('\n'),
+                memory_type: resolvedType
+            };
+            if (options.tags) {
+                memoryData.tags = options.tags.split(',').map((t) => t.trim()).filter(Boolean);
+            }
+            const memory = await apiClient.createMemory(memoryData);
+            spinner.succeed('Session saved');
+            console.log();
+            console.log(chalk.green('✓ Memory created:'));
+            console.log(`  ID: ${chalk.cyan(memory.id)}`);
+            console.log(`  Title: ${memory.title}`);
+            console.log(`  Type: ${memory.memory_type}`);
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            console.error(chalk.red('✖ Failed to save session:'), errorMessage);
+            process.exit(1);
+        }
+    });
+    // Session management helpers (sessions are stored as memory entries tagged `session,cli` by default)
+    program
+        .command('list-sessions')
+        .description('List saved CLI sessions (memories tagged session,cli by default)')
+        .option('-p, --page <page>', 'page number', '1')
+        .option('-l, --limit <limit>', 'number of entries per page', '20')
+        .option('--type <type>', 'filter by memory type', 'project')
+        .option('--tags <tags>', 'filter by tags (comma-separated)', 'session,cli')
+        .option('--sort <field>', 'sort by field (created_at, updated_at, title, last_accessed)', 'created_at')
+        .option('--order <order>', 'sort order (asc, desc)', 'desc')
+        .action(async (options) => {
+        try {
+            const spinner = ora('Fetching sessions...').start();
+            const params = {
+                page: parseInt(options.page || '1'),
+                limit: parseInt(options.limit || '20'),
+                sort: options.sort || 'created_at',
+                order: options.order || 'desc'
+            };
+            if (options.type)
+                params.memory_type = options.type;
+            if (options.tags)
+                params.tags = options.tags;
+            const result = await apiClient.getMemories(params);
+            spinner.stop();
+            const memories = result.memories || result.data || [];
+            if (memories.length === 0) {
+                console.log(chalk.yellow('No sessions found'));
+                return;
+            }
+            console.log(chalk.blue.bold(`\n📚 Sessions (${result.pagination.total} total)`));
+            console.log(chalk.gray(`Page ${result.pagination.page || 1} of ${result.pagination.pages || Math.ceil(result.pagination.total / result.pagination.limit)}`));
+            console.log();
+            const outputFormat = process.env.CLI_OUTPUT_FORMAT || 'table';
+            if (outputFormat === 'json') {
+                console.log(JSON.stringify(result, null, 2));
+                return;
+            }
+            const tableData = memories.map((memory) => [
+                truncateText(memory.title, 30),
+                memory.memory_type,
+                memory.tags.slice(0, 3).join(', '),
+                format(new Date(memory.created_at), 'MMM dd, yyyy'),
+                memory.access_count
+            ]);
+            const tableConfig = {
+                header: ['Title', 'Type', 'Tags', 'Created', 'Access'],
+                columnDefault: {
+                    width: 20,
+                    wrapWord: true
+                },
+                columns: [
+                    { width: 30 },
+                    { width: 12 },
+                    { width: 20 },
+                    { width: 12 },
+                    { width: 8 }
+                ]
+            };
+            console.log(table([tableConfig.header, ...tableData], {
+                columnDefault: tableConfig.columnDefault,
+                columns: tableConfig.columns
+            }));
+            if (result.pagination.pages > 1) {
+                console.log(chalk.gray(`\nUse --page ${result.pagination.page + 1} for next page`));
+            }
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            console.error(chalk.red('✖ Failed to list sessions:'), errorMessage);
+            process.exit(1);
+        }
+    });
+    program
+        .command('load-session')
+        .description('Load a saved session by memory ID (prints the saved session context)')
+        .argument('<id>', 'session memory ID')
+        .action(async (id) => {
+        try {
+            const spinner = ora('Loading session...').start();
+            const memory = await apiClient.getMemory(id);
+            spinner.stop();
+            const outputFormat = process.env.CLI_OUTPUT_FORMAT || 'text';
+            if (outputFormat === 'json') {
+                console.log(JSON.stringify(memory, null, 2));
+                return;
+            }
+            console.log(chalk.blue.bold('\n📌 Session'));
+            console.log(chalk.gray(`${memory.title} (${memory.id})`));
+            console.log();
+            console.log(memory.content);
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            console.error(chalk.red('✖ Failed to load session:'), errorMessage);
+            process.exit(1);
+        }
+    });
+    program
+        .command('delete-session')
+        .description('Delete a saved session by memory ID')
+        .argument('<id>', 'session memory ID')
+        .option('-f, --force', 'skip confirmation')
+        .action(async (id, options) => {
+        try {
+            if (!options.force) {
+                const memory = await apiClient.getMemory(id);
+                const answer = await inquirer.prompt([
+                    {
+                        type: 'confirm',
+                        name: 'confirm',
+                        message: `Are you sure you want to delete session "${memory.title}"?`,
+                        default: false
+                    }
+                ]);
+                if (!answer.confirm) {
+                    console.log(chalk.yellow('Deletion cancelled'));
+                    return;
+                }
+            }
+            const spinner = ora('Deleting session...').start();
+            await apiClient.deleteMemory(id);
+            spinner.succeed('Session deleted successfully');
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            console.error(chalk.red('✖ Failed to delete session:'), errorMessage);
+            process.exit(1);
+        }
+    });
     // List memories
     program
         .command('list')
@@ -294,7 +564,7 @@ export function memoryCommands(program) {
         .argument('<id>', 'memory ID')
         .option('-t, --title <title>', 'new title')
         .option('-c, --content <content>', 'new content')
-        .option('--type <type>', 'new memory type')
+        .option('--type <type>', `new memory type (${MEMORY_TYPE_CHOICES.join(', ')})`)
         .option('--tags <tags>', 'new tags (comma-separated)')
         .option('-i, --interactive', 'interactive mode')
         .action(async (id, options) => {
@@ -317,7 +587,7 @@ export function memoryCommands(program) {
                         type: 'list',
                         name: 'type',
                         message: 'Memory type:',
-                        choices: ['conversation', 'knowledge', 'project', 'context', 'reference'],
+                        choices: [...MEMORY_TYPE_CHOICES],
                         default: currentMemory.memory_type,
                     },
                     {

package/dist/index-simple.js

@@ -64,12 +64,23 @@ program
         process.env.MEMORY_API_URL = opts.apiUrl;
     }
     process.env.CLI_OUTPUT_FORMAT = opts.output;
+    const forceApiFromEnv = process.env.LANONASIS_FORCE_API === 'true' ||
+        process.env.CLI_FORCE_API === 'true' ||
+        process.env.ONASIS_FORCE_API === 'true';
+    const forceApiFromConfig = cliConfig.get('forceApi') === true ||
+        cliConfig.get('connectionTransport') === 'api';
+    const forceDirectApi = forceApiFromEnv || forceApiFromConfig || opts.mcp === false;
+    if (forceDirectApi) {
+        process.env.LANONASIS_FORCE_API = 'true';
+    }
     // Auto-initialize MCP unless disabled
     const isMcpFlow = actionCommand.name() === 'mcp' ||
         actionCommand.parent?.name?.() === 'mcp' ||
         actionCommand.name() === 'mcp-server' ||
         actionCommand.parent?.name?.() === 'mcp-server';
-    if (opts.mcp !== false && !isMcpFlow && !['init', 'auth', 'login', 'health', 'status'].includes(actionCommand.name())) {
+    const isConfigFlow = actionCommand.name() === 'config' ||
+        actionCommand.parent?.name?.() === 'config';
+    if (!forceDirectApi && !isMcpFlow && !isConfigFlow && !['init', 'auth', 'login', 'health', 'status'].includes(actionCommand.name())) {
         try {
             const client = getMCPClient();
             if (!client.isConnectedToServer()) {
@@ -87,6 +98,9 @@ program
             }
         }
     }
+    else if (forceDirectApi && process.env.CLI_VERBOSE === 'true') {
+        console.log(colors.muted('MCP auto-connect skipped (force direct API enabled)'));
+    }
 });
 // Enhanced global error handler
 process.on('uncaughtException', (error) => {
@@ -324,11 +338,10 @@ const topicCmd = program
     .description('Topic management commands');
 requireAuth(topicCmd);
 topicCommands(topicCmd);
-// Configuration commands (require auth)
+// Configuration commands (no auth required)
 const configCmd = program
     .command('config')
     .description('Configuration management');
-requireAuth(configCmd);
 configCommands(configCmd);
 // Organization commands (require auth)
 const orgCmd = program
@@ -540,18 +553,30 @@ program
     .action(async () => {
     // Initialize config first
     await cliConfig.init();
-    const isAuth = await cliConfig.isAuthenticated();
+    const verification = await cliConfig.verifyCurrentCredentialsWithServer().catch((error) => ({
+        valid: false,
+        method: 'none',
+        endpoint: undefined,
+        reason: error instanceof Error ? error.message : String(error)
+    }));
+    const isAuth = verification.valid;
     const apiUrl = cliConfig.getApiUrl();
     console.log(chalk.blue.bold('MaaS CLI Status'));
     console.log(`API URL: ${apiUrl}`);
     console.log(`Authenticated: ${isAuth ? chalk.green('Yes') : chalk.red('No')}`);
+    if (process.env.CLI_VERBOSE === 'true' && verification.endpoint) {
+        console.log(`Verified via: ${verification.endpoint}`);
+    }
     if (isAuth) {
         const user = await cliConfig.getCurrentUser();
         if (user) {
             console.log(`User: ${user.email}`);
             console.log(`Plan: ${user.plan}`);
         }
+        return;
     }
+    console.log(chalk.yellow(`Auth check: ${verification.reason || 'Credential validation failed'}`));
+    console.log(chalk.yellow('Please run:'), chalk.white('lanonasis auth login'));
 });
 // Health command using the healthCheck function
 program