@lanonasis/cli 3.9.5 → 3.9.7

package/dist/mcp/schemas/tool-schemas.js

@@ -22,7 +22,7 @@ export const MemoryCreateSchema = z.object({
         .uuid()
         .optional()
         .describe("Optional topic ID for organization"),
-    metadata: z.record(z.any())
+    metadata: z.record(z.string(), z.any())
         .optional()
         .describe("Additional metadata")
 });
@@ -71,7 +71,7 @@ export const MemoryUpdateSchema = z.object({
     tags: z.array(z.string())
         .optional()
         .describe("New tags (replaces existing)"),
-    metadata: z.record(z.any())
+    metadata: z.record(z.string(), z.any())
         .optional()
         .describe("New metadata (merges with existing)")
 });
@@ -229,7 +229,7 @@ export const BulkOperationSchema = z.object({
         .describe("Bulk operation type"),
     entity_type: z.enum(["memory", "topic", "apikey"])
         .describe("Entity type for bulk operation"),
-    items: z.array(z.record(z.any()))
+    items: z.array(z.record(z.string(), z.any()))
         .min(1)
         .max(100)
         .describe("Items for bulk operation"),
@@ -249,7 +249,7 @@ export const ImportExportSchema = z.object({
     file_path: z.string()
         .optional()
         .describe("File path for import/export"),
-    filters: z.record(z.any())
+    filters: z.record(z.string(), z.any())
         .optional()
         .describe("Filters for export")
 });
@@ -257,7 +257,7 @@ export const ImportExportSchema = z.object({
 export const ToolExecutionSchema = z.object({
     tool_name: z.string()
         .describe("Name of the tool to execute"),
-    arguments: z.record(z.any())
+    arguments: z.record(z.string(), z.any())
         .describe("Tool arguments"),
     timeout: z.number()
         .positive()
@@ -308,7 +308,7 @@ export class SchemaValidator {
         }
         catch (error) {
             if (error instanceof z.ZodError) {
-                throw new Error(`Validation error: ${error.errors
+                throw new Error(`Validation error: ${error.issues
                     .map(e => `${e.path.join('.')}: ${e.message}`)
                     .join(', ')}`);
             }
@@ -326,7 +326,7 @@ export class SchemaValidator {
         else {
             return {
                 success: false,
-                errors: result.error.errors.map(e => `${e.path.join('.')}: ${e.message}`)
+                errors: result.error.issues.map(e => `${e.path.join('.')}: ${e.message}`)
             };
         }
     }

package/dist/utils/api.d.ts

@@ -149,10 +149,29 @@ export interface ApiErrorResponse {
     status_code: number;
     details?: Record<string, unknown>;
 }
+export interface UserProfile {
+    id: string;
+    email: string;
+    name: string | null;
+    avatar_url: string | null;
+    role: string;
+    provider: string | null;
+    project_scope: string | null;
+    platform: string | null;
+    created_at: string | null;
+    last_sign_in_at: string | null;
+    metadata?: {
+        locale: string | null;
+        timezone: string | null;
+    };
+}
 export declare class APIClient {
     private client;
     private config;
+    /** When true, throw on 401/403 instead of printing+exiting (for callers that handle errors) */
+    noExit: boolean;
     private normalizeMemoryEntry;
+    private shouldUseLegacyMemoryRpcFallback;
     constructor();
     login(email: string, password: string): Promise<AuthResponse>;
     register(email: string, password: string, organizationName?: string): Promise<AuthResponse>;
@@ -170,6 +189,12 @@ export declare class APIClient {
     updateTopic(id: string, data: UpdateTopicRequest): Promise<MemoryTopic>;
     deleteTopic(id: string): Promise<void>;
     getHealth(): Promise<HealthStatus>;
+    /**
+     * Fetch the current user's profile from the auth gateway (GET /v1/auth/me).
+     * Works for all auth methods: OAuth Bearer token, vendor key (X-API-Key), and JWT.
+     * The /auth/ prefix causes the request interceptor to route this to auth_base.
+     */
+    getUserProfile(): Promise<UserProfile>;
     get<T = any>(url: string, config?: AxiosRequestConfig): Promise<T>;
     post<T = any>(url: string, data?: any, config?: AxiosRequestConfig): Promise<T>;
     put<T = any>(url: string, data?: any, config?: AxiosRequestConfig): Promise<T>;

package/dist/utils/api.js

@@ -5,6 +5,8 @@ import { CLIConfig } from './config.js';
 export class APIClient {
     client;
     config;
+    /** When true, throw on 401/403 instead of printing+exiting (for callers that handle errors) */
+    noExit = false;
     normalizeMemoryEntry(payload) {
         // API responses are inconsistent across gateways:
         // - Some return the memory entry directly
@@ -25,6 +27,21 @@ export class APIClient {
         }
         return payload;
     }
+    shouldUseLegacyMemoryRpcFallback(error) {
+        const status = error?.response?.status;
+        const errorData = error?.response?.data;
+        const message = `${errorData?.error || ''} ${errorData?.message || ''}`.toLowerCase();
+        if (status === 405) {
+            return true;
+        }
+        if (status === 400 && message.includes('memory id is required')) {
+            return true;
+        }
+        if (status === 400 && message.includes('method not allowed')) {
+            return true;
+        }
+        return false;
+    }
     constructor() {
         this.config = new CLIConfig();
         this.client = axios.create({
@@ -43,12 +60,14 @@ export class APIClient {
             const authMethod = this.config.get('authMethod');
             const vendorKey = await this.config.getVendorKeyAsync();
             const token = this.config.getToken();
+            const isMemoryEndpoint = typeof config.url === 'string' && config.url.startsWith('/api/v1/memories');
             const forceApiFromEnv = process.env.LANONASIS_FORCE_API === 'true'
                 || process.env.CLI_FORCE_API === 'true'
                 || process.env.ONASIS_FORCE_API === 'true';
             const forceApiFromConfig = this.config.get('forceApi') === true
                 || this.config.get('connectionTransport') === 'api';
-            const forceDirectApi = forceApiFromEnv || forceApiFromConfig;
+            // Memory CRUD/search endpoints should always use the API gateway path.
+            const forceDirectApi = forceApiFromEnv || forceApiFromConfig || isMemoryEndpoint;
             const prefersTokenAuth = Boolean(token) && (authMethod === 'jwt' || authMethod === 'oauth' || authMethod === 'oauth2');
             const useVendorKeyAuth = Boolean(vendorKey) && !prefersTokenAuth;
             // Determine the correct API base URL:
@@ -131,11 +150,21 @@ export class APIClient {
             if (error.response) {
                 const { status, data } = error.response;
                 if (status === 401) {
+                    // Invalidate the local auth cache so the next isAuthenticated() call
+                    // performs a fresh server check rather than returning a stale result.
+                    this.config.invalidateAuthCache().catch(() => { });
+                    if (this.noExit) {
+                        // Caller handles the error (e.g. auth status probe) — throw so try/catch fires
+                        return Promise.reject(error);
+                    }
                     console.error(chalk.red('✖ Authentication failed'));
                     console.log(chalk.yellow('Please run:'), chalk.white('lanonasis auth login'));
                     process.exit(1);
                 }
                 if (status === 403) {
+                    if (this.noExit) {
+                        return Promise.reject(error);
+                    }
                     console.error(chalk.red('✖ Permission denied'));
                     if (data.message) {
                         console.error(chalk.gray(data.message));
@@ -183,11 +212,91 @@ export class APIClient {
             return response.data;
         }
         catch (error) {
-            // Backward-compatible fallback: newer API contracts may reject GET list and prefer search-only.
+            // Backward-compatible fallback: newer API contracts may reject GET list.
             if (error?.response?.status === 405) {
                 const limit = Number(params.limit || 20);
                 const page = Number(params.page || 1);
                 const offset = Number(params.offset ?? Math.max(0, (page - 1) * limit));
+                // Preferred fallback: POST list endpoint (avoids triggering vector search for plain listings).
+                const listPayload = {
+                    limit,
+                    offset
+                };
+                if (params.memory_type) {
+                    listPayload.memory_type = params.memory_type;
+                }
+                if (params.tags) {
+                    listPayload.tags = Array.isArray(params.tags)
+                        ? params.tags
+                        : String(params.tags).split(',').map((tag) => tag.trim()).filter(Boolean);
+                }
+                if (params.topic_id) {
+                    listPayload.topic_id = params.topic_id;
+                }
+                if (params.user_id) {
+                    listPayload.user_id = params.user_id;
+                }
+                if (params.sort || params.sort_by) {
+                    listPayload.sort_by = params.sort_by || params.sort;
+                }
+                if (params.order || params.sort_order) {
+                    listPayload.sort_order = params.sort_order || params.order;
+                }
+                for (const endpoint of ['/api/v1/memories/list', '/api/v1/memory/list']) {
+                    try {
+                        const listResponse = await this.client.post(endpoint, listPayload);
+                        const payload = listResponse.data || {};
+                        const resultsArray = Array.isArray(payload.data)
+                            ? payload.data
+                            : Array.isArray(payload.memories)
+                                ? payload.memories
+                                : Array.isArray(payload.results)
+                                    ? payload.results
+                                    : [];
+                        const memories = resultsArray.map((entry) => this.normalizeMemoryEntry(entry));
+                        const pagination = (payload.pagination && typeof payload.pagination === 'object')
+                            ? payload.pagination
+                            : {};
+                        const total = Number.isFinite(Number(pagination.total))
+                            ? Number(pagination.total)
+                            : Number.isFinite(Number(payload.total))
+                                ? Number(payload.total)
+                                : memories.length;
+                        const pages = Number.isFinite(Number(pagination.total_pages))
+                            ? Number(pagination.total_pages)
+                            : Number.isFinite(Number(pagination.pages))
+                                ? Number(pagination.pages)
+                                : Math.max(1, Math.ceil(total / limit));
+                        const currentPage = Number.isFinite(Number(pagination.page))
+                            ? Number(pagination.page)
+                            : Math.max(1, Math.floor(offset / limit) + 1);
+                        const hasMore = typeof pagination.has_more === 'boolean'
+                            ? pagination.has_more
+                            : typeof pagination.has_next === 'boolean'
+                                ? pagination.has_next
+                                : (offset + memories.length) < total;
+                        return {
+                            ...payload,
+                            data: memories,
+                            memories,
+                            pagination: {
+                                total,
+                                limit,
+                                offset,
+                                has_more: hasMore,
+                                page: currentPage,
+                                pages
+                            }
+                        };
+                    }
+                    catch (listError) {
+                        if (listError?.response?.status === 404 || listError?.response?.status === 405) {
+                            continue;
+                        }
+                        throw listError;
+                    }
+                }
+                // Secondary fallback: search endpoint for legacy contracts that expose only search.
                 const searchPayload = {
                     query: '*',
                     limit,
@@ -251,15 +360,51 @@ export class APIClient {
         }
     }
     async getMemory(id) {
-        const response = await this.client.get(`/api/v1/memories/${id}`);
-        return this.normalizeMemoryEntry(response.data);
+        try {
+            const response = await this.client.get(`/api/v1/memories/${id}`);
+            return this.normalizeMemoryEntry(response.data);
+        }
+        catch (error) {
+            if (this.shouldUseLegacyMemoryRpcFallback(error)) {
+                const fallback = await this.client.post('/api/v1/memory/get', { id });
+                const payload = fallback.data && typeof fallback.data === 'object'
+                    ? fallback.data.data ?? fallback.data
+                    : fallback.data;
+                return this.normalizeMemoryEntry(payload);
+            }
+            throw error;
+        }
     }
     async updateMemory(id, data) {
-        const response = await this.client.put(`/api/v1/memories/${id}`, data);
-        return this.normalizeMemoryEntry(response.data);
+        try {
+            const response = await this.client.put(`/api/v1/memories/${id}`, data);
+            return this.normalizeMemoryEntry(response.data);
+        }
+        catch (error) {
+            if (this.shouldUseLegacyMemoryRpcFallback(error)) {
+                const fallback = await this.client.post('/api/v1/memory/update', {
+                    id,
+                    ...data
+                });
+                const payload = fallback.data && typeof fallback.data === 'object'
+                    ? fallback.data.data ?? fallback.data
+                    : fallback.data;
+                return this.normalizeMemoryEntry(payload);
+            }
+            throw error;
+        }
     }
     async deleteMemory(id) {
-        await this.client.delete(`/api/v1/memories/${id}`);
+        try {
+            await this.client.delete(`/api/v1/memories/${id}`);
+        }
+        catch (error) {
+            if (this.shouldUseLegacyMemoryRpcFallback(error)) {
+                await this.client.post('/api/v1/memory/delete', { id });
+                return;
+            }
+            throw error;
+        }
     }
     async searchMemories(query, options = {}) {
         const response = await this.client.post('/api/v1/memories/search', {
@@ -303,6 +448,15 @@ export class APIClient {
         const response = await this.client.get('/health');
         return response.data;
     }
+    /**
+     * Fetch the current user's profile from the auth gateway (GET /v1/auth/me).
+     * Works for all auth methods: OAuth Bearer token, vendor key (X-API-Key), and JWT.
+     * The /auth/ prefix causes the request interceptor to route this to auth_base.
+     */
+    async getUserProfile() {
+        const response = await this.client.get('/v1/auth/me');
+        return response.data;
+    }
     // Generic HTTP methods
     async get(url, config) {
         const response = await this.client.get(url, config);

package/dist/utils/config.d.ts

@@ -34,6 +34,12 @@ interface CLIConfigData {
     lastAuthFailure?: string | undefined;
     [key: string]: unknown;
 }
+export type RemoteAuthVerification = {
+    valid: boolean;
+    method: 'token' | 'vendor_key' | 'none';
+    endpoint?: string;
+    reason?: string;
+};
 export declare class CLIConfig {
     private configDir;
     private configPath;
@@ -70,11 +76,25 @@ export declare class CLIConfig {
     private resolveFallbackEndpoints;
     private logFallbackUsage;
     private pingAuthHealth;
+    private getAuthVerificationEndpoints;
+    private extractAuthErrorMessage;
+    private verifyTokenWithAuthGateway;
+    private verifyVendorKeyWithAuthGateway;
+    verifyCurrentCredentialsWithServer(): Promise<RemoteAuthVerification>;
     setManualEndpoints(endpoints: Partial<CLIConfigData['discoveredServices']>): Promise<void>;
     hasManualEndpointOverrides(): boolean;
+    /**
+     * Clears the in-memory auth cache and removes the `lastValidated` timestamp.
+     * Called after a definitive 401 from the memory API so that the next
+     * `isAuthenticated()` call performs a fresh server verification rather than
+     * returning a stale cached result.
+     */
+    invalidateAuthCache(): Promise<void>;
     clearManualEndpointOverrides(): Promise<void>;
     getDiscoveredApiUrl(): string;
-    setVendorKey(vendorKey: string): Promise<void>;
+    setVendorKey(vendorKey: string, options?: {
+        skipServerValidation?: boolean;
+    }): Promise<void>;
     validateVendorKeyFormat(vendorKey: string): string | boolean;
     private validateVendorKeyWithServer;
     getVendorKey(): string | undefined;