@lumoai/cli 1.4.0 → 1.5.1

package/dist/cli/src/commands/doc-move.js

@@ -5,6 +5,7 @@ const config_1 = require("../lib/config");
 const api_1 = require("../lib/api");
 const resolve_doc_1 = require("../lib/resolve-doc");
 const doc_sort_order_1 = require("../lib/doc-sort-order");
+const sanitize_1 = require("../lib/sanitize");
 async function docMove(reference, opts) {
     if (!reference) {
         console.error('Error: usage: lumo doc move <doc> --parent <doc> | --root');
@@ -25,8 +26,7 @@ async function docMove(reference, opts) {
         console.error('Error: not logged in. Run `lumo auth login` first.');
         return 1;
     }
-    const envUrl = process.env.LUMO_API_URL?.trim();
-    const apiUrl = envUrl && envUrl.length > 0 ? envUrl : creds.apiUrl;
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
     const listUrl = `${(0, api_1.trimTrailingSlash)(apiUrl)}/api/documents`;
     let listRes;
     try {
@@ -40,7 +40,7 @@ async function docMove(reference, opts) {
     }
     if (!listRes.ok) {
         const text = await listRes.text();
-        console.error(`Error: ${listRes.status} ${listRes.statusText}: ${text}`);
+        console.error(`Error: ${listRes.status} ${listRes.statusText}: ${(0, sanitize_1.sanitizeField)(text)}`);
         return 1;
     }
     const { documents } = (await listRes.json());
@@ -48,7 +48,7 @@ async function docMove(reference, opts) {
     if (docMatch.kind === 'ambiguous') {
         console.error(`Error: title "${reference}" matches ${docMatch.candidates.length} docs:`);
         for (const c of docMatch.candidates) {
-            console.error(`  ${c.id}  ${c.title}`);
+            console.error(`  ${c.id}  ${(0, sanitize_1.sanitizeField)(c.title)}`);
         }
         console.error('Re-run with the cuid.');
         return 1;
@@ -65,7 +65,7 @@ async function docMove(reference, opts) {
         if (parentMatch.kind === 'ambiguous') {
             console.error(`Error: --parent "${opts.parent}" matches ${parentMatch.candidates.length} docs:`);
             for (const c of parentMatch.candidates) {
-                console.error(`  ${c.id}  ${c.title}`);
+                console.error(`  ${c.id}  ${(0, sanitize_1.sanitizeField)(c.title)}`);
             }
             console.error('Re-run with the cuid.');
             return 1;
@@ -76,7 +76,7 @@ async function docMove(reference, opts) {
         }
         const parentRow = documents.find(d => d.id === parentMatch.doc.id);
         newParentId = parentRow.id;
-        parentTitleForOutput = `"${parentRow.title.replace(/"/g, '\\"')}"`;
+        parentTitleForOutput = `"${(0, sanitize_1.sanitizeField)(parentRow.title).replace(/"/g, '\\"')}"`;
     }
     const siblings = documents.filter(d => d.parentId === newParentId && d.id !== docRow.id);
     const sortOrder = (0, doc_sort_order_1.pickNextSortOrder)(siblings);
@@ -105,9 +105,9 @@ async function docMove(reference, opts) {
                 msg = json.error;
         }
         catch { }
-        console.error(`Error: ${moveRes.status} ${moveRes.statusText}: ${msg}`);
+        console.error(`Error: ${moveRes.status} ${moveRes.statusText}: ${(0, sanitize_1.sanitizeField)(msg)}`);
         return 1;
     }
-    const escapedDocTitle = docRow.title.replace(/"/g, '\\"');
+    const escapedDocTitle = (0, sanitize_1.sanitizeField)(docRow.title).replace(/"/g, '\\"');
     console.log(`Moved ${docRow.id} "${escapedDocTitle}" → ${parentTitleForOutput}`);
 }

package/dist/cli/src/commands/doc-share-list.js

@@ -6,14 +6,18 @@ const config_1 = require("../lib/config");
 const api_1 = require("../lib/api");
 const resolve_doc_id_1 = require("../lib/resolve-doc-id");
 const resolve_member_1 = require("../lib/resolve-member");
+const sanitize_1 = require("../lib/sanitize");
 function formatShareListRows(rows) {
     if (rows.length === 0)
         return [];
-    const nameWidth = Math.max(...rows.map(r => r.displayName.length));
-    return rows.map(r => {
-        const name = r.displayName.padEnd(nameWidth, ' ');
-        return `${name}  ${r.role}`;
-    });
+    // Sanitize first, then measure/pad off the sanitized string so the
+    // column width matches the printed cell (control chars stripped).
+    const sanitized = rows.map(r => ({
+        name: (0, sanitize_1.sanitizeField)(r.displayName),
+        role: r.role,
+    }));
+    const nameWidth = Math.max(...sanitized.map(r => r.name.length));
+    return sanitized.map(r => `${r.name.padEnd(nameWidth, ' ')}  ${r.role}`);
 }
 async function docShareList(docRef) {
     if (!docRef) {
@@ -25,8 +29,7 @@ async function docShareList(docRef) {
         console.error('Error: not logged in. Run `lumo auth login` first.');
         return 1;
     }
-    const envUrl = process.env.LUMO_API_URL?.trim();
-    const apiUrl = envUrl && envUrl.length > 0 ? envUrl : creds.apiUrl;
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
     const docId = await (0, resolve_doc_id_1.lookupDocId)(apiUrl, creds.token, docRef);
     if (!docId) {
         console.error(`Error: Document not found: ${docRef}`);
@@ -43,7 +46,7 @@ async function docShareList(docRef) {
     ]);
     if (!sharesRes.ok) {
         const text = await sharesRes.text();
-        console.error(`Error: ${sharesRes.status} ${sharesRes.statusText}: ${text}`);
+        console.error(`Error: ${sharesRes.status} ${sharesRes.statusText}: ${(0, sanitize_1.sanitizeField)(text)}`);
         return 1;
     }
     const { shares } = (await sharesRes.json());

package/dist/cli/src/commands/doc-share.js

@@ -6,6 +6,7 @@ const config_1 = require("../lib/config");
 const api_1 = require("../lib/api");
 const resolve_doc_id_1 = require("../lib/resolve-doc-id");
 const resolve_member_1 = require("../lib/resolve-member");
+const sanitize_1 = require("../lib/sanitize");
 const ALLOWED_ROLES = ['VIEWER', 'EDITOR', 'MANAGER'];
 function normalizeRole(value) {
     if (!value)
@@ -34,8 +35,7 @@ async function docShare(docRef, memberRef, opts) {
         console.error('Error: not logged in. Run `lumo auth login` first.');
         return 1;
     }
-    const envUrl = process.env.LUMO_API_URL?.trim();
-    const apiUrl = envUrl && envUrl.length > 0 ? envUrl : creds.apiUrl;
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
     const docId = await (0, resolve_doc_id_1.lookupDocId)(apiUrl, creds.token, docRef);
     if (!docId) {
         console.error(`Error: Document not found: ${docRef}`);
@@ -55,7 +55,9 @@ async function docShare(docRef, memberRef, opts) {
         return 1;
     }
     if (result.kind === 'ambiguous') {
-        const list = result.candidates.map(c => c.email ?? c.displayName).join(', ');
+        const list = result.candidates
+            .map(c => (0, sanitize_1.sanitizeField)(c.email ?? c.displayName))
+            .join(', ');
         console.error(`Error: multiple members match "${result.query}": ${list}`);
         return 1;
     }
@@ -70,8 +72,8 @@ async function docShare(docRef, memberRef, opts) {
     });
     if (!res.ok) {
         const text = await res.text();
-        console.error(`Error: ${res.status} ${res.statusText}: ${text}`);
+        console.error(`Error: ${res.status} ${res.statusText}: ${(0, sanitize_1.sanitizeField)(text)}`);
         return 1;
     }
-    console.log(`Shared ${docId} ↔ ${result.member.displayName} (${role})`);
+    console.log(`Shared ${docId} ↔ ${(0, sanitize_1.sanitizeField)(result.member.displayName)} (${role})`);
 }

package/dist/cli/src/commands/doc-show.js

@@ -6,6 +6,7 @@ const config_1 = require("../lib/config");
 const api_1 = require("../lib/api");
 const markdown_tiptap_1 = require("../lib/markdown-tiptap");
 const resolve_doc_id_1 = require("../lib/resolve-doc-id");
+const sanitize_1 = require("../lib/sanitize");
 function scopeLabel(s) {
     if (s === 'PRIVATE')
         return 'personal';
@@ -16,15 +17,15 @@ function scopeLabel(s) {
 function formatShowOutput(vm) {
     const lines = [
         `ID: ${vm.id}`,
-        `Title: ${vm.title}`,
+        `Title: ${(0, sanitize_1.sanitizeField)(vm.title)}`,
         `Scope: ${scopeLabel(vm.scope)}`,
-        `Project: ${vm.projectName ?? '-'}`,
+        `Project: ${vm.projectName ? (0, sanitize_1.sanitizeField)(vm.projectName) : '-'}`,
         `Created: ${vm.createdAt}`,
         `Updated: ${vm.updatedAt}`,
         `Mentioned tasks: ${vm.mentionedTasks.length ? vm.mentionedTasks.join(', ') : '-'}`,
     ];
     const header = lines.join('\n');
-    return vm.bodyMarkdown ? `${header}\n\n${vm.bodyMarkdown}` : header;
+    return vm.bodyMarkdown ? `${header}\n\n${(0, sanitize_1.sanitizeField)(vm.bodyMarkdown)}` : header;
 }
 async function docShow(reference) {
     if (!reference) {
@@ -36,8 +37,7 @@ async function docShow(reference) {
         console.error('Error: not logged in. Run `lumo auth login` first.');
         return 1;
     }
-    const envUrl = process.env.LUMO_API_URL?.trim();
-    const apiUrl = envUrl && envUrl.length > 0 ? envUrl : creds.apiUrl;
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
     const id = await (0, resolve_doc_id_1.lookupDocId)(apiUrl, creds.token, reference);
     if (!id) {
         console.error(`Error: Document not found: ${reference}`);
@@ -48,7 +48,7 @@ async function docShow(reference) {
     });
     if (!res.ok) {
         const text = await res.text();
-        console.error(`Error: ${res.status} ${res.statusText}: ${text}`);
+        console.error(`Error: ${res.status} ${res.statusText}: ${(0, sanitize_1.sanitizeField)(text)}`);
         return 1;
     }
     // The exact shape of the GET response is not guaranteed; defensively unwrap.

package/dist/cli/src/commands/doc-sync.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatSyncedLine = formatSyncedLine;
+exports.docSync = docSync;
+const config_1 = require("../lib/config");
+const api_1 = require("../lib/api");
+const resolve_doc_id_1 = require("../lib/resolve-doc-id");
+const sanitize_1 = require("../lib/sanitize");
+function formatSyncedLine(doc) {
+    const escaped = (0, sanitize_1.sanitizeField)(doc.title).replace(/"/g, '\\"');
+    return `Synced ${doc.id} "${escaped}" from Google`;
+}
+async function docSync(reference) {
+    const creds = (0, config_1.readCredentials)();
+    if (!creds) {
+        console.error('Error: not logged in. Run `lumo auth login` first.');
+        return 1;
+    }
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
+    const base = (0, api_1.trimTrailingSlash)(apiUrl);
+    const docId = await (0, resolve_doc_id_1.lookupDocId)(apiUrl, creds.token, reference);
+    if (!docId) {
+        console.error(`Error: doc not found: ${reference}`);
+        return 1;
+    }
+    let res;
+    try {
+        res = await fetch(`${base}/api/documents/${docId}/sync-google`, {
+            method: 'POST',
+            headers: { Authorization: `Bearer ${creds.token}` },
+        });
+    }
+    catch (err) {
+        console.error(`Error: network failure: ${err.message}`);
+        return 1;
+    }
+    if (!res.ok) {
+        const text = await res.text();
+        console.error(`Error: ${res.status} ${res.statusText}: ${(0, sanitize_1.sanitizeField)(text)}`);
+        return 1;
+    }
+    const { document } = (await res.json());
+    console.log(formatSyncedLine(document));
+}

package/dist/cli/src/commands/doc-unbind.js

@@ -4,6 +4,7 @@ exports.docUnbind = docUnbind;
 const config_1 = require("../lib/config");
 const api_1 = require("../lib/api");
 const resolve_doc_id_1 = require("../lib/resolve-doc-id");
+const sanitize_1 = require("../lib/sanitize");
 async function docUnbind(docRef, task) {
     if (!docRef || !task) {
         console.error('Error: usage: lumo doc unbind <doc> <task>');
@@ -14,8 +15,7 @@ async function docUnbind(docRef, task) {
         console.error('Error: not logged in. Run `lumo auth login` first.');
         return 1;
     }
-    const envUrl = process.env.LUMO_API_URL?.trim();
-    const apiUrl = envUrl && envUrl.length > 0 ? envUrl : creds.apiUrl;
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
     const docId = await (0, resolve_doc_id_1.lookupDocId)(apiUrl, creds.token, docRef);
     if (!docId) {
         console.error(`Error: Document not found: ${docRef}`);
@@ -29,12 +29,12 @@ async function docUnbind(docRef, task) {
     });
     if (res.status === 409) {
         const { error } = (await res.json());
-        console.error(`Error: ${error}`);
+        console.error(`Error: ${(0, sanitize_1.sanitizeField)(error)}`);
         return 1;
     }
     if (!res.ok) {
         const text = await res.text();
-        console.error(`Error: ${res.status} ${res.statusText}: ${text}`);
+        console.error(`Error: ${res.status} ${res.statusText}: ${(0, sanitize_1.sanitizeField)(text)}`);
         return 1;
     }
     const data = (await res.json());

package/dist/cli/src/commands/doc-unshare.js

@@ -5,6 +5,7 @@ const config_1 = require("../lib/config");
 const api_1 = require("../lib/api");
 const resolve_doc_id_1 = require("../lib/resolve-doc-id");
 const resolve_member_1 = require("../lib/resolve-member");
+const sanitize_1 = require("../lib/sanitize");
 async function docUnshare(docRef, memberRef) {
     if (!docRef || !memberRef) {
         console.error('Error: usage: lumo doc unshare <doc> <member>');
@@ -15,8 +16,7 @@ async function docUnshare(docRef, memberRef) {
         console.error('Error: not logged in. Run `lumo auth login` first.');
         return 1;
     }
-    const envUrl = process.env.LUMO_API_URL?.trim();
-    const apiUrl = envUrl && envUrl.length > 0 ? envUrl : creds.apiUrl;
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
     const docId = await (0, resolve_doc_id_1.lookupDocId)(apiUrl, creds.token, docRef);
     if (!docId) {
         console.error(`Error: Document not found: ${docRef}`);
@@ -36,7 +36,9 @@ async function docUnshare(docRef, memberRef) {
         return 1;
     }
     if (result.kind === 'ambiguous') {
-        const list = result.candidates.map(c => c.email ?? c.displayName).join(', ');
+        const list = result.candidates
+            .map(c => (0, sanitize_1.sanitizeField)(c.email ?? c.displayName))
+            .join(', ');
         console.error(`Error: multiple members match "${result.query}": ${list}`);
         return 1;
     }
@@ -48,13 +50,13 @@ async function docUnshare(docRef, memberRef) {
     });
     if (!listRes.ok) {
         const text = await listRes.text();
-        console.error(`Error: ${listRes.status} ${listRes.statusText}: ${text}`);
+        console.error(`Error: ${listRes.status} ${listRes.statusText}: ${(0, sanitize_1.sanitizeField)(text)}`);
         return 1;
     }
     const { shares } = (await listRes.json());
     const row = shares.find(s => s.member.id === result.member.memberId);
     if (!row) {
-        console.log(`Not shared with ${result.member.displayName}`);
+        console.log(`Not shared with ${(0, sanitize_1.sanitizeField)(result.member.displayName)}`);
         return;
     }
     const delUrl = `${(0, api_1.trimTrailingSlash)(apiUrl)}/api/documents/${docId}/shares/${row.id}`;
@@ -64,8 +66,8 @@ async function docUnshare(docRef, memberRef) {
     });
     if (!delRes.ok) {
         const text = await delRes.text();
-        console.error(`Error: ${delRes.status} ${delRes.statusText}: ${text}`);
+        console.error(`Error: ${delRes.status} ${delRes.statusText}: ${(0, sanitize_1.sanitizeField)(text)}`);
         return 1;
     }
-    console.log(`Unshared ${docId} ↔ ${result.member.displayName}`);
+    console.log(`Unshared ${docId} ↔ ${(0, sanitize_1.sanitizeField)(result.member.displayName)}`);
 }

package/dist/cli/src/commands/doc-update.js

@@ -8,11 +8,12 @@ const doc_input_1 = require("../lib/doc-input");
 const doc_create_1 = require("./doc-create");
 const resolve_doc_id_1 = require("../lib/resolve-doc-id");
 const tag_resolver_1 = require("../lib/tag-resolver");
+const sanitize_1 = require("../lib/sanitize");
 function formatUpdatedDocLine(doc) {
-    const escaped = doc.title.replace(/"/g, '\\"');
+    const escaped = (0, sanitize_1.sanitizeField)(doc.title).replace(/"/g, '\\"');
     const head = `Updated ${doc.id} "${escaped}"  ${doc.url}`;
     if (doc.tags && doc.tags.length > 0) {
-        return `${head}\nTags: ${doc.tags.join(', ')}`;
+        return `${head}\nTags: ${doc.tags.map(sanitize_1.sanitizeField).join(', ')}`;
     }
     return head;
 }
@@ -26,8 +27,7 @@ async function docUpdate(reference, opts) {
         console.error('Error: not logged in. Run `lumo auth login` first.');
         return 1;
     }
-    const envUrl = process.env.LUMO_API_URL?.trim();
-    const apiUrl = envUrl && envUrl.length > 0 ? envUrl : creds.apiUrl;
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
     // CLI-side mutex check: --tag/--tag-id (bulk replace) vs --add-tag/--add-tag-id/--remove-tag/--remove-tag-id (incremental)
     const hasBulk = (opts.tag && opts.tag.length > 0) || (opts.tagId && opts.tagId.length > 0);
     const hasIncremental = (opts.addTag && opts.addTag.length > 0) ||
@@ -122,7 +122,7 @@ async function docUpdate(reference, opts) {
     });
     if (!res.ok) {
         const text = await res.text();
-        console.error(`Error: ${res.status} ${res.statusText}: ${text}`);
+        console.error(`Error: ${res.status} ${res.statusText}: ${(0, sanitize_1.sanitizeField)(text)}`);
         return 1;
     }
     const { document } = (await res.json());

package/dist/cli/src/commands/hook.js

@@ -11,9 +11,9 @@ const hook_log_1 = require("../lib/hook-log");
  * if `runHook` someday throws (it currently never does), Claude Code is
  * not disrupted.
  */
-async function hookCommand(path) {
+async function hookCommand(path, agentToken) {
     try {
-        await (0, hook_runner_1.runHook)(path);
+        await (0, hook_runner_1.runHook)(path, agentToken);
     }
     catch (err) {
         (0, hook_log_1.logHookError)(`[${path}] dispatcher`, err);

package/dist/cli/src/commands/memory-project-add.js

@@ -0,0 +1,86 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.memoryProjectAdd = memoryProjectAdd;
+const config_1 = require("../lib/config");
+const api_1 = require("../lib/api");
+const sanitize_1 = require("../lib/sanitize");
+const memory_content_1 = require("../lib/memory-content");
+const resolve_1 = require("../lib/resolve");
+const resolve_bound_task_1 = require("../lib/resolve-bound-task");
+const resolve_project_1 = require("../lib/resolve-project");
+const agent_1 = require("../lib/agent");
+async function memoryProjectAdd(refArg, options) {
+    if (!options.category) {
+        console.error('Error: --category <trap|decision|convention|procedural> is required.');
+        return 1;
+    }
+    const built = (0, memory_content_1.buildMemoryContent)(options.category, options);
+    if (!built.ok) {
+        console.error(`Error: ${built.error}`);
+        return 1;
+    }
+    let agent;
+    const agentRaw = options.agent?.trim();
+    if (agentRaw) {
+        const normalized = (0, agent_1.normalizeAgent)(agentRaw);
+        if (!normalized) {
+            console.error(`Error: invalid --agent "${agentRaw}". Valid values: ${agent_1.VALID_AGENT_TOKENS.join(', ')}.`);
+            return 1;
+        }
+        agent = normalized;
+    }
+    const creds = (0, config_1.readCredentials)();
+    if (!creds) {
+        console.error('Error: not logged in. Run `lumo auth login` first.');
+        return 1;
+    }
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
+    const base = (0, api_1.trimTrailingSlash)(apiUrl);
+    let projectId;
+    let echoSuffix = '';
+    if (refArg) {
+        projectId = await (0, resolve_1.resolveProjectId)(base, creds.token, refArg);
+    }
+    else {
+        const bound = await (0, resolve_bound_task_1.resolveBoundTaskIdentifier)(apiUrl, creds.token);
+        if (!bound) {
+            console.error('Error: no <project-ref> given and no task bound to this session.\nPass a project, or run `lumo session attach <LUM-N>`.');
+            return 1;
+        }
+        const r = await (0, resolve_project_1.resolveBoundProjectId)(apiUrl, creds.token, bound);
+        if (!r.ok) {
+            console.error(`Error: ${r.error}`);
+            return 1;
+        }
+        projectId = r.id;
+        echoSuffix = ` (project of bound task ${bound})`;
+    }
+    let res;
+    try {
+        res = await fetch(`${base}/api/projects/${encodeURIComponent(projectId)}/memories`, {
+            method: 'POST',
+            headers: { Authorization: `Bearer ${creds.token}`, 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                category: built.category,
+                content: built.content,
+                ...(agent ? { agent } : {}),
+            }),
+        });
+    }
+    catch (err) {
+        console.error(`Error: could not reach Lumo API at ${apiUrl} (${err instanceof Error ? err.message : String(err)})`);
+        return 1;
+    }
+    if (res.status !== 201) {
+        let m = null;
+        try {
+            const b = (await res.json());
+            if (typeof b.error === 'string')
+                m = b.error;
+        }
+        catch { /* */ }
+        console.error(m ? `Error: ${(0, sanitize_1.sanitizeField)(m)}` : `Error: memory add failed (HTTP ${res.status})`);
+        return 1;
+    }
+    process.stdout.write(`Added ${built.category} PROJECT memory${echoSuffix}\n`);
+}

package/dist/cli/src/commands/memory-project-list.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.memoryProjectList = memoryProjectList;
+const config_1 = require("../lib/config");
+const api_1 = require("../lib/api");
+const memory_content_1 = require("../lib/memory-content");
+const resolve_1 = require("../lib/resolve");
+const resolve_bound_task_1 = require("../lib/resolve-bound-task");
+const resolve_project_1 = require("../lib/resolve-project");
+async function memoryProjectList(refArg, options) {
+    const limit = options.limit !== undefined ? parseInt(options.limit, 10) : undefined;
+    if (limit !== undefined && (Number.isNaN(limit) || limit < 1)) {
+        console.error(`Error: invalid --limit "${options.limit}" (expected a positive integer)`);
+        return 1;
+    }
+    const creds = (0, config_1.readCredentials)();
+    if (!creds) {
+        console.error('Error: not logged in. Run `lumo auth login` first.');
+        return 1;
+    }
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
+    const base = (0, api_1.trimTrailingSlash)(apiUrl);
+    let projectId;
+    if (refArg) {
+        projectId = await (0, resolve_1.resolveProjectId)(base, creds.token, refArg);
+    }
+    else {
+        const bound = await (0, resolve_bound_task_1.resolveBoundTaskIdentifier)(apiUrl, creds.token);
+        if (!bound) {
+            console.error('Error: no <project-ref> given and no task bound to this session.\nPass a project, or run `lumo session attach <LUM-N>`.');
+            return 1;
+        }
+        const r = await (0, resolve_project_1.resolveBoundProjectId)(apiUrl, creds.token, bound);
+        if (!r.ok) {
+            console.error(`Error: ${r.error}`);
+            return 1;
+        }
+        projectId = r.id;
+    }
+    let res;
+    try {
+        res = await fetch(`${base}/api/projects/${encodeURIComponent(projectId)}/memories`, { headers: { Authorization: `Bearer ${creds.token}` } });
+    }
+    catch (err) {
+        console.error(`Error: could not reach Lumo API at ${apiUrl} (${err instanceof Error ? err.message : String(err)})`);
+        return 1;
+    }
+    if (!res.ok) {
+        console.error(`Error: memory list failed (HTTP ${res.status})`);
+        return 1;
+    }
+    let rows = (await res.json()).memories;
+    if (options.category)
+        rows = rows.filter(m => m.category.toLowerCase() === options.category.toLowerCase());
+    if (limit !== undefined)
+        rows = rows.slice(0, limit);
+    process.stdout.write((0, memory_content_1.formatMemoryList)(rows) + '\n');
+}

package/dist/cli/src/commands/memory-promote.js

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.memoryPromote = memoryPromote;
+const config_1 = require("../lib/config");
+const api_1 = require("../lib/api");
+const sanitize_1 = require("../lib/sanitize");
+async function memoryPromote(memoryId) {
+    if (!memoryId) {
+        console.error('Error: missing <memoryId>. Usage: lumo memory promote <memoryId>');
+        return 1;
+    }
+    const creds = (0, config_1.readCredentials)();
+    if (!creds) {
+        console.error('Error: not logged in. Run `lumo auth login` first.');
+        return 1;
+    }
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
+    const base = (0, api_1.trimTrailingSlash)(apiUrl);
+    let res;
+    try {
+        res = await fetch(`${base}/api/memories/${encodeURIComponent(memoryId)}`, {
+            method: 'PATCH',
+            headers: { Authorization: `Bearer ${creds.token}`, 'Content-Type': 'application/json' },
+            body: JSON.stringify({ scope: 'PROJECT' }),
+        });
+    }
+    catch (err) {
+        console.error(`Error: could not reach Lumo API at ${apiUrl} (${err instanceof Error ? err.message : String(err)})`);
+        return 1;
+    }
+    if (res.status === 404) {
+        console.error(`Error: memory ${memoryId} not found`);
+        return 1;
+    }
+    if (res.status === 409) {
+        console.error('Error: this memory is already project-scoped.');
+        return 1;
+    }
+    if (res.status !== 200) {
+        let m = null;
+        try {
+            const b = (await res.json());
+            if (typeof b.error === 'string')
+                m = b.error;
+        }
+        catch { /* */ }
+        console.error(m ? `Error: ${(0, sanitize_1.sanitizeField)(m)}` : `Error: promote failed (HTTP ${res.status})`);
+        return 1;
+    }
+    process.stdout.write(`Promoted ${memoryId} to PROJECT — every agent on this project now sees it.\n` +
+        'Promote only lessons that recur across 2+ tasks.\n');
+}

package/dist/cli/src/commands/memory-rm.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.memoryRm = memoryRm;
+const config_1 = require("../lib/config");
+const api_1 = require("../lib/api");
+async function memoryRm(memoryId, options) {
+    if (!memoryId) {
+        console.error('Error: missing <memoryId>. Usage: lumo memory rm <memoryId> --yes');
+        return 1;
+    }
+    if (!options.yes) {
+        console.error('Error: refusing to delete without --yes. Re-run with --yes to confirm.');
+        return 1;
+    }
+    const creds = (0, config_1.readCredentials)();
+    if (!creds) {
+        console.error('Error: not logged in. Run `lumo auth login` first.');
+        return 1;
+    }
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
+    const base = (0, api_1.trimTrailingSlash)(apiUrl);
+    let res;
+    try {
+        res = await fetch(`${base}/api/memories/${encodeURIComponent(memoryId)}`, {
+            method: 'DELETE',
+            headers: { Authorization: `Bearer ${creds.token}` },
+        });
+    }
+    catch (err) {
+        console.error(`Error: could not reach Lumo API at ${apiUrl} (${err instanceof Error ? err.message : String(err)})`);
+        return 1;
+    }
+    if (res.status === 404) {
+        console.error(`Error: memory ${memoryId} not found`);
+        return 1;
+    }
+    if (res.status !== 204) {
+        console.error(`Error: delete failed (HTTP ${res.status})`);
+        return 1;
+    }
+    process.stdout.write(`Deleted memory ${memoryId}\n`);
+}