@lumoai/cli 1.4.0 → 1.5.1

package/dist/cli/src/index.js

@@ -55,11 +55,22 @@ const task_figma_add_1 = require("./commands/task-figma-add");
 const task_figma_list_1 = require("./commands/task-figma-list");
 const task_figma_rm_1 = require("./commands/task-figma-rm");
 const task_figma_refresh_1 = require("./commands/task-figma-refresh");
+const memory_task_list_1 = require("./commands/memory-task-list");
+const memory_task_add_1 = require("./commands/memory-task-add");
+const memory_project_list_1 = require("./commands/memory-project-list");
+const memory_project_add_1 = require("./commands/memory-project-add");
+const memory_promote_1 = require("./commands/memory-promote");
+const memory_rm_1 = require("./commands/memory-rm");
 const task_artifact_add_1 = require("./commands/task-artifact-add");
 const task_artifact_list_1 = require("./commands/task-artifact-list");
 const task_artifact_show_1 = require("./commands/task-artifact-show");
 const task_artifact_rm_1 = require("./commands/task-artifact-rm");
 const task_artifact_update_1 = require("./commands/task-artifact-update");
+const task_slack_show_1 = require("./commands/task-slack-show");
+const task_web_show_1 = require("./commands/task-web-show");
+const task_figma_context_1 = require("./commands/task-figma-context");
+const task_comment_list_1 = require("./commands/task-comment-list");
+const task_pr_show_1 = require("./commands/task-pr-show");
 const project_list_1 = require("./commands/project-list");
 const milestone_list_1 = require("./commands/milestone-list");
 const milestone_create_1 = require("./commands/milestone-create");
@@ -77,6 +88,8 @@ const sprint_summary_1 = require("./commands/sprint-summary");
 const sprint_add_1 = require("./commands/sprint-add");
 const sprint_remove_1 = require("./commands/sprint-remove");
 const doc_create_1 = require("./commands/doc-create");
+const doc_import_gdoc_1 = require("./commands/doc-import-gdoc");
+const doc_sync_1 = require("./commands/doc-sync");
 const doc_update_1 = require("./commands/doc-update");
 const doc_show_1 = require("./commands/doc-show");
 const doc_list_1 = require("./commands/doc-list");
@@ -90,6 +103,7 @@ const doc_move_1 = require("./commands/doc-move");
 const update_1 = require("./commands/update");
 const setup_1 = require("./commands/setup");
 const update_check_1 = require("./lib/update-check");
+const sanitize_1 = require("./lib/sanitize");
 // Resolve package.json relative to __dirname so this works regardless of how
 // deep the compiled output ends up (flat dist/ or nested dist/cli/src/).
 const pkg = require(path.resolve(__dirname, '../../..', 'package.json'));
@@ -132,7 +146,7 @@ function wrap(fn) {
         }
         catch (err) {
             const msg = err instanceof Error ? err.message : String(err);
-            console.error(`Error: ${msg}`);
+            console.error(`Error: ${(0, sanitize_1.sanitizeField)(msg)}`);
             process.exit(1);
         }
     };
@@ -164,6 +178,7 @@ program
     .option('--user', 'Install into ~/.claude (applies across all projects for this user)')
     .option('--project', 'Install into ./.claude (applies to the current project only)')
     .option('--force', 'Overwrite an existing SKILL.md when its contents differ from the bundled version')
+    .option('--agent <token>', 'Coding agent these hooks run under (claude-code, codex, cursor, gemini-cli, github-copilot, windsurf). Baked into every hook command. Defaults to claude-code.')
     .action(wrap(options => (0, setup_1.setup)(options)));
 const session = program
     .command('session')
@@ -237,6 +252,66 @@ taskFigma
     .command('refresh <task>')
     .description('Re-fetch Figma metadata + thumbnail for every link on this task. Per-link failures isolated.')
     .action(wrap((taskId) => (0, task_figma_refresh_1.taskFigmaRefresh)({ identifier: taskId })));
+// Tier-2 retrieval commands (LUM-122). `task context` prints the matching
+// command at the end of each cheap inline card; the agent runs it to pull the
+// full content on demand.
+const taskSlack = task.command('slack').description('Inspect Slack context');
+taskSlack
+    .command('show <identifier> <contextId>')
+    .description('Show the full stored Slack thread snapshot')
+    .action(wrap((id, ctx) => (0, task_slack_show_1.taskSlackShow)(id, ctx)));
+const taskWeb = task.command('web').description('Inspect web link content');
+taskWeb
+    .command('show <identifier> <linkId>')
+    .description('Show the fetched web link body as plain text')
+    .action(wrap((id, link) => (0, task_web_show_1.taskWebShow)(id, link)));
+// taskFigma already exists above → attach the context leaf to it.
+taskFigma
+    .command('context <identifier> <linkId>')
+    .description('Show the cached Figma design context (metadata)')
+    .action(wrap((id, link) => (0, task_figma_context_1.taskFigmaContext)(id, link)));
+// Plural `comments` parent: `task comment <id> <body>` already exists for
+// adding a comment, and commander disallows a duplicate name.
+const taskComments = task
+    .command('comments')
+    .description('Inspect the full task comment thread');
+taskComments
+    .command('list <identifier>')
+    .description('List the full task comment thread')
+    .action(wrap(id => (0, task_comment_list_1.taskCommentList)(id)));
+const taskPr = task.command('pr').description('Inspect linked PRs');
+taskPr
+    .command('show <identifier> <number>')
+    .description('Show the synced PR record (diff/review comments when available)')
+    .action(wrap((id, num) => (0, task_pr_show_1.taskPrShow)(id, num)));
+const taskMemory = task
+    .command('memory')
+    .description('View and record memories scoped to a task');
+taskMemory
+    .command('list [task]')
+    .description("List a task's memories. <task> defaults to the session-bound task.")
+    .option('--category <cat>', 'Filter by trap|decision|convention|procedural')
+    .option('-n, --limit <count>', 'Cap output to the first N rows')
+    .action(wrap((taskArg, opts) => (0, memory_task_list_1.memoryTaskList)(taskArg, opts)));
+taskMemory
+    .command('add [task]')
+    .description('Record a memory on a task (<task> defaults to the bound session). ' +
+    'Record only knowledge invisible in the codebase (the why, a runtime gotcha, a non-obvious failure, a non-trivial workflow); skip routine work. ' +
+    'Pick --category then its fields.')
+    .requiredOption('--category <cat>', 'trap | decision | convention | procedural')
+    .option('--trigger <text>', 'trap/procedural: the situation that triggers it')
+    .option('--outcome <text>', 'trap: what goes wrong')
+    .option('--workaround <text>', 'trap: optional fix')
+    .option('--what <text>', 'decision: the decision')
+    .option('--why <text>', 'decision: rationale')
+    .option('--alternatives <text>', 'decision: optional alternatives considered')
+    .option('--implications <text>', 'decision: optional implications')
+    .option('--rule <text>', 'convention: the rule')
+    .option('--applies <text>', 'convention: where the rule applies')
+    .option('--workflow <text>', 'procedural: the workflow name')
+    .option('--step <text>', 'procedural: a step (repeatable)', collect, [])
+    .option('--agent <agent>', 'Producing agent: claude-code | codex | cursor | gemini-cli | github-copilot | windsurf (default claude-code)')
+    .action(wrap((taskArg, opts) => (0, memory_task_add_1.memoryTaskAdd)(taskArg, opts)));
 const taskArtifact = task
     .command('artifact')
     .description('Record spec-engineering artifacts (spec / plan / design …) on a task');
@@ -247,6 +322,7 @@ taskArtifact
     .requiredOption('--title <title>', 'Artifact title')
     .requiredOption('--file <path>', 'File whose contents become the artifact body')
     .requiredOption('--source <source>', 'Spec-gen framework, formal name e.g. Superpowers | "Spec Kit" | BMad | OpenSpec | GSD (opaque; quote names with spaces)')
+    .requiredOption('--agent <agent>', 'Coding tool that produced the artifact: claude-code | codex | cursor | gemini-cli | github-copilot | windsurf')
     .action(wrap((taskId, options) => (0, task_artifact_add_1.taskArtifactAdd)(taskId, options)));
 taskArtifact
     .command('update <task> <artifact-id>')
@@ -254,6 +330,7 @@ taskArtifact
     .option('--kind <kind>', 'New artifact kind (opaque)')
     .option('--title <title>', 'New artifact title')
     .option('--source <source>', 'New spec-gen framework, formal name e.g. Superpowers | "Spec Kit" | BMad | OpenSpec | GSD (quote names with spaces)')
+    .option('--agent <agent>', 'New coding tool: claude-code | codex | cursor | gemini-cli | github-copilot | windsurf')
     .action(wrap((taskId, artifactId, options) => (0, task_artifact_update_1.taskArtifactUpdate)(taskId, artifactId, options)));
 taskArtifact
     .command('list <task>')
@@ -275,6 +352,44 @@ projectCmd
     .command('list')
     .description('List projects in the current workspace. Slug column matches `task create --project <ref>`.')
     .action(wrap(() => (0, project_list_1.projectList)()));
+const projectMemory = projectCmd
+    .command('memory')
+    .description('View and record PROJECT-scope memories');
+projectMemory
+    .command('list [project]')
+    .description("List a project's PROJECT-scope memories. <project> defaults to the bound task's project.")
+    .option('--category <cat>', 'Filter by trap|decision|convention|procedural')
+    .option('-n, --limit <count>', 'Cap output to the first N rows')
+    .action(wrap((p, opts) => (0, memory_project_list_1.memoryProjectList)(p, opts)));
+projectMemory
+    .command('add [project]')
+    .description("Record a PROJECT-scope memory. Use PROJECT scope only when the lesson helps any task in the project. <project> defaults to the bound task's project.")
+    .requiredOption('--category <cat>', 'trap | decision | convention | procedural')
+    .option('--trigger <text>', 'trap/procedural trigger')
+    .option('--outcome <text>', 'trap outcome')
+    .option('--workaround <text>', 'trap optional workaround')
+    .option('--what <text>', 'decision')
+    .option('--why <text>', 'decision rationale')
+    .option('--alternatives <text>', 'decision optional alternatives')
+    .option('--implications <text>', 'decision optional implications')
+    .option('--rule <text>', 'convention rule')
+    .option('--applies <text>', 'convention: where it applies')
+    .option('--workflow <text>', 'procedural workflow')
+    .option('--step <text>', 'procedural step (repeatable)', collect, [])
+    .option('--agent <agent>', 'Producing agent: claude-code | codex | cursor | gemini-cli | github-copilot | windsurf (default claude-code)')
+    .action(wrap((p, opts) => (0, memory_project_add_1.memoryProjectAdd)(p, opts)));
+const memoryCmd = program
+    .command('memory')
+    .description('Operate on a single memory by id (see `lumo task memory` / `lumo project memory` to list/add)');
+memoryCmd
+    .command('promote <memoryId>')
+    .description('Promote a TASK memory to PROJECT scope. Only when the lesson recurs across 2+ tasks.')
+    .action(wrap((id) => (0, memory_promote_1.memoryPromote)(id)));
+memoryCmd
+    .command('rm <memoryId>')
+    .description('Delete a memory (hard delete). Requires --yes.')
+    .option('--yes', 'Confirm deletion')
+    .action(wrap((id, opts) => (0, memory_rm_1.memoryRm)(id, opts)));
 const milestoneCmd = program
     .command('milestone')
     .description('Inspect milestones from the terminal');
@@ -391,6 +506,16 @@ doc
     .option('--tag <name>', 'Attach tag by name (repeatable)', collect, [])
     .option('--tag-id <cuid>', 'Attach tag by id (repeatable)', collect, [])
     .action(wrap((title, opts) => (0, doc_create_1.docCreate)(title, opts)));
+doc
+    .command('import-gdoc <url>')
+    .description('Import a Google Doc as a Lumo doc (one-way Google → Lumo)')
+    .option('--scope <scope>', 'personal | workspace (default: personal)')
+    .option('--task <LUM-N>', 'Bind the imported doc to this task')
+    .action(wrap((url, opts) => (0, doc_import_gdoc_1.docImportGdoc)(url, opts)));
+doc
+    .command('sync <doc>')
+    .description('Re-sync a Google-imported doc (overwrites the Lumo body)')
+    .action(wrap(ref => (0, doc_sync_1.docSync)(ref)));
 doc
     .command('update <doc>')
     .description('Update an existing document. <doc> accepts a cuid or a case-insensitive title (ambiguous titles fail with candidates). Replacement body comes from --content, --file, or piped stdin (pick one). --tag/--tag-id (bulk replace) cannot be combined with --add-tag/--add-tag-id/--remove-tag/--remove-tag-id.')
@@ -479,110 +604,122 @@ task
 const hook = program
     .command('hook')
     .description('Claude Code hook ingestion (invoked by settings.json, not humans)');
-hook
-    .command('pre-tool-use')
-    .description('Forward a PreToolUse hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('pre-tool-use')));
-hook
-    .command('post-tool-use')
-    .description('Forward a PostToolUse hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('post-tool-use')));
-hook
-    .command('post-tool-use-failure')
-    .description('Forward a PostToolUseFailure hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('post-tool-use-failure')));
-hook
-    .command('user-prompt-submit')
-    .description('Forward a UserPromptSubmit hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('user-prompt-submit')));
-hook
-    .command('stop')
-    .description('Forward a Stop hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('stop')));
-hook
-    .command('stop-failure')
-    .description('Forward a StopFailure hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('stop-failure')));
-hook
-    .command('permission-request')
-    .description('Forward a PermissionRequest hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('permission-request')));
-hook
-    .command('permission-denied')
-    .description('Forward a PermissionDenied hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('permission-denied')));
-hook
-    .command('session-start')
-    .description('Forward a SessionStart hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('session-start')));
-hook
-    .command('session-end')
-    .description('Forward a SessionEnd hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('session-end')));
-hook
-    .command('subagent-start')
-    .description('Forward a SubagentStart hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('subagent-start')));
-hook
-    .command('subagent-stop')
-    .description('Forward a SubagentStop hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('subagent-stop')));
-hook
-    .command('worktree-create')
-    .description('Forward a WorktreeCreate hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('worktree-create')));
-hook
-    .command('worktree-remove')
-    .description('Forward a WorktreeRemove hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('worktree-remove')));
-hook
-    .command('file-changed')
-    .description('Forward a FileChanged hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('file-changed')));
-hook
-    .command('config-change')
-    .description('Forward a ConfigChange hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('config-change')));
-hook
-    .command('task-created')
-    .description('Forward a TaskCreated hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('task-created')));
-hook
-    .command('task-completed')
-    .description('Forward a TaskCompleted hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('task-completed')));
-hook
-    .command('post-tool-batch')
-    .description('Forward a PostToolBatch hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('post-tool-batch')));
-hook
-    .command('user-prompt-expansion')
-    .description('Forward a UserPromptExpansion hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('user-prompt-expansion')));
-hook
-    .command('notification')
-    .description('Forward a Notification hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('notification')));
-hook
-    .command('elicitation')
-    .description('Forward an Elicitation hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('elicitation')));
-hook
-    .command('elicitation-result')
-    .description('Forward an ElicitationResult hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('elicitation-result')));
-hook
-    .command('cwd-changed')
-    .description('Forward a CwdChanged hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('cwd-changed')));
-hook
-    .command('instructions-loaded')
-    .description('Forward an InstructionsLoaded hook event to Lumo (reads JSON from stdin)')
-    .action(wrap(() => (0, hook_1.hookCommand)('instructions-loaded')));
+// Slug → help-text for every `lumo hook <slug>` subcommand. Each one accepts
+// an optional `--agent <token>` flag (baked into settings.json by `lumo setup
+// --agent <token>`); the value rides to the server as the X-Lumo-Agent header
+// so auto-sedimented memories are attributed to the agent that produced them.
+// Keep this list in sync with LUMO_HOOK_EVENTS (cli/src/lib/hooks-template.ts)
+// and the server-side HookEventType slugs.
+const HOOK_SUBCOMMANDS = [
+    [
+        'pre-tool-use',
+        'Forward a PreToolUse hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'post-tool-use',
+        'Forward a PostToolUse hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'post-tool-use-failure',
+        'Forward a PostToolUseFailure hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'user-prompt-submit',
+        'Forward a UserPromptSubmit hook event to Lumo (reads JSON from stdin)',
+    ],
+    ['stop', 'Forward a Stop hook event to Lumo (reads JSON from stdin)'],
+    [
+        'stop-failure',
+        'Forward a StopFailure hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'permission-request',
+        'Forward a PermissionRequest hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'permission-denied',
+        'Forward a PermissionDenied hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'session-start',
+        'Forward a SessionStart hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'session-end',
+        'Forward a SessionEnd hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'subagent-start',
+        'Forward a SubagentStart hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'subagent-stop',
+        'Forward a SubagentStop hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'worktree-create',
+        'Forward a WorktreeCreate hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'worktree-remove',
+        'Forward a WorktreeRemove hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'file-changed',
+        'Forward a FileChanged hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'config-change',
+        'Forward a ConfigChange hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'task-created',
+        'Forward a TaskCreated hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'task-completed',
+        'Forward a TaskCompleted hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'post-tool-batch',
+        'Forward a PostToolBatch hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'user-prompt-expansion',
+        'Forward a UserPromptExpansion hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'notification',
+        'Forward a Notification hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'elicitation',
+        'Forward an Elicitation hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'elicitation-result',
+        'Forward an ElicitationResult hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'cwd-changed',
+        'Forward a CwdChanged hook event to Lumo (reads JSON from stdin)',
+    ],
+    [
+        'instructions-loaded',
+        'Forward an InstructionsLoaded hook event to Lumo (reads JSON from stdin)',
+    ],
+];
+for (const [slug, description] of HOOK_SUBCOMMANDS) {
+    hook
+        .command(slug)
+        .description(description)
+        .option('--agent <token>', 'Coding agent that owns this session (e.g. claude-code, codex). Baked in by `lumo setup --agent`.')
+        .action(wrap((opts) => (0, hook_1.hookCommand)(slug, opts.agent)));
+}
 if (!isUpdateCheckWorker) {
     program.parseAsync(process.argv).catch(err => {
         const msg = err instanceof Error ? err.message : String(err);
-        console.error(`Error: ${msg}`);
+        console.error(`Error: ${(0, sanitize_1.sanitizeField)(msg)}`);
         process.exit(1);
     });
 }

package/dist/cli/src/lib/agent.js

@@ -0,0 +1,58 @@
+"use strict";
+/**
+ * CLI-local agent enum support. The CLI talks to the API over HTTP only and
+ * does not depend on @prisma/client, so the enum values + accepted tokens are
+ * mirrored here. Keep in sync with prisma `enum TaskArtifactAgent`.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VALID_AGENT_TOKENS = exports.ENUM_TO_TOKEN = exports.AGENT_LABELS = void 0;
+exports.normalizeAgent = normalizeAgent;
+/** enum value → display label (matches lib/i18n en.json taskArtifact.agent.*) */
+exports.AGENT_LABELS = {
+    CLAUDE_CODE: 'Claude Code',
+    CODEX: 'Codex',
+    CURSOR: 'Cursor',
+    GEMINI_CLI: 'Gemini CLI',
+    GITHUB_COPILOT: 'GitHub Copilot',
+    WINDSURF: 'Windsurf',
+};
+/** enum value → canonical CLI token (inverse of the non-alias TOKEN_TO_ENUM rows) */
+exports.ENUM_TO_TOKEN = {
+    CLAUDE_CODE: 'claude-code',
+    CODEX: 'codex',
+    CURSOR: 'cursor',
+    GEMINI_CLI: 'gemini-cli',
+    GITHUB_COPILOT: 'github-copilot',
+    WINDSURF: 'windsurf',
+};
+/** accepted CLI token (normalized) → enum value */
+const TOKEN_TO_ENUM = {
+    'claude-code': 'CLAUDE_CODE',
+    codex: 'CODEX',
+    cursor: 'CURSOR',
+    'gemini-cli': 'GEMINI_CLI',
+    gemini: 'GEMINI_CLI',
+    'github-copilot': 'GITHUB_COPILOT',
+    copilot: 'GITHUB_COPILOT',
+    windsurf: 'WINDSURF',
+};
+/** Canonical tokens shown in error/usage hints (aliases omitted). */
+exports.VALID_AGENT_TOKENS = [
+    'claude-code',
+    'codex',
+    'cursor',
+    'gemini-cli',
+    'github-copilot',
+    'windsurf',
+];
+/**
+ * Normalize a user-supplied agent string to its enum value, or null if
+ * unknown. Case-insensitive; spaces and underscores are treated as hyphens.
+ */
+function normalizeAgent(input) {
+    const key = input
+        .trim()
+        .toLowerCase()
+        .replace(/[\s_]+/g, '-');
+    return TOKEN_TO_ENUM[key] ?? null;
+}

package/dist/cli/src/lib/api.js

@@ -1,12 +1,92 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.assertSafeApiUrl = assertSafeApiUrl;
+exports.hostMismatchWarning = hostMismatchWarning;
+exports.resolveAuthedApiUrl = resolveAuthedApiUrl;
 exports.resolveApiUrl = resolveApiUrl;
 exports.trimTrailingSlash = trimTrailingSlash;
 exports.verifyToken = verifyToken;
 const DEFAULT_API_URL = 'https://www.uselumo.ai';
+// Hostnames allowed to use plaintext http:// — local dev only. Everything
+// else MUST be https:// so the Bearer token is never sent in the clear.
+// `URL.hostname` returns IPv6 literals wrapped in brackets, so `::1` appears
+// as `[::1]`.
+const LOCALHOST_HOSTNAMES = new Set([
+    'localhost',
+    '127.0.0.1',
+    '::1',
+    '[::1]',
+]);
+/**
+ * Throw if `url` is not a safe target for sending the API token.
+ *
+ * The CLI attaches a `Bearer` token (and the hook runner POSTs full session
+ * content) to whatever `LUMO_API_URL` resolves to. An attacker who can set
+ * that env var could otherwise exfiltrate the token / session stream by
+ * pointing it at their own host, or downgrade to http:// to sniff it in
+ * plaintext. We therefore require https://, with an http:// exception for
+ * localhost so local dev still works.
+ */
+function assertSafeApiUrl(url) {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        throw new Error(`Invalid LUMO_API_URL: "${url}" is not a valid URL`);
+    }
+    if (parsed.protocol === 'https:')
+        return;
+    if (parsed.protocol === 'http:' && LOCALHOST_HOSTNAMES.has(parsed.hostname)) {
+        return;
+    }
+    throw new Error(`Refusing to use insecure API URL "${url}": only https:// is allowed ` +
+        `(http:// permitted for localhost only). This protects your API token ` +
+        `and session data from being sent in plaintext or to an untrusted host.`);
+}
+/**
+ * Return a prominent warning when the resolved API host differs from the host
+ * the credentials were issued for, otherwise null. Compares hostname only
+ * (case-insensitive, courtesy of URL parsing). Used to warn-then-send: a host
+ * change is suspicious (possible token exfiltration) but intentional dev/env
+ * redirects are legitimate, so we surface it rather than block.
+ */
+function hostMismatchWarning(resolvedUrl, credsApiUrl) {
+    let resolvedHost;
+    let credsHost;
+    try {
+        resolvedHost = new URL(resolvedUrl).hostname;
+        credsHost = new URL(credsApiUrl).hostname;
+    }
+    catch {
+        return null;
+    }
+    if (resolvedHost === credsHost)
+        return null;
+    return (`⚠ LUMO_API_URL points at "${resolvedHost}" but your credentials were ` +
+        `issued for "${credsHost}". Your API token will be sent there. If you did ` +
+        `not set this, your token may be exfiltrated — unset LUMO_API_URL.`);
+}
+/**
+ * Resolve the API URL for an authenticated command: prefer a non-empty
+ * `LUMO_API_URL` override, else the baked-in `credsApiUrl`. The resolved URL
+ * is validated (throws on an insecure target) and any host-mismatch warning is
+ * routed to `opts.warn` (defaults to stderr via console.error).
+ */
+function resolveAuthedApiUrl(credsApiUrl, opts) {
+    const envUrl = process.env.LUMO_API_URL?.trim();
+    const apiUrl = envUrl && envUrl.length > 0 ? envUrl : credsApiUrl;
+    assertSafeApiUrl(apiUrl);
+    const warning = hostMismatchWarning(apiUrl, credsApiUrl);
+    if (warning)
+        (opts?.warn ?? ((m) => console.error(m)))(warning);
+    return apiUrl;
+}
 function resolveApiUrl() {
     const url = process.env.LUMO_API_URL?.trim();
-    return url && url.length > 0 ? url : DEFAULT_API_URL;
+    const resolved = url && url.length > 0 ? url : DEFAULT_API_URL;
+    assertSafeApiUrl(resolved);
+    return resolved;
 }
 function trimTrailingSlash(url) {
     return url.replace(/\/+$/, '');

package/dist/cli/src/lib/config.js

@@ -33,6 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.configDir = configDir;
 exports.credentialsPath = credentialsPath;
 exports.readCredentials = readCredentials;
 exports.writeCredentials = writeCredentials;
@@ -41,7 +42,7 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
 function configDir() {
-    return path.join(os.homedir(), '.lumo');
+    return process.env.LUMO_CONFIG_DIR || path.join(os.homedir(), '.lumo');
 }
 function credentialsPath() {
     return path.join(configDir(), 'credentials.json');

package/dist/cli/src/lib/doc-input.js

@@ -37,6 +37,7 @@ exports.resolveDocContent = resolveDocContent;
 exports.readStdinToString = readStdinToString;
 exports.readFileUtf8 = readFileUtf8;
 const fs = __importStar(require("fs"));
+const path_guard_1 = require("./path-guard");
 /**
  * Pick one of --content / --file / stdin as the markdown source.
  * Explicit flags win: if --content or --file is set, stdin is ignored
@@ -56,7 +57,17 @@ async function resolveDocContent(args) {
     if (hasContent)
         return { kind: 'ok', markdown: args.content };
     if (hasFile) {
-        const text = await args.readFile(args.file);
+        const check = (args.checkFilePath ?? path_guard_1.checkArtifactFilePath)(args.file);
+        if (!check.ok) {
+            return {
+                kind: 'error',
+                message: check.reason === 'unreadable'
+                    ? `could not read file ${args.file}`
+                    : `refusing to read ${args.file} — ${check.detail}. ` +
+                        `--file must be a non-sensitive path inside the project directory.`,
+            };
+        }
+        const text = await args.readFile(check.resolved);
         return { kind: 'ok', markdown: text };
     }
     if (!args.stdinIsTTY) {

package/dist/cli/src/lib/figma-api.js

@@ -18,7 +18,7 @@ async function call(path, init) {
     const creds = (0, config_1.readCredentials)();
     if (!creds)
         throw new Error('Not logged in. Run: lumo auth login');
-    const apiUrl = (0, api_1.resolveApiUrl)();
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
     const res = await fetch(`${(0, api_1.trimTrailingSlash)(apiUrl)}${path}`, {
         ...init,
         headers: {