@lumoai/cli 1.4.0 → 1.5.1

package/dist/cli/src/lib/format.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.formatTaskListTable = formatTaskListTable;
+const sanitize_1 = require("./sanitize");
 /**
  * Render a task list as a fixed-width table. Each row:
  *   LUM-42  IN_PROGRESS  HIGH    project-name   Title here
@@ -14,8 +15,8 @@ function formatTaskListTable(tasks) {
         identifier: `${t.teamIdentifier}-${t.number}`,
         status: t.status,
         priority: t.priority,
-        project: t.project.name,
-        title: t.title,
+        project: (0, sanitize_1.sanitizeField)(t.project.name),
+        title: (0, sanitize_1.sanitizeField)(t.title),
     }));
     const widths = {
         identifier: Math.max(...rows.map(r => r.identifier.length)),

package/dist/cli/src/lib/hook-runner.js

@@ -6,6 +6,8 @@ exports.runHookWithBody = runHookWithBody;
 const config_1 = require("./config");
 const api_1 = require("./api");
 const hook_log_1 = require("./hook-log");
+const sanitize_1 = require("./sanitize");
+const agent_1 = require("./agent");
 /**
  * Hard timeout for the hook POST. On timeout the request is aborted,
  * logged, and `runHook` exits 0 — Claude Code is never blocked beyond
@@ -70,7 +72,7 @@ function formatHookStdoutLines(path, responseBody) {
     const sessionId = body.sessionId;
     const tb = body.taskBinding;
     if (tb && tb.bound === true) {
-        lines.push(`[Lumo] session_id=${sessionId} | 当前任务: ${tb.taskIdentifier} - ${tb.taskTitle}`);
+        lines.push(`[Lumo] session_id=${sessionId} | 当前任务: ${tb.taskIdentifier} - ${(0, sanitize_1.sanitizeField)(tb.taskTitle ?? '')}`);
     }
     else if (tb && tb.bound === false) {
         lines.push(`[Lumo] session_id=${sessionId} | 当前未绑定任务。请告诉我你要处理的任务编号（如 LUM-42），或说"跳过"。`);
@@ -92,16 +94,16 @@ function formatHookStdoutLines(path, responseBody) {
  *
  * This function NEVER throws and NEVER rejects.
  */
-async function runHook(path) {
+async function runHook(path, agentToken) {
     const body = await readStdin();
-    return runHookWithBody(path, body);
+    return runHookWithBody(path, body, agentToken);
 }
 /**
  * Test-friendly worker. Takes the hook body as an argument so tests can
  * exercise the side-effect logic without poking process.stdin. Production
  * code always goes through `runHook`, which feeds it real stdin.
  */
-async function runHookWithBody(path, body) {
+async function runHookWithBody(path, body, agentToken) {
     try {
         const creds = (0, config_1.readCredentials)();
         if (!creds) {
@@ -111,18 +113,32 @@ async function runHookWithBody(path, body) {
         // Allow `LUMO_API_URL` to override the baked-in creds.apiUrl for
         // redirecting hooks at dev-env switch without re-running `lumo auth
         // login`. The bearer token from creds.json is still used as-is.
-        const envUrl = process.env.LUMO_API_URL?.trim();
-        const apiUrl = envUrl && envUrl.length > 0 ? envUrl : creds.apiUrl;
+        // An insecure override (non-https, non-localhost) throws here and is
+        // caught by the outer try/catch → logged, POST skipped, hook still exits 0.
+        // The host-mismatch warning goes to hook.log (never stdout, which would
+        // pollute Claude Code).
+        const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl, {
+            warn: message => (0, hook_log_1.logHookError)(`[${path}]`, message),
+        });
         const url = `${(0, api_1.trimTrailingSlash)(apiUrl)}/api/hooks/${path}`;
         const controller = new AbortController();
         const timer = setTimeout(() => controller.abort(), TIMEOUT_MS);
+        // Tell the server which coding agent produced this hook. The token is
+        // baked into the hook command at `lumo setup --agent <token>`; we send
+        // the normalized enum so the server can record it on the session. An
+        // unrecognized/absent token is dropped — the server then falls back to
+        // its default (CLAUDE_CODE).
+        const headers = {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${creds.token}`,
+        };
+        const agentEnum = agentToken ? (0, agent_1.normalizeAgent)(agentToken) : null;
+        if (agentEnum)
+            headers['X-Lumo-Agent'] = agentEnum;
         try {
             const res = await fetch(url, {
                 method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    Authorization: `Bearer ${creds.token}`,
-                },
+                headers,
                 body: body || '{}',
                 signal: controller.signal,
             });

package/dist/cli/src/lib/hooks-template.js

@@ -35,35 +35,80 @@ exports.LUMO_HOOK_EVENTS = [
     ['CwdChanged', 'cwd-changed'],
     ['InstructionsLoaded', 'instructions-loaded'],
 ];
+/** Default agent token baked into the hook commands when none is given. */
+const DEFAULT_AGENT_TOKEN = 'claude-code';
+/**
+ * A hook command belongs to Lumo when it is exactly `lumo hook <slug>` or
+ * carries trailing flags (`lumo hook <slug> --agent codex`). We match on the
+ * prefix so a re-run can recognize — and rewrite — an entry baked with a
+ * different (or no) `--agent` token.
+ */
+function isLumoHookCommand(command, slug) {
+    return (command === `lumo hook ${slug}` || command.startsWith(`lumo hook ${slug} `));
+}
 // Build the settings.json fragment we want to install. We do not use a
 // matcher because the Lumo hook handlers ingest every event of a given type;
 // adding a matcher would silently drop events that have no `tool_name` (e.g.
 // SessionStart). Keep this in step with cli/src/commands/hook.ts dispatch.
-function buildLumoHookFragment() {
+//
+// `agentToken` is baked into every command (`lumo hook <slug> --agent
+// <token>`) so the hook tells the server which coding agent owns the session.
+function buildLumoHookFragment(agentToken = DEFAULT_AGENT_TOKEN) {
     const hooks = {};
     for (const [event, slug] of exports.LUMO_HOOK_EVENTS) {
         hooks[event] = [
-            { hooks: [{ type: 'command', command: `lumo hook ${slug}` }] },
+            {
+                hooks: [
+                    {
+                        type: 'command',
+                        command: `lumo hook ${slug} --agent ${agentToken}`,
+                    },
+                ],
+            },
         ];
     }
     return { hooks };
 }
-function mergeLumoHooks(existing) {
+function mergeLumoHooks(existing, agentToken = DEFAULT_AGENT_TOKEN) {
     const base = existing
         ? JSON.parse(JSON.stringify(existing))
         : {};
     if (!base.hooks)
         base.hooks = {};
-    const stats = { addedEvents: [], alreadyPresent: [] };
+    const stats = {
+        addedEvents: [],
+        alreadyPresent: [],
+        updatedEvents: [],
+    };
     for (const [event, slug] of exports.LUMO_HOOK_EVENTS) {
-        const ourCmd = `lumo hook ${slug}`;
+        const ourCmd = `lumo hook ${slug} --agent ${agentToken}`;
         const groups = base.hooks[event] ?? [];
-        const present = groups.some(g => Array.isArray(g.hooks) && g.hooks.some(h => h.command === ourCmd));
-        if (present) {
+        let exact = false;
+        let rewritten = false;
+        for (const g of groups) {
+            if (!Array.isArray(g.hooks))
+                continue;
+            for (const h of g.hooks) {
+                if (h.command === ourCmd) {
+                    exact = true;
+                }
+                else if (isLumoHookCommand(h.command, slug)) {
+                    // legacy flagless or a different agent token — bring it up to date
+                    h.command = ourCmd;
+                    rewritten = true;
+                }
+            }
+        }
+        if (exact) {
             stats.alreadyPresent.push(event);
             base.hooks[event] = groups;
             continue;
         }
+        if (rewritten) {
+            stats.updatedEvents.push(event);
+            base.hooks[event] = groups;
+            continue;
+        }
         base.hooks[event] = [
             ...groups,
             { hooks: [{ type: 'command', command: ourCmd }] },

package/dist/cli/src/lib/memory-content.js

@@ -0,0 +1,88 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildMemoryContent = buildMemoryContent;
+exports.formatMemoryList = formatMemoryList;
+// Category/field metadata + builders for the `lumo memory` commands.
+// Mirrors the four content shapes validated server-side by parseMemoryContent.
+const sanitize_1 = require("./sanitize");
+const trimmed = (v) => (v ?? '').trim();
+/**
+ * Validate the per-category flags and assemble { category, content }. Required
+ * fields must be non-empty; optional string fields are dropped when blank;
+ * `--applies` maps to convention `content.scope`; repeated `--step` becomes a
+ * trimmed, empty-filtered `steps` array (omitted when empty).
+ */
+function buildMemoryContent(category, flags) {
+    const cat = category?.toLowerCase();
+    switch (cat) {
+        case 'trap': {
+            const trigger = trimmed(flags.trigger);
+            const outcome = trimmed(flags.outcome);
+            const workaround = trimmed(flags.workaround);
+            if (!trigger)
+                return { ok: false, error: '--trigger is required for category trap.' };
+            if (!outcome)
+                return { ok: false, error: '--outcome is required for category trap.' };
+            return { ok: true, category: 'TRAP', content: { trigger, outcome, ...(workaround ? { workaround } : {}) } };
+        }
+        case 'decision': {
+            const what = trimmed(flags.what);
+            const why = trimmed(flags.why);
+            const alternatives = trimmed(flags.alternatives);
+            const implications = trimmed(flags.implications);
+            if (!what)
+                return { ok: false, error: '--what is required for category decision.' };
+            if (!why)
+                return { ok: false, error: '--why is required for category decision.' };
+            return {
+                ok: true,
+                category: 'DECISION',
+                content: { what, why, ...(alternatives ? { alternatives } : {}), ...(implications ? { implications } : {}) },
+            };
+        }
+        case 'convention': {
+            const rule = trimmed(flags.rule);
+            const applies = trimmed(flags.applies);
+            if (!rule)
+                return { ok: false, error: '--rule is required for category convention.' };
+            if (!applies)
+                return { ok: false, error: '--applies is required for category convention (where the rule applies).' };
+            return { ok: true, category: 'CONVENTION', content: { rule, scope: applies } };
+        }
+        case 'procedural': {
+            const workflow = trimmed(flags.workflow);
+            const trigger = trimmed(flags.trigger);
+            const steps = (flags.step ?? []).map(s => s.trim()).filter(Boolean);
+            if (!workflow)
+                return { ok: false, error: '--workflow is required for category procedural.' };
+            if (!trigger)
+                return { ok: false, error: '--trigger is required for category procedural.' };
+            return { ok: true, category: 'PROCEDURAL', content: { workflow, trigger, ...(steps.length ? { steps } : {}) } };
+        }
+        default:
+            return { ok: false, error: `Unknown --category "${category}". Use trap | decision | convention | procedural.` };
+    }
+}
+function headline(category, content) {
+    const c = (content ?? {});
+    const key = category === 'TRAP' ? 'trigger'
+        : category === 'DECISION' ? 'what'
+            : category === 'CONVENTION' ? 'rule'
+                : 'workflow';
+    const v = c[key];
+    return typeof v === 'string' && v.length > 0 ? (0, sanitize_1.sanitizeField)(v) : '(unparseable)';
+}
+/** Fixed-width rows: id  SCOPE  CATEGORY  headline  source(auto|manual). */
+function formatMemoryList(rows) {
+    if (rows.length === 0)
+        return 'No memories.';
+    const idW = Math.max(...rows.map(r => r.id.length));
+    const scopeW = Math.max(...rows.map(r => r.scope.length));
+    const catW = Math.max(...rows.map(r => r.category.length));
+    return rows
+        .map(r => {
+        const src = r.createdByMemberId ? 'manual' : 'auto';
+        return `${r.id.padEnd(idW)}  ${r.scope.padEnd(scopeW)}  ${r.category.padEnd(catW)}  ${headline(r.category, r.content)}  ${src}`;
+    })
+        .join('\n');
+}

package/dist/cli/src/lib/path-guard.js

@@ -0,0 +1,125 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.matchSensitiveName = matchSensitiveName;
+exports.checkArtifactFilePath = checkArtifactFilePath;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const SENSITIVE_SEGMENTS = ['.ssh', '.aws', '.gnupg'];
+const SENSITIVE_BASENAMES = [
+    'id_rsa',
+    'id_dsa',
+    'id_ecdsa',
+    'id_ed25519',
+    'credentials',
+    '.npmrc',
+    '.netrc',
+    '.pgpass',
+    '.htpasswd',
+];
+const SENSITIVE_EXTENSIONS = ['.pem', '.key', '.pfx', '.p12'];
+/**
+ * Pure denylist check. Returns a human-readable reason when the path looks
+ * like a secret, or null when it is acceptable. Matches the basename
+ * (case-insensitive) and path segments; no filesystem access.
+ */
+function matchSensitiveName(p) {
+    const segments = p.split(/[\\/]+/).filter(Boolean);
+    for (const seg of segments) {
+        if (SENSITIVE_SEGMENTS.includes(seg.toLowerCase())) {
+            return `path contains ${seg}`;
+        }
+    }
+    const base = (segments[segments.length - 1] ?? '').toLowerCase();
+    if (base === '.env' || base.startsWith('.env.'))
+        return 'matches .env';
+    if (SENSITIVE_BASENAMES.includes(base))
+        return `matches ${base}`;
+    for (const ext of SENSITIVE_EXTENSIONS) {
+        if (base.endsWith(ext))
+            return `matches *${ext}`;
+    }
+    return null;
+}
+/**
+ * Decide whether `rawPath` is safe to read and upload as an artifact body.
+ * Two layers: (1) it must resolve to a real path inside the project directory
+ * (cwd), and (2) neither the raw nor the canonical path may match the
+ * sensitive-filename denylist. realpath defeats symlinks that escape the tree.
+ * NOTE: there is a TOCTOU window between this check and the caller's read;
+ * the caller reads the returned canonical `resolved` path to narrow it.
+ */
+function checkArtifactFilePath(rawPath, deps) {
+    const cwd = deps?.cwd ?? process.cwd;
+    const realpath = deps?.realpath ?? fs.realpathSync;
+    // 1. Fail fast on the raw path (no fs access).
+    const rawHit = matchSensitiveName(rawPath);
+    if (rawHit)
+        return { ok: false, reason: 'sensitive', detail: rawHit };
+    const root = cwd();
+    const absolute = path.resolve(root, rawPath);
+    // 2. Canonicalize. realpath throws if the path does not exist / is unreadable.
+    let resolved;
+    let rootReal;
+    try {
+        resolved = realpath(absolute);
+        rootReal = realpath(root);
+    }
+    catch {
+        return { ok: false, reason: 'unreadable', detail: 'path does not resolve' };
+    }
+    // 3. Re-check the denylist on the canonical path (catches innocent-looking
+    //    symlinks pointing at a secret).
+    const canonHit = matchSensitiveName(resolved);
+    if (canonHit)
+        return { ok: false, reason: 'sensitive', detail: canonHit };
+    // The path must be a file inside the project, not the project root itself.
+    if (resolved === rootReal) {
+        return {
+            ok: false,
+            reason: 'outside-project',
+            detail: 'path resolves to the project root, not a file',
+        };
+    }
+    // 4. Confinement: the canonical path must be inside the project root.
+    if (resolved !== rootReal && !resolved.startsWith(rootReal + path.sep)) {
+        return {
+            ok: false,
+            reason: 'outside-project',
+            detail: 'resolves outside project directory',
+        };
+    }
+    return { ok: true, resolved };
+}

package/dist/cli/src/lib/resolve-bound-task.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveBoundTaskIdentifier = resolveBoundTaskIdentifier;
+const api_1 = require("./api");
+/**
+ * The task identifier (LUM-N) the current Claude Code session is bound to, or
+ * null when there is no session env, no server-side session row, or no binding.
+ * Used by the memory commands to default their target to the bound task.
+ */
+async function resolveBoundTaskIdentifier(apiUrl, token) {
+    const sessionId = process.env.CLAUDE_CODE_SESSION_ID;
+    if (!sessionId)
+        return null;
+    const url = `${(0, api_1.trimTrailingSlash)(apiUrl)}/api/sessions/${encodeURIComponent(sessionId)}`;
+    let res;
+    try {
+        res = await fetch(url, { headers: { Authorization: `Bearer ${token}` } });
+    }
+    catch {
+        return null;
+    }
+    if (!res.ok)
+        return null;
+    try {
+        const data = (await res.json());
+        return data.taskIdentifier ?? null;
+    }
+    catch {
+        return null;
+    }
+}

package/dist/cli/src/lib/resolve-doc-id.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.lookupDocId = lookupDocId;
 const api_1 = require("./api");
 const resolve_doc_1 = require("./resolve-doc");
+const sanitize_1 = require("./sanitize");
 /**
  * Resolve a user-typed doc reference (cuid OR case-insensitive title) to a
  * document id. Fetches GET /api/documents to perform a title lookup when
@@ -25,7 +26,7 @@ async function lookupDocId(apiUrl, token, reference) {
     if (result.kind === 'ambiguous') {
         console.error(`Error: title "${reference}" matches ${result.candidates.length} docs:`);
         for (const c of result.candidates) {
-            console.error(`  ${c.id}  ${c.title}`);
+            console.error(`  ${c.id}  ${(0, sanitize_1.sanitizeField)(c.title)}`);
         }
         console.error('Re-run with the cuid.');
         return null;

package/dist/cli/src/lib/resolve-member.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.fetchMembers = fetchMembers;
 exports.resolveMember = resolveMember;
 const api_1 = require("./api");
+const sanitize_1 = require("./sanitize");
 /**
  * Fetch the workspace member directory once. Used by doc-share commands to
  * resolve a free-form member ref → memberId locally, because the document
@@ -16,7 +17,7 @@ async function fetchMembers(apiUrl, token) {
     });
     if (!res.ok) {
         const text = await res.text();
-        throw new Error(`failed to load members (${res.status} ${res.statusText}): ${text}`);
+        throw new Error(`failed to load members (${res.status} ${res.statusText}): ${(0, sanitize_1.sanitizeField)(text)}`);
     }
     const body = (await res.json());
     return body.members.map(m => ({

package/dist/cli/src/lib/resolve-project.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveBoundProjectId = resolveBoundProjectId;
+const api_1 = require("./api");
+/** Resolve the project id of the task bound to this session (via its identifier). */
+async function resolveBoundProjectId(apiUrl, token, boundIdentifier) {
+    const base = (0, api_1.trimTrailingSlash)(apiUrl);
+    let res;
+    try {
+        res = await fetch(`${base}/api/tasks/by-identifier/${encodeURIComponent(boundIdentifier)}`, {
+            headers: { Authorization: `Bearer ${token}` },
+        });
+    }
+    catch (err) {
+        return { ok: false, error: `could not reach Lumo API (${err instanceof Error ? err.message : String(err)})` };
+    }
+    if (!res.ok)
+        return { ok: false, error: `could not resolve bound task ${boundIdentifier} (HTTP ${res.status})` };
+    const { task } = (await res.json());
+    const id = task.project?.id;
+    if (!id)
+        return { ok: false, error: `bound task ${boundIdentifier} has no resolvable project` };
+    return { ok: true, id };
+}

package/dist/cli/src/lib/sanitize.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeField = sanitizeField;
+// Matches C0 control chars EXCEPT tab (\x09) and newline (\x0a), DEL (\x7f),
+// and the C1 control range (\x80-\x9f). Includes ESC (\x1b) and the 8-bit CSI
+// introducer (\x9b) — both ANSI escape-sequence injection vectors. U+0080-U+009F
+// are never legitimate visible text, so stripping them is safe.
+const CONTROL_CHARS = /[\x00-\x08\x0b-\x1f\x7f-\x9f]/g;
+/**
+ * Strip terminal control characters from untrusted, server-returned fields
+ * before printing them, to prevent ANSI escape-sequence injection. Tab and
+ * newline are preserved so fixed-width tables and multi-line bodies render
+ * correctly. Callers handle optional values, e.g. `sanitizeField(name ?? '')`.
+ */
+function sanitizeField(value) {
+    return value.replace(CONTROL_CHARS, '');
+}

package/dist/cli/src/lib/tag-resolver.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.resolveTagRefs = resolveTagRefs;
 const api_1 = require("./api");
+const sanitize_1 = require("./sanitize");
 async function resolveTagRefs(refs, deps) {
     const fetchImpl = deps.fetchImpl ?? fetch;
     // Trim + reject empty
@@ -36,7 +37,7 @@ async function resolveTagRefs(refs, deps) {
         });
         if (!res.ok) {
             const body = await res.text();
-            throw new Error(`tag resolve failed: ${res.status} ${res.statusText}: ${body}`);
+            throw new Error(`tag resolve failed: ${res.status} ${res.statusText}: ${(0, sanitize_1.sanitizeField)(body)}`);
         }
         const json = (await res.json());
         nameIds = json.tags.map(t => t.id);

package/dist/cli/src/lib/update-check.js

@@ -40,10 +40,10 @@ exports.maybeRefreshInBackground = maybeRefreshInBackground;
 exports.runBackgroundRefresh = runBackgroundRefresh;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const os = __importStar(require("os"));
 const https = __importStar(require("https"));
 const child_process_1 = require("child_process");
-const CACHE_FILE = path.join(process.env.LUMO_CONFIG_DIR || path.join(os.homedir(), '.lumo'), 'update-check.json');
+const config_1 = require("./config");
+const CACHE_FILE = path.join((0, config_1.configDir)(), 'update-check.json');
 const CHECK_INTERVAL_MS = 1000 * 60 * 60 * 24;
 function readCache() {
     try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lumoai/cli",
-  "version": "1.4.0",
+  "version": "1.5.1",
   "description": "Lumo CLI — manage tasks and sessions from the terminal",
   "license": "MIT",
   "author": "cli@uselumo.ai",