@lumoai/cli 1.5.0 → 1.5.1

package/dist/cli/src/lib/api.js

@@ -1,12 +1,92 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.assertSafeApiUrl = assertSafeApiUrl;
+exports.hostMismatchWarning = hostMismatchWarning;
+exports.resolveAuthedApiUrl = resolveAuthedApiUrl;
 exports.resolveApiUrl = resolveApiUrl;
 exports.trimTrailingSlash = trimTrailingSlash;
 exports.verifyToken = verifyToken;
 const DEFAULT_API_URL = 'https://www.uselumo.ai';
+// Hostnames allowed to use plaintext http:// — local dev only. Everything
+// else MUST be https:// so the Bearer token is never sent in the clear.
+// `URL.hostname` returns IPv6 literals wrapped in brackets, so `::1` appears
+// as `[::1]`.
+const LOCALHOST_HOSTNAMES = new Set([
+    'localhost',
+    '127.0.0.1',
+    '::1',
+    '[::1]',
+]);
+/**
+ * Throw if `url` is not a safe target for sending the API token.
+ *
+ * The CLI attaches a `Bearer` token (and the hook runner POSTs full session
+ * content) to whatever `LUMO_API_URL` resolves to. An attacker who can set
+ * that env var could otherwise exfiltrate the token / session stream by
+ * pointing it at their own host, or downgrade to http:// to sniff it in
+ * plaintext. We therefore require https://, with an http:// exception for
+ * localhost so local dev still works.
+ */
+function assertSafeApiUrl(url) {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        throw new Error(`Invalid LUMO_API_URL: "${url}" is not a valid URL`);
+    }
+    if (parsed.protocol === 'https:')
+        return;
+    if (parsed.protocol === 'http:' && LOCALHOST_HOSTNAMES.has(parsed.hostname)) {
+        return;
+    }
+    throw new Error(`Refusing to use insecure API URL "${url}": only https:// is allowed ` +
+        `(http:// permitted for localhost only). This protects your API token ` +
+        `and session data from being sent in plaintext or to an untrusted host.`);
+}
+/**
+ * Return a prominent warning when the resolved API host differs from the host
+ * the credentials were issued for, otherwise null. Compares hostname only
+ * (case-insensitive, courtesy of URL parsing). Used to warn-then-send: a host
+ * change is suspicious (possible token exfiltration) but intentional dev/env
+ * redirects are legitimate, so we surface it rather than block.
+ */
+function hostMismatchWarning(resolvedUrl, credsApiUrl) {
+    let resolvedHost;
+    let credsHost;
+    try {
+        resolvedHost = new URL(resolvedUrl).hostname;
+        credsHost = new URL(credsApiUrl).hostname;
+    }
+    catch {
+        return null;
+    }
+    if (resolvedHost === credsHost)
+        return null;
+    return (`⚠ LUMO_API_URL points at "${resolvedHost}" but your credentials were ` +
+        `issued for "${credsHost}". Your API token will be sent there. If you did ` +
+        `not set this, your token may be exfiltrated — unset LUMO_API_URL.`);
+}
+/**
+ * Resolve the API URL for an authenticated command: prefer a non-empty
+ * `LUMO_API_URL` override, else the baked-in `credsApiUrl`. The resolved URL
+ * is validated (throws on an insecure target) and any host-mismatch warning is
+ * routed to `opts.warn` (defaults to stderr via console.error).
+ */
+function resolveAuthedApiUrl(credsApiUrl, opts) {
+    const envUrl = process.env.LUMO_API_URL?.trim();
+    const apiUrl = envUrl && envUrl.length > 0 ? envUrl : credsApiUrl;
+    assertSafeApiUrl(apiUrl);
+    const warning = hostMismatchWarning(apiUrl, credsApiUrl);
+    if (warning)
+        (opts?.warn ?? ((m) => console.error(m)))(warning);
+    return apiUrl;
+}
 function resolveApiUrl() {
     const url = process.env.LUMO_API_URL?.trim();
-    return url && url.length > 0 ? url : DEFAULT_API_URL;
+    const resolved = url && url.length > 0 ? url : DEFAULT_API_URL;
+    assertSafeApiUrl(resolved);
+    return resolved;
 }
 function trimTrailingSlash(url) {
     return url.replace(/\/+$/, '');

package/dist/cli/src/lib/config.js

@@ -33,6 +33,7 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.configDir = configDir;
 exports.credentialsPath = credentialsPath;
 exports.readCredentials = readCredentials;
 exports.writeCredentials = writeCredentials;
@@ -41,7 +42,7 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
 function configDir() {
-    return path.join(os.homedir(), '.lumo');
+    return process.env.LUMO_CONFIG_DIR || path.join(os.homedir(), '.lumo');
 }
 function credentialsPath() {
     return path.join(configDir(), 'credentials.json');

package/dist/cli/src/lib/doc-input.js

@@ -37,6 +37,7 @@ exports.resolveDocContent = resolveDocContent;
 exports.readStdinToString = readStdinToString;
 exports.readFileUtf8 = readFileUtf8;
 const fs = __importStar(require("fs"));
+const path_guard_1 = require("./path-guard");
 /**
  * Pick one of --content / --file / stdin as the markdown source.
  * Explicit flags win: if --content or --file is set, stdin is ignored
@@ -56,7 +57,17 @@ async function resolveDocContent(args) {
     if (hasContent)
         return { kind: 'ok', markdown: args.content };
     if (hasFile) {
-        const text = await args.readFile(args.file);
+        const check = (args.checkFilePath ?? path_guard_1.checkArtifactFilePath)(args.file);
+        if (!check.ok) {
+            return {
+                kind: 'error',
+                message: check.reason === 'unreadable'
+                    ? `could not read file ${args.file}`
+                    : `refusing to read ${args.file} — ${check.detail}. ` +
+                        `--file must be a non-sensitive path inside the project directory.`,
+            };
+        }
+        const text = await args.readFile(check.resolved);
         return { kind: 'ok', markdown: text };
     }
     if (!args.stdinIsTTY) {

package/dist/cli/src/lib/figma-api.js

@@ -18,7 +18,7 @@ async function call(path, init) {
     const creds = (0, config_1.readCredentials)();
     if (!creds)
         throw new Error('Not logged in. Run: lumo auth login');
-    const apiUrl = (0, api_1.resolveApiUrl)();
+    const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl);
     const res = await fetch(`${(0, api_1.trimTrailingSlash)(apiUrl)}${path}`, {
         ...init,
         headers: {

package/dist/cli/src/lib/format.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.formatTaskListTable = formatTaskListTable;
+const sanitize_1 = require("./sanitize");
 /**
  * Render a task list as a fixed-width table. Each row:
  *   LUM-42  IN_PROGRESS  HIGH    project-name   Title here
@@ -14,8 +15,8 @@ function formatTaskListTable(tasks) {
         identifier: `${t.teamIdentifier}-${t.number}`,
         status: t.status,
         priority: t.priority,
-        project: t.project.name,
-        title: t.title,
+        project: (0, sanitize_1.sanitizeField)(t.project.name),
+        title: (0, sanitize_1.sanitizeField)(t.title),
     }));
     const widths = {
         identifier: Math.max(...rows.map(r => r.identifier.length)),

package/dist/cli/src/lib/hook-runner.js

@@ -6,6 +6,8 @@ exports.runHookWithBody = runHookWithBody;
 const config_1 = require("./config");
 const api_1 = require("./api");
 const hook_log_1 = require("./hook-log");
+const sanitize_1 = require("./sanitize");
+const agent_1 = require("./agent");
 /**
  * Hard timeout for the hook POST. On timeout the request is aborted,
  * logged, and `runHook` exits 0 — Claude Code is never blocked beyond
@@ -70,7 +72,7 @@ function formatHookStdoutLines(path, responseBody) {
     const sessionId = body.sessionId;
     const tb = body.taskBinding;
     if (tb && tb.bound === true) {
-        lines.push(`[Lumo] session_id=${sessionId} | 当前任务: ${tb.taskIdentifier} - ${tb.taskTitle}`);
+        lines.push(`[Lumo] session_id=${sessionId} | 当前任务: ${tb.taskIdentifier} - ${(0, sanitize_1.sanitizeField)(tb.taskTitle ?? '')}`);
     }
     else if (tb && tb.bound === false) {
         lines.push(`[Lumo] session_id=${sessionId} | 当前未绑定任务。请告诉我你要处理的任务编号（如 LUM-42），或说"跳过"。`);
@@ -92,16 +94,16 @@ function formatHookStdoutLines(path, responseBody) {
  *
  * This function NEVER throws and NEVER rejects.
  */
-async function runHook(path) {
+async function runHook(path, agentToken) {
     const body = await readStdin();
-    return runHookWithBody(path, body);
+    return runHookWithBody(path, body, agentToken);
 }
 /**
  * Test-friendly worker. Takes the hook body as an argument so tests can
  * exercise the side-effect logic without poking process.stdin. Production
  * code always goes through `runHook`, which feeds it real stdin.
  */
-async function runHookWithBody(path, body) {
+async function runHookWithBody(path, body, agentToken) {
     try {
         const creds = (0, config_1.readCredentials)();
         if (!creds) {
@@ -111,18 +113,32 @@ async function runHookWithBody(path, body) {
         // Allow `LUMO_API_URL` to override the baked-in creds.apiUrl for
         // redirecting hooks at dev-env switch without re-running `lumo auth
         // login`. The bearer token from creds.json is still used as-is.
-        const envUrl = process.env.LUMO_API_URL?.trim();
-        const apiUrl = envUrl && envUrl.length > 0 ? envUrl : creds.apiUrl;
+        // An insecure override (non-https, non-localhost) throws here and is
+        // caught by the outer try/catch → logged, POST skipped, hook still exits 0.
+        // The host-mismatch warning goes to hook.log (never stdout, which would
+        // pollute Claude Code).
+        const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl, {
+            warn: message => (0, hook_log_1.logHookError)(`[${path}]`, message),
+        });
         const url = `${(0, api_1.trimTrailingSlash)(apiUrl)}/api/hooks/${path}`;
         const controller = new AbortController();
         const timer = setTimeout(() => controller.abort(), TIMEOUT_MS);
+        // Tell the server which coding agent produced this hook. The token is
+        // baked into the hook command at `lumo setup --agent <token>`; we send
+        // the normalized enum so the server can record it on the session. An
+        // unrecognized/absent token is dropped — the server then falls back to
+        // its default (CLAUDE_CODE).
+        const headers = {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${creds.token}`,
+        };
+        const agentEnum = agentToken ? (0, agent_1.normalizeAgent)(agentToken) : null;
+        if (agentEnum)
+            headers['X-Lumo-Agent'] = agentEnum;
         try {
             const res = await fetch(url, {
                 method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    Authorization: `Bearer ${creds.token}`,
-                },
+                headers,
                 body: body || '{}',
                 signal: controller.signal,
             });

package/dist/cli/src/lib/hooks-template.js

@@ -35,35 +35,80 @@ exports.LUMO_HOOK_EVENTS = [
     ['CwdChanged', 'cwd-changed'],
     ['InstructionsLoaded', 'instructions-loaded'],
 ];
+/** Default agent token baked into the hook commands when none is given. */
+const DEFAULT_AGENT_TOKEN = 'claude-code';
+/**
+ * A hook command belongs to Lumo when it is exactly `lumo hook <slug>` or
+ * carries trailing flags (`lumo hook <slug> --agent codex`). We match on the
+ * prefix so a re-run can recognize — and rewrite — an entry baked with a
+ * different (or no) `--agent` token.
+ */
+function isLumoHookCommand(command, slug) {
+    return (command === `lumo hook ${slug}` || command.startsWith(`lumo hook ${slug} `));
+}
 // Build the settings.json fragment we want to install. We do not use a
 // matcher because the Lumo hook handlers ingest every event of a given type;
 // adding a matcher would silently drop events that have no `tool_name` (e.g.
 // SessionStart). Keep this in step with cli/src/commands/hook.ts dispatch.
-function buildLumoHookFragment() {
+//
+// `agentToken` is baked into every command (`lumo hook <slug> --agent
+// <token>`) so the hook tells the server which coding agent owns the session.
+function buildLumoHookFragment(agentToken = DEFAULT_AGENT_TOKEN) {
     const hooks = {};
     for (const [event, slug] of exports.LUMO_HOOK_EVENTS) {
         hooks[event] = [
-            { hooks: [{ type: 'command', command: `lumo hook ${slug}` }] },
+            {
+                hooks: [
+                    {
+                        type: 'command',
+                        command: `lumo hook ${slug} --agent ${agentToken}`,
+                    },
+                ],
+            },
         ];
     }
     return { hooks };
 }
-function mergeLumoHooks(existing) {
+function mergeLumoHooks(existing, agentToken = DEFAULT_AGENT_TOKEN) {
     const base = existing
         ? JSON.parse(JSON.stringify(existing))
         : {};
     if (!base.hooks)
         base.hooks = {};
-    const stats = { addedEvents: [], alreadyPresent: [] };
+    const stats = {
+        addedEvents: [],
+        alreadyPresent: [],
+        updatedEvents: [],
+    };
     for (const [event, slug] of exports.LUMO_HOOK_EVENTS) {
-        const ourCmd = `lumo hook ${slug}`;
+        const ourCmd = `lumo hook ${slug} --agent ${agentToken}`;
         const groups = base.hooks[event] ?? [];
-        const present = groups.some(g => Array.isArray(g.hooks) && g.hooks.some(h => h.command === ourCmd));
-        if (present) {
+        let exact = false;
+        let rewritten = false;
+        for (const g of groups) {
+            if (!Array.isArray(g.hooks))
+                continue;
+            for (const h of g.hooks) {
+                if (h.command === ourCmd) {
+                    exact = true;
+                }
+                else if (isLumoHookCommand(h.command, slug)) {
+                    // legacy flagless or a different agent token — bring it up to date
+                    h.command = ourCmd;
+                    rewritten = true;
+                }
+            }
+        }
+        if (exact) {
             stats.alreadyPresent.push(event);
             base.hooks[event] = groups;
             continue;
         }
+        if (rewritten) {
+            stats.updatedEvents.push(event);
+            base.hooks[event] = groups;
+            continue;
+        }
         base.hooks[event] = [
             ...groups,
             { hooks: [{ type: 'command', command: ourCmd }] },

package/dist/cli/src/lib/memory-content.js

@@ -1,9 +1,10 @@
 "use strict";
-// Category/field metadata + builders for the `lumo memory` commands.
-// Mirrors the four content shapes validated server-side by parseMemoryContent.
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.buildMemoryContent = buildMemoryContent;
 exports.formatMemoryList = formatMemoryList;
+// Category/field metadata + builders for the `lumo memory` commands.
+// Mirrors the four content shapes validated server-side by parseMemoryContent.
+const sanitize_1 = require("./sanitize");
 const trimmed = (v) => (v ?? '').trim();
 /**
  * Validate the per-category flags and assemble { category, content }. Required
@@ -69,7 +70,7 @@ function headline(category, content) {
             : category === 'CONVENTION' ? 'rule'
                 : 'workflow';
     const v = c[key];
-    return typeof v === 'string' && v.length > 0 ? v : '(unparseable)';
+    return typeof v === 'string' && v.length > 0 ? (0, sanitize_1.sanitizeField)(v) : '(unparseable)';
 }
 /** Fixed-width rows: id  SCOPE  CATEGORY  headline  source(auto|manual). */
 function formatMemoryList(rows) {

package/dist/cli/src/lib/path-guard.js

@@ -0,0 +1,125 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.matchSensitiveName = matchSensitiveName;
+exports.checkArtifactFilePath = checkArtifactFilePath;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const SENSITIVE_SEGMENTS = ['.ssh', '.aws', '.gnupg'];
+const SENSITIVE_BASENAMES = [
+    'id_rsa',
+    'id_dsa',
+    'id_ecdsa',
+    'id_ed25519',
+    'credentials',
+    '.npmrc',
+    '.netrc',
+    '.pgpass',
+    '.htpasswd',
+];
+const SENSITIVE_EXTENSIONS = ['.pem', '.key', '.pfx', '.p12'];
+/**
+ * Pure denylist check. Returns a human-readable reason when the path looks
+ * like a secret, or null when it is acceptable. Matches the basename
+ * (case-insensitive) and path segments; no filesystem access.
+ */
+function matchSensitiveName(p) {
+    const segments = p.split(/[\\/]+/).filter(Boolean);
+    for (const seg of segments) {
+        if (SENSITIVE_SEGMENTS.includes(seg.toLowerCase())) {
+            return `path contains ${seg}`;
+        }
+    }
+    const base = (segments[segments.length - 1] ?? '').toLowerCase();
+    if (base === '.env' || base.startsWith('.env.'))
+        return 'matches .env';
+    if (SENSITIVE_BASENAMES.includes(base))
+        return `matches ${base}`;
+    for (const ext of SENSITIVE_EXTENSIONS) {
+        if (base.endsWith(ext))
+            return `matches *${ext}`;
+    }
+    return null;
+}
+/**
+ * Decide whether `rawPath` is safe to read and upload as an artifact body.
+ * Two layers: (1) it must resolve to a real path inside the project directory
+ * (cwd), and (2) neither the raw nor the canonical path may match the
+ * sensitive-filename denylist. realpath defeats symlinks that escape the tree.
+ * NOTE: there is a TOCTOU window between this check and the caller's read;
+ * the caller reads the returned canonical `resolved` path to narrow it.
+ */
+function checkArtifactFilePath(rawPath, deps) {
+    const cwd = deps?.cwd ?? process.cwd;
+    const realpath = deps?.realpath ?? fs.realpathSync;
+    // 1. Fail fast on the raw path (no fs access).
+    const rawHit = matchSensitiveName(rawPath);
+    if (rawHit)
+        return { ok: false, reason: 'sensitive', detail: rawHit };
+    const root = cwd();
+    const absolute = path.resolve(root, rawPath);
+    // 2. Canonicalize. realpath throws if the path does not exist / is unreadable.
+    let resolved;
+    let rootReal;
+    try {
+        resolved = realpath(absolute);
+        rootReal = realpath(root);
+    }
+    catch {
+        return { ok: false, reason: 'unreadable', detail: 'path does not resolve' };
+    }
+    // 3. Re-check the denylist on the canonical path (catches innocent-looking
+    //    symlinks pointing at a secret).
+    const canonHit = matchSensitiveName(resolved);
+    if (canonHit)
+        return { ok: false, reason: 'sensitive', detail: canonHit };
+    // The path must be a file inside the project, not the project root itself.
+    if (resolved === rootReal) {
+        return {
+            ok: false,
+            reason: 'outside-project',
+            detail: 'path resolves to the project root, not a file',
+        };
+    }
+    // 4. Confinement: the canonical path must be inside the project root.
+    if (resolved !== rootReal && !resolved.startsWith(rootReal + path.sep)) {
+        return {
+            ok: false,
+            reason: 'outside-project',
+            detail: 'resolves outside project directory',
+        };
+    }
+    return { ok: true, resolved };
+}

package/dist/cli/src/lib/resolve-doc-id.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.lookupDocId = lookupDocId;
 const api_1 = require("./api");
 const resolve_doc_1 = require("./resolve-doc");
+const sanitize_1 = require("./sanitize");
 /**
  * Resolve a user-typed doc reference (cuid OR case-insensitive title) to a
  * document id. Fetches GET /api/documents to perform a title lookup when
@@ -25,7 +26,7 @@ async function lookupDocId(apiUrl, token, reference) {
     if (result.kind === 'ambiguous') {
         console.error(`Error: title "${reference}" matches ${result.candidates.length} docs:`);
         for (const c of result.candidates) {
-            console.error(`  ${c.id}  ${c.title}`);
+            console.error(`  ${c.id}  ${(0, sanitize_1.sanitizeField)(c.title)}`);
         }
         console.error('Re-run with the cuid.');
         return null;

package/dist/cli/src/lib/resolve-member.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.fetchMembers = fetchMembers;
 exports.resolveMember = resolveMember;
 const api_1 = require("./api");
+const sanitize_1 = require("./sanitize");
 /**
  * Fetch the workspace member directory once. Used by doc-share commands to
  * resolve a free-form member ref → memberId locally, because the document
@@ -16,7 +17,7 @@ async function fetchMembers(apiUrl, token) {
     });
     if (!res.ok) {
         const text = await res.text();
-        throw new Error(`failed to load members (${res.status} ${res.statusText}): ${text}`);
+        throw new Error(`failed to load members (${res.status} ${res.statusText}): ${(0, sanitize_1.sanitizeField)(text)}`);
     }
     const body = (await res.json());
     return body.members.map(m => ({

package/dist/cli/src/lib/sanitize.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeField = sanitizeField;
+// Matches C0 control chars EXCEPT tab (\x09) and newline (\x0a), DEL (\x7f),
+// and the C1 control range (\x80-\x9f). Includes ESC (\x1b) and the 8-bit CSI
+// introducer (\x9b) — both ANSI escape-sequence injection vectors. U+0080-U+009F
+// are never legitimate visible text, so stripping them is safe.
+const CONTROL_CHARS = /[\x00-\x08\x0b-\x1f\x7f-\x9f]/g;
+/**
+ * Strip terminal control characters from untrusted, server-returned fields
+ * before printing them, to prevent ANSI escape-sequence injection. Tab and
+ * newline are preserved so fixed-width tables and multi-line bodies render
+ * correctly. Callers handle optional values, e.g. `sanitizeField(name ?? '')`.
+ */
+function sanitizeField(value) {
+    return value.replace(CONTROL_CHARS, '');
+}

package/dist/cli/src/lib/tag-resolver.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.resolveTagRefs = resolveTagRefs;
 const api_1 = require("./api");
+const sanitize_1 = require("./sanitize");
 async function resolveTagRefs(refs, deps) {
     const fetchImpl = deps.fetchImpl ?? fetch;
     // Trim + reject empty
@@ -36,7 +37,7 @@ async function resolveTagRefs(refs, deps) {
         });
         if (!res.ok) {
             const body = await res.text();
-            throw new Error(`tag resolve failed: ${res.status} ${res.statusText}: ${body}`);
+            throw new Error(`tag resolve failed: ${res.status} ${res.statusText}: ${(0, sanitize_1.sanitizeField)(body)}`);
         }
         const json = (await res.json());
         nameIds = json.tags.map(t => t.id);

package/dist/cli/src/lib/update-check.js

@@ -40,10 +40,10 @@ exports.maybeRefreshInBackground = maybeRefreshInBackground;
 exports.runBackgroundRefresh = runBackgroundRefresh;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const os = __importStar(require("os"));
 const https = __importStar(require("https"));
 const child_process_1 = require("child_process");
-const CACHE_FILE = path.join(process.env.LUMO_CONFIG_DIR || path.join(os.homedir(), '.lumo'), 'update-check.json');
+const config_1 = require("./config");
+const CACHE_FILE = path.join((0, config_1.configDir)(), 'update-check.json');
 const CHECK_INTERVAL_MS = 1000 * 60 * 60 * 24;
 function readCache() {
     try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lumoai/cli",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "Lumo CLI — manage tasks and sessions from the terminal",
   "license": "MIT",
   "author": "cli@uselumo.ai",