@ornexus/neocortex 4.0.1 → 4.0.2

package/packages/client/dist/cli.js

@@ -1,58 +1,5 @@
 #!/usr/bin/env node
-/**
- * @license FSL-1.1
- * Copyright (c) 2026 OrNexus AI
- *
- * This file is part of Neocortex CLI, licensed under the
- * Functional Source License, Version 1.1 (FSL-1.1).
- *
- * Change Date: February 20, 2029
- * Change License: MIT
- *
- * See the LICENSE file in the project root for full license text.
- */
-/**
- * @neocortex/client - CLI Entry Point
- *
- * Routes subcommands to their respective handlers:
- *   neocortex-client invoke  --args "..."
- *   neocortex-client activate YOUR-LICENSE-KEY
- *   neocortex-client cache-status
- *   neocortex-client --help
- *   neocortex-client --version
- *
- * Story 46.2 - AC1-AC7
- */
-import { readFileSync } from 'node:fs';
-import { fileURLToPath } from 'node:url';
-import { dirname, join } from 'node:path';
-// ── Version Resolution ─────────────────────────────────────────────────────
-function getVersion() {
-    try {
-        // Walk up from dist/cli.js to find the root package.json
-        const thisFile = fileURLToPath(import.meta.url);
-        let dir = dirname(thisFile);
-        // Try up to 5 levels
-        for (let i = 0; i < 5; i++) {
-            try {
-                const pkg = JSON.parse(readFileSync(join(dir, 'package.json'), 'utf-8'));
-                if (pkg.name === '@ornexus/neocortex' || pkg.name === '@neocortex/client') {
-                    return pkg.version ?? '0.0.0';
-                }
-            }
-            catch {
-                // no package.json at this level
-            }
-            dir = dirname(dir);
-        }
-    }
-    catch {
-        // fallback
-    }
-    return '0.0.0';
-}
-// ── Help Text ──────────────────────────────────────────────────────────────
-const HELP_TEXT = `
+import{readFileSync as m}from"node:fs";import{fileURLToPath as u}from"node:url";import{dirname as l,join as g}from"node:path";function f(){try{const t=u(import.meta.url);let o=l(t);for(let s=0;s<5;s++){try{const n=JSON.parse(m(g(o,"package.json"),"utf-8"));if(n.name==="@ornexus/neocortex"||n.name==="@neocortex/client")return n.version??"0.0.0"}catch{}o=l(o)}}catch{}return"0.0.0"}const p=`
 neocortex-client - Neocortex Client CLI
 
 Usage:
@@ -83,112 +30,4 @@ Examples:
   neocortex-client invoke --args "*yolo @docs/stories/1.1.story.md" --format json
   neocortex-client activate NX-PRO-ABC-123
   neocortex-client cache-status
-`.trim();
-// ── Main ───────────────────────────────────────────────────────────────────
-// ── npm Lifecycle Guard ──────────────────────────────────────────────────
-// Epic 67 - Story 67.2: On Windows, npm lifecycle can invoke bin entries
-// with stray arguments like "pm", "install", "postinstall" etc.
-// Silently ignore these to avoid "Unknown command" warnings during npm install.
-const NPM_LIFECYCLE_ARGS = new Set([
-    'pm', 'install', 'postinstall', 'preinstall', 'prepublish',
-    'postpublish', 'preuninstall', 'postuninstall', 'preprepare',
-    'prepare', 'postprepare',
-]);
-async function main() {
-    const args = process.argv.slice(2);
-    const command = args[0];
-    // Silently exit if invoked with npm lifecycle arguments (Epic 67 - Story 67.2)
-    if (command && NPM_LIFECYCLE_ARGS.has(command.toLowerCase())) {
-        process.exit(0);
-    }
-    if (!command || command === '--help' || command === '-h') {
-        console.log(HELP_TEXT);
-        process.exit(0);
-    }
-    if (command === '--version' || command === '-v') {
-        console.log(getVersion());
-        process.exit(0);
-    }
-    const subArgs = args.slice(1);
-    switch (command) {
-        case 'invoke': {
-            const { invokeCliHandler } = await import('./commands/invoke.js');
-            const exitCode = await invokeCliHandler(subArgs);
-            process.exit(exitCode);
-            break;
-        }
-        case 'activate': {
-            const { activate } = await import('./commands/activate.js');
-            // Parse activate args
-            let licenseKey;
-            let serverUrl;
-            let nonInteractive = false;
-            for (let i = 0; i < subArgs.length; i++) {
-                const arg = subArgs[i];
-                if (arg === '--server-url') {
-                    serverUrl = subArgs[++i];
-                }
-                else if (arg === '--non-interactive') {
-                    nonInteractive = true;
-                }
-                else if (arg === '--help' || arg === '-h') {
-                    console.log(HELP_TEXT);
-                    process.exit(0);
-                }
-                else if (!arg.startsWith('-')) {
-                    licenseKey = arg;
-                }
-            }
-            if (!licenseKey) {
-                console.error('Error: License key is required.');
-                console.error('Usage: neocortex-client activate <license-key>');
-                console.error('Example: neocortex-client activate NX-PRO-ABC-123');
-                process.exit(1);
-            }
-            try {
-                const result = await activate({
-                    licenseKey,
-                    serverUrl,
-                    nonInteractive,
-                });
-                if (result.success) {
-                    console.log(result.message);
-                    if (result.tier) {
-                        console.log(`Tier: ${result.tier}`);
-                    }
-                    if (result.configPath) {
-                        console.log(`Config: ${result.configPath}`);
-                    }
-                    process.exit(0);
-                }
-                else {
-                    console.error(result.message);
-                    process.exit(1);
-                }
-            }
-            catch (err) {
-                const message = err instanceof Error ? err.message : String(err);
-                console.error(`Activation failed: ${message}`);
-                process.exit(1);
-            }
-            break;
-        }
-        case 'cache-status': {
-            // cache-status requires initialized circuit breaker and telemetry queue.
-            // For CLI use, we provide a simplified status report.
-            console.log('Cache status requires an active client session.');
-            console.log('Use this command within a running Neocortex client context.');
-            process.exit(0);
-            break;
-        }
-        default: {
-            console.error(`Unknown command: ${command}`);
-            console.error('Run "neocortex-client --help" for usage information.');
-            process.exit(1);
-        }
-    }
-}
-main().catch((err) => {
-    console.error(`Fatal error: ${err instanceof Error ? err.message : String(err)}`);
-    process.exit(1);
-});
+`.trim(),v=new Set(["pm","install","postinstall","preinstall","prepublish","postpublish","preuninstall","postuninstall","preprepare","prepare","postprepare"]);async function h(){const t=process.argv.slice(2),o=t[0];o&&v.has(o.toLowerCase())&&process.exit(0),(!o||o==="--help"||o==="-h")&&(console.log(p),process.exit(0)),(o==="--version"||o==="-v")&&(console.log(f()),process.exit(0));const s=t.slice(1);switch(o){case"invoke":{const{invokeCliHandler:n}=await import("./commands/invoke.js"),i=await n(s);process.exit(i);break}case"activate":{const{activate:n}=await import("./commands/activate.js");let i,c,a=!1;for(let e=0;e<s.length;e++){const r=s[e];r==="--server-url"?c=s[++e]:r==="--non-interactive"?a=!0:r==="--help"||r==="-h"?(console.log(p),process.exit(0)):r.startsWith("-")||(i=r)}i||(console.error("Error: License key is required."),console.error("Usage: neocortex-client activate <license-key>"),console.error("Example: neocortex-client activate NX-PRO-ABC-123"),process.exit(1));try{const e=await n({licenseKey:i,serverUrl:c,nonInteractive:a});e.success?(console.log(e.message),e.tier&&console.log(`Tier: ${e.tier}`),e.configPath&&console.log(`Config: ${e.configPath}`),process.exit(0)):(console.error(e.message),process.exit(1))}catch(e){const r=e instanceof Error?e.message:String(e);console.error(`Activation failed: ${r}`),process.exit(1)}break}case"cache-status":{console.log("Cache status requires an active client session."),console.log("Use this command within a running Neocortex client context."),process.exit(0);break}default:console.error(`Unknown command: ${o}`),console.error('Run "neocortex-client --help" for usage information.'),process.exit(1)}}h().catch(t=>{console.error(`Fatal error: ${t instanceof Error?t.message:String(t)}`),process.exit(1)});

package/packages/client/dist/commands/activate.js

@@ -1,390 +1,8 @@
-/**
- * @license FSL-1.1
- * Copyright (c) 2026 OrNexus AI
- *
- * This file is part of Neocortex CLI, licensed under the
- * Functional Source License, Version 1.1 (FSL-1.1).
- *
- * Change Date: February 20, 2029
- * Change License: MIT
- *
- * See the LICENSE file in the project root for full license text.
- */
-/**
- * @neocortex/client - Activate Command
- *
- * Manages license activation for the Neocortex CLI.
- * Validates license key with the IP Protection Server,
- * caches JWT token, and creates user config file.
- *
- * Story 43.3 - AC1, AC3, AC4, AC5
- */
-import { existsSync, mkdirSync, writeFileSync, readFileSync } from 'node:fs';
-import { join, dirname } from 'node:path';
-import { homedir } from 'node:os';
-import { fileURLToPath } from 'node:url';
-import { LicenseClient } from '../license/license-client.js';
-import { EncryptedCache } from '../cache/encrypted-cache.js';
-import { getMachineFingerprint } from '../machine/fingerprint.js';
-import { updateAgentDescription } from '../agent/update-description.js';
-import { refreshStubs } from '../agent/refresh-stubs.js';
-import { updateAgentYaml } from '../agent/update-agent-yaml.js';
-import { saveSecureConfig, setSecureDirPermissions } from '../config/secure-config.js';
-import { DEFAULT_SERVER_URL } from '../constants.js';
-// ── Version Resolution ────────────────────────────────────────────────────
-function getInstalledVersion() {
-    try {
-        const thisFile = fileURLToPath(import.meta.url);
-        let dir = dirname(thisFile);
-        for (let i = 0; i < 5; i++) {
-            try {
-                const pkg = JSON.parse(readFileSync(join(dir, 'package.json'), 'utf-8'));
-                if (pkg.name === '@ornexus/neocortex' || pkg.name === '@neocortex/client') {
-                    return pkg.version ?? '0.0.0';
-                }
-            }
-            catch { /* no package.json at this level */ }
-            dir = dirname(dir);
-        }
-    }
-    catch { /* fallback */ }
-    return '0.0.0';
-}
-// ── Constants ─────────────────────────────────────────────────────────────
-const CONFIG_DIR = join(homedir(), '.neocortex');
-const CONFIG_FILE = join(CONFIG_DIR, 'config.json');
-// License key format: NX-{F|P|E}-{24 hex}-{4 hex checksum}
-const LICENSE_KEY_PATTERN = /^NX-(F|P|E)-[a-f0-9]+-[a-f0-9]+$/i;
-// API key format: nxk_{24hex}_{4check} (new, P32) or nxk_{tier}_{24hex}_{4check} (legacy)
-const API_KEY_PATTERN = /^nxk_(?:[a-z]+_)?[a-f0-9]+_[a-f0-9]+$/;
-// ── Validation ────────────────────────────────────────────────────────────
-/**
- * Validate license key format.
- * Format: NX-{TIER}-{random}-{random}
- * Tiers: FREE, PRO, ENT
- */
-export function validateLicenseKeyFormat(key) {
-    if (!key || key.trim().length === 0) {
-        return { valid: false, error: 'License key cannot be empty' };
-    }
-    const trimmed = key.trim().toUpperCase();
-    if (!trimmed.startsWith('NX-')) {
-        return { valid: false, error: 'License key must start with "NX-"' };
-    }
-    if (!LICENSE_KEY_PATTERN.test(trimmed)) {
-        return {
-            valid: false,
-            error: 'Invalid license key format. Expected: NX-{TIER}-{ID} (e.g., NX-PRO-ABC-123)',
-        };
-    }
-    return { valid: true };
-}
-/**
- * Validate API key format.
- * Format: nxk_{tier}_{random}_{check}
- */
-export function validateApiKeyFormat(key) {
-    if (!key || key.trim().length === 0) {
-        return { valid: false, error: 'API key cannot be empty' };
-    }
-    const trimmed = key.trim();
-    if (!trimmed.startsWith('nxk_')) {
-        return { valid: false, error: 'API key must start with "nxk_"' };
-    }
-    if (trimmed.length < 20) {
-        return { valid: false, error: 'API key is too short' };
-    }
-    if (!API_KEY_PATTERN.test(trimmed)) {
-        return {
-            valid: false,
-            error: 'Invalid API key format. Expected: nxk_{id}_{check} (e.g., nxk_abc123def456...)',
-        };
-    }
-    return { valid: true };
-}
-// ── Config Management ─────────────────────────────────────────────────────
-/**
- * Load existing user config, if any.
- */
-function loadExistingConfig() {
-    try {
-        if (existsSync(CONFIG_FILE)) {
-            const raw = readFileSync(CONFIG_FILE, 'utf-8');
-            return JSON.parse(raw);
-        }
-    }
-    catch {
-        // Corrupted config - will be overwritten
-    }
-    return null;
-}
-/**
- * Save user config after successful activation.
- * License key is encrypted using machine fingerprint (Story 61.2).
- * File permissions set to 600 (Story 61.4).
- */
-function saveConfig(config) {
-    // Ensure directories exist with secure permissions
-    mkdirSync(CONFIG_DIR, { recursive: true });
-    setSecureDirPermissions(CONFIG_DIR);
-    const cacheDir = join(CONFIG_DIR, 'cache');
-    mkdirSync(cacheDir, { recursive: true });
-    setSecureDirPermissions(cacheDir);
-    if (config.licenseKey || config.apiKey) {
-        // Use secure config writer which encrypts the key
-        saveSecureConfig({
-            serverUrl: config.serverUrl,
-            mode: config.mode,
-            machineId: config.machineId,
-            activatedAt: config.activatedAt,
-            tier: config.tier,
-            licenseKey: (config.licenseKey ?? config.apiKey),
-        });
-    }
-    else {
-        // Fallback: write without key (should not happen in normal flow)
-        const fallbackConfig = { configVersion: 1, ...config };
-        writeFileSync(CONFIG_FILE, JSON.stringify(fallbackConfig, null, 2) + '\n', 'utf-8');
-    }
-}
-// ── Activate Command ──────────────────────────────────────────────────────
-/**
- * Activate a Neocortex license.
- *
- * Flow:
- * 1. Validate license key format
- * 2. Call IP Protection Server to activate
- * 3. Cache JWT token via LicenseClient
- * 4. Create/update ~/.neocortex/config.json
- * 5. Return result with feedback
- */
-export async function activate(options) {
-    const { licenseKey, serverUrl = DEFAULT_SERVER_URL } = options;
-    // 1. Check if key is provided
-    if (!licenseKey) {
-        return {
-            success: false,
-            message: [
-                'No key provided.',
-                '',
-                'Get your license key at https://neocortex.ornexus.com/login',
-                '',
-                'Usage:',
-                '  neocortex activate YOUR-LICENSE-KEY',
-                '  neocortex activate YOUR-API-KEY',
-            ].join('\n'),
-        };
-    }
-    const trimmedKey = licenseKey.trim();
-    // 2. Detect key type: API key (nxk_) or license key (NX-)
-    const isApiKey = trimmedKey.startsWith('nxk_');
-    if (isApiKey) {
-        // ── API Key Activation Flow (Story 22.04) ──────────────────────────
-        const apiValidation = validateApiKeyFormat(trimmedKey);
-        if (!apiValidation.valid) {
-            return {
-                success: false,
-                message: `Invalid API key: ${apiValidation.error}`,
-            };
-        }
-        // Extract tier from API key -- new format has no tier prefix, server returns tier in response
-        const tierMatch = trimmedKey.match(/^nxk_(free|pro|ent)_/);
-        const apiTierMap = { free: 'free', pro: 'pro', ent: 'enterprise' };
-        const tier = tierMatch?.[1] ? (apiTierMap[tierMatch[1]] ?? 'unknown') : 'unknown'; // will be overridden by server response
-        const machineId = getMachineFingerprint();
-        const cliVersion = getInstalledVersion();
-        // Call /api/v1/license/activate-key
-        let response;
-        try {
-            const res = await fetch(`${serverUrl}/api/v1/license/activate-key`, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({
-                    api_key: trimmedKey,
-                    machine_id: machineId,
-                    client_version: cliVersion,
-                }),
-            });
-            if (!res.ok) {
-                const body = await res.json().catch(() => ({}));
-                const errorBody = body;
-                return {
-                    success: false,
-                    message: `API key activation failed: ${errorBody.message ?? `HTTP ${res.status}`}`,
-                };
-            }
-            response = await res.json();
-        }
-        catch {
-            return {
-                success: false,
-                message: [
-                    'Failed to connect to IP Protection Server.',
-                    '',
-                    'Possible causes:',
-                    `  - Server at ${serverUrl} is unreachable`,
-                    '  - Network connectivity issue',
-                    '',
-                    'Workaround: Use --local flag to run in local mode',
-                ].join('\n'),
-            };
-        }
-        const activatedTier = response.tier ?? tier;
-        // Cache JWT token via EncryptedCache
-        const cacheDir = join(CONFIG_DIR, 'cache');
-        try {
-            const encryptedCache = new EncryptedCache({
-                cacheDir,
-                passphrase: trimmedKey,
-            });
-            await encryptedCache.set('neocortex:jwt:token', response.token, response.expires_in * 1000);
-        }
-        catch {
-            // Cache is non-critical (fail-open)
-        }
-        // Save config with API key
-        const config = {
-            serverUrl,
-            mode: 'remote',
-            machineId,
-            activatedAt: new Date().toISOString(),
-            tier: activatedTier,
-            apiKey: trimmedKey,
-        };
-        try {
-            saveConfig(config);
-        }
-        catch (err) {
-            return {
-                success: false,
-                message: `Failed to save configuration: ${err instanceof Error ? err.message : 'unknown error'}`,
-            };
-        }
-        // Refresh stubs and agent description
-        const stubsRefreshed = refreshStubs(cliVersion, { forceCreate: true, targetFilter: 'claude-code' });
-        refreshStubs(cliVersion);
-        updateAgentDescription(cliVersion, activatedTier);
-        updateAgentYaml(cliVersion, activatedTier);
-        return {
-            success: true,
-            message: [
-                'API key activated successfully!',
-                '',
-                `  Tier:    ${activatedTier}`,
-                `  Server:  ${serverUrl}`,
-                `  Expires: ${Math.floor(response.expires_in / 3600)}h`,
-                ...(stubsRefreshed > 0 ? ['  Agents:  updated'] : []),
-                '',
-                'You can now use Neocortex. Run *menu to get started.',
-            ].join('\n'),
-            tier: activatedTier,
-            serverUrl,
-            configPath: CONFIG_FILE,
-        };
-    }
-    // ── License Key Activation Flow (existing) ──────────────────────────────
-    const validation = validateLicenseKeyFormat(trimmedKey);
-    if (!validation.valid) {
-        return {
-            success: false,
-            message: `Invalid license key: ${validation.error}`,
-        };
-    }
-    const normalizedKey = trimmedKey;
-    // Extract tier from key
-    const tierMatch = normalizedKey.match(/^NX-(F|P|E)-/i);
-    const tierMap = { F: 'free', P: 'pro', E: 'enterprise' };
-    const tier = tierMatch?.[1] ? (tierMap[tierMatch[1].toUpperCase()] ?? 'unknown') : 'unknown';
-    // Attempt activation via LicenseClient with EncryptedCache
-    const cacheDir = join(CONFIG_DIR, 'cache');
-    const encryptedCache = new EncryptedCache({
-        cacheDir,
-        passphrase: normalizedKey,
-    });
-    const client = new LicenseClient({
-        serverUrl,
-        licenseKey: normalizedKey,
-        cacheProvider: encryptedCache,
-    });
-    let activationResult;
-    try {
-        activationResult = await client.activate();
-    }
-    catch {
-        return {
-            success: false,
-            message: [
-                'Failed to connect to IP Protection Server.',
-                '',
-                'Possible causes:',
-                `  - Server at ${serverUrl} is unreachable`,
-                '  - Network connectivity issue',
-                '  - Server is still being deployed',
-                '',
-                'Workaround: Use --local flag to run in local mode',
-            ].join('\n'),
-        };
-    }
-    if (!activationResult) {
-        return {
-            success: false,
-            message: [
-                'License activation failed.',
-                '',
-                'Possible causes:',
-                '  - Invalid or expired license key',
-                '  - License already activated on another machine',
-                '  - Server rejected the activation request',
-                '',
-                'Check your license key and try again.',
-                'Contact support if the problem persists.',
-            ].join('\n'),
-        };
-    }
-    // Save config with license key for invoke re-authentication
-    const config = {
-        serverUrl,
-        mode: 'remote',
-        machineId: getMachineFingerprint(),
-        activatedAt: new Date().toISOString(),
-        tier,
-        licenseKey: normalizedKey,
-    };
-    try {
-        saveConfig(config);
-    }
-    catch (err) {
-        return {
-            success: false,
-            message: `Failed to save config to ${CONFIG_FILE}: ${err instanceof Error ? err.message : String(err)}`,
-        };
-    }
-    // Refresh stubs if version mismatch detected (Story 55.1)
-    const cliVersion = getInstalledVersion();
-    const stubsRefreshed = refreshStubs(cliVersion, {
-        forceCreate: true,
-        targetFilter: 'claude-code',
-    });
-    // Also refresh other existing targets (without forceCreate)
-    refreshStubs(cliVersion);
-    // Update agent description with activated tier and version
-    updateAgentDescription(cliVersion, tier);
-    // Update agent YAML with version and tier (Story 55.2)
-    updateAgentYaml(cliVersion, tier);
-    return {
-        success: true,
-        message: [
-            `License activated successfully!`,
-            '',
-            `  Tier:    ${tier}`,
-            `  Server:  ${serverUrl}`,
-            `  Expires: ${Math.floor(activationResult.expiresIn / 3600)}h`,
-            ...(stubsRefreshed > 0 ? ['  Agents:  updated'] : []),
-            '',
-            'You can now use Neocortex. Run *menu to get started.',
-        ].join('\n'),
-        tier,
-        serverUrl,
-        configPath: CONFIG_FILE,
-    };
-}
+import{existsSync as M,mkdirSync as x,writeFileSync as V,readFileSync as P}from"node:fs";import{join as o,dirname as S}from"node:path";import{homedir as X}from"node:os";import{fileURLToPath as W}from"node:url";import{LicenseClient as J}from"../license/license-client.js";import{EncryptedCache as E}from"../cache/encrypted-cache.js";import{getMachineFingerprint as w}from"../machine/fingerprint.js";import{updateAgentDescription as A}from"../agent/update-description.js";import{refreshStubs as h}from"../agent/refresh-stubs.js";import{updateAgentYaml as _}from"../agent/update-agent-yaml.js";import{saveSecureConfig as B,setSecureDirPermissions as C}from"../config/secure-config.js";import{DEFAULT_SERVER_URL as G}from"../constants.js";function N(){try{const e=W(import.meta.url);let t=S(e);for(let r=0;r<5;r++){try{const n=JSON.parse(P(o(t,"package.json"),"utf-8"));if(n.name==="@ornexus/neocortex"||n.name==="@neocortex/client")return n.version??"0.0.0"}catch{}t=S(t)}}catch{}return"0.0.0"}const a=o(X(),".neocortex"),c=o(a,"config.json"),z=/^NX-(F|P|E)-[a-f0-9]+-[a-f0-9]+$/i,q=/^nxk_(?:[a-z]+_)?[a-f0-9]+_[a-f0-9]+$/;function H(e){if(!e||e.trim().length===0)return{valid:!1,error:"License key cannot be empty"};const t=e.trim().toUpperCase();return t.startsWith("NX-")?z.test(t)?{valid:!0}:{valid:!1,error:"Invalid license key format. Expected: NX-{TIER}-{ID} (e.g., NX-PRO-ABC-123)"}:{valid:!1,error:'License key must start with "NX-"'}}function Q(e){if(!e||e.trim().length===0)return{valid:!1,error:"API key cannot be empty"};const t=e.trim();return t.startsWith("nxk_")?t.length<20?{valid:!1,error:"API key is too short"}:q.test(t)?{valid:!0}:{valid:!1,error:"Invalid API key format. Expected: nxk_{id}_{check} (e.g., nxk_abc123def456...)"}:{valid:!1,error:'API key must start with "nxk_"'}}function pe(){try{if(M(c)){const e=P(c,"utf-8");return JSON.parse(e)}}catch{}return null}function F(e){x(a,{recursive:!0}),C(a);const t=o(a,"cache");if(x(t,{recursive:!0}),C(t),e.licenseKey||e.apiKey)B({serverUrl:e.serverUrl,mode:e.mode,machineId:e.machineId,activatedAt:e.activatedAt,tier:e.tier,licenseKey:e.licenseKey??e.apiKey});else{const r={configVersion:1,...e};V(c,JSON.stringify(r,null,2)+`
+`,"utf-8")}}async function he(e){const{licenseKey:t,serverUrl:r=G}=e;if(!t)return{success:!1,message:["No key provided.","","Get your license key at https://neocortex.ornexus.com/login","","Usage:","  neocortex activate YOUR-LICENSE-KEY","  neocortex activate YOUR-API-KEY"].join(`
+`)};const n=t.trim();if(n.startsWith("nxk_")){const i=Q(n);if(!i.valid)return{success:!1,message:`Invalid API key: ${i.error}`};const k=n.match(/^nxk_(free|pro|ent)_/),L={free:"free",pro:"pro",ent:"enterprise"},U=k?.[1]?L[k[1]]??"unknown":"unknown",I=w(),u=N();let d;try{const s=await fetch(`${r}/api/v1/license/activate-key`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({api_key:n,machine_id:I,client_version:u})});if(!s.ok)return{success:!1,message:`API key activation failed: ${(await s.json().catch(()=>({}))).message??`HTTP ${s.status}`}`};d=await s.json()}catch{return{success:!1,message:["Failed to connect to IP Protection Server.","","Possible causes:",`  - Server at ${r} is unreachable`,"  - Network connectivity issue","","Workaround: Use --local flag to run in local mode"].join(`
+`)}}const f=d.tier??U,O=o(a,"cache");try{await new E({cacheDir:O,passphrase:n}).set("neocortex:jwt:token",d.token,d.expires_in*1e3)}catch{}const D={serverUrl:r,mode:"remote",machineId:I,activatedAt:new Date().toISOString(),tier:f,apiKey:n};try{F(D)}catch(s){return{success:!1,message:`Failed to save configuration: ${s instanceof Error?s.message:"unknown error"}`}}const Y=h(u,{forceCreate:!0,targetFilter:"claude-code"});return h(u),A(u,f),_(u,f),{success:!0,message:["API key activated successfully!","",`  Tier:    ${f}`,`  Server:  ${r}`,`  Expires: ${Math.floor(d.expires_in/3600)}h`,...Y>0?["  Agents:  updated"]:[],"","You can now use Neocortex. Run *menu to get started."].join(`
+`),tier:f,serverUrl:r,configPath:c}}const v=H(n);if(!v.valid)return{success:!1,message:`Invalid license key: ${v.error}`};const m=n,g=m.match(/^NX-(F|P|E)-/i),K={F:"free",P:"pro",E:"enterprise"},l=g?.[1]?K[g[1].toUpperCase()]??"unknown":"unknown",$=o(a,"cache"),b=new E({cacheDir:$,passphrase:m}),R=new J({serverUrl:r,licenseKey:m,cacheProvider:b});let y;try{y=await R.activate()}catch{return{success:!1,message:["Failed to connect to IP Protection Server.","","Possible causes:",`  - Server at ${r} is unreachable`,"  - Network connectivity issue","  - Server is still being deployed","","Workaround: Use --local flag to run in local mode"].join(`
+`)}}if(!y)return{success:!1,message:["License activation failed.","","Possible causes:","  - Invalid or expired license key","  - License already activated on another machine","  - Server rejected the activation request","","Check your license key and try again.","Contact support if the problem persists."].join(`
+`)};const T={serverUrl:r,mode:"remote",machineId:w(),activatedAt:new Date().toISOString(),tier:l,licenseKey:m};try{F(T)}catch(i){return{success:!1,message:`Failed to save config to ${c}: ${i instanceof Error?i.message:String(i)}`}}const p=N(),j=h(p,{forceCreate:!0,targetFilter:"claude-code"});return h(p),A(p,l),_(p,l),{success:!0,message:["License activated successfully!","",`  Tier:    ${l}`,`  Server:  ${r}`,`  Expires: ${Math.floor(y.expiresIn/3600)}h`,...j>0?["  Agents:  updated"]:[],"","You can now use Neocortex. Run *menu to get started."].join(`
+`),tier:l,serverUrl:r,configPath:c}}export{he as activate,Q as validateApiKeyFormat,H as validateLicenseKeyFormat};