@unifiedmemory/cli 1.0.0 → 1.1.0

package/commands/init.js

@@ -47,6 +47,25 @@ export async function init(options = {}) {
   console.log('  3. Run `um status` to verify configuration\n');
 }
 
+/**
+ * Validate that we have a real organization context (not fallback to user_id)
+ * @param {Object} authData - Auth data with user_id and org_id
+ * @returns {Object} { isValid, isPersonalContext, message }
+ */
+function validateOrganizationContext(authData) {
+  const isPersonalContext = authData.org_id === authData.user_id;
+
+  if (isPersonalContext) {
+    return {
+      isValid: false,
+      isPersonalContext: true,
+      message: 'You are in personal account context. Organization-scoped operations require an organization.',
+    };
+  }
+
+  return { isValid: true, isPersonalContext: false, message: null };
+}
+
 async function ensureAuthenticated(options) {
   // Try to load and refresh token if expired
   const stored = await loadAndRefreshToken(false); // Don't throw, allow new login
@@ -70,12 +89,6 @@ async function ensureAuthenticated(options) {
 
   // Need to login
   console.log(chalk.yellow('⚠ Authentication required\n'));
-
-  if (options.apiKey) {
-    return await loginWithApiKey(options.apiKey);
-  }
-
-  // For now, just use OAuth
   console.log(chalk.blue('Initiating OAuth login...'));
   const tokenData = await login();
 
@@ -100,29 +113,120 @@ async function ensureAuthenticated(options) {
 async function selectOrCreateProject(authData, options) {
   const apiUrl = authData.api_url || 'https://rose-asp-main-1c0b114.d2.zuplo.dev';
 
-  // Fetch existing projects
-  const projects = await fetchProjects(authData, apiUrl);
-
-  console.log(chalk.cyan('\n📋 Project setup:\n'));
-  console.log(chalk.green(`  1. Create new project`));
-  console.log(chalk.green(`  2. Select existing project (${projects.length} available)`));
-
-  const { selection } = await inquirer.prompt([{
-    type: 'input',
-    name: 'selection',
-    message: 'Choose option (1-2):',
-    default: projects.length > 0 ? '2' : '1',
-    validate: (input) => {
-      const num = parseInt(input, 10);
-      if (isNaN(num) || num < 1 || num > 2) {
-        return 'Please enter 1 or 2';
+  // Validate organization context BEFORE making API calls
+  const contextValidation = validateOrganizationContext(authData);
+
+  if (!contextValidation.isValid && contextValidation.isPersonalContext) {
+    console.log(chalk.yellow('\n⚠️  ' + contextValidation.message));
+    console.log(chalk.gray('\nOrganization-scoped projects require an organization context.'));
+    console.log(chalk.cyan('\nRecommended actions:'));
+    console.log(chalk.cyan('  1. Switch to an organization: um org switch'));
+    console.log(chalk.cyan('  2. Create an organization at: https://unifiedmemory.ai'));
+    console.log(chalk.cyan('  3. Re-run: um init'));
+    return null;
+  }
+
+  // Fetch existing projects with enhanced error handling
+  console.log(chalk.gray('Fetching projects...'));
+  const result = await fetchProjects(authData, apiUrl);
+
+  // Handle error responses
+  if (!result.success) {
+    console.log(chalk.red(`\n❌ Failed to fetch projects: ${result.message}`));
+
+    if (result.errorType === 'UNAUTHORIZED') {
+      console.log(chalk.yellow('\n🔐 Authentication Issue Detected\n'));
+      console.log(chalk.gray('Token appears to be invalid or expired.'));
+      console.log(chalk.cyan('\n🔄 Attempting automatic re-authentication...\n'));
+
+      try {
+        // Trigger login flow
+        const tokenData = await login();
+
+        if (!tokenData) {
+          console.log(chalk.red('❌ Re-authentication failed'));
+          console.log(chalk.cyan('\nPlease try:'));
+          console.log(chalk.cyan('  1. Run: um login'));
+          console.log(chalk.cyan('  2. Verify organization context: um org switch'));
+          return null;
+        }
+
+        // Update authData with fresh credentials
+        const savedToken = getToken();
+        authData.user_id = savedToken.decoded.sub;
+        authData.org_id = savedToken.selectedOrg?.id || authData.user_id;
+        authData.access_token = savedToken.idToken || savedToken.accessToken;
+        authData.expires_at = savedToken.decoded?.exp * 1000;
+
+        console.log(chalk.green('✓ Re-authentication successful!\n'));
+        console.log(chalk.gray('Retrying project fetch...\n'));
+
+        // Retry fetching projects with new token
+        const retryResult = await fetchProjects(authData, apiUrl);
+
+        if (!retryResult.success) {
+          // Still failing after retry
+          console.log(chalk.red(`\n❌ Failed to fetch projects after re-authentication: ${retryResult.message}`));
+          console.log(chalk.yellow('\nThis may indicate:'));
+          console.log(chalk.gray('  - You don\'t have access to this organization'));
+          console.log(chalk.gray('  - The organization no longer exists'));
+          console.log(chalk.cyan('\nTry: um org switch'));
+          return null;
+        }
+
+        // Success! Update projects and continue
+        result.success = true;
+        result.projects = retryResult.projects;
+        console.log(chalk.green(`✓ Found ${retryResult.projects.length} project(s)\n`));
+
+      } catch (error) {
+        console.log(chalk.red(`\n❌ Re-authentication error: ${error.message}`));
+        console.log(chalk.cyan('\nPlease run: um login'));
+        return null;
       }
-      return true;
+    } else if (result.errorType === 'FORBIDDEN') {
+      console.log(chalk.yellow('\n🔒 Access Denied\n'));
+      console.log(chalk.gray('You do not have permission to view projects in this organization.'));
+      console.log(chalk.cyan('\nContact your organization administrator for access.'));
+      return null;
+    } else if (result.errorType === 'NETWORK_ERROR') {
+      console.log(chalk.yellow('\n🌐 Network Error\n'));
+      console.log(chalk.gray('Could not connect to the API server.'));
+      console.log(chalk.cyan('\nCheck your internet connection and try again.'));
+      return null;
+    } else {
+      console.log(chalk.yellow('\n⚠️  Unexpected Error\n'));
+      console.log(chalk.gray(`Details: ${result.message}`));
+      console.log(chalk.cyan('\nTry: um login'));
+      return null;
+    }
+  }
+
+  let projects = result.projects;
+
+  console.log(chalk.cyan('\n📋 Project setup\n'));
+
+  const choices = [
+    {
+      name: chalk.green('Create new project'),
+      value: 'create',
+      short: 'Create new project',
+    },
+    {
+      name: chalk.green(`Select existing project`) + chalk.gray(` (${projects.length} available)`),
+      value: 'select',
+      short: 'Select existing project',
     },
+  ];
+
+  const { action } = await inquirer.prompt([{
+    type: 'select',
+    name: 'action',
+    message: 'Choose an option:',
+    choices: choices,
+    default: projects.length > 0 ? 1 : 0,
   }]);
 
-  const action = parseInt(selection, 10) === 1 ? 'create' : 'select';
-
   if (action === 'create') {
     const { name, description } = await inquirer.prompt([
       {
@@ -142,32 +246,40 @@ async function selectOrCreateProject(authData, options) {
   } else {
     if (projects.length === 0) {
       console.log(chalk.yellow('No projects found. Creating first project...'));
-      return await selectOrCreateProject(authData, { ...options, action: 'create' });
+      const { name, description } = await inquirer.prompt([
+        {
+          type: 'input',
+          name: 'name',
+          message: 'Project name:',
+          validate: input => input.length > 0 || 'Name is required',
+        },
+        {
+          type: 'input',
+          name: 'description',
+          message: 'Project description (optional):',
+        },
+      ]);
+
+      return await createProject(authData, apiUrl, name, description);
     }
 
-    // Display numbered list
-    console.log(chalk.cyan('\n📋 Available projects:\n'));
-    projects.forEach((p, index) => {
-      console.log(chalk.green(`  ${index + 1}. ${p.display_name || p.name}`) + chalk.gray(` (${p.slug || p.id})`));
-    });
-
-    const { projectSelection } = await inquirer.prompt([{
-      type: 'input',
-      name: 'projectSelection',
-      message: `Choose project (1-${projects.length}):`,
-      default: '1',
-      validate: (input) => {
-        const num = parseInt(input, 10);
-        if (isNaN(num) || num < 1 || num > projects.length) {
-          return `Please enter a number between 1 and ${projects.length}`;
-        }
-        return true;
-      },
+    // Display project list with arrow key selection
+    console.log(chalk.cyan('\n📋 Available projects\n'));
+
+    const choices = projects.map(p => ({
+      name: chalk.green(p.display_name || p.name) + chalk.gray(` (${p.slug || p.id})`),
+      value: p,
+      short: p.display_name || p.name,
+    }));
+
+    const { project } = await inquirer.prompt([{
+      type: 'select',
+      name: 'project',
+      message: 'Choose a project:',
+      choices: choices,
+      pageSize: 10,
     }]);
 
-    const selectedIndex = parseInt(projectSelection, 10) - 1;
-    const project = projects[selectedIndex];
-
     return {
       project_id: project.id,
       project_name: project.display_name || project.name,
@@ -187,11 +299,47 @@ async function fetchProjects(authData, apiUrl) {
         },
       }
     );
-    // API returns {items: [...], next_cursor, has_more}
-    return response.data?.items || [];
+    return { success: true, projects: response.data?.items || [] };
   } catch (error) {
-    console.error(chalk.red(`Failed to fetch projects: ${error.message}`));
-    return [];
+    // Detect specific error types
+    if (error.response) {
+      const status = error.response.status;
+
+      if (status === 401) {
+        return {
+          success: false,
+          errorType: 'UNAUTHORIZED',
+          status: 401,
+          message: 'Authentication failed - token may be invalid or expired',
+        };
+      } else if (status === 403) {
+        return {
+          success: false,
+          errorType: 'FORBIDDEN',
+          status: 403,
+          message: 'Access denied - you may not have permission to view projects',
+        };
+      } else if (status >= 500) {
+        return {
+          success: false,
+          errorType: 'SERVER_ERROR',
+          status: status,
+          message: 'Server error - please try again later',
+        };
+      }
+    } else if (error.request) {
+      return {
+        success: false,
+        errorType: 'NETWORK_ERROR',
+        message: 'Network error - could not reach API server',
+      };
+    }
+
+    return {
+      success: false,
+      errorType: 'UNKNOWN',
+      message: error.message,
+    };
   }
 }
 
@@ -218,7 +366,27 @@ async function createProject(authData, apiUrl, name, description) {
       project_slug: project.slug,
     };
   } catch (error) {
-    console.error(chalk.red(`Failed to create project: ${error.message}`));
+    if (error.response) {
+      const status = error.response.status;
+      console.error(chalk.red(`\n❌ Failed to create project (HTTP ${status})`));
+
+      if (status === 401) {
+        console.log(chalk.yellow('🔐 Authentication failed'));
+        console.log(chalk.gray('Your session may have expired.'));
+        console.log(chalk.cyan('Run: um login'));
+      } else if (status === 403) {
+        console.log(chalk.yellow('🔒 Permission denied'));
+        console.log(chalk.gray('You do not have permission to create projects in this organization.'));
+      } else if (status === 409) {
+        console.log(chalk.yellow('⚠️  Project already exists'));
+        console.log(chalk.gray('A project with this name or slug already exists.'));
+      } else {
+        console.log(chalk.gray(`Details: ${error.message}`));
+      }
+    } else {
+      console.error(chalk.red(`\n❌ Failed to create project: ${error.message}`));
+    }
+
     return null;
   }
 }
@@ -288,28 +456,37 @@ async function configureProviders(authData, projectData) {
 
   // NEW APPROACH: Configure local MCP server (no tokens in config files)
   for (const provider of detected) {
-    const success = provider.configureMCP();
+    // Configure MCP server
+    const mcpSuccess = provider.configureMCP();
+
+    // Configure memory instructions
+    const instructionsResult = provider.configureMemoryInstructions?.();
 
-    if (success) {
-      console.log(chalk.green(`✓ Configured ${provider.name}`));
+    // Display results
+    if (mcpSuccess) {
+      console.log(chalk.green(`✓ Configured ${provider.name} MCP server`));
     } else {
-      console.log(chalk.red(`✗ Failed to configure ${provider.name}`));
+      console.log(chalk.red(`✗ Failed to configure ${provider.name} MCP`));
+    }
+
+    if (instructionsResult) {
+      switch (instructionsResult.status) {
+        case 'created':
+          console.log(chalk.green(`  ✓ Created memory instructions`));
+          break;
+        case 'appended':
+          console.log(chalk.green(`  ✓ Appended memory instructions`));
+          break;
+        case 'skipped':
+          console.log(chalk.gray(`  ℹ Memory instructions already present`));
+          break;
+        case 'error':
+          console.log(chalk.yellow(`  ⚠ Could not write memory instructions: ${instructionsResult.error}`));
+          break;
+      }
     }
   }
 
   console.log(chalk.cyan('\n💡 Important: Restart your AI assistant to load the new configuration'));
   console.log(chalk.gray('   The MCP server will automatically use your authentication and project context'));
 }
-
-async function loginWithApiKey(apiKey) {
-  // TODO: Implement API key authentication
-  // Exchange API key for JWT token
-  console.log(chalk.yellow('API key authentication not yet implemented'));
-  return null;
-}
-
-async function refreshToken(refreshToken) {
-  // TODO: Implement token refresh
-  console.log(chalk.yellow('Token refresh not yet implemented'));
-  return null;
-}

package/commands/login.js

@@ -6,10 +6,13 @@ import crypto from 'crypto';
 import inquirer from 'inquirer';
 import { config, validateConfig } from '../lib/config.js';
 import { saveToken, updateSelectedOrg } from '../lib/token-storage.js';
-import { getUserOrganizations, getOrganizationsFromToken, formatOrganization, getOrgScopedToken } from '../lib/clerk-api.js';
+import { getUserOrganizations, getOrganizationsFromToken, getOrgScopedToken } from '../lib/clerk-api.js';
+import { parseJWT } from '../lib/jwt-utils.js';
+import { promptOrganizationSelection, displayOrganizationSelection } from '../lib/org-selection-ui.js';
 
 function generateRandomState() {
-  return Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
+  // Use cryptographically secure random bytes for CSRF protection
+  return crypto.randomBytes(32).toString('hex');
 }
 
 function base64URLEncode(buffer) {
@@ -29,77 +32,6 @@ function generatePKCE() {
   return { verifier, challenge };
 }
 
-function parseJWT(token) {
-  try {
-    const parts = token.split('.');
-    if (parts.length !== 3) {
-      return null;
-    }
-    const payload = Buffer.from(parts[1], 'base64').toString('utf8');
-    return JSON.parse(payload);
-  } catch (error) {
-    return null;
-  }
-}
-
-/**
- * Prompt user to select an organization context
- * @param {Array} memberships - Array of organization memberships
- * @returns {Promise<Object|null>} Selected organization data or null for personal context
- */
-async function selectOrganization(memberships) {
-  console.log(chalk.blue('\n🔍 Checking for organizations...'));
-
-  if (memberships.length === 0) {
-    console.log(chalk.gray('No organizations found. Using personal account context.'));
-    return null;
-  }
-
-  console.log(chalk.green(`\nFound ${memberships.length} organization(s)!`));
-
-  // Debug: Log raw memberships
-  console.log(chalk.gray('\nRaw memberships data:'));
-  console.log(JSON.stringify(memberships, null, 2));
-
-  // Format organizations for display
-  const formattedOrgs = memberships.map(formatOrganization);
-
-  // Print numbered list
-  console.log(chalk.cyan('\n📋 Available contexts:\n'));
-
-  formattedOrgs.forEach((org, index) => {
-    console.log(chalk.green(`  ${index + 1}. ${org.name}`) + chalk.gray(` (${org.slug})`) + chalk.yellow(` [${org.role}]`));
-  });
-
-  console.log(chalk.cyan(`  ${formattedOrgs.length + 1}. Personal Account`) + chalk.gray(' (no organization)'));
-
-  // Simple input prompt
-  const answer = await inquirer.prompt([
-    {
-      type: 'input',
-      name: 'selection',
-      message: `Choose context (1-${formattedOrgs.length + 1}):`,
-      default: '1',
-      validate: (input) => {
-        const num = parseInt(input, 10);
-        if (isNaN(num) || num < 1 || num > formattedOrgs.length + 1) {
-          return `Please enter a number between 1 and ${formattedOrgs.length + 1}`;
-        }
-        return true;
-      },
-    },
-  ]);
-
-  const selectedIndex = parseInt(answer.selection, 10) - 1;
-
-  // If they selected beyond orgs list, that's personal account (null)
-  if (selectedIndex >= formattedOrgs.length) {
-    return null;
-  }
-
-  return formattedOrgs[selectedIndex];
-}
-
 export async function login() {
   validateConfig();
 
@@ -224,30 +156,10 @@ export async function login() {
             </html>
           `);
 
-          // Parse JWT to show user info - try both access_token and id_token
+          // Parse JWT for user info - do not log tokens
           const tokenToParse = tokenData.id_token || tokenData.access_token;
-          console.log(chalk.gray('Parsing token type:'), tokenData.id_token ? 'id_token' : 'access_token');
-
           const decoded = parseJWT(tokenToParse);
 
-          if (!decoded) {
-            console.log(chalk.yellow('⚠️  Could not parse JWT token'));
-            console.log(chalk.gray('Token preview:'), tokenToParse ? tokenToParse.substring(0, 50) + '...' : 'null');
-          } else {
-            // Debug: Show JWT claims to see what's available
-            console.log(chalk.gray('\nJWT Claims:'));
-            console.log(chalk.gray(JSON.stringify(decoded, null, 2)));
-          }
-
-          // Debug: Show token previews to understand format
-          console.log(chalk.gray('\nToken previews:'));
-          if (tokenData.access_token) {
-            console.log(chalk.gray('  Access token:'), tokenData.access_token.substring(0, 50) + '...');
-          }
-          if (tokenData.id_token) {
-            console.log(chalk.gray('  ID token:'), tokenData.id_token.substring(0, 50) + '...');
-          }
-
           // Save token (save both access_token and id_token if available)
           saveToken({
             accessToken: tokenData.access_token,
@@ -289,7 +201,9 @@ export async function login() {
                   memberships = await getUserOrganizations(userId, sessionToken);
                 }
 
-                const selectedOrg = await selectOrganization(memberships);
+                console.log(chalk.blue('\n🔍 Checking for organizations...'));
+                const selectedOrg = await promptOrganizationSelection(memberships);
+                displayOrganizationSelection(selectedOrg);
 
                 if (selectedOrg) {
                   // Get org-scoped JWT from Clerk

package/commands/org.js

@@ -1,8 +1,8 @@
-import inquirer from 'inquirer';
 import chalk from 'chalk';
 import { updateSelectedOrg, getSelectedOrg } from '../lib/token-storage.js';
 import { loadAndRefreshToken } from '../lib/token-validation.js';
-import { getUserOrganizations, getOrganizationsFromToken, formatOrganization } from '../lib/clerk-api.js';
+import { getUserOrganizations, getOrganizationsFromToken } from '../lib/clerk-api.js';
+import { promptOrganizationSelection, displayOrganizationSelection } from '../lib/org-selection-ui.js';
 
 /**
  * Switch organization context
@@ -40,49 +40,20 @@ export async function switchOrg() {
     process.exit(0);
   }
 
-  console.log(chalk.green(`\nFound ${memberships.length} organization(s)!`));
-
-  // Format organizations for display
-  const formattedOrgs = memberships.map(formatOrganization);
-
   // Get current selection
   const currentOrg = getSelectedOrg();
-  const currentOrgId = currentOrg?.id;
-
-  // Build choices for inquirer
-  const choices = [
-    {
-      name: chalk.cyan('Personal Account') + chalk.gray(' (no organization)') + (currentOrgId ? '' : chalk.green(' ← current')),
-      value: null,
-      short: 'Personal Account',
-    },
-    new inquirer.Separator(chalk.gray('--- Organizations ---')),
-    ...formattedOrgs.map(org => ({
-      name: `${chalk.green(org.name)} ${chalk.gray(`(${org.slug})`)} ${chalk.yellow(`[${org.role}]`)}${org.id === currentOrgId ? chalk.green(' ← current') : ''}`,
-      value: org,
-      short: org.name,
-    })),
-  ];
 
   // Prompt user to select
-  const answer = await inquirer.prompt([
-    {
-      type: 'list',
-      name: 'organization',
-      message: 'Select account context:',
-      choices: choices,
-      pageSize: 15,
-      default: currentOrgId ? formattedOrgs.findIndex(org => org.id === currentOrgId) + 2 : 0, // +2 for personal + separator
-    },
-  ]);
+  const selectedOrg = await promptOrganizationSelection(memberships, currentOrg);
 
   // Update selected organization
-  updateSelectedOrg(answer.organization);
+  updateSelectedOrg(selectedOrg);
 
-  if (answer.organization) {
-    console.log(chalk.green(`\n✅ Switched to organization: ${chalk.bold(answer.organization.name)}`));
-    console.log(chalk.gray(`   Organization ID: ${answer.organization.id}`));
-    console.log(chalk.gray(`   Your role: ${answer.organization.role}`));
+  // Display result (with "Switched to" instead of "Selected")
+  if (selectedOrg) {
+    console.log(chalk.green(`\n✅ Switched to organization: ${chalk.bold(selectedOrg.name)}`));
+    console.log(chalk.gray(`   Organization ID: ${selectedOrg.id}`));
+    console.log(chalk.gray(`   Your role: ${selectedOrg.role}`));
   } else {
     console.log(chalk.green('\n✅ Switched to personal account context'));
   }

package/index.js

@@ -11,13 +11,14 @@ import { record } from './commands/record.js';
 import { config } from './lib/config.js';
 import { getSelectedOrg } from './lib/token-storage.js';
 import { loadAndRefreshToken } from './lib/token-validation.js';
+import { showWelcome } from './lib/welcome.js';
 
 const program = new Command();
 
 program
   .name('um')
   .description('UnifiedMemory CLI - AI code assistant integration')
-  .version('1.0.0');
+  .version('1.1.0');
 
 // Unified command (primary)
 program
@@ -36,11 +37,19 @@ program
     }
   });
 
+// Welcome command
+program
+  .command('welcome')
+  .description('Show welcome message')
+  .action(() => {
+    showWelcome();
+    process.exit(0);
+  });
+
 // Individual commands (power users)
 program
   .command('login')
   .description('Login to UnifiedMemory')
-  .option('--device', 'Use device flow for headless environments')
   .action(async (options) => {
     try {
       await login();
@@ -113,30 +122,6 @@ program
     }
   });
 
-// Project management command
-program
-  .command('project')
-  .description('Manage project configuration')
-  .option('--create', 'Create new project')
-  .option('--link <id>', 'Link existing project')
-  .action(async (options) => {
-    console.log(chalk.yellow('Project management not yet implemented'));
-    console.log(chalk.gray('Use `um init` to configure a project'));
-    process.exit(0);
-  });
-
-// Configure command
-program
-  .command('configure')
-  .description('Configure AI code assistants')
-  .option('--all', 'Configure all detected assistants')
-  .option('--provider <name>', 'Configure specific provider')
-  .action(async (options) => {
-    console.log(chalk.yellow('Provider configuration not yet implemented'));
-    console.log(chalk.gray('Use `um init` to auto-configure all providers'));
-    process.exit(0);
-  });
-
 // Organization management
 const orgCommand = program
   .command('org')
@@ -212,4 +197,10 @@ noteCommand
     }
   });
 
+// Show welcome splash if no command provided
+if (process.argv.length === 2) {
+  showWelcome();
+  program.help();
+}
+
 program.parse();