@unifiedmemory/cli 1.0.0

package/index.js

@@ -0,0 +1,215 @@
+#!/usr/bin/env node
+
+import { Command } from 'commander';
+import chalk from 'chalk';
+import fs from 'fs-extra';
+import path from 'path';
+import { login } from './commands/login.js';
+import { init } from './commands/init.js';
+import { switchOrg, showOrg } from './commands/org.js';
+import { record } from './commands/record.js';
+import { config } from './lib/config.js';
+import { getSelectedOrg } from './lib/token-storage.js';
+import { loadAndRefreshToken } from './lib/token-validation.js';
+
+const program = new Command();
+
+program
+  .name('um')
+  .description('UnifiedMemory CLI - AI code assistant integration')
+  .version('1.0.0');
+
+// Unified command (primary)
+program
+  .command('init')
+  .description('Initialize UnifiedMemory in current project (one command does everything)')
+  .option('--oauth', 'Force OAuth login')
+  .option('--api-key <key>', 'Use API key authentication')
+  .option('--skip-configure', 'Skip AI tool configuration')
+  .action(async (options) => {
+    try {
+      await init(options);
+      process.exit(0);
+    } catch (error) {
+      console.error(chalk.red('Initialization failed:'), error.message);
+      process.exit(1);
+    }
+  });
+
+// Individual commands (power users)
+program
+  .command('login')
+  .description('Login to UnifiedMemory')
+  .option('--device', 'Use device flow for headless environments')
+  .action(async (options) => {
+    try {
+      await login();
+      process.exit(0);
+    } catch (error) {
+      console.error(chalk.red('Login failed:'), error.message);
+      process.exit(1);
+    }
+  });
+
+// Status command
+program
+  .command('status')
+  .description('Show configuration status')
+  .action(async () => {
+    try {
+      // Try to load and refresh token if expired
+      const tokenData = await loadAndRefreshToken(false);
+      const selectedOrg = getSelectedOrg();
+
+      console.log(chalk.blue('\n📋 UnifiedMemory Status\n'));
+
+      if (!tokenData) {
+        console.log(chalk.yellow('Authentication: ') + chalk.red('Not logged in'));
+        console.log(chalk.gray('\nRun `um login` or `um init` to authenticate'));
+        process.exit(0);
+      }
+
+      // Token is valid (either not expired or successfully refreshed)
+      console.log(chalk.yellow('Authentication:'));
+      console.log(chalk.green('  Status: Active'));
+      console.log(chalk.gray(`  User ID: ${tokenData.decoded?.sub || 'N/A'}`));
+      console.log(chalk.gray(`  Email: ${tokenData.decoded?.email || 'N/A'}`));
+      if (tokenData.decoded?.exp) {
+        console.log(chalk.gray(`  Expires: ${new Date(tokenData.decoded.exp * 1000).toLocaleString()}`));
+      }
+
+      console.log(chalk.yellow('\nOrganization Context:'));
+      if (selectedOrg) {
+        console.log(chalk.green(`  ${selectedOrg.name} (${selectedOrg.slug})`));
+        console.log(chalk.gray(`  ID: ${selectedOrg.id}`));
+        console.log(chalk.gray(`  Role: ${selectedOrg.role}`));
+      } else {
+        console.log(chalk.cyan('  Personal Account'));
+      }
+
+      console.log(chalk.yellow('\nProject Configuration:'));
+      const configPath = path.join(process.cwd(), '.um', 'config.json');
+
+      if (fs.existsSync(configPath)) {
+        try {
+          const projectConfig = fs.readJSONSync(configPath);
+          console.log(chalk.green('  Configured'));
+          console.log(chalk.gray(`  Project: ${projectConfig.project_name}`));
+          console.log(chalk.gray(`  Project ID: ${projectConfig.project_id}`));
+          console.log(chalk.gray(`  Org ID: ${projectConfig.org_id}`));
+        } catch (error) {
+          console.log(chalk.red('  Error reading config:'), error.message);
+        }
+      } else {
+        console.log(chalk.yellow('  Not configured in this directory'));
+        console.log(chalk.gray('  Run `um init` to configure'));
+      }
+
+      console.log('');
+      process.exit(0);
+    } catch (error) {
+      console.error(chalk.red('Failed to show status:'), error.message);
+      process.exit(1);
+    }
+  });
+
+// Project management command
+program
+  .command('project')
+  .description('Manage project configuration')
+  .option('--create', 'Create new project')
+  .option('--link <id>', 'Link existing project')
+  .action(async (options) => {
+    console.log(chalk.yellow('Project management not yet implemented'));
+    console.log(chalk.gray('Use `um init` to configure a project'));
+    process.exit(0);
+  });
+
+// Configure command
+program
+  .command('configure')
+  .description('Configure AI code assistants')
+  .option('--all', 'Configure all detected assistants')
+  .option('--provider <name>', 'Configure specific provider')
+  .action(async (options) => {
+    console.log(chalk.yellow('Provider configuration not yet implemented'));
+    console.log(chalk.gray('Use `um init` to auto-configure all providers'));
+    process.exit(0);
+  });
+
+// Organization management
+const orgCommand = program
+  .command('org')
+  .description('Manage organization context');
+
+orgCommand
+  .command('switch')
+  .description('Switch to a different organization')
+  .action(async () => {
+    try {
+      await switchOrg();
+      process.exit(0);
+    } catch (error) {
+      console.error(chalk.red('Failed to switch organization:'), error.message);
+      process.exit(1);
+    }
+  });
+
+orgCommand
+  .command('show')
+  .alias('current')
+  .description('Show current organization context')
+  .action(async () => {
+    try {
+      await showOrg();
+      process.exit(0);
+    } catch (error) {
+      console.error(chalk.red('Failed to show organization:'), error.message);
+      process.exit(1);
+    }
+  });
+
+// MCP server commands
+const mcpCommand = program
+  .command('mcp')
+  .description('MCP server commands');
+
+mcpCommand
+  .command('serve')
+  .description('Start MCP server (used by AI code assistants)')
+  .action(async () => {
+    try {
+      const { startMCPServer } = await import('./lib/mcp-server.js');
+      await startMCPServer();
+      // Server runs until killed by parent process
+    } catch (error) {
+      console.error(chalk.red('MCP server failed to start:'));
+      console.error(error.message);
+      process.exit(1);
+    }
+  });
+
+// Note management commands
+const noteCommand = program
+  .command('note')
+  .description('Manage vault notes');
+
+noteCommand
+  .command('create <summary>')
+  .description('Create a note in the vault')
+  .option('--topic <topic>', 'Topic for the note', 'general')
+  .option('--source <source>', 'Source identifier', 'um-cli')
+  .option('--confidence <confidence>', 'Confidence score (0-1)', '0.7')
+  .option('--tags <tags>', 'Comma-separated tags')
+  .option('--metadata <json>', 'Additional metadata as JSON string')
+  .action(async (summary, options) => {
+    try {
+      await record(summary, options);
+      process.exit(0);
+    } catch (error) {
+      console.error(chalk.red('Failed to create note:'), error.message);
+      process.exit(1);
+    }
+  });
+
+program.parse();

package/lib/clerk-api.js

@@ -0,0 +1,172 @@
+import chalk from 'chalk';
+import { config } from './config.js';
+
+/**
+ * Extract user's organizations from JWT token claims
+ * @param {Object} decodedToken - Decoded JWT token
+ * @returns {Array} Array of organization membership objects
+ */
+export function getOrganizationsFromToken(decodedToken) {
+  if (!decodedToken) {
+    return [];
+  }
+
+  // Check various possible claim names where org data might be stored
+  const orgMemberships =
+    decodedToken.org_memberships ||
+    decodedToken.organizations ||
+    decodedToken.orgs ||
+    [];
+
+  // If JWT has organization array, format it
+  if (Array.isArray(orgMemberships) && orgMemberships.length > 0) {
+    return orgMemberships.map(org => ({
+      organization: {
+        id: org.id || org.org_id,
+        name: org.name || org.org_name,
+        slug: org.slug || org.org_slug,
+      },
+      role: org.role,
+      created_at: org.created_at || new Date().toISOString(),
+    }));
+  }
+
+  // If JWT has single org_id claim, create single membership
+  if (decodedToken.org_id) {
+    return [{
+      organization: {
+        id: decodedToken.org_id,
+        name: decodedToken.org_name || 'Organization',
+        slug: decodedToken.org_slug || decodedToken.org_id,
+      },
+      role: decodedToken.org_role || 'member',
+      created_at: new Date().toISOString(),
+    }];
+  }
+
+  return [];
+}
+
+/**
+ * Fetch user's organization memberships from backend API
+ * @param {string} userId - The Clerk user ID (not used, kept for compatibility)
+ * @param {string} sessionToken - The access_token or id_token from OAuth
+ * @returns {Promise<Array>} Array of organization membership objects
+ */
+export async function getUserOrganizations(userId, sessionToken) {
+  if (!sessionToken) {
+    console.log(chalk.yellow('⚠️  No session token provided, cannot fetch organizations'));
+    return [];
+  }
+
+  try {
+    // Call our backend API through gateway
+    const url = `${config.apiEndpoint}/v1/users/me/organizations`;
+
+    console.log(chalk.gray('Fetching organizations from backend API...'));
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        'Authorization': `Bearer ${sessionToken}`,
+        'Content-Type': 'application/json',
+      },
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`Failed to fetch organizations: ${response.status} - ${errorText}`);
+    }
+
+    const memberships = await response.json();
+
+    if (!Array.isArray(memberships)) {
+      throw new Error('Invalid response format from backend');
+    }
+
+    console.log(chalk.gray(`Found ${memberships.length} organization(s)`));
+    return memberships;
+  } catch (error) {
+    console.error(chalk.yellow(`⚠️  Error fetching organizations: ${error.message}`));
+    return [];
+  }
+}
+
+/**
+ * Format organization for display in selection menu
+ * @param {Object} membership - Organization membership object from Clerk
+ * @returns {Object} Formatted organization object
+ */
+export function formatOrganization(membership) {
+  const org = membership.organization;
+
+  // Handle created_at - could be int or string
+  let createdAt = 'Unknown';
+  try {
+    const timestamp = typeof membership.created_at === 'string'
+      ? parseInt(membership.created_at, 10)
+      : membership.created_at;
+    createdAt = new Date(timestamp).toLocaleDateString();
+  } catch (e) {
+    console.warn('Failed to parse created_at:', membership.created_at);
+  }
+
+  return {
+    id: org.id,
+    name: org.name || 'Unnamed Organization',
+    slug: org.slug || org.id,
+    role: membership.role || 'member',
+    createdAt: createdAt,
+  };
+}
+
+/**
+ * Get an organization-scoped JWT token via backend API
+ * @param {string} sessionId - Session ID from JWT sid claim
+ * @param {string} orgId - Organization ID to set as active
+ * @param {string} currentToken - Current session token (for authentication)
+ * @returns {Promise<{jwt: string, org_id: string}>} New token with org context
+ */
+export async function getOrgScopedToken(sessionId, orgId, currentToken) {
+  if (!sessionId) {
+    throw new Error('Session ID is required');
+  }
+  if (!orgId) {
+    throw new Error('Organization ID is required');
+  }
+  if (!currentToken) {
+    throw new Error('Current token is required');
+  }
+
+  console.log(chalk.gray(`Requesting org-scoped token from backend...`));
+  console.log(chalk.gray(`  Session: ${sessionId}`));
+  console.log(chalk.gray(`  Org: ${orgId}`));
+
+  // Call backend API which proxies to Clerk Backend API
+  const apiUrl = `${config.apiEndpoint}/v1/auth/org-token`;
+  console.log(chalk.gray(`Calling backend API: ${apiUrl}`));
+
+  const response = await fetch(apiUrl, {
+    method: 'POST',
+    headers: {
+      'Authorization': `Bearer ${currentToken}`,
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      session_id: sessionId,
+      org_id: orgId
+    })
+  });
+
+  if (!response.ok) {
+    const errorText = await response.text();
+    console.error(chalk.red(`Backend API failed: ${response.status}`));
+    console.error(chalk.gray(errorText));
+    throw new Error(`Failed to get org-scoped token: ${response.status} - ${errorText}`);
+  }
+
+  const tokenData = await response.json();
+  console.log(chalk.gray('✓ Received org-scoped token from backend'));
+
+  return tokenData;
+}

package/lib/config.js

@@ -0,0 +1,39 @@
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { dirname } from 'path';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+// Load environment variables from .env file if it exists
+const envPath = path.join(__dirname, '..', '.env');
+if (fs.existsSync(envPath)) {
+  const envContent = fs.readFileSync(envPath, 'utf8');
+  envContent.split('\n').forEach(line => {
+    const [key, ...valueParts] = line.split('=');
+    if (key && valueParts.length > 0) {
+      const value = valueParts.join('=').trim();
+      if (!process.env[key]) {
+        process.env[key] = value;
+      }
+    }
+  });
+}
+
+export const config = {
+  // Production Clerk OAuth client (safe to embed - public key only)
+  clerkClientId: process.env.CLERK_CLIENT_ID || 'nULlnomaKB9rRGP2',
+  clerkClientSecret: process.env.CLERK_CLIENT_SECRET, // Optional for PKCE flow
+  clerkDomain: process.env.CLERK_DOMAIN || 'clear-caiman-45.clerk.accounts.dev',
+  apiEndpoint: process.env.API_ENDPOINT || 'https://rose-asp-main-1c0b114.d2.zuplo.dev',
+  redirectUri: process.env.REDIRECT_URI || 'http://localhost:3333/callback',
+  port: parseInt(process.env.PORT || '3333', 10)
+};
+
+// Validation function (no longer throws - hardcoded defaults are valid)
+export function validateConfig() {
+  // All required values now have defaults - validation always passes
+  // Keep function for backward compatibility with existing code
+  return true;
+}

package/lib/hooks.js

@@ -0,0 +1,43 @@
+export function generateClaudePromptSubmitHook(mcpUrl, accessToken) {
+  return `#!/bin/bash
+# UnifiedMemory Context Recording Hook
+
+HOOK_DATA=$(cat)
+
+# Read project config
+UM_CONFIG=".um/config.json"
+PROJECT_ID=""
+ORG_ID=""
+
+if [ -f "$UM_CONFIG" ]; then
+    PROJECT_ID=$(jq -r '.project_id // empty' "$UM_CONFIG" 2>/dev/null)
+    ORG_ID=$(jq -r '.org_id // empty' "$UM_CONFIG" 2>/dev/null)
+fi
+
+# Extract context
+USER_MESSAGE=$(echo "$HOOK_DATA" | jq -r '.userMessage // empty')
+CONVERSATION_ID=$(echo "$HOOK_DATA" | jq -r '.conversationId // empty')
+WORKING_DIR=$(pwd)
+TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+# Send to UnifiedMemory (if configured)
+if [ -n "$PROJECT_ID" ]; then
+    curl -s -X POST "${mcpUrl}/hooks/pre-submit" \\
+      -H "Content-Type: application/json" \\
+      -H "Authorization: Bearer ${accessToken}" \\
+      -H "X-Project-Id: $PROJECT_ID" \\
+      -H "X-Org-Id: $ORG_ID" \\
+      -d "{
+        \\"event\\": \\"pre_response\\",
+        \\"timestamp\\": \\"$TIMESTAMP\\",
+        \\"conversation_id\\": \\"$CONVERSATION_ID\\",
+        \\"working_directory\\": \\"$WORKING_DIR\\",
+        \\"user_message\\": \\"$USER_MESSAGE\\",
+        \\"project_id\\": \\"$PROJECT_ID\\"
+      }" >/dev/null 2>&1
+fi
+
+# Pass through original data
+echo "$HOOK_DATA"
+`;
+}

package/lib/mcp-proxy.js

@@ -0,0 +1,227 @@
+/**
+ * MCP Proxy Client - Forwards MCP requests to the gateway HTTP endpoint
+ */
+
+const GATEWAY_MCP_URL = 'https://rose-asp-main-1c0b114.d2.zuplo.dev/mcp';
+
+/**
+ * Transform tool schema to hide context parameters (org, proj, user)
+ * These will be auto-injected from local config files
+ * @param {Object} tool - Tool definition with inputSchema
+ * @returns {Object} - Transformed tool with hidden context params
+ */
+function transformToolSchema(tool) {
+  // Deep clone to avoid mutations
+  const transformed = JSON.parse(JSON.stringify(tool));
+
+  // Check if tool has pathParams in schema
+  if (!transformed.inputSchema?.properties?.pathParams) {
+    return transformed;
+  }
+
+  const pathParams = transformed.inputSchema.properties.pathParams;
+
+  // Remove org, proj, and user from properties
+  const contextParams = ['org', 'proj', 'user'];
+  contextParams.forEach(param => {
+    if (pathParams.properties) {
+      delete pathParams.properties[param];
+    }
+  });
+
+  // Remove from required array
+  if (pathParams.required && Array.isArray(pathParams.required)) {
+    pathParams.required = pathParams.required.filter(
+      field => !contextParams.includes(field)
+    );
+
+    // Remove empty required array
+    if (pathParams.required.length === 0) {
+      delete pathParams.required;
+    }
+  }
+
+  // If pathParams is now empty, remove it entirely
+  const hasProps = pathParams.properties && Object.keys(pathParams.properties).length > 0;
+  const hasRequired = pathParams.required && pathParams.required.length > 0;
+
+  if (!hasProps && !hasRequired) {
+    delete transformed.inputSchema.properties.pathParams;
+
+    // Also remove pathParams from schema's required array if present
+    if (transformed.inputSchema.required) {
+      transformed.inputSchema.required = transformed.inputSchema.required.filter(
+        field => field !== 'pathParams'
+      );
+
+      if (transformed.inputSchema.required.length === 0) {
+        delete transformed.inputSchema.required;
+      }
+    }
+  }
+
+  return transformed;
+}
+
+/**
+ * Inject context parameters into tool arguments
+ * @param {Object} args - Tool arguments from AI agent
+ * @param {Object} authContext - Auth context with user/org info
+ * @param {Object|null} projectContext - Project config from .um/config.json
+ * @returns {Object} - Arguments with injected context params
+ */
+function injectContextParams(args, authContext, projectContext) {
+  // Deep clone to avoid mutations
+  const injected = JSON.parse(JSON.stringify(args || {}));
+
+  // Ensure pathParams object exists
+  if (!injected.pathParams) {
+    injected.pathParams = {};
+  }
+
+  // Inject user ID from decoded JWT
+  if (authContext?.decoded?.sub) {
+    injected.pathParams.user = authContext.decoded.sub;
+  }
+
+  // Inject org ID (from selectedOrg or fallback to user ID for personal account)
+  if (authContext?.selectedOrg?.id) {
+    injected.pathParams.org = authContext.selectedOrg.id;
+  } else if (authContext?.decoded?.sub) {
+    // Fallback to user ID for personal account context
+    injected.pathParams.org = authContext.decoded.sub;
+  }
+
+  // Inject project ID from project config
+  if (projectContext?.project_id) {
+    injected.pathParams.proj = projectContext.project_id;
+  }
+
+  return injected;
+}
+
+/**
+ * Fetch available tools from remote MCP endpoint
+ * @param {Object} authHeaders - Authentication headers
+ * @param {Object|null} projectContext - Project context (for future use)
+ * @returns {Promise<Object>} - Tools list response with transformed schemas
+ */
+export async function fetchRemoteMCPTools(authHeaders, projectContext = null) {
+  try {
+    const response = await fetch(GATEWAY_MCP_URL, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Accept': 'application/json, text/event-stream',
+        ...authHeaders,
+      },
+      body: JSON.stringify({
+        jsonrpc: '2.0',
+        id: 1,
+        method: 'tools/list',
+        params: {},
+      }),
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(formatError(response.status, errorText));
+    }
+
+    const result = await response.json();
+
+    // MCP protocol returns {jsonrpc, id, result: {tools: [...]}}
+    if (result.error) {
+      throw new Error(`MCP error: ${result.error.message || JSON.stringify(result.error)}`);
+    }
+
+    // Transform tool schemas to hide context parameters
+    const toolsResult = result.result || { tools: [] };
+    if (toolsResult.tools && Array.isArray(toolsResult.tools)) {
+      toolsResult.tools = toolsResult.tools.map(transformToolSchema);
+    }
+
+    return toolsResult;
+  } catch (error) {
+    if (error.message.includes('fetch')) {
+      throw new Error('Cannot connect to UnifiedMemory API. Check your internet connection.');
+    }
+    throw error;
+  }
+}
+
+/**
+ * Call a tool on the remote MCP endpoint
+ * @param {string} toolName - Tool name
+ * @param {Object} toolArgs - Tool arguments
+ * @param {Object} authHeaders - Authentication headers
+ * @param {Object} authContext - Auth context with user/org info
+ * @param {Object|null} projectContext - Project config from .um/config.json
+ * @returns {Promise<Object>} - Tool execution result
+ */
+export async function callRemoteMCPTool(toolName, toolArgs, authHeaders, authContext, projectContext = null) {
+  try {
+    // Inject context parameters before sending to gateway
+    const injectedArgs = injectContextParams(toolArgs, authContext, projectContext);
+
+    const response = await fetch(GATEWAY_MCP_URL, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Accept': 'application/json, text/event-stream',
+        ...authHeaders,
+      },
+      body: JSON.stringify({
+        jsonrpc: '2.0',
+        id: 1,
+        method: 'tools/call',
+        params: {
+          name: toolName,
+          arguments: injectedArgs,
+        },
+      }),
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(formatError(response.status, errorText));
+    }
+
+    const result = await response.json();
+
+    // Check for MCP error response
+    if (result.error) {
+      throw new Error(`Tool execution failed: ${result.error.message || JSON.stringify(result.error)}`);
+    }
+
+    return result.result || {};
+  } catch (error) {
+    if (error.message.includes('fetch')) {
+      throw new Error('Cannot connect to UnifiedMemory API. Check your internet connection.');
+    }
+    throw error;
+  }
+}
+
+/**
+ * Format HTTP error into user-friendly message
+ * @param {number} status - HTTP status code
+ * @param {string} errorText - Error response body
+ * @returns {string} - Formatted error message
+ */
+function formatError(status, errorText) {
+  switch (status) {
+    case 401:
+      return 'Authentication failed. Token may be expired. Run: um login';
+    case 403:
+      return 'Access denied. Check organization/project permissions.';
+    case 404:
+      return 'Endpoint not found. Please check API configuration.';
+    case 500:
+    case 502:
+    case 503:
+      return `Server error (${status}): ${errorText || 'Unknown error'}`;
+    default:
+      return `Gateway error (${status}): ${errorText || 'Unknown error'}`;
+  }
+}