@unifiedmemory/cli 1.0.0

package/lib/mcp-server.js

@@ -0,0 +1,284 @@
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import {
+  CallToolRequestSchema,
+  ListToolsRequestSchema,
+  ListResourcesRequestSchema,
+  ReadResourceRequestSchema,
+} from "@modelcontextprotocol/sdk/types.js";
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { loadAndRefreshToken } from './token-validation.js';
+import { fetchRemoteMCPTools, callRemoteMCPTool } from './mcp-proxy.js';
+
+/**
+ * Start the MCP server on stdio transport
+ */
+export async function startMCPServer() {
+  try {
+    // 1. Load and validate authentication
+    const authData = await loadAndValidateAuth();
+
+    // 2. Load project context from current directory
+    const projectContext = loadProjectContext();
+
+    // 3. Build auth headers
+    const authHeaders = buildAuthHeaders(authData, projectContext);
+
+    // 4. Extract auth context for parameter injection
+    const authContext = {
+      decoded: authData.decoded,
+      selectedOrg: authData.selectedOrg
+    };
+
+    // 5. Create MCP server
+    const server = new Server(
+      {
+        name: "unifiedmemory-vault",
+        version: "1.0.0",
+      },
+      {
+        capabilities: {
+          tools: {},
+          resources: {},  // Add resources capability for authentication context
+        },
+      }
+    );
+
+    // 6. Register handlers
+    server.setRequestHandler(ListToolsRequestSchema, async () => {
+      return await handleListTools(authHeaders, projectContext);
+    });
+
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+      return await handleCallTool(request, authHeaders, authContext, projectContext);
+    });
+
+    // Register resource handlers for authentication context
+    server.setRequestHandler(ListResourcesRequestSchema, async () => {
+      const resources = [];
+
+      // Add org_id resource
+      const orgId = authData.selectedOrg?.id || authData.decoded?.sub;
+      if (orgId) {
+        resources.push({
+          uri: "um://context/org_id",
+          name: "Organization ID",
+          description: "Current organization context for authentication",
+          mimeType: "text/plain"
+        });
+      }
+
+      // Add user_id resource
+      if (authData.decoded?.sub) {
+        resources.push({
+          uri: "um://context/user_id",
+          name: "User ID",
+          description: "Current user context for authentication",
+          mimeType: "text/plain"
+        });
+      }
+
+      // Add project_id resource
+      if (projectContext?.project_id) {
+        resources.push({
+          uri: "um://context/project_id",
+          name: "Project ID",
+          description: "Current project context",
+          mimeType: "text/plain"
+        });
+      }
+
+      console.error(`✓ Exposed ${resources.length} authentication context resources`);
+      return { resources };
+    });
+
+    server.setRequestHandler(ReadResourceRequestSchema, async (request) => {
+      const { uri } = request.params;
+      console.error(`→ Reading resource: ${uri}`);
+
+      switch(uri) {
+        case "um://context/org_id": {
+          const orgId = authData.selectedOrg?.id || authData.decoded?.sub || "";
+          if (!orgId) {
+            throw new Error("Organization context not available");
+          }
+          return {
+            contents: [{
+              uri,
+              mimeType: "text/plain",
+              text: orgId
+            }]
+          };
+        }
+
+        case "um://context/user_id": {
+          const userId = authData.decoded?.sub || "";
+          if (!userId) {
+            throw new Error("User context not available");
+          }
+          return {
+            contents: [{
+              uri,
+              mimeType: "text/plain",
+              text: userId
+            }]
+          };
+        }
+
+        case "um://context/project_id": {
+          const projectId = projectContext?.project_id || "";
+          if (!projectId) {
+            throw new Error("Project context not available (run 'um init')");
+          }
+          return {
+            contents: [{
+              uri,
+              mimeType: "text/plain",
+              text: projectId
+            }]
+          };
+        }
+
+        default:
+          throw new Error(`Unknown resource URI: ${uri}`);
+      }
+    });
+
+    // 7. Connect to stdio transport
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+
+    console.error("✓ UnifiedMemory MCP server running on stdio");
+  } catch (error) {
+    console.error("❌ MCP server failed to start:");
+    console.error(error.message);
+    process.exit(1);
+  }
+}
+
+/**
+ * Load and validate authentication, refreshing if necessary
+ * @returns {Promise<Object>} - Validated token data
+ */
+async function loadAndValidateAuth() {
+  return await loadAndRefreshToken();
+}
+
+/**
+ * Load project context from .um/config.json in current directory
+ * @returns {Object|null} - Project config or null
+ */
+function loadProjectContext() {
+  const configPath = path.join(process.cwd(), '.um', 'config.json');
+
+  if (!fs.existsSync(configPath)) {
+    console.error('⚠️  No project config found in current directory');
+    console.error('   Using personal account context (no project)');
+    console.error('   Tip: Run "um init" to configure a project');
+    return null;
+  }
+
+  try {
+    const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+    console.error(`✓ Loaded project: ${config.project_name} (${config.project_id})`);
+    return config;
+  } catch (error) {
+    console.error(`⚠️  Failed to read project config: ${error.message}`);
+    console.error('   Using personal account context');
+    return null;
+  }
+}
+
+/**
+ * Build authentication headers for gateway requests
+ * @param {Object} authData - Token data
+ * @param {Object|null} projectContext - Project config
+ * @returns {Object} - Headers object
+ */
+function buildAuthHeaders(authData, projectContext) {
+  const headers = {
+    'Authorization': `Bearer ${authData.idToken || authData.accessToken}`,
+  };
+
+  // Add org context
+  if (authData.selectedOrg) {
+    headers['X-Org-Id'] = authData.selectedOrg.id;
+    console.error(`✓ Organization: ${authData.selectedOrg.name} (${authData.selectedOrg.id})`);
+  } else if (authData.decoded?.sub) {
+    // Fallback to user ID for personal account
+    headers['X-Org-Id'] = authData.decoded.sub;
+    console.error(`✓ Using personal account (${authData.decoded.sub})`);
+  }
+
+  // Add user ID from JWT
+  if (authData.decoded?.sub) {
+    headers['X-User-Id'] = authData.decoded.sub;
+  }
+
+  // Add project context if available
+  if (projectContext) {
+    headers['X-Project-Id'] = projectContext.project_id;
+    console.error(`✓ Project context: ${projectContext.project_id}`);
+  }
+
+  return headers;
+}
+
+/**
+ * Handle tools/list request
+ * @param {Object} authHeaders - Auth headers
+ * @param {Object|null} projectContext - Project context
+ * @returns {Promise<Object>} - Tools list
+ */
+async function handleListTools(authHeaders, projectContext) {
+  try {
+    console.error('→ Fetching tools from gateway...');
+    const remoteTools = await fetchRemoteMCPTools(authHeaders, projectContext);
+    console.error(`✓ Loaded ${remoteTools.tools?.length || 0} tools`);
+    return { tools: remoteTools.tools || [] };
+  } catch (error) {
+    console.error(`❌ Error fetching tools: ${error.message}`);
+    throw error;
+  }
+}
+
+/**
+ * Handle tools/call request
+ * @param {Object} request - MCP request
+ * @param {Object} authHeaders - Auth headers
+ * @param {Object} authContext - Auth context with user/org info
+ * @param {Object|null} projectContext - Project context
+ * @returns {Promise<Object>} - Tool result
+ */
+async function handleCallTool(request, authHeaders, authContext, projectContext) {
+  const { name, arguments: args } = request.params;
+
+  try {
+    console.error(`→ Calling tool: ${name}`);
+    const result = await callRemoteMCPTool(name, args, authHeaders, authContext, projectContext);
+    console.error(`✓ Tool executed successfully: ${name}`);
+
+    return {
+      content: result.content || [
+        {
+          type: "text",
+          text: JSON.stringify(result, null, 2),
+        },
+      ],
+    };
+  } catch (error) {
+    console.error(`❌ Error calling tool ${name}: ${error.message}`);
+
+    return {
+      content: [
+        {
+          type: "text",
+          text: `Error: ${error.message}`,
+        },
+      ],
+      isError: true,
+    };
+  }
+}

package/lib/provider-detector.js

@@ -0,0 +1,291 @@
+import os from 'os';
+import path from 'path';
+import fs from 'fs-extra';
+
+class ProviderDetector {
+  constructor(projectDir = null) {
+    this.providers = [
+      new ClaudeProvider(projectDir),  // Project-level config
+      new CursorProvider(),             // Global config
+      new ClineProvider(),              // Global config
+      new CodexProvider(),              // Global config - TOML
+      new GeminiProvider(),             // Global config - JSON
+    ];
+  }
+
+  detectAll() {
+    return this.providers.filter(p => p.detect());
+  }
+
+  getByName(name) {
+    return this.providers.find(p =>
+      p.name.toLowerCase() === name.toLowerCase()
+    );
+  }
+}
+
+class BaseProvider {
+  constructor(name, configPath, supportsHooks = false, detectionPath = null) {
+    this.name = name;
+    this.configPath = configPath;
+    this.supportsHooks = supportsHooks;
+    // Use detection path (directory) if provided, otherwise check config file
+    this.detectionPath = detectionPath || configPath;
+  }
+
+  detect() {
+    return fs.existsSync(this.detectionPath);
+  }
+
+  readConfig() {
+    if (!this.detect()) return null;
+    try {
+      return fs.readJSONSync(this.configPath);
+    } catch (e) {
+      return null;
+    }
+  }
+
+  writeConfig(config) {
+    try {
+      fs.ensureFileSync(this.configPath);
+      fs.writeJSONSync(this.configPath, config, { spaces: 2 });
+      return true;
+    } catch (e) {
+      console.error(`Failed to write config: ${e.message}`);
+      return false;
+    }
+  }
+
+  configureMCP() {
+    // NEW APPROACH: Configure local server instead of HTTP
+    // No parameters needed - local server reads from filesystem
+    const config = this.readConfig() || { mcpServers: {} };
+
+    config.mcpServers = config.mcpServers || {};
+    config.mcpServers.vault = {
+      command: "um",
+      args: ["mcp", "serve"]
+    };
+
+    return this.writeConfig(config);
+  }
+
+  installHook(hookType, scriptContent) {
+    // Implemented by providers that support hooks
+    return false;
+  }
+}
+
+class ClaudeProvider extends BaseProvider {
+  constructor(projectDir = null) {
+    // Claude Code uses project-level MCP configuration at .mcp.json
+    const configPath = projectDir ? path.join(projectDir, '.mcp.json') : null;
+    const claudeDir = projectDir ? path.join(projectDir, '.claude') : null;
+
+    // Always detect as available (project-level config)
+    super('Claude Code', configPath, true, null);
+    this.projectDir = projectDir;
+    this.claudeDir = claudeDir;
+    this.hooksDir = claudeDir ? path.join(claudeDir, 'hooks') : null;
+    this.settingsPath = claudeDir ? path.join(claudeDir, 'settings.local.json') : null;
+  }
+
+  detect() {
+    // Always return true for project-level config
+    // We'll create the config directory when configuring
+    return true;
+  }
+
+  readConfig() {
+    if (!this.configPath || !fs.existsSync(this.configPath)) return null;
+    try {
+      return fs.readJSONSync(this.configPath);
+    } catch (e) {
+      return null;
+    }
+  }
+
+  configureMCP() {
+    // Create .mcp.json at project root with local server config
+    const success = super.configureMCP();
+
+    if (success) {
+      // Update .claude/settings.local.json to enable the MCP server
+      this.updateClaudeSettings();
+    }
+
+    return success;
+  }
+
+  updateClaudeSettings() {
+    if (!this.settingsPath) return false;
+
+    try {
+      // Read existing settings or create new object
+      let settings = {};
+      if (fs.existsSync(this.settingsPath)) {
+        settings = fs.readJSONSync(this.settingsPath);
+      }
+
+      // Add or update the required settings
+      settings.enableAllProjectMcpServers = true;
+
+      // Ensure vault is in the enabled servers list
+      if (!settings.enabledMcpjsonServers) {
+        settings.enabledMcpjsonServers = [];
+      }
+      if (!settings.enabledMcpjsonServers.includes('vault')) {
+        settings.enabledMcpjsonServers.push('vault');
+      }
+
+      // Write settings
+      fs.ensureDirSync(this.claudeDir);
+      fs.writeJSONSync(this.settingsPath, settings, { spaces: 2 });
+      return true;
+    } catch (e) {
+      console.error(`Failed to update Claude settings: ${e.message}`);
+      return false;
+    }
+  }
+
+  installHook(hookType, scriptContent) {
+    if (hookType !== 'prompt-submit' || !this.hooksDir) return false;
+
+    const hookPath = path.join(this.hooksDir, 'prompt-submit');
+
+    try {
+      fs.ensureDirSync(this.hooksDir);
+      fs.writeFileSync(hookPath, scriptContent, { mode: 0o755 });
+      return true;
+    } catch (e) {
+      console.error(`Failed to install hook: ${e.message}`);
+      return false;
+    }
+  }
+}
+
+class CursorProvider extends BaseProvider {
+  constructor() {
+    const baseDir = path.join(os.homedir(), '.cursor');
+    const configPath = path.join(baseDir, 'mcp.json');
+    // Detect by directory existence, not config file
+    super('Cursor', configPath, false, baseDir);
+  }
+}
+
+class ClineProvider extends BaseProvider {
+  constructor() {
+    const baseDir = path.join(os.homedir(), '.cline');
+    const configPath = path.join(baseDir, 'mcp.json');
+    // Detect by directory existence, not config file
+    super('Cline', configPath, false, baseDir);
+  }
+}
+
+class CodexProvider extends BaseProvider {
+  constructor() {
+    const configPath = path.join(os.homedir(), '.codex', 'config.toml');
+    const detectionPath = path.dirname(configPath); // Detect by directory
+    super('Codex CLI', configPath, false, detectionPath);
+  }
+
+  readConfig() {
+    if (!fs.existsSync(this.configPath)) return null;
+    try {
+      const content = fs.readFileSync(this.configPath, 'utf8');
+      return this.parseTOML(content);
+    } catch (e) {
+      return null;
+    }
+  }
+
+  writeConfig(config) {
+    try {
+      fs.ensureFileSync(this.configPath);
+      const tomlContent = this.generateTOML(config);
+      fs.writeFileSync(this.configPath, tomlContent);
+      return true;
+    } catch (e) {
+      console.error(`Failed to write config: ${e.message}`);
+      return false;
+    }
+  }
+
+  parseTOML(content) {
+    // Simple TOML parser for [mcp_servers.*] sections
+    const servers = {};
+    const lines = content.split('\n');
+    let currentServer = null;
+
+    for (const line of lines) {
+      const trimmed = line.trim();
+      if (trimmed.startsWith('[mcp_servers.')) {
+        const match = trimmed.match(/\[mcp_servers\.([^\]]+)\]/);
+        if (match) {
+          currentServer = match[1];
+          servers[currentServer] = {};
+        }
+      } else if (currentServer && trimmed.includes('=')) {
+        const [key, ...valueParts] = trimmed.split('=');
+        const value = valueParts.join('=').trim();
+        if (key.trim() === 'command') {
+          servers[currentServer].command = value.replace(/"/g, '');
+        } else if (key.trim() === 'args') {
+          // Parse array: ["arg1", "arg2"]
+          const argsMatch = value.match(/\[(.*)\]/);
+          if (argsMatch) {
+            servers[currentServer].args = argsMatch[1]
+              .split(',')
+              .map(s => s.trim().replace(/"/g, ''));
+          }
+        }
+      }
+    }
+
+    return { mcp_servers: servers };
+  }
+
+  generateTOML(config) {
+    let toml = '';
+    const servers = config.mcp_servers || {};
+
+    for (const [name, serverConfig] of Object.entries(servers)) {
+      toml += `[mcp_servers.${name}]\n`;
+      toml += `command = "${serverConfig.command}"\n`;
+      if (serverConfig.args && serverConfig.args.length > 0) {
+        const argsStr = serverConfig.args.map(arg => `"${arg}"`).join(', ');
+        toml += `args = [${argsStr}]\n`;
+      }
+      toml += '\n';
+    }
+
+    return toml;
+  }
+
+  configureMCP() {
+    const config = this.readConfig() || { mcp_servers: {} };
+    config.mcp_servers.vault = {
+      command: "um",
+      args: ["mcp", "serve"]
+    };
+    return this.writeConfig(config);
+  }
+}
+
+class GeminiProvider extends BaseProvider {
+  constructor() {
+    const configPath = path.join(os.homedir(), '.gemini', 'settings.json');
+    const detectionPath = path.dirname(configPath); // Detect by directory
+    super('Gemini CLI', configPath, false, detectionPath);
+  }
+}
+
+export {
+  ProviderDetector,
+  ClaudeProvider,
+  CursorProvider,
+  ClineProvider,
+  CodexProvider,
+  GeminiProvider,
+};

package/lib/token-refresh.js

@@ -0,0 +1,113 @@
+import { getToken, saveToken } from './token-storage.js';
+import { config } from './config.js';
+
+/**
+ * Check if token has expired
+ * @param {Object} tokenData - Token data from storage
+ * @returns {boolean} - True if expired
+ */
+export function isTokenExpired(tokenData) {
+  if (!tokenData || !tokenData.decoded || !tokenData.decoded.exp) {
+    return true;
+  }
+
+  // Check expiration with 5-minute buffer
+  const expirationTime = tokenData.decoded.exp * 1000;
+  const bufferMs = 5 * 60 * 1000; // 5 minutes
+  const now = Date.now();
+
+  return now >= (expirationTime - bufferMs);
+}
+
+/**
+ * Refresh access token using refresh token
+ * @param {Object} tokenData - Current token data
+ * @returns {Promise<Object>} - New token data
+ */
+export async function refreshAccessToken(tokenData) {
+  if (!tokenData.refresh_token) {
+    throw new Error('No refresh token available');
+  }
+
+  try {
+    const tokenParams = {
+      client_id: config.clerkClientId,
+      refresh_token: tokenData.refresh_token,
+      grant_type: 'refresh_token',
+    };
+
+    // Add client secret if available
+    if (config.clerkClientSecret) {
+      tokenParams.client_secret = config.clerkClientSecret;
+    }
+
+    const response = await fetch(`https://${config.clerkDomain}/oauth/token`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body: new URLSearchParams(tokenParams),
+    });
+
+    if (!response.ok) {
+      const errorText = await response.text();
+      let errorDetail;
+      try {
+        const errorJson = JSON.parse(errorText);
+        errorDetail = errorJson.error_description || errorJson.error || errorText;
+      } catch {
+        errorDetail = errorText;
+      }
+
+      throw new Error(
+        `Token refresh failed: ${response.status}\n` +
+        `Details: ${errorDetail}\n` +
+        `\n` +
+        `This usually means your refresh token has expired or been revoked.\n` +
+        `Please run: um login`
+      );
+    }
+
+    const newTokenData = await response.json();
+
+    // Parse new JWT
+    const decoded = parseJWT(newTokenData.id_token || newTokenData.access_token);
+
+    // Build updated token object, preserving selectedOrg
+    const updatedToken = {
+      accessToken: newTokenData.access_token,
+      idToken: newTokenData.id_token,
+      tokenType: newTokenData.token_type || 'Bearer',
+      expiresIn: newTokenData.expires_in,
+      receivedAt: Date.now(),
+      decoded: decoded,
+      selectedOrg: tokenData.selectedOrg, // Preserve organization context
+      refresh_token: newTokenData.refresh_token || tokenData.refresh_token,
+    };
+
+    // Save to storage
+    saveToken(updatedToken);
+
+    return updatedToken;
+  } catch (error) {
+    throw new Error(`Token refresh failed: ${error.message}`);
+  }
+}
+
+/**
+ * Parse JWT token payload
+ * @param {string} token - JWT token
+ * @returns {Object|null} - Decoded payload
+ */
+function parseJWT(token) {
+  try {
+    const parts = token.split('.');
+    if (parts.length !== 3) {
+      return null;
+    }
+    const payload = Buffer.from(parts[1], 'base64').toString('utf8');
+    return JSON.parse(payload);
+  } catch (error) {
+    return null;
+  }
+}