@unifiedmemory/cli 1.0.1 → 1.2.0

package/commands/init.js

@@ -8,6 +8,52 @@ import { loadAndRefreshToken } from '../lib/token-validation.js';
 import { login } from './login.js';
 import { ProviderDetector } from '../lib/provider-detector.js';
 
+/**
+ * Find project root directory by looking for common markers
+ * @param {string} startDir - Directory to start searching from
+ * @returns {string} Project root directory path
+ */
+function findProjectRoot(startDir = process.cwd()) {
+  let currentDir = startDir;
+  const root = path.parse(currentDir).root;
+  let levelsUp = 0;
+  const MAX_DEPTH = 5; // Only walk up 5 levels to avoid finding distant markers
+
+  while (currentDir !== root && levelsUp < MAX_DEPTH) {
+    // Check for common project markers
+    const markers = [
+      path.join(currentDir, '.git'),
+      path.join(currentDir, 'package.json'),
+      path.join(currentDir, 'pyproject.toml'),
+      path.join(currentDir, 'Cargo.toml'),
+      path.join(currentDir, '.um'),
+    ];
+
+    // If any marker exists, this is the project root
+    for (const marker of markers) {
+      if (fs.existsSync(marker)) {
+        return currentDir;
+      }
+    }
+
+    // Move up one directory
+    currentDir = path.dirname(currentDir);
+    levelsUp++;
+  }
+
+  // Fallback: return the starting directory
+  return startDir;
+}
+
+/**
+ * Get default project name based on directory
+ * @returns {string} Default project name
+ */
+function getDefaultProjectName() {
+  const projectRoot = findProjectRoot();
+  return path.basename(projectRoot);
+}
+
 export async function init(options = {}) {
   console.log(chalk.cyan('\n🚀 UnifiedMemory Initialization\n'));
 
@@ -35,9 +81,15 @@ export async function init(options = {}) {
   // Step 3: Save project config
   await saveProjectConfig(authData, projectData);
 
+  // Step 3.5: Fetch available MCP tools for permissions
+  let mcpToolPermissions = null;
+  if (!options.skipConfigure) {
+    mcpToolPermissions = await fetchMCPToolPermissions(authData, projectData);
+  }
+
   // Step 4: Configure AI tools
   if (!options.skipConfigure) {
-    await configureProviders(authData, projectData);
+    await configureProviders(authData, projectData, mcpToolPermissions);
   }
 
   console.log(chalk.green('\n✅ Initialization complete!\n'));
@@ -47,6 +99,25 @@ export async function init(options = {}) {
   console.log('  3. Run `um status` to verify configuration\n');
 }
 
+/**
+ * Validate that we have a real organization context (not fallback to user_id)
+ * @param {Object} authData - Auth data with user_id and org_id
+ * @returns {Object} { isValid, isPersonalContext, message }
+ */
+function validateOrganizationContext(authData) {
+  const isPersonalContext = authData.org_id === authData.user_id;
+
+  if (isPersonalContext) {
+    return {
+      isValid: false,
+      isPersonalContext: true,
+      message: 'You are in personal account context. Organization-scoped operations require an organization.',
+    };
+  }
+
+  return { isValid: true, isPersonalContext: false, message: null };
+}
+
 async function ensureAuthenticated(options) {
   // Try to load and refresh token if expired
   const stored = await loadAndRefreshToken(false); // Don't throw, allow new login
@@ -70,12 +141,6 @@ async function ensureAuthenticated(options) {
 
   // Need to login
   console.log(chalk.yellow('⚠ Authentication required\n'));
-
-  if (options.apiKey) {
-    return await loginWithApiKey(options.apiKey);
-  }
-
-  // For now, just use OAuth
   console.log(chalk.blue('Initiating OAuth login...'));
   const tokenData = await login();
 
@@ -100,35 +165,129 @@ async function ensureAuthenticated(options) {
 async function selectOrCreateProject(authData, options) {
   const apiUrl = authData.api_url || 'https://rose-asp-main-1c0b114.d2.zuplo.dev';
 
-  // Fetch existing projects
-  const projects = await fetchProjects(authData, apiUrl);
-
-  console.log(chalk.cyan('\n📋 Project setup:\n'));
-  console.log(chalk.green(`  1. Create new project`));
-  console.log(chalk.green(`  2. Select existing project (${projects.length} available)`));
-
-  const { selection } = await inquirer.prompt([{
-    type: 'input',
-    name: 'selection',
-    message: 'Choose option (1-2):',
-    default: projects.length > 0 ? '2' : '1',
-    validate: (input) => {
-      const num = parseInt(input, 10);
-      if (isNaN(num) || num < 1 || num > 2) {
-        return 'Please enter 1 or 2';
+  // Validate organization context BEFORE making API calls
+  const contextValidation = validateOrganizationContext(authData);
+
+  if (!contextValidation.isValid && contextValidation.isPersonalContext) {
+    console.log(chalk.yellow('\n⚠️  ' + contextValidation.message));
+    console.log(chalk.gray('\nOrganization-scoped projects require an organization context.'));
+    console.log(chalk.cyan('\nRecommended actions:'));
+    console.log(chalk.cyan('  1. Switch to an organization: um org switch'));
+    console.log(chalk.cyan('  2. Create an organization at: https://unifiedmemory.ai'));
+    console.log(chalk.cyan('  3. Re-run: um init'));
+    return null;
+  }
+
+  // Fetch existing projects with enhanced error handling
+  console.log(chalk.gray('Fetching projects...'));
+  const result = await fetchProjects(authData, apiUrl);
+
+  // Handle error responses
+  if (!result.success) {
+    console.log(chalk.red(`\n❌ Failed to fetch projects: ${result.message}`));
+
+    if (result.errorType === 'UNAUTHORIZED') {
+      console.log(chalk.yellow('\n🔐 Authentication Issue Detected\n'));
+      console.log(chalk.gray('Token appears to be invalid or expired.'));
+      console.log(chalk.cyan('\n🔄 Attempting automatic re-authentication...\n'));
+
+      try {
+        // Trigger login flow
+        const tokenData = await login();
+
+        if (!tokenData) {
+          console.log(chalk.red('❌ Re-authentication failed'));
+          console.log(chalk.cyan('\nPlease try:'));
+          console.log(chalk.cyan('  1. Run: um login'));
+          console.log(chalk.cyan('  2. Verify organization context: um org switch'));
+          return null;
+        }
+
+        // Update authData with fresh credentials
+        const savedToken = getToken();
+        authData.user_id = savedToken.decoded.sub;
+        authData.org_id = savedToken.selectedOrg?.id || authData.user_id;
+        authData.access_token = savedToken.idToken || savedToken.accessToken;
+        authData.expires_at = savedToken.decoded?.exp * 1000;
+
+        console.log(chalk.green('✓ Re-authentication successful!\n'));
+        console.log(chalk.gray('Retrying project fetch...\n'));
+
+        // Retry fetching projects with new token
+        const retryResult = await fetchProjects(authData, apiUrl);
+
+        if (!retryResult.success) {
+          // Still failing after retry
+          console.log(chalk.red(`\n❌ Failed to fetch projects after re-authentication: ${retryResult.message}`));
+          console.log(chalk.yellow('\nThis may indicate:'));
+          console.log(chalk.gray('  - You don\'t have access to this organization'));
+          console.log(chalk.gray('  - The organization no longer exists'));
+          console.log(chalk.cyan('\nTry: um org switch'));
+          return null;
+        }
+
+        // Success! Update projects and continue
+        result.success = true;
+        result.projects = retryResult.projects;
+        console.log(chalk.green(`✓ Found ${retryResult.projects.length} project(s)\n`));
+
+      } catch (error) {
+        console.log(chalk.red(`\n❌ Re-authentication error: ${error.message}`));
+        console.log(chalk.cyan('\nPlease run: um login'));
+        return null;
       }
-      return true;
+    } else if (result.errorType === 'FORBIDDEN') {
+      console.log(chalk.yellow('\n🔒 Access Denied\n'));
+      console.log(chalk.gray('You do not have permission to view projects in this organization.'));
+      console.log(chalk.cyan('\nContact your organization administrator for access.'));
+      return null;
+    } else if (result.errorType === 'NETWORK_ERROR') {
+      console.log(chalk.yellow('\n🌐 Network Error\n'));
+      console.log(chalk.gray('Could not connect to the API server.'));
+      console.log(chalk.cyan('\nCheck your internet connection and try again.'));
+      return null;
+    } else {
+      console.log(chalk.yellow('\n⚠️  Unexpected Error\n'));
+      console.log(chalk.gray(`Details: ${result.message}`));
+      console.log(chalk.cyan('\nTry: um login'));
+      return null;
+    }
+  }
+
+  let projects = result.projects;
+
+  console.log(chalk.cyan('\n📋 Project setup\n'));
+
+  const choices = [
+    {
+      name: chalk.green('Create new project'),
+      value: 'create',
+      short: 'Create new project',
+    },
+    {
+      name: chalk.green(`Select existing project`) + chalk.gray(` (${projects.length} available)`),
+      value: 'select',
+      short: 'Select existing project',
     },
+  ];
+
+  const { action } = await inquirer.prompt([{
+    type: 'select',
+    name: 'action',
+    message: 'Choose an option:',
+    choices: choices,
+    default: projects.length > 0 ? 1 : 0,
   }]);
 
-  const action = parseInt(selection, 10) === 1 ? 'create' : 'select';
-
   if (action === 'create') {
+    const defaultName = getDefaultProjectName();
+
     const { name, description } = await inquirer.prompt([
       {
         type: 'input',
         name: 'name',
         message: 'Project name:',
+        default: defaultName,
         validate: input => input.length > 0 || 'Name is required',
       },
       {
@@ -142,32 +301,43 @@ async function selectOrCreateProject(authData, options) {
   } else {
     if (projects.length === 0) {
       console.log(chalk.yellow('No projects found. Creating first project...'));
-      return await selectOrCreateProject(authData, { ...options, action: 'create' });
+      const defaultName = getDefaultProjectName();
+
+      const { name, description } = await inquirer.prompt([
+        {
+          type: 'input',
+          name: 'name',
+          message: 'Project name:',
+          default: defaultName,
+          validate: input => input.length > 0 || 'Name is required',
+        },
+        {
+          type: 'input',
+          name: 'description',
+          message: 'Project description (optional):',
+        },
+      ]);
+
+      return await createProject(authData, apiUrl, name, description);
     }
 
-    // Display numbered list
-    console.log(chalk.cyan('\n📋 Available projects:\n'));
-    projects.forEach((p, index) => {
-      console.log(chalk.green(`  ${index + 1}. ${p.display_name || p.name}`) + chalk.gray(` (${p.slug || p.id})`));
-    });
-
-    const { projectSelection } = await inquirer.prompt([{
-      type: 'input',
-      name: 'projectSelection',
-      message: `Choose project (1-${projects.length}):`,
-      default: '1',
-      validate: (input) => {
-        const num = parseInt(input, 10);
-        if (isNaN(num) || num < 1 || num > projects.length) {
-          return `Please enter a number between 1 and ${projects.length}`;
-        }
-        return true;
-      },
+    // Display project list with arrow key selection
+    console.log(chalk.cyan('\n📋 Available projects\n'));
+
+    const choices = projects.map(p => ({
+      name: chalk.green(p.display_name || p.name) + chalk.gray(` (${p.slug || p.id})`),
+      value: p,
+      short: p.display_name || p.name,
+    }));
+
+    const { project } = await inquirer.prompt([{
+      type: 'select',
+      name: 'project',
+      message: 'Choose a project:',
+      choices: choices,
+      pageSize: 10,
     }]);
 
-    const selectedIndex = parseInt(projectSelection, 10) - 1;
-    const project = projects[selectedIndex];
-
     return {
       project_id: project.id,
       project_name: project.display_name || project.name,
@@ -187,11 +357,47 @@ async function fetchProjects(authData, apiUrl) {
         },
       }
     );
-    // API returns {items: [...], next_cursor, has_more}
-    return response.data?.items || [];
+    return { success: true, projects: response.data?.items || [] };
   } catch (error) {
-    console.error(chalk.red(`Failed to fetch projects: ${error.message}`));
-    return [];
+    // Detect specific error types
+    if (error.response) {
+      const status = error.response.status;
+
+      if (status === 401) {
+        return {
+          success: false,
+          errorType: 'UNAUTHORIZED',
+          status: 401,
+          message: 'Authentication failed - token may be invalid or expired',
+        };
+      } else if (status === 403) {
+        return {
+          success: false,
+          errorType: 'FORBIDDEN',
+          status: 403,
+          message: 'Access denied - you may not have permission to view projects',
+        };
+      } else if (status >= 500) {
+        return {
+          success: false,
+          errorType: 'SERVER_ERROR',
+          status: status,
+          message: 'Server error - please try again later',
+        };
+      }
+    } else if (error.request) {
+      return {
+        success: false,
+        errorType: 'NETWORK_ERROR',
+        message: 'Network error - could not reach API server',
+      };
+    }
+
+    return {
+      success: false,
+      errorType: 'UNKNOWN',
+      message: error.message,
+    };
   }
 }
 
@@ -218,7 +424,27 @@ async function createProject(authData, apiUrl, name, description) {
       project_slug: project.slug,
     };
   } catch (error) {
-    console.error(chalk.red(`Failed to create project: ${error.message}`));
+    if (error.response) {
+      const status = error.response.status;
+      console.error(chalk.red(`\n❌ Failed to create project (HTTP ${status})`));
+
+      if (status === 401) {
+        console.log(chalk.yellow('🔐 Authentication failed'));
+        console.log(chalk.gray('Your session may have expired.'));
+        console.log(chalk.cyan('Run: um login'));
+      } else if (status === 403) {
+        console.log(chalk.yellow('🔒 Permission denied'));
+        console.log(chalk.gray('You do not have permission to create projects in this organization.'));
+      } else if (status === 409) {
+        console.log(chalk.yellow('⚠️  Project already exists'));
+        console.log(chalk.gray('A project with this name or slug already exists.'));
+      } else {
+        console.log(chalk.gray(`Details: ${error.message}`));
+      }
+    } else {
+      console.error(chalk.red(`\n❌ Failed to create project: ${error.message}`));
+    }
+
     return null;
   }
 }
@@ -272,7 +498,66 @@ async function saveProjectConfig(authData, projectData) {
   }
 }
 
-async function configureProviders(authData, projectData) {
+/**
+ * Fetch MCP tools and prompt user for permission to pre-authorize
+ * @param {Object} authData - Auth data with tokens
+ * @param {Object} projectData - Project data
+ * @returns {Promise<Array<string>|null>} - Array of permission strings or null if declined
+ */
+async function fetchMCPToolPermissions(authData, projectData) {
+  try {
+    // Build auth headers (similar to lib/mcp-server.js)
+    const authHeaders = {
+      'Authorization': `Bearer ${authData.access_token}`,
+      'X-Org-Id': authData.org_id,
+      'X-User-Id': authData.user_id,
+    };
+
+    // Fetch tools from gateway
+    const { fetchRemoteMCPTools } = await import('../lib/mcp-proxy.js');
+    const projectContext = {
+      project_id: projectData.project_id,
+      org_id: authData.org_id,
+    };
+
+    const toolsResult = await fetchRemoteMCPTools(authHeaders, projectContext);
+    const tools = toolsResult.tools || [];
+
+    if (tools.length === 0) {
+      return null; // No tools available
+    }
+
+    // Format tool names for display
+    const toolNames = tools.map(t => t.name).join(', ');
+
+    // Prompt user
+    console.log(chalk.cyan('\n🔧 MCP Tool Permissions\n'));
+    console.log(chalk.gray(`Found ${tools.length} available tools: ${toolNames}`));
+
+    const { allowPermissions } = await inquirer.prompt([{
+      type: 'confirm',
+      name: 'allowPermissions',
+      message: 'Pre-authorize these UnifiedMemory tools in Claude Code? (Recommended)',
+      default: true,
+    }]);
+
+    if (!allowPermissions) {
+      console.log(chalk.yellow('⚠ Tools not pre-authorized. Claude will prompt for permission on first use.'));
+      return null;
+    }
+
+    // Convert tool names to permission format
+    const permissions = tools.map(tool => `mcp__unifiedmemory__${tool.name}`);
+    return permissions;
+
+  } catch (error) {
+    console.error(chalk.yellow(`⚠ Could not fetch MCP tools: ${error.message}`));
+    console.log(chalk.gray('Skipping permission setup. You can manually add permissions later.'));
+    return null;
+  }
+}
+
+async function configureProviders(authData, projectData, mcpToolPermissions = null) {
   console.log(chalk.cyan('\n🔧 Configuring AI code assistants...\n'));
 
   // Pass current directory for project-level configs (like Claude Code)
@@ -288,28 +573,42 @@ async function configureProviders(authData, projectData) {
 
   // NEW APPROACH: Configure local MCP server (no tokens in config files)
   for (const provider of detected) {
-    const success = provider.configureMCP();
+    // Configure MCP server (pass permissions for Claude Code)
+    const mcpSuccess = provider.configureMCP(mcpToolPermissions);
 
-    if (success) {
-      console.log(chalk.green(`✓ Configured ${provider.name}`));
+    // Configure memory instructions
+    const instructionsResult = provider.configureMemoryInstructions?.();
+
+    // Display results
+    if (mcpSuccess) {
+      console.log(chalk.green(`✓ Configured ${provider.name} MCP server`));
+
+      // Show permission status for Claude Code
+      if (provider.name === 'Claude Code' && mcpToolPermissions && mcpToolPermissions.length > 0) {
+        console.log(chalk.green(`  ✓ Pre-authorized ${mcpToolPermissions.length} MCP tools`));
+      }
     } else {
-      console.log(chalk.red(`✗ Failed to configure ${provider.name}`));
+      console.log(chalk.red(`✗ Failed to configure ${provider.name} MCP`));
+    }
+
+    if (instructionsResult) {
+      switch (instructionsResult.status) {
+        case 'created':
+          console.log(chalk.green(`  ✓ Created memory instructions`));
+          break;
+        case 'appended':
+          console.log(chalk.green(`  ✓ Appended memory instructions`));
+          break;
+        case 'skipped':
+          console.log(chalk.gray(`  ℹ Memory instructions already present`));
+          break;
+        case 'error':
+          console.log(chalk.yellow(`  ⚠ Could not write memory instructions: ${instructionsResult.error}`));
+          break;
+      }
     }
   }
 
   console.log(chalk.cyan('\n💡 Important: Restart your AI assistant to load the new configuration'));
   console.log(chalk.gray('   The MCP server will automatically use your authentication and project context'));
 }
-
-async function loginWithApiKey(apiKey) {
-  // TODO: Implement API key authentication
-  // Exchange API key for JWT token
-  console.log(chalk.yellow('API key authentication not yet implemented'));
-  return null;
-}
-
-async function refreshToken(refreshToken) {
-  // TODO: Implement token refresh
-  console.log(chalk.yellow('Token refresh not yet implemented'));
-  return null;
-}

package/commands/login.js

@@ -6,10 +6,13 @@ import crypto from 'crypto';
 import inquirer from 'inquirer';
 import { config, validateConfig } from '../lib/config.js';
 import { saveToken, updateSelectedOrg } from '../lib/token-storage.js';
-import { getUserOrganizations, getOrganizationsFromToken, formatOrganization, getOrgScopedToken } from '../lib/clerk-api.js';
+import { getUserOrganizations, getOrganizationsFromToken, getOrgScopedToken } from '../lib/clerk-api.js';
+import { parseJWT } from '../lib/jwt-utils.js';
+import { promptOrganizationSelection, displayOrganizationSelection } from '../lib/org-selection-ui.js';
 
 function generateRandomState() {
-  return Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15);
+  // Use cryptographically secure random bytes for CSRF protection
+  return crypto.randomBytes(32).toString('hex');
 }
 
 function base64URLEncode(buffer) {
@@ -29,77 +32,6 @@ function generatePKCE() {
   return { verifier, challenge };
 }
 
-function parseJWT(token) {
-  try {
-    const parts = token.split('.');
-    if (parts.length !== 3) {
-      return null;
-    }
-    const payload = Buffer.from(parts[1], 'base64').toString('utf8');
-    return JSON.parse(payload);
-  } catch (error) {
-    return null;
-  }
-}
-
-/**
- * Prompt user to select an organization context
- * @param {Array} memberships - Array of organization memberships
- * @returns {Promise<Object|null>} Selected organization data or null for personal context
- */
-async function selectOrganization(memberships) {
-  console.log(chalk.blue('\n🔍 Checking for organizations...'));
-
-  if (memberships.length === 0) {
-    console.log(chalk.gray('No organizations found. Using personal account context.'));
-    return null;
-  }
-
-  console.log(chalk.green(`\nFound ${memberships.length} organization(s)!`));
-
-  // Debug: Log raw memberships
-  console.log(chalk.gray('\nRaw memberships data:'));
-  console.log(JSON.stringify(memberships, null, 2));
-
-  // Format organizations for display
-  const formattedOrgs = memberships.map(formatOrganization);
-
-  // Print numbered list
-  console.log(chalk.cyan('\n📋 Available contexts:\n'));
-
-  formattedOrgs.forEach((org, index) => {
-    console.log(chalk.green(`  ${index + 1}. ${org.name}`) + chalk.gray(` (${org.slug})`) + chalk.yellow(` [${org.role}]`));
-  });
-
-  console.log(chalk.cyan(`  ${formattedOrgs.length + 1}. Personal Account`) + chalk.gray(' (no organization)'));
-
-  // Simple input prompt
-  const answer = await inquirer.prompt([
-    {
-      type: 'input',
-      name: 'selection',
-      message: `Choose context (1-${formattedOrgs.length + 1}):`,
-      default: '1',
-      validate: (input) => {
-        const num = parseInt(input, 10);
-        if (isNaN(num) || num < 1 || num > formattedOrgs.length + 1) {
-          return `Please enter a number between 1 and ${formattedOrgs.length + 1}`;
-        }
-        return true;
-      },
-    },
-  ]);
-
-  const selectedIndex = parseInt(answer.selection, 10) - 1;
-
-  // If they selected beyond orgs list, that's personal account (null)
-  if (selectedIndex >= formattedOrgs.length) {
-    return null;
-  }
-
-  return formattedOrgs[selectedIndex];
-}
-
 export async function login() {
   validateConfig();
 
@@ -224,30 +156,10 @@ export async function login() {
             </html>
           `);
 
-          // Parse JWT to show user info - try both access_token and id_token
+          // Parse JWT for user info - do not log tokens
           const tokenToParse = tokenData.id_token || tokenData.access_token;
-          console.log(chalk.gray('Parsing token type:'), tokenData.id_token ? 'id_token' : 'access_token');
-
           const decoded = parseJWT(tokenToParse);
 
-          if (!decoded) {
-            console.log(chalk.yellow('⚠️  Could not parse JWT token'));
-            console.log(chalk.gray('Token preview:'), tokenToParse ? tokenToParse.substring(0, 50) + '...' : 'null');
-          } else {
-            // Debug: Show JWT claims to see what's available
-            console.log(chalk.gray('\nJWT Claims:'));
-            console.log(chalk.gray(JSON.stringify(decoded, null, 2)));
-          }
-
-          // Debug: Show token previews to understand format
-          console.log(chalk.gray('\nToken previews:'));
-          if (tokenData.access_token) {
-            console.log(chalk.gray('  Access token:'), tokenData.access_token.substring(0, 50) + '...');
-          }
-          if (tokenData.id_token) {
-            console.log(chalk.gray('  ID token:'), tokenData.id_token.substring(0, 50) + '...');
-          }
-
           // Save token (save both access_token and id_token if available)
           saveToken({
             accessToken: tokenData.access_token,
@@ -289,7 +201,9 @@ export async function login() {
                   memberships = await getUserOrganizations(userId, sessionToken);
                 }
 
-                const selectedOrg = await selectOrganization(memberships);
+                console.log(chalk.blue('\n🔍 Checking for organizations...'));
+                const selectedOrg = await promptOrganizationSelection(memberships);
+                displayOrganizationSelection(selectedOrg);
 
                 if (selectedOrg) {
                   // Get org-scoped JWT from Clerk