avocavo 1.0.1 → 1.0.4

package/CHANGELOG.md

@@ -2,6 +2,61 @@
 
 All notable changes to the Avocavo CLI will be documented in this file.
 
+## [1.0.4] - 2025-08-04
+
+### 🔧 Login Experience Fixes
+- **FIXED**: Login no longer incorrectly reports "no API keys" when user has existing keys
+- **IMPROVED**: Smart API key detection after login - checks server for all user keys
+- **ADDED**: Auto-selection of single API key for seamless experience
+- **ENHANCED**: Better messaging for users with multiple API keys
+
+### 🎯 Key Management Improvements
+- **SMART**: If user has exactly 1 API key, it's automatically selected and activated
+- **GUIDANCE**: Users with multiple keys get clear instructions to run `avocavo keys switch`
+- **ACCURATE**: Login now correctly identifies users with 0, 1, or multiple API keys
+- **RELIABLE**: Fallback handling if API key check fails
+
+### 🛠️ Technical Changes
+- Enhanced post-login API key detection logic
+- Added server-side key enumeration via `/api/keys` endpoint
+- Improved error handling and user guidance messages
+- Better integration between authentication and key management systems
+
+## [1.0.3] - 2025-08-04
+
+### 🔐 Authentication Fixes
+- **CRITICAL**: Fixed OAuth authentication with proper JWT token exchange
+- **FIXED**: Resolved "Invalid or expired OAuth session" errors
+- **IMPROVED**: Enhanced token exchange flow with industry-standard implementation
+- **ADDED**: Automatic OAuth-to-JWT token exchange after login
+
+### 🛡️ Security Enhancements
+- Implemented OAuth 2.0 Token Exchange (RFC 8693) standards
+- Proper JWT token validation with HMAC-SHA256
+- Secure token storage with automatic migration
+- Enhanced error handling for authentication failures
+
+### 🔧 Technical Changes
+- Added token exchange endpoint integration
+- Updated authentication flow to use Supabase JWT tokens
+- Improved error messages for auth failures
+- Better handling of token expiry and refresh
+
+## [1.0.2] - 2025-01-30
+
+### 📚 Documentation Updates
+- **FIXED**: Updated README.md with correct CLI command examples
+- **CORRECTED**: Changed deprecated `avocavo analyze` to `avocavo ingredient`
+- **ENHANCED**: Added comprehensive command examples for all operations
+- **IMPROVED**: Updated recipe command syntax to show proper `-i` flag usage
+- **ADDED**: Complete API key management command documentation
+
+### 🔧 Command Corrections
+- All examples now use the correct `avocavo ingredient` command (not `analyze`)
+- Recipe examples show proper `-i` flag for ingredients input
+- Added missing API key management examples (`avocavo keys create`, `switch`, etc.)
+- Updated help text to match actual CLI functionality
+
 ## [1.0.1] - 2025-01-30
 
 ### 🚨 Critical Security Fixes

package/README.md

@@ -12,10 +12,10 @@ npm install -g avocavo
 avocavo login
 
 # Analyze a single ingredient
-avocavo analyze "1 cup rice"
+avocavo ingredient "1 cup rice"
 
 # Analyze a recipe
-avocavo recipe "2 eggs, 1 cup flour, 1 cup milk"
+avocavo recipe -i "2 eggs" "1 cup flour" "1 cup milk"
 
 # Get help
 avocavo --help
@@ -53,27 +53,44 @@ npm install -g avocavo
 ### `avocavo login`
 Authenticate with your Avocavo account via secure OAuth.
 
-### `avocavo analyze <ingredient>`
+### `avocavo ingredient <ingredient>`
 Analyze a single ingredient:
 ```bash
-avocavo analyze "1 cup brown rice"
-avocavo analyze "200g chicken breast"
+avocavo ingredient "1 cup brown rice"
+avocavo ingredient "200g chicken breast"
+avocavo ingredient "1 cup rice" -v     # Include USDA verification URL
 ```
 
-### `avocavo recipe <ingredients>`
+### `avocavo recipe [options]`
 Analyze multiple ingredients as a recipe:
 ```bash
-avocavo recipe "2 eggs, 1 cup flour, 1/2 cup milk"
+avocavo recipe -i "2 eggs" "1 cup flour" "1/2 cup milk"
+avocavo recipe -i "2 cups flour" "1 cup milk" -s 8    # 8 servings
+avocavo recipe -f ingredients.txt -s 4                # From file, 4 servings
 ```
 
-### `avocavo batch <file>`
-Analyze ingredients from a file:
+### `avocavo batch [options]`
+Analyze multiple ingredients efficiently:
 ```bash
-avocavo batch ingredients.txt
+avocavo batch -i "1 cup rice" "2 tbsp oil" "4 oz chicken"
+avocavo batch -f ingredients.txt
 ```
 
-### `avocavo whoami`
-Show current authenticated user.
+### `avocavo keys`
+Manage API keys:
+```bash
+avocavo keys list                      # List all API keys
+avocavo keys create                    # Create new API key
+avocavo keys create -n "Production"    # Create with custom name
+avocavo keys switch                    # Switch active API key
+avocavo keys delete                    # Delete an API key
+```
+
+### `avocavo status`
+Show login status and account information.
+
+### `avocavo health`
+Check API health and status.
 
 ### `avocavo logout`
 Remove stored credentials.
@@ -99,7 +116,7 @@ Remove stored credentials.
 
 ### JSON Format
 ```bash
-avocavo analyze "1 cup rice" --json
+avocavo ingredient "1 cup rice" --json
 ```
 
 ## 🆘 Support
@@ -127,5 +144,5 @@ npm install -g avocavo
 
 # Same commands work!
 avocavo login
-avocavo analyze "1 cup rice"
+avocavo ingredient "1 cup rice"
 ```

package/bin/avocavo.js

@@ -4,6 +4,7 @@ const { program } = require('commander');
 const chalk = require('chalk');
 const path = require('path');
 const fs = require('fs');
+const axios = require('axios');
 const { NutritionAPI } = require('../lib/api');
 const { AuthManager } = require('../lib/auth');
 const { formatNutrition, formatPerformanceMetrics, formatUSDAMatch, formatTable } = require('../lib/formatters');
@@ -77,11 +78,13 @@ program
       if (success) {
         console.log(chalk.green('✅ Successfully logged in!'));
         
-        // Test the selected API key
-        const apiKey = await auth.getApiKey();
+        // Check for API keys - first check if user has a selected key
+        let apiKey = await auth.getApiKey();
+        
         if (apiKey) {
+          // User has a selected API key, test it
           if (program.opts().verbose) {
-            console.log(chalk.gray(`Debug: API key retrieved: ${apiKey.substring(0, 12)}...`));
+            console.log(chalk.gray(`Debug: Using selected API key: ${apiKey.substring(0, 12)}...`));
           }
           const api = new NutritionAPI(apiKey, program.opts().baseUrl, 30000, auth);
           try {
@@ -89,23 +92,66 @@ program
             console.log(chalk.cyan(`📊 Account: ${account.email} (${account.api_tier} tier)`));
             console.log(chalk.cyan(`📈 Usage: ${account.usage.current_month}/${account.usage.monthly_limit || 'unlimited'}`));
           } catch (err) {
-            // If we can't fetch account info, it's likely because the API key is invalid or missing
-            // This happens for new users who don't have any API keys yet
-            console.log(chalk.yellow('⚠️  You don\'t have any API keys yet'));
-            console.log(chalk.cyan('💡 Create your first API key to start using the nutrition API:'));
-            console.log(chalk.cyan('   avocavo keys create'));
+            console.log(chalk.yellow('⚠️  Selected API key appears invalid'));
+            console.log(chalk.cyan('💡 Try selecting a different key with: avocavo keys switch'));
             if (program.opts().verbose) {
               console.log(chalk.gray(`Debug: ${err.message}`));
-              console.log(chalk.gray(`Debug: Status ${err.statusCode || 'unknown'}`));
-              if (err.response?.data) {
-                console.log(chalk.gray(`Response: ${JSON.stringify(err.response.data, null, 2)}`));
-              }
             }
           }
         } else {
-          console.log(chalk.yellow('⚠️  You don\'t have any API keys yet'));
-          console.log(chalk.cyan('💡 Create your first API key to start using the nutrition API:'));
-          console.log(chalk.cyan('   avocavo keys create'));
+          // No selected API key, check if user has any keys at all
+          try {
+            const KeyManager = require('../lib/keys');
+            const keyManager = new KeyManager(auth, program.opts().baseUrl);
+            
+            // Get user's API keys from server
+            const headers = await keyManager.getAuthHeaders();
+            const response = await axios.get(`${program.opts().baseUrl}/api/keys`, { headers });
+            
+            if (response.data.keys && response.data.keys.length > 0) {
+              const keyCount = response.data.keys.length;
+              
+              if (keyCount === 1) {
+                // Auto-select the single key
+                console.log(chalk.cyan('🔄 You have 1 API key. Auto-selecting it...'));
+                const singleKey = response.data.keys[0];
+                
+                // Store the key as selected (simplified approach)
+                await auth.storeApiKeySecurely(auth.getUserInfo().email, singleKey.api_key);
+                
+                // Test the auto-selected key
+                const api = new NutritionAPI(singleKey.api_key, program.opts().baseUrl, 30000, auth);
+                try {
+                  const account = await api.getAccountUsage();
+                  console.log(chalk.green('✅ API key activated!'));
+                  console.log(chalk.cyan(`📊 Account: ${account.email} (${account.api_tier} tier)`));
+                  console.log(chalk.cyan(`📈 Usage: ${account.usage.current_month}/${account.usage.monthly_limit || 'unlimited'}`));
+                } catch (err) {
+                  console.log(chalk.yellow('⚠️  Auto-selected API key appears invalid'));
+                  console.log(chalk.cyan('💡 Check your keys with: avocavo keys list'));
+                }
+              } else {
+                // Multiple keys - prompt user to select one
+                console.log(chalk.cyan(`💡 You have ${keyCount} API keys but none selected. Choose one to activate:`));
+                console.log(chalk.cyan('   avocavo keys switch'));
+                console.log(chalk.gray('   or'));
+                console.log(chalk.cyan('   avocavo keys list'));
+              }
+            } else {
+              // No API keys at all
+              console.log(chalk.yellow('⚠️  You don\'t have any API keys yet'));
+              console.log(chalk.cyan('💡 Create your first API key to start using the nutrition API:'));
+              console.log(chalk.cyan('   avocavo keys create'));
+            }
+          } catch (keyCheckError) {
+            // Fallback to create message if we can't check existing keys
+            console.log(chalk.yellow('⚠️  Unable to check for existing API keys'));
+            console.log(chalk.cyan('💡 Create an API key to start using the nutrition API:'));
+            console.log(chalk.cyan('   avocavo keys create'));
+            if (program.opts().verbose) {
+              console.log(chalk.gray(`Debug: ${keyCheckError.message}`));
+            }
+          }
         }
       } else {
         console.log(chalk.red('❌ Login failed'));
@@ -648,7 +694,6 @@ program
       if (result.performance) {
         console.log(chalk.bold('⚡ Performance:'));
         console.log(`  📊 Avg Response: ${result.performance.avg_response_time_ms}ms`);
-        console.log(`  💾 Cache Hit Rate: ${result.performance.cache_hit_rate}%`);
         
         if (result.performance.uptime) {
           console.log(`  ⏱️  Uptime: ${result.performance.uptime}`);

package/lib/auth.js

@@ -171,37 +171,73 @@ class AuthManager {
             
             // Store credentials securely
             const userEmail = data.user_email || data.user_info?.email;
-            const jwtToken = data.jwt_token;
+            const oauthToken = data.auth_uuid; // This is the OAuth session token
             
-            if (!jwtToken) {
-              console.error(chalk.red('❌ No JWT token received from server'));
+            // Exchange OAuth token for proper JWT token
+            spinner.start('Exchanging authentication tokens...');
+            try {
+              const tokenExchangeResponse = await axios.post(
+                `${this.baseUrl}/api/auth/exchange-token`,
+                {},
+                {
+                  headers: {
+                    'Authorization': `Bearer auth_uuid:${oauthToken}`,
+                    'Content-Type': 'application/json'
+                  }
+                }
+              );
+              
+              if (!tokenExchangeResponse.data.success) {
+                spinner.fail('Token exchange failed');
+                console.error(chalk.red(tokenExchangeResponse.data.error || 'Unknown error'));
+                return false;
+              }
+              
+              const jwtToken = tokenExchangeResponse.data.access_token;
+              
+              if (!jwtToken) {
+                console.error(chalk.red('❌ No JWT token received from token exchange'));
+                return false;
+              }
+              
+              spinner.succeed('Token exchange successful');
+              
+              // Store JWT token securely for session management
+              await this.storeJwtSecurely(userEmail, jwtToken);
+              
+              // Store session data (JWT-based authentication)
+              const sessionData = {
+                userInfo: { 
+                  email: userEmail,
+                  api_tier: tokenExchangeResponse.data.user?.api_tier || 'free'
+                },
+                loginTime: Date.now(),
+                provider: data.provider || 'google',
+                hasJwt: true,
+                usesSecureStorage: this.keytarAvailable
+              };
+              
+              // Store session data
+              this.config.set('sessionData', sessionData);
+              this.config.set('isLoggedIn', true);
+              
+              // Clear any old API key data since we're now JWT-based
+              this.config.delete('apiKey');
+              this.config.delete('apiKeys');
+              this.config.delete('activeKey');
+              
+              console.log(chalk.green(`✅ Logged in as ${userEmail || 'Unknown'}`));
+              return true;
+              
+            } catch (exchangeError) {
+              spinner.fail('Token exchange failed');
+              console.error(chalk.red(`Failed to exchange token: ${exchangeError.message}`));
+              if (exchangeError.response) {
+                console.error(chalk.red(`Server response: ${JSON.stringify(exchangeError.response.data)}`));
+              }
               return false;
             }
             
-            // Store JWT token securely for session management
-            await this.storeJwtSecurely(userEmail, jwtToken);
-            
-            // Store session data (JWT-based authentication)
-            const sessionData = {
-              userInfo: { email: userEmail },
-              loginTime: Date.now(),
-              provider: data.provider || 'google',
-              hasJwt: true,
-              usesSecureStorage: this.keytarAvailable
-            };
-            
-            // Store session data
-            this.config.set('sessionData', sessionData);
-            this.config.set('isLoggedIn', true);
-            
-            // Clear any old API key data since we're now JWT-based
-            this.config.delete('apiKey');
-            this.config.delete('apiKeys');
-            this.config.delete('activeKey');
-            
-            console.log(chalk.green(`✅ Logged in as ${userEmail || 'Unknown'}`));
-            return true;
-            
           } else if (data.status === 'failed') {
             spinner.fail('Login failed');
             console.error(chalk.red(data.error || 'Unknown error'));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "avocavo",
-  "version": "1.0.1",
+  "version": "1.0.4",
   "description": "Avocavo CLI - Nutrition analysis made simple. Get accurate USDA nutrition data with secure authentication.",
   "main": "index.js",
   "bin": {