gitmem-mcp 1.5.1 → 1.6.1

package/dist/commands/activate.js

@@ -0,0 +1,606 @@
+/**
+ * GitMem Pro Activation Wizard
+ *
+ * Usage: npx gitmem-mcp activate [license-key]
+ *
+ * Credential resolution (priority order):
+ *   1. Environment variables (SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY, OPENROUTER_API_KEY)
+ *   2. Existing values in .gitmem/config.json (re-activation)
+ *   3. Interactive prompt (TTY only)
+ *
+ * Steps:
+ *   1. Accept key as argument or prompt for it
+ *   2. Validate key against our endpoint (register device)
+ *   3. Resolve Supabase URL + service role key (env → config → prompt)
+ *   4. Test Supabase connection (verify tables exist)
+ *   5. Resolve OpenRouter API key (env → config → prompt)
+ *   6. Write everything to ~/.gitmem/config.json
+ */
+import * as fs from "fs";
+import * as path from "path";
+import * as readline from "readline";
+import { fileURLToPath } from "url";
+import { getGitmemDir, getInstallId } from "../services/gitmem-dir.js";
+import { validateLicense, clearLicenseCache } from "../services/license.js";
+import { hasLocalData, hasPreMigrationData, migrateLocalToSupabase, reimportFromBackups, archiveLocalData } from "./migrate-local.js";
+function createReadline() {
+    return readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+}
+function ask(rl, question) {
+    return new Promise((resolve) => {
+        rl.question(question, (answer) => resolve(answer.trim()));
+    });
+}
+/**
+ * Resolve a credential value using the priority chain:
+ *   1. Environment variable
+ *   2. Existing config value
+ *   3. Interactive prompt (if TTY available)
+ *
+ * Returns the resolved value or empty string.
+ */
+async function resolveCredential(opts) {
+    // 1. Environment variable
+    const envValue = process.env[opts.envVar];
+    if (envValue) {
+        return { value: envValue, source: "env" };
+    }
+    // 2. Existing config value
+    if (opts.configValue) {
+        return { value: opts.configValue, source: "config" };
+    }
+    // 3. Interactive prompt
+    if (opts.rl) {
+        const prompt = opts.existingHint
+            ? `  ${opts.promptLabel} [${opts.existingHint}]: `
+            : `  ${opts.promptLabel}: `;
+        const input = await ask(opts.rl, prompt);
+        if (input) {
+            return { value: input, source: "prompt" };
+        }
+    }
+    return { value: "", source: "none" };
+}
+/**
+ * Test basic Supabase connectivity via REST API
+ */
+async function testSupabaseConnection(url, key) {
+    try {
+        const response = await fetch(`${url}/rest/v1/`, {
+            method: "GET",
+            headers: {
+                apikey: key,
+                Authorization: `Bearer ${key}`,
+            },
+        });
+        return response.ok || response.status === 200;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Check if gitmem tables exist in the user's Supabase
+ * Returns list of missing tables (empty = all present)
+ */
+async function checkSchemaExists(url, key) {
+    const requiredTables = ["gitmem_learnings", "gitmem_sessions", "gitmem_decisions", "gitmem_scar_usage"];
+    const missing = [];
+    for (const table of requiredTables) {
+        try {
+            const response = await fetch(`${url}/rest/v1/${table}?select=id&limit=0`, {
+                method: "GET",
+                headers: {
+                    apikey: key,
+                    Authorization: `Bearer ${key}`,
+                },
+            });
+            if (!response.ok) {
+                missing.push(table);
+            }
+        }
+        catch {
+            missing.push(table);
+        }
+    }
+    return missing;
+}
+/**
+ * Get the Supabase access token for Management API
+ * Priority: SUPABASE_ACCESS_TOKEN env var → ~/.supabase/access-token file
+ */
+function getSupabaseAccessToken() {
+    const envToken = process.env.SUPABASE_ACCESS_TOKEN;
+    if (envToken)
+        return envToken;
+    try {
+        const tokenPath = path.join(process.env.HOME || process.env.USERPROFILE || "", ".supabase", "access-token");
+        if (fs.existsSync(tokenPath)) {
+            return fs.readFileSync(tokenPath, "utf-8").trim();
+        }
+    }
+    catch {
+        // No stored token
+    }
+    return null;
+}
+/**
+ * Extract project ref from Supabase URL
+ * e.g., "https://abcdef.supabase.co" → "abcdef"
+ */
+function extractProjectRef(url) {
+    const match = url.match(/https?:\/\/([^.]+)\.supabase\.co/);
+    return match ? match[1] : null;
+}
+/**
+ * Load the setup SQL from the schema file bundled with the package
+ * Strips the license management section (not for user's Supabase)
+ */
+function loadSetupSql() {
+    try {
+        const __dirname = path.dirname(fileURLToPath(import.meta.url));
+        const sqlPath = path.join(__dirname, "..", "..", "schema", "setup.sql");
+        if (!fs.existsSync(sqlPath))
+            return null;
+        let sql = fs.readFileSync(sqlPath, "utf-8");
+        // Strip license management tables (they belong on our infra, not user's)
+        const licenseIdx = sql.indexOf("-- License Management Tables");
+        if (licenseIdx > 0) {
+            sql = sql.substring(0, licenseIdx);
+        }
+        return sql;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Apply schema SQL via direct Postgres connection (pg client)
+ * Uses DATABASE_URL connection string from env/config/prompt
+ */
+async function applySchemaViaPg(databaseUrl, sql) {
+    try {
+        const pg = await import("pg");
+        const client = new pg.default.Client({
+            connectionString: databaseUrl,
+            ssl: { rejectUnauthorized: false },
+            connectionTimeoutMillis: 15_000,
+            statement_timeout: 30_000,
+        });
+        await client.connect();
+        await client.query(sql);
+        // Reload PostgREST schema cache
+        await client.query("NOTIFY pgrst, 'reload schema'");
+        await client.end();
+        return { success: true };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : "Unknown error";
+        return { success: false, error: message };
+    }
+}
+/**
+ * Apply schema SQL to user's Supabase via Management API
+ */
+async function applySchema(projectRef, accessToken, sql) {
+    try {
+        const response = await fetch(`https://api.supabase.com/v1/projects/${projectRef}/database/query`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Authorization: `Bearer ${accessToken}`,
+            },
+            body: JSON.stringify({ query: sql }),
+            signal: AbortSignal.timeout(30_000),
+        });
+        if (!response.ok) {
+            const text = await response.text();
+            return { success: false, error: `HTTP ${response.status}: ${text.slice(0, 200)}` };
+        }
+        return { success: true };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : "Unknown error";
+        return { success: false, error: message };
+    }
+}
+export async function main(args) {
+    console.log("");
+    console.log("GitMem Pro Activation");
+    console.log("─────────────────────");
+    console.log("");
+    const gitmemDir = getGitmemDir();
+    const configPath = path.join(gitmemDir, "config.json");
+    // Load existing config
+    let config = {};
+    try {
+        if (fs.existsSync(configPath)) {
+            config = JSON.parse(fs.readFileSync(configPath, "utf-8"));
+        }
+    }
+    catch {
+        // Start fresh
+    }
+    // Ensure install_id exists
+    let installId = config.install_id || getInstallId();
+    if (!installId) {
+        const { randomUUID } = await import("crypto");
+        installId = randomUUID();
+        config.install_id = installId;
+    }
+    // Step 1: Get license key (arg → env → prompt)
+    let apiKey = args[0] || process.env.GITMEM_API_KEY || config.api_key || "";
+    if (!apiKey) {
+        if (!process.stdin.isTTY) {
+            console.error("Error: License key required. Usage: npx gitmem-mcp activate <key>");
+            console.error("  Or set GITMEM_API_KEY environment variable.");
+            process.exit(1);
+        }
+        const rl = createReadline();
+        apiKey = await ask(rl, "License key: ");
+        rl.close();
+        if (!apiKey) {
+            console.error("Error: License key is required.");
+            process.exit(1);
+        }
+    }
+    // Validate key format
+    if (!apiKey.startsWith("gitmem_pro_") && !apiKey.startsWith("gitmem_dev_")) {
+        console.error("Error: Invalid key format. Keys start with 'gitmem_pro_' or 'gitmem_dev_'.");
+        process.exit(1);
+    }
+    // Step 2: Validate key against endpoint
+    console.log("Validating license key...");
+    const result = await validateLicense(apiKey, installId);
+    if (!result.valid) {
+        console.error(`\nError: ${result.message}`);
+        process.exit(1);
+    }
+    console.log(`✓ Key validated (${result.tier} tier)`);
+    console.log("");
+    // Create readline only if TTY is available
+    const rl = process.stdin.isTTY ? createReadline() : null;
+    // Step 3: Resolve Supabase credentials (env → config → prompt)
+    const existingUrl = config.supabase_url;
+    const existingKey = config.supabase_key;
+    if (rl) {
+        console.log("Supabase Setup");
+        console.log("  (Create a free project at https://database.new)");
+        if (existingUrl) {
+            console.log(`  Current: ${existingUrl}`);
+        }
+        console.log("");
+    }
+    const supabaseUrlResult = await resolveCredential({
+        envVar: "SUPABASE_URL",
+        configValue: existingUrl,
+        promptLabel: "Project URL",
+        required: true,
+        rl,
+    });
+    const supabaseUrl = supabaseUrlResult.value;
+    // Re-activation safety: warn if changing URL interactively
+    if (rl && existingUrl && supabaseUrl !== existingUrl && supabaseUrlResult.source === "prompt") {
+        console.log("");
+        console.log("  ⚠ WARNING: You are changing your Supabase URL.");
+        console.log(`    Old: ${existingUrl}`);
+        console.log(`    New: ${supabaseUrl}`);
+        console.log("    Your existing data in the old project will NOT be migrated.");
+        console.log("");
+        const confirm = await ask(rl, "  Continue with new URL? (y/N): ");
+        if (confirm.toLowerCase() !== "y" && confirm.toLowerCase() !== "yes") {
+            console.log("  Keeping existing URL.");
+            // Fall back handled below by using existingUrl
+        }
+    }
+    // Resolve service role key — if same URL, offer to keep existing
+    const supabaseKeyResult = await resolveCredential({
+        envVar: "SUPABASE_SERVICE_ROLE_KEY",
+        configValue: (supabaseUrl === existingUrl) ? existingKey : undefined,
+        promptLabel: "Service Role Key",
+        required: true,
+        rl,
+        existingHint: (existingKey && supabaseUrl === existingUrl) ? "keep existing" : undefined,
+    });
+    const supabaseKey = supabaseKeyResult.value;
+    // Step 4: Test connection if we have credentials
+    let missingTables = [];
+    let connectionFailed = false;
+    if (supabaseUrl && supabaseKey) {
+        if (supabaseUrlResult.source !== "config" || supabaseKeyResult.source !== "config") {
+            // Only test if credentials are new (not just re-read from config)
+            console.log("  Testing connection...");
+            const connected = await testSupabaseConnection(supabaseUrl, supabaseKey);
+            if (!connected) {
+                connectionFailed = true;
+                if (rl) {
+                    // Interactive: hard failure — user can re-enter
+                    console.error("  ✗ Could not connect to Supabase. Check your URL and key.");
+                    rl.close();
+                    process.exit(1);
+                }
+                else {
+                    // Non-interactive: warn but save credentials anyway
+                    console.log("  ⚠ Could not connect to Supabase (credentials saved anyway).");
+                    console.log("    Verify your SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY are correct.");
+                }
+            }
+            else {
+                console.log("  ✓ Connected to Supabase");
+            }
+        }
+        if (!connectionFailed) {
+            missingTables = await checkSchemaExists(supabaseUrl, supabaseKey);
+            if (missingTables.length > 0) {
+                console.log("  Setting up schema...");
+                const projectRef = extractProjectRef(supabaseUrl);
+                const accessToken = getSupabaseAccessToken();
+                const setupSql = loadSetupSql();
+                if (projectRef && accessToken && setupSql) {
+                    // Auto-apply schema via Management API
+                    const result = await applySchema(projectRef, accessToken, setupSql);
+                    if (result.success) {
+                        // Reload PostgREST schema cache so new tables are visible via REST API
+                        await applySchema(projectRef, accessToken, "NOTIFY pgrst, 'reload schema'");
+                        // Brief wait for PostgREST to pick up the notification
+                        await new Promise((r) => setTimeout(r, 2000));
+                        // Verify tables now exist
+                        const stillMissing = await checkSchemaExists(supabaseUrl, supabaseKey);
+                        if (stillMissing.length === 0) {
+                            console.log("  ✓ Schema applied automatically");
+                            missingTables = [];
+                        }
+                        else {
+                            console.log("  ⚠ Schema applied but some tables still missing: " + stillMissing.join(", "));
+                            console.log("    PostgREST may need a moment to reload. Try: npx gitmem-mcp check");
+                            missingTables = stillMissing;
+                        }
+                    }
+                    else {
+                        console.log("  ⚠ Auto-schema failed: " + result.error);
+                        console.log("  Apply manually:");
+                        console.log("");
+                        console.log("    npx gitmem-mcp setup | pbcopy   (macOS — copies SQL to clipboard)");
+                        console.log("    npx gitmem-mcp setup            (prints SQL to paste manually)");
+                        console.log("");
+                        console.log("  Then: Supabase Dashboard → SQL Editor → New query → Paste → Run");
+                    }
+                }
+                else if (!setupSql) {
+                    console.log("  ⚠ Could not load schema SQL file");
+                }
+                else {
+                    // No access token — try DATABASE_URL as fallback
+                    const dbUrlResult = await resolveCredential({
+                        envVar: "DATABASE_URL",
+                        configValue: config.database_url,
+                        promptLabel: "Database URL (from Supabase Connect panel)",
+                        required: false,
+                        rl,
+                    });
+                    if (dbUrlResult.value) {
+                        console.log("  Applying schema via direct connection...");
+                        const pgResult = await applySchemaViaPg(dbUrlResult.value, setupSql);
+                        if (pgResult.success) {
+                            // Save DATABASE_URL to config for future use
+                            config.database_url = dbUrlResult.value;
+                            // Wait for PostgREST cache reload
+                            await new Promise((r) => setTimeout(r, 2000));
+                            const stillMissing = await checkSchemaExists(supabaseUrl, supabaseKey);
+                            if (stillMissing.length === 0) {
+                                console.log("  ✓ Schema applied via direct connection");
+                                missingTables = [];
+                            }
+                            else {
+                                console.log("  ⚠ Schema applied but PostgREST cache may be stale");
+                                console.log("    Try: npx gitmem-mcp check");
+                                missingTables = stillMissing;
+                            }
+                        }
+                        else {
+                            console.log("  ⚠ Direct connection failed: " + pgResult.error);
+                            console.log("  Apply manually:");
+                            console.log("    npx gitmem-mcp setup | pbcopy   (macOS)");
+                            console.log("    Then: Supabase Dashboard → SQL Editor → Paste → Run");
+                        }
+                    }
+                    else {
+                        // No access token AND no DATABASE_URL
+                        console.log("  ⚠ Missing tables: " + missingTables.join(", "));
+                        console.log("");
+                        console.log("  To apply automatically, provide one of:");
+                        console.log("    - DATABASE_URL (from Supabase Dashboard → Connect)");
+                        console.log("    - SUPABASE_ACCESS_TOKEN (from: npx supabase login)");
+                        console.log("  Then re-run: npx gitmem-mcp activate");
+                        console.log("");
+                        console.log("  Or apply manually:");
+                        console.log("    npx gitmem-mcp setup | pbcopy   (macOS)");
+                        console.log("    Then: Supabase Dashboard → SQL Editor → Paste → Run");
+                    }
+                }
+            }
+            else {
+                console.log("  ✓ Schema verified (all tables present)");
+            }
+        }
+        console.log("");
+    }
+    else if (!supabaseUrl || !supabaseKey) {
+        console.log("  ⚠ Supabase credentials not provided.");
+        console.log("    Pro features require Supabase. Set via:");
+        console.log("      - Environment: SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY");
+        console.log("      - Config: edit .gitmem/config.json (supabase_url, supabase_key)");
+        console.log("      - Re-run: npx gitmem-mcp activate (interactive)");
+        console.log("");
+    }
+    // Step 5: Resolve OpenRouter key (env → config → prompt)
+    if (rl) {
+        console.log("OpenRouter Setup");
+        console.log("  (Get a key at https://openrouter.ai/keys)");
+        const existingOpenRouter = config.openrouter_key;
+        if (existingOpenRouter) {
+            console.log(`  Current: ${existingOpenRouter.substring(0, 12)}...`);
+        }
+        console.log("");
+    }
+    const openrouterResult = await resolveCredential({
+        envVar: "OPENROUTER_API_KEY",
+        configValue: config.openrouter_key,
+        promptLabel: "API Key",
+        required: false,
+        rl,
+        existingHint: config.openrouter_key ? "keep existing" : undefined,
+    });
+    const openrouterKey = openrouterResult.value;
+    if (openrouterKey) {
+        if (openrouterResult.source === "env") {
+            console.log("  ✓ OpenRouter configured (from env)");
+        }
+        else if (openrouterResult.source === "config") {
+            // Silent — already configured
+        }
+        else {
+            console.log("  ✓ OpenRouter configured");
+        }
+    }
+    else if (rl) {
+        console.log("  ⚠ Skipped (semantic search will not work without embeddings)");
+    }
+    if (rl)
+        rl.close();
+    // Step 6: Write config (preserves existing fields like project, install_id, feedback_enabled)
+    config.api_key = apiKey;
+    if (supabaseUrl)
+        config.supabase_url = supabaseUrl;
+    if (supabaseKey)
+        config.supabase_key = supabaseKey;
+    if (openrouterKey)
+        config.openrouter_key = openrouterKey;
+    if (!fs.existsSync(gitmemDir)) {
+        fs.mkdirSync(gitmemDir, { recursive: true });
+    }
+    fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+    // Clear any stale license cache
+    clearLicenseCache();
+    // Ensure .gitmem/ is in .gitignore (prevents credential exposure)
+    try {
+        const projectRoot = process.cwd();
+        const gitignorePath = path.join(projectRoot, ".gitignore");
+        if (fs.existsSync(path.join(projectRoot, ".git"))) {
+            let gitignore = "";
+            if (fs.existsSync(gitignorePath)) {
+                gitignore = fs.readFileSync(gitignorePath, "utf-8");
+            }
+            if (!gitignore.split("\n").some(line => line.trim() === ".gitmem/" || line.trim() === ".gitmem")) {
+                const separator = gitignore.length > 0 && !gitignore.endsWith("\n") ? "\n" : "";
+                fs.appendFileSync(gitignorePath, `${separator}\n# GitMem local data (contains credentials)\n.gitmem/\n`);
+                console.log("  ✓ Added .gitmem/ to .gitignore");
+            }
+        }
+    }
+    catch {
+        // Non-fatal — warn but don't block activation
+        console.log("  ⚠ Could not update .gitignore — manually add .gitmem/ to prevent credential exposure");
+    }
+    // Step 7: Migrate local data to Supabase (free → pro upgrade)
+    // Handles three scenarios:
+    //   A) Fresh upgrade: .json files exist → migrate and archive
+    //   B) Re-activation after failed migration: .pre-migration backups exist → reimport
+    //   C) Already migrated: neither exists → skip
+    if (supabaseUrl && supabaseKey && missingTables.length === 0) {
+        const hasLive = hasLocalData(gitmemDir);
+        const hasBackups = hasPreMigrationData(gitmemDir);
+        if (hasLive || hasBackups) {
+            if (hasLive) {
+                console.log("Migrating Local Data");
+                console.log("  Found existing local data from free tier...");
+            }
+            else {
+                console.log("Re-importing From Backups");
+                console.log("  Found .pre-migration backup files from a previous upgrade...");
+            }
+            console.log("");
+            const migrationResult = hasLive
+                ? await migrateLocalToSupabase({
+                    supabaseUrl,
+                    supabaseKey,
+                    gitmemDir,
+                    onProgress: (msg) => console.log(msg),
+                })
+                : await reimportFromBackups({
+                    supabaseUrl,
+                    supabaseKey,
+                    gitmemDir,
+                    onProgress: (msg) => console.log(msg),
+                });
+            // Report results
+            const collections = Object.keys(migrationResult.migrated);
+            let totalMigrated = 0;
+            let totalSkipped = 0;
+            let totalErrors = 0;
+            for (const col of collections) {
+                const m = migrationResult.migrated[col];
+                const s = migrationResult.skipped[col];
+                const e = migrationResult.errors[col]?.length || 0;
+                totalMigrated += m;
+                totalSkipped += s;
+                totalErrors += e;
+                if (m > 0 || s > 0) {
+                    console.log(`  ${m > 0 ? "✓" : "⚠"} ${col}: ${m} migrated${s > 0 ? `, ${s} failed` : ""}`);
+                }
+            }
+            // Show ALL errors
+            if (totalErrors > 0) {
+                console.log("");
+                for (const col of collections) {
+                    for (const err of migrationResult.errors[col] || []) {
+                        console.log(`  ⚠ ${col}: ${err}`);
+                    }
+                }
+            }
+            if (totalMigrated > 0) {
+                console.log("");
+                console.log(`  ✓ Migrated ${totalMigrated} records to Supabase`);
+                if (hasLive) {
+                    // Archive local files so they aren't re-read
+                    const archived = archiveLocalData(gitmemDir);
+                    if (archived.length > 0) {
+                        console.log(`  ✓ Local files archived (${archived.join(", ")}.json → .pre-migration)`);
+                    }
+                }
+            }
+            else if (migrationResult.hasLocalData) {
+                console.log("  ⚠ Migration encountered errors. Local data preserved.");
+                console.log("    Check .gitmem/migration.log for details.");
+                console.log("    Fix issues and re-run: npx gitmem-mcp activate");
+            }
+            console.log("");
+        }
+    }
+    // Summary
+    console.log("");
+    console.log("─────────────────────");
+    const sources = [];
+    if (supabaseUrl)
+        sources.push(`Supabase (${supabaseUrlResult.source})`);
+    if (openrouterKey)
+        sources.push(`OpenRouter (${openrouterResult.source})`);
+    if (!supabaseUrl) {
+        console.log("License key activated. Supabase credentials still needed for Pro features.");
+    }
+    else if (missingTables.length > 0) {
+        console.log("Pro tier activated! Run schema setup, then restart your editor.");
+    }
+    else {
+        console.log("Pro tier activated! Restart your editor to apply.");
+    }
+    if (sources.length > 0) {
+        console.log(`  Credentials: ${sources.join(", ")}`);
+    }
+    console.log(`  Config: ${configPath}`);
+    console.log("");
+}
+//# sourceMappingURL=activate.js.map

package/dist/commands/deactivate.d.ts

@@ -0,0 +1,10 @@
+/**
+ * GitMem Pro Deactivation
+ *
+ * 1. Calls gitmem_deactivate_device RPC to remove this device server-side
+ * 2. Removes api_key, supabase_url, supabase_key, openrouter_key from config.json
+ * 3. Deletes license-cache.json
+ * Does NOT remove .gitmem/ directory or local data.
+ */
+export declare function main(_args: string[]): Promise<void>;
+//# sourceMappingURL=deactivate.d.ts.map