korext 0.9.9 → 0.9.10

package/bin/korext.js

@@ -367,7 +367,7 @@ program
 program
   .command('login [token]')
   .description('Authenticate with the Korext platform using a personal access token')
-  .action((tokenArg) => {
+  .action(async (tokenArg) => {
     let token = tokenArg;
     if (!token) {
       console.log(`\nTo authenticate, sign in at ${chalk.cyan('https://app.korext.com')} and use your session token.`);
@@ -377,10 +377,31 @@ program
       console.log(`\nThen run: ${chalk.green('korext login <your-token>')}\n`);
       process.exit(1);
     }
-    const config = getConfig();
-    config.token = token;
-    saveConfig(config);
-    console.log(chalk.green('✔ Successfully logged in and saved token.'));
+    // Validate token with the server before saving
+    const spinner = ora('Validating token...').start();
+    try {
+      const res = await fetch(`${API_URL}/api/ide/status`, {
+        headers: { Authorization: `Bearer ${token}` },
+        signal: AbortSignal.timeout(8000),
+      });
+      if (res.ok) {
+        const config = getConfig();
+        config.token = token;
+        saveConfig(config);
+        const data = await res.json().catch(() => ({}));
+        spinner.succeed(chalk.green(`Authenticated as ${data.workspace || 'developer'}. Token saved.`));
+      } else {
+        spinner.fail(chalk.red('Invalid or expired token. Not saved.'));
+        console.log(chalk.dim(`\nSign in at ${chalk.cyan('https://app.korext.com')} to get a valid token.`));
+        process.exit(1);
+      }
+    } catch (e) {
+      // Network error: save token optimistically but warn
+      const config = getConfig();
+      config.token = token;
+      saveConfig(config);
+      spinner.warn(chalk.yellow('Could not reach server to validate token. Token saved (will be verified on next command).'));
+    }
   });
 
 program
@@ -823,6 +844,22 @@ program
       // Priority 1: User explicitly passed --pack
       packIds = options.pack.split(',').map(s => s.trim()).filter(Boolean);
       packSource = 'flag';
+
+      // Validate pack IDs against cached definitions
+      const valDefs = getRuleDefinitionsCache();
+      if (valDefs && valDefs.packs) {
+        const unknownPacks = packIds.filter(pid => !valDefs.packs[pid]);
+        if (unknownPacks.length > 0) {
+          if (isText) {
+            console.error(chalk.red(`\n✖ Unknown pack ID${unknownPacks.length > 1 ? 's' : ''}: ${unknownPacks.join(', ')}`));
+            console.error(chalk.dim(`  Run ${chalk.green('korext packs list')} to see available packs.`));
+            console.error(chalk.dim(`  Run ${chalk.green('korext rules sync')} to update cached definitions.\n`));
+          } else {
+            console.error(JSON.stringify({ error: `Unknown pack ID(s): ${unknownPacks.join(', ')}` }));
+          }
+          process.exit(1);
+        }
+      }
     } else if (options.industry) {
       // Priority 2: --industry (and optional --region) flags
       const taxonomy = tryBuildTaxonomy();
@@ -958,6 +995,14 @@ program
       console.log(chalk.dim(`Run ${chalk.green('korext login')} to authenticate for unlimited CI/CD analytics.\n`));
     }
 
+    // BUG-002 fix: Warn when --sign is used without valid auth
+    if (options.sign && !token) {
+      if (isText) {
+        console.log(chalk.red('⚠ --sign requires authentication. Proof bundles will not be signed.'));
+        console.log(chalk.dim(`  Run ${chalk.green('korext login <token>')} first, then retry with --sign.\n`));
+      }
+    }
+
     const report = {
       version,
       packId: Array.isArray(pack) ? pack[0] : pack,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "korext",
-  "version": "0.9.9",
+  "version": "0.9.10",
   "mcpName": "io.github.Korext/governance",
   "description": "Korext Command Line Interface",
   "type": "module",