memoir-cli 3.1.0 → 3.2.0

package/src/commands/restore.js

@@ -11,10 +11,18 @@ import { fetchFromLocal, fetchFromGit } from '../providers/restore.js';
 import { decryptDirectory, verifyPassphrase } from '../security/encryption.js';
 import { detectLocalHomeKey } from '../adapters/restore.js';
 import { restoreWorkspace } from '../workspace/tracker.js';
+import { getSession } from '../cloud/auth.js';
+import { unbundleToDir } from '../cloud/storage.js';
+import { SUPABASE_URL, SUPABASE_ANON_KEY, STORAGE_BUCKET } from '../cloud/constants.js';
 
 const home = os.homedir();
 
 export async function restoreCommand(options = {}) {
+  // Handle --from <token> for shared links
+  if (options.from) {
+    return restoreFromShare(options);
+  }
+
   const config = await getConfig(options.profile);
 
   if (!config) {
@@ -37,7 +45,7 @@ export async function restoreCommand(options = {}) {
 
     const onlyFilter = options.only ? options.only.split(',').map(t => t.trim().toLowerCase()) : null;
 
-    const autoYes = options.yes || false;
+    const autoYes = !options.interactive;
 
     if (config.provider === 'local' || config.provider.includes('local')) {
       restored = await fetchFromLocal(config, stagingDir, spinner, onlyFilter, autoYes);
@@ -68,7 +76,7 @@ export async function restoreCommand(options = {}) {
 
         if (await fs.pathExists(verifyPath)) {
           const token = await fs.readFile(verifyPath);
-          if (!verifyPassphrase(token, passphrase)) {
+          if (!(await verifyPassphrase(token, passphrase))) {
             console.log(chalk.red('  Wrong passphrase. Try again.'));
             passphrase = null;
             continue;
@@ -85,7 +93,7 @@ export async function restoreCommand(options = {}) {
       spinner.start(chalk.gray('Decrypting...'));
       const decryptedDir = path.join(os.tmpdir(), `memoir-decrypted-${Date.now()}`);
       try {
-        const count = await decryptDirectory(stagingDir, decryptedDir, passphrase);
+        const count = await decryptDirectory(stagingDir, decryptedDir, passphrase, spinner);
         spinner.succeed(chalk.green(`Decrypted ${count} files`));
 
         // Now restore from decrypted dir
@@ -244,3 +252,189 @@ export async function restoreCommand(options = {}) {
     await fs.remove(stagingDir);
   }
 }
+
+async function restoreFromShare(options) {
+  const shareToken = options.from;
+
+  console.log();
+  const spinner = ora({ text: chalk.gray('Fetching share link...'), spinner: 'dots' }).start();
+
+  const stagingDir = path.join(os.tmpdir(), `memoir-share-restore-${Date.now()}`);
+  await fs.ensureDir(stagingDir);
+
+  try {
+    // Fetch share metadata from Supabase
+    const metaRes = await fetch(
+      `${SUPABASE_URL}/rest/v1/shared_links?select=*&token=eq.${shareToken}&limit=1`,
+      {
+        headers: {
+          'apikey': SUPABASE_ANON_KEY,
+          'Content-Type': 'application/json',
+        },
+      }
+    );
+
+    if (!metaRes.ok) {
+      throw new Error('Failed to fetch share link');
+    }
+
+    const links = await metaRes.json();
+    if (!links || links.length === 0) {
+      spinner.stop();
+      console.log('\n' + boxen(
+        chalk.red('✖ Share link not found\n\n') +
+        chalk.gray('The link may have expired or been deleted.'),
+        { padding: 1, borderStyle: 'round', borderColor: 'red' }
+      ) + '\n');
+      return;
+    }
+
+    const shareLink = links[0];
+
+    // Check expiry
+    if (new Date(shareLink.expires_at) < new Date()) {
+      spinner.stop();
+      console.log('\n' + boxen(
+        chalk.red('✖ Share link expired\n\n') +
+        chalk.gray(`This link expired on ${new Date(shareLink.expires_at).toLocaleString()}`),
+        { padding: 1, borderStyle: 'round', borderColor: 'red' }
+      ) + '\n');
+      return;
+    }
+
+    // Check use count
+    if (shareLink.use_count >= shareLink.max_uses) {
+      spinner.stop();
+      console.log('\n' + boxen(
+        chalk.red('✖ Share link exhausted\n\n') +
+        chalk.gray(`This link has been used ${shareLink.use_count}/${shareLink.max_uses} times.`),
+        { padding: 1, borderStyle: 'round', borderColor: 'red' }
+      ) + '\n');
+      return;
+    }
+
+    // Show share info
+    spinner.stop();
+    const tools = shareLink.tools || [];
+    if (tools.length > 0) {
+      console.log(chalk.cyan('\n  Shared tools: ') + chalk.white(tools.join(', ')));
+    }
+    console.log(chalk.gray(`  Uses: ${shareLink.use_count + 1}/${shareLink.max_uses}`) +
+      chalk.gray(` | Expires: ${new Date(shareLink.expires_at).toLocaleString()}`));
+    console.log();
+
+    // Download the backup
+    spinner.start(chalk.gray('Downloading share bundle...'));
+
+    // Try authenticated first, fall back to anon key
+    const session = await getSession();
+    const authHeaders = session
+      ? { 'Authorization': `Bearer ${session.access_token}`, 'apikey': SUPABASE_ANON_KEY }
+      : { 'apikey': SUPABASE_ANON_KEY };
+
+    const dlRes = await fetch(`${SUPABASE_URL}/storage/v1/object/${STORAGE_BUCKET}/${shareLink.backup_id}`, {
+      headers: authHeaders,
+    });
+
+    if (!dlRes.ok) {
+      throw new Error(`Download failed: ${await dlRes.text()}`);
+    }
+
+    const gzipped = Buffer.from(await dlRes.arrayBuffer());
+    await unbundleToDir(gzipped, stagingDir);
+
+    // Decrypt — backup is always encrypted for shares
+    const manifestPath = path.join(stagingDir, 'manifest.enc');
+    if (!await fs.pathExists(manifestPath)) {
+      throw new Error('Share bundle is missing encryption manifest');
+    }
+
+    spinner.stop();
+    console.log(chalk.cyan('  🔒 This share is encrypted'));
+
+    // Verify passphrase
+    const verifyPath = path.join(stagingDir, 'verify.enc');
+    let passphrase;
+    for (let attempt = 0; attempt < 3; attempt++) {
+      const { pass } = await inquirer.prompt([{
+        type: 'password',
+        name: 'pass',
+        message: 'Decryption passphrase:',
+        mask: '*',
+      }]);
+      passphrase = pass;
+
+      if (await fs.pathExists(verifyPath)) {
+        const token = await fs.readFile(verifyPath);
+        if (!(await verifyPassphrase(token, passphrase))) {
+          console.log(chalk.red('  Wrong passphrase. Try again.'));
+          passphrase = null;
+          continue;
+        }
+      }
+      break;
+    }
+
+    if (!passphrase) {
+      console.log(chalk.red('\n  Too many failed attempts.'));
+      return;
+    }
+
+    spinner.start(chalk.gray('Decrypting...'));
+    const decryptedDir = path.join(os.tmpdir(), `memoir-share-decrypted-${Date.now()}`);
+    let restored = false;
+
+    try {
+      const count = await decryptDirectory(stagingDir, decryptedDir, passphrase, spinner);
+      spinner.succeed(chalk.green(`Decrypted ${count} files`));
+
+      // Restore from decrypted dir
+      spinner.start(chalk.gray('Restoring...'));
+      const onlyFilter = options.only ? options.only.split(',').map(t => t.trim().toLowerCase()) : null;
+      const autoYes = !options.interactive;
+      const { restoreMemories } = await import('../adapters/restore.js');
+      restored = await restoreMemories(decryptedDir, spinner, onlyFilter, autoYes);
+    } catch (err) {
+      spinner.fail(chalk.red('Decryption failed: ') + err.message);
+      return;
+    } finally {
+      await fs.remove(decryptedDir);
+    }
+
+    // Increment use_count
+    try {
+      const patchHeaders = { 'apikey': SUPABASE_ANON_KEY, 'Content-Type': 'application/json' };
+      if (session) patchHeaders['Authorization'] = `Bearer ${session.access_token}`;
+
+      await fetch(`${SUPABASE_URL}/rest/v1/shared_links?token=eq.${shareToken}`, {
+        method: 'PATCH',
+        headers: patchHeaders,
+        body: JSON.stringify({ use_count: shareLink.use_count + 1 }),
+      });
+    } catch {
+      // Best-effort — don't fail restore if count update fails
+    }
+
+    spinner.stop();
+
+    if (restored) {
+      console.log('\n' + boxen(
+        gradient.pastel('  Done!  ') + '\n\n' +
+        chalk.white('Shared memories restored successfully.') + '\n' +
+        chalk.gray('Restart your AI tools to pick up the changes.'),
+        { padding: 1, borderStyle: 'round', borderColor: 'green', dimBorder: true }
+      ) + '\n');
+    } else {
+      console.log('\n' + boxen(
+        chalk.yellow('Nothing was restored.\n\n') +
+        chalk.gray('You may have skipped all the restore prompts.'),
+        { padding: 1, borderStyle: 'round', borderColor: 'yellow' }
+      ) + '\n');
+    }
+
+  } catch (error) {
+    spinner.fail(chalk.red('Restore from share failed: ') + error.message);
+  } finally {
+    await fs.remove(stagingDir);
+  }
+}

package/src/commands/share.js

@@ -0,0 +1,192 @@
+import chalk from 'chalk';
+import fs from 'fs-extra';
+import path from 'path';
+import os from 'os';
+import crypto from 'crypto';
+import ora from 'ora';
+import boxen from 'boxen';
+import gradient from 'gradient-string';
+import inquirer from 'inquirer';
+import { getSession } from '../cloud/auth.js';
+import { extractMemories, adapters } from '../adapters/index.js';
+import { encryptDirectory, createVerifyToken } from '../security/encryption.js';
+import { bundleDir } from '../cloud/storage.js';
+import { SUPABASE_URL, SUPABASE_ANON_KEY, STORAGE_BUCKET } from '../cloud/constants.js';
+
+export async function shareCommand(options = {}) {
+  // Must be logged in to share
+  const session = await getSession();
+  if (!session) {
+    console.log('\n' + boxen(
+      chalk.red('✖ Not logged in\n\n') +
+      chalk.white('Sharing requires a memoir cloud account.\n') +
+      chalk.white('Run ') + chalk.cyan.bold('memoir login') + chalk.white(' to sign in.'),
+      { padding: 1, borderStyle: 'round', borderColor: 'red' }
+    ) + '\n');
+    return;
+  }
+
+  console.log();
+  const spinner = ora({ text: chalk.gray('Scanning for AI tools...'), spinner: 'dots' }).start();
+
+  const stagingDir = path.join(os.tmpdir(), `memoir-share-${Date.now()}`);
+  await fs.ensureDir(stagingDir);
+
+  let encryptedDir = null;
+
+  try {
+    // Scan and extract memories (same as push)
+    const onlyFilter = options.only ? options.only.split(',').map(t => t.trim().toLowerCase()) : null;
+    const foundAny = await extractMemories(stagingDir, spinner, onlyFilter);
+
+    if (!foundAny) {
+      spinner.stop();
+      console.log('\n' + boxen(
+        chalk.yellow('No AI tools detected on this machine.\n\n') +
+        chalk.gray('Supported: Claude, Gemini, Codex, Cursor, Copilot, Windsurf, Aider'),
+        { padding: 1, borderStyle: 'round', borderColor: 'yellow' }
+      ) + '\n');
+      return;
+    }
+
+    // Count what was found
+    const found = [];
+    for (const adapter of adapters) {
+      if (adapter.customExtract) {
+        for (const file of adapter.files) {
+          if (await fs.pathExists(path.join(adapter.source, file))) {
+            found.push(adapter.name);
+            break;
+          }
+        }
+      } else if (await fs.pathExists(adapter.source)) {
+        found.push(adapter.name);
+      }
+    }
+
+    // Ask for encryption passphrase
+    spinner.stop();
+    const { passphrase } = await inquirer.prompt([{
+      type: 'password',
+      name: 'passphrase',
+      message: '🔒 Set a passphrase for this share link (recipient will need it):',
+      mask: '*',
+      validate: (input) => input.length >= 6 ? true : 'Passphrase must be at least 6 characters'
+    }]);
+
+    spinner.start(chalk.gray('Encrypting...'));
+
+    encryptedDir = path.join(os.tmpdir(), `memoir-share-enc-${Date.now()}`);
+    await fs.ensureDir(encryptedDir);
+    await encryptDirectory(stagingDir, encryptedDir, passphrase, spinner);
+
+    // Save verify token so recipient can check passphrase
+    const token = await createVerifyToken(passphrase);
+    await fs.writeFile(path.join(encryptedDir, 'verify.enc'), token);
+
+    // Bundle and upload to Supabase Storage
+    spinner.text = chalk.gray('Uploading share bundle...');
+    const gzipped = await bundleDir(encryptedDir);
+
+    const shareToken = crypto.randomUUID();
+    const storagePath = `shares/${session.user.id}/${shareToken}.gz`;
+
+    const uploadRes = await fetch(`${SUPABASE_URL}/storage/v1/object/${STORAGE_BUCKET}/${storagePath}`, {
+      method: 'POST',
+      headers: {
+        'Authorization': `Bearer ${session.access_token}`,
+        'apikey': SUPABASE_ANON_KEY,
+        'Content-Type': 'application/octet-stream',
+      },
+      body: gzipped,
+    });
+
+    if (!uploadRes.ok) {
+      const err = await uploadRes.text();
+      throw new Error(`Upload failed: ${err}`);
+    }
+
+    // Parse options
+    const expiresHours = parseInt(options.expires) || 24;
+    const maxUses = parseInt(options.uses) || 5;
+    const expiresAt = new Date(Date.now() + expiresHours * 60 * 60 * 1000).toISOString();
+
+    // Store share metadata in shared_links table
+    spinner.text = chalk.gray('Creating share link...');
+    const metaRes = await fetch(`${SUPABASE_URL}/rest/v1/shared_links`, {
+      method: 'POST',
+      headers: {
+        'Authorization': `Bearer ${session.access_token}`,
+        'apikey': SUPABASE_ANON_KEY,
+        'Content-Type': 'application/json',
+        'Prefer': 'return=representation',
+      },
+      body: JSON.stringify({
+        token: shareToken,
+        backup_id: storagePath,
+        created_by: session.user.id,
+        expires_at: expiresAt,
+        max_uses: maxUses,
+        use_count: 0,
+        tools: found,
+        size_bytes: gzipped.length,
+      }),
+    });
+
+    if (!metaRes.ok) {
+      const err = await metaRes.text();
+      throw new Error(`Failed to create share link: ${err}`);
+    }
+
+    spinner.stop();
+
+    // Count total files
+    let totalFiles = 0;
+    for (const adapter of adapters) {
+      const adapterDir = path.join(stagingDir, adapter.name.toLowerCase().replace(/ /g, '-'));
+      if (await fs.pathExists(adapterDir)) {
+        const countDir = async (dir) => {
+          let c = 0;
+          const entries = await fs.readdir(dir, { withFileTypes: true });
+          for (const e of entries) {
+            if (e.isDirectory()) c += await countDir(path.join(dir, e.name));
+            else c++;
+          }
+          return c;
+        };
+        totalFiles += await countDir(adapterDir);
+      }
+    }
+
+    // Format expiry for display
+    const expiryDate = new Date(expiresAt);
+    const expiryStr = expiryDate.toLocaleString();
+
+    // Success output
+    const shareUrl = `https://memoir.sh/share/${shareToken}`;
+    const restoreCmd = `memoir restore --from ${shareToken}`;
+    const toolList = found.map(t => chalk.cyan('  ✔ ' + t)).join('\n');
+
+    console.log('\n' + boxen(
+      gradient.pastel('  Shared!  ') + '\n\n' +
+      toolList + '\n' +
+      chalk.white(`${totalFiles} files from ${found.length} tool${found.length !== 1 ? 's' : ''}`) + '\n' +
+      chalk.green('  🔒 E2E encrypted') + '\n\n' +
+      chalk.white.bold('Share link:') + '\n' +
+      chalk.cyan(`  ${shareUrl}`) + '\n\n' +
+      chalk.white.bold('Recipient runs:') + '\n' +
+      chalk.cyan(`  ${restoreCmd}`) + '\n\n' +
+      chalk.gray(`Expires: ${expiryStr} (${expiresHours}h)`) + '\n' +
+      chalk.gray(`Max uses: ${maxUses}`),
+      { padding: 1, borderStyle: 'round', borderColor: 'green', dimBorder: true }
+    ) + '\n');
+
+  } catch (error) {
+    spinner.fail(chalk.red('Share failed: ') + error.message);
+  } finally {
+    await fs.remove(stagingDir);
+    if (encryptedDir) {
+      await fs.remove(encryptedDir).catch(() => {});
+    }
+  }
+}

package/src/commands/upgrade.js

@@ -0,0 +1,107 @@
+import chalk from 'chalk';
+import boxen from 'boxen';
+import gradient from 'gradient-string';
+import { getSession, getSubscription } from '../cloud/auth.js';
+
+export async function upgradeCommand() {
+  const session = await getSession();
+  let currentPlan = 'free';
+  let email = null;
+
+  if (session) {
+    email = session.user.email;
+    try {
+      const sub = await getSubscription(session);
+      currentPlan = sub.status === 'pro' ? 'pro' : 'free';
+    } catch {
+      // Fall through as free
+    }
+  }
+
+  // Build comparison table
+  const col1 = 22;
+  const col2 = 22;
+
+  const pad = (str, width) => {
+    // Strip ANSI for length calculation
+    const stripped = str.replace(/\u001b\[[0-9;]*m/g, '');
+    const diff = width - stripped.length;
+    return diff > 0 ? str + ' '.repeat(diff) : str;
+  };
+
+  const freeLabel = currentPlan === 'free' ? 'Free (current)' : 'Free';
+  const proLabel = currentPlan === 'pro' ? 'Pro (current)' : 'Pro $15/mo';
+  const teamsLabel = 'Teams $29/seat';
+
+  const header =
+    pad(chalk.bold.white(freeLabel), col1) +
+    pad(chalk.bold.cyan(proLabel), col2) +
+    chalk.bold.magenta(teamsLabel);
+
+  const sep = chalk.gray('─'.repeat(col1 + col2 + 18));
+
+  const rows = [
+    [chalk.gray('3 cloud backups'),   chalk.white('50 cloud backups'),   chalk.white('Unlimited backups')],
+    [chalk.gray('Local only'),        chalk.white('Unlimited machines'), chalk.white('Shared team context')],
+    [chalk.gray('Manual snapshots'),  chalk.white('Auto snapshots'),     chalk.white('Team dashboard')],
+    [chalk.gray('Community support'), chalk.white('Priority support'),   chalk.white('Audit log')],
+    [chalk.gray('—'),                 chalk.white('E2E encryption'),     chalk.white('SSO & RBAC')],
+    [chalk.gray('—'),                 chalk.white('Version history'),    chalk.white('Priority onboarding')],
+  ];
+
+  const tableRows = rows.map(([a, b, c]) =>
+    pad(a, col1) + pad(b, col2) + c
+  ).join('\n');
+
+  const table =
+    '\n' + header + '\n' +
+    sep + '\n' +
+    tableRows + '\n';
+
+  // Status line
+  let statusLine;
+  if (!session) {
+    statusLine = chalk.yellow('Not logged in.') + chalk.gray(' Run ') + chalk.cyan('memoir login') + chalk.gray(' first.');
+  } else if (currentPlan === 'pro') {
+    statusLine = chalk.green('You\'re on Pro!') + ' ' + chalk.gray('Teams is coming soon — join the waitlist at memoir.sh/teams');
+  } else {
+    statusLine = chalk.gray('Logged in as ') + chalk.cyan(email);
+  }
+
+  console.log('\n' + boxen(
+    gradient.pastel('  memoir upgrade  ') + '\n\n' +
+    table + '\n' +
+    statusLine,
+    { padding: 1, borderStyle: 'round', borderColor: 'cyan', dimBorder: true }
+  ));
+
+  // If free and logged in, open pricing page
+  if (session && currentPlan === 'free') {
+    console.log('\n' + chalk.cyan('  Opening pricing page...') + '\n');
+
+    const { exec } = await import('child_process');
+    const url = 'https://memoir.sh/pricing';
+
+    const platform = process.platform;
+    let cmd;
+    if (platform === 'darwin') {
+      cmd = `open "${url}"`;
+    } else if (platform === 'win32') {
+      cmd = `start "${url}"`;
+    } else {
+      cmd = `xdg-open "${url}"`;
+    }
+
+    exec(cmd, () => {});
+
+    console.log(
+      chalk.gray('  Once you\'ve completed payment, run ') +
+      chalk.cyan('memoir login') +
+      chalk.gray(' to refresh your plan.') + '\n'
+    );
+  } else if (!session) {
+    console.log('\n' + chalk.gray('  Sign up at ') + chalk.cyan('memoir.sh/pricing') + chalk.gray(' or run ') + chalk.cyan('memoir login') + chalk.gray(' to get started.') + '\n');
+  } else {
+    console.log();
+  }
+}