mumpix 1.0.12 → 1.0.14

package/README.md

@@ -299,6 +299,7 @@ npm run release:publish-and-deprecate -- --otp=123456
 # --skip-verify   skip verify:claims
 # --skip-publish  only deprecate older versions
 # --dry-run       no writes to npm
+# --remove-old    try to unpublish old versions; deprecate on failure
 ```
 
 ---
@@ -376,13 +377,19 @@ mumpix auth login --license=<signed-license>   # direct import
 mumpix auth logout
 ```
 
+For `--token` exchange, your backend should expose `/api/mumpix/auth/token/exchange` and map account tokens server-side (for example via `MUMPIX_AUTH_TOKEN_MAP`), not raw user IDs.
+
 By default, auth state is stored at `~/.config/mumpix/auth.json` (or `%APPDATA%/mumpix/auth.json` on Windows).
 
 ### Install-time auth flow
 
 On `npm install mumpix`, the package runs an install-time auth prompt in interactive terminals:
 
-- Press **Enter**: browser opens for account auth and local signed license is stored.
-- Type **skip**: install continues in `eventual` mode only.
+- Interactive terminals: install automatically opens browser auth and saves local signed license on success.
+- If browser auth is cancelled/fails, install continues in `eventual` mode only.
 
 Non-interactive installs (CI/containers) skip this prompt automatically and default to `eventual`.
+
+Auth endpoint fallback:
+- CLI tries `https://mumpixdb.com` first, then automatically retries `https://mumpixdb.com/benchmark` on 404.
+- Override with `MUMPIX_AUTH_BASE_URL` if your auth API is hosted elsewhere.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mumpix",
-  "version": "1.0.12",
+  "version": "1.0.14",
   "description": "SQLite for AI — embedded, zero-config memory database for AI agents and LLM applications",
   "main": "src/index.js",
   "bin": {
@@ -39,6 +39,7 @@
   "files": [
     "src/",
     "bin/",
+    "scripts/postinstall-auth.js",
     "examples/",
     "CHANGELOG.md",
     "README.md",

package/scripts/postinstall-auth.js

@@ -0,0 +1,96 @@
+#!/usr/bin/env node
+'use strict';
+
+const readline = require('readline');
+const { spawn } = require('child_process');
+const {
+  loginWithDeviceFlow,
+  exchangeTokenForLicense,
+  authStatePath,
+} = require('../src/core/auth');
+
+function isInteractive() {
+  return Boolean(process.stdin.isTTY && process.stdout.isTTY && process.env.CI !== 'true');
+}
+
+function fmtExpiry(ts) {
+  if (!ts) return '-';
+  const d = new Date(Number(ts));
+  if (Number.isNaN(d.getTime())) return '-';
+  return d.toISOString();
+}
+
+function openBrowser(url) {
+  if (!url) return false;
+  try {
+    if (process.platform === 'darwin') {
+      spawn('open', [url], { stdio: 'ignore', detached: true }).unref();
+      return true;
+    }
+    if (process.platform === 'win32') {
+      spawn('cmd', ['/c', 'start', '', url], { stdio: 'ignore', detached: true }).unref();
+      return true;
+    }
+    spawn('xdg-open', [url], { stdio: 'ignore', detached: true }).unref();
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+function ask(question) {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(String(answer || '').trim());
+    });
+  });
+}
+
+async function run() {
+  try {
+    if (String(process.env.MUMPIX_POSTINSTALL_AUTH || '1') === '0') return;
+
+    const token = String(process.env.MUMPIX_AUTH_TOKEN || '').trim();
+    if (token) {
+      const state = await exchangeTokenForLicense(token, {});
+      console.log(`[mumpix] account linked via token. tier=${state.license.tier || '-'} exp=${fmtExpiry(state.license.exp)}`);
+      return;
+    }
+
+    if (!isInteractive()) {
+      console.log('[mumpix] install complete. auth skipped (non-interactive).');
+      console.log('[mumpix] run "mumpix auth login" later to unlock strict/verified. default mode remains eventual.');
+      return;
+    }
+
+    console.log('\n[mumpix] attempting automatic account link (interactive install).');
+    console.log('[mumpix] if you close/cancel browser auth, install continues in eventual mode.');
+
+    const state = await loginWithDeviceFlow({
+      onPrompt: ({ userCode, verifyUrl, expiresInSec, intervalSec }) => {
+        const opened = openBrowser(verifyUrl);
+        if (opened) {
+          console.log(`[mumpix] opened browser: ${verifyUrl}`);
+        } else {
+          console.log(`[mumpix] open this URL in your browser: ${verifyUrl}`);
+        }
+        console.log(`[mumpix] enter code: ${userCode}`);
+        console.log(`[mumpix] waiting for approval (expires in ${expiresInSec}s, polling ${intervalSec}s)...`);
+      }
+    });
+
+    console.log(`[mumpix] auth success. tier=${state.license.tier || state.account.tier || '-'} exp=${fmtExpiry(state.license.exp)}`);
+    console.log(`[mumpix] saved auth: ${authStatePath()}`);
+  } catch (err) {
+    const msg = err && err.message ? err.message : 'unknown error';
+    console.log(`[mumpix] auth step failed (${msg}).`);
+    if (String(msg).includes('404')) {
+      console.log('[mumpix] auth endpoints not found on this host. check MUMPIX_AUTH_BASE_URL or server auth routes.');
+    }
+    console.log('[mumpix] continuing install in eventual mode. run "mumpix auth login" later.');
+  }
+}
+
+run();

package/src/core/auth.js

@@ -56,7 +56,11 @@ function requestJson(method, targetUrl, body = null, headers = {}, timeoutMs = 1
           return;
         }
         const msg = json.error || json.message || `HTTP ${res.statusCode}`;
-        reject(new Error(msg));
+        const err = new Error(msg);
+        err.statusCode = Number(res.statusCode || 0);
+        err.response = json;
+        err.url = targetUrl;
+        reject(err);
       });
     });
     req.on('error', reject);
@@ -66,6 +70,13 @@ function requestJson(method, targetUrl, body = null, headers = {}, timeoutMs = 1
   });
 }
 
+function authBaseCandidates(inputBase) {
+  const raw = String(inputBase || process.env.MUMPIX_AUTH_BASE_URL || 'https://mumpixdb.com').replace(/\/+$/, '');
+  const out = [raw];
+  if (!raw.endsWith('/benchmark')) out.push(`${raw}/benchmark`);
+  return Array.from(new Set(out));
+}
+
 function decodeLicenseClaims(licenseKey) {
   if (!licenseKey || typeof licenseKey !== 'string') return null;
   const [payloadB64] = licenseKey.split('.');
@@ -131,25 +142,48 @@ function upsertStoredLicense(licenseKey, account = {}) {
 }
 
 async function exchangeTokenForLicense(authToken, opts = {}) {
-  const base = String(opts.baseUrl || process.env.MUMPIX_AUTH_BASE_URL || 'https://mumpixdb.com').replace(/\/+$/, '');
   const endpoint = String(opts.exchangePath || process.env.MUMPIX_AUTH_TOKEN_EXCHANGE_PATH || '/api/mumpix/auth/token/exchange');
-  const body = await requestJson('POST', `${base}${endpoint}`, {}, {
-    authorization: `Bearer ${authToken}`
-  }, Number(opts.timeoutMs || process.env.MUMPIX_AUTH_TIMEOUT_MS || 10000));
-  const licenseKey = body.licenseKey || body.license || null;
-  if (!licenseKey) throw new Error('No license key returned from auth exchange');
-  return upsertStoredLicense(licenseKey, body.account || {});
+  const timeoutMs = Number(opts.timeoutMs || process.env.MUMPIX_AUTH_TIMEOUT_MS || 10000);
+  let lastErr = null;
+  for (const base of authBaseCandidates(opts.baseUrl)) {
+    try {
+      const body = await requestJson('POST', `${base}${endpoint}`, {}, {
+        authorization: `Bearer ${authToken}`
+      }, timeoutMs);
+      const licenseKey = body.licenseKey || body.license || null;
+      if (!licenseKey) throw new Error('No license key returned from auth exchange');
+      return upsertStoredLicense(licenseKey, body.account || {});
+    } catch (err) {
+      lastErr = err;
+      if (Number(err && err.statusCode) === 404) continue;
+      throw err;
+    }
+  }
+  throw lastErr || new Error('Auth token exchange failed');
 }
 
 async function loginWithDeviceFlow(opts = {}) {
-  const base = String(opts.baseUrl || process.env.MUMPIX_AUTH_BASE_URL || 'https://mumpixdb.com').replace(/\/+$/, '');
   const startPath = String(opts.startPath || process.env.MUMPIX_AUTH_DEVICE_START_PATH || '/api/mumpix/auth/device/start');
   const pollPath = String(opts.pollPath || process.env.MUMPIX_AUTH_DEVICE_POLL_PATH || '/api/mumpix/auth/device/poll');
   const timeoutMs = Number(opts.timeoutMs || process.env.MUMPIX_AUTH_TIMEOUT_MS || 10000);
 
-  const start = await requestJson('POST', `${base}${startPath}`, {
-    client: 'mumpix-cli'
-  }, {}, timeoutMs);
+  let start = null;
+  let base = '';
+  let lastErr = null;
+  for (const candidate of authBaseCandidates(opts.baseUrl)) {
+    try {
+      start = await requestJson('POST', `${candidate}${startPath}`, {
+        client: 'mumpix-cli'
+      }, {}, timeoutMs);
+      base = candidate;
+      break;
+    } catch (err) {
+      lastErr = err;
+      if (Number(err && err.statusCode) === 404) continue;
+      throw err;
+    }
+  }
+  if (!start) throw lastErr || new Error('Device auth start failed');
 
   const deviceCode = start.deviceCode || start.device_code;
   const userCode = start.userCode || start.user_code;
@@ -196,4 +230,3 @@ module.exports = {
   loginWithDeviceFlow,
   decodeLicenseClaims,
 };
-