shai-cli 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f13b2f27c4542d4f5fe83f06e781589bd69bde8bd618e7b8ce494fd1d4ab621b
-  data.tar.gz: 94129b59f660fcff737602a475b891d87526968bd3ee4b28d495012a225d6cd5
+  metadata.gz: 1ea758284c9ecb5985d8789033ee4368ec95757ac056a0b5870f9d8f523d9282
+  data.tar.gz: 046a439279ef5a6c2cf32eeb9f5d00f7656887cb310168c334306796cd73f713
 SHA512:
-  metadata.gz: 4d89e81bdb2d09f584d53fb9c652e61d38ec7e40378e2ccca88b12b75bed765dd0aa18692fd0599a17095ec331f0e5aabfdcabea1da5c89df9ad927cacb396dc
-  data.tar.gz: e636e3d6f766962c11df07de32e70fd62944e2e09c4a0e2acbb723291b75e5425e2b922a98e55e110bb12c3fd277d27993c9e9eda912713065f6897086ed5248
+  metadata.gz: 3f158f9131a3d10a7717b4d2109e9ae37682b4c2d2f68de5ab516c0c4e789ad86556dff17b973c7a8daa23527486064057c1ef1b72c0064d206141a3f87bc204
+  data.tar.gz: e266d13cb6135d0530f5363e1f568a57fb2558a0a0b747b1b2820c4e921247d5114624727f4865711f44758d619f22bd233cd6464326612f2944aaba1b2514cc

data/README.md

@@ -1,6 +1,26 @@
 # shai-cli
 
-Command-line tool for managing and sharing AI agent configurations via [shaicli.dev](https://shaicli.dev).
+Command-line tool for creating, sharing, and installing AI agent configurations.
+
+shai lets you treat AI configurations like dotfiles: reproducible, shareable, and easy to install across machines.
+
+Website: https://shaicli.dev
+
+---
+
+## Why this exists
+
+I kept tweaking AI prompts, agent setups, and configuration files, then losing track of what actually worked. Copy-pasting from notes, Slack, or old repos didn’t scale.
+
+shai is a small tool I built to make AI configurations:
+
+- **Reproducible** (same setup everywhere)
+- **Shareable** (public or private)
+- **Easy to install** (one command)
+
+This is an early project and intentionally minimal. It’s built to solve a real problem I had, and I’m sharing it to see if it’s useful to others.
+
+---
 
 ## Installation
 
@@ -25,6 +45,8 @@ bundle install
 bundle exec rake install
 ```
 
+---
+
 ## Quick Start
 
 ```bash
@@ -42,59 +64,140 @@ shai init
 shai push
 ```
 
+---
+
 ## Commands
 
+### No Login Required
+
+These commands work without authentication for public configurations:
+
+| Command                   | Description                                            |
+| ------------------------- | ------------------------------------------------------ |
+| `shai search <query>`     | Search public configurations                           |
+| `shai install <config>`   | Install a public configuration (use `owner/slug` format) |
+| `shai uninstall <config>` | Uninstall a public configuration                       |
+
+```bash
+# No login needed for public configs
+shai search "claude code"
+shai install anthropic/claude-expert
+shai uninstall anthropic/claude-expert
+```
+
+---
+
 ### Authentication
 
-| Command | Description |
-|---------|-------------|
-| `shai login` | Log in to shaicli.dev |
-| `shai logout` | Log out and remove stored credentials |
-| `shai whoami` | Show current authentication status |
+| Command                | Description                                    |
+| ---------------------- | ---------------------------------------------- |
+| `shai login`           | Log in via browser (device flow, recommended)  |
+| `shai login --password`| Log in with email/password directly            |
+| `shai logout`          | Log out and remove stored credentials          |
+| `shai whoami`          | Show current authentication status             |
+
+**Device Flow (default):**
+
+The default login uses OAuth 2.0 Device Authorization Grant - a secure flow that doesn't require entering your password in the terminal:
+
+```bash
+$ shai login
+Starting device authorization...
+
+To authorize this device:
+
+  1. Visit: https://shaicli.dev/device
+  2. Enter code: ABCD-1234
+
+Open browser automatically? (Y/n) y
+
+[⠋] Waiting for authorization...
+
+✓ Logged in as johndoe
+  Token expires: March 11, 2026
+  Token stored in ~/.config/shai/credentials
+```
+
+**Password Flow (legacy):**
+
+If you prefer to enter credentials directly:
+
+```bash
+$ shai login --password
+Email or username: johndoe
+Password: ********
+
+✓ Logged in as johndoe
+```
+
+**Check Status:**
+
+```bash
+$ shai whoami
+Logged in as johndoe (John Doe)
+Token expires: March 11, 2026
+```
+
+---
 
 ### Discovery
 
-| Command | Description |
-|---------|-------------|
-| `shai list` | List your configurations |
+| Command               | Description                  |
+| --------------------- | ---------------------------- |
+| `shai list`           | List your configurations     |
 | `shai search <query>` | Search public configurations |
 
+---
+
 ### Using Configurations
 
-| Command | Description |
-|---------|-------------|
-| `shai install <config>` | Install a configuration to local project |
-| `shai uninstall <config>` | Remove an installed configuration |
+| Command                   | Description                              |
+| ------------------------- | ---------------------------------------- |
+| `shai install <config>`   | Install a configuration to local project |
+| `shai uninstall <config>` | Remove an installed configuration        |
+
+```bash
+$ shai uninstall anthropic/claude-expert
+[✔] Fetching anthropic/claude-expert...
+Remove 3 files and 1 folder from 'anthropic/claude-expert'? (y/N) y
+
+✓ Uninstalled anthropic/claude-expert
+```
+
+---
 
 ### Authoring Configurations
 
-| Command | Description |
-|---------|-------------|
-| `shai init` | Initialize a new configuration |
-| `shai push` | Push local changes to remote |
-| `shai status` | Show local changes vs remote |
-| `shai diff` | Show diff between local and remote |
-| `shai config show` | Show configuration details |
-| `shai config set <key> <value>` | Update configuration metadata |
-| `shai delete <slug>` | Delete a configuration from remote |
+| Command                         | Description                        |
+| ------------------------------- | ---------------------------------- |
+| `shai init`                     | Initialize a new configuration     |
+| `shai push`                     | Push local changes to remote       |
+| `shai status`                   | Show local changes vs remote       |
+| `shai diff`                     | Show diff between local and remote |
+| `shai config show`              | Show configuration details         |
+| `shai config set <key> <value>` | Update configuration metadata      |
+| `shai delete <slug>`            | Delete a configuration from remote |
+
+---
 
 ## Configuration
 
 ### Environment Variables
 
-| Variable | Description | Default |
-|----------|-------------|---------|
-| `SHAI_API_URL` | API endpoint URL | `https://shaicli.dev` |
-| `SHAI_CONFIG_DIR` | Directory for credentials | `~/.config/shai` |
-| `SHAI_TOKEN` | Override authentication token | - |
-| `NO_COLOR` | Disable colored output | - |
+| Variable          | Description                   | Default               |
+| ----------------- | ----------------------------- | --------------------- |
+| `SHAI_API_URL`    | API endpoint URL              | `https://shaicli.dev` |
+| `SHAI_CONFIG_DIR` | Directory for credentials     | `~/.config/shai`      |
+| `SHAI_TOKEN`      | Override authentication token | -                     |
+| `NO_COLOR`        | Disable colored output        | -                     |
+
+---
 
 ### .shairc File
 
 When authoring configurations, a `.shairc` file is created in your project root:
 
 ```yaml
-# .shairc - Shai configuration
 slug: my-config
 include:
   - .claude/**
@@ -104,89 +207,63 @@ exclude:
   - "**/.env"
 ```
 
-| Field | Description |
-|-------|-------------|
-| `slug` | Unique identifier for your configuration |
-| `include` | Glob patterns for files to include |
-| `exclude` | Glob patterns for files to exclude |
-
-## Examples
+| Field     | Description                              |
+| --------- | ---------------------------------------- |
+| `slug`    | Unique identifier for your configuration |
+| `include` | Glob patterns for files to include       |
+| `exclude` | Glob patterns for files to exclude       |
 
-### Search by tags
+---
 
-```bash
-shai search --tag claude --tag coding
-```
-
-### Install to specific directory
+## Examples
 
 ```bash
+# Install to a specific directory
 shai install anthropic/claude-expert --path ./my-project
-```
 
-### Preview installation without making changes
-
-```bash
+# Preview installation without making changes
 shai install anthropic/claude-expert --dry-run
-```
-
-### Force overwrite existing files
 
-```bash
+# Force overwrite existing files
 shai install anthropic/claude-expert --force
 ```
 
-### Create a public configuration
-
-```bash
-shai init
-# Follow prompts, select "public" visibility
-shai push
-```
+---
 
-### Update configuration metadata
+## Feedback and discussion
 
-```bash
-shai config set name "My Updated Config"
-shai config set visibility public
-shai config set description "A better description"
-```
+Feedback is very welcome.
 
-## Development
+- Use **GitHub Discussions** for ideas, use cases, or open-ended thoughts
+- Use **Issues** for concrete bugs, confusing behavior, or specific improvements
 
-### Setup
+There are two pinned issues to guide feedback:
 
-```bash
-bundle install
-```
+- **Feedback** — what’s unclear, missing, or not useful
+- **Ideas** — possible improvements or directions
 
-### Run tests
+This project is intentionally small, so not every idea will be built. The goal right now is learning and signal.
 
-```bash
-bundle exec rspec
-```
+---
 
-### Run linter
+## Development
 
 ```bash
+bundle install
+bundle exec rspec
 bundle exec standardrb
 ```
 
-### Local development
-
-Create `.env.development`:
+Local development:
 
 ```bash
 SHAI_API_URL=http://localhost:3001
 SHAI_CONFIG_DIR=.config/shai-dev
-```
-
-Run commands in development mode:
-
-```bash
 SHAI_ENV=development bundle exec bin/shai <command>
 ```
 
+---
+
 ## License
 
 MIT

data/lib/shai/api_client.rb

@@ -20,6 +20,21 @@ module Shai
       })
     end
 
+    # Device Flow Authentication (RFC 8628)
+    def device_authorize(client_name: nil)
+      client_name ||= default_client_name
+      post_without_auth("/api/v1/device/authorize", {
+        client_name: client_name
+      })
+    end
+
+    def device_token(device_code:)
+      response = @connection.post("/api/v1/device/token") do |req|
+        req.body = {device_code: device_code}
+      end
+      handle_device_token_response(response)
+    end
+
     # Configurations
     def list_configurations
       get("/api/v1/configurations")
@@ -64,6 +79,10 @@ module Shai
       put("/api/v1/configurations/#{encode_identifier(identifier)}/tree", {tree: tree})
     end
 
+    def record_install(identifier)
+      post_without_auth("/api/v1/configurations/#{encode_identifier(identifier)}/install", {})
+    end
+
     # Encode identifier for URL (handles owner/slug format)
     def encode_identifier(identifier)
       URI.encode_www_form_component(identifier)
@@ -94,6 +113,13 @@ module Shai
       handle_response(response)
     end
 
+    def post_without_auth(path, body)
+      response = @connection.post(path) do |req|
+        req.body = body
+      end
+      handle_response(response)
+    end
+
     def put(path, body)
       response = @connection.put(path) do |req|
         add_auth_header(req)
@@ -126,6 +152,29 @@ module Shai
         raise NotFoundError, response.body&.dig("error") || "Not found"
       when 422
         raise InvalidConfigurationError, response.body&.dig("error") || "Invalid request"
+      when 429
+        retry_after = response.headers["Retry-After"]&.to_i
+        raise RateLimitError.new(
+          response.body&.dig("error") || "Too many requests. Please try again later.",
+          retry_after: retry_after
+        )
+      else
+        raise Error, response.body&.dig("error") || "Request failed with status #{response.status}"
+      end
+    rescue Faraday::ConnectionFailed, Faraday::TimeoutError
+      raise NetworkError, "Could not connect to #{Shai.configuration.api_url}. Check your internet connection."
+    end
+
+    def handle_device_token_response(response)
+      case response.status
+      when 200
+        response.body
+      when 400
+        error_code = response.body&.dig("error")
+        interval = response.body&.dig("interval")
+        raise DeviceFlowError.new(error_code, interval: interval)
+      when 429
+        raise DeviceFlowError.new("slow_down", interval: 10)
       else
         raise Error, response.body&.dig("error") || "Request failed with status #{response.status}"
       end

data/lib/shai/cli.rb

@@ -26,13 +26,15 @@ module Shai
       shell.say "  shai <command> [options]"
       shell.say ""
       shell.say "AUTHENTICATION:"
-      shell.say "  login              Log in to shaicli.dev"
+      shell.say "  login              Log in via browser (device flow)"
+      shell.say "  login --password   Log in with email/password directly"
       shell.say "  logout             Log out and remove stored credentials"
       shell.say "  whoami             Show current authentication status"
       shell.say ""
       shell.say "DISCOVERY:"
       shell.say "  list               List your configurations"
       shell.say "  search <query>     Search public configurations"
+      shell.say "  open <config>      Open a configuration in the browser"
       shell.say ""
       shell.say "USING CONFIGURATIONS (install to current project):"
       shell.say "  install <config>   Install a configuration to local project"
@@ -56,6 +58,7 @@ module Shai
       shell.say "EXAMPLES:"
       shell.say "  shai login"
       shell.say "  shai search \"claude code\""
+      shell.say "  shai open anthropic/claude-expert"
       shell.say "  shai install anthropic/claude-expert"
       shell.say "  shai init"
       shell.say "  shai push"

data/lib/shai/commands/auth.rb

@@ -1,38 +1,21 @@
 # frozen_string_literal: true
 
+require "launchy"
+
 module Shai
   module Commands
     module Auth
+      DEVICE_FLOW_TIMEOUT = 600 # 10 minutes
+
       def self.included(base)
         base.class_eval do
           desc "login", "Log in to shaicli.dev"
+          option :password, type: :boolean, default: false, desc: "Use password authentication instead of device flow"
           def login
-            identifier = ui.ask("Email or username:")
-            password = ui.mask("Password:")
-
-            ui.blank
-
-            begin
-              response = ui.spinner("Logging in...") do
-                api.login(identifier: identifier, password: password)
-              end
-
-              data = response["data"]
-              credentials.save(
-                token: data["token"],
-                expires_at: data["expires_at"],
-                user: data["user"]
-              )
-
-              ui.success("Logged in as #{data.dig("user", "username")}")
-              ui.indent("Token expires: #{format_date(data["expires_at"])}")
-              ui.indent("Token stored in #{Shai.configuration.credentials_path}")
-            rescue AuthenticationError
-              ui.error("Invalid credentials")
-              exit EXIT_AUTH_REQUIRED
-            rescue NetworkError => e
-              ui.error(e.message)
-              exit EXIT_NETWORK_ERROR
+            if options[:password]
+              login_with_password
+            else
+              login_with_device_flow
             end
           end
 
@@ -52,6 +35,151 @@ module Shai
               ui.info("Not logged in. Run `shai login` to authenticate.")
             end
           end
+
+          no_commands do
+            def login_with_password
+              identifier = ui.ask("Email or username:")
+              password = ui.mask("Password:")
+
+              ui.blank
+
+              begin
+                response = ui.spinner("Logging in...") do
+                  api.login(identifier: identifier, password: password)
+                end
+
+                save_credentials_from_response(response)
+              rescue AuthenticationError
+                ui.error("Invalid credentials")
+                exit EXIT_AUTH_REQUIRED
+              rescue RateLimitError
+                ui.error("Too many login attempts. Please try again later.")
+                exit EXIT_GENERAL_ERROR
+              rescue NetworkError => e
+                ui.error(e.message)
+                exit EXIT_NETWORK_ERROR
+              end
+            end
+
+            def login_with_device_flow
+              ui.info("Starting device authorization...")
+              ui.blank
+
+              begin
+                response = api.device_authorize
+              rescue RateLimitError => e
+                retry_msg = e.retry_after ? " Try again in #{e.retry_after} seconds." : ""
+                ui.error("Too many authorization attempts.#{retry_msg}")
+                exit EXIT_GENERAL_ERROR
+              rescue NetworkError => e
+                ui.error(e.message)
+                exit EXIT_NETWORK_ERROR
+              end
+
+              device_code = response["device_code"]
+              user_code = response["user_code"]
+              verification_uri = response["verification_uri"]
+              verification_uri_complete = response["verification_uri_complete"]
+              interval = response["interval"] || 5
+
+              display_device_code_instructions(
+                user_code: user_code,
+                verification_uri: verification_uri
+              )
+
+              ui.blank
+              if ui.yes?("Open browser automatically?", default: true)
+                open_browser(verification_uri_complete || verification_uri)
+              end
+
+              ui.blank
+              poll_for_authorization(device_code: device_code, interval: interval)
+            end
+
+            def display_device_code_instructions(user_code:, verification_uri:)
+              ui.info("To authorize this device:")
+              ui.blank
+              ui.indent("1. Visit: #{ui.cyan(verification_uri)}")
+              ui.indent("2. Enter code: #{ui.bold(user_code)}")
+            end
+
+            def open_browser(url)
+              Launchy.open(url)
+            rescue Launchy::CommandNotFoundError
+              ui.warning("Could not open browser automatically. Please visit the URL manually.")
+            end
+
+            def poll_for_authorization(device_code:, interval:)
+              start_time = Time.now
+              current_interval = interval
+
+              spinner = TTY::Spinner.new("[:spinner] Waiting for authorization...", format: :dots)
+              spinner.auto_spin
+
+              loop do
+                elapsed = Time.now - start_time
+                if elapsed > DEVICE_FLOW_TIMEOUT
+                  spinner.error
+                  ui.error("Authorization timed out. Please try again.")
+                  exit EXIT_AUTH_REQUIRED
+                end
+
+                sleep(current_interval)
+
+                begin
+                  response = api.device_token(device_code: device_code)
+
+                  # Success - we got a token
+                  spinner.success
+                  save_credentials_from_response(response)
+                  return
+                rescue DeviceFlowError => e
+                  case e.error_code
+                  when "authorization_pending"
+                    # Keep polling
+                    next
+                  when "slow_down"
+                    current_interval = e.interval || (current_interval + 5)
+                    next
+                  when "access_denied"
+                    spinner.error
+                    ui.blank
+                    ui.error("Authorization denied by user.")
+                    exit EXIT_AUTH_REQUIRED
+                  when "expired_token"
+                    spinner.error
+                    ui.blank
+                    ui.error("Device code expired. Please try again.")
+                    exit EXIT_AUTH_REQUIRED
+                  else
+                    spinner.error
+                    ui.blank
+                    ui.error("Authorization failed: #{e.error_code}")
+                    exit EXIT_AUTH_REQUIRED
+                  end
+                rescue NetworkError => e
+                  spinner.error
+                  ui.blank
+                  ui.error(e.message)
+                  exit EXIT_NETWORK_ERROR
+                end
+              end
+            end
+
+            def save_credentials_from_response(response)
+              data = response["data"]
+              credentials.save(
+                token: data["token"],
+                expires_at: data["expires_at"],
+                user: data["user"]
+              )
+
+              ui.blank
+              ui.success("Logged in as #{data.dig("user", "username")}")
+              ui.indent("Token expires: #{format_date(data["expires_at"])}")
+              ui.indent("Token stored in #{Shai.configuration.credentials_path}")
+            end
+          end
         end
       end