shai-cli 0.1.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2d4d5f46776b74f36b7f259d6edb67489f519dbc98b5ae5b0e44be82fed60d2d
-  data.tar.gz: 9669269dd3ac52f2161a488e68364da7e58ecb0d32328ca901ed18014b7ed8ef
+  metadata.gz: '00490a68be250015b1cd43dd40cc804d79e82bb74ddc6fc65a4ef90d27b7de69'
+  data.tar.gz: d694b3f181f571b3ac8ebbbe415c92c805c4fb780cd8f3dae4cce0f6b32e6a6b
 SHA512:
-  metadata.gz: a4d113fbd60fbd071f71d47ece7aba4848e9160f41feda7bcdfe39612d0c029f96a85dc31ebe473121b964459d20d2264ce080cb83a4ada5238e619273a1590c
-  data.tar.gz: 768577aecf1ec1e52301dededa606b7f2864fab148f1ad620bcc027a9fbc648e9559dedd1cbcea629fdaf3ad46c99830d99175307fd10a03f611f455003ef953
+  metadata.gz: '08980b4e9a5623c01215cdbe58b1ad8d2ade01cd07ca4d84a3c61db346cbf0513efd663037740570fd17c8c2e61e14b7597d1444bd6701afad6a595ab2f95763'
+  data.tar.gz: 94016712713d1f3731b82b39a75e0d4d23b37f4149a2503bcfe8ae09aabf1ad59f03be7107f1dad0b1177e2168981fc07a5ab3ceaff123822adf1192220be7f0

data/README.md

@@ -56,8 +56,8 @@ shai login
 # Search for public configurations
 shai search "claude code"
 
-# Install a configuration to your project
-shai install anthropic/claude-expert
+# Install a configuration (--global for ~/, --local for ./)
+shai install anthropic/claude-expert --local
 
 # Create and share your own configuration
 shai init
@@ -76,12 +76,12 @@ These commands work without authentication for public configurations:
 | ------------------------- | ------------------------------------------------------ |
 | `shai search <query>`     | Search public configurations                           |
 | `shai install <config>`   | Install a public configuration (use `owner/slug` format) |
-| `shai uninstall <config>` | Uninstall a public configuration                       |
+| `shai uninstall <config>` | Uninstall a configuration                                |
 
 ```bash
 # No login needed for public configs
 shai search "claude code"
-shai install anthropic/claude-expert
+shai install anthropic/claude-expert --local
 shai uninstall anthropic/claude-expert
 ```
 
@@ -89,11 +89,48 @@ shai uninstall anthropic/claude-expert
 
 ### Authentication
 
-| Command       | Description                           |
-| ------------- | ------------------------------------- |
-| `shai login`  | Log in to shaicli.dev                 |
-| `shai logout` | Log out and remove stored credentials |
-| `shai whoami` | Show current authentication status    |
+| Command                | Description                                    |
+| ---------------------- | ---------------------------------------------- |
+| `shai login`           | Log in via browser (device flow, recommended)  |
+| `shai login --password`| Log in with email/password directly            |
+| `shai logout`          | Log out and remove stored credentials          |
+| `shai whoami`          | Show current authentication status             |
+
+**Device Flow (default):**
+
+The default login uses OAuth 2.0 Device Authorization Grant - a secure flow that doesn't require entering your password in the terminal:
+
+```bash
+$ shai login
+Starting device authorization...
+
+To authorize this device:
+
+  1. Visit: https://shaicli.dev/device
+  2. Enter code: ABCD-1234
+
+Open browser automatically? (Y/n) y
+
+[⠋] Waiting for authorization...
+
+✓ Logged in as johndoe
+  Token expires: March 11, 2026
+  Token stored in ~/.config/shai/credentials
+```
+
+**Password Flow (legacy):**
+
+If you prefer to enter credentials directly:
+
+```bash
+$ shai login --password
+Email or username: johndoe
+Password: ********
+
+✓ Logged in as johndoe
+```
+
+**Check Status:**
 
 ```bash
 $ shai whoami
@@ -114,21 +151,69 @@ Token expires: March 11, 2026
 
 ### Using Configurations
 
-| Command                   | Description                              |
-| ------------------------- | ---------------------------------------- |
-| `shai install <config>`   | Install a configuration to local project |
-| `shai uninstall <config>` | Remove an installed configuration        |
+| Command                                | Description                              |
+| -------------------------------------- | ---------------------------------------- |
+| `shai install <config>`                | Install a configuration (prompts for location) |
+| `shai install <config> --global`       | Install to home directory (`~/`)         |
+| `shai install <config> --local`        | Install to current directory (`./`)      |
+| `shai install <config> --path <dir>`   | Install to a specific directory          |
+| `shai uninstall <config>`              | Remove an installed configuration        |
+| `shai uninstall <config> --global`     | Uninstall from home directory            |
+| `shai uninstall <config> --local`      | Uninstall from current directory         |
+
+**Global vs Local installs:**
+
+Configurations can be installed globally (to `~/`) or locally (to `./`). Global installs apply across all projects — useful for AI agent config files like `CLAUDE.md` or `.cursorrules`. Local installs are project-specific.
+
+```bash
+# Install globally (applies everywhere)
+$ shai install anthropic/claude-expert --global
+
+# Install locally (current project only)
+$ shai install anthropic/claude-expert --local
+
+# If you don't specify, shai will ask
+$ shai install anthropic/claude-expert
+? Where do you want to install?
+  ./ (local - current directory)
+  ~/ (global - home directory)
+```
+
+**Uninstalling:**
+
+shai tracks where each configuration was installed, so uninstall works without needing to remember the path:
 
 ```bash
 $ shai uninstall anthropic/claude-expert
-[✔] Fetching anthropic/claude-expert...
-Remove 3 files and 1 folder from 'anthropic/claude-expert'? (y/N) y
+Remove 3 files from 'anthropic/claude-expert'? (y/N) y
 
 ✓ Uninstalled anthropic/claude-expert
 ```
 
 ---
 
+### Skills
+
+| Command                                          | Description                              |
+| ------------------------------------------------ | ---------------------------------------- |
+| `shai skills`                                    | List all AI agent skills and their status |
+| `shai skills enable <name>`                      | Enable a disabled skill                  |
+| `shai skills enable <name> --global`             | Enable a global skill                    |
+| `shai skills disable <name>`                     | Disable an enabled skill                 |
+| `shai skills disable <name> --local`             | Disable a local skill                    |
+| `shai skills disable <name> --agent codex`       | Target a specific agent                  |
+
+Skills are `SKILL.md` files discovered across multiple AI agent directories:
+
+| Agent  | Global path                    | Local path                    |
+| ------ | ------------------------------ | ----------------------------- |
+| Claude | `~/.claude/skills/*/SKILL.md`  | `./.claude/skills/*/SKILL.md` |
+| Codex  | `~/.agents/skills/*/SKILL.md`  | `./.agents/skills/*/SKILL.md` |
+
+Disabling a skill renames `SKILL.md` to `SKILL.md.disabled` so the AI tool no longer loads it. Re-enabling reverses the rename. Use `--agent` to target a specific agent when the same skill name exists in multiple agents.
+
+---
+
 ### Authoring Configurations
 
 | Command                         | Description                        |
@@ -181,6 +266,12 @@ exclude:
 ## Examples
 
 ```bash
+# Install globally (to ~/)
+shai install anthropic/claude-expert --global
+
+# Install locally (to ./)
+shai install anthropic/claude-expert --local
+
 # Install to a specific directory
 shai install anthropic/claude-expert --path ./my-project
 
@@ -189,6 +280,9 @@ shai install anthropic/claude-expert --dry-run
 
 # Force overwrite existing files
 shai install anthropic/claude-expert --force
+
+# Uninstall (auto-detects where it was installed)
+shai uninstall anthropic/claude-expert
 ```
 
 ---

data/lib/shai/api_client.rb

@@ -20,6 +20,21 @@ module Shai
       })
     end
 
+    # Device Flow Authentication (RFC 8628)
+    def device_authorize(client_name: nil)
+      client_name ||= default_client_name
+      post_without_auth("/api/v1/device/authorize", {
+        client_name: client_name
+      })
+    end
+
+    def device_token(device_code:)
+      response = @connection.post("/api/v1/device/token") do |req|
+        req.body = {device_code: device_code}
+      end
+      handle_device_token_response(response)
+    end
+
     # Configurations
     def list_configurations
       get("/api/v1/configurations")
@@ -64,6 +79,10 @@ module Shai
       put("/api/v1/configurations/#{encode_identifier(identifier)}/tree", {tree: tree})
     end
 
+    def record_install(identifier)
+      post_without_auth("/api/v1/configurations/#{encode_identifier(identifier)}/install", {})
+    end
+
     # Encode identifier for URL (handles owner/slug format)
     def encode_identifier(identifier)
       URI.encode_www_form_component(identifier)
@@ -94,6 +113,13 @@ module Shai
       handle_response(response)
     end
 
+    def post_without_auth(path, body)
+      response = @connection.post(path) do |req|
+        req.body = body
+      end
+      handle_response(response)
+    end
+
     def put(path, body)
       response = @connection.put(path) do |req|
         add_auth_header(req)
@@ -126,6 +152,29 @@ module Shai
         raise NotFoundError, response.body&.dig("error") || "Not found"
       when 422
         raise InvalidConfigurationError, response.body&.dig("error") || "Invalid request"
+      when 429
+        retry_after = response.headers["Retry-After"]&.to_i
+        raise RateLimitError.new(
+          response.body&.dig("error") || "Too many requests. Please try again later.",
+          retry_after: retry_after
+        )
+      else
+        raise Error, response.body&.dig("error") || "Request failed with status #{response.status}"
+      end
+    rescue Faraday::ConnectionFailed, Faraday::TimeoutError
+      raise NetworkError, "Could not connect to #{Shai.configuration.api_url}. Check your internet connection."
+    end
+
+    def handle_device_token_response(response)
+      case response.status
+      when 200
+        response.body
+      when 400
+        error_code = response.body&.dig("error")
+        interval = response.body&.dig("interval")
+        raise DeviceFlowError.new(error_code, interval: interval)
+      when 429
+        raise DeviceFlowError.new("slow_down", interval: 10)
       else
         raise Error, response.body&.dig("error") || "Request failed with status #{response.status}"
       end

data/lib/shai/cli.rb

@@ -5,6 +5,7 @@ require_relative "commands/auth"
 require_relative "commands/configurations"
 require_relative "commands/sync"
 require_relative "commands/config"
+require_relative "commands/skills"
 require_relative "ui"
 
 module Shai
@@ -13,6 +14,7 @@ module Shai
     include Commands::Configurations
     include Commands::Sync
     include Commands::Config
+    include Commands::Skills
 
     def self.exit_on_failure?
       true
@@ -26,18 +28,25 @@ module Shai
       shell.say "  shai <command> [options]"
       shell.say ""
       shell.say "AUTHENTICATION:"
-      shell.say "  login              Log in to shaicli.dev"
+      shell.say "  login              Log in via browser (device flow)"
+      shell.say "  login --password   Log in with email/password directly"
       shell.say "  logout             Log out and remove stored credentials"
       shell.say "  whoami             Show current authentication status"
       shell.say ""
       shell.say "DISCOVERY:"
       shell.say "  list               List your configurations"
       shell.say "  search <query>     Search public configurations"
+      shell.say "  open <config>      Open a configuration in the browser"
       shell.say ""
-      shell.say "USING CONFIGURATIONS (install to current project):"
-      shell.say "  install <config>   Install a configuration to local project"
+      shell.say "USING CONFIGURATIONS:"
+      shell.say "  install <config>   Install a configuration (--global, --local, or --path)"
       shell.say "  uninstall <config> Remove an installed configuration"
       shell.say ""
+      shell.say "SKILLS:"
+      shell.say "  skills             List all AI agent skills and their status"
+      shell.say "  skills enable <n>  Enable a disabled skill (--global, --local, --agent)"
+      shell.say "  skills disable <n> Disable an enabled skill (--global, --local, --agent)"
+      shell.say ""
       shell.say "AUTHORING CONFIGURATIONS (create and publish):"
       shell.say "  init               Initialize a new configuration"
       shell.say "  push               Push local changes to remote"
@@ -56,6 +65,7 @@ module Shai
       shell.say "EXAMPLES:"
       shell.say "  shai login"
       shell.say "  shai search \"claude code\""
+      shell.say "  shai open anthropic/claude-expert"
       shell.say "  shai install anthropic/claude-expert"
       shell.say "  shai init"
       shell.say "  shai push"

data/lib/shai/commands/auth.rb

@@ -1,38 +1,21 @@
 # frozen_string_literal: true
 
+require "launchy"
+
 module Shai
   module Commands
     module Auth
+      DEVICE_FLOW_TIMEOUT = 600 # 10 minutes
+
       def self.included(base)
         base.class_eval do
           desc "login", "Log in to shaicli.dev"
+          option :password, type: :boolean, default: false, desc: "Use password authentication instead of device flow"
           def login
-            identifier = ui.ask("Email or username:")
-            password = ui.mask("Password:")
-
-            ui.blank
-
-            begin
-              response = ui.spinner("Logging in...") do
-                api.login(identifier: identifier, password: password)
-              end
-
-              data = response["data"]
-              credentials.save(
-                token: data["token"],
-                expires_at: data["expires_at"],
-                user: data["user"]
-              )
-
-              ui.success("Logged in as #{data.dig("user", "username")}")
-              ui.indent("Token expires: #{format_date(data["expires_at"])}")
-              ui.indent("Token stored in #{Shai.configuration.credentials_path}")
-            rescue AuthenticationError
-              ui.error("Invalid credentials")
-              exit EXIT_AUTH_REQUIRED
-            rescue NetworkError => e
-              ui.error(e.message)
-              exit EXIT_NETWORK_ERROR
+            if options[:password]
+              login_with_password
+            else
+              login_with_device_flow
             end
           end
 
@@ -52,6 +35,151 @@ module Shai
               ui.info("Not logged in. Run `shai login` to authenticate.")
             end
           end
+
+          no_commands do
+            def login_with_password
+              identifier = ui.ask("Email or username:")
+              password = ui.mask("Password:")
+
+              ui.blank
+
+              begin
+                response = ui.spinner("Logging in...") do
+                  api.login(identifier: identifier, password: password)
+                end
+
+                save_credentials_from_response(response)
+              rescue AuthenticationError
+                ui.error("Invalid credentials")
+                exit EXIT_AUTH_REQUIRED
+              rescue RateLimitError
+                ui.error("Too many login attempts. Please try again later.")
+                exit EXIT_GENERAL_ERROR
+              rescue NetworkError => e
+                ui.error(e.message)
+                exit EXIT_NETWORK_ERROR
+              end
+            end
+
+            def login_with_device_flow
+              ui.info("Starting device authorization...")
+              ui.blank
+
+              begin
+                response = api.device_authorize
+              rescue RateLimitError => e
+                retry_msg = e.retry_after ? " Try again in #{e.retry_after} seconds." : ""
+                ui.error("Too many authorization attempts.#{retry_msg}")
+                exit EXIT_GENERAL_ERROR
+              rescue NetworkError => e
+                ui.error(e.message)
+                exit EXIT_NETWORK_ERROR
+              end
+
+              device_code = response["device_code"]
+              user_code = response["user_code"]
+              verification_uri = response["verification_uri"]
+              verification_uri_complete = response["verification_uri_complete"]
+              interval = response["interval"] || 5
+
+              display_device_code_instructions(
+                user_code: user_code,
+                verification_uri: verification_uri
+              )
+
+              ui.blank
+              if ui.yes?("Open browser automatically?", default: true)
+                open_browser(verification_uri_complete || verification_uri)
+              end
+
+              ui.blank
+              poll_for_authorization(device_code: device_code, interval: interval)
+            end
+
+            def display_device_code_instructions(user_code:, verification_uri:)
+              ui.info("To authorize this device:")
+              ui.blank
+              ui.indent("1. Visit: #{ui.cyan(verification_uri)}")
+              ui.indent("2. Enter code: #{ui.bold(user_code)}")
+            end
+
+            def open_browser(url)
+              Launchy.open(url)
+            rescue Launchy::CommandNotFoundError
+              ui.warning("Could not open browser automatically. Please visit the URL manually.")
+            end
+
+            def poll_for_authorization(device_code:, interval:)
+              start_time = Time.now
+              current_interval = interval
+
+              spinner = TTY::Spinner.new("[:spinner] Waiting for authorization...", format: :dots)
+              spinner.auto_spin
+
+              loop do
+                elapsed = Time.now - start_time
+                if elapsed > DEVICE_FLOW_TIMEOUT
+                  spinner.error
+                  ui.error("Authorization timed out. Please try again.")
+                  exit EXIT_AUTH_REQUIRED
+                end
+
+                sleep(current_interval)
+
+                begin
+                  response = api.device_token(device_code: device_code)
+
+                  # Success - we got a token
+                  spinner.success
+                  save_credentials_from_response(response)
+                  return
+                rescue DeviceFlowError => e
+                  case e.error_code
+                  when "authorization_pending"
+                    # Keep polling
+                    next
+                  when "slow_down"
+                    current_interval = e.interval || (current_interval + 5)
+                    next
+                  when "access_denied"
+                    spinner.error
+                    ui.blank
+                    ui.error("Authorization denied by user.")
+                    exit EXIT_AUTH_REQUIRED
+                  when "expired_token"
+                    spinner.error
+                    ui.blank
+                    ui.error("Device code expired. Please try again.")
+                    exit EXIT_AUTH_REQUIRED
+                  else
+                    spinner.error
+                    ui.blank
+                    ui.error("Authorization failed: #{e.error_code}")
+                    exit EXIT_AUTH_REQUIRED
+                  end
+                rescue NetworkError => e
+                  spinner.error
+                  ui.blank
+                  ui.error(e.message)
+                  exit EXIT_NETWORK_ERROR
+                end
+              end
+            end
+
+            def save_credentials_from_response(response)
+              data = response["data"]
+              credentials.save(
+                token: data["token"],
+                expires_at: data["expires_at"],
+                user: data["user"]
+              )
+
+              ui.blank
+              ui.success("Logged in as #{data.dig("user", "username")}")
+              ui.indent("Token expires: #{format_date(data["expires_at"])}")
+              ui.indent("Token stored in #{Shai.configuration.credentials_path}")
+            end
+          end
         end
       end