shapeup-cli 0.3.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 89595c1b4509ab13079e503ff5b94894c469220c070d1983389d8cd4ba3d2756
+  data.tar.gz: eb5c3bde6d0988fdfc125a78268216f5dfb8736a4ff7082ed588d71de0ea6587
+SHA512:
+  metadata.gz: f7b3825df0045f80896ffbc17db90f57048084aa7eb2ac92ecb17b584c769d3affbcd7503fef3703fc7faf6d98c6127b557ffbdf5feb028d14e29db29a360424
+  data.tar.gz: 5edd8c20f3ae4da183309750cb18cb5204036c955322c443e1d2e75e971f0c88a6e3e508d25723b30da5dee994d5cf1627486548f8b8d8fd729c151d10979143

data/bin/shapeup

@@ -0,0 +1,7 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+$LOAD_PATH.unshift File.expand_path("../lib", __dir__)
+require "shapeup_cli"
+
+ShapeupCli.run(ARGV)

data/install.md

@@ -0,0 +1,94 @@
+I want you to install Agent Skills for ShapeUp for me. Execute all steps autonomously.
+
+OBJECTIVE: Install ShapeUp agent skills so your agent can manage pitches, scopes, tasks, cycles, and more via the ShapeUp CLI.
+
+DONE WHEN: `shapeup version` succeeds, `shapeup orgs` returns data, and the shapeup skill is installed in your agent.
+
+## TODO
+
+- [ ] Install ShapeUp CLI
+- [ ] Authenticate with ShapeUp
+- [ ] Set default organisation
+- [ ] Install skills
+
+## Step 0: Install ShapeUp CLI
+
+Check if the ShapeUp CLI is available:
+
+```bash
+shapeup version
+```
+
+If `shapeup` is not found, clone the repo and add to PATH:
+
+```bash
+git clone https://github.com/shapeup-cc/shapeup-cli ~/.shapeup-cli
+```
+
+Add to your shell profile (`~/.zshrc` or `~/.bashrc`):
+
+```bash
+alias shapeup='ruby -I~/.shapeup-cli/cli/lib ~/.shapeup-cli/cli/bin/shapeup'
+```
+
+**Verify:**
+```bash
+shapeup version
+# Expected: shapeup 0.1.0
+```
+
+## Step 1: Authenticate with ShapeUp
+
+```bash
+shapeup login
+```
+
+This opens a browser for OAuth. Grant access when prompted. Credentials are stored in `~/.config/shapeup/credentials.json`.
+
+For local development:
+
+```bash
+shapeup login --host http://localhost:3000
+```
+
+**Verify:**
+```bash
+shapeup orgs
+# Expected: List of organisations
+```
+
+## Step 2: Set default organisation
+
+```bash
+shapeup config set org "Your Org Name"
+```
+
+Or for per-project config:
+
+```bash
+shapeup config init "Your Org Name"
+```
+
+**Verify:**
+```bash
+shapeup config show
+# Expected: org set to your organisation
+```
+
+## Step 3: Install skills
+
+```bash
+shapeup setup claude
+```
+
+This copies the ShapeUp skill into `~/.claude/skills/shapeup/SKILL.md` so Claude Code can use ShapeUp commands when triggered.
+
+**Verify:**
+```bash
+cat ~/.claude/skills/shapeup/SKILL.md | head -5
+# Expected: YAML frontmatter with name: shapeup
+```
+
+Restart your agent session to pick up the new skills. The shapeup skill provides full CLI coverage: pitches, scopes, tasks, cycles, search, assignments, and more.
+
+EXECUTE NOW: Start with Step 0. Mark TODO items complete as you go. Stop when all steps succeed.

data/lib/shapeup_cli/auth.rb

@@ -0,0 +1,199 @@
+# frozen_string_literal: true
+
+module ShapeupCli
+  module Auth
+    CLIENT_NAME = "ShapeUp CLI"
+
+    # OAuth 2.1 PKCE login flow:
+    # 1. Discover OAuth metadata from /.well-known/oauth-authorization-server
+    # 2. Dynamically register client (loopback redirect)
+    # 3. Start local callback server
+    # 4. Open browser for authorisation
+    # 5. Receive code on callback
+    # 6. Exchange code for token via PKCE
+
+    def self.login(host: Config.host)
+      metadata = discover_metadata(host)
+      callback_port = find_available_port
+      redirect_uri = "http://127.0.0.1:#{callback_port}/callback"
+
+      client = register_client(metadata["registration_endpoint"], redirect_uri)
+      code_verifier = generate_code_verifier
+      code_challenge = generate_code_challenge(code_verifier)
+      state = SecureRandom.hex(16)
+
+      auth_url = build_auth_url(
+        metadata["authorization_endpoint"],
+        client_id: client["client_id"],
+        redirect_uri: redirect_uri,
+        code_challenge: code_challenge,
+        state: state
+      )
+
+      puts "Opening browser for authentication..."
+      puts "If the browser doesn't open, visit:"
+      puts "  #{auth_url}"
+      puts
+
+      open_browser(auth_url)
+
+      code = wait_for_callback(callback_port, state)
+
+      token_response = exchange_code(
+        metadata["token_endpoint"],
+        code: code,
+        client_id: client["client_id"],
+        redirect_uri: redirect_uri,
+        code_verifier: code_verifier
+      )
+
+      token_response
+    end
+
+    def self.token
+      Config.token
+    end
+
+    # --- Private helpers ---
+
+    def self.discover_metadata(host)
+      uri = URI.parse("#{host}/.well-known/oauth-authorization-server")
+      response = Net::HTTP.get_response(uri)
+
+      unless response.is_a?(Net::HTTPSuccess)
+        raise Client::ApiError, "Failed to discover OAuth metadata at #{host}"
+      end
+
+      JSON.parse(response.body)
+    end
+
+    def self.register_client(endpoint, redirect_uri)
+      uri = URI.parse(endpoint)
+      request = Net::HTTP::Post.new(uri)
+      request["Content-Type"] = "application/json"
+      request.body = JSON.generate(
+        client_name: CLIENT_NAME,
+        redirect_uris: [ redirect_uri ],
+        token_endpoint_auth_method: "none",
+        grant_types: [ "authorization_code" ],
+        response_types: [ "code" ],
+        scope: "read write"
+      )
+
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = uri.scheme == "https"
+      response = http.request(request)
+
+      unless response.is_a?(Net::HTTPSuccess)
+        raise Client::ApiError, "Failed to register OAuth client: #{response.body}"
+      end
+
+      JSON.parse(response.body)
+    end
+
+    def self.build_auth_url(endpoint, client_id:, redirect_uri:, code_challenge:, state:)
+      uri = URI.parse(endpoint)
+      uri.query = URI.encode_www_form(
+        response_type: "code",
+        client_id: client_id,
+        redirect_uri: redirect_uri,
+        code_challenge: code_challenge,
+        code_challenge_method: "S256",
+        scope: "write",
+        state: state
+      )
+      uri.to_s
+    end
+
+    def self.exchange_code(endpoint, code:, client_id:, redirect_uri:, code_verifier:)
+      uri = URI.parse(endpoint)
+      request = Net::HTTP::Post.new(uri)
+      request["Content-Type"] = "application/x-www-form-urlencoded"
+      request.body = URI.encode_www_form(
+        grant_type: "authorization_code",
+        code: code,
+        client_id: client_id,
+        redirect_uri: redirect_uri,
+        code_verifier: code_verifier
+      )
+
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = uri.scheme == "https"
+      response = http.request(request)
+
+      unless response.is_a?(Net::HTTPSuccess)
+        raise Client::ApiError, "Token exchange failed: #{response.body}"
+      end
+
+      JSON.parse(response.body)
+    end
+
+    def self.wait_for_callback(port, expected_state)
+      server = TCPServer.new("127.0.0.1", port)
+      client = server.accept
+
+      # Read the HTTP request
+      request_line = client.gets
+      headers = {}
+      while (line = client.gets) && line.strip != ""
+        key, value = line.split(": ", 2)
+        headers[key.downcase] = value&.strip
+      end
+
+      # Parse query params from GET /callback?code=...&state=...
+      path, query_string = request_line.split(" ")[1].split("?", 2)
+      params = URI.decode_www_form(query_string || "").to_h
+
+      code = nil
+      error = nil
+
+      if params["error"]
+        error = params["error_description"] || params["error"]
+        body = "<html><body><h1>Authentication failed</h1><p>#{error}</p><p>You can close this tab.</p></body></html>"
+      elsif params["state"] != expected_state
+        error = "State mismatch"
+        body = "<html><body><h1>Authentication failed</h1><p>State mismatch.</p></body></html>"
+      else
+        code = params["code"]
+        body = "<html><body><h1>Authenticated!</h1><p>You can close this tab and return to the terminal.</p></body></html>"
+      end
+
+      client.print "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\nContent-Length: #{body.bytesize}\r\nConnection: close\r\n\r\n#{body}"
+      client.close
+      server.close
+
+      raise Client::ApiError, "Authentication failed: #{error}" if error
+      raise Client::ApiError, "No authorization code received" unless code
+
+      code
+    end
+
+    def self.generate_code_verifier
+      SecureRandom.urlsafe_base64(32)
+    end
+
+    def self.generate_code_challenge(verifier)
+      digest = Digest::SHA256.digest(verifier)
+      Base64.urlsafe_encode64(digest, padding: false)
+    end
+
+    def self.find_available_port
+      server = TCPServer.new("127.0.0.1", 0)
+      port = server.addr[1]
+      server.close
+      port
+    end
+
+    def self.open_browser(url)
+      case RUBY_PLATFORM
+      when /darwin/  then system("open", url)
+      when /linux/   then system("xdg-open", url)
+      when /mswin|mingw/ then system("start", url)
+      end
+    end
+
+    private_class_method :discover_metadata, :register_client, :build_auth_url,
+      :exchange_code, :wait_for_callback, :generate_code_verifier,
+      :generate_code_challenge, :find_available_port, :open_browser
+  end
+end

data/lib/shapeup_cli/client.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+module ShapeupCli
+  class Client
+    class ApiError < StandardError; end
+    class AuthError < ApiError; end
+    class NotFoundError < ApiError; end
+    class PermissionError < ApiError; end
+    class RateLimitError < ApiError; end
+
+    MCP_PROTOCOL_VERSION = "2025-06-18"
+
+    def initialize(host: Config.host, token: Auth.token)
+      raise AuthError, "Not authenticated" unless token
+      @host = host
+      @token = token
+      @request_id = 0
+    end
+
+    # Initialise the MCP session
+    def initialize_session
+      call_method("initialize", protocolVersion: MCP_PROTOCOL_VERSION)
+    end
+
+    # List available tools (useful for --agent --help introspection)
+    def list_tools
+      call_method("tools/list")
+    end
+
+    # Call an MCP tool by name with arguments
+    def call_tool(name, **arguments)
+      call_method("tools/call", name: name, arguments: arguments)
+    end
+
+    # List available resources
+    def list_resources
+      call_method("resources/list")
+    end
+
+    # Read a resource by URI
+    def read_resource(uri)
+      call_method("resources/read", uri: uri)
+    end
+
+    private
+      def call_method(method, **params)
+        @request_id += 1
+
+        uri = URI.parse("#{@host}/mcp")
+        request = Net::HTTP::Post.new(uri)
+        request["Content-Type"] = "application/json"
+        request["Authorization"] = "Bearer #{@token}"
+        request["MCP-Protocol-Version"] = MCP_PROTOCOL_VERSION
+
+        body = {
+          jsonrpc: "2.0",
+          id: @request_id,
+          method: method
+        }
+        body[:params] = params unless params.empty?
+        request.body = JSON.generate(body)
+
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = uri.scheme == "https"
+        http.open_timeout = 5
+        http.read_timeout = 30
+
+        response = http.request(request)
+
+        case response
+        when Net::HTTPUnauthorized
+          raise AuthError, "Authentication failed — run 'shapeup login'"
+        when Net::HTTPForbidden
+          raise PermissionError, "Check your subscription or permissions"
+        when Net::HTTPTooManyRequests
+          raise RateLimitError, "Too many requests"
+        end
+
+        parsed = JSON.parse(response.body)
+
+        if parsed["error"]
+          message = parsed["error"]["message"] || "Unknown error"
+
+          case message
+          when /not found/i  then raise NotFoundError, message
+          when /access/i     then raise PermissionError, message
+          else raise ApiError, message
+          end
+        end
+
+        parsed["result"]
+      end
+  end
+end

data/lib/shapeup_cli/commands/auth.rb

@@ -0,0 +1,127 @@
+# frozen_string_literal: true
+
+module ShapeupCli
+  module Commands
+    class Auth < Base
+      def self.metadata
+        {
+          command: "auth",
+          path: "shapeup auth",
+          short: "Manage authentication profiles",
+          subcommands: [
+            { name: "status", short: "Check authentication status", path: "shapeup auth status" },
+            { name: "list", short: "List configured profiles", path: "shapeup auth list" },
+            { name: "switch", short: "Switch active profile", path: "shapeup auth switch <name>" },
+            { name: "remove", short: "Remove a profile", path: "shapeup auth remove <name>" }
+          ],
+          flags: [],
+          notes: [
+            "Use 'shapeup login' to create a new profile via OAuth",
+            "SHAPEUP_PROFILE env var overrides the default profile"
+          ],
+          examples: [
+            "shapeup auth status",
+            "shapeup auth list",
+            "shapeup auth switch compass-labs",
+            "shapeup auth remove old-profile"
+          ]
+        }
+      end
+
+      def execute
+        subcommand = positional_arg(0)
+
+        case subcommand
+        when "status"      then status
+        when "list"        then list
+        when "switch"      then switch_profile
+        when "remove"      then remove
+        when "help", nil   then help
+        else help
+        end
+      end
+
+      private
+        def status
+          profile = Config.current_profile
+
+          if profile
+            data = {
+              "authenticated" => true,
+              "profile" => profile["profile_name"],
+              "organisation" => profile["name"],
+              "organisation_id" => profile["organisation_id"],
+              "host" => profile["host"]
+            }
+          else
+            data = { "authenticated" => false }
+          end
+
+          if @mode == :json || @mode == :agent
+            Output.render(
+              { "content" => [ { "type" => "text", "text" => JSON.generate(data) } ] },
+              mode: @mode,
+              summary: "Auth Status"
+            )
+          else
+            if profile
+              puts "Authenticated"
+              puts "  profile   #{profile["profile_name"]}"
+              puts "  org       #{profile["name"]}"
+              puts "  host      #{profile["host"]}"
+            else
+              puts "Not authenticated. Run 'shapeup login' to connect."
+            end
+          end
+        end
+
+        def list
+          profiles = Config.list_profiles
+
+          if profiles.empty?
+            puts "No profiles configured. Run 'shapeup login' to create one."
+            return
+          end
+
+          profiles.each do |p|
+            marker = p[:default] ? "*" : " "
+            puts "  #{marker} #{p[:name].ljust(20)} #{p[:display_name]} (org: #{p[:organisation_id]})"
+          end
+          puts
+          puts "  * = active profile"
+        end
+
+        def switch_profile
+          name = positional_arg(1) || abort("Usage: shapeup auth switch <profile-name>")
+          Config.switch_profile(name)
+          puts "Switched to profile: #{name}"
+        end
+
+        def remove
+          name = positional_arg(1) || abort("Usage: shapeup auth remove <profile-name>")
+          Config.delete_profile(name)
+          puts "Removed profile: #{name}"
+        end
+
+        def help
+          puts <<~HELP
+            Usage: shapeup auth <subcommand>
+
+            Subcommands:
+              status        Check if authenticated
+              list          List all profiles
+              switch <name> Switch active profile
+              remove <name> Remove a profile
+
+            Profiles store separate tokens and org defaults. Create profiles
+            with 'shapeup login', then switch between them.
+
+            Override with SHAPEUP_PROFILE env var.
+          HELP
+        end
+
+        # Override: auth doesn't need an org_id
+        def org_id = nil
+    end
+  end
+end

data/lib/shapeup_cli/commands/base.rb

@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+
+module ShapeupCli
+  module Commands
+    class Base
+      def self.run(args)
+        instance = new(args)
+        if instance.agent_help?
+          puts JSON.pretty_generate(instance.class.metadata)
+        else
+          instance.execute
+        end
+      end
+
+      # Override in subclasses to define structured command metadata
+      def self.metadata
+        { command: name.split("::").last.downcase, description: "No metadata defined" }
+      end
+
+      def initialize(args)
+        @mode, remaining = Output.parse_mode(args)
+        @agent_help = @mode == :agent && remaining.include?("--help")
+        remaining.delete("--help") if @agent_help
+        @org_id, @remaining = extract_flags(remaining)
+      end
+
+      def agent_help?
+        @agent_help
+      end
+
+      private
+        def client
+          @client ||= Client.new
+        end
+
+        def org_id
+          resolve_org(@org_id || Config.organisation_id || abort("No organisation set. Run 'shapeup orgs' to see available orgs, then pass --org <id> or --org <name>."))
+        end
+
+        def call_tool(name, **args)
+          client.call_tool(name, organisation: org_id.to_s, **args)
+        end
+
+        # Accept org ID (numeric) or name (string) — resolve name to ID via list_organisations
+        def resolve_org(value)
+          return value if value.to_s.match?(/\A\d+\z/)
+
+          result = client.call_tool("list_organisations")
+          data = Output.extract_data(result)
+          orgs = data.is_a?(Hash) ? (data["organisations"] || []) : Array(data)
+
+          match = orgs.find { |o| o["name"]&.downcase == value.downcase }
+
+          if match
+            match["id"]
+          else
+            names = orgs.map { |o| "  #{o["id"]}  #{o["name"]}" }.join("\n")
+            abort "Organisation '#{value}' not found. Available:\n#{names}"
+          end
+        end
+
+        def render(result, breadcrumbs: [], summary: nil)
+          Output.render(result, breadcrumbs: breadcrumbs, mode: @mode, summary: summary)
+        end
+
+        def extract_flags(args)
+          org = nil
+          remaining = []
+          skip_next = false
+
+          args.each_with_index do |arg, i|
+            if skip_next
+              skip_next = false
+              next
+            end
+
+            case arg
+            when "--org"
+              org = args[i + 1]
+              skip_next = true
+            when /\A--org=(.+)\z/
+              org = $1
+            else
+              remaining << arg
+            end
+          end
+
+          [ org, remaining ]
+        end
+
+        # Parse --flag value pairs from remaining args
+        def extract_option(flag)
+          idx = @remaining.index(flag)
+          return nil unless idx
+          value = @remaining[idx + 1]
+          @remaining.delete_at(idx + 1)
+          @remaining.delete_at(idx)
+          value
+        end
+
+        # Get the first positional arg (not a flag)
+        def positional_arg(position = 0)
+          positionals = @remaining.reject { |a| a.start_with?("--") }
+          positionals[position]
+        end
+
+        # Get all positional args
+        def positional_args
+          @remaining.reject { |a| a.start_with?("--") }
+        end
+    end
+  end
+end