tempest-rb 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b22f62246911621115721bfa860e0e20227af1e183934c68d8ca1d04a964f809
-  data.tar.gz: 6988da4cf1585e253697b7b45ac1b2459ab8358d795937e242624081ae871f1c
+  metadata.gz: 828dcb07d7565737bbe9b37ef7ca876fe6136dd7aaf308df43ec8c8fac9be825
+  data.tar.gz: 3a32fde6e7693ba99acea0482875cc9919e8e4969dd201404edeeb9e01d89193
 SHA512:
-  metadata.gz: abf73e75e9f73690fbdddfc588313a727b232de1b735146702f50a90801dace70241a326bc4245c5c16f142cea87e3ff8bc77146ebb292963898dcefc3359024
-  data.tar.gz: 86f61238ba980c20e770838b67ccfc2f68eef1fe6c3d26d2f17b083c1044ed4d4bd16415faffd5d764c939ae86dbd2e322da1cad839ac5999e9ec56e3c8f8c0e
+  metadata.gz: 8eb5b81c5d05843c461fcf2352b8be5351e95dbb4eebd1359ba0c2ee2380400de36bd627fab9d96db685f44bb80cf39c3c914c1183ee895481f33d7d9b3a4b84
+  data.tar.gz: 1b16bd98ef48212760133e3b87bb877a9f3a7c0e1044a86f541219cf32871fad921d88074ac7ca52e1c42ed69b5f8d1fedbd5f7e762d4d3c21d22c45be88ad3c

data/README.md

@@ -65,7 +65,47 @@ export TEMPEST_APP_PASSWORD="xxxx-xxxx-xxxx-xxxx"
 tempest
 ```
 
-The first sign-in may prompt for the email code Bluesky sends as a second factor. After a successful sign-in the session is cached at `$XDG_CONFIG_HOME/tempest/session.json` (defaults to `~/.config/tempest/session.json`), and subsequent launches refresh tokens silently.
+The first sign-in may prompt for the email code Bluesky sends as a second factor. After a successful sign-in the session is cached at `$XDG_CONFIG_HOME/tempest/accounts/<did>/session.json` (defaults to `~/.config/tempest/accounts/<did>/session.json`), and subsequent launches refresh tokens silently.
+
+### Multiple accounts
+
+`tempest` keeps each account's session, Jetstream cursor, and timeline snapshot under `~/.config/tempest/accounts/<did>/`. A top-level `accounts.json` index records which account is the default and which alternate accounts are known to the client.
+
+To add a second account, run `tempest login` and supply the handle and app password interactively:
+
+```sh
+tempest login
+# identifier: tempest-dev.bsky.social
+# app password: ****
+# signing in...
+# logged in as @tempest-dev.bsky.social (did:plc:...)
+```
+
+List the accounts known to `tempest`. The default is marked with `*`.
+
+```sh
+tempest accounts list
+# * @asonas.bsky.social (did:plc:abcdef) https://bsky.social  added 2026-05-18
+#   @tempest-dev.bsky.social (did:plc:ghijkl) https://bsky.social  added 2026-05-18
+```
+
+Switch the default account:
+
+```sh
+tempest accounts set-default tempest-dev.bsky.social
+```
+
+Pick the account just for one invocation with `--user`. The flag accepts a handle or a DID and works on every subcommand:
+
+```sh
+tempest --user tempest-dev.bsky.social
+tempest --user did:plc:ghijkl feed me --format=json
+tempest post "from the dev account" --user tempest-dev.bsky.social
+```
+
+For bots and scripts where stability matters, pass the DID directly. Handles can be changed by their owner; DIDs do not.
+
+If you have been using a single-account installation of an earlier `tempest` release, the legacy `~/.config/tempest/session.json` is migrated to the new per-DID layout on the next start. The migration is one-shot, idempotent, and prints a one-line notice to stderr when it runs.
 
 ### REPL commands
 
@@ -88,18 +128,20 @@ Each post in the timeline is prefixed with a short `$XX` id, and URLs found insi
 |-------------------|--------------------------------------------------------------|
 | `-h`, `--help`    | Show CLI help                                                |
 | `-v`, `--version` | Show version                                                 |
+| `--user <h\|did>` | Pick which account to act as (default: the entry marked default in `accounts.json`). Works on every subcommand except `login` / `accounts` |
 | `--no-stream`     | Disable the auto-started Jetstream feed                      |
 | `--feed=MODE`     | `home` (default, your follows + your own posts) or `self` (only your own posts) |
 
 ### Non-interactive CLI
 
-Once you have signed in once with `tempest tui`, you can call the CLI from scripts and tools:
+Once you have signed in once with `tempest tui` or `tempest login`, you can call the CLI from scripts and tools:
 
 ```sh
 tempest whoami --json
 tempest post "今日もよろしくお願いします"
 tempest feed me --since today --format json | jq '.text'
 tempest feed author asonas.bsky.social --limit 20
+tempest --user tempest-dev.bsky.social post "from the dev account"
 ```
 
 `--format=json` emits newline-delimited JSON; one post per line. The schema is documented in `lib/tempest/post_view.rb`.
@@ -108,28 +150,26 @@ tempest feed author asonas.bsky.social --limit 20
 
 `--format=line` (default when stdout is a TTY) prints the same single-line representation as the TUI scroll buffer.
 
-The non-interactive subcommands require a cached session on disk. If your cache is missing or expired, run `tempest tui` once to refresh it.
+The non-interactive subcommands require a cached session on disk for the resolved account. If a session is missing or expired, run `tempest login` (or `tempest tui` for the default account) to refresh it.
 
 ### Environment variables
 
 | Variable                    | Purpose                                                                 |
 |-----------------------------|-------------------------------------------------------------------------|
-| `TEMPEST_IDENTIFIER`        | Your handle, e.g. `asonas.bsky.social`                                  |
-| `TEMPEST_APP_PASSWORD`      | An app password generated in Bluesky settings                           |
-| `TEMPEST_PDS_HOST`          | Override PDS host (default `https://bsky.social`)                       |
+| `TEMPEST_IDENTIFIER`        | Your handle, e.g. `asonas.bsky.social`. Only consulted on first run, when `accounts.json` is absent. Use `tempest login` to add accounts thereafter. |
+| `TEMPEST_APP_PASSWORD`      | Same precondition as `TEMPEST_IDENTIFIER`                               |
 | `TEMPEST_AUTH_FACTOR_TOKEN` | Pre-supply an email sign-in code; usually unnecessary                   |
 | `TEMPEST_NO_STREAM`         | Set to `1` to disable the auto-started Jetstream feed                   |
 | `TEMPEST_FEED`              | `home` (default) or `self`; equivalent to `--feed`                      |
 | `TEMPEST_OPEN_CMD`          | Command used by `:open $LX` to open URLs (default `open`); URL is passed as the single argument |
-| `TEMPEST_SESSION_PATH`      | Override the session cache path                                         |
-| `TEMPEST_CURSOR_PATH`       | Override the Jetstream cursor cache path                                |
-| `TEMPEST_TIMELINE_PATH`     | Override the timeline snapshot cache path                               |
 | `TEMPEST_DEBUG_LOG`         | Path to a debug log file (unset by default; see Diagnostics)            |
 | `TEMPEST_DEBUG_LOG_LEVEL`   | `DEBUG`, `INFO` (default), or `WARN`                                    |
 | `TEMPEST_WATCHDOG_THRESHOLD`| Seconds without a Jetstream event before a forced reconnect (default 90) |
 | `TEMPEST_WATCHDOG_INTERVAL` | Seconds between watchdog checks (default 30)                            |
 | `NO_COLOR`                  | Disable ANSI colors when set to any non-empty value                     |
 
+The `TEMPEST_SESSION_PATH`, `TEMPEST_CURSOR_PATH`, `TEMPEST_TIMELINE_PATH`, and `TEMPEST_PDS_HOST` variables are no longer honored after 0.3.0. The legacy `TEMPEST_SESSION_PATH` is read once at migration time so that an existing override still maps cleanly into the new per-DID layout.
+
 ## Diagnostics
 
 Set `TEMPEST_DEBUG_LOG` to a writable path and `tempest` will append timestamped notes about every Jetstream state transition to that file (rotated daily). When the variable is unset no file is created and the runtime behaves exactly as before. Example: `TEMPEST_DEBUG_LOG=~/tempest-debug.log tempest`.

data/lib/tempest/account_paths.rb

@@ -0,0 +1,60 @@
+require_relative "../tempest"
+
+module Tempest
+  # Centralizes filesystem layout for tempest's per-account storage.
+  #
+  # Legacy paths (`legacy_*`) honor `TEMPEST_SESSION_PATH` /
+  # `TEMPEST_CURSOR_PATH` / `TEMPEST_TIMELINE_PATH` for migration purposes only;
+  # the new per-DID paths cannot be overridden via env.
+  module AccountPaths
+    module_function
+
+    def config_base(env = ENV)
+      base = env["XDG_CONFIG_HOME"]
+      base = File.join(env["HOME"].to_s, ".config") if base.nil? || base.empty?
+      File.join(base, "tempest")
+    end
+
+    def legacy_session_path(env = ENV)
+      explicit = env["TEMPEST_SESSION_PATH"]
+      return explicit if explicit && !explicit.empty?
+      File.join(config_base(env), "session.json")
+    end
+
+    def legacy_cursor_path(env = ENV)
+      explicit = env["TEMPEST_CURSOR_PATH"]
+      return explicit if explicit && !explicit.empty?
+      File.join(config_base(env), "cursor.json")
+    end
+
+    def legacy_timeline_path(env = ENV)
+      explicit = env["TEMPEST_TIMELINE_PATH"]
+      return explicit if explicit && !explicit.empty?
+      File.join(config_base(env), "timeline.json")
+    end
+
+    def accounts_dir(env = ENV)
+      File.join(config_base(env), "accounts")
+    end
+
+    def account_dir(env = ENV, did:)
+      File.join(accounts_dir(env), did)
+    end
+
+    def session_path(env = ENV, did:)
+      File.join(account_dir(env, did: did), "session.json")
+    end
+
+    def cursor_path(env = ENV, did:)
+      File.join(account_dir(env, did: did), "cursor.json")
+    end
+
+    def timeline_path(env = ENV, did:)
+      File.join(account_dir(env, did: did), "timeline.json")
+    end
+
+    def accounts_json_path(env = ENV)
+      File.join(config_base(env), "accounts.json")
+    end
+  end
+end

data/lib/tempest/accounts_migration.rb

@@ -0,0 +1,65 @@
+require "fileutils"
+require "json"
+require "time"
+
+require_relative "../tempest"
+require_relative "account_paths"
+require_relative "accounts_store"
+
+module Tempest
+  # One-shot, idempotent migration that converts the legacy single-account
+  # layout (<base>/session.json etc.) into the per-DID layout introduced in
+  # 0.3.0 (<base>/accounts/<did>/session.json + <base>/accounts.json).
+  #
+  # Runs at the top of every command entry point. The presence of accounts.json
+  # is the completion marker; partial failures recover automatically thanks to
+  # `File.rename`'s atomicity and AccountsStore's orphan self-heal.
+  module AccountsMigration
+    module_function
+
+    # Returns one of :migrated, :skipped, :noop. :migrated is the only state
+    # that produces stderr output.
+    def run(env: ENV, stderr: $stderr, logger: nil)
+      accounts_json = Tempest::AccountPaths.accounts_json_path(env)
+      return :skipped if File.exist?(accounts_json)
+
+      legacy_session = Tempest::AccountPaths.legacy_session_path(env)
+      return :noop unless File.exist?(legacy_session)
+
+      data = JSON.parse(File.read(legacy_session))
+      did = data.fetch("did")
+      handle = data.fetch("handle")
+      identifier = data["identifier"] || handle
+      pds_host = data["pds_host"] || Tempest::Config::DEFAULT_PDS_HOST
+
+      account_dir = Tempest::AccountPaths.account_dir(env, did: did)
+      FileUtils.mkdir_p(Tempest::AccountPaths.accounts_dir(env), mode: 0o700)
+      FileUtils.mkdir_p(account_dir, mode: 0o700)
+
+      File.rename(legacy_session, Tempest::AccountPaths.session_path(env, did: did))
+
+      legacy_cursor = Tempest::AccountPaths.legacy_cursor_path(env)
+      if File.exist?(legacy_cursor)
+        File.rename(legacy_cursor, Tempest::AccountPaths.cursor_path(env, did: did))
+      end
+
+      legacy_timeline = Tempest::AccountPaths.legacy_timeline_path(env)
+      if File.exist?(legacy_timeline)
+        File.rename(legacy_timeline, Tempest::AccountPaths.timeline_path(env, did: did))
+      end
+
+      store = Tempest::AccountsStore.new(env: env, logger: logger)
+      store.add_account(
+        did: did,
+        handle: handle,
+        identifier: identifier,
+        pds_host: pds_host,
+        added_at: Time.now.utc,
+      )
+
+      logger&.info("accounts", event: "migrated", did: did, account_dir: account_dir)
+      stderr.puts "[tempest] migrated session to #{account_dir}/"
+      :migrated
+    end
+  end
+end

data/lib/tempest/accounts_store.rb

@@ -0,0 +1,205 @@
+require "fileutils"
+require "json"
+require "set"
+require "time"
+
+require_relative "../tempest"
+require_relative "account_paths"
+require_relative "config"
+require_relative "session_store"
+
+module Tempest
+  # Tracks which Bluesky accounts tempest knows about and which one is currently
+  # the default. The on-disk representation is `<config_base>/accounts.json`,
+  # always rewritten via tmp + rename for atomicity (see `write_atomic`).
+  #
+  # On construction, also performs an orphan-recovery sweep so that any
+  # `accounts/<did>/session.json` left behind by a partial login or migration
+  # appears in accounts.json the next time tempest starts.
+  class AccountsStore
+    SCHEMA_VERSION = 1
+
+    Account = Data.define(:did, :handle, :identifier, :pds_host, :added_at)
+
+    def initialize(env: ENV, path: nil, logger: nil)
+      @env = env
+      @path = path || Tempest::AccountPaths.accounts_json_path(env)
+      @logger = logger
+      @default = nil
+      @accounts = []
+      load
+      self_heal
+    end
+
+    attr_reader :default, :accounts
+
+    def resolve(value)
+      return nil if value.nil? || value.empty?
+      by_did = @accounts.find { |a| a.did == value }
+      return by_did if by_did
+      @accounts.find { |a| a.handle == value }
+    end
+
+    def set_default(value)
+      account = resolve(value)
+      raise ArgumentError, "unknown user: #{value}" if account.nil?
+      return account.did if @default == account.did
+      @default = account.did
+      persist
+      @logger&.info("accounts", event: "set_default", handle: account.handle, did: account.did)
+      account.did
+    end
+
+    def add_account(did:, handle:, identifier:, pds_host:, added_at: Time.now.utc)
+      existing = @accounts.find { |a| a.did == did }
+      effective_added_at = existing ? existing.added_at : added_at
+      replacement = Account.new(
+        did: did,
+        handle: handle,
+        identifier: identifier,
+        pds_host: pds_host,
+        added_at: effective_added_at,
+      )
+
+      list = @accounts.reject { |a| a.did == did } + [replacement]
+      @accounts = list.sort_by(&:added_at).freeze
+      @default ||= did
+      persist
+      replacement
+    end
+
+    def update_handle(did:, handle:)
+      target = @accounts.find { |a| a.did == did }
+      return if target.nil?
+      return if target.handle == handle
+
+      old_handle = target.handle
+      replacement = Account.new(
+        did: target.did,
+        handle: handle,
+        identifier: target.identifier,
+        pds_host: target.pds_host,
+        added_at: target.added_at,
+      )
+      list = @accounts.reject { |a| a.did == did } + [replacement]
+      @accounts = list.sort_by(&:added_at).freeze
+      persist
+      @logger&.info("accounts", event: "handle_changed", did: did, old_handle: old_handle, new_handle: handle)
+    end
+
+    private
+
+    def load
+      return unless File.exist?(@path)
+
+      raw = File.read(@path)
+      data = JSON.parse(raw)
+      unless data.is_a?(Hash) && data["version"] == SCHEMA_VERSION
+        @default = nil
+        @accounts = []
+        return
+      end
+
+      @default = data["default"]
+      @accounts = Array(data["accounts"]).filter_map { |hash| build_account(hash) }
+                                         .sort_by { |a| a.added_at }
+      @accounts.freeze
+    rescue JSON::ParserError
+      @default = nil
+      @accounts = []
+    end
+
+    def build_account(hash)
+      return nil unless hash.is_a?(Hash)
+      did = hash["did"]
+      handle = hash["handle"]
+      return nil if did.nil? || handle.nil?
+
+      Account.new(
+        did: did,
+        handle: handle,
+        identifier: hash["identifier"] || handle,
+        pds_host: hash["pds_host"] || Tempest::Config::DEFAULT_PDS_HOST,
+        added_at: parse_time(hash["added_at"]),
+      )
+    end
+
+    def parse_time(value)
+      return Time.now.utc if value.nil? || value.to_s.empty?
+      Time.iso8601(value)
+    rescue ArgumentError
+      Time.now.utc
+    end
+
+    def self_heal
+      dir = Tempest::AccountPaths.accounts_dir(@env)
+      return unless File.directory?(dir)
+
+      known = @accounts.map(&:did).to_set
+      changed = false
+      Dir.children(dir).each do |entry|
+        did = entry
+        next if known.include?(did)
+        session_path = Tempest::AccountPaths.session_path(@env, did: did)
+        next unless File.exist?(session_path)
+
+        adopted = adopt_orphan_session(did, session_path)
+        if adopted
+          @accounts = (@accounts.reject { |a| a.did == did } + [adopted]).sort_by(&:added_at).freeze
+          @default ||= did
+          changed = true
+          @logger&.info("accounts", event: "orphan_recovered", did: did, handle: adopted.handle)
+        end
+      end
+      persist if changed
+    end
+
+    def adopt_orphan_session(did, session_path)
+      raw = File.read(session_path)
+      data = JSON.parse(raw)
+      return nil unless data.is_a?(Hash)
+      handle = data["handle"] || data["identifier"]
+      return nil if handle.nil?
+
+      Account.new(
+        did: did,
+        handle: handle,
+        identifier: data["identifier"] || handle,
+        pds_host: data["pds_host"] || Tempest::Config::DEFAULT_PDS_HOST,
+        added_at: File.mtime(session_path).utc,
+      )
+    rescue JSON::ParserError
+      @logger&.warn("accounts", event: "orphan_malformed", did: did)
+      nil
+    end
+
+    def persist
+      payload = {
+        "version" => SCHEMA_VERSION,
+        "default" => @default,
+        "accounts" => @accounts.map { |a|
+          {
+            "did" => a.did,
+            "handle" => a.handle,
+            "identifier" => a.identifier,
+            "pds_host" => a.pds_host,
+            "added_at" => a.added_at.utc.iso8601(6),
+          }
+        },
+      }
+      write_atomic(JSON.generate(payload))
+    end
+
+    def write_atomic(content)
+      FileUtils.mkdir_p(File.dirname(@path), mode: 0o700)
+      tmp = "#{@path}.tmp.#{Process.pid}"
+      File.open(tmp, File::WRONLY | File::CREAT | File::TRUNC, 0o600) do |io|
+        io.write(content)
+      end
+      File.chmod(0o600, tmp)
+      File.rename(tmp, @path)
+    ensure
+      File.delete(tmp) if tmp && File.exist?(tmp)
+    end
+  end
+end

data/lib/tempest/cli.rb

@@ -4,17 +4,59 @@ require_relative "commands/base"
 require_relative "commands/whoami"
 require_relative "commands/post"
 require_relative "commands/feed"
+require_relative "commands/follow"
+require_relative "commands/login"
+require_relative "commands/accounts"
+require_relative "debug_log"
+require_relative "deprecated_envs"
 require_relative "xrpc_client"
 
 module Tempest
   module CLI
-    SUBCOMMANDS = %w[tui post feed whoami].freeze
+    SUBCOMMANDS = %w[tui post feed whoami follow accounts login].freeze
 
     module_function
 
+    # Pulls `--user <name>` / `--user=<name>` out of argv and returns
+    # `[user_or_nil, remaining_argv]`. Raises ArgumentError when the flag is
+    # present but the value is missing or empty. Multiple occurrences: last one
+    # wins.
+    def extract_user(argv)
+      user = nil
+      remaining = []
+      i = 0
+      while i < argv.length
+        arg = argv[i]
+        if arg == "--user"
+          nxt = argv[i + 1]
+          if nxt.nil? || nxt.empty? || nxt.start_with?("-")
+            raise ArgumentError, "--user requires a value"
+          end
+          user = nxt
+          i += 2
+        elsif arg.start_with?("--user=")
+          value = arg["--user=".length..]
+          raise ArgumentError, "--user requires a value" if value.nil? || value.empty?
+          user = value
+          i += 1
+        else
+          remaining << arg
+          i += 1
+        end
+      end
+      [user, remaining]
+    end
+
     def run(argv: ARGV, env: ENV, stdout: $stdout, stderr: $stderr, stdin: $stdin,
             session_factory: Tempest::Session.method(:create),
             store: nil)
+      begin
+        user, argv = extract_user(argv)
+      rescue ArgumentError => e
+        stderr.puts "error: #{e.message}"
+        return 64
+      end
+
       if argv.include?("--version") || argv.include?("-v")
         stdout.puts "tempest #{Tempest::VERSION}"
         return 0
@@ -28,14 +70,46 @@ module Tempest
       head = argv.first
       case
       when head.nil?, head.start_with?("-"), head == "tui"
+        Tempest::DeprecatedEnvs.warn_if_set(env: env, stderr: stderr)
         rest = (head == "tui") ? argv.drop(1) : argv
         Tempest::Commands::Tui.call(
           argv: rest, env: env, stdout: stdout, stderr: stderr, stdin: stdin,
-          session_factory: session_factory, store: store,
+          session_factory: session_factory, store: store, user: user,
         )
+      when head == "login"
+        if user
+          stderr.puts "error: --user is not supported for `login`"
+          return 64
+        end
+        logger = build_subcommand_logger(env)
+        begin
+          Tempest::Commands::Login.call(
+            argv: argv.drop(1), env: env, stdout: stdout, stderr: stderr, stdin: stdin,
+            session_factory: session_factory, logger: logger,
+          )
+        rescue Tempest::Error, ArgumentError => e
+          stderr.puts "error: #{e.message}"
+          Tempest::Commands::Base.exit_code_for(e)
+        end
+      when head == "accounts"
+        if user
+          stderr.puts "error: --user is not supported for `accounts`"
+          return 64
+        end
+        logger = build_subcommand_logger(env)
+        begin
+          Tempest::Commands::Accounts.call(
+            argv: argv.drop(1), env: env, stdout: stdout, stderr: stderr, logger: logger,
+          )
+        rescue Tempest::Error, ArgumentError => e
+          stderr.puts "error: #{e.message}"
+          Tempest::Commands::Base.exit_code_for(e)
+        end
       when SUBCOMMANDS.include?(head)
+        Tempest::DeprecatedEnvs.warn_if_set(env: env, stderr: stderr)
+        logger = build_subcommand_logger(env)
         begin
-          dispatch_subcommand(head, argv, env: env, stdout: stdout, stderr: stderr, stdin: stdin)
+          dispatch_subcommand(head, argv, env: env, stdout: stdout, stderr: stderr, stdin: stdin, user: user, logger: logger)
         rescue Tempest::Error, ArgumentError => e
           stderr.puts "error: #{e.message}"
           Tempest::Commands::Base.exit_code_for(e)
@@ -46,9 +120,18 @@ module Tempest
       end
     end
 
-    def dispatch_subcommand(head, argv, env:, stdout:, stderr:, stdin:)
-      session = Tempest::Commands::Base.authenticate(env: env, stderr: stderr)
-      return 3 if session.nil?
+    # Build the info-level logger used by non-TUI subcommands so that
+    # account/login/migration events still reach info.log. Always non-verbose
+    # (no `debug:` flag), distinct from the TUI's `--debug` channel.
+    def build_subcommand_logger(env)
+      Tempest::DebugLog.build(env: env, debug: false)
+    end
+
+    def dispatch_subcommand(head, argv, env:, stdout:, stderr:, stdin:, user: nil, logger: nil)
+      session, code = Tempest::Commands::Base.authenticate_with_code(
+        env: env, stderr: stderr, user: user, logger: logger,
+      )
+      return code if session.nil?
       client = Tempest::XRPCClient.new(session)
       case head
       when "whoami"
@@ -66,6 +149,11 @@ module Tempest
           argv: argv.drop(1), session: session, client: client,
           stdout: stdout, stderr: stderr,
         )
+      when "follow"
+        Tempest::Commands::Follow.call(
+          argv: argv.drop(1), session: session, client: client,
+          stdout: stdout, stderr: stderr,
+        )
       end
     end
 

data/lib/tempest/commands/accounts.rb

@@ -0,0 +1,98 @@
+require "json"
+
+require_relative "../commands"
+require_relative "../accounts_store"
+require_relative "../accounts_migration"
+
+module Tempest
+  module Commands
+    # `tempest accounts list` / `tempest accounts set-default <handle|did>`.
+    module Accounts
+      module_function
+
+      def call(argv:, env:, stdout:, stderr:, logger: nil)
+        Tempest::AccountsMigration.run(env: env, stderr: stderr, logger: logger)
+        sub = argv.first
+
+        case sub
+        when "list"
+          list(argv.drop(1), env: env, stdout: stdout, stderr: stderr, logger: logger)
+        when "set-default"
+          set_default(argv.drop(1), env: env, stdout: stdout, stderr: stderr, logger: logger)
+        when nil
+          stdout.puts "usage: tempest accounts list|set-default ..."
+          64
+        else
+          stderr.puts "error: unknown accounts subcommand: #{sub}"
+          64
+        end
+      end
+
+      def list(argv, env:, stdout:, stderr:, logger: nil)
+        format = "line"
+        argv.each do |arg|
+          if (m = arg.match(/\A--format=(\S+)\z/))
+            format = m[1]
+          end
+        end
+        unless %w[line json].include?(format)
+          stderr.puts "error: invalid --format: #{format.inspect}"
+          return 64
+        end
+
+        store = Tempest::AccountsStore.new(env: env, logger: logger)
+
+        if store.accounts.empty?
+          if format == "json"
+            stdout.puts JSON.generate("default" => nil, "accounts" => [])
+          else
+            stdout.puts "no accounts — run `tempest login` to add one"
+          end
+          return 0
+        end
+
+        case format
+        when "json"
+          payload = {
+            "default" => store.default,
+            "accounts" => store.accounts.map { |a|
+              {
+                "did" => a.did,
+                "handle" => a.handle,
+                "identifier" => a.identifier,
+                "pds_host" => a.pds_host,
+                "added_at" => a.added_at.utc.iso8601(6),
+              }
+            },
+          }
+          stdout.puts JSON.generate(payload)
+        when "line"
+          store.accounts.each do |a|
+            marker = (a.did == store.default) ? "* " : "  "
+            stdout.puts "#{marker}@#{a.handle} (#{a.did}) #{a.pds_host}  added #{a.added_at.utc.strftime("%Y-%m-%d")}"
+          end
+        end
+        0
+      end
+
+      def set_default(argv, env:, stdout:, stderr:, logger: nil)
+        value = argv.first
+        if value.nil? || value.empty?
+          stderr.puts "usage: tempest accounts set-default <handle|did>"
+          return 64
+        end
+
+        store = Tempest::AccountsStore.new(env: env, logger: logger)
+        target = store.resolve(value)
+        if target.nil?
+          stderr.puts "error: unknown user: #{value} (run `tempest accounts list` to see known accounts)"
+          return 2
+        end
+
+        store.set_default(target.did)
+        stdout.puts "default account set to @#{target.handle} (#{target.did})"
+        0
+      end
+    end
+  end
+end

data/lib/tempest/commands/base.rb

@@ -1,5 +1,7 @@
 require_relative "../commands"
 require_relative "../session_store"
+require_relative "../accounts_store"
+require_relative "../accounts_migration"
 require_relative "../config"
 require_relative "../repl/formatter"
 
@@ -10,25 +12,73 @@ module Tempest
 
       VALID_FORMATS = %i[line json raw].freeze
 
-      # Loads the cached session and refreshes it. Returns the session on
-      # success. On failure (no cache, refresh rejected) writes a single
-      # human-readable line to stderr and returns nil; callers translate the
-      # nil into exit code 3.
-      def authenticate(env:, stderr:, store: nil)
-        store ||= Tempest::SessionStore.new(path: Tempest::SessionStore.default_path(env))
-        session = store.load(identifier: env["TEMPEST_IDENTIFIER"], pds_host: env["TEMPEST_PDS_HOST"])
+      # Loads the per-account cached session and refreshes it. Returns the
+      # session on success. On failure writes a human-readable line to stderr
+      # and returns nil; callers translate the nil into the appropriate exit
+      # code via `exit_code_for` (or `authenticate_with_code` for a more
+      # specific exit code).
+      #
+      # `user:` is the value of the global `--user <handle|did>` flag, or nil
+      # for the default account.
+      def authenticate(env:, stderr:, user: nil, logger: nil)
+        session, _code = authenticate_with_code(env: env, stderr: stderr, user: user, logger: logger)
+        session
+      end
+
+      # Like `authenticate` but additionally returns the exit code that the CLI
+      # should use when session is nil. Exit codes follow the spec:
+      # 2 for "unknown user" / "no accounts configured", 3 for session missing
+      # or refresh failure.
+      def authenticate_with_code(env:, stderr:, user: nil, logger: nil)
+        Tempest::AccountsMigration.run(env: env, stderr: stderr, logger: logger)
+        accounts = Tempest::AccountsStore.new(env: env, logger: logger)
+
+        target = resolve_target(accounts, user, stderr)
+        return [nil, 2] if target.nil?
+
+        session_store = Tempest::SessionStore.for(env, did: target.did)
+        session = session_store.load(identifier: nil, pds_host: nil)
         if session.nil?
-          stderr.puts "error: no cached session — run `tempest tui` once to sign in"
-          return nil
+          stderr.puts "error: session for @#{target.handle} missing — run `tempest login` to re-authenticate"
+          return [nil, 3]
         end
-        session.on_change = ->(s) { store.save(s, identifier: s.identifier) }
+
+        session.identifier ||= target.identifier
+        session.on_change = ->(s) {
+          session_store.save(s, identifier: s.identifier || target.identifier)
+          accounts.update_handle(did: s.did, handle: s.handle) if s.did && s.handle
+        }
+
         begin
           session.refresh!
         rescue Tempest::Error => e
-          stderr.puts "error: cached session refresh failed: #{e.message}"
+          stderr.puts "error: session for @#{target.handle} expired — run `tempest login` to re-authenticate (#{e.message})"
+          return [nil, 3]
+        end
+        [session, 0]
+      end
+
+      def resolve_target(accounts, user, stderr)
+        if user
+          target = accounts.resolve(user)
+          if target.nil?
+            stderr.puts "error: unknown user: #{user} (run `tempest accounts list` to see known accounts)"
+            return nil
+          end
+          return target
+        end
+
+        if accounts.default
+          return accounts.resolve(accounts.default)
+        end
+
+        if accounts.accounts.empty?
+          stderr.puts "error: no accounts configured — run `tempest login` to add one"
           return nil
         end
-        session
+
+        stderr.puts "error: no default account set — run `tempest accounts set-default <handle>`"
+        nil
       end
 
       # Returns one of :line, :json, :raw. Callers may override with --format.

data/lib/tempest/commands/follow.rb

@@ -0,0 +1,35 @@
+require_relative "../commands"
+require_relative "../commands/base"
+require_relative "../handle_lookup"
+
+module Tempest
+  module Commands
+    module Follow
+      module_function
+
+      def call(argv:, session:, client:, stdout:, stderr:)
+        handle = argv.first&.sub(/\A@/, "")
+        if handle.nil? || handle.empty?
+          stderr.puts "usage: tempest follow <handle>"
+          return 64
+        end
+
+        did = Tempest::HandleLookup.resolve(handle, client: client)
+        client.post(
+          "com.atproto.repo.createRecord",
+          body: {
+            "repo"       => session.did,
+            "collection" => "app.bsky.graph.follow",
+            "record"     => {
+              "$type"     => "app.bsky.graph.follow",
+              "subject"   => did,
+              "createdAt" => Time.now.utc.iso8601,
+            },
+          },
+        )
+        stdout.puts "Followed @#{handle}"
+        0
+      end
+    end
+  end
+end

data/lib/tempest/commands/login.rb

@@ -0,0 +1,118 @@
+require "io/console"
+require "time"
+
+require_relative "../commands"
+require_relative "../accounts_store"
+require_relative "../accounts_migration"
+require_relative "../config"
+require_relative "../session"
+require_relative "../session_store"
+
+module Tempest
+  module Commands
+    # `tempest login` — adds a Bluesky account to tempest.
+    #
+    # Always reads identifier and app password interactively from stdin (env
+    # vars are intentionally not honored — see plan §F2). Optional
+    # `--pds-host=<url>` selects a non-bsky.social PDS. On success, persists
+    # the per-DID session.json and registers the account in accounts.json
+    # (becoming default if it is the first account).
+    module Login
+      module_function
+
+      DEFAULT_PDS_HOST = Tempest::Config::DEFAULT_PDS_HOST
+
+      def call(argv:, env:, stdout:, stderr:, stdin:, session_factory: nil, logger: nil)
+        Tempest::AccountsMigration.run(env: env, stderr: stderr, logger: logger)
+        session_factory ||= Tempest::Session.method(:create)
+
+        pds_host, _rest = parse(argv, stderr: stderr)
+        return 64 if pds_host == :error
+
+        stdout.print "identifier: "
+        stdout.flush
+        identifier = stdin.gets&.strip
+        if identifier.nil? || identifier.empty?
+          stderr.puts "error: identifier required"
+          return 64
+        end
+
+        password = read_password(stdout, stdin)
+        if password.nil? || password.empty?
+          stderr.puts "error: app password required"
+          return 64
+        end
+
+        stdout.puts "signing in..."
+        stdout.flush
+
+        config = Tempest::Config.new(
+          identifier: identifier,
+          app_password: password,
+          pds_host: pds_host,
+        )
+
+        session = create_with_2fa(config, stdout, stdin, session_factory)
+
+        session_store = Tempest::SessionStore.for(env, did: session.did)
+        session.identifier ||= identifier
+        session_store.save(session, identifier: identifier)
+
+        accounts = Tempest::AccountsStore.new(env: env, logger: logger)
+        accounts.add_account(
+          did: session.did,
+          handle: session.handle,
+          identifier: identifier,
+          pds_host: pds_host,
+          added_at: Time.now.utc,
+        )
+
+        logger&.info("accounts", event: "login", handle: session.handle, did: session.did, pds_host: pds_host)
+        stdout.puts "logged in as @#{session.handle} (#{session.did}) on #{pds_host}"
+        0
+      rescue Tempest::AuthenticationError => e
+        stderr.puts "error: login failed: #{e.message}"
+        3
+      end
+
+      def parse(argv, stderr:)
+        pds_host = DEFAULT_PDS_HOST
+        rest = []
+        argv.each do |arg|
+          if (m = arg.match(/\A--pds-host=(.+)\z/))
+            pds_host = m[1]
+          else
+            rest << arg
+          end
+        end
+        [pds_host, rest]
+      end
+
+      def read_password(stdout, stdin)
+        stdout.print "app password: "
+        stdout.flush
+        if stdin.respond_to?(:noecho)
+          password = stdin.noecho(&:gets)
+          stdout.puts ""
+          password&.strip
+        else
+          stdin.gets&.strip
+        end
+      end
+
+      def create_with_2fa(config, stdout, stdin, session_factory)
+        session_factory.call(config, auth_factor_token: nil)
+      rescue Tempest::AuthenticationError => e
+        raise unless e.code == "AuthFactorTokenRequired"
+
+        stdout.puts "Bluesky sent a sign-in code to your email. Enter it below."
+        stdout.print "code: "
+        stdout.flush
+        code = stdin.gets&.strip
+        raise Tempest::AuthenticationError.new("sign-in cancelled (no code entered)", code: e.code) if code.nil? || code.empty?
+
+        session_factory.call(config, auth_factor_token: code)
+      end
+    end
+  end
+end

data/lib/tempest/commands/tui.rb

@@ -4,6 +4,8 @@ require_relative "../config"
 require_relative "../debug_log"
 require_relative "../session"
 require_relative "../session_store"
+require_relative "../accounts_store"
+require_relative "../accounts_migration"
 require_relative "../cursor_store"
 require_relative "../timeline_store"
 require_relative "../xrpc_client"
@@ -26,14 +28,30 @@ module Tempest
 
       def call(argv:, env:, stdout:, stderr:, stdin:,
                session_factory: Tempest::Session.method(:create),
-               store: nil)
+               store: nil, user: nil)
         Tempest::REPL::Formatter.color = stdout.respond_to?(:tty?) && stdout.tty? && env["NO_COLOR"].to_s.empty?
 
         debug_logger = build_debug_logger(env, argv: argv)
         announce_debug_logger(debug_logger, stderr)
 
-        store ||= Tempest::SessionStore.new(path: Tempest::SessionStore.default_path(env))
-        session = sign_in(env, stdout, stdin, session_factory, store: store)
+        Tempest::AccountsMigration.run(env: env, stderr: stderr, logger: debug_logger)
+
+        if store
+          # Test injection path: behave as the legacy single-account flow so
+          # existing tests pass unchanged.
+          session = sign_in(env, stdout, stdin, session_factory, store: store)
+          target_did = session.did
+        else
+          accounts = Tempest::AccountsStore.new(env: env, logger: debug_logger)
+          target_did, session = sign_in_with_accounts(
+            accounts: accounts, env: env, user: user,
+            stdout: stdout, stdin: stdin, stderr: stderr,
+            session_factory: session_factory,
+          )
+          return 3 if session.nil?
+          store = Tempest::SessionStore.for(env, did: target_did)
+        end
+
         client = Tempest::XRPCClient.new(session)
         input = RelineReader.new
 
@@ -66,7 +84,7 @@ module Tempest
         )
         stream_manager = Tempest::Jetstream::StreamManager.new(
           client: jetstream_client,
-          cursor_store: cursor_store(env),
+          cursor_store: cursor_store(env, did: target_did),
           filter: plan.filter,
           logger: debug_logger,
         )
@@ -91,7 +109,7 @@ module Tempest
           stream_manager: stream_manager,
           handle_resolver: handle_resolver,
           avatar_store: avatar_store,
-          timeline_store: timeline_store(env),
+          timeline_store: timeline_store(env, did: target_did),
           opener: opener_for(env: env),
           reauth: build_reauth(env, stdout, stdin, session_factory),
         )
@@ -145,6 +163,96 @@ module Tempest
         session
       end
 
+      # Multi-account-aware sign-in for `tempest tui`. Returns [did, session] on
+      # success, or [nil, nil] when stderr already received the error message.
+      #
+      # Order of precedence:
+      #   1. `user` argument: resolve against accounts.json; refresh
+      #      `accounts/<did>/session.json`. Fail loudly on unknown user or
+      #      refresh failure.
+      #   2. Default account: same flow, target is `accounts.default`.
+      #   3. No accounts and `TEMPEST_IDENTIFIER`/`TEMPEST_APP_PASSWORD` set:
+      #      first-run env path. Create session via 2FA-aware factory, save it
+      #      under the per-DID layout, and register it as default.
+      #   4. No accounts and no env: stderr "no accounts configured" and bail.
+      def sign_in_with_accounts(accounts:, env:, user:, stdout:, stdin:, stderr:, session_factory:)
+        if user
+          target = accounts.resolve(user)
+          if target.nil?
+            stderr.puts "error: unknown user: #{user} (run `tempest accounts list` to see known accounts)"
+            return [nil, nil]
+          end
+          return resume_account(accounts: accounts, env: env, target: target, stderr: stderr)
+        end
+
+        if accounts.default
+          target = accounts.resolve(accounts.default)
+          return resume_account(accounts: accounts, env: env, target: target, stderr: stderr)
+        end
+
+        if accounts.accounts.empty? && !nil_if_empty(env["TEMPEST_IDENTIFIER"]).nil?
+          return first_run_env_path(accounts: accounts, env: env, stdout: stdout, stdin: stdin, session_factory: session_factory)
+        end
+
+        stderr.puts "error: no accounts configured — run `tempest login` to add one"
+        [nil, nil]
+      end
+
+      def resume_account(accounts:, env:, target:, stderr:)
+        store = Tempest::SessionStore.for(env, did: target.did)
+        session = store.load(identifier: nil, pds_host: nil)
+        if session.nil?
+          stderr.puts "error: session for @#{target.handle} missing — run `tempest login` to re-authenticate"
+          return [nil, nil]
+        end
+
+        session.identifier ||= target.identifier
+        session.on_change = ->(s) {
+          store.save(s, identifier: s.identifier || target.identifier)
+          accounts.update_handle(did: s.did, handle: s.handle) if s.did && s.handle
+        }
+        begin
+          session.refresh!
+        rescue Tempest::Error => e
+          stderr.puts "error: session for @#{target.handle} expired — run `tempest login` to re-authenticate (#{e.message})"
+          return [nil, nil]
+        end
+        [target.did, session]
+      end
+
+      def first_run_env_path(accounts:, env:, stdout:, stdin:, session_factory:)
+        # First-run env path intentionally pins pds_host to the default so that
+        # the deprecated TEMPEST_PDS_HOST env var has no effect (spec §"Deprecated
+        # env vars"). Alternate PDS hosts must go through `tempest login
+        # --pds-host=...`.
+        identifier = nil_if_empty(env["TEMPEST_IDENTIFIER"])
+        app_password = nil_if_empty(env["TEMPEST_APP_PASSWORD"])
+        raise Tempest::Config::MissingValue, "TEMPEST_IDENTIFIER is not set" if identifier.nil?
+        raise Tempest::Config::MissingValue, "TEMPEST_APP_PASSWORD is not set" if app_password.nil?
+
+        config = Tempest::Config.new(
+          identifier: identifier,
+          app_password: app_password,
+          pds_host: Tempest::Config::DEFAULT_PDS_HOST,
+        )
+        session = create_with_2fa(config, env, stdout, stdin, session_factory)
+        store = Tempest::SessionStore.for(env, did: session.did)
+        session.identifier ||= config.identifier
+        session.on_change = ->(s) {
+          store.save(s, identifier: s.identifier || config.identifier)
+          accounts.update_handle(did: s.did, handle: s.handle) if s.did && s.handle
+        }
+        store.save(session, identifier: config.identifier)
+        accounts.add_account(
+          did: session.did,
+          handle: session.handle,
+          identifier: config.identifier,
+          pds_host: config.pds_host,
+          added_at: Time.now.utc,
+        )
+        [session.did, session]
+      end
+
       def nil_if_empty(value)
         value.nil? || value.empty? ? nil : value
       end
@@ -181,8 +289,12 @@ module Tempest
         true
       end
 
-      def cursor_store(env)
-        Tempest::CursorStore.new(path: Tempest::CursorStore.default_path(env))
+      def cursor_store(env, did: nil)
+        if did
+          Tempest::CursorStore.for(env, did: did)
+        else
+          Tempest::CursorStore.new(path: Tempest::CursorStore.default_path(env))
+        end
       end
 
       # Returns a Tempest::DebugLog::Channel. info.log is always enabled
@@ -224,8 +336,12 @@ module Tempest
         }
       end
 
-      def timeline_store(env)
-        Tempest::TimelineStore.new(path: Tempest::TimelineStore.default_path(env))
+      def timeline_store(env, did: nil)
+        if did
+          Tempest::TimelineStore.for(env, did: did)
+        else
+          Tempest::TimelineStore.new(path: Tempest::TimelineStore.default_path(env))
+        end
       end
 
       def avatar_cache_dir(env)
@@ -288,7 +404,7 @@ module Tempest
 
       def help_text
         <<~HELP
-          Usage: tempest [subcommand] [options]
+          Usage: tempest [--user <handle|did>] [subcommand] [options]
 
           Subcommands:
             tui                 (default) launch the interactive TUI
@@ -296,6 +412,16 @@ module Tempest
             feed me|timeline|author <handle> [opts]
                                 read posts; --format=line|json|raw, --since, --until, --limit
             whoami              print the signed-in identity
+            follow <handle>     follow a Bluesky account
+            login               add a Bluesky account (interactive)
+            accounts list       show known accounts; * marks default. --format=json supported.
+            accounts set-default <handle|did>
+                                pick which account `tempest` uses when --user is unset
+
+          Global options:
+            --user <handle|did>  Pick which account to act as. Defaults to the
+                                 entry marked default in accounts.json. Not
+                                 accepted by `login` or `accounts`.
 
           TUI options:
             -h, --help          Show this help
@@ -310,10 +436,9 @@ module Tempest
                                 ~/.local/state/tempest) and use size-based
                                 rotation (5 MiB x 5 files).
 
-          Environment (required only when no cached session is available):
+          Environment (required only on first run, when accounts.json is absent):
             TEMPEST_IDENTIFIER     Your handle (e.g. asonas.bsky.social)
             TEMPEST_APP_PASSWORD   An app password generated in Bluesky settings
-            TEMPEST_PDS_HOST       Override PDS host (default: https://bsky.social)
             TEMPEST_AUTH_FACTOR_TOKEN
                                    Pre-supply an email sign-in code (rarely needed; the CLI will
                                    prompt interactively when Bluesky asks for one)
@@ -321,13 +446,6 @@ module Tempest
             TEMPEST_OPEN_CMD       Command used to open URLs when :open $LX is invoked
                                    (default: "open"). The URL is passed as the single
                                    argument after the command.
-            TEMPEST_SESSION_PATH   Override the session cache path (default:
-                                   $XDG_CONFIG_HOME/tempest/session.json or
-                                   ~/.config/tempest/session.json). The cache holds refreshed
-                                   tokens so the email sign-in code is only requested once.
-            TEMPEST_CURSOR_PATH    Override the Jetstream cursor cache path (default:
-                                   $XDG_CONFIG_HOME/tempest/cursor.json). Holds the last-seen
-                                   time_us so a restart can replay missed events.
             TEMPEST_FEED           "home" (default) or "self"; equivalent to --feed.
             TEMPEST_DEBUG          Set to 1 to behave as if --debug was passed.
             TEMPEST_LOG_DIR        Override the directory holding info.log and debug.log.

data/lib/tempest/cursor_store.rb

@@ -3,6 +3,7 @@ require "json"
 require "time"
 
 require_relative "../tempest"
+require_relative "account_paths"
 
 module Tempest
   # Persists the last-seen Jetstream `time_us` so a restarted tempest can hand
@@ -11,12 +12,11 @@ module Tempest
   # caller (StreamManager checks saved_at against its replay window).
   class CursorStore
     def self.default_path(env = ENV)
-      explicit = env["TEMPEST_CURSOR_PATH"]
-      return explicit if explicit && !explicit.empty?
+      Tempest::AccountPaths.legacy_cursor_path(env)
+    end
 
-      base = env["XDG_CONFIG_HOME"]
-      base = File.join(env["HOME"].to_s, ".config") if base.nil? || base.empty?
-      File.join(base, "tempest", "cursor.json")
+    def self.for(env = ENV, did:)
+      new(path: Tempest::AccountPaths.cursor_path(env, did: did))
     end
 
     def initialize(path:)
@@ -28,7 +28,7 @@ module Tempest
     def save(time_us:, at: Time.now)
       payload = { "time_us" => time_us, "saved_at" => at.utc.iso8601(6) }
 
-      FileUtils.mkdir_p(File.dirname(@path))
+      FileUtils.mkdir_p(File.dirname(@path), mode: 0o700)
       File.open(@path, File::WRONLY | File::CREAT | File::TRUNC, 0o600) do |io|
         io.write(JSON.generate(payload))
       end

data/lib/tempest/deprecated_envs.rb

@@ -0,0 +1,21 @@
+require_relative "../tempest"
+
+module Tempest
+  # Emits a one-line stderr warning per deprecated environment variable that is
+  # still set. Called from non-interactive command entry points (`tui`, `post`,
+  # `feed`, `whoami`); intentionally skipped by `login` and `accounts` so their
+  # interactive prompts and structured output stay clean.
+  module DeprecatedEnvs
+    NAMES = %w[TEMPEST_SESSION_PATH TEMPEST_CURSOR_PATH TEMPEST_TIMELINE_PATH TEMPEST_PDS_HOST].freeze
+
+    module_function
+
+    def warn_if_set(env:, stderr:)
+      NAMES.each do |name|
+        value = env[name]
+        next if value.nil? || value.empty?
+        stderr.puts "warning: #{name} is no longer honored; tempest uses accounts/<did>/ layout"
+      end
+    end
+  end
+end

data/lib/tempest/session_store.rb

@@ -2,17 +2,17 @@ require "fileutils"
 require "json"
 
 require_relative "../tempest"
+require_relative "account_paths"
 require_relative "session"
 
 module Tempest
   class SessionStore
     def self.default_path(env = ENV)
-      explicit = env["TEMPEST_SESSION_PATH"]
-      return explicit if explicit && !explicit.empty?
+      Tempest::AccountPaths.legacy_session_path(env)
+    end
 
-      base = env["XDG_CONFIG_HOME"]
-      base = File.join(env["HOME"].to_s, ".config") if base.nil? || base.empty?
-      File.join(base, "tempest", "session.json")
+    def self.for(env = ENV, did:)
+      new(path: Tempest::AccountPaths.session_path(env, did: did))
     end
 
     def initialize(path:)
@@ -31,7 +31,7 @@ module Tempest
         "refresh_jwt" => session.refresh_jwt,
       }
 
-      FileUtils.mkdir_p(File.dirname(@path))
+      FileUtils.mkdir_p(File.dirname(@path), mode: 0o700)
       File.open(@path, File::WRONLY | File::CREAT | File::TRUNC, 0o600) do |io|
         io.write(JSON.generate(payload))
       end

data/lib/tempest/timeline_store.rb

@@ -3,6 +3,7 @@ require "json"
 require "time"
 
 require_relative "../tempest"
+require_relative "account_paths"
 require_relative "post"
 require_relative "facet"
 
@@ -17,12 +18,11 @@ module Tempest
     MAX_POSTS = 50
 
     def self.default_path(env = ENV)
-      explicit = env["TEMPEST_TIMELINE_PATH"]
-      return explicit if explicit && !explicit.empty?
+      Tempest::AccountPaths.legacy_timeline_path(env)
+    end
 
-      base = env["XDG_CONFIG_HOME"]
-      base = File.join(env["HOME"].to_s, ".config") if base.nil? || base.empty?
-      File.join(base, "tempest", "timeline.json")
+    def self.for(env = ENV, did:)
+      new(path: Tempest::AccountPaths.timeline_path(env, did: did))
     end
 
     def initialize(path:)
@@ -37,7 +37,7 @@ module Tempest
         "saved_at" => at.utc.iso8601(6),
       }
 
-      FileUtils.mkdir_p(File.dirname(@path))
+      FileUtils.mkdir_p(File.dirname(@path), mode: 0o700)
       File.open(@path, File::WRONLY | File::CREAT | File::TRUNC, 0o600) do |io|
         io.write(JSON.generate(payload))
       end

data/lib/tempest/version.rb

@@ -1,3 +1,3 @@
 module Tempest
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tempest-rb
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Yuya Fujiwara
@@ -92,11 +92,17 @@ files:
 - README.md
 - exe/tempest
 - lib/tempest.rb
+- lib/tempest/account_paths.rb
+- lib/tempest/accounts_migration.rb
+- lib/tempest/accounts_store.rb
 - lib/tempest/avatar_store.rb
 - lib/tempest/cli.rb
 - lib/tempest/commands.rb
+- lib/tempest/commands/accounts.rb
 - lib/tempest/commands/base.rb
 - lib/tempest/commands/feed.rb
+- lib/tempest/commands/follow.rb
+- lib/tempest/commands/login.rb
 - lib/tempest/commands/post.rb
 - lib/tempest/commands/tui.rb
 - lib/tempest/commands/whoami.rb
@@ -104,6 +110,7 @@ files:
 - lib/tempest/cursor_store.rb
 - lib/tempest/date_filter.rb
 - lib/tempest/debug_log.rb
+- lib/tempest/deprecated_envs.rb
 - lib/tempest/facet.rb
 - lib/tempest/follows.rb
 - lib/tempest/handle_lookup.rb