@aexol/spectral 0.2.16 → 0.2.18

package/dist/cli.js

@@ -93,8 +93,7 @@ function printHeader() {
         TAGLINE,
         "",
         "Subcommands:",
-        "  spectral login         Authenticate with a team API key",
-        "  spectral login --oauth Authorize via browser (Aexol Studio OAuth)",
+        "  spectral login         Interactive authentication (team API key or OAuth)",
         "  spectral logout        Remove stored Aexol credentials",
         "  spectral serve    Connect this machine to the Aexol relay backend",
         "  spectral bind     Link this directory to an Aexol Studio project",
@@ -163,11 +162,6 @@ async function main() {
     // Subcommands. Dynamic import keeps the cold-start path light when users
     // are just running pi.
     if (first === "login") {
-        if (args[1] === "--oauth") {
-            const { runLoginOAuth } = await import("./commands/login-oauth.js");
-            await runLoginOAuth();
-            process.exit(0);
-        }
         const { runLogin } = await import("./commands/login.js");
         await runLogin();
         process.exit(0);

package/dist/commands/login-oauth.js

@@ -1,5 +1,5 @@
 /**
- * `spectral login --oauth` — browser-based OAuth login for CLI machine ownership.
+ * OAuth login for CLI machine ownership (called from interactive `spectral login`).
  *
  * Flow:
  *   1. Start a temporary HTTP server on a random localhost port.

package/dist/commands/login.js

@@ -2,9 +2,11 @@
  * `spectral login` — interactive authentication against the Aexol MCP backend.
  *
  * Flow:
- *   1. Prompt for API URL (default = SPECTRAL_MCP_URL env, else hard default).
- *   2. Prompt for team API key (masked input). Verify the sk-aexol-team- prefix
- *      locally so we don't send obviously-wrong credentials.
+ *   1. Choose auth method: Team API key or OAuth (browser).
+ *   2a. API key: prompt for team API key (masked input). Verify the
+ *       sk-aexol-team- prefix locally so we don't send obviously-wrong
+ *       credentials. The API URL is taken from env or the hard default.
+ *   2b. OAuth: open browser for Aexol Studio authorization.
  *   3. Verify reachability + auth by calling tools/list against the URL.
  *   4. On success: persist to ~/.spectral/config.json (mode 0600).
  *
@@ -14,9 +16,9 @@
  * wrapper delegates to it after collecting prompts. Tests target
  * `performLogin` directly so we don't have to drive `@inquirer/prompts`.
  */
-import { input, password } from "@inquirer/prompts";
+import { password, select } from "@inquirer/prompts";
 import pc from "picocolors";
-import { DEFAULT_API_URL, TEAM_API_KEY_PREFIX, getConfigFile, validateTeamApiKey, writeConfig, } from "../config.js";
+import { TEAM_API_KEY_PREFIX, getApiUrl, getConfigFile, validateTeamApiKey, writeConfig, } from "../config.js";
 import { AexolMcpClient, AexolMcpError } from "../mcp-client.js";
 /**
  * Pure login logic. Throws `Error` with one of these stable message prefixes:
@@ -62,15 +64,34 @@ export async function performLogin(opts) {
 export async function runLogin() {
     process.stdout.write(pc.bold("Spectral login\n"));
     process.stdout.write(pc.dim(`Authenticate against the Aexol MCP backend. Credentials are stored at ${getConfigFile()} (chmod 600).\n\n`));
-    const defaultUrl = process.env.SPECTRAL_MCP_URL ?? DEFAULT_API_URL;
-    let apiUrl;
+    // Step 1: choose auth method
+    let authMethod;
+    try {
+        authMethod = await select({
+            message: "How would you like to authenticate?",
+            choices: [
+                { name: "Team API key", value: "apikey" },
+                { name: "OAuth (browser)", value: "oauth" },
+            ],
+        });
+    }
+    catch (err) {
+        const name = err?.name;
+        if (name === "ExitPromptError") {
+            process.stderr.write(pc.yellow("\nLogin cancelled.\n"));
+            process.exit(130);
+        }
+        throw err;
+    }
+    if (authMethod === "oauth") {
+        const { runLoginOAuth } = await import("./login-oauth.js");
+        await runLoginOAuth();
+        return;
+    }
+    // Team API key flow: no URL prompt — use env or default.
+    const apiUrl = getApiUrl();
     let teamApiKey;
     try {
-        apiUrl = (await input({
-            message: "Aexol MCP URL",
-            default: defaultUrl,
-            validate: (v) => (v.trim().length > 0 ? true : "URL is required"),
-        })).trim();
         teamApiKey = (await password({
             message: `Team API key (starts with "${TEAM_API_KEY_PREFIX}")`,
             mask: "*",
@@ -86,7 +107,6 @@ export async function runLogin() {
         })).trim();
     }
     catch (err) {
-        // @inquirer/prompts throws ExitPromptError on Ctrl+C; treat as cancellation.
         const name = err?.name;
         if (name === "ExitPromptError") {
             process.stderr.write(pc.yellow("\nLogin cancelled.\n"));

package/dist/extensions/aexol-mcp.js

@@ -89,7 +89,12 @@ export default async function aexolMcpExtension(pi) {
         return;
     }
     const apiUrl = getApiUrl(cfg.apiUrl);
-    const client = new AexolMcpClient(apiUrl, cfg.teamApiKey);
+    const token = cfg.teamApiKey || cfg.userJwt || "";
+    if (!token) {
+        process.stderr.write(`[aexol-mcp] No auth token in ${getConfigFile()}; Aexol tools disabled. Run \`spectral login\`.\n`);
+        return;
+    }
+    const client = new AexolMcpClient(apiUrl, token);
     // ---- Load local Studio binding -------------------------------------------
     try {
         currentBinding = await readStudioBinding();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aexol/spectral",
-  "version": "0.2.16",
+  "version": "0.2.18",
   "description": "Always-on coding agent for Aexol — branded pi wrapper with relay-based browser access.",
   "type": "module",
   "private": false,