@agentuity/cli 0.0.42 → 0.0.44

package/src/cmd/auth/api.ts

@@ -1,7 +1,6 @@
 import { z } from 'zod';
-import { APIError, APIResponseSchema } from '@agentuity/server';
-import { APIClient } from '../../api';
-import type { Config } from '../../types';
+import { APIError, APIResponseSchema, APIResponseSchemaOptionalData } from '@agentuity/server';
+import type { APIClient } from '../../api';
 
 // Zod schemas for API validation
 const OTPStartDataSchema = z.object({
@@ -37,9 +36,8 @@ export interface SignupResult {
 	expires: Date;
 }
 
-export async function generateLoginOTP(apiUrl: string, config?: Config | null): Promise<string> {
-	const client = new APIClient(apiUrl, config);
-	const resp = await client.request(
+export async function generateLoginOTP(apiClient: APIClient): Promise<string> {
+	const resp = await apiClient.request(
 		'GET',
 		'/cli/auth/start',
 		APIResponseSchema(OTPStartDataSchema)
@@ -57,19 +55,17 @@ export async function generateLoginOTP(apiUrl: string, config?: Config | null):
 }
 
 export async function pollForLoginCompletion(
-	apiUrl: string,
+	apiClient: APIClient,
 	otp: string,
-	config?: Config | null,
 	timeoutMs = 60000
 ): Promise<LoginResult> {
-	const client = new APIClient(apiUrl, config);
 	const started = Date.now();
 
 	while (Date.now() - started < timeoutMs) {
-		const resp = await client.request(
+		const resp = await apiClient.request(
 			'POST',
 			'/cli/auth/check',
-			APIResponseSchema(OTPCompleteDataSchema),
+			APIResponseSchemaOptionalData(OTPCompleteDataSchema),
 			{ otp },
 			OTPCheckRequestSchema
 		);
@@ -104,17 +100,15 @@ export function generateSignupOTP(): string {
 }
 
 export async function pollForSignupCompletion(
-	apiUrl: string,
+	apiClient: APIClient,
 	otp: string,
-	config?: Config | null,
-	timeoutMs = 300000
+	timeoutMs = 350000
 ): Promise<SignupResult> {
-	const client = new APIClient(apiUrl, config);
 	const started = Date.now();
 
 	while (Date.now() - started < timeoutMs) {
 		try {
-			const resp = await client.request(
+			const resp = await apiClient.request(
 				'GET',
 				`/cli/auth/signup/${otp}`,
 				APIResponseSchema(SignupCompleteDataSchema)

package/src/cmd/auth/index.ts

@@ -2,9 +2,11 @@ import { createCommand } from '../../types';
 import { loginCommand } from './login';
 import { logoutCommand } from './logout';
 import { signupCommand } from './signup';
+import { whoamiCommand } from './whoami';
+import { sshSubcommand } from './ssh';
 
 export const command = createCommand({
 	name: 'auth',
 	description: 'Authentication and authorization related commands',
-	subcommands: [loginCommand, logoutCommand, signupCommand],
+	subcommands: [loginCommand, logoutCommand, signupCommand, whoamiCommand, sshSubcommand],
 });

package/src/cmd/auth/login.ts

@@ -1,6 +1,6 @@
 import { createSubcommand } from '../../types';
-import { UpgradeRequiredError } from '@agentuity/server';
-import { getAPIBaseURL, getAppBaseURL } from '../../api';
+import { UpgradeRequiredError, ValidationError } from '@agentuity/server';
+import { getAppBaseURL } from '../../api';
 import { saveAuth } from '../../config';
 import { generateLoginOTP, pollForLoginCompletion } from './api';
 import * as tui from '../../tui';
@@ -9,15 +9,25 @@ export const loginCommand = createSubcommand({
 	name: 'login',
 	description: 'Login to the Agentuity Platform using a browser-based authentication flow',
 	toplevel: true,
-
+	requires: { apiClient: true },
 	async handler(ctx) {
-		const { logger, config } = ctx;
-		const apiUrl = getAPIBaseURL(config);
+		const { logger, config, apiClient } = ctx;
+
+		if (!apiClient) {
+			throw new Error(
+				'API client is not available. This is likely a configuration or initialization issue.'
+			);
+		}
+
 		const appUrl = getAppBaseURL(config);
 
 		try {
-			const otp = await tui.spinner('Generating login one time code...', () => {
-				return generateLoginOTP(apiUrl, config);
+			const otp = await tui.spinner({
+				message: 'Generating login one time code...',
+				clearOnSuccess: true,
+				callback: () => {
+					return generateLoginOTP(apiClient);
+				},
 			});
 
 			if (!otp) {
@@ -46,7 +56,7 @@ export const loginCommand = createSubcommand({
 
 			console.log('Waiting for login to complete...');
 
-			const result = await pollForLoginCompletion(apiUrl, otp, config);
+			const result = await pollForLoginCompletion(apiClient, otp);
 
 			await saveAuth({
 				apiKey: result.apiKey,
@@ -57,10 +67,16 @@ export const loginCommand = createSubcommand({
 			tui.newline();
 			tui.success('Welcome to Agentuity! You are now logged in');
 		} catch (error) {
+			logger.trace(error);
 			if (error instanceof UpgradeRequiredError) {
 				const bannerBody = `${error.message}\n\nVisit: ${tui.link('https://agentuity.dev/CLI/installation')}`;
 				tui.banner('CLI Upgrade Required', bannerBody);
 				process.exit(1);
+			} else if (error instanceof ValidationError) {
+				tui.error(`API error: ${error.message}`);
+				tui.warning(`API url: ${error.url}`);
+				error.issues.map((i) => tui.arrow(`${i.message} for ${i.path}`));
+				process.exit(1);
 			} else if (error instanceof Error) {
 				logger.fatal(`Login failed: ${error.message}`);
 			} else {

package/src/cmd/auth/signup.ts

@@ -1,5 +1,5 @@
 import { createSubcommand } from '../../types';
-import { getAPIBaseURL, getAppBaseURL, UpgradeRequiredError } from '@agentuity/server';
+import { getAppBaseURL, UpgradeRequiredError } from '@agentuity/server';
 import { saveAuth } from '../../config';
 import { generateSignupOTP, pollForSignupCompletion } from './api';
 import * as tui from '../../tui';
@@ -8,10 +8,10 @@ export const signupCommand = createSubcommand({
 	name: 'signup',
 	description: 'Create a new Agentuity Cloud Platform account',
 	toplevel: true,
+	requires: { apiClient: true },
 
 	async handler(ctx) {
-		const { logger, config } = ctx;
-		const apiUrl = getAPIBaseURL(config?.overrides);
+		const { logger, config, apiClient } = ctx;
 		const appUrl = getAppBaseURL(config?.overrides);
 
 		try {
@@ -24,14 +24,18 @@ export const signupCommand = createSubcommand({
 			tui.banner('Signup for Agentuity', bannerBody);
 			tui.newline();
 
-			await tui.spinner('Waiting for signup to complete...', async () => {
-				const result = await pollForSignupCompletion(apiUrl, otp, config);
-
-				await saveAuth({
-					apiKey: result.apiKey,
-					userId: result.userId,
-					expires: result.expires,
-				});
+			await tui.spinner({
+				message: 'Waiting for signup to complete...',
+				clearOnSuccess: true,
+				callback: async () => {
+					const result = await pollForSignupCompletion(apiClient, otp);
+
+					await saveAuth({
+						apiKey: result.apiKey,
+						userId: result.userId,
+						expires: result.expires,
+					});
+				},
 			});
 
 			tui.newline();

package/src/cmd/auth/ssh/add.ts

@@ -0,0 +1,263 @@
+import { createSubcommand } from '../../../types';
+import { addSSHKey, computeSSHKeyFingerprint, listSSHKeys } from './api';
+import * as tui from '../../../tui';
+import { getCommand } from '../../../command-prefix';
+import enquirer from 'enquirer';
+import { readFileSync, readdirSync, statSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { z } from 'zod';
+
+const optionsSchema = z.object({
+	file: z.string().optional().describe('File containing the public key'),
+});
+
+interface SSHKeyOption {
+	path: string;
+	filename: string;
+	publicKey: string;
+	fingerprint: string;
+	comment: string;
+}
+
+/**
+ * Scan ~/.ssh directory for valid SSH public keys
+ */
+function discoverSSHKeys(): SSHKeyOption[] {
+	const sshDir = join(homedir(), '.ssh');
+	const keys: SSHKeyOption[] = [];
+	const seenFingerprints = new Set<string>();
+
+	try {
+		const files = readdirSync(sshDir);
+
+		for (const file of files) {
+			// Only look at .pub files (public keys)
+			if (!file.endsWith('.pub')) {
+				continue;
+			}
+
+			const filePath = join(sshDir, file);
+
+			try {
+				const stat = statSync(filePath);
+				if (!stat.isFile()) {
+					continue;
+				}
+
+				const content = readFileSync(filePath, 'utf-8').trim();
+
+				// Validate it's a valid SSH key
+				const fingerprint = computeSSHKeyFingerprint(content);
+
+				// Skip duplicate fingerprints
+				if (seenFingerprints.has(fingerprint)) {
+					continue;
+				}
+				seenFingerprints.add(fingerprint);
+
+				// Extract comment if present (last part of the key)
+				const parts = content.split(/\s+/);
+				const comment = parts.length >= 3 ? parts.slice(2).join(' ') : '';
+
+				keys.push({
+					path: filePath,
+					filename: file,
+					publicKey: content,
+					fingerprint,
+					comment,
+				});
+			} catch {
+				// Skip invalid keys
+				continue;
+			}
+		}
+	} catch {
+		// If we can't read ~/.ssh, just return empty array
+		return [];
+	}
+
+	// Sort by filename for predictable ordering
+	return keys.sort((a, b) => a.filename.localeCompare(b.filename));
+}
+
+/**
+ * Read stdin once if non-TTY and return its contents, or null when there is
+ * no piped data (e.g. timeout).
+ * This helper should be the only place that consumes Bun.stdin.
+ */
+async function readStdinIfPiped(): Promise<string | null> {
+	if (process.stdin.isTTY) {
+		return null;
+	}
+
+	try {
+		const stdin = await Promise.race([
+			Bun.stdin.text(),
+			new Promise<null>((resolve) => setTimeout(() => resolve(null), 1000)),
+		]);
+
+		return stdin !== null && stdin.trim().length > 0 ? stdin : null;
+	} catch {
+		return null;
+	}
+}
+
+export const addCommand = createSubcommand({
+	name: 'add',
+	aliases: ['create'],
+	description: 'Add an SSH public key to your account (reads from file or stdin)',
+	requires: { apiClient: true, auth: true },
+	schema: {
+		options: optionsSchema,
+	},
+	async handler(ctx) {
+		const { logger, apiClient, opts } = ctx;
+
+		if (!apiClient) {
+			logger.fatal('API client is not available');
+		}
+
+		try {
+			let publicKey: string = '';
+
+			if (opts.file) {
+				// Read from file
+				try {
+					publicKey = readFileSync(opts.file, 'utf-8').trim();
+				} catch (error) {
+					logger.fatal(
+						`Error reading file: ${error instanceof Error ? error.message : 'Unknown error'}`
+					);
+				}
+			} else {
+				const stdin = await readStdinIfPiped();
+				if (stdin) {
+					// Read from stdin if data is piped
+					publicKey = stdin.trim();
+				} else {
+					// No file or stdin - discover SSH keys
+					const discoveredKeys = discoverSSHKeys();
+
+					if (discoveredKeys.length === 0) {
+						logger.fatal(
+							'No SSH public keys found in ~/.ssh/\n' +
+								'Please specify a file with --file or pipe the key via stdin'
+						);
+						return;
+					}
+
+					// Fetch existing keys from server to filter out already-added ones
+					const existingKeys = await tui.spinner({
+						type: 'simple',
+						message: 'Checking existing SSH keys...',
+						callback: () => listSSHKeys(apiClient),
+						clearOnSuccess: true,
+					});
+
+					const existingFingerprints = new Set(existingKeys.map((k) => k.fingerprint));
+					const newKeys = discoveredKeys.filter(
+						(k) => !existingFingerprints.has(k.fingerprint)
+					);
+
+					if (newKeys.length === 0) {
+						const cmd = getCommand('auth ssh add');
+						const boldcmd = tui.bold('cat key.pub | ' + cmd);
+						tui.info('All local SSH keys in ~/.ssh/ have already been added to your account');
+						tui.newline();
+						console.log('To add a different key:');
+						tui.bullet(`Use ${tui.bold('--file <path>')} to specify a key file`);
+						tui.bullet(`Pipe the key via stdin: ${boldcmd}`);
+						return;
+					}
+
+					if (!process.stdin.isTTY) {
+						logger.fatal(
+							'Interactive selection required but cannot prompt in non-TTY environment. Use --file or pipe the key via stdin.'
+						);
+						return;
+					}
+
+					const response = await enquirer.prompt<{ keys: string[] }>({
+						type: 'multiselect',
+						name: 'keys',
+						message: 'Select SSH keys to add (Space to select, Enter to confirm)',
+						choices: newKeys.map((key) => {
+							const keyType = key.publicKey.split(/\s+/)[0] || 'unknown';
+							return {
+								name: key.fingerprint,
+								message: `${keyType.padEnd(12)} ${key.fingerprint} ${tui.muted(key.comment || key.filename)}`,
+							};
+						}),
+					});
+
+					const selectedFingerprints = response.keys;
+
+					if (selectedFingerprints.length === 0) {
+						tui.newline();
+						tui.info('No keys selected');
+						return;
+					}
+
+					// Build Map for O(1) lookups
+					const keyMap = new Map(newKeys.map((k) => [k.fingerprint, k]));
+
+					// Add all selected keys
+					for (const fingerprint of selectedFingerprints) {
+						const key = keyMap.get(fingerprint);
+						if (!key) continue;
+
+						try {
+							const result = await tui.spinner({
+								type: 'simple',
+								message: `Adding SSH key ${fingerprint}...`,
+								callback: () => addSSHKey(apiClient, key.publicKey),
+								clearOnSuccess: true,
+							});
+							tui.success(`SSH key added: ${tui.muted(result.fingerprint)}`);
+						} catch (error) {
+							tui.newline();
+							if (error instanceof Error) {
+								tui.error(`Failed to add ${fingerprint}: ${error.message}`);
+							} else {
+								tui.error(`Failed to add ${fingerprint}`);
+							}
+						}
+					}
+
+					return;
+				}
+			}
+
+			// Only process single key if we got here (from --file or stdin)
+			if (!publicKey) {
+				logger.fatal('No public key provided');
+			}
+
+			// Validate key format
+			try {
+				computeSSHKeyFingerprint(publicKey);
+			} catch (error) {
+				logger.fatal(
+					`Invalid SSH key format: ${error instanceof Error ? error.message : 'Unknown error'}`
+				);
+			}
+
+			const result = await tui.spinner({
+				type: 'simple',
+				message: 'Adding SSH key...',
+				callback: () => addSSHKey(apiClient, publicKey),
+				clearOnSuccess: true,
+			});
+
+			tui.success(`SSH key added: ${tui.muted(result.fingerprint)}`);
+		} catch (error) {
+			logger.trace(error);
+			if (error instanceof Error) {
+				logger.fatal(`Failed to add SSH key: ${error.message}`);
+			} else {
+				logger.fatal('Failed to add SSH key');
+			}
+		}
+	},
+});

package/src/cmd/auth/ssh/api.ts

@@ -0,0 +1,94 @@
+import { z } from 'zod';
+import { APIResponseSchema } from '@agentuity/server';
+import type { APIClient } from '../../../api';
+import { createHash } from 'crypto';
+
+// Zod schemas for API validation
+const SSHKeySchema = z.object({
+	fingerprint: z.string(),
+	keyType: z.string(),
+	comment: z.string(),
+	publicKey: z.string(),
+});
+
+const AddSSHKeyResponseSchema = z.object({
+	fingerprint: z.string(),
+	added: z.boolean(),
+});
+
+const RemoveSSHKeyResponseSchema = z.object({
+	removed: z.boolean(),
+});
+
+// Exported result types
+export interface SSHKey {
+	fingerprint: string;
+	keyType: string;
+	comment: string;
+	publicKey: string;
+}
+
+export interface AddSSHKeyResult {
+	fingerprint: string;
+	added: boolean;
+}
+
+export function computeSSHKeyFingerprint(publicKey: string): string {
+	// Parse the key (format: "ssh-ed25519 AAAAC3... [comment]")
+	const parts = publicKey.trim().split(/\s+/);
+	if (parts.length < 2) {
+		throw new Error('Invalid SSH public key format');
+	}
+	const keyData = parts[1]; // Base64-encoded key data
+	const buffer = Buffer.from(keyData, 'base64');
+	const fingerprint = createHash('sha256').update(buffer).digest('base64');
+	return `SHA256:${fingerprint.replace(/=+$/, '')}`;
+}
+
+export async function addSSHKey(apiClient: APIClient, publicKey: string): Promise<AddSSHKeyResult> {
+	const resp = await apiClient.request(
+		'POST',
+		'/cli/auth/ssh-keys',
+		APIResponseSchema(AddSSHKeyResponseSchema),
+		{ publicKey }
+	);
+
+	if (!resp.success) {
+		throw new Error(resp.message);
+	}
+
+	if (!resp.data) {
+		throw new Error('No data returned from server');
+	}
+
+	return resp.data;
+}
+
+export async function listSSHKeys(apiClient: APIClient): Promise<SSHKey[]> {
+	const resp = await apiClient.request(
+		'GET',
+		'/cli/auth/ssh-keys',
+		APIResponseSchema(z.array(SSHKeySchema))
+	);
+
+	if (!resp.success) {
+		throw new Error(resp.message);
+	}
+
+	return resp.data ?? [];
+}
+
+export async function removeSSHKey(apiClient: APIClient, fingerprint: string): Promise<boolean> {
+	const resp = await apiClient.request(
+		'DELETE',
+		'/cli/auth/ssh-keys',
+		APIResponseSchema(RemoveSSHKeyResponseSchema),
+		{ fingerprint }
+	);
+
+	if (!resp.success) {
+		throw new Error(resp.message);
+	}
+
+	return resp.data?.removed ?? false;
+}

package/src/cmd/auth/ssh/delete.ts

@@ -0,0 +1,102 @@
+import { createSubcommand } from '../../../types';
+import { removeSSHKey, listSSHKeys } from './api';
+import * as tui from '../../../tui';
+import enquirer from 'enquirer';
+import { z } from 'zod';
+
+export const deleteCommand = createSubcommand({
+	name: 'delete',
+	aliases: ['rm', 'del', 'remove'],
+	description: 'Delete an SSH key from your account',
+	requires: { apiClient: true, auth: true },
+	schema: {
+		args: z.object({
+			fingerprints: z.array(z.string()).optional().describe('SSH key fingerprint(s) to remove'),
+		}),
+		options: z.object({
+			confirm: z.boolean().default(true).describe('prompt for confirmation before deletion'),
+		}),
+	},
+	async handler(ctx) {
+		const { logger, apiClient, args, opts } = ctx;
+
+		if (!apiClient) {
+			logger.fatal('API client is not available');
+		}
+
+		const shouldConfirm = process.stdin.isTTY ? opts.confirm : false;
+
+		try {
+			let fingerprintsToRemove: string[] = [];
+
+			if (args.fingerprints && args.fingerprints.length > 0) {
+				fingerprintsToRemove = args.fingerprints;
+			} else {
+				const keys = await tui.spinner('Fetching SSH keys...', () => listSSHKeys(apiClient));
+
+				if (keys.length === 0) {
+					tui.newline();
+					tui.info('No SSH keys found');
+					return;
+				}
+
+				if (!process.stdin.isTTY) {
+					logger.fatal(
+						'Interactive selection required but cannot prompt in non-TTY environment. Provide fingerprint as argument.'
+					);
+				}
+
+				tui.newline();
+
+				const response = await enquirer.prompt<{ keys: string[] }>({
+					type: 'multiselect',
+					name: 'keys',
+					message: 'Select SSH keys to remove (Space to select, Enter to confirm)',
+					choices: keys.map((key) => ({
+						name: key.fingerprint,
+						message: `${key.keyType.padEnd(12)} ${key.fingerprint} ${tui.muted(key.comment || '(no comment)')}`,
+					})),
+				});
+
+				fingerprintsToRemove = response.keys;
+
+				if (fingerprintsToRemove.length === 0) {
+					tui.newline();
+					tui.info('No keys selected');
+					return;
+				}
+			}
+
+			if (shouldConfirm) {
+				tui.newline();
+				const confirmed = await tui.confirm(
+					`Remove ${fingerprintsToRemove.length} SSH key${fingerprintsToRemove.length > 1 ? 's' : ''}?`,
+					false
+				);
+
+				if (!confirmed) {
+					tui.info('Cancelled');
+					return;
+				}
+			}
+
+			for (const fingerprint of fingerprintsToRemove) {
+				await tui.spinner(`Removing SSH key ${fingerprint}...`, () =>
+					removeSSHKey(apiClient, fingerprint)
+				);
+			}
+
+			tui.newline();
+			tui.success(
+				`Removed ${fingerprintsToRemove.length} SSH key${fingerprintsToRemove.length > 1 ? 's' : ''}`
+			);
+		} catch (error) {
+			logger.trace(error);
+			if (error instanceof Error) {
+				logger.fatal(`Failed to remove SSH key: ${error.message}`);
+			} else {
+				logger.fatal('Failed to remove SSH key');
+			}
+		}
+	},
+});

package/src/cmd/auth/ssh/index.ts

@@ -0,0 +1,10 @@
+import type { SubcommandDefinition } from '../../../types';
+import { listCommand } from './list';
+import { addCommand } from './add';
+import { deleteCommand } from './delete';
+
+export const sshSubcommand: SubcommandDefinition = {
+	name: 'ssh',
+	description: 'Manage SSH keys',
+	subcommands: [listCommand, addCommand, deleteCommand],
+};