@agentuity/cli 1.0.40 → 1.0.42

package/src/cmd/cloud/oidc/activity.ts

@@ -0,0 +1,61 @@
+import { oauthClientActivity, type APIClient } from '@agentuity/core';
+import { z } from 'zod';
+import { getCommand } from '../../../command-prefix';
+import * as tui from '../../../tui';
+import { createSubcommand } from '../../../types';
+
+const OAuthClientActivityResponseSchema = z.array(
+	z.object({
+		activity_date: z.string(),
+		total_access: z.number(),
+		unique_users: z.number(),
+	})
+);
+
+export const activitySubcommand = createSubcommand({
+	name: 'activity',
+	description: 'Show activity for an OAuth application',
+	tags: ['read-only', 'requires-auth'],
+	examples: [
+		{ command: getCommand('cloud oidc activity <id>'), description: 'Show OAuth activity' },
+		{
+			command: getCommand('cloud oidc activity <id> --days=30'),
+			description: 'Show OAuth activity for last 30 days',
+		},
+	],
+	requires: { auth: true, apiClient: true },
+	idempotent: true,
+	schema: {
+		args: z.object({
+			id: z.string().describe('the OAuth client id'),
+		}),
+		options: z.object({
+			days: z.coerce.number().int().min(1).max(365).default(7).describe('Number of days'),
+		}),
+		response: OAuthClientActivityResponseSchema,
+	},
+
+	async handler(ctx) {
+		const { args, opts, apiClient, options } = ctx;
+
+		const activity = await tui.spinner('Fetching OAuth activity', () => {
+			return oauthClientActivity(apiClient as APIClient, args.id, opts.days);
+		});
+
+		if (!options.json) {
+			if (activity.length === 0) {
+				tui.info('No OAuth activity found');
+			} else {
+				const rows = activity.map((item) => ({
+					activity_date: item.activity_date,
+					total_access: item.total_access,
+					unique_users: item.unique_users,
+				}));
+
+				tui.table(rows);
+			}
+		}
+
+		return activity;
+	},
+});

package/src/cmd/cloud/oidc/create.ts

@@ -0,0 +1,232 @@
+import {
+	oauthClientCreate,
+	oauthScopes,
+	type APIClient,
+	type OAuthClientCreateRequest,
+} from '@agentuity/core';
+import enquirer from 'enquirer';
+import { z } from 'zod';
+import { getCommand } from '../../../command-prefix';
+import * as tui from '../../../tui';
+import { createSubcommand as createSubcommandHelper } from '../../../types';
+
+const OAuthClientCreateResponseSchema = z.object({
+	client: z.object({
+		id: z.string(),
+		name: z.string(),
+		description: z.string(),
+		homepage_url: z.string(),
+		client_type: z.enum(['public', 'confidential']),
+		redirect_uris: z.array(z.string()),
+		scopes: z.array(z.string()),
+		created_at: z.string(),
+		updated_at: z.string(),
+	}),
+	client_secret: z.string(),
+});
+
+function parseCsv(value?: string): string[] {
+	if (!value) return [];
+	return value
+		.split(',')
+		.map((part) => part.trim())
+		.filter(Boolean);
+}
+
+export const createSubcommand = createSubcommandHelper({
+	name: 'create',
+	aliases: ['new'],
+	description: 'Create a new OAuth application',
+	tags: ['creates-resource', 'slow', 'requires-auth'],
+	examples: [
+		{
+			command: getCommand(
+				'cloud oidc create --name "My App" --description "OAuth app" --homepage-url "https://example.com" --type confidential --redirect-uris "https://example.com/callback" --scopes "openid,profile,email"'
+			),
+			description: 'Create OAuth application non-interactively',
+		},
+		{
+			command: getCommand('cloud oidc create'),
+			description: 'Create OAuth application interactively',
+		},
+	],
+	requires: { auth: true, apiClient: true },
+	idempotent: false,
+	schema: {
+		options: z.object({
+			name: z.string().optional().describe('the OAuth application name'),
+			description: z.string().optional().describe('the OAuth application description'),
+			'homepage-url': z.string().optional().describe('the homepage URL'),
+			type: z
+				.enum(['public', 'confidential'])
+				.optional()
+				.describe('OAuth client type: public or confidential'),
+			'redirect-uris': z
+				.string()
+				.optional()
+				.describe('comma-separated redirect URIs (e.g. https://app/callback,https://app/alt)'),
+			scopes: z
+				.string()
+				.optional()
+				.describe('comma-separated OAuth scopes (e.g. openid,profile,email)'),
+		}),
+		response: OAuthClientCreateResponseSchema,
+	},
+
+	async handler(ctx) {
+		const { opts, apiClient, options } = ctx;
+
+		const availableScopes = await tui.spinner('Fetching available OAuth scopes', () => {
+			return oauthScopes(apiClient as APIClient);
+		});
+
+		const nonInteractive = !process.stdin.isTTY || !process.stdout.isTTY;
+
+		let name = opts?.name?.trim() || '';
+		let description = opts?.description?.trim() || '';
+		let homepageUrl = opts?.['homepage-url']?.trim() || '';
+		let clientType = opts?.type;
+		let redirectUris = parseCsv(opts?.['redirect-uris']);
+		let scopes = parseCsv(opts?.scopes);
+
+		if (!name) {
+			if (nonInteractive) {
+				tui.fatal('--name is required in non-interactive mode');
+			}
+			const answer = await enquirer.prompt<{ name: string }>({
+				type: 'input',
+				name: 'name',
+				message: 'Application name:',
+			});
+			name = answer.name?.trim() || '';
+		}
+
+		if (!description && !nonInteractive) {
+			const answer = await enquirer.prompt<{ description: string }>({
+				type: 'input',
+				name: 'description',
+				message: 'Description:',
+			});
+			description = answer.description?.trim() || '';
+		}
+
+		if (!homepageUrl) {
+			if (nonInteractive) {
+				tui.fatal('--homepage-url is required in non-interactive mode');
+			}
+			const answer = await enquirer.prompt<{ homepageUrl: string }>({
+				type: 'input',
+				name: 'homepageUrl',
+				message: 'Homepage URL:',
+			});
+			homepageUrl = answer.homepageUrl?.trim() || '';
+		}
+
+		if (!clientType) {
+			if (nonInteractive) {
+				tui.fatal('--type is required in non-interactive mode');
+			}
+			const answer = await enquirer.prompt<{ clientType: 'public' | 'confidential' }>({
+				type: 'select',
+				name: 'clientType',
+				message: 'Client type:',
+				choices: [
+					{ name: 'public', message: 'public' },
+					{ name: 'confidential', message: 'confidential' },
+				],
+			});
+			clientType = answer.clientType;
+		}
+
+		if (redirectUris.length === 0) {
+			if (nonInteractive) {
+				tui.fatal('--redirect-uris is required in non-interactive mode');
+			}
+			const answer = await enquirer.prompt<{ redirectUris: string }>({
+				type: 'input',
+				name: 'redirectUris',
+				message: 'Redirect URIs (comma-separated):',
+			});
+			redirectUris = parseCsv(answer.redirectUris);
+		}
+
+		if (scopes.length === 0) {
+			if (nonInteractive) {
+				tui.fatal('--scopes is required in non-interactive mode');
+			}
+
+			const choices = availableScopes.scopes.map((scope) => ({
+				name: scope.name,
+				message: `${scope.name} — ${scope.description}`,
+			}));
+
+			const answer = await enquirer.prompt<{ scopes: string[] }>({
+				type: 'multiselect',
+				name: 'scopes',
+				message: 'Select OAuth scopes:',
+				choices,
+			});
+			scopes = answer.scopes;
+		}
+
+		if (!name) {
+			tui.fatal('Name is required');
+		}
+		if (!homepageUrl) {
+			tui.fatal('Homepage URL is required');
+		}
+		if (!clientType) {
+			tui.fatal('Client type is required');
+		}
+		if (redirectUris.length === 0) {
+			tui.fatal('At least one redirect URI is required');
+		}
+		if (scopes.length === 0) {
+			tui.fatal('At least one scope is required');
+		}
+
+		const availableScopeNames = new Set(availableScopes.scopes.map((scope) => scope.name));
+		const invalidScopes = scopes.filter((scope) => !availableScopeNames.has(scope));
+		if (invalidScopes.length > 0) {
+			tui.fatal(`Invalid scopes: ${invalidScopes.join(', ')}`);
+		}
+
+		const request: OAuthClientCreateRequest = {
+			name,
+			description,
+			homepage_url: homepageUrl,
+			client_type: clientType,
+			redirect_uris: redirectUris,
+			scopes,
+		};
+
+		const result = await tui.spinner('Creating OAuth application', () => {
+			return oauthClientCreate(apiClient as APIClient, request);
+		});
+
+		if (!options.json) {
+			tui.newline();
+			tui.success('OAuth application created successfully!');
+			tui.newline();
+			tui.warning('Copy the client secret now. It will only be shown once.');
+			tui.newline();
+
+			tui.table(
+				[
+					{
+						ID: result.client.id,
+						Name: result.client.name,
+						Type: result.client.client_type,
+						'Client Secret': result.client_secret,
+						'Redirect URIs': result.client.redirect_uris.join(', '),
+						Scopes: result.client.scopes.join(', '),
+					},
+				],
+				undefined,
+				{ layout: 'vertical' }
+			);
+		}
+
+		return result;
+	},
+});

package/src/cmd/cloud/oidc/delete.ts

@@ -0,0 +1,63 @@
+import { oauthClientDelete, type APIClient } from '@agentuity/core';
+import { z } from 'zod';
+import { getCommand } from '../../../command-prefix';
+import { ErrorCode } from '../../../errors';
+import * as tui from '../../../tui';
+import { createSubcommand } from '../../../types';
+
+const OAuthClientDeleteResponseSchema = z.object({
+	success: z.boolean().describe('Whether the operation succeeded'),
+	id: z.string().describe('OAuth client id that was deleted'),
+});
+
+export const deleteSubcommand = createSubcommand({
+	name: 'delete',
+	aliases: ['del', 'rm'],
+	description: 'Delete an OAuth application',
+	tags: ['destructive', 'deletes-resource', 'slow', 'requires-auth'],
+	idempotent: true,
+	examples: [
+		{ command: getCommand('cloud oidc delete <id>'), description: 'Delete OAuth application' },
+		{
+			command: getCommand('cloud oidc delete <id> --force'),
+			description: 'Delete OAuth application without confirmation',
+		},
+	],
+	requires: { auth: true, apiClient: true },
+	schema: {
+		args: z.object({
+			id: z.string().describe('the OAuth client id to delete'),
+		}),
+		options: z.object({
+			force: z.boolean().optional().default(false).describe('Skip confirmation prompt'),
+			yes: z.boolean().optional().default(false).describe('Skip confirmation prompt'),
+		}),
+		response: OAuthClientDeleteResponseSchema,
+	},
+
+	async handler(ctx) {
+		const { args, opts, apiClient, options } = ctx;
+
+		const skipConfirm = opts.force || opts.yes;
+
+		if (!skipConfirm) {
+			const confirmed = await tui.confirm(`Delete OAuth application "${args.id}"?`, false);
+			if (!confirmed) {
+				tui.fatal('Operation cancelled', ErrorCode.USER_CANCELLED);
+			}
+		}
+
+		await tui.spinner('Deleting OAuth application', () => {
+			return oauthClientDelete(apiClient as APIClient, args.id);
+		});
+
+		if (!options.json) {
+			tui.success(`OAuth application '${args.id}' deleted successfully`);
+		}
+
+		return {
+			success: true,
+			id: args.id,
+		};
+	},
+});

package/src/cmd/cloud/oidc/get.ts

@@ -0,0 +1,65 @@
+import { oauthClientGet, type APIClient } from '@agentuity/core';
+import { z } from 'zod';
+import { getCommand } from '../../../command-prefix';
+import { ErrorCode } from '../../../errors';
+import * as tui from '../../../tui';
+import { createSubcommand } from '../../../types';
+
+export const getSubcommand = createSubcommand({
+	name: 'get',
+	description: 'Get a specific OAuth application',
+	tags: ['read-only', 'fast', 'requires-auth'],
+	examples: [
+		{ command: getCommand('cloud oidc get <id>'), description: 'Get OAuth application details' },
+	],
+	requires: { auth: true, apiClient: true },
+	idempotent: true,
+	schema: {
+		args: z.object({
+			id: z.string().describe('the OAuth client id'),
+		}),
+	},
+
+	async handler(ctx) {
+		const { args, apiClient, options } = ctx;
+
+		let client: Awaited<ReturnType<typeof oauthClientGet>>;
+		try {
+			client = await tui.spinner('Fetching OAuth application', () => {
+				return oauthClientGet(apiClient as APIClient, args.id);
+			});
+		} catch (error) {
+			if (error instanceof Error && error.message.includes('not found')) {
+				tui.fatal(`OAuth application '${args.id}' not found`, ErrorCode.RESOURCE_NOT_FOUND);
+			}
+			throw error;
+		}
+
+		if (!options.json) {
+			if (process.stdout.isTTY) {
+				tui.newline();
+				tui.success('OAuth Application Details:');
+				tui.newline();
+			}
+
+			const rows = [
+				{
+					ID: client.id,
+					Name: client.name,
+					Description: client.description || '-',
+					Type: client.client_type,
+					'Homepage URL': client.homepage_url || '-',
+					'Redirect URIs':
+						client.redirect_uris.length > 0 ? client.redirect_uris.join('\n') : '-',
+					Scopes: client.scopes.length > 0 ? client.scopes.join(', ') : '-',
+					Created: new Date(client.created_at).toLocaleString(),
+					Updated: new Date(client.updated_at).toLocaleString(),
+				},
+			];
+
+			tui.table(rows, undefined, { layout: 'vertical' });
+		}
+
+		return client;
+	},
+});

package/src/cmd/cloud/oidc/index.ts

@@ -0,0 +1,35 @@
+import { createCommand } from '../../../types';
+import { getCommand } from '../../../command-prefix';
+import { listSubcommand } from './list';
+import { getSubcommand } from './get';
+import { createSubcommand } from './create';
+import { deleteSubcommand } from './delete';
+import { rotateSecretSubcommand } from './rotate-secret';
+import { activitySubcommand } from './activity';
+import { usersSubcommand } from './users';
+
+export const command = createCommand({
+	name: 'oidc',
+	description: 'Manage OAuth applications',
+	tags: ['fast', 'requires-auth'],
+	examples: [
+		{ command: getCommand('cloud oidc list'), description: 'List all OAuth applications' },
+		{
+			command: getCommand(
+				'cloud oidc create --name "My App" --type confidential --redirect-uris "https://example.com/callback"'
+			),
+			description: 'Create a new OAuth application',
+		},
+	],
+	subcommands: [
+		createSubcommand,
+		listSubcommand,
+		getSubcommand,
+		deleteSubcommand,
+		rotateSecretSubcommand,
+		activitySubcommand,
+		usersSubcommand,
+	],
+});
+
+export default command;

package/src/cmd/cloud/oidc/list.ts

@@ -0,0 +1,50 @@
+import { oauthClientList, type APIClient } from '@agentuity/core';
+import { getCommand } from '../../../command-prefix';
+import * as tui from '../../../tui';
+import { createSubcommand } from '../../../types';
+
+export const listSubcommand = createSubcommand({
+	name: 'list',
+	aliases: ['ls'],
+	description: 'List all OAuth applications',
+	tags: ['read-only', 'fast', 'requires-auth'],
+	examples: [
+		{ command: getCommand('cloud oidc list'), description: 'List OAuth applications' },
+		{ command: getCommand('cloud oidc ls'), description: 'List OAuth applications' },
+	],
+	requires: { auth: true, apiClient: true },
+	idempotent: true,
+
+	async handler(ctx) {
+		const { apiClient, options } = ctx;
+
+		const clients = await tui.spinner('Fetching OAuth applications', () => {
+			return oauthClientList(apiClient as APIClient);
+		});
+
+		if (!options.json) {
+			if (clients.length === 0) {
+				tui.info('No OAuth applications found');
+			} else {
+				if (process.stdout.isTTY) {
+					tui.newline();
+					tui.success(`OAuth Applications (${clients.length}):`);
+					tui.newline();
+				}
+
+				const rows = clients.map((client) => ({
+					ID: client.id,
+					Name: client.name,
+					Type: client.client_type,
+					Scopes: client.scopes.length,
+					Users: client.user_count,
+					Created: new Date(client.created_at).toLocaleString(),
+				}));
+
+				tui.table(rows);
+			}
+		}
+
+		return clients;
+	},
+});

package/src/cmd/cloud/oidc/rotate-secret.ts

@@ -0,0 +1,77 @@
+import { oauthClientRotateSecret, type APIClient } from '@agentuity/core';
+import { z } from 'zod';
+import { getCommand } from '../../../command-prefix';
+import { ErrorCode } from '../../../errors';
+import * as tui from '../../../tui';
+import { createSubcommand } from '../../../types';
+
+const OAuthClientRotateSecretResponseSchema = z.object({
+	client_id: z.string(),
+	client_secret: z.string(),
+});
+
+export const rotateSecretSubcommand = createSubcommand({
+	name: 'rotate-secret',
+	description: 'Rotate the client secret for an OAuth application',
+	tags: ['destructive', 'requires-auth'],
+	examples: [
+		{
+			command: getCommand('cloud oidc rotate-secret <id>'),
+			description: 'Rotate OAuth client secret',
+		},
+		{
+			command: getCommand('cloud oidc rotate-secret <id> --force'),
+			description: 'Rotate OAuth client secret without confirmation',
+		},
+	],
+	requires: { auth: true, apiClient: true },
+	idempotent: false,
+	schema: {
+		args: z.object({
+			id: z.string().describe('the OAuth client id'),
+		}),
+		options: z.object({
+			force: z.boolean().optional().default(false).describe('Skip confirmation prompt'),
+		}),
+		response: OAuthClientRotateSecretResponseSchema,
+	},
+
+	async handler(ctx) {
+		const { args, opts, apiClient, options } = ctx;
+
+		if (!opts.force) {
+			const confirmed = await tui.confirm(
+				`Rotate secret for OAuth application "${args.id}"?`,
+				false
+			);
+			if (!confirmed) {
+				tui.fatal('Operation cancelled', ErrorCode.USER_CANCELLED);
+			}
+		}
+
+		const result = await tui.spinner('Rotating OAuth client secret', () => {
+			return oauthClientRotateSecret(apiClient as APIClient, args.id);
+		});
+
+		if (!options.json) {
+			tui.newline();
+			tui.success('OAuth client secret rotated successfully!');
+			tui.newline();
+			tui.warning('Copy the new client secret now. It will only be shown once.');
+			tui.newline();
+
+			tui.table(
+				[
+					{
+						'Client ID': result.client_id,
+						'Client Secret': result.client_secret,
+					},
+				],
+				undefined,
+				{ layout: 'vertical' }
+			);
+		}
+
+		return result;
+	},
+});

package/src/cmd/cloud/oidc/users.ts

@@ -0,0 +1,57 @@
+import { oauthClientUsers, type APIClient } from '@agentuity/core';
+import { z } from 'zod';
+import { getCommand } from '../../../command-prefix';
+import * as tui from '../../../tui';
+import { createSubcommand } from '../../../types';
+
+const OAuthClientUsersResponseSchema = z.array(
+	z.object({
+		user_id: z.string(),
+		scopes: z.array(z.string()),
+		created_at: z.string(),
+	})
+);
+
+export const usersSubcommand = createSubcommand({
+	name: 'users',
+	description: 'List connected users for an OAuth application',
+	tags: ['read-only', 'requires-auth'],
+	examples: [
+		{
+			command: getCommand('cloud oidc users <id>'),
+			description: 'List connected users for OAuth application',
+		},
+	],
+	requires: { auth: true, apiClient: true },
+	idempotent: true,
+	schema: {
+		args: z.object({
+			id: z.string().describe('the OAuth client id'),
+		}),
+		response: OAuthClientUsersResponseSchema,
+	},
+
+	async handler(ctx) {
+		const { args, apiClient, options } = ctx;
+
+		const users = await tui.spinner('Fetching connected OAuth users', () => {
+			return oauthClientUsers(apiClient as APIClient, args.id);
+		});
+
+		if (!options.json) {
+			if (users.length === 0) {
+				tui.info('No connected users found');
+			} else {
+				const rows = users.map((user) => ({
+					user_id: user.user_id,
+					scopes: user.scopes.join(', '),
+					connected_at: new Date(user.created_at).toLocaleString(),
+				}));
+
+				tui.table(rows);
+			}
+		}
+
+		return users;
+	},
+});

package/src/cmd/project/import.ts

@@ -46,6 +46,10 @@ export const importSubcommand = createSubcommand({
 			),
 			description: 'Import with resource provisioning and push to new repo',
 		},
+		{
+			command: getCommand('project import --name my-agent --confirm'),
+			description: 'Import project non-interactively, skipping prompts',
+		},
 	],
 	requires: { auth: true, apiClient: true },
 	optional: { region: true, org: true },
@@ -71,6 +75,7 @@ export const importSubcommand = createSubcommand({
 				.optional()
 				.describe('Target GitHub repo (owner/repo) to push imported code to'),
 			name: z.string().optional().describe('Project name (for non-interactive mode)'),
+			confirm: z.boolean().optional().describe('Skip confirmation prompts'),
 			env: z
 				.array(z.string())
 				.optional()
@@ -100,6 +105,7 @@ export const importSubcommand = createSubcommand({
 				env: opts.env,
 				org: orgId,
 				region,
+				confirm: opts.confirm,
 				apiClient,
 				auth,
 				config,
@@ -123,8 +129,12 @@ export const importSubcommand = createSubcommand({
 			apiClient,
 			config,
 			logger,
-			interactive: validateOnly ? false : isTTY(),
+			interactive: validateOnly ? false : opts.confirm ? false : isTTY(),
 			validateOnly,
+			confirm: opts.confirm === true,
+			orgId,
+			region,
+			name: opts.name,
 		});
 
 		if (result.status === 'error') {