@codacy/verity-cli 0.24.0 → 0.25.0-experimental.e3da48a

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -312,18 +312,25 @@ Expected: single-digit findings per file, not hundreds. If you see 50+ issues fr
312
312
 
313
313
  ## Step 6: Register with Verity service
314
314
 
315
- Use the `verity` CLI to register. It handles credential storage and service URL automatically.
315
+ Use the `verity` CLI to register. It handles provider auth, credential storage, and the service URL automatically.
316
316
 
317
317
  ```bash
318
318
  verity auth register --project "PROJECT_NAME" --remote "GIT_REMOTE_URL"
319
319
  ```
320
320
 
321
+ Registration is **provider-gated** (GitHub today): the CLI runs a GitHub OAuth
322
+ **device flow** and prints something like *"open https://github.com/login/device
323
+ and enter code WXYZ-1234"*. The user approves in the browser; the CLI then proves
324
+ the user has **write access** to the repo before the service issues a token. Tell
325
+ the user to expect this prompt and to complete it in their browser.
326
+
321
327
  This command:
322
- - **New project**: Registers, stores token + service URL in `.verity/credentials`, prints `project_id`. Continue.
323
- - **Already registered**: Automatically discovers the project, ensures `.verity/credentials` has the service URL. If a token already exists in credentials, it updates the file and succeeds. If no token exists, it asks you to paste one.
328
+ - **Write access confirmed**: Registers, stores the verity token + service URL + provider token in `.verity/credentials` (perms 600), prints `project_id` and the authenticated email. Continue.
329
+ - **No write access** (`403 NO_WRITE_ACCESS`): The user lacks push rights on the repo they can't register it. Verity still runs locally as an anonymous gate, but no history/org/repo data is stored. Stop.
330
+ - **Non-GitHub remote**: Only GitHub is supported for now; show the error and stop.
324
331
  - **Other errors**: Show the error and stop.
325
332
 
326
- After this step, `.verity/credentials` will contain both `token` and `service_url` — all subsequent `verity` commands will work.
333
+ After this step, `.verity/credentials` will contain `token`, `service_url`, and `provider_token` — all subsequent `verity` commands will work.
327
334
 
328
335
  ---
329
336
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@codacy/verity-cli",
3
- "version": "0.24.0",
3
+ "version": "0.25.0-experimental.e3da48a",
4
4
  "description": "CLI for Verity quality gate service",
5
5
  "homepage": "https://verity.md",
6
6
  "repository": {