@josephyan/qingflow-app-builder-mcp 0.2.0-beta.988 → 0.2.0-beta.990

package/README.md

@@ -3,13 +3,13 @@
 Install:
 
 ```bash
-npm install @josephyan/qingflow-app-builder-mcp@0.2.0-beta.988
+npm install @josephyan/qingflow-app-builder-mcp@0.2.0-beta.990
 ```
 
 Run:
 
 ```bash
-npx -y -p @josephyan/qingflow-app-builder-mcp@0.2.0-beta.988 qingflow-app-builder-mcp
+npx -y -p @josephyan/qingflow-app-builder-mcp@0.2.0-beta.990 qingflow-app-builder-mcp
 ```
 
 Environment:

package/docs/local-agent-install.md

@@ -20,6 +20,13 @@
 
 `auth_use_credential` 是本地唯一鉴权主路径。
 
+补充说明：
+
+- 对 stdio MCP 来说，主路径仍然只有 `auth_use_credential`。
+- 如果你是在终端里直接使用 `qingflow` CLI，可以额外使用 `qingflow auth login` 作为“人类登录”入口；默认会提示轻流邮箱和隐藏密码，拿到 `token` 后建立本地 CLI 会话。
+- 如果需要浏览器 Authorization Code + PKCE 或 Device Flow，请显式使用 `qingflow auth login --browser` 或 `qingflow auth login --device`；这条 OAuth 路径最终拿到 `credential` 后再复用 `auth_use_credential` 建会话。
+- 也就是说，这次新增的是 CLI 的登录入口，不是给 MCP 增加第二套会话模型。
+
 ## npm 安装器适用场景
 
 适合这类本地 agent / gateway：

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@josephyan/qingflow-app-builder-mcp",
-  "version": "0.2.0-beta.988",
+  "version": "0.2.0-beta.990",
   "description": "Builder MCP for Qingflow app/package/system design and staged solution workflows.",
   "license": "MIT",
   "type": "module",

package/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "qingflow-mcp"
-version = "0.2.0b988"
+version = "0.2.0b990"
 description = "User-authenticated MCP server for Qingflow"
 readme = "README.md"
 license = "MIT"

package/src/qingflow_mcp/__init__.py

@@ -5,7 +5,7 @@ from pathlib import Path
 
 __all__ = ["__version__"]
 
-_FALLBACK_VERSION = "0.2.0b988"
+_FALLBACK_VERSION = "0.2.0b990"
 
 
 def _resolve_local_pyproject_version() -> str | None:

package/src/qingflow_mcp/cli/commands/auth.py

@@ -1,8 +1,13 @@
 from __future__ import annotations
 
 import argparse
+import getpass
+import sys
 
+from ...errors import QingflowApiError
 from ..context import CliContext
+from ..oauth_login import login_with_cli_oauth
+from ..qingflow_login import login_with_qingflow_password
 from .common import read_secret_arg
 
 
@@ -10,6 +15,23 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
     parser = subparsers.add_parser("auth", help="认证与会话")
     auth_subparsers = parser.add_subparsers(dest="auth_command", required=True)
 
+    login = auth_subparsers.add_parser("login", help="登录 CLI：默认轻流账号密码交互；--browser 使用 OAuth")
+    login.add_argument("--base-url")
+    login.add_argument("--qf-version")
+    login.add_argument("--client-id")
+    login.add_argument("--authorization-endpoint")
+    login.add_argument("--token-endpoint")
+    login.add_argument("--device-authorization-endpoint")
+    login.add_argument("--scope")
+    login.add_argument("--credential-field")
+    login.add_argument("--browser", action="store_true", help="使用浏览器 OAuth 登录；无浏览器时可配合 --device")
+    login.add_argument("--device", action="store_true", help="使用 OAuth Device Flow（隐含 --browser）")
+    login.add_argument("--email", help="轻流账号邮箱；不传时在交互终端提示输入")
+    login.add_argument("--password", help="轻流账号密码；建议仅用于本地调试，脚本请优先使用 --password-stdin")
+    login.add_argument("--password-stdin", action="store_true", help="从标准输入读取轻流账号密码")
+    login.add_argument("--persist", action=argparse.BooleanOptionalAction, default=True)
+    login.set_defaults(handler=_handle_login, format_hint="auth_whoami")
+
     use_credential = auth_subparsers.add_parser("use-credential", help="直接注入 credential")
     use_credential.add_argument("--base-url")
     use_credential.add_argument("--qf-version")
@@ -26,6 +48,112 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
     logout.set_defaults(handler=_handle_logout, format_hint="")
 
 
+def _handle_login(args: argparse.Namespace, context: CliContext) -> dict:
+    login_summary: dict[str, str | None]
+    if _should_use_browser_login(args):
+        if _has_account_login_inputs(args):
+            raise QingflowApiError.config_error(
+                "Choose either account/password login or --browser OAuth login; do not combine both."
+            )
+        oauth_result = login_with_cli_oauth(
+            base_url=args.base_url,
+            client_id=args.client_id,
+            authorization_endpoint=args.authorization_endpoint,
+            token_endpoint=args.token_endpoint,
+            device_authorization_endpoint=args.device_authorization_endpoint,
+            scope=args.scope,
+            credential_field=args.credential_field,
+            force_device=bool(args.device),
+        )
+        result = context.auth.auth_use_credential(
+            profile=args.profile,
+            base_url=args.base_url,
+            qf_version=args.qf_version,
+            credential=oauth_result.credential,
+            persist=bool(args.persist),
+        )
+        login_summary = {
+            "flow": oauth_result.flow,
+            "authorize_url": oauth_result.authorize_url,
+            "verification_uri": oauth_result.verification_uri,
+            "user_code": oauth_result.user_code,
+        }
+    else:
+        email = _resolve_login_email(args)
+        password = _resolve_login_password(args)
+        login_result = login_with_qingflow_password(
+            base_url=args.base_url,
+            email=email,
+            password=password,
+        )
+        result = context.auth.auth_use_token(
+            profile=args.profile,
+            base_url=args.base_url,
+            qf_version=args.qf_version,
+            token=login_result.token,
+            login_token=login_result.login_token,
+            user_info=login_result.user_info,
+            persist=bool(args.persist),
+        )
+        login_summary = {
+            "flow": login_result.flow,
+            "authorize_url": None,
+            "verification_uri": None,
+            "user_code": None,
+        }
+    warnings = list(result.get("warnings") or []) if isinstance(result, dict) else []
+    if isinstance(result, dict):
+        result["cli_auth"] = {key: value for key, value in login_summary.items() if value}
+        if warnings:
+            result["warnings"] = warnings
+    return result
+
+
+def _should_use_browser_login(args: argparse.Namespace) -> bool:
+    return any(
+        bool(getattr(args, name, None))
+        for name in (
+            "browser",
+            "device",
+            "client_id",
+            "authorization_endpoint",
+            "token_endpoint",
+            "device_authorization_endpoint",
+            "scope",
+            "credential_field",
+        )
+    )
+
+
+def _has_account_login_inputs(args: argparse.Namespace) -> bool:
+    return bool(args.email or args.password or bool(args.password_stdin))
+
+
+def _resolve_login_email(args: argparse.Namespace) -> str:
+    email = str(args.email or "").strip()
+    if email:
+        return email
+    if sys.stdin.isatty():
+        return input("Qingflow email: ").strip()
+    raise QingflowApiError.config_error(
+        "qingflow auth login needs an interactive terminal, or pass --email with --password-stdin, or use --browser."
+    )
+
+
+def _resolve_login_password(args: argparse.Namespace) -> str:
+    if args.password or bool(args.password_stdin):
+        return read_secret_arg(
+            args.password,
+            stdin_enabled=bool(args.password_stdin),
+            label="password",
+        )
+    if sys.stdin.isatty():
+        return getpass.getpass("Qingflow password: ")
+    raise QingflowApiError.config_error(
+        "qingflow auth login needs an interactive terminal, --password-stdin, or --browser."
+    )
+
+
 def _handle_use_credential(args: argparse.Namespace, context: CliContext) -> dict:
     credential = (
         read_secret_arg(args.credential, stdin_enabled=bool(args.credential_stdin), label="credential")

package/src/qingflow_mcp/cli/commands/record.py

@@ -32,7 +32,7 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
 
     schema_update = schema_subparsers.add_parser("update", help="读取更新记录表结构")
     schema_update.add_argument("--app-key", required=True)
-    schema_update.add_argument("--record-id", required=True, type=int)
+    schema_update.add_argument("--record-id", required=True)
     schema_update.set_defaults(handler=_handle_schema_update, format_hint="")
 
     schema_import = schema_subparsers.add_parser("import", help="读取导入表结构")
@@ -59,7 +59,7 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
 
     get = record_subparsers.add_parser("get", help="读取单条记录")
     get.add_argument("--app-key", required=True)
-    get.add_argument("--record-id", required=True, type=int)
+    get.add_argument("--record-id", required=True)
     get.add_argument("--column", dest="columns", action="append", type=int, default=[])
     get.add_argument("--columns-file")
     get.add_argument("--view-id")
@@ -73,7 +73,7 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
 
     update = record_subparsers.add_parser("update", help="更新记录")
     update.add_argument("--app-key", required=True)
-    update.add_argument("--record-id", type=int)
+    update.add_argument("--record-id")
     update.add_argument("--fields-file")
     update.add_argument("--items-file")
     update.add_argument("--dry-run", action=argparse.BooleanOptionalAction, default=False)
@@ -82,7 +82,7 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
 
     delete = record_subparsers.add_parser("delete", help="删除记录")
     delete.add_argument("--app-key", required=True)
-    delete.add_argument("--record-id", type=int)
+    delete.add_argument("--record-id")
     delete.add_argument("--record-ids-file")
     delete.set_defaults(handler=_handle_delete, format_hint="")
 
@@ -102,7 +102,7 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
 
     code_block = record_subparsers.add_parser("code-block-run", help="执行代码块字段")
     code_block.add_argument("--app-key", required=True)
-    code_block.add_argument("--record-id", required=True, type=int)
+    code_block.add_argument("--record-id", required=True)
     code_block.add_argument("--code-block-field", required=True)
     code_block.add_argument("--role", type=int, default=1)
     code_block.add_argument("--workflow-node-id", type=int)

package/src/qingflow_mcp/cli/commands/task.py

@@ -25,7 +25,7 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
 
     get = task_subparsers.add_parser("get", help="读取待办详情")
     get.add_argument("--app-key", required=True)
-    get.add_argument("--record-id", required=True, type=int)
+    get.add_argument("--record-id", required=True)
     get.add_argument("--workflow-node-id", required=True, type=int)
     get.add_argument("--include-candidates", action=argparse.BooleanOptionalAction, default=True)
     get.add_argument("--include-associated-reports", action=argparse.BooleanOptionalAction, default=True)
@@ -33,7 +33,7 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
 
     action = task_subparsers.add_parser("action", help="执行待办动作")
     action.add_argument("--app-key", required=True)
-    action.add_argument("--record-id", required=True, type=int)
+    action.add_argument("--record-id", required=True)
     action.add_argument("--workflow-node-id", required=True, type=int)
     action.add_argument("--action", required=True)
     action.add_argument("--payload-file")
@@ -42,7 +42,7 @@ def register(subparsers: argparse._SubParsersAction[argparse.ArgumentParser]) ->
 
     log = task_subparsers.add_parser("log", help="读取流程日志")
     log.add_argument("--app-key", required=True)
-    log.add_argument("--record-id", required=True, type=int)
+    log.add_argument("--record-id", required=True)
     log.add_argument("--workflow-node-id", required=True, type=int)
     log.set_defaults(handler=_handle_log, format_hint="")
 

package/src/qingflow_mcp/cli/formatters.py

@@ -40,6 +40,13 @@ def _format_whoami(result: dict[str, Any]) -> str:
         f"Workspace: {result.get('selected_ws_name') or '-'} ({result.get('selected_ws_id') or '-'})",
         f"Workspace QF Version: {result.get('qf_version') or '-'}",
     ]
+    cli_auth = result.get("cli_auth") if isinstance(result.get("cli_auth"), dict) else {}
+    if cli_auth:
+        lines.append(f"Login Flow: {cli_auth.get('flow') or '-'}")
+        if cli_auth.get("verification_uri"):
+            lines.append(f"Verification URL: {cli_auth.get('verification_uri')}")
+        if cli_auth.get("user_code"):
+            lines.append(f"User Code: {cli_auth.get('user_code')}")
     request_route = result.get("request_route") if isinstance(result.get("request_route"), dict) else {}
     route_qf_version = request_route.get("qf_version")
     if route_qf_version and route_qf_version != result.get("qf_version"):