@ktmcp-cli/authentiq 1.0.0

package/AGENT.md

@@ -0,0 +1,66 @@
+# AGENT.md — Authentiq CLI for AI Agents
+
+This document explains how to use the Authentiq CLI as an AI agent.
+
+## Overview
+
+The `authentiq` CLI provides access to the Authentiq Identity API. Requires a Bearer token.
+
+## Prerequisites
+
+```bash
+authentiq config set token YOUR_BEARER_TOKEN
+```
+
+## All Commands
+
+### Config
+
+```bash
+authentiq config get <key>
+authentiq config set <key> <value>
+authentiq config list
+```
+
+### Sessions
+
+```bash
+authentiq sessions list
+authentiq sessions create --scope "openid email"
+authentiq sessions create --scope "openid profile" --callback https://example.com/callback
+authentiq sessions get <session-id>
+authentiq sessions delete <session-id>
+```
+
+### Keys
+
+```bash
+authentiq keys register --key '{"kty":"EC","crv":"P-256","x":"...","y":"..."}'
+authentiq keys get <pk>
+authentiq keys update <pk> --data '{"status":"active"}'
+authentiq keys revoke <pk>
+```
+
+### Scopes
+
+```bash
+authentiq scopes list
+authentiq scopes get <scope-id>
+authentiq scopes request --data '{"scope":"email"}'
+```
+
+## JSON Output
+
+All commands support `--json`:
+
+```bash
+authentiq sessions list --json
+authentiq keys get <pk> --json
+authentiq scopes list --json
+```
+
+## Error Handling
+
+The CLI exits with code 1 on error and prints to stderr.
+- `Authentication failed` — Run `authentiq config set token YOUR_TOKEN`
+- `Resource not found` — Check the ID is correct

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 KTMCP
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,82 @@
+> "Six months ago, everyone was talking about MCPs. And I was like, screw MCPs. Every MCP would be better as a CLI."
+>
+> — [Peter Steinberger](https://twitter.com/steipete), Founder of OpenClaw
+> [Watch on YouTube (~2:39:00)](https://www.youtube.com/@lexfridman) | [Lex Fridman Podcast #491](https://lexfridman.com/peter-steinberger/)
+
+# Authentiq CLI
+
+Production-ready CLI for the Authentiq Identity API. Manage sessions, keys, and scopes directly from your terminal.
+
+## Installation
+
+```bash
+npm install -g @ktmcp-cli/authentiq
+```
+
+## Configuration
+
+```bash
+authentiq config set token YOUR_BEARER_TOKEN
+```
+
+## Usage
+
+### Sessions
+
+```bash
+# List all sessions
+authentiq sessions list
+
+# Create a new session
+authentiq sessions create --scope "openid email"
+authentiq sessions create --scope "openid profile" --callback https://example.com/callback
+
+# Get session details
+authentiq sessions get <session-id>
+
+# Delete a session
+authentiq sessions delete <session-id>
+```
+
+### Keys
+
+```bash
+# Register a public key (JWK format)
+authentiq keys register --key '{"kty":"EC","crv":"P-256","x":"...","y":"..."}'
+
+# Get key details
+authentiq keys get <pk>
+
+# Update a key
+authentiq keys update <pk> --data '{"status":"active"}'
+
+# Revoke a key
+authentiq keys revoke <pk>
+```
+
+### Scopes
+
+```bash
+# List available scopes
+authentiq scopes list
+
+# Get scope details
+authentiq scopes get openid
+
+# Request additional scopes
+authentiq scopes request --data '{"scope":"email"}'
+```
+
+### JSON Output
+
+All commands support `--json` for machine-readable output:
+
+```bash
+authentiq sessions list --json
+authentiq sessions get <id> --json
+authentiq scopes list --json
+```
+
+## License
+
+MIT

package/bin/authentiq.js

@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+import(join(__dirname, '..', 'src', 'index.js'));

package/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@ktmcp-cli/authentiq",
+  "version": "1.0.0",
+  "description": "Production-ready CLI for Authentiq Identity API - Kill The MCP",
+  "type": "module",
+  "main": "src/index.js",
+  "bin": {
+    "authentiq": "bin/authentiq.js"
+  },
+  "keywords": ["authentiq", "identity", "sessions", "keys", "scopes", "cli", "api", "ktmcp"],
+  "author": "KTMCP",
+  "license": "MIT",
+  "dependencies": {
+    "commander": "^12.0.0",
+    "axios": "^1.6.7",
+    "chalk": "^5.3.0",
+    "ora": "^8.0.1",
+    "conf": "^12.0.0"
+  },
+  "engines": { "node": ">=18.0.0" },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ktmcp-cli/authentiq.git"
+  },
+  "homepage": "https://killthemcp.com/authentiq-cli",
+  "bugs": { "url": "https://github.com/ktmcp-cli/authentiq/issues" }
+}

package/src/api.js

@@ -0,0 +1,151 @@
+import axios from 'axios';
+import { getConfig } from './config.js';
+
+const BASE_URL = 'https://6-dot-authentiqio.appspot.com';
+
+function getClient() {
+  const token = getConfig('token');
+  return axios.create({
+    baseURL: BASE_URL,
+    headers: {
+      'Accept': 'application/json',
+      'Content-Type': 'application/json',
+      ...(token ? { 'Authorization': `Bearer ${token}` } : {})
+    },
+    timeout: 15000
+  });
+}
+
+function handleApiError(error) {
+  if (error.response) {
+    const status = error.response.status;
+    const data = error.response.data;
+    if (status === 401) {
+      throw new Error('Authentication failed. Run: authentiq config set token YOUR_TOKEN');
+    } else if (status === 403) {
+      throw new Error('Access forbidden. Check your API permissions.');
+    } else if (status === 404) {
+      throw new Error('Resource not found.');
+    } else if (status === 429) {
+      throw new Error('Rate limit exceeded. Please wait before retrying.');
+    } else {
+      const message = data?.message || data?.error || JSON.stringify(data);
+      throw new Error(`API Error (${status}): ${message}`);
+    }
+  } else if (error.request) {
+    throw new Error('No response from Authentiq API. Check your internet connection.');
+  } else {
+    throw error;
+  }
+}
+
+// ============================================================
+// SESSIONS
+// ============================================================
+
+export async function createSession(data) {
+  try {
+    const response = await getClient().post('/session', data);
+    return response.data;
+  } catch (error) {
+    handleApiError(error);
+  }
+}
+
+export async function getSession(sessionId) {
+  try {
+    const response = await getClient().get(`/session/${sessionId}`);
+    return response.data;
+  } catch (error) {
+    handleApiError(error);
+  }
+}
+
+export async function deleteSession(sessionId) {
+  try {
+    const response = await getClient().delete(`/session/${sessionId}`);
+    return response.data;
+  } catch (error) {
+    handleApiError(error);
+  }
+}
+
+export async function listSessions() {
+  try {
+    const response = await getClient().get('/session');
+    return response.data || [];
+  } catch (error) {
+    handleApiError(error);
+  }
+}
+
+// ============================================================
+// KEYS
+// ============================================================
+
+export async function registerKey(keyData) {
+  try {
+    const response = await getClient().post('/key', keyData);
+    return response.data;
+  } catch (error) {
+    handleApiError(error);
+  }
+}
+
+export async function getKey(pk) {
+  try {
+    const response = await getClient().get(`/key/${pk}`);
+    return response.data;
+  } catch (error) {
+    handleApiError(error);
+  }
+}
+
+export async function revokeKey(pk) {
+  try {
+    const response = await getClient().delete(`/key/${pk}`);
+    return response.data;
+  } catch (error) {
+    handleApiError(error);
+  }
+}
+
+export async function updateKey(pk, keyData) {
+  try {
+    const response = await getClient().put(`/key/${pk}`, keyData);
+    return response.data;
+  } catch (error) {
+    handleApiError(error);
+  }
+}
+
+// ============================================================
+// SCOPES
+// ============================================================
+
+export async function listScopes() {
+  try {
+    const response = await getClient().get('/scope');
+    return response.data || [];
+  } catch (error) {
+    handleApiError(error);
+  }
+}
+
+export async function getScope(scopeId) {
+  try {
+    const response = await getClient().get(`/scope/${scopeId}`);
+    return response.data;
+  } catch (error) {
+    handleApiError(error);
+  }
+}
+
+export async function requestScope(scopeData) {
+  try {
+    const response = await getClient().post('/scope', scopeData);
+    return response.data;
+  } catch (error) {
+    handleApiError(error);
+  }
+}

package/src/config.js

@@ -0,0 +1,21 @@
+import Conf from 'conf';
+
+const config = new Conf({ projectName: '@ktmcp-cli/authentiq' });
+
+export function getConfig(key) {
+  return config.get(key);
+}
+
+export function setConfig(key, value) {
+  config.set(key, value);
+}
+
+export function isConfigured() {
+  return !!config.get('token');
+}
+
+export function getAllConfig() {
+  return config.store;
+}
+
+export default config;

package/src/index.js

@@ -0,0 +1,469 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import ora from 'ora';
+import { getConfig, setConfig, getAllConfig, isConfigured } from './config.js';
+import {
+  createSession,
+  getSession,
+  deleteSession,
+  listSessions,
+  registerKey,
+  getKey,
+  revokeKey,
+  updateKey,
+  listScopes,
+  getScope,
+  requestScope
+} from './api.js';
+
+const program = new Command();
+
+// ============================================================
+// Helpers
+// ============================================================
+
+function printSuccess(message) {
+  console.log(chalk.green('✓') + ' ' + message);
+}
+
+function printError(message) {
+  console.error(chalk.red('✗') + ' ' + message);
+}
+
+function printTable(data, columns) {
+  if (!data || data.length === 0) {
+    console.log(chalk.yellow('No results found.'));
+    return;
+  }
+
+  const widths = {};
+  columns.forEach(col => {
+    widths[col.key] = col.label.length;
+    data.forEach(row => {
+      const val = String(col.format ? col.format(row[col.key], row) : (row[col.key] ?? ''));
+      if (val.length > widths[col.key]) widths[col.key] = val.length;
+    });
+    widths[col.key] = Math.min(widths[col.key], 40);
+  });
+
+  const header = columns.map(col => col.label.padEnd(widths[col.key])).join('  ');
+  console.log(chalk.bold(chalk.cyan(header)));
+  console.log(chalk.dim('─'.repeat(header.length)));
+
+  data.forEach(row => {
+    const line = columns.map(col => {
+      const val = String(col.format ? col.format(row[col.key], row) : (row[col.key] ?? ''));
+      return val.substring(0, widths[col.key]).padEnd(widths[col.key]);
+    }).join('  ');
+    console.log(line);
+  });
+
+  console.log(chalk.dim(`\n${data.length} result(s)`));
+}
+
+function printJson(data) {
+  console.log(JSON.stringify(data, null, 2));
+}
+
+async function withSpinner(message, fn) {
+  const spinner = ora(message).start();
+  try {
+    const result = await fn();
+    spinner.stop();
+    return result;
+  } catch (error) {
+    spinner.stop();
+    throw error;
+  }
+}
+
+function requireAuth() {
+  if (!isConfigured()) {
+    printError('Authentiq token not configured.');
+    console.log('\nRun the following to configure:');
+    console.log(chalk.cyan('  authentiq config set token YOUR_BEARER_TOKEN'));
+    process.exit(1);
+  }
+}
+
+// ============================================================
+// Program metadata
+// ============================================================
+
+program
+  .name('authentiq')
+  .description(chalk.bold('Authentiq CLI') + ' - Identity and session management from your terminal')
+  .version('1.0.0');
+
+// ============================================================
+// CONFIG
+// ============================================================
+
+const configCmd = program.command('config').description('Manage CLI configuration');
+
+configCmd
+  .command('get <key>')
+  .description('Get a configuration value')
+  .action((key) => {
+    const value = getConfig(key);
+    if (value === undefined) {
+      printError(`Key '${key}' not found`);
+    } else {
+      console.log(value);
+    }
+  });
+
+configCmd
+  .command('set <key> <value>')
+  .description('Set a configuration value')
+  .action((key, value) => {
+    setConfig(key, value);
+    printSuccess(`Config '${key}' set`);
+  });
+
+configCmd
+  .command('list')
+  .description('List all configuration values')
+  .action(() => {
+    const all = getAllConfig();
+    console.log(chalk.bold('\nAuthentiq CLI Configuration\n'));
+    if (Object.keys(all).length === 0) {
+      console.log(chalk.yellow('No configuration set.'));
+      console.log('\nRun: ' + chalk.cyan('authentiq config set token YOUR_TOKEN'));
+    } else {
+      Object.entries(all).forEach(([k, v]) => {
+        const displayVal = k === 'token' ? chalk.green('*'.repeat(Math.min(String(v).length, 8))) : chalk.cyan(String(v));
+        console.log(`${k}: ${displayVal}`);
+      });
+    }
+  });
+
+// ============================================================
+// SESSIONS
+// ============================================================
+
+const sessionsCmd = program.command('sessions').description('Manage identity sessions');
+
+sessionsCmd
+  .command('list')
+  .description('List active sessions')
+  .option('--json', 'Output as JSON')
+  .action(async (options) => {
+    requireAuth();
+    try {
+      const sessions = await withSpinner('Fetching sessions...', () => listSessions());
+
+      if (options.json) {
+        printJson(sessions);
+        return;
+      }
+
+      const data = Array.isArray(sessions) ? sessions : (sessions ? [sessions] : []);
+      printTable(data, [
+        { key: 'session', label: 'Session ID', format: (v) => v ? String(v).substring(0, 16) + '...' : 'N/A' },
+        { key: 'status', label: 'Status' },
+        { key: 'created', label: 'Created' },
+        { key: 'scope', label: 'Scope', format: (v) => Array.isArray(v) ? v.join(' ') : (v || '') }
+      ]);
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+sessionsCmd
+  .command('create')
+  .description('Create a new session')
+  .option('--scope <scope>', 'Requested scope (space-separated)', 'openid')
+  .option('--callback <url>', 'Callback URL')
+  .option('--json', 'Output as JSON')
+  .action(async (options) => {
+    requireAuth();
+    try {
+      const sessionData = {
+        scope: options.scope.split(' '),
+        ...(options.callback && { callback: options.callback })
+      };
+
+      const session = await withSpinner('Creating session...', () => createSession(sessionData));
+
+      if (options.json) {
+        printJson(session);
+        return;
+      }
+
+      printSuccess('Session created');
+      if (session) {
+        console.log('Session:   ', chalk.cyan(session.session || JSON.stringify(session)));
+        if (session.status) console.log('Status:    ', session.status);
+        if (session.url) console.log('Auth URL:  ', chalk.blue(session.url));
+      }
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+sessionsCmd
+  .command('get <session-id>')
+  .description('Get session details')
+  .option('--json', 'Output as JSON')
+  .action(async (sessionId, options) => {
+    requireAuth();
+    try {
+      const session = await withSpinner(`Fetching session ${sessionId}...`, () =>
+        getSession(sessionId)
+      );
+
+      if (!session) {
+        printError('Session not found');
+        process.exit(1);
+      }
+
+      if (options.json) {
+        printJson(session);
+        return;
+      }
+
+      console.log(chalk.bold('\nSession Details\n'));
+      console.log('Session ID:  ', chalk.cyan(session.session || sessionId));
+      console.log('Status:      ', session.status || 'N/A');
+      console.log('Created:     ', session.created || 'N/A');
+      if (session.scope) console.log('Scope:       ', Array.isArray(session.scope) ? session.scope.join(' ') : session.scope);
+      console.log('');
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+sessionsCmd
+  .command('delete <session-id>')
+  .description('Delete (revoke) a session')
+  .action(async (sessionId) => {
+    requireAuth();
+    try {
+      await withSpinner(`Deleting session ${sessionId}...`, () => deleteSession(sessionId));
+      printSuccess(`Session ${sessionId} deleted`);
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+// ============================================================
+// KEYS
+// ============================================================
+
+const keysCmd = program.command('keys').description('Manage identity keys');
+
+keysCmd
+  .command('register')
+  .description('Register a new public key')
+  .requiredOption('--key <json>', 'Public key data as JSON (JWK format)')
+  .option('--json', 'Output as JSON')
+  .action(async (options) => {
+    requireAuth();
+    let keyData;
+    try {
+      keyData = JSON.parse(options.key);
+    } catch {
+      printError('Invalid JSON for --key');
+      process.exit(1);
+    }
+
+    try {
+      const result = await withSpinner('Registering key...', () => registerKey(keyData));
+
+      if (options.json) {
+        printJson(result);
+        return;
+      }
+
+      printSuccess('Key registered');
+      if (result) {
+        console.log('Key ID:  ', chalk.cyan(result.pk || result.kid || JSON.stringify(result)));
+      }
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+keysCmd
+  .command('get <pk>')
+  .description('Get key details by public key ID')
+  .option('--json', 'Output as JSON')
+  .action(async (pk, options) => {
+    requireAuth();
+    try {
+      const key = await withSpinner(`Fetching key ${pk}...`, () => getKey(pk));
+
+      if (!key) {
+        printError('Key not found');
+        process.exit(1);
+      }
+
+      if (options.json) {
+        printJson(key);
+        return;
+      }
+
+      console.log(chalk.bold('\nKey Details\n'));
+      console.log('Key ID:      ', chalk.cyan(key.pk || key.kid || pk));
+      console.log('Type:        ', key.kty || 'N/A');
+      console.log('Algorithm:   ', key.alg || 'N/A');
+      console.log('Status:      ', key.status || 'N/A');
+      console.log('');
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+keysCmd
+  .command('revoke <pk>')
+  .description('Revoke a public key')
+  .action(async (pk) => {
+    requireAuth();
+    try {
+      await withSpinner(`Revoking key ${pk}...`, () => revokeKey(pk));
+      printSuccess(`Key ${pk} revoked`);
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+keysCmd
+  .command('update <pk>')
+  .description('Update a public key')
+  .requiredOption('--data <json>', 'Updated key data as JSON')
+  .option('--json', 'Output as JSON')
+  .action(async (pk, options) => {
+    requireAuth();
+    let updateData;
+    try {
+      updateData = JSON.parse(options.data);
+    } catch {
+      printError('Invalid JSON for --data');
+      process.exit(1);
+    }
+
+    try {
+      const result = await withSpinner(`Updating key ${pk}...`, () => updateKey(pk, updateData));
+
+      if (options.json) {
+        printJson(result);
+        return;
+      }
+
+      printSuccess(`Key ${pk} updated`);
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+// ============================================================
+// SCOPES
+// ============================================================
+
+const scopesCmd = program.command('scopes').description('Manage identity scopes');
+
+scopesCmd
+  .command('list')
+  .description('List available scopes')
+  .option('--json', 'Output as JSON')
+  .action(async (options) => {
+    requireAuth();
+    try {
+      const scopes = await withSpinner('Fetching scopes...', () => listScopes());
+
+      if (options.json) {
+        printJson(scopes);
+        return;
+      }
+
+      const data = Array.isArray(scopes) ? scopes : (scopes ? [scopes] : []);
+      printTable(data, [
+        { key: 'name', label: 'Name' },
+        { key: 'essential', label: 'Essential', format: (v) => v ? 'Yes' : 'No' },
+        { key: 'description', label: 'Description' }
+      ]);
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+scopesCmd
+  .command('get <scope-id>')
+  .description('Get scope details')
+  .option('--json', 'Output as JSON')
+  .action(async (scopeId, options) => {
+    requireAuth();
+    try {
+      const scope = await withSpinner(`Fetching scope ${scopeId}...`, () => getScope(scopeId));
+
+      if (!scope) {
+        printError('Scope not found');
+        process.exit(1);
+      }
+
+      if (options.json) {
+        printJson(scope);
+        return;
+      }
+
+      console.log(chalk.bold('\nScope Details\n'));
+      console.log('Name:        ', chalk.cyan(scope.name || scopeId));
+      console.log('Essential:   ', scope.essential ? chalk.green('Yes') : 'No');
+      console.log('Description: ', scope.description || 'N/A');
+      console.log('');
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+scopesCmd
+  .command('request')
+  .description('Request additional scopes')
+  .requiredOption('--data <json>', 'Scope request data as JSON')
+  .option('--json', 'Output as JSON')
+  .action(async (options) => {
+    requireAuth();
+    let scopeData;
+    try {
+      scopeData = JSON.parse(options.data);
+    } catch {
+      printError('Invalid JSON for --data');
+      process.exit(1);
+    }
+
+    try {
+      const result = await withSpinner('Requesting scope...', () => requestScope(scopeData));
+
+      if (options.json) {
+        printJson(result);
+        return;
+      }
+
+      printSuccess('Scope requested');
+      if (result) console.log(JSON.stringify(result, null, 2));
+    } catch (error) {
+      printError(error.message);
+      process.exit(1);
+    }
+  });
+
+// ============================================================
+// Parse
+// ============================================================
+
+program.parse(process.argv);
+
+if (process.argv.length <= 2) {
+  program.help();
+}