@myvillage/cli 1.18.0 → 1.21.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@myvillage/cli",
-  "version": "1.18.0",
+  "version": "1.21.0",
   "description": "MyVillageOS CLI for community developers",
   "type": "module",
   "bin": {

package/src/commands/api-key.js

@@ -0,0 +1,172 @@
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { villageSpinner, brand } from '../utils/brand.js';
+import { isAuthenticated } from '../utils/auth.js';
+import {
+  createApiKey,
+  listApiKeys,
+  revokeApiKey,
+  listAllowedScopes,
+} from '../utils/api.js';
+
+// ── create ──────────────────────────────────────────────
+
+export async function apiKeyCreateCommand(options = {}) {
+  if (!isAuthenticated()) {
+    console.log(chalk.red('  ✗ Authentication required. Run \'myvillage login\' first.'));
+    return;
+  }
+
+  if (!options.name) {
+    console.log(chalk.red('  ✗ --name is required (e.g. --name "claude-desktop")\n'));
+    return;
+  }
+
+  let scopes;
+  if (options.scopes) {
+    scopes = options.scopes.split(',').map(s => s.trim()).filter(Boolean);
+  } else {
+    // Interactive picker — fetch what the caller is allowed to mint
+    const spinner = villageSpinner('Loading available scopes...').start();
+    let allowed;
+    try {
+      const result = await listAllowedScopes();
+      allowed = result.allowedScopes || {};
+      spinner.stop();
+    } catch (err) {
+      spinner.fail(`Failed to load scopes: ${err.response?.data?.error || err.message}`);
+      return;
+    }
+    const scopeKeys = Object.keys(allowed);
+    if (scopeKeys.length === 0) {
+      console.log(chalk.yellow('  ⚠ Your account has no API scopes available.\n'));
+      return;
+    }
+    const { picked } = await inquirer.prompt([{
+      type: 'checkbox',
+      name: 'picked',
+      message: 'Pick the scopes this key should carry (Space to toggle, Enter to confirm):',
+      pageSize: Math.min(scopeKeys.length, 15),
+      choices: scopeKeys.map(s => ({
+        name: `${s}  ${chalk.dim('— ' + allowed[s])}`,
+        value: s,
+        checked: s === 'agents:tasks:read' || s === 'agents:tasks:write',
+      })),
+      validate: (input) => input.length > 0 || 'Pick at least one scope.',
+    }]);
+    scopes = picked;
+  }
+
+  const body = { name: options.name, scopes };
+  if (options.expiresInDays) {
+    body.expiresInDays = Number(options.expiresInDays);
+  }
+
+  const spinner = villageSpinner('Creating API key...').start();
+  try {
+    const result = await createApiKey(body);
+    spinner.succeed('API key created.');
+
+    console.log(brand.teal('\n  Key (shown ONCE — copy it now):\n'));
+    console.log('  ' + chalk.bold(result.key));
+    console.log('');
+    console.log(brand.teal(`  Id:      ${result.apiKey.id}`));
+    console.log(brand.teal(`  Prefix:  ${result.apiKey.prefix}`));
+    console.log(brand.teal(`  Scopes:  ${result.apiKey.scopes.join(', ')}`));
+    if (result.apiKey.expiresAt) {
+      console.log(brand.teal(`  Expires: ${result.apiKey.expiresAt}`));
+    } else {
+      console.log(brand.teal('  Expires: never (revoke manually when no longer needed)'));
+    }
+    console.log(chalk.yellow('\n  ⚠ Treat this key like a password. Anyone with it can act as you'));
+    console.log(chalk.yellow('    within the scopes you selected. Store it in an env var, not in git.\n'));
+    console.log(brand.teal('  Use in REST calls:'));
+    console.log('  ' + chalk.dim(`curl -H "Authorization: Bearer ${result.key.slice(0, 12)}..." https://portal.myvillageproject.ai/api/...\n`));
+    console.log(brand.teal('  Use in Claude Desktop / Cursor MCP config:'));
+    console.log('  ' + chalk.dim(`"headers": { "Authorization": "Bearer ${result.key.slice(0, 12)}..." }\n`));
+  } catch (err) {
+    const msg = err.response?.data?.error || err.message;
+    spinner.fail(`Failed to create API key: ${msg}`);
+  }
+}
+
+// ── list ────────────────────────────────────────────────
+
+export async function apiKeyListCommand() {
+  if (!isAuthenticated()) {
+    console.log(chalk.red('  ✗ Authentication required. Run \'myvillage login\' first.'));
+    return;
+  }
+
+  try {
+    const result = await listApiKeys();
+    const keys = result.apiKeys || [];
+    if (keys.length === 0) {
+      console.log(brand.teal('  No API keys yet. Create one with: myvillage api-key create --name "..."\n'));
+      return;
+    }
+    console.log(brand.teal(`\n  ${keys.length} API key(s):\n`));
+    for (const k of keys) {
+      const status = k.isActive ? brand.green('active') : chalk.dim('revoked');
+      console.log(`  ${chalk.bold(k.name)}  ${status}`);
+      console.log(`    id:      ${k.id}`);
+      console.log(`    prefix:  ${k.prefix}`);
+      console.log(`    scopes:  ${(k.scopes || []).join(', ')}`);
+      if (k.lastUsedAt) console.log(`    used:    ${k.lastUsedAt}`);
+      if (k.expiresAt) console.log(`    expires: ${k.expiresAt}`);
+      console.log('');
+    }
+  } catch (err) {
+    const msg = err.response?.data?.error || err.message;
+    console.log(chalk.red(`  ✗ Failed to list API keys: ${msg}\n`));
+  }
+}
+
+// ── revoke ──────────────────────────────────────────────
+
+export async function apiKeyRevokeCommand(id) {
+  if (!isAuthenticated()) {
+    console.log(chalk.red('  ✗ Authentication required. Run \'myvillage login\' first.'));
+    return;
+  }
+  if (!id) {
+    console.log(chalk.red('  ✗ Usage: myvillage api-key revoke <id>\n'));
+    return;
+  }
+
+  try {
+    await revokeApiKey(id);
+    console.log(brand.green(`  ✓ API key ${id} revoked. Any further requests using it will fail.\n`));
+  } catch (err) {
+    const msg = err.response?.data?.error || err.message;
+    console.log(chalk.red(`  ✗ Failed to revoke API key: ${msg}\n`));
+  }
+}
+
+// ── show-scopes ─────────────────────────────────────────
+
+export async function apiKeyShowScopesCommand() {
+  if (!isAuthenticated()) {
+    console.log(chalk.red('  ✗ Authentication required. Run \'myvillage login\' first.'));
+    return;
+  }
+
+  try {
+    const result = await listAllowedScopes();
+    const allowed = result.allowedScopes || {};
+    const keys = Object.keys(allowed);
+    if (keys.length === 0) {
+      console.log(brand.teal('  No API scopes available for your account.\n'));
+      return;
+    }
+    console.log(brand.teal(`\n  ${keys.length} scope(s) available to you:\n`));
+    for (const k of keys) {
+      console.log(`  ${chalk.bold(k)}`);
+      console.log(`    ${chalk.dim(allowed[k])}`);
+    }
+    console.log('');
+  } catch (err) {
+    const msg = err.response?.data?.error || err.message;
+    console.log(chalk.red(`  ✗ Failed to load allowed scopes: ${msg}\n`));
+  }
+}

package/src/index.js

@@ -9,6 +9,12 @@ import {
   mediaDraftStatusCommand,
 } from './commands/media.js';
 import { logoutCommand } from './commands/logout.js';
+import {
+  apiKeyCreateCommand,
+  apiKeyListCommand,
+  apiKeyRevokeCommand,
+  apiKeyShowScopesCommand,
+} from './commands/api-key.js';
 import { createGameCommand } from './commands/create-game.js';
 import { createCommand } from './commands/create-app.js';
 import { deployCommand } from './commands/deploy.js';
@@ -141,6 +147,35 @@ export function run() {
     .description('Clear stored credentials')
     .action(logoutCommand);
 
+  // ── API Keys (developer self-service) ──────────────────
+
+  const apiKeyCmd = program
+    .command('api-key')
+    .description('Manage your API keys (used for REST and MCP authentication)');
+
+  apiKeyCmd
+    .command('create')
+    .description('Create a new API key. Shown ONCE — copy it immediately.')
+    .requiredOption('--name <name>', 'Friendly name for this key (e.g. "claude-desktop")')
+    .option('--scopes <list>', 'Comma-separated scopes (omit for interactive picker)')
+    .option('--expires-in-days <n>', 'Number of days until expiry (default: never)')
+    .action(apiKeyCreateCommand);
+
+  apiKeyCmd
+    .command('list')
+    .description('List your API keys (names, prefixes, scopes — never the secret)')
+    .action(apiKeyListCommand);
+
+  apiKeyCmd
+    .command('revoke <id>')
+    .description('Revoke an API key by id so further requests using it are rejected')
+    .action(apiKeyRevokeCommand);
+
+  apiKeyCmd
+    .command('show-scopes')
+    .description('Print the API scopes your account is allowed to mint into a key')
+    .action(apiKeyShowScopesCommand);
+
   program
     .command('create-game')
     .description('Create a new game project with interactive wizard')

package/src/utils/api.js

@@ -701,6 +701,32 @@ export async function retryFailedAgentTasks(villageAgentId, errorPattern) {
   return response.data;
 }
 
+// ── API Key management ─────────────────────────────────
+
+export async function createApiKey(data) {
+  const client = getPlatformClient();
+  const response = await client.post('/api-keys', data);
+  return response.data;
+}
+
+export async function listApiKeys() {
+  const client = getPlatformClient();
+  const response = await client.get('/api-keys');
+  return response.data;
+}
+
+export async function revokeApiKey(id) {
+  const client = getPlatformClient();
+  const response = await client.delete(`/api-keys/${encodeURIComponent(id)}`);
+  return response.data;
+}
+
+export async function listAllowedScopes() {
+  const client = getPlatformClient();
+  const response = await client.get('/api-keys/allowed-scopes');
+  return response.data;
+}
+
 // ── Wisdom (VillageBooks repurposed as agent skill packs) ──────────
 
 export async function listVillageBooks(params = {}) {