agentstack-cli 0.4.2rc8__tar.gz → 0.4.2rc10__tar.gz

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: agentstack-cli
-Version: 0.4.2rc8
+Version: 0.4.2rc10
 Summary: Agent Stack CLI
 Author: IBM Corp.
 Requires-Dist: anyio~=4.10.0

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "agentstack-cli"
-version = "0.4.2-rc8"
+version = "0.4.2-rc10"
 description = "Agent Stack CLI"
 readme = "README.md"
 authors = [{ name = "IBM Corp." }]

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/src/agentstack_cli/__init__.py

@@ -33,13 +33,14 @@ Usage: agentstack [OPTIONS] COMMAND [ARGS]...
 ╰────────────────────────────────────────────────────────────────────────────╯
 
 ╭─ Agent Management ─────────────────────────────────────────────────────────╮
-│ add                               Install an agent (Docker, GitHub, local) │
+│ add                               Install an agent (Docker, GitHub)        │
 │ remove                            Uninstall an agent                       │
+│ update                            Update an agent                          │
 │ info                              Show agent details                       │
 │ logs                              Stream agent execution logs              │
-│ build                             Build an agent container image           │
 │ env                               Manage agent environment variables       │
-│ server-side-build [EXPERIMENTAL]  Build agents remotely                    │
+│ build                             Build an agent remotely                  │
+│ client-side-build                 Build an agent container image locally   │
 ╰────────────────────────────────────────────────────────────────────────────╯
 
 ╭─ Platform & Configuration ─────────────────────────────────────────────────╮
@@ -92,7 +93,9 @@ app.add_typer(agent_alias, name="", no_args_is_help=True)
 
 
 @app.command("version")
-async def version(verbose: typing.Annotated[bool, typer.Option("-v", help="Show verbose output")] = False):
+async def version(
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
+):
     """Print version of the Agent Stack CLI."""
     import agentstack_cli.commands.self
 

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/src/agentstack_cli/api.py

@@ -44,7 +44,7 @@ async def api_request(
             timeout=60,
             headers=(
                 {"Authorization": f"Bearer {token}"}
-                if use_auth and (token := config.auth_manager.load_auth_token())
+                if use_auth and (token := await config.auth_manager.load_auth_token())
                 else {}
             ),
         )
@@ -83,7 +83,7 @@ async def api_stream(
             timeout=timedelta(hours=1).total_seconds(),
             headers=(
                 {"Authorization": f"Bearer {token}"}
-                if use_auth and (token := config.auth_manager.load_auth_token())
+                if use_auth and (token := await config.auth_manager.load_auth_token())
                 else {}
             ),
         ) as response,
@@ -108,7 +108,7 @@ async def a2a_client(agent_card: AgentCard, use_auth: bool = True) -> AsyncItera
         async with httpx.AsyncClient(
             headers=(
                 {"Authorization": f"Bearer {token}"}
-                if use_auth and (token := config.auth_manager.load_auth_token())
+                if use_auth and (token := await config.auth_manager.load_auth_token())
                 else {}
             ),
             follow_redirects=True,

agentstack_cli-0.4.2rc10/src/agentstack_cli/auth_manager.py

@@ -0,0 +1,241 @@
+# Copyright 2025 © BeeAI a Series of LF Projects, LLC
+# SPDX-License-Identifier: Apache-2.0
+import pathlib
+import time
+import typing
+from collections import defaultdict
+from typing import Any
+
+import httpx
+from pydantic import BaseModel, Field
+
+
+class AuthToken(BaseModel):
+    access_token: str
+    token_type: str = "Bearer"
+    expires_in: int | None = None
+    expires_at: int | None = None
+    refresh_token: str | None = None
+    scope: str | None = None
+
+
+class AuthServer(BaseModel):
+    client_id: str = "df82a687-d647-4247-838b-7080d7d83f6c"  # Backwards compatibility default
+    client_secret: str | None = None
+    token: AuthToken | None = None
+    registration_token: str | None = None
+
+
+class Server(BaseModel):
+    authorization_servers: dict[str, AuthServer] = Field(default_factory=dict)
+
+
+class Auth(BaseModel):
+    version: typing.Literal[1] = 1
+    servers: defaultdict[str, typing.Annotated[Server, Field(default_factory=Server)]] = Field(
+        default_factory=lambda: defaultdict(Server)
+    )
+    active_server: str | None = None
+    active_auth_server: str | None = None
+
+
+@typing.final
+class AuthManager:
+    def __init__(self, config_path: pathlib.Path):
+        self._auth_path = config_path
+        self._auth = self._load()
+
+    def _load(self) -> Auth:
+        if not self._auth_path.exists():
+            return Auth()
+        return Auth.model_validate_json(self._auth_path.read_bytes())
+
+    def _save(self) -> None:
+        self._auth_path.write_text(self._auth.model_dump_json(indent=2))
+
+    def save_auth_token(
+        self,
+        server: str,
+        auth_server: str | None = None,
+        client_id: str | None = None,
+        client_secret: str | None = None,
+        token: dict[str, Any] | None = None,
+        registration_token: str | None = None,
+    ) -> None:
+        if auth_server is not None and client_id is not None and token is not None:
+            if token["access_token"]:
+                usetimestamp = int(time.time()) + int(token["expires_in"])
+                token["expires_at"] = usetimestamp
+            self._auth.servers[server].authorization_servers[auth_server] = AuthServer(
+                client_id=client_id,
+                client_secret=client_secret,
+                token=AuthToken(**token),
+                registration_token=registration_token,
+            )
+        else:
+            self._auth.servers[server]  # touch
+        self._save()
+
+    async def exchange_refresh_token(self, auth_server: str, token: AuthToken) -> dict[str, Any] | None:
+        """
+        This method exchanges a refresh token for a new access token.
+        """
+        async with httpx.AsyncClient(headers={"Accept": "application/json"}) as client:
+            resp = None
+            try:
+                resp = await client.get(f"{auth_server}/.well-known/openid-configuration")
+                resp.raise_for_status()
+                oidc = resp.json()
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"OIDC discovery failed: {e}") from e
+
+            token_endpoint = oidc["token_endpoint"]
+            try:
+                client_id = (
+                    self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_id
+                )
+                client_secret = (
+                    self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_secret
+                )
+                resp = await client.post(
+                    f"{token_endpoint}",
+                    data={
+                        "grant_type": "refresh_token",
+                        "refresh_token": token.refresh_token,
+                        "scope": token.scope,
+                        "client_id": client_id,
+                        "client_secret": client_secret,
+                    },
+                )
+                resp.raise_for_status()
+                new_token = resp.json()
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"Failed to refresh token: {e}") from e
+            self.save_auth_token(
+                self._auth.active_server or "",
+                self._auth.active_auth_server or "",
+                self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_id or "",
+                self._auth.servers[self._auth.active_server or ""].authorization_servers[auth_server].client_secret
+                or "",
+                token=new_token,
+            )
+            return new_token
+
+    async def load_auth_token(self) -> str | None:
+        active_res = self._auth.active_server
+        active_auth_server = self._auth.active_auth_server
+        if not active_res or not active_auth_server:
+            return None
+        server = self._auth.servers.get(active_res)
+        if not server:
+            return None
+
+        auth_server = server.authorization_servers.get(active_auth_server)
+        if not auth_server or not auth_server.token:
+            return None
+
+        if (auth_server.token.expires_at or 0) - 60 < time.time():
+            new_token = await self.exchange_refresh_token(active_auth_server, auth_server.token)
+            if new_token:
+                return new_token["access_token"]
+            return None
+
+        return auth_server.token.access_token
+
+    async def deregister_client(self, auth_server, client_id, registration_token) -> None:
+        async with httpx.AsyncClient(headers={"Accept": "application/json"}) as client:
+            resp = None
+            try:
+                resp = await client.get(f"{auth_server}/.well-known/openid-configuration")
+                resp.raise_for_status()
+                oidc = resp.json()
+                registration_endpoint = oidc["registration_endpoint"]
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"OIDC discovery failed: {e}") from e
+
+            try:
+                if client_id is not None and client_id != "" and registration_token is not None:
+                    headers = {"authorization": f"bearer {registration_token}"}
+                    resp = await client.delete(f"{registration_endpoint}/{client_id}", headers=headers)
+                    resp.raise_for_status()
+
+            except Exception as e:
+                if resp:
+                    error_details = resp.json()
+                    print(f"error: {error_details['error']} error description: {error_details['error_description']}")
+                raise RuntimeError(f"Dynamic client de-registration failed. {e}") from e
+
+    async def clear_auth_token(self, all: bool = False) -> None:
+        if all:
+            for server in self._auth.servers:
+                for auth_server in self._auth.servers[server].authorization_servers:
+                    await self.deregister_client(
+                        auth_server,
+                        self._auth.servers[server].authorization_servers[auth_server].client_id,
+                        self._auth.servers[server].authorization_servers[auth_server].registration_token,
+                    )
+
+            self._auth.servers = defaultdict(Server)
+        else:
+            if self._auth.active_server and self._auth.active_auth_server:
+                if (
+                    self._auth.servers[self._auth.active_server]
+                    .authorization_servers[self._auth.active_auth_server]
+                    .client_id
+                ):
+                    await self.deregister_client(
+                        self._auth.active_auth_server,
+                        self._auth.servers[self._auth.active_server]
+                        .authorization_servers[self._auth.active_auth_server]
+                        .client_id,
+                        self._auth.servers[self._auth.active_server]
+                        .authorization_servers[self._auth.active_auth_server]
+                        .registration_token,
+                    )
+                del self._auth.servers[self._auth.active_server].authorization_servers[self._auth.active_auth_server]
+            if self._auth.active_server and not self._auth.servers[self._auth.active_server].authorization_servers:
+                del self._auth.servers[self._auth.active_server]
+        self._auth.active_server = None
+        self._auth.active_auth_server = None
+        self._save()
+
+    def get_server(self, server: str) -> Server | None:
+        return self._auth.servers.get(server)
+
+    @property
+    def servers(self) -> list[str]:
+        return list(self._auth.servers.keys())
+
+    @property
+    def active_server(self) -> str | None:
+        return self._auth.active_server
+
+    @active_server.setter
+    def active_server(self, server: str | None) -> None:
+        if server is not None and server not in self._auth.servers:
+            raise ValueError(f"Server {server} not found")
+        self._auth.active_server = server
+        self._save()
+
+    @property
+    def active_auth_server(self) -> str | None:
+        return self._auth.active_auth_server
+
+    @active_auth_server.setter
+    def active_auth_server(self, auth_server: str | None) -> None:
+        if auth_server is not None and (
+            self._auth.active_server not in self._auth.servers
+            or auth_server not in self._auth.servers[self._auth.active_server].authorization_servers
+        ):
+            raise ValueError(f"Auth server {auth_server} not found in active server")
+        self._auth.active_auth_server = auth_server
+        self._save()

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/src/agentstack_cli/commands/agent.py

@@ -61,7 +61,7 @@ from agentstack_sdk.a2a.extensions.common.form import (
     TextField,
     TextFieldValue,
 )
-from agentstack_sdk.platform import ModelProvider, Provider
+from agentstack_sdk.platform import BuildState, ModelProvider, Provider
 from agentstack_sdk.platform.context import Context, ContextPermissions, ContextToken, Permissions
 from agentstack_sdk.platform.model_provider import ModelCapability
 from InquirerPy import inquirer
@@ -73,7 +73,7 @@ from rich.console import ConsoleRenderable, Group, NewLine
 from rich.panel import Panel
 from rich.text import Text
 
-from agentstack_cli.commands.build import build
+from agentstack_cli.commands.build import _server_side_build
 from agentstack_cli.commands.model import ensure_llm_provider
 from agentstack_cli.configuration import Configuration
 
@@ -87,7 +87,6 @@ if sys.platform != "win32":
 from collections.abc import Callable
 from pathlib import Path
 from typing import Any
-from urllib.parse import urlparse
 
 import jsonschema
 import rich.json
@@ -101,11 +100,11 @@ from agentstack_cli.utils import (
     announce_server_action,
     confirm_server_action,
     generate_schema_example,
+    is_github_url,
     parse_env_var,
     print_log,
     prompt_user,
     remove_nullable,
-    run_command,
     status,
     verbosity,
 )
@@ -153,49 +152,67 @@ configuration = Configuration()
 
 @app.command("add")
 async def add_agent(
-    location: typing.Annotated[
-        str, typer.Argument(help="Agent location (public docker image, local path or github url)")
-    ],
+    location: typing.Annotated[str, typer.Argument(help="Agent location (public docker image or github url)")],
     dockerfile: typing.Annotated[str | None, typer.Option(help="Use custom dockerfile path")] = None,
-    vm_name: typing.Annotated[str, typer.Option(hidden=True)] = "agentstack",
-    verbose: typing.Annotated[bool, typer.Option("-v", help="Show verbose output")] = False,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
     yes: typing.Annotated[bool, typer.Option("--yes", "-y", help="Skip confirmation prompts.")] = False,
 ) -> None:
-    """Install discovered agent or add public docker image or github repository [aliases: install]"""
+    """Add a docker image or GitHub repository [aliases: install]"""
     url = announce_server_action(f"Installing agent '{location}' for")
     await confirm_server_action("Proceed with installing this agent on", url=url, yes=yes)
-    agent_card = None
     with verbosity(verbose):
-        if (
-            process := await run_command(
-                ["docker", "inspect", location], check=False, message="Inspecting docker images"
-            )
-        ).returncode == 0:
-            console.success(f"Found local image [bold]{location}[/bold]")
-            manifest = base64.b64decode(
-                json.loads(process.stdout)[0]["Config"]["Labels"]["beeai.dev.agent.json"]
-            ).decode()
-            agent_card = json.loads(manifest)
-        elif (
-            Path(location).expanduser().exists()
-            or location.startswith("git@")
-            or location.startswith("github.com/")
-            or location.startswith("www.github.com/")
-            or location.endswith(".git")
-            or ((u := urlparse(location)).scheme.startswith("http") and u.netloc.endswith("github.com"))
-            or u.scheme in {"ssh", "git", "git+ssh"}
-        ):
-            console.info(f"Assuming build context, attempting to build agent from [bold]{location}[/bold]")
-            location, agent_card = await build(location, dockerfile, tag=None, vm_name=vm_name, import_image=True)
+        if is_github_url(location):
+            console.info(f"Assuming GitHub repository, attempting to build agent from [bold]{location}[/bold]")
+            with status("Building agent"):
+                build = await _server_side_build(location, dockerfile, add=True, verbose=verbose)
+            if build.status != BuildState.COMPLETED:
+                error = build.error_message or "see logs above for details"
+                raise RuntimeError(f"Agent build failed: {error}")
         else:
-            console.info(f"Assuming public docker image, attempting to pull {location}")
+            if dockerfile:
+                raise ValueError("Dockerfile can be specified only if location is a GitHub url")
+            console.info(f"Assuming public docker image or network address, attempting to add {location}")
+            with status("Registering agent to platform"):
+                async with configuration.use_platform_client():
+                    await Provider.create(location=location)
+        console.success(f"Agent [bold]{location}[/bold] added to platform")
+        await list_agents()
 
-        with status("Registering agent to platform"):
-            async with configuration.use_platform_client():
-                await Provider.create(
-                    location=location,
-                    agent_card=AgentCard.model_validate(agent_card) if agent_card else None,
+
+@app.command("update")
+async def update_agent(
+    search_path: typing.Annotated[
+        str, typer.Argument(..., help="Short ID, agent name or part of the provider location of agent to replace")
+    ],
+    location: typing.Annotated[str, typer.Argument(help="Agent location (public docker image or github url)")],
+    dockerfile: typing.Annotated[str | None, typer.Option(help="Use custom dockerfile path")] = None,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
+    yes: typing.Annotated[bool, typer.Option("--yes", "-y", help="Skip confirmation prompts.")] = False,
+) -> None:
+    """Upgrade agent to a newer docker image or build from GitHub repository"""
+    with verbosity(verbose):
+        async with configuration.use_platform_client():
+            provider = select_provider(search_path, providers=await Provider.list())
+
+        url = announce_server_action(f"Upgrading agent from '{provider.source}' to {location}")
+        await confirm_server_action("Proceed with upgrading agent on", url=url, yes=yes)
+
+        if is_github_url(location):
+            console.info(f"Assuming GitHub repository, attempting to build agent from [bold]{location}[/bold]")
+            with status("Building agent"):
+                build = await _server_side_build(
+                    github_url=location, dockerfile=dockerfile, replace=provider.id, verbose=verbose
                 )
+            if build.status != BuildState.COMPLETED:
+                error = build.error_message or "see logs above for details"
+                raise RuntimeError(f"Agent build failed: {error}")
+        else:
+            if dockerfile:
+                raise ValueError("Dockerfile can be specified only if location is a GitHub url")
+            console.info(f"Assuming public docker image or network address, attempting to add {location}")
+            with status("Upgrading agent in the platform"):
+                async with configuration.use_platform_client():
+                    await provider.patch(location=location)
         console.success(f"Agent [bold]{location}[/bold] added to platform")
         await list_agents()
 
@@ -518,7 +535,8 @@ async def _run_agent(
                     error = ""
                     if message and message.parts and isinstance(message.parts[0].root, TextPart):
                         error = message.parts[0].root.text
-                    console.print(f"[red]Task {status}[/red]: {error}")
+                    console.print(f"\n:boom: [red][bold]Task {status.value}[/bold][/red]")
+                    console.print(Markdown(error))
                     return
                 case Task(id=task_id), TaskStatusUpdateEvent(
                     status=TaskStatus(state=TaskState.auth_required, message=message)
@@ -778,7 +796,7 @@ async def run_agent(
             metadata={"provider_id": provider.id, "agent_name": provider.agent_card.name},
         )
         context_token = await context.generate_token(
-            grant_global_permissions=Permissions(llm={"*"}, embeddings={"*"}, a2a_proxy={"*"}),
+            grant_global_permissions=Permissions(llm={"*"}, embeddings={"*"}, a2a_proxy={"*"}, providers={"read"}),
             grant_context_permissions=ContextPermissions(files={"*"}, vector_stores={"*"}, context_data={"*"}),
         )
 

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/src/agentstack_cli/commands/build.py

@@ -8,6 +8,7 @@ import re
 import sys
 import typing
 import uuid
+from asyncio import CancelledError
 from contextlib import suppress
 from datetime import timedelta
 from pathlib import Path
@@ -17,13 +18,13 @@ import anyio.abc
 import typer
 from a2a.utils import AGENT_CARD_WELL_KNOWN_PATH
 from agentstack_sdk.platform import AddProvider, BuildConfiguration, Provider, UpdateProvider
-from agentstack_sdk.platform.provider_build import BuildState, ProviderBuild
+from agentstack_sdk.platform.provider_build import ProviderBuild
 from anyio import open_process
 from httpx import AsyncClient, HTTPError
 from tenacity import AsyncRetrying, retry_if_exception_type, stop_after_delay, wait_fixed
 
 from agentstack_cli.async_typer import AsyncTyper
-from agentstack_cli.console import console
+from agentstack_cli.console import console, err_console
 from agentstack_cli.utils import (
     announce_server_action,
     capture_output,
@@ -47,8 +48,8 @@ async def find_free_port():
 app = AsyncTyper()
 
 
-@app.command("build")
-async def build(
+@app.command("client-side-build")
+async def client_side_build(
     context: typing.Annotated[str, typer.Argument(help="Docker context for the agent")] = ".",
     dockerfile: typing.Annotated[str | None, typer.Option(help="Use custom dockerfile path")] = None,
     tag: typing.Annotated[str | None, typer.Option(help="Docker tag for the agent")] = None,
@@ -58,8 +59,9 @@ async def build(
         bool, typer.Option("--import/--no-import", is_flag=True, help="Import the image into Agent Stack platform")
     ] = True,
     vm_name: typing.Annotated[str, typer.Option(hidden=True)] = "agentstack",
-    verbose: typing.Annotated[bool, typer.Option("-v")] = False,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
 ):
+    """Build agent locally using Docker."""
     with verbosity(verbose):
         await run_command(["which", "docker"], "Checking docker")
         image_id = "agentstack-agent-build-tmp:latest"
@@ -142,56 +144,67 @@ async def build(
         return tag, agent_card
 
 
-@app.command("server-side-build")
-async def server_side_build_experimental(
+async def _server_side_build(
+    github_url: str,
+    dockerfile: str | None = None,
+    replace: str | None = None,
+    add: bool = False,
+    verbose: bool = False,
+) -> ProviderBuild:
+    build = None
+    try:
+        from agentstack_cli.commands.agent import select_provider
+        from agentstack_cli.configuration import Configuration
+
+        if replace and add:
+            raise ValueError("Cannot specify both replace and add options.")
+
+        build_configuration = None
+        if dockerfile:
+            build_configuration = BuildConfiguration(dockerfile_path=Path(dockerfile))
+
+        async with Configuration().use_platform_client():
+            on_complete = None
+            if replace:
+                provider = select_provider(replace, await Provider.list())
+                on_complete = UpdateProvider(provider_id=uuid.UUID(provider.id))
+            elif add:
+                on_complete = AddProvider()
+
+            build = await ProviderBuild.create(
+                location=github_url,
+                on_complete=on_complete,
+                build_configuration=build_configuration,
+            )
+            with verbosity(verbose):
+                async for message in build.stream_logs():
+                    print_log(message, ansi_mode=True, out_console=err_console)
+            return await build.get()
+    except (KeyboardInterrupt, CancelledError):
+        if build:
+            await build.delete()
+        console.error("Build aborted.")
+        raise
+
+
+@app.command("build")
+async def server_side_build(
     github_url: typing.Annotated[
         str, typer.Argument(..., help="Github repository URL (public or private if supported by the platform instance)")
     ],
     dockerfile: typing.Annotated[
         str | None, typer.Option(help="Use custom dockerfile path, relative to github url sub-path")
     ] = None,
-    replace: typing.Annotated[
-        str | None, typer.Option(help="Short ID, agent name or part of the provider location")
-    ] = None,
-    add: typing.Annotated[bool, typer.Option(help="Add agent to the platform after build")] = False,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
     yes: typing.Annotated[bool, typer.Option("--yes", "-y", help="Skip confirmation prompts.")] = False,
 ):
-    """EXPERIMENTAL: Build agent from github repository in the platform."""
-    from agentstack_cli.commands.agent import select_provider
-    from agentstack_cli.configuration import Configuration
+    """Build agent from a GitHub repository in the platform."""
 
-    if replace and add:
-        raise ValueError("Cannot specify both replace and add options.")
-
-    build_configuration = None
-    if dockerfile:
-        build_configuration = BuildConfiguration(dockerfile_path=Path(dockerfile))
-
-    url = announce_server_action(f"Starting server-side build for '{github_url}' on")
+    url = announce_server_action(f"Starting build for '{github_url}' on")
     await confirm_server_action("Proceed with building this agent on", url=url, yes=yes)
 
-    async with Configuration().use_platform_client():
-        on_complete = None
-        if replace:
-            provider = select_provider(replace, await Provider.list())
-            on_complete = UpdateProvider(provider_id=uuid.UUID(provider.id))
-        elif add:
-            on_complete = AddProvider()
-
-        build = await ProviderBuild.create(
-            location=github_url,
-            on_complete=on_complete,
-            build_configuration=build_configuration,
-        )
-        async for message in build.stream_logs():
-            print_log(message, ansi_mode=True)
-        build = await build.get()
-        if build.status == BuildState.COMPLETED:
-            if add:
-                message = "Agent added successfully. List agents using [green]agentstack list[/green]"
-            else:
-                message = f"Agent built successfully, add it to the platform using: [green]agentstack add {build.destination}[/green]"
-            console.success(message)
-        else:
-            error = build.error_message or "see logs above for details"
-            console.error(f"Agent build failed: {error}")
+    build = await _server_side_build(github_url=github_url, dockerfile=dockerfile, verbose=verbose)
+
+    console.success(
+        f"Agent built successfully, add it to the platform using: [green]agentstack add {build.destination}[/green]"
+    )

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/src/agentstack_cli/commands/model.py

@@ -413,7 +413,7 @@ async def _reset_configuration(existing_providers: list[ModelProvider] | None =
 @app.command("setup")
 async def setup(
     use_true_localhost: typing.Annotated[bool, typer.Option(hidden=True)] = False,
-    verbose: typing.Annotated[bool, typer.Option("-v")] = False,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
 ):
     """Interactive setup for LLM and embedding provider environment variables"""
     announce_server_action("Configuring model providers for")

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/src/agentstack_cli/commands/platform/__init__.py

@@ -72,7 +72,7 @@ async def start(
         pathlib.Path | None, typer.Option("-f", help="Set Helm chart values using yaml values file")
     ] = None,
     vm_name: typing.Annotated[str, typer.Option(hidden=True)] = "agentstack",
-    verbose: typing.Annotated[bool, typer.Option("-v", help="Show verbose output")] = False,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
 ):
     """Start Agent Stack platform."""
     import agentstack_cli.commands.server
@@ -127,7 +127,7 @@ async def start(
 @app.command("stop")
 async def stop(
     vm_name: typing.Annotated[str, typer.Option(hidden=True)] = "agentstack",
-    verbose: typing.Annotated[bool, typer.Option("-v", help="Show verbose output")] = False,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
 ):
     """Stop Agent Stack platform."""
     with verbosity(verbose):
@@ -142,7 +142,7 @@ async def stop(
 @app.command("delete")
 async def delete(
     vm_name: typing.Annotated[str, typer.Option(hidden=True)] = "agentstack",
-    verbose: typing.Annotated[bool, typer.Option("-v", help="Show verbose output")] = False,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
 ):
     """Delete Agent Stack platform."""
     with verbosity(verbose):
@@ -155,7 +155,7 @@ async def delete(
 async def import_image_cmd(
     tag: typing.Annotated[str, typer.Argument(help="Docker image tag to import")],
     vm_name: typing.Annotated[str, typer.Option(hidden=True)] = "agentstack",
-    verbose: typing.Annotated[bool, typer.Option("-v", help="Show verbose output")] = False,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
 ):
     """Import a local docker image into the Agent Stack platform."""
     with verbosity(verbose):
@@ -170,7 +170,7 @@ async def import_image_cmd(
 async def exec_cmd(
     command: typing.Annotated[list[str] | None, typer.Argument()] = None,
     vm_name: typing.Annotated[str, typer.Option(hidden=True)] = "agentstack",
-    verbose: typing.Annotated[bool, typer.Option("-v", help="Show verbose output")] = False,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
 ):
     """For debugging -- execute a command inside the Agent Stack platform VM."""
     with verbosity(verbose, show_success_status=False):

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/src/agentstack_cli/commands/platform/base_driver.py

@@ -117,6 +117,8 @@ class BaseDriver(abc.ABC):
                 "generateConversationTitle": False,  # TODO: enable when UI implementation is ready
                 "uiLocalSetup": True,
             },
+            "providerBuilds": {"enabled": True},
+            "localDockerRegistry": {"enabled": True},
             "auth": {"enabled": False},
         }
         if values_file:

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/src/agentstack_cli/commands/self.py

@@ -40,7 +40,9 @@ def _path() -> str:
 
 
 @app.command("version")
-async def version(verbose: typing.Annotated[bool, typer.Option("-v", help="Show verbose output")] = False):
+async def version(
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
+):
     """Print version of the Agent Stack CLI."""
     with verbosity(verbose=verbose):
         cli_version = importlib.metadata.version("agentstack-cli")
@@ -78,7 +80,7 @@ async def version(verbose: typing.Annotated[bool, typer.Option("-v", help="Show
 
 @app.command("install")
 async def install(
-    verbose: typing.Annotated[bool, typer.Option("-v", help="Show verbose output")] = False,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
 ):
     """Install Agent Stack platform pre-requisites."""
     with verbosity(verbose=verbose):
@@ -171,7 +173,9 @@ async def install(
 
 
 @app.command("upgrade")
-async def upgrade(verbose: typing.Annotated[bool, typer.Option("-v", help="Show verbose output")] = False):
+async def upgrade(
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
+):
     """Upgrade Agent Stack CLI and Platform to the latest version."""
     if not shutil.which("uv", path=_path()):
         console.error("Can't self-upgrade because 'uv' was not found.")
@@ -189,7 +193,7 @@ async def upgrade(verbose: typing.Annotated[bool, typer.Option("-v", help="Show
 
 @app.command("uninstall")
 async def uninstall(
-    verbose: typing.Annotated[bool, typer.Option("-v", help="Show verbose output")] = False,
+    verbose: typing.Annotated[bool, typer.Option("-v", "--verbose", help="Show verbose output")] = False,
 ):
     """Uninstall Agent Stack CLI and Platform."""
     if not shutil.which("uv", path=_path()):

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/src/agentstack_cli/commands/server.py

@@ -5,6 +5,7 @@ import asyncio
 import logging
 import sys
 import typing
+import uuid
 import webbrowser
 from urllib.parse import urlencode
 
@@ -68,6 +69,10 @@ async def _wait_for_auth_code(port: int = 9001) -> str:
     return code
 
 
+def get_unique_app_name() -> str:
+    return f"Agent Stack CLI {uuid.uuid4()}"
+
+
 @app.command("login | change | select | default | switch")
 async def server_login(server: typing.Annotated[str | None, typer.Argument()] = None):
     """Login to a server or switch between logged in servers."""
@@ -137,6 +142,7 @@ async def server_login(server: typing.Annotated[str | None, typer.Argument()] =
 
         client_id = config.client_id
         client_secret = config.client_secret
+        registration_token = None
 
         if auth_servers:
             if len(auth_servers) == 1:
@@ -161,17 +167,35 @@ async def server_login(server: typing.Annotated[str | None, typer.Argument()] =
             registration_endpoint = oidc["registration_endpoint"]
             if not client_id and registration_endpoint:
                 async with httpx.AsyncClient() as client:
+                    resp = None
                     try:
+                        app_name = get_unique_app_name()
                         resp = await client.post(
                             registration_endpoint,
-                            json={"client_name": "Agent Stack CLI", "redirect_uris": [REDIRECT_URI]},
+                            json={
+                                "client_name": app_name,
+                                "grant_types": ["authorization_code", "refresh_token"],
+                                "enforce_pkce": True,
+                                "all_users_entitled": True,
+                                "redirect_uris": [REDIRECT_URI],
+                            },
                         )
                         resp.raise_for_status()
                         data = resp.json()
                         client_id = data["client_id"]
                         client_secret = data["client_secret"]
-                    except Exception:
-                        console.warning("Dynamic client registration failed. Proceed with manual input.")
+                        registration_token = data["registration_access_token"]
+                    except Exception as e:
+                        if resp:
+                            try:
+                                error_details = resp.json()
+                                console.warning(
+                                    f"error: {error_details['error']} error description: {error_details['error_description']}"
+                                )
+
+                            except Exception:
+                                console.info("no parsable json response.")
+                        console.warning(f" Dynamic client registration failed. Proceed with manual input.  {e!s}")
 
             if not client_id:
                 client_id = await inquirer.text(  #  type: ignore
@@ -208,6 +232,7 @@ async def server_login(server: typing.Annotated[str | None, typer.Argument()] =
 
             code = await _wait_for_auth_code()
             async with httpx.AsyncClient() as client:
+                token_resp = None
                 try:
                     token_resp = await client.post(
                         oidc["token_endpoint"],
@@ -223,6 +248,15 @@ async def server_login(server: typing.Annotated[str | None, typer.Argument()] =
                     token_resp.raise_for_status()
                     token = token_resp.json()
                 except Exception as e:
+                    if resp:
+                        try:
+                            error_details = resp.json()
+                            console.warning(
+                                f"error: {error_details['error']} error description: {error_details['error_description']}"
+                            )
+                        except Exception:
+                            console.info("no parsable json response.")
+
                     raise RuntimeError(f"Token request failed: {e}") from e
 
             if not token:
@@ -234,6 +268,7 @@ async def server_login(server: typing.Annotated[str | None, typer.Argument()] =
             client_id=client_id,
             client_secret=client_secret,
             token=token,
+            registration_token=registration_token,
         )
 
     config.auth_manager.active_server = server
@@ -248,7 +283,7 @@ async def server_logout(
         typer.Option(),
     ] = False,
 ):
-    config.auth_manager.clear_auth_token(all=all)
+    await config.auth_manager.clear_auth_token(all=all)
     console.success("You have been logged out.")
 
 

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/src/agentstack_cli/configuration.py

@@ -65,7 +65,7 @@ class Configuration(pydantic_settings.BaseSettings):
             sys.exit(1)
         async with use_platform_client(
             auth=("admin", self.admin_password.get_secret_value()) if self.admin_password else None,
-            auth_token=self.auth_manager.load_auth_token(),
+            auth_token=await self.auth_manager.load_auth_token(),
             base_url=self.auth_manager.active_server + "/",
         ) as client:
             yield client

{agentstack_cli-0.4.2rc8 → agentstack_cli-0.4.2rc10}/src/agentstack_cli/utils.py

@@ -5,6 +5,7 @@ import contextlib
 import functools
 import json
 import os
+import re
 import subprocess
 import sys
 from collections.abc import AsyncIterator
@@ -26,7 +27,7 @@ from jsf import JSF
 from prompt_toolkit import PromptSession
 from prompt_toolkit.shortcuts import CompleteStyle
 from pydantic import BaseModel
-from rich.console import Capture
+from rich.console import Capture, Console
 from rich.text import Text
 
 from agentstack_cli.configuration import Configuration
@@ -296,7 +297,7 @@ def verbosity(verbose: bool, show_success_status: bool = True):
         SHOW_SUCCESS_STATUS.reset(token_command_status)
 
 
-def print_log(line, ansi_mode=False):
+def print_log(line, ansi_mode=False, out_console: Console | None = None):
     if "error" in line:
 
         class CustomError(Exception): ...
@@ -309,6 +310,28 @@ def print_log(line, ansi_mode=False):
         return Text.from_ansi(text) if ansi_mode else text
 
     if line["stream"] == "stderr":
-        err_console.print(decode(line["message"]))
+        (out_console or err_console).print(decode(line["message"]))
     elif line["stream"] == "stdout":
-        console.print(decode(line["message"]))
+        (out_console or console).print(decode(line["message"]))
+
+
+def is_github_url(url: str) -> bool:
+    """This pattern is taken from agentstack_server.utils.github.GithubUrl, make sure to keep it in sync"""
+
+    pattern = r"""
+        ^
+        (?:git\+)?                              # Optional git+ prefix
+        https?://(?P<host>github(?:\.[^/]+)+)/  # GitHub host (github.com or github.enterprise.com)
+        (?P<org>[^/]+)/                         # Organization
+        (?P<repo>
+            (?:                                 # Non-capturing group for repo name
+                (?!\.git(?:$|[@#]))             # Negative lookahead for .git at end or followed by @#
+                [^/@#]                          # Any char except /@#
+            )+                                  # One or more of these chars
+        )
+        (?:\.git)?                              # Optional .git suffix
+        (?:@(?P<version>[^#]+))?                # Optional version after @
+        (?:\#path=(?P<path>.+))?                # Optional path after #path=
+        $
+    """
+    return bool(re.match(pattern, url, re.VERBOSE))

agentstack_cli-0.4.2rc8/src/agentstack_cli/auth_manager.py

@@ -1,126 +0,0 @@
-# Copyright 2025 © BeeAI a Series of LF Projects, LLC
-# SPDX-License-Identifier: Apache-2.0
-
-import pathlib
-import typing
-from collections import defaultdict
-from typing import Any
-
-from pydantic import BaseModel, Field
-
-
-class AuthToken(BaseModel):
-    access_token: str
-    token_type: str = "Bearer"
-    expires_in: int | None = None
-    refresh_token: str | None = None
-    scope: str | None = None
-
-
-class AuthServer(BaseModel):
-    client_id: str = "df82a687-d647-4247-838b-7080d7d83f6c"  # Backwards compatibility default
-    client_secret: str | None = None
-    token: AuthToken | None = None
-
-
-class Server(BaseModel):
-    authorization_servers: dict[str, AuthServer] = Field(default_factory=dict)
-
-
-class Auth(BaseModel):
-    version: typing.Literal[1] = 1
-    servers: defaultdict[str, typing.Annotated[Server, Field(default_factory=Server)]] = Field(
-        default_factory=lambda: defaultdict(Server)
-    )
-    active_server: str | None = None
-    active_auth_server: str | None = None
-
-
-@typing.final
-class AuthManager:
-    def __init__(self, config_path: pathlib.Path):
-        self._auth_path = config_path
-        self._auth = self._load()
-
-    def _load(self) -> Auth:
-        if not self._auth_path.exists():
-            return Auth()
-        return Auth.model_validate_json(self._auth_path.read_bytes())
-
-    def _save(self) -> None:
-        self._auth_path.write_text(self._auth.model_dump_json(indent=2))
-
-    def save_auth_token(
-        self,
-        server: str,
-        auth_server: str | None = None,
-        client_id: str | None = None,
-        client_secret: str | None = None,
-        token: dict[str, Any] | None = None,
-    ) -> None:
-        if auth_server is not None and client_id is not None and token is not None:
-            self._auth.servers[server].authorization_servers[auth_server] = AuthServer(
-                client_id=client_id, client_secret=client_secret, token=AuthToken(**token)
-            )
-        else:
-            self._auth.servers[server]  # touch
-        self._save()
-
-    def load_auth_token(self) -> str | None:
-        active_res = self._auth.active_server
-        active_auth_server = self._auth.active_auth_server
-        if not active_res or not active_auth_server:
-            return None
-        server = self._auth.servers.get(active_res)
-        if not server:
-            return None
-
-        auth_server = server.authorization_servers.get(active_auth_server)
-        if not auth_server or not auth_server.token:
-            return None
-
-        return auth_server.token.access_token
-
-    def clear_auth_token(self, all: bool = False) -> None:
-        if all:
-            self._auth.servers = defaultdict(Server)
-        else:
-            if self._auth.active_server and self._auth.active_auth_server:
-                del self._auth.servers[self._auth.active_server].authorization_servers[self._auth.active_auth_server]
-            if self._auth.active_server and not self._auth.servers[self._auth.active_server].authorization_servers:
-                del self._auth.servers[self._auth.active_server]
-        self._auth.active_server = None
-        self._auth.active_auth_server = None
-        self._save()
-
-    def get_server(self, server: str) -> Server | None:
-        return self._auth.servers.get(server)
-
-    @property
-    def servers(self) -> list[str]:
-        return list(self._auth.servers.keys())
-
-    @property
-    def active_server(self) -> str | None:
-        return self._auth.active_server
-
-    @active_server.setter
-    def active_server(self, server: str | None) -> None:
-        if server is not None and server not in self._auth.servers:
-            raise ValueError(f"Server {server} not found")
-        self._auth.active_server = server
-        self._save()
-
-    @property
-    def active_auth_server(self) -> str | None:
-        return self._auth.active_auth_server
-
-    @active_auth_server.setter
-    def active_auth_server(self, auth_server: str | None) -> None:
-        if auth_server is not None and (
-            self._auth.active_server not in self._auth.servers
-            or auth_server not in self._auth.servers[self._auth.active_server].authorization_servers
-        ):
-            raise ValueError(f"Auth server {auth_server} not found in active server")
-        self._auth.active_auth_server = auth_server
-        self._save()