aline-ai 0.5.11__py3-none-any.whl → 0.5.13__py3-none-any.whl

realign/commands/auth.py

@@ -0,0 +1,242 @@
+#!/usr/bin/env python3
+"""
+Authentication commands for Aline CLI.
+
+Commands:
+- aline login   - Login via web browser
+- aline logout  - Clear local credentials
+- aline whoami  - Show current login status
+"""
+
+import sys
+from typing import Optional
+
+try:
+    from rich.console import Console
+    from rich.prompt import Prompt
+    RICH_AVAILABLE = True
+except ImportError:
+    RICH_AVAILABLE = False
+
+from ..auth import (
+    is_logged_in,
+    get_current_user,
+    load_credentials,
+    save_credentials,
+    clear_credentials,
+    open_login_page,
+    validate_cli_token,
+    find_free_port,
+    start_callback_server,
+    HTTPX_AVAILABLE,
+)
+from ..config import ReAlignConfig
+from ..logging_config import setup_logger
+
+logger = setup_logger("realign.commands.auth", "auth.log")
+
+if RICH_AVAILABLE:
+    console = Console()
+else:
+    console = None
+
+
+def login_command() -> int:
+    """
+    Login to Aline via web browser.
+
+    Opens the web login page with automatic callback - no manual token copy needed.
+
+    Returns:
+        0 on success, 1 on error
+    """
+    # Check dependencies
+    if not HTTPX_AVAILABLE:
+        print("Error: httpx package not installed", file=sys.stderr)
+        print("Install it with: pip install httpx", file=sys.stderr)
+        return 1
+
+    # Check if already logged in
+    credentials = load_credentials()
+    if credentials and is_logged_in():
+        if console:
+            console.print(f"[yellow]Already logged in as {credentials.email}[/yellow]")
+            console.print("Run 'aline logout' first if you want to switch accounts.")
+        else:
+            print(f"Already logged in as {credentials.email}")
+            print("Run 'aline logout' first if you want to switch accounts.")
+        return 0
+
+    # Start local callback server
+    port = find_free_port()
+
+    if console:
+        console.print("[cyan]Opening browser for login...[/cyan]")
+        console.print("[dim]Waiting for authentication...[/dim]\n")
+    else:
+        print("Opening browser for login...")
+        print("Waiting for authentication...\n")
+
+    # Open browser with callback URL
+    login_url = open_login_page(callback_port=port)
+
+    if console:
+        console.print(f"[dim]If browser doesn't open, visit:[/dim]")
+        console.print(f"[link={login_url}]{login_url}[/link]\n")
+    else:
+        print(f"If browser doesn't open, visit:")
+        print(f"{login_url}\n")
+
+    # Wait for callback with token
+    cli_token, error = start_callback_server(port, timeout=300)
+
+    if error:
+        if console:
+            console.print(f"[red]Error: {error}[/red]")
+        else:
+            print(f"Error: {error}", file=sys.stderr)
+        return 1
+
+    if not cli_token:
+        if console:
+            console.print("[red]Error: No token received[/red]")
+            console.print("Please try again with 'aline login'")
+        else:
+            print("Error: No token received", file=sys.stderr)
+            print("Please try again with 'aline login'")
+        return 1
+
+    # Validate token
+    if console:
+        console.print("[cyan]Validating token...[/cyan]")
+    else:
+        print("Validating token...")
+
+    credentials = validate_cli_token(cli_token)
+
+    if not credentials:
+        if console:
+            console.print("[red]Error: Invalid or expired token[/red]")
+            console.print("Please try again with 'aline login'")
+        else:
+            print("Error: Invalid or expired token", file=sys.stderr)
+            print("Please try again with 'aline login'")
+        return 1
+
+    # Save credentials
+    if not save_credentials(credentials):
+        if console:
+            console.print("[red]Error: Failed to save credentials[/red]")
+        else:
+            print("Error: Failed to save credentials", file=sys.stderr)
+        return 1
+
+    # Sync Supabase uid to local config
+    # This ensures all new Events/Sessions/Turns use the same uid as shares
+    try:
+        config = ReAlignConfig.load()
+        old_uid = config.uid
+        config.uid = credentials.user_id
+        # Use email as user_name if not already set
+        if not config.user_name:
+            config.user_name = credentials.email.split("@")[0]  # Use email prefix as username
+        config.save()
+        logger.info(f"Synced Supabase uid to config: {credentials.user_id[:8]}... (was: {old_uid[:8] if old_uid else 'not set'}...)")
+
+        # V18: Upsert user info to users table
+        try:
+            from ..db import get_database
+            db = get_database()
+            db.upsert_user(config.uid, config.user_name)
+        except Exception as e:
+            logger.debug(f"Failed to upsert user to users table: {e}")
+    except Exception as e:
+        # Non-fatal: continue even if config sync fails
+        logger.warning(f"Failed to sync uid to config: {e}")
+
+    # Success
+    if console:
+        console.print(f"\n[green]Login successful![/green]")
+        console.print(f"Logged in as: [bold]{credentials.email}[/bold]")
+        if credentials.provider and credentials.provider != "email":
+            console.print(f"Provider: {credentials.provider}")
+        console.print(f"[dim]User ID synced to local config[/dim]")
+    else:
+        print(f"\nLogin successful!")
+        print(f"Logged in as: {credentials.email}")
+        if credentials.provider and credentials.provider != "email":
+            print(f"Provider: {credentials.provider}")
+        print("User ID synced to local config")
+
+    logger.info(f"Login successful for {credentials.email}")
+    return 0
+
+
+def logout_command() -> int:
+    """
+    Logout from Aline and clear local credentials.
+
+    Returns:
+        0 on success, 1 on error
+    """
+    credentials = load_credentials()
+
+    if not credentials:
+        if console:
+            console.print("[yellow]Not currently logged in.[/yellow]")
+        else:
+            print("Not currently logged in.")
+        return 0
+
+    email = credentials.email
+
+    if not clear_credentials():
+        if console:
+            console.print("[red]Error: Failed to clear credentials[/red]")
+        else:
+            print("Error: Failed to clear credentials", file=sys.stderr)
+        return 1
+
+    if console:
+        console.print(f"[green]Logged out successfully.[/green]")
+        console.print(f"Cleared credentials for: {email}")
+    else:
+        print("Logged out successfully.")
+        print(f"Cleared credentials for: {email}")
+
+    logger.info(f"Logout successful for {email}")
+    return 0
+
+
+def whoami_command() -> int:
+    """
+    Display current login status.
+
+    Returns:
+        0 if logged in, 1 if not logged in
+    """
+    credentials = get_current_user()
+
+    if not credentials:
+        if console:
+            console.print("[yellow]Not logged in.[/yellow]")
+            console.print("Run 'aline login' to authenticate.")
+        else:
+            print("Not logged in.")
+            print("Run 'aline login' to authenticate.")
+        return 1
+
+    if console:
+        console.print(f"[green]Logged in as:[/green] [bold]{credentials.email}[/bold]")
+        console.print(f"[dim]User ID:[/dim] {credentials.user_id}")
+        if credentials.provider:
+            console.print(f"[dim]Provider:[/dim] {credentials.provider}")
+        console.print(f"[dim]Token expires:[/dim] {credentials.expires_at.strftime('%Y-%m-%d %H:%M:%S UTC')}")
+    else:
+        print(f"Logged in as: {credentials.email}")
+        print(f"User ID: {credentials.user_id}")
+        if credentials.provider:
+            print(f"Provider: {credentials.provider}")
+        print(f"Token expires: {credentials.expires_at.strftime('%Y-%m-%d %H:%M:%S UTC')}")
+
+    return 0

realign/commands/export_shares.py

@@ -25,6 +25,7 @@ from typing import Any, List, Dict, Optional, Tuple, Set, Callable
 from ..logging_config import setup_logger
 from ..db.base import SessionRecord, TurnRecord
 from ..llm_client import call_llm, extract_json
+from ..auth import get_auth_headers, is_logged_in
 
 logger = setup_logger("realign.commands.export_shares", "export_shares.log")
 
@@ -177,9 +178,9 @@ class ExportableSession:
     last_activity_at: Optional[datetime]  # Last activity time
     turn_count: int  # Number of turns in session
     turns: List[TurnRecord]  # List of turns
-    # V9: creator information
-    creator_name: Optional[str] = None  # Username who created the session
-    creator_id: Optional[str] = None  # User UUID
+    # V18: user identity
+    created_by: Optional[str] = None  # Creator UID
+    shared_by: Optional[str] = None  # Sharer UID
 
 
 def get_sessions_for_export(
@@ -215,8 +216,8 @@ def get_sessions_for_export(
                 last_activity_at=session.last_activity_at,
                 turn_count=len(turns),
                 turns=turns,
-                creator_name=session.creator_name,
-                creator_id=session.creator_id,
+                created_by=session.created_by,
+                shared_by=session.shared_by,
             )
         )
 
@@ -298,8 +299,8 @@ def build_exportable_sessions_from_records(
                 last_activity_at=session.last_activity_at,
                 turn_count=len(turns),
                 turns=turns,
-                creator_name=session.creator_name,
-                creator_id=session.creator_id,
+                created_by=session.created_by,
+                shared_by=session.shared_by,
             )
         )
     return exportable
@@ -803,8 +804,8 @@ def build_enhanced_conversation_data(
             full_event.created_at.isoformat() if full_event.created_at else None
         )
         event_data["metadata"] = full_event.metadata or {}
-        event_data["creator_name"] = full_event.creator_name
-        event_data["creator_id"] = full_event.creator_id
+        event_data["created_by"] = full_event.created_by
+        event_data["shared_by"] = full_event.shared_by
 
     # Build sessions data with turn structure
     sessions_data = []
@@ -867,13 +868,11 @@ def build_enhanced_conversation_data(
                 ),
                 "model_name": turn.model_name,
                 "git_commit_hash": turn.git_commit_hash,
-                "creator_name": turn.creator_name,
-                "creator_id": turn.creator_id,
                 "messages": messages,  # Structured messages for this turn
             }
             turns_data.append(turn_data)
 
-        # Build session data (V9: includes creator fields)
+        # Build session data (V18: created_by/shared_by)
         session_data = {
             "session_id": session.session_id,
             "session_type": session.session_type,
@@ -884,8 +883,8 @@ def build_enhanced_conversation_data(
             "last_activity_at": (
                 session.last_activity_at.isoformat() if session.last_activity_at else None
             ),
-            "creator_name": session.creator_name,
-            "creator_id": session.creator_id,
+            "created_by": session.created_by,
+            "shared_by": session.shared_by,
             "turns": turns_data,
         }
         sessions_data.append(session_data)
@@ -1688,9 +1687,13 @@ def _standard_upload(
         if ui_metadata:
             payload["ui_metadata"] = ui_metadata
 
+        # Include auth headers for Bearer token authentication
+        headers = get_auth_headers()
+
         response = httpx.post(
             f"{backend_url}/api/share/create",
             json=payload,
+            headers=headers,
             timeout=30.0,
         )
         response.raise_for_status()
@@ -1705,12 +1708,14 @@ def _upload_chunks_and_complete(
     upload_id: str,
     backend_url: str,
     progress_callback: Optional[Callable] = None,
+    auth_headers: Optional[Dict[str, str]] = None,
 ) -> None:
     """
     Helper function to upload chunks and complete the upload.
     Can be run in background thread.
     """
     total_chunks = len(chunks)
+    headers = auth_headers or {}
 
     # Upload each chunk
     for i, chunk in enumerate(chunks):
@@ -1727,6 +1732,7 @@ def _upload_chunks_and_complete(
             response = httpx.post(
                 f"{backend_url}/api/share/chunk/upload",
                 json=chunk_payload,
+                headers=headers,
                 timeout=60.0,  # Longer timeout for chunk uploads
             )
             response.raise_for_status()
@@ -1748,6 +1754,7 @@ def _upload_chunks_and_complete(
         response = httpx.post(
             f"{backend_url}/api/share/chunk/complete",
             json={"upload_id": upload_id},
+            headers=headers,
             timeout=60.0,
         )
         response.raise_for_status()
@@ -1806,6 +1813,9 @@ def _chunked_upload(
     if progress_callback:
         progress_callback(0, total_chunks + 2, "Initializing chunked upload...")
 
+    # Get auth headers for Bearer token authentication
+    auth_headers = get_auth_headers()
+
     # Step 1: Initialize upload session (now returns share_url immediately)
     try:
         init_payload = {
@@ -1823,6 +1833,7 @@ def _chunked_upload(
         response = httpx.post(
             f"{backend_url}/api/share/chunk/init",
             json=init_payload,
+            headers=auth_headers,
             timeout=30.0,
         )
         response.raise_for_status()
@@ -1847,7 +1858,7 @@ def _chunked_upload(
         # but user already has the share URL displayed
         thread = threading.Thread(
             target=_upload_chunks_and_complete,
-            args=(chunks, upload_id, backend_url, None),  # No callback in background
+            args=(chunks, upload_id, backend_url, None, auth_headers),  # No callback in background
             daemon=False,  # Important: let thread complete before process exits
         )
         thread.start()
@@ -1862,7 +1873,7 @@ def _chunked_upload(
         }
 
     # Foreground mode: upload chunks synchronously
-    _upload_chunks_and_complete(chunks, upload_id, backend_url, progress_callback)
+    _upload_chunks_and_complete(chunks, upload_id, backend_url, progress_callback, auth_headers)
 
     return {
         "share_id": share_id,
@@ -1917,11 +1928,13 @@ def upload_to_backend_unencrypted(
     else:
         logger.info(f"Payload size ({payload_size / 1024:.2f}KB), using standard upload")
         print(f"📤 Using standard upload...")
-        # Standard upload
+        # Standard upload with auth headers
         try:
+            headers = get_auth_headers()
             response = httpx.post(
                 f"{backend_url}/api/share/create",
                 json=full_payload,
+                headers=headers,
                 timeout=30.0,
             )
             response.raise_for_status()
@@ -1975,6 +1988,9 @@ def _chunked_upload_unencrypted(
     if progress_callback:
         progress_callback(0, total_chunks + 2, "Initializing chunked upload...")
 
+    # Get auth headers for Bearer token authentication
+    auth_headers = get_auth_headers()
+
     # Step 1: Initialize upload session (now returns share_url immediately)
     try:
         init_payload = {
@@ -1988,6 +2004,7 @@ def _chunked_upload_unencrypted(
         response = httpx.post(
             f"{backend_url}/api/share/chunk/init",
             json=init_payload,
+            headers=auth_headers,
             timeout=30.0,
         )
         response.raise_for_status()
@@ -2012,7 +2029,7 @@ def _chunked_upload_unencrypted(
         # but user already has the share URL displayed
         thread = threading.Thread(
             target=_upload_chunks_and_complete,
-            args=(chunks, upload_id, backend_url, None),  # No callback in background
+            args=(chunks, upload_id, backend_url, None, auth_headers),  # No callback in background
             daemon=False,  # Important: let thread complete before process exits
         )
         thread.start()
@@ -2027,7 +2044,7 @@ def _chunked_upload_unencrypted(
         }
 
     # Foreground mode: upload chunks synchronously
-    _upload_chunks_and_complete(chunks, upload_id, backend_url, progress_callback)
+    _upload_chunks_and_complete(chunks, upload_id, backend_url, progress_callback, auth_headers)
 
     return {
         "share_id": share_id,
@@ -3036,16 +3053,22 @@ def export_shares_interactive_command(
     # Check dependencies
     if not CRYPTO_AVAILABLE:
         if not json_output:
-            print("❌ Error: cryptography package not installed", file=sys.stderr)
+            print("Error: cryptography package not installed", file=sys.stderr)
             print("Install it with: pip install cryptography", file=sys.stderr)
         return 1
 
     if not HTTPX_AVAILABLE:
         if not json_output:
-            print("❌ Error: httpx package not installed", file=sys.stderr)
+            print("Error: httpx package not installed", file=sys.stderr)
             print("Install it with: pip install httpx", file=sys.stderr)
         return 1
 
+    # Check authentication - require login to create shares
+    if not is_logged_in():
+        if not json_output:
+            print("Error: Not logged in. Please run 'aline login' first.", file=sys.stderr)
+        return 1
+
     # Get backend URL
     if backend_url is None:
         # Try to load from config

realign/commands/import_shares.py

@@ -288,8 +288,9 @@ def import_v2_data(
             slack_message=None,
             share_url=share_url,
             commit_hashes=[],
-            creator_name=event_data.get("creator_name"),  # V9: preserve creator info
-            creator_id=event_data.get("creator_id"),
+            # V18: user identity (with backward compatibility for old format)
+            created_by=event_data.get("created_by") or event_data.get("uid") or event_data.get("creator_id"),
+            shared_by=config.uid,  # Current user is the importer
         )
 
         # Use sync_events for both create and update (upsert behavior)
@@ -393,8 +394,9 @@ def import_session_with_turns(
             summary_status="completed",
             summary_locked_until=None,
             summary_error=None,
-            creator_name=session_data.get("creator_name"),  # V9: preserve creator info
-            creator_id=session_data.get("creator_id"),
+            # V18: user identity (with backward compatibility for old format)
+            created_by=session_data.get("created_by") or session_data.get("uid") or session_data.get("creator_id"),
+            shared_by=config.uid,  # Current user is the importer
         )
 
         if existing_session and force:
@@ -423,8 +425,8 @@ def import_session_with_turns(
                     summary_status = ?,
                     summary_locked_until = ?,
                     summary_error = ?,
-                    creator_name = ?,
-                    creator_id = ?
+                    created_by = ?,
+                    shared_by = ?
                 WHERE id = ?
             """,
                 (
@@ -434,8 +436,8 @@ def import_session_with_turns(
                     session.summary_status,
                     session.summary_locked_until,
                     session.summary_error,
-                    session.creator_name,
-                    session.creator_id,
+                    session.created_by,
+                    session.shared_by,
                     session.id,
                 ),
             )
@@ -473,8 +475,6 @@ def import_session_with_turns(
             timestamp=parse_datetime(turn_data.get("timestamp")) or datetime.now(),
             created_at=datetime.now(),
             git_commit_hash=turn_data.get("git_commit_hash"),
-            creator_name=turn_data.get("creator_name"),  # V9: preserve creator info
-            creator_id=turn_data.get("creator_id"),
         )
 
         # Store turn content (JSONL)

realign/commands/init.py

@@ -9,7 +9,6 @@ from rich.console import Console
 from ..config import (
     ReAlignConfig,
     get_default_config_content,
-    generate_user_id,
     generate_random_username,
 )
 
@@ -19,7 +18,7 @@ console = Console()
 # tmux config template for Aline-managed dashboard sessions.
 # Stored at ~/.aline/tmux/tmux.conf and sourced by the dashboard tmux bootstrap.
 # Bump this version when the tmux config changes to trigger auto-update on `aline init`.
-_TMUX_CONFIG_VERSION = 2
+_TMUX_CONFIG_VERSION = 8
 
 
 def _get_tmux_config() -> str:
@@ -53,16 +52,25 @@ set -s escape-time 0
 # Better scrolling: enter copy-mode with -e so scrolling to bottom exits it.
 bind-key -n WheelUpPane if-shell -F -t = "#{mouse_any_flag}" "send-keys -M" "if -Ft= '#{pane_in_mode}' 'send-keys -M' 'copy-mode -e -t ='"
 
-# macOS clipboard (pbcopy). Only set bindings if pbcopy is available.
-if-shell 'command -v pbcopy >/dev/null 2>&1' '
-    bind -T copy-mode-vi MouseDragEnd1Pane send -X copy-pipe "pbcopy" \; if -F "#{==:#{scroll_position},0}" "send -X cancel"
-    bind -T copy-mode    MouseDragEnd1Pane send -X copy-pipe "pbcopy" \; if -F "#{==:#{scroll_position},0}" "send -X cancel"
-' ''
+# macOS clipboard: copy selection to clipboard when drag ends.
+# Use copy-pipe-no-clear to preserve selection highlight after copying.
+bind -T copy-mode-vi MouseDragEnd1Pane send -X copy-pipe-no-clear "pbcopy"
+bind -T copy-mode    MouseDragEnd1Pane send -X copy-pipe-no-clear "pbcopy"
 
-# Prevent mouse click from exiting copy-mode (stay in copy mode, just clear selection).
+# MouseDrag1Pane: Clear old selection and start new one when dragging begins.
+# This ensures selection only clears when starting a NEW drag, not on click.
+bind -T copy-mode-vi MouseDrag1Pane select-pane \; send -X clear-selection \; send -X begin-selection
+bind -T copy-mode    MouseDrag1Pane select-pane \; send -X clear-selection \; send -X begin-selection
+
+# MouseDown1Pane: Click clears selection but stays in copy-mode (no scroll).
+# To exit copy-mode: scroll to bottom (auto-exit) or press q/Escape.
 bind -T copy-mode-vi MouseDown1Pane select-pane \; send -X clear-selection
 bind -T copy-mode    MouseDown1Pane select-pane \; send -X clear-selection
 
+# Escape key: exit copy-mode (also use this before Cmd+V paste in copy-mode).
+bind -T copy-mode-vi Escape send -X cancel
+bind -T copy-mode    Escape send -X cancel
+
 # Type-to-Exit: Typing any alphanumeric character exits copy-mode and sends the key.
 """
     def _tmux_quote(value: str) -> str:
@@ -638,45 +646,23 @@ def init_global(
         # Load config
         config = ReAlignConfig.load()
 
-        # User identity setup (V9)
-        if not config.user_id:
+        # User identity setup (V17: uid from Supabase login)
+        if not config.uid:
             console.print("\n[bold blue]═══ User Identity Setup ═══[/bold blue]")
             console.print(
-                "ReAlign needs to identify you for tracking session ownership.\n"
+                "Aline requires login for user identification.\n"
             )
-
-            # Generate user UUID (based on MAC address)
-            config.user_id = generate_user_id()
-            console.print(f"Generated user ID: [cyan]{config.user_id[:8]}...[/cyan]\n")
-
-            # Prompt user for username
-            try:
-                from rich.prompt import Prompt
-
-                user_input = Prompt.ask(
-                    "[cyan]Enter your username (or press Enter for auto-generated)[/cyan]",
-                    default="",
-                )
-            except ImportError:
-                user_input = input(
-                    "Enter your username (or press Enter for auto-generated): "
-                ).strip()
-
-            if user_input:
-                config.user_name = user_input
-            else:
-                # Auto-generate username
+            console.print(
+                "[yellow]Run 'aline login' to authenticate with your account.[/yellow]\n"
+            )
+            # If user_name is also not set, generate a temporary one
+            if not config.user_name:
                 config.user_name = generate_random_username()
+                config.save()
                 console.print(
-                    f"Auto-generated username: [yellow]{config.user_name}[/yellow]"
+                    f"Auto-generated username: [yellow]{config.user_name}[/yellow] (will update on login)\n"
                 )
 
-            # Save config with user identity
-            config.save()
-            console.print(
-                f"[green]✓[/green] User identity saved: [bold]{config.user_name}[/bold] ([dim]{config.user_id[:8]}...[/dim])\n"
-            )
-
         # Initialize database
         db_path = Path(config.sqlite_db_path).expanduser()
         db_path.parent.mkdir(parents=True, exist_ok=True)