PyPI - aline-ai - Versions diffs - 0.5.12__py3-none-any.whl → 0.5.13__py3-none-any.whl - Mend

aline-ai 0.5.12py3-none-any.whl → 0.5.13py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

{aline_ai-0.5.12.dist-info → aline_ai-0.5.13.dist-info}/METADATA +1 -1
{aline_ai-0.5.12.dist-info → aline_ai-0.5.13.dist-info}/RECORD +20 -18
realign/__init__.py +1 -1
realign/auth.py +539 -0
realign/cli.py +23 -1
realign/commands/auth.py +242 -0
realign/commands/export_shares.py +44 -21
realign/commands/import_shares.py +10 -10
realign/commands/init.py +10 -33
realign/commands/watcher.py +11 -16
realign/config.py +12 -29
realign/dashboard/widgets/config_panel.py +177 -1
realign/db/base.py +28 -11
realign/db/schema.py +102 -15
realign/db/sqlite_db.py +108 -58
realign/watcher_core.py +1 -9
{aline_ai-0.5.12.dist-info → aline_ai-0.5.13.dist-info}/WHEEL +0 -0
{aline_ai-0.5.12.dist-info → aline_ai-0.5.13.dist-info}/entry_points.txt +0 -0
{aline_ai-0.5.12.dist-info → aline_ai-0.5.13.dist-info}/licenses/LICENSE +0 -0
{aline_ai-0.5.12.dist-info → aline_ai-0.5.13.dist-info}/top_level.txt +0 -0

{aline_ai-0.5.12.dist-info → aline_ai-0.5.13.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aline-ai
-Version: 0.5.12
+Version: 0.5.13
 Summary: Shared AI memory; everyone knows everything in teams
 Author: Sharemind
 License: MIT

{aline_ai-0.5.12.dist-info → aline_ai-0.5.13.dist-info}/RECORD RENAMED Viewed

@@ -1,9 +1,10 @@
-aline_ai-0.5.12.dist-info/licenses/LICENSE,sha256=H8wTqV5IF1oHw_HbBtS1PSDU8G_q81yblEIL_JfV8Vo,1077
-realign/__init__.py,sha256=6cJg0KmEft8KkD6TMW5-Lib2T9w9w105TIzIZ8mfEao,1624
+aline_ai-0.5.13.dist-info/licenses/LICENSE,sha256=H8wTqV5IF1oHw_HbBtS1PSDU8G_q81yblEIL_JfV8Vo,1077
+realign/__init__.py,sha256=7hBPixwKhL2BzvTWOw-rerx1yBjnC8f5kVd0IDyl-Bo,1624
+realign/auth.py,sha256=63fdy-KsNoLZ9A6X0Mz_v-0tQOXN_1XncXBGBlEoXqE,16030
 realign/claude_detector.py,sha256=ZLSJacMo6zzQclXByABKA70UNpstxqIv3fPGqdpA934,2792
-realign/cli.py,sha256=9VS3WbysZ78NRK5EvkJVg8s6Uh2TQjsGX1E9Pl81pHc,31234
+realign/cli.py,sha256=RuFw_FWnKcRm0-3J-pGNR-S9e0D1rZ-ptAPlO2FFOlM,31807
 realign/codex_detector.py,sha256=N9ulgMgvTzDfXE4s4vLd6OoS0hT7R6h2bDFFXWa-2hE,4183
-realign/config.py,sha256=lIKZqeOwYc_gHo760lYYX6PnapuKrCWGqT5SA8-PbeA,12044
+realign/config.py,sha256=d8HQ6v1xju6cjNGbR7LlfHaMyvFPcMDofhGbepxpQq8,11634
 realign/context.py,sha256=8hzgNOg-7_eMW22wt7OM5H9IsmMveKXCv0epG7E0G7w,13917
 realign/file_lock.py,sha256=kLNm1Rra4TCrTMyPM5fwjVascq-CUz2Bzh9HHKtCKOE,3444
 realign/hooks.py,sha256=NR4LgWgkA6npW_B68I7OdCaZNWseYSP7ZbK4Sl5nnTo,74692
@@ -12,7 +13,7 @@ realign/logging_config.py,sha256=LCAigKFhTj86PSJm4-kUl3Ag9h_GENh3x2iPnMv7qUI,487
 realign/mcp_server.py,sha256=LWiQ2qukYoNLsoV2ID2f0vF9jkJlBvB587HpM5jymgE,10193
 realign/mcp_watcher.py,sha256=aK4jWStv7CoCroS4tXFHgZ_y_-q4QDjrpWgm4DxcEj4,1260
 realign/redactor.py,sha256=Zsoi5HfYak2yPmck20JArhm-1cPSB78IdkBJiNVXfrc,17096
-realign/watcher_core.py,sha256=zM6ABnc9WoyPQ7GxiciMTwRyOeC6k5_XGTcI4eqx7TI,106961
+realign/watcher_core.py,sha256=NNn_xlm50Ybb60--DrF9dyvzGgJ4ENQeAUbZsH7w4to,106555
 realign/watcher_daemon.py,sha256=AVOMXrlVVy7Rlx3Yfib4e-KLszIR7CLdSHpdoxDRp8c,3090
 realign/worker_core.py,sha256=-GOItHE0vzExB8LZK6KeHx4tt_mIqtCoUljOtEg2x8A,10105
 realign/worker_daemon.py,sha256=LpJbQDY0Z4AMtq0LmpxvFeQM4puuoGDRBayKRafvKhc,3574
@@ -33,15 +34,16 @@ realign/claude_hooks/user_prompt_submit_hook.py,sha256=WD-UavhBTueN2TPfnZrnPC7DF
 realign/claude_hooks/user_prompt_submit_hook_installer.py,sha256=2xLF8yZcE7Iwib9gU-xCkA1NWxNH9Nc5CFKPYK7rtXw,5371
 realign/commands/__init__.py,sha256=sx_ck55oxaoiF4N3LugG0ZXwonUDxeEZ5uHbBKCC7K8,89
 realign/commands/add.py,sha256=njZgg3paUmOw-sb-sWkXr_eUaf5bD-hBEiRectaphPs,24332
+realign/commands/auth.py,sha256=AnUXpnRBkdBflFIweUz5WQKFVmtyxWRjwvw-96w0rRw,7625
 realign/commands/config.py,sha256=nYnu_h2pk7GODcrzrV04K51D-s7v06FlRXHJ0HJ-gvU,6732
 realign/commands/context.py,sha256=pM2KfZHVkB-ou4nBhFvKSwnYliLBzwN3zerLyBAbhfE,7095
-realign/commands/export_shares.py,sha256=Djy1aO7MoU1_ewzn6CZ43oNhSEEonV3sTkSQbHgiaKI,135806
-realign/commands/import_shares.py,sha256=ukX8huvLvEM5g0qEIoqrV1-imz1g-r0Jj2FqD-ojrIA,25297
-realign/commands/init.py,sha256=tQyOX7csS8t9Ils3FKla41pS8_0Kd7I1Y1rz58a83aU,33511
+realign/commands/export_shares.py,sha256=g2SxlPEb7FPMarjTZcoZntviZo5JdqEe-M28vggc2-s,136601
+realign/commands/import_shares.py,sha256=4_Bzf9IgSpK2oOLoYWEnF1BmpXZaB5ijvpUQPeCtIfg,25386
+realign/commands/init.py,sha256=nhP1Qjl6Xo5R1ry_iTGVu3RwMxP-pYT5Z50NdzEMKrY,32756
 realign/commands/restore.py,sha256=s2BxQZHxQw9r12NzRVsK20KlGafy5AIoSjWMo5PcnHY,11173
 realign/commands/search.py,sha256=QJrC0hln9sCDFxXbpo0nPGMHXrud18qA5QfRyD0z6fQ,25926
 realign/commands/upgrade.py,sha256=L3PLOUIN5qAQTbkfoVtSsIbbzEezA_xjjk9F1GMVfjw,12781
-realign/commands/watcher.py,sha256=fWL3kaRkqE03-NtFLaXlx93hJAQrAuNPSoYhOyQZfq8,136273
+realign/commands/watcher.py,sha256=VunN3deqE1_DLW9UcFgLj_MFX8jNkVr2Ra7aNmWG9xA,136006
 realign/commands/worker.py,sha256=K1DG1uZ--ebKwklHCyIFdN_axoLjL9Onx8Naq-DOZBs,23078
 realign/dashboard/__init__.py,sha256=QZkHTsGityH8UkF8rmvA3xW7dMXNe0swEWr443qfgCM,128
 realign/dashboard/app.py,sha256=jyW6mqmItTy253CPSqInxctkWzkrGEikdy-ikuShQ14,13299
@@ -55,7 +57,7 @@ realign/dashboard/screens/session_detail.py,sha256=gfpUIhMO00ecMlMyzpkxDdvGb9zhE
 realign/dashboard/screens/share_import.py,sha256=hl2x0yGVycsoUI76AmdZTAV-br3Q6191g5xHHrZ8hOA,6318
 realign/dashboard/styles/dashboard.tcss,sha256=ewonevBGLN-dfSsgxUk4VBCPchtxY4rx_vj1u6Ox2Fw,3454
 realign/dashboard/widgets/__init__.py,sha256=3Pf2_K9obrertgv_psfxradgkI9RXlmjoXYQH7oBKm0,583
-realign/dashboard/widgets/config_panel.py,sha256=Afezfd6nvHo0Q44IS2UZTPJsYmHbqzjx7bi5jWrCDPA,11182
+realign/dashboard/widgets/config_panel.py,sha256=JRv9Hgm5V-vqVptS7gQqnjg5MbKpt_FmdZV13D4E9A4,17894
 realign/dashboard/widgets/events_table.py,sha256=dXN_aD94YJ1fDSV2B_5m7YMvMU3bNUhGFCMIRWvvLMg,31141
 realign/dashboard/widgets/header.py,sha256=0HHCFXX7F3C6HII-WDwOJwWkJrajmKPWmdoMWyOkn9E,1587
 realign/dashboard/widgets/openable_table.py,sha256=GeJPDEYp0kRHShqvmPMzAePpYXRZHUNqcWNnxqsqxjA,1963
@@ -65,12 +67,12 @@ realign/dashboard/widgets/terminal_panel.py,sha256=uoi3LjgYWyFE6Yr208KC5iKg0QxLc
 realign/dashboard/widgets/watcher_panel.py,sha256=O_mdDacgc87xA-5KEfta53Ik_Xsk_B2OfwenMOTtGw8,19722
 realign/dashboard/widgets/worker_panel.py,sha256=F_jKWABuCNmjQgeeuCr4KnFRKdY4CLTNcEXMYwsNaSk,18691
 realign/db/__init__.py,sha256=65LsNdsq_rkwNC1eg1OAr3HC0ORXtelOh0I8MhNGr-g,3288
-realign/db/base.py,sha256=MIqu08uG8i5atjZ9uF-uc0Rx35ondxCtUPK92hMoHx4,13179
+realign/db/base.py,sha256=5baEwoGR5X2SyQXkXuyeUP2zelcuQardVouD2S-qils,13703
 realign/db/locks.py,sha256=yzCiPJZ4eOQX-Q4mXB6s76U2U7lXAzIBBy1t59w-AVU,1698
 realign/db/migrate_agents.py,sha256=cDeVUzKW950dJ0lV74QObHuONqKwErSrXI5akU2vBmQ,9633
 realign/db/migration.py,sha256=af1QFEfIh_qX0pFyXzm5gWFVbQn0sKOUNLSJHlr__FU,13405
-realign/db/schema.py,sha256=93dfMtw3LgkBMpiUlCQ0EscY9RFsuS8sEBDckH8lGws,25864
-realign/db/sqlite_db.py,sha256=sZXcvEaSu4C_MQ8pF20RUhwsPtBlNr6ANqf8suM5X8E,102660
+realign/db/schema.py,sha256=YHj5PGZWbCl0VG0epnMF_Ofg3jRiLHq6SLHCi1q34eQ,30181
+realign/db/sqlite_db.py,sha256=0tB_chSBr44_VTFLe5_hmQk5xUuNym9JZLFSAAE9DNk,104225
 realign/events/__init__.py,sha256=IM-NxF4Zk2hYFD07k4WrfNRuuiC9ihGjf4GBpJhjd2E,35
 realign/events/debouncer.py,sha256=U3Q7dYpnMsAgWsW_E_IbSC4lrdEoi6H_SFLGLOAazs4,3062
 realign/events/event_summarizer.py,sha256=ZLiwOXWN8eawep3cQs3Wh9QLSypvU1SRbe8GTJXJQaY,8272
@@ -89,8 +91,8 @@ realign/triggers/next_turn_trigger.py,sha256=BpP0PWn4mU1MZd6mv89jWcjs8Jtv0zEWapW
 realign/triggers/registry.py,sha256=cb-AVLbYB2pqwfWL3q1DQxLv4kOw7g7m-GshTdfFESc,3827
 realign/triggers/turn_status.py,sha256=wAZEhXDAmDoX5F-ohWfSnZZ0eA6DAJ9svSPiSv_f6sg,6041
 realign/triggers/turn_summary.py,sha256=f3hEUshgv9skJ9AbfWpoYs417lsv_HK2A_vpPjgryO4,4467
-aline_ai-0.5.12.dist-info/METADATA,sha256=bMuapdLKzuZXb45akvIB6w7uhc5jXl31onpetDCEAxQ,1598
-aline_ai-0.5.12.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
-aline_ai-0.5.12.dist-info/entry_points.txt,sha256=TvYELpMoWsUTcQdMV8tBHxCbEf_LbK4sESqK3r8PM6Y,78
-aline_ai-0.5.12.dist-info/top_level.txt,sha256=yIL3s2xv9nf1GwD5n71Aq_JEIV4AfzCIDNKBzewuRm4,8
-aline_ai-0.5.12.dist-info/RECORD,,
+aline_ai-0.5.13.dist-info/METADATA,sha256=yh0oIdfIbiWQHUhP8UPOdsLFxqCjsdvF3xYfAWquT9c,1598
+aline_ai-0.5.13.dist-info/WHEEL,sha256=wUyA8OaulRlbfwMtmQsvNngGrxQHAvkKcvRmdizlJi0,92
+aline_ai-0.5.13.dist-info/entry_points.txt,sha256=TvYELpMoWsUTcQdMV8tBHxCbEf_LbK4sESqK3r8PM6Y,78
+aline_ai-0.5.13.dist-info/top_level.txt,sha256=yIL3s2xv9nf1GwD5n71Aq_JEIV4AfzCIDNKBzewuRm4,8
+aline_ai-0.5.13.dist-info/RECORD,,

realign/__init__.py CHANGED Viewed

@@ -3,7 +3,7 @@
 import hashlib
 from pathlib import Path
-__version__ = "0.5.12"
+__version__ = "0.5.13"
 def get_realign_dir(project_root: Path) -> Path:

realign/auth.py ADDED Viewed

@@ -0,0 +1,539 @@
+#!/usr/bin/env python3
+"""
+Authentication module for Aline CLI.
+Handles Supabase authentication via web login flow:
+1. User runs `aline login`
+2. CLI starts a local HTTP server and opens browser to web login page
+3. User logs in on web
+4. Web redirects to local server with CLI token
+5. CLI validates token and stores credentials automatically
+Credentials are stored in ~/.aline/auth.yaml with 0600 permissions.
+"""
+import os
+import sys
+import socket
+import threading
+import webbrowser
+from dataclasses import dataclass
+from datetime import datetime, timezone
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from pathlib import Path
+from typing import Optional, Tuple
+from urllib.parse import urlparse, parse_qs
+try:
+    import httpx
+    HTTPX_AVAILABLE = True
+except ImportError:
+    HTTPX_AVAILABLE = False
+try:
+    import yaml
+    YAML_AVAILABLE = True
+except ImportError:
+    YAML_AVAILABLE = False
+from .logging_config import setup_logger
+from .config import ReAlignConfig
+logger = setup_logger("realign.auth", "auth.log")
+# Hardcoded Supabase/backend configuration
+DEFAULT_AUTH_URL = "https://realign-server.vercel.app"
+CLI_LOGIN_PATH = "/cli-login"
+CLI_VALIDATE_PATH = "/api/auth/cli/validate"
+CLI_REFRESH_PATH = "/api/auth/cli/refresh"
+# Token refresh buffer (refresh 5 minutes before expiry)
+REFRESH_BUFFER_SECONDS = 300
+@dataclass
+class AuthCredentials:
+    """Stored authentication credentials."""
+    access_token: str
+    refresh_token: str
+    expires_at: datetime
+    user_id: str
+    email: str
+    provider: str  # email, github, google
+    def is_expired(self) -> bool:
+        """Check if access token is expired or will expire soon."""
+        now = datetime.now(timezone.utc)
+        buffer = REFRESH_BUFFER_SECONDS
+        return (self.expires_at - now).total_seconds() < buffer
+    def to_dict(self) -> dict:
+        """Convert to dictionary for YAML storage."""
+        return {
+            "access_token": self.access_token,
+            "refresh_token": self.refresh_token,
+            "expires_at": self.expires_at.isoformat(),
+            "user_id": self.user_id,
+            "email": self.email,
+            "provider": self.provider,
+        }
+    @classmethod
+    def from_dict(cls, data: dict) -> "AuthCredentials":
+        """Create from dictionary (YAML load)."""
+        expires_at = data.get("expires_at", "")
+        if isinstance(expires_at, str):
+            # Parse ISO format datetime
+            expires_at = datetime.fromisoformat(expires_at.replace("Z", "+00:00"))
+        elif isinstance(expires_at, datetime):
+            if expires_at.tzinfo is None:
+                expires_at = expires_at.replace(tzinfo=timezone.utc)
+        return cls(
+            access_token=data.get("access_token", ""),
+            refresh_token=data.get("refresh_token", ""),
+            expires_at=expires_at,
+            user_id=data.get("user_id", ""),
+            email=data.get("email", ""),
+            provider=data.get("provider", ""),
+        )
+def get_auth_file_path() -> Path:
+    """Get path to auth credentials file."""
+    return Path.home() / ".aline" / "auth.yaml"
+def load_credentials() -> Optional[AuthCredentials]:
+    """
+    Load stored credentials from ~/.aline/auth.yaml.
+    Returns:
+        AuthCredentials if found and valid, None otherwise
+    """
+    if not YAML_AVAILABLE:
+        logger.warning("PyYAML not available, cannot load credentials")
+        return None
+    auth_file = get_auth_file_path()
+    if not auth_file.exists():
+        return None
+    try:
+        with open(auth_file, "r") as f:
+            data = yaml.safe_load(f)
+        if not data:
+            return None
+        return AuthCredentials.from_dict(data)
+    except Exception as e:
+        logger.error(f"Failed to load credentials: {e}")
+        return None
+def save_credentials(credentials: AuthCredentials) -> bool:
+    """
+    Save credentials to ~/.aline/auth.yaml with secure permissions.
+    Args:
+        credentials: AuthCredentials to save
+    Returns:
+        True if saved successfully, False otherwise
+    """
+    if not YAML_AVAILABLE:
+        logger.error("PyYAML not available, cannot save credentials")
+        return False
+    auth_file = get_auth_file_path()
+    try:
+        # Ensure directory exists
+        auth_file.parent.mkdir(parents=True, exist_ok=True)
+        # Write credentials
+        with open(auth_file, "w") as f:
+            yaml.dump(credentials.to_dict(), f, default_flow_style=False)
+        # Set secure permissions (owner read/write only)
+        os.chmod(auth_file, 0o600)
+        logger.info(f"Saved credentials for {credentials.email}")
+        return True
+    except Exception as e:
+        logger.error(f"Failed to save credentials: {e}")
+        return False
+def clear_credentials() -> bool:
+    """
+    Clear stored credentials (logout).
+    Returns:
+        True if cleared successfully, False otherwise
+    """
+    auth_file = get_auth_file_path()
+    try:
+        if auth_file.exists():
+            auth_file.unlink()
+            logger.info("Cleared credentials")
+        return True
+    except Exception as e:
+        logger.error(f"Failed to clear credentials: {e}")
+        return False
+def is_logged_in() -> bool:
+    """
+    Check if user is logged in with valid credentials.
+    This checks both:
+    1. Credentials exist
+    2. Either access_token is valid OR refresh_token can refresh it
+    Returns:
+        True if logged in, False otherwise
+    """
+    credentials = load_credentials()
+    if not credentials:
+        return False
+    # If access token is not expired, we're good
+    if not credentials.is_expired():
+        return True
+    # If expired, check if we can refresh
+    if credentials.refresh_token:
+        return True  # Can attempt refresh
+    return False
+def get_current_user() -> Optional[AuthCredentials]:
+    """
+    Get current user credentials, refreshing if needed.
+    Returns:
+        AuthCredentials if logged in (with refreshed token if needed), None otherwise
+    """
+    credentials = load_credentials()
+    if not credentials:
+        return None
+    # If access token is expired, try to refresh
+    if credentials.is_expired():
+        refreshed = refresh_token(credentials)
+        if refreshed:
+            return refreshed
+        else:
+            # Refresh failed, credentials invalid
+            return None
+    return credentials
+def get_access_token() -> Optional[str]:
+    """
+    Get current access token, refreshing if needed.
+    This is the main function to call before making authenticated requests.
+    Returns:
+        Access token string if logged in, None otherwise
+    """
+    credentials = get_current_user()
+    if credentials:
+        return credentials.access_token
+    return None
+def refresh_token(credentials: AuthCredentials) -> Optional[AuthCredentials]:
+    """
+    Refresh access token using refresh token.
+    Args:
+        credentials: Current credentials with refresh_token
+    Returns:
+        New AuthCredentials if refresh succeeded, None otherwise
+    """
+    if not HTTPX_AVAILABLE:
+        logger.error("httpx not available for token refresh")
+        return None
+    if not credentials.refresh_token:
+        logger.warning("No refresh token available")
+        return None
+    config = ReAlignConfig.load()
+    backend_url = config.share_backend_url or DEFAULT_AUTH_URL
+    try:
+        response = httpx.post(
+            f"{backend_url}{CLI_REFRESH_PATH}",
+            json={"refresh_token": credentials.refresh_token},
+            timeout=30.0,
+        )
+        response.raise_for_status()
+        data = response.json()
+        if not data.get("success"):
+            logger.error(f"Token refresh failed: {data.get('error')}")
+            return None
+        # Create new credentials with refreshed tokens
+        new_credentials = AuthCredentials(
+            access_token=data["access_token"],
+            refresh_token=data.get("refresh_token", credentials.refresh_token),
+            expires_at=datetime.fromisoformat(data["expires_at"].replace("Z", "+00:00")),
+            user_id=credentials.user_id,
+            email=credentials.email,
+            provider=credentials.provider,
+        )
+        # Save refreshed credentials
+        save_credentials(new_credentials)
+        logger.info("Token refreshed successfully")
+        return new_credentials
+    except Exception as e:
+        logger.error(f"Token refresh failed: {e}")
+        return None
+def validate_cli_token(cli_token: str) -> Optional[AuthCredentials]:
+    """
+    Validate a one-time CLI token and exchange for credentials.
+    Args:
+        cli_token: One-time token from web login page
+    Returns:
+        AuthCredentials if valid, None otherwise
+    """
+    if not HTTPX_AVAILABLE:
+        logger.error("httpx not available for token validation")
+        return None
+    config = ReAlignConfig.load()
+    backend_url = config.share_backend_url or DEFAULT_AUTH_URL
+    try:
+        response = httpx.post(
+            f"{backend_url}{CLI_VALIDATE_PATH}",
+            json={"cli_token": cli_token},
+            timeout=30.0,
+        )
+        response.raise_for_status()
+        data = response.json()
+        if not data.get("success"):
+            logger.error(f"Token validation failed: {data.get('error')}")
+            return None
+        # Create credentials from response
+        credentials = AuthCredentials(
+            access_token=data["access_token"],
+            refresh_token=data["refresh_token"],
+            expires_at=datetime.fromisoformat(data["expires_at"].replace("Z", "+00:00")),
+            user_id=data["user_id"],
+            email=data["email"],
+            provider=data.get("provider", "unknown"),
+        )
+        logger.info(f"Token validated for user: {credentials.email}")
+        return credentials
+    except httpx.HTTPStatusError as e:
+        if e.response.status_code == 400:
+            try:
+                error_data = e.response.json()
+                logger.error(f"Token validation failed: {error_data.get('error')}")
+            except Exception:
+                logger.error(f"Token validation failed: {e}")
+        else:
+            logger.error(f"Token validation failed: {e}")
+        return None
+    except Exception as e:
+        logger.error(f"Token validation failed: {e}")
+        return None
+def open_login_page(callback_port: Optional[int] = None) -> str:
+    """
+    Open the web login page in browser.
+    Args:
+        callback_port: If provided, include callback URL for automatic token receipt
+    Returns:
+        The URL that was opened
+    """
+    config = ReAlignConfig.load()
+    backend_url = config.share_backend_url or DEFAULT_AUTH_URL
+    if callback_port:
+        # Include callback URL for automatic flow
+        callback_url = f"http://localhost:{callback_port}/callback"
+        login_url = f"{backend_url}{CLI_LOGIN_PATH}?callback={callback_url}"
+    else:
+        login_url = f"{backend_url}{CLI_LOGIN_PATH}"
+    try:
+        webbrowser.open(login_url)
+        logger.info(f"Opened login page: {login_url}")
+    except Exception as e:
+        logger.warning(f"Failed to open browser: {e}")
+    return login_url
+# Local callback server for automatic token receipt
+_received_token: Optional[str] = None
+_server_error: Optional[str] = None
+class CallbackHandler(BaseHTTPRequestHandler):
+    """HTTP handler for receiving CLI token callback."""
+    def log_message(self, format, *args):
+        """Suppress default logging."""
+        pass
+    def do_GET(self):
+        global _received_token, _server_error
+        parsed = urlparse(self.path)
+        if parsed.path == "/callback":
+            params = parse_qs(parsed.query)
+            if "token" in params:
+                _received_token = params["token"][0]
+                self._send_success_page()
+            elif "error" in params:
+                _server_error = params.get("error", ["Unknown error"])[0]
+                self._send_error_page(_server_error)
+            else:
+                _server_error = "No token received"
+                self._send_error_page(_server_error)
+        else:
+            self.send_response(404)
+            self.end_headers()
+    def _send_success_page(self):
+        """Send success HTML page."""
+        self.send_response(200)
+        self.send_header("Content-type", "text/html")
+        self.end_headers()
+        html = """
+        <!DOCTYPE html>
+        <html>
+        <head>
+            <title>Aline CLI Login</title>
+            <style>
+                body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+                       display: flex; justify-content: center; align-items: center;
+                       min-height: 100vh; margin: 0; background: #f5f5f5; }
+                .container { text-align: center; padding: 40px; background: white;
+                            border-radius: 12px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); }
+                .success { color: #22c55e; font-size: 48px; margin-bottom: 20px; }
+                h1 { color: #333; margin-bottom: 10px; }
+                p { color: #666; }
+            </style>
+        </head>
+        <body>
+            <div class="container">
+                <div class="success">&#10003;</div>
+                <h1>Login Successful!</h1>
+                <p>You can close this window and return to the terminal.</p>
+            </div>
+        </body>
+        </html>
+        """
+        self.wfile.write(html.encode())
+    def _send_error_page(self, error: str):
+        """Send error HTML page."""
+        self.send_response(200)
+        self.send_header("Content-type", "text/html")
+        self.end_headers()
+        html = f"""
+        <!DOCTYPE html>
+        <html>
+        <head>
+            <title>Aline CLI Login - Error</title>
+            <style>
+                body {{ font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+                       display: flex; justify-content: center; align-items: center;
+                       min-height: 100vh; margin: 0; background: #f5f5f5; }}
+                .container {{ text-align: center; padding: 40px; background: white;
+                            border-radius: 12px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); }}
+                .error {{ color: #ef4444; font-size: 48px; margin-bottom: 20px; }}
+                h1 {{ color: #333; margin-bottom: 10px; }}
+                p {{ color: #666; }}
+            </style>
+        </head>
+        <body>
+            <div class="container">
+                <div class="error">&#10007;</div>
+                <h1>Login Failed</h1>
+                <p>{error}</p>
+            </div>
+        </body>
+        </html>
+        """
+        self.wfile.write(html.encode())
+def find_free_port() -> int:
+    """Find a free port for the local callback server."""
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+        s.bind(('', 0))
+        s.listen(1)
+        port = s.getsockname()[1]
+    return port
+def start_callback_server(port: int, timeout: int = 300) -> Tuple[Optional[str], Optional[str]]:
+    """
+    Start a local HTTP server to receive the CLI token callback.
+    Args:
+        port: Port to listen on
+        timeout: Maximum time to wait for callback (seconds)
+    Returns:
+        Tuple of (token, error) - one will be None
+    """
+    global _received_token, _server_error
+    _received_token = None
+    _server_error = None
+    server = HTTPServer(('localhost', port), CallbackHandler)
+    server.timeout = timeout
+    # Handle one request (the callback)
+    server.handle_request()
+    server.server_close()
+    return _received_token, _server_error
+def get_auth_headers() -> dict:
+    """
+    Get HTTP headers for authenticated requests.
+    Returns:
+        Dict with Authorization header if logged in, empty dict otherwise
+    """
+    token = get_access_token()
+    if token:
+        return {"Authorization": f"Bearer {token}"}
+    return {}

realign/cli.py CHANGED Viewed

@@ -7,7 +7,7 @@ from typing import Optional
 from rich.console import Console
 from rich.syntax import Syntax
-from .commands import init, config, watcher, worker, export_shares, search, upgrade, restore, add
+from .commands import init, config, watcher, worker, export_shares, search, upgrade, restore, add, auth
 app = typer.Typer(
     name="realign",
@@ -57,6 +57,28 @@ app.command(name="config")(config.config_command)
 app.command(name="upgrade")(upgrade.upgrade_command)
+# Auth commands
+@app.command(name="login")
+def login_cli():
+    """Login to Aline via web browser to enable share features."""
+    exit_code = auth.login_command()
+    raise typer.Exit(code=exit_code)
+@app.command(name="logout")
+def logout_cli():
+    """Logout from Aline and clear local credentials."""
+    exit_code = auth.logout_command()
+    raise typer.Exit(code=exit_code)
+@app.command(name="whoami")
+def whoami_cli():
+    """Display current login status and user information."""
+    exit_code = auth.whoami_command()
+    raise typer.Exit(code=exit_code)
 @app.command(name="search")
 def search_cli(
     query: str = typer.Argument(..., help="Search query (keywords or regex pattern)"),

aline-ai 0.5.12__py3-none-any.whl → 0.5.13__py3-none-any.whl

aline-ai 0.5.12py3-none-any.whl → 0.5.13py3-none-any.whl