applied-cli 0.1.0__tar.gz → 0.2.0__tar.gz

{applied_cli-0.1.0 → applied_cli-0.2.0}/PKG-INFO

@@ -1,11 +1,11 @@
 Metadata-Version: 2.4
 Name: applied-cli
-Version: 0.1.0
+Version: 0.2.0
 Summary: CLI and MCP server for Applied Labs AI support agents
 Author: Applied Labs
 License-Expression: MIT
-Project-URL: Homepage, https://github.com/appliedlabs/applied-cli
-Project-URL: Repository, https://github.com/appliedlabs/applied-cli
+Project-URL: Homepage, https://github.com/AppliedLabsAI/applied-cli
+Project-URL: Repository, https://github.com/AppliedLabsAI/applied-cli
 Keywords: applied-labs,ai-agents,support,mcp,claude
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
@@ -19,6 +19,10 @@ Requires-Dist: pyyaml>=6.0
 Requires-Dist: typer>=0.16.0
 Provides-Extra: mcp
 Requires-Dist: mcp>=1.2.0; extra == "mcp"
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Requires-Dist: build>=1.0; extra == "dev"
+Requires-Dist: twine>=5.0; extra == "dev"
 
 # Applied Labs CLI
 

{applied_cli-0.1.0 → applied_cli-0.2.0}/applied_cli/commands/auth.py

@@ -720,6 +720,329 @@ def use_shop(
     typer.echo("To switch again:    applied-cli auth use-shop \"<shop name or uuid>\"")
 
 
+@app.command("login-start")
+def login_start(
+    endpoint: Optional[str] = typer.Option(
+        None,
+        "--endpoint",
+        help="Endpoint alias or URL: prod, dev, local, or full host.",
+        envvar="APPLIED_ENDPOINT",
+    ),
+    output_json: bool = typer.Option(False, "--json", help="Emit JSON output."),
+    # Hidden options
+    base_url: Optional[str] = typer.Option(None, envvar="APPLIED_BASE_URL", hidden=True),
+    timeout: float = typer.Option(10.0, hidden=True),
+) -> None:
+    """Start device login flow and return approval URL (non-blocking).
+
+    This command starts the OAuth device flow and immediately returns the
+    approval URL and device code. Use `login-complete` to finish authentication
+    after the user approves in their browser.
+
+    Example:
+        applied-cli auth login-start --json
+        # User visits URL and approves
+        applied-cli auth login-complete --device-code <code> --json
+    """
+    resolved_base_url = _resolve_base_url_for_auth(
+        endpoint=endpoint,
+        base_url=base_url,
+        existing=None,
+    )
+
+    try:
+        device_start = start_cli_device_login(
+            base_url=resolved_base_url,
+            timeout_seconds=timeout,
+        )
+    except APIError as exc:
+        if exc.status_code == 404:
+            if output_json:
+                typer.echo(
+                    json.dumps(
+                        {
+                            "success": False,
+                            "error": "endpoint_not_found",
+                            "message": f"Device login endpoint not found at {resolved_base_url}.",
+                            "hint": "Specify an endpoint: --endpoint prod or --endpoint local",
+                        },
+                        indent=2,
+                    ),
+                    err=True,
+                )
+            else:
+                typer.echo(
+                    f"Device login endpoint not found at {resolved_base_url}.\n"
+                    "Try: applied-cli auth login-start --endpoint prod",
+                    err=True,
+                )
+            raise typer.Exit(code=1) from exc
+        typer.echo(render_api_error(exc, action="start device login"), err=True)
+        raise typer.Exit(code=1) from exc
+
+    approval_url = str(
+        device_start.get("verification_uri_complete")
+        or device_start.get("verification_uri")
+        or device_start.get("verification_url")
+        or ""
+    ).strip()
+    device_code = str(device_start.get("device_code") or "").strip()
+    user_code = str(device_start.get("user_code") or "").strip()
+    expires_in = int(device_start.get("expires_in") or 180)
+
+    if not device_code:
+        err_msg = "Device login start response missing device code."
+        if output_json:
+            typer.echo(
+                json.dumps({"success": False, "error": "invalid_response", "message": err_msg}),
+                err=True,
+            )
+        else:
+            typer.echo(err_msg, err=True)
+        raise typer.Exit(code=1)
+
+    result = {
+        "success": True,
+        "status": "pending_approval",
+        "approval_url": approval_url,
+        "device_code": device_code,
+        "user_code": user_code or None,
+        "expires_in": expires_in,
+        "endpoint": resolved_base_url,
+        "next_step": "Visit the approval URL, then run: applied-cli auth login-complete --device-code <device_code>",
+    }
+
+    if output_json:
+        typer.echo(json.dumps(result, indent=2))
+    else:
+        typer.echo(f"Approval URL: {approval_url}")
+        if user_code:
+            typer.echo(f"User code: {user_code}")
+        typer.echo(f"Device code: {device_code}")
+        typer.echo(f"Expires in: {expires_in} seconds")
+        typer.echo("")
+        typer.echo("After approving in browser, run:")
+        typer.echo(f"  applied-cli auth login-complete --device-code {device_code}")
+
+
+@app.command("login-complete")
+def login_complete(
+    device_code: str = typer.Option(..., "--device-code", help="Device code from login-start."),
+    endpoint: Optional[str] = typer.Option(
+        None,
+        "--endpoint",
+        help="Endpoint alias or URL (must match login-start).",
+        envvar="APPLIED_ENDPOINT",
+    ),
+    shop_id: Optional[str] = typer.Option(
+        None, "--shop-id", help="Pre-select a shop UUID.", envvar="APPLIED_SHOP_ID"
+    ),
+    output_json: bool = typer.Option(False, "--json", help="Emit JSON output."),
+    # Hidden options
+    profile: Optional[str] = typer.Option(None, "--profile", envvar="APPLIED_PROFILE", hidden=True),
+    base_url: Optional[str] = typer.Option(None, envvar="APPLIED_BASE_URL", hidden=True),
+    timeout: float = typer.Option(10.0, hidden=True),
+    max_attempts: int = typer.Option(3, hidden=True),
+    poll_interval: float = typer.Option(2.0, hidden=True),
+) -> None:
+    """Complete device login after user approves in browser.
+
+    Polls the API to check if the user has approved the login request.
+    If approved, saves credentials and selects a shop.
+
+    Example:
+        applied-cli auth login-complete --device-code abc123 --json
+    """
+    profile_name = _resolve_profile_name(profile)
+    resolved_base_url = _resolve_base_url_for_auth(
+        endpoint=endpoint,
+        base_url=base_url,
+        existing=None,
+    )
+    explicit_shop_id = shop_id or os.getenv("APPLIED_SHOP_ID")
+
+    # Poll for approval (with limited attempts for non-blocking behavior)
+    resolved_token = None
+    resolved_shop_id = explicit_shop_id or ""
+    resolved_shop_name = ""
+
+    for attempt in range(max_attempts):
+        try:
+            poll = poll_cli_device_login(
+                base_url=resolved_base_url,
+                device_code=device_code,
+                timeout_seconds=timeout,
+            )
+        except APIError as exc:
+            if output_json:
+                typer.echo(
+                    json.dumps(
+                        {"success": False, "error": "poll_failed", "message": str(exc)},
+                        indent=2,
+                    ),
+                    err=True,
+                )
+            else:
+                typer.echo(render_api_error(exc, action="poll device login"), err=True)
+            raise typer.Exit(code=1) from exc
+
+        status_value = str(poll.get("status") or "pending").strip().lower()
+
+        if status_value == "approved":
+            resolved_token = str(poll.get("api_token") or "").strip()
+            discovered_shop_id = str(poll.get("shop_id") or "").strip()
+            if discovered_shop_id and not resolved_shop_id:
+                resolved_shop_id = discovered_shop_id
+            break
+        elif status_value in {"expired", "denied"}:
+            err_result = {
+                "success": False,
+                "error": f"login_{status_value}",
+                "message": f"Device login {status_value}.",
+                "hint": "Run `applied-cli auth login-start` again to get a new approval URL.",
+            }
+            if output_json:
+                typer.echo(json.dumps(err_result, indent=2), err=True)
+            else:
+                typer.echo(f"Device login {status_value}. Start a new login flow.", err=True)
+            raise typer.Exit(code=1)
+        else:
+            # Still pending
+            if attempt < max_attempts - 1:
+                time.sleep(poll_interval)
+
+    if not resolved_token:
+        pending_result = {
+            "success": False,
+            "status": "pending",
+            "message": "Login not yet approved. User must visit the approval URL first.",
+            "hint": "Wait for user to approve in browser, then retry this command.",
+        }
+        if output_json:
+            typer.echo(json.dumps(pending_result, indent=2))
+        else:
+            typer.echo("Login not yet approved. Please approve in browser first.")
+        raise typer.Exit(code=1)
+
+    # Resolve shop name if we have an ID
+    if resolved_shop_id and not resolved_shop_name:
+        try:
+            shops_for_name = list_accessible_shops(
+                base_url=resolved_base_url,
+                api_token=resolved_token,
+                timeout_seconds=timeout,
+            )
+            name_match = next(
+                (r for r in shops_for_name if str(r.get("id")) == resolved_shop_id), None
+            )
+            if name_match:
+                resolved_shop_name = str(name_match.get("name") or "")
+        except APIError:
+            pass
+
+    # If no shop_id yet, try to auto-select (single shop) or require explicit selection
+    if not resolved_shop_id:
+        try:
+            shops = list_accessible_shops(
+                base_url=resolved_base_url,
+                api_token=resolved_token,
+                timeout_seconds=timeout,
+            )
+        except APIError:
+            shops = []
+
+        if shops:
+            if len(shops) == 1 and shops[0].get("id"):
+                resolved_shop_id = str(shops[0]["id"])
+                resolved_shop_name = str(shops[0].get("name") or "")
+            elif output_json:
+                # Multiple shops - return them for selection
+                typer.echo(
+                    json.dumps(
+                        {
+                            "success": False,
+                            "error": "shop_selection_required",
+                            "message": "Multiple shops available. Specify --shop-id.",
+                            "available_shops": shops,
+                        },
+                        indent=2,
+                    )
+                )
+                raise typer.Exit(code=1)
+            else:
+                resolved_shop_id, resolved_shop_name = _select_shop_interactively(shops)
+
+    if not resolved_shop_id:
+        err_result = {
+            "success": False,
+            "error": "missing_shop_id",
+            "message": "Could not determine shop. Pass --shop-id explicitly.",
+        }
+        if output_json:
+            typer.echo(json.dumps(err_result, indent=2), err=True)
+        else:
+            typer.echo("Could not determine shop. Pass --shop-id.", err=True)
+        raise typer.Exit(code=1)
+
+    # Validate token against shop
+    try:
+        validate_api_token(
+            base_url=resolved_base_url,
+            shop_id=resolved_shop_id,
+            api_token=resolved_token,
+            timeout_seconds=timeout,
+        )
+    except APIError as exc:
+        if output_json:
+            typer.echo(
+                json.dumps(
+                    {
+                        "success": False,
+                        "error": "validation_failed",
+                        "message": str(exc),
+                    },
+                    indent=2,
+                ),
+                err=True,
+            )
+        else:
+            typer.echo(render_api_error(exc, action="validate token"), err=True)
+        raise typer.Exit(code=1) from exc
+
+    # Save credentials
+    save_credentials(
+        Credentials(
+            base_url=resolved_base_url,
+            shop_id=resolved_shop_id,
+            api_token=resolved_token,
+        ),
+        profile=profile_name,
+        set_active=True,
+    )
+
+    shop_label = (
+        f"{resolved_shop_name} ({resolved_shop_id})" if resolved_shop_name else resolved_shop_id
+    )
+
+    if output_json:
+        result: dict = {
+            "success": True,
+            "logged_in": True,
+            "endpoint": resolved_base_url,
+            "shop_id": resolved_shop_id,
+            "token_masked": mask_token(resolved_token),
+        }
+        if resolved_shop_name:
+            result["shop_name"] = resolved_shop_name
+        typer.echo(json.dumps(result, indent=2))
+        return
+
+    typer.echo("Login successful!")
+    typer.echo(f"- shop: {shop_label}")
+    typer.echo(f"- endpoint: {resolved_base_url}")
+    typer.echo(f"- token: {mask_token(resolved_token)}")
+
+
 @app.command("logout")
 def logout(
     yes: bool = typer.Option(False, "--yes", "-y", help="Skip confirmation prompt."),

{applied_cli-0.1.0 → applied_cli-0.2.0}/applied_cli/mcp_server.py

@@ -22,11 +22,33 @@ from mcp.server.fastmcp import FastMCP
 mcp = FastMCP(
     "applied-cli",
     instructions="""
-You have access to the Applied Labs CLI for managing AI support agents.
+You have access to the Applied Labs plugin for managing AI support agents.
+
+IMPORTANT: Never tell users to run CLI commands. Always use these MCP tools directly.
+
+## Authentication Flow
+
+When a user is not logged in, YOU must handle authentication using these tools:
+
+1. Call `auth_login()` → Returns JSON with `approval_url` and `device_code`
+2. Tell user: "Please visit this URL to authorize: [approval_url]"
+3. Ask user to confirm when they've approved
+4. Call `auth_login_complete(device_code="...")` with the device_code from step 1
+5. Verify with `auth_status()`
+
+Example response when not logged in:
+"You need to authenticate. Please visit this URL to authorize:
+https://appliedlabs.ai/cli/authorize?code=XXXX
+
+Let me know when you've approved, and I'll complete the login."
+
+DO NOT tell users to run `applied-cli auth login` or any other CLI command.
 
 ## Quick Reference
 
 ### Setup & Auth
+- `auth_login` - Start login flow (returns approval URL for user)
+- `auth_login_complete` - Complete login after user approves
 - `auth_status` - Check authentication and current shop
 - `auth_shops` / `auth_switch_shop` - List and switch shops
 - `shop_setup` - Full shop bootstrap from YAML spec
@@ -106,6 +128,46 @@ def _run_cli(args: list[str], timeout: int = 120) -> dict[str, Any]:
 # =============================================================================
 
 
+@mcp.tool()
+async def auth_login(endpoint: str = "prod") -> str:
+    """
+    Start the login flow by initiating device authentication.
+
+    Returns an approval URL that the user must visit in their browser to authorize.
+    After the user approves, call `auth_login_complete` with the device_code to finish.
+
+    Args:
+        endpoint: API endpoint - 'prod', 'dev', 'local', or full URL (default: prod)
+
+    Returns:
+        JSON with approval_url, device_code, and user_code for the user to complete login.
+    """
+    result = _run_cli(["auth", "login-start", "--endpoint", endpoint, "--json"])
+    return json.dumps(result, indent=2)
+
+
+@mcp.tool()
+async def auth_login_complete(device_code: str, endpoint: str = "prod", shop_id: str = None) -> str:
+    """
+    Complete the login flow after user has approved in browser.
+
+    Call this after the user has visited the approval URL from `auth_login`.
+
+    Args:
+        device_code: The device_code returned by auth_login
+        endpoint: API endpoint - must match the one used in auth_login
+        shop_id: Optional shop UUID to select (required if user has multiple shops)
+
+    Returns:
+        JSON with login result - success with credentials or pending/error status.
+    """
+    args = ["auth", "login-complete", "--device-code", device_code, "--endpoint", endpoint, "--json"]
+    if shop_id:
+        args.extend(["--shop-id", shop_id])
+    result = _run_cli(args, timeout=30)
+    return json.dumps(result, indent=2)
+
+
 @mcp.tool()
 async def auth_status() -> str:
     """Check authentication status and current shop."""

{applied_cli-0.1.0 → applied_cli-0.2.0}/applied_cli.egg-info/PKG-INFO

@@ -1,11 +1,11 @@
 Metadata-Version: 2.4
 Name: applied-cli
-Version: 0.1.0
+Version: 0.2.0
 Summary: CLI and MCP server for Applied Labs AI support agents
 Author: Applied Labs
 License-Expression: MIT
-Project-URL: Homepage, https://github.com/appliedlabs/applied-cli
-Project-URL: Repository, https://github.com/appliedlabs/applied-cli
+Project-URL: Homepage, https://github.com/AppliedLabsAI/applied-cli
+Project-URL: Repository, https://github.com/AppliedLabsAI/applied-cli
 Keywords: applied-labs,ai-agents,support,mcp,claude
 Classifier: Development Status :: 4 - Beta
 Classifier: Intended Audience :: Developers
@@ -19,6 +19,10 @@ Requires-Dist: pyyaml>=6.0
 Requires-Dist: typer>=0.16.0
 Provides-Extra: mcp
 Requires-Dist: mcp>=1.2.0; extra == "mcp"
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Requires-Dist: build>=1.0; extra == "dev"
+Requires-Dist: twine>=5.0; extra == "dev"
 
 # Applied Labs CLI
 

{applied_cli-0.1.0 → applied_cli-0.2.0}/applied_cli.egg-info/requires.txt

@@ -3,5 +3,10 @@ keyring>=25.6.0
 pyyaml>=6.0
 typer>=0.16.0
 
+[dev]
+pytest>=8.0
+build>=1.0
+twine>=5.0
+
 [mcp]
 mcp>=1.2.0

{applied_cli-0.1.0 → applied_cli-0.2.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "applied-cli"
-version = "0.1.0"
+version = "0.2.0"
 description = "CLI and MCP server for Applied Labs AI support agents"
 readme = "README.md"
 requires-python = ">=3.11"
@@ -26,14 +26,19 @@ dependencies = [
 mcp = [
   "mcp>=1.2.0",
 ]
+dev = [
+  "pytest>=8.0",
+  "build>=1.0",
+  "twine>=5.0",
+]
 
 [project.scripts]
 applied-cli = "applied_cli.main:app"
 applied-cli-mcp = "applied_cli.mcp_server:main"
 
 [project.urls]
-Homepage = "https://github.com/appliedlabs/applied-cli"
-Repository = "https://github.com/appliedlabs/applied-cli"
+Homepage = "https://github.com/AppliedLabsAI/applied-cli"
+Repository = "https://github.com/AppliedLabsAI/applied-cli"
 
 [tool.setuptools.packages.find]
 include = ["applied_cli", "applied_cli.*"]