buildai-cli 0.3.43__tar.gz → 0.3.45__tar.gz

{buildai_cli-0.3.43 → buildai_cli-0.3.45}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: buildai-cli
-Version: 0.3.43
+Version: 0.3.45
 Summary: Build AI CLI (Typer)
 Requires-Python: >=3.11
 Requires-Dist: python-dotenv>=1.0.0

{buildai_cli-0.3.43 → buildai_cli-0.3.45}/cli/auth_local.py

@@ -95,18 +95,12 @@ class ResolvedLocalAuthProfile:
                     f'export ALLOYDB_IAM_AUTH_{suffix}="true"',
                 ]
             )
-            if self.name == "engineers-dev":
-                exports.extend(
-                    [
-                        f'export ALLOYDB_USE_AUTH_PROXY_{suffix}="true"',
-                        'export ALLOYDB_AUTH_PROXY_HOST="127.0.0.1"',
-                        f'export ALLOYDB_AUTH_PROXY_PORT_{suffix}="5440"',
-                    ]
-                )
-            else:
-                exports.append(
-                    f'export ALLOYDB_RUNTIME_IMPERSONATE_SA_{suffix}="{self.target_service_account}"'
-                )
+            exports.extend(
+                [
+                    f'export ALLOYDB_RUNTIME_IMPERSONATE_SA_{suffix}="{self.target_service_account}"',
+                    f'export ALLOYDB_USE_AUTH_PROXY_{suffix}="false"',
+                ]
+            )
         elif self.name == "db-admin-local" and self.target_db_user and self.target_service_account:
             exports.extend(
                 [
@@ -200,8 +194,12 @@ def sanctioned_auth_profiles() -> tuple[LocalAuthProfile, ...]:
         LocalAuthProfile(
             name="engineers-dev",
             audience="engineers",
-            summary="Use the single engineer-facing dev service account for normal local work.",
-            purpose="Use this for the default combined local shell, local CLI reads, and normal developer workflows.",
+            summary="Use the engineer-facing read-only DB lane.",
+            purpose=(
+                "Use this for direct CLI database reads and schema inspection through the "
+                "engineer-facing service-account identity. Local API runtime parity should "
+                "use the service-runtime profiles instead."
+            ),
         ),
         LocalAuthProfile(
             name="api-runtime-like",

{buildai_cli-0.3.43 → buildai_cli-0.3.45}/cli/commands/auth.py

@@ -3,11 +3,8 @@
 from __future__ import annotations
 
 import sys
-import time
-import webbrowser
 from typing import Any
 
-import httpx
 import typer
 from rich.table import Table
 
@@ -21,7 +18,7 @@ from cli.auth_local import (
     sanctioned_auth_profiles,
 )
 from cli.config import clear_credential, resolve_api_url, save_cli_config
-from cli.console import console, data_console, error, info, status_console, success, warning
+from cli.console import data_console, error, info, status_console, success
 from cli.internal_api import get_internal_api_client
 from cli.output import Format, auto_format, format_option, render
 
@@ -37,57 +34,6 @@ def _api_base_url() -> str:
     return resolve_api_url()
 
 
-def _raise_for_status(resp: httpx.Response) -> None:
-    """Promote API login errors into user-facing Typer validation errors."""
-
-    try:
-        payload = resp.json()
-    except Exception:
-        payload = None
-
-    message = None
-    if isinstance(payload, dict):
-        if isinstance(payload.get("detail"), str):
-            message = payload["detail"]
-        elif isinstance(payload.get("error"), dict):
-            message = payload["error"].get("message")
-    if not message:
-        message = resp.text or f"HTTP {resp.status_code}"
-    raise typer.BadParameter(message)
-
-
-def _start_device_login(client: httpx.Client, client_name: str) -> dict[str, Any]:
-    """Kick off the device-flow login used by the public API credential plane."""
-
-    resp = client.post(
-        f"{_api_base_url()}/v1/auth/cli/start",
-        json={"client_name": client_name},
-    )
-    if resp.status_code >= 400:
-        _raise_for_status(resp)
-    return resp.json()
-
-
-def _poll_device_login(client: httpx.Client, device_code: str) -> dict[str, Any]:
-    """Poll the public API until the device-flow login is approved or expires."""
-
-    resp = client.get(
-        f"{_api_base_url()}/v1/auth/cli/poll",
-        params={"device_code": device_code},
-    )
-    if resp.status_code == 429:
-        retry_after = resp.headers.get("Retry-After")
-        if retry_after:
-            try:
-                time.sleep(max(float(retry_after), 0.0))
-            except ValueError:
-                pass
-        return {"status": "pending"}
-    if resp.status_code >= 400:
-        _raise_for_status(resp)
-    return resp.json()
-
-
 def _store_token(token: str, *, profile: str | None = None) -> None:
     """Persist a public API token in the normal CLI credentials location."""
 
@@ -95,69 +41,16 @@ def _store_token(token: str, *, profile: str | None = None) -> None:
     success("Saved CLI credentials to ~/.buildai/credentials.json")
 
 
-def _device_login(
-    *,
-    client_name: str = "buildai-cli",
-    open_browser: bool = True,
-    profile: str | None = None,
-) -> None:
-    """Run the browser-capable device flow used for Build AI API auth."""
-
-    with httpx.Client(timeout=15.0) as client:
-        try:
-            start = _start_device_login(client, client_name)
-        except typer.BadParameter as exc:
-            error(str(exc))
-            raise typer.Exit(1) from exc
-
-        verification_url = start["verification_url"]
-        user_code = start["user_code"]
-        expires_in = int(start["expires_in"])
-        poll_interval = max(int(start["poll_interval"]), 1)
-
-        console.print(f"  code   : [cyan]{user_code}[/cyan]")
-        console.print(f"  verify : [cyan]{verification_url}[/cyan]")
-        info("Approve this login in the browser, then the CLI will finish automatically.")
-
-        if open_browser:
-            try:
-                if webbrowser.open(verification_url):
-                    info("Opened verification URL in your browser.")
-                else:
-                    warning("Could not open your browser automatically.")
-            except Exception:
-                warning("Could not open your browser automatically.")
-
-        deadline = time.monotonic() + expires_in + poll_interval
-        while time.monotonic() < deadline:
-            try:
-                poll = _poll_device_login(client, start["device_code"])
-            except typer.BadParameter as exc:
-                error(str(exc))
-                raise typer.Exit(1) from exc
-
-            status = poll.get("status")
-            if status == "approved":
-                token = poll.get("token")
-                if not token:
-                    error("CLI login completed without a token.")
-                    raise typer.Exit(1)
-                _store_token(token, profile=profile)
-                return
-            if status == "pending":
-                time.sleep(poll_interval)
-                continue
-            if status == "expired":
-                error("CLI login expired before approval.")
-                raise typer.Exit(1)
-            if status == "consumed":
-                error("CLI login token was already consumed.")
-                raise typer.Exit(1)
-            error(f"Unexpected CLI login status: {status!r}")
-            raise typer.Exit(1)
+def _prompt_for_token() -> str:
+    """Prompt for an existing API key instead of pretending a browser flow exists."""
 
-    error("CLI login timed out before approval.")
-    raise typer.Exit(1)
+    info("Build AI CLI login stores an existing API key.")
+    status_console.print("[dim]Get one from data.build.ai -> Developer -> Create API key.[/dim]")
+    value = typer.prompt("Paste Build AI API key", hide_input=True).strip()
+    if not value:
+        error("Expected a non-empty API key.")
+        raise typer.Exit(1)
+    return value
 
 
 def _profile_rows() -> list[dict[str, Any]]:
@@ -290,33 +183,38 @@ def _emit_report(
 
 @app.command("login")
 def login(
+    api_key: str | None = typer.Option(
+        None,
+        "--api-key",
+        help="Store this API key directly instead of prompting.",
+        hidden=True,
+    ),
     token: bool = typer.Option(
         False,
         "--token",
-        help="Read a token from stdin instead of running browser-based device login.",
-    ),
-    client_name: str = typer.Option(
-        "buildai-cli",
-        "--client-name",
-        help="Client name sent to the API for device-login requests.",
-    ),
-    open_browser: bool = typer.Option(
-        True,
-        "--open-browser/--no-open-browser",
-        help="Open the verification URL in your browser during device login.",
+        help="Read an API key from stdin instead of prompting.",
     ),
     profile: str | None = typer.Option(None, "--profile", hidden=True),
 ) -> None:
-    """Log in to the public API using device flow or a piped CI token."""
+    """Store an existing Build AI API key for API-backed CLI commands."""
+
+    if api_key and token:
+        error("Choose either --api-key or --token, not both.")
+        raise typer.Exit(1)
+
+    if api_key:
+        _store_token(api_key.strip(), profile=profile)
+        return
 
     if token:
         value = sys.stdin.read().strip()
         if not value:
-            error("Expected a token on stdin.")
+            error("Expected an API key on stdin.")
             raise typer.Exit(1)
         _store_token(value, profile=profile)
         return
-    _device_login(client_name=client_name, open_browser=open_browser, profile=profile)
+
+    _store_token(_prompt_for_token(), profile=profile)
 
 
 @app.command("whoami")

{buildai_cli-0.3.43 → buildai_cli-0.3.45}/cli/main.py

@@ -224,7 +224,7 @@ Build AI CLI — auth, dev, and database utilities.
 
 Get started:
   uv tool install buildai-cli          Install the standalone CLI
-  buildai auth login                   Authenticate (opens browser)
+  buildai auth login                   Paste or pipe an API key
   buildai auth whoami                  Inspect API and local auth state
   buildai dev db info                  Print the local DB recipe for CLI and desktop tools
   buildai doctor auth                  Diagnose local auth before DB work

{buildai_cli-0.3.43 → buildai_cli-0.3.45}/cli/ops_init.py

@@ -34,15 +34,32 @@ def _parse_env(value: str) -> str:
 
 
 def _auth_env_prefix(settings_app_env: object) -> str:
-    if str(settings_app_env) == "production":
+    normalized = str(getattr(settings_app_env, "value", settings_app_env)).strip().lower()
+    if normalized == "production":
         return "PROD"
-    if str(settings_app_env) == "development":
+    if normalized == "development":
         return "DEV"
-    if str(settings_app_env) == "test":
+    if normalized == "test":
         return "DEV"
     return "PREVIEW"
 
 
+def _apply_default_db_target(*, env_prefix: str) -> None:
+    """Seed the canonical production DB target when the shell provided none.
+
+    The engineer/operator CLI should not require folklore env setup before it
+    can even attempt the sanctioned impersonation lane. Defaulting the DB
+    target here keeps `buildai db ...` aligned with the current single-database
+    reality while still letting explicit env overrides win.
+    """
+
+    os.environ.setdefault("ALLOYDB_CLUSTER", "buildai-india")
+    os.environ.setdefault("ALLOYDB_INSTANCE", "buildai-india-primary")
+    os.environ.setdefault("ALLOYDB_REGION", "asia-south1")
+    os.environ.setdefault("DB_NAME", "buildai_production")
+    os.environ.setdefault(f"ALLOYDB_IAM_AUTH_{env_prefix}", "true")
+
+
 def init_ops_context(ctx: typer.Context):
     """Heavy DB/auth/observability init — called lazily by ops-plane commands.
 
@@ -95,6 +112,7 @@ def init_ops_context(ctx: typer.Context):
     # --- resolve auth -------------------------------------------------------
     auth_info: list[str] = []
     env_prefix = _auth_env_prefix(settings.app_env)
+    _apply_default_db_target(env_prefix=env_prefix)
 
     default_user = settings.effective_db_user
     default_use_iam = settings.effective_use_iam_auth
@@ -143,6 +161,7 @@ def init_ops_context(ctx: typer.Context):
         os.environ[f"ALLOYDB_RUNTIME_IMPERSONATE_SA_{env_prefix}"] = (
             "engineers-dev-sa@data-470400.iam.gserviceaccount.com"
         )
+        os.environ[f"ALLOYDB_USE_AUTH_PROXY_{env_prefix}"] = "false"
         auth_info.append("impersonate=engineers-dev-sa")
 
     # Reload settings with overrides

{buildai_cli-0.3.43 → buildai_cli-0.3.45}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "buildai-cli"
-version = "0.3.43"
+version = "0.3.45"
 description = "Build AI CLI (Typer)"
 requires-python = ">=3.11"
 dependencies = [