claude-dev-cli 0.3.1__py3-none-any.whl → 0.5.0__py3-none-any.whl

claude_dev_cli/cli.py

@@ -1,5 +1,6 @@
 """Command-line interface for Claude Dev CLI."""
 
+import os
 import sys
 from pathlib import Path
 from typing import Optional
@@ -23,6 +24,7 @@ from claude_dev_cli.commands import (
 from claude_dev_cli.usage import UsageTracker
 from claude_dev_cli import toon_utils
 from claude_dev_cli.plugins import load_plugins
+from claude_dev_cli.history import ConversationHistory, Conversation
 
 console = Console()
 
@@ -112,11 +114,36 @@ def ask(
 
 @main.command()
 @click.option('-a', '--api', help='API config to use')
+@click.option('--continue', 'continue_conversation', is_flag=True, 
+              help='Continue the last conversation')
+@click.option('--save/--no-save', default=True, help='Save conversation history')
 @click.pass_context
-def interactive(ctx: click.Context, api: Optional[str]) -> None:
+def interactive(
+    ctx: click.Context, 
+    api: Optional[str],
+    continue_conversation: bool,
+    save: bool
+) -> None:
     """Start interactive chat mode."""
     console = ctx.obj['console']
     
+    # Setup conversation history
+    config = Config()
+    history_dir = config.config_dir / "history"
+    conv_history = ConversationHistory(history_dir)
+    
+    # Load or create conversation
+    if continue_conversation:
+        conversation = conv_history.get_latest_conversation()
+        if conversation:
+            console.print(f"[green]↶ Continuing conversation from {conversation.updated_at.strftime('%Y-%m-%d %H:%M')}[/green]")
+            console.print(f"[dim]Messages: {len(conversation.messages)}[/dim]\n")
+        else:
+            console.print("[yellow]No previous conversation found, starting new one[/yellow]\n")
+            conversation = Conversation()
+    else:
+        conversation = Conversation()
+    
     console.print(Panel.fit(
         "Claude Dev CLI - Interactive Mode\n"
         "Type 'exit' or 'quit' to end\n"
@@ -127,30 +154,179 @@ def interactive(ctx: click.Context, api: Optional[str]) -> None:
     
     try:
         client = ClaudeClient(api_config_name=api)
+        response_buffer = []
         
         while True:
             try:
                 user_input = console.input("\n[bold cyan]You:[/bold cyan] ").strip()
                 
                 if user_input.lower() in ['exit', 'quit']:
+                    if save and conversation.messages:
+                        conv_history.save_conversation(conversation)
+                        console.print(f"\n[dim]💾 Saved conversation: {conversation.conversation_id}[/dim]")
                     break
+                
+                if user_input.lower() == 'clear':
+                    conversation = Conversation()
+                    console.print("[yellow]Conversation cleared[/yellow]")
+                    continue
+                
                 if not user_input:
                     continue
                 
+                # Add user message to history
+                conversation.add_message("user", user_input)
+                
+                # Get response
                 console.print("\n[bold green]Claude:[/bold green] ", end='')
+                response_buffer = []
                 for chunk in client.call_streaming(user_input):
                     console.print(chunk, end='')
+                    response_buffer.append(chunk)
                 console.print()
                 
+                # Add assistant response to history
+                full_response = ''.join(response_buffer)
+                conversation.add_message("assistant", full_response)
+                
+                # Auto-save periodically
+                if save and len(conversation.messages) % 10 == 0:
+                    conv_history.save_conversation(conversation)
+                
             except KeyboardInterrupt:
                 console.print("\n\n[yellow]Interrupted. Type 'exit' to quit.[/yellow]")
                 continue
     
     except Exception as e:
         console.print(f"[red]Error: {e}[/red]")
+        if save and conversation.messages:
+            conv_history.save_conversation(conversation)
         sys.exit(1)
 
 
+@main.group()
+def completion() -> None:
+    """Shell completion installation."""
+    pass
+
+
+@completion.command('install')
+@click.option('--shell', type=click.Choice(['bash', 'zsh', 'fish', 'auto']), default='auto',
+              help='Shell type (auto-detects if not specified)')
+@click.pass_context
+def completion_install(ctx: click.Context, shell: str) -> None:
+    """Install shell completion for cdc command."""
+    console = ctx.obj['console']
+    
+    # Auto-detect shell if needed
+    if shell == 'auto':
+        shell_path = os.environ.get('SHELL', '')
+        if 'zsh' in shell_path:
+            shell = 'zsh'
+        elif 'bash' in shell_path:
+            shell = 'bash'
+        elif 'fish' in shell_path:
+            shell = 'fish'
+        else:
+            console.print("[red]Could not auto-detect shell[/red]")
+            console.print("Please specify: --shell bash|zsh|fish")
+            sys.exit(1)
+    
+    console.print(f"[cyan]Installing completion for {shell}...[/cyan]\n")
+    
+    if shell == 'zsh':
+        console.print("Add this to your ~/.zshrc:\n")
+        console.print("[yellow]eval \"$(_CDC_COMPLETE=zsh_source cdc)\"[/yellow]\n")
+        console.print("Then run: [cyan]source ~/.zshrc[/cyan]")
+    elif shell == 'bash':
+        console.print("Add this to your ~/.bashrc:\n")
+        console.print("[yellow]eval \"$(_CDC_COMPLETE=bash_source cdc)\"[/yellow]\n")
+        console.print("Then run: [cyan]source ~/.bashrc[/cyan]")
+    elif shell == 'fish':
+        console.print("Add this to ~/.config/fish/completions/cdc.fish:\n")
+        console.print("[yellow]_CDC_COMPLETE=fish_source cdc | source[/yellow]\n")
+        console.print("Then reload: [cyan]exec fish[/cyan]")
+    
+    console.print("\n[green]✓[/green] Instructions displayed above")
+    console.print("[dim]Completion will provide command and option suggestions[/dim]")
+
+
+@completion.command('generate')
+@click.option('--shell', type=click.Choice(['bash', 'zsh', 'fish']), required=True,
+              help='Shell type')
+@click.pass_context
+def completion_generate(ctx: click.Context, shell: str) -> None:
+    """Generate completion script for shell."""
+    import subprocess
+    import sys
+    
+    env_var = f"_CDC_COMPLETE={shell}_source"
+    result = subprocess.run(
+        [sys.executable, '-m', 'claude_dev_cli.cli'],
+        env={**os.environ, '_CDC_COMPLETE': f'{shell}_source'},
+        capture_output=True,
+        text=True
+    )
+    
+    if result.returncode == 0:
+        click.echo(result.stdout)
+    else:
+        ctx.obj['console'].print(f"[red]Error generating completion: {result.stderr}[/red]")
+        sys.exit(1)
+
+
+@main.group()
+def history() -> None:
+    """Manage conversation history."""
+    pass
+
+
+@history.command('list')
+@click.option('-n', '--limit', type=int, default=10, help='Number of conversations to show')
+@click.option('-s', '--search', help='Search conversations')
+@click.pass_context
+def history_list(ctx: click.Context, limit: int, search: Optional[str]) -> None:
+    """List conversation history."""
+    console = ctx.obj['console']
+    config = Config()
+    conv_history = ConversationHistory(config.config_dir / "history")
+    
+    conversations = conv_history.list_conversations(limit=limit, search_query=search)
+    
+    if not conversations:
+        console.print("[yellow]No conversations found[/yellow]")
+        return
+    
+    for conv in conversations:
+        summary = conv.get_summary(80)
+        console.print(f"\n[cyan]{conv.conversation_id}[/cyan]")
+        console.print(f"[dim]{conv.updated_at.strftime('%Y-%m-%d %H:%M')} | {len(conv.messages)} messages[/dim]")
+        console.print(f"  {summary}")
+
+
+@history.command('export')
+@click.argument('conversation_id')
+@click.option('--format', type=click.Choice(['markdown', 'json']), default='markdown')
+@click.option('-o', '--output', type=click.Path(), help='Output file')
+@click.pass_context
+def history_export(ctx: click.Context, conversation_id: str, format: str, output: Optional[str]) -> None:
+    """Export a conversation."""
+    console = ctx.obj['console']
+    config = Config()
+    conv_history = ConversationHistory(config.config_dir / "history")
+    
+    content = conv_history.export_conversation(conversation_id, format)
+    if not content:
+        console.print(f"[red]Conversation {conversation_id} not found[/red]")
+        sys.exit(1)
+    
+    if output:
+        Path(output).write_text(content)
+        console.print(f"[green]✓[/green] Exported to {output}")
+    else:
+        click.echo(content)
+
+
 @main.group()
 def config() -> None:
     """Manage configuration."""
@@ -182,6 +358,49 @@ def config_add(
             make_default=default
         )
         console.print(f"[green]✓[/green] Added API config: {name}")
+        
+        # Show storage method
+        storage_method = config.secure_storage.get_storage_method()
+        if storage_method == "keyring":
+            console.print("[dim]🔐 Stored securely in system keyring[/dim]")
+        else:
+            console.print("[dim]🔒 Stored in encrypted file (keyring unavailable)[/dim]")
+    except Exception as e:
+        console.print(f"[red]Error: {e}[/red]")
+        sys.exit(1)
+
+
+@config.command('migrate-keys')
+@click.pass_context
+def config_migrate_keys(ctx: click.Context) -> None:
+    """Manually migrate API keys to secure storage."""
+    console = ctx.obj['console']
+    
+    try:
+        config = Config()
+        
+        # Check if any keys need migration
+        api_configs = config._data.get("api_configs", [])
+        plaintext_keys = {c["name"]: c.get("api_key", "") 
+                         for c in api_configs 
+                         if c.get("api_key")}
+        
+        if not plaintext_keys:
+            console.print("[green]✓[/green] All keys are already in secure storage.")
+            storage_method = config.secure_storage.get_storage_method()
+            console.print(f"[dim]Using: {storage_method}[/dim]")
+            return
+        
+        console.print(f"[yellow]Found {len(plaintext_keys)} plaintext key(s)[/yellow]")
+        console.print("Migrating to secure storage...\n")
+        
+        # Trigger migration
+        config._auto_migrate_keys()
+        
+        console.print(f"[green]✓[/green] Migrated {len(plaintext_keys)} key(s) to secure storage.")
+        storage_method = config.secure_storage.get_storage_method()
+        console.print(f"[dim]Using: {storage_method}[/dim]")
+        
     except Exception as e:
         console.print(f"[red]Error: {e}[/red]")
         sys.exit(1)
@@ -201,6 +420,14 @@ def config_list(ctx: click.Context) -> None:
         console.print("Run 'cdc config add' to add one.")
         return
     
+    # Show storage method
+    storage_method = config.secure_storage.get_storage_method()
+    storage_display = {
+        "keyring": "🔐 System Keyring (Secure)",
+        "encrypted_file": "🔒 Encrypted File (Fallback)"
+    }.get(storage_method, storage_method)
+    console.print(f"\n[dim]Storage: {storage_display}[/dim]\n")
+    
     for cfg in api_configs:
         default_marker = " [bold green](default)[/bold green]" if cfg.default else ""
         console.print(f"• {cfg.name}{default_marker}")

claude_dev_cli/config.py

@@ -6,6 +6,8 @@ from pathlib import Path
 from typing import Dict, Optional, List
 from pydantic import BaseModel, Field
 
+from claude_dev_cli.secure_storage import SecureStorage
+
 
 class APIConfig(BaseModel):
     """Configuration for a Claude API key."""
@@ -39,6 +41,12 @@ class Config:
         
         self._ensure_config_dir()
         self._data: Dict = self._load_config()
+        
+        # Initialize secure storage
+        self.secure_storage = SecureStorage(self.config_dir)
+        
+        # Auto-migrate if plaintext keys exist
+        self._auto_migrate_keys()
     
     def _ensure_config_dir(self) -> None:
         """Ensure configuration directory exists."""
@@ -68,6 +76,22 @@ class Config:
         with open(self.config_file, 'w') as f:
             json.dump(data, f, indent=2)
     
+    def _auto_migrate_keys(self) -> None:
+        """Automatically migrate plaintext API keys to secure storage."""
+        api_configs = self._data.get("api_configs", [])
+        migrated = False
+        
+        for config in api_configs:
+            if "api_key" in config and config["api_key"]:
+                # Migrate this key to secure storage
+                self.secure_storage.store_key(config["name"], config["api_key"])
+                # Remove from plaintext config
+                config["api_key"] = ""  # Empty string indicates key is in secure storage
+                migrated = True
+        
+        if migrated:
+            self._save_config()
+    
     def add_api_config(
         self,
         name: str,
@@ -91,14 +115,18 @@ class Config:
             if config["name"] == name:
                 raise ValueError(f"API config with name '{name}' already exists")
         
+        # Store API key in secure storage
+        self.secure_storage.store_key(name, api_key)
+        
         # If this is the first config or make_default is True, set as default
         if make_default or not api_configs:
             for config in api_configs:
                 config["default"] = False
         
+        # Store metadata without the actual key (empty string indicates secure storage)
         api_config = APIConfig(
             name=name,
-            api_key=api_key,
+            api_key="",  # Empty string indicates key is in secure storage
             description=description,
             default=make_default or not api_configs
         )
@@ -111,21 +139,53 @@ class Config:
         """Get API configuration by name or default."""
         api_configs = self._data.get("api_configs", [])
         
+        config_data = None
         if name:
             for config in api_configs:
                 if config["name"] == name:
-                    return APIConfig(**config)
+                    config_data = config
+                    break
         else:
             # Return default
             for config in api_configs:
                 if config.get("default", False):
-                    return APIConfig(**config)
+                    config_data = config
+                    break
         
-        return None
+        if not config_data:
+            return None
+        
+        # Retrieve actual API key from secure storage
+        api_key = self.secure_storage.get_key(config_data["name"])
+        if not api_key:
+            # Fallback to plaintext if not in secure storage (shouldn't happen after migration)
+            api_key = config_data.get("api_key", "")
+        
+        # Return config with actual key
+        return APIConfig(
+            name=config_data["name"],
+            api_key=api_key,
+            description=config_data.get("description"),
+            default=config_data.get("default", False)
+        )
     
     def list_api_configs(self) -> List[APIConfig]:
         """List all API configurations."""
-        return [APIConfig(**c) for c in self._data.get("api_configs", [])]
+        configs = []
+        for c in self._data.get("api_configs", []):
+            # Retrieve actual API key from secure storage
+            api_key = self.secure_storage.get_key(c["name"])
+            if not api_key:
+                # Fallback to plaintext
+                api_key = c.get("api_key", "")
+            
+            configs.append(APIConfig(
+                name=c["name"],
+                api_key=api_key,
+                description=c.get("description"),
+                default=c.get("default", False)
+            ))
+        return configs
     
     def add_project_profile(
         self,

claude_dev_cli/history.py

@@ -0,0 +1,189 @@
+"""Conversation history management for interactive mode."""
+
+import json
+from datetime import datetime
+from pathlib import Path
+from typing import List, Optional, Dict, Any
+
+
+class Message:
+    """Represents a single message in a conversation."""
+    
+    def __init__(self, role: str, content: str, timestamp: Optional[datetime] = None):
+        self.role = role  # "user" or "assistant"
+        self.content = content
+        self.timestamp = timestamp or datetime.utcnow()
+    
+    def to_dict(self) -> Dict[str, Any]:
+        """Convert to dictionary for storage."""
+        return {
+            "role": self.role,
+            "content": self.content,
+            "timestamp": self.timestamp.isoformat()
+        }
+    
+    @classmethod
+    def from_dict(cls, data: Dict[str, Any]) -> "Message":
+        """Create from dictionary."""
+        return cls(
+            role=data["role"],
+            content=data["content"],
+            timestamp=datetime.fromisoformat(data["timestamp"])
+        )
+
+
+class Conversation:
+    """Represents a conversation with messages."""
+    
+    def __init__(
+        self,
+        conversation_id: Optional[str] = None,
+        created_at: Optional[datetime] = None,
+        updated_at: Optional[datetime] = None
+    ):
+        self.conversation_id = conversation_id or datetime.utcnow().strftime("%Y%m%d_%H%M%S")
+        self.created_at = created_at or datetime.utcnow()
+        self.updated_at = updated_at or datetime.utcnow()
+        self.messages: List[Message] = []
+    
+    def add_message(self, role: str, content: str) -> None:
+        """Add a message to the conversation."""
+        message = Message(role, content)
+        self.messages.append(message)
+        self.updated_at = datetime.utcnow()
+    
+    def get_summary(self, max_length: int = 100) -> str:
+        """Get a summary of the conversation (first user message)."""
+        for msg in self.messages:
+            if msg.role == "user":
+                summary = msg.content[:max_length]
+                if len(msg.content) > max_length:
+                    summary += "..."
+                return summary
+        return "(empty conversation)"
+    
+    def to_dict(self) -> Dict[str, Any]:
+        """Convert to dictionary for storage."""
+        return {
+            "conversation_id": self.conversation_id,
+            "created_at": self.created_at.isoformat(),
+            "updated_at": self.updated_at.isoformat(),
+            "messages": [msg.to_dict() for msg in self.messages]
+        }
+    
+    @classmethod
+    def from_dict(cls, data: Dict[str, Any]) -> "Conversation":
+        """Create from dictionary."""
+        conv = cls(
+            conversation_id=data["conversation_id"],
+            created_at=datetime.fromisoformat(data["created_at"]),
+            updated_at=datetime.fromisoformat(data["updated_at"])
+        )
+        conv.messages = [Message.from_dict(msg) for msg in data.get("messages", [])]
+        return conv
+
+
+class ConversationHistory:
+    """Manages conversation history storage and retrieval."""
+    
+    def __init__(self, history_dir: Path):
+        self.history_dir = history_dir
+        self.history_dir.mkdir(parents=True, exist_ok=True)
+    
+    def _get_conversation_file(self, conversation_id: str) -> Path:
+        """Get the file path for a conversation."""
+        return self.history_dir / f"{conversation_id}.json"
+    
+    def save_conversation(self, conversation: Conversation) -> None:
+        """Save a conversation to disk."""
+        file_path = self._get_conversation_file(conversation.conversation_id)
+        with open(file_path, 'w') as f:
+            json.dump(conversation.to_dict(), f, indent=2)
+    
+    def load_conversation(self, conversation_id: str) -> Optional[Conversation]:
+        """Load a conversation from disk."""
+        file_path = self._get_conversation_file(conversation_id)
+        if not file_path.exists():
+            return None
+        
+        try:
+            with open(file_path, 'r') as f:
+                data = json.load(f)
+            return Conversation.from_dict(data)
+        except Exception:
+            return None
+    
+    def list_conversations(
+        self,
+        limit: Optional[int] = None,
+        search_query: Optional[str] = None
+    ) -> List[Conversation]:
+        """List all conversations, optionally filtered and limited."""
+        conversations = []
+        
+        for file_path in sorted(self.history_dir.glob("*.json"), reverse=True):
+            try:
+                with open(file_path, 'r') as f:
+                    data = json.load(f)
+                conv = Conversation.from_dict(data)
+                
+                # Apply search filter if provided
+                if search_query:
+                    search_lower = search_query.lower()
+                    found = False
+                    for msg in conv.messages:
+                        if search_lower in msg.content.lower():
+                            found = True
+                            break
+                    if not found:
+                        continue
+                
+                conversations.append(conv)
+                
+                if limit and len(conversations) >= limit:
+                    break
+            except Exception:
+                continue
+        
+        return conversations
+    
+    def delete_conversation(self, conversation_id: str) -> bool:
+        """Delete a conversation."""
+        file_path = self._get_conversation_file(conversation_id)
+        if file_path.exists():
+            file_path.unlink()
+            return True
+        return False
+    
+    def get_latest_conversation(self) -> Optional[Conversation]:
+        """Get the most recent conversation."""
+        conversations = self.list_conversations(limit=1)
+        return conversations[0] if conversations else None
+    
+    def export_conversation(
+        self,
+        conversation_id: str,
+        output_format: str = "markdown"
+    ) -> Optional[str]:
+        """Export a conversation to a specific format."""
+        conv = self.load_conversation(conversation_id)
+        if not conv:
+            return None
+        
+        if output_format == "markdown":
+            lines = [f"# Conversation: {conv.conversation_id}"]
+            lines.append(f"\nCreated: {conv.created_at.strftime('%Y-%m-%d %H:%M:%S')}")
+            lines.append(f"Updated: {conv.updated_at.strftime('%Y-%m-%d %H:%M:%S')}\n")
+            
+            for msg in conv.messages:
+                role_display = "**You:**" if msg.role == "user" else "**Claude:**"
+                lines.append(f"\n## {role_display}\n")
+                lines.append(msg.content)
+                lines.append("")
+            
+            return "\n".join(lines)
+        
+        elif output_format == "json":
+            return json.dumps(conv.to_dict(), indent=2)
+        
+        return None

claude_dev_cli/plugins/diff_editor/viewer.py

@@ -1,6 +1,8 @@
 """Interactive diff viewer with multiple keybinding modes."""
 
 import difflib
+import subprocess
+import tempfile
 from pathlib import Path
 from typing import List, Optional, Tuple
 import os
@@ -271,6 +273,77 @@ class DiffViewer:
         
         self.console.print(prompt)
     
+    def _edit_hunk(self, hunk: Hunk) -> Optional[List[str]]:
+        """Open hunk in editor for inline editing.
+        
+        Returns:
+            Edited lines or None if cancelled
+        """
+        # Get editor from environment
+        editor = os.environ.get("EDITOR", os.environ.get("VISUAL", "nano"))
+        
+        # Create temp file with proposed lines
+        with tempfile.NamedTemporaryFile(mode="w", suffix=".tmp", delete=False) as f:
+            f.write("".join(hunk.proposed_lines))
+            temp_path = f.name
+        
+        try:
+            # Open in editor
+            result = subprocess.run([editor, temp_path])
+            
+            if result.returncode == 0:
+                # Read edited content
+                with open(temp_path) as f:
+                    content = f.read()
+                return content.splitlines(keepends=True)
+            else:
+                self.console.print("[yellow]Edit cancelled[/yellow]")
+                return None
+        finally:
+            # Clean up temp file
+            Path(temp_path).unlink(missing_ok=True)
+    
+    def _split_hunk(self, hunk: Hunk, hunk_idx: int) -> None:
+        """Split a hunk into smaller hunks.
+        
+        For now, splits by line - each line becomes its own hunk.
+        More advanced splitting could be added later.
+        """
+        if len(hunk.proposed_lines) <= 1 and len(hunk.original_lines) <= 1:
+            self.console.print("[yellow]Hunk is too small to split[/yellow]")
+            return
+        
+        new_hunks = []
+        
+        # Split proposed lines into individual hunks
+        if hunk.proposed_lines:
+            for i, line in enumerate(hunk.proposed_lines):
+                new_hunks.append(Hunk(
+                    original_lines=[],
+                    proposed_lines=[line],
+                    original_start=hunk.original_start,
+                    proposed_start=hunk.proposed_start + i
+                ))
+        
+        # Split original lines into deletions
+        if hunk.original_lines and not hunk.proposed_lines:
+            for i, line in enumerate(hunk.original_lines):
+                new_hunks.append(Hunk(
+                    original_lines=[line],
+                    proposed_lines=[],
+                    original_start=hunk.original_start + i,
+                    proposed_start=hunk.proposed_start
+                ))
+        
+        if new_hunks:
+            # Replace current hunk with split hunks
+            self.hunks = (
+                self.hunks[:hunk_idx] +
+                new_hunks +
+                self.hunks[hunk_idx + 1:]
+            )
+            self.console.print(f"[green]✓ Split into {len(new_hunks)} hunks[/green]")
+    
     def run(self) -> Optional[str]:
         """Run the interactive diff viewer.
         
@@ -306,10 +379,20 @@ class DiffViewer:
                 hunk.accepted = False
                 self.current_hunk_idx += 1
             elif choice in kb["edit"]:
-                self.console.print("[yellow]Edit mode not yet implemented[/yellow]")
-                self.console.input("Press Enter to continue...")
+                # Enter edit mode for this hunk
+                edited_lines = self._edit_hunk(hunk)
+                if edited_lines is not None:
+                    # Save history
+                    self.history.append((self.current_hunk_idx, hunk.accepted))
+                    # Update hunk with edited content
+                    hunk.proposed_lines = edited_lines
+                    hunk.accepted = True
+                    self.console.print("[green]✓ Hunk updated with edits[/green]")
+                    self.console.input("Press Enter to continue...")
+                    self.current_hunk_idx += 1
             elif choice in kb["split"]:
-                self.console.print("[yellow]Split mode not yet implemented[/yellow]")
+                # Split current hunk
+                self._split_hunk(hunk, self.current_hunk_idx)
                 self.console.input("Press Enter to continue...")
             elif choice in kb["next"]:
                 if self.current_hunk_idx < len(self.hunks) - 1:

claude_dev_cli/secure_storage.py

@@ -0,0 +1,219 @@
+"""Secure storage for API keys using system keyring.
+
+Supports:
+- macOS: Keychain
+- Linux: Secret Service API (GNOME Keyring, KWallet)
+- Windows: Windows Credential Locker
+
+Falls back to encrypted file storage if keyring is unavailable.
+"""
+
+import json
+import os
+from pathlib import Path
+from typing import Optional
+
+try:
+    import keyring
+    from keyring.errors import KeyringError
+    KEYRING_AVAILABLE = True
+except ImportError:
+    KEYRING_AVAILABLE = False
+
+from cryptography.fernet import Fernet
+
+
+class SecureStorage:
+    """Secure storage for API keys with cross-platform support."""
+    
+    SERVICE_NAME = "claude-dev-cli"
+    
+    def __init__(self, config_dir: Path, force_encrypted_file: bool = False):
+        """Initialize secure storage.
+        
+        Args:
+            config_dir: Directory to store encrypted fallback files
+            force_encrypted_file: Force use of encrypted file storage (for testing)
+        """
+        self.config_dir = config_dir
+        self.encrypted_file = config_dir / "keys.enc"
+        self.key_file = config_dir / ".keyfile"
+        
+        # Check if we should use keyring (disabled in test environments)
+        # Detect test environment by checking for pytest or TESTING env var
+        in_test = (
+            force_encrypted_file or
+            'pytest' in os.environ.get('_', '') or
+            os.environ.get('PYTEST_CURRENT_TEST') is not None or
+            os.environ.get('TESTING') == '1'
+        )
+        
+        if in_test:
+            # Always use encrypted file in tests to avoid Keychain prompts
+            self.use_keyring = False
+        else:
+            # Check if keyring backend is available in production
+            self.use_keyring = KEYRING_AVAILABLE and self._test_keyring()
+        
+        if not self.use_keyring:
+            # Initialize fallback encryption
+            self._ensure_encryption_key()
+    
+    def _test_keyring(self) -> bool:
+        """Test if keyring backend is working.
+        
+        Returns:
+            True if keyring is functional, False otherwise
+        """
+        try:
+            # Try to get/set a test value
+            test_key = f"{self.SERVICE_NAME}_test"
+            keyring.set_password(self.SERVICE_NAME, test_key, "test")
+            result = keyring.get_password(self.SERVICE_NAME, test_key)
+            keyring.delete_password(self.SERVICE_NAME, test_key)
+            return result == "test"
+        except (KeyringError, Exception):
+            return False
+    
+    def _ensure_encryption_key(self) -> None:
+        """Ensure encryption key exists for fallback storage."""
+        if not self.key_file.exists():
+            # Generate a new encryption key
+            key = Fernet.generate_key()
+            self.key_file.write_bytes(key)
+            # Secure the key file (Unix-like systems)
+            if hasattr(os, 'chmod'):
+                os.chmod(self.key_file, 0o600)
+    
+    def _get_cipher(self) -> Fernet:
+        """Get Fernet cipher for fallback encryption."""
+        key = self.key_file.read_bytes()
+        return Fernet(key)
+    
+    def _load_encrypted_keys(self) -> dict:
+        """Load keys from encrypted fallback file."""
+        if not self.encrypted_file.exists():
+            return {}
+        
+        try:
+            cipher = self._get_cipher()
+            encrypted_data = self.encrypted_file.read_bytes()
+            decrypted_data = cipher.decrypt(encrypted_data)
+            return json.loads(decrypted_data.decode())
+        except Exception:
+            # If decryption fails, return empty dict
+            return {}
+    
+    def _save_encrypted_keys(self, keys: dict) -> None:
+        """Save keys to encrypted fallback file."""
+        cipher = self._get_cipher()
+        data = json.dumps(keys).encode()
+        encrypted_data = cipher.encrypt(data)
+        self.encrypted_file.write_bytes(encrypted_data)
+        
+        # Secure the encrypted file
+        if hasattr(os, 'chmod'):
+            os.chmod(self.encrypted_file, 0o600)
+    
+    def store_key(self, name: str, api_key: str) -> None:
+        """Store an API key securely.
+        
+        Args:
+            name: Name/identifier for the API key
+            api_key: The API key to store
+        """
+        if self.use_keyring:
+            try:
+                keyring.set_password(self.SERVICE_NAME, name, api_key)
+                return
+            except KeyringError:
+                # Fall back to encrypted file if keyring fails
+                pass
+        
+        # Use encrypted file storage
+        keys = self._load_encrypted_keys()
+        keys[name] = api_key
+        self._save_encrypted_keys(keys)
+    
+    def get_key(self, name: str) -> Optional[str]:
+        """Retrieve an API key.
+        
+        Args:
+            name: Name/identifier for the API key
+            
+        Returns:
+            The API key or None if not found
+        """
+        if self.use_keyring:
+            try:
+                return keyring.get_password(self.SERVICE_NAME, name)
+            except KeyringError:
+                # Fall back to encrypted file
+                pass
+        
+        # Use encrypted file storage
+        keys = self._load_encrypted_keys()
+        return keys.get(name)
+    
+    def delete_key(self, name: str) -> bool:
+        """Delete an API key.
+        
+        Args:
+            name: Name/identifier for the API key
+            
+        Returns:
+            True if deleted, False if not found
+        """
+        if self.use_keyring:
+            try:
+                keyring.delete_password(self.SERVICE_NAME, name)
+                return True
+            except KeyringError:
+                # Fall back to encrypted file
+                pass
+        
+        # Use encrypted file storage
+        keys = self._load_encrypted_keys()
+        if name in keys:
+            del keys[name]
+            self._save_encrypted_keys(keys)
+            return True
+        return False
+    
+    def list_keys(self) -> list[str]:
+        """List all stored key names.
+        
+        Returns:
+            List of key names
+        """
+        if self.use_keyring:
+            # Keyring doesn't provide a list operation
+            # We need to maintain a separate index
+            # For now, fall through to encrypted file
+            pass
+        
+        keys = self._load_encrypted_keys()
+        return list(keys.keys())
+    
+    def get_storage_method(self) -> str:
+        """Get the current storage method being used.
+        
+        Returns:
+            'keyring' or 'encrypted_file'
+        """
+        return "keyring" if self.use_keyring else "encrypted_file"
+    
+    def migrate_from_plaintext(self, plaintext_keys: dict[str, str]) -> int:
+        """Migrate keys from plaintext config to secure storage.
+        
+        Args:
+            plaintext_keys: Dictionary of name -> api_key
+            
+        Returns:
+            Number of keys migrated
+        """
+        count = 0
+        for name, api_key in plaintext_keys.items():
+            self.store_key(name, api_key)
+            count += 1
+        return count

{claude_dev_cli-0.3.1.dist-info → claude_dev_cli-0.5.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: claude-dev-cli
-Version: 0.3.1
+Version: 0.5.0
 Summary: A powerful CLI tool for developers using Claude AI with multi-API routing, test generation, code review, and usage tracking
 Author-email: Julio <thinmanj@users.noreply.github.com>
 License: MIT
@@ -26,6 +26,8 @@ Requires-Dist: anthropic>=0.18.0
 Requires-Dist: click>=8.1.0
 Requires-Dist: rich>=13.0.0
 Requires-Dist: pydantic>=2.0.0
+Requires-Dist: keyring>=24.0.0
+Requires-Dist: cryptography>=41.0.0
 Provides-Extra: toon
 Requires-Dist: toon-format>=0.9.0; extra == "toon"
 Provides-Extra: plugins
@@ -46,9 +48,10 @@ A powerful command-line tool for developers using Claude AI with multi-API routi
 ## Features
 
 ### 🔑 Multi-API Key Management
+- **Secure Storage**: API keys stored in system keyring (macOS Keychain, Linux Secret Service, Windows Credential Locker)
 - Route tasks to different Claude API keys (personal, client, enterprise)
 - Automatic API selection based on project configuration
-- Environment variable support for secure key management
+- Automatic migration from plaintext to secure storage
 
 ### 🧪 Developer Tools
 - **Test Generation**: Automatic pytest test generation for Python code
@@ -98,13 +101,17 @@ pip install claude-dev-cli[toon]
 # Add your personal API key
 export PERSONAL_ANTHROPIC_API_KEY="sk-ant-..."
 cdc config add personal --default --description "My personal API key"
+# 🔐 Stored securely in system keyring
 
 # Add client's API key
 export CLIENT_ANTHROPIC_API_KEY="sk-ant-..."
 cdc config add client --description "Client's Enterprise API"
 
-# List configured APIs
+# List configured APIs (shows storage method)
 cdc config list
+
+# Manually migrate existing keys (automatic on first run)
+cdc config migrate-keys
 ```
 
 ### 2. Basic Usage
@@ -186,22 +193,37 @@ cat large_data.json | cdc toon encode | cdc ask "analyze this data"
 
 ## Configuration
 
+### Secure API Key Storage
+
+**🔐 Your API keys are stored securely and never in plain text.**
+
+- **macOS**: Keychain
+- **Linux**: Secret Service API (GNOME Keyring, KWallet)
+- **Windows**: Windows Credential Locker
+- **Fallback**: Encrypted file (if keyring unavailable)
+
+Keys are automatically migrated from plaintext on first run. You can also manually migrate:
+
+```bash
+cdc config migrate-keys
+```
+
 ### Global Configuration
 
-Configuration is stored in `~/.claude-dev-cli/config.json`:
+Configuration metadata is stored in `~/.claude-dev-cli/config.json` (API keys are NOT in this file):
 
 ```json
 {
   "api_configs": [
     {
       "name": "personal",
-      "api_key": "sk-ant-...",
+      "api_key": "",  // Empty - actual key in secure storage
       "description": "My personal API key",
       "default": true
     },
     {
       "name": "client",
-      "api_key": "sk-ant-...",
+      "api_key": "",  // Empty - actual key in secure storage
       "description": "Client's Enterprise API",
       "default": false
     }

{claude_dev_cli-0.3.1.dist-info → claude_dev_cli-0.5.0.dist-info}/RECORD

@@ -1,8 +1,10 @@
 claude_dev_cli/__init__.py,sha256=2ulyIQ3E-s6wBTKyeXAlqHMVA73zUGdaaNUsFiJ-nqs,469
-claude_dev_cli/cli.py,sha256=ekJpBU3d0k9DrE5VoJdKGNgPBsmdB4415up_Yhx_fw0,16174
+claude_dev_cli/cli.py,sha256=WBJdA1KKA0scT-gOE5Sd39HhtJr7uyc3qfn_-rYXTGc,25019
 claude_dev_cli/commands.py,sha256=RKGx2rv56PM6eErvA2uoQ20hY8babuI5jav8nCUyUOk,3964
-claude_dev_cli/config.py,sha256=-AESk_3Oxq7AoMxvnBIbgplAU9AXQGtlpihEwgtww2s,5826
+claude_dev_cli/config.py,sha256=RGX0sKplHUsrJJmU-4FuWWjoTbQVgWaMT8DgRUofrR4,8134
 claude_dev_cli/core.py,sha256=yaLjEixDvPzvUy4fJ2UB7nMpPPLyKACjR-RuM-1OQBY,4780
+claude_dev_cli/history.py,sha256=iQlqgTnXCsyCq5q-XaDl7V5MyPKQ3bx7o_k76-xWSAA,6863
+claude_dev_cli/secure_storage.py,sha256=TK3WOaU7a0yTOtzdP_t_28fDRp2lovANNAC6MBdm4nQ,7096
 claude_dev_cli/templates.py,sha256=lKxH943ySfUKgyHaWa4W3LVv91SgznKgajRtSRp_4UY,2260
 claude_dev_cli/toon_utils.py,sha256=S3px2UvmNEaltmTa5K-h21n2c0CPvYjZc9mc7kHGqNQ,2828
 claude_dev_cli/usage.py,sha256=32rs0_dUn6ihha3vCfT3rwnvel_-sED7jvLpO7gu-KQ,7446
@@ -10,10 +12,10 @@ claude_dev_cli/plugins/__init__.py,sha256=BdiZlylBzEgnwK2tuEdn8cITxhAZRVbTnDbWhd
 claude_dev_cli/plugins/base.py,sha256=H4HQet1I-a3WLCfE9F06Lp8NuFvVoIlou7sIgyJFK-c,1417
 claude_dev_cli/plugins/diff_editor/__init__.py,sha256=gqR5S2TyIVuq-sK107fegsutQ7Z-sgAIEbtc71FhXIM,101
 claude_dev_cli/plugins/diff_editor/plugin.py,sha256=M1bUoqpasD3ZNQo36Fu_8g92uySPZyG_ujMbj5UplsU,3073
-claude_dev_cli/plugins/diff_editor/viewer.py,sha256=LoS6MD48AIQM_9aeBhIuGOYJN1-D6TTxozPV-hkvnTc,13951
-claude_dev_cli-0.3.1.dist-info/licenses/LICENSE,sha256=DGueuJwMJtMwgLO5mWlS0TaeBrFwQuNpNZ22PU9J2bw,1062
-claude_dev_cli-0.3.1.dist-info/METADATA,sha256=oYmNCiM1y__QsoXnp3Cbvw3R21-SpUrepCpQ461v6eg,10447
-claude_dev_cli-0.3.1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-claude_dev_cli-0.3.1.dist-info/entry_points.txt,sha256=zymgUIIVpFTARkFmxAuW2A4BQsNITh_L0uU-XunytHg,85
-claude_dev_cli-0.3.1.dist-info/top_level.txt,sha256=m7MF6LOIuTe41IT5Fgt0lc-DK1EgM4gUU_IZwWxK0pg,15
-claude_dev_cli-0.3.1.dist-info/RECORD,,
+claude_dev_cli/plugins/diff_editor/viewer.py,sha256=1IOXIKw_01ppJx5C1dQt9Kr6U1TdAHT8_iUT5r_q0NM,17169
+claude_dev_cli-0.5.0.dist-info/licenses/LICENSE,sha256=DGueuJwMJtMwgLO5mWlS0TaeBrFwQuNpNZ22PU9J2bw,1062
+claude_dev_cli-0.5.0.dist-info/METADATA,sha256=GCboIRGV9N6gFFiwotWuCFMqMbhJZs4Gk6pyztZX984,11288
+claude_dev_cli-0.5.0.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+claude_dev_cli-0.5.0.dist-info/entry_points.txt,sha256=zymgUIIVpFTARkFmxAuW2A4BQsNITh_L0uU-XunytHg,85
+claude_dev_cli-0.5.0.dist-info/top_level.txt,sha256=m7MF6LOIuTe41IT5Fgt0lc-DK1EgM4gUU_IZwWxK0pg,15
+claude_dev_cli-0.5.0.dist-info/RECORD,,