cmem-cmemc 25.6.0__py3-none-any.whl → 26.1.0rc1__py3-none-any.whl

cmem_cmemc/cli.py

@@ -7,6 +7,8 @@ from importlib.resources import open_text
 from os import environ as env
 
 import click
+from cmem_client.exceptions import BaseError as ClientBaseError
+from eccenca_marketplace_client.exceptions import BaseError as MarketplaceClientBaseError
 
 from cmem_cmemc import completion
 from cmem_cmemc.command_group import CmemcGroup
@@ -16,6 +18,7 @@ from cmem_cmemc.commands import (
     dataset,
     graph,
     manual,
+    package,
     project,
     query,
     vocabulary,
@@ -106,7 +109,7 @@ def cli(  # noqa: PLR0913
 
                         https://eccenca.com/go/cmemc
 
-    cmemc is © 2025 eccenca GmbH, licensed under the Apache License 2.0.
+    cmemc is © 2026 eccenca GmbH, licensed under the Apache License 2.0.
     """
     _ = connection, debug, quiet, config_file, external_http_timeout
     if " ".join(sys.argv).find("config edit") != -1:
@@ -120,6 +123,7 @@ cli.add_command(admin.admin)
 cli.add_command(config.config)
 cli.add_command(dataset.dataset)
 cli.add_command(graph.graph)
+cli.add_command(package.package_group)
 cli.add_command(project.project)
 cli.add_command(query.query)
 cli.add_command(vocabulary.vocabulary)
@@ -130,9 +134,10 @@ cli.add_command(manual.manual_command)
 def main() -> None:
     """Start the command line interface."""
     try:
-        cli()  # pylint: disable=no-value-for-parameter
-    except CmemcError as error:
-        app: ApplicationContext = error.app
-        app.echo_debug(traceback.format_exc())
-        app.echo_error(extract_error_message(error))
+        cli()
+    except (CmemcError, ClientBaseError, MarketplaceClientBaseError) as error:
+        if "--debug" in sys.argv or "-d" in sys.argv:
+            ApplicationContext.echo_debug_string(traceback.format_exc())
+        message = extract_error_message(error).removeprefix("CmemcError: ")
+        ApplicationContext.echo_error(message)
         sys.exit(1)

cmem_cmemc/command.py

@@ -53,4 +53,4 @@ class CmemcCommand(HelpColorsCommand):
             NotImplementedError,
             KeyError,
         ) as e:
-            raise CmemcError(ctx.obj, extract_error_message(e, True)) from e
+            raise CmemcError(extract_error_message(e, True)) from e

cmem_cmemc/command_group.py

@@ -1,5 +1,10 @@
 """cmemc Click Command Group"""
 
+import shutil
+
+from click import Command, Context
+from click.core import _complete_visible_commands
+from click.shell_completion import CompletionItem
 from click_didyoumean import DYMGroup
 from click_help_colors import HelpColorsGroup
 
@@ -49,6 +54,7 @@ class CmemcGroup(HelpColorsGroup, DYMGroup):
                 "migrate": self.color_for_writing_commands,
                 "migrations": self.color_for_command_groups,
                 "password": self.color_for_writing_commands,
+                "package": self.color_for_command_groups,
                 "project": self.color_for_command_groups,
                 "python": self.color_for_command_groups,
                 "query": self.color_for_command_groups,
@@ -71,3 +77,24 @@ class CmemcGroup(HelpColorsGroup, DYMGroup):
             },
         )
         super().__init__(*args, **kwargs)
+
+    def shell_complete(self, ctx: Context, incomplete: str) -> list[CompletionItem]:
+        """Override shell completion to use full terminal width for help text.
+
+        This method extends the default Click Group shell completion by using
+        the full terminal width for command descriptions instead of the default
+        45-character limit.
+        """
+        # Get terminal width, default to a large number if not available
+        terminal_width = shutil.get_terminal_size(fallback=(200, 24)).columns
+
+        # Get completions for subcommands with full-width help text
+        results = [
+            CompletionItem(name, help=command.get_short_help_str(limit=terminal_width))
+            for name, command in _complete_visible_commands(ctx, incomplete)
+        ]
+
+        # Call Command.shell_complete (not Group.shell_complete) to get options, etc.
+        # This avoids duplicate subcommand completions from the parent Group class
+        results.extend(Command.shell_complete(self, ctx, incomplete))
+        return results

cmem_cmemc/commands/acl.py

@@ -1,8 +1,11 @@
 """access control"""
 
+import json
+import os
+
 import click
 import requests.exceptions
-from click import Option
+from click import Context, Option
 from cmem.cmempy.dp.authorization.conditions import (
     create_access_condition,
     delete_access_condition,
@@ -12,12 +15,21 @@ from cmem.cmempy.dp.authorization.conditions import (
     update_access_condition,
 )
 from cmem.cmempy.keycloak.user import get_user_by_username, user_groups
+from jinja2 import Template
 
 from cmem_cmemc import completion
 from cmem_cmemc.command import CmemcCommand
 from cmem_cmemc.command_group import CmemcGroup
 from cmem_cmemc.constants import NS_ACL, NS_ACTION, NS_GROUP, NS_USER
-from cmem_cmemc.context import ApplicationContext
+from cmem_cmemc.context import ApplicationContext, build_caption
+from cmem_cmemc.object_list import (
+    DirectListPropertyFilter,
+    DirectMultiValuePropertyFilter,
+    DirectValuePropertyFilter,
+    ObjectList,
+)
+from cmem_cmemc.parameter_types.path import ClickSmartPath
+from cmem_cmemc.smart_path import SmartPath as Path
 from cmem_cmemc.utils import (
     convert_iri_to_qname,
     convert_qname_to_iri,
@@ -117,6 +129,96 @@ def generate_acl_name(user: str | None, groups: list[str], query: str | None) ->
     return "Condition for ALL users"
 
 
+def get_acls(ctx: Context) -> list[dict]:  # noqa: ARG001
+    """Get access conditions for object list"""
+    return fetch_all_acls()  # type: ignore[no-any-return]
+
+
+acl_list = ObjectList(
+    name="access conditions",
+    get_objects=get_acls,
+    filters=[
+        DirectMultiValuePropertyFilter(
+            name="ids",
+            description="Access conditions with a specific ID.",
+            property_key="iri",
+        ),
+        DirectValuePropertyFilter(
+            name="name",
+            description="List only access conditions with a specific name.",
+            property_key="name",
+        ),
+        DirectValuePropertyFilter(
+            name="user",
+            description="List only access conditions that require a specific user account.",
+            property_key="requiresAccount",
+        ),
+        DirectListPropertyFilter(
+            name="group",
+            description="List only access conditions that require membership in a specific group.",
+            property_key="requiresGroup",
+        ),
+        DirectListPropertyFilter(
+            name="read-graph",
+            description="List only access conditions that grant read access to a specific graph.",
+            property_key="readableGraphs",
+        ),
+        DirectListPropertyFilter(
+            name="write-graph",
+            description="List only access conditions that grant write access to a specific graph.",
+            property_key="writableGraphs",
+        ),
+    ],
+)
+
+
+def _validate_acl_ids(access_condition_ids: tuple[str, ...]) -> None:
+    """Validate that all provided access condition IDs exist."""
+    if not access_condition_ids:
+        return
+    all_acls = fetch_all_acls()
+    all_iris = {acl["iri"] for acl in all_acls}
+    for acl_id in access_condition_ids:
+        iri = convert_qname_to_iri(qname=acl_id, default_ns=NS_ACL)
+        if iri not in all_iris:
+            raise click.ClickException(
+                f"Access condition {acl_id} not available. Use the 'admin acl list' "
+                "command to get a list of existing access conditions."
+            )
+
+
+def _get_acls_to_delete(
+    ctx: Context,
+    access_condition_ids: tuple[str, ...],
+    all_: bool,
+    filter_: tuple[tuple[str, str], ...],
+) -> list[dict]:
+    """Get the list of access conditions to delete based on selection method."""
+    if all_:
+        # Get all access conditions
+        return fetch_all_acls()  # type: ignore[no-any-return]
+
+    # Validate provided IDs exist before proceeding
+    _validate_acl_ids(access_condition_ids)
+
+    # Build filter list
+    filter_to_apply = list(filter_) if filter_ else []
+
+    # Add IDs if provided (using internal multi-value filter)
+    if access_condition_ids:
+        iris = [convert_qname_to_iri(qname=_, default_ns=NS_ACL) for _ in access_condition_ids]
+        filter_to_apply.append(("ids", ",".join(iris)))
+
+    # Apply filters
+    acls = acl_list.apply_filters(ctx=ctx, filter_=filter_to_apply)
+
+    # Validation: ensure we found access conditions
+    if not acls and not access_condition_ids:
+        raise click.ClickException("No access conditions found matching the provided filters.")
+
+    return acls
+
+
 @click.command(cls=CmemcCommand, name="list")
 @click.option("--raw", is_flag=True, help="Outputs raw JSON.")
 @click.option(
@@ -124,20 +226,29 @@ def generate_acl_name(user: str | None, groups: list[str], query: str | None) ->
     is_flag=True,
     help="Lists only URIs. This is useful for piping the IDs into other commands.",
 )
-@click.pass_obj
-def list_command(app: ApplicationContext, raw: bool, id_only: bool) -> None:
+@click.option(
+    "--filter",
+    "filter_",
+    type=(str, str),
+    multiple=True,
+    help=acl_list.get_filter_help_text(),
+    shell_complete=acl_list.complete_values,
+)
+@click.pass_context
+def list_command(ctx: Context, raw: bool, id_only: bool, filter_: tuple[tuple[str, str]]) -> None:
     """List access conditions.
 
     This command retrieves and lists all access conditions, which are manageable
     by the current account.
     """
-    acls = fetch_all_acls()
+    app: ApplicationContext = ctx.obj
+    acls = acl_list.apply_filters(ctx=ctx, filter_=filter_)
     if raw:
         app.echo_info_json(acls)
         return
     if id_only:
-        for graph in acls:
-            app.echo_info(convert_iri_to_qname(iri=graph.get("iri"), default_ns=NS_ACL))
+        for _ in acls:
+            app.echo_info(convert_iri_to_qname(iri=_.get("iri"), default_ns=NS_ACL))
         return
     table = [
         (convert_iri_to_qname(iri=_.get("iri"), default_ns=NS_ACL), _.get("name", "-"))
@@ -147,6 +258,7 @@ def list_command(app: ApplicationContext, raw: bool, id_only: bool) -> None:
         table,
         headers=["URI", "Name"],
         sort_column=0,
+        caption=build_caption(len(table), "access condition"),
         empty_table_message="No access conditions found. "
         "Use the `admin acl create` command to create a new access condition.",
     )
@@ -261,7 +373,6 @@ def inspect_command(app: ApplicationContext, access_condition_id: str, raw: bool
 )
 @click.option("--replace", is_flag=True, help=HELP_TEXTS["replace"])
 @click.pass_obj
-# pylint: disable-msg=too-many-arguments
 def create_command(  # noqa: PLR0913
     app: ApplicationContext,
     name: str,
@@ -440,7 +551,6 @@ def create_command(  # noqa: PLR0913
     help=HELP_TEXTS["query"],
 )
 @click.pass_obj
-# pylint: disable-msg=too-many-arguments
 def update_command(  # noqa: PLR0913
     app: ApplicationContext,
     access_condition_id: str,
@@ -489,6 +599,14 @@ def update_command(  # noqa: PLR0913
 
 
 @click.command(cls=CmemcCommand, name="delete")
+@click.option(
+    "--filter",
+    "filter_",
+    type=(str, str),
+    help=acl_list.get_filter_help_text(),
+    shell_complete=acl_list.complete_values,
+    multiple=True,
+)
 @click.option(
     "-a",
     "--all",
@@ -502,27 +620,275 @@ def update_command(  # noqa: PLR0913
     type=click.STRING,
     shell_complete=completion.acl_ids,
 )
-@click.pass_obj
-def delete_command(app: ApplicationContext, all_: bool, access_condition_ids: list[str]) -> None:
+@click.pass_context
+def delete_command(
+    ctx: Context, access_condition_ids: tuple[str], filter_: tuple[tuple[str, str]], all_: bool
+) -> None:
     """Delete access conditions.
 
     This command deletes existing access conditions from the account.
 
-    Note: Access conditions can be listed by using the `cmemc admin acs list` command.
+    Warning: Access conditions will be deleted without prompting.
+
+    Note: Access conditions can be listed by using the `admin acl list` command.
+    """
+    app: ApplicationContext = ctx.obj
+
+    # Validation: require at least one selection method
+    if not access_condition_ids and not filter_ and not all_:
+        raise click.UsageError(
+            "Either provide at least one access condition ID, a filter, or use the --all flag."
+        )
+
+    if access_condition_ids and (all_ or filter_):
+        raise click.UsageError(
+            "Either specify access condition IDs OR use a --filter or the --all option."
+        )
+
+    # Get access conditions to delete based on selection method
+    acls_to_delete = _get_acls_to_delete(ctx, access_condition_ids, all_, filter_)
+
+    # Avoid double removal as well as sort IRIs
+    iris_to_delete = sorted({acl["iri"] for acl in acls_to_delete}, key=lambda v: v.lower())
+    count = len(iris_to_delete)
+
+    # Delete each access condition
+    for current, iri in enumerate(iris_to_delete, start=1):
+        current_string = str(current).zfill(len(str(count)))
+        app.echo_info(f"Delete access condition {current_string}/{count}: {iri} ... ", nl=False)
+        delete_access_condition(iri=iri)
+        app.echo_success("deleted")
+
+
+@click.command(cls=CmemcCommand, name="export")
+@click.option(
+    "-a",
+    "--all",
+    "all_",
+    is_flag=True,
+    help="Export all access conditions.",
+)
+@click.option(
+    "--filter",
+    "filter_",
+    type=(str, str),
+    help=acl_list.get_filter_help_text(),
+    shell_complete=acl_list.complete_values,
+    multiple=True,
+)
+@click.option(
+    "--output-file",
+    type=ClickSmartPath(writable=True, allow_dash=True, dir_okay=False),
+    help="Export to this file. Use '-' for stdout. "
+    "If specified, overrides --output-dir and --filename-template.",
+)
+@click.option(
+    "--output-dir",
+    default=".",
+    show_default=True,
+    type=ClickSmartPath(writable=True, file_okay=False),
+    help="The base directory, where the ACL files will be created. "
+    "If this directory does not exist, it will be silently created. "
+    "Ignored if --output-file is specified.",
+)
+@click.option(
+    "--filename-template",
+    "-t",
+    "template",
+    default="{{date}}-{{connection}}.acls.json",
+    show_default=True,
+    type=click.STRING,
+    help="Template for the export file name(s). Possible placeholders are (Jinja2): "
+    "{{connection}} (from the --connection option) and "
+    "{{date}} (the current date as YYYY-MM-DD). "
+    "Needed directories will be created. "
+    "Ignored if --output-file is specified.",
+)
+@click.option(
+    "--replace",
+    is_flag=True,
+    help="Replace existing files. This is a dangerous option, so use it with care.",
+)
+@click.argument(
+    "access_condition_ids",
+    nargs=-1,
+    type=click.STRING,
+    shell_complete=completion.acl_ids,
+)
+@click.pass_context
+def export_command(  # noqa: PLR0913
+    ctx: Context,
+    all_: bool,
+    filter_: tuple[tuple[str, str]],
+    output_file: str | None,
+    output_dir: str,
+    template: str,
+    replace: bool,
+    access_condition_ids: tuple[str],
+) -> None:
+    """Export access conditions to a JSON file.
+
+    Access conditions can be exported based on IDs, filters, or all at once.
+    The exported JSON can be imported back using the `acl import` command.
+
+    By default, uses template-based file naming with the current date and connection name.
+    You can override this by specifying an explicit output file path with --output-file.
+
+    Example: cmemc admin acl export --all
+
+    Example: cmemc admin acl export --all --output-file acls.json
+
+    Example: cmemc admin acl export --filter group local-users
+
+    Example: cmemc admin acl export :my-acl-iri
     """
-    if access_condition_ids == () and not all_:
+    app: ApplicationContext = ctx.obj
+
+    if not access_condition_ids and not filter_ and not all_:
         raise click.UsageError(
-            "Either specify at least one access condition ID,"
-            " or use the --all option to delete all access conditions."
+            "Either provide at least one access condition ID, a filter, or use the --all flag."
         )
+
     if all_:
-        access_condition_ids = [_["iri"] for _ in fetch_all_acls()]
+        acls_to_export = fetch_all_acls()
+    else:
+        # Apply user-provided filters first
+        filter_to_apply = list(filter_) if filter_ else []
+
+        # If IDs provided, add internal list-of-ids filter (with OR logic)
+        if access_condition_ids:
+            iris = [convert_qname_to_iri(qname=_, default_ns=NS_ACL) for _ in access_condition_ids]
+            filter_to_apply.append(("ids", ",".join(iris)))
+
+        acls_to_export = acl_list.apply_filters(ctx=ctx, filter_=filter_to_apply)
+
+    if not acls_to_export:
+        raise click.ClickException("No access conditions found to export.")
+
+    count = len(acls_to_export)
+    output = json.dumps(acls_to_export, indent=2)
 
-    count = len(access_condition_ids)
-    for index, _ in enumerate(access_condition_ids, 1):
-        app.echo_info(f"Delete access condition {index}/{count}: {_} ... ", nl=False)
-        delete_access_condition(iri=convert_qname_to_iri(qname=_, default_ns=NS_ACL))
+    # Handle stdout special case early
+    if output_file == "-":
+        click.echo(output)
+        return
+
+    # Determine output path based on mode
+    if output_file:
+        # Mode 1: Explicit output file (overrides template parameters)
+        export_path = output_file
+    else:
+        # Mode 2: Template-based output (default)
+        template_data = app.get_template_data()
+        local_name = Template(template).render(template_data)
+        export_path = os.path.normpath(str(Path(output_dir) / local_name))
+        # Create parent directory if needed (only in template mode)
+        Path(export_path).parent.mkdir(exist_ok=True, parents=True)
+
+    # Write to file
+    app.echo_info(f"Exporting {count} access condition(s) to {export_path} ... ", nl=False)
+    if Path(export_path).exists() and replace is not True:
+        app.echo_error("file exists")
+        return
+
+    with click.open_file(export_path, "w") as f:
+        f.write(output)
+    app.echo_success("done")
+
+
+@click.command(cls=CmemcCommand, name="import")
+@click.option(
+    "--replace",
+    is_flag=True,
+    help="Replace existing access conditions with the same IRI. "
+    "By default, import will fail if an access condition already exists.",
+)
+@click.argument(
+    "input_file",
+    required=True,
+    type=ClickSmartPath(readable=True, allow_dash=False, dir_okay=False),
+    shell_complete=completion.acl_files,
+)
+@click.pass_context
+def import_command(ctx: Context, replace: bool, input_file: str) -> None:
+    """Import access conditions from a JSON file.
+
+    This command imports access conditions from a JSON file that was created
+    using the `acl export` command.
+
+    If --replace is specified, existing access conditions with matching IRIs
+    will be deleted before importing. Otherwise, the import will skip if an
+    access condition with the same IRI already exists.
+
+    Example: cmemc admin acl import acls.json
+
+    Example: cmemc admin acl import --replace acls.json
+    """
+    app: ApplicationContext = ctx.obj
+
+    # Read and parse JSON file
+    try:
+        with click.open_file(input_file, "r") as f:
+            acls_to_import = json.load(f)
+    except json.JSONDecodeError as e:
+        raise click.ClickException(f"Invalid JSON file: {e}") from e
+
+    if not isinstance(acls_to_import, list):
+        raise click.ClickException("JSON file must contain a list of access conditions.")
+
+    if not acls_to_import:
+        app.echo_warning("No access conditions found in file.")
+        return
+
+    existing_acls = {acl["iri"]: acl for acl in fetch_all_acls()}
+    count = len(acls_to_import)
+    imported = 0
+    skipped = 0
+
+    for current, acl_data in enumerate(acls_to_import, start=1):
+        iri = acl_data.get("iri")
+        name = acl_data.get("name", "Unnamed")
+
+        if not iri:
+            app.echo_warning(f"Skipping ACL {current}/{count}: missing IRI")
+            skipped += 1
+            continue
+
+        # Extract ID from IRI
+        acl_id = iri.split("/")[-1]
+
+        app.echo_info(f"Import ACL {current}/{count}: {name} ({acl_id}) ... ", nl=False)
+
+        # Check if already exists
+        if iri in existing_acls:
+            if replace:
+                app.echo_info("replacing ... ", nl=False)
+                delete_access_condition(iri=iri)
+            else:
+                app.echo_warning("skipped (already exists)")
+                skipped += 1
+                continue
+
+        # Create the access condition
+        create_access_condition(
+            name=acl_data.get("name", "Imported ACL"),
+            static_id=acl_id,
+            description=acl_data.get("comment", "Created with cmemc"),
+            user=acl_data.get("requiresAccount"),
+            groups=acl_data.get("requiresGroup", []),
+            read_graphs=acl_data.get("readableGraphs", []),
+            write_graphs=acl_data.get("writableGraphs", []),
+            actions=acl_data.get("allowedActions", []),
+            read_graph_patterns=acl_data.get("grantReadPatterns", []),
+            write_graph_patterns=acl_data.get("grantWritePatterns", []),
+            action_patterns=acl_data.get("grantAllowedActions", []),
+            query=None,  # Queries not supported in import
+        )
         app.echo_success("done")
+        imported += 1
+
+    # Summary
+    app.echo_info(f"Import complete: {imported} imported, {skipped} skipped")
 
 
 @click.command(name="review")
@@ -590,4 +956,6 @@ acl.add_command(inspect_command)
 acl.add_command(create_command)
 acl.add_command(update_command)
 acl.add_command(delete_command)
+acl.add_command(export_command)
+acl.add_command(import_command)
 acl.add_command(review_command)

cmem_cmemc/commands/admin.py

@@ -4,12 +4,11 @@ from datetime import datetime, timezone
 
 import click
 import jwt
-import timeago
-from click import ClickException
 from cmem.cmempy.api import get_access_token, get_token
 from cmem.cmempy.config import get_cmem_base_uri
 from cmem.cmempy.health import get_complete_status_info
 from dateutil.relativedelta import relativedelta
+from humanize import naturaltime
 
 from cmem_cmemc import completion
 from cmem_cmemc.command import CmemcCommand
@@ -22,6 +21,7 @@ from cmem_cmemc.commands.store import store
 from cmem_cmemc.commands.user import user
 from cmem_cmemc.commands.workspace import workspace
 from cmem_cmemc.context import ApplicationContext
+from cmem_cmemc.exceptions import CmemcError
 from cmem_cmemc.utils import struct_to_table
 
 WARNING_MIGRATION = (
@@ -45,7 +45,7 @@ def _check_cmem_license(app: ApplicationContext, data: dict, exit_1: str) -> Non
         cmem_license_end = license_["validDate"]
         output = f"Your Corporate Memory license expired on {cmem_license_end}."
         if exit_1 in ("error", "always"):
-            raise ClickException(output)
+            raise CmemcError(output)
         app.echo_error(output)
 
 
@@ -61,7 +61,7 @@ def _check_graphdb_license(app: ApplicationContext, data: dict, months: int, exi
         graphdb_license_end = data["explore"]["info"]["store"]["licenseExpiration"]
         output = f"Your GraphDB license expires on {graphdb_license_end}."
         if exit_1 == "always":
-            raise ClickException(output)
+            raise CmemcError(output)
         app.echo_warning(output)
 
 
@@ -125,7 +125,7 @@ def status_command(  # noqa: C901, PLR0912
         app.echo_debug(_["explore"]["error"])
 
     if exit_1 in ("always", "error") and (_["overall"]["healthy"] != "UP"):
-        raise ClickException(
+        raise CmemcError(
             f"One or more major status flags are DOWN or UNKNOWN: {_!r}",
         )
     if raw:
@@ -137,19 +137,19 @@ def status_command(  # noqa: C901, PLR0912
             app.echo_info(table[0][1])
             return
         if len(table) == 0:
-            raise ClickException(f"No values for key(s): {key}")
+            raise CmemcError(f"No values for key(s): {key}")
         app.echo_info_table(table, headers=["Key", "Value"], sort_column=0)
         return
     app.check_versions()
     _workspace_config = _["explore"]["info"].get("workspaceConfiguration", {})
     if _workspace_config.get("workspacesToMigrate"):
         if exit_1 == "always":
-            raise ClickException(WARNING_MIGRATION)
+            raise CmemcError(WARNING_MIGRATION)
         app.echo_warning(WARNING_MIGRATION)
 
     if _["shapes"]["version"] not in (_["explore"]["version"], "UNKNOWN"):
         if exit_1 == "always":
-            raise ClickException(WARNING_SHAPES)
+            raise CmemcError(WARNING_SHAPES)
         app.echo_warning(WARNING_SHAPES)
 
     _check_cmem_license(app=app, data=_, exit_1=exit_1)
@@ -221,8 +221,8 @@ def token_command(app: ApplicationContext, raw: bool, decode: bool, ttl: bool) -
             return
         exp_time = datetime.fromtimestamp(exp_ts, tz=timezone.utc)
         now_time = datetime.now(tz=timezone.utc)
-        ttl_delta = timeago.format(exp_time, now_time)
-        if ttl_delta.startswith("in"):
+        ttl_delta = naturaltime(exp_time, when=now_time)
+        if exp_time > now_time:
             app.echo_info(
                 f"The provided access token will expire {ttl_delta} "
                 f"(TTL is {ttl_in_seconds} seconds)."