direct-cli 0.3.4__tar.gz → 0.3.6__tar.gz

{direct_cli-0.3.4 → direct_cli-0.3.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: direct-cli
-Version: 0.3.4
+Version: 0.3.6
 Summary: Command-line interface for Yandex Direct API
 Author: axisrow
 License: MIT
@@ -86,7 +86,9 @@ OAuth and profile commands:
 ```bash
 direct auth login
 direct auth login --profile agency1
+direct auth login --profile agency1 --format json
 direct auth login --code abc123 --profile agency1
+printf '%s\n' abc123 | direct auth login --code - --profile agency1
 direct auth list
 direct auth use --profile agency1
 direct auth status --profile agency1
@@ -99,6 +101,10 @@ Notes:
 - `--login` remains Direct client login.
 - Authorization is performed via `direct auth login`.
 - OAuth profiles store refresh tokens and refresh access tokens automatically.
+- In a non-interactive shell, run `direct auth login --profile NAME` first, then finish with `direct auth login --code - --profile NAME` and pass the browser code on stdin.
+- `direct auth login --code CODE --profile NAME` remains supported for compatibility, but automation should use `--code -` to avoid exposing the code in process arguments.
+- If the first non-interactive step includes `--client-secret`, the secret is remembered for the matching completion step.
+- If a profile already stores a confidential OAuth client, `direct auth login --code CODE --profile NAME` reuses the saved `client_id` and `client_secret`.
 - `direct auth login --oauth-token TOKEN` is a manual access-token import and does not auto-refresh.
 - Alias `auth_login` is not supported.
 
@@ -159,6 +165,19 @@ direct v4events get-events-log --from 2026-04-14T00:00:00 --to 2026-04-15T00:00:
 direct v4events get-events-log --from 2026-04-14T00:00:00 --to 2026-04-15T00:00:00 --currency RUB --limit 100 --offset 0 --format table
 ```
 
+### V4 Live Wordstat Reports
+
+Wordstat reports are asynchronous. Direct CLI makes exactly one API call per
+command and does not poll automatically; repeat `list-reports` or `get-report`
+yourself until the report is ready.
+
+```bash
+direct v4wordstat create-report --phrases "buy laptop,buy desktop" --geo-ids 213
+direct v4wordstat list-reports --format table
+direct v4wordstat get-report --report-id 123 --format table
+direct v4wordstat delete-report --report-id 123
+```
+
 ### V4 Live Finance
 
 Finance methods require an extra financial token for money operations. In the
@@ -186,14 +205,15 @@ direct v4finance pay-campaigns --campaign-ids 123,456 --amount 100.50 --currency
 
 ### V4 Live Shared Account
 
-Shared-account mutations are dry-run-only in this release and always require
-`--dry-run`. These commands follow the official v4 Live shared-account method
-shapes: `EnableSharedAccount` accepts one client `Login`, and
-`AccountManagement` updates shared-account settings through `Accounts`.
+Shared-account mutations require `--dry-run` in production and can be sent live
+only with top-level `--sandbox`. These commands follow the official v4 Live
+shared-account method shapes: `EnableSharedAccount` accepts one client `Login`,
+and `AccountManagement` updates shared-account settings through `Accounts`.
 
 ```bash
 direct v4account enable-shared-account --client-login client-login --dry-run
 direct v4account account-management --action Update --account-id 1327944 --day-budget 100.50 --spend-mode Default --money-in-sms Yes --money-out-sms No --email ops@example.com --money-warning-value 25 --dry-run
+direct --sandbox v4account enable-shared-account --client-login client-login
 ```
 
 ### CLI Convention
@@ -263,13 +283,8 @@ Allowed:
 direct dictionaries get-geo-regions --region-ids 225,187 --fields GeoRegionId,GeoRegionName
 ```
 
-Not allowed:
-
-```bash
-direct dictionaries get-geo-regions \
-  --region-ids 225,187 \
-  --fields GeoRegionId,GeoRegionName
-```
+Not allowed: splitting a canonical `direct ...` command over multiple shell
+lines with `\`.
 
 #### Flag Design Rules
 
@@ -295,12 +310,8 @@ Use:
 direct changes check-campaigns --timestamp 2026-04-14T00:00:00
 ```
 
-Do not use:
-
-```bash
-direct changes check-campaigns --timestamp 2026-04-14T00:00:00Z
-direct changes check-campaigns --timestamp "2026-04-14 00:00:00"
-```
+Do not use: a timestamp with a `Z` suffix, or a quoted timestamp that contains
+a space between the date and time.
 
 #### Documentation Contract
 
@@ -322,17 +333,9 @@ direct dynamicads set-bids --id 789 --bid 12500000 --context-bid 9000000 --prior
 direct dictionaries get-geo-regions --name Moscow --region-ids 225,187 --exact-names Москва,Санкт-Петербург --fields GeoRegionId,GeoRegionName
 ```
 
-Invalid examples:
-
-```bash
-direct dictionaries get-geo-regions --json '{"GeoRegionIds":[225]}' --fields GeoRegionId,GeoRegionName
-direct dynamicads set-bids --id 789 --bid 12500000 --json '{"StrategyPriority":"HIGH"}'
-direct dictionaries get-geo-regions \
-  --region-ids 225 \
-  --fields GeoRegionId,GeoRegionName
-direct changes check-campaigns --timestamp 2026-04-14T00:00:00Z
-direct changes check-campaigns --timestamp "2026-04-14 00:00:00"
-```
+Invalid examples include command lines that pass raw JSON flags, use shell
+line continuations, add timezone suffixes to CLI datetimes, or quote
+space-separated datetime values.
 
 #### Campaigns
 
@@ -444,8 +447,8 @@ direct dynamicads set-bids --id 789 --bid 12500000 --context-bid 9000000 --prior
 
 # Shared bidding strategies
 direct strategies get --limit 5
-direct strategies add --name "Shared Clicks" --type WbMaximumClicks --params '{"SpendLimit":1000000000,"AverageCpc":30000000}' --dry-run
-direct strategies update --id 42 --params '{"AverageCpc":35000000}' --dry-run
+direct strategies add --name "Shared Clicks" --type WbMaximumClicks --spend-limit 1000000000 --average-cpc 30000000 --dry-run
+direct strategies update --id 42 --type WbMaximumClicks --average-cpc 35000000 --dry-run
 direct strategies archive --id 42 --dry-run
 
 # Dynamic feed ad targets
@@ -620,6 +623,11 @@ The report contains one row per `WRITE_SANDBOX` command:
 The same OAuth token works for both production and the sandbox; no separate
 sandbox token is needed.
 
+For `v4account` sandbox smoke, `enable-shared-account` uses
+`YANDEX_DIRECT_V4ACCOUNT_CLIENT_LOGIN` or falls back to `YANDEX_DIRECT_LOGIN`.
+`account-management` requires `YANDEX_DIRECT_V4ACCOUNT_ACCOUNT_ID`; without it
+the runner reports `NOT_COVERED` for that command.
+
 #### Re-recording write cassettes
 
 The `integration_write` pytest tier still replays stored write-test traffic
@@ -740,7 +748,9 @@ OAuth и profile-команды:
 ```bash
 direct auth login
 direct auth login --profile agency1
+direct auth login --profile agency1 --format json
 direct auth login --code abc123 --profile agency1
+printf '%s\n' abc123 | direct auth login --code - --profile agency1
 direct auth list
 direct auth use --profile agency1
 direct auth status --profile agency1
@@ -749,6 +759,10 @@ direct --profile agency1 campaigns get
 
 Примечания:
 - OAuth profiles сохраняют refresh token и автоматически обновляют access token.
+- В non-interactive shell сначала выполните `direct auth login --profile NAME`, затем завершите через `direct auth login --code - --profile NAME` и передайте browser code через stdin.
+- `direct auth login --code CODE --profile NAME` сохраняется для совместимости, но автоматизация должна использовать `--code -`, чтобы не раскрывать код в process arguments.
+- Если первый non-interactive шаг включает `--client-secret`, secret запоминается для последующего completion step.
+- Если profile уже хранит confidential OAuth client, `direct auth login --code CODE --profile NAME` использует сохраненные `client_id` и `client_secret`.
 - `direct auth login --oauth-token TOKEN` импортирует access token вручную и не включает auto-refresh.
 
 Порядок выбора credentials:
@@ -890,13 +904,8 @@ Allowed:
 direct dictionaries get-geo-regions --region-ids 225,187 --fields GeoRegionId,GeoRegionName
 ```
 
-Not allowed:
-
-```bash
-direct dictionaries get-geo-regions \
-  --region-ids 225,187 \
-  --fields GeoRegionId,GeoRegionName
-```
+Not allowed: splitting a canonical `direct ...` command over multiple shell
+lines with `\`.
 
 #### Flag Design Rules
 
@@ -922,12 +931,8 @@ Use:
 direct changes check-campaigns --timestamp 2026-04-14T00:00:00
 ```
 
-Do not use:
-
-```bash
-direct changes check-campaigns --timestamp 2026-04-14T00:00:00Z
-direct changes check-campaigns --timestamp "2026-04-14 00:00:00"
-```
+Do not use: a timestamp with a `Z` suffix, or a quoted timestamp that contains
+a space between the date and time.
 
 #### Documentation Contract
 
@@ -948,17 +953,9 @@ direct dynamicads set-bids --id 789 --bid 12500000
 direct dictionaries get-geo-regions --region-ids 225 --fields GeoRegionId,GeoRegionName
 ```
 
-Invalid examples:
-
-```bash
-direct dictionaries get-geo-regions --json '{"GeoRegionIds":[225]}' --fields GeoRegionId,GeoRegionName
-direct dynamicads set-bids --id 789 --bid 12500000 --json '{"StrategyPriority":"HIGH"}'
-direct dictionaries get-geo-regions \
-  --region-ids 225 \
-  --fields GeoRegionId,GeoRegionName
-direct changes check-campaigns --timestamp 2026-04-14T00:00:00Z
-direct changes check-campaigns --timestamp "2026-04-14 00:00:00"
-```
+Invalid examples include command lines that pass raw JSON flags, use shell
+line continuations, add timezone suffixes to CLI datetimes, or quote
+space-separated datetime values.
 
 #### Кампании
 
@@ -1070,8 +1067,8 @@ direct dynamicads set-bids --id 789 --bid 12500000 --context-bid 9000000 --prior
 
 # Общие стратегии ставок
 direct strategies get --limit 5
-direct strategies add --name "Общая стратегия" --type WbMaximumClicks --params '{"SpendLimit":1000000000,"AverageCpc":30000000}' --dry-run
-direct strategies update --id 42 --params '{"AverageCpc":35000000}' --dry-run
+direct strategies add --name "Общая стратегия" --type WbMaximumClicks --spend-limit 1000000000 --average-cpc 30000000 --dry-run
+direct strategies update --id 42 --type WbMaximumClicks --average-cpc 35000000 --dry-run
 direct strategies archive --id 42 --dry-run
 
 # Динамические таргеты по фиду
@@ -1215,6 +1212,11 @@ best-effort. Отчёт содержит одну строку на каждую
 Один и тот же OAuth-токен работает и для продакшена, и для sandbox; отдельный
 sandbox-токен не нужен.
 
+Для `v4account` sandbox smoke команда `enable-shared-account` использует
+`YANDEX_DIRECT_V4ACCOUNT_CLIENT_LOGIN` или fallback на `YANDEX_DIRECT_LOGIN`.
+Для `account-management` нужна переменная
+`YANDEX_DIRECT_V4ACCOUNT_ACCOUNT_ID`; без неё runner покажет `NOT_COVERED`.
+
 #### Перезапись write-кассет
 
 Уровень `integration_write` в pytest всё ещё воспроизводит сохранённый

{direct_cli-0.3.4 → direct_cli-0.3.6}/README.md

@@ -43,7 +43,9 @@ OAuth and profile commands:
 ```bash
 direct auth login
 direct auth login --profile agency1
+direct auth login --profile agency1 --format json
 direct auth login --code abc123 --profile agency1
+printf '%s\n' abc123 | direct auth login --code - --profile agency1
 direct auth list
 direct auth use --profile agency1
 direct auth status --profile agency1
@@ -56,6 +58,10 @@ Notes:
 - `--login` remains Direct client login.
 - Authorization is performed via `direct auth login`.
 - OAuth profiles store refresh tokens and refresh access tokens automatically.
+- In a non-interactive shell, run `direct auth login --profile NAME` first, then finish with `direct auth login --code - --profile NAME` and pass the browser code on stdin.
+- `direct auth login --code CODE --profile NAME` remains supported for compatibility, but automation should use `--code -` to avoid exposing the code in process arguments.
+- If the first non-interactive step includes `--client-secret`, the secret is remembered for the matching completion step.
+- If a profile already stores a confidential OAuth client, `direct auth login --code CODE --profile NAME` reuses the saved `client_id` and `client_secret`.
 - `direct auth login --oauth-token TOKEN` is a manual access-token import and does not auto-refresh.
 - Alias `auth_login` is not supported.
 
@@ -116,6 +122,19 @@ direct v4events get-events-log --from 2026-04-14T00:00:00 --to 2026-04-15T00:00:
 direct v4events get-events-log --from 2026-04-14T00:00:00 --to 2026-04-15T00:00:00 --currency RUB --limit 100 --offset 0 --format table
 ```
 
+### V4 Live Wordstat Reports
+
+Wordstat reports are asynchronous. Direct CLI makes exactly one API call per
+command and does not poll automatically; repeat `list-reports` or `get-report`
+yourself until the report is ready.
+
+```bash
+direct v4wordstat create-report --phrases "buy laptop,buy desktop" --geo-ids 213
+direct v4wordstat list-reports --format table
+direct v4wordstat get-report --report-id 123 --format table
+direct v4wordstat delete-report --report-id 123
+```
+
 ### V4 Live Finance
 
 Finance methods require an extra financial token for money operations. In the
@@ -143,14 +162,15 @@ direct v4finance pay-campaigns --campaign-ids 123,456 --amount 100.50 --currency
 
 ### V4 Live Shared Account
 
-Shared-account mutations are dry-run-only in this release and always require
-`--dry-run`. These commands follow the official v4 Live shared-account method
-shapes: `EnableSharedAccount` accepts one client `Login`, and
-`AccountManagement` updates shared-account settings through `Accounts`.
+Shared-account mutations require `--dry-run` in production and can be sent live
+only with top-level `--sandbox`. These commands follow the official v4 Live
+shared-account method shapes: `EnableSharedAccount` accepts one client `Login`,
+and `AccountManagement` updates shared-account settings through `Accounts`.
 
 ```bash
 direct v4account enable-shared-account --client-login client-login --dry-run
 direct v4account account-management --action Update --account-id 1327944 --day-budget 100.50 --spend-mode Default --money-in-sms Yes --money-out-sms No --email ops@example.com --money-warning-value 25 --dry-run
+direct --sandbox v4account enable-shared-account --client-login client-login
 ```
 
 ### CLI Convention
@@ -220,13 +240,8 @@ Allowed:
 direct dictionaries get-geo-regions --region-ids 225,187 --fields GeoRegionId,GeoRegionName
 ```
 
-Not allowed:
-
-```bash
-direct dictionaries get-geo-regions \
-  --region-ids 225,187 \
-  --fields GeoRegionId,GeoRegionName
-```
+Not allowed: splitting a canonical `direct ...` command over multiple shell
+lines with `\`.
 
 #### Flag Design Rules
 
@@ -252,12 +267,8 @@ Use:
 direct changes check-campaigns --timestamp 2026-04-14T00:00:00
 ```
 
-Do not use:
-
-```bash
-direct changes check-campaigns --timestamp 2026-04-14T00:00:00Z
-direct changes check-campaigns --timestamp "2026-04-14 00:00:00"
-```
+Do not use: a timestamp with a `Z` suffix, or a quoted timestamp that contains
+a space between the date and time.
 
 #### Documentation Contract
 
@@ -279,17 +290,9 @@ direct dynamicads set-bids --id 789 --bid 12500000 --context-bid 9000000 --prior
 direct dictionaries get-geo-regions --name Moscow --region-ids 225,187 --exact-names Москва,Санкт-Петербург --fields GeoRegionId,GeoRegionName
 ```
 
-Invalid examples:
-
-```bash
-direct dictionaries get-geo-regions --json '{"GeoRegionIds":[225]}' --fields GeoRegionId,GeoRegionName
-direct dynamicads set-bids --id 789 --bid 12500000 --json '{"StrategyPriority":"HIGH"}'
-direct dictionaries get-geo-regions \
-  --region-ids 225 \
-  --fields GeoRegionId,GeoRegionName
-direct changes check-campaigns --timestamp 2026-04-14T00:00:00Z
-direct changes check-campaigns --timestamp "2026-04-14 00:00:00"
-```
+Invalid examples include command lines that pass raw JSON flags, use shell
+line continuations, add timezone suffixes to CLI datetimes, or quote
+space-separated datetime values.
 
 #### Campaigns
 
@@ -401,8 +404,8 @@ direct dynamicads set-bids --id 789 --bid 12500000 --context-bid 9000000 --prior
 
 # Shared bidding strategies
 direct strategies get --limit 5
-direct strategies add --name "Shared Clicks" --type WbMaximumClicks --params '{"SpendLimit":1000000000,"AverageCpc":30000000}' --dry-run
-direct strategies update --id 42 --params '{"AverageCpc":35000000}' --dry-run
+direct strategies add --name "Shared Clicks" --type WbMaximumClicks --spend-limit 1000000000 --average-cpc 30000000 --dry-run
+direct strategies update --id 42 --type WbMaximumClicks --average-cpc 35000000 --dry-run
 direct strategies archive --id 42 --dry-run
 
 # Dynamic feed ad targets
@@ -577,6 +580,11 @@ The report contains one row per `WRITE_SANDBOX` command:
 The same OAuth token works for both production and the sandbox; no separate
 sandbox token is needed.
 
+For `v4account` sandbox smoke, `enable-shared-account` uses
+`YANDEX_DIRECT_V4ACCOUNT_CLIENT_LOGIN` or falls back to `YANDEX_DIRECT_LOGIN`.
+`account-management` requires `YANDEX_DIRECT_V4ACCOUNT_ACCOUNT_ID`; without it
+the runner reports `NOT_COVERED` for that command.
+
 #### Re-recording write cassettes
 
 The `integration_write` pytest tier still replays stored write-test traffic
@@ -697,7 +705,9 @@ OAuth и profile-команды:
 ```bash
 direct auth login
 direct auth login --profile agency1
+direct auth login --profile agency1 --format json
 direct auth login --code abc123 --profile agency1
+printf '%s\n' abc123 | direct auth login --code - --profile agency1
 direct auth list
 direct auth use --profile agency1
 direct auth status --profile agency1
@@ -706,6 +716,10 @@ direct --profile agency1 campaigns get
 
 Примечания:
 - OAuth profiles сохраняют refresh token и автоматически обновляют access token.
+- В non-interactive shell сначала выполните `direct auth login --profile NAME`, затем завершите через `direct auth login --code - --profile NAME` и передайте browser code через stdin.
+- `direct auth login --code CODE --profile NAME` сохраняется для совместимости, но автоматизация должна использовать `--code -`, чтобы не раскрывать код в process arguments.
+- Если первый non-interactive шаг включает `--client-secret`, secret запоминается для последующего completion step.
+- Если profile уже хранит confidential OAuth client, `direct auth login --code CODE --profile NAME` использует сохраненные `client_id` и `client_secret`.
 - `direct auth login --oauth-token TOKEN` импортирует access token вручную и не включает auto-refresh.
 
 Порядок выбора credentials:
@@ -847,13 +861,8 @@ Allowed:
 direct dictionaries get-geo-regions --region-ids 225,187 --fields GeoRegionId,GeoRegionName
 ```
 
-Not allowed:
-
-```bash
-direct dictionaries get-geo-regions \
-  --region-ids 225,187 \
-  --fields GeoRegionId,GeoRegionName
-```
+Not allowed: splitting a canonical `direct ...` command over multiple shell
+lines with `\`.
 
 #### Flag Design Rules
 
@@ -879,12 +888,8 @@ Use:
 direct changes check-campaigns --timestamp 2026-04-14T00:00:00
 ```
 
-Do not use:
-
-```bash
-direct changes check-campaigns --timestamp 2026-04-14T00:00:00Z
-direct changes check-campaigns --timestamp "2026-04-14 00:00:00"
-```
+Do not use: a timestamp with a `Z` suffix, or a quoted timestamp that contains
+a space between the date and time.
 
 #### Documentation Contract
 
@@ -905,17 +910,9 @@ direct dynamicads set-bids --id 789 --bid 12500000
 direct dictionaries get-geo-regions --region-ids 225 --fields GeoRegionId,GeoRegionName
 ```
 
-Invalid examples:
-
-```bash
-direct dictionaries get-geo-regions --json '{"GeoRegionIds":[225]}' --fields GeoRegionId,GeoRegionName
-direct dynamicads set-bids --id 789 --bid 12500000 --json '{"StrategyPriority":"HIGH"}'
-direct dictionaries get-geo-regions \
-  --region-ids 225 \
-  --fields GeoRegionId,GeoRegionName
-direct changes check-campaigns --timestamp 2026-04-14T00:00:00Z
-direct changes check-campaigns --timestamp "2026-04-14 00:00:00"
-```
+Invalid examples include command lines that pass raw JSON flags, use shell
+line continuations, add timezone suffixes to CLI datetimes, or quote
+space-separated datetime values.
 
 #### Кампании
 
@@ -1027,8 +1024,8 @@ direct dynamicads set-bids --id 789 --bid 12500000 --context-bid 9000000 --prior
 
 # Общие стратегии ставок
 direct strategies get --limit 5
-direct strategies add --name "Общая стратегия" --type WbMaximumClicks --params '{"SpendLimit":1000000000,"AverageCpc":30000000}' --dry-run
-direct strategies update --id 42 --params '{"AverageCpc":35000000}' --dry-run
+direct strategies add --name "Общая стратегия" --type WbMaximumClicks --spend-limit 1000000000 --average-cpc 30000000 --dry-run
+direct strategies update --id 42 --type WbMaximumClicks --average-cpc 35000000 --dry-run
 direct strategies archive --id 42 --dry-run
 
 # Динамические таргеты по фиду
@@ -1172,6 +1169,11 @@ best-effort. Отчёт содержит одну строку на каждую
 Один и тот же OAuth-токен работает и для продакшена, и для sandbox; отдельный
 sandbox-токен не нужен.
 
+Для `v4account` sandbox smoke команда `enable-shared-account` использует
+`YANDEX_DIRECT_V4ACCOUNT_CLIENT_LOGIN` или fallback на `YANDEX_DIRECT_LOGIN`.
+Для `account-management` нужна переменная
+`YANDEX_DIRECT_V4ACCOUNT_ACCOUNT_ID`; без неё runner покажет `NOT_COVERED`.
+
 #### Перезапись write-кассет
 
 Уровень `integration_write` в pytest всё ещё воспроизводит сохранённый

{direct_cli-0.3.4 → direct_cli-0.3.6}/direct_cli/auth.py

@@ -31,6 +31,7 @@ YANDEX_OAUTH_TOKEN_URL = "https://oauth.yandex.ru/token"
 DEFAULT_OAUTH_CLIENT_ID = "dcf15d9625f6471d94d6d054d52017ba"
 AUTH_STORE_PATH = Path.home() / ".direct-cli" / "auth.json"
 OAUTH_REFRESH_SKEW_SECONDS = 60
+PENDING_PKCE_TTL_SECONDS = 600
 
 
 def op_read(ref: str) -> str:
@@ -161,10 +162,17 @@ def load_auth_store(path: Optional[Path] = None) -> Dict[str, Any]:
     profiles = data.get("profiles")
     if not isinstance(profiles, dict):
         profiles = {}
+    pending_pkce = data.get("pending_pkce")
+    if not isinstance(pending_pkce, dict):
+        pending_pkce = {}
     active = data.get("active_profile")
     if active is not None and not isinstance(active, str):
         active = None
-    return {"profiles": profiles, "active_profile": active}
+    return {
+        "profiles": profiles,
+        "active_profile": active,
+        "pending_pkce": pending_pkce,
+    }
 
 
 def save_auth_store(data: Dict[str, Any], path: Optional[Path] = None) -> None:
@@ -173,6 +181,95 @@ def save_auth_store(data: Dict[str, Any], path: Optional[Path] = None) -> None:
     _write_json(store_path, data)
 
 
+def save_pending_pkce(
+    profile: str,
+    client_id: str,
+    code_verifier: str,
+    login: Optional[str] = None,
+    created_at: Optional[float] = None,
+    path: Optional[Path] = None,
+) -> Dict[str, Any]:
+    """Save pending PKCE state for a profile."""
+    now = time.time() if created_at is None else float(created_at)
+    item: Dict[str, Any] = {
+        "type": "pkce",
+        "client_id": client_id,
+        "code_verifier": code_verifier,
+        "login": login,
+        "created_at": now,
+        "expires_at": now + PENDING_PKCE_TTL_SECONDS,
+    }
+    store = load_auth_store(path=path)
+    store["pending_pkce"][profile] = item
+    save_auth_store(store, path=path)
+    return item
+
+
+def save_pending_confidential_auth(
+    profile: str,
+    client_id: str,
+    client_secret: str,
+    login: Optional[str] = None,
+    created_at: Optional[float] = None,
+    path: Optional[Path] = None,
+) -> Dict[str, Any]:
+    """Save pending confidential-client OAuth state for a profile."""
+    now = time.time() if created_at is None else float(created_at)
+    item: Dict[str, Any] = {
+        "type": "confidential",
+        "client_id": client_id,
+        "client_secret": client_secret,
+        "login": login,
+        "created_at": now,
+        "expires_at": now + PENDING_PKCE_TTL_SECONDS,
+    }
+    store = load_auth_store(path=path)
+    store["pending_pkce"][profile] = item
+    save_auth_store(store, path=path)
+    return item
+
+
+def get_pending_pkce(
+    profile: str, path: Optional[Path] = None
+) -> Optional[Dict[str, Any]]:
+    """Return pending OAuth state for a profile when it has the expected shape."""
+    store = load_auth_store(path=path)
+    item = store["pending_pkce"].get(profile)
+    if not isinstance(item, dict):
+        return None
+    client_id = item.get("client_id")
+    expires_at = item.get("expires_at")
+    if (
+        not isinstance(client_id, str)
+        or not client_id
+        or not isinstance(expires_at, (int, float))
+    ):
+        return None
+    auth_type = item.get("type")
+    code_verifier = item.get("code_verifier")
+    client_secret = item.get("client_secret")
+    if auth_type == "confidential":
+        if not isinstance(client_secret, str) or not client_secret:
+            return None
+    elif not isinstance(code_verifier, str) or not code_verifier:
+        return None
+    else:
+        auth_type = "pkce"
+    result = dict(item)
+    result["type"] = auth_type
+    login = result.get("login")
+    if login is not None and not isinstance(login, str):
+        result["login"] = None
+    return result
+
+
+def remove_pending_pkce(profile: str, path: Optional[Path] = None) -> None:
+    """Remove pending PKCE state for a profile if present."""
+    store = load_auth_store(path=path)
+    store["pending_pkce"].pop(profile, None)
+    save_auth_store(store, path=path)
+
+
 def save_oauth_profile(
     profile: str,
     token: str,

{direct_cli-0.3.4 → direct_cli-0.3.6}/direct_cli/cli.py

@@ -45,12 +45,9 @@ from .commands.balance import balance
 from .commands.v4events import v4events
 from .commands.v4finance import v4finance
 from .commands.v4account import v4account
-from .commands.v4shells import (
-    v4forecast,
-    v4meta,
-    v4wordstat,
-)
+from .commands.v4shells import v4forecast, v4meta
 from .commands.v4goals import v4goals
+from .commands.v4wordstat import v4wordstat
 
 # Load .env file
 load_dotenv()

{direct_cli-0.3.4 → direct_cli-0.3.6}/direct_cli/commands/audiencetargets.py

@@ -178,9 +178,12 @@ def set_bids(ctx, target_id, adgroup_id, campaign_id, context_bid, priority, dry
         if priority:
             bid_data["StrategyPriority"] = priority
         bid_fields = {k for k in ("ContextBid", "StrategyPriority") if k in bid_data}
-        if not bid_data:
+        selector_fields = {
+            k for k in ("Id", "AdGroupId", "CampaignId") if k in bid_data
+        }
+        if not selector_fields:
             raise click.UsageError(
-                "Provide target selection and bid fields for set-bids"
+                "Provide a target selector (--id, --adgroup-id, or --campaign-id)"
             )
         if not bid_fields:
             raise click.UsageError(