finch-cli 0.1.2__tar.gz → 0.2.0__tar.gz

{finch_cli-0.1.2 → finch_cli-0.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
-Metadata-Version: 2.4
+Metadata-Version: 2.3
 Name: finch-cli
-Version: 0.1.2
+Version: 0.2.0
 Summary: Tailor your resume to any job posting from your terminal.
 Project-URL: Homepage, https://applyfinch.com
 Project-URL: Repository, https://github.com/applyEasy/finch-cli
@@ -43,13 +43,20 @@ a terminal client for job hunting. browse fresh internship + new-grad postings,
 
 ```
 pip install finch-cli
-export DEEPSEEK_API_KEY=sk-...
+finch login
 finch ui
 ```
 
-deepseek keys are cheap (~30x cheaper than the major frontier models). get one at https://platform.deepseek.com/api_keys.
+`finch login` opens a sign-in link in your browser. once you sign in with google or email on applyfinch.com, the cli is paired and tailoring just works -- no api key to manage, the backend pays the llm bill.
+
+prefer your own key? skip `finch login` and set one instead:
+
+```
+export DEEPSEEK_API_KEY=sk-...
+finch ui
+```
 
-other providers work too. any openai-compatible chat-completions endpoint: openai, together, groq, fireworks. pass `--base-url` and the matching `--api-key`, or set `FINCH_BASE_URL` and `OPENAI_API_KEY`. the same `finch_cli/tailor.py` runs against all of them.
+deepseek keys are cheap (~30x cheaper than the major frontier models). get one at https://platform.deepseek.com/api_keys. any openai-compatible chat-completions endpoint also works (openai, together, groq, fireworks): pass `--base-url` and `--api-key`.
 
 ## what it does
 

{finch_cli-0.1.2 → finch_cli-0.2.0}/README.md

@@ -10,13 +10,20 @@ a terminal client for job hunting. browse fresh internship + new-grad postings,
 
 ```
 pip install finch-cli
-export DEEPSEEK_API_KEY=sk-...
+finch login
 finch ui
 ```
 
-deepseek keys are cheap (~30x cheaper than the major frontier models). get one at https://platform.deepseek.com/api_keys.
+`finch login` opens a sign-in link in your browser. once you sign in with google or email on applyfinch.com, the cli is paired and tailoring just works -- no api key to manage, the backend pays the llm bill.
+
+prefer your own key? skip `finch login` and set one instead:
+
+```
+export DEEPSEEK_API_KEY=sk-...
+finch ui
+```
 
-other providers work too. any openai-compatible chat-completions endpoint: openai, together, groq, fireworks. pass `--base-url` and the matching `--api-key`, or set `FINCH_BASE_URL` and `OPENAI_API_KEY`. the same `finch_cli/tailor.py` runs against all of them.
+deepseek keys are cheap (~30x cheaper than the major frontier models). get one at https://platform.deepseek.com/api_keys. any openai-compatible chat-completions endpoint also works (openai, together, groq, fireworks): pass `--base-url` and `--api-key`.
 
 ## what it does
 

{finch_cli-0.1.2 → finch_cli-0.2.0}/finch_cli/__init__.py

@@ -1,3 +1,3 @@
 """Finch CLI - tailor your resume to any job posting from your terminal."""
 
-__version__ = "0.1.2"
+__version__ = "0.2.0"

finch_cli-0.2.0/finch_cli/auth.py

@@ -0,0 +1,192 @@
+"""finch-cli sign-in flow.
+
+Talks to the applyfinch.com backend's device-flow endpoints so users can sign
+in by clicking a link in their terminal instead of pasting an API key. Once
+signed in, the local tailor command POSTs to /api/v1/cli/tailor and the
+backend pays the upstream LLM bill.
+
+Token storage: ~/.config/finch-cli/token (chmod 600 on POSIX). One file, one
+token. `finch logout` deletes it.
+"""
+
+from __future__ import annotations
+
+import os
+import platform
+import stat
+import sys
+import time
+import webbrowser
+from pathlib import Path
+
+import httpx
+
+DEFAULT_FINCH_BASE_URL = "https://applyfinch.com"
+FINCH_BASE_URL = os.environ.get("FINCH_BASE_URL", DEFAULT_FINCH_BASE_URL).rstrip("/")
+START_TIMEOUT = 15
+POLL_TIMEOUT = 10
+POLL_BACKOFF_AFTER_404 = 3
+MAX_POLL_SECONDS = 300
+
+
+class AuthError(RuntimeError):
+    pass
+
+
+def _config_dir() -> Path:
+    base = os.environ.get("XDG_CONFIG_HOME")
+    if base:
+        return Path(base) / "finch-cli"
+    return Path.home() / ".config" / "finch-cli"
+
+
+def token_path() -> Path:
+    return _config_dir() / "token"
+
+
+def load_token() -> str | None:
+    p = token_path()
+    if not p.is_file():
+        return None
+    try:
+        token = p.read_text(encoding="utf-8").strip()
+    except OSError:
+        return None
+    return token or None
+
+
+def save_token(token: str) -> None:
+    p = token_path()
+    p.parent.mkdir(parents=True, exist_ok=True)
+    p.write_text(token + "\n", encoding="utf-8")
+    if os.name == "posix":
+        try:
+            os.chmod(p, stat.S_IRUSR | stat.S_IWUSR)
+        except OSError:
+            pass
+
+
+def clear_token() -> bool:
+    p = token_path()
+    if not p.exists():
+        return False
+    try:
+        p.unlink()
+        return True
+    except OSError:
+        return False
+
+
+def _device_label() -> str:
+    try:
+        node = platform.node() or "unknown"
+    except Exception:
+        node = "unknown"
+    return f"finch-cli on {platform.system()} ({node})"[:120]
+
+
+def start_device_flow() -> dict:
+    url = f"{FINCH_BASE_URL}/api/v1/cli/start"
+    try:
+        with httpx.Client(timeout=START_TIMEOUT) as client:
+            r = client.post(url, json={"device_label": _device_label()})
+    except httpx.RequestError as e:
+        raise AuthError(f"Could not reach {FINCH_BASE_URL}: {e}") from e
+    if r.status_code != 200:
+        raise AuthError(f"start failed: HTTP {r.status_code} {r.text[:200]}")
+    data = r.json()
+    for field in ("device_code", "user_code", "verification_url", "expires_in", "interval"):
+        if field not in data:
+            raise AuthError(f"start response missing {field}")
+    return data
+
+
+def poll_for_token(device_code: str, interval: int, expires_in: int) -> str:
+    url = f"{FINCH_BASE_URL}/api/v1/cli/poll"
+    poll_interval = max(2, int(interval))
+    started = time.monotonic()
+    deadline = started + min(expires_in, MAX_POLL_SECONDS)
+
+    while time.monotonic() < deadline:
+        try:
+            with httpx.Client(timeout=POLL_TIMEOUT) as client:
+                r = client.post(url, json={"device_code": device_code})
+        except httpx.RequestError:
+            time.sleep(poll_interval)
+            continue
+
+        if r.status_code == 410:
+            raise AuthError("Device code expired. Run `finch login` again.")
+        if r.status_code != 200:
+            time.sleep(poll_interval + POLL_BACKOFF_AFTER_404)
+            continue
+
+        try:
+            data = r.json()
+        except Exception:
+            time.sleep(poll_interval)
+            continue
+
+        status = data.get("status")
+        if status == "approved":
+            token = data.get("token")
+            if not token:
+                raise AuthError("Approved but no token returned.")
+            return token
+        if status == "pending":
+            time.sleep(poll_interval)
+            continue
+        if status == "expired":
+            raise AuthError("Device code expired. Run `finch login` again.")
+        time.sleep(poll_interval)
+
+    raise AuthError("Timed out waiting for sign-in. Run `finch login` again.")
+
+
+def open_browser_safely(url: str) -> bool:
+    try:
+        if sys.platform.startswith("linux") and not os.environ.get("DISPLAY") and not os.environ.get("WAYLAND_DISPLAY"):
+            return False
+        return webbrowser.open_new_tab(url)
+    except Exception:
+        return False
+
+
+def call_tailor(token: str, base_resume: str, job_text: str, model: str | None = None) -> str:
+    url = f"{FINCH_BASE_URL}/api/v1/cli/tailor"
+    payload: dict = {"resume": base_resume, "job": job_text}
+    if model:
+        payload["model"] = model
+    headers = {"Authorization": f"Bearer {token}", "Content-Type": "application/json"}
+    try:
+        with httpx.Client(timeout=120) as client:
+            r = client.post(url, json=payload, headers=headers)
+    except httpx.RequestError as e:
+        raise AuthError(f"Could not reach {FINCH_BASE_URL}: {e}") from e
+
+    if r.status_code == 401:
+        raise AuthError("Your finch token is no longer valid. Run `finch logout && finch login`.")
+    if r.status_code == 503:
+        raise AuthError("The finch backend is misconfigured. Try again later or use --api-key.")
+    if r.status_code >= 400:
+        try:
+            err = r.json().get("error")
+        except Exception:
+            err = r.text[:200]
+        raise AuthError(f"Backend tailor failed (HTTP {r.status_code}): {err}")
+
+    try:
+        data = r.json()
+        return data["tailored"]
+    except Exception as e:
+        raise AuthError(f"Bad backend response: {e}") from e
+
+
+def revoke_token(token: str) -> bool:
+    url = f"{FINCH_BASE_URL}/api/v1/cli/revoke"
+    try:
+        with httpx.Client(timeout=10) as client:
+            r = client.post(url, headers={"Authorization": f"Bearer {token}"})
+        return r.status_code == 200
+    except httpx.RequestError:
+        return False

{finch_cli-0.1.2 → finch_cli-0.2.0}/finch_cli/cli.py

@@ -9,6 +9,17 @@ import click
 from rich.console import Console
 
 from . import __version__
+from .auth import (
+    AuthError,
+    FINCH_BASE_URL,
+    call_tailor,
+    clear_token,
+    load_token,
+    open_browser_safely,
+    poll_for_token,
+    revoke_token,
+    start_device_flow,
+)
 from .fetch import FetchError, fetch_job
 from .output import write_or_print
 from .tailor import DEFAULT_BASE_URL, DEFAULT_MODEL, TailorError, tailor_resume
@@ -110,28 +121,110 @@ def tailor(
             sys.exit(1)
         console.print(f"[dim]Fetched job posting ({len(job_text):,} chars).[/dim]")
 
-    if base_url and base_url != DEFAULT_BASE_URL:
-        console.print(
-            f"[yellow]warning:[/] sending your API key to {base_url}. "
-            f"only use --base-url for providers you trust."
-        )
+    finch_token = load_token()
+    use_backend = finch_token is not None and not api_key and not base_url
 
-    try:
-        with console.status("Tailoring resume against the job...", spinner="dots"):
-            tailored = tailor_resume(
-                base_resume,
-                job_text,
-                model=model,
-                api_key=api_key,
-                base_url=base_url,
+    if use_backend:
+        console.print(f"[dim]Signed in as finch user. Tailoring via {FINCH_BASE_URL}.[/dim]")
+        try:
+            with console.status("Tailoring resume against the job...", spinner="dots"):
+                tailored = call_tailor(finch_token, base_resume, job_text, model=None)
+        except AuthError as e:
+            console.print(f"[red]Tailoring failed:[/red] {e}")
+            sys.exit(1)
+    else:
+        if base_url and base_url != DEFAULT_BASE_URL:
+            console.print(
+                f"[yellow]warning:[/] sending your API key to {base_url}. "
+                f"only use --base-url for providers you trust."
             )
-    except TailorError as e:
-        console.print(f"[red]Tailoring failed:[/red] {e}")
-        sys.exit(1)
+        try:
+            with console.status("Tailoring resume against the job...", spinner="dots"):
+                tailored = tailor_resume(
+                    base_resume,
+                    job_text,
+                    model=model,
+                    api_key=api_key,
+                    base_url=base_url,
+                )
+        except TailorError as e:
+            console.print(f"[red]Tailoring failed:[/red] {e}")
+            sys.exit(1)
 
     write_or_print(tailored, out_path)
 
 
+@main.command()
+def login() -> None:
+    """Sign in to finch through your browser. No API key needed."""
+    if load_token():
+        console.print("[yellow]You're already signed in.[/] Run [bold]finch logout[/] first to sign in as someone else.")
+        return
+
+    try:
+        with console.status("Starting sign-in...", spinner="dots"):
+            data = start_device_flow()
+    except AuthError as e:
+        console.print(f"[red]Could not start sign-in:[/red] {e}")
+        sys.exit(1)
+
+    url = data["verification_url"]
+    user_code = data["user_code"]
+
+    console.print()
+    console.print(f"[bold]Open this URL in your browser to sign in:[/bold]")
+    console.print(f"  [cyan]{url}[/cyan]")
+    console.print()
+    console.print(f"If your browser does not open automatically, the code is [bold]{user_code}[/bold].")
+    console.print()
+
+    opened = open_browser_safely(url)
+    if opened:
+        console.print("[dim]Opened your browser. Sign in, then come back here.[/dim]")
+    else:
+        console.print("[dim]Could not open a browser automatically. Open the URL above on any device.[/dim]")
+
+    try:
+        with console.status("Waiting for sign-in...", spinner="dots"):
+            token = poll_for_token(data["device_code"], data["interval"], data["expires_in"])
+    except AuthError as e:
+        console.print(f"[red]Sign-in failed:[/red] {e}")
+        sys.exit(1)
+
+    from .auth import save_token
+    save_token(token)
+    console.print()
+    console.print("[green]Signed in.[/green] You can now run [bold]finch tailor[/] without an API key.")
+
+
+@main.command()
+def logout() -> None:
+    """Sign out of finch and delete the local token."""
+    token = load_token()
+    if not token:
+        console.print("You're not signed in.")
+        return
+    revoke_token(token)
+    cleared = clear_token()
+    if cleared:
+        console.print("[green]Signed out.[/green]")
+    else:
+        console.print("[yellow]Could not delete the local token file.[/]")
+
+
+@main.command()
+def whoami() -> None:
+    """Show whether you're signed in to finch."""
+    token = load_token()
+    if not token:
+        console.print("Not signed in. Run [bold]finch login[/].")
+        return
+    from .auth import token_path
+    console.print("[green]Signed in to finch.[/green]")
+    console.print(f"  token file: {token_path()}")
+    console.print(f"  backend:    {FINCH_BASE_URL}")
+
+
 @main.command()
 @click.option(
     "--demo",

{finch_cli-0.1.2 → finch_cli-0.2.0}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "finch-cli"
-version = "0.1.2"
+version = "0.2.0"
 description = "Tailor your resume to any job posting from your terminal."
 readme = "README.md"
 requires-python = ">=3.10"