glaip-sdk 0.6.2__py3-none-any.whl → 0.6.3__py3-none-any.whl

glaip_sdk/cli/account_store.py

@@ -217,13 +217,14 @@ class AccountStore:
             api_key: API key or None.
 
         Returns:
-            Dictionary with "default" account if credentials exist, empty dict otherwise.
+            Dictionary with "default" account if both credentials exist and are non-empty, empty dict otherwise.
         """
         accounts = {}
-        if api_url or api_key:
+        # Only create default account if both URL and key are present and non-empty
+        if api_url and api_key and api_url.strip() and api_key.strip():
             accounts["default"] = {
-                "api_url": api_url or "",
-                "api_key": api_key or "",
+                "api_url": api_url.strip(),
+                "api_key": api_key.strip(),
             }
         return accounts
 
@@ -257,15 +258,30 @@ class AccountStore:
             "accounts": {},
         }
 
-        # Extract legacy api_url and api_key
-        api_url = config.get("api_url")
-        api_key = config.get("api_key")
+        # Preserve existing accounts if they exist (shouldn't happen in true migration, but defensive)
+        existing_accounts = config.get("accounts", {})
+        if existing_accounts:
+            migrated["accounts"] = existing_accounts.copy()
+            existing_active = config.get("active_account")
+            if existing_active and existing_active in existing_accounts:
+                migrated["active_account"] = existing_active
+            elif "default" in existing_accounts:
+                migrated["active_account"] = "default"
+            else:
+                migrated["active_account"] = sorted(existing_accounts.keys())[0]
+        else:
+            # Extract legacy api_url and api_key only if no accounts exist
+            api_url = config.get("api_url")
+            api_key = config.get("api_key")
 
-        # Check for auth.json from secure login MVP (only during migration)
-        api_url, api_key = self._load_auth_json_credentials(api_url, api_key)
+            # Check for auth.json from secure login MVP (only during migration)
+            api_url, api_key = self._load_auth_json_credentials(api_url, api_key)
 
-        # Create default account if we have credentials
-        migrated["accounts"] = self._create_default_account(api_url, api_key)
+            # Create default account if we have valid credentials
+            migrated["accounts"] = self._create_default_account(api_url, api_key)
+            # Only set active_account to default if we actually created a default account
+            if not migrated["accounts"]:
+                migrated.pop("active_account", None)
 
         # Preserve other top-level keys for backward compatibility
         migrated.update(self._preserve_legacy_keys(config))
@@ -423,16 +439,18 @@ class AccountStore:
 
         del accounts[name]
 
-        # If we removed the active account, switch to another
+        # If we removed the active account, switch to another account
         active_account = config.get("active_account")
         if active_account == name:
-            # Try to switch to 'default' if it exists, otherwise first alphabetical
-            remaining_names = sorted(accounts.keys())
-            if "default" in remaining_names:
+            # Prefer "default" if it exists, otherwise use first alphabetical account
+            if "default" in accounts:
                 config["active_account"] = "default"
-            elif remaining_names:
-                config["active_account"] = remaining_names[0]
-            else:  # pragma: no cover - defensive code, unreachable due to len check above
+            elif accounts:
+                # Sort accounts alphabetically and pick the first one
+                sorted_names = sorted(accounts.keys())
+                config["active_account"] = sorted_names[0]
+            else:
+                # No accounts remaining (shouldn't happen due to check above)
                 config.pop("active_account", None)
 
         self._save_config(config)

glaip_sdk/cli/commands/accounts.py

@@ -6,7 +6,6 @@ Authors:
 
 import getpass
 import json
-import os
 import sys
 from pathlib import Path
 
@@ -33,6 +32,7 @@ from glaip_sdk.cli.account_store import (
 from glaip_sdk.cli.commands.common_config import check_connection, render_branding_header
 from glaip_sdk.cli.hints import format_command_hint
 from glaip_sdk.cli.masking import mask_api_key_display
+from glaip_sdk.cli.slash.accounts_shared import env_credentials_present
 from glaip_sdk.cli.utils import command_hint
 from glaip_sdk.icons import ICON_TOOL
 from glaip_sdk.rich_components import AIPPanel, AIPTable
@@ -231,7 +231,7 @@ def show_account(name: str, output_json: bool) -> None:
     masked_key = _mask_api_key(api_key or "")
     active_account = store.get_active_account()
     is_active = active_account == name
-    env_lock = bool(os.getenv("AIP_API_URL") or os.getenv("AIP_API_KEY"))
+    env_lock = env_credentials_present(partial=True)
     config_path_raw = str(store.config_file)
     config_path_display = _format_config_path(config_path_raw)
 

glaip_sdk/cli/slash/accounts_controller.py

@@ -9,20 +9,27 @@ Authors:
 
 from __future__ import annotations
 
-import os
 import sys
 from collections.abc import Iterable
+from getpass import getpass
 from typing import TYPE_CHECKING, Any
 
 from rich.console import Console
+from rich.prompt import Prompt
 
 from glaip_sdk.branding import ERROR_STYLE, INFO_STYLE, SUCCESS_STYLE, WARNING_STYLE
 from glaip_sdk.cli.account_store import AccountStore, AccountStoreError, get_account_store
 from glaip_sdk.cli.commands.common_config import check_connection_with_reason
 from glaip_sdk.cli.masking import mask_api_key_display
-from glaip_sdk.cli.slash.accounts_shared import build_account_status_string
+from glaip_sdk.cli.validators import validate_api_key
+from glaip_sdk.cli.slash.accounts_shared import (
+    build_account_rows,
+    build_account_status_string,
+    env_credentials_present,
+)
 from glaip_sdk.cli.slash.tui.accounts_app import TEXTUAL_SUPPORTED, AccountsTUICallbacks, run_accounts_textual
 from glaip_sdk.rich_components import AIPPanel, AIPTable
+from glaip_sdk.utils.validation import validate_url
 
 if TYPE_CHECKING:  # pragma: no cover
     from glaip_sdk.cli.slash.session import SlashSession
@@ -46,7 +53,7 @@ class AccountsController:
     def handle_accounts_command(self, args: list[str]) -> bool:
         """Handle `/accounts` with optional `/accounts <name>` quick switch."""
         store = get_account_store()
-        env_lock = bool(os.getenv("AIP_API_URL") or os.getenv("AIP_API_KEY"))
+        env_lock = env_credentials_present(partial=True)
         accounts = store.list_accounts()
 
         if not accounts:
@@ -63,7 +70,7 @@ class AccountsController:
         if self._should_use_textual():
             self._render_textual(rows, store, env_lock)
         else:
-            self._render_rich(rows, env_lock)
+            self._render_rich_interactive(store, env_lock)
 
         return self.session._continue_session()
 
@@ -90,24 +97,13 @@ class AccountsController:
         env_lock: bool,
     ) -> list[dict[str, str | bool]]:
         """Normalize account rows for display."""
-        rows: list[dict[str, str | bool]] = []
-        for name, account in sorted(accounts.items()):
-            rows.append(
-                {
-                    "name": name,
-                    "api_url": account.get("api_url", ""),
-                    "masked_key": mask_api_key_display(account.get("api_key", "")),
-                    "active": name == active_account,
-                    "env_lock": env_lock,
-                }
-            )
-        return rows
+        return build_account_rows(accounts, active_account, env_lock)
 
     def _render_rich(self, rows: Iterable[dict[str, str | bool]], env_lock: bool) -> None:
         """Render a Rich snapshot with columns matching TUI."""
         if env_lock:
             self.console.print(
-                f"[{WARNING_STYLE}]Env credentials detected (AIP_API_URL/AIP_API_KEY); switching is disabled.[/]"
+                f"[{WARNING_STYLE}]Env credentials detected (AIP_API_URL/AIP_API_KEY); add/edit/delete are disabled.[/]"
             )
 
         table = AIPTable(title="AIP Accounts")
@@ -129,21 +125,43 @@ class AccountsController:
 
         self.console.print(table)
 
+    def _render_rich_interactive(self, store: AccountStore, env_lock: bool) -> None:
+        """Render Rich snapshot and run linear add/edit/delete prompts."""
+        if env_lock:
+            rows = self._build_rows(store.list_accounts(), store.get_active_account(), env_lock)
+            self._render_rich(rows, env_lock)
+            return
+
+        while True:  # pragma: no cover - interactive prompt loop
+            rows = self._build_rows(store.list_accounts(), store.get_active_account(), env_lock)
+            self._render_rich(rows, env_lock)
+            action = self._prompt_action()
+            if action == "q":
+                break
+            if action == "a":
+                self._rich_add_flow(store)
+            elif action == "e":
+                self._rich_edit_flow(store)
+            elif action == "d":
+                self._rich_delete_flow(store)
+            elif action == "s":
+                self._rich_switch_flow(store, env_lock)
+            else:
+                self.console.print(f"[{WARNING_STYLE}]Invalid choice. Use a/e/d/s/q.[/]")
+
     def _render_textual(self, rows: list[dict[str, str | bool]], store: AccountStore, env_lock: bool) -> None:
         """Launch the Textual accounts browser."""
         callbacks = AccountsTUICallbacks(switch_account=lambda name: self._switch_account(store, name, env_lock))
         active = next((row["name"] for row in rows if row.get("active")), None)
         run_accounts_textual(rows, active_account=active, env_lock=env_lock, callbacks=callbacks)
-        # Exit snapshot: show active account + host after closing the TUI
+        # Exit snapshot: surface a success banner when a switch occurred inside the TUI
         active_after = store.get_active_account() or "default"
-        host_after = ""
-        account_after = store.get_account(active_after) if hasattr(store, "get_account") else None
-        if account_after:
-            host_after = account_after.get("api_url", "")
-        host_suffix = f" • {host_after}" if host_after else ""
-        self.console.print(f"[dim]Active account: {active_after}{host_suffix}[/]")
-        # Surface a success banner when a switch occurred inside the TUI
         if active_after != active:
+            host_after = ""
+            account_after = store.get_account(active_after) if hasattr(store, "get_account") else None
+            if account_after:
+                host_after = account_after.get("api_url", "")
+            host_suffix = f" • {host_after}" if host_after else ""
             self.console.print(
                 AIPPanel(
                     f"[{SUCCESS_STYLE}]Active account ➜ {active_after}[/]{host_suffix}",
@@ -215,3 +233,268 @@ class AccountsController:
             code, _, detail = reason.partition(":")
             return code.strip(), detail.strip()
         return reason.strip(), ""
+
+    def _prompt_action(self) -> str:
+        """Prompt for add/edit/delete/quit action."""
+        try:
+            choice = Prompt.ask("(a)dd / (e)dit / (d)elete / (s)witch / (q)uit", default="q")
+        except Exception:  # pragma: no cover - defensive around prompt failures
+            return "q"
+        return (choice or "").strip().lower()[:1]
+
+    def _prompt_yes_no(self, prompt: str, *, default: bool = True) -> bool:
+        """Prompt a yes/no question with a default."""
+        default_str = "Y/n" if default else "y/N"
+        try:
+            answer = Prompt.ask(f"{prompt} ({default_str})", default="y" if default else "n")
+        except Exception:  # pragma: no cover - defensive around prompt failures
+            return default
+        normalized = (answer or "").strip().lower()
+        if not normalized:
+            return default
+        return normalized in {"y", "yes"}
+
+    def _prompt_account_name(self, store: AccountStore, *, for_edit: bool) -> str | None:
+        """Prompt for an account name, validating per store rules."""
+        while True:  # pragma: no cover - interactive prompt loop
+            name = self._get_name_input(for_edit)
+            if name is None:
+                return None
+            if not name:
+                self.console.print(f"[{WARNING_STYLE}]Name is required.[/]")
+                continue
+            if not self._validate_name_format(store, name):
+                continue
+            if not self._validate_name_existence(store, name, for_edit):
+                continue
+            return name
+
+    def _get_name_input(self, for_edit: bool) -> str | None:
+        """Get account name input from user."""
+        try:
+            prompt_text = "Account name" + (" (existing)" if for_edit else "")
+            name = Prompt.ask(prompt_text)
+            return name.strip() if name else None
+        except Exception:
+            return None
+
+    def _validate_name_format(self, store: AccountStore, name: str) -> bool:
+        """Validate account name format."""
+        try:
+            store.validate_account_name(name)
+            return True
+        except Exception as exc:
+            self.console.print(f"[{ERROR_STYLE}]{exc}[/]")
+            return False
+
+    def _validate_name_existence(self, store: AccountStore, name: str, for_edit: bool) -> bool:
+        """Validate account name existence based on mode."""
+        account_exists = store.get_account(name) is not None
+        if not for_edit and account_exists:
+            self.console.print(
+                f"[{WARNING_STYLE}]Account '{name}' already exists. Use edit instead or choose a new name.[/]"
+            )
+            return False
+        if for_edit and not account_exists:
+            self.console.print(f"[{WARNING_STYLE}]Account '{name}' not found. Try again or quit.[/]")
+            return False
+        return True
+
+    def _prompt_api_url(self, existing_url: str | None = None) -> str | None:
+        """Prompt for API URL with HTTPS validation."""
+        placeholder = existing_url or "https://your-aip-instance.com"
+        while True:  # pragma: no cover - interactive prompt loop
+            try:
+                entered = Prompt.ask("API URL", default=placeholder)
+            except Exception:
+                return None
+            url = (entered or "").strip()
+            if not url and existing_url:
+                return existing_url
+            if not url:
+                self.console.print(f"[{WARNING_STYLE}]API URL is required.[/]")
+                continue
+            try:
+                return validate_url(url)
+            except Exception as exc:
+                self.console.print(f"[{ERROR_STYLE}]{exc}[/]")
+
+    def _prompt_api_key(self, existing_key: str | None = None) -> str | None:
+        """Prompt for API key (masked)."""
+        mask_hint = "leave blank to keep current" if existing_key else None
+        while True:  # pragma: no cover - interactive prompt loop
+            try:
+                entered = getpass(f"API key ({mask_hint or 'input hidden'}): ")
+            except Exception:
+                return None
+            if not entered and existing_key:
+                return existing_key
+            if not entered:
+                self.console.print(f"[{WARNING_STYLE}]API key is required.[/]")
+                continue
+            try:
+                return validate_api_key(entered)
+            except Exception as exc:
+                self.console.print(f"[{ERROR_STYLE}]{exc}[/]")
+
+    def _rich_add_flow(self, store: AccountStore) -> None:
+        """Run Rich add prompts and save."""
+        name = self._prompt_account_name(store, for_edit=False)
+        if not name:
+            return
+        api_url = self._prompt_api_url()
+        if not api_url:
+            return
+        api_key = self._prompt_api_key()
+        if not api_key:
+            return
+        should_test = self._prompt_yes_no("Test connection before save?", default=True)
+        self._save_account(store, name, api_url, api_key, should_test, True, is_edit=False)
+
+    def _rich_edit_flow(self, store: AccountStore) -> None:
+        """Run Rich edit prompts and save."""
+        name = self._prompt_account_name(store, for_edit=True)
+        if not name:
+            return
+        existing = store.get_account(name) or {}
+        api_url = self._prompt_api_url(existing.get("api_url"))
+        if not api_url:
+            return
+        api_key = self._prompt_api_key(existing.get("api_key"))
+        if not api_key:
+            return
+        should_test = self._prompt_yes_no("Test connection before save?", default=True)
+        self._save_account(store, name, api_url, api_key, should_test, False, is_edit=True)
+
+    def _rich_switch_flow(self, store: AccountStore, env_lock: bool) -> None:
+        """Run Rich switch prompt and set active account."""
+        name = self._prompt_account_name(store, for_edit=True)
+        if not name:
+            return
+        self._switch_account(store, name, env_lock)
+
+    def _save_account(
+        self,
+        store: AccountStore,
+        name: str,
+        api_url: str,
+        api_key: str,
+        should_test: bool,
+        set_active: bool,
+        *,
+        is_edit: bool,
+    ) -> None:
+        """Validate, optionally test, and persist account changes."""
+        if should_test and not self._run_connection_test_with_retry(api_url, api_key):
+            return
+
+        try:
+            store.add_account(name, api_url, api_key, overwrite=is_edit)
+        except AccountStoreError as exc:
+            self.console.print(f"[{ERROR_STYLE}]Save failed: {exc}[/]")
+            return
+        except Exception as exc:
+            self.console.print(f"[{ERROR_STYLE}]Unexpected error while saving: {exc}[/]")
+            return
+
+        self.console.print(f"[{SUCCESS_STYLE}]Account '{name}' saved.[/]")
+        if set_active:
+            try:
+                store.set_active_account(name)
+            except Exception as exc:
+                self.console.print(f"[{WARNING_STYLE}]Account saved but could not set active: {exc}[/]")
+            else:
+                self._announce_active_change(store, name)
+
+    def _confirm_delete_prompt(self, name: str) -> bool:
+        """Ask for delete confirmation; return True when confirmed."""
+        self.console.print(f"[{WARNING_STYLE}]Type '{name}' to confirm deletion. This cannot be undone.[/]")
+        while True:  # pragma: no cover - interactive prompt loop
+            confirmation = Prompt.ask("Confirm name (or blank to cancel)", default="")
+            if confirmation is None or not confirmation.strip():
+                self.console.print(f"[{WARNING_STYLE}]Deletion cancelled.[/]")
+                return False
+            if confirmation.strip() != name:
+                self.console.print(f"[{WARNING_STYLE}]Name does not match; type '{name}' to confirm.[/]")
+                continue
+            return True
+
+    def _delete_account_and_notify(self, store: AccountStore, name: str, active_before: str | None) -> None:
+        """Remove account with error handling and announce active change."""
+        try:
+            store.remove_account(name)
+        except AccountStoreError as exc:
+            self.console.print(f"[{ERROR_STYLE}]Delete failed: {exc}[/]")
+            return
+        except Exception as exc:
+            self.console.print(f"[{ERROR_STYLE}]Unexpected error while deleting: {exc}[/]")
+            return
+
+        self.console.print(f"[{SUCCESS_STYLE}]Account '{name}' deleted.[/]")
+        # Announce active account change if it changed
+        active_after = store.get_active_account()
+        if active_after is not None and active_after != active_before:
+            self._announce_active_change(store, active_after)
+        elif active_after is None and active_before == name:
+            self.console.print(f"[{WARNING_STYLE}]No account is currently active. Select an account to activate it.[/]")
+
+    def _rich_delete_flow(self, store: AccountStore) -> None:
+        """Run Rich delete prompts with name confirmation."""
+        name = self._prompt_account_name(store, for_edit=True)
+        if not name:
+            return
+
+        # Check if this is the last remaining account before prompting for confirmation
+        accounts = store.list_accounts()
+        if len(accounts) <= 1 and name in accounts:
+            self.console.print(f"[{WARNING_STYLE}]Cannot remove the last remaining account.[/]")
+            return
+
+        if not self._confirm_delete_prompt(name):
+            return
+
+        # Re-check after confirmation prompt (race condition guard)
+        accounts = store.list_accounts()
+        if len(accounts) <= 1 and name in accounts:
+            self.console.print(f"[{WARNING_STYLE}]Cannot remove the last remaining account.[/]")
+            return
+
+        active_before = store.get_active_account()
+        self._delete_account_and_notify(store, name, active_before)
+
+    def _format_connection_failure(self, code: str, detail: str, api_url: str) -> str:
+        """Build a user-facing connection failure message."""
+        detail_suffix = f": {detail}" if detail else ""
+        if code == "connection_failed":
+            return f"Connection test failed: cannot reach {api_url}{detail_suffix}"
+        if code == "api_failed":
+            return f"Connection test failed: API error{detail_suffix}"
+        return f"Connection test failed{detail_suffix}"
+
+    def _run_connection_test_with_retry(self, api_url: str, api_key: str) -> bool:
+        """Run connection test with retry/skip prompts."""
+        skip_prompt_shown = False
+        while True:
+            ok, reason = check_connection_with_reason(api_url, api_key, abort_on_error=False)
+            if ok:
+                return True
+            code, detail = self._parse_error_reason(reason)
+            message = self._format_connection_failure(code, detail, api_url)
+            self.console.print(f"[{WARNING_STYLE}]{message}[/]")
+            retry = self._prompt_yes_no("Retry connection test?", default=True)
+            if retry:
+                continue
+            if not skip_prompt_shown:
+                skip_prompt_shown = True
+                skip = self._prompt_yes_no("Skip connection test and save?", default=False)
+                if skip:
+                    return True
+            self.console.print(f"[{WARNING_STYLE}]Cancelled save after failed connection test.[/]")
+            return False
+
+    def _announce_active_change(self, store: AccountStore, name: str) -> None:
+        """Print active account change announcement."""
+        account = store.get_account(name) or {}
+        host = account.get("api_url", "")
+        host_suffix = f" • {host}" if host else ""
+        self.console.print(f"[{SUCCESS_STYLE}]Active account ➜ {name}{host_suffix}[/]")

glaip_sdk/cli/slash/accounts_shared.py

@@ -6,14 +6,70 @@ Authors:
 
 from __future__ import annotations
 
+import os
 from typing import Any
 
+from glaip_sdk.cli.masking import mask_api_key_display
+
 
 def build_account_status_string(row: dict[str, Any], *, use_markup: bool = False) -> str:
-    """Build status string for an account row (active/env-lock)."""
+    """Build status string for an account row (active/env-lock).
+
+    When `use_markup` is True, returns Rich markup strings for Textual/Rich rendering;
+    when False, returns plain text for console output.
+
+    Example:
+        build_account_status_string({"active": True, "env_lock": True}, use_markup=True)
+        returns "[bold green]● active[/] · [yellow]🔒 env-lock[/]"
+        use_markup=False returns "● active · 🔒 env-lock"
+    """
     status_parts: list[str] = []
     if row.get("active"):
         status_parts.append("[bold green]● active[/]" if use_markup else "● active")
     if row.get("env_lock"):
         status_parts.append("[yellow]🔒 env-lock[/]" if use_markup else "🔒 env-lock")
     return " · ".join(status_parts)
+
+
+def env_credentials_present(*, partial: bool = False) -> bool:
+    """Return True when env credentials are present.
+
+    Args:
+        partial: When True, treat either AIP_API_URL or AIP_API_KEY as present
+            (used by UIs that should lock on any env override). When False,
+            require both to be non-empty (used for context display).
+    """
+    api_url = (os.getenv("AIP_API_URL") or "").strip()
+    api_key = (os.getenv("AIP_API_KEY") or "").strip()
+    if partial:
+        return bool(api_url or api_key)
+    return bool(api_url and api_key)
+
+
+def build_account_rows(
+    accounts: dict[str, dict[str, str]],
+    active_account: str | None,
+    env_lock: bool,
+) -> list[dict[str, str | bool]]:
+    """Build account rows for display from accounts dict.
+
+    Args:
+        accounts: Dictionary mapping account names to account data.
+        active_account: Name of the currently active account.
+        env_lock: Whether environment credentials are locking account switching.
+
+    Returns:
+        List of account row dictionaries with name, api_url, masked_key, active, and env_lock.
+    """
+    rows: list[dict[str, str | bool]] = []
+    for name, account in sorted(accounts.items()):
+        rows.append(
+            {
+                "name": name,
+                "api_url": account.get("api_url", ""),
+                "masked_key": mask_api_key_display(account.get("api_key", "")),
+                "active": name == active_account,
+                "env_lock": env_lock,
+            }
+        )
+    return rows