PyPI - hap-cli - Versions diffs - 0.5.0__tar.gz → 0.5.1__tar.gz - Mend

hap-cli 0.5.0tar.gz → 0.5.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

{hap_cli-0.5.0 → hap_cli-0.5.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: hap-cli
-Version: 0.5.0
+Version: 0.5.1
 Summary: CLI harness for MingDAO HAP - Enterprise no-code platform
 Author: hap-cli
 License: Apache-2.0
@@ -34,7 +34,7 @@ CLI harness for **MingDAO HAP** (明道云) - an enterprise no-code platform (ha
 ## Installation
 ```bash
-pip install -e .
+pip install hap-cli
 ```
 ## Quick Start
@@ -60,9 +60,7 @@ Opens your browser to the MingDAO login page. Token is saved automatically after
 ```bash
 hap config set \
   --server https://your-mingdao-server.com \
-  --token YOUR_MD_PSS_ID_TOKEN \
-  --app-id YOUR_DEFAULT_APP_ID \
-  --project-id YOUR_PROJECT_ID
+  --token YOUR_MD_PSS_ID_TOKEN
 ```
 **Other auth commands**
@@ -72,19 +70,27 @@ hap config whoami    # Show current user info
 hap config logout    # Clear saved token
 ```
-### 2. List worksheets
+### 2. Find your org and app IDs
 ```bash
-hap app worksheets
+hap config orgs                          # list orgs → get Project ID
+hap app list --project-id PROJECT_ID     # list apps → get App ID
+hap app list-managed --project-id PROJECT_ID  # apps where you are manager
 ```
-### 3. Query records
+### 3. List worksheets
+```bash
+hap app worksheets APP_ID
+```
+### 4. Query records
 ```bash
 hap record list WORKSHEET_ID --page-size 10
 ```
-### 4. JSON output (for automation)
+### 5. JSON output (for automation)
 ```bash
 hap --json record list WORKSHEET_ID
@@ -194,8 +200,10 @@ pip install hap-cli[crypto]
 ## More Examples
 ```bash
-# List apps
+# List orgs, then apps
+hap config orgs
 hap app list --project-id PROJECT_ID
+hap app list-managed --project-id PROJECT_ID
 # Get worksheet fields
 hap worksheet fields WORKSHEET_ID

{hap_cli-0.5.0 → hap_cli-0.5.1}/hap_cli/README.md RENAMED Viewed

@@ -5,7 +5,7 @@ CLI harness for **MingDAO HAP** (明道云) - an enterprise no-code platform (ha
 ## Installation
 ```bash
-pip install -e .
+pip install hap-cli
 ```
 ## Quick Start
@@ -31,9 +31,7 @@ Opens your browser to the MingDAO login page. Token is saved automatically after
 ```bash
 hap config set \
   --server https://your-mingdao-server.com \
-  --token YOUR_MD_PSS_ID_TOKEN \
-  --app-id YOUR_DEFAULT_APP_ID \
-  --project-id YOUR_PROJECT_ID
+  --token YOUR_MD_PSS_ID_TOKEN
 ```
 **Other auth commands**
@@ -43,19 +41,27 @@ hap config whoami    # Show current user info
 hap config logout    # Clear saved token
 ```
-### 2. List worksheets
+### 2. Find your org and app IDs
 ```bash
-hap app worksheets
+hap config orgs                          # list orgs → get Project ID
+hap app list --project-id PROJECT_ID     # list apps → get App ID
+hap app list-managed --project-id PROJECT_ID  # apps where you are manager
 ```
-### 3. Query records
+### 3. List worksheets
+```bash
+hap app worksheets APP_ID
+```
+### 4. Query records
 ```bash
 hap record list WORKSHEET_ID --page-size 10
 ```
-### 4. JSON output (for automation)
+### 5. JSON output (for automation)
 ```bash
 hap --json record list WORKSHEET_ID
@@ -165,8 +171,10 @@ pip install hap-cli[crypto]
 ## More Examples
 ```bash
-# List apps
+# List orgs, then apps
+hap config orgs
 hap app list --project-id PROJECT_ID
+hap app list-managed --project-id PROJECT_ID
 # Get worksheet fields
 hap worksheet fields WORKSHEET_ID

{hap_cli-0.5.0 → hap_cli-0.5.1}/hap_cli/README_CN.md RENAMED Viewed

@@ -7,7 +7,7 @@
 ## 安装
 ```bash
-pip install -e .
+pip install hap-cli
 ```
 ## 快速开始
@@ -33,9 +33,7 @@ hap config login https://hap.example.com   # 私有部署
 ```bash
 hap config set \
   --server https://你的明道云服务器地址 \
-  --token 你的_MD_PSS_ID_令牌 \
-  --app-id 默认应用ID \
-  --project-id 组织ID
+  --token 你的_MD_PSS_ID_令牌
 ```
 > `md_pss_id` 令牌可从浏览器登录明道云后的 Cookie 中获取。
@@ -52,19 +50,27 @@ hap config whoami
 hap config logout
 ```
-### 2. 查看工作表列表
+### 2. 获取组织和应用 ID
 ```bash
-hap app worksheets
+hap config orgs                               # 查看组织列表 → 获取 Project ID
+hap app list --project-id 组织ID              # 查看应用列表 → 获取 App ID
+hap app list-managed --project-id 组织ID      # 查看你作为管理员的应用
 ```
-### 3. 查询数据记录
+### 3. 查看工作表列表
+```bash
+hap app worksheets 应用ID
+```
+### 4. 查询数据记录
 ```bash
 hap record list 工作表ID --page-size 10
 ```
-### 4. JSON 输出（用于自动化）
+### 5. JSON 输出（用于自动化）
 ```bash
 hap --json record list 工作表ID
@@ -422,11 +428,14 @@ hap record delete 工作表ID 记录ID1 记录ID2 --yes
 ## 应用与工作表
 ```bash
+# 查看组织列表
+hap config orgs
 # 列出组织下的应用
 hap app list --project-id 组织ID
-# 搜索应用
-hap app list --project-id 组织ID --keyword "人事"
+# 查看你作为管理员的应用
+hap app list-managed --project-id 组织ID
 # 查看应用详情
 hap app info 应用ID

{hap_cli-0.5.0 → hap_cli-0.5.1}/hap_cli/commands/config_cmd.py RENAMED Viewed

@@ -23,14 +23,10 @@ def config():
 @config.command("set")
 @click.option("--server", "-s", required=True, help="MingDAO server URL")
 @click.option("--token", "-t", required=True, help="Authentication token (md_pss_id)")
-@click.option("--app-id", "-a", default="", help="Default application ID")
-@click.option("--project-id", "-p", default="", help="Default project/org ID")
 @pass_context
-def config_set(ctx, server, token, app_id, project_id):
+def config_set(ctx, server, token):
     """Set server URL and authentication token."""
     session = Session(server_url=server, auth_token=token)
-    session.default_app_id = app_id
-    session.default_project_id = project_id
     session.save()
     ctx.output(
         {"status": "ok", "server": server},
@@ -46,8 +42,6 @@ def config_show(ctx):
     data = {
         "server_url": session.server_url,
         "auth_token": session.auth_token[:8] + "..." if session.auth_token else "",
-        "default_app_id": session.default_app_id,
-        "default_project_id": session.default_project_id,
         "configured": session.is_configured(),
     }
     ctx.output(
@@ -55,8 +49,6 @@ def config_show(ctx):
         lambda d: output_kv(d, labels={
             "server_url": "Server URL",
             "auth_token": "Auth Token",
-            "default_app_id": "Default App ID",
-            "default_project_id": "Default Project ID",
             "configured": "Configured",
         }),
     )

hap_cli-0.5.1/hap_cli/core/auth.py ADDED Viewed

@@ -0,0 +1,534 @@
+"""Browser-based authentication flow for MingDAO HAP.
+Implements a local callback server pattern:
+1. Start local HTTP server on a free port
+2. Open browser to HAP login page with callback URL
+3. Capture token from redirect, save to config
+"""
+import base64
+import json
+import socket
+import threading
+import webbrowser
+from http.server import HTTPServer, BaseHTTPRequestHandler
+from typing import Optional
+from urllib.parse import urlparse, parse_qs
+import requests
+from hap_cli.core.session import _main_api_base_for_url
+# Known server presets: name -> (api_base, webui_url)
+# api_base is kept for backward compatibility with resolve_server callers.
+SERVER_PRESETS = {
+    "mingdao": ("https://www.mingdao.com/api", "https://www.mingdao.com"),
+    "nocoly": ("https://www.nocoly.com/wwwapi", "https://www.nocoly.com"),
+}
+def resolve_server(server: str) -> tuple[str, str]:
+    """Resolve server name or URL to (api_host, webui_url).
+    Args:
+        server: Preset name ('mingdao', 'nocoly') or self-hosted URL.
+    Returns:
+        Tuple of (api_host, webui_url).
+    """
+    key = server.lower().strip()
+    if key in SERVER_PRESETS:
+        return SERVER_PRESETS[key]
+    # Self-hosted: URL is both webui base and API base
+    base = server.rstrip("/")
+    return (f"{base}/wwwapi", base)
+def get_available_port(start: int = 5100) -> int:
+    """Find an available TCP port starting from `start`."""
+    for port in range(start, start + 100):
+        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+            try:
+                s.bind(("127.0.0.1", port))
+                return port
+            except OSError:
+                continue
+    raise RuntimeError("No available port found in range 5100-5199")
+def build_auth_url(webui: str, port: int) -> str:
+    """Build the browser auth URL with base64-encoded callback info."""
+    callback_info = json.dumps({"url": f"http://localhost:{port}"})
+    encoded = base64.b64encode(callback_info.encode()).decode()
+    return f"{webui}/cliauth?p={encoded}"
+def _decrypt_response(encrypted_value: str, decrypt_key: str) -> dict:
+    """Decrypt AES-CBC encrypted API response (private deployments).
+    Requires pycryptodome: pip install pycryptodome
+    """
+    try:
+        from Crypto.Cipher import AES
+    except ImportError:
+        raise ImportError(
+            "pycryptodome is required for encrypted responses. "
+            "Install it with: pip install pycryptodome"
+        )
+    IV = b"MIGfMA0GCSqGSIb3"  # Fixed 16-byte IV
+    key_bytes = decrypt_key.encode("utf-8")
+    key_len = len(key_bytes)
+    required_len = 16 if key_len <= 16 else (24 if key_len <= 24 else 32)
+    padded_key = key_bytes[:required_len].ljust(required_len, b"\x00")
+    cipher = AES.new(padded_key, AES.MODE_CBC, IV)
+    ct = base64.b64decode(encrypted_value)
+    decrypted = cipher.decrypt(ct)
+    pad_len = decrypted[-1]
+    raw = decrypted[:-pad_len].decode("utf-8").replace("\t", "\\t")
+    return json.loads(raw)
+def get_user_info(host: str, token: str) -> dict:
+    """Verify token and get user info via GetGlobalMeta API.
+    Args:
+        host: Login URL or API base URL (e.g. 'https://www.mingdao.com' or
+              'https://www.mingdao.com/api'). Host type is auto-detected.
+        token: Auth token.
+    Returns:
+        Dict with keys: id, name, email, avatar, lang.
+    Raises:
+        requests.HTTPError: If API call fails.
+        ValueError: If response is invalid or token is rejected.
+    """
+    url = _main_api_base_for_url(host) + "/Global/GetGlobalMeta"
+    resp = requests.post(
+        url,
+        json={},
+        headers={
+            "Content-Type": "application/json",
+            "Authorization": f"md_pss_id {token}",
+        },
+        timeout=15,
+    )
+    resp.raise_for_status()
+    raw = resp.json()
+    if raw.get("state") == 0:
+        raise ValueError(raw.get("exception", "Token verification failed"))
+    # Handle encrypted responses (private deployments)
+    if raw.get("encrypted") and raw.get("key"):
+        data = _decrypt_response(raw["data"], raw["key"])
+    else:
+        data = raw
+    account = data.get("data", {}).get("md.global", {}).get("Account", {})
+    if not account:
+        raise ValueError("Unable to extract account info from response")
+    return {
+        "id": account.get("accountId", ""),
+        "name": account.get("fullname", ""),
+        "email": account.get("email", ""),
+        "avatar": account.get("avatar", ""),
+        "lang": account.get("lang", ""),
+    }
+def _success_html(token: str) -> str:
+    """Return the local success page served in the browser after login."""
+    return f"""<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>hap-cli · Authenticated</title>
+  <style>
+    *, *::before, *::after {{ box-sizing: border-box; margin: 0; padding: 0; }}
+    :root {{
+      --blue:        #2196f3;
+      --blue-light:  #e3f2fd;
+      --blue-mid:    #bbdefb;
+      --green:       #43a047;
+      --green-light: #e8f5e9;
+      --text:        #1a1a1a;
+      --muted:       #6b7280;
+      --border:      #e5e7eb;
+      --bg:          #ffffff;
+      --surface:     #f9fafb;
+    }}
+    body {{
+      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", system-ui, sans-serif;
+      background: var(--bg);
+      color: var(--text);
+      min-height: 100vh;
+      display: flex;
+      flex-direction: column;
+      align-items: center;
+      justify-content: center;
+      padding: 32px 24px;
+    }}
+    .card {{
+      width: 100%;
+      max-width: 480px;
+      animation: rise .4s cubic-bezier(.22,1,.36,1) both;
+    }}
+    @keyframes rise {{
+      from {{ opacity: 0; transform: translateY(14px); }}
+      to   {{ opacity: 1; transform: translateY(0); }}
+    }}
+    /* ── Primary section ── */
+    .primary {{
+      text-align: center;
+      padding: 48px 40px 40px;
+      background: var(--bg);
+      border: 1px solid var(--border);
+      border-radius: 16px 16px 0 0;
+      border-bottom: none;
+    }}
+    .circle {{
+      width: 72px; height: 72px;
+      background: var(--green-light);
+      border-radius: 50%;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      margin: 0 auto 24px;
+      animation: pop .5s .15s cubic-bezier(.34,1.56,.64,1) both;
+    }}
+    @keyframes pop {{
+      from {{ opacity: 0; transform: scale(.4); }}
+      to   {{ opacity: 1; transform: scale(1); }}
+    }}
+    .circle svg {{ width: 32px; height: 32px; }}
+    h1 {{
+      font-size: 22px;
+      font-weight: 700;
+      letter-spacing: -.02em;
+      color: var(--text);
+      margin-bottom: 10px;
+    }}
+    .subtitle {{
+      font-size: 15px;
+      color: var(--muted);
+      line-height: 1.55;
+    }}
+    .close-hint {{
+      display: inline-flex;
+      align-items: center;
+      gap: 6px;
+      margin-top: 24px;
+      background: var(--blue-light);
+      color: var(--blue);
+      font-size: 13px;
+      font-weight: 500;
+      padding: 8px 16px;
+      border-radius: 20px;
+    }}
+    .close-hint svg {{ width: 14px; height: 14px; }}
+    /* ── Secondary section ── */
+    .secondary {{
+      background: var(--surface);
+      border: 1px solid var(--border);
+      border-radius: 0 0 16px 16px;
+      overflow: hidden;
+    }}
+    .toggle {{
+      width: 100%;
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      padding: 14px 20px;
+      background: none;
+      border: none;
+      cursor: pointer;
+      font-size: 12.5px;
+      font-weight: 500;
+      color: var(--muted);
+      text-align: left;
+      transition: color .15s;
+    }}
+    .toggle:hover {{ color: var(--text); }}
+    .toggle-icon {{
+      width: 16px; height: 16px;
+      flex-shrink: 0;
+      transition: transform .2s;
+    }}
+    .toggle[aria-expanded="true"] .toggle-icon {{ transform: rotate(180deg); }}
+    .collapsible {{
+      display: none;
+      padding: 0 20px 20px;
+      border-top: 1px solid var(--border);
+    }}
+    .collapsible.open {{ display: block; }}
+    .hint {{
+      font-size: 12.5px;
+      color: var(--muted);
+      line-height: 1.6;
+      margin-bottom: 12px;
+      padding-top: 14px;
+    }}
+    .hint code {{
+      font-family: "SFMono-Regular", "Consolas", "Liberation Mono", monospace;
+      font-size: 11px;
+      background: var(--blue-light);
+      color: var(--blue);
+      padding: 1px 5px;
+      border-radius: 4px;
+    }}
+    .token-wrap {{
+      position: relative;
+    }}
+    .token {{
+      display: block;
+      width: 100%;
+      background: var(--bg);
+      border: 1px solid var(--border);
+      border-radius: 8px;
+      padding: 11px 44px 11px 13px;
+      font-family: "SFMono-Regular", "Consolas", "Liberation Mono", monospace;
+      font-size: 11px;
+      line-height: 1.7;
+      color: #1565c0;
+      word-break: break-all;
+      user-select: all;
+      cursor: text;
+      transition: border-color .15s, box-shadow .15s;
+    }}
+    .token:focus {{
+      outline: none;
+      border-color: var(--blue);
+      box-shadow: 0 0 0 3px rgba(33,150,243,.12);
+    }}
+    .copy-btn {{
+      position: absolute;
+      top: 8px; right: 8px;
+      width: 28px; height: 28px;
+      background: var(--surface);
+      border: 1px solid var(--border);
+      border-radius: 6px;
+      cursor: pointer;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      color: var(--muted);
+      transition: background .15s, color .15s, border-color .15s, transform .1s;
+    }}
+    .copy-btn:hover {{
+      background: var(--blue-light);
+      border-color: var(--blue-mid);
+      color: var(--blue);
+    }}
+    .copy-btn:active {{ transform: scale(.9); }}
+    .copy-btn svg {{ width: 13px; height: 13px; pointer-events: none; }}
+    .copy-btn.copied {{
+      background: var(--green-light);
+      border-color: #a5d6a7;
+      color: var(--green);
+    }}
+    /* ── Branding ── */
+    .brand {{
+      margin-top: 28px;
+      font-size: 11.5px;
+      color: #d1d5db;
+      text-align: center;
+      letter-spacing: .01em;
+    }}
+  </style>
+</head>
+<body>
+  <div class="card">
+    <div class="primary">
+      <div class="circle">
+        <svg viewBox="0 0 24 24" fill="none" stroke="#43a047" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round">
+          <polyline points="20 6 9 17 4 12"/>
+        </svg>
+      </div>
+      <h1>Authorization successful</h1>
+      <p class="subtitle">hap-cli has been granted access.<br>You can close this tab and return to the terminal.</p>
+      <span class="close-hint">
+        <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+          <path d="M18 6L6 18M6 6l12 12"/>
+        </svg>
+        Safe to close this tab
+      </span>
+    </div>
+    <div class="secondary">
+      <button class="toggle" onclick="toggleManual(this)" aria-expanded="false">
+        Not seeing success in the terminal? Manual setup
+        <svg class="toggle-icon" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+          <polyline points="6 9 12 15 18 9"/>
+        </svg>
+      </button>
+      <div class="collapsible" id="manual">
+        <p class="hint">
+          Copy the token below and paste it into <code>~/.hap-cli/config.json</code>
+          as the value for <code>"auth_token"</code>.
+        </p>
+        <div class="token-wrap">
+          <div class="token" id="token" tabindex="0">{token}</div>
+          <button class="copy-btn" id="copyBtn" title="Copy token" onclick="copyToken()">
+            <svg id="iconCopy" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
+              <rect x="9" y="9" width="13" height="13" rx="2"/>
+              <path d="M5 15H4a2 2 0 01-2-2V4a2 2 0 012-2h9a2 2 0 012 2v1"/>
+            </svg>
+            <svg id="iconCheck" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round" style="display:none">
+              <polyline points="20 6 9 17 4 12"/>
+            </svg>
+          </button>
+        </div>
+      </div>
+    </div>
+  </div>
+  <div class="brand">hap-cli</div>
+  <script>
+    function toggleManual(btn) {{
+      var panel = document.getElementById('manual');
+      var open  = panel.classList.toggle('open');
+      btn.setAttribute('aria-expanded', open);
+    }}
+    function copyToken() {{
+      var text = document.getElementById('token').innerText;
+      var btn  = document.getElementById('copyBtn');
+      var ic   = document.getElementById('iconCopy');
+      var ick  = document.getElementById('iconCheck');
+      navigator.clipboard.writeText(text).then(function() {{
+        btn.classList.add('copied');
+        ic.style.display  = 'none';
+        ick.style.display = '';
+        setTimeout(function() {{
+          btn.classList.remove('copied');
+          ic.style.display  = '';
+          ick.style.display = 'none';
+        }}, 2000);
+      }}).catch(function() {{
+        var r = document.createRange();
+        r.selectNode(document.getElementById('token'));
+        window.getSelection().removeAllRanges();
+        window.getSelection().addRange(r);
+      }});
+    }}
+  </script>
+</body>
+</html>"""
+def login(server: str, timeout: int = 300) -> tuple[str, str, dict]:
+    """Run the full browser-based login flow.
+    Args:
+        server: Preset name ('mingdao', 'nocoly') or self-hosted URL.
+        timeout: Max seconds to wait for user to complete login.
+    Returns:
+        Tuple of (token, api_host, user_info).
+    Raises:
+        TimeoutError: If user does not complete login in time.
+    """
+    api_host, webui = resolve_server(server)
+    port = get_available_port()
+    received = threading.Event()
+    result: dict = {}
+    server_ref: dict = {}
+    class AuthCallbackHandler(BaseHTTPRequestHandler):
+        def do_OPTIONS(self):
+            self.send_response(204)
+            self.send_header("Access-Control-Allow-Origin", "*")
+            self.send_header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+            self.send_header("Access-Control-Allow-Headers", "Content-Type")
+            self.end_headers()
+        def do_GET(self):
+            parsed = urlparse(self.path)
+            params = parse_qs(parsed.query)
+            encoded_token = params.get("t", [None])[0]
+            if not encoded_token:
+                self.send_response(400)
+                self.end_headers()
+                self.wfile.write(b"No token provided")
+                return
+            token = base64.b64decode(encoded_token).decode("utf-8")
+            result["token"] = token
+            body = _success_html(token).encode("utf-8")
+            self.send_response(200)
+            self.send_header("Content-Type", "text/html; charset=utf-8")
+            self.send_header("Content-Length", str(len(body)))
+            self.send_header("Access-Control-Allow-Origin", "*")
+            self.end_headers()
+            self.wfile.write(body)
+            # Shut down server after responding
+            threading.Timer(
+                0.5,
+                lambda: (server_ref["srv"].shutdown(), received.set()),
+            ).start()
+        def log_message(self, format, *args):
+            pass  # Suppress HTTP server logs
+    srv = HTTPServer(("127.0.0.1", port), AuthCallbackHandler)
+    server_ref["srv"] = srv
+    thread = threading.Thread(target=srv.serve_forever, daemon=True)
+    thread.start()
+    auth_url = build_auth_url(webui, port)
+    webbrowser.open(auth_url)
+    received.wait(timeout=timeout)
+    token = result.get("token")
+    if not token:
+        raise TimeoutError("Login timed out — no token received")
+    # Verify token and get user info
+    user_info = get_user_info(webui, token)
+    # Return the login URL (webui), not the API base, so callers store
+    # the canonical login URL in session config.
+    return token, webui, user_info

{hap_cli-0.5.0 → hap_cli-0.5.1}/hap_cli/core/session.py RENAMED Viewed

@@ -48,8 +48,6 @@ NOCOLY_HOSTS = {"www.nocoly.com"}
 DEFAULT_CONFIG = {
     "login_url": "",
     "auth_token": "",
-    "default_app_id": "",
-    "default_project_id": "",
 }
@@ -301,8 +299,6 @@ class Session:
             server_url=login_url,
             auth_token=config.get("auth_token", ""),
         )
-        session.default_app_id = config.get("default_app_id", "")
-        session.default_project_id = config.get("default_project_id", "")
         return session
     def save(self) -> None:
@@ -311,8 +307,6 @@ class Session:
             {
                 "login_url": self._login_url,
                 "auth_token": self.auth_token,
-                "default_app_id": self.default_app_id,
-                "default_project_id": self.default_project_id,
             }
         )

{hap_cli-0.5.0 → hap_cli-0.5.1}/hap_cli.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: hap-cli
-Version: 0.5.0
+Version: 0.5.1
 Summary: CLI harness for MingDAO HAP - Enterprise no-code platform
 Author: hap-cli
 License: Apache-2.0
@@ -34,7 +34,7 @@ CLI harness for **MingDAO HAP** (明道云) - an enterprise no-code platform (ha
 ## Installation
 ```bash
-pip install -e .
+pip install hap-cli
 ```
 ## Quick Start
@@ -60,9 +60,7 @@ Opens your browser to the MingDAO login page. Token is saved automatically after
 ```bash
 hap config set \
   --server https://your-mingdao-server.com \
-  --token YOUR_MD_PSS_ID_TOKEN \
-  --app-id YOUR_DEFAULT_APP_ID \
-  --project-id YOUR_PROJECT_ID
+  --token YOUR_MD_PSS_ID_TOKEN
 ```
 **Other auth commands**
@@ -72,19 +70,27 @@ hap config whoami    # Show current user info
 hap config logout    # Clear saved token
 ```
-### 2. List worksheets
+### 2. Find your org and app IDs
 ```bash
-hap app worksheets
+hap config orgs                          # list orgs → get Project ID
+hap app list --project-id PROJECT_ID     # list apps → get App ID
+hap app list-managed --project-id PROJECT_ID  # apps where you are manager
 ```
-### 3. Query records
+### 3. List worksheets
+```bash
+hap app worksheets APP_ID
+```
+### 4. Query records
 ```bash
 hap record list WORKSHEET_ID --page-size 10
 ```
-### 4. JSON output (for automation)
+### 5. JSON output (for automation)
 ```bash
 hap --json record list WORKSHEET_ID
@@ -194,8 +200,10 @@ pip install hap-cli[crypto]
 ## More Examples
 ```bash
-# List apps
+# List orgs, then apps
+hap config orgs
 hap app list --project-id PROJECT_ID
+hap app list-managed --project-id PROJECT_ID
 # Get worksheet fields
 hap worksheet fields WORKSHEET_ID

{hap_cli-0.5.0 → hap_cli-0.5.1}/setup.py RENAMED Viewed

@@ -4,7 +4,7 @@ from setuptools import setup, find_packages
 setup(
     name="hap-cli",
-    version="0.5.0",
+    version="0.5.1",
     description="CLI harness for MingDAO HAP - Enterprise no-code platform",
     long_description=open("hap_cli/README.md").read(),
     long_description_content_type="text/markdown",

hap_cli-0.5.0/hap_cli/core/auth.py DELETED Viewed

@@ -1,219 +0,0 @@
-"""Browser-based authentication flow for MingDAO HAP.
-Implements a local callback server pattern:
-1. Start local HTTP server on a free port
-2. Open browser to HAP login page with callback URL
-3. Capture token from redirect, save to config
-"""
-import base64
-import json
-import socket
-import threading
-import webbrowser
-from http.server import HTTPServer, BaseHTTPRequestHandler
-from typing import Optional
-from urllib.parse import urlparse, parse_qs
-import requests
-from hap_cli.core.session import _main_api_base_for_url
-# Known server presets: name -> (api_base, webui_url)
-# api_base is kept for backward compatibility with resolve_server callers.
-SERVER_PRESETS = {
-    "mingdao": ("https://www.mingdao.com/api", "https://www.mingdao.com"),
-    "nocoly": ("https://www.nocoly.com/wwwapi", "https://www.nocoly.com"),
-}
-def resolve_server(server: str) -> tuple[str, str]:
-    """Resolve server name or URL to (api_host, webui_url).
-    Args:
-        server: Preset name ('mingdao', 'nocoly') or self-hosted URL.
-    Returns:
-        Tuple of (api_host, webui_url).
-    """
-    key = server.lower().strip()
-    if key in SERVER_PRESETS:
-        return SERVER_PRESETS[key]
-    # Self-hosted: URL is both webui base and API base
-    base = server.rstrip("/")
-    return (f"{base}/wwwapi", base)
-def get_available_port(start: int = 5100) -> int:
-    """Find an available TCP port starting from `start`."""
-    for port in range(start, start + 100):
-        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
-            try:
-                s.bind(("127.0.0.1", port))
-                return port
-            except OSError:
-                continue
-    raise RuntimeError("No available port found in range 5100-5199")
-def build_auth_url(webui: str, port: int) -> str:
-    """Build the browser auth URL with base64-encoded callback info."""
-    callback_info = json.dumps({"url": f"http://localhost:{port}"})
-    encoded = base64.b64encode(callback_info.encode()).decode()
-    return f"{webui}/cliauth?p={encoded}"
-def _decrypt_response(encrypted_value: str, decrypt_key: str) -> dict:
-    """Decrypt AES-CBC encrypted API response (private deployments).
-    Requires pycryptodome: pip install pycryptodome
-    """
-    try:
-        from Crypto.Cipher import AES
-    except ImportError:
-        raise ImportError(
-            "pycryptodome is required for encrypted responses. "
-            "Install it with: pip install pycryptodome"
-        )
-    IV = b"MIGfMA0GCSqGSIb3"  # Fixed 16-byte IV
-    key_bytes = decrypt_key.encode("utf-8")
-    key_len = len(key_bytes)
-    required_len = 16 if key_len <= 16 else (24 if key_len <= 24 else 32)
-    padded_key = key_bytes[:required_len].ljust(required_len, b"\x00")
-    cipher = AES.new(padded_key, AES.MODE_CBC, IV)
-    ct = base64.b64decode(encrypted_value)
-    decrypted = cipher.decrypt(ct)
-    pad_len = decrypted[-1]
-    raw = decrypted[:-pad_len].decode("utf-8").replace("\t", "\\t")
-    return json.loads(raw)
-def get_user_info(host: str, token: str) -> dict:
-    """Verify token and get user info via GetGlobalMeta API.
-    Args:
-        host: Login URL or API base URL (e.g. 'https://www.mingdao.com' or
-              'https://www.mingdao.com/api'). Host type is auto-detected.
-        token: Auth token.
-    Returns:
-        Dict with keys: id, name, email, avatar, lang.
-    Raises:
-        requests.HTTPError: If API call fails.
-        ValueError: If response is invalid or token is rejected.
-    """
-    url = _main_api_base_for_url(host) + "/Global/GetGlobalMeta"
-    resp = requests.post(
-        url,
-        json={},
-        headers={
-            "Content-Type": "application/json",
-            "Authorization": f"md_pss_id {token}",
-        },
-        timeout=15,
-    )
-    resp.raise_for_status()
-    raw = resp.json()
-    if raw.get("state") == 0:
-        raise ValueError(raw.get("exception", "Token verification failed"))
-    # Handle encrypted responses (private deployments)
-    if raw.get("encrypted") and raw.get("key"):
-        data = _decrypt_response(raw["data"], raw["key"])
-    else:
-        data = raw
-    account = data.get("data", {}).get("md.global", {}).get("Account", {})
-    if not account:
-        raise ValueError("Unable to extract account info from response")
-    return {
-        "id": account.get("accountId", ""),
-        "name": account.get("fullname", ""),
-        "email": account.get("email", ""),
-        "avatar": account.get("avatar", ""),
-        "lang": account.get("lang", ""),
-    }
-def login(server: str, timeout: int = 300) -> tuple[str, str, dict]:
-    """Run the full browser-based login flow.
-    Args:
-        server: Preset name ('mingdao', 'nocoly') or self-hosted URL.
-        timeout: Max seconds to wait for user to complete login.
-    Returns:
-        Tuple of (token, api_host, user_info).
-    Raises:
-        TimeoutError: If user does not complete login in time.
-    """
-    api_host, webui = resolve_server(server)
-    port = get_available_port()
-    received = threading.Event()
-    result: dict = {}
-    server_ref: dict = {}
-    class AuthCallbackHandler(BaseHTTPRequestHandler):
-        def do_OPTIONS(self):
-            self.send_response(204)
-            self.send_header("Access-Control-Allow-Origin", "*")
-            self.send_header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
-            self.send_header("Access-Control-Allow-Headers", "Content-Type")
-            self.end_headers()
-        def do_GET(self):
-            self.send_header("Access-Control-Allow-Origin", "*")
-            parsed = urlparse(self.path)
-            params = parse_qs(parsed.query)
-            encoded_token = params.get("t", [None])[0]
-            if not encoded_token:
-                self.send_response(400)
-                self.end_headers()
-                self.wfile.write(b"No token provided")
-                return
-            token = base64.b64decode(encoded_token).decode("utf-8")
-            result["token"] = token
-            # Redirect browser to success page
-            self.send_response(302)
-            self.send_header("Location", f"{webui}/cliauth/success")
-            self.end_headers()
-            # Shut down server after responding
-            threading.Timer(
-                0.1,
-                lambda: (server_ref["srv"].shutdown(), received.set()),
-            ).start()
-        def log_message(self, format, *args):
-            pass  # Suppress HTTP server logs
-    srv = HTTPServer(("127.0.0.1", port), AuthCallbackHandler)
-    server_ref["srv"] = srv
-    thread = threading.Thread(target=srv.serve_forever, daemon=True)
-    thread.start()
-    auth_url = build_auth_url(webui, port)
-    webbrowser.open(auth_url)
-    received.wait(timeout=timeout)
-    token = result.get("token")
-    if not token:
-        raise TimeoutError("Login timed out — no token received")
-    # Verify token and get user info
-    user_info = get_user_info(webui, token)
-    # Return the login URL (webui), not the API base, so callers store
-    # the canonical login URL in session config.
-    return token, webui, user_info