hevn-cli 0.1.0__py3-none-any.whl

hevn_cli/commands/account.py

@@ -0,0 +1,451 @@
+from __future__ import annotations
+
+import os
+from typing import Any
+
+import typer
+from rich import box
+from rich.panel import Panel
+from rich.table import Table
+
+from hevn_cli.api import AppApi, McpApi
+from hevn_cli.client import HevnError
+from hevn_cli.config import get_config_value, remove_config_keys
+from hevn_cli.env import site_url
+from hevn_cli.output import OutputOptions, emit
+from hevn_cli.render import console, money
+
+app = typer.Typer(help="Manage the active HEVN account", no_args_is_help=True)
+
+
+def _display_name(account: dict[str, Any]) -> str:
+    if account.get("entityName"):
+        return str(account["entityName"])
+    parts = [account.get("firstName"), account.get("middleName"), account.get("lastName")]
+    name = " ".join(str(part) for part in parts if part)
+    return name or str(account.get("email") or "-")
+
+
+def _account_summary(account: dict[str, Any]) -> dict[str, Any]:
+    rails = account.get("fiatRails") or []
+    return {
+        "id": account.get("id"),
+        "email": account.get("email"),
+        "name": _display_name(account),
+        "isBusiness": account.get("isBusiness"),
+        "plan": account.get("plan"),
+        "country": account.get("country"),
+        "jurisdiction": account.get("jurisdiction"),
+        "phone": account.get("phone"),
+        "pushNotificationAllowed": account.get("pushNotificationAllowed"),
+        "fiatRails": [
+            {
+                "provider": rail.get("provider"),
+                "rail": rail.get("rail"),
+                "kycStatus": rail.get("kycStatus"),
+                "isKycApproved": rail.get("isKycApproved"),
+            }
+            for rail in rails
+        ],
+        "createdAt": account.get("createdAt"),
+        "updatedAt": account.get("updatedAt"),
+    }
+
+
+def _kyc_summary_from_account(account: dict[str, Any]) -> dict[str, Any]:
+    rails = account.get("fiatRails") or []
+    providers = []
+    approved = False
+    primary_status = None
+    if isinstance(rails, list):
+        for rail in rails:
+            if not isinstance(rail, dict):
+                continue
+            status = rail.get("kycStatus")
+            is_approved = bool(rail.get("isKycApproved"))
+            provider = {
+                "provider": rail.get("provider"),
+                "rail": rail.get("rail"),
+                "status": status,
+                "isApproved": is_approved,
+            }
+            providers.append(provider)
+            if primary_status is None and status:
+                primary_status = status
+            if is_approved:
+                approved = True
+                primary_status = status or primary_status
+    return {
+        "status": primary_status or "not_started",
+        "isApproved": approved,
+        "providers": providers,
+    }
+
+
+def _has_app_auth() -> bool:
+    return bool(os.getenv("HEVN_API_KEY") or get_config_value("api_key"))
+
+
+def _has_mcp_auth() -> bool:
+    return bool(os.getenv("HEVN_MCP_KEY") or get_config_value("mcp_key"))
+
+
+def _mcp_status() -> dict[str, Any]:
+    if not _has_mcp_auth():
+        return {
+            "configured": False,
+            "available": False,
+            "balance": None,
+            "allowance": None,
+            "error": "MCP key is not configured",
+        }
+    try:
+        data = McpApi().balance()
+    except HevnError as exc:
+        return {
+            "configured": True,
+            "available": False,
+            "balance": None,
+            "allowance": None,
+            "error": exc.message,
+        }
+    return {
+        "configured": True,
+        "available": True,
+        "email": data.get("email"),
+        "address": data.get("address"),
+        "balance": data.get("balance"),
+        "allowance": data.get("remaining"),
+        "error": None,
+    }
+
+
+def _app_account_status() -> tuple[dict[str, Any], dict[str, Any]]:
+    configured = _has_app_auth()
+    if not configured:
+        return (
+            {
+                "id": None,
+                "email": None,
+                "firstName": None,
+                "middleName": None,
+                "lastName": None,
+                "entityName": None,
+                "isBusiness": None,
+                "plan": None,
+                "country": None,
+                "fiatRails": [],
+            },
+            {
+                "configured": False,
+                "available": False,
+                "error": "JWT is not configured. Run `hevn login` first or set HEVN_API_KEY.",
+            },
+        )
+    try:
+        account = AppApi().current_user()
+    except HevnError as exc:
+        return (
+            {
+                "id": None,
+                "email": None,
+                "firstName": None,
+                "middleName": None,
+                "lastName": None,
+                "entityName": None,
+                "isBusiness": None,
+                "plan": None,
+                "country": None,
+                "fiatRails": [],
+            },
+            {
+                "configured": True,
+                "available": False,
+                "error": exc.message,
+            },
+        )
+    return (
+        account,
+        {
+            "configured": True,
+            "available": True,
+            "error": None,
+        },
+    )
+
+
+def _balance_total_usd(balance: dict[str, Any]) -> float | None:
+    accounts = balance.get("accounts") or []
+    if not isinstance(accounts, list):
+        return None
+    total = 0.0
+    for account in accounts:
+        if not isinstance(account, dict):
+            continue
+        value = account.get("balanceUsd")
+        if value is None:
+            value = account.get("balance_usd")
+        if value is None:
+            continue
+        total += float(value)
+    return total
+
+
+def _app_balance_status(jwt: dict[str, Any]) -> dict[str, Any]:
+    if not jwt.get("configured"):
+        return {
+            "available": False,
+            "totalUsd": None,
+            "error": "JWT is not configured.",
+        }
+    if not jwt.get("available"):
+        return {
+            "available": False,
+            "totalUsd": None,
+            "error": jwt.get("error"),
+        }
+    try:
+        data = AppApi().balance()
+    except HevnError as exc:
+        return {
+            "available": False,
+            "totalUsd": None,
+            "error": exc.message,
+        }
+    return {
+        "available": True,
+        "totalUsd": _balance_total_usd(data),
+        "accounts": data.get("accounts") or [],
+        "error": None,
+    }
+
+
+def _auth_status(jwt: dict[str, Any], mcp: dict[str, Any]) -> dict[str, Any]:
+    return {
+        "jwt": jwt,
+        "mcp": mcp,
+    }
+
+
+def _same_email(left: str | None, right: str | None) -> bool:
+    return bool(left and right and left.strip().lower() == right.strip().lower())
+
+
+def _assert_auth_same_user(account: dict[str, Any], jwt: dict[str, Any], mcp: dict[str, Any]) -> None:
+    if not (jwt.get("available") and mcp.get("available")):
+        return
+    jwt_email = account.get("email")
+    mcp_email = mcp.get("email")
+    if not _same_email(str(jwt_email) if jwt_email else None, str(mcp_email) if mcp_email else None):
+        remove_config_keys("mcp_key")
+        raise HevnError(f"JWT and MCP key belong to different users: jwt={jwt_email or '-'} mcp={mcp_email or '-'}")
+
+
+def _account_with_auth(
+    account: dict[str, Any],
+    jwt: dict[str, Any],
+    mcp: dict[str, Any],
+    balance: dict[str, Any],
+    *,
+    main: bool,
+) -> dict[str, Any]:
+    summary = _account_summary(account)
+    summary["main"] = main
+    summary["auth"] = _auth_status(jwt, mcp)
+    summary["balanceUsd"] = balance.get("totalUsd")
+    summary["mcpAllowance"] = mcp.get("allowance")
+    summary["mcpBalance"] = mcp.get("balance")
+    summary["kyc"] = _kyc_summary_from_account(account)
+    return summary
+
+
+def _status_label(status: dict[str, Any]) -> str:
+    if status.get("available"):
+        return "ok"
+    if status.get("configured"):
+        return "configured"
+    return "missing"
+
+
+def _print_accounts_table(accounts: list[dict[str, Any]]) -> None:
+    table = Table(title=f"Accounts ({len(accounts)})", box=box.SIMPLE_HEAVY)
+    table.add_column("ID", overflow="fold")
+    table.add_column("Main")
+    table.add_column("Email")
+    table.add_column("Name")
+    table.add_column("Type")
+    table.add_column("Plan")
+    table.add_column("Country")
+    table.add_column("JWT")
+    table.add_column("MCP")
+    table.add_column("Balance")
+    table.add_column("Allowance")
+    for account in accounts:
+        auth = account.get("auth") or {}
+        jwt = auth.get("jwt") or {}
+        mcp = auth.get("mcp") or {}
+        table.add_row(
+            str(account.get("id") or "-"),
+            "✓" if account.get("main") else "",
+            str(account.get("email") or "-"),
+            str(account.get("name") or _display_name(account)),
+            "business" if account.get("isBusiness") else "personal",
+            str(account.get("plan") or "-"),
+            str(account.get("country") or "-"),
+            _status_label(jwt),
+            _status_label(mcp),
+            money(account.get("balanceUsd"), "USD") if account.get("balanceUsd") is not None else "-",
+            money(mcp.get("allowance"), "USDC") if mcp.get("allowance") is not None else "-",
+        )
+    console.print(table)
+
+
+def _print_account_panel(data: dict[str, Any]) -> None:
+    auth = data.get("auth") or {}
+    jwt = auth.get("jwt") or {}
+    mcp = auth.get("mcp") or {}
+    kyc = data.get("kyc") or {}
+    lines = [
+        f"[bold]{data.get('name') or '-'}[/bold]",
+        f"ID: {data.get('id') or '-'}",
+        f"Email: {data.get('email') or '-'}",
+        f"Type: {'business' if data.get('isBusiness') else 'personal'}",
+        f"Plan: {data.get('plan') or '-'}",
+        f"Country: {data.get('country') or '-'}",
+        f"Jurisdiction: {data.get('jurisdiction') or '-'}",
+        f"KYC: {kyc.get('status') or '-'}",
+        f"Balance: {money(data.get('balanceUsd'), 'USD')}",
+        f"JWT: {_status_label(jwt)}",
+        f"MCP: {_status_label(mcp)}",
+    ]
+    console.print(Panel.fit("\n".join(lines), title="Active Account", border_style="cyan"))
+
+
+def _print_kyc_status(data: dict[str, Any]) -> None:
+    kyc_link = data.get("kyc_link") or data.get("kycLink") or data.get("kycUrl")
+    support_link = data.get("contact_support_link") or data.get("contactSupportLink") or f"{site_url()}/chat"
+    lines = [
+        f"KYC link: {kyc_link or '-'}",
+        f"Status: {data.get('status') or data.get('kycStatus') or '-'}",
+        f"Contact support link: {support_link}",
+    ]
+    console.print(Panel.fit("\n".join(lines), title="KYC Status", border_style="cyan"))
+
+
+def _kyc_output(data: dict[str, Any]) -> dict[str, Any]:
+    return {
+        "kyc_link": data.get("kycLink") or data.get("kycUrl"),
+        "status": data.get("status") or data.get("kycStatus"),
+        "contact_support_link": (data.get("contactSupportLink") or f"{site_url()}/chat"),
+    }
+
+
+@app.command("set")
+def set_profile(
+    street_address: str | None = typer.Option(None, "--street-address", "--street_address"),
+    address_line_2: str | None = typer.Option(None, "--address-line-2", "--address_line_2"),
+    city: str | None = typer.Option(None, "--city"),
+    state: str | None = typer.Option(None, "--state"),
+    country: str | None = typer.Option(None, "--country"),
+    zip_code: str | None = typer.Option(None, "--zip"),
+    first_name: str | None = typer.Option(None, "--first-name", "--first_name"),
+    last_name: str | None = typer.Option(None, "--last-name", "--last_name"),
+    entity_name: str | None = typer.Option(None, "--entity-name", "--entity_name"),
+    raw_json: bool = typer.Option(False, "--json", help="Print raw JSON."),
+    yaml_output: bool = typer.Option(False, "--yaml", help="Print YAML."),
+) -> None:
+    address = {
+        "streetAddress": street_address,
+        "addressLine2": address_line_2,
+        "city": city,
+        "state": state,
+        "country": country,
+        "zip": zip_code,
+    }
+    clean_address = {key: value for key, value in address.items() if value is not None}
+    payload = {
+        "firstName": first_name,
+        "lastName": last_name,
+        "entityName": entity_name,
+        "address": clean_address or None,
+    }
+    clean_payload = {key: value for key, value in payload.items() if value is not None}
+    if not clean_payload:
+        raise HevnError("Provide at least one profile field to update.")
+    data = AppApi().update_profile(clean_payload)
+    emit(
+        data,
+        OutputOptions(raw_json, yaml_output),
+        lambda _: console.print("[green]Profile updated[/green]"),
+    )
+
+
+@app.command("list")
+def list_accounts(
+    raw_json: bool = typer.Option(False, "--json", help="Print raw JSON."),
+    yaml_output: bool = typer.Option(False, "--yaml", help="Print YAML."),
+) -> None:
+    account, jwt = _app_account_status()
+    mcp = _mcp_status()
+    _assert_auth_same_user(account, jwt, mcp)
+    balance = _app_balance_status(jwt)
+    accounts = [_account_with_auth(account, jwt, mcp, balance, main=True)]
+    raw_accounts = [
+        {
+            **account,
+            "main": True,
+            "auth": _auth_status(jwt, mcp),
+            "balance": balance,
+            "balanceUsd": balance.get("totalUsd"),
+            "mcpAllowance": mcp.get("allowance"),
+            "mcpBalance": mcp.get("balance"),
+        }
+    ]
+    data = {"accounts": raw_accounts, "total": len(raw_accounts)}
+    ai_data = {
+        "accounts": accounts,
+        "total": len(accounts),
+    }
+    emit(
+        data if raw_json else ai_data,
+        OutputOptions(raw_json, yaml_output),
+        lambda _: _print_accounts_table(accounts),
+    )
+
+
+@app.command("get")
+def get_account(
+    raw_json: bool = typer.Option(False, "--json", help="Print raw JSON."),
+    yaml_output: bool = typer.Option(False, "--yaml", help="Print YAML."),
+) -> None:
+    account, jwt = _app_account_status()
+    mcp = _mcp_status()
+    _assert_auth_same_user(account, jwt, mcp)
+    balance = _app_balance_status(jwt)
+    data = _account_with_auth(account, jwt, mcp, balance, main=True)
+    emit(
+        data,
+        OutputOptions(raw_json, yaml_output),
+        _print_account_panel,
+    )
+
+
+@app.command("kyc")
+def account_kyc(
+    provider: str = typer.Option("swipelux", "--provider", help="KYC provider: swipelux or align."),
+    status_only: bool = typer.Option(False, "--status", help="Only check verification status."),
+    raw_json: bool = typer.Option(False, "--json", help="Print raw JSON."),
+    yaml_output: bool = typer.Option(False, "--yaml", help="Print YAML."),
+) -> None:
+    api = AppApi()
+    normalized_provider = provider.strip().lower()
+    if status_only or normalized_provider != "swipelux":
+        data = api.kyc_status(provider=normalized_provider)
+    else:
+        data = api.kyc_link()
+    data = _kyc_output(data)
+    emit(
+        data,
+        OutputOptions(raw_json, yaml_output),
+        _print_kyc_status,
+    )

hevn_cli/commands/auth.py

@@ -0,0 +1,217 @@
+from __future__ import annotations
+
+import secrets
+import sys
+import threading
+import webbrowser
+from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer
+from importlib.resources import files
+from typing import Any
+from urllib.parse import parse_qs, urlencode, urlparse
+
+import typer
+
+from hevn_cli.config import remove_config_keys, save_config
+from hevn_cli.env import api_url, site_url
+from hevn_cli.render import console, print_json, print_yaml
+
+_LOGIN_COMPLETE_HTML = files("hevn_cli.res").joinpath("login_complete.html").read_bytes()
+
+
+def _first(params: dict[str, list[str]], *names: str) -> str | None:
+    for name in names:
+        values = params.get(name)
+        if values and values[0]:
+            return values[0]
+    return None
+
+
+def _mask(value: str | None) -> str:
+    if not value:
+        return "-"
+    if len(value) <= 12:
+        return value[:2] + "..."
+    return value[:8] + "..." + value[-4:]
+
+
+def _normalize_api_base_url(value: str) -> str:
+    parsed = urlparse(value.strip())
+    if not (parsed.scheme and parsed.netloc):
+        raise typer.BadParameter("Callback baseUrl must be an absolute URL.")
+    if parsed.scheme != "https" and parsed.hostname not in {"localhost", "127.0.0.1", "::1"}:
+        raise typer.BadParameter("Callback baseUrl must use HTTPS outside localhost.")
+    path = parsed.path.rstrip("/")
+    if path in {"", "/docs", "/redoc", "/openapi.json"}:
+        path = "/api/v1"
+    elif path in {"/api/v1/docs", "/api/v1/redoc", "/api/v1/openapi.json"}:
+        path = "/api/v1"
+    return f"{parsed.scheme}://{parsed.netloc}{path}"
+
+
+def _trusted_callback_base_url(value: str | None) -> str | None:
+    if not value:
+        return None
+    normalized = _normalize_api_base_url(value)
+    expected = _normalize_api_base_url(api_url())
+    if normalized != expected:
+        raise typer.BadParameter(
+            f"Callback baseUrl is not allowed for this environment: {normalized}"
+        )
+    return normalized
+
+
+def _print_login_banner() -> None:
+    console.print(
+        "[bold cyan]"
+        "    _    _ ________      ___   _\n"
+        "   | |  | |  ____\\ \\    / / \\ | |\n"
+        "   | |__| | |__   \\ \\  / /|  \\| |\n"
+        "   |  __  |  __|   \\ \\/ / | . ` |\n"
+        "   | |  | | |____   \\  /  | |\\  |\n"
+        "   |_|  |_|______|   \\/   |_| \\_|"
+        "[/bold cyan]"
+    )
+    console.print("\n\n\n\n\n", end="")
+
+
+def login(
+    port: int = typer.Option(0, "--port", min=0, max=65535, help="Local callback port. 0 picks a free port."),
+    timeout: int = typer.Option(180, "--timeout", min=10, help="Seconds to wait for browser callback."),
+    no_open: bool = typer.Option(False, "--no-open", help="Print auth URL without opening the browser."),
+    raw_json: bool = typer.Option(False, "--json", help="Print raw JSON."),
+    yaml_output: bool = typer.Option(False, "--yaml", help="Print YAML."),
+) -> None:
+    if not raw_json and not yaml_output:
+        _print_login_banner()
+
+    state = secrets.token_urlsafe(24)
+    received: dict[str, Any] = {}
+    done = threading.Event()
+
+    class CallbackHandler(BaseHTTPRequestHandler):
+        def log_message(self, format: str, *args: Any) -> None:
+            return
+
+        def do_GET(self) -> None:
+            parsed = urlparse(self.path)
+            params = parse_qs(parsed.query)
+            if _first(params, "state") != state:
+                self.send_response(400)
+                self.end_headers()
+                self.wfile.write(b"Invalid state")
+                return
+
+            jwt = _first(params, "jwt", "token", "accessToken", "access_token")
+            mcp_key = _first(params, "mcp", "mcpKey", "mcp_key", "mcpToken", "mcp_token")
+            try:
+                api_base_url = _trusted_callback_base_url(_first(params, "baseUrl", "base_url"))
+            except typer.BadParameter as exc:
+                self.send_response(400)
+                self.end_headers()
+                self.wfile.write(str(exc).encode("utf-8"))
+                return
+
+            if not jwt and not mcp_key:
+                self.send_response(400)
+                self.end_headers()
+                self.wfile.write(b"Missing jwt or mcp token")
+                return
+
+            received.update(
+                {
+                    "api_key": jwt,
+                    "mcp_key": mcp_key,
+                    "base_url": api_base_url,
+                }
+            )
+            self.send_response(200)
+            self.send_header("Content-Type", "text/html; charset=utf-8")
+            self.send_header("Cache-Control", "no-store")
+            self.end_headers()
+            self.wfile.write(_LOGIN_COMPLETE_HTML)
+            done.set()
+
+    server = ThreadingHTTPServer(("127.0.0.1", port), CallbackHandler)
+    actual_port = server.server_address[1]
+    thread = threading.Thread(target=server.serve_forever, daemon=True)
+    thread.start()
+
+    query = urlencode({"port": actual_port, "state": state})
+    auth_url = f"{site_url()}/cli-auth?{query}"
+    if raw_json or yaml_output:
+        print(f"Open this URL to authorize HEVN CLI: {auth_url}", file=sys.stderr)
+    else:
+        console.print(f"Open this URL to authorize HEVN CLI:\n[bold cyan]{auth_url}[/bold cyan]")
+
+    if not no_open:
+        webbrowser.open(auth_url)
+
+    try:
+        if not done.wait(timeout):
+            raise typer.BadParameter(f"Timed out waiting for callback on port {actual_port}")
+    finally:
+        server.shutdown()
+        server.server_close()
+        thread.join(timeout=2)
+
+    saved = save_config(
+        {
+            "api_key": received.get("api_key"),
+            "mcp_key": received.get("mcp_key"),
+            "base_url": received.get("base_url"),
+        }
+    )
+    result = {
+        "ok": True,
+        "authUrl": auth_url,
+        "configPath": str(saved),
+        "apiKey": _mask(received.get("api_key")),
+        "mcpKey": _mask(received.get("mcp_key")),
+        "baseUrl": received.get("base_url"),
+    }
+    if raw_json:
+        print_json(result)
+    elif yaml_output:
+        print_yaml(result)
+    else:
+        console.print(f"Login complete\nConfig: [bold]{saved}[/bold]\nJWT: {result['apiKey']}\nMCP: {result['mcpKey']}")
+
+
+def set_mcp_key(
+    key: str | None = typer.Argument(None, help="MCP key. If omitted, prompts securely."),
+    raw_json: bool = typer.Option(False, "--json", help="Print raw JSON."),
+    yaml_output: bool = typer.Option(False, "--yaml", help="Print YAML."),
+) -> None:
+    key = key or typer.prompt("MCP key", hide_input=True).strip()
+    if not key:
+        raise typer.BadParameter("MCP key is required.")
+    saved = save_config({"mcp_key": key})
+    result = {
+        "ok": True,
+        "configPath": str(saved),
+        "mcpKey": _mask(key),
+    }
+    if raw_json:
+        print_json(result)
+    elif yaml_output:
+        print_yaml(result)
+    else:
+        console.print(f"MCP key saved\nConfig: [bold]{saved}[/bold]\nMCP: {result['mcpKey']}")
+
+
+def logout(
+    raw_json: bool = typer.Option(False, "--json", help="Print raw JSON."),
+    yaml_output: bool = typer.Option(False, "--yaml", help="Print YAML."),
+) -> None:
+    saved = remove_config_keys("api_key", "mcp_key", "base_url", "device_id")
+    result = {
+        "ok": True,
+        "configPath": str(saved),
+        "removed": ["api_key", "mcp_key", "base_url", "device_id"],
+    }
+    if raw_json:
+        print_json(result)
+    elif yaml_output:
+        print_yaml(result)
+    else:
+        console.print(f"Logged out\nConfig: [bold]{saved}[/bold]")