hf-auth-helper 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (267) hide show
  1. hf_auth_helper-0.1.0/.github/workflows/ci.yml +29 -0
  2. hf_auth_helper-0.1.0/.github/workflows/publish.yml +139 -0
  3. hf_auth_helper-0.1.0/.gitignore +14 -0
  4. hf_auth_helper-0.1.0/AGENTS.md +38 -0
  5. hf_auth_helper-0.1.0/LICENSE +22 -0
  6. hf_auth_helper-0.1.0/PKG-INFO +83 -0
  7. hf_auth_helper-0.1.0/README.md +59 -0
  8. hf_auth_helper-0.1.0/docs/SPECIFICATION.md +352 -0
  9. hf_auth_helper-0.1.0/pyproject.toml +103 -0
  10. hf_auth_helper-0.1.0/scripts/check-mutation.py +92 -0
  11. hf_auth_helper-0.1.0/scripts/vendor.py +67 -0
  12. hf_auth_helper-0.1.0/slophammer.yml +20 -0
  13. hf_auth_helper-0.1.0/src/hf_auth_helper/__init__.py +40 -0
  14. hf_auth_helper-0.1.0/src/hf_auth_helper/cli.py +428 -0
  15. hf_auth_helper-0.1.0/src/hf_auth_helper/prefill.py +169 -0
  16. hf_auth_helper-0.1.0/src/hf_auth_helper/py.typed +0 -0
  17. hf_auth_helper-0.1.0/src/hf_auth_helper/scopes.py +187 -0
  18. hf_auth_helper-0.1.0/src/hf_auth_helper/store.py +165 -0
  19. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/README.txt +4 -0
  20. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/VENDORED.txt +3 -0
  21. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/__init__.py +54 -0
  22. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/application/__init__.py +32 -0
  23. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/application/application.py +1630 -0
  24. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/application/current.py +195 -0
  25. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/application/dummy.py +55 -0
  26. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/application/run_in_terminal.py +117 -0
  27. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/auto_suggest.py +177 -0
  28. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/buffer.py +2029 -0
  29. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/cache.py +127 -0
  30. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/clipboard/__init__.py +17 -0
  31. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/clipboard/base.py +109 -0
  32. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/clipboard/in_memory.py +44 -0
  33. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/clipboard/pyperclip.py +42 -0
  34. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/completion/__init__.py +43 -0
  35. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/completion/base.py +438 -0
  36. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/completion/deduplicate.py +45 -0
  37. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/completion/filesystem.py +118 -0
  38. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/completion/fuzzy_completer.py +213 -0
  39. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/completion/nested.py +109 -0
  40. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/completion/word_completer.py +94 -0
  41. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/__init__.py +0 -0
  42. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/completers/__init__.py +5 -0
  43. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/completers/system.py +64 -0
  44. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/regular_languages/__init__.py +80 -0
  45. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/regular_languages/compiler.py +579 -0
  46. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/regular_languages/completion.py +100 -0
  47. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/regular_languages/lexer.py +94 -0
  48. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/regular_languages/regex_parser.py +279 -0
  49. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/regular_languages/validation.py +60 -0
  50. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/ssh/__init__.py +8 -0
  51. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/ssh/server.py +178 -0
  52. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/telnet/__init__.py +7 -0
  53. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/telnet/log.py +13 -0
  54. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/telnet/protocol.py +209 -0
  55. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/contrib/telnet/server.py +428 -0
  56. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/cursor_shapes.py +117 -0
  57. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/data_structures.py +18 -0
  58. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/document.py +1182 -0
  59. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/enums.py +19 -0
  60. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/eventloop/__init__.py +31 -0
  61. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/eventloop/async_generator.py +125 -0
  62. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/eventloop/inputhook.py +191 -0
  63. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/eventloop/utils.py +101 -0
  64. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/eventloop/win32.py +72 -0
  65. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/filters/__init__.py +71 -0
  66. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/filters/app.py +419 -0
  67. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/filters/base.py +260 -0
  68. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/filters/cli.py +65 -0
  69. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/filters/utils.py +41 -0
  70. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/formatted_text/__init__.py +59 -0
  71. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/formatted_text/ansi.py +302 -0
  72. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/formatted_text/base.py +179 -0
  73. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/formatted_text/html.py +145 -0
  74. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/formatted_text/pygments.py +32 -0
  75. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/formatted_text/utils.py +102 -0
  76. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/history.py +306 -0
  77. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/input/__init__.py +14 -0
  78. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/input/ansi_escape_sequences.py +344 -0
  79. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/input/base.py +154 -0
  80. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/input/defaults.py +79 -0
  81. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/input/posix_pipe.py +118 -0
  82. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/input/posix_utils.py +97 -0
  83. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/input/typeahead.py +78 -0
  84. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/input/vt100.py +309 -0
  85. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/input/vt100_parser.py +250 -0
  86. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/input/win32.py +904 -0
  87. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/input/win32_pipe.py +156 -0
  88. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/__init__.py +22 -0
  89. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/__init__.py +0 -0
  90. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/auto_suggest.py +66 -0
  91. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/basic.py +257 -0
  92. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/completion.py +206 -0
  93. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/cpr.py +30 -0
  94. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/emacs.py +563 -0
  95. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/focus.py +26 -0
  96. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/mouse.py +348 -0
  97. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/named_commands.py +691 -0
  98. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/open_in_editor.py +52 -0
  99. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/page_navigation.py +85 -0
  100. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/scroll.py +190 -0
  101. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/search.py +96 -0
  102. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/bindings/vi.py +2233 -0
  103. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/defaults.py +63 -0
  104. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/digraphs.py +1378 -0
  105. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/emacs_state.py +36 -0
  106. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/key_bindings.py +672 -0
  107. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/key_processor.py +526 -0
  108. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/key_binding/vi_state.py +107 -0
  109. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/keys.py +222 -0
  110. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/__init__.py +147 -0
  111. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/containers.py +2766 -0
  112. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/controls.py +956 -0
  113. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/dimension.py +216 -0
  114. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/dummy.py +40 -0
  115. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/layout.py +412 -0
  116. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/margins.py +304 -0
  117. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/menus.py +748 -0
  118. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/mouse_handlers.py +56 -0
  119. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/processors.py +1016 -0
  120. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/screen.py +323 -0
  121. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/scrollable_pane.py +494 -0
  122. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/layout/utils.py +80 -0
  123. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/lexers/__init__.py +21 -0
  124. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/lexers/base.py +85 -0
  125. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/lexers/pygments.py +328 -0
  126. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/log.py +13 -0
  127. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/mouse_events.py +85 -0
  128. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/output/__init__.py +15 -0
  129. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/output/base.py +332 -0
  130. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/output/color_depth.py +64 -0
  131. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/output/conemu.py +65 -0
  132. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/output/defaults.py +106 -0
  133. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/output/flush_stdout.py +87 -0
  134. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/output/plain_text.py +143 -0
  135. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/output/vt100.py +760 -0
  136. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/output/win32.py +684 -0
  137. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/output/windows10.py +133 -0
  138. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/patch_stdout.py +297 -0
  139. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/py.typed +0 -0
  140. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/renderer.py +820 -0
  141. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/search.py +226 -0
  142. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/selection.py +58 -0
  143. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/shortcuts/__init__.py +49 -0
  144. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/shortcuts/choice_input.py +311 -0
  145. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/shortcuts/dialogs.py +330 -0
  146. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/shortcuts/progress_bar/__init__.py +33 -0
  147. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/shortcuts/progress_bar/base.py +449 -0
  148. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/shortcuts/progress_bar/formatters.py +431 -0
  149. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/shortcuts/prompt.py +1538 -0
  150. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/shortcuts/utils.py +239 -0
  151. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/styles/__init__.py +67 -0
  152. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/styles/base.py +188 -0
  153. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/styles/defaults.py +236 -0
  154. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/styles/named_colors.py +162 -0
  155. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/styles/pygments.py +70 -0
  156. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/styles/style.py +407 -0
  157. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/styles/style_transformation.py +374 -0
  158. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/token.py +9 -0
  159. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/utils.py +327 -0
  160. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/validation.py +192 -0
  161. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/widgets/__init__.py +63 -0
  162. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/widgets/base.py +1080 -0
  163. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/widgets/dialogs.py +108 -0
  164. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/widgets/menus.py +374 -0
  165. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/widgets/toolbars.py +370 -0
  166. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit/win32_types.py +229 -0
  167. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit-3.0.52.dist-info/INSTALLER +1 -0
  168. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit-3.0.52.dist-info/METADATA +172 -0
  169. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit-3.0.52.dist-info/RECORD +299 -0
  170. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit-3.0.52.dist-info/REQUESTED +0 -0
  171. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit-3.0.52.dist-info/WHEEL +5 -0
  172. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit-3.0.52.dist-info/licenses/AUTHORS.rst +11 -0
  173. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit-3.0.52.dist-info/licenses/LICENSE +27 -0
  174. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/prompt_toolkit-3.0.52.dist-info/top_level.txt +1 -0
  175. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/__init__.py +56 -0
  176. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/constants.py +57 -0
  177. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/form.py +117 -0
  178. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompt.py +234 -0
  179. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompts/__init__.py +29 -0
  180. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompts/autocomplete.py +214 -0
  181. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompts/checkbox.py +327 -0
  182. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompts/common.py +670 -0
  183. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompts/confirm.py +133 -0
  184. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompts/password.py +61 -0
  185. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompts/path.py +243 -0
  186. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompts/press_any_key_to_continue.py +61 -0
  187. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompts/rawselect.py +79 -0
  188. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompts/select.py +283 -0
  189. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/prompts/text.py +101 -0
  190. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/py.typed +0 -0
  191. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/question.py +134 -0
  192. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/styles.py +15 -0
  193. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/utils.py +78 -0
  194. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary/version.py +1 -0
  195. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary-2.1.1.dist-info/INSTALLER +1 -0
  196. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary-2.1.1.dist-info/LICENSE +19 -0
  197. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary-2.1.1.dist-info/METADATA +143 -0
  198. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary-2.1.1.dist-info/NOTICE +51 -0
  199. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary-2.1.1.dist-info/RECORD +46 -0
  200. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary-2.1.1.dist-info/REQUESTED +0 -0
  201. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/questionary-2.1.1.dist-info/WHEEL +4 -0
  202. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/__init__.py +81 -0
  203. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/_clip.py +835 -0
  204. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/_constants.py +164 -0
  205. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/_wcswidth.py +439 -0
  206. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/_wcwidth.py +162 -0
  207. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/_width.py +515 -0
  208. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/align.py +165 -0
  209. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/bisearch.py +30 -0
  210. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/control_codes.py +46 -0
  211. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/escape_sequences.py +194 -0
  212. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/grapheme.py +493 -0
  213. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/hyperlink.py +142 -0
  214. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/py.typed +0 -0
  215. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/sgr_state.py +339 -0
  216. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_ambiguous.py +189 -0
  217. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme.py +2347 -0
  218. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/__init__.py +37 -0
  219. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_27e0693f.py +2677 -0
  220. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_3d4826b8.py +6462 -0
  221. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_45d92e98.py +1969 -0
  222. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_4cdf59ce.py +42 -0
  223. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_50bf0759.py +2571 -0
  224. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_529fbb4a.py +1799 -0
  225. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_5bfac390.py +2571 -0
  226. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_813fee16.py +2570 -0
  227. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_8589765c.py +1310 -0
  228. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_8f94b404.py +2581 -0
  229. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_970dbe10.py +2839 -0
  230. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_c0a2cdbf.py +3617 -0
  231. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_c2157f7e.py +1153 -0
  232. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_c3db41c0.py +3401 -0
  233. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_da9ceb0a.py +1910 -0
  234. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_e08bd75e.py +2641 -0
  235. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_e22030f3.py +6396 -0
  236. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_fcc05a0f.py +6648 -0
  237. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_known_fd9d4c44.py +3671 -0
  238. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_grapheme_overrides/_registry.py +32 -0
  239. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_mc.py +206 -0
  240. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_overrides.py +853 -0
  241. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_term_programs.py +49 -0
  242. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_vs15.py +104 -0
  243. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_vs16.py +126 -0
  244. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_wide.py +138 -0
  245. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/table_zero.py +350 -0
  246. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/text_sizing.py +202 -0
  247. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/textwrap.py +656 -0
  248. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/unicode_versions.py +21 -0
  249. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth/wcwidth.py +88 -0
  250. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth-0.8.2.dist-info/INSTALLER +1 -0
  251. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth-0.8.2.dist-info/METADATA +1036 -0
  252. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth-0.8.2.dist-info/RECORD +101 -0
  253. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth-0.8.2.dist-info/REQUESTED +0 -0
  254. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth-0.8.2.dist-info/WHEEL +4 -0
  255. hf_auth_helper-0.1.0/src/hf_auth_helper/vendor/wcwidth-0.8.2.dist-info/licenses/LICENSE +27 -0
  256. hf_auth_helper-0.1.0/src/hf_auth_helper/vendored.py +21 -0
  257. hf_auth_helper-0.1.0/src/hf_auth_helper/verify.py +46 -0
  258. hf_auth_helper-0.1.0/src/hf_auth_helper/wizard.py +163 -0
  259. hf_auth_helper-0.1.0/tests/__init__.py +0 -0
  260. hf_auth_helper-0.1.0/tests/conftest.py +27 -0
  261. hf_auth_helper-0.1.0/tests/test_cli.py +472 -0
  262. hf_auth_helper-0.1.0/tests/test_prefill.py +114 -0
  263. hf_auth_helper-0.1.0/tests/test_scopes.py +222 -0
  264. hf_auth_helper-0.1.0/tests/test_store.py +165 -0
  265. hf_auth_helper-0.1.0/tests/test_vendored.py +11 -0
  266. hf_auth_helper-0.1.0/tests/test_verify.py +101 -0
  267. hf_auth_helper-0.1.0/tests/test_wizard.py +162 -0
@@ -0,0 +1,29 @@
1
+ name: CI
2
+
3
+ on:
4
+ pull_request:
5
+ push:
6
+ branches: [main]
7
+
8
+ jobs:
9
+ test:
10
+ runs-on: ubuntu-latest
11
+ steps:
12
+ - uses: actions/checkout@v6
13
+ - uses: actions/setup-python@v6
14
+ with:
15
+ python-version: "3.12"
16
+ - uses: astral-sh/setup-uv@v7
17
+ - run: python -m pip install -e ".[dev]"
18
+ - run: ruff format --check .
19
+ - run: ruff check .
20
+ - run: ty check src tests
21
+ - run: pytest --cov=src/hf_auth_helper --cov-fail-under=85
22
+ - name: Mutation testing behind the kill-rate floor
23
+ run: python scripts/check-mutation.py --min-kill-rate 80
24
+ - name: Audit dependencies
25
+ run: |
26
+ python -m pip freeze --exclude-editable > /tmp/requirements.txt
27
+ uvx pip-audit -r /tmp/requirements.txt --disable-pip --no-deps
28
+ - run: uvx slophammer-py@0.4.0 dry .
29
+ - run: uvx slophammer-py@0.4.0 check .
@@ -0,0 +1,139 @@
1
+ name: Publish
2
+
3
+ on:
4
+ push:
5
+ tags:
6
+ - "v*"
7
+
8
+ concurrency:
9
+ group: publish-${{ github.workflow }}-${{ github.ref }}
10
+ cancel-in-progress: false
11
+
12
+ permissions:
13
+ contents: read
14
+
15
+ jobs:
16
+ publish:
17
+ # PyPI trusted publishing requires a GitHub-hosted runner.
18
+ runs-on: ubuntu-latest
19
+ permissions:
20
+ contents: write
21
+ id-token: write
22
+ steps:
23
+ - uses: actions/checkout@v6
24
+ with:
25
+ fetch-depth: 0
26
+
27
+ - uses: astral-sh/setup-uv@v7
28
+
29
+ - uses: actions/setup-python@v6
30
+ with:
31
+ python-version: "3.12"
32
+
33
+ - name: Validate release tag
34
+ env:
35
+ RELEASE_SHA: ${{ github.sha }}
36
+ RELEASE_TAG: ${{ github.ref_name }}
37
+ run: |
38
+ set -euo pipefail
39
+ git fetch --no-tags origin main --depth=1
40
+
41
+ uv run --python 3.12 python - <<'PY'
42
+ import os
43
+ import re
44
+ import subprocess
45
+ import sys
46
+ import tomllib
47
+
48
+ release_tag = os.environ.get("RELEASE_TAG", "")
49
+ release_sha = os.environ.get("RELEASE_SHA", "")
50
+
51
+ if not re.fullmatch(r"v\d+\.\d+\.\d+", release_tag):
52
+ sys.exit(f"Release tags must match vX.Y.Z; received {release_tag or '<missing>'}.")
53
+
54
+ with open("pyproject.toml", "rb") as handle:
55
+ version = tomllib.load(handle)["project"]["version"]
56
+ expected = f"v{version}"
57
+ if release_tag != expected:
58
+ sys.exit(
59
+ f"Release tag {release_tag} does not match pyproject version {version}; "
60
+ f"expected {expected}."
61
+ )
62
+
63
+ ancestor = subprocess.run(
64
+ ["git", "merge-base", "--is-ancestor", release_sha, "origin/main"],
65
+ check=False,
66
+ )
67
+ if ancestor.returncode != 0:
68
+ sys.exit(f"Tagged commit {release_sha} is not contained in origin/main.")
69
+
70
+ print(f"Release tag {release_tag} matches pyproject.toml and points to origin/main.")
71
+ PY
72
+
73
+ - name: Ensure version is not already published
74
+ run: |
75
+ set -euo pipefail
76
+ version="$(uv run --python 3.12 python -c 'import tomllib; print(tomllib.load(open("pyproject.toml","rb"))["project"]["version"])')"
77
+ status="$(curl -s -o /dev/null -w '%{http_code}' "https://pypi.org/pypi/hf-auth-helper/$version/json")"
78
+ if [ "$status" = "200" ]; then
79
+ echo "hf-auth-helper@$version is already published on PyPI."
80
+ exit 1
81
+ fi
82
+ echo "Publishing hf-auth-helper@$version"
83
+
84
+ - name: Validate package
85
+ run: |
86
+ uv run --python 3.12 --extra dev ruff format --check .
87
+ uv run --python 3.12 --extra dev ruff check .
88
+ uv run --python 3.12 --extra dev ty check src tests
89
+ uv run --python 3.12 --extra dev pytest --cov=src/hf_auth_helper --cov-fail-under=85
90
+ uv run --python 3.12 --extra dev python scripts/check-mutation.py --min-kill-rate 80
91
+ uv export --python 3.12 --extra dev --format requirements.txt --no-emit-project --no-hashes --output-file /tmp/requirements.txt
92
+ uvx pip-audit -r /tmp/requirements.txt --disable-pip --no-deps
93
+ uvx slophammer-py@0.4.0 dry .
94
+ uvx slophammer-py@0.4.0 check .
95
+
96
+ - name: Build distributions
97
+ run: uv build
98
+
99
+ - name: Check distributions
100
+ run: uvx twine check dist/*
101
+
102
+ - name: Publish to PyPI
103
+ run: uv publish --trusted-publishing always
104
+
105
+ - name: Create GitHub Release
106
+ env:
107
+ GH_TOKEN: ${{ github.token }}
108
+ run: |
109
+ set -euo pipefail
110
+
111
+ tag="${GITHUB_REF_NAME}"
112
+ version="${tag#v}"
113
+ notes_file="$(mktemp)"
114
+
115
+ cat > "$notes_file" <<EOF
116
+ Published hf-auth-helper to PyPI.
117
+
118
+ Install with:
119
+
120
+ \`\`\`sh
121
+ uvx hf-auth-helper==$version agent login
122
+ \`\`\`
123
+
124
+ Package: https://pypi.org/project/hf-auth-helper/$version/
125
+ EOF
126
+
127
+ if gh release view "$tag" >/dev/null 2>&1; then
128
+ gh release edit "$tag" \
129
+ --title "hf-auth-helper v$version" \
130
+ --notes-file "$notes_file" \
131
+ --draft=false \
132
+ --prerelease=false \
133
+ --verify-tag
134
+ else
135
+ gh release create "$tag" \
136
+ --title "hf-auth-helper v$version" \
137
+ --notes-file "$notes_file" \
138
+ --verify-tag
139
+ fi
@@ -0,0 +1,14 @@
1
+ __pycache__/
2
+ *.pyc
3
+ .venv/
4
+ uv.lock
5
+ dist/
6
+ build/
7
+ *.egg-info/
8
+ .pytest_cache/
9
+ .ruff_cache/
10
+ .mypy_cache/
11
+ .coverage
12
+ coverage.xml
13
+ mutants/
14
+ *.env
@@ -0,0 +1,38 @@
1
+ # AGENTS.md
2
+
3
+ These instructions apply to this repository.
4
+
5
+ ## Commands To Run Before Finishing
6
+
7
+ ```sh
8
+ ruff format --check .
9
+ ruff check .
10
+ ty check src tests
11
+ pytest --cov=src/hf_auth_helper --cov-fail-under=85
12
+ python scripts/check-mutation.py --min-kill-rate 80
13
+ uvx slophammer-py@0.4.0 check .
14
+ ```
15
+
16
+ CI runs the same gates; do not finish with any of them red.
17
+
18
+ ## Rules
19
+
20
+ - Python 3.12+, standard library only in `src/` — this tool must stay
21
+ runnable as a dependency-free single install. Dev tooling may use
22
+ dependencies; shipped code may not.
23
+ - Type annotations on all public functions and meaningful helpers. No
24
+ explicit `Any`; dynamic JSON is narrowed at the boundary
25
+ (see `scopes.py` for the pattern).
26
+ - Security invariant: scope classification fails closed. Unknown permissions
27
+ are violations. Never widen `SAFE_PERMISSIONS` without a test proving the
28
+ permission cannot mutate or delete Hub content.
29
+ - Never print, log, or persist token values except where the user explicitly
30
+ chose to store them.
31
+ - Keep domain logic (scope evaluation, URL building) free of IO. Network and
32
+ filesystem access belong in the CLI layer only.
33
+ - Add or update tests for every behavior change.
34
+
35
+ ## Slophammer
36
+
37
+ Quality gates are enforced with Slophammer standards:
38
+ https://raw.githubusercontent.com/dutifuldev/slophammer/refs/heads/main/docs/AGENT_ENTRYPOINT.md
@@ -0,0 +1,22 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Onur Solmaz
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
22
+
@@ -0,0 +1,83 @@
1
+ Metadata-Version: 2.4
2
+ Name: hf-auth-helper
3
+ Version: 0.1.0
4
+ Summary: Set up safe, scoped Hugging Face authentication for agents: propose-only tokens, verification, and profiles.
5
+ Project-URL: Repository, https://github.com/osolmaz/hf-auth-helper
6
+ Author-email: Onur Solmaz <onur@solmaz.io>
7
+ License-Expression: MIT
8
+ License-File: LICENSE
9
+ Keywords: agent,huggingface,propose-only,security,token
10
+ Classifier: Development Status :: 3 - Alpha
11
+ Classifier: Environment :: Console
12
+ Classifier: Intended Audience :: Developers
13
+ Classifier: Programming Language :: Python :: 3.12
14
+ Classifier: Topic :: Security
15
+ Requires-Python: >=3.12
16
+ Provides-Extra: dev
17
+ Requires-Dist: mutmut>=3.2; extra == 'dev'
18
+ Requires-Dist: pytest-cov>=5.0; extra == 'dev'
19
+ Requires-Dist: pytest>=8.0; extra == 'dev'
20
+ Requires-Dist: ruff>=0.5; extra == 'dev'
21
+ Requires-Dist: ty>=0.0.9; extra == 'dev'
22
+ Requires-Dist: typeguard>=4.3; extra == 'dev'
23
+ Description-Content-Type: text/markdown
24
+
25
+ # hf-auth-helper
26
+
27
+ Set up safe, scoped Hugging Face authentication for agents.
28
+
29
+ Coding agents that read untrusted content (web pages, issues, datasets) can be
30
+ prompt-injected. If such an agent holds a normal `write` token, one injection
31
+ can delete your datasets, Spaces, and buckets. `hf-auth-helper` sets up
32
+ **propose-only** access instead: the agent can read and open pull requests,
33
+ but a human has to merge — nothing the agent does is irreversible.
34
+
35
+ ## Usage
36
+
37
+ ```sh
38
+ uvx hf-auth-helper agent login
39
+ ```
40
+
41
+ One interactive command:
42
+
43
+ 1. **Recommended or customize** — accept the field-tested access settings,
44
+ or answer plain-language yes/no questions ("Read gated models?", "Read
45
+ your billing usage?", …) to narrow them. Reading repo contents and
46
+ opening pull requests are always included; write access never is.
47
+ 2. **Organizations** — if you're already logged into the `hf` CLI, your orgs
48
+ are detected and offered as a checklist; otherwise enter names manually.
49
+ 3. **Token form** — a summary of what the token will be able to do, then the
50
+ Hugging Face token page URL with your scopes preselected. Open it on any
51
+ device (the tool assumes you may be SSH'd into a remote box and only
52
+ opens a local browser if you say yes); name the token and click create.
53
+ 4. **Verification** — paste the token (input stays hidden) and it is checked
54
+ against the Hub: if its scopes allow anything beyond reading and opening
55
+ pull requests, it is **refused** with the violating permissions named,
56
+ and nothing is stored. Differences from what you configured are reported.
57
+ 5. **Storage** — keep it as a named `hf` CLI profile (activate with
58
+ `hf auth switch`), make it the primary token (your current login is
59
+ preserved as a named profile, never destroyed), or write an `HF_TOKEN=`
60
+ line into an env file for a single agent process.
61
+
62
+ Scripting (no prompts when not a TTY; flags select resources and
63
+ destinations, never scopes):
64
+
65
+ ```sh
66
+ uvx hf-auth-helper agent login --org my-org --profile my-agent
67
+ uvx hf-auth-helper agent login --env /path/to/agent/.env
68
+ uvx hf-auth-helper agent login --url-only # just print the prefill URL
69
+ ```
70
+
71
+ Whatever you select, write capability is limited to opening PRs and
72
+ discussions. A token created this way cannot push to main, merge PRs, modify
73
+ buckets, change settings, or delete anything. What it can still do is *read*
74
+ everything you granted it — see the threat model in
75
+ [docs/SPECIFICATION.md](docs/SPECIFICATION.md) for why "nothing irreversible"
76
+ is the guarantee, not "nothing leaks".
77
+
78
+ The full behavior contract, threat model, and design rationale live in
79
+ [docs/SPECIFICATION.md](docs/SPECIFICATION.md).
80
+
81
+ ## License
82
+
83
+ [MIT](LICENSE)
@@ -0,0 +1,59 @@
1
+ # hf-auth-helper
2
+
3
+ Set up safe, scoped Hugging Face authentication for agents.
4
+
5
+ Coding agents that read untrusted content (web pages, issues, datasets) can be
6
+ prompt-injected. If such an agent holds a normal `write` token, one injection
7
+ can delete your datasets, Spaces, and buckets. `hf-auth-helper` sets up
8
+ **propose-only** access instead: the agent can read and open pull requests,
9
+ but a human has to merge — nothing the agent does is irreversible.
10
+
11
+ ## Usage
12
+
13
+ ```sh
14
+ uvx hf-auth-helper agent login
15
+ ```
16
+
17
+ One interactive command:
18
+
19
+ 1. **Recommended or customize** — accept the field-tested access settings,
20
+ or answer plain-language yes/no questions ("Read gated models?", "Read
21
+ your billing usage?", …) to narrow them. Reading repo contents and
22
+ opening pull requests are always included; write access never is.
23
+ 2. **Organizations** — if you're already logged into the `hf` CLI, your orgs
24
+ are detected and offered as a checklist; otherwise enter names manually.
25
+ 3. **Token form** — a summary of what the token will be able to do, then the
26
+ Hugging Face token page URL with your scopes preselected. Open it on any
27
+ device (the tool assumes you may be SSH'd into a remote box and only
28
+ opens a local browser if you say yes); name the token and click create.
29
+ 4. **Verification** — paste the token (input stays hidden) and it is checked
30
+ against the Hub: if its scopes allow anything beyond reading and opening
31
+ pull requests, it is **refused** with the violating permissions named,
32
+ and nothing is stored. Differences from what you configured are reported.
33
+ 5. **Storage** — keep it as a named `hf` CLI profile (activate with
34
+ `hf auth switch`), make it the primary token (your current login is
35
+ preserved as a named profile, never destroyed), or write an `HF_TOKEN=`
36
+ line into an env file for a single agent process.
37
+
38
+ Scripting (no prompts when not a TTY; flags select resources and
39
+ destinations, never scopes):
40
+
41
+ ```sh
42
+ uvx hf-auth-helper agent login --org my-org --profile my-agent
43
+ uvx hf-auth-helper agent login --env /path/to/agent/.env
44
+ uvx hf-auth-helper agent login --url-only # just print the prefill URL
45
+ ```
46
+
47
+ Whatever you select, write capability is limited to opening PRs and
48
+ discussions. A token created this way cannot push to main, merge PRs, modify
49
+ buckets, change settings, or delete anything. What it can still do is *read*
50
+ everything you granted it — see the threat model in
51
+ [docs/SPECIFICATION.md](docs/SPECIFICATION.md) for why "nothing irreversible"
52
+ is the guarantee, not "nothing leaks".
53
+
54
+ The full behavior contract, threat model, and design rationale live in
55
+ [docs/SPECIFICATION.md](docs/SPECIFICATION.md).
56
+
57
+ ## License
58
+
59
+ [MIT](LICENSE)