humanbound-cli 0.3.1__tar.gz → 0.3.3__tar.gz

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: humanbound-cli
-Version: 0.3.1
+Version: 0.3.3
 Summary: Humanbound CLI - command line interface for AI agent security testing.
 Author-email: Kostas Siabanis <hello@humanbound.ai>, Demetris Gerogiannis <hello@humanbound.ai>
 License: Apache-2.0

humanbound_cli-0.3.3/humanbound_cli/__init__.py

@@ -0,0 +1,8 @@
+"""Humanbound CLI - command line interface for AI agent security testing."""
+
+from importlib.metadata import version as _v
+
+try:
+    __version__ = _v("humanbound-cli")
+except Exception:
+    __version__ = "dev"

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli/client.py

@@ -206,6 +206,89 @@ ERROR_HTML = """<!DOCTYPE html>
 </html>"""
 
 
+LOGOUT_HTML = """<!DOCTYPE html>
+<html>
+<head>
+    <title>Humanbound CLI - Logged Out</title>
+    <style>
+        * { margin: 0; padding: 0; box-sizing: border-box; }
+        body {
+            font-family: 'SF Mono', 'Fira Code', 'Consolas', monospace;
+            background: linear-gradient(135deg, #0d1117 0%, #161b22 100%);
+            color: #e6edf3;
+            min-height: 100vh;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+        }
+        .container {
+            text-align: center;
+            padding: 3rem;
+            background: rgba(22, 27, 34, 0.8);
+            border: 1px solid #30363d;
+            border-radius: 12px;
+            box-shadow: 0 8px 24px rgba(0, 0, 0, 0.4);
+            max-width: 480px;
+        }
+        .icon {
+            width: 64px;
+            height: 64px;
+            margin-bottom: 1.5rem;
+            background: #58a6ff;
+            border-radius: 50%;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            margin-left: auto;
+            margin-right: auto;
+        }
+        .icon svg { width: 32px; height: 32px; fill: white; }
+        h1 {
+            font-size: 1.5rem;
+            font-weight: 600;
+            margin-bottom: 0.75rem;
+            color: #58a6ff;
+        }
+        p {
+            color: #8b949e;
+            font-size: 0.9rem;
+            line-height: 1.6;
+        }
+        .command {
+            background: #0d1117;
+            border: 1px solid #30363d;
+            border-radius: 6px;
+            padding: 1rem;
+            margin-top: 1.5rem;
+            font-size: 0.85rem;
+        }
+        .command code {
+            color: #7ee787;
+        }
+        .prompt { color: #6e7681; }
+        .close-hint {
+            margin-top: 1.5rem;
+            font-size: 0.8rem;
+            color: #6e7681;
+        }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="icon">
+            <svg viewBox="0 0 24 24"><path d="M13 3h-2v10h2V3zm4.83 2.17l-1.42 1.42C17.99 7.86 19 9.81 19 12c0 3.87-3.13 7-7 7s-7-3.13-7-7c0-2.19 1.01-4.14 2.58-5.42L6.17 5.17C4.23 6.82 3 9.26 3 12c0 4.97 4.03 9 9 9s9-4.03 9-9c0-2.74-1.23-5.18-3.17-6.83z"/></svg>
+        </div>
+        <h1>Session Revoked</h1>
+        <p>Your local credentials and browser session have been cleared.</p>
+        <div class="command">
+            <span class="prompt">$</span> <code>hb login</code>
+        </div>
+        <p class="close-hint">You can close this tab</p>
+    </div>
+</body>
+</html>"""
+
+
 class HumanboundClient:
     """API client for Humanbound platform with OAuth authentication."""
 
@@ -388,16 +471,24 @@ class HumanboundClient:
 
     def _exchange_for_api_token(self) -> None:
         """Exchange Auth0 token for API session token."""
-        response = requests.get(
-            f"{self.base_url}/auth",
-            headers={"Authorization": f"Bearer {self._auth0_token}"},
-            timeout=DEFAULT_TIMEOUT,
-        )
+        try:
+            response = requests.get(
+                f"{self.base_url}/auth",
+                headers={"Authorization": f"Bearer {self._auth0_token}"},
+                timeout=DEFAULT_TIMEOUT,
+            )
+        except requests.ConnectionError:
+            raise AuthenticationError(f"Could not connect to {self.base_url}. Is the server running?")
+        except requests.Timeout:
+            raise AuthenticationError(f"Connection to {self.base_url} timed out.")
 
         if response.status_code != 200:
-            raise AuthenticationError(f"API authentication failed: {response.text}")
+            raise AuthenticationError(f"API authentication failed ({response.status_code}): {response.text}")
 
-        data = response.json()
+        try:
+            data = response.json()
+        except Exception:
+            raise AuthenticationError(f"API returned invalid response from {self.base_url}/auth")
         self._api_token = data.get("access_token") or data.get("token")
         if not self._api_token:
             raise AuthenticationError("No access token in API response")
@@ -454,6 +545,10 @@ class HumanboundClient:
             self._username = credentials.get("username")
             self._email = credentials.get("email")
             self._default_organisation_id = credentials.get("default_organisation_id")
+            # Restore saved base_url unless explicitly overridden via --base-url or env var
+            saved_url = credentials.get("base_url")
+            if saved_url and self.base_url == get_base_url().rstrip("/"):
+                self.base_url = saved_url.rstrip("/")
 
     def _load_credentials_file(self) -> dict:
         """Load credentials file."""

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli/commands/api_keys.py

@@ -54,7 +54,7 @@ def list_keys(as_json: bool):
             return
 
         table = Table(title="API Keys")
-        table.add_column("ID", style="dim", width=10)
+        table.add_column("ID", style="dim")
         table.add_column("Name", style="bold")
         table.add_column("Scopes")
         table.add_column("Active", justify="center")
@@ -67,7 +67,7 @@ def list_keys(as_json: bool):
             prefix = (key_val[:12] + "...") if len(str(key_val)) > 12 else str(key_val)
 
             table.add_row(
-                str(key.get("id", ""))[:10],
+                str(key.get("id", "")),
                 key.get("name", ""),
                 key.get("scopes", ""),
                 active,

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli/commands/auth.py

@@ -5,6 +5,7 @@ from rich.console import Console
 from rich.panel import Panel
 
 from ..client import HumanboundClient
+from ..config import DEFAULT_BASE_URL
 from ..exceptions import AuthenticationError, APIError
 
 console = Console()
@@ -50,9 +51,14 @@ def login(base_url: str, port: int, force: bool):
             except Exception as e:
                 org_display = f"{client.default_organisation_id} (could not resolve name: {e})"
 
+        base_url_line = ""
+        if client.base_url.rstrip("/") != DEFAULT_BASE_URL.rstrip("/"):
+            base_url_line = f"Base URL: {client.base_url}\n"
+
         console.print(Panel(
             f"[green]Login successful![/green]\n\n"
             f"User: {client.username or 'unknown'}\n"
+            f"{base_url_line}"
             f"Organisation: {org_display}",
             title="Humanbound",
         ))
@@ -65,20 +71,51 @@ def login(base_url: str, port: int, force: bool):
 
 @auth_group.command("logout")
 @click.option("--revoke", is_flag=True, help="Also clear browser SSO session (opens browser)")
-def logout(revoke: bool):
+@click.option("--port", default=8085, help="Local callback port (default: 8085)")
+def logout(revoke: bool, port: int):
     """Clear stored credentials."""
-    import webbrowser
-    from ..config import get_auth0_domain, get_auth0_client_id
-
     client = HumanboundClient()
     client.logout()  # This already prints the success message
 
     if revoke:
+        import webbrowser
+        import urllib.parse
+        import http.server
+        import socketserver
+        from ..config import get_auth0_domain, get_auth0_client_id
+        from ..client import LOGOUT_HTML
+
         auth0_domain = get_auth0_domain()
         client_id = get_auth0_client_id()
-        logout_url = f"https://{auth0_domain}/v2/logout?client_id={client_id}"
-        console.print("Opening browser to clear Auth0 session...")
-        webbrowser.open(logout_url)
+        return_to = f"http://localhost:{port}"
+
+        logout_url = (
+            f"https://{auth0_domain}/v2/logout?"
+            + urllib.parse.urlencode({"client_id": client_id, "returnTo": return_to})
+        )
+
+        class LogoutHandler(http.server.BaseHTTPRequestHandler):
+            def do_GET(self):
+                self.send_response(200)
+                self.send_header("Content-type", "text/html")
+                self.end_headers()
+                self.wfile.write(LOGOUT_HTML.encode())
+
+            def log_message(self, format, *args):
+                pass
+
+        socketserver.TCPServer.allow_reuse_address = True
+        server = socketserver.TCPServer(("", port), LogoutHandler)
+        server.timeout = 30
+
+        try:
+            console.print("Opening browser to clear Auth0 session...")
+            webbrowser.open(logout_url)
+            server.handle_request()
+        finally:
+            server.server_close()
+
+        console.print("[green]Browser session revoked. Base URL reset to default.[/green]")
     else:
         console.print(
             "[dim]Note: Your browser may still have an active Auth0 session. "
@@ -104,11 +141,15 @@ def whoami():
             except Exception as e:
                 org_display = f"{client.organisation_id} [dim](could not resolve name: {e})[/dim]"
 
+        base_url_line = ""
+        if client.base_url.rstrip("/") != DEFAULT_BASE_URL.rstrip("/"):
+            base_url_line = f"Base URL: {client.base_url}\n"
+
         console.print(Panel(
             f"[green]Authenticated[/green]\n\n"
             f"User: {client.username or '[dim]unknown[/dim]'}\n"
             f"Email: {client.email or '[dim]unknown[/dim]'}\n"
-            f"Base URL: {client.base_url}\n"
+            f"{base_url_line}"
             f"Organisation: {org_display}\n"
             f"Project: {client.project_id or '[dim]not set[/dim]'}",
             title="Humanbound Status",

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli/commands/campaigns.py

@@ -156,7 +156,7 @@ def break_campaign(force: bool):
             return
 
         if not force:
-            if not Confirm.ask(f"Break campaign [bold]{campaign_id[:10]}...[/bold]? Running experiments will be stopped"):
+            if not Confirm.ask(f"Break campaign [bold]{campaign_id}[/bold]? Running experiments will be stopped"):
                 console.print("[dim]Cancelled.[/dim]")
                 return
 

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli/commands/experiments.py

@@ -142,13 +142,20 @@ def show_experiment(experiment_id: str):
 
 
 @experiments_group.command("status")
-@click.argument("experiment_id")
+@click.argument("experiment_id", required=False)
 @click.option("--watch", "-w", is_flag=True, help="Watch status until completion")
 @click.option("--interval", default=10, help="Polling interval in seconds (with --watch)")
-def experiment_status(experiment_id: str, watch: bool, interval: int):
+@click.option("--all", "show_all", is_flag=True, help="Show status of all project experiments (polls every 60s)")
+def experiment_status(experiment_id: str, watch: bool, interval: int, show_all: bool):
     """Check experiment status.
 
-    EXPERIMENT_ID: Experiment UUID.
+    EXPERIMENT_ID: Experiment UUID (optional with --all).
+
+    \b
+    Examples:
+      hb experiments status <id>           # One-shot status
+      hb experiments status <id> --watch   # Poll single experiment
+      hb experiments status --all          # Dashboard of all experiments (polls 60s)
     """
     client = HumanboundClient()
 
@@ -156,6 +163,14 @@ def experiment_status(experiment_id: str, watch: bool, interval: int):
         console.print("[yellow]No project selected.[/yellow]")
         raise SystemExit(1)
 
+    if show_all:
+        _poll_all_experiments(client)
+        return
+
+    if not experiment_id:
+        console.print("[red]Provide an experiment ID or use --all.[/red]")
+        raise SystemExit(1)
+
     try:
         if not watch:
             status = client.get_experiment_status(experiment_id)
@@ -201,6 +216,94 @@ def experiment_status(experiment_id: str, watch: bool, interval: int):
         console.print("\n[yellow]Stopped watching.[/yellow]")
 
 
+ACTIVE_STATUSES = ["Running", "Generating", "Generated", "Pending"]
+
+
+def _poll_all_experiments(client: HumanboundClient):
+    """Poll all project experiments every 60s until none are active."""
+    try:
+        cycle = 0
+        while True:
+            # Fetch all experiments (up to 200)
+            all_exps = []
+            page = 1
+            while True:
+                response = client.list_experiments(page=page, size=100)
+                all_exps.extend(response.get("data", []))
+                if not response.get("has_next_page"):
+                    break
+                page += 1
+
+            if not all_exps:
+                console.print("[yellow]No experiments found.[/yellow]")
+                return
+
+            active = [e for e in all_exps if e.get("status") in ACTIVE_STATUSES]
+            finished = [e for e in all_exps if e.get("status") == "Finished"]
+            failed = [e for e in all_exps if e.get("status") == "Failed"]
+
+            # Clear screen on subsequent cycles
+            if cycle > 0:
+                console.clear()
+
+            timestamp = time.strftime("%H:%M:%S")
+            console.print(f"[bold]Project Experiments[/bold]  [dim]{timestamp}[/dim]\n")
+            console.print(
+                f"  Total: {len(all_exps)}  "
+                f"[green]Finished: {len(finished)}[/green]  "
+                f"[yellow]Active: {len(active)}[/yellow]  "
+                f"[red]Failed: {len(failed)}[/red]\n"
+            )
+
+            table = Table()
+            table.add_column("Name", style="bold", max_width=35)
+            table.add_column("Status", width=12)
+            table.add_column("Category", width=20)
+            table.add_column("ID", style="dim")
+
+            for exp in all_exps:
+                status = exp.get("status", "Unknown")
+                status_style = {
+                    "Finished": "[green]Finished[/green]",
+                    "Running": "[yellow]Running[/yellow]",
+                    "Failed": "[red]Failed[/red]",
+                    "Generating": "[cyan]Generating[/cyan]",
+                    "Generated": "[blue]Generated[/blue]",
+                    "Pending": "[dim]Pending[/dim]",
+                    "Terminated": "[red]Terminated[/red]",
+                }.get(status, status)
+
+                cat = exp.get("test_category", "")
+                if "/" in cat:
+                    cat = cat.split("/")[-1]
+
+                table.add_row(
+                    exp.get("name", ""),
+                    status_style,
+                    cat,
+                    exp.get("id", ""),
+                )
+
+            console.print(table)
+
+            if not active:
+                console.print(f"\n[green]All experiments completed.[/green]")
+                return
+
+            console.print(f"\n[dim]{len(active)} active — polling every 60s (Ctrl+C to stop)[/dim]")
+            time.sleep(60)
+            cycle += 1
+
+    except NotAuthenticatedError:
+        console.print("[red]Not authenticated.[/red] Run 'hb login' first.")
+        raise SystemExit(1)
+    except APIError as e:
+        console.print(f"[red]Error:[/red] {e}")
+        raise SystemExit(1)
+    except KeyboardInterrupt:
+        console.print("\n[yellow]Stopped polling.[/yellow]")
+
+
 def _print_status(status: dict):
     """Print experiment status."""
     current_status = status.get("status", "Unknown")

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli/commands/findings.py

@@ -76,7 +76,7 @@ def findings_group(ctx, status, severity, page, size, as_json):
             return
 
         table = Table(title="Findings")
-        table.add_column("ID", style="dim", width=10)
+        table.add_column("ID", style="dim")
         table.add_column("Title", max_width=40)
         table.add_column("Severity", width=10)
         table.add_column("Status", width=10)
@@ -89,7 +89,7 @@ def findings_group(ctx, status, severity, page, size, as_json):
             stat = str(finding.get("status", "")).lower()
 
             table.add_row(
-                str(finding.get("id", ""))[:10],
+                str(finding.get("id", "")),
                 finding.get("title", finding.get("description", ""))[:40],
                 SEVERITY_STYLES.get(sev, sev),
                 STATUS_STYLES.get(stat, stat),

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli/commands/logs.py

@@ -127,7 +127,7 @@ def _show_table(client: HumanboundClient, experiment_id: str, verdict: str, page
         return
 
     table = Table(title=f"Experiment Logs (page {page})")
-    table.add_column("ID", style="dim", width=10)
+    table.add_column("ID", style="dim")
     table.add_column("Verdict", width=6)
     table.add_column("Severity", width=8)
     table.add_column("Category", width=15)

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli/commands/members.py

@@ -55,7 +55,7 @@ def list_members(as_json: bool):
             return
 
         table = Table(title="Organisation Members")
-        table.add_column("ID", style="dim", width=10)
+        table.add_column("ID", style="dim")
         table.add_column("Email", style="bold")
         table.add_column("Username")
         table.add_column("Role")
@@ -70,7 +70,7 @@ def list_members(as_json: bool):
             }.get(str(role).lower(), str(role))
 
             table.add_row(
-                str(member.get("id", ""))[:10],
+                str(member.get("id", "")),
                 member.get("email", ""),
                 member.get("username", ""),
                 role_style,

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli/commands/providers.py

@@ -47,7 +47,7 @@ def list_providers():
             return
 
         table = Table(title="Model Providers")
-        table.add_column("ID", style="dim", width=12)
+        table.add_column("ID", style="dim")
         table.add_column("Name", style="bold")
         table.add_column("Model", width=25)
         table.add_column("Default", justify="center")

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli/commands/test.py

@@ -13,13 +13,8 @@ from ..exceptions import NotAuthenticatedError, APIError
 
 console = Console()
 
-# Available test categories
-TEST_CATEGORIES = [
-    "humanbound/adversarial/owasp_single_turn",
-    "humanbound/adversarial/owasp_multi_turn",
-    "humanbound/adversarial/owasp_agentic_multi_turn",
-    "humanbound/behavioral/behavioral",
-]
+# Default test category
+DEFAULT_TEST_CATEGORY = "humanbound/adversarial/owasp_multi_turn"
 
 # Testing levels (must match backend TestingLevel enum)
 # unit (~20 min), system (~45 min), acceptance (~90 min)
@@ -62,7 +57,7 @@ def _load_integration(value: str) -> dict:
             raise SystemExit(1)
 
     try:
-        return json.loads(value)
+        return json.loads(value.strip())
     except json.JSONDecodeError:
         console.print(f"[red]--endpoint must be a JSON string or path to a JSON file.[/red]")
         console.print("[dim]Example: --endpoint ./bot-config.json[/dim]")
@@ -73,9 +68,8 @@ def _load_integration(value: str) -> dict:
 @click.command("test")
 @click.option(
     "--test-category", "-t",
-    type=click.Choice(TEST_CATEGORIES, case_sensitive=False),
-    default="humanbound/adversarial/owasp_multi_turn",
-    help="Test category to run"
+    default=DEFAULT_TEST_CATEGORY,
+    help="Test category to run (e.g. humanbound/adversarial/owasp_multi_turn, humanbound/behavioral/qa)"
 )
 @click.option(
     "--testing-level", "-l",
@@ -87,6 +81,11 @@ def _load_integration(value: str) -> dict:
     "--name", "-n",
     help="Experiment name (auto-generated if not provided)"
 )
+@click.option(
+    "--description", "-d",
+    default="",
+    help="Experiment description"
+)
 @click.option(
     "--lang",
     default="english",
@@ -117,8 +116,8 @@ def _load_integration(value: str) -> dict:
     type=click.Choice(["critical", "high", "medium", "low", "any"]),
     help="Exit with error if findings of this severity or higher are found"
 )
-def test_command(test_category: str, testing_level: str, name: str, lang: str,
-                 provider_id: str, endpoint: str,
+def test_command(test_category: str, testing_level: str, name: str, description: str,
+                 lang: str, provider_id: str, endpoint: str,
                  no_auto_start: bool,
                  wait: bool, fail_on: str):
     """Run security tests on the current project.
@@ -185,6 +184,7 @@ def test_command(test_category: str, testing_level: str, name: str, lang: str,
         # Create experiment
         experiment_data = {
             "name": name,
+            "description": description,
             "test_category": test_category,
             "testing_level": testing_level,
             "lang": lang,

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli/main.py

@@ -3,6 +3,7 @@
 import click
 from rich.console import Console
 
+from . import __version__
 from .client import HumanboundClient
 from .config import get_base_url
 
@@ -35,6 +36,7 @@ def get_client() -> HumanboundClient:
 
 
 @click.group()
+@click.version_option(version=__version__, prog_name="hb")
 @click.option(
     "--base-url",
     envvar="HUMANBOUND_BASE_URL",
@@ -98,10 +100,11 @@ def login_alias(ctx):
 
 @cli.command("logout")
 @click.option("--revoke", is_flag=True, help="Also clear browser SSO session (opens browser)")
+@click.option("--port", default=8085, help="Local callback port (default: 8085)")
 @click.pass_context
-def logout_alias(ctx, revoke):
+def logout_alias(ctx, revoke, port):
     """Clear stored credentials (alias for 'auth logout')."""
-    ctx.invoke(auth.logout, revoke=revoke)
+    ctx.invoke(auth.logout, revoke=revoke, port=port)
 
 
 @cli.command("whoami")
@@ -148,12 +151,24 @@ def switch_org(org_id: str):
 @cli.command("status")
 @click.argument("experiment_id", required=False)
 @click.option("--watch", "-w", is_flag=True, help="Watch status until completion")
+@click.option("--all", "show_all", is_flag=True, help="Show all project experiments (polls every 60s)")
 @click.pass_context
-def status_alias(ctx, experiment_id: str, watch: bool):
+def status_alias(ctx, experiment_id: str, watch: bool, show_all: bool):
     """Check experiment status (alias for 'experiments status').
 
     If no experiment_id is provided, shows the most recent experiment.
+    Use --all to see a dashboard of all project experiments.
     """
+    if show_all:
+        ctx.invoke(
+            experiments.experiment_status,
+            experiment_id=None,
+            watch=False,
+            interval=10,
+            show_all=True,
+        )
+        return
+
     client = HumanboundClient()
 
     if not experiment_id:
@@ -179,6 +194,7 @@ def status_alias(ctx, experiment_id: str, watch: bool):
         experiment_id=experiment_id,
         watch=watch,
         interval=10,
+        show_all=False,
     )
 
 

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/humanbound_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: humanbound-cli
-Version: 0.3.1
+Version: 0.3.3
 Summary: Humanbound CLI - command line interface for AI agent security testing.
 Author-email: Kostas Siabanis <hello@humanbound.ai>, Demetris Gerogiannis <hello@humanbound.ai>
 License: Apache-2.0

{humanbound_cli-0.3.1 → humanbound_cli-0.3.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "humanbound-cli"
-version = "0.3.1"
+version = "0.3.3"
 authors = [
   { name="Kostas Siabanis", email="hello@humanbound.ai" },
   { name="Demetris Gerogiannis", email="hello@humanbound.ai" },

humanbound_cli-0.3.1/humanbound_cli/__init__.py

@@ -1,3 +0,0 @@
-"""Humanbound CLI - command line interface for AI agent security testing."""
-
-__version__ = "0.2.0"