lithora-cli 0.2.0__py3-none-any.whl

lithora_cli/commands/teams.py

@@ -0,0 +1,43 @@
+"""`lithora teams` — manage teams."""
+
+from __future__ import annotations
+
+from typing import Optional
+
+import typer
+
+from ._common import client, errors, show
+
+app = typer.Typer(no_args_is_help=True, help="Manage teams.")
+
+
+@app.command("list")
+def list_teams(ctx: typer.Context):
+    """List teams you belong to."""
+    with errors():
+        show(ctx, client(ctx).teams.list(), columns=["team_id", "name", "member_ids"])
+
+
+@app.command("show")
+def show_team(ctx: typer.Context, team_id: str = typer.Argument(..., help="Team id")):
+    """Show one team."""
+    with errors():
+        show(ctx, client(ctx).teams.get(team_id))
+
+
+@app.command("members")
+def members(ctx: typer.Context, team_id: str = typer.Argument(...)):
+    """List a team's members."""
+    with errors():
+        show(ctx, client(ctx).teams.members(team_id), columns=["user_id", "name", "role"])
+
+
+@app.command("create")
+def create_team(
+    ctx: typer.Context,
+    name: str = typer.Option(..., "--name", "-n", help="Team name"),
+    description: Optional[str] = typer.Option(None, "--description"),
+):
+    """Create a team."""
+    with errors():
+        show(ctx, client(ctx).teams.create(name, description=description))

lithora_cli/commands/work_items.py

@@ -0,0 +1,64 @@
+"""`lithora work-items` — the unified work graph: items, graph, cycle-time, PR status."""
+
+from __future__ import annotations
+
+from typing import Optional
+
+import typer
+
+from ._common import client, errors, out, show
+from ..output import render
+
+app = typer.Typer(no_args_is_help=True, help="The unified work graph.")
+
+
+@app.command("list")
+def list_items(ctx: typer.Context):
+    """List work items."""
+    with errors():
+        show(ctx, client(ctx).work_items.list(), columns=["work_item_id", "type", "title"])
+
+
+@app.command("graph")
+def graph(
+    ctx: typer.Context,
+    team: Optional[str] = typer.Option(None, "--team", "-t"),
+    project: Optional[str] = typer.Option(None, "--project", "-p"),
+):
+    """Show the work-graph nodes + edges (issues/PRs/docs/people)."""
+    if not team and not project:
+        raise typer.BadParameter("Pass --team or --project")
+    with errors():
+        data = client(ctx).work_items.graph(team_id=team, project_id=project)
+        if out(ctx) == "table":
+            typer.echo("Nodes: {}  Edges: {}".format(data.get("node_count", 0), data.get("edge_count", 0)))
+            render({"nodes": data.get("nodes", [])}, "table", columns=["kind", "label", "id"])
+        else:
+            show(ctx, data)
+
+
+@app.command("cycle-time")
+def cycle_time(
+    ctx: typer.Context,
+    team: Optional[str] = typer.Option(None, "--team", "-t"),
+    project: Optional[str] = typer.Option(None, "--project", "-p"),
+):
+    """Issue→PR-merge cycle-time analytics (Preview metric)."""
+    if not team and not project:
+        raise typer.BadParameter("Pass --team or --project")
+    with errors():
+        show(ctx, client(ctx).work_items.cycle_time(team_id=team, project_id=project))
+
+
+@app.command("pr-status")
+def pr_status(ctx: typer.Context, task_id: str = typer.Argument(...)):
+    """Live GitHub PR + CI status for a task."""
+    with errors():
+        show(ctx, client(ctx).work_items.pr_status(task_id))
+
+
+@app.command("resolve")
+def resolve(ctx: typer.Context, ref: str = typer.Option(..., "--ref", help="e.g. 412")):
+    """Resolve a #N PR/issue reference to its work item."""
+    with errors():
+        show(ctx, client(ctx).work_items.resolve_ref(ref.lstrip("#")))

lithora_cli/config.py

@@ -0,0 +1,178 @@
+"""CLI configuration: multi-profile contexts + secure token storage.
+
+Profiles (kubectl/aws-style) let you target multiple accounts/orgs. Non-secret
+state lives in ``~/.lithora/config.json`` (dir 700 / file 600); the bearer token
+is stored in the OS keychain via ``keyring`` when available (macOS Keychain,
+libsecret, Windows Credential Manager), falling back to the 600-mode file.
+
+Precedence (highest first):  CLI flag  >  env var  >  profile on disk  >  default.
+Env: ``LITHORA_TOKEN``, ``LITHORA_BASE_URL``, ``LITHORA_PROFILE``.
+
+Backward compatible with the v0.1 single-file shape ``{"base_url","token"}``,
+which is migrated into ``profiles.default`` on first write.
+"""
+
+from __future__ import annotations
+
+import json
+import os
+from dataclasses import dataclass
+from pathlib import Path
+from typing import Dict, Optional
+
+DEFAULT_BASE_URL = "https://api.lithora.io"
+CONFIG_DIR = Path.home() / ".lithora"
+CONFIG_PATH = CONFIG_DIR / "config.json"
+_KEYRING_SERVICE = "lithora-cli"
+
+try:  # keyring is optional — degrade gracefully to file storage.
+    import keyring as _keyring
+    from keyring.errors import KeyringError as _KeyringError
+except Exception:  # pragma: no cover - import guard
+    _keyring = None
+
+    class _KeyringError(Exception):
+        pass
+
+
+@dataclass
+class ResolvedConfig:
+    """The effective config for one command invocation."""
+    profile: str
+    base_url: str
+    token: Optional[str]
+
+
+def _read() -> dict:
+    try:
+        with CONFIG_PATH.open("r", encoding="utf-8") as fh:
+            data = json.load(fh)
+        return data if isinstance(data, dict) else {}
+    except (FileNotFoundError, ValueError, OSError):
+        return {}
+
+
+def _migrate(data: dict) -> dict:
+    """Upgrade a v0.1 flat file ({base_url, token}) to the profiles shape."""
+    if "profiles" in data:
+        return data
+    profiles: Dict[str, dict] = {}
+    if data.get("base_url") or data.get("token"):
+        profiles["default"] = {"base_url": data.get("base_url", DEFAULT_BASE_URL)}
+        if data.get("token"):
+            profiles["default"]["token"] = data["token"]  # keep where it was
+    return {"current_profile": "default", "profiles": profiles}
+
+
+def _write(data: dict) -> None:
+    CONFIG_DIR.mkdir(mode=0o700, parents=True, exist_ok=True)
+    try:
+        os.chmod(CONFIG_DIR, 0o700)
+    except OSError:
+        pass
+    fd = os.open(str(CONFIG_PATH), os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0o600)
+    with os.fdopen(fd, "w", encoding="utf-8") as fh:
+        json.dump(data, fh, indent=2)
+        fh.write("\n")
+    try:
+        os.chmod(CONFIG_PATH, 0o600)
+    except OSError:
+        pass
+
+
+# ---- token storage (keychain primary, file fallback) ----------------------
+
+def _keyring_account(profile: str, base_url: str) -> str:
+    return "{}@{}".format(profile, base_url)
+
+
+def _store_token(profile: str, base_url: str, token: str) -> bool:
+    """Try the OS keychain; return True if stored there (so we DON'T write it to file).
+
+    Any keyring failure (locked/absent/null backend) degrades to the file store.
+    """
+    if _keyring is not None:
+        try:
+            _keyring.set_password(_KEYRING_SERVICE, _keyring_account(profile, base_url), token)
+            return True
+        except Exception:
+            pass
+    return False
+
+
+def _load_token(profile: str, base_url: str, prof: dict) -> Optional[str]:
+    if _keyring is not None:
+        try:
+            tok = _keyring.get_password(_KEYRING_SERVICE, _keyring_account(profile, base_url))
+            if tok:
+                return tok
+        except Exception:
+            pass
+    return prof.get("token")  # file fallback
+
+
+# ---- public API -----------------------------------------------------------
+
+def current_profile() -> str:
+    return os.environ.get("LITHORA_PROFILE") or _migrate(_read()).get("current_profile", "default")
+
+
+def list_profiles() -> Dict[str, dict]:
+    return _migrate(_read()).get("profiles", {})
+
+
+def resolve(profile: Optional[str] = None, base_url: Optional[str] = None,
+            token: Optional[str] = None) -> ResolvedConfig:
+    """Compute the effective config (flag > env > file > default)."""
+    data = _migrate(_read())
+    prof_name = profile or os.environ.get("LITHORA_PROFILE") or data.get("current_profile", "default")
+    prof = data.get("profiles", {}).get(prof_name, {})
+
+    eff_base = (base_url or os.environ.get("LITHORA_BASE_URL")
+                or prof.get("base_url") or DEFAULT_BASE_URL).rstrip("/")
+    eff_token = token or os.environ.get("LITHORA_TOKEN") or _load_token(prof_name, eff_base, prof)
+    return ResolvedConfig(profile=prof_name, base_url=eff_base, token=eff_token)
+
+
+def save_login(profile: str, base_url: str, token: str) -> str:
+    """Persist a successful login. Returns where the token was stored ('keychain'|'file')."""
+    data = _migrate(_read())
+    data.setdefault("profiles", {})
+    prof = data["profiles"].setdefault(profile, {})
+    prof["base_url"] = base_url.rstrip("/")
+    prof.pop("token", None)
+    data.setdefault("current_profile", profile)
+
+    in_keychain = _store_token(profile, base_url, token)
+    if not in_keychain:
+        prof["token"] = token  # 600-mode file fallback
+    _write(data)
+    return "keychain" if in_keychain else "file"
+
+
+def set_base_url(profile: str, base_url: str) -> None:
+    data = _migrate(_read())
+    data.setdefault("profiles", {}).setdefault(profile, {})["base_url"] = base_url.rstrip("/")
+    _write(data)
+
+
+def use_profile(profile: str) -> None:
+    data = _migrate(_read())
+    data["current_profile"] = profile
+    data.setdefault("profiles", {}).setdefault(profile, {"base_url": DEFAULT_BASE_URL})
+    _write(data)
+
+
+def clear_token(profile: str) -> None:
+    """Logout: remove the token from keychain and file for one profile."""
+    data = _migrate(_read())
+    prof = data.get("profiles", {}).get(profile, {})
+    base_url = prof.get("base_url", DEFAULT_BASE_URL)
+    if _keyring is not None:
+        try:
+            _keyring.delete_password(_KEYRING_SERVICE, _keyring_account(profile, base_url))
+        except Exception:
+            pass
+    if "token" in prof:
+        prof.pop("token", None)
+        _write(data)

lithora_cli/main.py

@@ -0,0 +1,164 @@
+"""Lithora CLI — the terminal-native control plane for Lithora.
+
+Built on the shared `lithora` Python SDK (no vendored HTTP client). Typer app
+with multi-profile config, secure token storage, a stable --json contract, and
+the confirmation-gated agent (`lithora ai`).
+"""
+
+from __future__ import annotations
+
+import sys
+from typing import Optional
+
+import typer
+
+from lithora import AuthChallengeError, AuthError, Lithora, LithoraError
+
+from . import __version__, config
+from .commands import (
+    account, automations, github, projects, search, tasks, teams, work_items, ai,
+)
+from .output import error, exit_code_for, is_tty, success
+
+app = typer.Typer(
+    no_args_is_help=True,
+    add_completion=True,
+    help="Lithora — manage teams, projects, issues, automations and the AI agent from your terminal.",
+    rich_markup_mode="rich",
+)
+
+
+def _version_cb(value: bool):
+    if value:
+        typer.echo("lithora {}".format(__version__))
+        raise typer.Exit(0)
+
+
+@app.callback()
+def main_callback(
+    ctx: typer.Context,
+    profile: Optional[str] = typer.Option(None, "--profile", envvar="LITHORA_PROFILE", help="Config profile/context."),
+    base_url: Optional[str] = typer.Option(None, "--base-url", envvar="LITHORA_BASE_URL", help="API root."),
+    output: str = typer.Option("table", "--output", "-o", envvar="LITHORA_OUTPUT", help="table | json | yaml"),
+    token: Optional[str] = typer.Option(None, "--token", envvar="LITHORA_TOKEN", help="Bearer token override.", show_default=False),
+    debug: bool = typer.Option(False, "--debug", help="Verbose, redacted request logging."),
+    _version: bool = typer.Option(None, "--version", callback=_version_cb, is_eager=True, help="Show version and exit."),
+):
+    """Resolve config and build the API client for the subcommand."""
+    if output not in ("table", "json", "yaml"):
+        raise typer.BadParameter("output must be one of: table, json, yaml")
+    cfg = config.resolve(profile=profile, base_url=base_url, token=token)
+
+    # Security: warn loudly when pointed at a non-HTTPS / non-Lithora host.
+    if cfg.base_url.startswith("http://") and "localhost" not in cfg.base_url and "127.0.0.1" not in cfg.base_url:
+        error("WARNING: insecure base URL ({}). Tokens will be sent over plaintext.".format(cfg.base_url))
+
+    ctx.obj = {
+        "client": Lithora(base_url=cfg.base_url, token=cfg.token, timeout=60),
+        "config": cfg,
+        "output": output,
+        "debug": debug,
+    }
+
+
+# ---- top-level auth commands ----------------------------------------------
+
+@app.command()
+def login(
+    ctx: typer.Context,
+    email: Optional[str] = typer.Option(None, "--email", "-e", help="Account email (prompted if omitted)."),
+    password_stdin: bool = typer.Option(False, "--password-stdin", help="Read the password from stdin (CI)."),
+):
+    """Authenticate and store a token securely (keychain, else 600-mode file).
+
+    The password is never accepted as a flag value (shell history / argv leak).
+    Use the interactive prompt, or pipe it with --password-stdin in CI.
+    """
+    cfg = ctx.obj["config"]
+    email = email or typer.prompt("Email")
+    if password_stdin or not is_tty():
+        pw = sys.stdin.readline().rstrip("\n")
+    else:
+        pw = typer.prompt("Password", hide_input=True)
+
+    client = Lithora(base_url=cfg.base_url)
+    try:
+        user = client.login(email, pw)
+    except AuthChallengeError as e:
+        error(str(e))
+        error("2FA/OTP login isn't supported headlessly yet — use --token, or a PAT once available.")
+        raise typer.Exit(exit_code_for(401))
+    except AuthError as e:
+        error(str(getattr(e, "detail", e)) + "  (check email/password)")
+        raise typer.Exit(exit_code_for(401))
+    except LithoraError as e:
+        error(str(e))
+        raise typer.Exit(1)
+
+    where = config.save_login(cfg.profile, cfg.base_url, client.token)
+    success("Logged in as {} (profile '{}', token in {}).".format(
+        user.get("email") or user.get("name") or email, cfg.profile, where))
+
+
+@app.command()
+def logout(ctx: typer.Context):
+    """Remove the stored token for the current profile."""
+    cfg = ctx.obj["config"]
+    config.clear_token(cfg.profile)
+    success("Logged out of profile '{}'.".format(cfg.profile))
+
+
+@app.command()
+def whoami(ctx: typer.Context):
+    """Show the currently authenticated user."""
+    from .commands._common import errors, show
+    with errors():
+        show(ctx, ctx.obj["client"].auth.me(),
+             columns=["user_id", "name", "email", "role"])
+
+
+@app.command()
+def doctor(ctx: typer.Context):
+    """Diagnose auth, connectivity and config."""
+    cfg = ctx.obj["config"]
+    typer.echo("lithora {}".format(__version__))
+    typer.echo("profile     : {}".format(cfg.profile))
+    typer.echo("base url    : {}".format(cfg.base_url))
+    typer.echo("token       : {}".format("present" if cfg.token else "MISSING (run 'lithora login')"))
+    if not cfg.token:
+        raise typer.Exit(0)
+    try:
+        me = ctx.obj["client"].auth.me()
+        typer.secho("auth        : OK ({})".format(me.get("email") or me.get("user_id")), fg=typer.colors.GREEN)
+    except AuthError:
+        typer.secho("auth        : FAILED — token rejected (re-run 'lithora login')", fg=typer.colors.RED)
+        raise typer.Exit(exit_code_for(401))
+    except LithoraError as e:
+        typer.secho("connectivity: FAILED — {}".format(e), fg=typer.colors.RED)
+        raise typer.Exit(1)
+
+
+# ---- command groups --------------------------------------------------------
+app.add_typer(teams.app, name="teams")
+app.add_typer(projects.app, name="projects")
+app.add_typer(tasks.app, name="tasks")
+app.add_typer(work_items.app, name="work-items")
+app.add_typer(automations.app, name="automations")
+app.add_typer(github.app, name="github")
+app.add_typer(search.app, name="search")
+app.add_typer(ai.app, name="ai")
+app.add_typer(account.token_app, name="token")
+app.add_typer(account.profile_app, name="profile")
+
+
+def main():
+    """Console-script entry point with top-level signal handling."""
+    try:
+        app()
+    except KeyboardInterrupt:
+        error("Interrupted.")
+        raise SystemExit(130)
+
+
+if __name__ == "__main__":
+    main()

lithora_cli/output.py

@@ -0,0 +1,141 @@
+"""Output contract: JSON/table formatting, TTY detection, exit codes, error mapping.
+
+Two output modes drive everything:
+  * ``json``  — stable, machine-parseable (the exact API payload); for scripting/CI.
+  * ``table`` — human, TTY-aware, colorized (rich); the default on a terminal.
+
+Exit codes follow Unix conventions so CI can branch on them.
+"""
+
+from __future__ import annotations
+
+import json
+import sys
+from typing import Any, Dict, List, Optional, Sequence
+
+try:
+    from rich.console import Console
+    from rich.table import Table
+    _console = Console()
+    _err_console = Console(stderr=True)
+    _HAVE_RICH = True
+except Exception:  # pragma: no cover
+    _console = None
+    _err_console = None
+    _HAVE_RICH = False
+
+# ---- exit codes -----------------------------------------------------------
+EXIT_OK = 0
+EXIT_ERROR = 1          # generic failure
+EXIT_USAGE = 2          # bad usage / confirmation needed but no TTY/--yes
+EXIT_AUTH = 3           # 401 / not logged in
+EXIT_NOTFOUND = 4       # 404
+EXIT_CONFLICT = 5       # 409
+EXIT_VALIDATION = 22    # 400/422 invalid input
+EXIT_INTERRUPT = 130    # Ctrl-C
+
+
+def is_tty() -> bool:
+    return sys.stdout.isatty()
+
+
+def exit_code_for(status: Optional[int]) -> int:
+    return {
+        401: EXIT_AUTH, 403: EXIT_AUTH,
+        404: EXIT_NOTFOUND,
+        409: EXIT_CONFLICT,
+        400: EXIT_VALIDATION, 422: EXIT_VALIDATION,
+    }.get(status or 0, EXIT_ERROR)
+
+
+def print_json(data: Any) -> None:
+    sys.stdout.write(json.dumps(data, indent=2, default=str) + "\n")
+
+
+def error(message: str) -> None:
+    """Write an error to stderr (red on a TTY)."""
+    if _HAVE_RICH and _err_console is not None:
+        _err_console.print("[bold red]Error:[/] {}".format(message))
+    else:
+        sys.stderr.write("Error: {}\n".format(message))
+
+
+def success(message: str) -> None:
+    if _HAVE_RICH and _console is not None and is_tty():
+        _console.print("[bold green]✓[/] {}".format(message))
+    else:
+        sys.stdout.write(message + "\n")
+
+
+def _coerce_rows(data: Any) -> List[Dict[str, Any]]:
+    if isinstance(data, dict):
+        # common envelopes: {teams:[...]}, {tasks:[...]}, {results:[...]}, {items:[...]}
+        for key in ("items", "results", "data", "teams", "projects", "tasks",
+                    "automations", "sessions", "pending", "runs", "versions",
+                    "work_items", "nodes", "repos", "repositories"):
+            if isinstance(data.get(key), list):
+                return data[key]
+        return [data]
+    if isinstance(data, list):
+        return [r if isinstance(r, dict) else {"value": r} for r in data]
+    return [{"value": data}]
+
+
+def render(data: Any, output: str = "table", *, columns: Optional[Sequence[str]] = None,
+           title: Optional[str] = None) -> None:
+    """Render a payload in the requested mode. ``columns`` selects/orders table fields."""
+    if output == "json":
+        print_json(data)
+        return
+    if output == "yaml":
+        try:
+            import yaml  # optional
+            sys.stdout.write(yaml.safe_dump(data, sort_keys=False))
+            return
+        except Exception:
+            print_json(data)
+            return
+
+    rows = _coerce_rows(data)
+    if not rows:
+        if is_tty():
+            (_console or sys).print("[dim]— no results —[/]") if _HAVE_RICH else print("— no results —")
+        return
+
+    cols = list(columns) if columns else _auto_columns(rows)
+    if _HAVE_RICH and _console is not None and is_tty():
+        table = Table(title=title, header_style="bold", expand=False)
+        for c in cols:
+            table.add_column(c)
+        for r in rows:
+            table.add_row(*[_fmt_cell(r.get(c)) for c in cols])
+        _console.print(table)
+    else:  # non-TTY / no rich → tab-separated (pipe-friendly)
+        sys.stdout.write("\t".join(cols) + "\n")
+        for r in rows:
+            sys.stdout.write("\t".join(_fmt_cell(r.get(c)) for c in cols) + "\n")
+
+
+def _auto_columns(rows: List[Dict[str, Any]]) -> List[str]:
+    preferred = ["id", "task_id", "project_id", "team_id", "automation_id", "session_id",
+                 "name", "title", "status", "priority", "trigger_type", "is_active",
+                 "created_at", "updated_at"]
+    keys: List[str] = []
+    seen = set(rows[0].keys())
+    for p in preferred:
+        if p in seen and p not in keys:
+            keys.append(p)
+    for k in rows[0].keys():
+        if k not in keys and not str(k).startswith("_") and len(keys) < 7:
+            keys.append(k)
+    return keys or list(rows[0].keys())[:7]
+
+
+def _fmt_cell(v: Any) -> str:
+    if v is None:
+        return "-"
+    if isinstance(v, bool):
+        return "yes" if v else "no"
+    if isinstance(v, (list, dict)):
+        return json.dumps(v, default=str)[:60]
+    return str(v)