lithora-cli 0.2.0__tar.gz

lithora_cli-0.2.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Lithora
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

lithora_cli-0.2.0/MANIFEST.in

@@ -0,0 +1,9 @@
+include LICENSE
+prune tests
+global-exclude *.py[cod]
+global-exclude __pycache__
+
+# Ship ONLY the README among markdown — keep internal docs (EXPANSION_PLAN.md,
+# roadmaps, plans, in-progress changelogs) out of the public PyPI distribution.
+global-exclude *.md
+include README.md

lithora_cli-0.2.0/PKG-INFO

@@ -0,0 +1,162 @@
+Metadata-Version: 2.4
+Name: lithora-cli
+Version: 0.2.0
+Summary: Command-line interface for the Lithora REST API (the agent-grade control plane)
+Author-email: Lithora <support@lithora.io>
+License-Expression: MIT
+Project-URL: Homepage, https://lithora.io
+Project-URL: Documentation, https://github.com/AADI0009/SaaS-App/tree/main/cli
+Project-URL: Repository, https://github.com/AADI0009/SaaS-App
+Project-URL: Issues, https://github.com/AADI0009/SaaS-App/issues
+Project-URL: API, https://api.lithora.io
+Keywords: lithora,cli,project-management,api,agent
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Topic :: Utilities
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: typer>=0.12
+Requires-Dist: rich>=13
+Requires-Dist: keyring>=24
+Requires-Dist: lithora>=0.1
+Provides-Extra: yaml
+Requires-Dist: pyyaml>=6; extra == "yaml"
+Provides-Extra: dev
+Requires-Dist: pytest>=7; extra == "dev"
+Requires-Dist: responses>=0.23; extra == "dev"
+Dynamic: license-file
+
+# lithora — the Lithora CLI
+
+The terminal-native, agent-grade control plane for [Lithora](https://lithora.io).
+Manage teams, projects, issues, automations — and drive the **confirmation-gated AI
+agent** — without leaving your shell or your CI pipeline.
+
+Built on the official [`lithora`](../sdk/python) Python SDK (one shared HTTP core,
+nothing vendored). `v0.2` — **beta**.
+
+## Install
+
+```bash
+pipx install lithora-cli         # recommended (isolated)
+# or
+pip install lithora-cli
+```
+
+This installs the `lithora` command. Requires Python 3.9+. Optional: `keyring`
+(used automatically for OS-keychain token storage; falls back to a 600-mode file).
+
+## Quickstart (every command here is real)
+
+```bash
+# 1. Point at your API (defaults to https://api.lithora.io)
+export LITHORA_BASE_URL=http://localhost:8000          # optional, local dev
+
+# 2. Log in (password is prompted securely; token → OS keychain or 600-mode file)
+lithora login --email you@example.com
+lithora whoami
+lithora doctor                                         # diagnose auth/connectivity
+
+# 3. Projects & issues
+lithora teams list
+lithora projects create --name "Q3 Launch" --team <team_id>
+lithora tasks create --title "Wire up billing" --project <project_id> --priority high
+lithora tasks list --project <project_id> --status todo
+lithora tasks status <task_id> in_progress
+
+# 4. The AI agent — propose → approve in the terminal → apply
+lithora ai "break the autosave issue into a parent task and subtasks"
+#   → renders the plan, asks "Approve? [y]es / [n]o", then applies on approval.
+
+# 5. Automations, GitHub, the work graph
+lithora automations list
+lithora automations execute <automation_id>
+lithora work-items graph --team <team_id>
+lithora work-items pr-status <task_id>
+```
+
+## The confirmation gate (the keystone)
+
+The agent **never writes without your approval**. `lithora ai "<prompt>"` shows the
+proposed plan and waits:
+
+```
+ACTION PLAN  (requires confirmation)
+  1. + task: Add autosave to the editor   [acme/web#418]
+       - subtask: Persist drafts to localStorage
+       - subtask: Debounced autosave on change
+  Summary: Agent will create 1 task + 3 subtasks
+Approve? [y]es / [n]o:
+```
+
+- **Interactive:** `y` applies it, `n` discards it.
+- **CI / non-interactive:** add `--yes` to auto-approve, e.g.
+  `lithora ai chat "<prompt>" --yes` (the plan is still printed first). `lithora ai
+  "<prompt>"` is shorthand for `lithora ai chat`, so the flag works on both forms.
+  Without a TTY and without `--yes`, the CLI **refuses to write** and exits `2` —
+  so an unattended run can never silently mutate your workspace.
+- **Overnight digests:** `lithora ai pending` lists plans the scheduled triage agent
+  staged; approve one with `lithora ai confirm <action_id> --session <sid>`.
+
+## Output & scripting
+
+```bash
+lithora tasks list --project P -o json | jq '.tasks[].title'   # stable JSON
+lithora -o json automations list                               # machine-readable
+```
+
+- `--output table` (default, colorized on a TTY) · `--output json` (stable, for CI) · `--output yaml`.
+- **Exit codes:** `0` ok · `2` usage / confirmation-needed · `3` auth · `4` not-found ·
+  `5` conflict · `22` invalid input · `130` interrupted.
+
+## Profiles, config & tokens
+
+```bash
+lithora profile list
+lithora --profile work whoami            # target a different account/org
+lithora token create --name "GitHub CI" --scope tasks:write --expires-in-days 90
+lithora token list
+lithora token revoke <token_id>
+```
+
+- Config lives in `~/.lithora/config.json` (dir `700` / file `600`). The bearer token
+  is stored in your **OS keychain** when available, else the 600-mode file.
+- Precedence: **flag > env (`LITHORA_TOKEN`/`LITHORA_BASE_URL`/`LITHORA_PROFILE`) > profile > default**.
+- The password is never accepted as a flag value (argv/history leak). Use the prompt
+  or `--password-stdin` in CI.
+
+## CI example (GitHub Actions)
+
+```yaml
+- name: Create a Lithora issue from a failing build
+  if: failure()
+  env:
+    LITHORA_TOKEN: ${{ secrets.LITHORA_PAT }}      # a scoped PAT (lithora token create)
+  run: |
+    pipx install lithora-cli
+    lithora tasks create --title "CI failed on ${{ github.sha }}" \
+      --project "$LITHORA_PROJECT" --priority high -o json
+```
+
+## Command map
+
+`login` · `logout` · `whoami` · `doctor` · `--version`
+`teams` · `projects` · `tasks` · `work-items` · `automations` · `github` · `search`
+`ai` (chat / pending / confirm / sessions) · `token` · `profile`
+
+Run `lithora <group> --help` for the full surface. See
+[`EXPANSION_PLAN.md`](EXPANSION_PLAN.md) for the roadmap.
+
+## License
+
+MIT — see [LICENSE](LICENSE).

lithora_cli-0.2.0/README.md

@@ -0,0 +1,124 @@
+# lithora — the Lithora CLI
+
+The terminal-native, agent-grade control plane for [Lithora](https://lithora.io).
+Manage teams, projects, issues, automations — and drive the **confirmation-gated AI
+agent** — without leaving your shell or your CI pipeline.
+
+Built on the official [`lithora`](../sdk/python) Python SDK (one shared HTTP core,
+nothing vendored). `v0.2` — **beta**.
+
+## Install
+
+```bash
+pipx install lithora-cli         # recommended (isolated)
+# or
+pip install lithora-cli
+```
+
+This installs the `lithora` command. Requires Python 3.9+. Optional: `keyring`
+(used automatically for OS-keychain token storage; falls back to a 600-mode file).
+
+## Quickstart (every command here is real)
+
+```bash
+# 1. Point at your API (defaults to https://api.lithora.io)
+export LITHORA_BASE_URL=http://localhost:8000          # optional, local dev
+
+# 2. Log in (password is prompted securely; token → OS keychain or 600-mode file)
+lithora login --email you@example.com
+lithora whoami
+lithora doctor                                         # diagnose auth/connectivity
+
+# 3. Projects & issues
+lithora teams list
+lithora projects create --name "Q3 Launch" --team <team_id>
+lithora tasks create --title "Wire up billing" --project <project_id> --priority high
+lithora tasks list --project <project_id> --status todo
+lithora tasks status <task_id> in_progress
+
+# 4. The AI agent — propose → approve in the terminal → apply
+lithora ai "break the autosave issue into a parent task and subtasks"
+#   → renders the plan, asks "Approve? [y]es / [n]o", then applies on approval.
+
+# 5. Automations, GitHub, the work graph
+lithora automations list
+lithora automations execute <automation_id>
+lithora work-items graph --team <team_id>
+lithora work-items pr-status <task_id>
+```
+
+## The confirmation gate (the keystone)
+
+The agent **never writes without your approval**. `lithora ai "<prompt>"` shows the
+proposed plan and waits:
+
+```
+ACTION PLAN  (requires confirmation)
+  1. + task: Add autosave to the editor   [acme/web#418]
+       - subtask: Persist drafts to localStorage
+       - subtask: Debounced autosave on change
+  Summary: Agent will create 1 task + 3 subtasks
+Approve? [y]es / [n]o:
+```
+
+- **Interactive:** `y` applies it, `n` discards it.
+- **CI / non-interactive:** add `--yes` to auto-approve, e.g.
+  `lithora ai chat "<prompt>" --yes` (the plan is still printed first). `lithora ai
+  "<prompt>"` is shorthand for `lithora ai chat`, so the flag works on both forms.
+  Without a TTY and without `--yes`, the CLI **refuses to write** and exits `2` —
+  so an unattended run can never silently mutate your workspace.
+- **Overnight digests:** `lithora ai pending` lists plans the scheduled triage agent
+  staged; approve one with `lithora ai confirm <action_id> --session <sid>`.
+
+## Output & scripting
+
+```bash
+lithora tasks list --project P -o json | jq '.tasks[].title'   # stable JSON
+lithora -o json automations list                               # machine-readable
+```
+
+- `--output table` (default, colorized on a TTY) · `--output json` (stable, for CI) · `--output yaml`.
+- **Exit codes:** `0` ok · `2` usage / confirmation-needed · `3` auth · `4` not-found ·
+  `5` conflict · `22` invalid input · `130` interrupted.
+
+## Profiles, config & tokens
+
+```bash
+lithora profile list
+lithora --profile work whoami            # target a different account/org
+lithora token create --name "GitHub CI" --scope tasks:write --expires-in-days 90
+lithora token list
+lithora token revoke <token_id>
+```
+
+- Config lives in `~/.lithora/config.json` (dir `700` / file `600`). The bearer token
+  is stored in your **OS keychain** when available, else the 600-mode file.
+- Precedence: **flag > env (`LITHORA_TOKEN`/`LITHORA_BASE_URL`/`LITHORA_PROFILE`) > profile > default**.
+- The password is never accepted as a flag value (argv/history leak). Use the prompt
+  or `--password-stdin` in CI.
+
+## CI example (GitHub Actions)
+
+```yaml
+- name: Create a Lithora issue from a failing build
+  if: failure()
+  env:
+    LITHORA_TOKEN: ${{ secrets.LITHORA_PAT }}      # a scoped PAT (lithora token create)
+  run: |
+    pipx install lithora-cli
+    lithora tasks create --title "CI failed on ${{ github.sha }}" \
+      --project "$LITHORA_PROJECT" --priority high -o json
+```
+
+## Command map
+
+`login` · `logout` · `whoami` · `doctor` · `--version`
+`teams` · `projects` · `tasks` · `work-items` · `automations` · `github` · `search`
+`ai` (chat / pending / confirm / sessions) · `token` · `profile`
+
+Run `lithora <group> --help` for the full surface. See
+[`EXPANSION_PLAN.md`](EXPANSION_PLAN.md) for the roadmap.
+
+## License
+
+MIT — see [LICENSE](LICENSE).

lithora_cli-0.2.0/lithora_cli/__init__.py

@@ -0,0 +1,3 @@
+"""lithora-cli — the terminal-native, agent-grade control plane for Lithora."""
+
+__version__ = "0.2.0"

lithora_cli-0.2.0/lithora_cli/commands/_common.py

@@ -0,0 +1,41 @@
+"""Shared command helpers: client access + clean SDK-error → exit-code mapping."""
+
+from __future__ import annotations
+
+from contextlib import contextmanager
+
+import typer
+
+from lithora import ApiError, AuthError, LithoraError
+from ..output import error, exit_code_for, render
+
+
+def client(ctx: typer.Context):
+    """The authenticated Lithora client built by the global callback."""
+    return ctx.obj["client"]
+
+
+def out(ctx: typer.Context) -> str:
+    return ctx.obj.get("output", "table")
+
+
+@contextmanager
+def errors():
+    """Map SDK exceptions to a friendly stderr message + the right exit code."""
+    try:
+        yield
+    except AuthError as e:
+        detail = getattr(e, "detail", None) or str(e)
+        error("{}  (run 'lithora login')".format(detail))
+        raise typer.Exit(exit_code_for(getattr(e, "status_code", 401)))
+    except ApiError as e:
+        error(str(getattr(e, "detail", None) or e))
+        raise typer.Exit(exit_code_for(getattr(e, "status_code", None)))
+    except LithoraError as e:
+        error(str(e))
+        raise typer.Exit(1)
+
+
+def show(ctx: typer.Context, data, *, columns=None, title=None) -> None:
+    """Render a payload in the invocation's output mode."""
+    render(data, out(ctx), columns=columns, title=title)

lithora_cli-0.2.0/lithora_cli/commands/account.py

@@ -0,0 +1,70 @@
+"""`lithora token` (PATs) and `lithora profile` (contexts)."""
+
+from __future__ import annotations
+
+from typing import List, Optional
+
+import typer
+
+from .. import config
+from ._common import client, errors, show
+from ..output import success
+
+# ---- token group (Personal Access Tokens) ---------------------------------
+token_app = typer.Typer(no_args_is_help=True, help="Personal access tokens (scoped API keys).")
+
+
+@token_app.command("create")
+def token_create(
+    ctx: typer.Context,
+    name: str = typer.Option(..., "--name", "-n", help="Label for the token"),
+    scopes: Optional[List[str]] = typer.Option(None, "--scope", help="Repeatable, e.g. tasks:write"),
+    expires_in_days: Optional[int] = typer.Option(None, "--expires-in-days"),
+):
+    """Mint a scoped PAT (the secret is shown ONCE — store it securely)."""
+    with errors():
+        show(ctx, client(ctx).tokens.create(name, scopes=scopes or None, expires_in_days=expires_in_days))
+
+
+@token_app.command("list")
+def token_list(ctx: typer.Context):
+    """List your PATs (masked)."""
+    with errors():
+        show(ctx, client(ctx).tokens.list(),
+             columns=["token_id", "name", "scopes", "expires_at", "last_used_at"])
+
+
+@token_app.command("revoke")
+def token_revoke(ctx: typer.Context, token_id: str = typer.Argument(...)):
+    """Revoke a PAT immediately."""
+    with errors():
+        client(ctx).tokens.revoke(token_id)
+        success("Revoked {}".format(token_id))
+
+
+# ---- profile group (contexts) ---------------------------------------------
+profile_app = typer.Typer(no_args_is_help=True, help="Switch between accounts/orgs (contexts).")
+
+
+@profile_app.command("list")
+def profile_list(ctx: typer.Context):
+    """List configured profiles."""
+    cur = config.current_profile()
+    rows = [{"profile": ("* " + n) if n == cur else n, "base_url": p.get("base_url", "")}
+            for n, p in config.list_profiles().items()]
+    show(ctx, {"profiles": rows or [{"profile": "default", "base_url": config.DEFAULT_BASE_URL}]},
+         columns=["profile", "base_url"])
+
+
+@profile_app.command("use")
+def profile_use(name: str = typer.Argument(..., help="Profile name to switch to")):
+    """Set the active profile."""
+    config.use_profile(name)
+    success("Now using profile '{}'".format(name))
+
+
+@profile_app.command("show")
+def profile_show(ctx: typer.Context):
+    """Show the active profile + base URL (token not printed)."""
+    cfg = ctx.obj["config"]
+    show(ctx, {"profile": cfg.profile, "base_url": cfg.base_url, "authenticated": bool(cfg.token)})

lithora_cli-0.2.0/lithora_cli/commands/ai.py

@@ -0,0 +1,192 @@
+"""`lithora ai` — the confirmation-gated agent, in your terminal.
+
+    lithora ai "plan the Q3 launch into tasks"     # propose → approve → apply
+    lithora ai pending                             # staged overnight-triage plans
+    lithora ai confirm <action_id> --session <sid> # approve a staged plan
+    lithora ai sessions                            # your AI sessions
+
+The agent NEVER writes without approval: chat returns a PLAN; you approve it here.
+"""
+
+from __future__ import annotations
+
+from typing import Optional
+
+import typer
+from typer.core import TyperGroup
+
+try:  # standard Typer depends on the real click…
+    import click  # type: ignore
+except ImportError:  # …typer-slim vendors it as typer._click
+    from typer import _click as click  # type: ignore
+
+from ._common import client, errors, out, show
+from ..output import error, is_tty, print_json, success, EXIT_USAGE
+
+
+class _AiGroup(TyperGroup):
+    """Route a bare prompt to ``chat`` so ``lithora ai "plan the launch"`` works.
+
+    Real subcommands (chat/pending/confirm/sessions) still resolve normally; only
+    when the first token isn't one of them do we treat the whole arg list as a
+    chat message — so the natural-language shortcut and the structured commands
+    coexist without one stealing the other.
+    """
+
+    def resolve_command(self, ctx, args):
+        try:
+            return super().resolve_command(ctx, args)
+        except click.exceptions.UsageError:
+            chat_cmd = self.get_command(ctx, "chat")
+            if chat_cmd is None:  # pragma: no cover - chat is always registered
+                raise
+            return chat_cmd.name, chat_cmd, args
+
+
+app = typer.Typer(
+    cls=_AiGroup,
+    no_args_is_help=False,
+    invoke_without_command=True,
+    # Tolerate a leading flag before the prompt (e.g. `ai --yes "do it"`); the
+    # bare prompt itself is rerouted to `chat` by _AiGroup.resolve_command.
+    context_settings={"allow_extra_args": True, "ignore_unknown_options": True},
+    help="Talk to the confirmation-gated Lithora agent.",
+)
+
+
+def _render_plan(plan: dict) -> None:
+    """Pretty-print a staged plan (summary + planned actions)."""
+    typer.secho("\nACTION PLAN  (requires confirmation)", fg=typer.colors.YELLOW, bold=True)
+    typer.echo("  Action: {}   Status: {}".format(
+        plan.get("action_id", "?"), plan.get("state", "waiting_confirmation")))
+    for i, a in enumerate((plan.get("planned_actions") or []), 1):
+        kind = a.get("type", "action")
+        if kind == "task":
+            gh = ""
+            if a.get("github_repo"):
+                gh = "  [{}{}]".format(a["github_repo"],
+                                      "#{}".format(a["github_issue_number"]) if a.get("github_issue_number") else "")
+            typer.echo("  {}. + task: {}{}".format(i, a.get("title", "?"), gh))
+            for s in (a.get("subtasks") or []):
+                typer.echo("       - subtask: {}".format(s.get("title", "?")))
+        elif kind in ("subtask", "note"):
+            typer.echo("  {}. + {}: {}".format(i, kind, a.get("title", "?")))
+        else:
+            typer.echo("  {}. {}".format(i, a.get("label") or a.get("tool") or kind))
+    typer.echo("  Summary: {}".format(plan.get("summary", "")))
+
+
+def _apply(ctx, session_id: str, action_id: str, confirmed: bool) -> None:
+    res = client(ctx).ai.confirm_agent_action(session_id, action_id, confirmed)
+    if out(ctx) == "json":
+        print_json(res)
+        return
+    if not confirmed:
+        success("Discarded — nothing was written.")
+        return
+    success(res.get("response", "Applied."))
+    for inv in (res.get("action_plan", {}) or {}).get("tool_invocations", []):
+        ok = "✓" if inv.get("success") else "✗"
+        typer.echo("  {} {}".format(ok, inv.get("function")))
+
+
+@app.callback(invoke_without_command=True)
+def ai_main(ctx: typer.Context):
+    """Send a message; if the agent proposes changes, approve them in the terminal.
+
+    `lithora ai "<prompt>"` is a shortcut for `lithora ai chat "<prompt>"` —
+    a bare prompt is routed to the chat subcommand (see _AiGroup), so flags like
+    --yes / --session work the same either way.
+    """
+    if ctx.invoked_subcommand is None:
+        typer.echo(ctx.get_help())
+        raise typer.Exit(0)
+
+
+@app.command("chat")
+def chat(
+    ctx: typer.Context,
+    prompt: str = typer.Argument(..., help="Your message to the agent"),
+    session: Optional[str] = typer.Option(None, "--session", "-s", help="Existing session id"),
+    yes: bool = typer.Option(False, "--yes", "-y", help="Auto-approve the plan (CI)"),
+):
+    """Chat with the agent (full form, with --yes / --session)."""
+    _do_chat(ctx, prompt, session=session, yes=yes)
+
+
+def _do_chat(ctx: typer.Context, prompt: str, session: Optional[str], yes: bool) -> None:
+    with errors():
+        c = client(ctx)
+        sid = session or c.ai.create_session().get("session_id")
+        resp = c.ai.chat(sid, prompt)
+
+        if out(ctx) == "json":
+            print_json(resp)
+            # In JSON mode, still honor --yes so CI can one-shot.
+            plan = resp.get("action_plan") or {}
+            if resp.get("requires_confirmation") and plan.get("action_id") and yes:
+                _apply(ctx, sid, plan["action_id"], True)
+            return
+
+        plan = resp.get("action_plan") or {}
+        if not (resp.get("requires_confirmation") and plan.get("action_id")):
+            # plain answer (no mutations proposed)
+            typer.echo(resp.get("response", ""))
+            if not session:
+                typer.secho("\n(session: {})".format(sid), dim=True)
+            return
+
+        _render_plan(plan)
+        action_id = plan["action_id"]
+
+        if yes:
+            typer.echo("\n--yes → approving.")
+            _apply(ctx, sid, action_id, True)
+            return
+        if not is_tty():
+            error("This plan requires confirmation but stdin is not a TTY. "
+                  "Re-run with --yes, or: lithora ai confirm {} --session {}".format(action_id, sid))
+            raise typer.Exit(EXIT_USAGE)
+
+        choice = typer.prompt("\nApprove? [y]es / [n]o", default="n").strip().lower()
+        _apply(ctx, sid, action_id, choice in ("y", "yes"))
+        if not session:
+            typer.secho("(session: {})".format(sid), dim=True)
+
+
+@app.command("pending")
+def pending(ctx: typer.Context):
+    """List staged-but-unapproved agent plans (e.g. overnight triage)."""
+    with errors():
+        data = client(ctx).ai.list_pending_actions()
+        if out(ctx) == "json":
+            print_json(data)
+            return
+        items = data.get("pending", []) if isinstance(data, dict) else (data or [])
+        if not items:
+            typer.echo("No staged plans awaiting approval.")
+            return
+        for p in items:
+            _render_plan(p)
+            typer.echo("  approve: lithora ai confirm {} --session {}\n".format(
+                p.get("action_id"), p.get("session_id")))
+
+
+@app.command("confirm")
+def confirm(
+    ctx: typer.Context,
+    action_id: str = typer.Argument(...),
+    session: str = typer.Option(..., "--session", "-s"),
+    reject: bool = typer.Option(False, "--reject", help="Reject instead of approve"),
+):
+    """Approve (or --reject) a staged agent plan by id."""
+    with errors():
+        _apply(ctx, session, action_id, not reject)
+
+
+@app.command("sessions")
+def sessions(ctx: typer.Context):
+    """List your AI sessions."""
+    with errors():
+        show(ctx, client(ctx).ai.list_sessions(),
+             columns=["session_id", "title", "updated_at"])