maxc-cli 0.4.5__tar.gz → 0.4.6__tar.gz

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: maxc-cli
-Version: 0.4.5
+Version: 0.4.6
 Summary: Agent-native MaxCompute CLI for external coding agents
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.9

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/setup.py

@@ -9,7 +9,7 @@ README = ROOT / "README.md"
 
 setup(
     name="maxc-cli",
-    version="0.4.5",
+    version="0.4.6",
     description="Agent-native MaxCompute CLI for external coding agents",
     long_description=README.read_text(encoding="utf-8"),
     long_description_content_type="text/markdown",

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/src/maxc_cli/__init__.py

@@ -2,4 +2,4 @@
 
 __all__ = ["__version__"]
 
-__version__ = "0.4.5"
+__version__ = "0.4.6"

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/src/maxc_cli/app.py

@@ -126,6 +126,12 @@ class _PickerInputs:
     reselect: 'bool' = False
 
 
+class ProjectPickerPending(Exception):
+    """Raised when non-TTY auth login can list projects but needs the caller to pick one."""
+    def __init__(self, projects: list):
+        self.projects = projects
+
+
 class MaxCApp:
     def __init__(
         self,
@@ -1262,7 +1268,7 @@ class MaxCApp:
 
         if use_catalog and self.backend is not None:
             catalog_matches = self.backend.catalog_search_tables(
-                keyword, schema=effective_schema,
+                keyword, schema=effective_schema, project=project,
             )
             if catalog_matches is not None:
                 matches = catalog_matches
@@ -1735,7 +1741,7 @@ class MaxCApp:
                 }
             )
 
-        all_tables, _ = self.backend.list_tables(schema=schema_name)
+        all_tables, _ = self.backend.list_tables(schema=schema_name, project=target_project)
         tables = all_tables
 
         if progress_callback is not None:
@@ -1830,13 +1836,16 @@ class MaxCApp:
                 }
             )
 
+        write_schema = schema_name or "default"
+
         def fetch_and_cache(
             table_name: 'str',
-            table_schema: 'str' = "default",
         ) -> 'tuple[str, str | None]':
             try:
-                full_table = self.backend.describe_table(table_name)
-                existing = self.cache.get_cached_table(project, full_table.name, table_schema)
+                full_table = self.backend.describe_table(
+                    table_name, project=project, schema=schema_name,
+                )
+                existing = self.cache.get_cached_table(project, full_table.name, write_schema)
                 columns = [
                     {"name": c.name, "type": c.type, "comment": c.comment}
                     for c in full_table.columns
@@ -1847,7 +1856,7 @@ class MaxCApp:
                     description=full_table.description,
                     columns=columns,
                     partitions=full_table.partitions,
-                    schema_name=table_schema,
+                    schema_name=write_schema,
                 )
                 return ("updated" if existing else "created"), None
             except Exception as exc:
@@ -2615,29 +2624,63 @@ class MaxCApp:
 
         # Project / endpoint / region / tunnel — try the interactive Catalog
         # picker when the user did not pin a project explicitly.
-        (
-            picked_project,
-            derived_endpoint,
-            derived_region,
-            derived_tunnel,
-            picker_warnings,
-        ) = self._resolve_project_via_picker(
-            _PickerInputs(
-                provided_project=project,
-                provided_endpoint=endpoint,
-                provided_region=region_name,
-                provided_tunnel=tunnel_endpoint,
-                access_id=resolved_access_id,
-                secret=resolved_secret,
-                security_token=resolved_token,
-                catalog_endpoint=catalog_endpoint,
-                no_picker=no_picker,
-                from_env=from_env,
-                env_settings=env_settings,
-                existing_auth=existing_auth,
-                reselect=reselect,
+        try:
+            (
+                picked_project,
+                derived_endpoint,
+                derived_region,
+                derived_tunnel,
+                picker_warnings,
+            ) = self._resolve_project_via_picker(
+                _PickerInputs(
+                    provided_project=project,
+                    provided_endpoint=endpoint,
+                    provided_region=region_name,
+                    provided_tunnel=tunnel_endpoint,
+                    access_id=resolved_access_id,
+                    secret=resolved_secret,
+                    security_token=resolved_token,
+                    catalog_endpoint=catalog_endpoint,
+                    no_picker=no_picker,
+                    from_env=from_env,
+                    env_settings=env_settings,
+                    existing_auth=existing_auth,
+                    reselect=reselect,
+                )
+            )
+        except ProjectPickerPending as exc:
+            projects_data = [
+                {
+                    "project_id": p.project_id,
+                    "region": p.region,
+                    "endpoint": _catalog_bootstrap.region_to_endpoint(p.region),
+                    "owner": p.owner,
+                    "schema_enabled": p.schema_enabled,
+                    "description": p.description,
+                }
+                for p in exc.projects
+            ]
+            return Envelope(
+                command="auth.login",
+                status="pending",
+                data={
+                    "reason": "project_selection_required",
+                    "projects": projects_data,
+                    "count": len(projects_data),
+                },
+                agent_hints=AgentHints(
+                    actions=[
+                        SuggestedAction(
+                            id="auth.login",
+                            title="Complete login with selected project",
+                            command="maxc auth login --project <project_id> --json",
+                            executable=False,
+                            placeholders={"project_id": "<project_id>"},
+                        ),
+                    ],
+                    warnings=[],
+                ),
             )
-        )
 
         resolved_auth = AuthConfig(
             access_id=resolved_access_id,
@@ -3086,8 +3129,30 @@ class MaxCApp:
                 [],
             )
 
-        # 2. Picker not viable → today's behavior (prompt or fail).
+        # 2. Picker not viable (non-TTY or --no-picker).
         if inputs.no_picker or not sys.stdin.isatty():
+            # Non-TTY + picker not disabled: list projects for structured output
+            catalog_warning: str | None = None
+            if not inputs.no_picker and not from_env:
+                try:
+                    bootstrap_odps = _catalog_bootstrap.build_bootstrap_odps(
+                        access_id=inputs.access_id,
+                        secret_access_key=inputs.secret,
+                        security_token=inputs.security_token,
+                        endpoint=inputs.catalog_endpoint or provided_endpoint,
+                    )
+                    projects = _catalog_bootstrap.list_all_projects(bootstrap_odps)
+                    if projects:
+                        raise ProjectPickerPending(projects)
+                except ProjectPickerPending:
+                    raise
+                except Exception as exc:
+                    catalog_warning = (
+                        f"Could not list projects via Catalog API "
+                        f"({type(exc).__name__}: {exc}). "
+                        f"Falling back to saved/env config."
+                    )
+
             prompted = self._resolve_login_value(
                 provided=None,
                 env_value=env_settings.get("project"),
@@ -3097,12 +3162,15 @@ class MaxCApp:
                 secret=False,
                 use_env=from_env,
             )
+            warnings_out: list[str] = []
+            if catalog_warning:
+                warnings_out.append(catalog_warning)
             return (
                 prompted,
                 provided_endpoint,
                 provided_region,
                 provided_tunnel,
-                [],
+                warnings_out,
             )
 
         # 3. Try the catalog picker.

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/src/maxc_cli/backend/catalog.py

@@ -192,6 +192,7 @@ class CatalogMixin:
         keyword: str,
         *,
         schema: 'str | None' = None,
+        project: 'str | None' = None,
         page_size: int = 50,
     ) -> 'list[dict[str, Any]] | None':
         """Search tables via Catalog API server-side full-text search.
@@ -199,6 +200,8 @@ class CatalogMixin:
         Args:
             keyword: Search term — matched against table name (substring).
             schema: Optional schema to scope the search.
+            project: Optional project to scope the search; default = config's
+                default_project.
             page_size: Results per page (max 100).
 
         Returns:
@@ -225,7 +228,7 @@ class CatalogMixin:
             #   type=TABLE      — required filter
             #   project={proj}  — scope to project
             parts = ["type=TABLE"]
-            project = self.config.default_project
+            project = project or self.config.default_project
             if project:
                 parts.append(f"project={project}")
             if keyword:

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/src/maxc_cli/backend/data.py

@@ -38,18 +38,27 @@ def _serialize_value(value: 'Any') -> 'Any':
 class DataMixin:
     """Mixin providing data sampling and profiling methods."""
 
-    def _table_tunnel(self):
-        """Return a TableTunnel for the current ODPS client.
+    def _table_tunnel(self, project: 'str | None' = None):
+        """Return a TableTunnel bound to ``project`` (or the client default).
 
         Real PyODPS `ODPS` instances do not expose a `.tunnel` attribute,
         so we construct `odps.tunnel.TableTunnel(odps=self.client)` lazily.
-        Test doubles (FakeODPS) DO expose `.tunnel` directly — honor that
-        so existing FakeTunnel infrastructure keeps working.
+        The tunnel resolves tables against its own project, so a cross-project
+        download/upload (e.g. `--project other_proj`) MUST construct the tunnel
+        with that project — `create_*_session()` takes no project argument.
+
+        Test doubles (FakeODPS) DO expose `.tunnel` directly — honor that so
+        existing FakeTunnel infrastructure keeps working, and surface the
+        requested project on the instance for assertions.
         """
         existing = getattr(self.client, "tunnel", None)
         if existing is not None:
+            if project is not None:
+                existing.requested_project = project
             return existing
         from odps.tunnel import TableTunnel
+        if project:
+            return TableTunnel(odps=self.client, project=project)
         return TableTunnel(odps=self.client)
 
     def _resolve_partition_for_sample(
@@ -340,7 +349,7 @@ class DataMixin:
             create_session_kwargs["create_partition"] = True
         if schema:
             create_session_kwargs["schema"] = schema
-        upload_session = self._table_tunnel().create_upload_session(
+        upload_session = self._table_tunnel(project=project or self.project).create_upload_session(
             definition.name, **create_session_kwargs,
         )
 
@@ -491,7 +500,7 @@ class DataMixin:
             download_kwargs: dict[str, Any] = {"partition_spec": partition}
             if schema:
                 download_kwargs["schema"] = schema
-            session = self._table_tunnel().create_download_session(
+            session = self._table_tunnel(project=project or self.project).create_download_session(
                 definition.name, **download_kwargs,
             )
             total = session.count

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/src/maxc_cli/cli.py

@@ -1667,7 +1667,7 @@ def _handle_cache_build(app: MaxCApp, args: argparse.Namespace, stdout: TextIO)
     stdout.write("Fetching table list...\n")
     stdout.flush()
     
-    tables, _ = app.backend.list_tables()
+    tables, _ = app.backend.list_tables(project=target_project, schema=schema_name)
     total = len(tables)
     
     if total == 0:
@@ -1698,7 +1698,7 @@ def _handle_cache_build(app: MaxCApp, args: argparse.Namespace, stdout: TextIO)
         def _do_fetch():
             # Use a simpler approach: only get table metadata without sample rows
             # to avoid potential hangs on table.head() or iterate_partitions()
-            table = app.backend._get_table(table_name)
+            table = app.backend._get_table(table_name, project=target_project, schema=schema_name)
             # Force reload to get full schema info
             if hasattr(table, 'reload'):
                 table.reload()

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/src/maxc_cli/skills/SKILL.md

@@ -52,10 +52,11 @@ These are non-negotiable. See [references/red-lines.md](references/red-lines.md)
 
 ## Bootstrap Flow
 
-When `auth whoami --json` returns `configured=false` (no auth set up), follow [references/bootstrap-flow.md](references/bootstrap-flow.md) step by step. Three principles:
+When `auth whoami --json` returns `configured=false` (no auth set up), follow [references/bootstrap-flow.md](references/bootstrap-flow.md) step by step. Key principles:
 
 1. **Never pick the auth method yourself** — always ask the user to choose between AK/SK and environment variables.
 2. **If `auth whoami` shows `auth_type=external`, the user is on an externally-managed credential provider — do NOT modify the auth config.** Treat the bootstrap as already done. Only `project`/`endpoint`/`schema` are safe to change (via `session set` or by re-running `auth login-external` with the same `--process-command`).
+3. **For AK/SK login, omit `--project` to discover available projects** — the CLI returns a `status="pending"` envelope listing all projects visible to the AK/SK (with endpoint/region pre-computed). Pick a project from the list (ask the user if ambiguous), then re-run with `--project <id>`. Skip this when the user already knows the target project.
 
 ## First Pass
 
@@ -209,6 +210,7 @@ For full command syntax and options, see [references/command-patterns.md](refere
 | Check who I am and where I'm pointed | `{{cli}} auth whoami --json` |
 | Set up auth from scratch | See Bootstrap Flow above |
 | Switch project/schema for this session | `{{cli}} session set --project P --schema S --json` |
+| Re-select project (list available projects) | `{{cli}} auth login --reselect --json` → pick from `data.projects` → re-run with `--project` |
 | List tables | `{{cli}} meta list-tables --schema S --json` |
 | Get full schema of a table | `{{cli}} meta describe T --json` |
 | Find tables by keyword | `{{cli}} meta search KW --json` |

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/src/maxc_cli/skills/references/bootstrap-auth.md

@@ -76,16 +76,13 @@ Then follow the matching section below.
 
 If `auth whoami` shows `auth_type=external` (or the saved config has `provider: external`), the user is on an externally-managed credential provider set up by another tool. **Do not run Step 2 or write a new auth block.** Treat the auth as already valid. Only `project`/`endpoint`/`schema` may be changed — via `{{cli}} session set ...` or by re-running `auth login-external` with the *same* `--process-command` and the new project/endpoint values.
 
-### Always ask for project and endpoint
+### Project and endpoint selection
 
-**Regardless of auth method, always ask the user for `project` and `endpoint` explicitly.** Do not silently reuse values from an existing config file or environment variables.
+**Path A (AK/SK):** omit `--project` — the CLI queries the Catalog API and returns a `status="pending"` envelope listing all projects visible to the AK/SK, with endpoint/region pre-computed per project. Pick one from the list (ask the user if ambiguous), then re-run with `--project <id>` to complete login.
 
-If a current value is visible in the config or env, present it as a default option — but the user must confirm or change it:
+**Path B (env vars):** `--from-env` reads `MAXCOMPUTE_PROJECT` and `MAXCOMPUTE_ENDPOINT` from the shell environment. If either is missing, the command fails with a clear error — ask the user to set them.
 
-> "Which MaxCompute project would you like to use? (current config shows: `<existing_project>`)"
-> "Which endpoint? (current config shows: `<existing_endpoint>`)"
-
-Never assume the existing project/endpoint is still correct.
+**Explicit override:** if the user already knows the target project, pass `--project` and `--endpoint` directly to skip project discovery.
 
 ---
 
@@ -97,23 +94,33 @@ Use when the user has a long-lived AK/SK pair.
 
 - `access_key_id`
 - `access_key_secret`
-- `project` (MaxCompute project name)
-- `endpoint` (e.g. `http://service.cn-shanghai.maxcompute.aliyun.com/api`)
-- `region` (optional, e.g. `cn-shanghai`)
 
-### Login command
+The Catalog API provides `project`, `endpoint`, `region`, and `tunnel_endpoint` automatically. Only ask the user for these if they pass `--no-picker` or already know the target project.
+
+### Login command — Step 1: discover projects (recommended)
 
 ```bash
 {{cli}} auth login \
   --access-id "<access_key_id>" \
   --secret-access-key "<access_key_secret>" \
-  --project "<project>" \
-  --endpoint "<endpoint>" \
-  --region "<region>" \
   --json
 ```
 
-Add `--no-validate` to save config without a remote identity check:
+Returns `status="pending"` with `data.projects` — a list of `{project_id, region, endpoint, owner, schema_enabled, description}`. Pick a project from the list and proceed to Step 2.
+
+### Login command — Step 2: complete login
+
+```bash
+{{cli}} auth login \
+  --access-id "<access_key_id>" \
+  --secret-access-key "<access_key_secret>" \
+  --project "<project_id>" \
+  --json
+```
+
+Returns `status="success"` with the configured identity. Endpoint/region are auto-derived from the project when omitted.
+
+### Login command (explicit — when user knows the target)
 
 ```bash
 {{cli}} auth login \
@@ -121,10 +128,23 @@ Add `--no-validate` to save config without a remote identity check:
   --secret-access-key "<access_key_secret>" \
   --project "<project>" \
   --endpoint "<endpoint>" \
-  --no-validate \
+  --region "<region>" \
   --json
 ```
 
+Add `--no-validate` to either form to save config without a remote identity check.
+
+### Picker flags
+
+| Flag | Effect |
+|------|--------|
+| (omit `--project`) | Return pending envelope with project list from Catalog API (non-TTY) or interactive picker (TTY) |
+| `--no-picker` | Disable project discovery; fall back to manual prompt for project/endpoint (CI escape hatch) |
+| `--reselect` | Force project discovery even when a project is already saved in config (no effect with `--project` or `--no-picker`) |
+| `--catalog-endpoint <url>` | Override the Catalog API URL (for non-China regions where auto-routing is unavailable) |
+
+Fallback: if the Catalog API call fails (network, permissions, etc.), the CLI falls back to a manual prompt (TTY) or returns project=None (non-TTY).
+
 ### What it saves
 
 ```yaml

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/src/maxc_cli/skills/references/bootstrap-flow.md

@@ -51,9 +51,11 @@ Then jump to the matching path in [bootstrap-auth.md](bootstrap-auth.md):
 
 If `auth whoami --json` shows `auth_type=external` (or `provider: external` in the saved config), the user is on an externally-managed credential provider. **Do not run Phase 2.** The auth is already set up — only `project`/`endpoint`/`schema` are safe to change via `session set` or by re-running the original `auth login-external` with updated `--project`/`--endpoint`. Treat bootstrap as complete and move to Phase 3.
 
-### Always confirm project and endpoint
+### Project and endpoint
 
-Regardless of method, ask the user explicitly for `project` and `endpoint`. If a value is already in the config or env, present it as a default but require confirmation. See [bootstrap-auth.md](bootstrap-auth.md) §"Always ask for project and endpoint".
+**Path A (AK/SK):** do NOT ask for project or endpoint upfront. Omit `--project` from `auth login` — the CLI returns a `pending` envelope listing available projects with pre-computed endpoints. Pick one (ask the user if ambiguous), then re-run with `--project <id>`. See [bootstrap-auth.md](bootstrap-auth.md) §"Project and endpoint selection".
+
+**Path B (env vars):** `--from-env` reads project and endpoint from the shell. If either is missing, ask the user to export them before re-running.
 
 ### Dev vs production project check
 

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/src/maxc_cli.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: maxc-cli
-Version: 0.4.5
+Version: 0.4.6
 Summary: Agent-native MaxCompute CLI for external coding agents
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.9

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/tests/test_agent_hints_and_cli.py

@@ -194,7 +194,13 @@ class _StubMetaBackend:
             return tables[:limit], len(tables) > limit
         return tables, False
 
-    def describe_table(self, table_name: 'str', *, project: 'str | None' = None) -> 'TableDefinition':
+    def describe_table(
+        self,
+        table_name: 'str',
+        *,
+        project: 'str | None' = None,
+        schema: 'str | None' = None,
+    ) -> 'TableDefinition':
         time.sleep(0.01)
         return _table(table_name)
 

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/tests/test_backend_data_serialization.py

@@ -134,7 +134,7 @@ class _UploadHarness:
     def describe_table(self, *args, **kwargs) -> TableDefinition:
         return self._definition
 
-    def _table_tunnel(self) -> _FakeTunnel:
+    def _table_tunnel(self, project: 'str | None' = None) -> _FakeTunnel:
         return self._tunnel
 
     def upload(self, *args, **kwargs):

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/tests/test_cli_mock.py

@@ -166,9 +166,13 @@ class FakeTunnel:
 
     last_upload_session: 'FakeUploadSession | None' = None
     download_rows: 'dict[tuple, list[_FakeRecord]]' = {}
+    # Records the project the backend asked the tunnel to operate on, set by
+    # OdpsBackend._table_tunnel(project=...). None until a session is created.
+    last_session_project: 'str | None' = None
 
     def __init__(self):
         self.upload_store: dict[tuple, list] = {}
+        self.requested_project: 'str | None' = None
 
     def create_upload_session(
         self, table, partition_spec=None, overwrite=False, create_partition=False,
@@ -178,12 +182,14 @@ class FakeTunnel:
         sess.create_partition = create_partition
         sess.schema = schema
         FakeTunnel.last_upload_session = sess
+        FakeTunnel.last_session_project = self.requested_project
         return sess
 
     def create_download_session(self, table, partition_spec=None, schema=None):
         rows = FakeTunnel.download_rows.get((table, partition_spec), [])
         sess = FakeDownloadSession(table, partition_spec, rows)
         sess.schema = schema
+        FakeTunnel.last_session_project = self.requested_project
         return sess
 
 
@@ -712,6 +718,109 @@ def test_auth_login_reselect_with_no_picker_skips_picker(
     assert payload["data"]["identity"]["project"] == "old_proj"
 
 
+def test_auth_login_non_tty_returns_pending_project_list(
+    tmp_path: 'Path', monkeypatch,
+) -> None:
+    """Non-TTY + no --project returns pending envelope with project list."""
+    clear_odps_env(monkeypatch)
+    isolate_home(monkeypatch, tmp_path)
+    from maxc_cli import catalog_bootstrap as cb
+
+    monkeypatch.setattr(cb, "build_bootstrap_odps", lambda **kw: object())
+    monkeypatch.setattr(
+        cb, "list_all_projects",
+        lambda odps: [
+            cb.ProjectInfo("proj_a_dev", "cn-hangzhou", "ALIYUN$x", True, "desc a"),
+            cb.ProjectInfo("proj_b_dev", "cn-shanghai", "ALIYUN$y", False, "desc b"),
+        ],
+    )
+    monkeypatch.setattr("sys.stdin.isatty", lambda: False)
+
+    config_path = tmp_path / "login.yaml"
+    code, payload, _ = run_json_command(
+        tmp_path,
+        config_path,
+        [
+            "auth", "login",
+            "--access-id", "AK", "--access-key-secret", "SK",
+            "--no-validate", "--json",
+        ],
+    )
+    assert code == 0
+    assert payload["status"] == "pending"
+    identity = payload["data"]["identity"]
+    assert identity["reason"] == "project_selection_required"
+    projects = identity["projects"]
+    assert len(projects) == 2
+    assert projects[0]["project_id"] == "proj_a_dev"
+    assert projects[0]["region"] == "cn-hangzhou"
+    assert "cn-hangzhou" in projects[0]["endpoint"]
+    assert projects[1]["project_id"] == "proj_b_dev"
+    assert identity["count"] == 2
+
+
+def test_auth_login_non_tty_catalog_failure_falls_through(
+    tmp_path: 'Path', monkeypatch,
+) -> None:
+    """Non-TTY + catalog failure falls through to existing behavior (validation error)."""
+    clear_odps_env(monkeypatch)
+    isolate_home(monkeypatch, tmp_path)
+    from maxc_cli import catalog_bootstrap as cb
+
+    def _boom(**kw):
+        raise RuntimeError("catalog unreachable")
+    monkeypatch.setattr(cb, "build_bootstrap_odps", _boom)
+    monkeypatch.setattr("sys.stdin.isatty", lambda: False)
+
+    config_path = tmp_path / "login.yaml"
+    code, payload, _ = run_json_command(
+        tmp_path,
+        config_path,
+        [
+            "auth", "login",
+            "--access-id", "AK", "--access-key-secret", "SK",
+            "--endpoint", "http://service.cn-test.maxcompute.aliyun.com/api",
+            "--no-validate", "--json",
+        ],
+    )
+    # Falls through — project is None, validation fails
+    assert code == 1
+    assert payload["status"] == "failure"
+    assert payload["error"]["code"] == "VALIDATION_ERROR"
+
+
+def test_auth_login_non_tty_no_picker_skips_catalog(
+    tmp_path: 'Path', monkeypatch,
+) -> None:
+    """Non-TTY + --no-picker must NOT try the catalog listing."""
+    clear_odps_env(monkeypatch)
+    isolate_home(monkeypatch, tmp_path)
+    from maxc_cli import catalog_bootstrap as cb
+
+    called = []
+    monkeypatch.setattr(
+        cb, "build_bootstrap_odps",
+        lambda **kw: (called.append(1) or object()),
+    )
+    monkeypatch.setattr("sys.stdin.isatty", lambda: False)
+
+    config_path = tmp_path / "login.yaml"
+    code, payload, _ = run_json_command(
+        tmp_path,
+        config_path,
+        [
+            "auth", "login",
+            "--access-id", "AK", "--access-key-secret", "SK",
+            "--endpoint", "http://service.cn-test.maxcompute.aliyun.com/api",
+            "--no-picker",
+            "--no-validate", "--json",
+        ],
+    )
+    # --no-picker: catalog never tried, project=None → validation fails
+    assert called == []
+    assert payload["status"] == "failure"
+
+
 def test_session_show_and_agent_context_work_without_auth(tmp_path: 'Path', monkeypatch) -> 'None':
     clear_odps_env(monkeypatch)
     isolate_home(monkeypatch, tmp_path)
@@ -1661,6 +1770,74 @@ def test_cache_build_passes_schema_to_backend(
     assert payload["data"]["cached_tables"] == 3
 
 
+def test_cache_build_routes_project_and_schema_end_to_end(tmp_path, monkeypatch):
+    """cache build --project/--schema must scope BOTH the backend fetch and
+    the cache write key.
+
+    Regression: list_tables/describe_table ignored --project (read the default
+    project) and the cache write always used schema_name="default", so
+    `cache build --project X --schema S` populated the wrong namespace with the
+    default project's tables, and `cache status --project X --schema S` found
+    nothing.
+    """
+    clear_odps_env(monkeypatch)
+    isolate_home(monkeypatch, tmp_path)
+    import odps
+
+    from maxc_cli.backend.meta import MetaMixin
+    from maxc_cli.config import TableColumn, TableDefinition
+
+    monkeypatch.setattr(odps, "ODPS", FakeODPS)
+
+    calls: dict = {"list": [], "describe": []}
+
+    def fake_list_tables(self, *, schema=None, project=None):
+        calls["list"].append((project, schema))
+        tables = [type("T", (), {"name": n})() for n in ("tbl_a", "tbl_b")]
+        return tables, False
+
+    def fake_describe(self, name, *, project=None, schema=None):
+        calls["describe"].append((name, project, schema))
+        return TableDefinition(
+            name=name, description="",
+            columns=[TableColumn(name="c", type="bigint")],
+            partition_columns=[],
+        )
+
+    monkeypatch.setattr(MetaMixin, "list_tables", fake_list_tables)
+    monkeypatch.setattr(MetaMixin, "describe_table", fake_describe)
+
+    config_path = _make_config_with_odps(tmp_path)  # default project = test_project
+
+    code, payload, _ = run_json_command(
+        tmp_path, config_path,
+        ["cache", "build", "--project", "other_proj", "--schema", "myschema", "--json"],
+    )
+    assert code == 0, payload
+    assert payload["data"]["cached_tables"] == 2
+
+    # Backend fetch was scoped to the explicit project AND schema.
+    assert calls["list"] == [("other_proj", "myschema")]
+    assert calls["describe"], "describe_table was never called"
+    assert all(p == "other_proj" and s == "myschema" for (_n, p, s) in calls["describe"])
+
+    # Cache rows landed under (other_proj, myschema) — not the default schema.
+    code2, status_payload, _ = run_json_command(
+        tmp_path, config_path,
+        ["cache", "status", "--project", "other_proj", "--schema", "myschema", "--json"],
+    )
+    assert code2 == 0, status_payload
+    assert status_payload["data"]["table_count"] == 2
+
+    # And nothing leaked into the default schema for this project.
+    code3, default_payload, _ = run_json_command(
+        tmp_path, config_path,
+        ["cache", "status", "--project", "other_proj", "--schema", "default", "--json"],
+    )
+    assert code3 == 0, default_payload
+    assert default_payload["data"]["table_count"] == 0
+
+
 def test_meta_search_passes_schema_to_backend(
     tmp_path: 'Path', monkeypatch
 ) -> None:
@@ -1683,6 +1860,67 @@ def test_meta_search_passes_schema_to_backend(
     assert any(m["table_name"] == "frpm" for m in matches)
 
 
+def test_catalog_search_tables_scopes_to_explicit_project():
+    """catalog_search_tables(project=X) must scope the REST query to X.
+
+    Regression: the Catalog path hard-coded config.default_project, so
+    `meta search --project other_proj` silently searched the default project
+    (the Catalog path takes priority over cache/live fallbacks).
+    """
+    from maxc_cli.backend.odps import OdpsBackend
+
+    captured: dict = {}
+
+    class _FakeResp:
+        text = '{"entries": []}'
+
+    class _FakeCatalogRest:
+        endpoint = "http://catalog.example/api"
+
+        def request(self, url, method, params=None, curr_project=None):
+            captured["query"] = params["query"]
+            captured["curr_project"] = curr_project
+            return _FakeResp()
+
+    backend = OdpsBackend.__new__(OdpsBackend)
+    backend.config = type("C", (), {"default_project": "default_proj"})()
+    backend._catalog_rest_cached = _FakeCatalogRest()
+    backend._tenant_id_cached = "tenant123"
+
+    result = backend.catalog_search_tables("frpm", project="other_proj")
+
+    assert result == []
+    assert "project=other_proj" in captured["query"]
+    assert "project=default_proj" not in captured["query"]
+    assert captured["curr_project"] == "other_proj"
+
+
+def test_catalog_search_tables_defaults_to_config_project():
+    """Without an explicit project, the Catalog query falls back to default."""
+    from maxc_cli.backend.odps import OdpsBackend
+
+    captured: dict = {}
+
+    class _FakeResp:
+        text = '{"entries": []}'
+
+    class _FakeCatalogRest:
+        endpoint = "http://catalog.example/api"
+
+        def request(self, url, method, params=None, curr_project=None):
+            captured["query"] = params["query"]
+            return _FakeResp()
+
+    backend = OdpsBackend.__new__(OdpsBackend)
+    backend.config = type("C", (), {"default_project": "default_proj"})()
+    backend._catalog_rest_cached = _FakeCatalogRest()
+    backend._tenant_id_cached = "tenant123"
+
+    backend.catalog_search_tables("frpm")
+
+    assert "project=default_proj" in captured["query"]
+
+
 def test_meta_search_columns_passes_schema_to_backend(
     tmp_path: 'Path', monkeypatch
 ) -> None:
@@ -1738,6 +1976,7 @@ def _install_data_doubles(
 
     # Reset class-level FakeTunnel state.
     FakeTunnel.last_upload_session = None
+    FakeTunnel.last_session_project = None
     FakeTunnel.download_rows = {}
     if download_rows is not None:
         key = (download_table or table_def.name, download_partition)
@@ -1987,6 +2226,63 @@ def test_cli_data_download_writes_full_partition(tmp_path, monkeypatch):
     assert out.read_text(encoding="utf-8") == "user_id,name\n1,alice\n2,bob\n"
 
 
+def test_cli_data_download_routes_tunnel_to_explicit_project(tmp_path, monkeypatch):
+    """--project must reach the tunnel session, not just the metadata lookup.
+
+    Regression: tunnel was built against the client's default project, so
+    `data download --project X` silently read from the default project.
+    """
+    clear_odps_env(monkeypatch)
+    isolate_home(monkeypatch, tmp_path)
+    _install_data_doubles(
+        monkeypatch,
+        columns=[("user_id", "bigint"), ("name", "string")],
+        partition_columns=[("ds", "string")],
+        download_rows=[{"user_id": 1, "name": "alice"}],
+        download_partition="ds=20260508",
+    )
+    out = tmp_path / "out.csv"
+    config_path = _make_config_with_odps(tmp_path)  # default project = test_project
+
+    code, payload, _ = run_json_command(
+        tmp_path, config_path,
+        ["data", "download", "proj.sch.tbl",
+         "--output", str(out),
+         "--partition", "ds=20260508",
+         "--project", "other_proj",
+         "--json"],
+    )
+
+    assert code == 0, payload
+    assert FakeTunnel.last_session_project == "other_proj"
+
+
+def test_cli_data_upload_routes_tunnel_to_explicit_project(tmp_path, monkeypatch):
+    """--project must reach the upload tunnel session, not just metadata."""
+    clear_odps_env(monkeypatch)
+    isolate_home(monkeypatch, tmp_path)
+    _install_data_doubles(
+        monkeypatch,
+        columns=[("user_id", "bigint"), ("name", "string")],
+        partition_columns=[("ds", "string")],
+    )
+    csv_path = tmp_path / "in.csv"
+    csv_path.write_text("user_id,name\n1,alice\n", encoding="utf-8")
+    config_path = _make_config_with_odps(tmp_path)  # default project = test_project
+
+    code, payload, _ = run_json_command(
+        tmp_path, config_path,
+        ["data", "upload", "proj.sch.tbl",
+         "--file", str(csv_path),
+         "--partition", "ds=20260508",
+         "--project", "other_proj",
+         "--json"],
+    )
+
+    assert code == 0, payload
+    assert FakeTunnel.last_session_project == "other_proj"
+
+
 def test_cli_data_download_respects_limit_and_marks_truncated(tmp_path, monkeypatch):
     clear_odps_env(monkeypatch)
     isolate_home(monkeypatch, tmp_path)

{maxc_cli-0.4.5 → maxc_cli-0.4.6}/tests/test_integration_real.py

@@ -621,7 +621,7 @@ class TestQueryExtended:
         code, data, stderr = run_cmd(["query", "SELECT 1 AS async_test", "--wait", "0", "--json"])
         assert code == 0, f"命令失败: {stderr}"
         assert data["status"] == "pending"
-        assert "job_id" in _payload_data(data)["job"]
+        assert _payload_data(data).get("job_id")
 
     def test_query_with_file_output(self, run_cmd, tmp_config_dir: 'Path'):
         output_path = tmp_config_dir / "query_output.json"