meshagent-cli 0.5.18__tar.gz → 0.6.1__tar.gz

{meshagent_cli-0.5.18 → meshagent_cli-0.6.1}/PKG-INFO

@@ -1,28 +1,34 @@
 Metadata-Version: 2.4
 Name: meshagent-cli
-Version: 0.5.18
+Version: 0.6.1
 Summary: CLI for Meshagent
 License-Expression: Apache-2.0
 Project-URL: Documentation, https://docs.meshagent.com
 Project-URL: Website, https://www.meshagent.com
 Project-URL: Source, https://www.meshagent.com
-Requires-Python: >=3.12
+Requires-Python: >=3.13
 Description-Content-Type: text/markdown
 Requires-Dist: typer~=0.15
-Requires-Dist: pydantic-yaml~=1.4
-Requires-Dist: meshagent-api~=0.5.18
-Requires-Dist: meshagent-agents~=0.5.18
-Requires-Dist: meshagent-computers~=0.5.18
-Requires-Dist: meshagent-openai~=0.5.18
-Requires-Dist: meshagent-tools~=0.5.18
-Requires-Dist: meshagent-mcp~=0.5.18
-Requires-Dist: supabase~=2.15
 Requires-Dist: fastmcp~=2.8
 Requires-Dist: opentelemetry-distro~=0.54b1
 Requires-Dist: opentelemetry-exporter-otlp-proto-http~=1.33
 Requires-Dist: art~=6.5
 Requires-Dist: pydantic-yaml~=1.5
-Requires-Dist: supabase-auth~=2.12.3
+Requires-Dist: pathspec~=0.12.1
+Provides-Extra: all
+Requires-Dist: meshagent-agents[all]~=0.6.1; extra == "all"
+Requires-Dist: meshagent-api[all]~=0.6.1; extra == "all"
+Requires-Dist: meshagent-computers~=0.6.1; extra == "all"
+Requires-Dist: meshagent-openai~=0.6.1; extra == "all"
+Requires-Dist: meshagent-mcp~=0.6.1; extra == "all"
+Requires-Dist: meshagent-tools~=0.6.1; extra == "all"
+Requires-Dist: supabase-auth~=2.12.3; extra == "all"
+Provides-Extra: mcp-service
+Requires-Dist: meshagent-agents[all]~=0.6.1; extra == "mcp-service"
+Requires-Dist: meshagent-api~=0.6.1; extra == "mcp-service"
+Requires-Dist: meshagent-mcp~=0.6.1; extra == "mcp-service"
+Requires-Dist: meshagent-tools~=0.6.1; extra == "mcp-service"
+Requires-Dist: supabase-auth~=2.12.3; extra == "mcp-service"
 
 # [Meshagent](https://www.meshagent.com)
 

{meshagent_cli-0.5.18 → meshagent_cli-0.6.1}/meshagent/cli/agent.py

@@ -1,20 +1,19 @@
 import typer
 from rich import print
 from typing import Annotated, Optional
-from meshagent.cli.common_options import ProjectIdOption, ApiKeyIdOption, RoomOption
+from meshagent.cli.common_options import ProjectIdOption, RoomOption
 import json
 import asyncio
 
 from meshagent.api.helpers import meshagent_base_url, websocket_room_url
 from meshagent.api import (
     RoomClient,
-    ParticipantToken,
     WebSocketClientProtocol,
     RoomException,
 )
-from meshagent.cli.helper import resolve_project_id, resolve_api_key
+from meshagent.cli.helper import resolve_project_id
 from meshagent.cli import async_typer
-from meshagent.cli.helper import get_client, resolve_token_jwt, resolve_room
+from meshagent.cli.helper import get_client, resolve_room
 
 app = async_typer.AsyncTyper()
 
@@ -24,9 +23,6 @@ async def ask(
     *,
     project_id: ProjectIdOption = None,
     room: RoomOption,
-    api_key_id: ApiKeyIdOption = None,
-    name: Annotated[str, typer.Option(..., help="Participant name")] = "cli",
-    role: str = "user",
     agent: Annotated[str, typer.Option()],
     input: Annotated[str, typer.Option()],
     timeout: Annotated[
@@ -39,27 +35,15 @@ async def ask(
     account_client = await get_client()
     try:
         project_id = await resolve_project_id(project_id=project_id)
-        api_key_id = await resolve_api_key(project_id, api_key_id)
         room = resolve_room(room)
 
-        key = (
-            await account_client.decrypt_project_api_key(
-                project_id=project_id, id=api_key_id
-            )
-        )["token"]
-
-        token = ParticipantToken(
-            name=name, project_id=project_id, api_key_id=api_key_id
-        )
-
-        token.add_role_grant(role=role)
-        token.add_room_grant(room)
+        connection = await account_client.connect_room(project_id=project_id, room=room)
 
         print("[bold green]Connecting to room...[/bold green]")
         async with RoomClient(
             protocol=WebSocketClientProtocol(
                 url=websocket_room_url(room_name=room, base_url=meshagent_base_url()),
-                token=token.to_jwt(token=key),
+                token=connection.jwt,
             )
         ) as client:
             found = timeout == 0
@@ -97,10 +81,6 @@ async def invoke_tool(
     *,
     project_id: ProjectIdOption = None,
     room: RoomOption,
-    token_path: Annotated[Optional[str], typer.Option()] = None,
-    api_key_id: ApiKeyIdOption = None,
-    name: Annotated[str, typer.Option(..., help="Participant name")] = "cli",
-    role: str = "user",
     toolkit: Annotated[str, typer.Option(..., help="Toolkit name")],
     tool: Annotated[str, typer.Option(..., help="Tool name")],
     arguments: Annotated[
@@ -130,23 +110,15 @@ async def invoke_tool(
     account_client = await get_client()
     try:
         project_id = await resolve_project_id(project_id=project_id)
-        api_key_id = await resolve_api_key(project_id, api_key_id)
         room = resolve_room(room)
 
-        jwt = await resolve_token_jwt(
-            project_id=project_id,
-            api_key_id=api_key_id,
-            token_path=token_path,
-            name=name,
-            role=role,
-            room=room,
-        )
+        connection = await account_client.connect_room(project_id=project_id, room=room)
 
         print("[bold green]Connecting to room...[/bold green]")
         async with RoomClient(
             protocol=WebSocketClientProtocol(
                 url=websocket_room_url(room_name=room, base_url=meshagent_base_url()),
-                token=jwt,
+                token=connection.jwt,
             )
         ) as client:
             found = timeout == 0
@@ -194,10 +166,6 @@ async def list_agents_command(
     *,
     project_id: ProjectIdOption = None,
     room: RoomOption,
-    token_path: Annotated[Optional[str], typer.Option()] = None,
-    api_key_id: ApiKeyIdOption = None,
-    name: Annotated[str, typer.Option(..., help="Participant name")] = "cli",
-    role: str = "user",
 ):
     """
     List all agents available in the room.
@@ -205,23 +173,15 @@ async def list_agents_command(
     account_client = await get_client()
     try:
         project_id = await resolve_project_id(project_id=project_id)
-        api_key_id = await resolve_api_key(project_id, api_key_id)
         room = resolve_room(room)
 
-        jwt = await resolve_token_jwt(
-            project_id=project_id,
-            api_key_id=api_key_id,
-            token_path=token_path,
-            name=name,
-            role=role,
-            room=room,
-        )
+        connection = await account_client.connect_room(project_id=project_id, room=room)
 
         print("[bold green]Connecting to room...[/bold green]")
         async with RoomClient(
             protocol=WebSocketClientProtocol(
                 url=websocket_room_url(room_name=room, base_url=meshagent_base_url()),
-                token=jwt,
+                token=connection.jwt,
             )
         ) as client:
             print("[bold green]Fetching list of agents...[/bold green]")
@@ -250,9 +210,6 @@ async def list_toolkits_command(
     *,
     project_id: ProjectIdOption = None,
     room: RoomOption,
-    token_path: Annotated[Optional[str], typer.Option()] = None,
-    api_key_id: ApiKeyIdOption = None,
-    name: Annotated[str, typer.Option(..., help="Participant name")] = "cli",
     role: str = "user",
     participant_id: Annotated[
         Optional[str], typer.Option(..., help="Optional participant ID")
@@ -264,22 +221,14 @@ async def list_toolkits_command(
     account_client = await get_client()
     try:
         project_id = await resolve_project_id(project_id=project_id)
-        api_key_id = await resolve_api_key(project_id, api_key_id)
         room = resolve_room(room)
-        jwt = await resolve_token_jwt(
-            project_id=project_id,
-            api_key_id=api_key_id,
-            token_path=token_path,
-            name=name,
-            role=role,
-            room=room,
-        )
+        connection = await account_client.connect_room(project_id=project_id, room=room)
 
         print("[bold green]Connecting to room...[/bold green]")
         async with RoomClient(
             protocol=WebSocketClientProtocol(
                 url=websocket_room_url(room_name=room, base_url=meshagent_base_url()),
-                token=jwt,
+                token=connection.jwt,
             )
         ) as client:
             print("[bold green]Fetching list of toolkits...[/bold green]")

meshagent_cli-0.6.1/meshagent/cli/api_keys.py

@@ -0,0 +1,102 @@
+import json
+from rich import print
+
+from meshagent.cli.common_options import ProjectIdOption
+from meshagent.cli import async_typer
+from meshagent.cli.helper import (
+    get_client,
+    print_json_table,
+    resolve_project_id,
+    set_active_api_key,
+)
+from meshagent.cli.common_options import OutputFormatOption
+from typing import Annotated
+import typer
+
+app = async_typer.AsyncTyper(help="Manage or activate api-keys for your project")
+
+
+@app.async_command("list")
+async def list(
+    *,
+    project_id: ProjectIdOption = None,
+    o: OutputFormatOption = "table",
+):
+    project_id = await resolve_project_id(project_id=project_id)
+    client = await get_client()
+    keys = (await client.list_api_keys(project_id=project_id))["keys"]
+
+    if len(keys) > 0:
+        if o == "json":
+            sanitized_keys = [
+                {k: v for k, v in key.items() if k != "created_by"} for key in keys
+            ]
+            print(json.dumps({"api-keys": sanitized_keys}, indent=2))
+        else:
+            print_json_table(keys, "id", "name", "description")
+    else:
+        print("There are not currently any API keys in the project")
+    await client.close()
+
+
+@app.async_command("create")
+async def create(
+    *,
+    project_id: ProjectIdOption = None,
+    name: str,
+    description: Annotated[
+        str, typer.Option(..., help="a description for the api key")
+    ] = "",
+    activate: Annotated[
+        bool,
+        typer.Option(
+            ..., help="use this key by default for commands that accept an API key"
+        ),
+    ] = False,
+    silent: Annotated[bool, typer.Option(..., help="do not print api key")] = False,
+):
+    project_id = await resolve_project_id(project_id=project_id)
+
+    client = await get_client()
+    api_key = await client.create_api_key(
+        project_id=project_id, name=name, description=description
+    )
+    if not silent:
+        if not activate:
+            print(
+                "[green]This is your token. Save it for later, you will not be able to get the value again:[/green]\n"
+            )
+            print(api_key["value"])
+            print(
+                "[green]\nNote: you can use the --activate flag to save a key in your local project settings when creating a key.[/green]\n"
+            )
+        else:
+            print("[green]This is your token:[/green]\n")
+            print(api_key["value"])
+
+    await client.close()
+    if activate:
+        await set_active_api_key(project_id=project_id, key=api_key["value"])
+        print(
+            "[green]your api key has been activated and will be used automatically with commands that require a key[/green]\n"
+        )
+
+
+@app.async_command("activate")
+async def activate(
+    *,
+    project_id: ProjectIdOption = None,
+    key: str,
+):
+    project_id = await resolve_project_id(project_id=project_id)
+    if activate:
+        await set_active_api_key(project_id=project_id, key=key)
+
+
+@app.async_command("delete")
+async def delete(*, project_id: ProjectIdOption = None, id: str):
+    project_id = await resolve_project_id(project_id=project_id)
+
+    client = await get_client()
+    await client.delete_api_key(project_id=project_id, id=id)
+    await client.close()

meshagent_cli-0.6.1/meshagent/cli/auth_async.py

@@ -0,0 +1,295 @@
+import os
+import json
+import time
+import base64
+import hashlib
+import secrets
+import webbrowser
+import asyncio
+from pathlib import Path
+from urllib.parse import urlencode
+from aiohttp import web, ClientSession
+
+# -----------------------------------------------------------------------------
+# Config
+# -----------------------------------------------------------------------------
+
+CACHE_FILE = Path.home() / ".meshagent" / "session.json"
+REDIRECT_PORT = 8765
+REDIRECT_URL = f"http://localhost:{REDIRECT_PORT}/callback"
+
+# Expected env vars:
+# - MESHAGENT_API_URL (required): e.g., https://api.meshagent.com
+# - MESHAGENT_OAUTH_CLIENT_ID (required)
+# - MESHAGENT_OAUTH_CLIENT_SECRET (optional; only if your server requires it)
+# - MESHAGENT_OAUTH_SCOPES (optional; defaults to "openid email profile")
+
+# -----------------------------------------------------------------------------
+# Helpers
+# -----------------------------------------------------------------------------
+
+
+def _ensure_cache_dir():
+    CACHE_FILE.parent.mkdir(parents=True, exist_ok=True)
+
+
+def _now() -> int:
+    return int(time.time())
+
+
+def _b64url_no_pad(data: bytes) -> str:
+    return base64.urlsafe_b64encode(data).decode().rstrip("=")
+
+
+def _pkce_pair():
+    """
+    Returns (code_verifier, code_challenge) using S256 per RFC 7636.
+    """
+    verifier = _b64url_no_pad(secrets.token_bytes(32))
+    digest = hashlib.sha256(verifier.encode()).digest()
+    challenge = _b64url_no_pad(digest)
+    return verifier, challenge
+
+
+def _api_base() -> str:
+    api = os.getenv("MESHAGENT_API_URL", "https://api.meshagent.com")
+    if not api:
+        raise RuntimeError("MESHAGENT_API_URL is not set")
+    return api.rstrip("/")
+
+
+def _authorization_url() -> str:
+    return f"{_api_base()}/oauth/authorize"
+
+
+def _token_url() -> str:
+    return f"{_api_base()}/oauth/token"
+
+
+def _client_id() -> str:
+    cid = os.getenv("MESHAGENT_OAUTH_CLIENT_ID", "p8xy1ZUi73jJUJbNfTg92HUSDpCSZJcc")
+    if not cid:
+        raise RuntimeError("MESHAGENT_OAUTH_CLIENT_ID is not set")
+    return cid
+
+
+def _client_secret() -> str | None:
+    return os.getenv("MESHAGENT_OAUTH_CLIENT_SECRET")
+
+
+def _scopes() -> str:
+    return os.getenv("MESHAGENT_OAUTH_SCOPES", "admin")
+
+
+def _save(tokens: dict):
+    """
+    Persist minimal token info to disk.
+    Expected keys: access_token, refresh_token (optional), expires_at (epoch int).
+    """
+    _ensure_cache_dir()
+    CACHE_FILE.write_text(
+        json.dumps(
+            {
+                "access_token": tokens.get("access_token"),
+                "refresh_token": tokens.get("refresh_token"),
+                "expires_at": tokens.get("expires_at"),
+                "token_type": tokens.get("token_type", "Bearer"),
+                "scope": tokens.get("scope"),
+                "id_token": tokens.get("id_token"),
+            }
+        )
+    )
+
+
+def _load() -> dict | None:
+    _ensure_cache_dir()
+    if CACHE_FILE.exists():
+        return json.loads(CACHE_FILE.read_text())
+
+
+async def _post_form(url: str, form: dict) -> dict:
+    """
+    POST application/x-www-form-urlencoded and return parsed JSON or raise.
+    """
+    headers = {"Accept": "application/json"}
+    async with ClientSession() as s:
+        async with s.post(url, data=form, headers=headers) as resp:
+            text = await resp.text()
+            if resp.status >= 400:
+                raise RuntimeError(f"Token endpoint error {resp.status}: {text}")
+            try:
+                return json.loads(text)
+            except json.JSONDecodeError:
+                raise RuntimeError(
+                    f"Unexpected non-JSON response from token endpoint: {text}"
+                )
+
+
+# -----------------------------------------------------------------------------
+# Local HTTP callback
+# -----------------------------------------------------------------------------
+
+
+async def _wait_for_code(expected_state: str) -> str:
+    """
+    Spin up a one-shot aiohttp server and await ?code=…&state=…
+    Validates 'state' if provided. Returns the 'code'.
+    """
+    app = web.Application()
+    code_fut: asyncio.Future[str] = asyncio.get_event_loop().create_future()
+
+    async def callback(request):
+        code = request.query.get("code")
+        state = request.query.get("state")
+        if expected_state and state != expected_state:
+            return web.Response(status=400, text="State mismatch. Close this tab.")
+        if code:
+            if not code_fut.done():
+                code_fut.set_result(code)
+            return web.Response(text="You may close this tab.")
+        return web.Response(status=400, text="Missing 'code'.")
+
+    app.add_routes([web.get("/callback", callback)])
+    runner = web.AppRunner(app, access_log=None)
+    await runner.setup()
+    site = web.TCPSite(runner, "localhost", REDIRECT_PORT)
+    await site.start()
+
+    try:
+        return await code_fut
+    finally:
+        await runner.cleanup()
+
+
+# -----------------------------------------------------------------------------
+# OAuth flows
+# -----------------------------------------------------------------------------
+
+
+async def _exchange_code_for_tokens(code: str, code_verifier: str) -> dict:
+    form = {
+        "grant_type": "authorization_code",
+        "code": code,
+        "redirect_uri": REDIRECT_URL,
+        "client_id": _client_id(),
+        "code_verifier": code_verifier,
+    }
+    # Include client_secret only if provided (public clients typically omit)
+    client_secret = _client_secret()
+    if client_secret:
+        form["client_secret"] = client_secret
+
+    token_json = await _post_form(_token_url(), form)
+
+    # Compute absolute expiry; default to 3600s if expires_in missing
+    expires_in = int(token_json.get("expires_in", 3600))
+    token_json["expires_at"] = _now() + max(0, expires_in - 30)  # small safety skew
+    return token_json
+
+
+async def _refresh_tokens(tokens: dict) -> dict:
+    if not tokens or not tokens.get("refresh_token"):
+        raise RuntimeError("No refresh token available to refresh access token.")
+
+    form = {
+        "grant_type": "refresh_token",
+        "refresh_token": tokens["refresh_token"],
+        "client_id": _client_id(),
+    }
+    client_secret = _client_secret()
+    if client_secret:
+        form["client_secret"] = client_secret
+
+    token_json = await _post_form(_token_url(), form)
+
+    # Some servers rotate refresh tokens; keep old one if none returned
+    token_json["refresh_token"] = token_json.get(
+        "refresh_token", tokens.get("refresh_token")
+    )
+    expires_in = int(token_json.get("expires_in", 3600))
+    token_json["expires_at"] = _now() + max(0, expires_in - 30)
+    return token_json
+
+
+# -----------------------------------------------------------------------------
+# Public API (unchanged names)
+# -----------------------------------------------------------------------------
+
+
+async def login():
+    """
+    Launches the system browser for OAuth 2.0 Authorization Code + PKCE.
+    Persists tokens to ~/.meshagent/session.json
+    """
+    authz = _authorization_url()
+    client_id = _client_id()
+    scope = _scopes()
+
+    code_verifier, code_challenge = _pkce_pair()
+    state = _b64url_no_pad(secrets.token_bytes(16))
+
+    query = {
+        "response_type": "code",
+        "client_id": client_id,
+        "redirect_uri": REDIRECT_URL,
+        "scope": scope,
+        "code_challenge": code_challenge,
+        "code_challenge_method": "S256",
+        "state": state,
+    }
+    auth_url = f"{authz}?{urlencode(query)}"
+
+    # Kick user to browser without blocking the loop
+    await asyncio.to_thread(webbrowser.open, auth_url)
+    print(f"Waiting for auth redirect on {auth_url}…")
+
+    # Await the auth code, then exchange for tokens
+    auth_code = await _wait_for_code(state)
+    print("Got code, exchanging…")
+
+    tokens = await _exchange_code_for_tokens(auth_code, code_verifier)
+    _save(tokens)
+    print("✅ Logged in (tokens cached).")
+
+
+async def session():
+    """
+    Returns a tuple (client, tokens_dict)
+    - client is None (kept for backward compatibility with prior signature).
+    - tokens_dict contains access_token, refresh_token, expires_at, token_type, scope, id_token.
+    Will auto-refresh if expired/near-expiry and update the cache.
+    """
+    tokens = _load()
+    if not tokens:
+        return None, None
+
+    # Refresh if expired or within 5 min of expiry
+    if not tokens.get("expires_at") or tokens["expires_at"] <= _now() + 5 * 60:
+        try:
+            tokens = await _refresh_tokens(tokens)
+            _save(tokens)
+        except Exception as e:
+            # If refresh fails, wipe session to force re-login
+            print(f"⚠️  Token refresh failed: {e}")
+            return None, None
+
+    return None, tokens
+
+
+async def logout():
+    """
+    Clears the cached tokens. (If your OAuth server supports revocation,
+    you can add a call here; not provided in the spec.)
+    """
+    _, tokens = await session()
+    # Optional: call a revocation endpoint here if your server provides one.
+    CACHE_FILE.unlink(missing_ok=True)
+    print("👋 Signed out")
+
+
+async def get_access_token():
+    """
+    Returns a fresh access token, refreshing if needed.
+    """
+    _, tokens = await session()
+    return tokens["access_token"] if tokens else None