ml-dash 0.5.8__py3-none-any.whl → 0.6.0__py3-none-any.whl

ml_dash/cli_commands/login.py

@@ -0,0 +1,225 @@
+"""Login command for ml-dash CLI."""
+
+import sys
+import webbrowser
+from typing import Optional
+
+from rich.console import Console
+from rich.panel import Panel
+from rich.progress import Progress, SpinnerColumn, TextColumn
+
+from ml_dash.auth.device_flow import DeviceFlowClient
+from ml_dash.auth.device_secret import get_or_create_device_secret
+from ml_dash.auth.token_storage import get_token_storage
+from ml_dash.auth.exceptions import (
+    DeviceCodeExpiredError,
+    AuthorizationDeniedError,
+    TokenExchangeError,
+)
+from ml_dash.config import config
+
+
+def add_parser(subparsers):
+    """Add login command parser.
+
+    Args:
+        subparsers: Subparsers object from argparse
+    """
+    parser = subparsers.add_parser(
+        "login",
+        help="Authenticate with ml-dash using device authorization flow",
+        description="Login to ml-dash server using OAuth2 device authorization flow",
+    )
+
+    parser.add_argument(
+        "--remote",
+        type=str,
+        help="ML-Dash server URL (e.g., https://api.ml-dash.com)",
+    )
+
+    parser.add_argument(
+        "--no-browser",
+        action="store_true",
+        help="Don't automatically open browser for authorization",
+    )
+
+
+def generate_qr_code_ascii(url: str) -> str:
+    """Generate ASCII QR code for the given URL.
+
+    Args:
+        url: URL to encode in QR code
+
+    Returns:
+        ASCII art QR code string
+    """
+    try:
+        import qrcode
+
+        qr = qrcode.QRCode(border=1)
+        qr.add_data(url)
+        qr.make(fit=True)
+
+        # Generate ASCII art
+        output = []
+        for row in qr.get_matrix():
+            line = ""
+            for cell in row:
+                line += "██" if cell else "  "
+            output.append(line)
+
+        return "\n".join(output)
+    except ImportError:
+        return "[QR code unavailable - install qrcode: pip install qrcode]"
+    except Exception:
+        return "[QR code generation failed]"
+
+
+def cmd_login(args) -> int:
+    """Execute login command.
+
+    Args:
+        args: Parsed command-line arguments
+
+    Returns:
+        Exit code (0 for success, 1 for failure)
+    """
+    console = Console()
+
+    # Get remote URL
+    remote_url = args.remote or config.remote_url
+    if not remote_url:
+        console.print(
+            "[red]Error: No remote URL configured.[/red]\n\n"
+            "Please specify with --remote or set default:\n"
+            "  ml-dash login --remote https://api.ml-dash.com"
+        )
+        return 1
+
+    try:
+        # Initialize device flow
+        console.print("[bold]Initializing device authorization...[/bold]\n")
+
+        device_secret = get_or_create_device_secret(config)
+        device_client = DeviceFlowClient(
+            device_secret=device_secret, ml_dash_server_url=remote_url
+        )
+
+        # Start device flow with vuer-auth
+        flow = device_client.start_device_flow()
+
+        # Generate QR code
+        qr_code = generate_qr_code_ascii(flow.verification_uri_complete)
+
+        # Display rich UI with QR code
+        panel_content = (
+            f"[bold cyan]1. Visit this URL:[/bold cyan]\n\n"
+            f"   {flow.verification_uri}\n\n"
+            f"[bold cyan]2. Enter this code:[/bold cyan]\n\n"
+            f"   [bold green]{flow.user_code}[/bold green]\n\n"
+        )
+
+        # Add QR code if available
+        if "unavailable" not in qr_code and "failed" not in qr_code:
+            panel_content += f"[bold cyan]Or scan QR code:[/bold cyan]\n\n{qr_code}\n\n"
+
+        panel_content += f"[dim]Code expires in {flow.expires_in // 60} minutes[/dim]"
+
+        panel = Panel(
+            panel_content,
+            title="[bold blue]DEVICE AUTHORIZATION REQUIRED[/bold blue]",
+            border_style="blue",
+            expand=False,
+        )
+        console.print(panel)
+        console.print()
+
+        # Auto-open browser unless disabled
+        if not args.no_browser:
+            try:
+                webbrowser.open(flow.verification_uri_complete)
+                console.print("[dim]✓ Opened browser automatically[/dim]\n")
+            except Exception:
+                # Silent failure - user can manually open URL
+                pass
+
+        # Poll for authorization with progress indicator
+        console.print("[bold]Waiting for authorization...[/bold]")
+
+        with Progress(
+            SpinnerColumn(),
+            TextColumn("[progress.description]{task.description}"),
+            console=console,
+            transient=True,
+        ) as progress:
+            task = progress.add_task("Polling", total=None)
+
+            def update_progress(elapsed: int):
+                progress.update(task, description=f"Waiting ({elapsed}s)")
+
+            try:
+                vuer_auth_token = device_client.poll_for_token(
+                    max_attempts=120, progress_callback=update_progress
+                )
+            except DeviceCodeExpiredError:
+                console.print(
+                    "\n[red]✗ Device code expired[/red]\n\n"
+                    "The authorization code expired after 10 minutes.\n"
+                    "Please run 'ml-dash login' again."
+                )
+                return 1
+            except AuthorizationDeniedError:
+                console.print(
+                    "\n[red]✗ Authorization denied[/red]\n\n"
+                    "You declined the authorization request in your browser.\n\n"
+                    "To try again:\n"
+                    "  ml-dash login"
+                )
+                return 1
+            except TimeoutError:
+                console.print(
+                    "\n[red]✗ Authorization timed out[/red]\n\n"
+                    "No response after 10 minutes.\n\n"
+                    "Please run 'ml-dash login' again."
+                )
+                return 1
+
+        console.print("[green]✓ Authorization successful![/green]\n")
+
+        # Exchange vuer-auth token for ml-dash token
+        console.print("[bold]Exchanging token with ml-dash server...[/bold]")
+
+        try:
+            ml_dash_token = device_client.exchange_token(vuer_auth_token)
+        except TokenExchangeError as e:
+            console.print(f"\n[red]✗ Token exchange failed:[/red] {e}\n")
+            return 1
+
+        # Store ml-dash permanent token
+        storage = get_token_storage()
+        storage.store("ml-dash-token", ml_dash_token)
+
+        console.print("[green]✓ Token exchanged successfully![/green]\n")
+
+        # Success message
+        console.print(
+            "[bold green]✓ Logged in successfully![/bold green]\n\n"
+            "Your authentication token has been securely stored.\n"
+            "You can now use ml-dash commands without --api-key.\n\n"
+            "Examples:\n"
+            "  ml-dash upload ./experiments\n"
+            "  ml-dash download ./output\n"
+            "  ml-dash list"
+        )
+
+        return 0
+
+    except KeyboardInterrupt:
+        console.print("\n\n[yellow]Login cancelled by user.[/yellow]")
+        return 1
+    except Exception as e:
+        console.print(f"\n[red]✗ Unexpected error:[/red] {e}")
+        import traceback
+
+        console.print(f"\n[dim]{traceback.format_exc()}[/dim]")
+        return 1

ml_dash/cli_commands/logout.py

@@ -0,0 +1,54 @@
+"""Logout command for ml-dash CLI."""
+
+from rich.console import Console
+
+from ml_dash.auth.token_storage import get_token_storage
+from ml_dash.auth.exceptions import StorageError
+
+
+def add_parser(subparsers):
+    """Add logout command parser.
+
+    Args:
+        subparsers: Subparsers object from argparse
+    """
+    parser = subparsers.add_parser(
+        "logout",
+        help="Clear stored authentication token",
+        description="Logout from ml-dash by clearing stored authentication token",
+    )
+
+
+def cmd_logout(args) -> int:
+    """Execute logout command.
+
+    Args:
+        args: Parsed command-line arguments
+
+    Returns:
+        Exit code (0 for success, 1 for failure)
+    """
+    console = Console()
+
+    try:
+        # Get storage backend
+        storage = get_token_storage()
+
+        # Delete stored token
+        storage.delete("ml-dash-token")
+
+        console.print(
+            "[bold green]✓ Logged out successfully![/bold green]\n\n"
+            "Your authentication token has been cleared.\n\n"
+            "To log in again:\n"
+            "  ml-dash login"
+        )
+
+        return 0
+
+    except StorageError as e:
+        console.print(f"[red]✗ Storage error:[/red] {e}")
+        return 1
+    except Exception as e:
+        console.print(f"[red]✗ Unexpected error:[/red] {e}")
+        return 1

ml_dash/cli_commands/upload.py

@@ -108,43 +108,6 @@ class UploadState:
             return None
 
 
-def generate_api_key_from_username(user_name: str) -> str:
-    """
-    Generate a deterministic API key (JWT) from username.
-
-    This is a temporary solution until proper user authentication is implemented.
-    Generates a unique user ID from the username and creates a JWT token.
-
-    Args:
-        user_name: Username to generate API key from
-
-    Returns:
-        JWT token string
-    """
-    import hashlib
-    import time
-    import jwt
-
-    # Generate deterministic user ID from username (first 10 digits of SHA256 hash)
-    user_id = str(int(hashlib.sha256(user_name.encode()).hexdigest()[:16], 16))[:10]
-
-    # JWT payload
-    payload = {
-        "userId": user_id,
-        "userName": user_name,
-        "iat": int(time.time()),
-        "exp": int(time.time()) + (30 * 24 * 60 * 60)  # 30 days expiration
-    }
-
-    # Secret key for signing (should match server's JWT_SECRET)
-    secret = "your-secret-key-change-this-in-production"
-
-    # Generate JWT
-    token = jwt.encode(payload, secret, algorithm="HS256")
-
-    return token
-
-
 def add_parser(subparsers) -> argparse.ArgumentParser:
     """Add upload command parser."""
     parser = subparsers.add_parser(
@@ -170,12 +133,7 @@ def add_parser(subparsers) -> argparse.ArgumentParser:
     parser.add_argument(
         "--api-key",
         type=str,
-        help="JWT token for authentication (required unless --username or config is set)",
-    )
-    parser.add_argument(
-        "--username",
-        type=str,
-        help="Username for authentication (generates API key automatically)",
+        help="JWT token for authentication (optional - auto-loads from 'ml-dash login' if not provided)",
     )
 
     # Scope control
@@ -995,18 +953,10 @@ def cmd_upload(args: argparse.Namespace) -> int:
         console.print("[red]Error:[/red] --remote URL is required (or set in config)")
         return 1
 
-    # Get API key (command line > config > generate from username)
+    # Get API key (command line > config > auto-load from storage)
+    # RemoteClient will auto-load from storage if api_key is None
     api_key = args.api_key or config.api_key
 
-    # If no API key, try to generate from username
-    if not api_key:
-        if args.username:
-            console.print(f"[dim]Generating API key from username: {args.username}[/dim]")
-            api_key = generate_api_key_from_username(args.username)
-        else:
-            console.print("[red]Error:[/red] --api-key or --username is required (or set in config)")
-            return 1
-
     # Validate experiment filter requires project
     if args.experiment and not args.project:
         console.print("[red]Error:[/red] --experiment requires --project")

ml_dash/client.py

@@ -9,16 +9,40 @@ import httpx
 class RemoteClient:
     """Client for communicating with ML-Dash server."""
 
-    def __init__(self, base_url: str, api_key: str):
+    def __init__(self, base_url: str, api_key: Optional[str] = None):
         """
         Initialize remote client.
 
         Args:
             base_url: Base URL of ML-Dash server (e.g., "http://localhost:3000")
-            api_key: JWT token for authentication
+            api_key: JWT token for authentication (optional - auto-loads from storage if not provided)
+
+        Raises:
+            AuthenticationError: If no api_key provided and no token found in storage
         """
-        self.base_url = base_url.rstrip("/")
+        # Store original base URL for GraphQL (no /api prefix)
+        self.graphql_base_url = base_url.rstrip("/")
+
+        # Add /api prefix to base URL for REST API calls
+        self.base_url = base_url.rstrip("/") + "/api"
+
+        # If no api_key provided, try to load from storage
+        if not api_key:
+            from .auth.token_storage import get_token_storage
+            from .auth.exceptions import AuthenticationError
+
+            storage = get_token_storage()
+            api_key = storage.load("ml-dash-token")
+
+            if not api_key:
+                raise AuthenticationError(
+                    "Not authenticated. Run 'ml-dash login' to authenticate, "
+                    "or provide an explicit api_key parameter."
+                )
+
         self.api_key = api_key
+
+        # REST API client (with /api prefix)
         self._client = httpx.Client(
             base_url=self.base_url,
             headers={
@@ -29,6 +53,15 @@ class RemoteClient:
             timeout=30.0,
         )
 
+        # GraphQL client (without /api prefix)
+        self._graphql_client = httpx.Client(
+            base_url=self.graphql_base_url,
+            headers={
+                "Authorization": f"Bearer {api_key}",
+            },
+            timeout=30.0,
+        )
+
     def create_or_update_experiment(
         self,
         project: str,
@@ -596,7 +629,7 @@ class RemoteClient:
             httpx.HTTPStatusError: If request fails
             Exception: If GraphQL returns errors
         """
-        response = self._client.post(
+        response = self._graphql_client.post(
             "/graphql",
             json={"query": query, "variables": variables or {}}
         )
@@ -608,12 +641,11 @@ class RemoteClient:
 
         return result.get("data", {})
 
-    def list_projects_graphql(self, namespace_slug: str) -> List[Dict[str, Any]]:
+    def list_projects_graphql(self) -> List[Dict[str, Any]]:
         """
-        List all projects in a namespace via GraphQL.
+        List all projects via GraphQL.
 
-        Args:
-            namespace_slug: Namespace slug
+        Namespace is automatically inferred from JWT token on the server.
 
         Returns:
             List of project dicts with experimentCount
@@ -622,8 +654,8 @@ class RemoteClient:
             httpx.HTTPStatusError: If request fails
         """
         query = """
-        query Projects($namespaceSlug: String!) {
-          projects(namespaceSlug: $namespaceSlug) {
+        query Projects {
+          projects {
             id
             name
             slug
@@ -632,35 +664,33 @@ class RemoteClient:
           }
         }
         """
-        result = self.graphql_query(query, {"namespaceSlug": namespace_slug})
+        result = self.graphql_query(query, {})
         projects = result.get("projects", [])
 
         # For each project, count experiments
         for project in projects:
             exp_query = """
-            query ExperimentsCount($namespaceSlug: String!, $projectSlug: String!) {
-              experiments(namespaceSlug: $namespaceSlug, projectSlug: $projectSlug) {
+            query ExperimentsCount($projectSlug: String!) {
+              experiments(projectSlug: $projectSlug) {
                 id
               }
             }
             """
-            exp_result = self.graphql_query(exp_query, {
-                "namespaceSlug": namespace_slug,
-                "projectSlug": project['slug']
-            })
+            exp_result = self.graphql_query(exp_query, {"projectSlug": project['slug']})
             experiments = exp_result.get("experiments", [])
             project['experimentCount'] = len(experiments)
 
         return projects
 
     def list_experiments_graphql(
-        self, namespace_slug: str, project_slug: str, status: Optional[str] = None
+        self, project_slug: str, status: Optional[str] = None
     ) -> List[Dict[str, Any]]:
         """
         List experiments in a project via GraphQL.
 
+        Namespace is automatically inferred from JWT token on the server.
+
         Args:
-            namespace_slug: Namespace slug
             project_slug: Project slug
             status: Optional experiment status filter (RUNNING, COMPLETED, FAILED, CANCELLED)
 
@@ -671,8 +701,8 @@ class RemoteClient:
             httpx.HTTPStatusError: If request fails
         """
         query = """
-        query Experiments($namespaceSlug: String!, $projectSlug: String!, $status: ExperimentStatus) {
-          experiments(namespaceSlug: $namespaceSlug, projectSlug: $projectSlug, status: $status) {
+        query Experiments($projectSlug: String!, $status: ExperimentStatus) {
+          experiments(projectSlug: $projectSlug, status: $status) {
             id
             name
             description
@@ -711,21 +741,22 @@ class RemoteClient:
           }
         }
         """
-        result = self.graphql_query(query, {
-            "namespaceSlug": namespace_slug,
-            "projectSlug": project_slug,
-            "status": status
-        })
+        variables = {"projectSlug": project_slug}
+        if status is not None:
+            variables["status"] = status
+
+        result = self.graphql_query(query, variables)
         return result.get("experiments", [])
 
     def get_experiment_graphql(
-        self, namespace_slug: str, project_slug: str, experiment_name: str
+        self, project_slug: str, experiment_name: str
     ) -> Optional[Dict[str, Any]]:
         """
         Get a single experiment via GraphQL.
 
+        Namespace is automatically inferred from JWT token on the server.
+
         Args:
-            namespace_slug: Namespace slug
             project_slug: Project slug
             experiment_name: Experiment name
 
@@ -736,8 +767,8 @@ class RemoteClient:
             httpx.HTTPStatusError: If request fails
         """
         query = """
-        query Experiment($namespaceSlug: String!, $projectSlug: String!, $experimentName: String!) {
-          experiment(namespaceSlug: $namespaceSlug, projectSlug: $projectSlug, experimentName: $experimentName) {
+        query Experiment($projectSlug: String!, $experimentName: String!) {
+          experiment(projectSlug: $projectSlug, experimentName: $experimentName) {
             id
             name
             description
@@ -774,11 +805,12 @@ class RemoteClient:
           }
         }
         """
-        result = self.graphql_query(query, {
-            "namespaceSlug": namespace_slug,
+        variables = {
             "projectSlug": project_slug,
             "experimentName": experiment_name
-        })
+        }
+
+        result = self.graphql_query(query, variables)
         return result.get("experiment")
 
     def download_file_streaming(
@@ -942,8 +974,9 @@ class RemoteClient:
         return response.json()
 
     def close(self):
-        """Close the HTTP client."""
+        """Close the HTTP clients."""
         self._client.close()
+        self._graphql_client.close()
 
     def __enter__(self):
         """Context manager entry."""

ml_dash/config.py

@@ -91,7 +91,7 @@ class Config:
     @property
     def remote_url(self) -> Optional[str]:
         """Get default remote URL."""
-        return self.get("remote_url")
+        return self.get("remote_url", "https://api.dash.ml")
 
     @remote_url.setter
     def remote_url(self, url: str):
@@ -117,3 +117,17 @@ class Config:
     def batch_size(self, size: int):
         """Set default batch size."""
         self.set("default_batch_size", size)
+
+    @property
+    def device_secret(self) -> Optional[str]:
+        """Get device secret for OAuth device flow."""
+        return self.get("device_secret")
+
+    @device_secret.setter
+    def device_secret(self, secret: str):
+        """Set device secret."""
+        self.set("device_secret", secret)
+
+
+# Global config instance
+config = Config()