PyPI - nocfo-cli - Versions diffs - 1.1.0__tar.gz → 1.2.1__tar.gz - Mend

nocfo-cli 1.1.0tar.gz → 1.2.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

{nocfo_cli-1.1.0 → nocfo_cli-1.2.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: nocfo-cli
-Version: 1.1.0
+Version: 1.2.1
 Summary: NoCFO CLI, MCP server, and Cursor skill toolkit.
 License: MIT
 License-File: LICENSE
@@ -117,7 +117,7 @@ Open Claude Desktop config and add:
   "mcpServers": {
     "nocfo": {
       "command": "uvx",
-      "args": ["nocfo-cli", "mcp"],
+      "args": ["--from", "nocfo-cli", "nocfo", "mcp"],
       "env": {
         "NOCFO_API_TOKEN": "your_token_here"
       }
@@ -140,10 +140,23 @@ Then restart Claude Desktop.
 ## Local Setup (Cursor)
-1. Open **Cursor → Settings → MCP → Add Server**
-2. Use command: `nocfo mcp` (or `uvx nocfo-cli mcp`)
-3. Add env var `NOCFO_API_TOKEN=<your_token>`
-4. Save and test with a simple prompt like "List my businesses"
+Add the following to your Cursor MCP config (`~/.cursor/mcp.json`):
+```json
+{
+  "mcpServers": {
+    "nocfo": {
+      "command": "uvx",
+      "args": ["--from", "nocfo-cli", "nocfo", "mcp"],
+      "env": {
+        "NOCFO_API_TOKEN": "your_token_here"
+      }
+    }
+  }
+}
+```
+Then test with a simple prompt like "List my businesses".
 ---
@@ -153,7 +166,14 @@ Then restart Claude Desktop.
 nocfo user me
 nocfo businesses list
 nocfo invoices list --business <business_slug>
-nocfo reports balance-sheet --business <business_slug> --date-to 2026-12-31
+nocfo reports balance-sheet --business <business_slug> --date-at 2026-12-31
+nocfo reports balance-sheet-short --business <business_slug> --date-at 2026-12-31
+nocfo reports income-statement --business <business_slug> --date-from 2026-01-01 --date-to 2026-12-31
+nocfo reports income-statement-short --business <business_slug> --date-from 2026-01-01 --date-to 2026-12-31
+nocfo reports ledger --business <business_slug> --date-from 2026-01-01 --date-to 2026-01-31
+nocfo reports journal --business <business_slug> --date-from 2026-01-01 --date-to 2026-01-31
+nocfo reports vat --business <business_slug> --date-from 2026-01-01 --date-to 2026-01-31
+nocfo reports equity-changes --business <business_slug> --date-at 2026-12-31
 ```
 JSON output:

{nocfo_cli-1.1.0 → nocfo_cli-1.2.1}/README.md RENAMED Viewed

@@ -92,7 +92,7 @@ Open Claude Desktop config and add:
   "mcpServers": {
     "nocfo": {
       "command": "uvx",
-      "args": ["nocfo-cli", "mcp"],
+      "args": ["--from", "nocfo-cli", "nocfo", "mcp"],
       "env": {
         "NOCFO_API_TOKEN": "your_token_here"
       }
@@ -115,10 +115,23 @@ Then restart Claude Desktop.
 ## Local Setup (Cursor)
-1. Open **Cursor → Settings → MCP → Add Server**
-2. Use command: `nocfo mcp` (or `uvx nocfo-cli mcp`)
-3. Add env var `NOCFO_API_TOKEN=<your_token>`
-4. Save and test with a simple prompt like "List my businesses"
+Add the following to your Cursor MCP config (`~/.cursor/mcp.json`):
+```json
+{
+  "mcpServers": {
+    "nocfo": {
+      "command": "uvx",
+      "args": ["--from", "nocfo-cli", "nocfo", "mcp"],
+      "env": {
+        "NOCFO_API_TOKEN": "your_token_here"
+      }
+    }
+  }
+}
+```
+Then test with a simple prompt like "List my businesses".
 ---
@@ -128,7 +141,14 @@ Then restart Claude Desktop.
 nocfo user me
 nocfo businesses list
 nocfo invoices list --business <business_slug>
-nocfo reports balance-sheet --business <business_slug> --date-to 2026-12-31
+nocfo reports balance-sheet --business <business_slug> --date-at 2026-12-31
+nocfo reports balance-sheet-short --business <business_slug> --date-at 2026-12-31
+nocfo reports income-statement --business <business_slug> --date-from 2026-01-01 --date-to 2026-12-31
+nocfo reports income-statement-short --business <business_slug> --date-from 2026-01-01 --date-to 2026-12-31
+nocfo reports ledger --business <business_slug> --date-from 2026-01-01 --date-to 2026-01-31
+nocfo reports journal --business <business_slug> --date-from 2026-01-01 --date-to 2026-01-31
+nocfo reports vat --business <business_slug> --date-from 2026-01-01 --date-to 2026-01-31
+nocfo reports equity-changes --business <business_slug> --date-at 2026-12-31
 ```
 JSON output:

{nocfo_cli-1.1.0 → nocfo_cli-1.2.1}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"
 [tool.poetry]
 name = "nocfo-cli"
-version = "1.1.0"
+version = "1.2.1"
 description = "NoCFO CLI, MCP server, and Cursor skill toolkit."
 authors = ["NoCFO"]
 readme = "README.md"

{nocfo_cli-1.1.0 → nocfo_cli-1.2.1}/src/nocfo_toolkit/cli/commands/reports.py RENAMED Viewed

@@ -2,12 +2,14 @@
 from __future__ import annotations
+import json
 from typing import Any
 import typer
-from nocfo_toolkit.cli.commands._helpers import run_request
+from nocfo_toolkit.api_client import NocfoApiError
 from nocfo_toolkit.cli.context import get_context, run_async
+from nocfo_toolkit.cli.output import print_data, print_error
 app = typer.Typer(help="Generate accounting reports.")
@@ -16,7 +18,7 @@ def _run_json_report(
     ctx: typer.Context,
     *,
     business: str,
-    report_type: str,
+    path: str,
     columns: list[dict[str, Any]],
     extend_accounts: bool,
     append_comparison_columns: bool,
@@ -24,7 +26,6 @@ def _run_json_report(
 ) -> None:
     command_ctx = get_context(ctx)
     body: dict[str, Any] = {
-        "type": report_type,
         "columns": columns,
         "extend_accounts": extend_accounts,
         "append_comparison_columns": append_comparison_columns,
@@ -33,15 +34,45 @@ def _run_json_report(
         body["tag_ids"] = tag_ids
     run_async(
-        run_request(
-            command_ctx,
-            method="POST",
-            path=f"/v1/business/{business}/report/json/",
+        _run_report_request(
+            command_ctx=command_ctx,
+            path=f"/v1/business/{business}/report/{path}/",
             body=body,
         )
     )
+async def _run_report_request(
+    *,
+    command_ctx,
+    path: str,
+    body: dict[str, Any],
+) -> None:
+    client = command_ctx.api_client()
+    try:
+        result = await client.request("POST", path, json_body=body)
+        # Some report endpoints can return JSON encoded as a string.
+        if isinstance(result, str):
+            try:
+                parsed = json.loads(result)
+                if isinstance(parsed, (dict, list)):
+                    result = parsed
+            except json.JSONDecodeError:
+                pass
+        if isinstance(result, dict):
+            result.pop("report_type", None)
+        if result is not None:
+            print_data(result, command_ctx.config.output_format)
+    except NocfoApiError as exc:
+        print_error(str(exc))
+        raise typer.Exit(code=1) from exc
+    finally:
+        await client.close()
 @app.command("balance-sheet")
 def balance_sheet(
     ctx: typer.Context,
@@ -58,7 +89,7 @@ def balance_sheet(
     _run_json_report(
         ctx=ctx,
         business=business,
-        report_type="BALANCE_SHEET",
+        path="balance-sheet",
         columns=[{"date_at": date_at}],
         extend_accounts=extend_accounts,
         append_comparison_columns=append_comparison_columns,
@@ -83,7 +114,7 @@ def income_statement(
     _run_json_report(
         ctx=ctx,
         business=business,
-        report_type="INCOME_STATEMENT",
+        path="income-statement",
         columns=[{"date_from": date_from, "date_to": date_to}],
         extend_accounts=extend_accounts,
         append_comparison_columns=append_comparison_columns,
@@ -102,7 +133,7 @@ def ledger(
     _run_json_report(
         ctx=ctx,
         business=business,
-        report_type="LEDGER",
+        path="ledger",
         columns=[{"date_from": date_from, "date_to": date_to}],
         extend_accounts=False,
         append_comparison_columns=False,
@@ -121,7 +152,7 @@ def journal(
     _run_json_report(
         ctx=ctx,
         business=business,
-        report_type="JOURNAL",
+        path="journal",
         columns=[{"date_from": date_from, "date_to": date_to}],
         extend_accounts=False,
         append_comparison_columns=False,
@@ -140,9 +171,82 @@ def vat(
     _run_json_report(
         ctx=ctx,
         business=business,
-        report_type="VAT_REPORT",
+        path="vat-report",
         columns=[{"date_from": date_from, "date_to": date_to}],
         extend_accounts=False,
         append_comparison_columns=False,
         tag_ids=tag_id or None,
     )
+@app.command("balance-sheet-short")
+def balance_sheet_short(
+    ctx: typer.Context,
+    business: str = typer.Option(..., "--business"),
+    date_at: str = typer.Option(..., "--date-at"),
+    extend_accounts: bool = typer.Option(
+        True, "--extend-accounts/--no-extend-accounts"
+    ),
+    append_comparison_columns: bool = typer.Option(
+        True, "--append-comparison-columns/--no-append-comparison-columns"
+    ),
+    tag_id: list[int] = typer.Option(None, "--tag-id"),
+) -> None:
+    _run_json_report(
+        ctx=ctx,
+        business=business,
+        path="balance-sheet-short",
+        columns=[{"date_at": date_at}],
+        extend_accounts=extend_accounts,
+        append_comparison_columns=append_comparison_columns,
+        tag_ids=tag_id or None,
+    )
+@app.command("income-statement-short")
+def income_statement_short(
+    ctx: typer.Context,
+    business: str = typer.Option(..., "--business"),
+    date_from: str = typer.Option(..., "--date-from"),
+    date_to: str = typer.Option(..., "--date-to"),
+    extend_accounts: bool = typer.Option(
+        True, "--extend-accounts/--no-extend-accounts"
+    ),
+    append_comparison_columns: bool = typer.Option(
+        True, "--append-comparison-columns/--no-append-comparison-columns"
+    ),
+    tag_id: list[int] = typer.Option(None, "--tag-id"),
+) -> None:
+    _run_json_report(
+        ctx=ctx,
+        business=business,
+        path="income-statement-short",
+        columns=[{"date_from": date_from, "date_to": date_to}],
+        extend_accounts=extend_accounts,
+        append_comparison_columns=append_comparison_columns,
+        tag_ids=tag_id or None,
+    )
+@app.command("equity-changes")
+def equity_changes(
+    ctx: typer.Context,
+    business: str = typer.Option(..., "--business"),
+    date_at: str = typer.Option(..., "--date-at"),
+    extend_accounts: bool = typer.Option(
+        False, "--extend-accounts/--no-extend-accounts"
+    ),
+    append_comparison_columns: bool = typer.Option(
+        False, "--append-comparison-columns/--no-append-comparison-columns"
+    ),
+    tag_id: list[int] = typer.Option(None, "--tag-id"),
+) -> None:
+    _run_json_report(
+        ctx=ctx,
+        business=business,
+        path="equity-changes",
+        columns=[{"date_at": date_at}],
+        extend_accounts=extend_accounts,
+        append_comparison_columns=append_comparison_columns,
+        tag_ids=tag_id or None,
+    )

{nocfo_cli-1.1.0 → nocfo_cli-1.2.1}/src/nocfo_toolkit/cli/output.py RENAMED Viewed

@@ -26,7 +26,7 @@ def print_data(
     """Render data as JSON or a table-like output."""
     if output_format == OutputFormat.JSON:
-        console.print_json(data=json.dumps(data, default=str))
+        console.print_json(json=json.dumps(data, default=str))
         return
     if isinstance(data, list):

{nocfo_cli-1.1.0 → nocfo_cli-1.2.1}/src/nocfo_toolkit/mcp/auth.py RENAMED Viewed

@@ -4,6 +4,7 @@ from __future__ import annotations
 import base64
 import hashlib
+import inspect
 import json
 import os
 import time
@@ -11,11 +12,13 @@ from dataclasses import dataclass
 from typing import Any, Literal, cast
 import httpx
-from fastmcp.server.auth import RemoteAuthProvider
+from fastmcp.server.auth import AccessToken, RemoteAuthProvider, TokenVerifier
 from fastmcp.server.auth.providers.introspection import IntrospectionTokenVerifier
 from fastmcp.server.auth.providers.jwt import JWTVerifier
 from fastmcp.server.dependencies import get_access_token
 from fastmcp.tools.tool import Tool
+from starlette.responses import JSONResponse
+from starlette.routing import Route
 from nocfo_toolkit.config import AUTH_HEADER_SCHEME, ToolkitConfig
@@ -54,7 +57,7 @@ class RemoteOAuthConfig:
     """OAuth verifier + metadata configuration for remote MCP auth."""
     authorization_servers: tuple[str, ...]
-    verifier_mode: Literal["jwt", "introspection"]
+    verifier_mode: Literal["jwt", "introspection", "userinfo"]
     jwt_jwks_uri: str | None
     jwt_issuer: str | None
     jwt_audience: tuple[str, ...]
@@ -64,14 +67,16 @@ class RemoteOAuthConfig:
     introspection_client_auth_method: Literal[
         "client_secret_basic", "client_secret_post"
     ]
+    userinfo_url: str | None
     required_scopes: tuple[str, ...]
     @classmethod
     def from_env(cls, config: ToolkitConfig) -> RemoteOAuthConfig:
         verifier_mode = (_env("NOCFO_MCP_TOKEN_VERIFIER") or "jwt").lower()
-        if verifier_mode not in {"jwt", "introspection"}:
+        if verifier_mode not in {"jwt", "introspection", "userinfo"}:
             raise MCPAuthConfigurationError(
-                "NOCFO_MCP_TOKEN_VERIFIER must be 'jwt' or 'introspection'."
+                "NOCFO_MCP_TOKEN_VERIFIER must be 'jwt', 'introspection', or "
+                "'userinfo'."
             )
         authorization_servers = tuple(
@@ -82,7 +87,7 @@ class RemoteOAuthConfig:
         jwt_audience = tuple(_split_csv(_env("NOCFO_MCP_JWT_AUDIENCE")))
         verifier_mode_typed = cast(
-            Literal["jwt", "introspection"],
+            Literal["jwt", "introspection", "userinfo"],
             verifier_mode,
         )
         introspection_client_auth_method = (
@@ -109,6 +114,8 @@ class RemoteOAuthConfig:
                 Literal["client_secret_basic", "client_secret_post"],
                 introspection_client_auth_method,
             ),
+            userinfo_url=_env("NOCFO_MCP_USERINFO_URL")
+            or f"{config.base_url.rstrip('/')}/identity/o/api/userinfo",
             required_scopes=required_scopes,
         )
@@ -125,6 +132,16 @@ class RemoteOAuthConfig:
                 required_scopes=list(self.required_scopes) or None,
             )
+        if self.verifier_mode == "userinfo":
+            if not self.userinfo_url:
+                raise MCPAuthConfigurationError(
+                    "Missing NOCFO_MCP_USERINFO_URL for userinfo verifier mode."
+                )
+            return UserInfoTokenVerifier(
+                userinfo_url=self.userinfo_url,
+                required_scopes=list(self.required_scopes) or None,
+            )
         if not self.introspection_url:
             raise MCPAuthConfigurationError(
                 "Missing NOCFO_MCP_INTROSPECTION_URL for introspection verifier mode."
@@ -145,6 +162,55 @@ class RemoteOAuthConfig:
         )
+class UserInfoTokenVerifier(TokenVerifier):
+    """Validate opaque OAuth access tokens via OIDC userinfo endpoint."""
+    def __init__(
+        self, *, userinfo_url: str, required_scopes: list[str] | None = None
+    ) -> None:
+        super().__init__(required_scopes=required_scopes)
+        self._userinfo_url = userinfo_url
+    async def verify_token(self, token: str) -> AccessToken | None:
+        try:
+            async with httpx.AsyncClient(timeout=5.0) as client:
+                response = await client.get(
+                    self._userinfo_url,
+                    headers={
+                        "Authorization": f"Bearer {token}",
+                        "Accept": "application/json",
+                    },
+                )
+        except httpx.HTTPError:
+            return None
+        if response.status_code != 200:
+            return None
+        payload = response.json() if response.content else {}
+        if not isinstance(payload, dict):
+            return None
+        # allauth returns opaque access tokens; if scopes are not explicitly
+        # included in userinfo payload, treat configured required scopes as granted.
+        scope_value = payload.get("scope")
+        scopes = (
+            [s for s in scope_value.split(" ") if s]
+            if isinstance(scope_value, str) and scope_value.strip()
+            else list(self.required_scopes or [])
+        )
+        if self.required_scopes and not set(self.required_scopes).issubset(set(scopes)):
+            return None
+        client_id = payload.get("azp") or payload.get("client_id") or "nocfo-userinfo"
+        return AccessToken(
+            token=token,
+            client_id=str(client_id),
+            scopes=scopes,
+            claims=payload,
+        )
 class JwtExchangeAuth(httpx.Auth):
     """Exchange incoming OAuth bearer to NoCFO JWT for downstream API calls."""
@@ -213,6 +279,7 @@ class JwtExchangeAuth(httpx.Auth):
             )
             exchange_response = yield exchange_request
+            await exchange_response.aread()
             if exchange_response.status_code == 401:
                 raise RuntimeError(
                     "JWT exchange failed: incoming bearer token is missing or invalid."
@@ -239,11 +306,57 @@ class JwtExchangeAuth(httpx.Auth):
         yield request
+class _CleanUrlAuthProvider(RemoteAuthProvider):
+    """RemoteAuthProvider that strips Pydantic AnyHttpUrl trailing slashes.
+    Pydantic v2 normalises bare-host URLs (``https://host`` →
+    ``https://host/``).  MCP clients concatenate this with
+    ``/.well-known/…`` paths, producing double-slash URLs that 404 on
+    most identity providers.  This subclass wraps the protected-resource
+    metadata route so the serialised JSON contains slash-free URLs.
+    """
+    def get_routes(self, mcp_path: str | None = None) -> list[Route]:
+        routes = super().get_routes(mcp_path)
+        return [self._clean_metadata_route(r) for r in routes]
+    @staticmethod
+    def _clean_metadata_route(route: Route) -> Route:
+        if "oauth-protected-resource" not in (route.path or ""):
+            return route
+        original = route.endpoint
+        # Some Starlette routes wrap endpoints as ASGI callables
+        # (scope, receive, send). Only wrap request-style endpoints.
+        try:
+            if len(inspect.signature(original).parameters) != 1:
+                return route
+        except (TypeError, ValueError):
+            return route
+        async def _strip_trailing_slashes(request):  # type: ignore[no-untyped-def]
+            response = await original(request)
+            body = json.loads(response.body)
+            for key in ("resource", "authorization_servers"):
+                val = body.get(key)
+                if isinstance(val, str):
+                    body[key] = val.rstrip("/")
+                elif isinstance(val, list):
+                    body[key] = [
+                        v.rstrip("/") if isinstance(v, str) else v for v in val
+                    ]
+            return JSONResponse(body, headers=dict(response.headers))
+        return Route(
+            route.path, endpoint=_strip_trailing_slashes, methods=route.methods
+        )
 def build_remote_auth_provider(
     *,
     config: ToolkitConfig,
     options: MCPAuthOptions,
-) -> RemoteAuthProvider:
+) -> _CleanUrlAuthProvider:
     """Create a FastMCP RemoteAuthProvider for connector OAuth bearer verification."""
     if options.mode != "oauth":
@@ -258,7 +371,7 @@ def build_remote_auth_provider(
     remote = RemoteOAuthConfig.from_env(config)
     verifier = remote.build_verifier()
-    return RemoteAuthProvider(
+    return _CleanUrlAuthProvider(
         token_verifier=verifier,
         authorization_servers=list(remote.authorization_servers),
         base_url=options.mcp_base_url,