obris-cli 0.4.0__tar.gz → 0.4.2__tar.gz

{obris_cli-0.4.0 → obris_cli-0.4.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: obris-cli
-Version: 0.4.0
+Version: 0.4.2
 Summary: Save, organize, and access your knowledge from the command line
 Project-URL: Homepage, https://obris.ai
 Project-URL: Repository, https://github.com/obris-dev/obris

{obris_cli-0.4.0 → obris_cli-0.4.2}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "obris-cli"
-version = "0.4.0"
+version = "0.4.2"
 description = "Save, organize, and access your knowledge from the command line"
 
 requires-python = ">=3.10"

obris_cli-0.4.2/ruff.toml

@@ -0,0 +1,2 @@
+extend = "../ruff.toml"
+target-version = "py310"

obris_cli-0.4.0/src/obris/commands/auth.py → obris_cli-0.4.2/src/obris/auth/session.py

@@ -1,6 +1,6 @@
-import contextlib
+"""Device auth session lifecycle: start, poll, check, finalize."""
+
 import time
-import webbrowser
 
 import click
 import requests
@@ -11,145 +11,52 @@ from obris.api.topics import list_topics
 from obris.output import as_json, is_json
 
 POLL_INTERVAL = 2
-# Server session lives 15 minutes; a session completed near the edge stays
-# readable for another COMPLETED_TTL (60s). Give the CLI a buffer past the
-# session TTL so we don't time out in the same second the user authorizes.
-POLL_TIMEOUT = 960
+# Server session lives 15 minutes (SESSION_TTL); a completed session is
+# readable for another COMPLETED_TTL (300s). Clamp the CLI deadline past
+# both so we don't time out in the same second the user authorizes.
+POLL_TIMEOUT = 1200
 POLL_MAX_BACKOFF = 30
 
 
-@click.group("auth")
-def auth():
-    """Manage authentication."""
-
-
-@auth.command("login")
-def auth_login():
-    """Authenticate via browser (recommended).
-
-    Opens a browser to log in. Works from any environment —
-    copy the link if the browser doesn't open automatically.
-    """
-    api_base = config.get_api_base()
-    app_base = config.get_app_base()
-
+def start_session(api_base):
+    """POST a new device auth session and return its session_id."""
     try:
         resp = requests.post(f"{api_base}/{routes.device_sessions()}", timeout=10)
         resp.raise_for_status()
         payload = resp.json()
-        session_id = payload["session_id"]
+        return payload["session_id"]
     except requests.RequestException as e:
         raise SystemExit(f"Failed to start login session: {e}") from e
     except (ValueError, KeyError) as e:
         raise SystemExit(f"Unexpected response from login session endpoint: {e}") from e
-    url = f"{app_base}/auth/device/{session_id}"
-
-    if not is_json():
-        click.echo("\nTo authenticate, open this URL in your browser:\n")
-        click.echo(f"  {url}\n")
 
-    with contextlib.suppress(webbrowser.Error):
-        webbrowser.open(url)
 
-    if not is_json():
-        click.echo("Waiting for authentication...")
+def check_session(api_base, session_id):
+    """One-shot session check used by `auth complete`.
 
+    Returns the session dict if readable, or None if the session is
+    gone (404). Unlike `poll_for_completion`, this does not loop or
+    retry — callers are expected to invoke it at most once per command
+    run.
+    """
+    poll_url = f"{api_base}/{routes.device_session(session_id)}"
     try:
-        session = _poll_for_completion(api_base, session_id)
-    except KeyboardInterrupt:
-        click.echo("\nLogin cancelled.", err=True)
-        raise SystemExit(130) from None
-
-    email = session.get("email")
-    config.save_tokens(
-        access_token=session["access_token"],
-        refresh_token=session["refresh_token"],
-        expires_in=session.get("expires_in", 3600),
-        client_id=session.get("client_id", ""),
-    )
-
-    scratch_id = _detect_scratch()
-
-    if is_json():
-        as_json(
-            {
-                "env": config.get_active_env(),
-                "email": email,
-                "scratch_topic_id": scratch_id,
-            }
-        )
-        return
-
-    if email:
-        click.echo(f"Logged in as {email}")
-    env = config.get_active_env()
-    if scratch_id:
-        click.echo(f"[{env}] Scratch topic: {scratch_id}")
-    else:
-        click.echo(f"[{env}] No 'Scratch' topic found.")
-
-
-@auth.command("status")
-def auth_status():
-    """Show current authentication status."""
-    env = config.get_active_env()
-    data = config._env_data()
-    token = data.get(config.KEY_ACCESS_TOKEN)
-
-    if not token:
-        if is_json():
-            as_json({"env": env, "authenticated": False})
-            return
-        click.echo(f"[{env}] Not authenticated.")
-        return
-
-    expires_at = data.get(config.KEY_TOKEN_EXPIRES_AT, "")
-    scratch = data.get(config.KEY_SCRATCH_TOPIC)
-
-    if is_json():
-        as_json(
-            {
-                "env": env,
-                "authenticated": True,
-                "token_expires_at": expires_at,
-                "scratch_topic_id": scratch,
-            }
-        )
-        return
-
-    click.echo(f"[{env}] Authenticated (OAuth token)")
-    if expires_at:
-        click.echo(f"[{env}] Token expires: {expires_at}")
-    if scratch:
-        click.echo(f"[{env}] Scratch topic: {scratch}")
-
-
-@auth.command("logout")
-def auth_logout():
-    """Remove stored credentials."""
-    env = config.get_active_env()
-    data = config._env_data()
-
-    if not data.get(config.KEY_ACCESS_TOKEN):
-        if is_json():
-            as_json({"env": env, "logged_out": False})
-            return
-        click.echo(f"[{env}] Not authenticated.")
-        return
-
-    config.clear_tokens()
-    if is_json():
-        as_json({"env": env, "logged_out": True})
-        return
-    click.echo(f"[{env}] Logged out.")
+        resp = requests.get(poll_url, timeout=10)
+    except requests.RequestException as e:
+        raise SystemExit(f"Failed to check login session: {e}") from e
 
+    if resp.status_code == 404:
+        return None
+    if not resp.ok:
+        raise SystemExit(f"Failed to check login session ({resp.status_code}): {resp.text}")
 
-# ---------------------------------------------------------------------------
-# Helpers
-# ---------------------------------------------------------------------------
+    try:
+        return resp.json()
+    except ValueError as e:
+        raise SystemExit(f"Unexpected response from login session endpoint: {e}") from e
 
 
-def _poll_for_completion(api_base, session_id):
+def poll_for_completion(api_base, session_id):
     """Poll the session endpoint until completed or expired.
 
     Backs off on server errors (5xx, 429) with exponential delay,
@@ -193,7 +100,6 @@ def _poll_for_completion(api_base, session_id):
                 raise SystemExit("Session completed but no token received.")
             return data
 
-        # Still pending — reset backoff and wait normally
         last_server_error = None
         backoff = POLL_INTERVAL
         _sleep_within(POLL_INTERVAL, deadline)
@@ -203,12 +109,38 @@ def _poll_for_completion(api_base, session_id):
     raise SystemExit("Login timed out. Run 'obris auth login' to try again.")
 
 
-def _sleep_within(seconds, deadline):
-    """Sleep for up to `seconds`, clamped so we never sleep past the deadline."""
-    remaining = deadline - time.time()
-    if remaining <= 0:
+def finalize_login(session):
+    """Save tokens from a completed session, detect the Scratch topic,
+    and report to the user. Shared by the blocking and non-blocking
+    login paths.
+    """
+    email = session.get("email")
+    config.save_tokens(
+        access_token=session["access_token"],
+        refresh_token=session["refresh_token"],
+        expires_in=session.get("expires_in", 3600),
+        client_id=session.get("client_id", ""),
+    )
+
+    scratch_id = _detect_scratch()
+    env = config.get_active_env()
+
+    if is_json():
+        as_json(
+            {
+                "env": env,
+                "email": email,
+                "scratch_topic_id": scratch_id,
+            }
+        )
         return
-    time.sleep(min(seconds, remaining))
+
+    if email:
+        click.echo(f"Logged in as {email}")
+    if scratch_id:
+        click.echo(f"[{env}] Scratch topic: {scratch_id}")
+    else:
+        click.echo(f"[{env}] No 'Scratch' topic found.")
 
 
 def _detect_scratch():
@@ -228,3 +160,11 @@ def _detect_scratch():
         cfg[env][config.KEY_SCRATCH_TOPIC] = scratch_id
         config.save(cfg)
     return scratch_id
+
+
+def _sleep_within(seconds, deadline):
+    """Sleep for up to `seconds`, clamped so we never sleep past the deadline."""
+    remaining = deadline - time.time()
+    if remaining <= 0:
+        return
+    time.sleep(min(seconds, remaining))

obris_cli-0.4.2/src/obris/commands/auth.py

@@ -0,0 +1,173 @@
+import contextlib
+import webbrowser
+
+import click
+
+from obris import config
+from obris.auth.session import check_session, finalize_login, poll_for_completion, start_session
+from obris.output import as_json, is_json
+
+
+@click.group("auth")
+def auth():
+    """Manage authentication."""
+
+
+@auth.command("login")
+@click.option(
+    "--no-wait",
+    is_flag=True,
+    help="Print the login URL and exit without polling. Finish with `obris auth complete`.",
+)
+def auth_login(no_wait):
+    """Authenticate via browser (recommended).
+
+    Opens a browser to log in. Works from any environment — copy the
+    link if the browser doesn't open automatically.
+
+    By default, the CLI polls in the foreground and exits once login is
+    complete. Pass `--no-wait` to print the URL and exit immediately;
+    when you (or your user) have authorized in the browser, run
+    `obris auth complete` to finalize. This mode is required for LLMs
+    and scripted contexts, where blocking the caller would prevent the
+    URL from being relayed to the user.
+    """
+    api_base = config.get_api_base()
+    app_base = config.get_app_base()
+
+    session_id = start_session(api_base)
+    url = f"{app_base}/auth/device/{session_id}"
+
+    if not is_json():
+        click.echo("\nTo authenticate, open this URL in your browser:\n")
+        click.echo(f"  {url}\n")
+
+    with contextlib.suppress(webbrowser.Error):
+        webbrowser.open(url)
+
+    env = config.get_active_env()
+
+    if no_wait:
+        config.save_pending_session(session_id)
+        if is_json():
+            as_json({"env": env, "session_id": session_id, "url": url, "status": "pending"})
+            return
+        click.echo(f"[{env}] After authorizing, run: obris auth complete")
+        return
+
+    if not is_json():
+        click.echo("Waiting for authentication...")
+
+    try:
+        session = poll_for_completion(api_base, session_id)
+    except KeyboardInterrupt:
+        click.echo("\nLogin cancelled.", err=True)
+        raise SystemExit(130) from None
+
+    finalize_login(session)
+
+
+@auth.command("status")
+def auth_status():
+    """Show current authentication status (read-only).
+
+    Reports whether an access token is stored for the active env and,
+    if so, when it expires. If a login was started with `--no-wait` and
+    hasn't been finalized yet, reports that the session is pending.
+    This command never mutates stored state; run `obris auth complete`
+    to finalize a pending session.
+    """
+    env = config.get_active_env()
+    data = config._env_data()
+    token = data.get(config.KEY_ACCESS_TOKEN)
+    pending = config.get_pending_session()
+
+    if not token:
+        if is_json():
+            as_json({"env": env, "authenticated": False, "pending": bool(pending)})
+            return
+        if pending:
+            click.echo(f"[{env}] Login pending. Finish with: obris auth complete")
+        else:
+            click.echo(f"[{env}] Not authenticated.")
+        return
+
+    expires_at = data.get(config.KEY_TOKEN_EXPIRES_AT, "")
+    scratch = data.get(config.KEY_SCRATCH_TOPIC)
+
+    if is_json():
+        as_json(
+            {
+                "env": env,
+                "authenticated": True,
+                "token_expires_at": expires_at,
+                "scratch_topic_id": scratch,
+            }
+        )
+        return
+
+    click.echo(f"[{env}] Authenticated (OAuth token)")
+    if expires_at:
+        click.echo(f"[{env}] Token expires: {expires_at}")
+    if scratch:
+        click.echo(f"[{env}] Scratch topic: {scratch}")
+
+
+@auth.command("complete")
+def auth_complete():
+    """Finalize a pending `auth login --no-wait` session.
+
+    Checks the pending session once and, if the user has authorized in
+    the browser, saves the tokens and clears the pending state. Exits
+    non-zero if no pending session exists or the session has expired.
+    """
+    env = config.get_active_env()
+    pending = config.get_pending_session()
+
+    if not pending:
+        if is_json():
+            as_json({"env": env, "completed": False, "reason": "no_pending_session"})
+            raise SystemExit(1)
+        raise SystemExit(f"[{env}] No pending login session. Start one with: obris auth login --no-wait")
+
+    api_base = config.get_api_base()
+    session = check_session(api_base, pending)
+
+    if session is None:
+        config.clear_pending_session()
+        if is_json():
+            as_json({"env": env, "completed": False, "reason": "session_expired"})
+            raise SystemExit(1)
+        raise SystemExit(f"[{env}] Pending login session expired. Run: obris auth login --no-wait")
+
+    if session.get("status") != "completed":
+        app_base = config.get_app_base()
+        url = f"{app_base}/auth/device/{pending}"
+        if is_json():
+            as_json({"env": env, "completed": False, "reason": "still_pending", "url": url})
+            raise SystemExit(1)
+        raise SystemExit(f"[{env}] Login still pending. Open: {url}")
+
+    finalize_login(session)
+    config.clear_pending_session()
+
+
+@auth.command("logout")
+def auth_logout():
+    """Remove stored credentials."""
+    env = config.get_active_env()
+    data = config._env_data()
+
+    if not data.get(config.KEY_ACCESS_TOKEN):
+        if is_json():
+            as_json({"env": env, "logged_out": False})
+            return
+        click.echo(f"[{env}] Not authenticated.")
+        return
+
+    config.clear_tokens()
+    config.clear_pending_session()
+    if is_json():
+        as_json({"env": env, "logged_out": True})
+        return
+    click.echo(f"[{env}] Logged out.")

{obris_cli-0.4.0 → obris_cli-0.4.2}/src/obris/config.py

@@ -1,8 +1,10 @@
 import json
 import os
-from datetime import UTC, datetime, timedelta
+from datetime import datetime, timedelta, timezone
 from pathlib import Path
 
+UTC = timezone.utc
+
 import requests
 
 from obris import routes
@@ -22,6 +24,7 @@ KEY_CLIENT_ID = "client_id"
 KEY_DEFAULT_ENV = "default_env"
 KEY_ENVIRONMENTS = "environments"
 KEY_SCRATCH_TOPIC = "scratch_topic_id"
+KEY_PENDING_SESSION_ID = "pending_session_id"
 
 REFRESH_BUFFER = timedelta(minutes=5)
 
@@ -144,6 +147,30 @@ def clear_tokens():
     save(cfg)
 
 
+def save_pending_session(session_id):
+    """Remember a session_id started by `auth login --no-wait` so a later
+    `auth status` call knows which session to finalize."""
+    env = get_active_env()
+    cfg = load()
+    cfg.setdefault(env, {})
+    cfg[env][KEY_PENDING_SESSION_ID] = session_id
+    save(cfg)
+
+
+def get_pending_session():
+    """Return the pending session_id for the active environment, or None."""
+    return _env_data().get(KEY_PENDING_SESSION_ID)
+
+
+def clear_pending_session():
+    """Drop any pending session_id for the active environment."""
+    env = get_active_env()
+    cfg = load()
+    env_data = cfg.get(env, {})
+    env_data.pop(KEY_PENDING_SESSION_ID, None)
+    save(cfg)
+
+
 def _refresh_if_needed():
     """Refresh the access token if it expires within the buffer window.
 

{obris_cli-0.4.0 → obris_cli-0.4.2}/src/obris/sync/mapping.py

@@ -1,9 +1,11 @@
 """Filename computation, hashing, and file utilities for sync."""
 
 import hashlib
-from datetime import UTC, datetime
+from datetime import datetime, timezone
 from pathlib import Path
 
+UTC = timezone.utc
+
 CONFLICT_MARKER = "(conflict "
 HASH_CHUNK_SIZE = 64 * 1024