powerbase-cli 0.1.5__tar.gz → 0.2.2__tar.gz

{powerbase_cli-0.1.5 → powerbase_cli-0.2.2}/PKG-INFO

@@ -1,10 +1,11 @@
 Metadata-Version: 2.4
 Name: powerbase-cli
-Version: 0.1.5
+Version: 0.2.2
 Summary: CLI for operating Powerbase console workflows
 Author: Powerbase
 Requires-Python: >=3.11
 Description-Content-Type: text/markdown
+Requires-Dist: curl_cffi
 
 # powerbase-cli
 
@@ -41,7 +42,7 @@ Database model:
 Install from PyPI:
 
 ```bash
-python -m pip install powerbase-cli
+python3 -m pip install powerbase-cli
 powerbase --help
 ```
 
@@ -121,7 +122,7 @@ powerbase auth token-set \
   --expires-at 1760000000
 ```
 
-Use `--base-url` or `--anon-key` here only when you intentionally want to override the built-in deployment defaults.
+The CLI is pinned to the production Powerbase console deployment and no longer exposes endpoint override flags.
 
 ### Check Auth State
 

{powerbase_cli-0.1.5 → powerbase_cli-0.2.2}/README.md

@@ -33,7 +33,7 @@ Database model:
 Install from PyPI:
 
 ```bash
-python -m pip install powerbase-cli
+python3 -m pip install powerbase-cli
 powerbase --help
 ```
 
@@ -113,7 +113,7 @@ powerbase auth token-set \
   --expires-at 1760000000
 ```
 
-Use `--base-url` or `--anon-key` here only when you intentionally want to override the built-in deployment defaults.
+The CLI is pinned to the production Powerbase console deployment and no longer exposes endpoint override flags.
 
 ### Check Auth State
 

{powerbase_cli-0.1.5 → powerbase_cli-0.2.2}/pyproject.toml

@@ -4,12 +4,12 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "powerbase-cli"
-version = "0.1.5"
+version = "0.2.2"
 description = "CLI for operating Powerbase console workflows"
 readme = "README.md"
 requires-python = ">=3.11"
 authors = [{ name = "Powerbase" }]
-dependencies = []
+dependencies = ["curl_cffi"]
 
 [project.scripts]
 powerbase = "powerbase_cli.cli:main"
@@ -17,8 +17,5 @@ powerbase = "powerbase_cli.cli:main"
 [tool.setuptools]
 package-dir = { "" = "src" }
 
-[tool.setuptools.package-data]
-powerbase_cli = ["certs/*.pem"]
-
 [tool.setuptools.packages.find]
 where = ["src"]

{powerbase_cli-0.1.5 → powerbase_cli-0.2.2}/src/powerbase_cli/__init__.py

@@ -2,4 +2,4 @@
 
 __all__ = ["__version__"]
 
-__version__ = "0.1.0"
+__version__ = "0.2.1"

{powerbase_cli-0.1.5 → powerbase_cli-0.2.2}/src/powerbase_cli/api.py

@@ -137,19 +137,24 @@ class PowerbaseApi:
             instance_id=instance_id,
             stream=True,
         )
-        buffer = ""
-        while True:
-            chunk = resp.readline()
-            if not chunk:
-                break
-            line = chunk.decode("utf-8")
-            if line == "\n":
-                buffer = ""
-                continue
-            if line.startswith("data:"):
-                payload = line[5:].strip()
-                if payload:
-                    yield json.loads(payload)
+        try:
+            buffer = ""
+            while True:
+                chunk = resp.readline()
+                if not chunk:
+                    break
+                line = chunk.decode("utf-8")
+                if line == "\n":
+                    buffer = ""
+                    continue
+                if line.startswith("data:"):
+                    payload = line[5:].strip()
+                    if payload:
+                        yield json.loads(payload)
+        finally:
+            close = getattr(resp, "close", None)
+            if callable(close):
+                close()
 
     def sandbox_files_list(self, instance_id: str, path: str = "/", include_hidden: bool = False) -> Any:
         params = {
@@ -337,12 +342,17 @@ class PowerbaseApi:
             instance_id=instance_id,
             stream=True,
         )
-        while True:
-            chunk = resp.readline()
-            if not chunk:
-                break
-            line = chunk.decode("utf-8")
-            if line.startswith("data:"):
-                payload = line[5:].strip()
-                if payload:
-                    yield json.loads(payload)
+        try:
+            while True:
+                chunk = resp.readline()
+                if not chunk:
+                    break
+                line = chunk.decode("utf-8")
+                if line.startswith("data:"):
+                    payload = line[5:].strip()
+                    if payload:
+                        yield json.loads(payload)
+        finally:
+            close = getattr(resp, "close", None)
+            if callable(close):
+                close()

{powerbase_cli-0.1.5 → powerbase_cli-0.2.2}/src/powerbase_cli/commands/parser.py

@@ -19,10 +19,6 @@ from .sql import register_sql_commands
 
 GLOBAL_OPTION_ARITY = {
     "--config-dir": 1,
-    "--base-url": 1,
-    "--anon-key": 1,
-    "--ca-cert": 1,
-    "--insecure": 0,
     "--json": 0,
 }
 
@@ -74,18 +70,6 @@ def build_parser() -> argparse.ArgumentParser:
         ),
     )
     parser.add_argument("--config-dir", help="Override the config directory. Defaults to ~/.config/powerbase.")
-    parser.add_argument("--base-url", help="Console base URL. Overrides the built-in default console endpoint.")
-    parser.add_argument("--anon-key", help="Supabase anon key used for functions and auth requests. Overrides the built-in default.")
-    parser.add_argument(
-        "--ca-cert",
-        dest="ca_cert_file",
-        help="Path to a CA certificate PEM file to trust for HTTPS requests.",
-    )
-    parser.add_argument(
-        "--insecure",
-        action="store_true",
-        help="Disable TLS certificate verification for HTTPS requests. Use only for testing with self-signed certs.",
-    )
     parser.add_argument("--json", action="store_true", help="Print JSON output.")
 
     subparsers = parser.add_subparsers(dest="command")

{powerbase_cli-0.1.5 → powerbase_cli-0.2.2}/src/powerbase_cli/commands/shared.py

@@ -8,7 +8,6 @@ from typing import Any
 
 from ..api import PowerbaseApi
 from ..config import (
-    BUNDLED_CA_CERT_SENTINEL,
     DEFAULT_ANON_KEY,
     DEFAULT_BASE_URL,
     AppConfig,
@@ -16,8 +15,6 @@ from ..config import (
     AuthState,
     ConfigStore,
     ContextState,
-    load_bundled_ca_cert,
-    merge_config_with_env,
     merge_context_with_env,
 )
 from ..session import SessionManager
@@ -33,18 +30,11 @@ def build_store(args: argparse.Namespace) -> ConfigStore:
 
 
 def resolve_config(args: argparse.Namespace, store: ConfigStore) -> AppConfig:
-    config = merge_config_with_env(store.load_config())
-    saved_auth = store.load_auth()
-    explicit_ca_cert_file = getattr(args, "ca_cert_file", None) or config.ca_cert_file
+    config = store.load_config()
     return AppConfig(
-        base_url=args.base_url or config.base_url or (saved_auth.base_url if saved_auth else None) or DEFAULT_BASE_URL,
-        anon_key=args.anon_key or config.anon_key or (saved_auth.anon_key if saved_auth else None) or DEFAULT_ANON_KEY,
+        base_url=DEFAULT_BASE_URL,
+        anon_key=DEFAULT_ANON_KEY,
         output="json" if args.json else config.output,
-        tls_insecure=bool(getattr(args, "insecure", False) or config.tls_insecure),
-        # Keep explicit CA settings first. The bundled test CA is only the final fallback for the
-        # current self-signed test environment and should be removed once the deployment uses a
-        # publicly trusted certificate.
-        ca_cert_file=explicit_ca_cert_file or (BUNDLED_CA_CERT_SENTINEL if load_bundled_ca_cert() else None),
     )
 
 
@@ -60,8 +50,6 @@ def build_api(args: argparse.Namespace) -> tuple[ConfigStore, AppConfig, Context
         store,
         config.base_url,
         config.anon_key,
-        tls_insecure=config.tls_insecure,
-        ca_cert_file=config.ca_cert_file,
     )
     api = PowerbaseApi(PowerbaseTransport(config, session_manager))
     return store, config, context, session_manager, api

{powerbase_cli-0.1.5 → powerbase_cli-0.2.2}/src/powerbase_cli/config.py

@@ -1,6 +1,5 @@
 from __future__ import annotations
 
-import importlib.resources
 import json
 import os
 from dataclasses import asdict, dataclass
@@ -12,13 +11,8 @@ try:
 except ModuleNotFoundError:  # pragma: no cover
     tomllib = None  # type: ignore[assignment]
 
-DEFAULT_BASE_URL = "https://console.6.12.235.165.nip.io"
+DEFAULT_BASE_URL = "https://console.appbuild.chat"
 DEFAULT_ANON_KEY = "reallyreallyreallyreallyverysafe"
-# This bundled CA is only for the self-signed test deployment so `pip install powerbase-cli`
-# can work out of the box. Remove it after the deployed console switches to a publicly trusted
-# TLS certificate, then delete the bundled PEM file and its package-data entry as well.
-BUNDLED_CA_CERT_SENTINEL = "<bundled test CA>"
-BUNDLED_CA_CERT_RESOURCE = "certs/powerbase-test-ca.pem"
 
 
 def default_config_dir() -> Path:
@@ -33,8 +27,6 @@ class AppConfig:
     base_url: str | None = DEFAULT_BASE_URL
     anon_key: str | None = DEFAULT_ANON_KEY
     output: str = "text"
-    tls_insecure: bool = False
-    ca_cert_file: str | None = None
 
 
 @dataclass
@@ -69,26 +61,6 @@ def _as_path(path: str | Path | None) -> Path:
     return Path(path).expanduser()
 
 
-def env_flag(name: str) -> bool:
-    value = os.environ.get(name)
-    if value is None:
-        return False
-    return value.strip().lower() in {"1", "true", "yes", "on"}
-
-
-def load_bundled_ca_cert() -> str | None:
-    # The PEM contents are loaded at runtime so test builds can trust the packaged self-signed CA
-    # without asking end users to pass `--ca-cert`. Once the server uses a trusted certificate,
-    # this helper and its callers can be removed.
-    try:
-        resource = importlib.resources.files("powerbase_cli").joinpath(BUNDLED_CA_CERT_RESOURCE)
-        if not resource.is_file():
-            return None
-        return resource.read_text(encoding="utf-8")
-    except (FileNotFoundError, ModuleNotFoundError):
-        return None
-
-
 class ConfigStore:
     def __init__(self, base_dir: str | Path | None = None) -> None:
         self.base_dir = _as_path(base_dir)
@@ -101,31 +73,19 @@ class ConfigStore:
 
     def load_config(self) -> AppConfig:
         if not self.config_path.exists():
-            return AppConfig(base_url=None, anon_key=None)
+            return AppConfig()
         if tomllib is None:
             raise RuntimeError("tomllib is required to read config.toml")
         data = tomllib.loads(self.config_path.read_text(encoding="utf-8"))
         return AppConfig(
-            base_url=data.get("base_url"),
-            anon_key=data.get("anon_key"),
             output=data.get("output", "text"),
-            tls_insecure=bool(data.get("tls_insecure", False)),
-            ca_cert_file=data.get("ca_cert_file"),
         )
 
     def save_config(self, config: AppConfig) -> None:
         self.ensure_base_dir()
         lines = []
-        if config.base_url and config.base_url != DEFAULT_BASE_URL:
-            lines.append(f'base_url = "{config.base_url}"')
-        if config.anon_key and config.anon_key != DEFAULT_ANON_KEY:
-            lines.append(f'anon_key = "{config.anon_key}"')
         if config.output:
             lines.append(f'output = "{config.output}"')
-        if config.tls_insecure:
-            lines.append("tls_insecure = true")
-        if config.ca_cert_file:
-            lines.append(f'ca_cert_file = "{config.ca_cert_file}"')
         self.config_path.write_text("\n".join(lines) + ("\n" if lines else ""), encoding="utf-8")
 
     def load_auth(self) -> AuthState | None:
@@ -210,8 +170,8 @@ def env_auth_state() -> AuthState | None:
     expires_at = int(expires_at_raw) if expires_at_raw and expires_at_raw.isdigit() else None
     return AuthState(
         source="env",
-        base_url=os.environ.get("POWERBASE_BASE_URL"),
-        anon_key=os.environ.get("POWERBASE_ANON_KEY"),
+        base_url=DEFAULT_BASE_URL,
+        anon_key=DEFAULT_ANON_KEY,
         session=AuthSession(
             access_token=access_token,
             refresh_token=refresh_token,
@@ -220,16 +180,6 @@ def env_auth_state() -> AuthState | None:
     )
 
 
-def merge_config_with_env(config: AppConfig) -> AppConfig:
-    return AppConfig(
-        base_url=os.environ.get("POWERBASE_BASE_URL") or config.base_url,
-        anon_key=os.environ.get("POWERBASE_ANON_KEY") or config.anon_key,
-        output=os.environ.get("POWERBASE_OUTPUT") or config.output,
-        tls_insecure=env_flag("POWERBASE_TLS_INSECURE") or config.tls_insecure,
-        ca_cert_file=os.environ.get("POWERBASE_CA_CERT_FILE") or config.ca_cert_file,
-    )
-
-
 def merge_context_with_env(context: ContextState) -> ContextState:
     return ContextState(
         instance_id=os.environ.get("POWERBASE_INSTANCE_ID") or context.instance_id,

powerbase_cli-0.2.2/src/powerbase_cli/http_client.py

@@ -0,0 +1,99 @@
+from __future__ import annotations
+
+import json
+from dataclasses import dataclass
+from typing import Any
+
+from curl_cffi import requests
+from curl_cffi.requests.exceptions import RequestException
+
+DEFAULT_TIMEOUT_SECONDS = 30
+DEFAULT_IMPERSONATION = "chrome"
+
+
+@dataclass
+class HttpClientError(RuntimeError):
+    message: str
+    status_code: int | None = None
+    body_text: str | None = None
+    reason: str | None = None
+
+    def __str__(self) -> str:
+        return self.message
+
+
+class StreamResponseAdapter:
+    def __init__(self, response: requests.Response) -> None:
+        self._response = response
+        self._lines = response.iter_lines()
+
+    def readline(self) -> bytes:
+        try:
+            line = next(self._lines)
+        except StopIteration:
+            self.close()
+            return b""
+        if isinstance(line, str):
+            return line.encode("utf-8") + b"\n"
+        return line + b"\n"
+
+    def close(self) -> None:
+        self._response.close()
+
+
+def send_request(
+    method: str,
+    url: str,
+    *,
+    headers: dict[str, str] | None = None,
+    body: bytes | None = None,
+    stream: bool = False,
+    timeout: int = DEFAULT_TIMEOUT_SECONDS,
+) -> Any:
+    try:
+        response = requests.request(
+            method=method,
+            url=url,
+            headers=headers,
+            data=body,
+            stream=stream,
+            timeout=timeout,
+            impersonate=DEFAULT_IMPERSONATION,
+        )
+    except RequestException as exc:
+        raise HttpClientError(
+            message=str(exc),
+            reason=str(exc),
+        ) from exc
+
+    if response.status_code >= 400:
+        body_text = response.text
+        raise HttpClientError(
+            message=body_text or f"HTTP {response.status_code}",
+            status_code=response.status_code,
+            body_text=body_text,
+            reason=body_text or response.reason,
+        )
+
+    if stream:
+        return StreamResponseAdapter(response)
+    return response
+
+
+def request_json(
+    method: str,
+    url: str,
+    *,
+    headers: dict[str, str] | None = None,
+    body: bytes | None = None,
+    timeout: int = DEFAULT_TIMEOUT_SECONDS,
+) -> dict[str, Any]:
+    response = send_request(
+        method,
+        url,
+        headers=headers,
+        body=body,
+        timeout=timeout,
+    )
+    raw = response.text
+    return json.loads(raw) if raw else {}

{powerbase_cli-0.1.5 → powerbase_cli-0.2.2}/src/powerbase_cli/session.py

@@ -1,17 +1,15 @@
 from __future__ import annotations
 
 import json
-import ssl
 import time
 from contextlib import contextmanager
 from dataclasses import replace
 from datetime import datetime, timezone
 from pathlib import Path
 from typing import Iterator
-from urllib import request
-from urllib.error import HTTPError, URLError
 
-from .config import BUNDLED_CA_CERT_SENTINEL, AuthState, ConfigStore, env_auth_state, load_bundled_ca_cert
+from .config import AuthState, ConfigStore, env_auth_state
+from .http_client import HttpClientError, request_json
 
 try:
     import fcntl
@@ -29,15 +27,10 @@ class SessionManager:
         store: ConfigStore,
         base_url: str | None,
         anon_key: str | None,
-        *,
-        tls_insecure: bool = False,
-        ca_cert_file: str | None = None,
     ) -> None:
         self.store = store
         self.base_url = base_url
         self.anon_key = anon_key
-        self.tls_insecure = tls_insecure
-        self.ca_cert_file = ca_cert_file
 
     def _login_guidance(self) -> str:
         return (
@@ -46,23 +39,6 @@ class SessionManager:
             "run `powerbase auth wait --login-id ... --json`."
         )
 
-    def _urlopen(self, req: request.Request):
-        if self.tls_insecure:
-            context = ssl.create_default_context()
-            context.check_hostname = False
-            context.verify_mode = ssl.CERT_NONE
-            return request.urlopen(req, context=context)
-        if self.ca_cert_file:
-            if self.ca_cert_file == BUNDLED_CA_CERT_SENTINEL:
-                bundled_ca_cert = load_bundled_ca_cert()
-                if not bundled_ca_cert:
-                    raise SessionError("Bundled test CA certificate is unavailable.")
-                context = ssl.create_default_context(cadata=bundled_ca_cert)
-            else:
-                context = ssl.create_default_context(cafile=self.ca_cert_file)
-            return request.urlopen(req, context=context)
-        return request.urlopen(req)
-
     def get_auth_state(self) -> AuthState | None:
         return env_auth_state() or self.store.load_auth()
 
@@ -98,25 +74,19 @@ class SessionManager:
             raise SessionError("base_url and anon_key are required to refresh the session.")
 
         payload = json.dumps({"refresh_token": auth.session.refresh_token}).encode("utf-8")
-        req = request.Request(
-            f"{self.base_url.rstrip('/')}/auth/v1/token?grant_type=refresh_token",
-            data=payload,
-            headers={
-                "apikey": self.anon_key,
-                "Content-Type": "application/json",
-            },
-            method="POST",
-        )
         try:
-            with self._urlopen(req) as resp:
-                data = json.loads(resp.read().decode("utf-8"))
-        except HTTPError as exc:  # pragma: no cover - exercised via tests with patched urlopen
-            body = exc.read().decode("utf-8", errors="replace")
-            raise SessionError(f"Failed to refresh session: {body}") from exc
-        except URLError as exc:  # pragma: no cover - depends on runtime/network setup
-            raise SessionError(f"Failed to refresh session: {exc.reason}") from exc
-        except ssl.SSLError as exc:  # pragma: no cover - depends on runtime/network setup
-            raise SessionError(f"Failed to refresh session: {exc}") from exc
+            data = request_json(
+                "POST",
+                f"{self.base_url.rstrip('/')}/auth/v1/token?grant_type=refresh_token",
+                body=payload,
+                headers={
+                    "apikey": self.anon_key,
+                    "Content-Type": "application/json",
+                },
+            )
+        except HttpClientError as exc:  # pragma: no cover - exercised via tests with patched request_json
+            detail = exc.body_text or exc.reason or str(exc)
+            raise SessionError(f"Failed to refresh session: {detail}") from exc
 
         new_auth = AuthState(
             source=auth.source,

{powerbase_cli-0.1.5 → powerbase_cli-0.2.2}/src/powerbase_cli/transport.py

@@ -1,13 +1,11 @@
 from __future__ import annotations
 
 import json
-import ssl
 from dataclasses import dataclass
 from typing import Any
-from urllib import request
-from urllib.error import HTTPError, URLError
 
-from .config import BUNDLED_CA_CERT_SENTINEL, AppConfig, load_bundled_ca_cert
+from .config import AppConfig
+from .http_client import HttpClientError, send_request
 from .session import SessionError, SessionManager
 
 
@@ -34,23 +32,6 @@ class PowerbaseTransport:
             "run `powerbase auth wait --login-id ... --json`."
         )
 
-    def _urlopen(self, req: request.Request):
-        if self.config.tls_insecure:
-            context = ssl.create_default_context()
-            context.check_hostname = False
-            context.verify_mode = ssl.CERT_NONE
-            return request.urlopen(req, context=context)
-        if self.config.ca_cert_file:
-            if self.config.ca_cert_file == BUNDLED_CA_CERT_SENTINEL:
-                bundled_ca_cert = load_bundled_ca_cert()
-                if not bundled_ca_cert:
-                    raise ApiError("Bundled test CA certificate is unavailable.")
-                context = ssl.create_default_context(cadata=bundled_ca_cert)
-            else:
-                context = ssl.create_default_context(cafile=self.config.ca_cert_file)
-            return request.urlopen(req, context=context)
-        return request.urlopen(req)
-
     def _build_headers(
         self,
         *,
@@ -70,24 +51,43 @@ class PowerbaseTransport:
             request_headers.update(headers)
         return request_headers
 
-    def _send(self, req: request.Request, *, stream: bool) -> Any:
-        resp = self._urlopen(req)
+    def _send(
+        self,
+        *,
+        method: str,
+        url: str,
+        payload: bytes | None,
+        headers: dict[str, str],
+        stream: bool,
+    ) -> Any:
+        resp = send_request(
+            method=method,
+            url=url,
+            body=payload,
+            headers=headers,
+            stream=stream,
+        )
         if stream:
             return resp
-        raw = resp.read().decode("utf-8")
+        raw = resp.text
         return json.loads(raw) if raw else {}
 
-    def _parse_http_error(self, exc: HTTPError) -> ApiError:
-        body_text = exc.read().decode("utf-8", errors="replace")
+    def _parse_http_error(self, exc: HttpClientError) -> ApiError:
+        body_text = exc.body_text or exc.reason or str(exc)
         try:
             data = json.loads(body_text)
         except json.JSONDecodeError:
             data = {"error": body_text}
-        message = data.get("error") or body_text or exc.reason
-        if exc.code == 401:
+        error_text = str(data.get("error") or "").strip()
+        detail_text = str(data.get("message") or "").strip()
+        if error_text and detail_text and detail_text != error_text:
+            message = f"{error_text}: {detail_text}"
+        else:
+            message = error_text or detail_text or body_text or exc.reason
+        if exc.status_code == 401:
             base_message = str(message).strip() or "Authentication failed."
             message = f"{base_message} {self._login_guidance()}"
-        return ApiError(str(message), exc.code)
+        return ApiError(str(message), exc.status_code)
 
     def invoke(
         self,
@@ -118,12 +118,18 @@ class PowerbaseTransport:
             headers=headers,
             instance_id=instance_id,
         )
-        req = request.Request(url, data=payload, headers=request_headers, method=method.upper())
+        request_method = method.upper()
 
         try:
-            return self._send(req, stream=stream)
-        except HTTPError as exc:
-            if exc.code == 401 and auth and auth.session.refresh_token:
+            return self._send(
+                method=request_method,
+                url=url,
+                payload=payload,
+                headers=request_headers,
+                stream=stream,
+            )
+        except HttpClientError as exc:
+            if exc.status_code == 401 and auth and auth.session.refresh_token:
                 try:
                     refreshed_auth = self.session_manager.refresh(auth)
                 except SessionError as refresh_error:
@@ -133,14 +139,15 @@ class PowerbaseTransport:
                     headers=headers,
                     instance_id=instance_id,
                 )
-                retry_req = request.Request(url, data=payload, headers=retry_headers, method=method.upper())
                 try:
-                    return self._send(retry_req, stream=stream)
-                except HTTPError as retry_exc:
+                    return self._send(
+                        method=request_method,
+                        url=url,
+                        payload=payload,
+                        headers=retry_headers,
+                        stream=stream,
+                    )
+                except HttpClientError as retry_exc:
                     raise self._parse_http_error(retry_exc) from retry_exc
             raise self._parse_http_error(exc) from exc
-        except URLError as exc:
-            raise ApiError(f"Request failed: {exc.reason}") from exc
-        except ssl.SSLError as exc:
-            raise ApiError(f"Request failed: {exc}") from exc