sedona-cli 0.1.0__tar.gz

sedona_cli-0.1.0/.gitignore

@@ -0,0 +1,257 @@
+# Node / frontend
+node_modules/
+dist/
+.next/
+.nuxt/
+.output/
+.cache/
+*.tsbuildinfo
+.turbo/
+.parcel-cache/
+
+# macOS
+.DS_Store
+
+# AWS / Textract output
+output_textract/
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[codz]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+/lib/
+/lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#   Usually these files are written by a python script from a template
+#   before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py.cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+# Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+# uv.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+# poetry.lock
+# poetry.toml
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+# pdm.lock
+# pdm.toml
+.pdm-python
+.pdm-build/
+
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+# pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# Redis
+*.rdb
+*.aof
+*.pid
+
+# RabbitMQ
+mnesia/
+rabbitmq/
+rabbitmq-data/
+
+# ActiveMQ
+activemq-data/
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.env.local
+.env.share
+.envrc
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# PyCharm
+#   JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#   be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#   and can be added to the global gitignore or merged into this file.  For a more nuclear
+#   option (not recommended) you can uncomment the following to ignore the entire idea folder.
+# .idea/
+
+# Abstra
+#   Abstra is an AI-powered process automation framework.
+#   Ignore directories containing user credentials, local state, and settings.
+#   Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#   Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
+#   that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#   and can be added to the global gitignore or merged into this file. However, if you prefer, 
+#   you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+# Temporary file for partial code execution
+tempCodeRunnerFile.py
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+# Streamlit
+.streamlit/secrets.toml
+
+# Google OAuth client secrets
+*_secret.json
+token*.json
+# OAuth token caches (leading-dot names not caught by token*.json)
+.x_tokens.json
+*.x_tokens.json
+src/services/interfaces/twitter/scripts/.x_tokens.json
+.vercel
+.env*.local
+
+# Notion exports (may contain secrets)
+notion_export/
+
+# Env files (all variants — secrets never enter git)
+.env
+.env.*
+!.env.example
+email_relevance_labels.json
+email_relevance_eval.json

sedona_cli-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Sedona Health
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

sedona_cli-0.1.0/PKG-INFO

@@ -0,0 +1,73 @@
+Metadata-Version: 2.4
+Name: sedona-cli
+Version: 0.1.0
+Summary: Export your AI chats — Claude Code, Claude.ai/Cowork, ChatGPT — and terminal sessions into your company's context.
+Project-URL: Homepage, https://github.com/Sedona-Health/sedona-internal
+License-Expression: MIT
+License-File: LICENSE
+Keywords: chatgpt,claude,claude-code,context,export,knowledge-base,transcripts
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Utilities
+Requires-Python: >=3.11
+Requires-Dist: httpx>=0.27
+Description-Content-Type: text/markdown
+
+# sedona-cli
+
+Your AI chats hold a surprising amount of company context — decisions, debugging
+trails, design discussions, institutional knowledge that never makes it into a
+doc. `sedona` ships them into Sedona's company knowledge graph, where they
+become searchable context for everyone (with secrets scrubbed and sensitive
+sessions automatically restricted).
+
+## Install
+
+```bash
+uv tool install sedona-cli      # or: pipx install sedona-cli / pip install sedona-cli
+```
+
+## Quickstart
+
+```bash
+sedona auth                     # email OTP — requires a company employee email
+sedona list                     # recent Claude Code sessions + chat exports it found
+sedona send --recent 3          # scrub + upload your 3 most recent sessions
+sedona send ~/Downloads/conversations.json    # a Claude.ai / ChatGPT export
+history | sedona send --stdin   # raw terminal scrollback
+sedona init-skill               # let your local Claude Code do this on request
+```
+
+After `sedona init-skill`, you can just tell Claude Code *"share this session
+with Sedona"* and it handles the upload.
+
+## What it can export
+
+| Source | How |
+|---|---|
+| **Claude Code** sessions | Read directly from `~/.claude/projects/` — `sedona send --recent N` |
+| **Claude.ai / Cowork** chats | Request a data export in claude.ai settings, then `sedona send conversations.json` |
+| **ChatGPT** chats | Request a data export in ChatGPT settings, then `sedona send conversations.json` |
+| **Terminal** sessions | Pipe anything: `tmux capture-pane -p \| sedona send --stdin` |
+
+## Privacy
+
+- **Secrets never leave your machine**: API keys, tokens, JWTs, and private
+  keys are redacted locally before upload (and the server scrubs again as a
+  backstop).
+- The server classifies each conversation's visibility **fail-closed** —
+  sensitive content is restricted to you or admins, not shared company-wide.
+- Tool output in coding sessions is truncated; assistant thinking blocks are
+  dropped entirely.
+- Authentication requires a verified company employee email; the tool does
+  nothing useful outside the company.
+
+## License
+
+MIT (this CLI only).

sedona_cli-0.1.0/README.md

@@ -0,0 +1,52 @@
+# sedona-cli
+
+Your AI chats hold a surprising amount of company context — decisions, debugging
+trails, design discussions, institutional knowledge that never makes it into a
+doc. `sedona` ships them into Sedona's company knowledge graph, where they
+become searchable context for everyone (with secrets scrubbed and sensitive
+sessions automatically restricted).
+
+## Install
+
+```bash
+uv tool install sedona-cli      # or: pipx install sedona-cli / pip install sedona-cli
+```
+
+## Quickstart
+
+```bash
+sedona auth                     # email OTP — requires a company employee email
+sedona list                     # recent Claude Code sessions + chat exports it found
+sedona send --recent 3          # scrub + upload your 3 most recent sessions
+sedona send ~/Downloads/conversations.json    # a Claude.ai / ChatGPT export
+history | sedona send --stdin   # raw terminal scrollback
+sedona init-skill               # let your local Claude Code do this on request
+```
+
+After `sedona init-skill`, you can just tell Claude Code *"share this session
+with Sedona"* and it handles the upload.
+
+## What it can export
+
+| Source | How |
+|---|---|
+| **Claude Code** sessions | Read directly from `~/.claude/projects/` — `sedona send --recent N` |
+| **Claude.ai / Cowork** chats | Request a data export in claude.ai settings, then `sedona send conversations.json` |
+| **ChatGPT** chats | Request a data export in ChatGPT settings, then `sedona send conversations.json` |
+| **Terminal** sessions | Pipe anything: `tmux capture-pane -p \| sedona send --stdin` |
+
+## Privacy
+
+- **Secrets never leave your machine**: API keys, tokens, JWTs, and private
+  keys are redacted locally before upload (and the server scrubs again as a
+  backstop).
+- The server classifies each conversation's visibility **fail-closed** —
+  sensitive content is restricted to you or admins, not shared company-wide.
+- Tool output in coding sessions is truncated; assistant thinking blocks are
+  dropped entirely.
+- Authentication requires a verified company employee email; the tool does
+  nothing useful outside the company.
+
+## License
+
+MIT (this CLI only).

sedona_cli-0.1.0/pyproject.toml

@@ -0,0 +1,33 @@
+[project]
+name = "sedona-cli"
+version = "0.1.0"
+description = "Export your AI chats — Claude Code, Claude.ai/Cowork, ChatGPT — and terminal sessions into your company's context."
+readme = "README.md"
+license = "MIT"
+license-files = ["LICENSE"]
+requires-python = ">=3.11"
+keywords = ["claude", "claude-code", "chatgpt", "transcripts", "context", "knowledge-base", "export"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Environment :: Console",
+    "Intended Audience :: Developers",
+    "Operating System :: OS Independent",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Utilities",
+]
+dependencies = [
+    "httpx>=0.27",
+]
+
+[project.urls]
+Homepage = "https://github.com/Sedona-Health/sedona-internal"
+
+[project.scripts]
+sedona = "sedona_cli.main:main"
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"

sedona_cli-0.1.0/sedona_cli/__init__.py

@@ -0,0 +1,12 @@
+"""Sedona CLI — export and upload AI-chat / terminal transcripts to company context.
+
+Lives in the sedona-internal repo as a uv workspace member so the backend and
+the CLI share one secret scrubber (``sedona_cli.redact``); published to PyPI as
+``sedona-cli``. Install on a laptop:
+
+    uv tool install sedona-cli
+
+Then: ``sedona auth`` → ``sedona list`` → ``sedona send --recent 3``.
+"""
+
+__version__ = "0.1.0"

sedona_cli-0.1.0/sedona_cli/auth.py

@@ -0,0 +1,41 @@
+"""``sedona auth`` — email OTP → long-lived upload token.
+
+The OTP exchange is proxied by the backend (``/transcripts/auth/start`` +
+``/verify``) so the CLI needs no Supabase configuration; proof of mailbox
+control yields the same token the portal mint endpoint issues.
+"""
+
+from __future__ import annotations
+
+import httpx
+
+from sedona_cli import config
+
+
+def run_auth(url: str | None = None) -> int:
+    base = (url or config.base_url()).rstrip("/")
+    email = input("Work email: ").strip().lower()
+    if not email or "@" not in email:
+        print("That doesn't look like an email address.")
+        return 1
+
+    with httpx.Client(timeout=30) as client:
+        resp = client.post(f"{base}/transcripts/auth/start", json={"email": email})
+        if resp.status_code != 200:
+            print(f"Could not send code: {resp.json().get('detail', resp.text)}")
+            return 1
+        print(f"Code sent to {email}.")
+
+        code = input("6-digit code: ").strip()
+        resp = client.post(
+            f"{base}/transcripts/auth/verify", json={"email": email, "code": code}
+        )
+        if resp.status_code != 200:
+            print(f"Verification failed: {resp.json().get('detail', resp.text)}")
+            return 1
+        token = resp.json()["token"]
+
+    config.save(url=base, token=token)
+    print("Authenticated — token saved to ~/.config/sedona/config.json.")
+    print("Try: sedona list   then   sedona send --recent 1")
+    return 0

sedona_cli-0.1.0/sedona_cli/config.py

@@ -0,0 +1,34 @@
+"""CLI config: Sedona base URL + upload token in ~/.config/sedona/config.json."""
+
+from __future__ import annotations
+
+import json
+import os
+from pathlib import Path
+
+DEFAULT_URL = "https://sedona-internal-production.up.railway.app"
+
+_CONFIG_DIR = Path(os.environ.get("SEDONA_CONFIG_DIR", "~/.config/sedona")).expanduser()
+_CONFIG_PATH = _CONFIG_DIR / "config.json"
+
+
+def load() -> dict:
+    try:
+        return json.loads(_CONFIG_PATH.read_text())
+    except (OSError, json.JSONDecodeError):
+        return {}
+
+
+def save(**updates) -> None:
+    cfg = {**load(), **updates}
+    _CONFIG_DIR.mkdir(parents=True, exist_ok=True)
+    _CONFIG_PATH.write_text(json.dumps(cfg, indent=2) + "\n")
+    _CONFIG_PATH.chmod(0o600)
+
+
+def base_url() -> str:
+    return (os.environ.get("SEDONA_URL") or load().get("url") or DEFAULT_URL).rstrip("/")
+
+
+def token() -> str | None:
+    return os.environ.get("SEDONA_TRANSCRIPT_TOKEN") or load().get("token")

sedona_cli-0.1.0/sedona_cli/discover.py

@@ -0,0 +1,91 @@
+"""Find local AI-chat context worth uploading.
+
+Claude Code sessions live at ``~/.claude/projects/<project-slug>/<uuid>.jsonl``;
+the session title is on an ``ai-title`` (newer) or ``summary`` (older) line.
+Claude.ai / ChatGPT data exports land in ``~/Downloads`` as
+``conversations.json`` (possibly inside the export zip the user expanded).
+"""
+
+from __future__ import annotations
+
+import json
+import os
+from dataclasses import dataclass
+from pathlib import Path
+
+
+@dataclass
+class SessionInfo:
+    path: Path
+    project: str
+    title: str
+    mtime: float
+    size: int
+
+
+def _claude_dir() -> Path:
+    return Path(os.environ.get("CLAUDE_CONFIG_DIR", "~/.claude")).expanduser()
+
+
+def session_title(path: Path) -> str:
+    """Best-effort title: last ai-title/summary line, else first user text."""
+    title = ""
+    first_user = ""
+    try:
+        with open(path, encoding="utf-8", errors="replace") as f:
+            for line in f:
+                if '"ai-title"' not in line and '"summary"' not in line and (
+                    first_user or '"user"' not in line
+                ):
+                    continue
+                try:
+                    obj = json.loads(line)
+                except json.JSONDecodeError:
+                    continue
+                if obj.get("type") == "ai-title" and obj.get("aiTitle"):
+                    title = obj["aiTitle"]
+                elif obj.get("type") == "summary" and obj.get("summary"):
+                    title = obj["summary"]
+                elif not first_user and obj.get("type") == "user":
+                    content = (obj.get("message") or {}).get("content")
+                    if isinstance(content, str) and content.strip():
+                        first_user = content.strip().splitlines()[0][:80]
+    except OSError:
+        pass
+    return title or first_user or path.stem
+
+
+def find_sessions(project: str | None = None, limit: int = 20) -> list[SessionInfo]:
+    """Claude Code sessions, newest first."""
+    root = _claude_dir() / "projects"
+    if not root.is_dir():
+        return []
+    paths = [
+        p
+        for p in root.glob("*/*.jsonl")
+        if not project or project in p.parent.name
+    ]
+    paths.sort(key=lambda p: p.stat().st_mtime, reverse=True)
+    out = []
+    for p in paths[:limit]:
+        st = p.stat()
+        out.append(
+            SessionInfo(
+                path=p,
+                project=p.parent.name.lstrip("-").replace("-", "/"),
+                title=session_title(p),
+                mtime=st.st_mtime,
+                size=st.st_size,
+            )
+        )
+    return out
+
+
+def find_chat_exports() -> list[Path]:
+    """conversations.json files (Claude.ai / ChatGPT data exports) in ~/Downloads."""
+    downloads = Path("~/Downloads").expanduser()
+    if not downloads.is_dir():
+        return []
+    hits = list(downloads.glob("conversations.json"))
+    hits += [p for p in downloads.glob("*/conversations.json")]
+    return sorted(hits, key=lambda p: p.stat().st_mtime, reverse=True)

sedona_cli-0.1.0/sedona_cli/main.py

@@ -0,0 +1,169 @@
+"""``sedona`` — upload AI-chat / terminal transcripts into company context.
+
+Commands:
+    sedona auth                      authenticate via email OTP
+    sedona list                      show recent Claude Code sessions + exports
+    sedona send --recent N           upload the N most recent sessions
+    sedona send <path> [<path>...]   upload specific files
+    cmd | sedona send --stdin        upload raw terminal output
+    sedona init-skill                install the local Claude Code skill
+"""
+
+from __future__ import annotations
+
+import argparse
+import sys
+import time
+from pathlib import Path
+
+import httpx
+
+from sedona_cli import config
+from sedona_cli.auth import run_auth
+from sedona_cli.discover import find_chat_exports, find_sessions
+from sedona_cli.redact import redact_secrets
+
+_MAX_UPLOAD_BYTES = 25 * 1024 * 1024
+
+
+def _age(mtime: float) -> str:
+    mins = max(0, int((time.time() - mtime) / 60))
+    if mins < 60:
+        return f"{mins}m ago"
+    if mins < 60 * 24:
+        return f"{mins // 60}h ago"
+    return f"{mins // (60 * 24)}d ago"
+
+
+def cmd_list(args) -> int:
+    sessions = find_sessions(project=args.project)
+    if sessions:
+        print("Recent Claude Code sessions:")
+        for s in sessions:
+            print(f"  {_age(s.mtime):>8}  {s.size // 1024:>6} KB  [{s.project}]  {s.title}")
+    else:
+        print("No Claude Code sessions found under ~/.claude/projects.")
+    exports = find_chat_exports()
+    if exports:
+        print("\nChat exports in ~/Downloads:")
+        for p in exports:
+            print(f"  {p}")
+    print("\nUpload with: sedona send --recent 1   or   sedona send <path>")
+    return 0
+
+
+def _upload(client: httpx.Client, base: str, token: str, path: Path | None, content: str) -> bool:
+    name = path.name if path else "terminal-stdin.txt"
+    clean, redactions = redact_secrets(content)
+    if len(clean.encode()) > _MAX_UPLOAD_BYTES:
+        print(f"  ✗ {name}: exceeds 25 MB, skipping")
+        return False
+    resp = client.post(
+        f"{base}/transcripts/upload",
+        json={"filename": name, "content": clean},
+        headers={"X-Transcript-Token": token},
+        timeout=300,
+    )
+    if resp.status_code != 200:
+        try:
+            detail = resp.json().get("detail", resp.text)
+        except ValueError:
+            detail = resp.text
+        print(f"  ✗ {name}: {resp.status_code} {detail}")
+        return False
+    body = resp.json()
+    if body.get("status") == "queued":
+        print(
+            f"  ⧖ {name}: {body['conversations']} conversations queued "
+            f"(ingesting {body['ingesting']}, skipped {body['skipped']}), redactions={redactions}"
+        )
+        return True
+    for doc in body.get("documents", []):
+        print(
+            f"  ✓ {doc['title']}  [{doc['format']}, visibility={doc['visibility']}, "
+            f"chunks={doc['chunks']}, v{doc['version']}]"
+        )
+    if redactions or body.get("redactions"):
+        print(f"    redacted locally={redactions}, server-side={body.get('redactions', 0)}")
+    return True
+
+
+def cmd_send(args) -> int:
+    token = config.token()
+    if not token:
+        print("Not authenticated — run `sedona auth` first.")
+        return 1
+    base = config.base_url()
+
+    targets: list[Path] = [Path(p).expanduser() for p in args.paths]
+    if args.recent:
+        sessions = find_sessions(project=args.project, limit=args.recent)
+        if not sessions:
+            print("No sessions found to send.")
+            return 1
+        targets += [s.path for s in sessions]
+
+    ok = True
+    with httpx.Client(timeout=300) as client:
+        if args.stdin:
+            content = sys.stdin.read()
+            if content.strip():
+                ok &= _upload(client, base, token, None, content)
+            else:
+                print("Nothing on stdin.")
+                ok = False
+        for path in targets:
+            if not path.is_file():
+                print(f"  ✗ {path}: not a file")
+                ok = False
+                continue
+            ok &= _upload(client, base, token, path, path.read_text(errors="replace"))
+
+    if not targets and not args.stdin:
+        print("Nothing to send — pass paths, --recent N, or --stdin.")
+        return 1
+    return 0 if ok else 1
+
+
+def cmd_init_skill(args) -> int:
+    template = Path(__file__).parent / "skill_template.md"
+    dest = Path("~/.claude/skills/sedona-upload/SKILL.md").expanduser()
+    dest.parent.mkdir(parents=True, exist_ok=True)
+    dest.write_text(template.read_text())
+    print(f"Installed skill → {dest}")
+    print('Your local Claude Code can now act on "share this session with Sedona".')
+    return 0
+
+
+def main(argv: list[str] | None = None) -> int:
+    parser = argparse.ArgumentParser(prog="sedona", description=__doc__.split("\n")[0])
+    sub = parser.add_subparsers(dest="command", required=True)
+
+    p_auth = sub.add_parser("auth", help="authenticate via email OTP")
+    p_auth.add_argument("--url", help="Sedona base URL (default: saved or SEDONA_URL)")
+
+    p_list = sub.add_parser("list", help="show recent sessions and chat exports")
+    p_list.add_argument("--project", help="filter sessions by project slug substring")
+
+    p_send = sub.add_parser("send", help="scrub and upload transcripts")
+    p_send.add_argument("paths", nargs="*", help="transcript files to upload")
+    p_send.add_argument("--recent", type=int, metavar="N", help="send the N most recent sessions")
+    p_send.add_argument("--project", help="with --recent: filter by project slug substring")
+    p_send.add_argument("--stdin", action="store_true", help="read a terminal capture from stdin")
+
+    sub.add_parser("init-skill", help="install the Claude Code skill into ~/.claude/skills")
+
+    args = parser.parse_args(argv)
+    if args.command == "auth":
+        return run_auth(args.url)
+    if args.command == "list":
+        return cmd_list(args)
+    if args.command == "send":
+        return cmd_send(args)
+    if args.command == "init-skill":
+        return cmd_init_skill(args)
+    return 2
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

sedona_cli-0.1.0/sedona_cli/redact.py

@@ -0,0 +1,92 @@
+"""Secret scrubbing for transcripts — the single source of truth.
+
+Used client-side by ``sedona send`` (secrets never leave the laptop) and
+server-side by the transcript ingest path as a backstop (re-exported as
+``src.lib.redact``). Stdlib-only by design so the CLI stays dependency-light.
+
+Redaction is fail-closed: a false positive loses one token from a transcript,
+a false negative puts a credential in the company graph. The entropy guard
+exists only to keep *hex* artifacts (git SHAs, UUIDs, document hashes) alive —
+hex tops out at 4 bits/char, random base64 sits well above it.
+"""
+
+from __future__ import annotations
+
+import math
+import re
+
+__all__ = ["redact_secrets"]
+
+_MASK = "[REDACTED:{kind}]"
+
+# Ordered: specific vendor formats before generic patterns, so the mask kind
+# stays informative and the generic passes never see already-masked text.
+_PATTERNS: list[tuple[str, re.Pattern[str]]] = [
+    (
+        "pem",
+        re.compile(
+            r"-----BEGIN [A-Z ]*PRIVATE KEY-----.*?-----END [A-Z ]*PRIVATE KEY-----",
+            re.DOTALL,
+        ),
+    ),
+    ("aws-key", re.compile(r"\bAKIA[0-9A-Z]{16}\b")),
+    ("anthropic", re.compile(r"\bsk-ant-[A-Za-z0-9_-]{20,}")),
+    ("api-key", re.compile(r"\bsk-[A-Za-z0-9_-]{32,}")),
+    ("github", re.compile(r"\b(?:gh[pousr]_[A-Za-z0-9]{20,}|github_pat_[A-Za-z0-9_]{20,})")),
+    ("slack", re.compile(r"\bxox[baprs]-[A-Za-z0-9-]{10,}")),
+    ("jwt", re.compile(r"\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{5,}")),
+    ("bearer", re.compile(r"(?i)\bbearer\s+[A-Za-z0-9._~+/=-]{20,}")),
+]
+
+# `KEY=value` / `key: value` assignments — keep the key name, mask the value.
+_ASSIGNMENT = re.compile(
+    r"(?i)\b([A-Za-z0-9_-]*(?:api[_-]?key|secret|token|password|passwd|credential)s?)"
+    r"(\s*[=:]\s*)(['\"]?)([^\s'\"\[\]]{16,})\3"
+)
+
+# Bare high-entropy tokens (base64-ish, 32+ chars). Requires at least one
+# non-hex character so hex artifacts can never match regardless of entropy.
+_TOKEN = re.compile(r"\b(?=[A-Za-z0-9+/_-]*[G-Zg-z+/_-])[A-Za-z0-9+/_-]{32,}\b")
+
+_ENTROPY_THRESHOLD = 4.0
+
+
+def _shannon_entropy(s: str) -> float:
+    counts: dict[str, int] = {}
+    for ch in s:
+        counts[ch] = counts.get(ch, 0) + 1
+    n = len(s)
+    return -sum(c / n * math.log2(c / n) for c in counts.values())
+
+
+def redact_secrets(text: str) -> tuple[str, int]:
+    """Mask credentials in ``text``. Returns ``(clean_text, num_redactions)``."""
+    count = 0
+
+    def _sub(pattern: re.Pattern[str], repl, s: str) -> str:
+        nonlocal count
+        out, n = pattern.subn(repl, s)
+        count += n
+        return out
+
+    for kind, pattern in _PATTERNS:
+        text = _sub(pattern, _MASK.format(kind=kind), text)
+
+    text = _sub(
+        _ASSIGNMENT,
+        lambda m: f"{m.group(1)}{m.group(2)}{_MASK.format(kind='value')}",
+        text,
+    )
+
+    def _entropy_repl(m: re.Match[str]) -> str:
+        token = m.group(0)
+        if re.fullmatch(r"[0-9a-fA-F-]+", token):  # UUIDs, SHAs, doc hashes
+            return token
+        if "REDACTED" in token or _shannon_entropy(token) <= _ENTROPY_THRESHOLD:
+            return token
+        nonlocal count
+        count += 1
+        return _MASK.format(kind="token")
+
+    out, _ = _TOKEN.subn(_entropy_repl, text)
+    return out, count

sedona_cli-0.1.0/sedona_cli/skill_template.md

@@ -0,0 +1,29 @@
+# Share this session with Sedona
+
+Use this skill when the user asks to "share this session with Sedona", "upload
+this conversation to company context", "send this thread to Sedona", or similar.
+
+Sedona is the company's knowledge agent. Uploading a session makes its content
+searchable company context (secrets are scrubbed locally before upload, and the
+server classifies visibility — sensitive sessions are restricted automatically).
+
+## Steps
+
+1. Check the CLI is set up: `sedona list` should print recent sessions. If the
+   command is missing, install it: `uv tool install sedona-cli`. If it fails
+   with a missing-token error, run `sedona auth` first (interactive — ask the
+   user to run it themselves in a terminal).
+2. To upload the most recent session(s) of this project:
+   `sedona send --recent 1` (or `--recent N` for the last N).
+   To upload a specific session file: `sedona send <path>`.
+   For raw terminal scrollback: pipe it — `history | sedona send --stdin`.
+3. Report the result to the user: each uploaded document's title, visibility
+   tier, and redaction count are printed by the CLI.
+
+## Notes
+
+- The currently active session's file is still being written; prefer uploading
+  after the work wraps up, or warn the user the upload is a snapshot.
+- Claude.ai / ChatGPT exports (`conversations.json`) can also be sent:
+  `sedona send ~/Downloads/conversations.json`. Large exports are capped
+  server-side (~25 conversations per file); suggest the user trim if needed.