softmax-cli 0.1.0__tar.gz

softmax_cli-0.1.0/PKG-INFO

@@ -0,0 +1,14 @@
+Metadata-Version: 2.4
+Name: softmax-cli
+Version: 0.1.0
+Summary: Softmax CLI — authentication and account tools
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: <3.13,>=3.12
+Description-Content-Type: text/markdown
+Requires-Dist: typer>=0.19.2
+Requires-Dist: rich>=13.7.0
+Requires-Dist: fastapi>=0.115.0
+Requires-Dist: uvicorn>=0.34.0
+Requires-Dist: httpx>=0.28.1
+Requires-Dist: pyyaml>=6.0.2

softmax_cli-0.1.0/pyproject.toml

@@ -0,0 +1,40 @@
+[build-system]
+requires = ["setuptools==80.9.0", "wheel==0.45.1", "setuptools_scm==8.1.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "softmax-cli"
+description = "Softmax CLI — authentication and account tools"
+readme = "README.md"
+requires-python = ">=3.12,<3.13"
+classifiers = ["Programming Language :: Python :: 3", "Programming Language :: Python :: 3.12"]
+dependencies = [
+  "typer>=0.19.2",
+  "rich>=13.7.0",
+  "fastapi>=0.115.0",
+  "uvicorn>=0.34.0",
+  "httpx>=0.28.1",
+  "pyyaml>=6.0.2",
+]
+dynamic = ["version"]
+
+[project.scripts]
+softmax = "softmax.cli:app"
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.setuptools_scm]
+tag_regex = "^softmax-v(?P<version>\\d+\\.\\d+\\.\\d+(?:\\.\\d+)?)$"
+version_scheme = "no-guess-dev"
+local_scheme = "no-local-version"
+root = "../.."
+fallback_version = "0.0.0"
+git_describe_command = ["git", "describe", "--dirty", "--tags", "--long", "--match", "softmax-v*"]
+
+[tool.pytest.ini_options]
+pythonpath = ["src"]
+testpaths = ["tests"]
+
+[tool.ruff]
+extend = "../../.ruff.toml"

softmax_cli-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

softmax_cli-0.1.0/src/softmax/_console.py

@@ -0,0 +1,3 @@
+from rich.console import Console
+
+console = Console()

softmax_cli-0.1.0/src/softmax/auth.py

@@ -0,0 +1,40 @@
+"""Token storage and browser URL helpers for CLI auth."""
+
+from __future__ import annotations
+
+from urllib.parse import urlencode, urlsplit, urlunsplit
+
+from softmax.token_storage import TokenKind
+from softmax.token_storage import delete_token as delete_stored_token
+from softmax.token_storage import load_token as load_saved_token
+from softmax.token_storage import save_token as save_stored_token
+
+DEFAULT_COGAMES_SERVER = "https://softmax.com/api"
+
+
+def build_browser_login_url(login_server: str, *, callback_url: str | None = None) -> str:
+    """Build the hosted browser sign-in URL for CLI login."""
+    params: dict[str, str] = {}
+    if callback_url:
+        params["callback"] = callback_url
+
+    query = urlencode(params)
+    parsed = urlsplit(login_server)
+    browser_path = parsed.path.rstrip("/").removesuffix("/api") + "/cli-login"
+    return urlunsplit((parsed.scheme, parsed.netloc, browser_path, query, ""))
+
+
+def load_token(*, token_kind: TokenKind, server: str) -> str | None:
+    return load_saved_token(token_kind=token_kind, server=server)
+
+
+def has_saved_token(*, token_kind: TokenKind, server: str) -> bool:
+    return load_token(token_kind=token_kind, server=server) is not None
+
+
+def save_token(*, token_kind: TokenKind, server: str, token: str) -> None:
+    save_stored_token(token_kind=token_kind, server=server, token=token)
+
+
+def delete_token(*, token_kind: TokenKind, server: str) -> bool:
+    return delete_stored_token(token_kind=token_kind, server=server)

softmax_cli-0.1.0/src/softmax/cli.py

@@ -0,0 +1,194 @@
+"""softmax CLI — authentication and account tools."""
+
+import sys
+
+import httpx
+import typer
+from rich.panel import Panel
+
+from softmax._console import console
+from softmax.auth import (
+    DEFAULT_COGAMES_SERVER,
+    build_browser_login_url,
+    delete_token,
+    has_saved_token,
+    load_token,
+    save_token,
+)
+from softmax.perform_login import do_interactive_login_for_token
+from softmax.token_storage import TokenKind
+
+app = typer.Typer(
+    help="Softmax CLI — authentication and account tools",
+    context_settings={"help_option_names": ["-h", "--help"]},
+    no_args_is_help=True,
+    rich_markup_mode="rich",
+)
+
+
+def _build_manual_set_token_command(*, login_server: str) -> str:
+    command = "softmax set-token '<TOKEN>'"
+    if login_server != DEFAULT_COGAMES_SERVER:
+        command += f" --login-server '{login_server}'"
+    return command
+
+
+def _print_non_tty_login_instructions(*, login_server: str) -> None:
+    auth_url = build_browser_login_url(login_server)
+    console.print("Interactive login requires a TTY.", style="red")
+    console.print()
+    console.print("Open this URL in any browser to sign in:", style="yellow")
+    console.print()
+    console.print("    ", auth_url)
+    console.print()
+    console.print("Copy the auth token from the browser, then run:", style="yellow")
+    console.print()
+    console.print("    ", _build_manual_set_token_command(login_server=login_server))
+    console.print()
+    console.print(
+        Panel(
+            "If you are a coding agent, ask your human to open the URL above and give you the resulting auth token. "
+            "Then run the set-token command above.",
+            title="🤖 Agent Hint",
+            border_style="cyan",
+        )
+    )
+
+
+@app.command(name="login")
+def login_cmd(
+    login_server: str = typer.Option(
+        DEFAULT_COGAMES_SERVER,
+        "--login-server",
+        metavar="URL",
+        help="Authentication server URL",
+    ),
+    no_browser: bool = typer.Option(
+        False,
+        "--no-browser",
+        help="Skip opening browser automatically.",
+    ),
+    force: bool = typer.Option(
+        False,
+        "--force",
+        "-f",
+        help="Re-authenticate even if already logged in",
+    ),
+) -> None:
+    """Sign in to Softmax."""
+    from urllib.parse import urlparse  # noqa: PLC0415
+
+    if has_saved_token(token_kind=TokenKind.COGAMES, server=login_server) and not force:
+        console.print(f"Already authenticated with {urlparse(login_server).hostname}", style="green")
+        return
+
+    if not sys.stdin.isatty():
+        _print_non_tty_login_instructions(login_server=login_server)
+        raise typer.Exit(1)
+
+    try:
+        do_interactive_login_for_token(
+            login_server=login_server,
+            server_to_save_token_under=login_server,
+            token_kind=TokenKind.COGAMES,
+            agent_hint=(
+                "If you are a coding agent, ask your human to open the URL below and give you "
+                "the auth token. Then paste the token into this window or run:\n"
+                "\n"
+                f"{_build_manual_set_token_command(login_server=login_server)}"
+            ),
+            open_browser=not no_browser,
+        )
+    except Exception as e:
+        console.print(f"Error: {e}")
+        console.print()
+        console.print("Authentication failed.", style="red")
+        raise typer.Exit(1) from e
+
+    console.print("Authentication successful.", style="green")
+
+
+@app.command(name="logout")
+def logout_cmd(
+    login_server: str = typer.Option(
+        DEFAULT_COGAMES_SERVER,
+        "--login-server",
+        metavar="URL",
+        help="Authentication server URL",
+    ),
+) -> None:
+    """Remove saved authentication token."""
+    if delete_token(token_kind=TokenKind.COGAMES, server=login_server):
+        console.print("Logged out.", style="green")
+    else:
+        console.print("No token found — already logged out.", style="yellow")
+
+
+@app.command(name="get-login-url")
+def get_login_url_cmd(
+    login_server: str = typer.Option(
+        DEFAULT_COGAMES_SERVER,
+        "--login-server",
+        metavar="URL",
+        help="Authentication server URL",
+    ),
+) -> None:
+    """Print a browser sign-in URL for manual login."""
+    print(build_browser_login_url(login_server))
+
+
+@app.command(name="status")
+def status_cmd(
+    login_server: str = typer.Option(
+        DEFAULT_COGAMES_SERVER,
+        "--login-server",
+        metavar="URL",
+        help="Authentication server URL",
+    ),
+) -> None:
+    """Check authentication status via /whoami."""
+    token = load_token(token_kind=TokenKind.COGAMES, server=login_server)
+    if not token:
+        console.print("[red]Not authenticated.[/red] Run [cyan]softmax login[/cyan] first.")
+        raise typer.Exit(1)
+
+    response = httpx.get(
+        f"{login_server.rstrip('/')}/whoami",
+        headers={"Authorization": f"Bearer {token}"},
+        timeout=10.0,
+    )
+    response.raise_for_status()
+    email = response.json().get("user_email", "unknown")
+    console.print(f"[green]Authenticated as {email}[/green]")
+
+
+@app.command(name="get-token")
+def get_token_cmd(
+    login_server: str = typer.Option(
+        DEFAULT_COGAMES_SERVER,
+        "--login-server",
+        metavar="URL",
+        help="Authentication server URL",
+    ),
+) -> None:
+    """Print the saved token to stdout (for scripting)."""
+    token = load_token(token_kind=TokenKind.COGAMES, server=login_server)
+    if not token:
+        console.print("[red]No token found.[/red] Run [cyan]softmax login[/cyan] first.", style="bold")
+        raise typer.Exit(1)
+    print(token)
+
+
+@app.command(name="set-token")
+def set_token_cmd(
+    token: str = typer.Argument(help="Bearer token to save"),
+    login_server: str = typer.Option(
+        DEFAULT_COGAMES_SERVER,
+        "--login-server",
+        metavar="URL",
+        help="Authentication server URL",
+    ),
+) -> None:
+    """Manually set a token (for CI or headless environments)."""
+    save_token(token_kind=TokenKind.COGAMES, token=token, server=login_server)
+    print(f"\nToken saved for {login_server}")

softmax_cli-0.1.0/src/softmax/perform_login.py

@@ -0,0 +1,395 @@
+"""Interactive CLI login flow."""
+
+from __future__ import annotations
+
+import asyncio
+import html
+import socket
+import sys
+import threading
+import time
+import webbrowser
+from dataclasses import dataclass, field
+from datetime import datetime
+from typing import Literal, Sequence
+
+import httpx
+import uvicorn
+from fastapi import FastAPI, Request
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import HTMLResponse
+from rich.panel import Panel
+
+from softmax._console import console
+from softmax.auth import build_browser_login_url, save_token
+from softmax.token_storage import TokenKind
+
+
+@dataclass
+class _CLIAuthSession:
+    token: str | None = None
+    error: str | None = None
+    auth_completed: threading.Event = field(default_factory=threading.Event)
+    completion_lock: threading.Lock = field(default_factory=threading.Lock)
+
+
+def _render_html(
+    *,
+    title: str,
+    headline: str,
+    message_lines: Sequence[str],
+    status: Literal["success", "error"],
+    auto_close_seconds: int | None = None,
+    extra_html: str = "",
+) -> str:
+    icon = "✓" if status == "success" else "⚠"
+    escaped_title = html.escape(title)
+    escaped_headline = html.escape(headline)
+    messages = "".join(f"<p class='smx-auth__message'>{html.escape(line)}</p>" for line in message_lines)
+    current_year = datetime.now().year
+    auto_close_script = ""
+    if auto_close_seconds is not None:
+        auto_close_script = f"""
+        <script>
+            window.setTimeout(function () {{
+                try {{
+                    window.close();
+                }} catch (err) {{
+                    console.debug("Auto-close suppressed", err);
+                }}
+            }}, {int(auto_close_seconds * 1000)});
+        </script>"""
+
+    return f"""<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>{escaped_title}</title>
+    <link rel="stylesheet" href="https://softmax.com/Assets/softmax.css" />
+    <style>
+        :root {{
+            color-scheme: light;
+        }}
+        * {{
+            box-sizing: border-box;
+        }}
+        body.smx-auth-page {{
+            margin: 0;
+            min-height: 100vh;
+            background-color: #fffdf4;
+            color: #0E2758;
+            font-family: "ABC Marfa Variable", "Roboto", -apple-system, BlinkMacSystemFont, sans-serif;
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            justify-content: center;
+            padding: clamp(2.4rem, 8vw, 4rem) 1.5rem;
+            overflow: hidden;
+            text-rendering: optimizeLegibility;
+        }}
+        .smx-auth-card {{
+            width: min(560px, 100%);
+            background: rgba(255, 254, 248, 0.95);
+            border-radius: 24px;
+            border: 1px solid rgba(14, 39, 88, 0.12);
+            box-shadow: 0 32px 60px rgba(14, 39, 88, 0.12);
+            padding: clamp(2rem, 6vw, 3.25rem);
+            text-align: center;
+        }}
+        .smx-auth-card--success .smx-auth-icon {{
+            background: rgba(26, 107, 63, 0.16);
+            color: #195C38;
+        }}
+        .smx-auth-card--error .smx-auth-icon {{
+            background: rgba(176, 46, 38, 0.16);
+            color: #952F2B;
+        }}
+        .smx-auth-icon {{
+            height: 76px;
+            width: 76px;
+            border-radius: 50%;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            font-size: 2.5rem;
+            margin: 0 auto 20px;
+            border: 1px solid rgba(14, 39, 88, 0.12);
+        }}
+        .smx-auth-headline {{
+            margin: 0 0 12px;
+            font-size: clamp(1.8rem, 5vw, 2.35rem);
+            font-weight: 600;
+            letter-spacing: -0.01em;
+        }}
+        .smx-auth__message {{
+            margin: 0 0 12px;
+            font-size: 1.02rem;
+            line-height: 1.6;
+            color: rgba(14, 39, 88, 0.72);
+        }}
+        .smx-auth__body {{
+            display: grid;
+            gap: 8px;
+        }}
+        .smx-auth__actions {{
+            margin-top: 32px;
+            display: flex;
+            flex-direction: column;
+            gap: 14px;
+        }}
+        .smx-auth-button {{
+            appearance: none;
+            border-radius: 999px;
+            border: 2px solid #0E2758;
+            background: #0E2758;
+            color: #fffdf4;
+            cursor: pointer;
+            padding: 0.9rem 1.8rem;
+            font-size: 0.95rem;
+            font-family: "Marfa Mono", "Courier New", monospace;
+            font-weight: 600;
+            letter-spacing: 0.08em;
+            text-transform: uppercase;
+            transition: transform 0.15s ease, box-shadow 0.2s ease, background 0.2s ease;
+        }}
+        .smx-auth-button:hover {{
+            transform: translateY(-1px);
+            background: #1a3875;
+            border-color: #1a3875;
+            box-shadow: 0 14px 28px rgba(26, 56, 117, 0.18);
+        }}
+        .smx-auth-button:active {{
+            transform: translateY(0);
+            box-shadow: 0 8px 16px rgba(14, 39, 88, 0.18);
+        }}
+        .smx-auth-footnote {{
+            margin-top: 28px;
+            font-size: 0.85rem;
+            color: rgba(14, 39, 88, 0.55);
+        }}
+        @media (max-width: 540px) {{
+            .smx-auth-card {{
+                padding: 2.4rem 1.8rem;
+            }}
+        }}
+    </style>
+</head>
+<body class="smx-auth-page">
+    <main class="smx-auth-card smx-auth-card--{status}" role="dialog" aria-live="polite">
+        <div class="smx-auth-icon" aria-hidden="true">{icon}</div>
+        <h1 class="smx-auth-headline">{escaped_headline}</h1>
+        <div class="smx-auth__body">
+            {messages}
+            {extra_html}
+        </div>
+        <div class="smx-auth-footnote">may we all find alignment - softmax, {current_year}</div>
+    </main>
+    {auto_close_script}
+</body>
+</html>"""
+
+
+def _success_html() -> str:
+    return _render_html(
+        title="Authentication Successful",
+        headline="You're all set!",
+        message_lines=[
+            "Authentication complete. You can return to the terminal.",
+            "This window will close automatically in a moment.",
+        ],
+        status="success",
+        auto_close_seconds=3,
+        extra_html="""
+            <div class="smx-auth__actions">
+                <button class="smx-auth-button" type="button" onclick="window.close()">Close this window</button>
+            </div>
+            """,
+    )
+
+
+def _error_html(*, error_message: str) -> str:
+    return _render_html(
+        title="Authentication Error",
+        headline="Something went wrong",
+        message_lines=[
+            error_message,
+            "Please retry the login process or contact support if the issue persists.",
+        ],
+        status="error",
+    )
+
+
+def _find_free_port() -> int:
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
+        sock.bind(("127.0.0.1", 0))
+        return sock.getsockname()[1]
+
+
+def _open_browser(*, url: str) -> None:
+    webbrowser.open(url)
+
+
+def _finish_authentication(session: _CLIAuthSession, *, token: str | None = None, error: str | None = None) -> bool:
+    with session.completion_lock:
+        if session.auth_completed.is_set():
+            return False
+        if token is not None:
+            session.token = token
+        if error is not None:
+            session.error = error
+        session.auth_completed.set()
+        return True
+
+
+def _create_app(session: _CLIAuthSession) -> FastAPI:
+    app = FastAPI(title="CLI OAuth2 Callback Server")
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=["*"],
+        allow_credentials=False,
+        allow_methods=["GET"],
+        allow_headers=["*"],
+    )
+
+    @app.get("/callback")
+    async def callback(request: Request) -> HTMLResponse:
+        try:
+            token = request.query_params.get("token")
+            if not token:
+                _finish_authentication(session, error="No token received in callback")
+                return HTMLResponse(content=_error_html(error_message="No token received"), status_code=400)
+
+            _finish_authentication(session, token=token)
+            return HTMLResponse(content=_success_html())
+        except Exception as exc:
+            _finish_authentication(session, error=f"Callback error: {exc}")
+            return HTMLResponse(content=_error_html(error_message=f"Error: {exc}"), status_code=500)
+
+    return app
+
+
+def _validate_token(*, login_server: str, token: str) -> bool | None:
+    validate_url = f"{login_server.rstrip('/')}/validate"
+    try:
+        response = httpx.get(
+            validate_url,
+            headers={"Authorization": f"Bearer {token}"},
+            timeout=5.0,
+        )
+    except httpx.HTTPError:
+        return None
+
+    if response.status_code == 200:
+        data = response.json()
+        return bool(data.get("valid"))
+    if response.status_code in {400, 401, 403, 404}:
+        return False
+    return None
+
+
+def _print_login_instructions(*, auth_url: str, agent_hint: str | None) -> None:
+    if agent_hint:
+        console.print(
+            Panel(
+                agent_hint,
+                title="🤖 Agent Hint",
+                border_style="cyan",
+            )
+        )
+        console.print()
+    console.print("Open this URL in any browser to sign in:")
+    console.print()
+    console.print(auth_url)
+    console.print()
+
+
+def _start_manual_token_prompt(*, session: _CLIAuthSession, login_server: str) -> None:
+    def prompt_loop() -> None:
+        while not session.auth_completed.is_set():
+            try:
+                token = input("Paste token here when ready: ").strip()
+            except EOFError:
+                return
+
+            if session.auth_completed.is_set():
+                return
+            if not token:
+                continue
+
+            validation_result = _validate_token(login_server=login_server, token=token)
+            if validation_result is False:
+                console.print("Invalid token. Please try again.", style="red")
+                continue
+            if validation_result is None:
+                console.print("Could not validate token right now. Saving it anyway.", style="yellow")
+
+            _finish_authentication(session, token=token)
+            return
+
+    threading.Thread(target=prompt_loop, daemon=True).start()
+
+
+def _run_server(*, session: _CLIAuthSession, port: int) -> None:
+    try:
+        app = _create_app(session)
+        config = uvicorn.Config(
+            app=app,
+            host="127.0.0.1",
+            port=port,
+            log_level="error",
+            access_log=False,
+        )
+        asyncio.run(uvicorn.Server(config).serve())
+    except Exception as exc:
+        session.error = f"Server error: {exc}"
+
+
+def _wait_for_callback_server_to_start(*, session: _CLIAuthSession, port: int, timeout_seconds: float = 3.0) -> bool:
+    deadline = time.time() + timeout_seconds
+    while time.time() < deadline:
+        if session.error:
+            return False
+        try:
+            with socket.create_connection(("127.0.0.1", port), timeout=0.2):
+                return True
+        except OSError:
+            time.sleep(0.05)
+    return False
+
+
+def do_interactive_login_for_token(
+    *,
+    login_server: str,
+    server_to_save_token_under: str,
+    token_kind: TokenKind,
+    agent_hint: str | None,
+    open_browser: bool,
+) -> None:
+    """Run the CLI browser login flow and save the resulting token."""
+    assert sys.stdin.isatty(), "This function should only be called when stdin is a TTY"
+
+    session = _CLIAuthSession()
+    callback_url: str | None = None
+    port = _find_free_port()
+
+    threading.Thread(target=_run_server, kwargs={"session": session, "port": port}, daemon=True).start()
+    if _wait_for_callback_server_to_start(session=session, port=port):
+        callback_url = f"http://127.0.0.1:{port}/callback"
+    session.error = None
+
+    auth_url = build_browser_login_url(login_server, callback_url=callback_url)
+    _print_login_instructions(auth_url=auth_url, agent_hint=agent_hint)
+    if open_browser:
+        _open_browser(url=auth_url)
+
+    _start_manual_token_prompt(session=session, login_server=login_server)
+    session.auth_completed.wait()
+    if session.error:
+        raise RuntimeError(session.error)
+    if not session.token:
+        raise RuntimeError("No token received")
+
+    save_token(token_kind=token_kind, server=server_to_save_token_under, token=session.token)
+    print(f"\nToken saved for {server_to_save_token_under}")
+    print()

softmax_cli-0.1.0/src/softmax/token_storage.py

@@ -0,0 +1,96 @@
+import os
+from enum import StrEnum
+from pathlib import Path
+
+import yaml
+
+
+class TokenKind(StrEnum):
+    COGAMES = "cogames"
+    OBSERVATORY = "observatory"
+
+
+def _token_file_name(*, token_kind: TokenKind) -> str:
+    if token_kind == TokenKind.COGAMES:
+        return "cogames.yaml"
+    if token_kind == TokenKind.OBSERVATORY:
+        return "config.yaml"
+    raise AssertionError(f"Unhandled token kind: {token_kind}")
+
+
+def _token_storage_key(*, token_kind: TokenKind) -> str | None:
+    if token_kind == TokenKind.COGAMES:
+        return "login_tokens"
+    if token_kind == TokenKind.OBSERVATORY:
+        return "observatory_tokens"
+    raise AssertionError(f"Unhandled token kind: {token_kind}")
+
+
+def _token_file_path(*, token_file_name: str) -> Path:
+    config_dir = Path.home() / ".metta"
+    config_dir.mkdir(parents=True, exist_ok=True)
+    return config_dir / token_file_name
+
+
+def _load_token_data(*, token_file_name: str) -> dict:
+    token_file = _token_file_path(token_file_name=token_file_name)
+    if not token_file.exists():
+        return {}
+
+    with open(token_file, "r") as f:
+        return yaml.safe_load(f) or {}
+
+
+def load_token(*, token_kind: TokenKind, server: str) -> str | None:
+    data = _load_token_data(token_file_name=_token_file_name(token_kind=token_kind))
+    assert isinstance(data, dict), "Token storage file must contain a mapping at the top level"
+
+    token_storage_key = _token_storage_key(token_kind=token_kind)
+    tokens = data.get(token_storage_key, {}) if token_storage_key else data
+    assert isinstance(tokens, dict), "Token storage section must be a mapping"
+
+    token = tokens.get(server)
+    return token if isinstance(token, str) else None
+
+
+def save_token(*, token_kind: TokenKind, server: str, token: str) -> None:
+    token_file_name = _token_file_name(token_kind=token_kind)
+    token_storage_key = _token_storage_key(token_kind=token_kind)
+    data = _load_token_data(token_file_name=token_file_name)
+    assert isinstance(data, dict), "Token storage file must contain a mapping at the top level"
+
+    if token_storage_key:
+        tokens = data.setdefault(token_storage_key, {})
+        assert isinstance(tokens, dict), "Token storage section must be a mapping"
+        tokens[server] = token
+    else:
+        data[server] = token
+
+    token_file = _token_file_path(token_file_name=token_file_name)
+    with open(token_file, "w") as f:
+        yaml.safe_dump(data, f, default_flow_style=False)
+    os.chmod(token_file, 0o600)
+
+
+def delete_token(*, token_kind: TokenKind, server: str) -> bool:
+    token_file_name = _token_file_name(token_kind=token_kind)
+    token_storage_key = _token_storage_key(token_kind=token_kind)
+    data = _load_token_data(token_file_name=token_file_name)
+    assert isinstance(data, dict)
+
+    if token_storage_key:
+        tokens = data.get(token_storage_key, {})
+        assert isinstance(tokens, dict)
+        if server not in tokens:
+            return False
+        del tokens[server]
+    else:
+        if server not in data:
+            return False
+        del data[server]
+
+    token_file = _token_file_path(token_file_name=token_file_name)
+    with open(token_file, "w") as f:
+        yaml.safe_dump(data, f, default_flow_style=False)
+    os.chmod(token_file, 0o600)
+    return True

softmax_cli-0.1.0/src/softmax_cli.egg-info/PKG-INFO

@@ -0,0 +1,14 @@
+Metadata-Version: 2.4
+Name: softmax-cli
+Version: 0.1.0
+Summary: Softmax CLI — authentication and account tools
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: <3.13,>=3.12
+Description-Content-Type: text/markdown
+Requires-Dist: typer>=0.19.2
+Requires-Dist: rich>=13.7.0
+Requires-Dist: fastapi>=0.115.0
+Requires-Dist: uvicorn>=0.34.0
+Requires-Dist: httpx>=0.28.1
+Requires-Dist: pyyaml>=6.0.2

softmax_cli-0.1.0/src/softmax_cli.egg-info/SOURCES.txt

@@ -0,0 +1,14 @@
+pyproject.toml
+src/softmax/__init__.py
+src/softmax/_console.py
+src/softmax/auth.py
+src/softmax/cli.py
+src/softmax/perform_login.py
+src/softmax/token_storage.py
+src/softmax_cli.egg-info/PKG-INFO
+src/softmax_cli.egg-info/SOURCES.txt
+src/softmax_cli.egg-info/dependency_links.txt
+src/softmax_cli.egg-info/entry_points.txt
+src/softmax_cli.egg-info/requires.txt
+src/softmax_cli.egg-info/top_level.txt
+tests/test_auth_login.py

softmax_cli-0.1.0/src/softmax_cli.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

softmax_cli-0.1.0/src/softmax_cli.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+softmax = softmax.cli:app

softmax_cli-0.1.0/src/softmax_cli.egg-info/requires.txt

@@ -0,0 +1,6 @@
+typer>=0.19.2
+rich>=13.7.0
+fastapi>=0.115.0
+uvicorn>=0.34.0
+httpx>=0.28.1
+pyyaml>=6.0.2

softmax_cli-0.1.0/src/softmax_cli.egg-info/top_level.txt

@@ -0,0 +1 @@
+softmax

softmax_cli-0.1.0/tests/test_auth_login.py

@@ -0,0 +1,263 @@
+from __future__ import annotations
+
+import builtins
+import sys
+
+import pytest
+
+import softmax.perform_login as auth_module
+from softmax.auth import build_browser_login_url, load_token
+from softmax.cli import _build_manual_set_token_command
+from softmax.perform_login import do_interactive_login_for_token
+from softmax.token_storage import TokenKind, save_token
+
+COGAMES_AGENT_HINT = (
+    "🤖 If you are a coding agent, ask your human to open the URL above and give you the resulting auth token. "
+    "You can paste the token into this window or run: softmax set-token '<TOKEN>'"
+)
+
+
+def test_authenticate_accepts_pasted_token(
+    monkeypatch: pytest.MonkeyPatch,
+    tmp_path,
+) -> None:
+    monkeypatch.setenv("HOME", str(tmp_path))
+
+    monkeypatch.setattr("softmax.perform_login._find_free_port", lambda: 43123)
+    monkeypatch.setattr("softmax.perform_login._run_server", lambda *, session, port: None)
+    monkeypatch.setattr("softmax.perform_login._wait_for_callback_server_to_start", lambda *, session, port: False)
+    monkeypatch.setattr("softmax.perform_login._validate_token", lambda *, login_server, token: True)
+    monkeypatch.setattr(sys.stdin, "isatty", lambda: True)
+    monkeypatch.setattr(builtins, "input", lambda _prompt="": "manual-token-123")
+
+    do_interactive_login_for_token(
+        login_server="https://softmax.com/api",
+        server_to_save_token_under="https://softmax.com/api",
+        token_kind=TokenKind.COGAMES,
+        agent_hint=COGAMES_AGENT_HINT,
+        open_browser=False,
+    )
+    assert load_token(token_kind=TokenKind.COGAMES, server="https://softmax.com/api") == "manual-token-123"
+
+
+def test_authenticate_skips_browser_when_requested(
+    monkeypatch: pytest.MonkeyPatch,
+    tmp_path,
+    capsys: pytest.CaptureFixture[str],
+) -> None:
+    monkeypatch.setenv("HOME", str(tmp_path))
+    monkeypatch.setattr(sys.stdin, "isatty", lambda: True)
+    opened = {"called": False}
+
+    monkeypatch.setattr("softmax.perform_login._find_free_port", lambda: 43124)
+    monkeypatch.setattr("softmax.perform_login._run_server", lambda *, session, port: None)
+    monkeypatch.setattr(
+        "softmax.perform_login._wait_for_callback_server_to_start",
+        lambda *, session, port: False,
+    )
+    monkeypatch.setattr(
+        "softmax.perform_login._open_browser",
+        lambda *, url: opened.__setitem__("called", True) or True,
+    )
+    monkeypatch.setattr(
+        "softmax.perform_login._start_manual_token_prompt",
+        lambda *, session, login_server: auth_module._finish_authentication(session, token="manual-token-456"),
+    )
+
+    do_interactive_login_for_token(
+        login_server="https://softmax.com/api",
+        server_to_save_token_under="https://softmax.com/api",
+        token_kind=TokenKind.COGAMES,
+        agent_hint=COGAMES_AGENT_HINT,
+        open_browser=False,
+    )
+    assert opened["called"] is False
+    output = capsys.readouterr().out
+    assert "Open this URL in any browser to sign in:" in output
+    assert "softmax set-token '<TOKEN>'" in output
+
+
+def test_authenticate_falls_back_to_manual_when_callback_server_fails(
+    monkeypatch: pytest.MonkeyPatch,
+    tmp_path,
+    capsys: pytest.CaptureFixture[str],
+) -> None:
+    monkeypatch.setenv("HOME", str(tmp_path))
+    monkeypatch.setattr(sys.stdin, "isatty", lambda: True)
+    captured_urls: list[str] = []
+
+    monkeypatch.setattr("softmax.perform_login._find_free_port", lambda: 43125)
+    monkeypatch.setattr(
+        "softmax.perform_login._wait_for_callback_server_to_start",
+        lambda *, session, port: False,
+    )
+    monkeypatch.setattr("softmax.perform_login._run_server", lambda *, session, port: None)
+    monkeypatch.setattr(
+        "softmax.perform_login._open_browser",
+        lambda *, url: captured_urls.append(url) or True,
+    )
+    monkeypatch.setattr(
+        "softmax.perform_login._start_manual_token_prompt",
+        lambda *, session, login_server: auth_module._finish_authentication(session, token="manual-token-789"),
+    )
+
+    do_interactive_login_for_token(
+        login_server="https://softmax.com/api",
+        server_to_save_token_under="https://softmax.com/api",
+        token_kind=TokenKind.COGAMES,
+        agent_hint=COGAMES_AGENT_HINT,
+        open_browser=True,
+    )
+    output = capsys.readouterr().out
+    assert "Open this URL in any browser to sign in:" in output
+    assert captured_urls == ["https://softmax.com/cli-login"]
+
+
+def test_authenticate_reprompts_after_invalid_token(
+    monkeypatch: pytest.MonkeyPatch,
+    tmp_path,
+    capsys: pytest.CaptureFixture[str],
+) -> None:
+    monkeypatch.setenv("HOME", str(tmp_path))
+
+    monkeypatch.setattr("softmax.perform_login._find_free_port", lambda: 43126)
+    monkeypatch.setattr("softmax.perform_login._wait_for_callback_server_to_start", lambda *, session, port: False)
+    monkeypatch.setattr("softmax.perform_login._run_server", lambda *, session, port: None)
+    monkeypatch.setattr(sys.stdin, "isatty", lambda: True)
+
+    entered_tokens = iter(["bad-token", "good-token"])
+    monkeypatch.setattr(builtins, "input", lambda _prompt="": next(entered_tokens))
+    validation_results = iter([False, True])
+    monkeypatch.setattr(
+        "softmax.perform_login._validate_token",
+        lambda *, login_server, token: next(validation_results),
+    )
+
+    do_interactive_login_for_token(
+        login_server="https://softmax.com/api",
+        server_to_save_token_under="https://softmax.com/api",
+        token_kind=TokenKind.COGAMES,
+        agent_hint=COGAMES_AGENT_HINT,
+        open_browser=False,
+    )
+    assert load_token(token_kind=TokenKind.COGAMES, server="https://softmax.com/api") == "good-token"
+    assert "Invalid token. Please try again." in capsys.readouterr().out
+
+
+def test_manual_command_includes_nondefault_login_server() -> None:
+    assert _build_manual_set_token_command(login_server="https://softmax.com/api") == "softmax set-token '<TOKEN>'"
+    assert (
+        _build_manual_set_token_command(login_server="https://example.ngrok.app/api")
+        == "softmax set-token '<TOKEN>' --login-server 'https://example.ngrok.app/api'"
+    )
+
+
+def test_generic_authenticator_does_not_print_cogames_agent_hint(
+    monkeypatch: pytest.MonkeyPatch,
+    tmp_path,
+    capsys: pytest.CaptureFixture[str],
+) -> None:
+    monkeypatch.setenv("HOME", str(tmp_path))
+    monkeypatch.setattr(sys.stdin, "isatty", lambda: True)
+
+    monkeypatch.setattr("softmax.perform_login._find_free_port", lambda: 43127)
+    monkeypatch.setattr(
+        "softmax.perform_login._wait_for_callback_server_to_start",
+        lambda *, session, port: False,
+    )
+    monkeypatch.setattr("softmax.perform_login._run_server", lambda *, session, port: None)
+    monkeypatch.setattr(
+        "softmax.perform_login._start_manual_token_prompt",
+        lambda *, session, login_server: auth_module._finish_authentication(session, token="manual-token-000"),
+    )
+
+    do_interactive_login_for_token(
+        login_server="https://softmax.com/api",
+        server_to_save_token_under="token-key",
+        token_kind=TokenKind.OBSERVATORY,
+        agent_hint=None,
+        open_browser=False,
+    )
+    output = capsys.readouterr().out
+    assert "Open this URL in any browser to sign in:" in output
+    assert "softmax set-token" not in output
+    assert "🤖 If you are a coding agent" not in output
+
+
+def test_generic_authenticator_works_without_agent_hint(
+    monkeypatch: pytest.MonkeyPatch,
+    tmp_path,
+) -> None:
+    monkeypatch.setenv("HOME", str(tmp_path))
+    monkeypatch.setattr(sys.stdin, "isatty", lambda: True)
+    monkeypatch.setattr("softmax.perform_login._find_free_port", lambda: 43128)
+    monkeypatch.setattr("softmax.perform_login._wait_for_callback_server_to_start", lambda *, session, port: False)
+    monkeypatch.setattr("softmax.perform_login._run_server", lambda *, session, port: None)
+    monkeypatch.setattr(
+        "softmax.perform_login._start_manual_token_prompt",
+        lambda *, session, login_server: auth_module._finish_authentication(session, token="manual-token-001"),
+    )
+
+    do_interactive_login_for_token(
+        login_server="https://softmax.com/api",
+        server_to_save_token_under="token-key",
+        token_kind=TokenKind.OBSERVATORY,
+        agent_hint=None,
+        open_browser=False,
+    )
+
+
+def test_build_browser_login_url_uses_cli_login_path() -> None:
+    assert build_browser_login_url("https://softmax.com/api") == "https://softmax.com/cli-login"
+    assert (
+        build_browser_login_url(
+            "https://softmax.com/api",
+            callback_url="http://127.0.0.1:5555/callback",
+        )
+        == "https://softmax.com/cli-login?callback=http%3A%2F%2F127.0.0.1%3A5555%2Fcallback"
+    )
+
+
+def test_interactive_login_requires_tty(
+    monkeypatch: pytest.MonkeyPatch,
+) -> None:
+    monkeypatch.setattr(sys.stdin, "isatty", lambda: False)
+
+    with pytest.raises(AssertionError, match="only be called when stdin is a TTY"):
+        do_interactive_login_for_token(
+            login_server="https://softmax.com/api",
+            server_to_save_token_under="https://softmax.com/api",
+            token_kind=TokenKind.COGAMES,
+            agent_hint=COGAMES_AGENT_HINT,
+            open_browser=False,
+        )
+
+
+def test_load_token_raises_for_malformed_top_level_yaml(
+    monkeypatch: pytest.MonkeyPatch,
+    tmp_path,
+) -> None:
+    monkeypatch.setenv("HOME", str(tmp_path))
+    config_dir = tmp_path / ".metta"
+    config_dir.mkdir()
+    (config_dir / "cogames.yaml").write_text("- not-a-mapping\n")
+
+    with pytest.raises(AssertionError, match="top level"):
+        load_token(token_kind=TokenKind.COGAMES, server="https://softmax.com/api")
+
+
+def test_save_token_raises_for_malformed_storage_section(
+    monkeypatch: pytest.MonkeyPatch,
+    tmp_path,
+) -> None:
+    monkeypatch.setenv("HOME", str(tmp_path))
+    config_dir = tmp_path / ".metta"
+    config_dir.mkdir()
+    (config_dir / "cogames.yaml").write_text("login_tokens: nope\n")
+
+    with pytest.raises(AssertionError, match="section must be a mapping"):
+        save_token(
+            token_kind=TokenKind.COGAMES,
+            server="https://softmax.com/api",
+            token="abc",
+        )