thoughtleaders-cli 0.7.4__py3-none-any.whl → 0.7.5__py3-none-any.whl

{thoughtleaders_cli-0.7.4.dist-info → thoughtleaders_cli-0.7.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: thoughtleaders-cli
-Version: 0.7.4
+Version: 0.7.5
 Summary: ThoughtLeaders CLI — query sponsorship data, channels, brands, and intelligence
 Project-URL: Homepage, https://thoughtleaders.io
 Project-URL: Repository, https://github.com/ThoughtLeaders-io/thoughtleaders-cli

{thoughtleaders_cli-0.7.4.dist-info → thoughtleaders_cli-0.7.5.dist-info}/RECORD

@@ -1,4 +1,4 @@
-tl_cli/__init__.py,sha256=xK0gP7uGAavYeHM3ixCoYhRg6AEnE_DI83z7_FnnInc,112
+tl_cli/__init__.py,sha256=42wtAYnJRvJF6uR3-XllRTU49NwpGdrk-2Ap1Lnu_a8,112
 tl_cli/_completions.py,sha256=kOyEUqC26vbYvyXWi513WX8fF73qQLR5WWuRSe_wqyk,164
 tl_cli/_typer_utils.py,sha256=ZiZsCVmEznPvBw-dYbr3tu3zWZ0iN6kjoQmK3gMqD28,860
 tl_cli/config.py,sha256=UV_OYTXuQnAIqbi_oVCXx0hhIdZWR678RRapVv51UwQ,1859
@@ -7,9 +7,8 @@ tl_cli/hints.py,sha256=cT8kuDtkAZqwXkc2RV0Yg_abofK-g9UiXwTTBunX78U,1557
 tl_cli/main.py,sha256=A_8b2SQjBKATxrjO7AGC5Ab1QWlP35gGo4TWzYZtlOM,5806
 tl_cli/self_update.py,sha256=akXOWYgBX2otyaVlx9CDl04gG2s_hYigE2Vkpubt0SA,18302
 tl_cli/auth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tl_cli/auth/commands.py,sha256=NtM5WGnReXrpZ3bysNudUYT_TcRRPE0Ho1EwbRgM_Ws,6285
-tl_cli/auth/finalize.py,sha256=74x8U39dK4nhEnIUMKhX5rNsn1Qjjm8or1n1nUH0SbQ,3346
-tl_cli/auth/login.py,sha256=6Jhfw7_eXGxZvUfNP33AZPRmnqmu_scvgt4AcOydsrE,10665
+tl_cli/auth/commands.py,sha256=BiT-87UbZjsOJKtjv2dKcCwbAg4-Dp4oICRM0c97TFg,7409
+tl_cli/auth/login.py,sha256=Rf65nhN7sjUNcaHYlsO7oYCiHqhGo8e8XwoGI2S4mgM,11487
 tl_cli/auth/pkce.py,sha256=4Q6Ip-TeZFNG9c3swXNi4gH7mdMkltKa62gZZNybt8U,658
 tl_cli/auth/token_store.py,sha256=TcZnUol4-8r0jMEJhOPmABCX12_5RkAln2xfWPNdmHk,3275
 tl_cli/client/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -40,7 +39,7 @@ tl_cli/commands/whoami.py,sha256=aUXwBRwh1vAGrvz8CKGfHYtEOKJCIDfwrGesKAwYZMk,786
 tl_cli/output/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tl_cli/output/formatter.py,sha256=pqlKmb2nZ1Z2e1A9m8l5mgVemJinVAP4in1tUzFWHno,22522
 tl_cli/_plugin/.claude-plugin/marketplace.json,sha256=l56PMmyjfGXNGlV30wRyOAe74B6gJNCVNCxgsBbSNxc,446
-tl_cli/_plugin/.claude-plugin/plugin.json,sha256=8RBuXpnRetjlzB0k2KrWjRquy_KrutSRFcioWI6r1Lo,466
+tl_cli/_plugin/.claude-plugin/plugin.json,sha256=p-kkTL4_8uxs1HMp_shuo7K82_3aT2bcUp-q980utQ0,466
 tl_cli/_plugin/agents/tl-analyst.md,sha256=6J3X3NANkWg6OOUCvNirkN4ulIk80KSumPncDUBt75E,6761
 tl_cli/_plugin/agents/youtube-comment-classifier.md,sha256=S5lr_htA98FIX0su8FJ2ntiHfbdK8OB2NQKC4lTnQcw,2178
 tl_cli/_plugin/hooks/hooks.json,sha256=FSWibw1xAjA-suFV3fR8btIb2kQ82LQ08otTr-NpmFw,835
@@ -111,8 +110,8 @@ tl_cli/_plugin/skills/tl-top-partnerships/SKILL.md,sha256=hvH05hIaGlc0RfTE0GLBtD
 tl_cli/_plugin/skills/tl-top-partnerships/scripts/top_partnerships.py,sha256=_13W6-HuD_jtl7AWQQcZQ0SQO9qODMymlcL-1s4-VwU,13248
 tl_cli/_plugin/skills/tl-views-guarantee/SKILL.md,sha256=IH7q1WJDWri9TWJMiga1FMGJO_GKSbWwaDS6CVNZ9c0,9270
 tl_cli/_plugin/skills/tl-views-guarantee/scripts/vg.py,sha256=Qp5poinHEqh9374anq0bLtlxj2YL6ipBicaT960-Cws,15825
-thoughtleaders_cli-0.7.4.dist-info/METADATA,sha256=MPMDYcGN8eGh3eYWdKN3mDoPGz8E5sijXa2c2FpOybI,18452
-thoughtleaders_cli-0.7.4.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
-thoughtleaders_cli-0.7.4.dist-info/entry_points.txt,sha256=umZp-1BkGkHDG0bNZXpTXrjwW0HGf9IDFN40eAWuuvg,39
-thoughtleaders_cli-0.7.4.dist-info/licenses/LICENSE,sha256=RUfdfLsn6jygiyrnnVUHt6r4IPwr2rbDm9Kixgtu8fo,1071
-thoughtleaders_cli-0.7.4.dist-info/RECORD,,
+thoughtleaders_cli-0.7.5.dist-info/METADATA,sha256=DrOuWCd6RmuSEdebcd8PU8b4FpRSJejLHQkAVXcvTw0,18452
+thoughtleaders_cli-0.7.5.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
+thoughtleaders_cli-0.7.5.dist-info/entry_points.txt,sha256=umZp-1BkGkHDG0bNZXpTXrjwW0HGf9IDFN40eAWuuvg,39
+thoughtleaders_cli-0.7.5.dist-info/licenses/LICENSE,sha256=RUfdfLsn6jygiyrnnVUHt6r4IPwr2rbDm9Kixgtu8fo,1071
+thoughtleaders_cli-0.7.5.dist-info/RECORD,,

tl_cli/__init__.py

@@ -1,3 +1,3 @@
 """ThoughtLeaders CLI — query sponsorship data, channels, brands, and intelligence."""
 
-__version__ = "0.7.4"
+__version__ = "0.7.5"

tl_cli/_plugin/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "tl-cli",
-  "version": "0.7.4",
+  "version": "0.7.5",
   "description": "ThoughtLeaders CLI — query sponsorship deals, channels, brands, uploads, and intelligence from the terminal",
   "author": {
     "name": "ThoughtLeaders",

tl_cli/auth/commands.py

@@ -8,9 +8,9 @@ from tl_cli._typer_utils import AlphaSortedTyperGroup
 from rich.console import Console
 from rich.prompt import Prompt
 
-from tl_cli.auth.finalize import finalize_signup
-from tl_cli.auth.login import login_browser, login_device_code
+from tl_cli.auth.login import login_browser, login_device_code, revoke_refresh_token
 from tl_cli.auth.token_store import KIND_API_KEY, StoredTokens, clear_tokens, load_tokens, save_tokens
+from tl_cli.config import get_config
 
 app = typer.Typer(cls=AlphaSortedTyperGroup, help="Authentication commands")
 console = Console(stderr=True)
@@ -106,8 +106,6 @@ def login_cmd() -> None:
     else:
         login_browser()
 
-    finalize_signup()
-
 
 def _login_api_key() -> None:
     """Store a user-supplied API key as the active credential.
@@ -171,7 +169,27 @@ def _login_api_key() -> None:
 
 @app.command("logout")
 def logout_cmd() -> None:
-    """Clear stored authentication tokens."""
+    """Log out: revoke the refresh token at Auth0, then clear stored tokens."""
+    tokens = load_tokens()
+    # Revoke the long-lived credential server-side so a leaked/synced copy of
+    # the local token store can't keep minting access tokens. Best-effort —
+    # API-key auth has no refresh token, and an offline revoke must not block
+    # clearing local credentials.
+    if tokens and not tokens.is_api_key and tokens.refresh_token:
+        if revoke_refresh_token(tokens.refresh_token):
+            console.print("[dim]Refresh token revoked at Auth0.[/dim]")
+        else:
+            console.print(
+                "[yellow]Could not reach Auth0 to revoke the refresh token; "
+                "clearing local credentials anyway.[/yellow]"
+            )
+        # Revoking the refresh token doesn't end the browser SSO session that
+        # the interactive login established. Point the user at Auth0's logout
+        # URL so the next `tl auth login` doesn't silently SSO straight back in.
+        logout_url = f"https://{get_config().auth0_domain}/logout"
+        console.print(
+            f"To end your Auth0 browser session, visit: [cyan]{logout_url}[/cyan]"
+        )
     clear_tokens()
     console.print("[green]Logged out successfully.[/green]")
 

tl_cli/auth/login.py

@@ -212,6 +212,29 @@ def refresh_access_token(refresh_token: str) -> StoredTokens:
     return tokens
 
 
+def revoke_refresh_token(refresh_token: str) -> bool:
+    """Best-effort revocation of a refresh token at Auth0 (RFC 7009).
+
+    Invalidates the long-lived credential server-side so it can no longer mint
+    new access tokens. Public-client call — `client_id` only, no secret. Returns
+    True on success; never raises — network / Auth0 errors are swallowed so
+    `tl auth logout` can still clear the local credentials when offline.
+    """
+    config = get_config()
+    try:
+        response = httpx.post(
+            f"https://{config.auth0_domain}/oauth/revoke",
+            json={
+                "client_id": config.auth0_client_id,
+                "token": refresh_token,
+            },
+            timeout=10,
+        )
+    except httpx.HTTPError:
+        return False
+    return response.status_code == 200
+
+
 def _exchange_code(
     code: str,
     code_verifier: str,

tl_cli/auth/finalize.py

@@ -1,88 +0,0 @@
-"""Server-side signup finalize, called once per login.
-
-After Auth0 returns a valid token the CLI asks the server whether an
-account exists for the email. If yes, this is a no-op. If no, the CLI
-prompts for a persona (Media Buyer or Creator) and POSTs it back; the
-server creates the User, Organization, Profile and CreditAccount.
-
-Errors here never abort login — the user can always retry the prompt
-on the next call. We do print a clear message so it's obvious whether
-the account is fully set up.
-"""
-
-from __future__ import annotations
-
-import typer
-from rich.console import Console
-from rich.prompt import Prompt
-
-from tl_cli.client.errors import ApiError
-from tl_cli.client.http import get_client
-
-console = Console(stderr=True)
-
-PERSONA_LABEL_TO_KEY = {
-    "Media Buyer": "media_buyer",
-    "Creator": "creator",
-}
-
-
-def finalize_signup() -> None:
-    """POST /auth/finalize, prompting for persona if the server asks for one."""
-    client = get_client()
-    try:
-        # First call: no body. Server tells us whether persona is required.
-        try:
-            result = client.post("/auth/finalize", {})
-        except ApiError as exc:
-            if exc.status_code == 400 and isinstance(exc.raw, dict) and exc.raw.get("code") == "persona_required":
-                result = _prompt_and_finalize(client, exc.raw.get("allowed_personas") or [])
-            elif exc.status_code == 404:
-                # Server predates this endpoint — silently skip; legacy
-                # accounts already exist and don't need provisioning.
-                return
-            else:
-                console.print(f"[yellow]Could not finalize signup: {exc.detail}[/yellow]")
-                return
-
-        if result.get("created"):
-            org = result.get("organization", {})
-            console.print(
-                f"[green]Account created for {org.get('name', 'your organization')}.[/green] "
-                "Run [bold]tl balance[/bold] to see your starter credits."
-            )
-    finally:
-        client.close()
-
-
-def _prompt_and_finalize(client, allowed: list[str]) -> dict:
-    """Prompt the user for a persona, then retry /auth/finalize."""
-    console.print()
-    console.print("[bold]Welcome to ThoughtLeaders![/bold] We need one more detail to set up your account.")
-    console.print("  [cyan]1[/cyan] — Media Buyer (brands and agencies buying sponsorships)")
-    console.print("  [cyan]2[/cyan] — Creator (channels selling sponsorships)")
-
-    persona_key: str | None = None
-    while persona_key is None:
-        choice = Prompt.ask("I am a", choices=["1", "2"], default="1", console=console)
-        candidate = "media_buyer" if choice == "1" else "creator"
-        if allowed and candidate not in allowed:
-            console.print(f"[yellow]Server rejects persona '{candidate}'. Allowed: {', '.join(allowed)}.[/yellow]")
-            continue
-        persona_key = candidate
-
-    org_name = Prompt.ask(
-        "Organization name (optional, leave blank to use your email)",
-        default="",
-        console=console,
-    ).strip()
-
-    body = {"persona": persona_key}
-    if org_name:
-        body["organization_name"] = org_name
-
-    try:
-        return client.post("/auth/finalize", body)
-    except ApiError as exc:
-        console.print(f"[red]Signup failed:[/red] {exc.detail}")
-        raise typer.Exit(1)