thoughtleaders-cli 0.7.4__py3-none-any.whl → 0.7.6__py3-none-any.whl

{thoughtleaders_cli-0.7.4.dist-info → thoughtleaders_cli-0.7.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: thoughtleaders-cli
-Version: 0.7.4
+Version: 0.7.6
 Summary: ThoughtLeaders CLI — query sponsorship data, channels, brands, and intelligence
 Project-URL: Homepage, https://thoughtleaders.io
 Project-URL: Repository, https://github.com/ThoughtLeaders-io/thoughtleaders-cli

{thoughtleaders_cli-0.7.4.dist-info → thoughtleaders_cli-0.7.6.dist-info}/RECORD

@@ -1,4 +1,4 @@
-tl_cli/__init__.py,sha256=xK0gP7uGAavYeHM3ixCoYhRg6AEnE_DI83z7_FnnInc,112
+tl_cli/__init__.py,sha256=Aq3mKDHNRP4nTdWfXRVP0mw3Gi2UrDf1gZYuf1CJBTM,112
 tl_cli/_completions.py,sha256=kOyEUqC26vbYvyXWi513WX8fF73qQLR5WWuRSe_wqyk,164
 tl_cli/_typer_utils.py,sha256=ZiZsCVmEznPvBw-dYbr3tu3zWZ0iN6kjoQmK3gMqD28,860
 tl_cli/config.py,sha256=UV_OYTXuQnAIqbi_oVCXx0hhIdZWR678RRapVv51UwQ,1859
@@ -7,9 +7,8 @@ tl_cli/hints.py,sha256=cT8kuDtkAZqwXkc2RV0Yg_abofK-g9UiXwTTBunX78U,1557
 tl_cli/main.py,sha256=A_8b2SQjBKATxrjO7AGC5Ab1QWlP35gGo4TWzYZtlOM,5806
 tl_cli/self_update.py,sha256=akXOWYgBX2otyaVlx9CDl04gG2s_hYigE2Vkpubt0SA,18302
 tl_cli/auth/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tl_cli/auth/commands.py,sha256=NtM5WGnReXrpZ3bysNudUYT_TcRRPE0Ho1EwbRgM_Ws,6285
-tl_cli/auth/finalize.py,sha256=74x8U39dK4nhEnIUMKhX5rNsn1Qjjm8or1n1nUH0SbQ,3346
-tl_cli/auth/login.py,sha256=6Jhfw7_eXGxZvUfNP33AZPRmnqmu_scvgt4AcOydsrE,10665
+tl_cli/auth/commands.py,sha256=BiT-87UbZjsOJKtjv2dKcCwbAg4-Dp4oICRM0c97TFg,7409
+tl_cli/auth/login.py,sha256=Rf65nhN7sjUNcaHYlsO7oYCiHqhGo8e8XwoGI2S4mgM,11487
 tl_cli/auth/pkce.py,sha256=4Q6Ip-TeZFNG9c3swXNi4gH7mdMkltKa62gZZNybt8U,658
 tl_cli/auth/token_store.py,sha256=TcZnUol4-8r0jMEJhOPmABCX12_5RkAln2xfWPNdmHk,3275
 tl_cli/client/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -40,14 +39,14 @@ tl_cli/commands/whoami.py,sha256=aUXwBRwh1vAGrvz8CKGfHYtEOKJCIDfwrGesKAwYZMk,786
 tl_cli/output/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tl_cli/output/formatter.py,sha256=pqlKmb2nZ1Z2e1A9m8l5mgVemJinVAP4in1tUzFWHno,22522
 tl_cli/_plugin/.claude-plugin/marketplace.json,sha256=l56PMmyjfGXNGlV30wRyOAe74B6gJNCVNCxgsBbSNxc,446
-tl_cli/_plugin/.claude-plugin/plugin.json,sha256=8RBuXpnRetjlzB0k2KrWjRquy_KrutSRFcioWI6r1Lo,466
+tl_cli/_plugin/.claude-plugin/plugin.json,sha256=djTkN3fvnL-cnoGePHYiQbudE6-RuK4sETDz-HflKkU,466
 tl_cli/_plugin/agents/tl-analyst.md,sha256=6J3X3NANkWg6OOUCvNirkN4ulIk80KSumPncDUBt75E,6761
 tl_cli/_plugin/agents/youtube-comment-classifier.md,sha256=S5lr_htA98FIX0su8FJ2ntiHfbdK8OB2NQKC4lTnQcw,2178
 tl_cli/_plugin/hooks/hooks.json,sha256=FSWibw1xAjA-suFV3fR8btIb2kQ82LQ08otTr-NpmFw,835
 tl_cli/_plugin/hooks/scripts/load-tl-skill.mjs,sha256=EBsyZ-caei-CBJsRtqzJXJs_20O3H22MuVmDpu96umo,805
 tl_cli/_plugin/hooks/scripts/post-usage.sh,sha256=WVvZLkZik6lbeZ20Kh-wgm4JkRFHFN0Uwl4C8S3Y0sY,759
 tl_cli/_plugin/hooks/scripts/pre-check.sh,sha256=E9KeuXy6yeHEBOnOFW4hDW-Et-Dbp1Oh--3WXKfOX78,898
-tl_cli/_plugin/skills/tl/SKILL.md,sha256=YDpZ3DtP_HjEfZtC17ELG9kk-OixRXNvRL7VWwrrMXI,59099
+tl_cli/_plugin/skills/tl/SKILL.md,sha256=R8pU0aU-QrRoawdX-F9mT3ci9inwWBN744xFMciTrmQ,61239
 tl_cli/_plugin/skills/tl/references/business-glossary.md,sha256=FCS-qBOGpdJCmHdglRGRjAuTQAtzpxJNpMkEWThuvlI,17779
 tl_cli/_plugin/skills/tl/references/elasticsearch-schema.md,sha256=OpHvixZ8UcZYJd8GdwgumryFyKwPAxj3AvPkl1QreMY,9316
 tl_cli/_plugin/skills/tl/references/firebolt-schema.md,sha256=KagpSWWEWIRfsAWz271PvAqVbSPvWLoogWhCA_XFSZw,10642
@@ -111,8 +110,8 @@ tl_cli/_plugin/skills/tl-top-partnerships/SKILL.md,sha256=hvH05hIaGlc0RfTE0GLBtD
 tl_cli/_plugin/skills/tl-top-partnerships/scripts/top_partnerships.py,sha256=_13W6-HuD_jtl7AWQQcZQ0SQO9qODMymlcL-1s4-VwU,13248
 tl_cli/_plugin/skills/tl-views-guarantee/SKILL.md,sha256=IH7q1WJDWri9TWJMiga1FMGJO_GKSbWwaDS6CVNZ9c0,9270
 tl_cli/_plugin/skills/tl-views-guarantee/scripts/vg.py,sha256=Qp5poinHEqh9374anq0bLtlxj2YL6ipBicaT960-Cws,15825
-thoughtleaders_cli-0.7.4.dist-info/METADATA,sha256=MPMDYcGN8eGh3eYWdKN3mDoPGz8E5sijXa2c2FpOybI,18452
-thoughtleaders_cli-0.7.4.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
-thoughtleaders_cli-0.7.4.dist-info/entry_points.txt,sha256=umZp-1BkGkHDG0bNZXpTXrjwW0HGf9IDFN40eAWuuvg,39
-thoughtleaders_cli-0.7.4.dist-info/licenses/LICENSE,sha256=RUfdfLsn6jygiyrnnVUHt6r4IPwr2rbDm9Kixgtu8fo,1071
-thoughtleaders_cli-0.7.4.dist-info/RECORD,,
+thoughtleaders_cli-0.7.6.dist-info/METADATA,sha256=P7oqDlNfz_pjBEWzS7pWmSnS8KTUFNEYiEV7H5D-ZYI,18452
+thoughtleaders_cli-0.7.6.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
+thoughtleaders_cli-0.7.6.dist-info/entry_points.txt,sha256=umZp-1BkGkHDG0bNZXpTXrjwW0HGf9IDFN40eAWuuvg,39
+thoughtleaders_cli-0.7.6.dist-info/licenses/LICENSE,sha256=RUfdfLsn6jygiyrnnVUHt6r4IPwr2rbDm9Kixgtu8fo,1071
+thoughtleaders_cli-0.7.6.dist-info/RECORD,,

tl_cli/__init__.py

@@ -1,3 +1,3 @@
 """ThoughtLeaders CLI — query sponsorship data, channels, brands, and intelligence."""
 
-__version__ = "0.7.4"
+__version__ = "0.7.6"

tl_cli/_plugin/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "tl-cli",
-  "version": "0.7.4",
+  "version": "0.7.6",
   "description": "ThoughtLeaders CLI — query sponsorship deals, channels, brands, uploads, and intelligence from the terminal",
   "author": {
     "name": "ThoughtLeaders",

tl_cli/_plugin/skills/tl/SKILL.md

@@ -50,6 +50,13 @@ The pattern is always: server-side narrowing first (usually by filters in the `t
 
 Always assume there will be more than 1 page of results. You MUST always pass `LIMIT` and `OFFSET` to every `tl db pg|fb|es` query (and use the response envelope's `next_offset` / breadcrumbs to walk forward) so the entire data set is retrieved. The maximum number of rows per page is present in the output of `whoami`.
 
+**Counts, totals, and breakdowns: aggregate in the query engine — never page through records to count them.** A "how many / total / average / per-X" question is ONE aggregation query, not N pages of rows summed in your head:
+- `tl db pg` — `SELECT COUNT(*) …`, or `SELECT col, COUNT(*) AS n … GROUP BY col ORDER BY n DESC`. Also `SUM`/`AVG`/`MIN`/`MAX`/`date_trunc`. Returns one/few rows regardless of table size. (`LIMIT`/`OFFSET` still required — an aggregate is one row, so `LIMIT 1 OFFSET 0` is fine.)
+- `tl db es` — aggregation body with `"size": 0` (returns zero hits, only the agg result): `value_count`/`cardinality` for counts, `terms` for per-group, `sum`/`avg` for metrics, `date_histogram` for time series. Add `"track_total_hits": true` to get an exact match count. One aggregation block per body (see ES reference) — run multiple calls for a multi-metric dashboard.
+- Structured list commands and list endpoints already return the full match count as `total` in the response envelope — request `--limit 1` and read `total` instead of fetching every row.
+
+Fetching all rows to count/sum/group them is wrong: it is slow, costs credits per row returned, and silently undercounts once you hit the page cap.
+
 Retry after 5 seconds if the server returns a "connection denied" or a "server error" on any request.
 
 Where possible reference sponsorships, brands, channel by numeric IDs.
@@ -360,6 +367,13 @@ cat query.json | tl db es -
 
 See [references/elasticsearch-schema.md](references/elasticsearch-schema.md) for accepted top-level keys, query types, size/depth limits, scripting/aggregation rules, and the field catalogue.
 
+**Article docs in ES carry only `channel.id` — not a usable channel name. Resolve names from PG, in a two-step script.** Whenever you query article/upload docs and the output needs channel names, do NOT hand-map ids in context and do NOT `ILIKE` on names — write a script that:
+1. runs `tl db es … --json` with `channel.id` in `_source`, then collects the **distinct** channel ids;
+2. runs `tl db pg "SELECT id, channel_name FROM thoughtleaders_channel WHERE id IN (<ids>)" --json` to build an `{id: channel_name}` map;
+3. merges the map onto the ES rows by `channel.id` and emits the enriched result.
+
+Prefer Python for the script (write it to `/tmp`); a `jq`+`xargs` one-liner is fine for a single page (worked example under *Brand sponsorship history*). Always go ES→PG in this order (PG `IN (...)` on the ids ES returned) — one PG round-trip for the whole page, never one query per article.
+
 #### `tl db fb` — Firebolt
 
 ```bash

tl_cli/auth/commands.py

@@ -8,9 +8,9 @@ from tl_cli._typer_utils import AlphaSortedTyperGroup
 from rich.console import Console
 from rich.prompt import Prompt
 
-from tl_cli.auth.finalize import finalize_signup
-from tl_cli.auth.login import login_browser, login_device_code
+from tl_cli.auth.login import login_browser, login_device_code, revoke_refresh_token
 from tl_cli.auth.token_store import KIND_API_KEY, StoredTokens, clear_tokens, load_tokens, save_tokens
+from tl_cli.config import get_config
 
 app = typer.Typer(cls=AlphaSortedTyperGroup, help="Authentication commands")
 console = Console(stderr=True)
@@ -106,8 +106,6 @@ def login_cmd() -> None:
     else:
         login_browser()
 
-    finalize_signup()
-
 
 def _login_api_key() -> None:
     """Store a user-supplied API key as the active credential.
@@ -171,7 +169,27 @@ def _login_api_key() -> None:
 
 @app.command("logout")
 def logout_cmd() -> None:
-    """Clear stored authentication tokens."""
+    """Log out: revoke the refresh token at Auth0, then clear stored tokens."""
+    tokens = load_tokens()
+    # Revoke the long-lived credential server-side so a leaked/synced copy of
+    # the local token store can't keep minting access tokens. Best-effort —
+    # API-key auth has no refresh token, and an offline revoke must not block
+    # clearing local credentials.
+    if tokens and not tokens.is_api_key and tokens.refresh_token:
+        if revoke_refresh_token(tokens.refresh_token):
+            console.print("[dim]Refresh token revoked at Auth0.[/dim]")
+        else:
+            console.print(
+                "[yellow]Could not reach Auth0 to revoke the refresh token; "
+                "clearing local credentials anyway.[/yellow]"
+            )
+        # Revoking the refresh token doesn't end the browser SSO session that
+        # the interactive login established. Point the user at Auth0's logout
+        # URL so the next `tl auth login` doesn't silently SSO straight back in.
+        logout_url = f"https://{get_config().auth0_domain}/logout"
+        console.print(
+            f"To end your Auth0 browser session, visit: [cyan]{logout_url}[/cyan]"
+        )
     clear_tokens()
     console.print("[green]Logged out successfully.[/green]")
 

tl_cli/auth/login.py

@@ -212,6 +212,29 @@ def refresh_access_token(refresh_token: str) -> StoredTokens:
     return tokens
 
 
+def revoke_refresh_token(refresh_token: str) -> bool:
+    """Best-effort revocation of a refresh token at Auth0 (RFC 7009).
+
+    Invalidates the long-lived credential server-side so it can no longer mint
+    new access tokens. Public-client call — `client_id` only, no secret. Returns
+    True on success; never raises — network / Auth0 errors are swallowed so
+    `tl auth logout` can still clear the local credentials when offline.
+    """
+    config = get_config()
+    try:
+        response = httpx.post(
+            f"https://{config.auth0_domain}/oauth/revoke",
+            json={
+                "client_id": config.auth0_client_id,
+                "token": refresh_token,
+            },
+            timeout=10,
+        )
+    except httpx.HTTPError:
+        return False
+    return response.status_code == 200
+
+
 def _exchange_code(
     code: str,
     code_verifier: str,

tl_cli/auth/finalize.py

@@ -1,88 +0,0 @@
-"""Server-side signup finalize, called once per login.
-
-After Auth0 returns a valid token the CLI asks the server whether an
-account exists for the email. If yes, this is a no-op. If no, the CLI
-prompts for a persona (Media Buyer or Creator) and POSTs it back; the
-server creates the User, Organization, Profile and CreditAccount.
-
-Errors here never abort login — the user can always retry the prompt
-on the next call. We do print a clear message so it's obvious whether
-the account is fully set up.
-"""
-
-from __future__ import annotations
-
-import typer
-from rich.console import Console
-from rich.prompt import Prompt
-
-from tl_cli.client.errors import ApiError
-from tl_cli.client.http import get_client
-
-console = Console(stderr=True)
-
-PERSONA_LABEL_TO_KEY = {
-    "Media Buyer": "media_buyer",
-    "Creator": "creator",
-}
-
-
-def finalize_signup() -> None:
-    """POST /auth/finalize, prompting for persona if the server asks for one."""
-    client = get_client()
-    try:
-        # First call: no body. Server tells us whether persona is required.
-        try:
-            result = client.post("/auth/finalize", {})
-        except ApiError as exc:
-            if exc.status_code == 400 and isinstance(exc.raw, dict) and exc.raw.get("code") == "persona_required":
-                result = _prompt_and_finalize(client, exc.raw.get("allowed_personas") or [])
-            elif exc.status_code == 404:
-                # Server predates this endpoint — silently skip; legacy
-                # accounts already exist and don't need provisioning.
-                return
-            else:
-                console.print(f"[yellow]Could not finalize signup: {exc.detail}[/yellow]")
-                return
-
-        if result.get("created"):
-            org = result.get("organization", {})
-            console.print(
-                f"[green]Account created for {org.get('name', 'your organization')}.[/green] "
-                "Run [bold]tl balance[/bold] to see your starter credits."
-            )
-    finally:
-        client.close()
-
-
-def _prompt_and_finalize(client, allowed: list[str]) -> dict:
-    """Prompt the user for a persona, then retry /auth/finalize."""
-    console.print()
-    console.print("[bold]Welcome to ThoughtLeaders![/bold] We need one more detail to set up your account.")
-    console.print("  [cyan]1[/cyan] — Media Buyer (brands and agencies buying sponsorships)")
-    console.print("  [cyan]2[/cyan] — Creator (channels selling sponsorships)")
-
-    persona_key: str | None = None
-    while persona_key is None:
-        choice = Prompt.ask("I am a", choices=["1", "2"], default="1", console=console)
-        candidate = "media_buyer" if choice == "1" else "creator"
-        if allowed and candidate not in allowed:
-            console.print(f"[yellow]Server rejects persona '{candidate}'. Allowed: {', '.join(allowed)}.[/yellow]")
-            continue
-        persona_key = candidate
-
-    org_name = Prompt.ask(
-        "Organization name (optional, leave blank to use your email)",
-        default="",
-        console=console,
-    ).strip()
-
-    body = {"persona": persona_key}
-    if org_name:
-        body["organization_name"] = org_name
-
-    try:
-        return client.post("/auth/finalize", body)
-    except ApiError as exc:
-        console.print(f"[red]Signup failed:[/red] {exc.detail}")
-        raise typer.Exit(1)