rob
/
CmdForge
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

Add app pairing feature for simplified registry connection 

- Add pairing_requests table and hostname column to api_tokens
- Add pairing API endpoints: initiate, check, status, connected-apps
- Add cmdforge config connect <username> CLI command
- Rewrite tokens.html as Connected Apps with pairing flow
- Update TUI: Connect button when not authenticated, Publish when connected
- Add private sync option after save in TUI when connected
- Add visibility parameter to publish_tool in registry_client

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
rob 2026-01-14 01:10:12 -04:00
parent 3fe7b07c70
commit 367fac204b
7 changed files with 870 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/cmdforge/cli/__init__.py
View File

@ -240,6 +240,11 @@ def main():
p_cfg_set.add_argument("value", help="Config value") p_cfg_set.add_argument("value", help="Config value")
p_cfg_set.set_defaults(func=cmd_config) p_cfg_set.set_defaults(func=cmd_config)
# config connect
p_cfg_connect = config_sub.add_parser("connect", help="Connect this app to your CmdForge account")
p_cfg_connect.add_argument("username", help="Your CmdForge username")
p_cfg_connect.set_defaults(func=cmd_config)
# Default for config with no subcommand # Default for config with no subcommand
p_config.set_defaults(func=lambda args: cmd_config(args) if args.config_cmd else (setattr(args, 'config_cmd', 'show') or cmd_config(args))) p_config.set_defaults(func=lambda args: cmd_config(args) if args.config_cmd else (setattr(args, 'config_cmd', 'show') or cmd_config(args)))

107
src/cmdforge/cli/config_commands.py
View File

@ -1,6 +1,10 @@
"""Configuration commands.""" """Configuration commands."""
from ..config import load_config, save_config, set_registry_token import socket
import sys
import time
from ..config import load_config, save_config, set_registry_token, get_registry_url
def cmd_config(args): def cmd_config(args):
@ -11,9 +15,12 @@ def cmd_config(args):
return _cmd_config_set_token(args) return _cmd_config_set_token(args)
elif args.config_cmd == "set": elif args.config_cmd == "set":
return _cmd_config_set(args) return _cmd_config_set(args)
elif args.config_cmd == "connect":
return _cmd_config_connect(args)
else: else:
print("Config commands:") print("Config commands:")
print(" show Show current configuration") print(" show Show current configuration")
print(" connect <username> Connect this app to your CmdForge account")
print(" set-token <token> Set registry authentication token") print(" set-token <token> Set registry authentication token")
print(" set <key> <value> Set a configuration value") print(" set <key> <value> Set a configuration value")
return 0 return 0
@ -60,3 +67,101 @@ def _cmd_config_set(args):
save_config(config) save_config(config)
print(f"Set {key} = {value}") print(f"Set {key} = {value}")
return 0 return 0
def _cmd_config_connect(args):
"""Connect this app to a CmdForge account via web pairing."""
try:
import requests
except ImportError:
print("Error: requests library required. Install with: pip install requests")
return 1
username = args.username
hostname = socket.gethostname()
registry_url = get_registry_url()
# Remove trailing /api/v1 if present to get base URL
base_url = registry_url.rstrip("/")
if base_url.endswith("/api/v1"):
base_url = base_url[:-7]
pairing_url = f"{base_url}/api/v1/pairing/check/{username}"
print(f"Connecting to CmdForge as @{username}...")
print(f"Device: {hostname}")
print()
print("Waiting for approval from the web interface...")
print("Go to https://cmdforge.brrd.tech/dashboard/connected-apps")
print("and click 'Connect New App', then 'I've Run the Command'")
print()
print("Press Ctrl+C to cancel")
print()
# Poll for pairing status
max_attempts = 150 # 5 minutes at 2-second intervals
attempt = 0
try:
while attempt < max_attempts:
attempt += 1
try:
response = requests.get(
pairing_url,
params={"hostname": hostname},
timeout=10
)
if response.status_code == 200:
data = response.json()
status = data.get("data", {}).get("status")
if status == "connected":
token = data.get("data", {}).get("token")
if token:
set_registry_token(token)
print("\nConnected successfully!")
print(f"Your device '{hostname}' is now linked to @{username}")
print("\nYou can now publish tools with: cmdforge registry publish")
return 0
else:
print("\nError: Pairing completed but no token received")
return 1
elif status == "pending":
# Still waiting, continue polling
pass
elif status == "expired":
print("\nPairing request expired. Please try again.")
return 1
elif status == "not_found":
# No pending pairing yet, continue waiting
pass
else:
# Unknown status, keep waiting
pass
elif response.status_code == 404:
# No pairing found yet, keep waiting
pass
else:
# Server error, but keep trying
pass
except requests.exceptions.RequestException:
# Network error, keep trying
pass
# Show progress indicator
dots = "." * ((attempt % 3) + 1)
sys.stdout.write(f"\rWaiting{dots} ")
sys.stdout.flush()
time.sleep(2)
print("\n\nTimed out waiting for approval.")
print("Please initiate the connection from the web interface first.")
return 1
except KeyboardInterrupt:
print("\n\nConnection cancelled.")
return 1

163
src/cmdforge/registry/app.py
View File

@ -1466,6 +1466,169 @@ def create_app() -> Flask:
g.db.commit() g.db.commit()
return jsonify({"data": {"revoked": True}}) return jsonify({"data": {"revoked": True}})
# ─── App Pairing (Connect Flow) ──────────────────────────────────────────────
@app.route("/api/v1/pairing/initiate", methods=["POST"])
@require_token
def initiate_pairing() -> Response:
"""Initiate a pairing request from the website. Creates a pending pairing code."""
import secrets
# Clean up old expired pairing requests
g.db.execute(
"DELETE FROM pairing_requests WHERE expires_at < ? OR status = 'claimed'",
[datetime.utcnow().isoformat()],
)
g.db.commit()
# Cancel any existing pending requests for this user
g.db.execute(
"UPDATE pairing_requests SET status = 'cancelled' WHERE publisher_id = ? AND status = 'pending'",
[g.current_publisher["id"]],
)
# Generate pairing code and token
pairing_code = secrets.token_urlsafe(16)
token, token_hash = generate_token()
expires_at = (datetime.utcnow() + timedelta(minutes=5)).isoformat()
g.db.execute(
"""
INSERT INTO pairing_requests (publisher_id, pairing_code, token_hash, token_plain, expires_at)
VALUES (?, ?, ?, ?, ?)
""",
[g.current_publisher["id"], pairing_code, token_hash, token, expires_at],
)
g.db.commit()
return jsonify({
"data": {
"status": "pending",
"username": g.current_publisher["slug"],
"expires_in": 300,
}
})
@app.route("/api/v1/pairing/check/<username>", methods=["GET"])
def check_pairing(username: str) -> Response:
"""CLI polls this to check if pairing is ready. Returns token if ready."""
hostname = request.args.get("hostname", "Unknown Device")
# Find pending pairing for this username
row = query_one(
g.db,
"""
SELECT pr.*, p.slug
FROM pairing_requests pr
JOIN publishers p ON pr.publisher_id = p.id
WHERE p.slug = ? AND pr.status = 'pending' AND pr.expires_at > ?
ORDER BY pr.created_at DESC
LIMIT 1
""",
[username, datetime.utcnow().isoformat()],
)
if not row:
return jsonify({"data": {"status": "not_found"}})
# Claim the pairing
g.db.execute(
"""
UPDATE pairing_requests
SET status = 'claimed', hostname = ?, claimed_at = ?
WHERE id = ?
""",
[hostname, datetime.utcnow().isoformat(), row["id"]],
)
# Create the actual API token with hostname
g.db.execute(
"""
INSERT INTO api_tokens (publisher_id, token_hash, name, hostname, created_at)
VALUES (?, ?, ?, ?, ?)
""",
[row["publisher_id"], row["token_hash"], f"App: {hostname}", hostname, datetime.utcnow().isoformat()],
)
g.db.commit()
return jsonify({
"data": {
"status": "connected",
"token": row["token_plain"],
"username": username,
}
})
@app.route("/api/v1/pairing/status", methods=["GET"])
@require_token
def pairing_status() -> Response:
"""Check if there's an active pairing request for the current user."""
row = query_one(
g.db,
"""
SELECT status, expires_at, created_at
FROM pairing_requests
WHERE publisher_id = ? AND status = 'pending' AND expires_at > ?
ORDER BY created_at DESC
LIMIT 1
""",
[g.current_publisher["id"], datetime.utcnow().isoformat()],
)
if not row:
return jsonify({"data": {"status": "none"}})
return jsonify({
"data": {
"status": "pending",
"expires_at": row["expires_at"],
}
})
@app.route("/api/v1/connected-apps", methods=["GET"])
@require_token
def list_connected_apps() -> Response:
"""List connected apps (tokens with hostnames) for the current user."""
rows = query_all(
g.db,
"""
SELECT id, name, hostname, created_at, last_used_at
FROM api_tokens
WHERE publisher_id = ? AND revoked_at IS NULL
ORDER BY last_used_at DESC NULLS LAST, created_at DESC
""",
[g.current_publisher["id"]],
)
data = []
for row in rows:
data.append({
"id": row["id"],
"name": row["name"],
"hostname": row["hostname"] or "Unknown",
"created_at": row["created_at"],
"last_used_at": row["last_used_at"],
})
return jsonify({"data": data})
@app.route("/api/v1/connected-apps/<int:app_id>", methods=["DELETE"])
@require_token
def disconnect_app(app_id: int) -> Response:
"""Disconnect (revoke) an app."""
row = query_one(
g.db,
"SELECT id FROM api_tokens WHERE id = ? AND publisher_id = ?",
[app_id, g.current_publisher["id"]],
)
if not row:
return error_response("NOT_FOUND", "App not found", 404)
g.db.execute(
"UPDATE api_tokens SET revoked_at = ? WHERE id = ?",
[datetime.utcnow().isoformat(), app_id],
)
g.db.commit()
return jsonify({"data": {"disconnected": True}})
@app.route("/api/v1/tools", methods=["POST"]) @app.route("/api/v1/tools", methods=["POST"])
@require_token @require_token
def publish_tool() -> Response: def publish_tool() -> Response:

33
src/cmdforge/registry/db.py
View File

@ -208,6 +208,23 @@ CREATE TABLE IF NOT EXISTS audit_log (
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
); );
-- App pairing for simplified connection flow
CREATE TABLE IF NOT EXISTS pairing_requests (
id INTEGER PRIMARY KEY AUTOINCREMENT,
publisher_id INTEGER NOT NULL REFERENCES publishers(id),
pairing_code TEXT UNIQUE NOT NULL,
token_hash TEXT,
token_plain TEXT,
hostname TEXT,
status TEXT DEFAULT 'pending',
expires_at TIMESTAMP NOT NULL,
claimed_at TIMESTAMP,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
CREATE INDEX IF NOT EXISTS idx_pairing_code ON pairing_requests(pairing_code, status);
CREATE INDEX IF NOT EXISTS idx_pairing_publisher ON pairing_requests(publisher_id, status);
CREATE TABLE IF NOT EXISTS consents ( CREATE TABLE IF NOT EXISTS consents (
id INTEGER PRIMARY KEY AUTOINCREMENT, id INTEGER PRIMARY KEY AUTOINCREMENT,
client_id TEXT, client_id TEXT,
@ -359,6 +376,22 @@ def migrate_db(conn: sqlite3.Connection) -> None:
except sqlite3.OperationalError: except sqlite3.OperationalError:
pass pass
# API tokens table migrations (for Connected Apps feature)
cursor = conn.execute("PRAGMA table_info(api_tokens)")
tokens_cols = {row[1] for row in cursor.fetchall()}
tokens_migrations = [
("hostname", "TEXT", "NULL"),
]
for col_name, col_type, default in tokens_migrations:
if col_name not in tokens_cols:
try:
conn.execute(f"ALTER TABLE api_tokens ADD COLUMN {col_name} {col_type} DEFAULT {default}")
conn.commit()
except sqlite3.OperationalError:
pass
# Grandfather existing tools: set moderation_status to 'approved' for tools that have NULL # Grandfather existing tools: set moderation_status to 'approved' for tools that have NULL
# This ensures existing tools remain visible after migration # This ensures existing tools remain visible after migration
try: try:

7
src/cmdforge/registry_client.py
View File

@ -565,7 +565,8 @@ class RegistryClient:
self, self,
config_yaml: str, config_yaml: str,
readme: str = "", readme: str = "",
dry_run: bool = False dry_run: bool = False,
visibility: str = "public"
) -> Dict[str, Any]: ) -> Dict[str, Any]:
""" """
Publish a tool to the registry. Publish a tool to the registry.
@ -574,6 +575,7 @@ class RegistryClient:
config_yaml: Tool configuration YAML content config_yaml: Tool configuration YAML content
readme: README.md content readme: README.md content
dry_run: If True, validate without publishing dry_run: If True, validate without publishing
visibility: Tool visibility - "public", "private", or "unlisted"
Returns: Returns:
Dict with PR URL or validation results Dict with PR URL or validation results
@ -581,7 +583,8 @@ class RegistryClient:
payload = { payload = {
"config": config_yaml, "config": config_yaml,
"readme": readme, "readme": readme,
"dry_run": dry_run "dry_run": dry_run,
"visibility": visibility
} }
response = self._request( response = self._request(

316
src/cmdforge/ui_urwid/__init__.py
View File

@ -172,12 +172,23 @@ class CmdForgeUI:
tool_listbox = ToolListBox(self._tool_walker, on_focus_change=self._on_tool_focus) tool_listbox = ToolListBox(self._tool_walker, on_focus_change=self._on_tool_focus)
tool_box = urwid.LineBox(tool_listbox, title='Tools') tool_box = urwid.LineBox(tool_listbox, title='Tools')
# Check if connected to registry
from ..config import load_config
config = load_config()
is_connected = bool(config.registry.token)
# Action buttons - Tab navigates here from tool list (3D style) # Action buttons - Tab navigates here from tool list (3D style)
create_btn = Button3DCompact("Create", lambda _: self._create_tool_before_selected()) create_btn = Button3DCompact("Create", lambda _: self._create_tool_before_selected())
edit_btn = Button3DCompact("Edit", lambda _: self._edit_selected_tool()) edit_btn = Button3DCompact("Edit", lambda _: self._edit_selected_tool())
delete_btn = Button3DCompact("Delete", lambda _: self._delete_selected_tool()) delete_btn = Button3DCompact("Delete", lambda _: self._delete_selected_tool())
test_btn = Button3DCompact("Test", lambda _: self._test_selected_tool()) test_btn = Button3DCompact("Test", lambda _: self._test_selected_tool())
publish_btn = Button3DCompact("Publish", lambda _: self._publish_selected_tool())
# Show Connect or Publish based on connection status
if is_connected:
connect_publish_btn = Button3DCompact("Publish", lambda _: self._publish_selected_tool())
else:
connect_publish_btn = Button3DCompact("Connect", lambda _: self._start_connect_flow())
registry_btn = Button3DCompact("Registry", lambda _: self.browse_registry()) registry_btn = Button3DCompact("Registry", lambda _: self.browse_registry())
providers_btn = Button3DCompact("Providers", lambda _: self.manage_providers()) providers_btn = Button3DCompact("Providers", lambda _: self.manage_providers())
@ -190,7 +201,7 @@ class CmdForgeUI:
('pack', urwid.Text(" ")), ('pack', urwid.Text(" ")),
('pack', test_btn), ('pack', test_btn),
('pack', urwid.Text(" ")), ('pack', urwid.Text(" ")),
('pack', publish_btn), ('pack', connect_publish_btn),
('pack', urwid.Text(" ")), ('pack', urwid.Text(" ")),
('pack', registry_btn), ('pack', registry_btn),
('pack', urwid.Text(" ")), ('pack', urwid.Text(" ")),
@ -403,10 +414,15 @@ class CmdForgeUI:
) )
def _prompt_for_token(self, tool, version): def _prompt_for_token(self, tool, version):
"""Prompt user to enter their registry token.""" """Prompt user to connect their account or enter a token manually."""
from ..config import set_registry_token from ..config import set_registry_token
def on_info_ok(): def on_connect(_):
self.close_overlay()
self._start_connect_flow(tool, version)
def on_manual(_):
self.close_overlay()
def on_token(token): def on_token(token):
if token and token.strip(): if token and token.strip():
token = token.strip() token = token.strip()
@ -427,14 +443,158 @@ class CmdForgeUI:
on_token on_token
) )
self.message_box( def on_cancel(_):
self.close_overlay()
body = urwid.Text(
"To publish tools, you need to connect your account.\n\n"
"Option 1: Connect (Recommended)\n"
" - Creates a secure link to your account\n"
" - No manual token handling\n\n"
"Option 2: Enter Token Manually\n"
" - For CI/CD or advanced setups\n"
" - Get token from cmdforge.brrd.tech/dashboard"
)
dialog = Dialog(
"Authentication Required", "Authentication Required",
"To publish tools, you need an API token.\n\n" body,
"1. Go to cmdforge.brrd.tech/register\n" [("Connect", on_connect), ("Manual Token", on_manual), ("Cancel", on_cancel)]
"2. Log in and go to Dashboard > Tokens\n" )
"3. Create a token and copy it\n" self.show_overlay(dialog, width=55, height=16)
"4. Paste it in the next dialog",
callback=on_info_ok def _start_connect_flow(self, tool=None, version=None):
"""Start the account connection flow."""
from ..config import set_registry_token, get_registry_url
import socket
import time
import threading
def on_username(username):
if not username or not username.strip():
self.message_box("Error", "Username is required.")
return
username = username.strip()
hostname = socket.gethostname()
registry_url = get_registry_url()
# Remove trailing /api/v1 if present
base_url = registry_url.rstrip("/")
if base_url.endswith("/api/v1"):
base_url = base_url[:-7]
pairing_url = f"{base_url}/api/v1/pairing/check/{username}"
# Show waiting dialog
status_text = urwid.Text(('label', f"Connecting as @{username}...\nDevice: {hostname}\n\nWaiting for approval..."))
instructions = urwid.Text(
"\nGo to cmdforge.brrd.tech/dashboard/connected-apps\n"
"and click 'Connect New App' to approve."
)
countdown_text = urwid.Text(('label', "Expires in 5:00"))
body = urwid.Pile([
status_text,
urwid.Divider(),
instructions,
urwid.Divider(),
countdown_text,
])
# Track polling state
polling_state = {"active": True, "start_time": time.time()}
def on_cancel(_):
polling_state["active"] = False
self.close_overlay()
dialog = Dialog("Connecting...", body, [("Cancel", on_cancel)])
self.show_overlay(dialog, width=55, height=16)
def poll_for_connection():
"""Background thread to poll for connection."""
import requests
max_time = 300 # 5 minutes
while polling_state["active"]:
elapsed = time.time() - polling_state["start_time"]
if elapsed > max_time:
if self.loop:
self.loop.set_alarm_in(0, lambda l, d: self._on_connect_timeout())
return
# Update countdown
remaining = int(max_time - elapsed)
mins = remaining // 60
secs = remaining % 60
def update_countdown(l, d, m=mins, s=secs):
countdown_text.set_text(('label', f"Expires in {m}:{s:02d}"))
self.refresh()
if self.loop:
self.loop.set_alarm_in(0, update_countdown)
try:
response = requests.get(
pairing_url,
params={"hostname": hostname},
timeout=10
)
if response.status_code == 200:
data = response.json()
status = data.get("data", {}).get("status")
if status == "connected":
token = data.get("data", {}).get("token")
if token:
set_registry_token(token)
if self.loop:
self.loop.set_alarm_in(0, lambda l, d: self._on_connect_success(tool, version, username, hostname))
return
except Exception:
pass # Network errors, keep trying
time.sleep(2)
# Start polling in background thread
thread = threading.Thread(target=poll_for_connection, daemon=True)
thread.start()
self.input_dialog(
"Connect Account",
"Enter your CmdForge username",
"",
on_username
)
def _on_connect_timeout(self):
"""Called when connection times out."""
self.close_overlay()
self.message_box(
"Timeout",
"Connection timed out.\n\n"
"Please initiate the connection from the web interface first,\n"
"then try again."
)
def _on_connect_success(self, tool, version, username, hostname):
"""Called when connection succeeds."""
self.close_overlay()
def on_ok():
if tool and version:
self._do_publish(tool, version)
self.message_box(
"Connected!",
f"Successfully connected!\n\n"
f"Device: {hostname}\n"
f"Account: @{username}\n\n"
"You can now publish tools.",
callback=on_ok
) )
def _do_publish(self, tool, version): def _do_publish(self, tool, version):
@ -1523,14 +1683,136 @@ No explanations, no markdown fencing, just the code."""
self.message_box("Error", error_msg) self.message_box("Error", error_msg)
return return
if not self._is_edit and tool_exists(tool.name): def do_save():
def on_yes():
save_tool(tool)
self.message_box("Success", f"Tool '{tool.name}' saved!", self.show_main_menu)
self.yes_no("Overwrite?", f"Tool '{tool.name}' exists. Overwrite?", on_yes=on_yes)
else:
save_tool(tool) save_tool(tool)
self._offer_sync_after_save(tool)
if not self._is_edit and tool_exists(tool.name):
self.yes_no("Overwrite?", f"Tool '{tool.name}' exists. Overwrite?", on_yes=do_save)
else:
do_save()
def _offer_sync_after_save(self, tool):
"""After saving, offer to sync to registry if connected."""
from ..config import load_config
import yaml
config = load_config()
# Not connected - just show success and go to main menu
if not config.registry.token:
self.message_box("Success", f"Tool '{tool.name}' saved!", self.show_main_menu) self.message_box("Success", f"Tool '{tool.name}' saved!", self.show_main_menu)
return
# Connected - offer to sync privately
tool_dir = get_tools_dir() / tool.name
config_path = tool_dir / "config.yaml"
if not config_path.exists():
self.message_box("Success", f"Tool '{tool.name}' saved!", self.show_main_menu)
return
try:
config_data = yaml.safe_load(config_path.read_text())
version = config_data.get("version", "")
except Exception:
version = ""
if not version:
# No version - need to add one before syncing
def on_yes():
self._prompt_for_version_and_sync(tool, config_path)
def on_no():
self.show_main_menu()
self.yes_no(
"Sync to Registry?",
f"Tool '{tool.name}' saved locally.\n\n"
"Sync as a private tool to your account?\n"
"(Accessible only to you across devices)",
on_yes=on_yes,
on_no=on_no
)
else:
# Already has version - offer sync
def on_yes():
self._sync_tool_privately(tool, version)
def on_no():
self.show_main_menu()
self.yes_no(
"Sync to Registry?",
f"Tool '{tool.name}' v{version} saved locally.\n\n"
"Sync as a private tool to your account?\n"
"(Accessible only to you across devices)",
on_yes=on_yes,
on_no=on_no
)
def _prompt_for_version_and_sync(self, tool, config_path):
"""Prompt for version then sync privately."""
import yaml
def on_version(version):
version = version.strip()
if not version:
self.message_box("Cancelled", "Version is required for sync.", self.show_main_menu)
return
# Update config with version
try:
config_data = yaml.safe_load(config_path.read_text()) or {}
config_data["version"] = version
config_path.write_text(yaml.dump(config_data, default_flow_style=False, sort_keys=False))
except Exception as e:
self.message_box("Error", f"Failed to save version: {e}", self.show_main_menu)
return
self._sync_tool_privately(tool, version)
self.input_dialog(
"Version Required",
"Enter version for sync (e.g., 1.0.0)",
"1.0.0",
on_version
)
def _sync_tool_privately(self, tool, version):
"""Sync tool to registry as private."""
tool_dir = get_tools_dir() / tool.name
config_path = tool_dir / "config.yaml"
readme_path = tool_dir / "README.md"
try:
config_yaml = config_path.read_text()
readme = readme_path.read_text() if readme_path.exists() else ""
client = RegistryClient()
result = client.publish_tool(config_yaml, readme, visibility="private")
owner = result.get("owner", "you")
self.message_box(
"Synced",
f"Tool synced privately!\n\n"
f"{owner}/{tool.name}@{version}\n\n"
"Only visible to you. Use 'Publish' to make public.",
self.show_main_menu
)
except RegistryError as e:
if e.code == "VERSION_EXISTS":
self.message_box(
"Already Synced",
f"Version {version} is already synced.\n"
"Bump the version to sync changes.",
self.show_main_menu
)
else:
self.message_box("Sync Failed", f"Error: {e.message}", self.show_main_menu)
except Exception as e:
self.message_box("Sync Failed", f"Error: {e}", self.show_main_menu)
def _on_cancel_tool(self, _): def _on_cancel_tool(self, _):
"""Cancel tool editing.""" """Cancel tool editing."""

333
src/cmdforge/web/templates/dashboard/tokens.html
View File

@ -1,21 +1,21 @@
{% extends "dashboard/base.html" %} {% extends "dashboard/base.html" %}
{% set active_page = 'tokens' %} {% set active_page = 'tokens' %}
{% block title %}API Tokens - CmdForge Dashboard{% endblock %} {% block title %}Connected Apps - CmdForge Dashboard{% endblock %}
{% block dashboard_header %} {% block dashboard_header %}
<div class="flex items-center justify-between"> <div class="flex items-center justify-between">
<div> <div>
<h1 class="text-2xl font-bold text-gray-900">API Tokens</h1> <h1 class="text-2xl font-bold text-gray-900">Connected Apps</h1>
<p class="mt-1 text-gray-600">Manage tokens for CLI and API access</p> <p class="mt-1 text-gray-600">Manage devices connected to your CmdForge account</p>
</div> </div>
<button type="button" <button type="button"
onclick="openCreateTokenModal()" onclick="startPairing()"
class="inline-flex items-center px-4 py-2 text-sm font-medium text-white bg-indigo-600 rounded-md hover:bg-indigo-700"> class="inline-flex items-center px-4 py-2 text-sm font-medium text-white bg-indigo-600 rounded-md hover:bg-indigo-700">
<svg class="w-4 h-4 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24"> <svg class="w-4 h-4 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 4v16m8-8H4"/> <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 4v16m8-8H4"/>
</svg> </svg>
Create Token Connect New App
</button> </button>
</div> </div>
{% endblock %} {% endblock %}
@ -28,11 +28,11 @@
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z"/> <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z"/>
</svg> </svg>
<div class="ml-3"> <div class="ml-3">
<h4 class="text-sm font-medium text-blue-800">About API Tokens</h4> <h4 class="text-sm font-medium text-blue-800">About Connected Apps</h4>
<p class="mt-1 text-sm text-blue-700"> <p class="mt-1 text-sm text-blue-700">
API tokens are used to authenticate with the CmdForge registry from the CLI. Connected apps can publish tools and sync your work across devices.
Use <code class="px-1 bg-blue-100 rounded">cmdforge auth login</code> to authenticate, Run <code class="px-1 bg-blue-100 rounded">cmdforge config connect &lt;username&gt;</code> in your terminal,
or set the <code class="px-1 bg-blue-100 rounded">CMDFORGE_TOKEN</code> environment variable. then click "Connect New App" here to complete the connection.
</p> </p>
</div> </div>
</div> </div>
@ -44,16 +44,13 @@
<thead class="bg-gray-50"> <thead class="bg-gray-50">
<tr> <tr>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider"> <th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">
Name Device
</th> </th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider"> <th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">
Created Connected
</th> </th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider"> <th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">
Last Used Last Active
</th>
<th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">
Status
</th> </th>
<th scope="col" class="px-6 py-3 text-right text-xs font-medium text-gray-500 uppercase tracking-wider"> <th scope="col" class="px-6 py-3 text-right text-xs font-medium text-gray-500 uppercase tracking-wider">
Actions Actions
@ -65,14 +62,16 @@
<tr class="hover:bg-gray-50"> <tr class="hover:bg-gray-50">
<td class="px-6 py-4 whitespace-nowrap"> <td class="px-6 py-4 whitespace-nowrap">
<div class="flex items-center"> <div class="flex items-center">
<div class="w-10 h-10 bg-cyan-100 rounded-lg flex items-center justify-center flex-shrink-0"> <div class="w-10 h-10 bg-indigo-100 rounded-lg flex items-center justify-center flex-shrink-0">
<svg class="w-5 h-5 text-cyan-600" fill="none" stroke="currentColor" viewBox="0 0 24 24"> <svg class="w-5 h-5 text-indigo-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 7a2 2 0 012 2m4 0a6 6 0 01-7.743 5.743L11 17H9v2H7v2H4a1 1 0 01-1-1v-2.586a1 1 0 01.293-.707l5.964-5.964A6 6 0 1121 9z"/> <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9.75 17L9 20l-1 1h8l-1-1-.75-3M3 13h18M5 17h14a2 2 0 002-2V5a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z"/>
</svg> </svg>
</div> </div>
<div class="ml-4"> <div class="ml-4">
<p class="text-sm font-medium text-gray-900">{{ token.name }}</p> <p class="text-sm font-medium text-gray-900">{{ token.hostname or token.name }}</p>
<p class="text-xs text-gray-500 font-mono">st_...{{ token.token_suffix }}</p> {% if token.hostname and token.name != 'App: ' + token.hostname %}
<p class="text-xs text-gray-500">{{ token.name }}</p>
{% endif %}
</div> </div>
</div> </div>
</td> </td>
@ -82,27 +81,12 @@
<td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500"> <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
{{ token.last_used_at|timeago if token.last_used_at else 'Never' }} {{ token.last_used_at|timeago if token.last_used_at else 'Never' }}
</td> </td>
<td class="px-6 py-4 whitespace-nowrap">
{% if token.revoked_at %}
<span class="px-2 py-1 text-xs font-medium text-red-800 bg-red-100 rounded-full">
Revoked
</span>
{% else %}
<span class="px-2 py-1 text-xs font-medium text-green-800 bg-green-100 rounded-full">
Active
</span>
{% endif %}
</td>
<td class="px-6 py-4 whitespace-nowrap text-right text-sm font-medium"> <td class="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
{% if not token.revoked_at %}
<button type="button" <button type="button"
onclick="revokeToken({{ token.id }}, '{{ token.name }}')" onclick="disconnectApp({{ token.id }}, '{{ token.hostname or token.name }}')"
class="text-red-600 hover:text-red-900"> class="text-red-600 hover:text-red-900">
Revoke Disconnect
</button> </button>
{% else %}
<span class="text-gray-400">Revoked {{ token.revoked_at|timeago }}</span>
{% endif %}
</td> </td>
</tr> </tr>
{% endfor %} {% endfor %}
@ -113,21 +97,101 @@
<!-- Empty State --> <!-- Empty State -->
<div class="bg-white rounded-lg border border-gray-200 text-center py-16"> <div class="bg-white rounded-lg border border-gray-200 text-center py-16">
<svg class="mx-auto w-16 h-16 text-gray-300" fill="none" stroke="currentColor" viewBox="0 0 24 24"> <svg class="mx-auto w-16 h-16 text-gray-300" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M15 7a2 2 0 012 2m4 0a6 6 0 01-7.743 5.743L11 17H9v2H7v2H4a1 1 0 01-1-1v-2.586a1 1 0 01.293-.707l5.964-5.964A6 6 0 1121 9z"/> <path stroke-linecap="round" stroke-linejoin="round" stroke-width="1.5" d="M9.75 17L9 20l-1 1h8l-1-1-.75-3M3 13h18M5 17h14a2 2 0 002-2V5a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z"/>
</svg> </svg>
<h3 class="mt-4 text-lg font-medium text-gray-900">No API tokens</h3> <h3 class="mt-4 text-lg font-medium text-gray-900">No connected apps</h3>
<p class="mt-2 text-gray-600 max-w-sm mx-auto"> <p class="mt-2 text-gray-600 max-w-sm mx-auto">
Create an API token to authenticate with the registry from the command line. Connect your CmdForge CLI to sync tools and publish across devices.
</p> </p>
<button type="button" <button type="button"
onclick="openCreateTokenModal()" onclick="startPairing()"
class="mt-6 inline-flex items-center px-4 py-2 text-sm font-medium text-white bg-indigo-600 rounded-md hover:bg-indigo-700"> class="mt-6 inline-flex items-center px-4 py-2 text-sm font-medium text-white bg-indigo-600 rounded-md hover:bg-indigo-700">
Create Your First Token Connect Your First App
</button> </button>
</div> </div>
{% endif %} {% endif %}
<!-- Create Token Modal --> <!-- Pairing Modal -->
<div id="pairing-modal" class="hidden fixed inset-0 z-50 overflow-y-auto" aria-modal="true" role="dialog">
<div class="min-h-screen px-4 text-center flex items-center justify-center">
<div class="fixed inset-0 bg-black bg-opacity-50" onclick="closePairingModal()"></div>
<div class="relative z-10 w-full max-w-md text-left bg-white shadow-xl rounded-lg">
<div class="p-6">
<div class="flex items-center mb-4">
<div class="w-10 h-10 bg-indigo-100 rounded-full flex items-center justify-center">
<svg class="w-6 h-6 text-indigo-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13.828 10.172a4 4 0 00-5.656 0l-4 4a4 4 0 105.656 5.656l1.102-1.101m-.758-4.899a4 4 0 005.656 0l4-4a4 4 0 00-5.656-5.656l-1.1 1.1"/>
</svg>
</div>
<h3 class="ml-3 text-lg font-semibold text-gray-900">Connect App</h3>
</div>
<div id="pairing-step-1">
<p class="text-sm text-gray-600 mb-4">
To connect a new app, run this command in your terminal:
</p>
<pre class="bg-gray-900 text-gray-100 text-sm p-3 rounded-lg overflow-x-auto mb-4"><code>cmdforge config connect {{ user.slug }}</code></pre>
<p class="text-sm text-gray-600 mb-4">
Then click the button below to complete the connection.
</p>
</div>
<div id="pairing-step-2" class="hidden">
<div class="flex items-center justify-center py-8">
<svg class="animate-spin h-8 w-8 text-indigo-600" fill="none" viewBox="0 0 24 24">
<circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
<path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
</svg>
</div>
<p class="text-sm text-gray-600 text-center mb-2">
Waiting for connection...
</p>
<p class="text-xs text-gray-500 text-center">
Run <code class="px-1 bg-gray-100 rounded">cmdforge config connect {{ user.slug }}</code> in your terminal
</p>
<p class="text-xs text-gray-500 text-center mt-2" id="pairing-countdown">
Expires in 5:00
</p>
</div>
<div id="pairing-step-3" class="hidden">
<div class="flex items-center justify-center py-4">
<div class="w-16 h-16 bg-green-100 rounded-full flex items-center justify-center">
<svg class="w-8 h-8 text-green-600" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
</svg>
</div>
</div>
<p class="text-lg font-medium text-gray-900 text-center mb-2">Connected!</p>
<p class="text-sm text-gray-600 text-center" id="connected-device-name"></p>
</div>
</div>
<div class="bg-gray-50 px-6 py-4 rounded-b-lg flex justify-end gap-3">
<button type="button"
onclick="closePairingModal()"
id="pairing-cancel-btn"
class="px-4 py-2 text-sm font-medium text-gray-700 hover:text-gray-900">
Cancel
</button>
<button type="button"
onclick="initiatePairing()"
id="pairing-start-btn"
class="px-4 py-2 text-sm font-medium text-white bg-indigo-600 rounded-md hover:bg-indigo-700">
I've Run the Command
</button>
<button type="button"
onclick="closePairingModal()"
id="pairing-done-btn"
class="hidden px-4 py-2 text-sm font-medium text-white bg-indigo-600 rounded-md hover:bg-indigo-700">
Done
</button>
</div>
</div>
</div>
</div>
<!-- Legacy: Keep create token modal for advanced users -->
<div id="create-token-modal" class="hidden fixed inset-0 z-50 overflow-y-auto" aria-modal="true" role="dialog"> <div id="create-token-modal" class="hidden fixed inset-0 z-50 overflow-y-auto" aria-modal="true" role="dialog">
<div class="min-h-screen px-4 text-center flex items-center justify-center"> <div class="min-h-screen px-4 text-center flex items-center justify-center">
<div class="fixed inset-0 bg-black bg-opacity-50" onclick="closeCreateTokenModal()"></div> <div class="fixed inset-0 bg-black bg-opacity-50" onclick="closeCreateTokenModal()"></div>
@ -136,9 +200,9 @@
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}"> <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="p-6"> <div class="p-6">
<h3 class="text-lg font-semibold text-gray-900">Create API Token</h3> <h3 class="text-lg font-semibold text-gray-900">Create API Token (Advanced)</h3>
<p class="mt-2 text-sm text-gray-600"> <p class="mt-2 text-sm text-gray-600">
Give your token a descriptive name so you can identify it later. For CI/CD or custom integrations. Most users should use "Connect App" instead.
</p> </p>
<div class="mt-4"> <div class="mt-4">
@ -149,7 +213,7 @@
name="name" name="name"
id="token-name" id="token-name"
required required
placeholder="e.g., Laptop CLI, CI/CD Pipeline" placeholder="e.g., GitHub Actions, CI/CD Pipeline"
class="w-full px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-indigo-500"> class="w-full px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-indigo-500">
</div> </div>
</div> </div>
@ -170,7 +234,7 @@
</div> </div>
</div> </div>
<!-- Token Created Modal (shows the token once) --> <!-- Token Created Modal -->
<div id="token-created-modal" class="hidden fixed inset-0 z-50 overflow-y-auto" aria-modal="true" role="dialog"> <div id="token-created-modal" class="hidden fixed inset-0 z-50 overflow-y-auto" aria-modal="true" role="dialog">
<div class="min-h-screen px-4 text-center flex items-center justify-center"> <div class="min-h-screen px-4 text-center flex items-center justify-center">
<div class="fixed inset-0 bg-black bg-opacity-50"></div> <div class="fixed inset-0 bg-black bg-opacity-50"></div>
@ -211,11 +275,6 @@
</button> </button>
</div> </div>
</div> </div>
<p class="mt-4 text-sm text-gray-600">
To use this token, run:
</p>
<pre class="mt-2 bg-gray-900 text-gray-100 text-sm p-3 rounded-lg overflow-x-auto"><code>export CMDFORGE_TOKEN="<span id="token-in-export"></span>"</code></pre>
</div> </div>
<div class="bg-gray-50 px-6 py-4 rounded-b-lg flex justify-end"> <div class="bg-gray-50 px-6 py-4 rounded-b-lg flex justify-end">
@ -230,6 +289,154 @@
</div> </div>
<script> <script>
let pairingCheckInterval = null;
let pairingExpiresAt = null;
function startPairing() {
document.getElementById('pairing-modal').classList.remove('hidden');
document.getElementById('pairing-step-1').classList.remove('hidden');
document.getElementById('pairing-step-2').classList.add('hidden');
document.getElementById('pairing-step-3').classList.add('hidden');
document.getElementById('pairing-start-btn').classList.remove('hidden');
document.getElementById('pairing-cancel-btn').classList.remove('hidden');
document.getElementById('pairing-done-btn').classList.add('hidden');
}
function closePairingModal() {
document.getElementById('pairing-modal').classList.add('hidden');
if (pairingCheckInterval) {
clearInterval(pairingCheckInterval);
pairingCheckInterval = null;
}
}
async function initiatePairing() {
// Show waiting step
document.getElementById('pairing-step-1').classList.add('hidden');
document.getElementById('pairing-step-2').classList.remove('hidden');
document.getElementById('pairing-start-btn').classList.add('hidden');
try {
const response = await fetch('/api/v1/pairing/initiate', {
method: 'POST',
headers: {
'Authorization': 'Bearer {{ session.get("auth_token") }}',
'Content-Type': 'application/json'
}
});
if (response.ok) {
const data = await response.json();
pairingExpiresAt = Date.now() + (data.data.expires_in * 1000);
startPairingCountdown();
startPairingCheck();
} else {
alert('Failed to initiate pairing. Please try again.');
closePairingModal();
}
} catch (error) {
alert('Network error. Please try again.');
closePairingModal();
}
}
function startPairingCountdown() {
const countdownEl = document.getElementById('pairing-countdown');
const updateCountdown = () => {
const remaining = Math.max(0, pairingExpiresAt - Date.now());
const minutes = Math.floor(remaining / 60000);
const seconds = Math.floor((remaining % 60000) / 1000);
countdownEl.textContent = `Expires in ${minutes}:${seconds.toString().padStart(2, '0')}`;
if (remaining <= 0) {
closePairingModal();
alert('Pairing request expired. Please try again.');
}
};
updateCountdown();
pairingCheckInterval = setInterval(updateCountdown, 1000);
}
function startPairingCheck() {
// Poll for connection status
const checkConnection = async () => {
try {
const response = await fetch('/api/v1/pairing/status', {
headers: {
'Authorization': 'Bearer {{ session.get("auth_token") }}'
}
});
if (response.ok) {
const data = await response.json();
if (data.data.status === 'none') {
// Pairing was claimed
showPairingSuccess();
}
}
} catch (error) {
// Ignore network errors during polling
}
};
// Check every 2 seconds
const pollInterval = setInterval(checkConnection, 2000);
// Store interval to clear later
const originalInterval = pairingCheckInterval;
pairingCheckInterval = setInterval(() => {
// Keep countdown running
}, 1000);
// Clear poll interval when modal closes
const originalClose = closePairingModal;
closePairingModal = () => {
clearInterval(pollInterval);
originalClose();
};
}
function showPairingSuccess() {
if (pairingCheckInterval) {
clearInterval(pairingCheckInterval);
pairingCheckInterval = null;
}
document.getElementById('pairing-step-2').classList.add('hidden');
document.getElementById('pairing-step-3').classList.remove('hidden');
document.getElementById('pairing-cancel-btn').classList.add('hidden');
document.getElementById('pairing-done-btn').classList.remove('hidden');
// Reload after a short delay
setTimeout(() => {
window.location.reload();
}, 2000);
}
async function disconnectApp(appId, deviceName) {
if (!confirm(`Disconnect "${deviceName}"? This device will no longer be able to access your account.`)) {
return;
}
try {
const response = await fetch(`/api/v1/connected-apps/${appId}`, {
method: 'DELETE',
headers: {
'Authorization': 'Bearer {{ session.get("auth_token") }}'
}
});
if (response.ok) {
window.location.reload();
} else {
const error = await response.json();
alert(error.error?.message || 'Failed to disconnect app');
}
} catch (err) {
alert('Failed to disconnect app. Please try again.');
}
}
// Legacy token functions (for advanced users)
function openCreateTokenModal() { function openCreateTokenModal() {
document.getElementById('create-token-modal').classList.remove('hidden'); document.getElementById('create-token-modal').classList.remove('hidden');
document.getElementById('token-name').focus(); document.getElementById('token-name').focus();
@ -267,7 +474,6 @@ async function createToken(event) {
function showNewToken(token) { function showNewToken(token) {
document.getElementById('new-token-value').textContent = token; document.getElementById('new-token-value').textContent = token;
document.getElementById('token-in-export').textContent = token;
document.getElementById('token-created-modal').classList.remove('hidden'); document.getElementById('token-created-modal').classList.remove('hidden');
} }
@ -287,26 +493,5 @@ function copyNewToken() {
}, 2000); }, 2000);
}); });
} }
async function revokeToken(tokenId, tokenName) {
if (!confirm(`Are you sure you want to revoke "${tokenName}"? This cannot be undone.`)) {
return;
}
try {
const response = await fetch(`/dashboard/api/tokens/${tokenId}`, {
method: 'DELETE'
});
if (response.ok) {
window.location.reload();
} else {
const error = await response.json();
alert(error.error || 'Failed to revoke token');
}
} catch (err) {
alert('Failed to revoke token. Please try again.');
}
}
</script> </script>
{% endblock %} {% endblock %}