Skip to content

Add bm users/whoami/access-key commands + CLI table flag consistency#408

Merged
clavery merged 6 commits into
mainfrom
bm-users-and-table-flags
May 7, 2026
Merged

Add bm users/whoami/access-key commands + CLI table flag consistency#408
clavery merged 6 commits into
mainfrom
bm-users-and-table-flags

Conversation

@clavery
Copy link
Copy Markdown
Collaborator

@clavery clavery commented May 7, 2026

Summary

Two related changes bundled together since the second was discovered while implementing the first:

1. New b2c bm Data API user administration

Adds full Business Manager user-side administration to the CLI:

  • bm users list/get/search/update/delete — OCAPI /users, /user_search
  • bm whoami/users/this (defaults to user-auth)
  • bm access-key get/create/set/delete/users/{login}/access_key/{scope}. [LOGIN] is optional (defaults to whoami), --scope is an enum (WEBDAV_AND_STUDIO/AGENT_USER_AND_OCAPI/STOREFRONT) defaulting to WEBDAV_AND_STUDIO so common usage is b2c bm access-key create to rotate your own WebDAV password.

A new SDK module @salesforce/b2c-tooling-sdk/operations/bm-users wraps the endpoints. Endpoints whose OCAPI documentation states "a valid user is required" (whoami + access-key) extend a BmUserAuthCommand base that defaults authMethods to ['implicit'] — a fresh shell triggers browser login rather than failing with UserNotAvailableException. Explicit --auth-methods / --client-secret overrides still win.

2. CLI table flag consistency refactor

While auditing the new commands I found 22 list commands with copy-pasted getSelectedColumns() helpers and 30 commands with no column-customization at all. This fixes both:

  • New SDK helpers columnFlagsFor() / selectColumns() replace the 22 duplicates. printFieldsBlock() does the same for *Get-style label/value detail blocks (5 commands).
  • --columns / --extended (-c/-x) added to ~30 commands that lacked them — bm roles list, webdav ls, cap list, code list, content list, docs search, job search, logs list, sites list, slas client list, every mrt/* list command, plus several setup and scaffold commands. webdav ls --extended now exposes the previously-hidden modified and contentType columns.
  • Renamed --confirm to --force on the new bm users delete and bm access-key delete commands to match the dominant codebase convention (13 other commands use --force; only 3 use --yes).

Docs + skills

  • New b2c-cli:b2c-bm-users-roles skill covers all four bm command groups
  • The b2c-am skill is trimmed back to AM-only and defers to the new BM skill
  • New docs/cli/bm.md replaces docs/cli/bm-roles.md with comprehensive coverage of all four command groups, including the user-auth defaulting table and access-key scope enum

Test plan

  • pnpm run typecheck:agent passes
  • pnpm run lint:agent passes
  • pnpm run test:agent passes (1705 passing, 6 pending)
  • b2c bm --help, b2c bm users --help, b2c bm access-key --help render the new topic tree
  • b2c bm whoami triggers browser auth (verified by hitting the login page)
  • b2c bm access-key create calls PUT with no body (fixed empty-body issue at the SDK level)
  • b2c bm roles list --help, b2c webdav ls --help, etc. show the new -c / -x flags
  • Manual verification of b2c bm whoami, bm access-key create, bm access-key get against a real instance
  • Manual verification that b2c bm users list (which keeps client-credentials default) works against a service-client setup
  • Spot-check a few of the newly-flagged mrt/* list commands render correctly

clavery added 5 commits May 7, 2026 18:10
@clavery
Add bm users/whoami/access-key commands + table flag consistency
d94ad85 
Adds full Business Manager Data API user administration to the CLI:

- bm users list/get/search/update/delete (OCAPI /users, /user_search)
- bm whoami (OCAPI /users/this — defaults to user-auth)
- bm access-key get/create/set/delete (OCAPI /users/{login}/access_key/{scope};
  optional [LOGIN] defaults to whoami; --scope is an enum with
  WEBDAV_AND_STUDIO as the default)

A new SDK module @salesforce/b2c-tooling-sdk/operations/bm-users wraps
the underlying endpoints. Endpoints whose OCAPI documentation states
"a valid user is required" (whoami + access-key) extend a shared
BmUserAuthCommand base which defaults the auth-method priority to
['implicit'] so a fresh shell triggers browser login rather than
failing the API call with UserNotAvailableException.

Also reworks tabular output across the CLI for consistency:

- New SDK helpers columnFlagsFor() / selectColumns() replace 22 copies
  of an identical getSelectedColumns() helper. printFieldsBlock() does
  the same for *Get-style label/value detail blocks (5 commands).
- Adds --columns / --extended to ~30 list and search commands that
  previously had no column-customization (bm roles list, webdav ls,
  cap list, code list, content list, docs search, job search, logs list,
  sites list, slas client list, every mrt/* list command, plus several
  setup and scaffold commands). webdav ls --extended now exposes the
  previously-hidden modified and contentType columns.
- Renames --confirm to --force on the new bm/users delete commands to
  match the dominant codebase convention.

Skills + docs: new b2c-cli:b2c-bm-users-roles skill and a rewritten
docs/cli/bm.md page cover the four bm command groups and the user-auth
defaulting. The b2c-am skill now defers to the new BM skill.
@clavery
Merge remote-tracking branch 'origin/main' into bm-users-and-table-flags
9d61a1f
@clavery
Migrate bm delete commands to canonical ux/confirm helper
e2ca41e 
Switches bm/users/delete and bm/access-key/delete from @inquirer/prompts
to the SDK's @salesforce/b2c-tooling-sdk/ux confirm() introduced in main.
Drops the @inquirer/prompts dependency from these two files.
@clavery
Audit pass: hoist scope enum, extend helpers to MRT, migrate confirms
1c8e419 
Acts on findings from a post-merge audit covering both this branch and
recently-merged main work:

SDK:
- Export ACCESS_KEY_SCOPES + AccessKeyScope from operations/bm-users so
  the 4 access-key CLI commands no longer redeclare the same tuple.
- Refresh stale doc comment on getBmUserAccessKey (referenced removed
  example values 'WEBDAV', 'OCAPI', 'SCAPI').
- printFieldsBlock now accepts null in addition to undefined and
  skips both, matching the common shape of optional OpenAPI fields.
  New DetailValue type alias exported.

CLI — apply our helpers to MRT commands main introduced in PR #407:
- mrt/org/cert/list and mrt/org/member/list now use TableRenderer +
  columnFlagsFor + selectColumns instead of inline createTable.
- mrt/org/cert/get and mrt/org/member/get now use printFieldsBlock
  instead of inline cliui label/value rendering.

CLI — finish the @inquirer/prompts -> SDK ux migration begun in main:
- setup, setup/instance/remove, sandbox/reset, sandbox/alias/delete,
  and mrt/env/var/push now use confirm() from
  @salesforce/b2c-tooling-sdk/ux. The two remaining @inquirer/prompts
  importers (setup/skills, setup/instance/create) need more than just
  confirm so they stay as-is for now.
@clavery
Add tests for bm whoami, bm users, and bm access-key commands
3e7fbdc 
10 new test files following the bm/roles test patterns. Each covers:
JSON-mode return shape, non-JSON output (where applicable),
flag/arg behavior, and OCAPI error paths via the expectError helper.

- whoami.test.ts (3 cases)
- users/{list,get,delete}.test.ts (3 cases each)
- users/search.test.ts (5 cases — covers convenience flags, raw --query
  passthrough, and invalid JSON rejection)
- users/update.test.ts (4 cases — covers the field→snake_case mapping
  and "no fields" guard)
- access-key/{get,delete}.test.ts cover both the explicit-login and
  whoami-fallback branches via two-call OCAPI stubs
- access-key/{create,set}.test.ts cover scope flag and PATCH body shape

CLI tests now: 1218 passing (was 1184). SDK tests unchanged at 1722.
@clavery clavery marked this pull request as ready for review May 7, 2026 22:56
@clavery
Strengthen authentication coverage in bm CLI docs
96fd9d8 
bm.md:
- Lead the Authentication section with the two flows (client-credentials
  vs user-auth) and explicit setup before the "defaults" table.
- Document --user-auth, --auth-methods, and SFCC_AUTH_METHODS overrides
  with concrete examples.
- Annotate the OCAPI permissions table with which command uses each
  resource so readers know what to grant.
- Add a dedicated subsection on the Manage_Users_Access_Keys BM
  functional permission required for access-key writes.
- Add Configuration Examples block.

authentication.md:
- Add "BM administration" entry under "Minimal Configuration by Feature"
  with the importable JSON snippet covering /roles, /users, /users/this,
  /users/*/access_key/*, and /user_search.
- Add a tip box explaining the user-identity requirement on whoami /
  access-key endpoints and cross-link back to /cli/bm#authentication.

Both pages now properly cross-link to each other.
@clavery clavery merged commit a26226c into main May 7, 2026
6 checks passed
@clavery clavery deleted the bm-users-and-table-flags branch May 7, 2026 23:47
@github-actions github-actions Bot mentioned this pull request May 7, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wei-liu-sf wei-liu-sf Awaiting requested review from wei-liu-sf wei-liu-sf is a code owner

@yhsieh1 yhsieh1 Awaiting requested review from yhsieh1 yhsieh1 is a code owner

@patricksullivansf patricksullivansf Awaiting requested review from patricksullivansf patricksullivansf is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@clavery