Add P0 remote API commands for auth, data, and metadata

Agent-Logs-Url: https://github.com/objectstack-ai/framework/sessions/205a6eab-27f7-46cf-aee8-b628c23b3490

Co-authored-by: hotlong <50353452+hotlong@users.noreply.github.com>

Author: Claude

packages/cli/package.json

@@ -40,6 +40,7 @@
   },
   "dependencies": {
     "@ai-sdk/gateway": "^3.0.84",
+    "@objectstack/client": "workspace:*",
     "@objectstack/core": "workspace:*",
     "@objectstack/driver-memory": "workspace:^",
     "@objectstack/objectql": "workspace:^",
@@ -54,6 +55,7 @@
     "chalk": "^5.6.2",
     "dotenv-flow": "^4.1.0",
     "tsx": "^4.21.0",
+    "yaml": "^2.4.1",
     "zod": "^4.3.6"
   },
   "peerDependencies": {

packages/cli/src/commands/auth/login.ts

@@ -0,0 +1,133 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { Args, Command, Flags } from '@oclif/core';
+import { printHeader, printSuccess, printError, printKV } from '../../utils/format.js';
+import { writeAuthConfig } from '../../utils/auth-config.js';
+import { ObjectStackClient } from '@objectstack/client';
+import * as readline from 'node:readline/promises';
+import { stdin as input, stdout as output } from 'node:process';
+
+export default class AuthLogin extends Command {
+  static override description = 'Authenticate and store session credentials';
+
+  static override examples = [
+    '$ os auth login',
+    '$ os auth login --url https://api.example.com',
+    '$ os auth login --email user@example.com --password mypassword',
+  ];
+
+  static override flags = {
+    url: Flags.string({
+      char: 'u',
+      description: 'Server URL',
+      default: 'http://localhost:3000',
+      env: 'OBJECTSTACK_URL',
+    }),
+    email: Flags.string({
+      char: 'e',
+      description: 'Email address',
+    }),
+    password: Flags.string({
+      char: 'p',
+      description: 'Password',
+    }),
+    json: Flags.boolean({
+      description: 'Output as JSON',
+    }),
+  };
+
+  async run(): Promise<void> {
+    const { flags } = await this.parse(AuthLogin);
+
+    try {
+      if (!flags.json) {
+        printHeader('ObjectStack Login');
+        printKV('Server', flags.url);
+        console.log('');
+      }
+
+      // Prompt for credentials if not provided
+      let email = flags.email;
+      let password = flags.password;
+
+      if (!email || !password) {
+        const rl = readline.createInterface({ input, output });
+
+        if (!email) {
+          email = await rl.question('Email: ');
+        }
+
+        if (!password) {
+          // Note: This doesn't hide the password input in the terminal
+          // For production use, consider using a library like 'inquirer' or 'prompts'
+          password = await rl.question('Password: ');
+        }
+
+        rl.close();
+      }
+
+      if (!email || !password) {
+        throw new Error('Email and password are required');
+      }
+
+      // Create client and authenticate
+      const client = new ObjectStackClient({
+        baseUrl: flags.url,
+      });
+
+      const response = await client.auth.login({
+        email,
+        password,
+      });
+
+      // Check if login was successful
+      if (!response.data?.token && !response.data?.user) {
+        throw new Error('Login failed: Invalid response from server');
+      }
+
+      // Extract token - it might be in different locations depending on the auth system
+      const token = response.data?.token || (response as any).token;
+      const user = response.data?.user;
+
+      if (!token) {
+        throw new Error('Login failed: No token received from server');
+      }
+
+      // Store credentials
+      await writeAuthConfig({
+        url: flags.url,
+        token,
+        email: user?.email || email,
+        userId: user?.id,
+        createdAt: new Date().toISOString(),
+      });
+
+      if (flags.json) {
+        console.log(JSON.stringify({
+          success: true,
+          email: user?.email || email,
+          userId: user?.id,
+        }, null, 2));
+      } else {
+        printSuccess('Authentication successful');
+        printKV('Email', user?.email || email);
+        if (user?.id) {
+          printKV('User ID', user.id);
+        }
+        console.log('');
+        console.log('  Credentials stored in ~/.objectstack/credentials.json');
+        console.log('');
+      }
+    } catch (error: any) {
+      if (flags.json) {
+        console.log(JSON.stringify({
+          success: false,
+          error: error.message,
+        }, null, 2));
+        this.exit(1);
+      }
+      printError(error.message || String(error));
+      this.exit(1);
+    }
+  }
+}

packages/cli/src/commands/auth/logout.ts

@@ -0,0 +1,51 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { Command, Flags } from '@oclif/core';
+import { printHeader, printSuccess, printError } from '../../utils/format.js';
+import { deleteAuthConfig } from '../../utils/auth-config.js';
+
+export default class AuthLogout extends Command {
+  static override description = 'Clear stored authentication credentials';
+
+  static override examples = [
+    '$ os auth logout',
+  ];
+
+  static override flags = {
+    json: Flags.boolean({
+      description: 'Output as JSON',
+    }),
+  };
+
+  async run(): Promise<void> {
+    const { flags } = await this.parse(AuthLogout);
+
+    try {
+      if (!flags.json) {
+        printHeader('ObjectStack Logout');
+      }
+
+      await deleteAuthConfig();
+
+      if (flags.json) {
+        console.log(JSON.stringify({
+          success: true,
+          message: 'Credentials cleared',
+        }, null, 2));
+      } else {
+        printSuccess('Credentials cleared');
+        console.log('');
+      }
+    } catch (error: any) {
+      if (flags.json) {
+        console.log(JSON.stringify({
+          success: false,
+          error: error.message,
+        }, null, 2));
+        this.exit(1);
+      }
+      printError(error.message || String(error));
+      this.exit(1);
+    }
+  }
+}

packages/cli/src/commands/auth/whoami.ts

@@ -0,0 +1,85 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { Command, Flags } from '@oclif/core';
+import { printHeader, printError, printKV } from '../../utils/format.js';
+import { createApiClient, requireAuth } from '../../utils/api-client.js';
+import { formatOutput } from '../../utils/output-formatter.js';
+
+export default class AuthWhoami extends Command {
+  static override description = 'Show current session information';
+
+  static override examples = [
+    '$ os auth whoami',
+    '$ os auth whoami --json',
+    '$ os auth whoami --url https://api.example.com --token <token>',
+  ];
+
+  static override flags = {
+    url: Flags.string({
+      char: 'u',
+      description: 'Server URL',
+      env: 'OBJECTSTACK_URL',
+    }),
+    token: Flags.string({
+      char: 't',
+      description: 'Authentication token',
+      env: 'OBJECTSTACK_TOKEN',
+    }),
+    format: Flags.string({
+      char: 'f',
+      description: 'Output format',
+      options: ['json', 'table', 'yaml'],
+      default: 'table',
+    }),
+  };
+
+  async run(): Promise<void> {
+    const { flags } = await this.parse(AuthWhoami);
+
+    try {
+      const client = await createApiClient({
+        url: flags.url,
+        token: flags.token,
+      });
+
+      // Check if we have a token
+      requireAuth((client as any).token);
+
+      // Get current session info
+      const response = await client.auth.me();
+
+      const sessionData = response.data || response;
+
+      if (flags.format === 'json') {
+        formatOutput(sessionData, 'json');
+      } else if (flags.format === 'yaml') {
+        formatOutput(sessionData, 'yaml');
+      } else {
+        printHeader('Current Session');
+
+        if (sessionData.user) {
+          printKV('User ID', sessionData.user.id || '-');
+          printKV('Email', sessionData.user.email || '-');
+          printKV('Name', sessionData.user.name || '-');
+        }
+
+        if (sessionData.session) {
+          printKV('Session ID', sessionData.session.id || '-');
+          printKV('Expires At', sessionData.session.expiresAt || '-');
+        }
+
+        console.log('');
+      }
+    } catch (error: any) {
+      if (flags.format === 'json') {
+        console.log(JSON.stringify({
+          success: false,
+          error: error.message,
+        }, null, 2));
+        this.exit(1);
+      }
+      printError(error.message || String(error));
+      this.exit(1);
+    }
+  }
+}

packages/cli/src/commands/data/create.ts

@@ -0,0 +1,110 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { Args, Command, Flags } from '@oclif/core';
+import { printHeader, printError, printSuccess } from '../../utils/format.js';
+import { createApiClient, requireAuth } from '../../utils/api-client.js';
+import { formatOutput } from '../../utils/output-formatter.js';
+
+export default class DataCreate extends Command {
+  static override description = 'Create a new record';
+
+  static override examples = [
+    '$ os data create project_task \'{"name":"New Task","status":"open"}\'',
+    '$ os data create project_task --data task-data.json',
+    '$ os data create project_task --data task-data.json --format json',
+  ];
+
+  static override args = {
+    object: Args.string({
+      description: 'Object name (snake_case)',
+      required: true,
+    }),
+    data: Args.string({
+      description: 'Record data as JSON string (or use --data flag for file)',
+    }),
+  };
+
+  static override flags = {
+    url: Flags.string({
+      char: 'u',
+      description: 'Server URL',
+      env: 'OBJECTSTACK_URL',
+    }),
+    token: Flags.string({
+      char: 't',
+      description: 'Authentication token',
+      env: 'OBJECTSTACK_TOKEN',
+    }),
+    data: Flags.string({
+      char: 'd',
+      description: 'Path to JSON file containing record data',
+    }),
+    format: Flags.string({
+      char: 'f',
+      description: 'Output format',
+      options: ['json', 'table', 'yaml'],
+      default: 'table',
+    }),
+  };
+
+  async run(): Promise<void> {
+    const { args, flags } = await this.parse(DataCreate);
+
+    try {
+      const client = await createApiClient({
+        url: flags.url,
+        token: flags.token,
+      });
+
+      requireAuth((client as any).token);
+
+      // Parse record data
+      let recordData: any;
+
+      if (flags.data) {
+        // Read from file
+        const { readFile } = await import('node:fs/promises');
+        const fileContent = await readFile(flags.data, 'utf-8');
+        try {
+          recordData = JSON.parse(fileContent);
+        } catch (e) {
+          throw new Error(`Invalid JSON in file: ${(e as Error).message}`);
+        }
+      } else if (args.data) {
+        // Parse from argument
+        try {
+          recordData = JSON.parse(args.data);
+        } catch (e) {
+          throw new Error(`Invalid JSON: ${(e as Error).message}`);
+        }
+      } else {
+        throw new Error('Record data is required (provide JSON string or use --data flag)');
+      }
+
+      // Create the record
+      const result = await client.data.create(args.object, recordData);
+
+      if (flags.format === 'json') {
+        formatOutput(result, 'json');
+      } else if (flags.format === 'yaml') {
+        formatOutput(result, 'yaml');
+      } else {
+        printSuccess(`Record created: ${result.id}`);
+        if (result.record) {
+          console.log('');
+          formatOutput(result.record, 'table');
+        }
+      }
+    } catch (error: any) {
+      if (flags.format === 'json') {
+        console.log(JSON.stringify({
+          success: false,
+          error: error.message,
+        }, null, 2));
+        this.exit(1);
+      }
+      printError(error.message || String(error));
+      this.exit(1);
+    }
+  }
+}