refactor: improve CLI reliability and architecture (#17)

- Thread context.Context through all API calls so Ctrl+C cancels in-flight requests
- Fix race condition in `run` command: collect results per goroutine, print sequentially
- Fix spinner/output overlap: stop spinner after API call, before rendering
- Move ResolveAccessToken from internal/cli to internal/auth to avoid fragile dependency
- Pass through original errors in monitor commands instead of swallowing them
- Fix TOCTOU in monitor apply: compute diff locally, then apply once
- Add fsync to lock file writes to prevent corruption on crash
- Use net.SplitHostPort for TCP URI parsing to support IPv6
- Add login/logout commands with XDG-based token persistence
- Add status report CRUD commands via Connect RPC
- Add global --json, --quiet, --debug, --no-color flags
- Add centralized error formatting for Connect RPC errors
- Add signal handling with double Ctrl+C force exit

Author: thibaultleouay

cmd/openstatus/main.go

@@ -1,16 +1,17 @@
 package main
 
 import (
-	"context"
 	cmd "github.com/openstatusHQ/cli/internal/cmd"
+	"github.com/joho/godotenv"
 	"log"
-	"os"
 )
 
 func main() {
+	_ = godotenv.Load()
+
 	app := cmd.NewApp()
 
-	if err := app.Run(context.Background(), os.Args); err != nil {
+	if err := cmd.RunApp(app); err != nil {
 		log.Fatal(err)
 	}
 }

go.mod

@@ -8,15 +8,19 @@ require (
 	buf.build/gen/go/openstatus/api/connectrpc/gosimple v1.19.1-20260202165838-5bd92a1e5d53.2
 	buf.build/gen/go/openstatus/api/protocolbuffers/go v1.36.11-20260202165838-5bd92a1e5d53.1
 	connectrpc.com/connect v1.19.1
+	github.com/briandowns/spinner v1.23.2
 	github.com/fatih/color v1.18.0
 	github.com/google/go-cmp v0.7.0
+	github.com/joho/godotenv v1.5.1
 	github.com/knadh/koanf/parsers/yaml v0.1.0
 	github.com/knadh/koanf/providers/file v1.1.2
 	github.com/knadh/koanf/v2 v2.1.1
 	github.com/logrusorgru/aurora/v4 v4.0.0
+	github.com/mattn/go-isatty v0.0.20
 	github.com/olekukonko/tablewriter v1.0.7
 	github.com/rodaine/table v1.3.0
 	github.com/urfave/cli-docs/v3 v3.0.0-alpha6
+	golang.org/x/term v0.1.0
 	sigs.k8s.io/yaml v1.4.0
 )
 
@@ -27,7 +31,6 @@ require (
 	github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
 	github.com/knadh/koanf/maps v0.1.2 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect

go.sum

@@ -1,15 +1,13 @@
 buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1 h1:j9yeqTWEFrtimt8Nng2MIeRrpoCvQzM9/g25XTvqUGg=
 buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1/go.mod h1:tvtbpgaVXZX4g6Pn+AnzFycuRK3MOz5HJfEGeEllXYM=
-buf.build/gen/go/openstatus/api/connectrpc/gosimple v1.19.1-20260202080906-4f3d33d3bed3.2 h1:nQzgK01nlgbSQn/7/qjHxSwcv/C6I2f9lMfhgJ98FV0=
-buf.build/gen/go/openstatus/api/connectrpc/gosimple v1.19.1-20260202080906-4f3d33d3bed3.2/go.mod h1:ikyyG3mJiNpeGcAywdhzGOt5fTSs78jvlvAqJo8ZYf4=
 buf.build/gen/go/openstatus/api/connectrpc/gosimple v1.19.1-20260202165838-5bd92a1e5d53.2 h1:MeP+r7GwYHWKSMa1ltvtRNwzT+gCyHIYCEpNxWeNwS4=
 buf.build/gen/go/openstatus/api/connectrpc/gosimple v1.19.1-20260202165838-5bd92a1e5d53.2/go.mod h1:W/PtF1QguqXdSkOHAD0VAOTMNfuESeNOdR2cF/CWeOQ=
-buf.build/gen/go/openstatus/api/protocolbuffers/go v1.36.11-20260202080906-4f3d33d3bed3.1 h1:PeaMjGloj9U860iUOmX7pNwx2hdudlOus8ietWw7IWE=
-buf.build/gen/go/openstatus/api/protocolbuffers/go v1.36.11-20260202080906-4f3d33d3bed3.1/go.mod h1:pZsKB5l3aT2mKtGkAZTC8pXhTptdfyYwFGCyH+KVfOM=
 buf.build/gen/go/openstatus/api/protocolbuffers/go v1.36.11-20260202165838-5bd92a1e5d53.1 h1:vw4PznfU8x7XrFtc/HHPjWfxNnFExtaSwrPS8cEKq+w=
 buf.build/gen/go/openstatus/api/protocolbuffers/go v1.36.11-20260202165838-5bd92a1e5d53.1/go.mod h1:pZsKB5l3aT2mKtGkAZTC8pXhTptdfyYwFGCyH+KVfOM=
 connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
 connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
+github.com/briandowns/spinner v1.23.2 h1:Zc6ecUnI+YzLmJniCfDNaMbW0Wid1d5+qcTq4L2FW8w=
+github.com/briandowns/spinner v1.23.2/go.mod h1:LaZeM4wm2Ywy6vO571mvhQNRcWfRUnXOs0RcKV0wYKM=
 github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -25,6 +23,8 @@ github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeN
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
+github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
+github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/knadh/koanf/maps v0.1.2 h1:RBfmAW5CnZT+PJ1CVc1QSJKf4Xu9kxfQgYVQSu8hpbo=
 github.com/knadh/koanf/maps v0.1.2/go.mod h1:npD/QZY3V6ghQDdcQzl1W4ICNVTkohC8E73eI2xW4yI=
 github.com/knadh/koanf/parsers/yaml v0.1.0 h1:ZZ8/iGfRLvKSaMEECEBPM1HQslrZADk8fP1XFUxVI5w=
@@ -77,6 +77,8 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
 golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
 google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=

internal/api/client.go

@@ -2,7 +2,11 @@ package api
 
 import (
 	"context"
+	"fmt"
+	"os"
+	"time"
 
+	output "github.com/openstatusHQ/cli/internal/cli"
 	"connectrpc.com/connect"
 )
 
@@ -14,7 +18,24 @@ func NewAuthInterceptor(apiKey string) connect.UnaryInterceptorFunc {
 	return func(next connect.UnaryFunc) connect.UnaryFunc {
 		return func(ctx context.Context, req connect.AnyRequest) (connect.AnyResponse, error) {
 			req.Header().Set("x-openstatus-key", apiKey)
-			return next(ctx, req)
+
+			if output.IsDebug() {
+				fmt.Fprintf(os.Stderr, "[debug] %s %s\n", req.HTTPMethod(), req.Spec().Procedure)
+			}
+
+			start := time.Now()
+			resp, err := next(ctx, req)
+
+			if output.IsDebug() {
+				duration := time.Since(start)
+				if err != nil {
+					fmt.Fprintf(os.Stderr, "[debug] error after %s: %v\n", duration, err)
+				} else {
+					fmt.Fprintf(os.Stderr, "[debug] ok in %s\n", duration)
+				}
+			}
+
+			return resp, err
 		}
 	}
 }

internal/auth/auth.go

@@ -0,0 +1,90 @@
+package auth
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/openstatusHQ/cli/internal/config"
+	clilib "github.com/urfave/cli/v3"
+)
+
+// ResolveAccessToken extracts the access token from CLI flags or falls back to saved token.
+func ResolveAccessToken(cmd *clilib.Command) (string, error) {
+	return ResolveToken(cmd.String("access-token"))
+}
+
+func ResolveToken(flagValue string) (string, error) {
+	if flagValue != "" {
+		return flagValue, nil
+	}
+
+	tokenPath, err := config.TokenPath()
+	if err == nil {
+		data, readErr := os.ReadFile(tokenPath)
+		if readErr == nil {
+			token := strings.TrimSpace(string(data))
+			if token != "" {
+				return token, nil
+			}
+		}
+	}
+
+	return "", fmt.Errorf("no API token found. Set OPENSTATUS_API_TOKEN env var, or run 'openstatus login'")
+}
+
+func SaveToken(token string) error {
+	dir, err := config.ConfigDir()
+	if err != nil {
+		return fmt.Errorf("failed to determine config directory: %w", err)
+	}
+	if err := os.MkdirAll(dir, 0700); err != nil {
+		return fmt.Errorf("failed to create config directory: %w", err)
+	}
+
+	tokenPath, err := config.TokenPath()
+	if err != nil {
+		return fmt.Errorf("failed to determine token path: %w", err)
+	}
+
+	tmpFile, err := os.CreateTemp(dir, ".token-*")
+	if err != nil {
+		return fmt.Errorf("failed to create temp file: %w", err)
+	}
+	tmpPath := tmpFile.Name()
+
+	if _, err := tmpFile.WriteString(token); err != nil {
+		tmpFile.Close()
+		os.Remove(tmpPath)
+		return fmt.Errorf("failed to write token: %w", err)
+	}
+	if err := tmpFile.Close(); err != nil {
+		os.Remove(tmpPath)
+		return fmt.Errorf("failed to close temp file: %w", err)
+	}
+	if err := os.Chmod(tmpPath, 0600); err != nil {
+		os.Remove(tmpPath)
+		return fmt.Errorf("failed to set token file permissions: %w", err)
+	}
+	if err := os.Rename(tmpPath, tokenPath); err != nil {
+		os.Remove(tmpPath)
+		return fmt.Errorf("failed to save token: %w", err)
+	}
+	return nil
+}
+
+func RemoveToken() error {
+	tokenPath, err := config.TokenPath()
+	if err != nil {
+		return fmt.Errorf("failed to determine token path: %w", err)
+	}
+	err = os.Remove(tokenPath)
+	if os.IsNotExist(err) {
+		return nil
+	}
+	if err != nil {
+		return fmt.Errorf("failed to remove token: %w", err)
+	}
+	return nil
+}
+

internal/cli/errors.go

@@ -0,0 +1,51 @@
+package cli
+
+import (
+	"errors"
+	"fmt"
+	"net"
+	"strings"
+
+	"connectrpc.com/connect"
+)
+
+func FormatError(err error, resource string, id string) error {
+	if err == nil {
+		return nil
+	}
+
+	var connectErr *connect.Error
+	if errors.As(err, &connectErr) {
+		switch connectErr.Code() {
+		case connect.CodeUnauthenticated:
+			return fmt.Errorf("authentication failed. Check your API token via OPENSTATUS_API_TOKEN env var or --access-token flag. Verify with 'openstatus whoami'")
+		case connect.CodePermissionDenied:
+			return fmt.Errorf("permission denied. Check that your API token has access to this workspace")
+		case connect.CodeNotFound:
+			if id != "" {
+				return fmt.Errorf("%s %s not found. Run 'openstatus %s list' to see available %ss", resource, id, resource, resource)
+			}
+			return fmt.Errorf("%s not found", resource)
+		case connect.CodeResourceExhausted:
+			return fmt.Errorf("rate limited. Wait a moment and try again")
+		case connect.CodeInvalidArgument:
+			return fmt.Errorf("invalid request: %s", connectErr.Message())
+		}
+	}
+
+	var dnsErr *net.DNSError
+	if errors.As(err, &dnsErr) {
+		return fmt.Errorf("could not reach api.openstatus.dev. Check your internet connection")
+	}
+
+	var netErr *net.OpError
+	if errors.As(err, &netErr) {
+		return fmt.Errorf("could not reach api.openstatus.dev. Check your internet connection")
+	}
+
+	if strings.Contains(err.Error(), "connection refused") || strings.Contains(err.Error(), "no such host") {
+		return fmt.Errorf("could not reach api.openstatus.dev. Check your internet connection")
+	}
+
+	return err
+}

internal/cli/output.go

@@ -0,0 +1,43 @@
+package cli
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"sync/atomic"
+
+	"github.com/fatih/color"
+	"github.com/mattn/go-isatty"
+)
+
+var (
+	jsonOutput atomic.Bool
+	quietMode  atomic.Bool
+	debugMode  atomic.Bool
+)
+
+func SetJSONOutput(v bool)  { jsonOutput.Store(v) }
+func SetQuietMode(v bool)   { quietMode.Store(v) }
+func SetDebugMode(v bool)   { debugMode.Store(v) }
+func IsJSONOutput() bool    { return jsonOutput.Load() }
+func IsQuiet() bool         { return quietMode.Load() }
+func IsDebug() bool         { return debugMode.Load() }
+func IsTerminal() bool      { return isatty.IsTerminal(os.Stdout.Fd()) || isatty.IsCygwinTerminal(os.Stdout.Fd()) }
+func IsStderrTerminal() bool {
+	return isatty.IsTerminal(os.Stderr.Fd()) || isatty.IsCygwinTerminal(os.Stderr.Fd())
+}
+
+func PrintJSON(v any) error {
+	data, err := json.MarshalIndent(v, "", "  ")
+	if err != nil {
+		return fmt.Errorf("failed to marshal JSON: %w", err)
+	}
+	fmt.Println(string(data))
+	return nil
+}
+
+func InitColorSettings(noColorFlag bool) {
+	if noColorFlag || os.Getenv("NO_COLOR") != "" || os.Getenv("TERM") == "dumb" || !IsTerminal() {
+		color.NoColor = true
+	}
+}

internal/cli/pager.go

@@ -0,0 +1,48 @@
+package cli
+
+import (
+	"io"
+	"os"
+	"os/exec"
+	"strings"
+)
+
+// WithPager pipes output through the user's $PAGER (default: "less -FIRX").
+// Note: $PAGER is split by whitespace (strings.Fields), so paths with spaces
+// are not supported. This matches the behavior of git and gh.
+func WithPager(fn func(w io.Writer)) {
+	if !IsTerminal() || IsJSONOutput() || IsQuiet() {
+		fn(os.Stdout)
+		return
+	}
+
+	pager := os.Getenv("PAGER")
+	if pager == "" {
+		pager = "less -FIRX"
+	}
+
+	parts := strings.Fields(pager)
+	if len(parts) == 0 {
+		fn(os.Stdout)
+		return
+	}
+
+	cmd := exec.Command(parts[0], parts[1:]...)
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+
+	w, err := cmd.StdinPipe()
+	if err != nil {
+		fn(os.Stdout)
+		return
+	}
+
+	if err := cmd.Start(); err != nil {
+		fn(os.Stdout)
+		return
+	}
+
+	fn(w)
+	w.Close()
+	cmd.Wait()
+}

internal/cli/spinner.go

@@ -0,0 +1,29 @@
+package cli
+
+import (
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/briandowns/spinner"
+)
+
+// Spinner is a type alias so callers don't need to import the spinner package directly.
+type Spinner = spinner.Spinner
+
+func StartSpinner(message string) *Spinner {
+	if !IsStderrTerminal() || IsJSONOutput() || IsQuiet() {
+		return nil
+	}
+	s := spinner.New(spinner.CharSets[14], 100*time.Millisecond)
+	s.Suffix = " " + message
+	s.Start()
+	return s
+}
+
+func StopSpinner(s *spinner.Spinner) {
+	if s != nil {
+		s.Stop()
+		fmt.Fprintln(os.Stderr)
+	}
+}