refactor(auth): delegate status + logout to @doist/cli-core/auth#72
Open
scottlovegrove wants to merge 2 commits into
Open
refactor(auth): delegate status + logout to @doist/cli-core/auth#72scottlovegrove wants to merge 2 commits into
scottlovegrove wants to merge 2 commits into
Conversation
Replaces hand-rolled `ol auth status` / `ol auth logout` with cli-core's `attachStatusCommand` / `attachLogoutCommand` registrars (mirrors Doist/twist-cli#222). Both subcommands gain `--json` / `--ndjson` for free, and status now translates 401 into the standard `NO_TOKEN` envelope with a re-auth hint instead of the ad-hoc `AUTH_VERIFICATION_FAILED` path. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
doistbot
reviewed
May 16, 2026
Member
doistbot
left a comment
doistbot
left a comment
There was a problem hiding this comment.
This PR replaces the hand-rolled auth status and auth logout commands with their @doist/cli-core equivalents, bringing built-in machine-readable output and standardized error handling. While the delegation successfully reduces boilerplate and aligns the CLI with internal patterns, the strict reliance on the token store inadvertently breaks environment variable authentication. A few adjustments will help polish this up, including reverting the status command to properly support environment-based tokens, removing PII from the machine-readable payloads to comply with AI tooling standards, resolving minor type duplications and forced casts, and adding automated tests for the new output formats.
- Restore env-token support: `OutlineTokenStore.active()` now returns a
placeholder snapshot when `OUTLINE_API_TOKEN` is set, so
`attachStatusCommand` / `attachLogoutCommand` work end-to-end for
env-only users. `fetchLive` re-derives the canonical account from
`auth.info` so the placeholder id/label are never rendered.
- Drop PII (`name`, `email`) from the `auth status --json` / `--ndjson`
envelope per the Internal AI Tools standard. Payload is now
`{id, team, baseUrl, source}`.
- Slim the `statusData` stash to the two fields that don't round-trip
through `account` (`email` for human render, `source` for both modes).
Renderers read shared fields from `account` directly.
- Derive `source` from `process.env.OUTLINE_API_TOKEN` instead of an
extra `getTokenSource()` disk read — `fetchLive` already proved the
token works, the only remaining question is env vs config.
- Export `AuthInfoResponse` from `auth-provider.ts` and drop the
duplicate in `auth.ts`.
- Narrow the error in `fetchLive`'s 401 branch with `instanceof Error`
rather than a forced `as Error` cast.
- Add status + logout integration tests in `auth-command.test.ts`
covering: human / `--json` / `--ndjson` renders, 401 → `NO_TOKEN`
translation, `NOT_AUTHENTICATED` when nothing is stored, and the
three logout output modes.
- Regenerate `skills/outline-cli/SKILL.md` for the trimmed JSON payload.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
scottlovegrove
requested review from
a team and
rmartins90
and removed request for
a team
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Mirrors Doist/twist-cli#222 for outline-cli. Replaces the hand-rolled
ol auth statusandol auth logoutaction handlers insrc/commands/auth.tswith cli-core'sattachStatusCommand/attachLogoutCommandregistrars, against the same sharedOutlineTokenStoreinstanceattachLoginCommandalready uses.ol auth statusandol auth logoutgain--json/--ndjsonfor free from cli-core.--json/--ndjson):{id, name, email, team, baseUrl, source}.--json):{ok: true};--ndjsonis silent (per the registrar contract).auth.infonow throwsCliError('NO_TOKEN', …)with a "re-authenticate" hint, replacing the ad-hocAUTH_VERIFICATION_FAILEDpath.CliError('NOT_AUTHENTICATED', …).'NO_TOKEN'to outline's localErrorCodeunion (cli-core'sAuthErrorCodeonly declaresNOT_AUTHENTICATED).SKILL_CONTENT/skills/outline-cli/SKILL.mdupdated for the new--json/--ndjsonflags.Skipped vs twist-cli#222 — both intentional, since outline-cli has no keyring:
getLastStorageResult/getLastClearResultgetters on the store.onClearedwarning hook on logout.revokeTokenhook (outline doesn't call/oauth/revoketoday; out of scope).@doist/cli-core@0.12.0, well above the 0.10.0 floor.Test plan
npm run type-checknpm test— 127/127 across 17 filesnpm run buildnpm run format(oxfmt + oxlint via lefthook on commit)npm run check:skill-syncol auth status(human +--json+--ndjson) against a real Outline instanceol auth statuswith an invalidOUTLINE_API_TOKEN→NO_TOKENenvelopeol auth statuswith no token at all →NOT_AUTHENTICATEDenvelopeol auth logout+ol auth logout --jsonround-tripol auth login→status→logoutround-trip to confirm the sharedstorestill works end-to-end🤖 Generated with Claude Code