arcade-mcp/libs/arcade-cli/arcade_cli/org.py
Nate Barbettini aae9b3a49c
feat: Support multiple orgs & projects in Arcade CLI (#717)
Fixes [PLT-720: Refactor CLI to support multiple orgs +
projects](https://linear.app/arcadedev/issue/PLT-720/refactor-cli-to-support-multiple-orgs-projects)

This PR removes the legacy login flow (login to get an API key) from
Arcade CLI. Believe it or not, this flow predates the ability to get an
API key from the Dashboard, or even the Dashboard itself!

Notable changes:

**Legacy handling** - When a user with an existing `credentials.yaml`
updates the CLI, they will get instructions on fixing their old
credentials:
<img width="978" height="146" alt="Screenshot 2025-12-08 at 10 10 37"
src="https://github.com/user-attachments/assets/5aeaef2c-bef7-4642-a2f7-f917b257c94b"
/>

Any commands that require login (non-public commands) will be blocked
with the above message until `arcade logout / arcade login` is performed
again.

**New login flow**

```sh
arcade login
Opening a browser to log you in...

 Logged in as nate@arcade.dev.

Active project: Nate Barbettini's organization / Default project
Run 'arcade org list' or 'arcade project list' to see available options.
```

**List and set the active organization**
```sh
arcade org list
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━┓
┃ Name                           ┃ ID                                   ┃ Default ┃ Active ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━┩
│ Nate Barbettini's organization │ 1c64968e-fdc5-4c55-8612-2ce46cd7881b │ ✓       │ ✓      │
│ Sergio 743                     │ 1f1f6184-58dc-4bac-bdde-b9184e43fdf3 │         │        │
└────────────────────────────────┴──────────────────────────────────────┴─────────┴────────┘

Use 'arcade org set <org_id>' to switch organizations.
```
```sh
arcade org set 1c64968e-fdc5-4c55-8612-2ce46cd7881b 

✓ Switched to organization: Nate Barbettini's organization
  Active project: Default project
```

**List and set the active project**
```sh
arcade project list

Active organization: Nate Barbettini's organization
Use 'arcade org list' and 'arcade org set <org_id>' to switch organizations.

┏━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━┳━━━━━━━━┓
┃ Name            ┃ ID                                   ┃ Default ┃ Active ┃
┡━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━╇━━━━━━━━┩
│ Default project │ 35166bf3-6e68-481e-bf16-f747fadc6c22 │ ✓       │ ✓      │
│ Second project  │ 62963205-31ea-4fda-9fc4-af10db89c06f │         │        │
└─────────────────┴──────────────────────────────────────┴─────────┴────────┘

Use 'arcade project set <project_id>' to switch projects.
```
```sh
arcade project set 35166bf3-6e68-481e-bf16-f747fadc6c22
✓ Switched to project: Default project
```

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Migrates CLI to OAuth2 (PKCE) with saved org/project context, adds
org/project commands, rewrites Engine calls to org-scoped endpoints, and
bumps core packages.
> 
> - **Auth & Config**
> - Implement OAuth2 Authorization Code + PKCE (`arcade_cli/authn.py`)
with local callback server and Jinja templates.
> - Persist tokens and active `context` (org/project) in
`credentials.yaml` via updated config models
(`arcade_core/config_model.py`).
> - Add token refresh and CLI config fetch utilities
(`arcade_core/auth_tokens.py`).
> - Detect legacy API-key credentials and block protected commands until
re-login; add `whoami` command.
> - **Org/Project Management**
> - New subcommands: `arcade org list|set`, `arcade project list|set`
(fetch via Coordinator).
> - **Engine API usage (org-scoped)**
> - Introduce org/project URL rewriting transports
(`arcade_core/network/org_transport.py`) and helpers
(`get_org_scoped_url`, `get_arcade_client`, `get_auth_headers`).
> - Update `deploy`, `server`, and `secret` commands to use Bearer
tokens and org-scoped paths; adjust log streaming/status, secrets CRUD,
and deployment workflows.
> - **CLI UX**
> - Replace legacy login URLs/constants; add success/failure HTML
templates for browser callback.
>   - Tweak `dashboard` to health-check without credentials.
>   - Usage tracking now includes `org_id`/`project_id` properties.
> - **Tests**
> - Update tests for dashboard, secrets, utils, and usage identity
(OAuth `/whoami`).
> - **Dependencies & Versions**
> - Bump packages: `arcade-core@4.0.0`, `arcade-mcp-server@1.12.0`,
`arcade-serve@3.2.0`, `arcade-tdk@3.3.0`; add `authlib`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
49702c2f74b9db15bb286d3ec71179b4e74a9134. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
2025-12-11 12:58:55 -08:00

163 lines
5 KiB
Python

import typer
from arcade_core.constants import PROD_COORDINATOR_HOST
from rich.console import Console
from arcade_cli.authn import (
fetch_organizations,
fetch_projects,
select_default_project,
)
from arcade_cli.usage.command_tracker import TrackedTyper, TrackedTyperGroup
from arcade_cli.utils import (
compute_base_url,
handle_cli_error,
)
console = Console()
app = TrackedTyper(
cls=TrackedTyperGroup,
add_completion=False,
no_args_is_help=True,
pretty_exceptions_enable=True,
pretty_exceptions_show_locals=False,
pretty_exceptions_short=True,
)
state = {
"coordinator_url": compute_base_url(
force_tls=False,
force_no_tls=False,
host=PROD_COORDINATOR_HOST,
port=None,
default_port=None,
)
}
@app.callback()
def main(
host: str = typer.Option(
PROD_COORDINATOR_HOST,
"--host",
"-h",
help="The Arcade Coordinator host.",
),
port: int = typer.Option(
None,
"--port",
"-p",
help="The port of the Arcade Coordinator host.",
),
force_tls: bool = typer.Option(
False,
"--tls",
help="Whether to force TLS for the connection to Arcade Coordinator.",
),
force_no_tls: bool = typer.Option(
False,
"--no-tls",
help="Whether to disable TLS for the connection to Arcade Coordinator.",
),
) -> None:
"""Configure Coordinator connection options for organization commands."""
coordinator_url = compute_base_url(force_tls, force_no_tls, host, port, default_port=None)
state["coordinator_url"] = coordinator_url
@app.command("list", help="List organizations you belong to")
def org_list(
debug: bool = typer.Option(False, "--debug", "-d", help="Show debug information"),
) -> None:
"""List all organizations the current user belongs to."""
from arcade_core.config_model import Config
from rich.table import Table
try:
coordinator_url = state["coordinator_url"]
orgs = fetch_organizations(coordinator_url)
if not orgs:
console.print("No organizations found.", style="yellow")
return
# Get current active org
config = Config.load_from_file()
active_org_id = config.get_active_org_id()
table = Table()
table.add_column("Name", style="cyan")
table.add_column("ID", style="dim")
table.add_column("Default", style="green")
table.add_column("Active", style="bold yellow")
for org in orgs:
is_active = "" if org.org_id == active_org_id else ""
is_default = "" if org.is_default else ""
table.add_row(org.name, org.org_id, is_default, is_active)
console.print(table)
console.print("\nUse 'arcade org set <org_id>' to switch organizations.\n")
except ValueError as e:
handle_cli_error(str(e))
except Exception as e:
handle_cli_error("Failed to list organizations", e, debug)
@app.command("set", help="Set the active organization")
def org_set(
org_id: str = typer.Argument(..., help="Organization ID to set as active"),
debug: bool = typer.Option(False, "--debug", "-d", help="Show debug information"),
) -> None:
"""Set the active organization and reset project to its default."""
from arcade_core.config_model import Config, ContextConfig
try:
coordinator_url = state["coordinator_url"]
# Verify org exists and user has access
orgs = fetch_organizations(coordinator_url)
target_org = next((o for o in orgs if o.org_id == org_id), None)
if not target_org:
console.print(
f"Organization '{org_id}' not found or you don't have access.", style="bold red"
)
console.print("Run 'arcade org list' to see available organizations.", style="dim")
return
# Fetch projects and select default
projects = fetch_projects(coordinator_url, org_id)
if not projects:
handle_cli_error(
f"No projects found in organization '{target_org.name}'. "
"Contact support@arcade.dev for assistance."
)
return
selected_project = select_default_project(projects)
if not selected_project:
handle_cli_error("Could not select a default project.")
return
# Update config
config = Config.load_from_file()
config.context = ContextConfig(
org_id=target_org.org_id,
org_name=target_org.name,
project_id=selected_project.project_id,
project_name=selected_project.name,
)
config.save_to_file()
console.print(f"✓ Switched to organization: {target_org.name}", style="bold green")
console.print(f" Active project: {selected_project.name}", style="dim")
except ValueError as e:
handle_cli_error(str(e))
except Exception as e:
handle_cli_error("Failed to set organization", e, debug)