Skip to content

feat: add Personal Access Token (PAT) support#80

Merged
jpage-godaddy merged 10 commits into
rust-portfrom
pat-support
Jul 7, 2026
Merged

feat: add Personal Access Token (PAT) support#80
jpage-godaddy merged 10 commits into
rust-portfrom
pat-support

Conversation

@jpage-godaddy

@jpage-godaddy jpage-godaddy commented Jul 7, 2026

Copy link
Copy Markdown
Collaborator

Summary

Add a non-interactive authentication path for the GoDaddy CLI using Personal Access Tokens (PATs) as a Bearer-token alternative to the browser-based PKCE OAuth flow.

What changed

  • New gddy pat command group:
    • gddy pat add --env <ENV> [--token <TOKEN>] <NAME> — store a PAT (reads from stdin by default)
    • gddy pat list — show stored PATs (last-four only)
    • gddy pat remove --env <ENV> — delete a stored PAT
  • PAT registry persisted to ~/.config/gddy/pat.toml with owner-only (0600) permissions via cli-engine::fs::write_string_atomic.
  • Runtime resolution precedence: GDDY_PAT_<ENV>GDDY_PAT → stored PAT → PKCE OAuth.
  • GoDaddyAuthProvider now prefers PAT over PKCE OAuth when available.
  • Added PAT format validation (gd_pat_<base62>_<8-hex-crc>) and a user guide (gddy guide auth).

Review-driven fixes

  • gddy pat add --token values are trimmed before validation, matching stdin input.
  • gddy pat add without --token surfaces an actionable error when stdin is empty/EOF or whitespace-only.

Verification

  • cargo check, cargo clippy -- -D warnings, cargo test, and cargo fmt --check all pass.
  • Smoke-tested pat add, pat list, pat remove, and auth status --env prod with both stored and env-var PATs.

Files changed

  • rust/src/pat/mod.rs
  • rust/src/pat/guides/auth.md
  • rust/src/auth.rs
  • rust/src/main.rs

Add a non-interactive authentication path using PATs as a Bearer-token
alternative to the existing PKCE OAuth flow.

- New  command group: add, list, remove
- Registry file at ~/.config/gddy/pat.toml with restrictive permissions
- Env-var sourcing: GDDY_PAT_<ENV> > GDDY_PAT > stored PAT > OAuth
- GoDaddyAuthProvider prefers PAT over PKCE when available
- PAT format validation and user guide

Co-Authored-By: Claude <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds Personal Access Token (PAT) authentication to the GoDaddy CLI as a non-interactive alternative to the existing browser-based OAuth PKCE flow, including a new gddy pat command group and runtime PAT resolution in the auth provider.

Changes:

  • Introduces gddy pat add|list|remove commands, a TOML-backed PAT registry, and PAT format validation.
  • Updates GoDaddyAuthProvider to prefer PAT credentials (env var or registry) before falling back to PKCE OAuth.
  • Adds an authentication guide documenting PAT creation, storage, and credential precedence.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File Description
rust/src/pat/mod.rs Implements PAT registry, validation, and the gddy pat command group.
rust/src/pat/guides/auth.md Adds end-user documentation for PAT-based authentication and precedence rules.
rust/src/auth.rs Prefers PAT credentials during auth resolution and deletes stored PATs on logout.
rust/src/main.rs Registers the new pat module and updates the top-level CLI help text.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread rust/src/pat/mod.rs Outdated
Comment thread rust/src/pat/mod.rs Outdated
Comment thread rust/src/pat/guides/auth.md Outdated
Comment thread rust/src/auth.rs
Comment thread rust/src/auth.rs
- Move OAuth debug-log doc comment back above
- Update  doc comment to match behaviour
- Warn on PAT registry load errors instead of silently swallowing them
- Fix  -> {
  "data": {
    "description": "GoDaddy developer CLI",
    "version": "0.1.0"
  },
  "next_actions": [
    {
      "command": "auth status",
      "description": "Check authentication status"
    },
    {
      "command": "env get",
      "description": "Get the current active environment"
    },
    {
      "command": "application list",
      "description": "List all applications"
    },
    {
      "command": "tree",
      "description": "Display the full command tree"
    }
  ]
} typo in PAT auth guide

Co-Authored-By: Claude <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

Comment thread rust/src/pat/mod.rs Outdated
Comment thread rust/src/pat/mod.rs
- resolve_pat now validates tokens from the registry, not just env vars.
- Refactor resolve_pat into testable resolve_pat_with helper.
- Add unit tests covering env-var precedence and malformed-token fallback.

Co-Authored-By: Claude <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Comment thread rust/src/pat/mod.rs
resolve_pat now consults GDDY_PAT* env vars before reading the registry,
so the registry-load warning accurately reflects that env vars have
already been ruled out and the CLI is falling back to OAuth.

Co-Authored-By: Claude <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Comment thread rust/src/pat/mod.rs
Adds explicit coverage that `redact` and `PatEntry` Debug formatting
use character boundaries and do not panic on multi-byte tokens.

Co-Authored-By: Claude <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

Comment thread rust/src/pat/mod.rs
Comment thread rust/src/pat/guides/auth.md Outdated
Comment thread rust/src/pat/guides/auth.md Outdated
…orm-specific docs

Switches `registry_path` to use `dirs::config_dir()` and `gddy/pat.toml`,
matching `contacts.toml`, `quotes.json`, and `environments.toml`. Updates
the module docs and the `gddy guide auth` page to describe the location as
platform-specific rather than hard-coding `~/.config/gddy/pat.toml`.

Co-Authored-By: Claude <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

Comment thread rust/src/pat/mod.rs
Comment thread rust/src/auth.rs
…ments

- `gddy pat remove --env` now validates the environment the same way
  `pat add` does, producing a clear error for typos instead of silent
  "not found".
- Added `pat::registry_envs()` and updated `GoDaddyAuthProvider::list_environments`
  to include environments that only have a stored PAT, so PAT-only envs are
  visible in `auth status` and similar credential-enumeration flows.

Co-Authored-By: Claude <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

Comment thread rust/src/auth.rs
Comment thread rust/src/pat/mod.rs Outdated
- `GoDaddyAuthProvider::list_environments` now warns and continues if the
  PAT registry cannot be loaded, keeping credential enumeration best-effort.
- `is_valid_pat` uses the new `PAT_PREFIX_BODY` constant instead of the
  hard-coded string literal `gd_pat`.

Co-Authored-By: Claude <noreply@anthropic.com>
@jpage-godaddy jpage-godaddy requested a review from Copilot July 7, 2026 17:03

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Comment thread rust/src/pat/mod.rs Outdated
The `gddy pat add --token` path was not trimming whitespace/newlines,
so tokens copied with trailing whitespace were rejected as malformed.
Stdin input was already trimmed; this makes both input paths consistent.

Co-Authored-By: Claude <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

Comment thread rust/src/pat/mod.rs
`gddy pat add` without --token now tells the user to pass --token or
pipe the PAT when stdin is empty/EOF or whitespace-only, instead of
the generic "does not look like a GoDaddy PAT" validation message.

Co-Authored-By: Claude <noreply@anthropic.com>

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated no new comments.

@jpage-godaddy jpage-godaddy merged commit 827d448 into rust-port Jul 7, 2026
2 checks passed
@jpage-godaddy jpage-godaddy deleted the pat-support branch July 7, 2026 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants