@@ -61,6 +61,225 @@ super
6161
6262---
6363
64+ ## π Authentication
65+
66+ ### Login with GitHub
67+
68+ Super CLI supports secure authentication via GitHub OAuth for accessing cloud features and marketplace.
69+
70+ #### First Time Login
71+
72+ ``` bash
73+ SuperOptiX βΊ /login
74+ ```
75+
76+ ** What happens:**
77+
78+ 1 . π ** OAuth URL Generated** - Secure PKCE-based authentication
79+ 2 . π ** Browser Opens** - GitHub authorization page
80+ 3 . β
** Authorize SuperOptiX** - Grant profile access
81+ 4 . π ** Token Saved** - Credentials stored securely locally
82+
83+ ** Example output:**
84+ ```
85+ π Login to SuperOptiX
86+
87+ Click the URL below to open in your browser:
88+
89+ π Click here to authenticate
90+
91+ Or copy and paste this URL:
92+ https://fffpinwooyqblbpdxicq.supabase.co/auth/v1/authorize?...
93+
94+ π‘ After authenticating, return here and wait...
95+
96+ β³ Waiting for authentication...
97+
98+ π Completing authentication...
99+
100+ β
Successfully logged in!
101+
102+ π€ User: OllyLondon
103+ 104+ ```
105+
106+ !!! success "Secure OAuth 2.0 with PKCE"
107+ SuperOptiX uses industry-standard OAuth 2.0 with PKCE (Proof Key for Code Exchange) for maximum security. Your GitHub password is never seen by SuperOptiX!
108+
109+ ---
110+
111+ ### Check Login Status
112+
113+ ``` bash
114+ SuperOptiX βΊ /whoami
115+ ```
116+
117+ ** Shows your current authentication status:**
118+
119+ ```
120+ βββββββββββ π Authentication Status βββββββββββ
121+ β π€ Logged in as β
122+ β β
123+ β Username: @OllyLondon β
124+ 125+ β Name: Olly β
126+ β Avatar: https://avatars.github... β
127+ β β
128+ β Use /logout to sign out β
129+ ββββββββββββββββββββββββββββββββββββββββββββββββ
130+ ```
131+
132+ ** If not logged in:**
133+ ```
134+ β οΈ Not logged in
135+ Run /login to authenticate with GitHub
136+ ```
137+
138+ ---
139+
140+ ### Logout
141+
142+ ``` bash
143+ SuperOptiX βΊ /logout
144+ ```
145+
146+ ** What it does:**
147+
148+ 1 . πͺ ** Revokes Token** - Invalidates token on server
149+ 2 . ποΈ ** Clears Credentials** - Deletes local auth file
150+ 3 . π ** Confirms Logout** - Shows success message
151+
152+ ** Example output:**
153+ ```
154+ πͺ Signing out...
155+
156+ ββββββββββββββββ π See You Soon! ββββββββββββββββ
157+ β β
Logged out successfully! β
158+ β β
159+ β Goodbye, @OllyLondon! β
160+ β β
161+ β Your credentials have been cleared. β
162+ β To login again, use: /login β
163+ βββββββββββββββββββββββββββββββββββββββββββββββββββ
164+ ```
165+
166+ !!! tip "Security Best Practice"
167+ Always logout when using Super CLI on shared or public computers!
168+
169+ ---
170+
171+ ### Switch Accounts
172+
173+ To switch between different GitHub accounts:
174+
175+ ``` bash
176+ # 1. Logout from current account
177+ SuperOptiX βΊ /logout
178+
179+ # 2. Login with different account
180+ SuperOptiX βΊ /login
181+ # (Authenticate with different GitHub account in browser)
182+ ```
183+
184+ ---
185+
186+ ### Token-Based Login (Advanced)
187+
188+ For CI/CD environments or automated workflows:
189+
190+ ``` bash
191+ SuperOptiX βΊ /login --token YOUR_ACCESS_TOKEN
192+ ```
193+
194+ !!! warning "Keep Tokens Secure"
195+ Access tokens should be kept secret. Don't share them or commit them to version control!
196+
197+ ---
198+
199+ ### Authentication Features
200+
201+ | Feature | Description | Command |
202+ | ---------| -------------| ---------|
203+ | ** OAuth Login** | Secure GitHub authentication | ` /login ` |
204+ | ** Token Login** | Direct token authentication | ` /login --token <token> ` |
205+ | ** Check Status** | View current user | ` /whoami ` |
206+ | ** Logout** | Sign out and clear credentials | ` /logout ` |
207+ | ** Auto-Expiry** | Tokens expire after 1 hour | Automatic |
208+ | ** Server Revocation** | Immediate token invalidation | On ` /logout ` |
209+
210+ ---
211+
212+ ### Security & Privacy
213+
214+ ** What's Protected:**
215+ - β
** OAuth 2.0 with PKCE** - Industry-standard security
216+ - β
** No Password Storage** - GitHub handles authentication
217+ - β
** Local Credentials** - Tokens stored in ` ~/.superoptix/auth.json `
218+ - β
** Limited Scopes** - Only reads your profile (email, name, avatar)
219+ - β
** Server Revocation** - Logout invalidates tokens immediately
220+
221+ ** Your Data:**
222+ - β
** Profile Only** - Email, username, avatar
223+ - β ** No Repo Access** - Can't read or modify repositories
224+ - β ** No Write Permissions** - Read-only profile access
225+ - β
** Revocable Anytime** - Logout or revoke in GitHub settings
226+
227+ ** Token Storage:**
228+ - π ** Location:** ` ~/.superoptix/auth.json `
229+ - π ** Permissions:** User-only (600)
230+ - β±οΈ ** Expiry:** Access token expires in 1 hour
231+ - π ** Refresh:** Refresh token for seamless re-auth
232+
233+ !!! info "Industry Standards"
234+ Super CLI follows the same authentication approach as GitHub CLI, Heroku CLI, and other modern CLI tools.
235+
236+ ---
237+
238+ ### Troubleshooting
239+
240+ #### Can't Login - Port Already in Use
241+
242+ If you see "Port 54321 already in use":
243+
244+ ``` bash
245+ # Check what's using the port
246+ lsof -i :54321
247+
248+ # Kill the process (macOS/Linux)
249+ kill -9 < PID>
250+
251+ # Try login again
252+ SuperOptiX βΊ /login
253+ ```
254+
255+ #### OAuth Callback Fails
256+
257+ If browser shows error after GitHub authorization:
258+
259+ 1 . ** Check Supabase Configuration:**
260+ - Site URL should be ` http://localhost:54321 `
261+ - Redirect URLs should include ` http://localhost:54321/callback `
262+
263+ 2 . ** Try Again:**
264+ ``` bash
265+ SuperOptiX βΊ /logout # Clear any partial state
266+ SuperOptiX βΊ /login # Fresh login attempt
267+ ```
268+
269+ #### Token Expired
270+
271+ If you see "Token expired" errors:
272+
273+ ``` bash
274+ # Logout and login again
275+ SuperOptiX βΊ /logout
276+ SuperOptiX βΊ /login
277+ ```
278+
279+ ** Tip:** Tokens expire after 1 hour. Re-login to get a fresh token.
280+
281+ ---
282+
64283## π¬ Natural Language Mode
65284
66285### Just Type What You Want
@@ -499,6 +718,10 @@ SuperOptiX βΊ create an orchestra for them
499718| ---------| -------------|
500719| ` /help ` | Full command reference with examples |
501720| ` /ask <question> ` | Ask about SuperOptiX features |
721+ | ` /login ` | Login with GitHub OAuth |
722+ | ` /login --token <token> ` | Login with access token |
723+ | ` /logout ` | Logout and clear credentials |
724+ | ` /whoami ` | Show current logged-in user |
502725| ` /model list ` | List available models |
503726| ` /model set <name> ` | Switch to different model |
504727| ` /config ` | Show current configuration |
0 commit comments