feat: add policy rules commands with input hardening (#7)

Author: guyb1

README.md

@@ -1,6 +1,6 @@
 # OneCLI CLI
 
-CLI for [OneCLI](https://onecli.sh) — manage agents, secrets, and configuration from the terminal.
+CLI for [OneCLI](https://onecli.sh) — manage agents, secrets, rules, and configuration from the terminal.
 
 ## Install
 
@@ -48,6 +48,16 @@ onecli secrets update --id X --value Y                 Update a secret
 onecli secrets delete --id X                           Delete a secret
 ```
 
+### Rules
+
+```
+onecli rules list                                      List all policy rules
+onecli rules get --id X                                Get a single rule
+onecli rules create --name X --host-pattern Y ...      Create a new rule
+onecli rules update --id X [--action block] ...        Update a rule
+onecli rules delete --id X                             Delete a rule
+```
+
 ### Auth
 
 ```

cmd/onecli/auth.go

@@ -16,9 +16,11 @@ import (
 
 // AuthCmd is the `onecli auth` command group.
 type AuthCmd struct {
-	Login  AuthLoginCmd  `cmd:"" help:"Store API key for authentication."`
-	Logout AuthLogoutCmd `cmd:"" help:"Remove stored API key."`
-	Status AuthStatusCmd `cmd:"" help:"Show authentication status."`
+	Login            AuthLoginCmd            `cmd:"" help:"Store API key for authentication."`
+	Logout           AuthLogoutCmd           `cmd:"" help:"Remove stored API key."`
+	Status           AuthStatusCmd           `cmd:"" help:"Show authentication status."`
+	ApiKey           AuthApiKeyCmd           `cmd:"api-key" help:"Show your current API key."`
+	RegenerateApiKey AuthRegenerateApiKeyCmd `cmd:"regenerate-api-key" help:"Regenerate your API key."`
 }
 
 // AuthLoginCmd is `onecli auth login`.
@@ -131,3 +133,40 @@ func (c *AuthStatusCmd) Run(out *output.Writer) error {
 		Name:          user.Name,
 	})
 }
+
+// AuthApiKeyCmd is `onecli auth api-key`.
+type AuthApiKeyCmd struct {
+	Fields string `optional:"" help:"Comma-separated list of fields to include in output."`
+}
+
+func (c *AuthApiKeyCmd) Run(out *output.Writer) error {
+	client, err := newClient()
+	if err != nil {
+		return err
+	}
+	resp, err := client.GetAPIKey(newContext())
+	if err != nil {
+		return err
+	}
+	return out.WriteFiltered(resp, c.Fields)
+}
+
+// AuthRegenerateApiKeyCmd is `onecli auth regenerate-api-key`.
+type AuthRegenerateApiKeyCmd struct {
+	DryRun bool `optional:"" name:"dry-run" help:"Validate the request without executing it."`
+}
+
+func (c *AuthRegenerateApiKeyCmd) Run(out *output.Writer) error {
+	if c.DryRun {
+		return out.WriteDryRun("Would regenerate API key", nil)
+	}
+	client, err := newClient()
+	if err != nil {
+		return err
+	}
+	resp, err := client.RegenerateAPIKey(newContext())
+	if err != nil {
+		return err
+	}
+	return out.Write(resp)
+}

cmd/onecli/help.go

@@ -37,7 +37,7 @@ func (cmd *HelpCmd) Run(out *output.Writer) error {
 	return out.Write(HelpResponse{
 		Name:        "onecli",
 		Version:     version,
-		Description: "CLI for managing OneCLI agents, secrets, and configuration.",
+		Description: "CLI for managing OneCLI agents, secrets, rules, and configuration.",
 		Commands: []CommandInfo{
 			{Name: "agents list", Description: "List all agents."},
 			{Name: "agents get-default", Description: "Get the default agent."},
@@ -79,9 +79,23 @@ func (cmd *HelpCmd) Run(out *output.Writer) error {
 			{Name: "secrets delete", Description: "Delete a secret.", Args: []ArgInfo{
 				{Name: "--id", Required: true, Description: "ID of the secret to delete."},
 			}},
+			{Name: "rules list", Description: "List all policy rules."},
+			{Name: "rules create", Description: "Create a new policy rule.", Args: []ArgInfo{
+				{Name: "--name", Required: true, Description: "Display name for the rule."},
+				{Name: "--host-pattern", Required: true, Description: "Host pattern to match."},
+				{Name: "--action", Required: true, Description: "Action: 'block' or 'rate_limit'."},
+			}},
+			{Name: "rules update", Description: "Update an existing policy rule.", Args: []ArgInfo{
+				{Name: "--id", Required: true, Description: "ID of the rule to update."},
+			}},
+			{Name: "rules delete", Description: "Delete a policy rule.", Args: []ArgInfo{
+				{Name: "--id", Required: true, Description: "ID of the rule to delete."},
+			}},
 			{Name: "auth login", Description: "Store API key for authentication."},
 			{Name: "auth logout", Description: "Remove stored API key."},
 			{Name: "auth status", Description: "Show authentication status."},
+			{Name: "auth api-key", Description: "Show your current API key."},
+			{Name: "auth regenerate-api-key", Description: "Regenerate your API key."},
 			{Name: "config get <key>", Description: "Get a config value."},
 			{Name: "config set <key> <value>", Description: "Set a config value."},
 			{Name: "version", Description: "Print version information."},

cmd/onecli/main.go

@@ -22,6 +22,7 @@ type CLI struct {
 	Help    HelpCmd    `cmd:"" help:"Show available commands."`
 	Agents  AgentsCmd  `cmd:"" help:"Manage agents."`
 	Secrets SecretsCmd `cmd:"" help:"Manage secrets."`
+	Rules   RulesCmd   `cmd:"" help:"Manage policy rules."`
 	Auth    AuthCmd    `cmd:"" help:"Manage authentication."`
 	Config  ConfigCmd  `cmd:"" help:"Manage configuration settings."`
 }
@@ -43,7 +44,7 @@ func main() {
 	cli := &CLI{}
 	k, err := kong.New(cli,
 		kong.Name("onecli"),
-		kong.Description("CLI for managing OneCLI agents, secrets, and configuration."),
+		kong.Description("CLI for managing OneCLI agents, secrets, rules, and configuration."),
 		kong.Help(jsonHelpPrinter(out)),
 		kong.Bind(out),
 	)