feat: add --value flag to crux mcp auth#26
Merged
Merged
Conversation
#23) Supports `crux mcp auth <name> --value KEY=VALUE` (repeatable) to set secrets without interactive prompts. Works for both keychain and bearer auth types. Inline values always overwrite existing secrets. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
kaushalpaneri
commented
Mar 24, 2026
kaushalpaneri
left a comment
Contributor
Author
There was a problem hiding this comment.
PR Review Summary
| # | Severity | Category | Finding |
|---|
No findings.
Verdict: APPROVE (self-review — cannot self-approve via GH)
- CI: Pending (all 373 unit tests pass locally, lint clean)
- Code: Clean implementation using keyword-only
inline_valuesparameter. Good separation —cmd_mcp_authhandles parsing,auth_single/_auth_keychain/_auth_bearerhandle logic. - Security: Values passed via CLI may appear in shell history — documented in PR. No values logged, only key names. Uses same
backend.set()path as interactive auth. - Tests: 5 unit tests + 2 integration tests cover: inline store, overwrite, partial values, bearer, invalid format.
- Issue #23: Changes match the feature request —
--value KEY=VALUEflag avoids interactive prompts.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a
--value KEY=VALUEflag (repeatable) tocrux mcp auththat sets secrets non-interactively. Enables CI/CD pipelines and scripts to configure MCP authentication without interactive prompts.Linked Issue
Closes #23 — support inline --value flag for crux mcp auth to avoid interactive prompts.
Changes
Source
src/crux_cli/auth.py: Updatedauth_single(),_auth_keychain(), and_auth_bearer()to accept an optionalinline_valuesdict. When provided, values are stored directly without prompting. Inline values always overwrite existing secrets. Missing vars are skipped with an informational message.src/crux_cli/cli/commands/mcp.py: Updatedcmd_mcp_auth()to parse--valuepairs into a dict and pass toauth_single(). ValidatesKEY=VALUEformat.src/crux_cli/cli/main.py: Added--valueargument withaction="append"to themcp authsubparser.Tests
tests/unit/test_auth.py: 5 new unit tests inTestInlineValueAuth: keychain inline store, keychain overwrite, partial values, bearer inline, bearer overwrite.tests/integration/test_cli_mcp.py: 2 new integration tests:--valueflag accepted by parser, invalid format rejected.Docs
No doc changes
Config
No config changes
Breaking Changes
None — existing interactive behavior is unchanged when
--valueis not provided.Security Considerations
--valuemay appear in shell history. Users should use environment variable expansion (--value "KEY=$SECRET") in scripts.backend.set()path as interactive auth.Test Plan
uv run pytest tests/unit/ -v)uv run pytest tests/integration/ -v)uv run ruff check src/ tests/)crux mcp auth <name> --value API_KEY=test123— verify stored without promptcrux mcp auth <name> --value API_KEY=new --value SECRET=val— verify multiple valuescrux mcp auth <name> --value BADFORMAT— verify error message🤖 Generated with Claude Code