Skip to content

feat: add --value flag to crux mcp auth#26

Merged
kaushalpaneri merged 1 commit into
mainfrom
feat/issue-23
Mar 24, 2026
Merged

feat: add --value flag to crux mcp auth#26
kaushalpaneri merged 1 commit into
mainfrom
feat/issue-23

Conversation

@kaushalpaneri

Copy link
Copy Markdown
Contributor

Summary

Adds a --value KEY=VALUE flag (repeatable) to crux mcp auth that sets secrets non-interactively. Enables CI/CD pipelines and scripts to configure MCP authentication without interactive prompts.

Linked Issue

Closes #23 — support inline --value flag for crux mcp auth to avoid interactive prompts.

Changes

Source

  • src/crux_cli/auth.py: Updated auth_single(), _auth_keychain(), and _auth_bearer() to accept an optional inline_values dict. When provided, values are stored directly without prompting. Inline values always overwrite existing secrets. Missing vars are skipped with an informational message.
  • src/crux_cli/cli/commands/mcp.py: Updated cmd_mcp_auth() to parse --value pairs into a dict and pass to auth_single(). Validates KEY=VALUE format.
  • src/crux_cli/cli/main.py: Added --value argument with action="append" to the mcp auth subparser.

Tests

  • tests/unit/test_auth.py: 5 new unit tests in TestInlineValueAuth: keychain inline store, keychain overwrite, partial values, bearer inline, bearer overwrite.
  • tests/integration/test_cli_mcp.py: 2 new integration tests: --value flag accepted by parser, invalid format rejected.

Docs

No doc changes

Config

No config changes

Breaking Changes

None — existing interactive behavior is unchanged when --value is not provided.

Security Considerations

  • Values passed via --value may appear in shell history. Users should use environment variable expansion (--value "KEY=$SECRET") in scripts.
  • No values are logged or printed — only key names appear in output.
  • Values are stored through the same backend.set() path as interactive auth.

Test Plan

  • All unit tests pass (uv run pytest tests/unit/ -v)
  • All integration tests pass (uv run pytest tests/integration/ -v)
  • Ruff clean (uv run ruff check src/ tests/)
  • No secrets in committed files
  • Manual: crux mcp auth <name> --value API_KEY=test123 — verify stored without prompt
  • Manual: crux mcp auth <name> --value API_KEY=new --value SECRET=val — verify multiple values
  • Manual: crux mcp auth <name> --value BADFORMAT — verify error message

🤖 Generated with Claude Code

#23)

Supports `crux mcp auth <name> --value KEY=VALUE` (repeatable) to set
secrets without interactive prompts. Works for both keychain and bearer
auth types. Inline values always overwrite existing secrets.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

@kaushalpaneri kaushalpaneri left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Review Summary

# Severity Category Finding

No findings.

Verdict: APPROVE (self-review — cannot self-approve via GH)

  • CI: Pending (all 373 unit tests pass locally, lint clean)
  • Code: Clean implementation using keyword-only inline_values parameter. Good separation — cmd_mcp_auth handles parsing, auth_single/_auth_keychain/_auth_bearer handle logic.
  • Security: Values passed via CLI may appear in shell history — documented in PR. No values logged, only key names. Uses same backend.set() path as interactive auth.
  • Tests: 5 unit tests + 2 integration tests cover: inline store, overwrite, partial values, bearer, invalid format.
  • Issue #23: Changes match the feature request — --value KEY=VALUE flag avoids interactive prompts.

@kaushalpaneri kaushalpaneri merged commit 5b64d55 into main Mar 24, 2026
15 checks passed
@kaushalpaneri kaushalpaneri deleted the feat/issue-23 branch March 24, 2026 05:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feat: support inline --value flag for crux mcp auth to avoid interactive prompts

1 participant