feat(cli): positional account grammar, account show, TTY remove confirm; drop whitelist flags

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-27 12:04:04 +01:00
parent 1bf5bf3c47
commit 9a8765d4e4
6 changed files with 180 additions and 69 deletions
@@ -1,33 +1,45 @@
 package cli

 import (
+	"bufio"
 	"flag"
 	"fmt"
 	"io"
+	"os"
 	"strings"

+	"github.com/mattn/go-isatty"
+
 	"git.dcglab.co.uk/steve/emcli/internal/crypto"
 	"git.dcglab.co.uk/steve/emcli/internal/policy"
 	"git.dcglab.co.uk/steve/emcli/internal/store"
 	"git.dcglab.co.uk/steve/emcli/internal/tui"
 )

-// runAccount handles `account add|list`. Human-readable output (never JSON).
+// confirmRemoval prompts on a TTY for a y/N answer. Non-TTY callers never reach
+// here (the caller requires --yes when stdin is not a terminal).
+func confirmRemoval(name string, out io.Writer) bool {
+	fmt.Fprintf(out, "Remove account %q? [y/N]: ", name)
+	line, _ := bufio.NewReader(os.Stdin).ReadString('\n')
+	line = strings.ToLower(strings.TrimSpace(line))
+	return line == "y" || line == "yes"
+}
+
+// runAccount handles `account <add|edit|remove|show|list>`. Human-readable
+// output (except the agent-only reduced-JSON branch of `list`).
 func runAccount(args []string, role store.Role, out, errOut io.Writer) int {
 	if len(args) == 0 || helpRequested(args[0]) {
 		printCmdUsage(out, "account")
-		fmt.Fprintln(out, "\nSubcommands: add, edit, remove, list")
+		fmt.Fprintln(out, "\nSubcommands: add, edit, remove, show, list")
 		if len(args) > 0 {
-			return 0 // explicit --help
+			return 0
 		}
 		return 2
 	}
-	sub, rest := args[0], args[1:]
+	sub := normalizeVerb(args[0])
+	rest := args[1:]
 	st, err := openStore(role)
 	if err != nil {
-		// account list is an agent command (a JSON consumer), so its
-		// open/key failures are emitted as an envelope, like the other agent
-		// commands; the admin subcommands stay human-readable.
 		if sub == "list" {
 			_ = Failure(CodeConfig, err.Error()).Write(out)
 		} else {
@@ -39,17 +51,16 @@ func runAccount(args []string, role store.Role, out, errOut io.Writer) int {

 	switch sub {
 	case "add":
-		if len(rest) == 0 { // no flags → interactive TUI form
+		if len(rest) == 0 { // no args → interactive TUI form
 			return addInteractive(st, tui.Fields{}, out, errOut)
 		}
 		// Peel a leading positional name (if present) before flag parsing.
-		var positionalName string
+		var name string
 		if !strings.HasPrefix(rest[0], "-") {
-			positionalName, rest = rest[0], rest[1:]
+			name, rest = rest[0], rest[1:]
 		}
 		fs := flag.NewFlagSet("account add", flag.ContinueOnError)
 		fs.SetOutput(errOut)
-		name := fs.String("name", "", "account name")
 		mode := fs.String("mode", "RO", "RO|RW")
 		host := fs.String("imap-host", "", "IMAP host")
 		port := fs.Int("imap-port", 993, "IMAP port")
@@ -61,18 +72,16 @@ func runAccount(args []string, role store.Role, out, errOut io.Writer) int {
 		pass := fs.String("password", "", "login password")
 		from := fs.String("from", "", "send-as address (blank = use username)")
 		subj := fs.String("subject-regex", "", "inbound subject filter")
-		wlIn := fs.Bool("whitelist-in", false, "enable inbound whitelist")
-		wlOut := fs.Bool("whitelist-out", false, "enable outbound whitelist")
 		backlog := fs.Bool("process-backlog", false, "treat existing mail as new")
 		if err := fs.Parse(rest); err != nil {
 			return 2
 		}
-		// Positional name takes precedence; fall back to --name flag.
-		if positionalName != "" {
-			*name = positionalName
+		if fs.NArg() > 0 {
+			fmt.Fprintf(errOut, "unexpected argument %q\n", fs.Arg(0))
+			return 2
 		}
-		if *name == "" || *host == "" || *user == "" {
-			fmt.Fprintln(errOut, "name, imap-host, and username are required")
+		if name == "" || *host == "" || *user == "" {
+			fmt.Fprintln(errOut, "name, --imap-host, and --username are required")
 			return 2
 		}
 		if err := tui.ValidFromAddress(*from); err != nil {
@@ -80,26 +89,31 @@ func runAccount(args []string, role store.Role, out, errOut io.Writer) int {
 			return 2
 		}
 		acc := store.Account{
-			Name: *name, Mode: *mode, IMAPHost: *host, IMAPPort: *port, IMAPSecurity: *sec,
+			Name: name, Mode: *mode, IMAPHost: *host, IMAPPort: *port, IMAPSecurity: *sec,
 			AuthType: "password", Username: *user, Password: *pass,
-			FromAddress: *from,
-			SubjectRegex: *subj, WhitelistInEnabled: *wlIn, WhitelistOutEnabled: *wlOut,
-			ProcessBacklog: *backlog,
+			FromAddress: *from, SubjectRegex: *subj, ProcessBacklog: *backlog,
 		}
 		if *mode == "RW" {
 			acc.SMTPHost, acc.SMTPPort, acc.SMTPSecurity = *smtpHost, *smtpPort, *smtpSec
 		}
-		_, err := st.AddAccount(acc)
-		if err != nil {
+		if _, err := st.AddAccount(acc); err != nil {
 			fmt.Fprintf(errOut, "add account: %v\n", err)
 			return 1
 		}
-		fmt.Fprintf(out, "account %q added (%s)\n", *name, *mode)
+		fmt.Fprintf(out, "account %q added (%s)\n", name, *mode)
 		return 0
 	case "edit":
+		if len(rest) == 0 || strings.HasPrefix(rest[0], "-") {
+			fmt.Fprintln(errOut, "usage: emcli account edit <name> [flags]")
+			return 2
+		}
+		name := rest[0]
+		flagArgs := rest[1:]
+		if len(flagArgs) == 0 { // only name → interactive prefilled form
+			return editInteractive(st, name, out, errOut)
+		}
 		fs := flag.NewFlagSet("account edit", flag.ContinueOnError)
 		fs.SetOutput(errOut)
-		name := fs.String("name", "", "account name (required)")
 		mode := fs.String("mode", "", "RO|RW")
 		host := fs.String("imap-host", "", "IMAP host")
 		port := fs.Int("imap-port", 0, "IMAP port")
@@ -111,26 +125,22 @@ func runAccount(args []string, role store.Role, out, errOut io.Writer) int {
 		pass := fs.String("password", "", "login password (blank keeps existing)")
 		from := fs.String("from", "", "send-as address (empty reverts to username)")
 		subj := fs.String("subject-regex", "", "inbound subject filter")
-		if err := fs.Parse(rest); err != nil {
+		if err := fs.Parse(flagArgs); err != nil {
 			return 2
 		}
-		if *name == "" {
-			fmt.Fprintln(errOut, "--name is required")
+		if fs.NArg() > 0 {
+			fmt.Fprintf(errOut, "unexpected argument %q\n", fs.Arg(0))
 			return 2
 		}
-		if fs.NFlag() == 1 { // only --name → interactive TUI form, prefilled
-			return editInteractive(st, *name, out, errOut)
-		}
 		if err := tui.ValidFromAddress(*from); err != nil {
 			fmt.Fprintln(errOut, err)
 			return 2
 		}
-		acc, err := st.GetAccount(*name)
+		acc, err := st.GetAccount(name)
 		if err != nil {
 			fmt.Fprintf(errOut, "edit: %v\n", err)
 			return 1
 		}
-		// Overlay only the flags the user actually set.
 		fs.Visit(func(f *flag.Flag) {
 			switch f.Name {
 			case "mode":
@@ -157,40 +167,51 @@ func runAccount(args []string, role store.Role, out, errOut io.Writer) int {
 				acc.SubjectRegex = *subj
 			}
 		})
-		// acc.Password holds the existing (decrypted) password from GetAccount; the
-		// Visit above overwrites it only when --password was passed. UpdateAccount
-		// re-seals whatever non-empty value is present, so the password is preserved.
 		if err := st.UpdateAccount(acc); err != nil {
 			fmt.Fprintf(errOut, "edit: %v\n", err)
 			return 1
 		}
-		fmt.Fprintf(out, "account %q updated\n", *name)
+		fmt.Fprintf(out, "account %q updated\n", name)
 		return 0
 	case "remove":
-		fs := flag.NewFlagSet("account remove", flag.ContinueOnError)
-		fs.SetOutput(errOut)
-		name := fs.String("name", "", "account name (required)")
-		yes := fs.Bool("yes", false, "skip confirmation")
-		if err := fs.Parse(rest); err != nil {
+		if len(rest) == 0 || strings.HasPrefix(rest[0], "-") {
+			fmt.Fprintln(errOut, "usage: emcli account remove <name> [--yes]")
 			return 2
 		}
-		if *name == "" {
-			fmt.Fprintln(errOut, "--name is required")
+		name := rest[0]
+		fs := flag.NewFlagSet("account remove", flag.ContinueOnError)
+		fs.SetOutput(errOut)
+		yes := fs.Bool("yes", false, "skip confirmation")
+		if err := fs.Parse(rest[1:]); err != nil {
+			return 2
+		}
+		if fs.NArg() > 0 {
+			fmt.Fprintf(errOut, "unexpected argument %q\n", fs.Arg(0))
 			return 2
 		}
 		if !*yes {
-			fmt.Fprintf(errOut, "refusing to remove %q without --yes\n", *name)
-			return 2
+			if !isatty.IsTerminal(os.Stdin.Fd()) {
+				fmt.Fprintf(errOut, "refusing to remove %q without --yes (no terminal for confirmation)\n", name)
+				return 2
+			}
+			if !confirmRemoval(name, out) {
+				fmt.Fprintln(out, "aborted")
+				return 1
+			}
 		}
-		if err := st.DeleteAccount(*name); err != nil {
+		if err := st.DeleteAccount(name); err != nil {
 			fmt.Fprintf(errOut, "remove: %v\n", err)
 			return 1
 		}
-		fmt.Fprintf(out, "account %q removed\n", *name)
+		fmt.Fprintf(out, "account %q removed\n", name)
 		return 0
+	case "show":
+		return accountShow(st, rest, out, errOut)
 	case "list":
-		// Holding the admin key means the caller is the human admin (full
-		// detail). An agent holds only EMCLI_KEY and gets a reduced JSON view.
+		if len(rest) > 0 {
+			fmt.Fprintf(errOut, "unexpected argument %q\n", rest[0])
+			return 2
+		}
 		_, adminErr := crypto.AdminKeyFromEnv()
 		isAdmin := adminErr == nil
 		accs, err := st.ListAccounts()
@@ -206,9 +227,7 @@ func runAccount(args []string, role store.Role, out, errOut io.Writer) int {
 			items := make([]map[string]any, 0, len(accs))
 			for _, a := range accs {
 				items = append(items, map[string]any{
-					"name":     a.Name,
-					"from":     a.SendFrom(),
-					"can_send": a.Mode == "RW",
+					"name": a.Name, "from": a.SendFrom(), "can_send": a.Mode == "RW",
 				})
 			}
 			_ = Success(map[string]any{"accounts": items}).Write(out)
@@ -221,7 +240,7 @@ func runAccount(args []string, role store.Role, out, errOut io.Writer) int {
 		}
 		return 0
 	default:
-		fmt.Fprintf(errOut, "unknown account subcommand %q\n", sub)
+		fmt.Fprintf(errOut, "unknown account subcommand %q (want add|edit|remove|show|list)\n", sub)
 		return 2
 	}
 }