Documentation for the CLI

Signed-off-by: Kevin Stanley <stanleyk@objectcomputing.com>

Author: stanleykc

unityauth-cli/README.md

@@ -6,44 +6,38 @@ Command-line interface for UnityAuth administration.
 
 The UnityAuth CLI is a cross-platform command-line tool that enables system and tenant administrators to manage users, roles, and permissions in UnityAuth without using the web interface. It's designed for automation, batch operations, and scriptable workflows.
 
-## Features
-
-- **User Management**: Create, update, and list users
-- **Authentication**: Secure login with OS-native token storage
-- **Role & Tenant Discovery**: List available tenants and roles
-- **Permission Verification**: Check user permissions for debugging
-- **Batch Operations**: Create hundreds of users from CSV files
-- **Multiple Output Formats**: Table, JSON, and CSV output
-- **Automation-Friendly**: Non-interactive mode for scripts and CI/CD
+## Current Status
+
+| Feature | Status |
+|---------|--------|
+| Authentication (login/logout/token-info) | Implemented |
+| User Management (create/list/update roles) | Implemented |
+| Tenant Discovery (list/users) | Implemented |
+| Role Discovery (list) | Implemented |
+| Configuration Management | Implemented |
+| Permission Verification | Planned |
+| Batch Operations | Planned |
 
 ## Installation
 
 ### Prerequisites
 
-Before installing the UnityAuth CLI, ensure you have:
-
 - **Python 3.11 or higher**
 - **pip** (Python package installer)
 - **UnityAuth API endpoint URL**
 - **Valid UnityAuth administrator credentials**
 
 #### Verify Python Installation
 
-Check if Python 3.11+ is installed:
-
 ```bash
 python3 --version
+# Should show Python 3.11.x or higher
 ```
 
-You should see output like `Python 3.11.x` or higher.
-
 #### Install Python (if needed)
 
-If Python is not installed or the version is too old:
-
 **macOS:**
 ```bash
-# Using Homebrew
 brew install python@3.11
 ```
 
@@ -53,68 +47,28 @@ sudo apt update
 sudo apt install python3.11 python3.11-venv python3-pip
 ```
 
-**RHEL/CentOS/Fedora:**
-```bash
-sudo dnf install python3.11 python3-pip
-```
-
 **Windows:**
-Download from [python.org](https://www.python.org/downloads/) and run the installer. Make sure to check "Add Python to PATH" during installation.
-
-#### Verify pip Installation
-
-Check if pip is available:
-
-```bash
-python3 -m pip --version
-```
-
-If pip is not available, install it:
-
-```bash
-# Download get-pip.py
-curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
+Download from [python.org](https://www.python.org/downloads/) and run the installer. Check "Add Python to PATH" during installation.
 
-# Install pip
-python3 get-pip.py
-
-# Clean up
-rm get-pip.py
-```
-
-### Install from PyPI (Production)
-
-Once Python and pip are configured:
+### Install from Source (Development)
 
 ```bash
-python3 -m pip install unityauth-cli
-```
-
-### Install for Development
-
-For local development and testing:
+cd unityauth-cli
 
-```bash
-# Clone the repository (if needed)
-cd /path/to/UnityAuth/unityauth-cli
+# Create and activate virtual environment
+python3 -m venv venv
+source venv/bin/activate  # On Windows: venv\Scripts\activate
 
-# Install in editable mode with development dependencies
+# Install in editable mode
 python3 -m pip install -e .
-
-# Or install with dev dependencies
-python3 -m pip install -e ".[dev]"
 ```
 
 ### Verify Installation
 
-Confirm the CLI is installed correctly:
-
 ```bash
 unityauth --version
 ```
 
-You should see output like `unityauth-cli version 1.0.0`.
-
 ## Quick Start
 
 ### 1. Configure API Endpoint
@@ -127,14 +81,22 @@ unityauth config set api_url https://auth.example.com
 
 ```bash
 unityauth login
+# Enter email and password when prompted
 ```
 
-You'll be prompted for your email and password. Your authentication token will be securely stored in your OS credential manager.
+Your authentication token is securely stored in your OS credential manager (Keychain on macOS, Credential Manager on Windows, Secret Service on Linux).
 
-### 3. List Tenants
+### 3. Explore the System
 
 ```bash
+# List accessible tenants
 unityauth tenant list
+
+# List available roles
+unityauth role list
+
+# List users in a tenant
+unityauth tenant users 1
 ```
 
 ### 4. Create a User
@@ -149,140 +111,137 @@ unityauth user create \
   --role-ids 2,3
 ```
 
-## Common Commands
-
-### Authentication
+## Command Structure
 
-```bash
-unityauth login                    # Login with credentials
-unityauth logout                   # Remove stored token
-unityauth token-info               # Display current session info
 ```
-
-### User Management
-
-```bash
-unityauth user create ...          # Create a new user
-unityauth user list --tenant-id 1  # List users in a tenant
-unityauth user update USER_ID ...  # Update user roles
+unityauth
+├── login          # Authenticate with UnityAuth
+├── logout         # Remove stored credentials
+├── token-info     # Display session information
+├── config         # Configuration management
+│   ├── show       # Display current config
+│   ├── set        # Set a config value
+│   └── edit       # Open config in editor
+├── user           # User management
+│   ├── create     # Create a new user
+│   ├── list       # List users in a tenant
+│   └── update     # Update user roles
+├── tenant         # Tenant discovery
+│   ├── list       # List accessible tenants
+│   └── users      # List users in a tenant
+└── role           # Role discovery
+    └── list       # List available roles
 ```
 
-### Discovery
+## Global Options
 
-```bash
-unityauth tenant list              # List accessible tenants
-unityauth role list                # List available roles
-unityauth permission get ...       # Get user permissions
-```
+All commands support these global options:
 
-### Batch Operations
-
-```bash
-unityauth batch create-users users.csv           # Create users from CSV
-unityauth batch create-users users.csv --dry-run # Preview without creating
-```
+| Option | Description |
+|--------|-------------|
+| `--api-url TEXT` | Override API URL from config |
+| `--format [table\|json\|csv]` | Output format (default: table) |
+| `--verbose` | Enable debug output |
+| `--version` | Show version and exit |
+| `--help` | Show help message |
 
 ## Output Formats
 
-The CLI supports three output formats:
+```bash
+# Human-readable table (default)
+unityauth tenant list
 
-- **table** (default): Human-readable ASCII tables
-- **json**: Machine-readable JSON for scripting
-- **csv**: Spreadsheet-compatible CSV
+# Machine-readable JSON
+unityauth tenant list --format json
 
-Example:
+# Spreadsheet-compatible CSV
+unityauth tenant list --format csv
 
-```bash
+# Pipe JSON to jq for processing
 unityauth tenant list --format json | jq '.[0].name'
 ```
 
-## Automation
-
-### Non-Interactive Mode
+## Environment Variables
 
-Provide all parameters via command-line options:
+| Variable | Description |
+|----------|-------------|
+| `UNITYAUTH_API_URL` | API endpoint URL |
+| `UNITYAUTH_EMAIL` | Login email address |
+| `UNITYAUTH_PASSWORD` | Login password (for non-interactive mode) |
 
+Example:
 ```bash
-unityauth login --email admin@example.com --password "$ADMIN_PASSWORD"
+export UNITYAUTH_API_URL="https://auth.example.com"
+unityauth login --email admin@example.com
 ```
 
-### Environment Variables
+## Exit Codes
 
-```bash
-export UNITYAUTH_API_URL="https://auth.example.com"
-export UNITYAUTH_EMAIL="admin@example.com"
-export UNITYAUTH_PASSWORD="secret"
+| Code | Meaning |
+|------|---------|
+| 0 | Success |
+| 1 | General error (validation, network, API) |
+| 2 | Authentication error |
+| 3 | Permission/authorization error |
+| 4 | Configuration error |
 
-unityauth login
-```
+## Configuration
 
-### Exit Codes
+Configuration is stored in `~/.config/unityauth-cli/config.yml`:
 
-- `0`: Success
-- `1`: General error (validation, network, API)
-- `2`: Authentication error
-- `3`: Permission error
-- `4`: Configuration error
+```yaml
+api_url: https://auth.example.com
+default_format: table
+timeout: 30
+```
+
+Manage configuration:
+```bash
+unityauth config show              # View current settings
+unityauth config set api_url URL   # Set API endpoint
+unityauth config set timeout 60    # Set request timeout
+unityauth config edit              # Open in editor
+```
 
 ## Documentation
 
-- [Quickstart Guide](../specs/001-unityauth-cli/quickstart.md) - Detailed usage examples
-- [API Endpoints](../CLAUDE.md) - UnityAuth API reference
-- [Project README](../README.md) - Main UnityAuth documentation
+- [User Guide](docs/user-guide.md) - Complete command reference
+- [Quickstart Guide](../specs/001-unityauth-cli/quickstart.md) - Detailed usage scenarios
+- [UnityAuth API](../CLAUDE.md) - Backend API reference
 
 ## Development
 
-### Setting Up Development Environment
+### Setup
 
 ```bash
-# Navigate to the CLI directory
 cd unityauth-cli
-
-# Install development dependencies
-python3 -m pip install -r requirements-dev.txt
-
-# Or install in editable mode with dev extras
+python3 -m venv venv
+source venv/bin/activate
 python3 -m pip install -e ".[dev]"
 ```
 
 ### Running Tests
 
 ```bash
-# Run unit tests
 pytest tests/unit/
-
-# Run integration tests
-pytest tests/integration/
-
-# Run all tests with coverage
 pytest --cov=unityauth_cli
 ```
 
 ### Code Quality
 
 ```bash
-# Format code
-black src/
-
-# Lint code
-flake8 src/
-
-# Type checking
-mypy src/
+black src/           # Format code
+flake8 src/          # Lint
+mypy src/            # Type checking
 ```
 
 ## Security
 
-- **Token Storage**: JWT tokens are encrypted at rest using OS-native credential stores (Keychain on macOS, Credential Manager on Windows, Secret Service on Linux)
-- **HTTPS Required**: API communication requires HTTPS
-- **No Password Storage**: Passwords are never stored; only JWT tokens
-- **Secure CSV Handling**: CSV files containing passwords should be deleted after batch operations
-
-## Support
-
-- **GitHub Issues**: https://github.com/UnityFoundation-io/UnityAuth/issues
-- **Documentation**: See [CLAUDE.md](../CLAUDE.md) for UnityAuth architecture
+- **Token Storage**: JWT tokens encrypted using OS-native credential stores
+- **HTTPS Required**: All API communication uses HTTPS
+- **No Password Storage**: Only JWT tokens are persisted, never passwords
+- **Secure Prompts**: Password input is hidden when typing
 
 ## License
 
-MIT License - See LICENSE file for details
+MIT License - See LICENSE file for details.