移除 --auth-context，改为 --auth-stdin，结构化传递解析认证信息

cli/tjwater_cli/core.py

@@ -2,6 +2,7 @@ from __future__ import annotations
 
 import json
 import os
+import sys
 import time
 import uuid
 from dataclasses import dataclass, field
@@ -80,25 +81,6 @@ class CommandDoc:
     output: str = "标准 JSON 输出"
 
 
-def _read_json_file(path: Path) -> dict[str, Any]:
-    try:
-        return json.loads(path.read_text(encoding="utf-8"))
-    except FileNotFoundError as exc:
-        raise CLIError(
-            "认证失败",
-            code="AUTH_CONTEXT_NOT_FOUND",
-            message=f"auth context file not found: {path}",
-            exit_code=3,
-        ) from exc
-    except json.JSONDecodeError as exc:
-        raise CLIError(
-            "认证失败",
-            code="AUTH_CONTEXT_INVALID",
-            message=f"auth context file is not valid JSON: {path}",
-            exit_code=3,
-        ) from exc
-
-
 def _pick(mapping: Mapping[str, Any], *keys: str) -> Any:
     for key in keys:
         value = mapping.get(key)
@@ -107,10 +89,9 @@ def _pick(mapping: Mapping[str, Any], *keys: str) -> Any:
     return None
 
 
-def load_auth_context(auth_context_path: Path | None) -> AuthContext:
-    raw: dict[str, Any] = {}
-    if auth_context_path is not None:
-        raw = _read_json_file(auth_context_path)
+def load_auth_context(auth_stdin: bool = False) -> AuthContext:
+    if auth_stdin:
+        raw = json.loads(sys.stdin.read())
     else:
         extra_headers = os.getenv("TJWATER_EXTRA_HEADERS")
         raw = {
@@ -146,12 +127,12 @@ def load_auth_context(auth_context_path: Path | None) -> AuthContext:
 def build_runtime_context(
     *,
     server: str | None,
-    auth_context_path: Path | None,
+    auth_stdin: bool = False,
     scheme: str | None,
     timeout: int,
     request_id: str | None,
 ) -> RuntimeContext:
-    auth = load_auth_context(auth_context_path)
+    auth = load_auth_context(auth_stdin=auth_stdin)
     resolved_request_id = request_id or str(uuid.uuid4())
     return RuntimeContext(
         server=server or auth.server or DEFAULT_SERVER,
@@ -181,7 +162,7 @@ def require_access_token(ctx: RuntimeContext) -> str:
         code="UNAUTHENTICATED",
         message="missing access token for agent context",
         exit_code=3,
-        next_commands=["tjwater-cli <command> --auth-context /path/to/auth-context.json"],
+        next_commands=["provide access_token via --auth-stdin or TJWATER_ACCESS_TOKEN env var"],
     )
 
 
@@ -193,7 +174,7 @@ def require_project_id(ctx: RuntimeContext) -> str:
         code="PROJECT_CONTEXT_REQUIRED",
         message="missing project_id for agent context",
         exit_code=3,
-        next_commands=["add project_id to the auth context file"],
+        next_commands=["add project_id to auth context"],
     )
 
 
@@ -205,7 +186,7 @@ def require_network(ctx: RuntimeContext) -> str:
         code="NETWORK_CONTEXT_REQUIRED",
         message="missing network in auth context for legacy network-based endpoints",
         exit_code=3,
-        next_commands=["add network to the auth context file"],
+        next_commands=["add network to auth context"],
     )
 
 
@@ -217,7 +198,7 @@ def require_username(ctx: RuntimeContext) -> str:
         code="USERNAME_CONTEXT_REQUIRED",
         message="missing username in auth context",
         exit_code=3,
-        next_commands=["add username to the auth context file"],
+        next_commands=["add username to auth context"],
     )