Cloudstic · rmanibus · Mar 17, 2026 · Mar 17, 2026
diff --git a/cmd/cloudstic/cmd_auth.go b/cmd/cloudstic/cmd_auth.go
@@ -48,23 +48,7 @@ func (r *runner) runAuthList() int {
 		return r.fail("Failed to load profiles: %v", err)
 	}
 
-	names := sortedKeys(cfg.Auth)
-
-	_, _ = fmt.Fprintf(r.out, "%d auth entries\n", len(names))
-	for _, name := range names {
-		auth := cfg.Auth[name]
-		_, _ = fmt.Fprintf(r.out, "- %s", name)
-		if auth.Provider != "" {
-			_, _ = fmt.Fprintf(r.out, "  provider=%s", auth.Provider)
-		}
-		if auth.Provider == "google" && auth.GoogleTokenFile != "" {
-			_, _ = fmt.Fprintf(r.out, "  token=%s", auth.GoogleTokenFile)
-		}
-		if auth.Provider == "onedrive" && auth.OneDriveTokenFile != "" {
-			_, _ = fmt.Fprintf(r.out, "  token=%s", auth.OneDriveTokenFile)
-		}
-		_, _ = fmt.Fprintln(r.out)
-	}
+	r.renderAuthList(cfg)
 	return 0
 }
 
@@ -100,21 +84,7 @@ func (r *runner) runAuthShow() int {
 	if !ok {
 		return r.fail("Unknown auth %q", name)
 	}
-
-	_, _ = fmt.Fprintf(r.out, "auth: %s\n", name)
-	_, _ = fmt.Fprintf(r.out, "  provider: %s\n", auth.Provider)
-	if auth.GoogleCreds != "" {
-		_, _ = fmt.Fprintf(r.out, "  google_credentials: %s\n", auth.GoogleCreds)
-	}
-	if auth.GoogleTokenFile != "" {
-		_, _ = fmt.Fprintf(r.out, "  google_token_file: %s\n", auth.GoogleTokenFile)
-	}
-	if auth.OneDriveClientID != "" {
-		_, _ = fmt.Fprintf(r.out, "  onedrive_client_id: %s\n", auth.OneDriveClientID)
-	}
-	if auth.OneDriveTokenFile != "" {
-		_, _ = fmt.Fprintf(r.out, "  onedrive_token_file: %s\n", auth.OneDriveTokenFile)
-	}
+	r.renderAuthShow(cfg, name, auth)
 	return 0
 }
 

diff --git a/cmd/cloudstic/cmd_auth_test.go b/cmd/cloudstic/cmd_auth_test.go
@@ -31,7 +31,7 @@ func TestRunAuthNewAndListAndShow(t *testing.T) {
 	if code := r.runAuth(); code != 0 {
 		t.Fatalf("auth list failed: %s", errOut.String())
 	}
-	if !strings.Contains(out.String(), "1 auth entries") || !strings.Contains(out.String(), "google-work") {
+	if !strings.Contains(out.String(), "Auth") || !strings.Contains(out.String(), "google-work") || !strings.Contains(out.String(), "PROVIDER") {
 		t.Fatalf("unexpected auth list output:\n%s", out.String())
 	}
 
@@ -41,7 +41,7 @@ func TestRunAuthNewAndListAndShow(t *testing.T) {
 	if code := r.runAuth(); code != 0 {
 		t.Fatalf("auth show failed: %s", errOut.String())
 	}
-	if !strings.Contains(out.String(), "provider: google") || !strings.Contains(out.String(), "google_token_file: /tmp/google-work.json") {
+	if !strings.Contains(out.String(), "Auth google-work") || !strings.Contains(out.String(), "Provider Details") || !strings.Contains(out.String(), "/tmp/google-work.json") {
 		t.Fatalf("unexpected auth show output:\n%s", out.String())
 	}
 }
@@ -99,7 +99,7 @@ func TestRunAuthNew_OneDriveProvider(t *testing.T) {
 		t.Fatalf("auth show failed: %s", errOut.String())
 	}
 	got := out.String()
-	for _, want := range []string{"provider: onedrive", "onedrive_token_file: /tmp/od-personal.json", "onedrive_client_id: my-client-id-123"} {
+	for _, want := range []string{"Auth od-personal", "Provider Details", "/tmp/od-personal.json", "my-client-id-123"} {
 		if !strings.Contains(got, want) {
 			t.Fatalf("expected %q in show output:\n%s", want, got)
 		}

diff --git a/cmd/cloudstic/cmd_profile.go b/cmd/cloudstic/cmd_profile.go
@@ -7,7 +7,6 @@ import (
 	"os"
 	"path/filepath"
 	"sort"
-	"strings"
 
 	cloudstic "github.com/cloudstic/cli"
 	"github.com/cloudstic/cli/internal/paths"
@@ -91,52 +90,7 @@ func (r *runner) runProfileShow() int {
 	if !ok {
 		return r.fail("Unknown profile %q", a.name)
 	}
-
-	_, _ = fmt.Fprintf(r.out, "profile: %s\n", a.name)
-	_, _ = fmt.Fprintf(r.out, "  source: %s\n", p.Source)
-	if p.Store != "" {
-		_, _ = fmt.Fprintf(r.out, "  store_ref: %s\n", p.Store)
-		if s, ok := cfg.Stores[p.Store]; ok {
-			_, _ = fmt.Fprintf(r.out, "  store_uri: %s\n", s.URI)
-			if uri, parseErr := parseStoreURI(s.URI); parseErr == nil && uri.scheme == "s3" {
-				if s.S3Region != "" {
-					_, _ = fmt.Fprintf(r.out, "  store_s3_region: %s\n", s.S3Region)
-				}
-				if s.S3Profile != "" {
-					_, _ = fmt.Fprintf(r.out, "  store_s3_profile: %s\n", s.S3Profile)
-				}
-				if s.S3Endpoint != "" {
-					_, _ = fmt.Fprintf(r.out, "  store_s3_endpoint: %s\n", s.S3Endpoint)
-				}
-			}
-			_, _ = fmt.Fprintf(r.out, "  store_auth_mode: %s\n", profileStoreAuthMode(s))
-		} else {
-			_, _ = fmt.Fprintf(r.out, "  store_uri: <missing ref>\n")
-		}
-	}
-	if p.AuthRef != "" {
-		_, _ = fmt.Fprintf(r.out, "  auth_ref: %s\n", p.AuthRef)
-		if auth, ok := cfg.Auth[p.AuthRef]; ok {
-			_, _ = fmt.Fprintf(r.out, "  auth_provider: %s\n", auth.Provider)
-			if auth.GoogleTokenFile != "" {
-				_, _ = fmt.Fprintf(r.out, "  google_token_file: %s\n", auth.GoogleTokenFile)
-			}
-			if auth.OneDriveTokenFile != "" {
-				_, _ = fmt.Fprintf(r.out, "  onedrive_token_file: %s\n", auth.OneDriveTokenFile)
-			}
-		} else {
-			_, _ = fmt.Fprintf(r.out, "  auth_provider: <missing ref>\n")
-		}
-	}
-	if len(p.Tags) > 0 {
-		_, _ = fmt.Fprintf(r.out, "  tags: %s\n", strings.Join(p.Tags, ", "))
-	}
-	if len(p.Excludes) > 0 {
-		_, _ = fmt.Fprintf(r.out, "  excludes: %s\n", strings.Join(p.Excludes, ", "))
-	}
-	if p.ExcludeFile != "" {
-		_, _ = fmt.Fprintf(r.out, "  exclude_file: %s\n", p.ExcludeFile)
-	}
+	r.renderProfileShow(cfg, a.name, p)
 	return 0
 }
 
@@ -180,55 +134,11 @@ func (r *runner) runProfileList() int {
 		return r.fail("Failed to load profiles: %v", err)
 	}
 
-	storeNames := sortedKeys(cfg.Stores)
-
-	_, _ = fmt.Fprintf(r.out, "%d stores\n", len(storeNames))
-	for _, name := range storeNames {
-		s := cfg.Stores[name]
-		_, _ = fmt.Fprintf(r.out, "- %s", name)
-		if s.URI != "" {
-			_, _ = fmt.Fprintf(r.out, "  uri=%s", s.URI)
-		}
-		_, _ = fmt.Fprintln(r.out)
-	}
+	r.renderStoreList(cfg)
 	_, _ = fmt.Fprintln(r.out)
-
-	authNames := sortedKeys(cfg.Auth)
-
-	_, _ = fmt.Fprintf(r.out, "%d auth entries\n", len(authNames))
-	for _, name := range authNames {
-		a := cfg.Auth[name]
-		_, _ = fmt.Fprintf(r.out, "- %s", name)
-		if a.Provider != "" {
-			_, _ = fmt.Fprintf(r.out, "  provider=%s", a.Provider)
-		}
-		if a.Provider == "google" && a.GoogleTokenFile != "" {
-			_, _ = fmt.Fprintf(r.out, "  token=%s", a.GoogleTokenFile)
-		}
-		if a.Provider == "onedrive" && a.OneDriveTokenFile != "" {
-			_, _ = fmt.Fprintf(r.out, "  token=%s", a.OneDriveTokenFile)
-		}
-		_, _ = fmt.Fprintln(r.out)
-	}
+	r.renderAuthList(cfg)
 	_, _ = fmt.Fprintln(r.out)
-
-	names := sortedKeys(cfg.Profiles)
-
-	_, _ = fmt.Fprintf(r.out, "%d profiles\n", len(names))
-	for _, name := range names {
-		p := cfg.Profiles[name]
-		_, _ = fmt.Fprintf(r.out, "- %s", name)
-		if p.Source != "" {
-			_, _ = fmt.Fprintf(r.out, "  source=%s", p.Source)
-		}
-		if p.Store != "" {
-			_, _ = fmt.Fprintf(r.out, "  store=%s", p.Store)
-		}
-		if p.AuthRef != "" {
-			_, _ = fmt.Fprintf(r.out, "  auth=%s", p.AuthRef)
-		}
-		_, _ = fmt.Fprintln(r.out)
-	}
+	r.renderProfileList(cfg)
 
 	return 0
 }

diff --git a/cmd/cloudstic/cmd_profile_test.go b/cmd/cloudstic/cmd_profile_test.go
@@ -45,29 +45,10 @@ profiles:
 	}
 
 	got := out.String()
-	if !strings.Contains(got, "1 stores") {
-		t.Fatalf("expected store count, got:\n%s", got)
-	}
-	if !strings.Contains(got, "- home-s3  uri=s3:my-bucket/cloudstic") {
-		t.Fatalf("expected home-s3 store line, got:\n%s", got)
-	}
-	if !strings.Contains(got, "1 auth entries") {
-		t.Fatalf("expected auth count, got:\n%s", got)
-	}
-	if !strings.Contains(got, "- google-work  provider=google  token=/tmp/google-work.json") {
-		t.Fatalf("expected google-work auth line, got:\n%s", got)
-	}
-	if !strings.Contains(got, "2 profiles") {
-		t.Fatalf("expected profile count, got:\n%s", got)
-	}
-	if !strings.Contains(got, "- photos  source=local:/Volumes/Photos  store=home-s3") {
-		t.Fatalf("expected photos profile line, got:\n%s", got)
-	}
-	if !strings.Contains(got, "- work-drive  source=gdrive-changes://Company Data/Engineering  store=home-s3") {
-		t.Fatalf("expected work-drive profile line, got:\n%s", got)
-	}
-	if !strings.Contains(got, "auth=google-work") {
-		t.Fatalf("expected auth reference in profile line, got:\n%s", got)
+	for _, want := range []string{"Stores", "Auth", "Profiles", "home-s3", "google-work", "photos", "work-drive"} {
+		if !strings.Contains(got, want) {
+			t.Fatalf("expected %q in output:\n%s", want, got)
+		}
 	}
 }
 
@@ -103,10 +84,10 @@ profiles:
 		t.Fatalf("runProfile() code=%d err=%s", code, errOut.String())
 	}
 	got := out.String()
-	if !strings.Contains(got, "profile: work-drive") || !strings.Contains(got, "store_uri: s3:my-bucket/cloudstic") || !strings.Contains(got, "auth_provider: google") {
+	if !strings.Contains(got, "Profile work-drive") || !strings.Contains(got, "Resolved References") || !strings.Contains(got, "s3:my-bucket/cloudstic") || !strings.Contains(got, "google") {
 		t.Fatalf("unexpected show output:\n%s", got)
 	}
-	if !strings.Contains(got, "store_s3_profile: prod") || !strings.Contains(got, "store_auth_mode: aws-shared-profile") {
+	if !strings.Contains(got, "Options") || !strings.Contains(got, "aws-shared-profile") || !strings.Contains(got, "prod") {
 		t.Fatalf("expected store auth details in show output:\n%s", got)
 	}
 }
@@ -458,10 +439,10 @@ profiles:
 		t.Fatalf("runProfile() code=%d err=%s", code, errOut.String())
 	}
 	got := out.String()
-	if !strings.Contains(got, "auth_provider: onedrive") {
-		t.Fatalf("expected auth_provider: onedrive in output:\n%s", got)
+	if !strings.Contains(got, "Auth Provider") || !strings.Contains(got, "onedrive") {
+		t.Fatalf("expected auth provider details in output:\n%s", got)
 	}
-	if !strings.Contains(got, "onedrive_token_file: /tmp/od-token.json") {
+	if !strings.Contains(got, "/tmp/od-token.json") {
 		t.Fatalf("expected onedrive_token_file in output:\n%s", got)
 	}
 }
@@ -489,8 +470,8 @@ profiles:
 		t.Fatalf("runProfile() code=%d err=%s", code, errOut.String())
 	}
 	got := out.String()
-	if !strings.Contains(got, "store_uri: <missing ref>") {
-		t.Fatalf("expected '<missing ref>' for store_uri in output:\n%s", got)
+	if !strings.Contains(got, "Store URI") || !strings.Contains(got, "<missing>") {
+		t.Fatalf("expected missing store marker in output:\n%s", got)
 	}
 }
 
@@ -521,8 +502,8 @@ profiles:
 		t.Fatalf("runProfile() code=%d err=%s", code, errOut.String())
 	}
 	got := out.String()
-	if !strings.Contains(got, "auth_provider: <missing ref>") {
-		t.Fatalf("expected '<missing ref>' for auth_provider in output:\n%s", got)
+	if !strings.Contains(got, "Auth Provider") || !strings.Contains(got, "<missing>") {
+		t.Fatalf("expected missing auth marker in output:\n%s", got)
 	}
 }
 
@@ -657,10 +638,10 @@ profiles:
 		t.Fatalf("runProfile() code=%d err=%s", code, errOut.String())
 	}
 	got := out.String()
-	if !strings.Contains(got, "provider=onedrive") {
-		t.Fatalf("expected provider=onedrive in list output:\n%s", got)
+	if !strings.Contains(got, "onedrive") {
+		t.Fatalf("expected onedrive provider in list output:\n%s", got)
 	}
-	if !strings.Contains(got, "token=/home/user/.config/od-token.json") {
+	if !strings.Contains(got, "/home/user/.config/od-token.json") {
 		t.Fatalf("expected onedrive token path in list output:\n%s", got)
 	}
 }
@@ -699,13 +680,13 @@ profiles:
 		t.Fatalf("runProfile() code=%d err=%s", code, errOut.String())
 	}
 	got := out.String()
-	if !strings.Contains(got, "tags: daily, critical") {
+	if !strings.Contains(got, "Tags") || !strings.Contains(got, "daily, critical") {
 		t.Fatalf("expected tags in output:\n%s", got)
 	}
-	if !strings.Contains(got, "excludes: *.log, *.tmp") {
+	if !strings.Contains(got, "Exclude Patterns") || !strings.Contains(got, "*.log") || !strings.Contains(got, "*.tmp") {
 		t.Fatalf("expected excludes in output:\n%s", got)
 	}
-	if !strings.Contains(got, "exclude_file: /etc/my-excludes.txt") {
+	if !strings.Contains(got, "/etc/my-excludes.txt") {
 		t.Fatalf("expected exclude_file in output:\n%s", got)
 	}
 }