feat: add first-class profile workflows and OAuth login profiles#23
Merged
Conversation
leonkenneth
reviewed
Jul 8, 2026
| }); | ||
|
|
||
| const profileInspectCommand = defineValueCommand({ | ||
| id: "profile.inspect", |
Contributor
There was a problem hiding this comment.
inspect / context / status do the same thing?
Member
Author
There was a problem hiding this comment.
Got rid of altertable profile inspect. We'll need to converge with altertable profile show/altertable context when reducing the API surface area.
| }; | ||
| }; | ||
|
|
||
| export type ProfileExport = { |
Contributor
There was a problem hiding this comment.
Do you have a use-case for export/import?
Member
Author
There was a problem hiding this comment.
Figured it'd be useful to "teleport" user context from one env to the other. But let's remove for now.
Clarify login profile selection so OAuth whoami uses the fresh token in memory, then stores credentials once in the selected profile. Make --replace-profile update the current profile instead of renaming it, and persist optional data-plane overrides after a successful login. Remove the confusing configure --org flag path and hidden profile inspect/export/import commands, leaving profile status as the profile metadata view. Keep rename secret migration scoped to profile code instead of the secrets backend. Update README and profile/OAuth tests for the smaller profile command surface.
leonkenneth
approved these changes
Jul 8, 2026
francoischalifour
added a commit
that referenced
this pull request
Jul 9, 2026
🤖 I have created a release *beep* *boop* --- ## 1.0.0 (2026-07-09) ### Features * add `altertable duckdb` command ([#27](#27)) ([e114b11](e114b11)) * add `schema` command ([#21](#21)) ([f713a80](f713a80)) * add first-class profile workflows and OAuth login profiles ([#23](#23)) ([3ce655f](3ce655f)) * add one-shot shell completion installer ([#9](#9)) ([3984fe8](3984fe8)) * auto-provision ephemeral lakehouse credentials after login ([#22](#22)) ([d9d815f](d9d815f)) * avoid `--statement` flag for query ([#26](#26)) ([23c5dc8](23c5dc8)) * **cli:** add origin-aware CLI update command ([#18](#18)) ([5077028](5077028)) * **cli:** support lakehouse upsert endpoint ([#5](#5)) ([d6ec3b8](d6ec3b8)) * implement `login` command ([#20](#20)) ([1300577](1300577)) * improve human and agent experience ([#8](#8)) ([135414f](135414f)) * refine shell completion UX ([#33](#33)) ([bd2c605](bd2c605)) * replace `configure` by `profile --configure` ([#28](#28)) ([fcf05b5](fcf05b5)) ### Bug Fixes * **api:** normalize api args to ensure the HTTP verb is optional ([#11](#11)) ([78b32df](78b32df)) * **api:** prevent wide API tables from soft-wrapping ([#13](#13)) ([56fbeb6](56fbeb6)) * **ci:** verify executable step path ([#1](#1)) ([4044001](4044001)) * **cli:** remove active context from usage output ([#32](#32)) ([9d2a4ad](9d2a4ad)) * **lakehouse:** allow append task without append row flags ([#19](#19)) ([6ded957](6ded957)) * main concurrent merge issue ([#37](#37)) ([335252c](335252c)) * tighten body validation and stream timeout handling ([#16](#16)) ([4c4ce08](4c4ce08)) * validate lakehouse upload files before streaming the payload ([#15](#15)) ([0e49b6e](0e49b6e)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: François Chalifour <francoischalifour@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The CLI previously had basic configuration storage, but profile handling was not strong enough for users who work across multiple organizations, environments, or local development contexts. Users need a clearer way to name, inspect, switch, and export profile state without manually editing config or relying on implicit defaults.
This branch promotes profiles into a first-class CLI workflow. The target model is similar to mature CLIs such as AWS profiles, gcloud configurations, Docker contexts, kubectl contexts, and GitHub CLI account switching: users can keep a sticky active profile, override it per command or shell, switch interactively, and diagnose authentication state.
Proposed solution
Add a complete named-profile workflow around
org_envprofiles:altertable logincreate or reuse the derived profile by default, then switch to it.altertable login --replace-profilefor users who explicitly want to rename/replace the current profile instead of creating a new one.altertable profile createswitch to the newly created profile immediately.altertable profile switch, with labeled profile details so users can distinguish organization, environment, principal, and auth state.altertable profile listwith a checkmark active marker and richer columns for org, principal, env, management auth, lakehouse auth, status, OAuth expiry, and data plane.altertable profile env <name>for shell-localALTERTABLE_PROFILEusage.altertable profile direnv <name>for.envrcworkflows.altertable profile status --verify.Preview
User-visible behavior changes
altertable loginno longer silently overwrites the current profile when OAuth identifies an organization/environment. It creates or reuses the derived profile and activates it.altertable login --replace-profilepreserves the old rename-style behavior.altertable profile create ...now activates the created profile.altertable profile deleterefuses the active profile, but allows deleting inactive profiles.altertable profile listuses a left-side active checkmark instead of anACTIVEcolumn.altertable profile switchcan run interactively without a profile name..envrcsnippets.Implementation notes
The profile model now separates:
OAuth login promotion is handled atomically enough to avoid leaving credentials split between profiles during creation, reuse, or replacement. Profile metadata writes are mapped through typed config-key structures so future profile fields are less error-prone to add.