feat(CENG-686): Add --verbose output for cloudsmith whoami command

[BartoszBlizniak]

Description

Enhance cloudsmith whoami with a --verbose (-v) flag that displays detailed authentication information.

Verbose output includes:

• Active authentication method — API Key or SSO Token, and which takes priority
• Credential source — CLOUDSMITH_API_KEY env var (with last 4 chars), credentials.ini (with file path), or --api-key CLI flag
• API token metadata — token slug and creation date (fetched via /user/tokens/ endpoint)
• SSO status — keyring enabled/disabled, tokens stored, last refresh timestamp
• CLOUDSMITH_NO_KEYRING awareness — shown when keyring is disabled

JSON schema for verbose output (--verbose --output-format json)

{
  "data": {
    "is_authenticated": true,
    "username": "user-slug",
    "email": "user@example.com",
    "name": "Display Name",
    "auth": {
      "active_method": "api_key | sso_token | none",
      "api_key": {
        "configured": true,
        "source": "CLOUDSMITH_API_KEY env var (ends with ...abcd) | credentials.ini (/path/to/credentials.ini) | CLI --api-key flag",
        "source_key": "env_var | credentials_file | cli_flag",
        "slug": "token-slug-perm | null",
        "created": "2025-01-15T10:30:00Z | null"
      },
      "sso": {
        "configured": true,
        "keyring_enabled": true,
        "source": "System Keyring | null",
        "last_refreshed": "2025-01-15T10:30:00Z | null"
      }
    }
  }
}

Backward compatible:

• cloudsmith whoami output is unchanged

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation update
• Refactoring
• Other (please describe)

Additional Notes

• When the API key source is an env var, the output shows the last 4 characters to help verify the correct key is set

[Copilot]

Pull request overview

This PR enhances the cloudsmith whoami command with a --verbose (-v) flag that displays detailed authentication information including the active authentication method (API Key or SSO Token), credential source, token metadata, and SSO status. The verbose output supports both human-readable text and JSON formats.

Changes:

• Added get_token_metadata() function to retrieve API token metadata (slug and creation date)
• Implemented verbose mode for cloudsmith whoami with detailed authentication information display
• Updated imports in user.py to properly distinguish between upstream and wrapped API exceptions

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
cloudsmith_cli/core/api/user.py	Added get_token_metadata() function to fetch token metadata and refined exception imports to distinguish upstream vs wrapped exceptions
cloudsmith_cli/cli/commands/whoami.py	Implemented verbose mode with helper functions to detect and display authentication method, credential source, token metadata, and SSO status
CHANGELOG.md	Added entry documenting the new --verbose flag for cloudsmith whoami command

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.