Add authentication APP-7384

[ivpusic]

Persistent authentication based on ~/.config/dune directory

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ivpusic]

• Add authentication APP-7384 #10 👈 (View in Graphite)
• CI / Release Setup APP-7361 #9
• Run arbitraty sql APP-7351 #8
• Execution results APP-7350 #7
• Query run APP-7349 #6
• Query Archive command APP-7348 #5
• Update query command APP-7347 #4
• Get query command APP-7346 #3
• Create query command APP-7345 #2
• Dune Go SDK client setup, plan init APP-7344 #1
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[linear]

APP-7384 Dune CLI persistent authentication

Stored in the home directory

[cursor]

PR Summary

Medium Risk
Adds a new persisted credential store and changes how all commands resolve API keys; incorrect config handling or permissions could block CLI usage or expose keys if misconfigured.

Overview
Adds persistent authentication by introducing an authconfig package that saves/loads an API key from ~/.config/dune/config.yaml (YAML) with restrictive permissions (dir 0700, file 0600).

Introduces a new dune auth command that captures an API key from --api-key, DUNE_API_KEY, or an interactive prompt and writes it to disk.

Updates the root command’s auth setup to skip client initialization for commands annotated with skipAuth (used by auth) and to fall back to the saved config when neither --api-key nor env vars are provided, with clearer error messages for missing/empty/malformed config. Adds gopkg.in/yaml.v3 dependency and accompanying tests for config IO and root/auth behavior.

^{Written by Cursor Bugbot for commit a7a9da3. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is ON. A cloud agent has been kicked off to fix the reported issue.}

Comment @cursor review or bugbot run to trigger another review on this PR

[norbertdurcansk]

Nit: I think tools usually use this path, wdyt ?
~/.toolname/config

~/.aws/config

[ivpusic]

I think it's quite depends. checked the tools that I use, and they are more to the "convention" that is implemented here, eg: gh / github cli tool