Cli fixes

[mosquito]

This pull request makes several improvements to environment variable handling, authentication feedback, and image listing in the CLI, along with some smaller code cleanups. The changes clarify when and how environment variables are used, improve user feedback during authentication, and add a limit and truncation warning to the images listing command.

Environment variable handling and documentation:

• Clarifies in README.md, agent.md, and CLI help that most environment variables (like CONTREE_TOKEN, CONTREE_URL, CONTREE_PROJECT, NEBIUS_API_KEY, NEBIUS_AI_PROJECT) are only read by contree auth during registration, not at runtime; only CONTREE_PROFILE is used to select the active profile for all commands. CLI flags override profiles for a single invocation. [1] [2] [3] [4] [5]
• Updates CLI argument help texts to match the new environment variable behavior, and adds CONTREE_NO_UPDATE_CHECK documentation. [1] [2]

Authentication and profile management:

• Refactors contree auth to use new _env_fallback helper, supporting both CONTREE_* and NEBIUS_* variables for registration-time fallbacks. [1] [2] [3]
• Improves token verification: parses /v1/whoami response, checks for required permissions, and warns if the token is valid but lacks the list permission (e.g., sandboxes are disabled). [1] [2]
• Updates logging to clearly indicate when profiles are saved and under what circumstances.

Image listing enhancements:

• Adds a --limit option (default 2000) to contree images to control the number of images fetched; increases page size to 500 for efficiency. [1] [2] [3] [4]
• Implements truncation detection: if more images are available after hitting the limit, prints a warning and suggests narrowing the query or raising the limit. [1] [2]

Other improvements and cleanups:

• Adds an update checker to the CLI main entry point, with error suppression for robustness. [1] [2] [3]
• Removes an unused import and refactors the operations iterator in ps.py for clarity. [1] [2]

[Copilot]

Pull request overview

This PR updates contree-cli’s configuration/auth UX and listing commands by clarifying that runtime credentials come from saved profiles (not env vars), improving auth verification feedback, adding truncation-aware limits to image/operation listings, and introducing a rate-limited PyPI update check.

Changes:

• Refines config resolution so only CONTREE_PROFILE affects runtime selection; other env vars are used only as contree auth registration-time fallbacks.
• Improves auth verification by parsing /v1/whoami, checking permissions (e.g. list), and reporting “inactive” tokens while still saving profiles.
• Adds update checking + listing enhancements: header logging with redaction, pagination progress logs, and --limit for images with truncation detection.

Reviewed changes

Copilot reviewed 23 out of 23 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
tests/test_update_check.py	Adds unit tests for the new update checker (state freshness, refresh/check behavior, error swallowing).
tests/test_ps.py	Updates pagination/show-max tests and adds progress + truncation-probe assertions.
tests/test_images.py	Adds tests for --limit, truncation probe/warning behavior, and progress logging.
tests/test_file_cmd.py	Updates test response stub to support header logging (getheaders).
tests/test_cp.py	Updates test response stub to support header logging (getheaders).
tests/test_config.py	Adjusts tests to reflect removal of runtime env overrides for token/url/project.
tests/test_client.py	Adds tests for header logging and new HeaderFormatter redaction behavior.
tests/test_auth.py	Expands auth tests for env fallbacks, whoami parsing, and permission-based warnings/status.
README.md	Updates env var documentation to distinguish runtime vs contree auth registration-time behavior.
docs/tutorial/installation.md	Clarifies contree auth resolution order and runtime vs registration-time env var usage.
docs/tutorial/configuration.md	Documents runtime precedence (flags > profile) and moves env vars to auth-only fallbacks.
docs/commands/auth.md	Updates auth env var shortcuts and documents “inactive” status semantics.
contree_cli/update_check.py	Introduces UpdateChecker with daily caching, safe failure behavior, and warning emission.
contree_cli/types.py	Adds centralized --limit flag definition.
contree_cli/manual.md	Updates manual text to match the new env var behavior for auth/runtime.
contree_cli/config.py	Removes runtime env overrides for token/url/project; adds Config.path accessor.
contree_cli/client.py	Adds HeaderFormatter and logs request/response headers with sensitive-value redaction.
contree_cli/cli/ps.py	Refactors pagination to support accurate --show-max, progress logging, and truncation probing.
contree_cli/cli/images.py	Adds --limit with capped page size, progress logging, and truncation probing/warnings.
contree_cli/cli/auth.py	Adds env fallback helper, parses whoami JSON, checks permissions, and improves logging.
contree_cli/arguments.py	Updates global help text and flag help strings to match profile-first runtime behavior.
contree_cli/agent.md	Updates agent-facing docs for env var behavior during auth vs runtime.
contree_cli/main.py	Integrates update checking into CLI startup (refresh + warn).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 23 out of 23 changed files in this pull request and generated 4 comments.

Comments suppressed due to low confidence (1)

docs/commands/auth.md:100

• The documented auth ls status value for --offline is offline, but the implementation currently returns "offline mode" (and can also return "no url"). This makes the status column inconsistent for users/scripts; either align the docs with the actual emitted values or adjust the code to emit the documented strings.

Possible values:

- `ok` -- probe succeeded and the token has the `list` permission
- `inactive` -- probe succeeded but the token lacks the `list`
  permission, meaning sandboxes are disabled on this project
- `timeout` -- probe did not complete within 2 seconds
- `error` -- probe failed for another reason, such as a bad token or
  another network/API error
- `offline` -- you passed `--offline`, so no probe was attempted

[Copilot]

Pull request overview

Copilot reviewed 23 out of 23 changed files in this pull request and generated 2 comments.

[Alviner]

lgtm in general!

for images and other lists it would be better to have a way to switch pages, since there can be a lot of them and the current filter options arent enough