auth consolidation - nself-org/cli GitHub Wiki
Status: Completed Date: January 30, 2026 Version: Command Tree v1.0
All authentication and security-related commands have been consolidated under nself auth with 38 subcommands total. This refactoring follows the Command Tree v1.0 specification to reduce the number of top-level commands from 79 to 31.
nself auth <category> <action> [options]
-
Authentication (3 subcommands)
- login
- logout
- status
-
MFA (4 subcommands)
- mfa enable
- mfa disable
- mfa verify
- mfa backup-codes
-
Roles (4 subcommands)
- roles list
- roles create
- roles assign
- roles remove
-
Devices (4 subcommands)
- devices list
- devices register
- devices revoke
- devices trust
-
OAuth (7 subcommands)
- oauth install
- oauth enable
- oauth disable
- oauth config
- oauth test
- oauth list
- oauth status
-
Security (3 subcommands)
- security scan
- security audit
- security report
-
SSL (5 subcommands)
- ssl generate
- ssl install
- ssl renew
- ssl info
- ssl trust
-
Rate Limiting (3 subcommands)
- rate-limit config
- rate-limit status
- rate-limit reset
-
Webhooks (5 subcommands)
- webhooks create
- webhooks list
- webhooks delete
- webhooks test
- webhooks logs
Total: 38 subcommands
| Old Command | New Command | Status |
|---|---|---|
nself mfa |
nself auth mfa |
โ Deprecated wrapper active |
nself roles |
nself auth roles |
โ Deprecated wrapper active |
nself devices |
nself auth devices |
โ Deprecated wrapper active |
nself oauth |
nself auth oauth |
โ Deprecated wrapper active |
nself security |
nself auth security |
โ Deprecated wrapper active |
nself ssl |
nself auth ssl |
โ Deprecated wrapper active |
nself trust |
nself auth ssl trust |
โ Deprecated wrapper active |
nself rate-limit |
nself auth rate-limit |
โ Deprecated wrapper active |
nself webhooks |
nself auth webhooks |
โ Deprecated wrapper active |
All old commands still work but show deprecation warnings:
$ nself mfa enable --user=123 --method=totp
โ WARNING: 'nself mfa' is deprecated. Use 'nself auth mfa' instead.
This compatibility wrapper will be removed in v1.0.0
[command continues normally...]src/cli/
โโโ auth.sh # Main consolidated command
โโโ _deprecated/ # Backup directory
โ โโโ mfa.sh.backup # Original implementation
โ โโโ roles.sh.backup # Original implementation
โ โโโ devices.sh.backup # Original implementation
โ โโโ oauth.sh.backup # Original implementation
โ โโโ security.sh.backup # Original implementation
โ โโโ ssl.sh.backup # Original implementation
โ โโโ trust.sh.backup # Original implementation
โ โโโ rate-limit.sh.backup # Original implementation
โ โโโ webhooks.sh.backup # Original implementation
โโโ mfa.sh # Deprecation wrapper
โโโ roles.sh # Deprecation wrapper
โโโ devices.sh # Deprecation wrapper
โโโ oauth.sh # Deprecation wrapper
โโโ security.sh # Deprecation wrapper
โโโ ssl.sh # Deprecation wrapper
โโโ trust.sh # Deprecation wrapper
โโโ rate-limit.sh # Deprecation wrapper
โโโ webhooks.sh # Deprecation wrapper
The main auth.sh file:
- Uses
cli-output.shfor consistent output formatting - Implements authentication commands directly (login, logout, status)
- Delegates to original backup implementations for complex subcommands
- Provides comprehensive help text with all 38 subcommands
- Bash 3.2 compatible
Each wrapper file:
- Shows a yellow warning message using ANSI escape codes
- Informs users of the new command syntax
- States when the wrapper will be removed (v1.0.0)
- Delegates to the new
nself auth <category>command usingexec
Example deprecation message:
โ WARNING: 'nself mfa' is deprecated. Use 'nself auth mfa' instead.
This compatibility wrapper will be removed in v1.0.0The auth.sh command delegates to original implementations stored in _deprecated/:
cmd_auth_mfa() {
local action="${1:-}"
shift
# Delegate to original implementation
if [[ -f "$SCRIPT_DIR/_deprecated/mfa.sh.backup" ]]; then
bash "$SCRIPT_DIR/_deprecated/mfa.sh.backup" "$action" "$@"
else
cli_error "MFA module not found"
exit 1
fi
}# MFA management
nself mfa enable --user=123 --method=totp
nself mfa verify --user=123 --code=123456
# OAuth setup
nself oauth install
nself oauth config google --client-id=xxx --client-secret=yyy
# SSL certificates
nself ssl bootstrap
nself trust
# Rate limiting
nself rate-limit check ip 192.168.1.1# MFA management
nself auth mfa enable --user=123 --method=totp
nself auth mfa verify --user=123 --code=123456
# OAuth setup
nself auth oauth install
nself auth oauth config google --client-id=xxx --client-secret=yyy
# SSL certificates
nself auth ssl generate
nself auth ssl trust
# Rate limiting
nself auth rate-limit check ip 192.168.1.1- Logical Grouping: All auth/security commands under one namespace
-
Discoverability: Users can explore all security features with
nself auth --help - Consistency: Follows Command Tree v1.0 pattern used across nself
- Backward Compatible: Old commands still work during transition period
- Clear Migration Path: Deprecation warnings guide users to new syntax
The auth command uses the standardized cli-output.sh library:
-
cli_success()- Success messages with โ icon -
cli_error()- Error messages with โ icon -
cli_warning()- Warning messages with โ icon -
cli_info()- Info messages with โน icon - Cross-platform compatible (Bash 3.2+)
- Respects
NO_COLORenvironment variable
To test the consolidated commands:
# View all auth commands
nself auth --help
# Test delegation to subcommands
nself auth mfa help
nself auth oauth list
nself auth ssl status
# Test backward compatibility (shows deprecation warning)
nself mfa help
nself oauth help- v0.6.x - v0.9.x: Deprecation warnings active, old commands work
-
v1.0.0: Remove all deprecation wrappers, only
nself authworks
- Command Tree v1.0
- CLI Output Library (
src/lib/utils/cli-output.sh) - Auth Command Reference
Last Updated: January 30, 2026