Merge branch 'main' of https://github.com/braintrustdata/bt into cedric-better-dx-pr3

Author: viadezo1er

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "bt"
-version = "0.4.0"
+version = "0.5.0"
 edition = "2021"
 rust-version = "1.86.0"
 authors = ["Braintrust engineering <eng@braintrust.dev>"]

Cargo.toml

@@ -239,10 +239,11 @@ Local transaction-id conversion helpers:
 
 Auth resolution order for commands is:
 
-1. `--api-key` or `BRAINTRUST_API_KEY` (unless `--prefer-profile` is set)
-2. `--profile` or `BRAINTRUST_PROFILE`
-3. Org-based profile match (profile whose org matches `--org`/config org)
-4. Single-profile auto-select (if only one profile exists)
+1. Explicit `--profile`
+2. `--api-key` or `BRAINTRUST_API_KEY` (unless `--prefer-profile` is set)
+3. `BRAINTRUST_PROFILE`
+4. Org-based profile match (profile whose org matches `--org`/config org)
+5. Single-profile auto-select (if only one profile exists)
 
 On Linux, secure storage uses `secret-tool` (libsecret) with a running Secret Service daemon. On macOS, it uses the `security` keychain utility. If a secure store is unavailable, `bt` falls back to a plaintext secrets file with `0600` permissions.
 

README.md

@@ -1,3 +1,4 @@
+use std::ffi::OsString;
 use std::path::PathBuf;
 
 use clap::Args;
@@ -39,6 +40,9 @@ pub struct BaseArgs {
     #[arg(long, env = "BRAINTRUST_PROFILE", global = true)]
     pub profile: Option<String>,
 
+    #[arg(skip = false)]
+    pub profile_explicit: bool,
+
     /// Override active org (or via BRAINTRUST_ORG_NAME)
     #[arg(short = 'o', long = "org", env = "BRAINTRUST_ORG_NAME", global = true)]
     pub org_name: Option<String>,
@@ -100,3 +104,64 @@ pub struct CLIArgs<T: Args> {
     #[command(flatten)]
     pub args: T,
 }
+
+pub fn has_explicit_profile_arg(args: &[OsString]) -> bool {
+    let mut idx = 1usize;
+    while idx < args.len() {
+        let Some(arg) = args[idx].to_str() else {
+            idx += 1;
+            continue;
+        };
+
+        if arg == "--" {
+            break;
+        }
+
+        if arg == "--profile" || arg.starts_with("--profile=") {
+            return true;
+        }
+
+        idx += 1;
+    }
+
+    false
+}
+
+#[cfg(test)]
+mod tests {
+    use super::has_explicit_profile_arg;
+    use std::ffi::OsString;
+
+    #[test]
+    fn has_explicit_profile_arg_detects_split_flag() {
+        let args = vec![
+            OsString::from("bt"),
+            OsString::from("status"),
+            OsString::from("--profile"),
+            OsString::from("work"),
+        ];
+        assert!(has_explicit_profile_arg(&args));
+    }
+
+    #[test]
+    fn has_explicit_profile_arg_detects_equals_flag() {
+        let args = vec![
+            OsString::from("bt"),
+            OsString::from("status"),
+            OsString::from("--profile=work"),
+        ];
+        assert!(has_explicit_profile_arg(&args));
+    }
+
+    #[test]
+    fn has_explicit_profile_arg_ignores_passthrough_args() {
+        let args = vec![
+            OsString::from("bt"),
+            OsString::from("eval"),
+            OsString::from("--"),
+            OsString::from("--profile"),
+            OsString::from("work"),
+        ];
+        assert!(!has_explicit_profile_arg(&args));
+    }
+}

src/args.rs

@@ -554,8 +554,16 @@ fn maybe_warn_api_key_override(base: &BaseArgs) {
     }
 }
 
+fn has_explicit_profile_selection(base: &BaseArgs) -> bool {
+    base.profile_explicit
+        && base
+            .profile
+            .as_deref()
+            .is_some_and(|value| !value.trim().is_empty())
+}
+
 fn resolve_api_key_override(base: &BaseArgs) -> Option<String> {
-    if base.prefer_profile
+    if (base.prefer_profile || has_explicit_profile_selection(base))
         && !matches!(
             base.api_key_source,
             Some(crate::args::ArgValueSource::CommandLine)
@@ -2958,6 +2966,7 @@ mod tests {
             no_color: false,
             no_input: false,
             profile: None,
+            profile_explicit: false,
             project: None,
             org_name: None,
             api_key: None,
@@ -3318,6 +3327,38 @@ mod tests {
         assert_eq!(resolved.org_name, None);
     }
 
+    #[test]
+    fn resolve_auth_explicit_profile_ignores_env_api_key_override() {
+        let mut base = make_base();
+        base.api_key = Some("explicit-key".to_string());
+        base.profile = Some("work".to_string());
+        base.profile_explicit = true;
+
+        let mut store = AuthStore::default();
+        store.profiles.insert(
+            "work".to_string(),
+            AuthProfile {
+                auth_kind: AuthKind::ApiKey,
+                api_url: Some("https://api.example.com".to_string()),
+                app_url: None,
+                org_name: Some("Example Org".to_string()),
+                oauth_client_id: None,
+                oauth_access_expires_at: None,
+                ..Default::default()
+            },
+        );
+
+        let resolved = resolve_auth_from_store_with_secret_lookup(
+            &base,
+            &store,
+            |_| Ok(Some("profile-key".to_string())),
+            &None,
+        )
+        .expect("resolve");
+        assert_eq!(resolved.api_key.as_deref(), Some("profile-key"));
+        assert_eq!(resolved.org_name.as_deref(), Some("Example Org"));
+    }
+
     #[test]
     fn resolve_auth_marks_oauth_profiles() {
         let mut base = make_base();

src/auth.rs

@@ -181,6 +181,7 @@ struct DevServerState {
 struct DevAuthContext {
     token: String,
     org_name: String,
+    api_url: Option<String>,
 }
 
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
@@ -1084,26 +1085,33 @@ async fn authenticate_dev_request(
 
     let payload = response.json::<Value>().await.unwrap_or(Value::Null);
     if let Some(orgs) = payload.get("org_info").and_then(|value| value.as_array()) {
-        let matched = orgs.iter().any(|org| {
+        let matched_org = orgs.iter().find(|org| {
             org.get("name")
                 .and_then(|name| name.as_str())
                 .map(|name| name == org_name)
                 .unwrap_or(false)
         });
-        if !matched {
+        let Some(matched_org) = matched_org else {
             return Err(json_error_response(
                 actix_web::http::StatusCode::UNAUTHORIZED,
                 "Unauthorized",
             ));
-        }
+        };
+        let api_url = matched_org
+            .get("api_url")
+            .and_then(|value| value.as_str())
+            .map(str::to_string);
+        Ok(DevAuthContext {
+            token,
+            org_name,
+            api_url,
+        })
     } else {
-        return Err(json_error_response(
+        Err(json_error_response(
             actix_web::http::StatusCode::UNAUTHORIZED,
             "Unauthorized",
-        ));
+        ))
     }
-
-    Ok(DevAuthContext { token, org_name })
 }
 
 async fn resolve_dataset_ref_for_eval_request(
@@ -1218,6 +1226,9 @@ fn make_dev_mode_env(
         ("BRAINTRUST_APP_URL".to_string(), state.app_url.clone()),
         ("BT_EVAL_DEV_MODE".to_string(), dev_mode.to_string()),
     ];
+    if let Some(api_url) = auth.api_url.as_ref() {
+        env.push(("BRAINTRUST_API_URL".to_string(), api_url.clone()));
+    }
     if let Some(request) = request {
         let serialized =
             serde_json::to_string(request).context("failed to serialize eval request payload")?;

src/eval.rs

@@ -3439,6 +3439,7 @@ mod tests {
             no_color: false,
             no_input: false,
             profile: None,
+            profile_explicit: false,
             org_name: None,
             project: None,
             api_key: None,

src/functions/push.rs

@@ -103,6 +103,30 @@ impl ApiClient {
         response.json().await.context("failed to parse response")
     }
 
+    pub async fn patch<T: DeserializeOwned, B: Serialize>(
+        &self,
+        path: &str,
+        body: &B,
+    ) -> Result<T> {
+        let url = self.url(path);
+        let response = self
+            .http
+            .patch(&url)
+            .bearer_auth(&self.api_key)
+            .json(body)
+            .send()
+            .await
+            .context("request failed")?;
+
+        if !response.status().is_success() {
+            let status = response.status();
+            let body = response.text().await.unwrap_or_default();
+            return Err(HttpError { status, body }.into());
+        }
+
+        response.json().await.context("failed to parse response")
+    }
+
     pub async fn post_with_headers<T, B>(
         &self,
         path: &str,

src/http.rs

@@ -26,12 +26,13 @@ mod status;
 mod switch;
 mod sync;
 mod tools;
+mod topics;
 mod traces;
 mod ui;
 mod util_cmd;
 mod utils;
 
-use crate::args::{ArgValueSource, BaseArgs, CLIArgs};
+use crate::args::{has_explicit_profile_arg, ArgValueSource, BaseArgs, CLIArgs};
 
 const DEFAULT_CANARY_VERSION: &str = concat!(env!("CARGO_PKG_VERSION"), "-canary.dev");
 const CLI_VERSION: &str = match option_env!("BT_VERSION_STRING") {
@@ -59,6 +60,7 @@ Core
 
 Projects & resources
   projects     Manage projects
+  topics       Inspect and control Topics automation
   prompts      Manage prompts
   functions    Manage functions (tools, scorers, and more)
   tools        Manage tools
@@ -130,6 +132,8 @@ enum Commands {
     Eval(CLIArgs<eval::EvalArgs>),
     /// Manage projects
     Projects(CLIArgs<projects::ProjectsArgs>),
+    /// Inspect and control Topics automation
+    Topics(CLIArgs<topics::TopicsArgs>),
     /// Manage prompts
     Prompts(CLIArgs<prompts::PromptsArgs>),
     #[command(name = "self")]
@@ -167,6 +171,7 @@ impl Commands {
             #[cfg(unix)]
             Commands::Eval(cmd) => &cmd.base,
             Commands::Projects(cmd) => &cmd.base,
+            Commands::Topics(cmd) => &cmd.base,
             Commands::Prompts(cmd) => &cmd.base,
             Commands::SelfCommand(cmd) => &cmd.base,
             Commands::Tools(cmd) => &cmd.base,
@@ -191,6 +196,7 @@ impl Commands {
             #[cfg(unix)]
             Commands::Eval(cmd) => &mut cmd.base,
             Commands::Projects(cmd) => &mut cmd.base,
+            Commands::Topics(cmd) => &mut cmd.base,
             Commands::Prompts(cmd) => &mut cmd.base,
             Commands::SelfCommand(cmd) => &mut cmd.base,
             Commands::Tools(cmd) => &mut cmd.base,
@@ -239,6 +245,7 @@ async fn try_main() -> Result<()> {
     let matches = Cli::command().get_matches_from(&argv);
     let mut cli = Cli::from_arg_matches(&matches).expect("clap matches should parse");
     apply_base_arg_sources(&matches, cli.command.base_mut());
+    cli.command.base_mut().profile_explicit = has_explicit_profile_arg(&argv);
     apply_base_output_defaults(&mut cli.command);
     configure_output(cli.command.base());
 
@@ -252,6 +259,7 @@ async fn try_main() -> Result<()> {
         #[cfg(unix)]
         Commands::Eval(cmd) => eval::run(cmd.base, cmd.args).await?,
         Commands::Projects(cmd) => projects::run(cmd.base, cmd.args).await?,
+        Commands::Topics(cmd) => topics::run(cmd.base, cmd.args).await?,
         Commands::Prompts(cmd) => prompts::run(cmd.base, cmd.args).await?,
         Commands::Tools(cmd) => tools::run(cmd.base, cmd.args).await?,
         Commands::Scorers(cmd) => scorers::run(cmd.base, cmd.args).await?,

src/main.rs

@@ -3915,6 +3915,7 @@ mod tests {
             no_color: false,
             no_input: false,
             profile: None,
+            profile_explicit: false,
             org_name: None,
             project: None,
             api_key: None,