Flag restructuring for bt setup (#105)

Mechanical rename/removal of CLI flags:
- `--quiet` → `--verbose` for bt setup (invert default)
- `--agents` (repeatable) → `--agent` (single), remove `AgentArg::All`
- `--no-mcp-skill` → `--no-skills` + `--no-mcp`
- Add `--no-instrument`, `--tui`/`--background`, `--no-workflow`
tui (default) launches the agent in its tui, background launches a headless agent
tui and json conflict
- Move `--yes` to `#[arg(skip)]`
- ```--interactive/-i``` flag, that more or less preserves the previous
behavior of asking all questions

Part 1 of #94

Author: viadezo1er

src/args.rs

@@ -4,20 +4,34 @@ use clap::Args;
 
 pub use braintrust_sdk_rust::{DEFAULT_API_URL, DEFAULT_APP_URL};
 
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum ArgValueSource {
+    CommandLine,
+    EnvVariable,
+}
+
 #[derive(Debug, Clone, Args)]
 pub struct BaseArgs {
     /// Output as JSON
     #[arg(long, global = true)]
     pub json: bool,
 
-    /// Suppress non-essential output
+    /// Verbose mode — set at runtime by subcommands that support it
+    #[arg(skip)]
+    pub verbose: bool,
+
+    /// Reduce interactive UI output
     #[arg(long, short = 'q', env = "BRAINTRUST_QUIET", global = true, value_parser = clap::builder::BoolishValueParser::new(), default_value_t = false)]
     pub quiet: bool,
 
     /// Disable ANSI color output
     #[arg(long, env = "BRAINTRUST_NO_COLOR", global = true, value_parser = clap::builder::BoolishValueParser::new(), default_value_t = false)]
     pub no_color: bool,
 
+    /// Disable all interactive prompts
+    #[arg(long, env = "BRAINTRUST_NO_INPUT", global = true, value_parser = clap::builder::BoolishValueParser::new(), default_value_t = false)]
+    pub no_input: bool,
+
     /// Use a saved login profile (or via BRAINTRUST_PROFILE)
     #[arg(long, env = "BRAINTRUST_PROFILE", global = true)]
     pub profile: Option<String>,
@@ -40,14 +54,13 @@ pub struct BaseArgs {
     #[arg(long, env = "BRAINTRUST_API_KEY", global = true, hide = true)]
     pub api_key: Option<String>,
 
+    #[arg(skip)]
+    pub api_key_source: Option<ArgValueSource>,
+
     /// Prefer profile credentials even if BRAINTRUST_API_KEY/--api-key is set.
     #[arg(long, global = true)]
     pub prefer_profile: bool,
 
-    /// Disable all interactive prompts
-    #[arg(long, global = true)]
-    pub no_input: bool,
-
     /// Override API URL (or via BRAINTRUST_API_URL)
     #[arg(
         long,

src/auth.rs

@@ -1,4 +1,5 @@
 use std::collections::BTreeMap;
+use std::error::Error as StdError;
 use std::fs;
 use std::io::{IsTerminal, Write};
 use std::path::{Path, PathBuf};
@@ -67,6 +68,48 @@ pub struct AvailableOrg {
     pub api_url: Option<String>,
 }
 
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+enum RecoverableAuthErrorKind {
+    OauthProfileSelection,
+    OauthClientId,
+    OauthRefreshToken,
+    StoredCredential,
+}
+
+#[derive(Debug)]
+struct RecoverableAuthError {
+    kind: RecoverableAuthErrorKind,
+    message: String,
+}
+
+impl std::fmt::Display for RecoverableAuthError {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.write_str(&self.message)
+    }
+}
+
+impl StdError for RecoverableAuthError {}
+
+fn recoverable_auth_error(kind: RecoverableAuthErrorKind, message: String) -> anyhow::Error {
+    anyhow::Error::new(RecoverableAuthError { kind, message })
+}
+
+pub fn is_missing_credential_error(err: &anyhow::Error) -> bool {
+    err.chain().any(|source| {
+        source
+            .downcast_ref::<RecoverableAuthError>()
+            .is_some_and(|err| {
+                matches!(
+                    err.kind,
+                    RecoverableAuthErrorKind::OauthProfileSelection
+                        | RecoverableAuthErrorKind::OauthClientId
+                        | RecoverableAuthErrorKind::OauthRefreshToken
+                        | RecoverableAuthErrorKind::StoredCredential
+                )
+            })
+    })
+}
+
 pub fn list_profiles() -> Result<Vec<ProfileInfo>> {
     let store = load_auth_store()?;
     Ok(store
@@ -494,15 +537,23 @@ pub async fn resolve_auth(base: &BaseArgs) -> Result<ResolvedAuth> {
         .or_else(|| {
             (store.profiles.len() == 1).then(|| store.profiles.keys().next().unwrap().as_str())
         })
-        .ok_or_else(|| anyhow::anyhow!("oauth profile requested but none selected"))?
+        .ok_or_else(|| {
+            recoverable_auth_error(
+                RecoverableAuthErrorKind::OauthProfileSelection,
+                "oauth profile requested but none selected".to_string(),
+            )
+        })?
         .to_string();
     let profile = store
         .profiles
         .get(profile_name.as_str())
         .ok_or_else(|| anyhow::anyhow!("profile '{profile_name}' not found"))?;
     let client_id = profile.oauth_client_id.as_deref().ok_or_else(|| {
-        anyhow::anyhow!(
-            "oauth profile '{profile_name}' is missing client_id; re-run `bt auth login --oauth --profile {profile_name}`"
+        recoverable_auth_error(
+            RecoverableAuthErrorKind::OauthClientId,
+            format!(
+                "oauth profile '{profile_name}' is missing client_id; re-run `bt auth login --oauth --profile {profile_name}`"
+            ),
         )
     })?;
     let cached_expires_at = profile.oauth_access_expires_at;
@@ -519,8 +570,11 @@ pub async fn resolve_auth(base: &BaseArgs) -> Result<ResolvedAuth> {
     }
 
     let refresh_token = load_profile_oauth_refresh_token(&profile_name)?.ok_or_else(|| {
-        anyhow::anyhow!(
-            "oauth refresh token missing for profile '{profile_name}'; re-run `bt auth login --oauth --profile {profile_name}`"
+        recoverable_auth_error(
+            RecoverableAuthErrorKind::OauthRefreshToken,
+            format!(
+                "oauth refresh token missing for profile '{profile_name}'; re-run `bt auth login --oauth --profile {profile_name}`"
+            ),
         )
     })?;
     let refreshed = refresh_oauth_access_token(&api_url, &refresh_token, client_id).await?;
@@ -640,8 +694,11 @@ where
             None
         } else {
             Some(load_secret(profile_name)?.ok_or_else(|| {
-                anyhow::anyhow!(
-                    "no keychain credential found for profile '{profile_name}'; re-run `bt auth login --profile {profile_name}`"
+                recoverable_auth_error(
+                    RecoverableAuthErrorKind::StoredCredential,
+                    format!(
+                        "no keychain credential found for profile '{profile_name}'; re-run `bt auth login --profile {profile_name}`"
+                    ),
                 )
             })?)
         };
@@ -831,6 +888,7 @@ async fn run_login_oauth(base: &BaseArgs, args: AuthLoginArgs) -> Result<()> {
     Ok(())
 }
 
+#[allow(dead_code)]
 pub async fn login_interactive(base: &mut BaseArgs) -> Result<String> {
     let methods = ["OAuth (browser)", "API key"];
     let selected = ui::fuzzy_select("Select login method", &methods, 0)?;
@@ -842,6 +900,11 @@ pub async fn login_interactive(base: &mut BaseArgs) -> Result<String> {
     }
 }
 
+pub async fn login_setup_oauth(base: &mut BaseArgs) -> Result<String> {
+    login_interactive_oauth(base).await
+}
+
+#[allow(dead_code)]
 async fn login_interactive_api_key(base: &mut BaseArgs) -> Result<String> {
     let api_key = prompt_api_key()?;
 
@@ -2642,14 +2705,16 @@ mod tests {
     fn make_base() -> BaseArgs {
         BaseArgs {
             json: false,
+            verbose: false,
             quiet: false,
             no_color: false,
+            no_input: false,
             profile: None,
             project: None,
             org_name: None,
             api_key: None,
+            api_key_source: None,
             prefer_profile: false,
-            no_input: false,
             api_url: None,
             app_url: None,
             env_file: None,
@@ -2710,6 +2775,34 @@ mod tests {
         assert_err_contains(result, "invalid api_url");
     }
 
+    #[test]
+    fn missing_credential_error_helper_detects_typed_auth_errors() {
+        let err = recoverable_auth_error(
+            RecoverableAuthErrorKind::OauthRefreshToken,
+            "oauth refresh token missing".to_string(),
+        );
+
+        assert!(is_missing_credential_error(&err));
+    }
+
+    #[test]
+    fn missing_credential_error_helper_ignores_unrelated_errors() {
+        let err = anyhow::anyhow!("some unrelated error");
+
+        assert!(!is_missing_credential_error(&err));
+    }
+
+    #[test]
+    fn missing_credential_error_helper_detects_errors_through_context() {
+        let err = recoverable_auth_error(
+            RecoverableAuthErrorKind::StoredCredential,
+            "missing stored credential".to_string(),
+        )
+        .context("while resolving auth");
+
+        assert!(is_missing_credential_error(&err));
+    }
+
     fn restore_env_var(key: &str, previous: Option<OsString>) {
         match previous {
             Some(value) => env::set_var(key, value),

src/functions/push.rs

@@ -3433,14 +3433,16 @@ mod tests {
     fn test_base_args() -> BaseArgs {
         BaseArgs {
             json: false,
+            verbose: false,
             quiet: false,
             no_color: false,
+            no_input: false,
             profile: None,
             org_name: None,
             project: None,
             api_key: None,
+            api_key_source: None,
             prefer_profile: false,
-            no_input: false,
             api_url: None,
             app_url: None,
             env_file: None,