prvng_core/nulib/lib_provisioning/plugins/auth.nu

# Module: Authentication Plugin
# Purpose: Provides JWT authentication, MFA enrollment/verification, auth status checking, and permission validation.
# Dependencies: std log, path-utils, auth_impl

# Selective imports + re-exports (ADR-025 Phase 3 Layer 2).
# utils/path-utils star-import was dead — dropped.
use lib_provisioning/config/accessor/core.nu [config-get]
export use auth_impl.nu [
    check-auth-for-destructive check-auth-for-production check-operation-auth
    get-api-key-interactive get-auth-metadata get-authenticated-user
    get-provider-credentials-interactive get-secret-config-interactive
    is-authenticated is-check-mode is-destructive-operation is-mfa-verified
    log-authenticated-operation login-interactive mfa-enroll-interactive
    print-auth-status require-auth require-mfa run-typedialog-auth-form
    should-enforce-auth-from-metadata should-require-auth
    should-require-mfa-destructive should-require-mfa-prod
]

# Check if Auth plugin is available (registered with Nushell)
def is-plugin-available [] {
    let installed = (version | get installed_plugins)
    $installed | str contains "auth"
}

# Check if Auth plugin is enabled in config
def is-plugin-enabled [] {
    config-get "plugins.auth_enabled" true
}

# Get Auth plugin status and configuration
export def plugin-auth-status [] {
    let plugin_available = is-plugin-available
    let plugin_enabled = is-plugin-enabled

    {
        plugin_available: $plugin_available
        plugin_enabled: $plugin_enabled
        mode: (if ($plugin_enabled and $plugin_available) { "plugin" } else { "disabled" })
    }
}