refactor(cli): migrate from kingpin to cobra

BREAKING CHANGE: Migrates the CLI framework from kingpin to cobra for improved maintainability and better shell completion support.

This change brings several improvements:
- Enhanced shell completion with cobra's native completion engine
- More intuitive command structure and flag handling
- Better error messages and help text formatting
- Improved maintainability with cobra's cleaner command organization

All command functionality remains the same, but the underlying CLI framework
has been completely replaced. Users should experience no breaking changes in
command usage, though some internal behaviors may differ slightly.

Commands migrated:
- add, remove, list, rotate
- exec, export, clear
- login, proxy

The migration maintains backward compatibility for all command-line arguments
and flags while providing a more robust foundation for future enhancements.

Author: joshichintan

.github/workflows/go.yml

@@ -30,8 +30,24 @@ jobs:
           go-version: 'stable'
           #go-version-file: 'go.mod'
           check-latest: true
+      - name: Setup Test Keychain
+        if: runner.os == 'macOS'
+        run: |
+          security create-keychain -p test-password aws-vault-test.keychain
+          
+          security default-keychain -s aws-vault-test.keychain
+          
+          security unlock-keychain -p test-password aws-vault-test.keychain
+          
+          security set-keychain-settings -t 3600 -u aws-vault-test.keychain
+          
+          security list-keychains -d user -s aws-vault-test.keychain $(security list-keychains -d user | sed s/\"//g)
       - name: Run tests
         run: make test #go test -race ./...
+      - name: Cleanup Test Keychain
+        if: runner.os == 'macOS' && always()
+        run: |
+          security delete-keychain aws-vault-test.keychain || true
   lint:
     permissions:
       contents: read  # for actions/checkout to fetch code

cli/add.go

@@ -6,10 +6,10 @@ import (
 	"os"
 
 	"github.com/byteness/keyring"
-	"github.com/alecthomas/kingpin/v2"
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/byteness/aws-vault/v7/prompt"
 	"github.com/byteness/aws-vault/v7/vault"
+	"github.com/spf13/cobra"
 )
 
 type AddCommandInput struct {
@@ -18,35 +18,41 @@ type AddCommandInput struct {
 	AddConfig   bool
 }
 
-func ConfigureAddCommand(app *kingpin.Application, a *AwsVault) {
+func ConfigureAddCommand(a *AwsVault) *cobra.Command {
 	input := AddCommandInput{}
 
-	cmd := app.Command("add", "Add credentials to the secure keystore.")
-
-	cmd.Arg("profile", "Name of the profile").
-		Required().
-		StringVar(&input.ProfileName)
+	cmd := &cobra.Command{
+		Use:   "add [profile]",
+		Short: "Add credentials to the secure keystore",
+		Long:  "Add credentials to the secure keystore",
+		Args:  cobra.ExactArgs(1),
+		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+			if len(args) == 0 {
+				return a.CompleteProfileNames()(cmd, args, toComplete)
+			}
+			return nil, cobra.ShellCompDirectiveNoFileComp
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			input.ProfileName = args[0]
+			keyring, err := a.Keyring()
+			if err != nil {
+				return err
+			}
+			awsConfigFile, err := a.AwsConfigFile()
+			if err != nil {
+				return err
+			}
+			return AddCommand(input, keyring, awsConfigFile)
+		},
+	}
 
-	cmd.Flag("env", "Read the credentials from the environment (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY)").
-		BoolVar(&input.FromEnv)
+	// --env flag to read credentials from environment variables
+	cmd.Flags().BoolVar(&input.FromEnv, "env", false, "Read the credentials from the environment (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY)")
 
-	cmd.Flag("add-config", "Add a profile to ~/.aws/config if one doesn't exist").
-		Default("true").
-		BoolVar(&input.AddConfig)
+	// --add-config flag (default is true)
+	cmd.Flags().BoolVar(&input.AddConfig, "add-config", true, "Add a profile to ~/.aws/config if one doesn't exist")
 
-	cmd.Action(func(c *kingpin.ParseContext) error {
-		keyring, err := a.Keyring()
-		if err != nil {
-			return err
-		}
-		awsConfigFile, err := a.AwsConfigFile()
-		if err != nil {
-			return err
-		}
-		err = AddCommand(input, keyring, awsConfigFile)
-		app.FatalIfError(err, "add")
-		return nil
-	})
+	return cmd
 }
 
 func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *vault.ConfigFile) error {
@@ -73,6 +79,7 @@ func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *v
 		if secretKey, err = prompt.TerminalSecretPrompt("Enter Secret Access Key: "); err != nil {
 			return err
 		}
+		// PRESERVED: MFA serial prompt functionality
 		if mfaSerial, err = prompt.TerminalPrompt("Enter MFA Device ARN (If MFA is not enabled, leave this blank): "); err != nil {
 			return err
 		}
@@ -96,7 +103,7 @@ func AddCommand(input AddCommandInput, keyring keyring.Keyring, awsConfigFile *v
 		if input.AddConfig {
 			newProfileSection := vault.ProfileSection{
 				Name:      input.ProfileName,
-				MfaSerial: mfaSerial,
+				MfaSerial: mfaSerial, // PRESERVED: MFA serial saved to config
 			}
 			log.Printf("Adding profile %s to config at %s", input.ProfileName, awsConfigFile.Path)
 			if err := awsConfigFile.Add(newProfileSection); err != nil {

cli/add_test.go

@@ -4,7 +4,7 @@ import (
 	"log"
 	"os"
 
-	"github.com/alecthomas/kingpin/v2"
+	"github.com/spf13/cobra"
 )
 
 func ExampleAddCommand() {
@@ -25,9 +25,11 @@ func ExampleAddCommand() {
 	defer os.Unsetenv("AWS_VAULT_BACKEND")
 	defer os.Unsetenv("AWS_VAULT_FILE_PASSPHRASE")
 
-	app := kingpin.New(`aws-vault`, ``)
-	ConfigureAddCommand(app, ConfigureGlobals(app))
-	kingpin.MustParse(app.Parse([]string{"add", "--debug", "--env", "foo"}))
+	rootCmd := &cobra.Command{Use: "aws-vault"}
+	a := ConfigureGlobals(rootCmd)
+	rootCmd.AddCommand(ConfigureAddCommand(a))
+	rootCmd.SetArgs([]string{"add", "--debug", "--env", "foo"})
+	_ = rootCmd.Execute()
 
 	// Output:
 	// Added credentials to profile "foo" in vault

cli/clear.go

@@ -4,37 +4,47 @@ import (
 	"fmt"
 
 	"github.com/byteness/keyring"
-	"github.com/alecthomas/kingpin/v2"
 	"github.com/byteness/aws-vault/v7/vault"
+	"github.com/spf13/cobra"
 )
 
 type ClearCommandInput struct {
 	ProfileName string
 }
 
-func ConfigureClearCommand(app *kingpin.Application, a *AwsVault) {
+func ConfigureClearCommand(a *AwsVault) *cobra.Command {
 	input := ClearCommandInput{}
 
-	cmd := app.Command("clear", "Clear temporary credentials from the secure keystore.")
+	cmd := &cobra.Command{
+		Use:   "clear [profile]",
+		Short: "Clear temporary credentials from the secure keystore",
+		Long:  "Clear temporary credentials from the secure keystore",
+		Args:  cobra.MaximumNArgs(1),
+		ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
+			if len(args) == 0 {
+				return a.CompleteProfileNames()(cmd, args, toComplete)
+			}
+			return nil, cobra.ShellCompDirectiveNoFileComp
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				input.ProfileName = args[0]
+			}
 
-	cmd.Arg("profile", "Name of the profile").
-		HintAction(a.MustGetProfileNames).
-		StringVar(&input.ProfileName)
+			keyring, err := a.Keyring()
+			if err != nil {
+				return err
+			}
+			awsConfigFile, err := a.AwsConfigFile()
+			if err != nil {
+				return err
+			}
 
-	cmd.Action(func(c *kingpin.ParseContext) (err error) {
-		keyring, err := a.Keyring()
-		if err != nil {
-			return err
-		}
-		awsConfigFile, err := a.AwsConfigFile()
-		if err != nil {
-			return err
-		}
+			return ClearCommand(input, awsConfigFile, keyring)
+		},
+	}
 
-		err = ClearCommand(input, awsConfigFile, keyring)
-		app.FatalIfError(err, "clear")
-		return nil
-	})
+	return cmd
 }
 
 func ClearCommand(input ClearCommandInput, awsConfigFile *vault.ConfigFile, keyring keyring.Keyring) error {