#!/usr/bin/env python3
"""
Create a JWT token for ClaudeTools API access
"""
import jwt
from datetime import datetime, timedelta, timezone
from vault_utils import vault_get

# Get the JWT secret from the SOPS vault
JWT_SECRET = vault_get("projects/claudetools/api-auth.sops.yaml", "credentials.credential")

# Create token data
data = {
    "sub": "import-script",
    "scopes": ["admin", "import"],
    "exp": datetime.now(timezone.utc) + timedelta(days=30)
}

# Create token
token = jwt.encode(data, JWT_SECRET, algorithm="HS256")

print(f"New JWT Token:")
print(token)
print()
print(f"Expires: {data['exp']}")
print()
print("Add this to .claude/context-recall-config.env:")
print(f"JWT_TOKEN={token}")