Migrate to Krónan Public API

CLAUDE.md

@@ -1,6 +1,16 @@
 # kronan-cli
 
-CLI tool for Kronan.is grocery store. Uses Bun runtime.
+CLI tool for Krónan.is grocery store. Uses Bun runtime.
+
+## Authentication
+
+The Krónan Public API uses AccessToken authentication. You need to create an access token at:
+https://kronan.is/adgangur/adgangslyklar
+
+Then save it using the CLI:
+```bash
+kronan token <your-access-token>
+```
 
 ## Development
 
@@ -15,26 +25,54 @@ CLI tool for Kronan.is grocery store. Uses Bun runtime.
 ## Architecture
 
 - `src/index.ts` — CLI entry point, command routing, flag parsing
-- `src/auth.ts` — AWS Cognito custom auth with Rafraen skilriki (Icelandic e-ID)
-- `src/api.ts` — Kronan backend API client (`https://backend.kronan.is/api/`)
+- `src/auth.ts` — AccessToken storage and management
+- `src/api.ts` — Krónan Public API client (`https://api.kronan.is/api/v1`)
 - `src/commands/` — Individual command implementations
 
 ## Key conventions
 
 - Use Bun APIs: `Bun.file`, `Bun.write`, `bun:test`
 - All commands must support `--json` flag for structured AI-agent output
-- Auth tokens stored in `~/.kronan/tokens.json`
-- Cart endpoints require `Customer-Group-Id` header (fetched dynamically)
-- API auth header format: `Authorization: CognitoJWT {idToken}`
+- Auth tokens stored in `~/.kronan/token`
+- API auth header format: `Authorization: AccessToken {token}`
 
 ## API endpoints
 
-- Product search: `POST /api/products/raw-search/?with_detail=true`
-- Cart view: `GET /api/smart-checkouts/default/`
-- Cart add: `POST /api/smart-checkouts/default/lines/`
-- Cart update: `PATCH /api/smart-checkouts/default/lines/{id}/`
-- Cart remove: `DELETE /api/smart-checkouts/default/lines/{id}/`
-- Orders: `GET /api/orders/`
-- Order detail: `GET /api/orders/{id}/`
-- User profile: `GET /api/users/me/`
-- Customer groups: `GET /api/customer_groups/`
+### Me
+- `GET /api/v1/me/` — Current identity (user or customer group)
+
+### Products
+- `POST /api/v1/products/search/` — Search products
+- `GET /api/v1/products/{sku}/` — Get product details
+
+### Categories
+- `GET /api/v1/categories/` — List category tree
+- `GET /api/v1/categories/{slug}/products/` — Get category products
+
+### Orders
+- `GET /api/v1/orders/` — List orders
+- `GET /api/v1/orders/{token}/` — Get order details
+- `POST /api/v1/orders/{token}/delete-lines/` — Delete order lines
+- `POST /api/v1/orders/{token}/lower-quantity-lines/` — Lower line quantities
+- `POST /api/v1/orders/{token}/lines-toggle-substitution/` — Toggle substitution
+
+### Checkout
+- `GET /api/v1/checkout/` — Get active checkout
+- `POST /api/v1/checkout/lines/` — Add or replace checkout lines
+
+### Product Lists
+- `GET /api/v1/product-lists/` — List product lists
+- `POST /api/v1/product-lists/` — Create product list
+- `GET /api/v1/product-lists/{token}/` — Get product list details
+- `PATCH /api/v1/product-lists/{token}/` — Update product list
+- `DELETE /api/v1/product-lists/{token}/` — Delete product list
+- `POST /api/v1/product-lists/{token}/update-item/` — Add/update item
+
+### Shopping Notes
+- `GET /api/v1/shopping-notes/` — Get shopping note
+- `POST /api/v1/shopping-notes/add-line/` — Add note line
+- `PATCH /api/v1/shopping-notes/change-line/` — Update note line
+- `DELETE /api/v1/shopping-notes/delete-line/` — Delete note line
+
+### Purchase Stats
+- `GET /api/v1/product-purchase-stats/` — List purchase history

README.md

@@ -1,6 +1,8 @@
 # kronan-cli
 
-CLI for [Kronan.is](https://www.kronan.is) -- Iceland's grocery store. Search products, manage your cart, and view order history from the terminal. Built with [Bun](https://bun.sh) and designed to be used by AI agents.
+CLI for [Krónan.is](https://www.kronan.is) -- Iceland's grocery store. Search products, manage your cart, and view order history from the terminal. Built with [Bun](https://bun.sh) and designed to be used by AI agents.
+
+Uses the new Krónan Public API (https://api.kronan.is/api/v1/).
 
 ## Install
 
@@ -29,31 +31,41 @@ bun run src/index.ts help
 
 ## Authentication
 
-Kronan uses **Rafraen skilriki** (Iceland's SIM-based electronic ID) for login. You need an Icelandic phone number with Rafraen skilriki enabled.
+Krónan's Public API uses **AccessToken** authentication. You need to create an access token from your Krónan account settings.
+
+1. Go to https://kronan.is/adgangur/adgangslyklar
+2. Create a new access token
+3. Save it with the CLI:
 
 ```bash
-kronan login XXXXXX     # Sends auth request to your phone
-kronan status            # Check if you're logged in
-kronan logout            # Clear tokens
+kronan token <your-access-token>
+kronan status            # Check if token is valid
+kronan logout            # Clear token
 ```
 
-Tokens are stored in `~/.kronan/tokens.json` and auto-refresh when expired.
+Tokens are stored in `~/.kronan/token`.
+
+**Note:** You must have a Krónan account with Auðkenni (Icelandic e-ID) login to create access tokens.
 
 ## Usage
 
 ```
+kronan token <token>          Save access token
+kronan status                 Check authentication status
+kronan logout                 Clear stored token
+
 kronan search <query>         Search for products
 kronan product <sku>          Product details by SKU
 
 kronan cart                   View cart
 kronan cart add <sku> [qty]   Add item to cart
-kronan cart update <id> <qty> Update line quantity
-kronan cart remove <id>       Remove line from cart
+kronan cart clear             Clear cart
 
 kronan orders                 Order history
-kronan order <id>             Specific order details
+kronan order <token>          Specific order details
 
-kronan me                     User profile (⚠️  outputs PII, see below)
+kronan lists                  View product lists
+kronan me                     Show current identity
 ```
 
 All commands support `--json` for structured output.
@@ -85,22 +97,29 @@ kronan cart --json
 ```
 src/
   index.ts              CLI entry point and command routing
-  auth.ts               AWS Cognito auth (Rafraen skilriki flow)
-  api.ts                Kronan backend API client
+  auth.ts               AccessToken storage and management
+  api.ts                Krónan Public API client
   commands/
-    login.ts            login, logout, status
+    login.ts            token, logout, status
     search.ts           product search and detail
     orders.ts           order history
     cart.ts             cart management
 ```
 
+## API Documentation
+
+The Krónan Public API is documented at:
+- Swagger UI: https://api.kronan.is/api/v1/schema/swagger-ui/
+- ReDoc: https://api.kronan.is/api/v1/schema/redoc/
+
 ## Privacy
 
-`kronan me` outputs your full user profile including **personally identifiable information (PII)** such as your name, phone number, and Icelandic national ID number (kennitala/SSN). Be careful when sharing this output — avoid pasting it in public channels, issue trackers, or LLM conversations that may be logged.
+`kronan me` outputs your identity information. Be careful when sharing this output — avoid pasting it in public channels, issue trackers, or LLM conversations that may be logged.
 
 ## Requirements
 
-- Icelandic phone number with Rafraen skilriki for authentication
+- Krónan account with Auðkenni (Icelandic e-ID) login
+- Access token from https://kronan.is/adgangur/adgangslyklar
 - [GitHub CLI](https://cli.github.com) for installation (or [Bun](https://bun.sh) if running from source)
 
 ## License

SKILL.md

@@ -2,16 +2,16 @@
 name: kronan-cli
 description: >
   Search Krónan for groceries and prices, get SKU numbers, add to or change
-  shopping cart, and view past order history. Leita að verði á matvörum í
-  Krónunni, vinna með innkaupakörfu (bæta í eða breyta), og skoða gamlar
-  pantanir.
-version: 0.1.0
+  shopping cart, and view past order history using the official Krónan Public API.
+  Leita að verði á matvörum í Krónunni, vinna með innkaupakörfu (bæta í eða breyta),
+  og skoða gamlar pantanir.
+version: 0.2.0
 requires:
   binaries:
     - gh        # GitHub CLI — required for install
     - bun       # Bun runtime — only needed if building from source
   paths:
-    - ~/.kronan/tokens.json   # Cognito JWT tokens (created at login)
+    - ~/.kronan/token   # AccessToken for Public API authentication
 metadata:
   openclaw:
     homepage: https://github.com/arnif/kronan-cli
@@ -20,12 +20,13 @@ metadata:
 
 # kronan-cli
 
-CLI tool for shopping at [Kronan.is](https://www.kronan.is), Iceland's grocery store chain. Designed for both humans and AI agents.
+CLI tool for shopping at [Krónan.is](https://www.kronan.is), Iceland's grocery store chain. Uses the official Krónan Public API. Designed for both humans and AI agents.
 
 ## Prerequisites
 
 - [GitHub CLI](https://cli.github.com) (`gh`) — required for the install command
-- An Icelandic phone number with **Rafraen skilriki** (SIM-based electronic ID) enabled — required for authentication
+- A Krónan account with **Auðkenni** (Icelandic e-ID) login
+- An Access Token from https://kronan.is/adgangur/adgangslyklar
 
 ## Install
 
@@ -46,21 +47,28 @@ mv kronan ~/.local/bin/
 ## Security and privacy
 
 - **Install script**: `install.sh` executes on your machine and downloads a binary. Audit the [repository](https://github.com/arnif/kronan-cli) and the script before running.
-- **Token storage**: Auth tokens (Cognito JWTs) are stored at `~/.kronan/tokens.json`. These contain session credentials tied to your identity. Ensure the file is only readable by your user (`chmod 600 ~/.kronan/tokens.json`).
-- **PII**: `kronan me` outputs your full user profile including name, phone number, and Icelandic national ID number (kennitala). Do not share this output in public channels or logged LLM conversations.
-- **Credentials**: The login flow sends an auth request to your phone via Rafraen skilriki. No passwords are transmitted or stored — authentication is SIM-based.
+- **Token storage**: Access tokens are stored at `~/.kronan/token`. These are credentials for the Krónan Public API. Ensure the file is only readable by your user (`chmod 600 ~/.kronan/token`).
+- **PII**: `kronan me` outputs your identity information (name and type - user or customer group). Be careful when sharing this output.
+- **API Access**: Tokens are created in your Krónan account settings and can be revoked at any time at https://kronan.is/adgangur/adgangslyklar
 
 ## Authentication
 
+First, create an access token:
+1. Go to https://kronan.is/adgangur/adgangslyklar
+2. Log in with Auðkenni (Icelandic e-ID)
+3. Create a new access token
+
+Then save it with the CLI:
+
 ```bash
-kronan login <phone-number>
+kronan token <your-access-token>
 ```
 
-You will be prompted to confirm on your phone. Tokens are stored locally in `~/.kronan/tokens.json` and refresh automatically.
+The token will be validated and saved locally.
 
 ```bash
-kronan logout    # Clear stored tokens
-kronan status    # Check login status
+kronan logout    # Clear stored token
+kronan status    # Check authentication status
 ```
 
 ## Commands
@@ -84,33 +92,39 @@ kronan product 02500188 --json
 
 ```bash
 kronan cart                         # View cart
-kronan cart add <sku> [quantity]    # Add item
-kronan cart update <lineId> <qty>  # Update quantity
-kronan cart remove <lineId>        # Remove item
+kronan cart add <sku> [quantity]    # Add item to cart
+kronan cart clear                   # Clear all items from cart
 ```
 
 ### Order history
 
 ```bash
 kronan orders                # Recent orders
 kronan orders --json         # JSON output for parsing
-kronan order <id>            # Specific order details
+kronan order <token>         # Specific order details (use order token, not ID)
+```
+
+### Product lists
+
+```bash
+kronan lists                 # View saved product lists
+kronan lists --json
 ```
 
-### User profile
+### User identity
 
 ```bash
-kronan me              # ⚠️  Outputs PII (name, phone, kennitala)
+kronan me              # Show current identity (user or customer group)
 kronan me --json
 ```
 
 ## AI Agent Usage
 
 All commands support `--json` for structured output. This makes kronan-cli suitable as a tool for AI agents managing grocery shopping.
 
-**Important:** Commands that change state (`cart add`, `cart update`, `cart remove`, `login`) can modify the user's real shopping cart or initiate authentication. Agents **must ask for explicit user confirmation** before running any state-changing command.
+**Important:** Commands that change state (`cart add`, `cart clear`) can modify the user's real shopping cart. Agents **must ask for explicit user confirmation** before running any state-changing command.
 
-Read-only commands (`search`, `product`, `orders`, `order`, `cart` (view), `me`, `status`) are safe to run without confirmation.
+Read-only commands (`search`, `product`, `orders`, `order`, `cart` (view), `lists`, `me`, `status`) are safe to run without confirmation.
 
 Example agent workflow:
 
@@ -146,24 +160,38 @@ An agent can analyze order history to find frequently purchased items and auto-p
 | `--page <n>` | Page number (search) |
 | `--limit <n>` | Results per page |
 | `--offset <n>` | Offset for pagination (orders) |
-| `--store <extId>` | Store external ID (search, default: 159) |
 
 ## API Reference
 
-The CLI wraps the Kronan backend API at `https://backend.kronan.is/api/`. Key endpoints:
+The CLI uses the official Krónan Public API at `https://api.kronan.is/api/v1/`.
+
+API Documentation:
+- Swagger UI: https://api.kronan.is/api/v1/schema/swagger-ui/
+- ReDoc: https://api.kronan.is/api/v1/schema/redoc/
+
+Key endpoints:
 
 | Endpoint | Method | Auth | Description |
 |----------|--------|------|-------------|
-| `/products/raw-search/` | POST | No | Product search |
-| `/products/{sku}/` | GET | No | Product detail |
-| `/smart-checkouts/default/` | GET | Yes | View cart |
-| `/smart-checkouts/default/lines/` | POST | Yes | Add to cart |
-| `/smart-checkouts/default/lines/{id}/` | PATCH | Yes | Update cart line |
-| `/smart-checkouts/default/lines/{id}/` | DELETE | Yes | Remove from cart |
+| `/products/search/` | POST | Yes | Product search |
+| `/products/{sku}/` | GET | Yes | Product detail |
+| `/checkout/` | GET | Yes | View checkout/cart |
+| `/checkout/lines/` | POST | Yes | Add/replace checkout lines |
 | `/orders/` | GET | Yes | Order history |
-| `/users/me/` | GET | Yes | User profile |
-| `/customer_groups/` | GET | Yes | Customer groups |
+| `/me/` | GET | Yes | Current identity |
+| `/product-lists/` | GET | Yes | Product lists |
+| `/shopping-notes/` | GET | Yes | Shopping notes |
+| `/product-purchase-stats/` | GET | Yes | Purchase statistics |
+
+Auth header format: `Authorization: AccessToken {token}`
+
+## Migration from v0.1.x
+
+If you were using the previous version with Cognito authentication:
 
-Auth header format: `Authorization: CognitoJWT {idToken}`
+1. Remove old tokens: `rm ~/.kronan/tokens.json`
+2. Get a new access token from https://kronan.is/adgangur/adgangslyklar
+3. Run `kronan token <new-token>`
+4. Update any scripts using `kronan login` to use `kronan token` instead
 
-Cart endpoints also require: `Customer-Group-Id: {groupId}`
+Note: Order IDs in the new API are tokens (UUIDs), not numeric IDs.