Add darc login command for interactive Maestro authentication

[Copilot]

Implementation Plan for darc login Command

• Create LoginCommandLineOptions.cs with verb "login" and help text
• Create LoginOperation.cs to handle login flow:
  • Trigger interactive browser authentication
  • Obtain Maestro token via AppCredential
  • Store authentication record in ~/.darc directory
  • Add error handling with pointer to darc authenticate on failure
• Register the new command in Program.cs GetOptions()
• Update documentation in docs/Darc.md:
  • Add login command to index
  • Add login command reference section
  • Add scenario for setting up authentication
• Write unit tests for LoginOperation
• Build and test the implementation
• Manual validation with darc CLI
• Code review and security scan
• Address feedback: Refactor to reuse credential classes
• Address PR review comments:
  • Fix documentation to match actual output
  • Update constructor to use GetAppIdForUri() for consistency

Summary

Successfully implemented the darc login command. Latest changes:

• Fixed documentation examples to match actual log output from the implementation
• Refactored ProductConstructionServiceApiOptions constructor to use GetAppIdForUri() instead of directly accessing the dictionary, ensuring consistent error handling
• All 184 Darc tests pass

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Add darc login command</issue_title>
<issue_description>We need a darc login command which would be used locally and would obtain Maestro token and store the credentials in the auth record so that MCP agents can rely on the user running this command and being signed in.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Add darc login command #5985

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Pull request overview

This PR implements a new darc login command that enables interactive browser-based authentication with Maestro. The command stores authentication credentials in the ~/.darc directory for reuse by the darc CLI and automation tools like MCP agents. The implementation refactors authentication logic to expose a public GetAppIdForUri() method that maps Maestro URIs to Entra app IDs.

Changes:

• Added GetAppIdForUri() public method to expose Entra app ID mapping functionality
• Created LoginCommandLineOptions class with --bar-uri parameter for specifying Maestro environment
• Implemented LoginOperation class with interactive browser authentication flow using Azure.Identity

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
src/ProductConstructionService/Microsoft.DotNet.ProductConstructionService.Client/ProductConstructionServiceApiOptions.cs	Added public GetAppIdForUri() method to expose existing URI-to-app-ID mapping
src/Microsoft.DotNet.Darc/Darc/Program.cs	Registered new LoginCommandLineOptions in command list
src/Microsoft.DotNet.Darc/Darc/Options/LoginCommandLineOptions.cs	Created command-line options with --bar-uri parameter
src/Microsoft.DotNet.Darc/Darc/Operations/LoginOperation.cs	Implemented interactive authentication flow with error handling
docs/Darc.md	Added documentation for login command with usage examples

[Copilot]

The documentation examples show console output that doesn't match the actual implementation. The code logs "Authenticating with Maestro at {barUri} (a browser window might open)" but the documentation shows "Opening browser for authentication..." Additionally, the documentation shows messages about credentials being stored ("Authentication credentials have been stored in /Users/username/.darc" and "These credentials will be used by automation tools and the darc CLI.") that are not present in the actual code. Update the documentation to match the actual log messages produced by the implementation.

[premun]

@copilot fix the documentation to match the expected output

[Copilot]

Fixed the documentation to match the actual log output. Removed the messages about "Opening browser for authentication..." and credential storage location that don't exist in the implementation. (commit dee42b6)