[FEATURE] Alternate Seqera AI Cloud MVP docs

platform-cloud/cloud-sidebar.json

@@ -158,6 +158,19 @@
           "administration/credit-management"
           ]
       },
+     {
+      "type": "category",
+      "label": "Seqera AI CLI",
+      "link": {"type": "doc", "id": "seqera-ai/index"},
+      "collapsed": true,
+      "items": [
+        "seqera-ai/get-started",
+        "seqera-ai/installation",
+        "seqera-ai/authentication",
+        "seqera-ai/command-approval",
+        "seqera-ai/use-cases"
+      ]
+    },    
       {
         "type": "category",
         "label": "Developer tools",
@@ -221,7 +234,8 @@
           "troubleshooting_and_faqs/azure_troubleshooting",
           "troubleshooting_and_faqs/workspaces_troubleshooting",
           "troubleshooting_and_faqs/resource-labels",
-          "troubleshooting_and_faqs/datasets_troubleshooting"
+          "troubleshooting_and_faqs/datasets_troubleshooting",
+          "troubleshooting_and_faqs/seqera-ai"
         ]
       }
     ]

platform-cloud/docs/seqera-ai/authentication.md

@@ -0,0 +1,128 @@
+---
+title: "Authentication"
+description: "Login, logout, and session management for Seqera AI CLI"
+date: "15 Dec 2025"
+tags: [seqera-ai, cli, authentication, login]
+---
+
+:::caution Seqera AI CLI is in beta
+Seqera AI CLI is currently in beta. Features and commands may change as we continue to improve the product.
+:::
+
+:::note
+Seqera Cloud users receive $20 in free credits to get started with Seqera AI. [Contact us](https://seqera.io/platform/seqera-ai/request-credits/) for additional credits.
+:::
+
+Seqera AI uses your Seqera Platform account for authentication. This page describes authentication concepts and step-by-step instructions for managing your sessions.
+
+## Credential storage
+
+Seqera AI stores authentication tokens securely in your operating system's secure keychain:
+
+- **macOS**: Keychain Access
+- **Linux**: Secret Service (GNOME Keyring, KWallet)
+- **Windows**: Windows Credential Manager
+
+If keychain access isn't available, tokens are stored in:
+
+```
+~/.config/seqera-ai/refresh-token.<profile>
+```
+
+Session metadata (e.g., email, login timestamp) is stored in:
+
+```
+~/.config/seqera-ai/auth-state.json
+```
+
+## Token refresh
+
+Seqera AI CLI automatically refreshes your authentication token when needed. You are not required to log in again unless:
+
+- You explicitly log out
+- Your refresh token expires (typically after extended inactivity)
+- Your Seqera Platform account permissions change
+
+## Authenticating Seqera AI
+
+### Log in
+
+To authenticate with your Seqera Platform account, run:
+
+```bash
+seqera login
+```
+
+This will:
+
+1. Open your default browser to the Seqera login page
+1. Prompt you to sign in with your Seqera Platform credentials
+1. Automatically capture the authentication token
+1. Display a success message in your terminal
+
+   ```
+   Opening browser for authentication...
+   Successfully authenticated as [email protected]
+   ```
+
+### View session status
+
+To view your current authentication status, run:
+
+```bash
+seqera status
+```
+
+You should see output similar to:
+
+```console
+Logged in as: [email protected]
+Session expires: 2025-12-16 14:30:00
+```
+
+### Add access tokens for automation
+
+For automated environments, you can provide a Seqera Platform access token directly:
+
+```bash
+seqera ai --token <PLATFORM_ACCESS_TOKEN>
+```
+
+You can also set the token via environment variable:
+
+```bash
+export TOWER_ACCESS_TOKEN=<PLATFORM_ACCESS_TOKEN>
+seqera ai
+```
+
+This shows your login status, authenticated email, and session details.
+
+### Log out
+
+#### Standard logout
+
+To sign out from the current session, run:
+
+```bash
+seqera logout
+```
+
+This command revokes your current authentication token and removes locally stored credentials. You will need to re-authenticate on next use.
+
+#### Clear all sessions
+
+To remove all profiles and completely reset authentication, run:
+
+```bash
+seqera logout --all
+```
+
+This command removes all stored credentials and session data.
+
+## Learn more
+
+- [Seqera AI CLI](index.md): Seqera AI CLI overview
+- [Installation](./installation.md): Detailed installation instructions
+- [Command approval](./command-approval.md): Control which commands run automatically
+- [Use cases](./use-cases.md): Seqera AI use cases
+- [Troubleshooting](../troubleshooting_and_faqs/seqera-ai.md): Troubleshoot common errors

platform-cloud/docs/seqera-ai/command-approval.md

@@ -0,0 +1,215 @@
+---
+title: "Command approval"
+description: "Control which local commands require user approval in Seqera AI"
+date: "15 Dec 2025"
+tags: [seqera-ai, cli, approval, security]
+---
+
+:::caution Seqera AI CLI is in beta
+Seqera AI CLI is currently in beta. Features and commands may change as we continue to improve the product.
+:::
+
+:::note
+Seqera Cloud users receive $20 in free credits to get started with Seqera AI. [Contact us](https://seqera.io/platform/seqera-ai/request-credits/) for additional credits.
+:::
+
+Seqera AI can execute local commands and edit files in your environment. This page explains approval modes that control which operations run automatically versus which require your permission, including dangerous commands, workspace boundaries, and best practices.
+
+## Approval prompts
+
+When a command requires approval, you will see output similar to:
+
+```
+The assistant wants to run:
+  rm -rf ./build/
+
+[A]pprove  [R]eject  [E]dit
+```
+
+You can:
+
+- **Approve (A)**: Run the command as shown
+- **Reject (R)**: Cancel the command
+- **Edit (E)**: Modify the command before running
+
+## Approval modes
+
+Approval modes control which local commands Seqera AI can execute automatically and which require your explicit approval. This provides a balance between convenience and safety when working with local files and commands.
+
+There are three approval modes:
+
+| Mode | Description | Best for |
+|------|-------------|----------|
+| **basic** | Only safe, read-only commands run automatically | Maximum security |
+| **default** | Safe commands and workspace file edits run automatically | Typical development |
+| **full** | Everything except dangerous commands runs automatically | Experienced users |
+
+### Basic
+
+**Rule**: Only safe, read-only commands run automatically. Everything else requires approval.
+
+This is the most restrictive mode. The assistant can only auto-execute commands that view information without making changes.
+
+**Auto-executes**:
+
+- `cat` - View file contents
+- `ls` - List directory contents
+- `pwd` - Show current directory
+- `head` - View file beginning
+- `tail` - View file end
+- `tree` - Display directory tree
+- `echo` - Print text (without file redirection)
+- `date` - Show current date/time
+- `whoami` - Show current user
+- `env` - Display environment variables
+- `printenv` - Print environment variables
+- `stat` - Show file status
+- `uptime` - Show system uptime
+
+**Requires approval**: All other commands, including file edits, directory creation, and any other command execution. Safe commands that include file redirections (e.g., `echo "hello" > file.txt`) also require approval.
+
+**Use when**: You want maximum control and visibility over every action the assistant takes.
+
+**Examples**:
+
+```
+> Create a new file called test.txt with "hello world"
+
+The assistant wants to create file:
+  ./test.txt
+
+[A]pprove  [R]eject  [E]dit
+```
+
+### Default
+
+**Rule**: Safe commands and file operations within your workspace run automatically. All other commands require approval.
+
+This is the recommended mode for most users. It allows productive workflow while protecting system files and preventing destructive operations.
+
+**Auto-executes**:
+- All safe commands from basic mode (without file redirections)
+- File edits **within your current workspace**:
+  - Creating files (`touch`, file creation)
+  - Editing files (text modifications)
+  - Creating directories (`mkdir`)
+  - Copying files (`cp` within workspace)
+  - Moving files (`mv` within workspace)
+
+**Requires approval**:
+- File operations **outside your workspace**
+- All dangerous commands (see below)
+- Commands with file redirects to paths outside workspace
+- All other commands (e.g., `curl`, `wget`, `git`, `npm`, `python`, etc.)
+
+**Use when**: You're doing typical development work and want convenience without compromising safety.
+
+**Examples**:
+
+```
+> Create a new file called test.txt with "hello world"
+
+Created ./test.txt
+```
+
+File creation in the workspace runs automatically.
+
+```
+> Edit /etc/hosts
+
+The assistant wants to edit file:
+  /etc/hosts
+
+[A]pprove  [R]eject  [E]dit
+```
+
+Editing outside the workspace requires approval.
+
+
+### Full
+
+**Rule**: Everything runs automatically except explicitly dangerous commands.
+
+This is the most permissive mode. Use it when you fully trust the assistant's actions and want minimal interruption.
+
+**Auto-executes**: All commands except those on the dangerous list.
+
+**Requires approval**: Only dangerous commands (see below).
+
+**Use when**: You're an experienced user comfortable with automated command execution, or when working in an isolated/disposable environment.
+
+## Dangerous commands
+
+These commands **always require approval** in any mode:
+
+| Command | Risk |
+|---------|------|
+| `rm` | Delete files/directories |
+| `chmod` | Change file permissions |
+| `chown` | Change file ownership |
+| `kill` | Terminate processes |
+| `killall` | Terminate multiple processes |
+| `pkill` | Kill processes by name |
+| `sudo` | Execute as superuser |
+| `dd` | Low-level data operations |
+| `mount` | Mount filesystems |
+| `umount` | Unmount filesystems |
+| `mkfs` | Create filesystems |
+| `reboot` | Restart system |
+| `shutdown` | Power off system |
+
+**Examples**:
+
+```
+> Create files and directories as needed
+
+Created ./src/utils.py
+Created ./tests/test_utils.py
+Created ./config/settings.json
+```
+
+Most operations run without prompts.
+
+```
+> Delete the build directory
+
+The assistant wants to run:
+  rm -rf ./build/
+
+[A]pprove  [R]eject  [E]dit
+```
+
+Dangerous commands still require approval.
+
+## Workspace boundaries
+
+In **default** mode, the "workspace" is your current working directory and its subdirectories. File operations are evaluated as:
+
+- **Inside workspace**: `/path/to/workspace/src/file.txt` - auto-executes
+- **Outside workspace**: `/etc/config` or `~/other-project/file.txt` - requires approval
+
+The workspace is set when you start the assistant:
+
+```bash
+# Workspace is /home/user/my-project
+cd /home/user/my-project
+seqera ai
+
+# Or explicitly set the workspace
+seqera ai -w /home/user/my-project
+```
+
+## Best practices
+
+- **Start with default mode**: It provides a good balance for most workflows
+- **Use basic mode for unfamiliar projects**: When exploring new codebases
+- **Reserve full mode for trusted contexts**: Disposable environments or well-understood tasks
+- **Review dangerous command prompts carefully**: These commands can have significant impact
+
+## Learn more
+
+- [Seqera AI CLI](index.md): Seqera AI CLI overview
+- [Installation](./installation): Detailed installation instructions
+- [Authentication](./authentication): Log in, log out, and session management
+- [Use cases](./use-cases.md): Seqera AI use cases
+- [Troubleshooting](../troubleshooting_and_faqs/seqera-ai.md): Troubleshoot common errors