docs(providers): add JWT Bearer Authorization documentation

- Add comprehensive JWT authentication section to AUTHENTICATION.md
- Document JWT setup flow, token provision methods, and validation
- Include CI/CD pipeline examples and troubleshooting guide
- Add JWT vs SSO comparison table
- Update README.md to mention JWT Bearer Auth in provider list

Generated with AI

Co-Authored-By: codemie-ai <codemie.ai@gmail.com>

Author: TarasSpashchenko

README.md

@@ -10,7 +10,7 @@
 [![TypeScript](https://img.shields.io/badge/TypeScript-5.3%2B-blue.svg)](https://www.typescriptlang.org/)
 [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 
-> **Unified AI Coding Assistant CLI** - Manage Claude Code, Google Gemini, OpenCode, and custom AI agents from one powerful command-line interface. Multi-provider support (OpenAI, Azure OpenAI, AWS Bedrock, LiteLLM, Ollama, Enterprise SSO). Built-in LangGraph agent with file operations, command execution, and planning tools. Cross-platform support for Windows, Linux, and macOS.
+> **Unified AI Coding Assistant CLI** - Manage Claude Code, Google Gemini, OpenCode, and custom AI agents from one powerful command-line interface. Multi-provider support (OpenAI, Azure OpenAI, AWS Bedrock, LiteLLM, Ollama, Enterprise SSO, JWT Bearer Auth). Built-in LangGraph agent with file operations, command execution, and planning tools. Cross-platform support for Windows, Linux, and macOS.
 
 ---
 
@@ -23,10 +23,10 @@
 CodeMie CLI is the all-in-one AI coding assistant for developers.
 
 - ✨ **One CLI, Multiple AI Agents** - Switch between Claude Code, Gemini, OpenCode, and built-in agent.
-- 🔄 **Multi-Provider Support** - OpenAI, Azure OpenAI, AWS Bedrock, LiteLLM, Ollama, and Enterprise SSO.
+- 🔄 **Multi-Provider Support** - OpenAI, Azure OpenAI, AWS Bedrock, LiteLLM, Ollama, Enterprise SSO, and JWT Bearer Auth.
 - 🚀 **Built-in Agent** - A powerful LangGraph-based assistant with file operations, command execution, and planning tools.
 - 🖥️ **Cross-Platform** - Full support for Windows, Linux, and macOS with platform-specific optimizations.
-- 🔐 **Enterprise Ready** - SSO authentication, audit logging, and role-based access.
+- 🔐 **Enterprise Ready** - SSO and JWT authentication, audit logging, and role-based access.
 - ⚡ **Productivity Boost** - Code review, refactoring, test generation, and bug fixing.
 - 🎯 **Profile Management** - Manage work, personal, and team configurations separately.
 - 📊 **Usage Analytics** - Track and analyze AI usage across all agents with detailed insights.

docs/AUTHENTICATION.md

@@ -1,5 +1,13 @@
 # Authentication & SSO Management
 
+## Authentication Methods
+
+CodeMie CLI supports multiple authentication methods:
+
+- **CodeMie SSO** - Browser-based Single Sign-On (recommended for enterprise)
+- **JWT Bearer Authorization** - Token-based authentication for CI/CD and external auth systems
+- **API Key** - Direct API key authentication for other providers (OpenAI, Anthropic, etc.)
+
 ## AI/Run CodeMie SSO Setup
 
 For enterprise environments with AI/Run CodeMie SSO (Single Sign-On):
@@ -103,3 +111,142 @@ AI/Run CodeMie SSO provides enterprise-grade features:
 - **Automatic Plugin Installation**: Claude Code plugin auto-installs for session tracking
 - **Audit Logging**: Enterprise audit trails for security compliance
 - **Role-Based Access**: Model access based on organizational permissions
+
+## JWT Bearer Authorization
+
+For environments with external token management systems, CI/CD pipelines, or testing scenarios, CodeMie CLI supports JWT Bearer Authorization. This method provides tokens at runtime rather than during setup.
+
+### Initial Setup
+
+JWT setup only requires the API URL - tokens are provided later:
+
+```bash
+codemie setup
+# Select: Bearer Authorization
+```
+
+**The wizard will:**
+1. Prompt for the CodeMie base URL (e.g., `https://codemie.lab.epam.com`)
+2. Optionally ask for a custom environment variable name (default: `CODEMIE_JWT_TOKEN`)
+3. Save the configuration without requiring a token
+4. Display instructions for providing tokens at runtime
+
+### Providing JWT Tokens
+
+After setup, provide tokens via environment variable or CLI option:
+
+**Environment Variable (Recommended):**
+```bash
+# Set token in your environment
+export CODEMIE_JWT_TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
+
+# Run commands normally
+codemie-claude "analyze this code"
+```
+
+**CLI Option:**
+```bash
+# Provide token per command
+codemie-claude --jwt-token "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." "analyze this code"
+```
+
+**Custom Environment Variable:**
+```bash
+# If you configured a custom env var during setup
+export MY_CUSTOM_TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
+codemie-claude "analyze this code"
+```
+
+### JWT Token Management
+
+JWT tokens are validated automatically:
+
+```bash
+# Check JWT authentication status
+codemie doctor
+
+# View token status and expiration
+codemie profile status
+```
+
+**Token Validation:**
+- Format validation (header.payload.signature)
+- Expiration checking (warns if expiring within 7 days)
+- Automatic error messages for expired tokens
+
+### Use Cases
+
+JWT Bearer Authorization is ideal for:
+
+**CI/CD Pipelines:**
+```bash
+# GitLab CI example
+script:
+  - export CODEMIE_JWT_TOKEN="${CI_JOB_JWT}"
+  - codemie-claude --task "review changes in this commit"
+```
+
+**External Auth Systems:**
+```bash
+# Obtain token from your auth provider
+TOKEN=$(curl -s https://auth.example.com/token | jq -r .access_token)
+
+# Use with CodeMie
+codemie-claude --jwt-token "$TOKEN" "your prompt"
+```
+
+**Testing & Development:**
+```bash
+# Use short-lived test tokens
+export CODEMIE_JWT_TOKEN="test-token-expires-in-1h"
+codemie-claude "run tests"
+```
+
+### JWT vs SSO
+
+| Feature | JWT Bearer Auth | CodeMie SSO |
+|---------|----------------|-------------|
+| **Setup** | URL only | Browser-based flow |
+| **Token Source** | Runtime (CLI/env) | Stored in keychain |
+| **Best For** | CI/CD, external auth | Interactive development |
+| **Token Refresh** | Manual (obtain new token) | Automatic |
+| **Security** | Token management external | Managed by CLI |
+
+### Troubleshooting JWT
+
+**Token not found:**
+```bash
+# Check environment variable
+echo $CODEMIE_JWT_TOKEN
+
+# Verify variable name matches config
+codemie profile status
+
+# Provide via CLI instead
+codemie-claude --jwt-token "your-token" "your prompt"
+```
+
+**Token expired:**
+```bash
+# Obtain new token from your auth provider
+export CODEMIE_JWT_TOKEN="new-token-here"
+
+# Verify expiration
+codemie doctor
+```
+
+**Invalid token format:**
+```bash
+# JWT must have 3 parts (header.payload.signature)
+# Check token structure
+echo $CODEMIE_JWT_TOKEN | awk -F. '{print NF}'  # Should output: 3
+```
+
+**Configuration issues:**
+```bash
+# Reset and reconfigure
+codemie setup  # Choose Bearer Authorization again
+
+# Or manually edit config
+cat ~/.codemie/codemie-cli.config.json
+```