feat(cli): update devmode to v3 API with private key auth #702
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Change devmode endpoint from /cli/devmode/2 to /cli/devmode/3 - Accept privateKey in response and save base64-encoded to config - Extract public key from saved private key and send to endpoint - Pass private key to gravity client via --private-key flag instead of --token - Make privateKey optional in response for key reuse scenarios
📝 WalkthroughWalkthroughAdds client-side private-key support for dev mode: derive a publicKey from an optional privateKey, include it in the devmode API v3 request/response, persist a base64-encoded privateKey in config, and pass the privateKey to the Gravity client at startup. Changes
🚥 Pre-merge checks | ✅ 1✅ Passed checks (1 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. 📜 Recent review detailsConfiguration used: Organization UI Review profile: CHILL Plan: Pro 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)
✏️ Tip: You can disable this entire section by setting Comment |
📦 Canary Packages Publishedversion: PackagesInstallAdd to your {
"dependencies": {
"@agentuity/core": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-core-0.1.28-7c0346c.tgz",
"@agentuity/cli": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-cli-0.1.28-7c0346c.tgz",
"@agentuity/server": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-server-0.1.28-7c0346c.tgz",
"@agentuity/auth": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-auth-0.1.28-7c0346c.tgz",
"@agentuity/workbench": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-workbench-0.1.28-7c0346c.tgz",
"@agentuity/schema": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-schema-0.1.28-7c0346c.tgz",
"@agentuity/frontend": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-frontend-0.1.28-7c0346c.tgz",
"@agentuity/opencode": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-opencode-0.1.28-7c0346c.tgz",
"@agentuity/evals": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-evals-0.1.28-7c0346c.tgz",
"@agentuity/react": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-react-0.1.28-7c0346c.tgz",
"@agentuity/runtime": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-runtime-0.1.28-7c0346c.tgz"
}
}Or install directly: bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-core-0.1.28-7c0346c.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-cli-0.1.28-7c0346c.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-server-0.1.28-7c0346c.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-auth-0.1.28-7c0346c.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-workbench-0.1.28-7c0346c.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-schema-0.1.28-7c0346c.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-frontend-0.1.28-7c0346c.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-opencode-0.1.28-7c0346c.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-evals-0.1.28-7c0346c.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-react-0.1.28-7c0346c.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.28-7c0346c/agentuity-runtime-0.1.28-7c0346c.tgzCLI Executables
Run Canary CLIagentuity canary 0.1.28-7c0346c [command] [...args] |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In `@packages/cli/src/cmd/dev/index.ts`:
- Around line 1094-1095: The code is currently passing an empty base64 string
for the gravity --private-key flag when both devmode.privateKey and
savedPrivateKey are missing; change the arg construction so you only push the
'--private-key' flag and Buffer.from(...).toString('base64') when a non-empty
key exists (use the combinedKey = devmode.privateKey ?? savedPrivateKey check),
otherwise omit the flag (or emit a concise warning before launching). Update the
logic around the existing array construction that currently includes
'--private-key' and Buffer.from(devmode.privateKey ?? savedPrivateKey ??
'').toString('base64') to conditionally add both entries only when combinedKey
is truthy.
In `@packages/cli/src/types.ts`:
- Line 27: The schema description for privateKey (privateKey:
zod.string().optional().describe('Development mode private key (PEM)')) is
ambiguous because config actually persists a base64-encoded PEM; update the
description to reflect the stored format (e.g., change the describe text to
"Development mode private key (base64-encoded PEM)") or modify storage to
persist raw PEM consistently—ensure the change is applied to the privateKey
schema in types.ts and any code that reads/writes this config is updated to
encode/decode accordingly.
📜 Review details
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
packages/cli/src/cmd/dev/api.tspackages/cli/src/cmd/dev/index.tspackages/cli/src/types.ts
🧰 Additional context used
📓 Path-based instructions (4)
packages/cli/src/**/*.ts
📄 CodeRabbit inference engine (packages/cli/AGENTS.md)
Use
Bun.file(f).exists()instead ofexistsSync(f)for file existence checks
Files:
packages/cli/src/types.tspackages/cli/src/cmd/dev/index.tspackages/cli/src/cmd/dev/api.ts
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx}: Use Prettier formatter with tabs (width 3), single quotes, and semicolons for TypeScript files
Use TypeScript strict mode with ESNext target and bundler moduleResolution
UseStructuredErrorfrom@agentuity/corefor error handling
Files:
packages/cli/src/types.tspackages/cli/src/cmd/dev/index.tspackages/cli/src/cmd/dev/api.ts
packages/cli/src/cmd/*/index.ts
📄 CodeRabbit inference engine (packages/cli/AGENTS.md)
packages/cli/src/cmd/*/index.ts: Each command must be a directory insrc/cmd/with anindex.tsfile as the main entry point
Always define interfaces for command options instead of usinganytype
Files:
packages/cli/src/cmd/dev/index.ts
packages/cli/src/cmd/**/*.ts
📄 CodeRabbit inference engine (packages/cli/AGENTS.md)
packages/cli/src/cmd/**/*.ts: Usetui.*helpers for formatted output instead of raw console logs
Usectx.loggerfor logging; calllogger.fatal()to log and exit with code 1
Files:
packages/cli/src/cmd/dev/index.tspackages/cli/src/cmd/dev/api.ts
🧠 Learnings (1)
📚 Learning: 2025-12-21T00:31:41.858Z
Learnt from: jhaynie
Repo: agentuity/sdk PR: 274
File: packages/cli/src/cmd/build/vite/server-bundler.ts:12-41
Timestamp: 2025-12-21T00:31:41.858Z
Learning: In Bun runtime, BuildMessage and ResolveMessage are global types and are not exported from the bun module. Do not import { BuildMessage } from 'bun' or similar; these types are available globally and should be used without import. This applies to all TypeScript files that target the Bun runtime within the repository.
Applied to files:
packages/cli/src/types.tspackages/cli/src/cmd/dev/index.tspackages/cli/src/cmd/dev/api.ts
🧬 Code graph analysis (2)
packages/cli/src/cmd/dev/index.ts (2)
packages/cli/src/cmd/dev/api.ts (1)
generateEndpoint(44-65)packages/cli/src/types.ts (1)
Config(68-68)
packages/cli/src/cmd/dev/api.ts (1)
packages/server/src/api/api.ts (1)
APIClient(90-678)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
- GitHub Check: Build
- GitHub Check: SDK Integration Test Suite
- GitHub Check: Playwright E2E Smoke Test
- GitHub Check: Cloud Deployment Tests
- GitHub Check: Sandbox CLI Tests
🔇 Additional comments (3)
packages/cli/src/cmd/dev/api.ts (2)
5-27: Key-related request/response schema updates look consistent.
OptionalpublicKey/privateKeyadditions fit the reuse flow and keep payloads flexible.
41-57: Endpoint upgrade and payload wiring look good.
The v3 path update and conditional publicKey inclusion align with the new API contract.packages/cli/src/cmd/dev/index.ts (1)
380-407: Config persistence flow for the private key looks coherent.
Decoding for reuse and re‑encoding on save keeps config consistency.
✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
/cli/devmode/2to/cli/devmode/3privateKeyin response and save base64-encoded to config--private-keyflag instead of--tokenprivateKeyoptional in response for key reuse scenariosSummary by CodeRabbit
New Features
Updates
✏️ Tip: You can customize this high-level summary in your review settings.