feat(auth): support workspace env override#96
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
Summary by CodeRabbitRelease Notes
WalkthroughThe pull request introduces 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
9812132 to
937ac76
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/cli/src/controllers/auth.ts`:
- Around line 290-304: In the return object's workspaces array mapping, the
active flag is being set by comparing credentialWorkspaceId values, which
incorrectly marks all workspaces with null credentialWorkspaceId as active.
Since the active variable is always a reference from the localWorkspaces array
(from either resolveLocalWorkspaceIdOverride or the find call), replace the
property equality check `active?.credentialWorkspaceId ===
workspace.credentialWorkspaceId` with direct reference equality `active ===
workspace` to correctly identify the single active workspace.
In `@packages/cli/src/shell/command-runner.ts`:
- Around line 69-73: The error message for the "missing" reason case in the
authConfigInvalidError call is incorrectly describing it as "is set but empty",
which conflates two different failure modes. When error.reason === "missing",
the issue is that the provided workspace ID was not found or did not match any
available workspace, not that the environment variable itself is empty. Update
the error message returned in this branch to accurately describe the "missing"
case as a workspace ID lookup failure or mismatch, rather than an empty value
issue, so users receive correct remediation guidance.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 1a06369a-e8ef-49bf-9162-962bd8501eab
📒 Files selected for processing (11)
docs/product/command-spec.mdpackages/cli/src/adapters/token-storage.tspackages/cli/src/controllers/auth.tspackages/cli/src/lib/auth/client.tspackages/cli/src/lib/auth/guard.tspackages/cli/src/presenters/auth.tspackages/cli/src/shell/command-runner.tspackages/cli/src/shell/errors.tspackages/cli/tests/auth-real-mode.test.tspackages/cli/tests/auth.test.tspackages/cli/tests/token-storage.test.ts
937ac76 to
42062a8
Compare
There was a problem hiding this comment.
♻️ Duplicate comments (1)
packages/cli/src/shell/command-runner.ts (1)
73-77: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win
WorkspaceSelectionError("missing")is translated to the wrong user-facing error.This branch always reports
PRISMA_CLI_WORKSPACE_ID is set but empty, which conflates a generic missing workspace reference with a specific env-var-empty case.Suggested fix
if (error.reason === "missing") { - return authConfigInvalidError( - `${WORKSPACE_ID_ENV_VAR} is set but empty. Provide a workspace id from prisma-cli auth workspace list, or unset the variable.`, - ); + return workspaceNotAuthenticatedError(workspaceRef, { + workspaceIdOverride: fromWorkspaceIdOverride, + }); }🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/cli/src/shell/command-runner.ts` around lines 73 - 77, The error message in the branch checking `error.reason === "missing"` incorrectly assumes the cause is specifically that WORKSPACE_ID_ENV_VAR is set but empty, when this reason code represents a generic missing workspace reference. Update the message returned by the authConfigInvalidError call to accurately reflect the generic nature of the missing workspace error, or add additional logic to differentiate between the specific env-var-empty case and other missing workspace scenarios before reporting to the user.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Duplicate comments:
In `@packages/cli/src/shell/command-runner.ts`:
- Around line 73-77: The error message in the branch checking `error.reason ===
"missing"` incorrectly assumes the cause is specifically that
WORKSPACE_ID_ENV_VAR is set but empty, when this reason code represents a
generic missing workspace reference. Update the message returned by the
authConfigInvalidError call to accurately reflect the generic nature of the
missing workspace error, or add additional logic to differentiate between the
specific env-var-empty case and other missing workspace scenarios before
reporting to the user.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: c85c82d4-0c0d-45e4-a134-b54c06ebb967
📒 Files selected for processing (11)
docs/product/command-spec.mdpackages/cli/src/adapters/token-storage.tspackages/cli/src/controllers/auth.tspackages/cli/src/lib/auth/client.tspackages/cli/src/lib/auth/guard.tspackages/cli/src/presenters/auth.tspackages/cli/src/shell/command-runner.tspackages/cli/src/shell/errors.tspackages/cli/tests/auth-real-mode.test.tspackages/cli/tests/auth.test.tspackages/cli/tests/token-storage.test.ts
42062a8 to
f00852b
Compare
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/cli/src/controllers/auth.ts`:
- Around line 345-409: The `hasWorkspaceIdOverride()` function currently only
checks if the workspace ID environment variable is set, but does not account for
the service token which takes precedence when both are present. Modify the
`hasWorkspaceIdOverride()` function to return true only when the workspace ID
environment variable is defined AND the service token environment variable
(SERVICE_TOKEN_ENV_VAR) is not defined. This ensures that the next steps
generated by `buildAuthLoginNextSteps()`, `buildAuthLogoutNextSteps()`,
`buildWorkspaceUseNextSteps()`, and `buildWorkspaceLogoutNextSteps()` correctly
handle the case where both variables are set by not treating the workspace ID as
an override when a service token is present.
In `@packages/cli/tests/auth-real-mode.test.ts`:
- Around line 132-137: The assertion using expect.not.objectContaining only
verifies that the specific key-value pair PRISMA_CLI_WORKSPACE_ID with value
"wksp_old" is not present, but it allows the env var to be forwarded with a
different value. Change the assertion to explicitly verify that the
PRISMA_CLI_WORKSPACE_ID property is completely absent from the object passed to
readAuthState, rather than just checking that it doesn't match the old value.
This fix needs to be applied in both the readAuthState expectation and the
similar assertion at line 205.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 9bbc1585-3c82-45e1-893b-46d328dc2360
📒 Files selected for processing (11)
docs/product/command-spec.mdpackages/cli/src/adapters/token-storage.tspackages/cli/src/controllers/auth.tspackages/cli/src/lib/auth/client.tspackages/cli/src/lib/auth/guard.tspackages/cli/src/presenters/auth.tspackages/cli/src/shell/command-runner.tspackages/cli/src/shell/errors.tspackages/cli/tests/auth-real-mode.test.tspackages/cli/tests/auth.test.tspackages/cli/tests/token-storage.test.ts
f00852b to
dee25a5
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/cli/src/shell/errors.ts`:
- Around line 189-192: The summary for the WORKSPACE_AMBIGUOUS error code is too
specific and inaccurate when ambiguity originates from PRISMA_CLI_WORKSPACE_ID
(ID-based selection). Replace the summary field value from "Workspace name is
ambiguous" with a reference-neutral message that appropriately covers both
name-based and ID-based ambiguity scenarios without misleadingly suggesting the
ambiguity is specifically about the workspace name.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 07be49ba-6270-4930-8d06-b2574a41ccd7
📒 Files selected for processing (11)
docs/product/command-spec.mdpackages/cli/src/adapters/token-storage.tspackages/cli/src/controllers/auth.tspackages/cli/src/lib/auth/client.tspackages/cli/src/lib/auth/guard.tspackages/cli/src/presenters/auth.tspackages/cli/src/shell/command-runner.tspackages/cli/src/shell/errors.tspackages/cli/tests/auth-real-mode.test.tspackages/cli/tests/auth.test.tspackages/cli/tests/token-storage.test.ts
| code: "WORKSPACE_AMBIGUOUS", | ||
| domain: "auth", | ||
| summary: "Workspace name is ambiguous", | ||
| why: `Multiple authenticated workspaces matched "${workspaceRef}".`, |
There was a problem hiding this comment.
📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win
Use a neutral ambiguity summary for ID-override paths.
At Line 191, "Workspace name is ambiguous" is inaccurate when ambiguity comes from PRISMA_CLI_WORKSPACE_ID (ID-based selection). Prefer a reference-neutral summary to avoid misleading remediation context.
Suggested fix
- summary: "Workspace name is ambiguous",
+ summary: "Workspace reference is ambiguous",📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| code: "WORKSPACE_AMBIGUOUS", | |
| domain: "auth", | |
| summary: "Workspace name is ambiguous", | |
| why: `Multiple authenticated workspaces matched "${workspaceRef}".`, | |
| code: "WORKSPACE_AMBIGUOUS", | |
| domain: "auth", | |
| summary: "Workspace reference is ambiguous", | |
| why: `Multiple authenticated workspaces matched "${workspaceRef}".`, |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/cli/src/shell/errors.ts` around lines 189 - 192, The summary for the
WORKSPACE_AMBIGUOUS error code is too specific and inaccurate when ambiguity
originates from PRISMA_CLI_WORKSPACE_ID (ID-based selection). Replace the
summary field value from "Workspace name is ambiguous" with a reference-neutral
message that appropriately covers both name-based and ID-based ambiguity
scenarios without misleadingly suggesting the ambiguity is specifically about
the workspace name.
Summary
PRISMA_CLI_WORKSPACE_IDas a process-local OAuth workspace selector, withPRISMA_SERVICE_TOKENremaining highest priorityauth login, auto-login, full logout, or interactiveauth workspace userecoveryauth login,auth workspace use, and logout outputs include env-aware next steps for agentsExamples
Use a locally authenticated workspace for one command without changing the stored active workspace:
Switch the stored active workspace for normal CLI usage:
Use the interactive picker when no workspace id/name is provided:
List cached OAuth workspaces with ids for troubleshooting or agent use:
Remove one cached OAuth workspace session:
Recover from a stale env override by choosing another stored workspace:
unset PRISMA_CLI_WORKSPACE_ID prisma-cli auth workspace useBehavior Notes
PRISMA_SERVICE_TOKENwins overPRISMA_CLI_WORKSPACE_IDand stored OAuth sessions.PRISMA_CLI_WORKSPACE_IDmatches workspace ids/canonical ids, not workspace names.PRISMA_CLI_WORKSPACE_IDdoes not mutate the stored active workspace pointer, so parallel agents can target different workspaces without fighting over shared local state.auth workspace usecan still recover from a stale override when no workspace argument is provided.Testing
pnpm --filter @prisma/cli testpnpm --recursive exec tsc --noEmitpnpm lintgit diff --checkNote:
pnpm lintexits 0, but the repo still prints existing warning/info diagnostics outside this change.