[DX-961] Fix auth keys commands --app flag to resolve app names to IDs

[umair-ably]

Summary by CodeRabbit

Release Notes

• New Features

  • The --app flag in key management commands now accepts app names in addition to app IDs for easier reference.

• Improvements

  • Enhanced app resolution logic with better error handling when no app is specified.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cli-web-cli	Ready	Preview, Comment	Mar 13, 2026 4:06pm

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: b0bc49d1-1664-4bd3-9fb2-a80f16e52677

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

This pull request refactors app ID handling across authentication key commands by replacing manual app-id retrieval and validation logic with calls to a common requireAppId() helper function. It also updates flag descriptions to indicate that the --app flag accepts both app IDs and names, and introduces a test helper mockAppResolution() to support testing the new resolution flow.

Changes

Cohort / File(s)	Summary
CLI Flag Documentation README.md	Updated --app flag description in help text to indicate it accepts "The app ID or name" instead of just "The app ID", maintaining the default behavior.
Auth Keys Commands src/commands/auth/keys/create.ts, current.ts, list.ts, revoke.ts, switch.ts, update.ts	Replaced manual appId retrieval and validation with requireAppId(flags) calls. Updated flag descriptions to reflect that --app accepts app ID or name. Removed explicit null checks and failure paths, delegating app resolution to the shared helper.
Auth Keys Commands (Complex Resolution) src/commands/auth/keys/get.ts	Added logic to resolve appId from --app flag via resolveAppIdFromNameOrId(), derive appId from key identifier when in APP_ID.KEY_ID format, and fall back to requireAppId(flags) if still unresolved. Updated control flow to initialize appId as undefined and conditionally populate it through multiple resolution paths.
Test Helper test/helpers/control-api-test-helpers.ts	Introduced new exported helper function mockAppResolution(appId: string) that mocks the app resolution flow by stubbing GET /v1/me and GET /v1/accounts/{accountId}/apps endpoints.
Auth Keys Tests test/unit/commands/auth/keys/create.test.ts, revoke.test.ts, update.test.ts	Added mockAppResolution(appId) calls before API interactions to simulate app resolution. Updated error expectations from "No app specified" to "No apps found" in scenarios without mocked app resolution.
Auth Keys Tests (Enhanced) test/unit/commands/auth/keys/current.test.ts, switch.test.ts	Added test setup hooks and imports for app resolution mocking. Updated error handling tests to mock the app-resolution flow and assert the new error message "No apps found".
Auth Keys Tests (Comprehensive) test/unit/commands/auth/keys/get.test.ts, list.test.ts	Added mockAppResolution() calls across multiple test cases. Introduced new test case validating app name-to-ID resolution. Extended error scenarios to mock app-resolution endpoints and updated expected error messages to match the new resolution logic.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 With whiskers twitching at each refactored line,
We bundle up app IDs, both name and ID combine,
The helper does the heavy lifting now with grace,
While tests dance merrily through mocked resolution's space,
Clean code hops forward—no manual checks to trace! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: enabling the --app flag in auth keys commands to resolve app names to IDs, which is the core functional improvement across all modified command files.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch DX-961-app-flag

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[umair-ably]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[Copilot]

Pull request overview

This PR updates the auth:keys:* CLI commands to allow --app to accept either an app ID or an app name, centralizing app selection via requireAppId() and updating unit tests/docs accordingly.

Changes:

• Switch key commands to use requireAppId() for app selection (enabling app name → ID resolution via Control API).
• Add a reusable mockAppResolution() test helper and update unit tests to mock the new resolution flow.
• Update README/help text to document --app as “ID or name”.

Reviewed changes

Copilot reviewed 16 out of 16 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
src/commands/auth/keys/create.ts	Uses requireAppId() so --app can be a name or ID.
src/commands/auth/keys/current.ts	Uses requireAppId() so --app can be a name or ID.
src/commands/auth/keys/get.ts	Resolves --app via name→ID (but currently after auth-info display).
src/commands/auth/keys/list.ts	Uses requireAppId() for name→ID resolution (but currently after auth-info display).
src/commands/auth/keys/revoke.ts	Uses requireAppId() for consistent app selection / name support.
src/commands/auth/keys/switch.ts	Uses requireAppId() for consistent app selection / name support.
src/commands/auth/keys/update.ts	Uses requireAppId() for consistent app selection / name support.
test/helpers/control-api-test-helpers.ts	Adds mockAppResolution() helper for app-resolution-related nock mocks.
test/unit/commands/auth/keys/*.test.ts	Updates tests to mock app resolution flow and adjusts expectations.
README.md	Updates flag docs to “app ID or name”.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

test/unit/commands/auth/keys/list.test.ts (1)

86-122: Cover the non-matching app-name branch too.

These additions protect the happy path (--app MyApp) and the empty-account path (No apps found), but resolveAppIdFromNameOrId() also has a separate user-facing failure when apps exist and none match the supplied name. Adding a --app MissingApp case here would keep that branch covered as well.

Also applies to: 171-189

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/unit/commands/auth/keys/list.test.ts` around lines 86 - 122, Add a test
that covers the "apps exist but none match the supplied name" branch by calling
the same command flow used in the existing test but passing a non-existent app
name (e.g., ["auth:keys:list", "--app", "MissingApp"]). Reuse the same mocked
/v1/me and /v1/accounts/:accountId/apps responses (returning appsReply with
MyApp) and assert that the CLI prints the user-facing failure message produced
by resolveAppIdFromNameOrId (the "no matching app" / "No apps matching" style
error), instead of proceeding to /v1/apps/:appId/keys; ensure you do not mock
the keys endpoint for this case and verify stderr/stdout contains the expected
error text.

test/unit/commands/auth/keys/current.test.ts (1)

1-7: Prefer the shared unit-test cleanup instead of adding a file-local afterEach.

This hook duplicates lifecycle work that the suite already centralizes in test/unit/setup.ts, and it makes this file an exception to the standard unit-test pattern.

🧹 Suggested cleanup

-import { describe, it, expect, afterEach } from "vitest";
+import { describe, it, expect } from "vitest";
@@
-import {
-  mockAppResolution,
-  controlApiCleanup,
-} from "../../../../helpers/control-api-test-helpers.js";
+import { mockAppResolution } from "../../../../helpers/control-api-test-helpers.js";
@@
-  afterEach(() => {
-    controlApiCleanup();
-  });
-

Based on learnings, "Per-file afterEach cleanup hooks are not needed for unit tests because the global setup resets all mock state before every test."

Also applies to: 15-17

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/unit/commands/auth/keys/current.test.ts` around lines 1 - 7, Remove the
file-local afterEach cleanup hook and its import from this test (the afterEach
import from "vitest" and the per-file call that invokes controlApiCleanup),
relying on the shared global cleanup in test/unit/setup.ts; find and delete the
afterEach(...) usage and any direct calls to controlApiCleanup inside this file,
and remove the now-unused afterEach import so the file follows the standard
global unit-test lifecycle.

test/unit/commands/auth/keys/update.test.ts (1)

90-118: Exercise --app with an app name here, not the resolved ID.

This still passes appId into --app, so it only proves the command can re-resolve an ID. The regression this PR is fixing is resolving a name and then patching /v1/apps/{resolvedId}/keys/...; if the implementation accidentally used flags.app downstream, this test would still stay green.

🧪 Minimal test tweak

-    it("should update key with --app flag", async () => {
+    it("should update key when --app is an app name", async () => {
       const appId = getMockConfigManager().getCurrentAppId()!;
       mockAppResolution(appId);
@@
       const { stdout } = await runCommand(
-        ["auth:keys:update", mockKeyId, "--app", appId, "--name=UpdatedName"],
+        ["auth:keys:update", mockKeyId, "--app", "Test App", "--name=UpdatedName"],
         import.meta.url,
       );

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@test/unit/commands/auth/keys/update.test.ts` around lines 90 - 118, The test
currently passes the resolved app ID into the CLI via the --app flag, so change
it to pass an app name instead: create a const appName (a human-readable name)
and keep appId as the resolved ID; call mockAppResolution(appName, appId) or
mockAppResolution(appId) adjusted to map the name to the ID, leave mockKeysList
and the nock patch targeting appId, and invoke runCommand with
["auth:keys:update", mockKeyId, "--app", appName, "--name=UpdatedName"]; update
assertions if they reference the input flag value. Reference symbols:
getMockConfigManager(), mockAppResolution(...), mockKeysList(...),
runCommand(...), mockKeyId.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/commands/auth/keys/update.ts`:
- Around line 43-52: The code calls requireAppId(flags) before validating flags
and outside the existing try/catch, which can cause remote app resolution errors
to surface instead of local validation failures; move the call to
requireAppId(flags) so it runs after local validation of --name/--capabilities
and inside the existing try/catch/error wrapper used by keyUpdate (i.e., defer
app resolution after parseKeyIdentifier(args.keyName) and after validation, then
call requireAppId(flags) within the try block and use this.fail(...) on errors),
and apply the same change for the similar block referenced around the other
occurrence (lines ~54-61) to ensure all fallible lookups are wrapped.

---

Nitpick comments:
In `@test/unit/commands/auth/keys/current.test.ts`:
- Around line 1-7: Remove the file-local afterEach cleanup hook and its import
from this test (the afterEach import from "vitest" and the per-file call that
invokes controlApiCleanup), relying on the shared global cleanup in
test/unit/setup.ts; find and delete the afterEach(...) usage and any direct
calls to controlApiCleanup inside this file, and remove the now-unused afterEach
import so the file follows the standard global unit-test lifecycle.

In `@test/unit/commands/auth/keys/list.test.ts`:
- Around line 86-122: Add a test that covers the "apps exist but none match the
supplied name" branch by calling the same command flow used in the existing test
but passing a non-existent app name (e.g., ["auth:keys:list", "--app",
"MissingApp"]). Reuse the same mocked /v1/me and /v1/accounts/:accountId/apps
responses (returning appsReply with MyApp) and assert that the CLI prints the
user-facing failure message produced by resolveAppIdFromNameOrId (the "no
matching app" / "No apps matching" style error), instead of proceeding to
/v1/apps/:appId/keys; ensure you do not mock the keys endpoint for this case and
verify stderr/stdout contains the expected error text.

In `@test/unit/commands/auth/keys/update.test.ts`:
- Around line 90-118: The test currently passes the resolved app ID into the CLI
via the --app flag, so change it to pass an app name instead: create a const
appName (a human-readable name) and keep appId as the resolved ID; call
mockAppResolution(appName, appId) or mockAppResolution(appId) adjusted to map
the name to the ID, leave mockKeysList and the nock patch targeting appId, and
invoke runCommand with ["auth:keys:update", mockKeyId, "--app", appName,
"--name=UpdatedName"]; update assertions if they reference the input flag value.
Reference symbols: getMockConfigManager(), mockAppResolution(...),
mockKeysList(...), runCommand(...), mockKeyId.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ad8e1b59-cd3b-455f-809a-37f7956f74ee

📥 Commits

Reviewing files that changed from the base of the PR and between fc7c4c6 and 0a7d471.

📒 Files selected for processing (16)

• README.md
• src/commands/auth/keys/create.ts
• src/commands/auth/keys/current.ts
• src/commands/auth/keys/get.ts
• src/commands/auth/keys/list.ts
• src/commands/auth/keys/revoke.ts
• src/commands/auth/keys/switch.ts
• src/commands/auth/keys/update.ts
• test/helpers/control-api-test-helpers.ts
• test/unit/commands/auth/keys/create.test.ts
• test/unit/commands/auth/keys/current.test.ts
• test/unit/commands/auth/keys/get.test.ts
• test/unit/commands/auth/keys/list.test.ts
• test/unit/commands/auth/keys/revoke.test.ts
• test/unit/commands/auth/keys/switch.test.ts
• test/unit/commands/auth/keys/update.test.ts

[sacOO7]

@coderabbitai review