feat: discover cloud config during connect

[thymikee]

Summary

• allow plain agent-device connect to resolve cloud auth, fetch a connection profile, and write a generated local remote config
• keep generated profile files content-addressed so repeated plain connect calls are idempotent
• move profile materialization into a focused cloud connection profile module while preserving explicit --remote-config support

Validation

• pnpm exec oxfmt --write src/cli/cloud-connection-profile.ts src/cli/commands/connection.ts src/cli/commands/connection-runtime.ts src/cli/auth-session.ts src/cli/__tests__/auth-session.test.ts src/__tests__/remote-connection.test.ts src/utils/remote-config.ts
• pnpm typecheck
• pnpm lint
• pnpm test -- src/cli/__tests__/auth-session.test.ts src/__tests__/remote-connection.test.ts
• git diff --check

[github-actions]

PR Preview Action v1.8.1
🚀 View preview at https://callstackincubator.github.io/agent-device/pr-preview/pr-488/
Built to branch gh-pages at 2026-04-30 20:13 UTC. Preview will be ready when the GitHub Pages deployment is complete.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ab32593978

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Reuse prior auth instead of forcing a second device login

When --remote-config is omitted, this branch always calls resolveGeneratedCloudConnectFlags, which always calls loginWithDeviceAuth. In the normal CLI flow, resolveRemoteAuthForCli already runs before command dispatch (src/cli.ts) and may have just authenticated or refreshed a token based on daemonBaseUrl from env/config. The new unconditional login path can therefore trigger a second interactive auth (or fail in non-interactive shells) even when valid auth is already available, making connect without --remote-config unreliable for configured/automated environments.

Useful? React with 👍 / 👎.