feat: automate API key detection and enhance login flow

[greynewell]

This PR automates the detection and validation of API keys from environment variables and configuration files. It uses a new SQLite-based auth_cache to minimize redundant API calls by caching validation results for 24 hours. The uncompact auth login command now also automatically opens the Supermodel dashboard in the browser for a smoother user experience.

@claude please implement this

Summary by CodeRabbit

Release Notes

• New Features
  • Dashboard automatically opens in your default browser during login for seamless authentication
  • Authentication status is now cached for 24 hours, reducing server calls on subsequent sessions
  • API key validation occurs client-side before executing commands

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1c585c8 and c450f10.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (5)

• cmd/auth.go
• cmd/root.go
• go.mod
• internal/cache/store.go
• internal/config/config.go

---

Walkthrough

This PR adds authentication status caching to reduce redundant API calls during CLI command execution. It integrates browser-based dashboard access during login, validates API keys client-side, and persists authentication data (valid for 24 hours) to avoid repeated server validation checks.

Changes

Cohort / File(s)	Summary
Auth Command Flow cmd/auth.go, cmd/root.go	Introduces browser dashboard opening during login, client-side API key validation, and a new checkAuth pre-run hook on the root command. The root command now validates auth status before running, checking cache first and falling back to API validation with 5-second timeout if cache is stale.
Cache Infrastructure internal/cache/store.go	Adds new AuthStatus type and methods (GetAuthStatus, SetAuthStatus) to persist cached authentication data with LastValidatedAt timestamp. Bumps schema version to 2 and creates auth_cache table for storing API key hash and identity info.
Config Enhancement internal/config/config.go	Introduces APIKeyHash() method that computes SHA-256 hash of the API key for use as a cache lookup key.
Dependencies go.mod	Adds github.com/pkg/browser dependency for opening the dashboard URL in the user's browser.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CLI as CLI (auth.go)
    participant Browser as Browser/Dashboard
    participant API as Supermodel API
    participant Cache as Local Cache
    
    User->>CLI: Run login command
    CLI->>Browser: Open dashboard URL
    Browser->>User: Display login form
    User->>Browser: Enter API key
    Browser->>CLI: (user copies key)
    User->>CLI: Provide API key
    CLI->>API: Validate API key (5s timeout)
    API-->>CLI: Return authenticated identity
    CLI->>Cache: Store AuthStatus with Identity & Timestamp
    Cache-->>CLI: Cached ✓
    CLI-->>User: Authentication successful

Loading

sequenceDiagram
    participant User
    participant RootCmd as Root Command (root.go)
    participant Cache as Local Cache
    participant API as Supermodel API
    participant Config as Config
    
    User->>RootCmd: Execute CLI command
    RootCmd->>RootCmd: checkAuth() pre-run hook
    RootCmd->>Config: Load API key
    Config-->>RootCmd: API key value
    RootCmd->>Cache: GetAuthStatus(apiKeyHash)
    alt Cache hit & fresh (< 24h)
        Cache-->>RootCmd: Return cached AuthStatus
        RootCmd->>RootCmd: Use cached identity
    else Cache miss or stale
        RootCmd->>API: Validate API key (5s timeout)
        API-->>RootCmd: Return identity
        RootCmd->>Cache: SetAuthStatus with new data
        Cache-->>RootCmd: Updated ✓
    end
    RootCmd->>RootCmd: Proceed with command execution
    RootCmd-->>User: Command result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

---

🔐 A cache was born from auth's need,
To speed things up at lightning speed,
No more calls for every task—
Just 24 hours in the mask. 🎭✨

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch claude/auth-automation-20260303-1420

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}