[DX-261] Fix auth keys get formatting and add ABLY_API_KEY override warning

[umair-ably]

Summary

• Fix --app flag on all auth keys commands to resolve app names to IDs via requireAppId()/resolveAppIdFromNameOrId() instead of passing the value directly to the Control API URL
• Update --app flag descriptions to say "The app ID or name" where they previously said "The app ID"
• Add mockAppResolution() test helper for mocking the app name resolution flow
• Add test for app name-to-ID resolution in list.test.ts

Test plan

• pnpm prepare succeeds
• pnpm exec eslint . — 0 errors
• pnpm test:unit — all 1748 tests pass
• Verified --app "AppName" resolves correctly via new test case

Fixes #172

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
cli-web-cli	Ready	Preview, Comment	Mar 13, 2026 2:16am

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d9867e83-ed35-487c-ae8c-5410d38e632c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

Enhanced the auth:keys:get command to detect and display when ABLY_API_KEY environment variables override the current API key. Updated output formatting to use structured helpers and added progress feedback. Added corresponding test coverage for override scenarios.

Changes

Cohort / File(s)	Summary
Environment Override Detection src/commands/auth/keys/get.ts	Implemented detection of ABLY_API_KEY environment variable overrides, displaying warnings in human-readable output and including envKeyOverride data in JSON output. Updated output formatting using new helpers (formatHeading, formatLabel, formatWarning) and changed API key display flow from async to synchronous.
Test Coverage test/unit/commands/auth/keys/get.test.ts	Added comprehensive test suite for environment override scenarios, including cases where ABLY_API_KEY overrides the current key, matches the fetched key, or doesn't override. Tests validate warning messages and JSON output structure with envKeyOverride object.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A key override hops into view,
Environment whispers what to do,
Warnings displayed for all to see,
When env vars clash with API decree! 🔑✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the two main changes: formatting fixes to the auth keys get command output and the addition of an ABLY_API_KEY override warning feature.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch DX-261-get-keys

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[umair-ably]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/commands/auth/keys/get.ts (1)

119-127: Consider using logToStderr for warning output.

Per project conventions, warning messages should use this.logToStderr(formatWarning(...)) to avoid mixing warnings with stdout data when output is piped.

Proposed fix

         if (hasEnvOverride) {
-          this.log("");
-          this.log(
+          this.logToStderr("");
+          this.logToStderr(
             formatWarning(
               `ABLY_API_KEY environment variable is set to a different key (${envKeyPrefix}). ` +
                 `The env var overrides this key for product API commands.`,
             ),
           );
         }

Based on learnings: "Always use this.logToStderr(formatWarning('...')) for warning messages".

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/commands/auth/keys/get.ts` around lines 119 - 127, The warning block in
the get key command currently writes to stdout using this.log, which can pollute
piped output; change the calls that output the environment-override warning to
use this.logToStderr(formatWarning(...)) instead of this.log so warnings go to
stderr. Update the branch where hasEnvOverride is true (the code that references
envKeyPrefix and calls formatWarning) to call this.logToStderr for the blank
line and the formatted warning message, preserving the existing wording and use
of formatWarning.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/commands/auth/keys/get.ts`:
- Line 43: The call to this.showAuthInfoIfNeeded(flags) is missing an await,
causing possible output ordering issues and swallowed errors; update the call in
the get keys command to await this.showAuthInfoIfNeeded(flags) so the method
completes before continuing (ensuring any thrown errors propagate) — look for
the invocation of showAuthInfoIfNeeded in the get/keys flow and make it await
the async method.

---

Nitpick comments:
In `@src/commands/auth/keys/get.ts`:
- Around line 119-127: The warning block in the get key command currently writes
to stdout using this.log, which can pollute piped output; change the calls that
output the environment-override warning to use
this.logToStderr(formatWarning(...)) instead of this.log so warnings go to
stderr. Update the branch where hasEnvOverride is true (the code that references
envKeyPrefix and calls formatWarning) to call this.logToStderr for the blank
line and the formatted warning message, preserving the existing wording and use
of formatWarning.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 1c62105a-3a66-45b9-bd6b-8f8fe2e87c2d

📥 Commits

Reviewing files that changed from the base of the PR and between fc7c4c6 and 4f2ca65.

📒 Files selected for processing (2)

• src/commands/auth/keys/get.ts
• test/unit/commands/auth/keys/get.test.ts

[Copilot]

Pull request overview

This PR improves the auth keys get CLI command output formatting and adds detection + user-facing warnings when ABLY_API_KEY is set to a different key than the currently configured key (including JSON output support), with accompanying unit tests.

Changes:

• Add formatted, structured non-JSON output and a “Fetching key details” progress line.
• Detect ABLY_API_KEY overrides for the current key and surface a warning / envKeyOverride JSON field.
• Add unit tests covering warning/no-warning and JSON behavior, including env var setup/teardown.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
src/commands/auth/keys/get.ts	Adds formatted output and env override warning/JSON field for auth keys get.
test/unit/commands/auth/keys/get.test.ts	Adds tests for ABLY_API_KEY override warning behavior and JSON output.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[sacOO7]

We support env. first authentication ABLY_API_KEY, ABLY_TOKEN, ABLY_ACCESS_TOKEN as per #146.
So, for security reasons, we shouldn't be passing full key to any of the command

For keys get --help command

pnpm cli auth keys get --help

we get

USAGE
  $ ably auth keys get KEYNAMEORVALUE [-v] [--json | --pretty-json] [--app <value>]

ARGUMENTS
  KEYNAMEORVALUE  Key name (APP_ID.KEY_ID), key ID, key label (e.g. Root), or full key value to get details for

Since Full key will be visible on logs, ideally USAGE guide should be

USAGE
  $ ably auth keys get KEYNAME [-v] [--json | --pretty-json] [--app <value>]

ARGUMENTS
  KEYNAME  Key name is `KEY_ID` or `APP_ID.KEY_ID` or key label (e.g. Root)

Will share full auth keys security review 👍

[sacOO7]

LGTM