CS-10615: Reimplement boxel profile command

[FadhlanR]

Summary

• Port boxel profile command from standalone boxel-cli into monorepo at packages/boxel-cli
• Add ProfileManager class for CRUD operations on ~/.boxel-cli/profiles.json (0600 perms)
• Subcommands: list, add (interactive wizard), switch (partial match), remove, migrate (from .env)
• 22 unit tests covering all ProfileManager operations + environment helpers

Test plan

• pnpm --filter @cardstack/boxel-cli test — 24 tests pass
• pnpm --filter @cardstack/boxel-cli build — builds successfully
• pnpm --filter @cardstack/boxel-cli lint — no errors

🤖 Generated with Claude Code

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1d9086f986

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[habdelra]

Review: CS-10615 — Reimplement boxel profile command

Overall: Solid foundation for profile management. This is the right first step toward CS-10642's full auth lifecycle.

Key concerns (8 inline comments):

1. Realm server URL inference from matrix URL — getActiveCredentials() guesses realmServerUrl from matrixUrl hostname patterns when env vars are used. This is fragile and inconsistent with migrateFromEnv() which correctly requires REALM_SERVER_URL explicitly. Recommend removing the inference.

2. Duplicate helper functions — getEnvironmentLabel and getEnvironmentShortLabel are identical implementations.

3. Singleton configDir confusion — getProfileManager(configDir?) caches the first instance and silently ignores configDir on subsequent calls.

4. migrateFromEnv no-op on existing profiles — Silently returns without updating credentials if profile already exists.

5. Terminal cleanup in promptPassword — Raw mode may not be restored on unexpected errors.

6. Duplicated ANSI constants — Same color codes defined in both profile.ts and profile-manager.ts.

7. I would like to see a happy path test against a real realm server. consider leveraging testing infra from the packages/realm-server/tests so that we can spin up a real realm server that we can test against and assert that auth works against an actual realm server.

Phase 2 alignment (CS-10642): The Profile interface and async method signatures are well-positioned for extension with server tokens, per-realm JWTs, and auto-refresh. The getActiveCredentials() method is the natural evolution point for the programmatic BoxelAuth API. Inline comment on the interface details what fields will be needed.

[Copilot]

Pull request overview

Ports the boxel profile command into the monorepo’s @cardstack/boxel-cli, adding a local profile storage layer and CLI UX to manage Matrix/realm credentials across environments.

Changes:

• Added ProfileManager + helper utilities for reading/writing ~/.boxel-cli/profiles.json with restrictive permissions.
• Implemented boxel profile subcommands (list/add/switch/remove/migrate) including interactive prompting.
• Added unit tests for ProfileManager behavior and environment parsing helpers.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File	Description
packages/boxel-cli/src/lib/profile-manager.ts	Implements profile config persistence, credential selection, and migration from env vars.
packages/boxel-cli/src/commands/profile.ts	Adds CLI subcommand routing + interactive/non-interactive profile workflows.
packages/boxel-cli/src/index.ts	Wires the new profile command into the CLI entrypoint and loads dotenv.
packages/boxel-cli/tests/commands/profile.test.ts	Adds unit tests covering ProfileManager operations and helper functions.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[habdelra]

@FadhlanR you still did not address my point about having a test against a real realm server

[habdelra]

it sounds like @jurgenwerk is working on this. can you merge his branch into this once he gets to a good place and then include those tests?

[jurgenwerk]

Yeah #4368 should have the test helpers for spinning up a realm server so that the CLI can test against it. The mentioned PR is not finished yet but you can check and see if you can make it work in this branch. That part should already be functional as I am seeing my tests pass in the CI

[FadhlanR]

Currently the boxel profile command only stores the username and password in ~/.boxel-cli/profiles.json without doing any authentication to the realm server or realm, so I don't think a test against a real realm server is needed for this command, unless we want to change the behavior to perform authentication (e.g., store a JWT) as part of this PR.

I think we can merge this PR as-is so we can unblock other boxel CLI command PRs, including Matic's PR that introduces authentication against the realm server. We will change the auth behavior in CS-10642, the happy path test against a real realm server would fit naturally there, when the profile command evolves to manage tokens. What do you think @habdelra?

[habdelra]

that seems fair. we can tackle dealing with tokens in CS-10642