boxel cli: add boxel realm create command#4368
Draft
jurgenwerk wants to merge 25 commits intomainfrom
Draft
Conversation
Port profile management from standalone boxel-cli into monorepo. Adds ProfileManager class for CRUD operations on ~/.boxel-cli/profiles.json with subcommands: list, add, switch, remove, migrate. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Extract shared ANSI color constants to src/lib/colors.ts - Remove duplicate getEnvironmentShortLabel (keep getEnvironmentLabel) - Remove fragile realmServerUrl inference from matrixUrl hostname pattern - Return distinct result from migrateFromEnv for new vs existing profiles - Update existing profile password on re-migration - Add REALM_SERVER_URL to migrate command precheck - Remove configDir param from singleton getProfileManager() - Fix promptPassword raw mode cleanup with try/finally pattern - Reject unknown domains in addProfile without explicit URLs - Validate JSON shape in loadConfig() - Skip Windows-incompatible file permission test Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Wrap setup code in try/catch so raw mode is restored if anything throws between setRawMode(true) and the data handler. Pair stdin.resume() with stdin.pause() on cleanup to restore original flow state. Use reject() instead of throw for proper promise error propagation. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Implement the full realm creation flow in boxel-cli: - Matrix login → OpenID token → realm server token → POST /_create-realm - Store realm JWT in profile store for subsequent commands - Cache realm server token to skip auth round-trips on repeat calls - Auto re-auth on 401 when cached server token expires - Register new realm in Matrix account data (Boxel dashboard visibility) - Default random background and letter-based icon when not provided - Add realm token storage (realmTokens, realmServerToken) to ProfileManager Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove mocked unit tests (tests/commands/realm-create.test.ts) - Add integration tests that start their own realm server on port 4446 using realm-server test helpers (PostgreSQL + Synapse required) - Register a fresh Matrix user per test run for full auth flow testing - Add test:unit and test:integration scripts for split CI execution - Rename endpoint to realmName in create.ts for clarity - Add @cardstack/postgres devDependency and vitest realm-server alias Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Update CI job to start realm-server test services (PostgreSQL, Synapse, host-dist, prerenderer) before running integration tests - Split CI into test:unit (always) and test:integration (with services) - Use env-var defaults for PGHOST/PGPORT/PGUSER so CI and local both work Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The integration tests need the boxel_migrated_template database which is created by the realm-server's prepare-test-pg.sh script (separate Docker PostgreSQL on port 55436). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Mise sets PGPORT=5435 for the dev PG, which caused ${PGPORT:-55436}
to resolve to 5435 in CI. The test PG with boxel_migrated_template
is always on port 55436.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace inline env vars with a shell script that mirrors realm-server's run-qunit-with-test-pg.sh: prepare test PG, set PGPORT=55436, run tests, clean up on exit. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3 tasks
ProfileManager now owns the full auth flow: - getOrRefreshServerToken() — cached token or Matrix login → server token - refreshServerToken() — force re-auth (for 401 retry) - fetchAndStoreRealmTokens() — get realm JWTs and persist them - registerRealmInDashboard() — Matrix account data registration createRealm no longer imports or knows about Matrix login, OpenID tokens, or server session endpoints. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
authedFetch wraps fetch with automatic server token injection and 401 retry. createRealm now uses pm.authedFetch() instead of manually getting tokens and handling re-auth. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Reimplements the boxel realm create CLI command with a full Matrix-based auth flow, token persistence in the CLI profile store, and dashboard registration, plus adds integration test coverage and CI wiring to run those tests.
Changes:
- Added
boxel realm createcommand implementation and supporting Matrix/realm-server auth helpers. - Extended profile storage to cache realm JWTs and realm-server session tokens, with auto-refresh on 401.
- Added integration test harness (with test Postgres) and updated CI/workspace config to run integration tests.
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
packages/boxel-cli/src/commands/realm/create.ts |
Implements realm creation request + defaults + post-create token/dashboard steps |
packages/boxel-cli/src/commands/realm/index.ts |
Registers new realm command namespace |
packages/boxel-cli/src/index.ts |
Hooks realm command registration into CLI entrypoint |
packages/boxel-cli/src/lib/auth.ts |
Implements Matrix login → OpenID → realm server session + realm token/account-data helpers |
packages/boxel-cli/src/lib/profile-manager.ts |
Adds persisted realm token storage, cached server token, and authedFetch w/ refresh |
packages/boxel-cli/tests/integration/realm-create.test.ts |
Integration coverage for create + token caching behavior |
packages/boxel-cli/tests/helpers/integration.ts |
Starts test realm server + Synapse user registration + profile test utilities |
packages/boxel-cli/tests/helpers/setup-realm-server.ts |
Test logging setup for realm-server dependencies |
packages/boxel-cli/tests/scripts/run-integration-with-test-pg.sh |
Script to run integration suite with test PG lifecycle |
packages/boxel-cli/vitest.config.mjs |
Adds alias to realm-server test helpers + increases timeout |
packages/boxel-cli/tsconfig.json |
Excludes integration helpers/tests from tsc --noEmit typecheck |
packages/boxel-cli/package.json |
Adds postgres devDependency and splits unit vs integration test scripts |
.github/workflows/ci.yaml |
Runs CLI integration tests and restores test web assets artifact |
pnpm-lock.yaml |
Updates lockfile for new workspace dependency usage |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
packages/boxel-cli/tests/scripts/run-integration-with-test-pg.sh
Outdated
Show resolved
Hide resolved
- Import APP_BOXEL_REALMS_EVENT_TYPE from runtime-common instead of duplicating the string constant - Check PUT response in addRealmToMatrixAccountData and throw on failure - Preserve Request headers in authedFetch when input is a Request object - Allow iconURL to be undefined instead of sending empty string - Run integration tests single-forked to prevent port collisions - Add wait-on step in CI before running integration tests - Include boxel-cli in test-web-assets trigger condition Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
fetchAndStoreRealmToken now takes a specific realm URL and only persists that one token, instead of dumping every accessible realm token into profiles.json. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
wait-on is not a dependency of boxel-cli so npx can't find it. Replace with a simple curl polling loop. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
jurgenwerk
changed the title
boxel realm create commandboxel realm create command
CLI tests only need _create-realm and _realm-auth — no card rendering. Replacing the real prerenderer with a no-op stub avoids launching Chrome, which fails in CI and was the slowest part of the tests (~15s → ~2.4s). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
With the noop prerenderer, we don't need test-web-assets, host-dist, icons, prerender services, or the dev realm server. Just Matrix (for user registration/login) and the test PG (started by the integration test script). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
boxel realm createcommand with proper Matrix auth flow (login → OpenID → server token → create realm)~/.boxel-cli/profiles.json) so subsequent commands work without re-auth--background/--iconnot providedTest plan
🤖 Generated with Claude Code