@agentuity/cli 0.1.24 → 0.1.26

package/src/cmd/build/patch/otel-llm.ts

@@ -0,0 +1,421 @@
+/**
+ * Build-time patches for OpenTelemetry LLM instrumentation.
+ *
+ * These patches wrap LLM SDK methods (OpenAI, Anthropic, etc.) with OTel spans
+ * at build time, since runtime instrumentation (traceloop) doesn't work with
+ * bundled code.
+ */
+import { type PatchModule } from './_util';
+
+interface OtelPatchConfig {
+	provider: string;
+	className: string;
+	inputTokensField: string;
+	outputTokensField: string;
+	/** Field path for response ID (e.g., 'id' for OpenAI) */
+	responseIdField?: string;
+	/** Field path for finish reason (e.g., 'choices[0].finish_reason' for OpenAI) */
+	finishReasonPath?: string;
+	/** Field path for response content (e.g., 'choices[0].message.content' for OpenAI) */
+	responseContentPath?: string;
+	/** Field name in request for messages (e.g., 'messages' for OpenAI) */
+	requestMessagesField?: string;
+	/** Field path for streaming delta content (e.g., 'choices[0].delta.content' for OpenAI) */
+	streamDeltaContentPath?: string;
+	/** Field path for streaming finish reason (e.g., 'choices[0].finish_reason' for OpenAI) */
+	streamFinishReasonPath?: string;
+	/** Field path for streaming usage in final chunk (e.g., 'usage' for OpenAI with stream_options) */
+	streamUsagePath?: string;
+}
+
+/**
+ * Generate the OTel wrapper code for LLM chat completions.
+ * This creates a span with GenAI semantic conventions.
+ */
+function generateChatCompletionsWrapper(config: OtelPatchConfig): string {
+	const {
+		provider,
+		className,
+		inputTokensField,
+		outputTokensField,
+		responseIdField = 'id',
+		finishReasonPath,
+		responseContentPath,
+		requestMessagesField = 'messages',
+		streamDeltaContentPath,
+		streamFinishReasonPath,
+		streamUsagePath = 'usage',
+	} = config;
+
+	// Generate code to extract nested field (e.g., 'choices[0].finish_reason')
+	const generateFieldAccess = (path: string | undefined, varName: string): string => {
+		if (!path) return 'undefined';
+		// Convert path like 'choices[0].finish_reason' to safe access
+		const parts = path.split('.');
+		let code = varName;
+		for (const part of parts) {
+			const match = part.match(/^(\w+)\[(\d+)\]$/);
+			if (match) {
+				code = `(${code}?.${match[1]}?.[${match[2]}])`;
+			} else {
+				code = `(${code}?.${part})`;
+			}
+		}
+		return code;
+	};
+
+	const finishReasonCode = generateFieldAccess(finishReasonPath, 'response');
+	const responseContentCode = generateFieldAccess(responseContentPath, 'response');
+	const streamDeltaCode = generateFieldAccess(streamDeltaContentPath, 'chunk');
+	const streamFinishCode = generateFieldAccess(streamFinishReasonPath, 'chunk');
+	const streamUsageCode = generateFieldAccess(streamUsagePath, 'chunk');
+
+	return `
+import * as _otel_api from '@opentelemetry/api';
+
+const _ATTR_GEN_AI_SYSTEM = 'gen_ai.system';
+const _ATTR_GEN_AI_REQUEST_MODEL = 'gen_ai.request.model';
+const _ATTR_GEN_AI_REQUEST_MAX_TOKENS = 'gen_ai.request.max_tokens';
+const _ATTR_GEN_AI_REQUEST_TEMPERATURE = 'gen_ai.request.temperature';
+const _ATTR_GEN_AI_REQUEST_TOP_P = 'gen_ai.request.top_p';
+const _ATTR_GEN_AI_REQUEST_FREQUENCY_PENALTY = 'gen_ai.request.frequency_penalty';
+const _ATTR_GEN_AI_REQUEST_PRESENCE_PENALTY = 'gen_ai.request.presence_penalty';
+const _ATTR_GEN_AI_RESPONSE_MODEL = 'gen_ai.response.model';
+const _ATTR_GEN_AI_RESPONSE_ID = 'gen_ai.response.id';
+const _ATTR_GEN_AI_RESPONSE_FINISH_REASONS = 'gen_ai.response.finish_reasons';
+const _ATTR_GEN_AI_USAGE_INPUT_TOKENS = 'gen_ai.usage.input_tokens';
+const _ATTR_GEN_AI_USAGE_OUTPUT_TOKENS = 'gen_ai.usage.output_tokens';
+const _ATTR_GEN_AI_OPERATION_NAME = 'gen_ai.operation.name';
+const _ATTR_GEN_AI_REQUEST_MESSAGES = 'gen_ai.request.messages';
+const _ATTR_GEN_AI_RESPONSE_TEXT = 'gen_ai.response.text';
+
+const _otel_tracer = _otel_api.trace.getTracer('@agentuity/otel-llm', '1.0.0');
+
+function _wrapAsyncIterator(iterator, span, inputTokensField, outputTokensField) {
+	let contentChunks = [];
+	let finishReason = null;
+	let usage = null;
+	let model = null;
+	let responseId = null;
+
+	return {
+		[Symbol.asyncIterator]() {
+			return this;
+		},
+		async next() {
+			try {
+				const result = await iterator.next();
+				if (result.done) {
+					// Stream complete - finalize span
+					if (contentChunks.length > 0) {
+						span.setAttribute(_ATTR_GEN_AI_RESPONSE_TEXT, contentChunks.join(''));
+					}
+					if (finishReason) {
+						span.setAttribute(_ATTR_GEN_AI_RESPONSE_FINISH_REASONS, JSON.stringify([finishReason]));
+					}
+					if (model) {
+						span.setAttribute(_ATTR_GEN_AI_RESPONSE_MODEL, model);
+					}
+					if (responseId) {
+						span.setAttribute(_ATTR_GEN_AI_RESPONSE_ID, responseId);
+					}
+					if (usage) {
+						if (usage[inputTokensField] !== undefined) {
+							span.setAttribute(_ATTR_GEN_AI_USAGE_INPUT_TOKENS, usage[inputTokensField]);
+						}
+						if (usage[outputTokensField] !== undefined) {
+							span.setAttribute(_ATTR_GEN_AI_USAGE_OUTPUT_TOKENS, usage[outputTokensField]);
+						}
+					}
+					span.setStatus({ code: _otel_api.SpanStatusCode.OK });
+					span.end();
+					return result;
+				}
+
+				const chunk = result.value;
+				
+				// Capture model and id from first chunk
+				if (chunk.model && !model) {
+					model = chunk.model;
+				}
+				if (chunk.id && !responseId) {
+					responseId = chunk.id;
+				}
+
+				// Capture delta content
+				const deltaContent = ${streamDeltaCode};
+				if (deltaContent) {
+					contentChunks.push(deltaContent);
+				}
+
+				// Capture finish reason
+				const chunkFinishReason = ${streamFinishCode};
+				if (chunkFinishReason) {
+					finishReason = chunkFinishReason;
+				}
+
+				// Capture usage (usually in final chunk with stream_options)
+				const chunkUsage = ${streamUsageCode};
+				if (chunkUsage) {
+					usage = chunkUsage;
+				}
+
+				return result;
+			} catch (error) {
+				span.setStatus({ code: _otel_api.SpanStatusCode.ERROR, message: error?.message });
+				span.recordException(error);
+				span.end();
+				throw error;
+			}
+		},
+		async return(value) {
+			span.setStatus({ code: _otel_api.SpanStatusCode.OK });
+			span.end();
+			if (iterator.return) {
+				return iterator.return(value);
+			}
+			return { done: true, value };
+		},
+		async throw(error) {
+			span.setStatus({ code: _otel_api.SpanStatusCode.ERROR, message: error?.message });
+			span.recordException(error);
+			span.end();
+			if (iterator.throw) {
+				return iterator.throw(error);
+			}
+			throw error;
+		}
+	};
+}
+
+function _wrapStream(stream, span, inputTokensField, outputTokensField) {
+	// Get the original iterator
+	const originalIterator = stream[Symbol.asyncIterator]();
+	const wrappedIterator = _wrapAsyncIterator(originalIterator, span, inputTokensField, outputTokensField);
+	
+	// Return a proxy that wraps the async iterator but preserves other properties/methods
+	return new Proxy(stream, {
+		get(target, prop) {
+			if (prop === Symbol.asyncIterator) {
+				return () => wrappedIterator;
+			}
+			// Preserve other stream methods like tee(), toReadableStream(), etc.
+			const value = target[prop];
+			if (typeof value === 'function') {
+				return value.bind(target);
+			}
+			return value;
+		}
+	});
+}
+
+// Safely patch the class if it exists
+let _original_create;
+try {
+	if (typeof ${className} === 'undefined' || !${className}.prototype || typeof ${className}.prototype.create !== 'function') {
+		console.debug('[Agentuity OTel] Skipping patch: ${className}.prototype.create not found or not a function');
+	} else {
+		_original_create = ${className}.prototype.create;
+		${className}.prototype.create = _agentuity_otel_create;
+	}
+} catch (e) {
+	console.debug('[Agentuity OTel] Failed to patch ${className}:', e?.message || e);
+}
+
+function _agentuity_otel_create(body, options) {
+	// If patching failed, _original_create won't be set - this shouldn't happen but handle gracefully
+	if (!_original_create) {
+		throw new Error('[Agentuity OTel] ${className}.prototype.create was not properly patched');
+	}
+	const attributes = {
+		[_ATTR_GEN_AI_SYSTEM]: '${provider}',
+		[_ATTR_GEN_AI_OPERATION_NAME]: 'chat',
+	};
+
+	if (body.model) {
+		attributes[_ATTR_GEN_AI_REQUEST_MODEL] = body.model;
+	}
+	if (body.max_tokens) {
+		attributes[_ATTR_GEN_AI_REQUEST_MAX_TOKENS] = body.max_tokens;
+	}
+	if (body.temperature !== undefined) {
+		attributes[_ATTR_GEN_AI_REQUEST_TEMPERATURE] = body.temperature;
+	}
+	if (body.top_p !== undefined) {
+		attributes[_ATTR_GEN_AI_REQUEST_TOP_P] = body.top_p;
+	}
+	if (body.frequency_penalty !== undefined) {
+		attributes[_ATTR_GEN_AI_REQUEST_FREQUENCY_PENALTY] = body.frequency_penalty;
+	}
+	if (body.presence_penalty !== undefined) {
+		attributes[_ATTR_GEN_AI_REQUEST_PRESENCE_PENALTY] = body.presence_penalty;
+	}
+
+	// Capture request messages
+	if (body.${requestMessagesField} && Array.isArray(body.${requestMessagesField})) {
+		try {
+			attributes[_ATTR_GEN_AI_REQUEST_MESSAGES] = JSON.stringify(body.${requestMessagesField});
+		} catch (e) {
+			// Ignore serialization errors
+		}
+	}
+
+	const spanName = body.model ? \`chat \${body.model}\` : 'chat';
+
+	return _otel_tracer.startActiveSpan(spanName, { attributes, kind: _otel_api.SpanKind.CLIENT }, (span) => {
+		let result;
+		try {
+			result = _original_create.call(this, body, options);
+		} catch (error) {
+			span.setStatus({ code: _otel_api.SpanStatusCode.ERROR, message: error?.message });
+			span.recordException(error);
+			span.end();
+			throw error;
+		}
+
+		// Handle streaming responses
+		if (body.stream) {
+			// Result is a Promise that resolves to a Stream
+			if (result && typeof result.then === 'function') {
+				return result.then((stream) => {
+					try {
+						return _wrapStream(stream, span, '${inputTokensField}', '${outputTokensField}');
+					} catch (error) {
+						span.setStatus({ code: _otel_api.SpanStatusCode.ERROR, message: error?.message });
+						span.recordException(error);
+						span.end();
+						throw error;
+					}
+				}).catch((error) => {
+					span.setStatus({ code: _otel_api.SpanStatusCode.ERROR, message: error?.message });
+					span.recordException(error);
+					span.end();
+					throw error;
+				});
+			}
+			// Result is already a Stream - wrap in try/catch for synchronous failures
+			try {
+				return _wrapStream(result, span, '${inputTokensField}', '${outputTokensField}');
+			} catch (error) {
+				span.setStatus({ code: _otel_api.SpanStatusCode.ERROR, message: error?.message });
+				span.recordException(error);
+				span.end();
+				throw error;
+			}
+		}
+
+		// Handle non-streaming responses
+		if (result && typeof result.then === 'function') {
+			return result.then((response) => {
+				if (response) {
+					if (response.model) {
+						span.setAttribute(_ATTR_GEN_AI_RESPONSE_MODEL, response.model);
+					}
+					if (response.${responseIdField}) {
+						span.setAttribute(_ATTR_GEN_AI_RESPONSE_ID, response.${responseIdField});
+					}
+					if (response.usage) {
+						if (response.usage.${inputTokensField} !== undefined) {
+							span.setAttribute(_ATTR_GEN_AI_USAGE_INPUT_TOKENS, response.usage.${inputTokensField});
+						}
+						if (response.usage.${outputTokensField} !== undefined) {
+							span.setAttribute(_ATTR_GEN_AI_USAGE_OUTPUT_TOKENS, response.usage.${outputTokensField});
+						}
+					}
+					// Extract finish reason
+					const finishReason = ${finishReasonCode};
+					if (finishReason) {
+						span.setAttribute(_ATTR_GEN_AI_RESPONSE_FINISH_REASONS, JSON.stringify([finishReason]));
+					}
+					// Extract response content
+					const responseContent = ${responseContentCode};
+					if (responseContent) {
+						span.setAttribute(_ATTR_GEN_AI_RESPONSE_TEXT, responseContent);
+					}
+				}
+				span.setStatus({ code: _otel_api.SpanStatusCode.OK });
+				span.end();
+				return response;
+			}).catch((error) => {
+				span.setStatus({ code: _otel_api.SpanStatusCode.ERROR, message: error?.message });
+				span.recordException(error);
+				span.end();
+				throw error;
+			});
+		}
+
+		span.end();
+		return result;
+	});
+}
+`;
+}
+
+export function generatePatches(): Map<string, PatchModule> {
+	const patches = new Map<string, PatchModule>();
+
+	// OpenAI Chat Completions - patch resources/chat/completions/completions.mjs
+	patches.set('openai:otel', {
+		module: 'openai',
+		filename: 'resources/chat/completions/completions',
+		body: {
+			after: generateChatCompletionsWrapper({
+				provider: 'openai',
+				className: 'Completions',
+				inputTokensField: 'prompt_tokens',
+				outputTokensField: 'completion_tokens',
+				responseIdField: 'id',
+				finishReasonPath: 'choices[0].finish_reason',
+				responseContentPath: 'choices[0].message.content',
+				requestMessagesField: 'messages',
+				streamDeltaContentPath: 'choices[0].delta.content',
+				streamFinishReasonPath: 'choices[0].finish_reason',
+				streamUsagePath: 'usage',
+			}),
+		},
+	});
+
+	// Anthropic Messages - patch resources/messages.mjs
+	patches.set('@anthropic-ai/sdk:otel', {
+		module: '@anthropic-ai/sdk',
+		filename: 'resources/messages',
+		body: {
+			after: generateChatCompletionsWrapper({
+				provider: 'anthropic',
+				className: 'Messages',
+				inputTokensField: 'input_tokens',
+				outputTokensField: 'output_tokens',
+				responseIdField: 'id',
+				finishReasonPath: 'stop_reason',
+				responseContentPath: 'content[0].text',
+				requestMessagesField: 'messages',
+				streamDeltaContentPath: 'delta.text',
+				streamFinishReasonPath: 'delta.stop_reason',
+				streamUsagePath: 'usage',
+			}),
+		},
+	});
+
+	// Groq Chat Completions - patch resources/chat/completions.mjs
+	patches.set('groq-sdk:otel', {
+		module: 'groq-sdk',
+		filename: 'resources/chat/completions',
+		body: {
+			after: generateChatCompletionsWrapper({
+				provider: 'groq',
+				className: 'Completions',
+				inputTokensField: 'prompt_tokens',
+				outputTokensField: 'completion_tokens',
+				responseIdField: 'id',
+				finishReasonPath: 'choices[0].finish_reason',
+				responseContentPath: 'choices[0].message.content',
+				requestMessagesField: 'messages',
+				streamDeltaContentPath: 'choices[0].delta.content',
+				streamFinishReasonPath: 'choices[0].finish_reason',
+				streamUsagePath: 'x_groq.usage',
+			}),
+		},
+	});
+
+	return patches;
+}

package/src/cmd/cloud/db/create.ts

@@ -16,10 +16,10 @@ export const createSubcommand = defineSubcommand({
 	idempotent: false,
 	requires: { auth: true, org: true, region: true },
 	examples: [
-		{ command: getCommand('cloud db create'), description: 'Create new item' },
+		{ command: getCommand('cloud db create'), description: 'Create new database' },
 		{ command: getCommand('cloud db new'), description: 'Run new command' },
-		{ command: getCommand('cloud db create --name my-db'), description: 'Create new item' },
-		{ command: getCommand('--dry-run cloud db create'), description: 'Create new item' },
+		{ command: getCommand('cloud db create --name my-db'), description: 'Create new database' },
+		{ command: getCommand('--dry-run cloud db create'), description: 'Create new database' },
 	],
 	schema: {
 		options: z.object({

package/src/cmd/cloud/deploy.ts

@@ -33,12 +33,14 @@ import {
 	projectDeploymentUpdate,
 	projectDeploymentComplete,
 	projectDeploymentStatus,
+	projectDeploymentMalwareCheck,
 	validateResources,
 	type Deployment,
 	type BuildMetadata,
 	type DeploymentInstructions,
 	type DeploymentComplete,
 	type DeploymentStatusResult,
+	type MalwareCheckResult,
 	getAppBaseURL,
 } from '@agentuity/server';
 import {
@@ -51,11 +53,12 @@ import { zipDir } from '../../utils/zip';
 import { encryptFIPSKEMDEMStream } from '../../crypto/box';
 import { getCommand } from '../../command-prefix';
 import * as domain from '../../domain';
-import { ErrorCode } from '../../errors';
+import { ErrorCode, getExitCode } from '../../errors';
 import { typecheck } from '../build/typecheck';
 import { BuildReportCollector, setGlobalCollector, clearGlobalCollector } from '../../build-report';
 import { runForkedDeploy } from './deploy-fork';
 import { validateAptDependencies } from '../../utils/apt-validator';
+import { extractDependencies } from '../../utils/deps';
 
 const DeploymentCancelledError = StructuredError(
 	'DeploymentCancelled',
@@ -167,6 +170,7 @@ export const deploySubcommand = createSubcommand({
 		let instructions: DeploymentInstructions | undefined;
 		let complete: DeploymentComplete | undefined;
 		let statusResult: DeploymentStatusResult | undefined;
+		let malwareCheckPromise: Promise<MalwareCheckResult | null> | undefined;
 		const logs: string[] = [];
 
 		const sdkKey = await loadProjectSDKKey(ctx.logger, ctx.projectDir);
@@ -326,6 +330,35 @@ export const deploySubcommand = createSubcommand({
 			}
 		}
 
+		// Start malware check async (runs in parallel with build)
+		if (deployment) {
+			malwareCheckPromise = (async () => {
+				try {
+					logger.debug('Starting malware dependency check');
+					const packages = await extractDependencies(projectDir, logger);
+					if (packages.length === 0) {
+						logger.debug('No packages to check for malware');
+						return null;
+					}
+					logger.debug('Checking %d packages for malware', packages.length);
+					const result = await projectDeploymentMalwareCheck(
+						apiClient,
+						deployment!.id,
+						packages
+					);
+					logger.debug(
+						'Malware check complete: action=%s, flagged=%d',
+						result.action,
+						result.summary.flagged
+					);
+					return result;
+				} catch (error) {
+					logger.warn('Malware check failed: %s', error);
+					return null;
+				}
+			})();
+		}
+
 		try {
 			await saveProjectDir(projectDir);
 
@@ -528,6 +561,49 @@ export const deploySubcommand = createSubcommand({
 							}
 						},
 					},
+					{
+						label: 'Security Scan',
+						run: async () => {
+							if (!malwareCheckPromise) {
+								return stepSkipped('malware check not started');
+							}
+
+							const result = await malwareCheckPromise;
+							if (!result) {
+								return stepSkipped('malware check unavailable');
+							}
+
+							if (result.action === 'block' && result.findings.length > 0) {
+								if (opts.reportFile) {
+									for (const finding of result.findings) {
+										collector.addGeneralError(
+											'deploy',
+											`Malicious package: ${finding.name}@${finding.version} (${finding.reason})`
+										);
+									}
+									await collector.forceWrite();
+								}
+
+								const packageList = result.findings
+									.map((f) => `• ${f.name}@${f.version} (${f.reason})`)
+									.join('\n');
+
+								// Pause step UI to cleanly render error box
+								pauseStepUI(true);
+
+								tui.newline();
+								tui.errorBox(
+									'Malicious Packages Detected',
+									`Your deployment was blocked because it contains known malicious packages:\n\n${packageList}\n\nRemove these packages from your project and try again.`
+								);
+								tui.newline();
+
+								process.exit(getExitCode(ErrorCode.MALWARE_DETECTED));
+							}
+
+							return stepSuccess([`Scanned ${result.summary.scanned} packages`]);
+						},
+					},
 					{
 						label: 'Encrypt and Upload Deployment',
 						run: async (stepCtx: StepContext) => {

package/src/cmd/cloud/env/pull.ts

@@ -56,6 +56,7 @@ export const pullSubcommand = createSubcommand({
 
 		let cloudEnv: Record<string, string>;
 		let scope: 'project' | 'org';
+		let cloudApiKey: string | undefined;
 
 		if (useOrgScope) {
 			// Organization scope
@@ -70,6 +71,7 @@ export const pullSubcommand = createSubcommand({
 
 			cloudEnv = { ...orgData.env, ...orgData.secrets };
 			scope = 'org';
+			cloudApiKey = undefined; // Orgs don't have api_key
 		} else {
 			// Project scope
 			if (!project) {
@@ -84,31 +86,16 @@ export const pullSubcommand = createSubcommand({
 
 			cloudEnv = { ...projectData.env, ...projectData.secrets };
 			scope = 'project';
-
-			// Write AGENTUITY_SDK_KEY to .env if present and missing locally (project scope only)
-			if (projectData.api_key) {
-				const dotEnvPath = join(projectDir, '.env');
-				const dotEnv = await readEnvFile(dotEnvPath);
-
-				if (!dotEnv.AGENTUITY_SDK_KEY) {
-					dotEnv.AGENTUITY_SDK_KEY = projectData.api_key;
-					await writeEnvFile(dotEnvPath, dotEnv, {
-						addComment: (key) => {
-							if (key === 'AGENTUITY_SDK_KEY') {
-								return 'AGENTUITY_SDK_KEY is a sensitive value and should not be committed to version control.';
-							}
-							return null;
-						},
-					});
-					tui.info(`Wrote AGENTUITY_SDK_KEY to ${dotEnvPath}`);
-				}
-			}
+			cloudApiKey = projectData.api_key;
 		}
 
 		// Target file is always .env
 		const targetEnvPath = await findExistingEnvFile(projectDir);
 		const localEnv = await readEnvFile(targetEnvPath);
 
+		// Preserve local AGENTUITY_SDK_KEY before writing (since it will be skipped in the first write)
+		const localSdkKey = localEnv.AGENTUITY_SDK_KEY;
+
 		// Merge: cloud values override local if force=true, otherwise keep local
 		let mergedEnv: Record<string, string>;
 		if (opts?.force) {
@@ -124,6 +111,29 @@ export const pullSubcommand = createSubcommand({
 			skipKeys: Object.keys(mergedEnv).filter(isReservedAgentuityKey),
 		});
 
+		// Restore AGENTUITY_SDK_KEY to .env (cloud is source of truth, fallback to local)
+		// The key was removed by the write above since it's in skipKeys, so we need to restore it
+		const dotEnvPath = join(projectDir, '.env');
+		const dotEnv = await readEnvFile(dotEnvPath);
+
+		// Cloud is source of truth: use cloud api_key if available, otherwise fallback to local
+		// For org scope, only restore if local key exists (orgs don't have api_key)
+		const sdkKeyToWrite = cloudApiKey || localSdkKey;
+		if (sdkKeyToWrite) {
+			dotEnv.AGENTUITY_SDK_KEY = sdkKeyToWrite;
+			await writeEnvFile(dotEnvPath, dotEnv, {
+				addComment: (key) => {
+					if (key === 'AGENTUITY_SDK_KEY') {
+						return 'AGENTUITY_SDK_KEY is a sensitive value and should not be committed to version control.';
+					}
+					return null;
+				},
+			});
+			if (cloudApiKey && cloudApiKey !== localSdkKey) {
+				tui.info(`Wrote AGENTUITY_SDK_KEY to ${dotEnvPath}`);
+			}
+		}
+
 		const count = Object.keys(cloudEnv).length;
 		const scopeLabel = useOrgScope ? 'organization' : 'project';
 		tui.success(

package/src/cmd/cloud/eval-run/list.ts

@@ -127,7 +127,11 @@ export const listSubcommand = createSubcommand({
 					Agent: r.agentIdentifier || '-',
 					Success: r.success ? '✓' : '✗',
 					Pending: r.pending ? '⏳' : '✓',
-					Reason: reason ? (reason.length > 30 ? reason.substring(0, 27) + '...' : reason) : '-',
+					Reason: reason
+						? reason.length > 30
+							? reason.substring(0, 27) + '...'
+							: reason
+						: '-',
 					Created: new Date(r.createdAt).toLocaleString(),
 				};
 			});

package/src/cmd/cloud/queue/dlq.ts

@@ -67,16 +67,17 @@ const listDlqSubcommand = createSubcommand({
 				tui.info('No messages in dead letter queue');
 			} else {
 				const tableData = result.messages.map((m: DeadLetterMessage) => {
-						const timestamp = m.moved_at ?? m.original_published_at ?? m.published_at ?? m.created_at;
-						return {
-							ID: m.id.substring(0, 8) + '...',
-							Offset: m.offset,
-							Reason: m.failure_reason?.substring(0, 30) || 'Unknown',
-							Attempts: m.delivery_attempts,
-							'Failed At': timestamp ? new Date(timestamp).toLocaleString() : 'N/A',
-						};
-					});
-					tui.table(tableData, ['ID', 'Offset', 'Reason', 'Attempts', 'Failed At']);
+					const timestamp =
+						m.moved_at ?? m.original_published_at ?? m.published_at ?? m.created_at;
+					return {
+						ID: m.id.substring(0, 8) + '...',
+						Offset: m.offset,
+						Reason: m.failure_reason?.substring(0, 30) || 'Unknown',
+						Attempts: m.delivery_attempts,
+						'Failed At': timestamp ? new Date(timestamp).toLocaleString() : 'N/A',
+					};
+				});
+				tui.table(tableData, ['ID', 'Offset', 'Reason', 'Attempts', 'Failed At']);
 			}
 		}