@agentuity/cli 0.1.32 → 0.1.33

package/src/cmd/project/auth/init.ts

@@ -12,6 +12,7 @@ import {
 	generateAuthSchemaSql,
 	getGeneratedSqlDir,
 } from './shared';
+import { readEnvFile, writeEnvFile } from '../../../env-util';
 import enquirer from 'enquirer';
 import * as fs from 'fs';
 import * as path from 'path';
@@ -96,32 +97,23 @@ export const initSubcommand = createSubcommand({
 
 		const databaseName = dbInfo.name;
 
-		// Update .env with database URL
+		// Update .env with database URL using proper parsing
 		const envPath = path.join(projectDir, '.env');
-		let envContent = '';
-
-		if (fs.existsSync(envPath)) {
-			envContent = fs.readFileSync(envPath, 'utf-8');
-			if (!envContent.endsWith('\n') && envContent.length > 0) {
-				envContent += '\n';
-			}
-		}
+		const existingEnv = await readEnvFile(envPath);
 
 		// Check if DATABASE_URL already exists
-		const hasDatabaseUrl = envContent.match(/^DATABASE_URL=/m);
+		const hasDatabaseUrl = 'DATABASE_URL' in existingEnv;
 
 		if (dbInfo.url !== databaseUrl || !hasDatabaseUrl) {
 			if (hasDatabaseUrl) {
 				// DATABASE_URL exists, use AUTH_DATABASE_URL instead
-				envContent += `AUTH_DATABASE_URL="${dbInfo.url}"\n`;
-				fs.writeFileSync(envPath, envContent);
+				await writeEnvFile(envPath, { AUTH_DATABASE_URL: dbInfo.url });
 				tui.success('AUTH_DATABASE_URL added to .env');
 				tui.warning(
 					`DATABASE_URL already exists. Update your ${tui.bold('src/auth.ts')} to use AUTH_DATABASE_URL.`
 				);
 			} else {
-				envContent += `DATABASE_URL="${dbInfo.url}"\n`;
-				fs.writeFileSync(envPath, envContent);
+				await writeEnvFile(envPath, { DATABASE_URL: dbInfo.url });
 				tui.success('DATABASE_URL added to .env');
 			}
 		} else {
@@ -129,18 +121,14 @@ export const initSubcommand = createSubcommand({
 		}
 
 		// Add AGENTUITY_AUTH_SECRET if not present
-		// Re-read envContent to get latest state
-		envContent = fs.existsSync(envPath) ? fs.readFileSync(envPath, 'utf-8') : '';
-		if (!envContent.endsWith('\n') && envContent.length > 0) {
-			envContent += '\n';
-		}
+		// Re-read env to get latest state
+		const currentEnv = await readEnvFile(envPath);
 
 		const hasAuthSecret =
-			envContent.match(/^AGENTUITY_AUTH_SECRET=/m) || envContent.match(/^BETTER_AUTH_SECRET=/m);
+			'AGENTUITY_AUTH_SECRET' in currentEnv || 'BETTER_AUTH_SECRET' in currentEnv;
 		if (!hasAuthSecret) {
 			const devSecret = `dev-${crypto.randomUUID()}-CHANGE-ME`;
-			envContent += `AGENTUITY_AUTH_SECRET="${devSecret}"\n`;
-			fs.writeFileSync(envPath, envContent);
+			await writeEnvFile(envPath, { AGENTUITY_AUTH_SECRET: devSecret });
 			tui.success('AGENTUITY_AUTH_SECRET added to .env (development default)');
 			tui.warning(
 				`Replace ${tui.bold('AGENTUITY_AUTH_SECRET')} with a secure value before deploying.`

package/src/config.ts

@@ -809,14 +809,16 @@ export async function getDefaultRegion(
  * @param auth - Authentication data
  * @param profileName - Profile name (default: 'production')
  * @param orgId - Optional organization ID for CLI key authentication
+ * @param config - Optional config for region preference lookup
  */
 export async function getGlobalCatalystAPIClient(
 	logger: Logger,
 	auth: AuthData,
 	profileName = 'production',
-	orgId?: string
+	orgId?: string,
+	config?: Config | null
 ) {
-	const region = await getDefaultRegion(profileName);
+	const region = await getDefaultRegion(profileName, config);
 	return getCatalystAPIClient(logger, auth, region, orgId);
 }
 
@@ -828,6 +830,12 @@ export function getIONHost(config: Config | null, region: string) {
 	if (config?.name === 'local' || region === 'local') {
 		return 'ion.agentuity.io';
 	}
+	// Validate region is a non-empty string to prevent malformed hostnames
+	if (!region || typeof region !== 'string' || region.trim() === '') {
+		throw new Error(
+			`Invalid region: '${region}'. Region must be a non-empty string. Use --region flag to specify a valid region.`
+		);
+	}
 	return `ion-${region}.agentuity.cloud`;
 }
 

package/src/env-util.ts

@@ -149,7 +149,8 @@ export async function readEnvFile(path: string): Promise<EnvVars> {
 
 /**
  * Write environment variables to an .env file
- * Optionally skip certain keys (like AGENTUITY_SDK_KEY)
+ * By default, preserves existing keys that are not in the new vars.
+ * Use preserveExisting: false to completely overwrite the file.
  */
 export async function writeEnvFile(
 	path: string,
@@ -157,20 +158,36 @@ export async function writeEnvFile(
 	options?: {
 		skipKeys?: string[];
 		addComment?: (key: string) => string | null;
+		/**
+		 * When true (default), reads existing file first and merges with new vars.
+		 * New vars take priority for matching keys, but all existing keys are preserved.
+		 * When false, completely overwrites the file with only the provided vars.
+		 */
+		preserveExisting?: boolean;
 	}
 ): Promise<void> {
 	const skipKeys = options?.skipKeys || [];
+	const preserveExisting = options?.preserveExisting ?? true;
+
+	// If preserveExisting is true, read existing file and merge
+	let finalVars = vars;
+	if (preserveExisting) {
+		const existing = await readEnvFile(path);
+		// Merge: existing as base, new vars override
+		finalVars = { ...existing, ...vars };
+	}
+
 	const lines: string[] = [];
 
 	// Sort keys for consistent output
-	const sortedKeys = Object.keys(vars).sort();
+	const sortedKeys = Object.keys(finalVars).sort();
 
 	for (const key of sortedKeys) {
 		if (skipKeys.includes(key)) {
 			continue;
 		}
 
-		const value = vars[key];
+		const value = finalVars[key];
 
 		// Add comment if provided
 		if (options?.addComment) {

package/src/types.ts

@@ -24,7 +24,10 @@ export const ConfigSchema = zod.object({
 	devmode: zod
 		.object({
 			hostname: zod.string().optional().describe('Development mode hostname'),
-			privateKey: zod.string().optional().describe('Development mode private key (base64-encoded PEM)'),
+			privateKey: zod
+				.string()
+				.optional()
+				.describe('Development mode private key (base64-encoded PEM)'),
 		})
 		.optional()
 		.describe('Development mode configuration'),