feat(cli): add projects support with --project flag and name resolution#147
feat(cli): add projects support with --project flag and name resolution#147hiroTamada wants to merge 11 commits intomainfrom
Conversation
Add global --project flag (and KERNEL_PROJECT_ID env var) that injects X-Kernel-Project-Id header to scope all API requests to a project. The flag accepts either a project ID or a project name — names are resolved via the projects list endpoint (case-insensitive). Also adds `kernel projects` subcommands: list, create, get, delete, get-limits, set-limits. Upgrades kernel-go-sdk to v0.48.0 for project endpoint support. Made-with: Cursor
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: PR modifies CLI functionality (packages/cli) and SDK dependencies, not kernel API endpoints (packages/api/cmd/api/) or Temporal workflows (packages/api/lib/temporal). To monitor this PR anyway, reply with |
Made-with: Cursor
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
- looksLikeCUID: require first character to be a letter (cuid2 spec) - FakeProxyService.CheckFunc: update type signature and delegation to include body parameter Made-with: Cursor
Reuse cuidRegex from browsers.go in looksLikeCUID and update the regex to require the first character to be a letter (matching the cuid2 spec). Made-with: Cursor
Previously negative values were silently discarded, reporting success without sending the value to the API. Made-with: Cursor
get, delete, get-limits, and set-limits now accept either a project ID or name. Names are resolved via the projects list endpoint, reusing the same resolveProjectByName helper as the --project global flag. Made-with: Cursor
The default page size could miss projects beyond the first page. Request a large limit to cover typical org sizes. Made-with: Cursor
Adopt the typed handler pattern for projects while preserving Cobra wiring, add nested limits subcommands with backward-compatible aliases, and standardize limits output behavior. Also support KERNEL_PROJECT precedence and paginate project name resolution to avoid missing matches outside the first page. Made-with: Cursor
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
masnwilliams
left a comment
masnwilliams
left a comment
There was a problem hiding this comment.
lgtm — all review comments addressed. typed handler pattern, nested limits subcommands, human-readable output, and KERNEL_PROJECT precedence all look good.
Remove name resolution from the global --project flag. The flag now passes the value directly as the X-Kernel-Project-Id header without attempting to resolve project names. The resolveProjectByName function is retained for explicit project subcommands (e.g. 'projects get <name>') where name lookup is expected.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit a20844d. Configure here.
|
|
||
| if projectVal != "" { | ||
| clientOpts = append(clientOpts, option.WithHeader("X-Kernel-Project-Id", projectVal)) | ||
| } |
There was a problem hiding this comment.
Global --project flag skips name-to-ID resolution
High Severity
The --project flag handler in PersistentPreRunE passes the raw projectVal directly into the X-Kernel-Project-Id header without calling resolveProjectArg or resolveProjectByName. When a user supplies a project name instead of an ID, the name string is sent verbatim as the header value rather than being resolved to an actual project ID. The resolveProjectByName function is defined in the same file but never wired into this code path, so the documented name-resolution behavior (CUID2 check, then list-and-match) doesn't occur for the global flag.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit a20844d. Configure here.
|
|
||
| if projectVal != "" { | ||
| clientOpts = append(clientOpts, option.WithHeader("X-Kernel-Project-Id", projectVal)) | ||
| } |
Projects is a brand new feature — KERNEL_PROJECT_ID was never in production, so there's no legacy to preserve. Only read KERNEL_PROJECT. Co-Authored-By: Claude Opus 4.7 <[email protected]>
|
Pushed a commit dropping the One other thing worth a quick check before merge: the PR description says the projectVal, _ := cmd.Flags().GetString("project")
projectVal = resolveProjectSelection(projectVal)
if projectVal != "" {
clientOpts = append(clientOpts, option.WithHeader("X-Kernel-Project-Id", projectVal))
}
So either:
Your test plan shows |
4 participants
Summary
--projectpersistent flag (andKERNEL_PROJECT_IDenv var) that injects theX-Kernel-Project-Idheader to scope all API requests to a specific projectkernel projectssubcommands:list,create,get,delete,get-limits,set-limitskernel-go-sdkto v0.48.0 for project endpoint support (also fixesProxyService.Checksignature change)How it works
When
--projectis provided:GET /projectsto list all projects, finds a case-insensitive name match, and injects the resolved IDTest plan
Tested against staging with a project-scoped API key:
--project "cli-test-project"(by name) — resolves correctly--project "CLI-TEST-PROJECT"(case-insensitive) — resolves correctly--project "g9vcya6unur84k70n0u8s9p9"(by ID) — works directly--project "nonexistent-project"— clear error messageKERNEL_PROJECT_ID="cli-test-project"env var with name — resolves correctly--projectwith scoped API key — auto-scopes via server middlewarekernel projects list/create/get/delete/get-limits/set-limits— all functionalMade with Cursor
Note
Medium Risk
Introduces a new global request-scoping mechanism via the
X-Kernel-Project-Idheader and adds project CRUD/limits commands, which can affect all API calls when enabled. Also bumps the Kernel SDK and adjusts proxy health-check calls to match the new SDK signature.Overview
Adds first-class project management to the CLI via a new
projectscommand group (list,create,get,delete, pluslimits get/setwith optional--output json) and validation for limit updates (rejects negative values, treats unset vs set viaInt64Flag).Introduces a global
--projectflag (orKERNEL_PROJECTenv var) that injectsX-Kernel-Project-Idinto all authenticated requests, plus project name → ID resolution via paginated project listing with clear errors for no/ambiguous matches.Updates CUID2 validation to require a leading letter, upgrades
github.com/kernel/kernel-go-sdktov0.48.0, and adapts proxy health-check wiring/tests to the SDK’s updatedChecksignature.Reviewed by Cursor Bugbot for commit 748bef4. Bugbot is set up for automated code reviews on this repo. Configure here.