fix(create-agents): sync template deps to CLI version after clone#2209
fix(create-agents): sync template deps to CLI version after clone#2209nick-inkeep wants to merge 1 commit intofeat/unify-env-generationfrom
Conversation
🦋 Changeset detectedLatest commit: 0d60b0e The changes in this PR will be included in the next version bump. This PR includes changesets to release 9 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
CI/CD Status NoteTwo CI failures are pre-existing (not caused by this PR):
Evidence: Main branch CI ( All checks relevant to this PR's scope pass:
|
There was a problem hiding this comment.
PR Review Summary
(0) Total Issues | Risk: Low
This is a well-scoped bug fix PR that addresses two real issues affecting the create-agents CLI onboarding experience:
- Template dependency sync: Smart fix to ensure
@inkeep/*dependencies in cloned templates match the CLI version, preventing version mismatch issues - Localhost URL consistency: Correct fix for cookie-based auth —
localhostand127.0.0.1are different origins forSameSite=Laxcookies
💭 Consider (2) 💭
Inline Comments:
- 💭 Consider:
utils.ts:52Add error handling togetCliVersion()for defensive robustness - 💭 Consider:
utils.test.ts:659Add error path test forsyncTemplateDependenciesto document error propagation behavior
Validation Notes
✅ Strengths of this PR:
- The localhost vs 127.0.0.1 fix is correct — this is a known browser security distinction for cookie origins
- The dependency sync approach (using CLI version) is simple and effective
- Good test coverage for the new functionality (4 tests for
syncTemplateDependencies, 2 for localhost assertions) - Manual integration testing documented in the PR description covers the path resolution concerns
- Changeset is correctly scoped as a patch release
✅ Code quality:
- Clean implementation with no bugs or security issues identified
- Uses existing patterns (
fs-extra,pathutilities) consistently - Both
getCliVersionandsyncTemplateDependenciesare simple and readable
✅ APPROVE
Summary: Clean bug fix PR with appropriate scope. The two "Consider" items are minor enhancements for defensive programming and test documentation — neither blocks merge. The core changes are correct and well-tested.
Discarded (4)
| Location | Issue | Reason Discarded |
|---|---|---|
utils.test.ts:28-45 |
Test mocks reduce confidence in path resolution | Manual integration testing documented in PR description addresses this; test-time mocking is appropriate for unit tests |
utils.test.ts:570 |
No test for peerDependencies exclusion |
Documentation concern only; current behavior is intentional and unlikely to regress |
utils.test.ts:662 |
Localhost tests don't cover "Next Steps" output | Cosmetic only; the functional behavior (cookie handling) depends on file contents, not printed messages |
utils.ts:48-52 |
Path resolution may fail in unusual contexts | PR author verified integration testing; the implementation follows standard ESM patterns |
Reviewers (3)
| Reviewer | Returned | Main Findings | Consider | While You're Here | Inline Comments | Pending Recs | Discarded |
|---|---|---|---|---|---|---|---|
pr-review-standards |
0 | 0 | 0 | 0 | 0 | 0 | 0 |
pr-review-tests |
5 | 0 | 1 | 0 | 1 | 0 | 3 |
pr-review-devops |
4 | 0 | 1 | 0 | 1 | 0 | 2 |
| Total | 9 | 0 | 2 | 0 | 2 | 0 | 5 |
de970a6 to
51527f2
Compare
There was a problem hiding this comment.
PR Review Summary
(0) Total Issues | Risk: Low
Delta Review (Re-review after 51527f2df)
This re-review validates the delta commit that addressed feedback from the prior review.
Changes since last review:
-
✅ Consider #1 — ADDRESSED: Added try-catch to
getCliVersion()with graceful fallback. The implementation correctly:- Wraps the file read in try-catch (lines 48-56)
- Returns empty string on failure
syncTemplateDependenciesalready guards withif (!cliVersion) return;to skip updates gracefully
-
ℹ️ Consider #2 — DECLINED (acceptable): Author declined adding an error path test for
syncTemplateDependencies, reasoning that testing natural error propagation fromfs-extradoesn't add meaningful value. This is a reasonable judgment call.
Validation
The delta commit is clean:
- No new bugs or issues introduced
- Error handling implementation matches the suggested pattern
- Behavior unchanged for happy path (version sync still works)
- Graceful degradation for edge cases (CLI continues working even if version detection fails)
✅ APPROVE
Summary: The delta addresses the accepted feedback cleanly. Both the original fixes (template dependency sync, localhost URLs) and the new defensive error handling are correct and well-implemented. Ready to merge.
Note: Unable to formally approve via GitHub API due to permissions. This review recommends approval.
Reviewers (0)
| Reviewer | Returned | Main Findings | Consider | While You're Here | Inline Comments | Pending Recs | Discarded |
|---|---|---|---|---|---|---|---|
| Delta review — no subagents dispatched | — | — | — | — | — | — | — |
Note: This is a delta review of a single-commit fix addressing prior feedback. No subagent reviewers were dispatched as the scope is minimal and the prior full review already approved the PR.
There was a problem hiding this comment.
PR Review Summary
(0) Total Issues | Risk: Low
Delta Review (Re-review after merge with main)
This re-review covers the delta since the last automated review at 51527f2df.
Changes since last review:
| Commit | Description |
|---|---|
8791f58d7 |
Merge branch 'main' — brought in version bumps (0.50.5 → 0.51.0) |
cb76f28b4 |
E2E test update — aligned test expectations with localhost fix |
Delta validation:
✅ E2E test alignment — The E2E test now correctly expects localhost URLs instead of 127.0.0.1:
manageApiUrlchanged fromhttp://127.0.0.1:3002tohttp://localhost:3002- Regex in
.envverification updated:127\.0\.0\.1→localhost - Comment updated to reflect the single "same domain for cookies" rationale (removed stale IPv6/IPv4 comment)
✅ Version bumps from main merge — Routine CHANGELOG.md and package.json updates (0.50.5 → 0.51.0)
This delta is trivial and correctly aligns the E2E test with the implementation changes that were already approved in the prior review.
✅ APPROVE
Summary: Clean delta — the E2E test now matches the localhost implementation fix. The prior full review approved this PR with 0 issues; this delta introduces no new concerns. Ready to merge. 🚀
Note: Unable to formally approve via GitHub API due to permissions. This review recommends approval.
Reviewers (0)
| Reviewer | Returned | Main Findings | Consider | While You're Here | Inline Comments | Pending Recs | Discarded |
|---|---|---|---|---|---|---|---|
| Delta review — no subagents dispatched | — | — | — | — | — | — | — |
Note: This is a trivial delta review (test alignment + version bumps from main merge). No subagent reviewers were dispatched as the scope is minimal and the prior full review already approved the PR with 0 issues.
After cloning the template via degit, reads the CLI's own package.json
version and updates all @inkeep/* deps in the template's package.json
to ^{cliVersion}. This prevents version mismatch when the template
hasn't been updated to match the latest CLI release.
Co-Authored-By: Claude Opus 4.6 <[email protected]>
cb76f28 to
0d60b0e
Compare
|
Closing in favor of a fresh PR with clean history stacked on #2212. |
There was a problem hiding this comment.
PR Review Summary
(0) Total Issues | Risk: Low
Full-Scope Review
This PR addresses two user-facing issues in the create-agents CLI:
-
Template dependency sync — After
degitclones the template,syncTemplateDependencies()now updates all@inkeep/*dependencies to^{cliVersion}, ensuring new users get compatible versions. -
Localhost URL fix — Changed all generated URLs from
127.0.0.1tolocalhostto fix cookie domain mismatch (SameSite=Laxcookies require same origin for auth to work between dashboard onlocalhost:3000and API onlocalhost:3002).
Review Findings
Four specialized reviewers were dispatched:
| Reviewer | Returned | Main | Consider | Discarded |
|---|---|---|---|---|
pr-review-standards |
0 | 0 | 0 | 0 |
pr-review-tests |
3 | 0 | 0 | 3 |
pr-review-consistency |
2 | 0 | 0 | 2 |
pr-review-devops |
0 | 0 | 0 | 0 |
| Total | 5 | 0 | 0 | 5 |
All findings were LOW confidence or documented intentional deviations:
- Test coverage gaps were flagged but are minor edge cases already covered by integration testing documented in the PR
- Consistency findings noted intentional deviations from inline secret generation (now delegated to
setup-dev)
Validation Notes
✅ Error handling — getCliVersion() has try-catch with graceful fallback (addressed in prior review feedback)
✅ Cookie domain fix — Correct solution for SameSite=Lax cookie behavior
✅ Secret generation — Appropriately delegated to generateSecrets() in setup-dev rather than inline in CLI
✅ Test coverage — 6 new tests for syncTemplateDependencies, 4 for env generation, E2E assertions updated
✅ Changeset — Correctly scoped as patch releases
✅ APPROVE
Summary: Clean implementation fixing two real user-facing issues. The template dependency sync and localhost URL changes are correct and well-tested. Prior review feedback (error handling in getCliVersion()) was addressed. Ready to merge. 🚀
Note: Unable to formally approve via GitHub API due to permissions. This review recommends approval.
Discarded (5)
| Location | Issue | Reason Discarded |
|---|---|---|
utils.test.ts |
Missing error path test for syncTemplateDependencies |
Declined by author — standard fs-extra error propagation doesn't need explicit testing |
utils.test.ts |
Missing test for empty CLI version | Covered by if (!cliVersion) return guard + documented in PR test plan |
utils.test.ts |
Mock-based tests reduce confidence | Integration testing documented in PR description validates real behavior |
setup.ts |
generateSecrets uses placeholder detection | Intentional design — allows user customization while generating secure defaults |
.env.example |
Secrets left as placeholders | Intentional — setup-dev generates secrets, not the CLI |
Reviewers (4)
| Reviewer | Returned | Main Findings | Consider | While You're Here | Inline Comments | Pending Recs | Discarded |
|---|---|---|---|---|---|---|---|
pr-review-standards |
0 | 0 | 0 | 0 | 0 | 0 | 0 |
pr-review-tests |
3 | 0 | 0 | 0 | 0 | 0 | 3 |
pr-review-consistency |
2 | 0 | 0 | 0 | 0 | 0 | 2 |
pr-review-devops |
0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 5 | 0 | 0 | 0 | 0 | 0 | 5 |
Ito Test Report ✅19 test cases ran. 19 passed. This test run verified the new ✅ Passed (19)
📋 View Recording |
Summary
create-agentsclones the template via degit,syncTemplateDependencies()reads the CLI's ownpackage.jsonversion and updates all@inkeep/*deps in the template to^{cliVersion}^0.50.3)feat/unify-env-generation) — scoped to only the dep sync logic, no overlap with env generation changesChanges
packages/create-agents/src/utils.tsgetCliVersion()— reads CLI's ownpackage.jsonversion viareadFileSync+fileURLToPath(import.meta.url), returns''on failuresyncTemplateDependencies(templatePath)— iteratesdependenciesanddevDependencies, updates any@inkeep/*entry to^{cliVersion}process.chdir(directoryPath)increateAgents()flowpackages/create-agents/src/__tests__/utils.test.tsnode:fsandnode:urlmocks (coexist with Unify .env generation between quickstart CLI and contributor flows #2212's existing mocks).changeset/meaningful-orange-kangaroo.md@inkeep/create-agentsWhat this does NOT touch
createEnvironmentFiles()(handled by Unify .env generation between quickstart CLI and contributor flows #2212)createInkeepConfig()(handled by Unify .env generation between quickstart CLI and contributor flows #2212)Test plan
tsc --noEmitpassesbiome lint --error-on-warningspassesbiome checkpasses🤖 Generated with Claude Code