revert(cli): route AI example enhancement through FAI (#16738)#16798
Conversation
This reverts commit cee773a.
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
There was a problem hiding this comment.
🚩 Missing changelog entry for CLI behavioral change
The CLAUDE.md for the CLI package states: "Every CLI change (packages/cli/ tree) must include an unreleased changelog entry." This PR modifies multiple files under packages/cli/ but does not include a changelog file under packages/cli/cli/changes/unreleased/. While this might be a WIP PR, the change is behavioral (switching from the FAI service to a Lambda, with a new API endpoint /v2/registry/ai/enhance-example), which would typically warrant at least an internal or chore type changelog entry.
Was this helpful? React with 👍 or 👎 to provide feedback.
There was a problem hiding this comment.
🟨 Token value partially logged in debug output
The first 10 characters of the authentication token are logged at debug level (lambdaClient.ts:111), along with whether it starts with 'fern_'. While debug logs are typically not exposed to end users, this leaks a meaningful prefix of the secret token to any log sink that captures debug output, reducing the entropy an attacker needs to brute-force the token.
(Refers to lines 111-112)
Was this helpful? React with 👍 or 👎 to provide feedback.
| DEFAULT_VENUS_ORIGIN: "https://venus-dev2.buildwithfern.com", | ||
| DEFAULT_FDR_ORIGIN: "https://registry-dev2.buildwithfern.com", | ||
| DEFAULT_FAI_ORIGIN: "https://fai-dev2.buildwithfern.com", | ||
| DEFAULT_FDR_LAMBDA_DOCS_ORIGIN: "https://ykq45y6fvnszd35iv5yuuatkze0rpwuz.lambda-url.us-east-1.on.aws", |
There was a problem hiding this comment.
🔴 Dev and prod builds both point to the same AI enhancement service, breaking environment isolation
The dev build now uses the same Lambda URL as production (build.dev.mjs:12), whereas every other service in that file (Auth0, Venus, FDR, Fiddle, Dashboard) uses a dev-specific URL, and the previous implementation had a separate dev URL (fai-dev2.buildwithfern.com vs fai.buildwithfern.com).
Impact: The dev CLI hits the production AI service instead of a dev instance, and JWT tokens from dev Venus may be rejected by the production Lambda, causing AI example enhancement to fail in the dev environment.
Mechanical inconsistency with environment URL pattern
In packages/cli/cli/build.dev.mjs, every other origin uses a dev-specific URL:
DEFAULT_VENUS_ORIGIN: "https://venus-dev2.buildwithfern.com"(build.dev.mjs:10)DEFAULT_FDR_ORIGIN: "https://registry-dev2.buildwithfern.com"(build.dev.mjs:11)DEFAULT_FIDDLE_ORIGIN: "https://fiddle-coordinator-dev2.buildwithfern.com"(build.dev.mjs:9)
But DEFAULT_FDR_LAMBDA_DOCS_ORIGIN uses the same URL as packages/cli/cli/build.prod.mjs:12:
https://ykq45y6fvnszd35iv5yuuatkze0rpwuz.lambda-url.us-east-1.on.aws
The old code at the same position in the diff had:
- dev:
DEFAULT_FAI_ORIGIN: "https://fai-dev2.buildwithfern.com" - prod:
DEFAULT_FAI_ORIGIN: "https://fai.buildwithfern.com"
The JWT obtained from dev Venus (venus-dev2.buildwithfern.com) is then sent to the production Lambda via Authorization: Bearer ${jwt} at packages/cli/register/src/ai-example-enhancer/lambdaClient.ts:210. If the Lambda validates tokens against the prod Venus issuer, dev JWTs will be rejected.
Prompt for agents
The dev build config at packages/cli/cli/build.dev.mjs line 12 sets DEFAULT_FDR_LAMBDA_DOCS_ORIGIN to the same production Lambda URL as packages/cli/cli/build.prod.mjs line 12. Every other service in the dev config uses a dev-specific URL (e.g. venus-dev2, registry-dev2, fiddle-coordinator-dev2), and the old FAI service also had separate dev/prod URLs (fai-dev2.buildwithfern.com vs fai.buildwithfern.com). If a separate dev Lambda exists, update the dev build config to use the dev Lambda URL. If there is intentionally only one Lambda, add a comment explaining why, to avoid future confusion.
Was this helpful? React with 👍 or 👎 to provide feedback.
Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Description
Reverts #16738 — routes CLI AI example enhancement back to the original
fdr-lambda-docsendpoint.Changes Made
faiClient.tsback tolambdaClient.ts/v2/registry/ai/enhance-exampleendpoint pathDEFAULT_FDR_LAMBDA_DOCS_ORIGINorigins for dev/prodTesting
git revertof the merge commitLink to Devin session: https://app.devin.ai/sessions/1bd0b53881d349438cfaa60664e57c1f