Skip to content

revert(cli): route AI example enhancement through FAI (#16738)#16798

Merged
broady merged 2 commits into
mainfrom
devin/1782773461-revert-pr-16738
Jun 29, 2026
Merged

revert(cli): route AI example enhancement through FAI (#16738)#16798
broady merged 2 commits into
mainfrom
devin/1782773461-revert-pr-16738

Conversation

@devin-ai-integration

@devin-ai-integration devin-ai-integration Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Description

Reverts #16738 — routes CLI AI example enhancement back to the original fdr-lambda-docs endpoint.

Changes Made

  • Reverts faiClient.ts back to lambdaClient.ts
  • Restores the /v2/registry/ai/enhance-example endpoint path
  • Restores DEFAULT_FDR_LAMBDA_DOCS_ORIGIN origins for dev/prod
  • Restores lambda terminology in logs, errors, and tests

Testing

  • This is a clean git revert of the merge commit

Link to Devin session: https://app.devin.ai/sessions/1bd0b53881d349438cfaa60664e57c1f


Open in Devin Review

@devin-ai-integration

Copy link
Copy Markdown
Contributor Author

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment, CI, and merge conflict monitoring

@broady broady enabled auto-merge (squash) June 29, 2026 22:52
@devin-ai-integration devin-ai-integration Bot changed the title revert: feat(cli): route AI example enhancement through FAI (#16738) revert(cli): route AI example enhancement through FAI (#16738) Jun 29, 2026

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 3 potential issues.

Open in Devin Review

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚩 Missing changelog entry for CLI behavioral change

The CLAUDE.md for the CLI package states: "Every CLI change (packages/cli/ tree) must include an unreleased changelog entry." This PR modifies multiple files under packages/cli/ but does not include a changelog file under packages/cli/cli/changes/unreleased/. While this might be a WIP PR, the change is behavioral (switching from the FAI service to a Lambda, with a new API endpoint /v2/registry/ai/enhance-example), which would typically warrant at least an internal or chore type changelog entry.

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟨 Token value partially logged in debug output

The first 10 characters of the authentication token are logged at debug level (lambdaClient.ts:111), along with whether it starts with 'fern_'. While debug logs are typically not exposed to end users, this leaks a meaningful prefix of the secret token to any log sink that captures debug output, reducing the entropy an attacker needs to brute-force the token.

(Refers to lines 111-112)

Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

DEFAULT_VENUS_ORIGIN: "https://venus-dev2.buildwithfern.com",
DEFAULT_FDR_ORIGIN: "https://registry-dev2.buildwithfern.com",
DEFAULT_FAI_ORIGIN: "https://fai-dev2.buildwithfern.com",
DEFAULT_FDR_LAMBDA_DOCS_ORIGIN: "https://ykq45y6fvnszd35iv5yuuatkze0rpwuz.lambda-url.us-east-1.on.aws",

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Dev and prod builds both point to the same AI enhancement service, breaking environment isolation

The dev build now uses the same Lambda URL as production (build.dev.mjs:12), whereas every other service in that file (Auth0, Venus, FDR, Fiddle, Dashboard) uses a dev-specific URL, and the previous implementation had a separate dev URL (fai-dev2.buildwithfern.com vs fai.buildwithfern.com).

Impact: The dev CLI hits the production AI service instead of a dev instance, and JWT tokens from dev Venus may be rejected by the production Lambda, causing AI example enhancement to fail in the dev environment.

Mechanical inconsistency with environment URL pattern

In packages/cli/cli/build.dev.mjs, every other origin uses a dev-specific URL:

  • DEFAULT_VENUS_ORIGIN: "https://venus-dev2.buildwithfern.com" (build.dev.mjs:10)
  • DEFAULT_FDR_ORIGIN: "https://registry-dev2.buildwithfern.com" (build.dev.mjs:11)
  • DEFAULT_FIDDLE_ORIGIN: "https://fiddle-coordinator-dev2.buildwithfern.com" (build.dev.mjs:9)

But DEFAULT_FDR_LAMBDA_DOCS_ORIGIN uses the same URL as packages/cli/cli/build.prod.mjs:12:
https://ykq45y6fvnszd35iv5yuuatkze0rpwuz.lambda-url.us-east-1.on.aws

The old code at the same position in the diff had:

  • dev: DEFAULT_FAI_ORIGIN: "https://fai-dev2.buildwithfern.com"
  • prod: DEFAULT_FAI_ORIGIN: "https://fai.buildwithfern.com"

The JWT obtained from dev Venus (venus-dev2.buildwithfern.com) is then sent to the production Lambda via Authorization: Bearer ${jwt} at packages/cli/register/src/ai-example-enhancer/lambdaClient.ts:210. If the Lambda validates tokens against the prod Venus issuer, dev JWTs will be rejected.

Prompt for agents
The dev build config at packages/cli/cli/build.dev.mjs line 12 sets DEFAULT_FDR_LAMBDA_DOCS_ORIGIN to the same production Lambda URL as packages/cli/cli/build.prod.mjs line 12. Every other service in the dev config uses a dev-specific URL (e.g. venus-dev2, registry-dev2, fiddle-coordinator-dev2), and the old FAI service also had separate dev/prod URLs (fai-dev2.buildwithfern.com vs fai.buildwithfern.com). If a separate dev Lambda exists, update the dev build config to use the dev Lambda URL. If there is intentionally only one Lambda, add a comment explaining why, to avoid future confusion.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

Co-Authored-By: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
@broady broady merged commit d8636f5 into main Jun 29, 2026
72 checks passed
@broady broady deleted the devin/1782773461-revert-pr-16738 branch June 29, 2026 23:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant