refactor: fetch api-key from .env and call agent token API

[pranalidhanavade]

What

• Refactor: fetch api-key from .env and call agent token API.
• Removed token extraction logic from container logs.

Summary by CodeRabbit

• Refactor

  • Provisioning and startup flows no longer extract, print, save, or return API tokens; responses now include only the agent endpoint.
  • Token-related files and side effects removed from provisioning and container startup processes.

• Chores

  • Token acquisition now uses AGENT_API_KEY at runtime.
  • Environment variables loaded via dotenv; AFJ_AGENT_TOKEN_PATH removed from sample env.

[coderabbitai]

Walkthrough

Removed all token-extraction and token-file creation from provisioning scripts and services. Provisioning now writes/reads only the agent endpoint (CONTROLLER_ENDPOINT). Agent spin-up and common utility use AGENT_API_KEY from environment to request a base token; no token JSON files are created, read, or deleted.

Changes

Cohort / File(s)	Summary of Changes
Provisioning scripts apps/agent-provisioning/AFJ/scripts/start_agent.sh, apps/agent-provisioning/AFJ/scripts/docker_start_agent.sh, apps/agent-provisioning/AFJ/scripts/fargate.sh, apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh	Removed log-parsing/token-extraction loops, removed creation/writing/printing of token JSON files. Scripts continue to generate endpoint and agent config but no longer emit or persist tokens.
Provisioning service apps/agent-provisioning/src/agent-provisioning.service.ts	Dropped token-file reads; consolidated existence check to endpoint file only; added JSON parse error handling; response now contains only CONTROLLER_ENDPOINT-derived agentEndPoint.
Agent service spin-up apps/agent-service/src/agent-service.service.ts	Changed call to getBaseAgentToken to use API key path (single-arg/api-key usage from env); removed token-file deletion logic after storing.
Common utilities libs/common/src/common.service.ts	Added dotenv.config(); getBaseAgentToken continues to POST to controller but now relies on env AGENT_API_KEY for Authorization; no exported signature changes.
Env samples .env.demo, .env.sample	Removed AFJ_AGENT_TOKEN_PATH entries from sample/demo env files to reflect removal of token-file usage.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant User
  participant ProvSvc as AgentProvisioningService
  participant Script as start_agent.sh
  participant FS as Filesystem
  participant AgentSvc as AgentService
  participant Common as CommonService
  participant Controller as ControllerEndpoint

  User->>ProvSvc: request agent start
  ProvSvc->>Script: run start script
  Script->>FS: write agent endpoint JSON (CONTROLLER_ENDPOINT)
  Note right of Script #f6f3d7: Token extraction/JSON creation removed
  ProvSvc->>FS: read endpoint JSON
  ProvSvc-->>User: return agentEndPoint

  User->>AgentSvc: request spin-up with agentEndPoint
  AgentSvc->>Common: getBaseAgentToken(agentEndPoint)
  Common->>Common: dotenv loads AGENT_API_KEY
  Common->>Controller: POST /token (Authorization: AGENT_API_KEY)
  Controller-->>Common: returns token
  Common-->>AgentSvc: base token
  AgentSvc-->>User: agent registered

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• feat: refactor agent endpoint for token #1375 — overlaps token-handling and provisioning script changes; likely touches the same token extraction and common service logic.

Suggested labels

feature

Suggested reviewers

• RinkalBhojani
• GHkrishna

Poem

I hopped through scripts where tokens used to hide,
Now endpoints stand clear and env keys are our guide.
No files to fetch, no logs to comb,
Just tidy paths so agents find home.
🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title concisely and accurately summarizes the main refactor of sourcing the API key from environment variables and calling the agent token endpoint instead of parsing logs, matching the changes across the scripts and services.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fetch-agent-token-via-api-in-credo-controller

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3ef3ca2 and a2d3986.

📒 Files selected for processing (2)

• apps/agent-provisioning/AFJ/scripts/fargate.sh (0 hunks)
• apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh (0 hunks)

💤 Files with no reviewable changes (2)

• apps/agent-provisioning/AFJ/scripts/fargate.sh
• apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

libs/common/src/common.service.ts (1)

311-325: Validate AGENT_API_KEY before use.

The AGENT_API_KEY is read from the environment without validation. If it's undefined or empty, it will be passed to the Authorization header, potentially causing unclear failures downstream.

Apply this diff to add validation:

 async getBaseAgentToken(agentEndPoint: string): Promise<string> {
   const normalizedBaseUrl = await this.normalizeUrlWithProtocol(agentEndPoint);
   this.logger.log(`Fetching base agent token from ${normalizedBaseUrl}`);
   const apikey = process.env.AGENT_API_KEY;
+  if (!apikey) {
+    throw new BadRequestException('AGENT_API_KEY environment variable is not configured');
+  }
   const agentBaseWalletDetils = await this.httpPost(`${normalizedBaseUrl}${CommonConstants.URL_AGENT_TOKEN}`, '', {
     headers: {
       Accept: 'application/json',
       Authorization: apikey
     }
   });
   if (!agentBaseWalletDetils) {
     throw new NotFoundException(ResponseMessages.common.error.fetchBaseWalletToken);
   }
   return agentBaseWalletDetils.token;
 }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6f4be27 and b023d21.

📒 Files selected for processing (4)

• apps/agent-provisioning/AFJ/scripts/start_agent.sh (0 hunks)
• apps/agent-provisioning/src/agent-provisioning.service.ts (2 hunks)
• apps/agent-service/src/agent-service.service.ts (1 hunks)
• libs/common/src/common.service.ts (2 hunks)

💤 Files with no reviewable changes (1)

• apps/agent-provisioning/AFJ/scripts/start_agent.sh

🔇 Additional comments (1)

apps/agent-service/src/agent-service.service.ts (1)

529-529: LGTM! Token retrieval now environment-based.

The updated call to getBaseAgentToken with a single argument correctly aligns with the refactored signature that retrieves the API key from environment variables.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/agent-provisioning/src/agent-provisioning.service.ts (1)

45-45: Validate AGENT_API_KEY before use
In apps/agent-provisioning/src/agent-provisioning.service.ts (line 45), add a guard to throw a clear error if process.env.AGENT_API_KEY is undefined instead of passing "undefined" to the shell script.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b023d21 and 117068f.

📒 Files selected for processing (1)

• apps/agent-provisioning/src/agent-provisioning.service.ts (2 hunks)

🔇 Additional comments (1)

apps/agent-provisioning/src/agent-provisioning.service.ts (1)

1-11: LGTM!

The import reorganization and dotenv configuration are clean and follow standard practices.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

libs/common/src/common.service.ts (1)

8-18: Prefer NestJS ConfigModule over dotenv for better DI and testing.

While dotenv.config() works, NestJS applications typically use @nestjs/config's ConfigModule for environment variable management. This provides better dependency injection, type safety, and testability.

Consider refactoring to use ConfigModule:

1. Install @nestjs/config if not already present:

npm install @nestjs/config

2. Import ConfigModule in your root module (e.g., app.module.ts):

import { ConfigModule } from '@nestjs/config';

@Module({
  imports: [
    ConfigModule.forRoot({
      isGlobal: true,
      cache: true,
    }),
    // other imports
  ],
})
export class AppModule {}

3. Inject ConfigService in CommonService:

import { ConfigService } from '@nestjs/config';

@Injectable()
export class CommonService {
  constructor(
    private readonly httpService: HttpService,
    private readonly configService: ConfigService
  ) {}
  
  // Use this.configService.get<string>('AGENT_API_KEY') instead of process.env.AGENT_API_KEY
}

This approach centralizes configuration, improves testing (easier to mock), and provides better type safety.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 117068f and 3ef3ca2.

📒 Files selected for processing (9)

• .env.demo (0 hunks)
• .env.sample (0 hunks)
• apps/agent-provisioning/AFJ/scripts/docker_start_agent.sh (1 hunks)
• apps/agent-provisioning/AFJ/scripts/fargate.sh (0 hunks)
• apps/agent-provisioning/AFJ/scripts/start_agent.sh (1 hunks)
• apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh (0 hunks)
• apps/agent-provisioning/src/agent-provisioning.service.ts (2 hunks)
• apps/agent-service/src/agent-service.service.ts (1 hunks)
• libs/common/src/common.service.ts (2 hunks)

💤 Files with no reviewable changes (4)

• apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh
• apps/agent-provisioning/AFJ/scripts/fargate.sh
• .env.sample
• .env.demo

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/agent-service/src/agent-service.service.ts

🔇 Additional comments (3)

apps/agent-provisioning/AFJ/scripts/docker_start_agent.sh (1)

228-240: Clean refactoring: token extraction removed successfully.

The endpoint file now contains only CONTROLLER_ENDPOINT, and all token-related logic has been removed. The refactoring aligns well with the PR objectives.

apps/agent-provisioning/src/agent-provisioning.service.ts (1)

59-79: Well done: addresses all previous review comments.

The implementation now includes:

1. Clear error messages with proper grammar
2. JSON parsing wrapped in try-catch with specific error handling
3. Validation for the presence of CONTROLLER_ENDPOINT
4. Appropriate logging at each step

The refactoring successfully removes token handling while maintaining robust endpoint parsing.

apps/agent-provisioning/AFJ/scripts/start_agent.sh (1)

231-243: Retain endpoint file creation—it's consumed by the service
The TypeScript service (apps/agent-provisioning/src/agent-provisioning.service.ts) reads and parses this JSON to extract CONTROLLER_ENDPOINT and will error if it’s missing. Removing this logic will break endpoint discovery.

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud