feat(cli): surface env-var credentials in logout and whoami#1363
Merged
Conversation
login already warns when CHECKLY_API_KEY/CHECKLY_ACCOUNT_ID are set, since they override any persisted session. logout and whoami stayed silent, so clearing the local session or running whoami after logout still looked authenticated with no explanation. Extract login's message into common-messages and reuse it so logout warns that env vars keep you authenticated, and whoami notes when the account is resolved from the environment.
oclif's this.warn() word-wraps the message and prefixes continuation lines with ` › `, splitting "still authenticated through them" across a line break. Strip the markers and collapse whitespace before matching so the assertion is independent of terminal width.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR improves auth-command transparency in the CLI by surfacing when credentials are coming from CHECKLY_API_KEY / CHECKLY_ACCOUNT_ID (including via .env), which can override the persisted login session and make logout/whoami behavior confusing.
Changes:
- Extracted the shared “env credentials configured” sentence into
common-messages.tsand reused it inlogin,logout, andwhoami. - Updated
whoamito print an explicit stdout note when the active account is resolved from environment credentials. - Updated
logoutto warn (stderr) that the user remains authenticated via environment credentials after clearing the local session; adjusted e2e assertions accordingly.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| packages/cli/src/messages/common-messages.ts | Adds a shared message for “env credentials configured” to keep wording consistent across commands. |
| packages/cli/src/commands/whoami.ts | Appends a note when env vars are driving authentication instead of a checkly login session. |
| packages/cli/src/commands/logout.ts | Warns after clearing local session if env vars still keep the user authenticated. |
| packages/cli/src/commands/login.ts | Reuses the shared env-credentials warning message without changing behavior. |
| packages/cli/e2e/tests/whoami.spec.ts | Asserts the new env-credentials note appears in whoami output. |
| packages/cli/e2e/tests/logout.spec.ts | Updates assertions to expect a warning on stderr when env vars are configured. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Match the substring style used by the login e2e instead of normalizing oclif's line wrapping. "authenticated" appears only in the logout suffix and is a single word, so it can't be split across a wrapped line.
sorccu
approved these changes
Jun 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Affected Components
Notes for the Reviewer
Problem
Credentials are resolved from two sources, with env vars winning over the persisted login session (
config.ts):logoutonly clears the persisted session (config.clear()) — it can't touch your shell or.env. So whenCHECKLY_API_KEY/CHECKLY_ACCOUNT_IDare set,logoutcheerfully says goodbye while you stay fully authenticated, andwhoamikeeps reporting a logged-in account afterward with no explanation. Because.envis loaded from the current working directory, the samewhoamican even resolve a different account depending on which directory you run it in.Why this shape
loginalready handles this — it warns and exits when those env vars are set, because they override any login session:So the precedent and the wording already exist in one command. This PR simply extends that same transparency to the other two auth commands rather than inventing anything new. The shared sentence is extracted into
common-messages.tsso all three stay in sync;login's output is unchanged.Behavior (with env-var credentials set)
whoami— appends a note on stdout:logout— still clears the local session, then warns on stderr that you're not actually logged out:login— unchanged, now sourced from the shared message:Testing
lintandtsc --noEmitpass.logoute2e (it assertedstderr === '', the old silent behavior) and thewhoamie2e to assert the new note. The e2e env already authenticates viaCHECKLY_API_KEY/CHECKLY_ACCOUNT_ID, so both paths exercise the env-var branch.