feat(cli): Pull integrations credentials on the fly when executing notebook#276
Merged
feat(cli): Pull integrations credentials on the fly when executing notebook#276
Conversation
- Introduced a new command group for integrations, allowing users to pull integrations from the Deepnote API and merge them with a local YAML file. - Implemented error handling for missing authentication tokens and API request failures. - Added tests for the integrations command, covering various scenarios including token resolution and integration merging. - Updated the run command to utilize the new integrations configuration for database connections.
…ma' into tk/integrations-cli-pull
…a dotenv file, and implement referecing to environment - Added support for managing database integration secrets in the CLI. - Implemented dotenv utilities for reading and updating .env files. - Enhanced integration commands to extract secrets and store them in a .env file. - Introduced tests for dotenv functionalities and environment variable reference utilities. - Updated package dependencies to include new database integrations.
…ssaging - Updated DEFAULT_INTEGRATIONS_FILE to use 'as const' for better type inference. - Refactored getDefaultIntegrationsFilePath to utilize path.join for improved path handling. - Simplified error messages related to missing integration configurations. - Improved API response validation in tests for better error handling.
…tegration issue path formatting
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@packages/cli/src/commands/run.ts`:
- Around line 332-340: The TypeScript error is because ApiError exposes
statusCode not status; update the auth-check in the run command by changing the
isAuthApiError check to use error instanceof ApiError && (error.statusCode ===
401 || error.statusCode === 403) so the computed exitCode logic (which also
references FileResolutionError, MissingInputError, MissingIntegrationError, and
ExitCode) compiles correctly; ensure you only rename the property access on the
ApiError instance in the isAuthApiError declaration.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@packages/cli/src/commands/run.ts`:
- Around line 594-595: The built-in integration IDs are hardcoded in the
builtInIntegrations Set inside run.ts which can drift from the source of truth;
extract these IDs into a shared constant (e.g., export an array or Set from a
central module) and import that shared symbol into
packages/cli/src/commands/run.ts, replacing the local builtInIntegrations
declaration so the CLI consumes the single exported list (ensure the shared
module exports a stable name you reference when replacing builtInIntegrations).
- Introduced a new constant for built-in integrations, consolidating the definitions in one place. - Updated the lint and run commands to utilize the new BUILTIN_INTEGRATIONS constant, improving code maintainability. - Removed redundant definitions of built-in integrations from various files.
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/cli/src/commands/run.ts`:
- Around line 704-709: The current code asserts metadata.sql_integration_id as a
string which can introduce invalid IDs; instead guard at runtime by checking
that block.metadata exists and that typeof (block.metadata as
any).sql_integration_id === 'string' before assigning to integrationId and
before calling ids.add, so only true string IDs (and not undefined or other
types) are added and built-in integration checks via BUILTIN_INTEGRATIONS remain
valid.
ℹ️ Review info
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (7)
packages/cli/src/cli.tspackages/cli/src/commands/integrations.test.tspackages/cli/src/commands/run.test.tspackages/cli/src/commands/run.tspackages/cli/src/integrations/fetch-integrations.tspackages/cli/src/integrations/merge-integrations.tspackages/cli/src/utils/analysis.ts
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/cli/src/commands/run.ts`:
- Around line 86-87: The RunOptions type now includes a sensitive token field;
before emitting the debug log that prints the options (the logger.debug / debug
call in run.ts where options are logged), remove or mask the token property to
avoid leaking secrets. Update the code that logs the options (reference
RunOptions and the local options/runOptions variable used in the debug call) to
either clone the object and set token = '<redacted>' (or delete token) or build
a sanitized serializable object that excludes token, then log that sanitized
object instead.
ℹ️ Review info
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (1)
packages/cli/src/commands/run.ts
dinohamzic
reviewed
Feb 26, 2026
dinohamzic
previously approved these changes
Feb 26, 2026
Contributor
dinohamzic
left a comment
There was a problem hiding this comment.
This is working very nicely, just left 2 nits. run.ts is getting huge, would be good to move those two methods out.
e8a1582
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/cli/src/integrations/collect-integrations.ts`:
- Around line 16-18: Normalize the built-in integration check to be
case-insensitive by lowercasing the parsed integrationId before checking the
BUILTIN_INTEGRATIONS set; e.g., after const integrationId =
z.string().optional().safeParse(metadata.sql_integration_id).data create a const
normalized = integrationId?.toLowerCase() and use
BUILTIN_INTEGRATIONS.has(normalized) for the membership test, while preserving
the original integrationId when calling ids.add(integrationId) if it should keep
original casing.
ℹ️ Review info
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (3)
packages/cli/src/commands/run.tspackages/cli/src/integrations/collect-integrations.tspackages/cli/src/integrations/fetch-and-merge-integrations.ts
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/cli/scripts/generate-json-schemas.ts`:
- Around line 6-8: Replace the overly broad unknown input type for
zodToJsonSchema with ZodTypeAny to preserve more Zod typing: update the dynamic
import cast for zodToJsonSchema to (schema: ZodTypeAny) => unknown and, if
missing, import ZodTypeAny from 'zod'; call
zodToJsonSchema(integrationsFileSchema) as before so the heavy return inference
stays untouched while avoiding deep-instantiation TS issues.
ℹ️ Review info
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Disabled knowledge base sources:
- Linear integration is disabled
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (1)
packages/cli/scripts/generate-json-schemas.ts
dinohamzic
approved these changes
Feb 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit
Release Notes
--urland--tokenCLI options to the Run command for API-based integration fetchingDEEPNOTE_TOKENenvironment variable