refactor: fetch api-key from .env and call agent token API

[pranalidhanavade]

What

• Refactor: fetch api-key from .env and call agent token API.
• Removed token extraction logic from container logs.

Summary by CodeRabbit

• Refactor

  • Provisioning and startup flows no longer extract, print, save, or return API tokens; responses now include only the agent endpoint.
  • Token-related files and side effects removed from provisioning and container startup processes.

• Chores

  • Token acquisition now uses AGENT_API_KEY at runtime.
  • Environment variables loaded via dotenv; AFJ_AGENT_TOKEN_PATH removed from sample env.

[coderabbitai[bot]]

Walkthrough

Removed AFJ token capture, extraction, file creation, printing, and cleanup across provisioning scripts and services; agent endpoint (CONTROLLER_ENDPOINT) is now the single persisted artifact. Added DB-alerting feature (Postgres trigger, listener, NATS email alert flow), updated Prisma module wiring, tweaked DTOs/constants, and bumped pg dependency.

Changes

Cohort / File(s)	Summary of Changes
Provisioning scripts apps/agent-provisioning/AFJ/scripts/start_agent.sh, apps/agent-provisioning/AFJ/scripts/docker_start_agent.sh, apps/agent-provisioning/AFJ/scripts/fargate.sh, apps/agent-provisioning/AFJ/scripts/start_agent_ecs.sh	Removed log-parsing/token-extraction loops and all creation/writing/printing/deletion of token JSON files; scripts now produce/read only endpoint JSON and continue provisioning without token persistence.
Provisioning service apps/agent-provisioning/src/agent-provisioning.service.ts	Removed agent-token file logic; consolidated to check/read endpoint JSON, parse/validate CONTROLLER_ENDPOINT, and return only agentEndPoint; added explicit JSON parse and NotFound/validation error paths.
Agent service apps/agent-service/src/agent-service.service.ts	Switched to obtaining base token via getBaseAgentToken(agentEndPoint, apiKey from AGENT_API_KEY); removed AFJ token-file cleanup and fs usage.
Common utilities libs/common/src/common.service.ts, libs/common/src/common.constant.ts, libs/common/src/dtos/email.dto.ts, libs/common/src/resend-helper-file.ts	Added dotenv.config() at module load; getBaseAgentToken includes Authorization: Bearer <AGENT_API_KEY> header; added AFFECTED_RECORDS_THRESHOLD_PERCENTAGE_FOR_DB_ALERT = 30 constant; EmailDto.emailTo now `string
Env samples .env.demo, .env.sample	Removed AFJ_AGENT_TOKEN_PATH entries and added HIDE_EXPERIMENTAL_OIDC_CONTROLLERS, DB_ALERT_ENABLE, and DB_ALERT_EMAILS entries (and blank/related lines).
API gateway / Utilities (DB alerting) apps/api-gateway/src/main.ts, apps/api-gateway/src/utilities/utilities.service.ts	main.ts: enhanced startup logs and conditional DB_ALERT_ENABLE message. utilities.service.ts (api-gateway): added PostgreSQL client integration, LISTEN on ledger_null, handler to compute affected records %, and publish alert payload to NATS when threshold exceeded; includes connection lifecycle handling.
Utility microservice apps/utility/src/utilities.controller.ts, apps/utility/src/utilities.service.ts, apps/utility/src/utilities.repository.ts	Controller: added alert-db-ledgerId-null message handler. Repository: added getPlatformConfigDetails() and restored getShorteningUrl. Service: refactored to extend BaseService, added storeObject, handleLedgerAlert with deduping/rate-limit, sendWithRetry retry/backoff, email integration, and internal state (lastAlertTime/isSendingAlert).
Prisma / modules apps/ledger/src/ledger.module.ts, libs/org-roles/src/org-roles.module.ts, libs/prisma-service/src/prisma-service.module.ts, libs/prisma-service/src/prisma-service.service.ts	Switched to providing Prisma via PrismaServiceModule (added to imports) and removed direct PrismaService provider entries; prisma-service.module now imports CommonModule; removed a public UserDevicesRepository field from PrismaService.
DB migration libs/prisma-service/prisma/migrations/.../migration.sql	New Postgres function alert_ledger_null() and trigger ledger_null_trigger on org_agents to pg_notify ledger_null when ledgerId becomes NULL.
Package package.json	Bumped pg dependency from ^8.11.2 to ^8.16.3.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Postgres
  participant PrismaTrigger as DB Trigger
  participant ApiGateway as Api-Gateway UtilitiesService
  participant Repo as UtilitiesRepository
  participant NATS
  participant UtilitySvc as Utility Service (handleLedgerAlert)
  participant EmailSvc as EmailService

  Postgres->>PrismaTrigger: org_agents UPDATE (ledgerId becomes NULL)
  PrismaTrigger->>Postgres: pg_notify('ledger_null', payload)
  Postgres->>ApiGateway: notification on channel 'ledger_null'
  ApiGateway->>Repo: count total org_agents / count ledgerId IS NULL
  Repo-->>ApiGateway: counts
  ApiGateway->>NATS: publish alert payload (subject: utilities.alert-db-ledgerId-null)
  NATS->>UtilitySvc: message delivered (alert-db-ledgerId-null)
  UtilitySvc->>Repo: getPlatformConfigDetails()
  Repo-->>UtilitySvc: platform config (emailFrom etc.)
  UtilitySvc->>EmailSvc: sendWithRetry(emailDto)
  EmailSvc-->>UtilitySvc: send result

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Pay extra attention to:
  • apps/api-gateway/src/utilities/utilities.service.ts — Postgres LISTEN handling, query correctness, async guard (isSendingAlert) and NATS publish subject/payload.
  • apps/utility/src/utilities.service.ts — retry/backoff logic, rate-limiting, concurrency guards, and interaction with EmailService and AwsService.
  • libs/common/src/common.service.ts — initialization order of dotenv and header injection for token requests.
  • Shell scripts in apps/agent-provisioning/AFJ/scripts/ — ensuring removed token waits didn't remove necessary synchronization.

Possibly related PRs

• credebl/platform#1526 — implements ledgerId-null trigger and DB-alerting feature; strongly overlaps migration, DB_ALERT env vars, and utilities changes.
• credebl/platform#1523 — touches AFJ start/docker scripts and token extraction/handling; related to provisioning script token removals here.
• credebl/platform#1514 — modifies agent token representation and agent-service call sites; related to switching to AGENT_API_KEY usage.

Suggested labels

enhancement

Suggested reviewers

• tipusinghaw
• GHkrishna
• shitrerohit

Poem

I hopped through scripts where tokens used to hide,
Endpoints stand alone now — neat and dignified.
Triggers whisper to listeners, alerts take flight,
Emails chase the ledger through the quiet night.
🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main refactoring: replacing token extraction from container logs with fetching the API key from environment variables and calling an agent token API endpoint.

✨ Finishing touches

• [ ] 📝 Generate docstrings

🧪 Generate unit tests (beta)

• [ ] Create PR with unit tests
• [ ] Post copyable unit tests in a comment
• [ ] Commit unit tests in branch fetch-agent-token-via-api-in-credo-controller

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud[bot]]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqubecloud[bot]]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud