From a0ae31fe2a1c62d0f7607f944d2aaf17608d5a00 Mon Sep 17 00:00:00 2001
From: dvcdsys <dvcdsys@gmail.com>
Date: Wed, 3 Jun 2026 11:18:18 +0100
Subject: [PATCH 1/2] feat(dashboard): add copyable "connect CLI" command to
 API-key-created popup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

After creating an API key, the success popup now shows a second copyable
field: a ready-to-paste command that registers THIS server in the cix CLI
and makes it the default, so the flow is create → copy → paste → use.

The command writes a single `server.<alias>` entry (URL + the new key as
one unit — the key belongs to the server), then sets it as default:

  cix config set server.<alias>.url <origin> && \
    cix config set server.<alias>.key <key> && \
    cix config set default_server <alias>

- <origin> comes from window.location.origin (dashboard is served
  same-origin from cix-server, so it's always the correct base URL).
- <alias> is derived from window.location.host, sanitized to [a-z0-9-]
  so it's dot-/whitespace-free as the CLI's parseServerKey requires.

Copy logic refactored into a reusable copyText() helper driving two
independent button states (key + command), preserving the existing
secure-context / execCommand fallback. Frontend-only; no CLI or server
change — the command uses existing `cix config set` commands.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../components/CreateApiKeyDialog.tsx         | 114 +++++++++++++++---
 1 file changed, 99 insertions(+), 15 deletions(-)

diff --git a/server/dashboard/src/modules/api-keys/components/CreateApiKeyDialog.tsx b/server/dashboard/src/modules/api-keys/components/CreateApiKeyDialog.tsx
index 4b56de6..633bd85 100644
--- a/server/dashboard/src/modules/api-keys/components/CreateApiKeyDialog.tsx
+++ b/server/dashboard/src/modules/api-keys/components/CreateApiKeyDialog.tsx
@@ -1,5 +1,5 @@
 import { useEffect, useRef, useState } from 'react';
-import { Check, Copy, Loader2, KeyRound, AlertTriangle } from 'lucide-react';
+import { Check, Copy, Loader2, KeyRound, AlertTriangle, Terminal } from 'lucide-react';
 import { toast } from 'sonner';
 import { ApiError } from '@/api/client';
 import { Alert, AlertDescription, AlertTitle } from '@/ui/alert';
@@ -41,6 +41,21 @@ function legacyCopy(text: string): boolean {
   return ok;
 }
 
+// Derive a cix CLI server alias from the browser host. The CLI stores each
+// server as one entry under `server.<alias>` and parses that config key by
+// splitting on dots, so the alias must be dot-free (and whitespace-free, and
+// non-empty) — see validateServerName / parseServerKey in the CLI. We fold the
+// host (including any non-default port, so distinct ports get distinct aliases)
+// to [a-z0-9-]:  "cix.example.com" -> "cix-example-com",
+// "localhost:21847" -> "localhost-21847".
+function cixServerAlias(host: string): string {
+  const alias = host
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, '-')
+    .replace(/^-+|-+$/g, '');
+  return alias || 'default';
+}
+
 // Two-stage dialog: collect a name, then reveal the freshly minted key once.
 // Once revealed, the dialog refuses outside-click and Escape — accidental
 // dismissal would lose the unrecoverable secret. Only the explicit "I've
@@ -49,7 +64,8 @@ export function CreateApiKeyDialog() {
   const [open, setOpen] = useState(false);
   const [name, setName] = useState('');
   const [revealed, setRevealed] = useState<string | null>(null);
-  const [copied, setCopied] = useState(false);
+  const [copiedKey, setCopiedKey] = useState(false);
+  const [copiedCmd, setCopiedCmd] = useState(false);
   const inputRef = useRef<HTMLInputElement>(null);
   const create = useCreateApiKey();
 
@@ -65,7 +81,8 @@ export function CreateApiKeyDialog() {
   function reset() {
     setName('');
     setRevealed(null);
-    setCopied(false);
+    setCopiedKey(false);
+    setCopiedCmd(false);
     create.reset();
   }
 
@@ -81,23 +98,50 @@ export function CreateApiKeyDialog() {
     }
   }
 
-  async function copyToClipboard() {
-    if (!revealed) return;
-    // navigator.clipboard requires a secure context (HTTPS or localhost). On
-    // bare-IP / HTTP deploys it throws — fall back to document.execCommand
-    // through a transient textarea so users still get one-click copy.
+  // copyText copies one string to the clipboard, surfacing a toast on failure.
+  // navigator.clipboard requires a secure context (HTTPS or localhost). On
+  // bare-IP / HTTP deploys it throws — fall back to document.execCommand
+  // through a transient textarea so users still get one-click copy.
+  async function copyText(text: string): Promise<boolean> {
     try {
       if (window.isSecureContext && navigator.clipboard?.writeText) {
-        await navigator.clipboard.writeText(revealed);
+        await navigator.clipboard.writeText(text);
       } else {
-        if (!legacyCopy(revealed)) throw new Error('legacy copy failed');
+        if (!legacyCopy(text)) throw new Error('legacy copy failed');
       }
-      setCopied(true);
-      window.setTimeout(() => setCopied(false), 2000);
+      return true;
     } catch {
       toast.error('Could not copy automatically.', {
-        description: 'Click the field, ⌘A / Ctrl-A to select, then copy.',
+        description: 'Select the text, ⌘A / Ctrl-A, then copy.',
       });
+      return false;
+    }
+  }
+
+  // One-paste command that registers THIS server (URL + the freshly minted key,
+  // as a single `server.<alias>` entry) in the cix CLI config and makes it the
+  // default. The dashboard is served same-origin from cix-server, so
+  // window.location.origin is exactly the base URL the CLI must talk to. Values
+  // are shell-safe (a URL, a `cix_<hex>` key, an [a-z0-9-] alias), so no quoting
+  // is needed — matching the CLI README's unquoted examples.
+  const alias = cixServerAlias(window.location.host);
+  const connectCmd =
+    `cix config set server.${alias}.url ${window.location.origin} && ` +
+    `cix config set server.${alias}.key ${revealed ?? '<key>'} && ` +
+    `cix config set default_server ${alias}`;
+
+  async function copyKey() {
+    if (!revealed) return;
+    if (await copyText(revealed)) {
+      setCopiedKey(true);
+      window.setTimeout(() => setCopiedKey(false), 2000);
+    }
+  }
+
+  async function copyConnectCmd() {
+    if (await copyText(connectCmd)) {
+      setCopiedCmd(true);
+      window.setTimeout(() => setCopiedCmd(false), 2000);
     }
   }
 
@@ -165,8 +209,8 @@ export function CreateApiKeyDialog() {
                   onFocus={(e) => e.currentTarget.select()}
                   onClick={(e) => e.currentTarget.select()}
                 />
-                <Button type="button" variant="secondary" onClick={copyToClipboard}>
-                  {copied ? (
+                <Button type="button" variant="secondary" onClick={copyKey}>
+                  {copiedKey ? (
                     <>
                       <Check className="mr-1 h-4 w-4" />
                       Copied
@@ -184,6 +228,46 @@ export function CreateApiKeyDialog() {
                 button is blocked by your browser.
               </p>
             </div>
+            <div className="space-y-2">
+              <Label htmlFor="apikey-connect-cmd" className="flex items-center gap-1.5">
+                <Terminal className="h-4 w-4" />
+                Connect the cix CLI
+              </Label>
+              <div className="flex items-stretch gap-2">
+                {/* Read-only, wrapping command box: one paste registers this
+                    server (URL + key as a single entry) and makes it the
+                    default, so `cix search …` works right after. */}
+                <pre
+                  id="apikey-connect-cmd"
+                  className="flex-1 overflow-auto rounded-md border bg-muted p-2 font-mono text-xs whitespace-pre-wrap break-all max-h-32"
+                >
+                  {connectCmd}
+                </pre>
+                <Button
+                  type="button"
+                  variant="secondary"
+                  className="self-start"
+                  onClick={copyConnectCmd}
+                >
+                  {copiedCmd ? (
+                    <>
+                      <Check className="mr-1 h-4 w-4" />
+                      Copied
+                    </>
+                  ) : (
+                    <>
+                      <Copy className="mr-1 h-4 w-4" />
+                      Copy
+                    </>
+                  )}
+                </Button>
+              </div>
+              <p className="text-xs text-muted-foreground">
+                Paste this in a terminal with the cix CLI installed. It saves the
+                server to <code>~/.cix/config.yaml</code> as the default, then{' '}
+                <code>cix search &quot;…&quot;</code> works.
+              </p>
+            </div>
             <DialogFooter>
               <Button
                 onClick={() => {

From 880346306fd833fa8056aa651f6ff8b7ab446c16 Mon Sep 17 00:00:00 2001
From: dvcdsys <dvcdsys@gmail.com>
Date: Wed, 3 Jun 2026 11:23:35 +0100
Subject: [PATCH 2/2] fix(dashboard): make the X button close the "API key
 created" popup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The onOpenChange handler returned early whenever a key was revealed
(`if (!next && revealed) return;`), which swallowed the close event from
the top-right X button — the dialog could then only be dismissed by
reloading the page. Accidental dismissal (outside-click, Escape) is
already blocked separately at the DialogContent layer via preventDefault,
so that early-return only ever harmed the explicit X click.

Remove the guard so X (and "I've saved it") close and reset the dialog,
while Escape / outside-click stay blocked at the content layer.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .../api-keys/components/CreateApiKeyDialog.tsx      | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/server/dashboard/src/modules/api-keys/components/CreateApiKeyDialog.tsx b/server/dashboard/src/modules/api-keys/components/CreateApiKeyDialog.tsx
index 633bd85..8ad90fc 100644
--- a/server/dashboard/src/modules/api-keys/components/CreateApiKeyDialog.tsx
+++ b/server/dashboard/src/modules/api-keys/components/CreateApiKeyDialog.tsx
@@ -149,11 +149,14 @@ export function CreateApiKeyDialog() {
     <Dialog
       open={open}
       onOpenChange={(next) => {
-        // Once a key is revealed, only the explicit "I've saved it" button
-        // (or close-X) may dismiss the dialog. Outside-click and Escape are
-        // blocked at the DialogContent layer below; we still gate state-resets
-        // here so a sibling dismiss path can't wipe the key silently.
-        if (!next && revealed) return;
+        // Accidental dismissal of the reveal screen (outside-click, Escape) is
+        // blocked at the DialogContent layer below via preventDefault, so it
+        // never reaches here. The only close paths that DO reach onOpenChange
+        // while a key is revealed are explicit user intent — the top-right X
+        // button (the "I've saved it" button sets state directly) — so honor
+        // every close and always reset. (An earlier guard returned here when a
+        // key was revealed, which also swallowed the X click: the dialog could
+        // then only be dismissed by reloading the page.)
         setOpen(next);
         if (!next) reset();
       }}