Conversation
feat: CLI Refactor + Bundle Signing
* fix: windows rn executable bash fix * chore: updated version
* chore: initial commit for multi region support on cli * chore: region urls updated * chore: removed logs * chore: code review fixes * chore: package version update ---------
![stalliondevx[bot]](https://avatars.githubusercontent.com/in/3085194?s=60&v=4){kind=small}
There was a problem hiding this comment.
🤖 StallionDevX AI Review
Quality Score: █████████░ 90/100
Verdict: request changes
Summary
The pull request introduces multi-region support, which is a significant and well-implemented feature. The logic for resolving regions based on CI tokens or API calls is sound. There are minor issues related to error handling, hardcoded domain, and changelog dates.
⚠️ Warning (3)
- 📝 Incorrect Dates in Changelog —
CHANGELOG.md:2
The dates in the CHANGELOG.md file (e.g., 2026-06-06, 2026-02-13) are in the future, which is likely a copy-paste error or placeholder. This should reflect the actual release dates. - 🧹 Hardcoded Domain in API Base URL —
src/utils/common.ts:8
The domain 'stalliontech.io' is hardcoded within thegetApiBaseUrlfunction. This reduces flexibility for different environments (e.g., staging, development) where the base domain might differ. - 🐛 Generic Error Message in resolveRegion —
src/utils/region.ts:38
Thecatchblock inresolveRegionthrows a generic 'Something went wrong' error. This hides the original error context, making debugging difficult when an issue occurs during region resolution.
There was a problem hiding this comment.
🤖 StallionDevX AI Review
Quality Score: ████████░░ 75/100
Verdict: request changes
🔐 Security vulnerabilities detected — review required before merging
Summary
The pull request introduces multi-region support by refactoring API base URL resolution and adding utilities for parsing region from tokens and resolving it via an API call. This is a significant improvement for scalability and user experience. However, some areas need attention regarding robustness, error handling, and potential security implications of input parameters.
⚠️ Warning (4)
- 🧹 Brittle Token Format Assumption —
src/utils/region.ts:8
TheparseTokenRegionfunction relies on a very specific hardcoded token format (length 43, underscore at index 6). If the token format changes in the future, this parsing logic will break, leading to unexpected behavior. - 🐛 Generic Error Handling in Region Resolution —
src/utils/region.ts:19
TheresolveRegionfunction catches all errors and throws a generic 'Something went wrong' message. This hides the actual underlying error, making debugging difficult and obscuring the root cause of failures in production. - 🔐 Unsanitized
uploadPathin API Call —src/utils/region.ts:29
TheuploadPathis sent directly to theGET_ORG_REGIONendpoint. IfuploadPathis user-controlled and the backend processes it without proper sanitization, it could potentially be exploited for path traversal or other injection attacks on the server-side. - 🧹 Hardcoded Regions List —
src/utils/region.ts:3
TheREGIONSarray is hardcoded. If new regions are introduced, this list will need manual updates, which can be easily overlooked and lead to inconsistencies or errors in region validation.
|
🎉 This PR is included in version 2.5.0-alpha.2 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
🎉 This PR is included in version 2.5.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
4 participants
Adds multi-region support to the Stallion CLI so that customers in different regions (currently
apandus) hit the correct regional API host instead of the globalapi.stalliontech.ioURL.