fix(auth): check AGENTUITY_CLOUD_BASE_URL first for base URL resolution

[devin-ai-integration]

Summary

Fixes auth redirect URL issue for custom domains. When a custom domain like https://ops.agentuity.team/ is configured, auth redirects were incorrectly using http://p{hash}-{region}.agentuity.run instead of the custom domain.

The platform (catalyst) already sets AGENTUITY_CLOUD_BASE_URL with the correct custom domain URL, but the auth package was only checking AGENTUITY_BASE_URL. This change updates the priority order to check AGENTUITY_CLOUD_BASE_URL first:

1. Explicit baseURL option
2. AGENTUITY_CLOUD_BASE_URL (platform-injected for cloud deployments)
3. AGENTUITY_BASE_URL (legacy fallback)
4. BETTER_AUTH_URL (BetterAuth standard)

Review & Testing Checklist for Human

• Verify that catalyst is setting AGENTUITY_CLOUD_BASE_URL correctly for deployments with custom domains (check server/apis/machine/machine_2025_03_17.go around line 468)
• Test with a deployment that has a custom domain configured - verify auth redirects use the custom domain URL with HTTPS
• Test a deployment without custom domains to ensure backward compatibility

Notes

Requested by @Huijiro

Link to Devin run: https://app.devin.ai/sessions/bc4a879afb154bb5afd136ed266fee5b

Summary by CodeRabbit

• Bug Fixes

  • Improved base URL resolution for authentication: environment variables are now checked in a new priority order and empty/whitespace values are ignored.

• Chores

  • Added support for AGENTUITY_CLOUD_BASE_URL and adjusted fallback handling.
  • Canary publish tooling: publishable workspace packages use canary versions; private/non-publishable workspace dependencies are removed (and logged) during canary updates.

• Documentation

  • Updated docs to reflect the new priority order and empty-value behavior.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[coderabbitai]

📝 Walkthrough

Walkthrough

Auth base URL resolution now returns the first non-empty candidate from [explicit baseURL, AGENTUITY_CLOUD_BASE_URL, AGENTUITY_BASE_URL, BETTER_AUTH_URL] (whitespace-only values ignored). The canary script maps publishable workspace packages to canary/tarball URLs and removes non-publishable workspace dependencies when encountered.

Changes

Cohort / File(s)	Summary
Auth Configuration packages/auth/src/agentuity/config.ts	Changed base URL precedence to check AGENTUITY_CLOUD_BASE_URL before AGENTUITY_BASE_URL. Implemented iterative candidate resolution: build candidates [explicitBaseURL, AGENTUITY_CLOUD_BASE_URL, AGENTUITY_BASE_URL, BETTER_AUTH_URL], trim values, ignore empty/whitespace-only entries, and return the first non-empty. Docs updated. (+20/-3)
Canary Script scripts/canary.ts	Added publishablePackages handling and packageUrlMap/tarball URL substitution. For workspace:* deps: if dependency is publishable, replace with canary/tarball URL; if private/non-publishable, remove the dependency entry and log the removal. Root and per-package version updates retained. (+12/-1)

🚥 Pre-merge checks | ✅ 1

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7cb5623 and 604e098.

📒 Files selected for processing (1)

• scripts/canary.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• scripts/canary.ts

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

📦 Canary Packages Published

version: 0.1.16-d0bab70

Packages

Package	Version	URL
@agentuity/react	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-react-0.1.16-d0bab70.tgz
@agentuity/evals	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-evals-0.1.16-d0bab70.tgz
@agentuity/schema	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-schema-0.1.16-d0bab70.tgz
@agentuity/auth	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-auth-0.1.16-d0bab70.tgz
@agentuity/server	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-server-0.1.16-d0bab70.tgz
@agentuity/runtime	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-runtime-0.1.16-d0bab70.tgz
@agentuity/opencode	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-opencode-0.1.16-d0bab70.tgz
@agentuity/frontend	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-frontend-0.1.16-d0bab70.tgz
@agentuity/workbench	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-workbench-0.1.16-d0bab70.tgz
@agentuity/core	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-core-0.1.16-d0bab70.tgz
@agentuity/cli	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-cli-0.1.16-d0bab70.tgz

Install

Add to your package.json:

{
  "dependencies": {
    "@agentuity/react": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-react-0.1.16-d0bab70.tgz",
    "@agentuity/evals": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-evals-0.1.16-d0bab70.tgz",
    "@agentuity/schema": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-schema-0.1.16-d0bab70.tgz",
    "@agentuity/auth": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-auth-0.1.16-d0bab70.tgz",
    "@agentuity/server": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-server-0.1.16-d0bab70.tgz",
    "@agentuity/runtime": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-runtime-0.1.16-d0bab70.tgz",
    "@agentuity/opencode": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-opencode-0.1.16-d0bab70.tgz",
    "@agentuity/frontend": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-frontend-0.1.16-d0bab70.tgz",
    "@agentuity/workbench": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-workbench-0.1.16-d0bab70.tgz",
    "@agentuity/core": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-core-0.1.16-d0bab70.tgz",
    "@agentuity/cli": "https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-cli-0.1.16-d0bab70.tgz"
  }
}

Or install directly:

bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-react-0.1.16-d0bab70.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-evals-0.1.16-d0bab70.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-schema-0.1.16-d0bab70.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-auth-0.1.16-d0bab70.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-server-0.1.16-d0bab70.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-runtime-0.1.16-d0bab70.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-opencode-0.1.16-d0bab70.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-frontend-0.1.16-d0bab70.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-workbench-0.1.16-d0bab70.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-core-0.1.16-d0bab70.tgz
bun add https://agentuity-sdk-objects.t3.storage.dev/npm/0.1.16-d0bab70/agentuity-cli-0.1.16-d0bab70.tgz

CLI Executables

Platform	Version	URL
darwin-x64	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/binary/0.1.16-d0bab70/agentuity-darwin-x64.gz
linux-arm64	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/binary/0.1.16-d0bab70/agentuity-linux-arm64.gz
darwin-arm64	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/binary/0.1.16-d0bab70/agentuity-darwin-arm64.gz
linux-x64	0.1.16-d0bab70	https://agentuity-sdk-objects.t3.storage.dev/binary/0.1.16-d0bab70/agentuity-linux-x64.gz

Run Canary CLI

agentuity canary 0.1.16-d0bab70 [command] [...args]

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@packages/auth/src/agentuity/config.ts`:
- Around line 160-172: resolveBaseURL currently uses nullish coalescing which
treats empty strings as valid and prevents falling back; update resolveBaseURL
to treat empty/whitespace env vars as missing by trimming each candidate
(explicitBaseURL, process.env.AGENTUITY_CLOUD_BASE_URL,
process.env.AGENTUITY_BASE_URL, process.env.BETTER_AUTH_URL) and returning the
first non-empty trimmed value. Locate the resolveBaseURL function and replace
the simple ?? chain with logic that checks/trims each source (explicitBaseURL,
AGENTUITY_CLOUD_BASE_URL, AGENTUITY_BASE_URL, BETTER_AUTH_URL) and skips any
that are undefined/null or only whitespace before returning the selected base
URL.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f49f142 and cd29f19.

📒 Files selected for processing (1)

• packages/auth/src/agentuity/config.ts

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx}: Use Prettier formatter with tabs (width 3), single quotes, and semicolons for TypeScript files
Use TypeScript strict mode with ESNext target and bundler moduleResolution
Use StructuredError from @agentuity/core for error handling

Files:

• packages/auth/src/agentuity/config.ts

packages/auth/**/*.{ts,tsx}

📄 CodeRabbit inference engine (packages/auth/AGENTS.md)

packages/auth/**/*.{ts,tsx}: All public APIs should use the 'AgentuityAuth' prefix instead of 'BetterAuth'
All React code should be imported from '@agentuity/auth/react', including AuthProvider, createAuthClient, and useAuth

Files:

• packages/auth/src/agentuity/config.ts

packages/auth/**/config.ts

📄 CodeRabbit inference engine (packages/auth/AGENTS.md)

packages/auth/**/config.ts: Prefer environment variable 'AGENTUITY_AUTH_SECRET' over 'BETTER_AUTH_SECRET'
Set default basePath to '/api/auth' for authentication routes
Enable emailAndPassword authentication by default
Use the 'organization' plugin by default for multi-tenancy support
Use the 'jwt' plugin by default for token generation
Use the 'bearer' plugin by default for bearer token authentication
Use the 'apiKey' plugin by default for API key management

Files:

• packages/auth/src/agentuity/config.ts

🧠 Learnings (1)

📚 Learning: 2025-12-21T00:31:41.858Z

Learnt from: jhaynie
Repo: agentuity/sdk PR: 274
File: packages/cli/src/cmd/build/vite/server-bundler.ts:12-41
Timestamp: 2025-12-21T00:31:41.858Z
Learning: In Bun runtime, BuildMessage and ResolveMessage are global types and are not exported from the bun module. Do not import { BuildMessage } from 'bun' or similar; these types are available globally and should be used without import. This applies to all TypeScript files that target the Bun runtime within the repository.

Applied to files:

• packages/auth/src/agentuity/config.ts

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}