Fix Tideways: write tideways.api_key to php.ini and handle CLI access token#77
Merged
Merged
Conversation
Agent-Logs-Url: https://github.com/qoliber/magebox/sessions/67b75021-ed91-42e4-832b-58531d0953f9 Co-authored-by: peterjaap <431360+peterjaap@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Update Tideways documentation regarding API key
Fix incorrect Tideways API key URL in CLI hint and docs
Apr 8, 2026
The Tideways PHP extension refuses to transmit traces unless `tideways.api_key=<KEY>` is present in php.ini. MageBox previously only wrote a (buggy) daemon config file, so the extension was effectively silent. `magebox tideways config` now writes the directive into every installed PHP version's extension ini file via `sudo tee` and reloads PHP-FPM for the current project. The `tideways` commandline tool uses a separate personal token imported via `tideways import <token>`. Added an `access_token` credential alongside `api_key`, a `--access-token` flag, and `TIDEWAYS_CLI_TOKEN` env var support, and run `tideways import` automatically when the token is provided and the CLI is on PATH. Both credentials are documented as distinct in the guide and service pages. Also fixed `IsExtensionEnabled` which was splitting on the literal string `\n` instead of newlines, and dropped the dead `ConfigureDaemon` path that wrote `api_key=xxx\n` literally.
peterjaap
changed the title
The support-doc URL isn't where you actually copy the key from — the in-app Installation page per project is. Update both the interactive `magebox tideways config` prompt and the VitePress docs to reference https://app.tideways.io/o/<organization>/<project>/installation.
Without tideways.environment in php.ini, the Tideways PHP extension labels traces with the server-side default `production`, so traces from a developer machine land in the production bucket on app.tideways.io — exactly the opposite of what you want for a local dev environment. - Add Environment field to TidewaysCredentials (config + tideways pkg) - Add DefaultTidewaysEnvironment() returning `local_<username>` from os/user, with TIDEWAYS_ENVIRONMENT env var override in GetTidewaysCredentials (same precedence pattern as api_key / cli token) - Generalize rewriteAPIKeyIni → rewriteIniDirective and rename WriteAPIKeyToExtension → WriteExtensionConfig, which now writes both tideways.api_key and tideways.environment in a single sudo tee pass - `magebox tideways config` prompts for Environment (with the local_<username> default pre-filled), accepts a new --environment flag, and shows the resolved value when writing ini files - `magebox tideways status` shows the resolved environment - Unit tests: rewriteIniDirective covers api_key and environment cases (append, replace uncommented, replace commented, composition, replace-in-place); global config tests cover env var precedence, the local_<username> fallback, and save/load round-trip for Environment
The previous commit wrote tideways.environment to the PHP extension ini, but that directive does not exist — the PHP extension silently ignored it, so traces from local dev machines kept landing in the server-side 'production' bucket on app.tideways.io. Per the Tideways docs, the environment label is a *daemon-level* setting. The PHP extension ships traces to the local tideways-daemon, which stamps them with whatever --env (or TIDEWAYS_ENVIRONMENT env var) it was started with (default: production). Fix: - Stop writing tideways.environment to the PHP extension ini. Rename WriteExtensionConfig back to WriteAPIKeyToExtension, which now also strips any stale tideways.environment line left behind by the previous commit (via stripIniDirective). - Add WriteDaemonEnvironment on Linux: installs a systemd drop-in at /etc/systemd/system/tideways-daemon.service.d/magebox-environment.conf that sets Environment="TIDEWAYS_ENVIRONMENT=<env>", then runs `systemctl daemon-reload` and `systemctl restart tideways-daemon`. The daemon reads TIDEWAYS_ENVIRONMENT at startup and labels all subsequent traces with it. On macOS this returns a clear "not supported yet" error with a manual-config hint. - runTidewaysConfig now writes api_key to every installed PHP version *and* configures the daemon environment, printing both steps. - Pure renderDaemonEnvironmentDropIn helper so the systemd unit shape is testable without sudo. Tests: drop the misleading rewriteIniDirective environment cases and the composition test (we no longer compose api_key + environment into the ini). Add TestStripIniDirective for the eviction path, and TestRenderDaemonEnvironmentDropIn to lock down the systemd unit structure ([Service] + Environment= line + managed-by marker). See https://support.tideways.com/documentation/setup/configuration/environments.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Tideways was not actually working for MageBox users. Two distinct problems, both in
magebox tideways config:tideways.api_key=<KEY>inphp.iniin order to transmit traces. MageBox never wrote this directive — it only wrote adaemon.conffile (which, for good measure, was buggy: it wroteapi_key=xxx\nliterally with a backslash-n instead of a newline). The extension therefore never sent anything to Tideways.tidewayscommandline tool (tideways run,tideways event create,tideways tracepoint create) authenticates with a separate personal token imported viatideways import <token>. That credential was not handled at all.The initial version of this PR only corrected the hint URL in the prompt. This revision actually fixes the functional issues.
Changes
Write
tideways.api_keyto the PHP extension iniinternal/tideways/manager.go: newWriteAPIKeyToExtension(phpVersion)— reads the ini, replaces any existing (commented or uncommented)tideways.api_keyline or appends one, then writes viasudo teebecausemods-available/*.iniis root-owned. The pure rewrite logic is split intorewriteAPIKeyIniso it is unit-testable.cmd/magebox/tideways.go:runTidewaysConfigiteratesplatform.GetInstalledPHPVersions()and writes the directive for every PHP version that has the Tideways extension installed, then reloads PHP-FPM for the current project's PHP version so the change takes effect immediately.IsExtensionEnabledwhich was splitting on the literal string\n(backslash + n) instead of newlines, so it could never find the extension line.ConfigureDaemonpath and its helpers.Handle the Tideways CLI access token as a separate credential
internal/config/global.go+internal/tideways/types.go:TidewaysCredentialsandCredentialsnow carry bothAPIKeyandAccessToken.HasTidewaysAccessToken()andTIDEWAYS_CLI_TOKENenv var support (takes precedence over the stored value).internal/tideways/manager.go: newImportCLIToken()— runstideways import <token>if thetidewaysCLI is onPATH; otherwise returns a clear error and MageBox prints a "runtideways import <token>manually" hint.cmd/magebox/tideways.go:--access-tokenflag for non-interactive mode (joins existing--api-key).magebox tideways statusnow shows both "API Key configured" and "CLI access token set".Documentation
vitepress/services/tideways.md: describes the two credentials and what each is used for, with links to the Tideways docs and to the CLI import settings page. Documents the non-interactive form and both env vars.vitepress/guide/global-config.md: addsaccess_tokento the YAML example andTIDEWAYS_CLI_TOKENto the env var table.Tests
internal/config/global_test.go:TestGlobalConfig_TidewaysCredentialscoversHasTidewaysCredentials/HasTidewaysAccessTokenand env var precedence for both keys.TestGlobalConfig_TidewaysRoundTripverifies the newaccess_tokenfield survives YAML save/load.internal/tideways/manager_test.go(new):TestRewriteAPIKeyInicovers append, replace uncommented, replace commented-with-whitespace, missing trailing newline, and empty-file cases.Changelog
Added
[Unreleased]entry under Fixed (PHP extension API key) and Added (CLI access token).Test plan
make lint— 0 issuesmake test— all packages passing, new tests includedmagebox tideways configon a Debian/Ubuntu box — verifytideways.api_key=...appears in/etc/php/<ver>/mods-available/tideways.iniand that traces start flowing to the Tideways dashboardmagebox tideways config --api-key k --access-token tnon-interactive — verify config.yaml contains both fields andtideways importis invoked when the CLI is installedmagebox tideways status— verify both credential rows display correctly